Congress shall pass no law limiting the rights of persons to manipulate, operate, or otherwise utilize as they see fit any of their possessions or effects, nor the sale or trade of tools to be used for such purposes.

From Artraze commenting on this Slashdot story about the levels of DRM in Windows 7.

I think it maybe needs some qualification about not using your things to cause harm to other people, but it’s an interesting idea. See also Mister Jalopy’s Maker’s Bill of Rights from Make magazine a couple of years ago.

Ryan Calo of Stanford’s Center for Internet and Society brought up the new phenomenon of GPS-aided car repossession and the implications for the concepts of property and privacy:

A group of car dealers in Oregon apparently attached GPS devices to cars sold to customers with poor credit so as to be able to track them down more easily in the event of repossession.

…this practice also relates to an emerging phenomenon wherein sold property remains oddly connected to the seller as though it were merely leased. Whereas once we purchased an album and did with it as we please, today we need to register (up to five) devices in order to play our songs.

…and Kingston University’s Rosie Hornbuckle linked this to the concept of product-service systems:

This puts a whole new slant on product-service-systems, a current (and popular) sustainability methodology whereby people are weaned off the concept of owning products, instead they lease them off the manufacturer who is then responsible for take-back, repair, recycling or disposal. So in that scenario it’s quite likely that a manufacturer will want to keep tabs on their equipment/material, will this bring up privacy issues or is it simply the case that if it’s done overtly (and not in the negative frame of potential repossession), the customer knows about it and agrees, it’s ok? Or will it be a long time before people can overcome the perceived encroachment on their liberty that not owning might bring?

It reminds me of something Bill Thompson suggested to me once, that (paraphrasing) the idea that we ‘own’ the technology we use might well turn out to be a short phase in overall human history. That could perhaps be ‘good’ in contexts where sharing/renting/pooling things allows much greater efficiency and brings benefits for users. Nevertheless, as the repossession example (and DRM, etc, in general) show, the tendency in practice is often to use these methods to exert increasing dominance over users, erode assumed rights, and extract more value from people who no longer have control of the things they use.

See the whole thread so far (and join in!)

Above image of GPS trails (unrelated to the story, but a cool picture) from cmpalmer’s Flickr

The Mosquito, and plans for an odd ‘walk-in virtual world’

Rosie discussed the Mosquito (above image: an example outside a McDonald’s opposite Windsor Castle*) and asked “could we use our design skills and knowledge to influence these sorts of behaviours with a less aggressive and longer-term approach?” while Adrian Short summed up the issue pretty well:

There are a lot of problems in principle and in practice with these devices, but the core problem for me is that they tend to be directed at users rather than uses (i.e. people by identity, not behaviour) and are entirely arbitrary. The street outside a shop is public space and the shop owners have no more right than anyone else to dictate who goes there.

In as much as these things work (which is highly disputed), they are never going to encourage a meaningful debate about norms of behaviour among users of a space. This approach is not so much negotiation as warfare.

Sutton’s Rosehill steps (which Adrian let me know about originally) were also discussed and Adrian brought us the story of something very odd: a ‘virtual world to teach good behaviour to young people’:

Half a mile away, the same council is proposing to spend at least £4 million on a facility that will include a high-tech virtual street environment, a “street simulator” if you like, to teach safety and good behaviour to some of the same young people.
…
“Part movie-set, part theme park, the learning complex will be the first of its kind in the UK and will also house an indoor street with shop fronts, pavements and a road. The idea is to give young people the confidence to make the best of their lives and have a positive impact on their peers and their local community.”

I don’t really know what to make of that. I actually woke up this morning thinking about it assuming that it was a dream I’d been having, then realised where I’d read about it. It sounds like a mish-mash of Scaramanga’s Fun House from The Man With The Golden Gun and the Ludovico Centre** from A Clockwork Orange.

See the whole thread here.

*This particular McDonald’s, with the Mosquito going every evening and clearly audible to me and my girlfriend (both mid-20s) also features a vicious array of anti-sit spikes (below) which rather negate the ‘welcoming’ efforts made with the flowerbed.

**I actually gave a talk about my research to Environmentally Sensitive Design students in this building a couple of weeks ago: it’s Brunel’s main Lecture Centre.

Mac as a giant dongle

At Coding Horror, Jeff Atwood makes an interesting point about Apple’s lock-in business model:

It’s almost first party only– about as close as you can get to a console platform and still call yourself a computer… when you buy a new Mac, you’re buying a giant hardware dongle that allows you to run OS X software.
…
There’s nothing harder to copy than an entire MacBook. When the dongle — or, if you prefer, the “Apple Mac” — is present, OS X and Apple software runs. It’s a remarkably pretty, well-designed machine, to be sure. But let’s not kid ourselves: it’s also one hell of a dongle.

If the above sounds disapproving in tone, perhaps it is. There’s something distasteful to me about dongles, no matter how cool they may be.

Of course, as with other dongles, there are plenty of people who’ve got round the Mac hardware ‘dongle’ requirement. Is it true to say (à la John Gilmore) that technical people interpret lock-ins (/other constraints) as damage and route around them?

Social status-based DRM

The BBC has a story about the Mukurtu Wumpurrarni-kari Archive, a digital photo archive developed by/for the Warumungu community in Australia’s Northern Territory. Because of cultural constraints, social status, gender and community background have been used to determine whether or not users can search for and view certain images:

It asks every person who logs in for their name, age, sex and standing within their community. This information then restricts what they can search for in the archive, offering a new take on DRM.
…
For example, men cannot view women’s rituals, and people from one community cannot view material from another without first seeking permission. Meanwhile images of the deceased cannot be viewed by their families.

It’s not completely clear whether it’s intended to help users perform self-censorship (i.e. they ‘know’ they ’shouldn’t’ look at certain images, and the restrictions are helping them achieve that) or whether it’s intended to stop users seeing things they ’shouldn’t', even if they want to. I think it’s probably the former, since there’s nothing to stop someone putting in false details (but that does assume that the idea of putting in false details would be obvious to someone not experienced with computer login procedures; it may not).

While from my western point of view, this kind of social status-based discrimination DRM seems complete anathema – an entirely arbitrary restriction on knowledge dissemination – I can see that it offers something aside from our common understanding of censorship, and if that’s ‘appropriate’ in this context, then I guess it’s up to them. It’s certainly interesting.

Neverthless, imagining for a moment that there were a Warumungu community living in the EU, would DRM (or any other kind of access restriction) based on a) gender or b) social status not be illegal under European Human Rights legislation?

Disabling buttons

From Clientcopia:

Client: We don’t want the visitor to leave our site. Please leave the navigation buttons, but remove the links so that they don’t go anywhere if you click them.

It’s funny because the suggestion is such a crude way of implementing it, but it’s not actually that unlikely – a 2005 patent by Brian Shuster details a “program [that] interacts with the browser software to modify or control one or more of the browser functions, such that the user computer is further directed to a predesignated site or page… instead of accessing the site or page typically associated with the selected browser function” – and we’ve looked before at websites deliberately designed to break in certain browers and disabling right-click menus for arbitrary purposes.

Long overdue, I’m currently reading Bruce Schneier’s excellent Beyond Fear, and realising that in many ways, security thinking overlaps with architectures of control: the goal of so many systems is to control users’ behaviour or to deny the user the ability to perform certain actions. I’ll post a fuller comparison and analysis in due course, but one example Bruce mentions in passing seemed worth blogging separately:

Nokia spends about a hundred times more money per phone on battery security than on communications security. The security system senses when a consumer uses a third-party battery and switches the phone into maximum power-consumption mode; the point is to ensure that consumers buy only Nokia batteries.

Nokia is prepared to spend a considerable amount of money solving a security problem that it perceives – it loses revenue if customers buy batteries from someone else – even though that solution is detrimental to consumers.

As a battery authentication method, this is more subtle than the systems we’ve looked at before, which actually refuse to allow the device to operate if a non-original-manufacturer battery (or perhaps charger) is used.

Nokia’s system attempts to persuade the customer that the new (cheaper) battery he or she has bought is “no good” by making the phone discharge the battery more quickly – in an extremely underhanded way. From the point of view of the (uninformed) consumer, though, it makes Nokia look good. “Oh, that cheap battery I bought is rubbish, it doesn’t seem to hold its charge. Nokia make them so much better, guess I should stick to them in future.”

But if the Nokia batteries were genuinely ‘better’ than the cheap replacement ones, surely this kind of underhanded tactic wouldn’t be necessary?

P.S. I have no idea whether this Nokia ‘trick’ is real/common/still used, as Beyond Fear has no references, or whether other manufacturers do something similar (as opposed to outright battery authentication-and-denial). I’ll ask a friend at Nokia.

P.P.S. Jason Kottke also noted this tactic back in 2003.

Last month, an Apple patent application was published describing a method of “Protecting electronic devices from extended unauthorized use” – effectively a ‘charging rights management’ system.

New Scientist and OhGizmo have stories explaining the system; while the stated intention is to make stolen devices less useful/valuable (by preventing a thief charging them with unauthorised chargers), readers’ comments on both stories are as cynical as one would expect: depending on how the system is implemented, it could also prevent the owner of a device from buying a non-Apple-authorised replacement (or spare) charger, or from borrowing a friend’s charger, and in this sense it could simply be another way of creating a proprietary lock-in, another way to ‘charge’ the customer, as it were.

It also looks as though it would play havoc with clever homebrew charging systems such as Limor Fried’s Minty Boost (incidentally the subject of a recent airline security débâcle) and similar commercial alternatives such as Mayhem’s Anycharge, although these are already defeated by a few devices which require special drivers to allow charging.

Reading Apple’s patent application, what is claimed is fairly broad with regard to the criteria for deciding whether or not re-charging should be allowed – in addition to charger-identification-based methods (i.e. the device queries the charger for a unique ID, or the charger provides it, perhaps modulated with the charging waveform) there are methods involving authentication based on a code provided to the original purchaser (when you plug in a charger the device has never ’seen’ before, it asks you for a security code to prove that you are a legitimate user), remote disabling via connection to a server, or even geographically-based disabling (using GPS: if the device goes outside of a certain area, the charging function will be disabled).

All in all, this seems an odd patent. Apple’s (patent attorneys’) rather hyperbolic statement (Description, 0018) that:

These devices (e.g., portable electronic devices, mechanical toys) are generally valuable and/or may contain valuable data. Unfortunately, theft of more popular electronic devices such as the Apple iPod music-player has become a serious problem. In a few reported cases, owners of the Apple iPod themselves have been seriously injured or even murdered.

…is no doubt true to some extent, but if the desire is really to make a stolen iPod worthless, then I would have expected Apple to lock each device in total to a single user – not even allowing it to be powered up without authentication. Just applying the authentication to the charging method seems rather arbitrary. (It’s also interesting to see the description of “valuable data”: surely in the case that Apple is aware that a device has been stolen, it could provide the legitimate owner of the device with all his or her iTunes music again, since the marginal copying cost is zero. And if the stolen device no longer functions, the RIAA need not panic about ‘unauthorised’ copies existing! But I doubt that’s even entered into any of the thinking around this.)

Whether or not the motives of discouraging theft are honourable or worthwhile, there is the potential for this sort of measure to cause signficant inconvenience and frustration for users (and second-hand buyers, for example – if the device doesn’t come with the original charger or the authentication code) along with incurring extra costs, for little real ‘theft deterrent’ benefit. How long before the ’security’ system is cracked? A couple of months after the device is released? At that point it will be worth stealing new iPods again.

(Many thanks to Michael O’Donnell of PDD for letting me know about this!)

Previously on the blog: Friend or foe? Battery authentication ICs

UPDATE: Freedom to Tinker has now picked up this story too, with some interesting commentary.

But its ViewFinder image gallery website* sadly falls into the trap of trying to restrict public engagement rather than make it easy. Yes, someone specified the old ‘right click disabled‘ policy:

Screenshots of this page, launched from this page.

Now, the image in question – here’s a direct link – which happens to be an engraving of the former Datchet bridge**, in 1840 according to this page (with a colour image) is, even taking English Heritage’s “1860-1922” suggested date range, surely out of copyright, so presumably there cannot be any ‘legal’ question over ‘letting’ people save a copy (which is easiest to do by right-clicking on the most common operating systems and browsers). Using Javascript to remove the browser toolbars and menus also hides the ability to print the image for most users, presumably also deliberately.

Yes, of course, many (most?) readers of this post will know how to get around the no-right-click architecture of control, but you’re reading a technology blog; think of whom the site is presumably aimed at. It is supposed to be a resource to encourage public engagement with history and heritage. Most users will be computer-literate enough to know how to search and probably familiar with right-clicking, but not to mess round with selectively disabling Javascript. Why should they have to? Incidentally, if you do disable Javascript entirely, you can’t even view an enlarged image at all:

What actual use to the public, other than for momentary on-screen interest, is a photo archive website where nothing can be ‘done’ with the images? What is a child doing a local history project supposed to do? Order a print at £18.80 for each photo and then scan it in? Does English Heritage really think that the ability for someone to save or print or e-mail a low-resolution 72 dpi image is going to devalue or compete with the organisation in some way?

It’s ridiculous: such a short-sighted, narrow-mindset policy removes a significant proportion of the usefulness of the site. I don’t know whether the site developer did this with or without English Heritage’s instruction or cognizance (and it was in 2002, so perhaps different thinking would apply today), but it seems that no-one bothered to think through what an actual user might want to get from interacting with the site.

In fact, regardless of the fact that this particular image (as with many others on the site) is in the public domain, even the images which are still under copyright (or “© English Heritage.NMR” as the site puts it, NMR being the National Monuments Record) should, of course, be freely downloadable, printable, and do-whatever-you-want-able. Their acquisition, preservation and cataloguing were paid for by the public, and they should all be available as widely, and easily, as possible. As it is, I would call the website a waste of public money, since it does not appear to offer what most intended users would expect and need.

Still, at least the site’s not one giant bundle of Flash. That would make it marginally more hassle to extract the images.

*Partially funded by the Big Lottery Fund, and thus not entirely directly taxpayer-funded, unless one regards the National Lottery as an extra tax on the hopeful and desperate, which some commentators would.
**Almost exactly the spot where I’ve been testing a prototype radio-controlled toy for a client this very afternoon, in fact, though the bridge is long gone.

The razor-blade model in general is something of an old chestnut as far as architectures of control go, and we’ve covered it in a number of different contexts on this site over the past couple of years. But it’s always interesting to see it in action with razors themselves, especially if the strategy has become even less consumer-friendly. Via the This Is Broken pool on Flickr, in which ‘Sevenblock‘ talks about Gillette’s use of a dummy blade and dummy slots on the Sensor Excel packaging, I learned of Fred Reichheld’s concept of ‘bad profits’:

…there is something disappointing with the set-up of buying a new razor. This razor reminded me of Fred Reichheld.

The blade which arrives pre-attached to the razor is fake. Is it dangerous to use a real one? Perhaps.

No, it is a set-up to dupe customers into grabbing a new razor and heading to the mirror only to realize that they are holding a plastic faux blade. Then, turn over the packaging, and two razors are held in a spot for five. Another subtle sigh from the customer.

Why not surprise the customer in the other direction? “Wow, five blades! For less than 20 dollars.” Because that’s what happens when you go to refill. BJs and Costco have good deals on bulk blades.

Reichheld’s idea is, effectively, that a company’s strategies can centre on creating ‘good profits’ or ‘bad profits’:

Whenever a customer feels misled, mistreated, ignored, or coerced, then profits from that customer are bad. Bad profits come from unfair or misleading pricing. Bad profits arise when companies save money by delivering a lousy customer experience. Bad profits are about extracting value from customers, not creating value.

…

If bad profits are earned at the expense of customers, good profits are earned with customers’ enthusiastic cooperation. A company earns good profits when it so delights its customers that they willingly come back for more—and not only that, they tell their friends and colleagues to do business with the company.

…

What is the question that can tell good profits from bad? Simplicity itself: How likely is it that you would recommend this company to a friend or colleague?

The full article is well worth a read, as, I expect, Reichheld’s book The Ultimate Question is too (though one reviewer on Amazon also offers some succinctly persuasive criticism).

The basic concept, that the ‘ultimate question’ of whether or not a customer would recommend a company is the key to growth is a good way of articulating, from a business perspective, the message of consumer advocacy that so many from Ralph Nader and Vance Packard to Consumerist and Seth Godin have promulgated over the years, though of course the ‘Why?’ and ‘Why not?’ are crucial. But Reichheld’s simple identification of ‘good profit’ and ‘bad profit’ seems to be a very clever way of looking at the issue: the ‘good’ and ‘bad’ labels refer to the effect on the company itself as well as on the customer, since a company reliant on bad profits will, one would assume, ultimately, lose its customer base (unless there are no alternatives – Brand Autopsy has an interesting piece on this in relation to car rental firms).

Most commercially driven architectures of control, then (as opposed to politically driven ones) would seem to be designed to extract value from customers (unwilling or ignorant), and thus might be described as bad profit-seeking, by Reichheld’s definition. To paraphrase Cory Doctorow on DRM, it’s unlikely that any customers wake up and say, “Damn, I wish there was a way to have my actions deliberately constrained for commercial gain by the products and services I use.” Hence, it’s unlikely that customers will evangelise or even recommend products and systems which give them a lousy experience. They may accept them grudgingly, as most of us do with many commercial (and political) interactions every day, but once a ‘good profit’ alternative becomes available and widely known about, they won’t hesitate to switch. I hope.

Maybe ‘good profits’ and ‘bad profits’ are too simplistic as terminologies, much like Jakob Nielsen’s ‘Evil design’ comments, but even a continuum between ‘good’ and ‘bad’ profit intentions is a useful way of thinking about the merits or otherwise of corporate strategies, particularly with customer service, products, pricing, rent-seeking, gouging, lock-in and so on.

Koranteng Ofosu-Amaah kindly sent me a link to this article by Ben Hyde:

I once had a web product that failed big-time. A major contributor to that failure was tedium of getting new users through the sign-up process. Each screen they had to step triggered the lost of 10 to 20% of the users. Reducing the friction of that process was key to survival. It is a thousand times easier to get a cell phone or a credit card than it is to get a passport or a learner’s permit. That wasn’t the case two decades ago.

…

Public health experts have done a lot of work over the decades to create barrier between the public and dangerous items and to lower barriers to access to constructive ones. So we make it harder to get liquor, and easier to get condoms. Traffic calming techniques are another example of engineering that makes makes a system run more slowly.

I find these attempts to shift the temperature of entire systems fascinating. This is at the heart of what you’re doing when you write standards, but it’s entirely scale free… In the sphere of internet identity it is particularly puzzling how two countervailing forces are at work. One trying to raise the friction and one trying to lower it. Privacy and security advocates are attempting to lower the temp and increase the friction. On the other hand there are those who seek in the solution to the internet identity problem a way to raise the temperature and lower the friction. That more rather than less transactions would take place.

The idea of ‘process friction’ which is especially pertinent as applied to architectures of control. Simply, if you design a process to be difficult to carry out, fewer people will complete it, since – just as with frictional forces in a mechanical system – energy (whether real or metaphorical) is lost by the user at each stage.

This is perhaps obvious, but is a good way to think about systems which are designed to prevent users carrying out certain tasks which might otherwise be easy – from copying music or video files, to sleeping on a park bench. Just as friction (brakes) can stop or slow down a car which would naturally roll down a hill under the force of gravity, so friction (DRM, or other architectures of control) attempts to stop or slow down the tendency for information to be copied, or for people to do what they do naturally. Sometimes the intention is actually to stop the proscribed behaviour (e.g. an anti-sit device); other times the intention is to force users to slow down or think about what they’re doing.

From a designer’s point of view, there are far more examples where reducing friction in a process is more important than introducing it deliberately. In a sense, is this what usability is?. Affordances are more valuable than disaffordances, hence the comparative rarity of architectures of control in design, but also why they stand out so much as frustrating or irritating.

The term cognitive friction is more specific than general ‘process friction’, but still very much relevant – as explained on the Cognitive Friction blog:

Cognitive Friction is a term first used by Alan Cooper in his book The Inmates are Running the Asylum, where he defines it like this:

“It is the resistance encountered by a human intellect when it engages with a complex system of rules that change as the problem permutes.”

In other words, when our tools manifest complex behaviour that does not fit our expectations, the result can be very frustrating.

Going back to the Ben Hyde article, the use of the temperature descriptions is interesting – he equates cooling with increasing the friction, making it more difficult to get things done (similarly to the idea of chilling effects), whereas my instinctive reaction would be the opposite (heat is often energy lost due to friction, hence a ‘hot’ system, rather than a cold system, is one more likely to have excessive friction in it – I see many architectures of control as, essentially, wasting human effort and creating entropy).

But I can see the other view equally well: after all, lubricating oils work better when warmed to reduce their viscosity, and ‘cold welds’ are an important subject of tribological research. Perhaps the best way to look at it is that, just as getting into a shower that’s too hot or too cold is uncomfortable, so a system which is not at the expected ‘temperature’ is also uncomfortable for the user.

Sometimes there’s very useful terminology in one field, or culture, which allows clearer or more succinct explanation of concepts in another. In the UK we don’t have Roach Motels. There are doubtless similar products, but they don’t have such a snappy name, or one which can be repurposed so easily.

Reading about DRM, file format incompatability and lock-in, I’d come across the term a number of times without necessarily thinking through exactly what it meant when used in this way, not being familiar with the actual product. “You can check data in but you can’t check it out” (possibly in conjunction with some kind of superficially attractive bait) is a good explanation, derived from the actual slogan used on the front of the box. I’m assuming (possibly wrongly) that ‘roach motel’ isn’t especially familiar to most UK readers – do we have an equivalently neat alternative term? Are there equivalents in other languages?

L.J.K. Setright, the late motoring writer and commentator, self-taught mechanical engineer and all-round Renaissance Man, once wrote:

Fashion is a terrible fetter; convention, since it lasts longer, is even worse.

This was in an issue of Car, when it was still any good.

Setright wrote it in reference to car design, and the lack of progress thereof, but I think we can all see how applicable it is to many fields of endeavour, not just in technology but in society also. We should be very wary when fashions become conventions – or at least we should think them through before they become norms. And we should always leave ourselves a way out. (I’ve mentioned this in a few contexts before, perhaps with a little hyperbole.)

What almost became a norm – DRM’d music – is now apparently on the way out. DRM was a fashion, not a convention: still a fetter, but one which can ultimately be shaken off, as it should be.

The great thing about fashions, of course, is that they can be talked into existence, and talked out of existence too. Fashions are not architecture.

A clever comment on incompatible (and DRM’d) formats by eboy’s flunters. (Via rss.euge.de)

First, an apology for anyone who’s had problems with the RSS/Atom feeds over the last month or so. I think they’re fixed now (certainly Bloglines has started picking them up again) but please let me know if you don’t read this. Oops, that won’t work… anyway:

Some developments in – and commentary on – digital architectures of control to end 2006:

“Either you’re going to make someone happy or you’re not…

Here’s the short version: If you try to teach a customer a lesson, you’ve just done two things:
a. failed at teaching a lesson
and
b. lost a customer”

How does this relate to the “stick” approach to changing users’ behaviour?

How does it relate to DRM, often presented as “keeping honest customers honest”?

If you’re designing (planning) a user’s experience (retail, product design, software, services), do you look on the user as the enemy, or the focus of your efforts?

(Trackback URI for Seth’s post)

“The secret to getting ahead in the 21st century is capitalizing on people doing what they want to do, rather than trying to get them to do what you want to do.”

(Glenn Reynolds of Instapundit.com, in a Wired article quoted at the Public Journalism network)

I think this applies very much to issues of control in products, systems and environments, in addition to the blogging context in which it was spoken, just so long as people are aware that there are alternatives available which do let them do what they want. eMusic exists, with a DRM-free format, but more people still use iTunes. Why?

As Cory Doctorow has so often put it, “No-one wakes up in the morning wanting to do less with his or her stuff.” It will be especially interesting to see how businesses built on the model Reynolds expresses fare in the years ahead. Is this really the secret to getting ahead? Will we really have companies and governments succeeeding by striving to help and empower people, or will the lure of increased control prove too attractive?

“Hey, Dan: your blog is trying to control me! Whenever I post a comment, it doesn’t allow me to stay on the same page, but instead takes me on a magic carpet ride to http://www.danlockton.co.uk/”

To be honest, this wasn’t a deliberate ‘architectures of control’ experiment – not initially, at least. It was a consequence of a wrongly/badly configured setting in Wordpress* – but once I realised (quite a few months ago) that there was a problem, and my initial attempts to solve it failed, I decided to see how long it would be before a commenter complained, or at least drew my attention to the issue (which is now fixed).

I’m assuming that of the 250-odd non-spam, non-me comments on the blog, a certain percentage of commenters believed that the redirect was a deliberate (and irritating?) trick to drive traffic to my homepage, some will have recognised the real problem and blamed me (talks about technology but can’t even configure his blog properly) and a certain percentage believed that it was some mistake they had made. People often immediately assume that technological errors are their own fault – from “My computer won’t copy DVDs properly, they come out all scrambled and unwatchable” to “I bought loads of music off the internet but I think Windows deleted it when I upgraded; I’m so stupid with technology.” Some believe technology has it in for them (resistentialism), others that they’re just “not good with science and technical stuff”. For example, how many DRM trainwrecks are written off as mere ‘user error’ by the people affected, blaming themselves for the problems?

*

When I set up the blog, I’d put the WordPress files in www.danlockton.co.uk/architectures, and had used that path for the WordPress address field in this dialogue. Then I realised that I could use subdomains with my web host, i.e. architectures.danlockton.co.uk was equivalent to (www.)danlockton.co.uk/architectures, and so I put that in the blog address field, and forgot about it, as the rest of the blog worked fine. I did half-heartedly try to work out why the redirecting after commenting wasn’t working as hoped, but because I presumed that the two URIs listed were exactly equivalent, I only got round to changing them this evening. A bodge (as we say in England) might have been to spend ages messing around with .htaccess; I’m glad the fix was so simple.

I’ve just come across a very interesting new blog, uninnovate.com, which focuses on the phenomenon of “engineering expensive features into a product for which there is no market demand in order to make the product do less.” The first few posts tackle ‘Three legends of uninnovation‘ (the iPod’s copy restrictions, Sony’s mp3-less Walkman, and Verizon’s rent-seeking on Bluetooth features), Microsoft’s priorities (patching DRM flaws vs. security flaws that actually damage users), Amazon’s absurd new Unbox ’service’ and ‘Trusted’ computing for mobile phones. The perspective is refreshingly clear: no customer woke up wanting these ‘features’, yet companies direct vast efforts towards developing them.

In a sense the ‘uninnovation’ concept is a similar idea to a large proportion of the architectures of control in products I’ve been examining on this site over the last year, especially DRM and DRM-related lock-ins, though with a slightly different emphasis: I’ve chosen to look at it all from a ‘control’ point of view (features are being designed in – or out – with the express intention of manipulating and restricting users’ behaviour, usually for commercial ends, but also political or social).

Uninnovate looks to be a great blog to watch – not sure who’s behind it, but the analysis is spot-on and the examples lucidly explained.

“This is the paradox of social media that has been bothering me lately: an ‘empowering’ media that provides increased opportunities for communication, education and online participation, but which at the same time further isolates individuals and aggregates them into masses —more prone to control, and by extension more prone to discipline.”

Slashdot on ‘A working economy without DRM?’ – same debate as ever, but some very insightful comments

Slashdot on ‘Explaining DRM to a less-experienced PC user’ – I particularly like SmallFurryCreature’s ‘Sugar cube’ analogy

‘The Promise of a Post-Copyright World’ by Karl Fogel – extremely clear analysis of the history of copyright and, especially, the way it has been presented to the public over the centuries

(Via BoingBoing) The Entertrainer – a heart monitor-linked TV controller: your TV stays on with the volume at a usable level only while you keep exercising at the required rate. Similar concept to Gillian Swan’s Square-Eyes

“This is an economic limit on privacy violation by companies, owing to the liability of having too much information about (or control over) users.”

It’s the “control over users” that immediately makes this something especially relevant for designers and technologists to consider: that control is designed, consciously, into products and systems, but how much thought is given to the extremes of how it might be exercised, especially in conjunction with the wealth of information that is gathered on users?

“Liability can come from various sources… [including]

Vicarious infringement liability.

Imagine: you write a music player (like iTunes) that can check the Internet when I place a CD in my computer. You decide to collect this data for market research. Now the RIAA discovers that this data can also identify unauthorized copies. Can they compel you to hand over data on user listening habits?

Your company is liable for vicarious infringement if (1) infringement happens, (2) you benefit from it, and (3) you had the power to do something about it—which I assume includes reporting the infringement. So now you are possibly liable because you have damning information about your users. This also applies to DRM technologies that let you restrict users.

Note that you can’t solve this problem simply by adopting a policy of only keeping the data for 1 month, or being gentle and consumer-friendly with your DRM. The fact is, you have the architecture for monitoring and/or control, and you may not get to choose how you use it.

Other sources of liability described include: being drawn into criminal investigations based on certain data which a company or other organisation may have – or be compelled to obtain – on its users; customers suing in relation to the leaking of supposedly private data (as in the AOL débâcle); and “random incompetence”, e.g. an employee accidentally releasing data or arbitrarily exercising some designed-in control with undesirable consequences.

Scott goes on:

“Okay, so there is a penalty to having too much knowledge or too much control over customers. What should companies do to stay beneath this ceiling?

1. Design an architecture for your business/software that naturally prevents this problem.

It is much easier for someone to compel you to violate users’ privacy if it’s just a matter of using capabilities you already have. Mind, you have to convince a judge, not a software engineer, that adding monitoring or control is difficult. But you have a better shot in court if you must drastically alter your product in order to give in to demands.

…

2. Assume you will monitor and control to the full extent of your architecture. In fact, don’t just assume this, but go to the trouble to monitor or control your users.

Why? Because in an infringement lawsuit you don’t want to appear to be acting in bad faith… if you have the ability to monitor users and refuse to use it, you’re giving ammunition to a copyright holder who accuses you of inducement and complicity.

…

But … the real message is that you should go back to design principle 1. If you want to protect users, think about the architecture; don’t just assume you can take a principled stand not to abuse your own power.

The third principle is really a restatement of the first two, but deserves restating:

3. Do not attempt to strike a balance.

Do not bother to design a system or business model that balances user privacy with copyright holder demands. All this does is insert an architecture of monitoring or control, for later abuse. In other words, design an architecture for privacy alone. Anything you put in there, under rule #2, will one day be used to its full extent.

I have seen many many papers over the years, in watermarking tracks, proposing an end-to-end media distribution system balancing DRM with privacy. Usually, the approach is that watermarks are embedded in music/movies/images by a trusted third party, the marks are kept secret from the copyright holder, and personal information is revealed only under specific circumstances in which infringement is clear. This idea is basically BS. Your trusted third party does not have the legal authority to decide when to reveal information. What will likely happen instead: if a copyright holder feels infringement is happening, the trusted third party will be liable for vicarious infringement.“

Summing it up: any capability you design into a product or system will be used at some point – even if you are forced to use it against the best interests of your business. So it is better to design deliberately to avoid being drawn into this: design systems not to have the ability to monitor or control users, and that will keep you much safer from liability issues.

The privacy ceiling concept – which Scott is going to present in a paper along with Lorrie Cranor and Janice Tsai at the ACM DRM 2006 workshop – really does seem to have a significant implications for many of the architectures of control examples I’ve looked at on this site.

For example, the Car Insurance Black Boxes mostly record mileage and time data to allow insurance to be charged according to risk factors that interest the insurance company; but the boxes clearly also record speed, and whether that information would be released to, say, law enforcement authorities, if requested, is an immediate issue of interest/concern.

Looking further, though, the patent covering the box used by a major insurer mentions an enormous number of possible types of data that could be monitored and reported by the device, including exact position, weights of occupants, driving styles, use of brakes, what radio station is tuned in, and so on. Whether any insurance company would ever implement them, of course, is another question, and it would require a lot tighter integration into a vehicle’s systems; nevertheless, as Scott makes clear, whatever possibilities are designed into the architecture, will be exploited at some point, whether through pressure (external or internal) or incompetence.

I look forward to reading the full paper when it is available.

Via Dave Farber’s Interesting People, a brief New Scientist article outlines Sony’s continuing obsession with restricting and controlling its customers (the last one didn’t go too well):

“A patent filed by Sony last week suggests it may once again be considering preventing consumers making “too many” back-up copies of its CDs…

Sony’s latest idea is to place a piece of monitoring hardware inside the CD. Its patent suggests embedding a radio-frequency ID chip that could be interrogated wirelessly by a PC or CD player. The chip would record the number of times the disc was copied and prevent further recordings once it reached the limit. The device could also be fitted to DVDs. Whether Sony will turn the patent idea into reality remains to be seen.”

Of course this will require new CD players and CD-ROM drives with the ability to read, write to and act on the signal from the RFID chip – which means its impact may not be very significant.

It’s not clear whether the “permitted” copies have to be made onto “chipped” Sony-authorised discs (otherwise the technology seems rather pointless, as people will just make copies of the un-protected copies instead of repeated copies of the original) – if this is the case, then is this not just a sly “razor blade model” or “PRM” (in Ed Felten’s phrase) attempt to make Sony CD-writers require the purchase of Sony chipped blank CDs in order to copy music?

And would this break the Orange Book standard for CD-Rs?