This is a great graph from GraphJam, by ‘Bloobeard’. It raises the question, of course, whether the ‘door close’ buttons on lifts/elevators really do actually do anything, or are simply there to ‘manage expectations‘ or act as a placebo.

The Straight Dope has quite a detailed answer from 1986:

The grim truth is that a significant percentage of the close-door buttons [CDB] in this world, for reasons that we will discuss anon, don’t do anything at all.
…
In the meantime, having consulted with various elevator repairmen, I would say that apparent CDB nonfunctionality may be explained by one of the following:

(1) The button really does work, it’s just set on time delay.
Suppose the elevator is set so that the doors close automatically after five seconds. The close-door button can be set to close the doors after two or three seconds. The button may be operating properly when you push it, but because there’s still a delay, you don’t realize it.

(2) The button is broken. Since a broken close-door button will not render the elevator inoperable and thus does not necessitate an emergency service call, it may remain unrepaired for weeks.

(3) The button has been disconnected, usually because the building owner received too many complaints from passengers who had somebody slam the doors on them.

(4) The button was never wired up in the first place. One repair type alleges that this accounts for the majority of cases.

Gizmodo, more recently, contends that:

…the Door Close button is there mostly to give passengers the illusion of control. In elevators built since the early ’90s. The button is only enabled in emergency situations with a key held by an authority.

This is clearly not always true; I’ve just tested the button in the lift down the corridor here at Brunel (installed around a year ago) and it works fine. So it would seem that enabling the functionality (or not) or modifying it (e.g. time delays) is a decision that can be made for each installation, along the lines of the Straight Dope information.

If there’s a likelihood (e.g. in a busy location) that people running towards a lift will become antagonised by those already inside pressing the button (deliberately or otherwise) and closing the door on them, maybe it’s sensible to disable it, or introduce a delay. If the installation’s in a sparsely populated corner of a building where there’s only likely to be one lift user at a time, it makes sense for the button to be functional. Or maybe for the doors to close more quickly, automatically.

But thinking about this more generally: how often are deceptive buttons/controls/options – deliberate false affordances – used strategically in interaction design? What other examples are there? Can it work when a majority of users ‘know’ that the affordance is false, or don’t believe it any more? Do people just give up believing after a while – the product has “cried Wolf” too many times?

Matt Webb (Mind Hacks, Schulze & Webb) has an extremely interesting discussion of the extinction burst in conditioning, which seems relevant here:

There’s a nice example I read, I don’t recall where, about elevators. Imagine you live on the 10th floor and you take the elevator up there. One day it stops working, but for a couple of weeks you enter the elevator, hit the button, wait a minute, and only then take the stairs. After a while, you’ll stop bothering to check whether the elevator’s working again–you’ll go straight for the stairs. That’s called extinction.

Here’s the thing. Just before you give up entirely, you’ll go through an extinction burst. You’ll walk into the elevator and mash all the buttons, hold them down, press them harder or repeatedly, just anything to see whether it works. If it doesn’t work, hey, you’re not going to try the elevator again.

But if it does work! If it does work then bang, you’re conditioned for life. That behaviour is burnt in.

I think this effect has a lot more importance in everyday interaction with products/systems/environments than we might realise at first – a kind of mild Cargo Cult effect – and designers ought to be aware of it. (There’s a lot more I’d like to investigate about this effect, and how it might be applied intentionally…)

We’ve looked before at the thermostat wars and the illusion of control in this kind of context. It’s related to the illusion of control psychological effect studied by Ellen Langer and others, where people are shown to believe they have some control over things they clearly don’t: in most cases, a button does afford us control, and we would rationally expect it to: an expectation does, presumably, build up that similar buttons will do similar things in all lifts we step into, and if we’re used to it not doing anything, we either no longer bother pressing it, or we still press it every time “on the off-chance that one of these days it’ll work”.

How those habits form can have a large effect on how the products are, ultimately, used, since they often shake out into something binary (you either do something or you don’t): if you got a bad result the first time you used the 30 degree ‘eco’ mode on your washing machine, you may not bother ever trying it again, on that machine or on any others. If pressing the door close button seems to work, that behaviour gets transferred to all lifts you use (and it takes some conscious ‘extinction’ to change it).

There’s no real conclusion to this post, other than that it’s worth investigating this subject further.

Interesting to see the BBC’s summary of the current iPhone update story: “Apple issues an update which damages iPhones that have been hacked by users”. I’m not sure that’s quite how Apple’s PR people would have put it, but it’s interesting to see that whoever writes those little summaries for the BBC website found it easiest to sum up the story in this way. This is being portrayed as Apple deliberately, strategically damaging the phones, rather than an update unintentionally causing problems with unlocked or modified phones.

Regardless of what the specific issue is here, and whether unmodified iPhones have also lost functionality because of some problem with the update, can’t we just strip out all this nonsense? How many people who wanted an iPhone also wanted to be locked in to AT&T or whatever the local carrier will be in each market? Anyone? Who wants to be locked in to anything? What a waste of technical effort, sweat and customer goodwill: it’s utterly pathetic.

This is exactly what Fred Reichheld‘s ‘Bad profits’ idea calls out so neatly:

Whenever a customer feels misled, mistreated, ignored, or coerced, then profits from that customer are bad. Bad profits come from unfair or misleading pricing. Bad profits arise when companies save money by delivering a lousy customer experience. Bad profits are about extracting value from customers, not creating value.

…

If bad profits are earned at the expense of customers, good profits are earned with customers’ enthusiastic cooperation. A company earns good profits when it so delights its customers that they willingly come back for more—and not only that, they tell their friends and colleagues to do business with the company.

…

What is the question that can tell good profits from bad? Simplicity itself: How likely is it that you would recommend this company to a friend or colleague?

If your iPhone’s just turned into the most stylish paperweight in the office, are you likely to recommend it to a colleague?

More to the point, if Apple had moved – in the first place – into offering telecom services to go with the hardware, with high levels of user experience and a transparent pricing system, how many iPhone users and Mac evangelists wouldn’t have at least considered changing?

Recent versions of Adobe’s PDF creation and viewing software, Acrobat Professional and Adobe Reader (screenshot above) have ‘featured’ a button on the toolbar (and a link in the File menu) entitled “Send to FedEx Kinko’s” which upload the document to FedEx Kinko’s online printing service. As Gavin Clarke reports in The Register, this choice of default (the result of a tie-in between Adobe and FedEx) has irritated other printing companies and trade bodies sufficiently for Adobe to agree to remove the element from the software:

Adobe Systems has scrapped the “send to FedEx Kinkos” print button in iAdobe Reader and Acrobat Professional, in the face of overwhelming opposition from America’s printing companies.

Adobe said today it would release an update to its software in 10 weeks that will remove the ability to send PDFs to FedEx Kinkos for printing at the touch of a button.

…

No doubt the idea of linking to a service that’s often the only choice presented to consumers in the track towns of Silicon Valley made eminent sense to Adobe, itself based in San Jose, California. But the company quickly incurred the wrath of printers outside the Valley for including a button to their biggest competitor, in software used widely by the design and print industry.

I wonder how many users of Acrobat/Reader actually used the service? Did its inclusion change any users’ printing habits (i.e. they stopped using their current printer and used Kinko’s instead)? And was this due to pure convenience/laziness? Presumably Kinko’s could identify which of their customers originated from clicking the button – were they charged exactly the same as any other customer, or was this an opportunity for price discrimination?

As some of the comments – both on the Register story and on Adobe’s John Loiacono’s blog – have noted, the idea of a built-in facility to send documents to an external printing service is not bad in itself, but allowing the user to configure this, or allowing printing companies to offer their own one-click buttons to users, would be much more desirable from a user’s point of view.

In a sense, ‘choice of default’ could be the other side of process friction as a design strategy. By making some options deliberately easier – much easier – than the alternatives (which might actually be more beneficial to the user), the other options appear harder in comparison, which is effectively the same as making some options or methods harder in the first place. The new-PCs-pre-installed-with-Windows example is probably the most obvious modern instance of choice of default having a major effect on consumer behaviour, as an anonymous commenter noted here last year:

Ultimately, though, you can sum up the free-software tug-of-war political control this way: it’s easiest to get a Windows computer and use it as such. Next easiest to get a MacOS one and use it as such. Commercial interests and anti-free software political agenda. Next easiest is a Linux computer, where the large barrier of having to install and configure an operating system yourself must be leapt. Also, it’s likely you don’t actually save any money upfront, because you probably end up buying a Windows box and wiping it to install Linux. Microsoft exacts their tax even if you won’t use the copy of Windows you’re supposedly paying them for.

Photo by veryfotos.

Sometimes ‘choice of default’ can mean actually hiding the options which it’s undesirable for customers to choose:

Here’s a little secret that Starbucks doesn’t want you to know: They will serve you a better, stronger cappuccino if you want one, and they will charge you less for it. Ask for it in any Starbucks and the barista will comply without batting an eye. The puzzle is to work out why. The drink in question is the elusive “short cappuccino”—at 8 ounces, a third smaller than the smallest size on the official menu, the “tall,” and dwarfed by what Starbucks calls the “customer-preferred” size, the “Venti,” which weighs in at 20 ounces and more than 200 calories before you add the sugar.

The short cappuccino has the same amount of espresso as the 12-ounce tall, meaning a bolder coffee taste, and also a better one. The World Barista Championship rules, for example, define a traditional cappuccino as a “five- to six-ounce beverage.” This is also the size of cappuccino served by many continental cafés. Within reason, the shorter the cappuccino, the better.

…

This secret cappuccino is cheaper, too—at my local Starbucks, $2.35 instead of $2.65. But why does this cheaper, better drink—along with its sisters, the short latte and the short coffee—languish unadvertised? The official line from Starbucks is that there is no room on the menu board, although this doesn’t explain why the short cappuccino is also unmentioned on the comprehensive Starbucks Web site, nor why the baristas will serve you in a whisper rather than the usual practice of singing your order to the heavens.

The rest of this Slate article* from 2006, by Tim Harford, advances the idea that this kind of tactic is designed specifically to allow price discrimination:

This is the Starbucks way of sidestepping a painful dilemma over how high to set prices. Price too low and the margins disappear; too high and the customers do. Any business that is able to charge one price to price-sensitive customers and a higher price to the rest will avoid some of that awkward trade-off… Offer the cheaper product but make sure that it is available only to those customers who face the uncertainty and embarrassment of having to request it specifically.

Initially, one might think it a bit odd that the lower-priced item has survived at all as an option, given that it can only be a very small percentage of customers who are ‘in the know’ about it. But unlike a shop or company carrying a ‘secret product line’, which requires storage and so on, the short cappuccino can be made without needing any different ingredients, so it presumably makes sense to contnue offering it.

Thinking about other similarly hidden options (especially ‘delete’ options when buying equipment) reveals how common this sort of practice has become. I’m forever unticking (extra-cost) options for insurance or faster delivery when ordering products online; even when in-store, the practice of staff presenting extended warranties and insurance as if they’re the default choice on new products is extremely widespread.

Perhaps a post would be in order rounding up ways to save money (or get a better product) by requesting hidden options, or requesting the deletion of unnecessary options – please feel free to leave any tips or examples in the comments. Remember, all progress depends on the unreasonable man (or woman).

*There is another tactic raised in the article, pertinent to our recent look at casino carpets, which I will get around to examining further in due course.

Last month, an Apple patent application was published describing a method of “Protecting electronic devices from extended unauthorized use” – effectively a ‘charging rights management’ system.

New Scientist and OhGizmo have stories explaining the system; while the stated intention is to make stolen devices less useful/valuable (by preventing a thief charging them with unauthorised chargers), readers’ comments on both stories are as cynical as one would expect: depending on how the system is implemented, it could also prevent the owner of a device from buying a non-Apple-authorised replacement (or spare) charger, or from borrowing a friend’s charger, and in this sense it could simply be another way of creating a proprietary lock-in, another way to ‘charge’ the customer, as it were.

It also looks as though it would play havoc with clever homebrew charging systems such as Limor Fried‘s Minty Boost (incidentally the subject of a recent airline security débâcle) and similar commercial alternatives such as Mayhem‘s Anycharge, although these are already defeated by a few devices which require special drivers to allow charging.

Reading Apple’s patent application, what is claimed is fairly broad with regard to the criteria for deciding whether or not re-charging should be allowed – in addition to charger-identification-based methods (i.e. the device queries the charger for a unique ID, or the charger provides it, perhaps modulated with the charging waveform) there are methods involving authentication based on a code provided to the original purchaser (when you plug in a charger the device has never ‘seen’ before, it asks you for a security code to prove that you are a legitimate user), remote disabling via connection to a server, or even geographically-based disabling (using GPS: if the device goes outside of a certain area, the charging function will be disabled).

All in all, this seems an odd patent. Apple’s (patent attorneys’) rather hyperbolic statement (Description, 0018) that:

These devices (e.g., portable electronic devices, mechanical toys) are generally valuable and/or may contain valuable data. Unfortunately, theft of more popular electronic devices such as the Apple iPod music-player has become a serious problem. In a few reported cases, owners of the Apple iPod themselves have been seriously injured or even murdered.

…is no doubt true to some extent, but if the desire is really to make a stolen iPod worthless, then I would have expected Apple to lock each device in total to a single user – not even allowing it to be powered up without authentication. Just applying the authentication to the charging method seems rather arbitrary. (It’s also interesting to see the description of “valuable data”: surely in the case that Apple is aware that a device has been stolen, it could provide the legitimate owner of the device with all his or her iTunes music again, since the marginal copying cost is zero. And if the stolen device no longer functions, the RIAA need not panic about ‘unauthorised’ copies existing! But I doubt that’s even entered into any of the thinking around this.)

Whether or not the motives of discouraging theft are honourable or worthwhile, there is the potential for this sort of measure to cause signficant inconvenience and frustration for users (and second-hand buyers, for example – if the device doesn’t come with the original charger or the authentication code) along with incurring extra costs, for little real ‘theft deterrent’ benefit. How long before the ‘security’ system is cracked? A couple of months after the device is released? At that point it will be worth stealing new iPods again.

(Many thanks to Michael O’Donnell of PDD for letting me know about this!)

Previously on the blog: Friend or foe? Battery authentication ICs

UPDATE: Freedom to Tinker has now picked up this story too, with some interesting commentary.

Some developments in – and commentary on – digital architectures of control to end 2006:

Image based on Don Norman‘s famous teapot, and the Obey Giant face

Last month I asked, in response to some criticism, whether there was a better term than ‘architectures of control’ for the loose category of stuff discussed on this site. The response was great – thanks to all who got in touch or commented.

James Young, an artist & designer from Oregon, thoughtfully suggested obedience engineering (along with ‘restrictive’, ‘regulatory’ and ‘supervisory’ engineering – as extensions to the term ‘functional engineering’, which I understand but have always thought was something of a tautology!). Obedience engineering has a neat ring to it – implying external authority – and describes most of the examples on this site pretty well, both politically- and economically-motivated control.

In most cases the ‘obedience’ is to serve a higher power’s strategy in some way, whether that’s forcing customers to buy razor blades more often or stopping the homeless sleeping in a park. In some cases, though, the obedience serves the user him or herself (usually in addition to a higher power in one way or another), such as various forcing functions and mistake-proofing aimed at ensuring safe operation of products or machines – it’s a similar kind of obedience to obeying your parents’ instructions not to put those fireworks in your pocket: for your own safety as well as their peace of mind. I’m aware that most of the examples I use come across as rather negative (and usually paranoid), so it’s important to remember that a lot of ‘control’ can have beneficial intentions (at least) for the user or society as a whole.

Reversing the phrase, ‘engineering/ed obedience’ and ‘designing/ed obedience’ also have a lot of merit, either as titles themselves or as explanatory subtitles/taglines. Architectures of control: engineered obedience?

(I don’t necessarily want to get into the design-or-engineering debate here. Both terms mean many different things to different people, and the use of either could immediately put off or attract people who would find something of interest here. There are readers here from a fair variety of fields; I know people whose eyes go blank when engineering is mentioned, and others who would assume that a site about design must be dealing purely with aesthetics or artisan furniture. Personally I see all design and engineering (and art and programming – as Paul Graham recognised) as pretty much the same subject, and indeed, perhaps the intersection of the physical and cognitive sciences with the environment, history and culture, but that’s something for another day…)

Jim Lipsey, a project engineer from Chicago, suggests disaffordances as a synonym for architectures of control – again, a neat and clever suggestion which also has the benefit of immediately conveying some understanding of the concept to product design and usability professionals and academics.

Nevertheless, it’s worth running over briefly what ‘affordances’ are in the first place, to explain why ‘disaffordances’ might be a good term. In its original definition, an affordance is a possible function of, or interaction with, a device. A chair gives me the affordance of sitting on it, but also standing on it, or hitting someone with it. This is a simplification of psychologist James J. Gibson‘s definition of affordances. Donald Norman – author of the legendary The Design of Everyday Things – extended the concept to what he later called perceived affordances: while I might use a chair to hit someone, my cultural conditioning, together with the form of the chair, suggest that I should sit on it. Norman’s affordances are thus what people think they can do (or should) with objects, which may be different to what they actually can do with them:

From ‘Affordances‘ by Mads Soegaard: ‘Separating affordances from the perceptual information that specifies affordances. Adapted from Gaver (1991).’

This Interaction-Design.org encyclopaedia article (from which the above diagram comes) is a very clear treatment fo the subject, as are Don Norman’s own ‘Affordances and design‘, and indeed Wikipedia’s entry.

Disaffordances, then, would imply either products with functionality deliberately removed (which fits many architectures of control example well – most obviously ‘feature deletion‘) or with the functionality deliberately hidden or obscured to reduce users’ ability to use the product in certain ways, or a combination of the two. That does take care of most of the examples I’ve looked at on this site, though I worry a bit about having to concatenate the two definitions. I also feel that quite a lot of architectures of control are actively attempting to force users to change their behaviour, whilst disaffordance implies a more passive state of affairs.

I think it may be best to use the term ‘disaffordance’ specifically to describe the practice of ‘disenfranchising’ users from the functions their products, systems or environments might otherwise provide (or have previously provided). This covers a lot of the things we discuss here (though it’s important to remember that architectures of control are deliberate, intentional, often strategic disaffordances, rather than something that’s difficult to use or hides its features through incompetent design); the the term doesn’t have much currency (yet), but I’ve done as Jim suggests and registered disaffordances.com and disaffordances.co.uk.

This blog is still maturing, and evolving, as is the field of thinking and practice which it charts. I’m sure plenty of new terminology (and jargon) will become commonplace in the years ahead. And the site will continue, in the words of the fantastic Gossip, ‘standing in the way of control‘ [mp3 link].

My Epson Stylus Photo R1800′s been running low on ink in a couple of cartridges for a few days now. I’ve been putting off ordering them until this weekend. Now I find that when the printer believes a cartridge has reached 0%, it won’t print anything at all, even if it doesn’t need that colour. Users (i.e. me) are forced into buying new cartridges at a time when they don’t actually need them in a pathetic exercise of Epson’s control. Workflow is interrupted, plans out of the window.

So now, in order to print something important which needs to be done this afternoon, I am going to have to get on a train and go into a local town, wasting a couple of hours of my life and resulting in entirely unnecessary energy usage and carbon emissions. That’s relatively easy for me: I live next to a railway station. But in areas of the world where it isn’t convenient or possible, how can such thoughtless design be tolerated? Printers a few years ago allowed you to keep printing until the cartridges were actually empty. You knew when to stop because you could see.

Hey Epson: if you push your customers around, they’ll walk away. Forever. It’s as simple as that. People’s time is precious. Convenience is important. There’s no way I’ll ever buy another Epson product or recommend them to anyone else. And I’m a techy guy: occasionally, people do ask my opinion on products. (Of course I’m going to buy cheap refill cartridges; ultimately I may have to get a continuous ink supply system)

Yeah, it’s a rant; it’s also a pathetic piece of design embodying absolute contempt for the customer.

(Sadly the SSC Service Utility mentioned a few months ago doesn’t seem to allow the ink levels to this particular printer to be re-set, though it’s undoubtedly of great use on other models.)

Seth Godin mentions providing a ‘convenience’ feature for customers and then intentionally making it inconvenient to use:

“Here at the White Plains airport, I’m noticing all these people doing things to me. Enforcing irrational rules. Intentionally putting the seats far from the electrical outlets so people like me won’t steal electricity. Yelling over the PA system. Scolding people for not standing in the right place.”

Whether, in the case he’s discussing, the electrical outlets really were positioned far from the seats to stop people plugging in laptops and so on, or whether the positioning of the seats and the outlets were entirely unconnected decisions (badly-positioned sockets aren’t exactly uncommon) my intuition tells me that there will be plenty of other examples where a ‘convenience’ feature is deliberately crippled or implemented in a way that restricts customers’ ability to use it. When it’s done for strategic reasons (appear better to customers, or just save money on electricity), it’s certainly an architecture of control.

Off the top of my head, free air pumps (tyre inflators) at petrol stations are often positioned in such a way that pays lip-service to the actual practice of using them: it looks good to have ‘free air’ but in many cases the placing of the pump makes it awkward to pull a car in satisfactorily to use it without significant manoeuvring*. That’s maybe a weak example: there must be better ones – any comments welcome!

*Of course, where the air pump requires payment, it never seems to run quite long enough to top up all four wheels, thus meaning you have to insert another coin. Whether that’s a deliberate trick, or simply a poorly planned timer, or my own sloth, I don’t know.

Privacy International has a report, ‘Dumb Design or Dirty Tricks?‘ on the practice of a number of popular websites – most notably eBay and Amazon – of lacking an easy or obvious way for a user to delete his or her account:

“Amazon provided the most blatant example of companies that refuse to provide account delete facilities… creating an account is relatively simple… However nowhere on the site can a customer actually delete an account. A trawl through all the ‘useful information’ statements (‘customer charter’, ‘privacy notice’ and ‘privacy policy’, ‘security guarantee’ and even ‘sign out from our site’) reveals nothing about closing your account, deleting your personal details, or terminating your relationship with Amazon. Even the site’s search function is useless for this: you can only search for products for purchase, not for information on how to manage your account. In fact, a search for ‘delete account’ even points to advertisements from ‘sponsors’ on how to open bank accounts.”

It is, of course, in no way ‘dumb design’, as the omission and obfuscation is entirely intentional: it is cunning design, frustrating a user’s attempts at exerting control by making it hard to leave. Just look at the efforts another high-profile name goes to for customer retention. It’s another feature deletion example, similar in spirit to, say, disabling the fast-forward button on PVRs.

(It’s unclear exactly what the immediate benefit is to Amazon or eBay to retain customers who want to leave and presumably are not going to be spending any more, except that a bigger customer base allows higher advertising rates, and also, as noted by PI: “The size of an online company’s customer base is a key element of its market value. Maintaining growth of that customer base is therefore a core indicator of their financial worth”; I suppose there is also the likelihood that customers may return at some point, and having an extant account removes one ‘hassle’ barrier to entry.)

PI believes that the absence of an easy account closure mechanism:

“breach[es] key elements of the Data Protection Act. No customer could reasonably be expected to invest the considerable time and effort required to investigate these sites, nor in our view should any responsible company create such obstacles.
…
As a consequence of this research, Privacy International has lodged a complaint with the UK Information Commissioner, requesting a formal investigation. This will be a test complaint, and has been directed at eBay.co.uk, which claims a user base of over ten million UK consumers.”

These are interesting examples of systems being designed to restrict users’ behaviour for commercial reasons, in an – on the face of it – extremely blatant way. There is some difference between a system which requires continuous payment, such as AOL, being designed to be difficult to cancel, and the eBay/Amazon examples, since the user is not locked in to paying a fee every month. But the effect for the locker-in is the same: more customers retained. There are plenty of parallels in designed-in lock-ins from other industries, from cigarettes and ink cartridges to deliberate software incompatability – even in Web 2.0 – and vendor lock-in generally.

I’ve just come across a very interesting new blog, uninnovate.com, which focuses on the phenomenon of “engineering expensive features into a product for which there is no market demand in order to make the product do less.” The first few posts tackle ‘Three legends of uninnovation‘ (the iPod’s copy restrictions, Sony’s mp3-less Walkman, and Verizon’s rent-seeking on Bluetooth features), Microsoft’s priorities (patching DRM flaws vs. security flaws that actually damage users), Amazon’s absurd new Unbox ‘service’ and ‘Trusted’ computing for mobile phones. The perspective is refreshingly clear: no customer woke up wanting these ‘features’, yet companies direct vast efforts towards developing them.

In a sense the ‘uninnovation’ concept is a similar idea to a large proportion of the architectures of control in products I’ve been examining on this site over the last year, especially DRM and DRM-related lock-ins, though with a slightly different emphasis: I’ve chosen to look at it all from a ‘control’ point of view (features are being designed in – or out – with the express intention of manipulating and restricting users’ behaviour, usually for commercial ends, but also political or social).

Uninnovate looks to be a great blog to watch – not sure who’s behind it, but the analysis is spot-on and the examples lucidly explained.

“This is the paradox of social media that has been bothering me lately: an ‘empowering’ media that provides increased opportunities for communication, education and online participation, but which at the same time further isolates individuals and aggregates them into masses —more prone to control, and by extension more prone to discipline.”

Slashdot on ‘A working economy without DRM?’ – same debate as ever, but some very insightful comments

Slashdot on ‘Explaining DRM to a less-experienced PC user’ – I particularly like SmallFurryCreature’s ‘Sugar cube’ analogy

‘The Promise of a Post-Copyright World’ by Karl Fogel – extremely clear analysis of the history of copyright and, especially, the way it has been presented to the public over the centuries

(Via BoingBoing) The Entertrainer – a heart monitor-linked TV controller: your TV stays on with the volume at a usable level only while you keep exercising at the required rate. Similar concept to Gillian Swan’s Square-Eyes

This San Francisco Chronicle review of Giles Slade’s Made to Break: Technology and Obsolescence in America (which I’ve just ordered and look forward to reading and reviewing here in due course) mentions some interesting aspects of built-in (planned) obsolescence – and planned failure – in technology and product design:

“A new machine that does something different (the PC), or adds new capability (cell phone versus land line) or adds new features (cell phones with Internet, etc.) is an obvious incentive for a consumer to replace the old machine. But besides the apparent progress of the new and improved, there are other factors that encourage consumers to buy and rapidly throw away products.

Changes in style (the annual model change adopted by the auto industry being the best-known example) and appeals to status encouraged by massive advertising are major forms of “psychological obsolescence,” specifically designed to create demand for new versions of old and still usable products. But another way of selling new machines at a faster rate is to make sure the old ones break down sooner. This practice of “death-dating” is what most people think of when they hear the term “planned obsolescence.”

…

Slade discovered a much earlier instance in a 1932 pamphlet by real estate broker Bernard London, who was arguing in favor of it [planned obsolescence]. The Depression may seem a weird time to propose that things break down as soon as possible, but London was looking at it from the producer’s standpoint. If people could be induced to replace things sooner, he reasoned, sales and jobs would increase, and the economy would improve. London seemed to want to go so far as to make planned obsolescence a legal requirement.

London wasn’t entirely alone — there were advocates of all kinds of obsolescence to stimulate the 1930s economy. Slade notes several industries where manufacturers knew how to death-date their technologies, usually with less durable materials, and they did so, with the additional excuse of cutting costs and the price.”

The discussion of the US’s mounting levels of electronic waste from rapid replacement cycles contains an intriguing aside:

“Things are likely to get much worse in the near future, thanks to better enforcement of the international ban on exporting hazardous waste expected in coming years ($100 bills taped to the inside of inspected cartons currently help grease this activity, Slade notes), and especially due to the FCC-mandated switch to high definition TV in 2007, which may result in millions of suddenly junked televisions. “This one-time disposal of ‘brown goods’ will, alone, more than double the hazardous waste problem in North America.”

Are artificial, government-mandated fillips to hardware retailers, such as the HDTV switch noted above, or the analogue TV switch-off in the UK, something we should be worried about, both from an environmental point of view, and as members of the public interested in how our governments’ decisions may be ‘influenced’ by certain large businesses?

After all, in the Bernard London case, manufacturing (and R&D and engineering) jobs would have been created or preserved in a time of great need for the US, but in our own age, the millions of new pieces of equipment being shipped from China will provide many fewer direct benefits for the countries whose citizens are cajoled into purchasing them.

See also Feature deletion for environmental reasons and Case study: Optimum Lifetime Products.

Scott Adams recounts an anecdote illustrating the ‘illusion of control’ and how important it is to many people – even to the extent that it is the single defining characteristic of mankind which one might use to explain human behaviour to aliens:

“The maintenance man is moving the thermostat in our office today. I started talking with him about the “Thermostat Wars” [from Dilbert comics]. He told me about one office with 30 women where they could never get the temperature to an agreeable level. At his suggestion they installed 20 dummy thermostats around the office. Everyone was told that each thermostat controlled the zone around itself.

Problem solved. Now that everyone has “control” of their own thermostat there is no problem.”

To what extent is the illusion of control, rather than real control, what most people really want in their products?

Do they care that their personal data may be encrypted and held to ransom by a software company, so long as they feel ‘in control’ in everyday use (e.g. the ability to change the colour scheme)?

And how should designers respond to this issue? Are there any examples of products (other than, say, children’s toys) deliberately designed with fake controls to make the user feel in charge even though he/she isn’t? (Fake solar cell calculators are interesting, but not quite the same issue)

P.S. On the other hand, it’s worth considering the opinion expressed by the Audi A2 owner, that she didn’t find it a disadvantage having to take her Audi to a ‘specialist’ in order to open the bonnet (hood). Is even that basic level of control (being able to see the engine) too much for some people? Is it because, say, a thermostat affects people personally (temperature) whereas a car engine is something dirty, difficult, complex, for someone else to worry about?

I was woken up (along with, I expect, lots of others) at about 5am today by a driver sounding his/her horn in the road outside – an arrogant two-second burst – then another replying (perhaps) with a slightly feeble one-second tone. I don’t know why; there are often a lot of horns during the day as there’s a level crossing which seems to generate a lot of frustration, but there are no trains passing through at 5am. Anyway, I went back to sleep and had various, fitful dreams, but not before thinking that’s where an architecture of control would be useful: a time-related horn interlock function, only allowing use of the horn during hours when it is legal. In the UK, that would be from 7am – 11.30 pm.

But then, waking up properly a couple of hours later, I remembered my earlier thought. And considered that this kind of control wouldn’t be necessary if people were more considerate towards others. If we could rely on people to care about the effects of their actions, there would be no need for quite a lot of the architectures of control discussed on this site, from speed humps to externally controlled speed limiters, and very little argument in favour of them.

As it is, my modified, awake, more alert opinion is that a society where people take responsibility for what they do is better than one where some external agency takes that responsibility away from them. Or, at least, I don’t want to live in that latter type of society, because I don’t want any control taken away from me, even if I have to put up with some idiots.

“This is an economic limit on privacy violation by companies, owing to the liability of having too much information about (or control over) users.”

It’s the “control over users” that immediately makes this something especially relevant for designers and technologists to consider: that control is designed, consciously, into products and systems, but how much thought is given to the extremes of how it might be exercised, especially in conjunction with the wealth of information that is gathered on users?

“Liability can come from various sources… [including]

Vicarious infringement liability.

Imagine: you write a music player (like iTunes) that can check the Internet when I place a CD in my computer. You decide to collect this data for market research. Now the RIAA discovers that this data can also identify unauthorized copies. Can they compel you to hand over data on user listening habits?

Your company is liable for vicarious infringement if (1) infringement happens, (2) you benefit from it, and (3) you had the power to do something about it—which I assume includes reporting the infringement. So now you are possibly liable because you have damning information about your users. This also applies to DRM technologies that let you restrict users.

Note that you can’t solve this problem simply by adopting a policy of only keeping the data for 1 month, or being gentle and consumer-friendly with your DRM. The fact is, you have the architecture for monitoring and/or control, and you may not get to choose how you use it.

Other sources of liability described include: being drawn into criminal investigations based on certain data which a company or other organisation may have – or be compelled to obtain – on its users; customers suing in relation to the leaking of supposedly private data (as in the AOL débâcle); and “random incompetence”, e.g. an employee accidentally releasing data or arbitrarily exercising some designed-in control with undesirable consequences.

Scott goes on:

“Okay, so there is a penalty to having too much knowledge or too much control over customers. What should companies do to stay beneath this ceiling?

1. Design an architecture for your business/software that naturally prevents this problem.

It is much easier for someone to compel you to violate users’ privacy if it’s just a matter of using capabilities you already have. Mind, you have to convince a judge, not a software engineer, that adding monitoring or control is difficult. But you have a better shot in court if you must drastically alter your product in order to give in to demands.

…

2. Assume you will monitor and control to the full extent of your architecture. In fact, don’t just assume this, but go to the trouble to monitor or control your users.

Why? Because in an infringement lawsuit you don’t want to appear to be acting in bad faith… if you have the ability to monitor users and refuse to use it, you’re giving ammunition to a copyright holder who accuses you of inducement and complicity.

…

But … the real message is that you should go back to design principle 1. If you want to protect users, think about the architecture; don’t just assume you can take a principled stand not to abuse your own power.

The third principle is really a restatement of the first two, but deserves restating:

3. Do not attempt to strike a balance.

Do not bother to design a system or business model that balances user privacy with copyright holder demands. All this does is insert an architecture of monitoring or control, for later abuse. In other words, design an architecture for privacy alone. Anything you put in there, under rule #2, will one day be used to its full extent.

I have seen many many papers over the years, in watermarking tracks, proposing an end-to-end media distribution system balancing DRM with privacy. Usually, the approach is that watermarks are embedded in music/movies/images by a trusted third party, the marks are kept secret from the copyright holder, and personal information is revealed only under specific circumstances in which infringement is clear. This idea is basically BS. Your trusted third party does not have the legal authority to decide when to reveal information. What will likely happen instead: if a copyright holder feels infringement is happening, the trusted third party will be liable for vicarious infringement.“

Summing it up: any capability you design into a product or system will be used at some point – even if you are forced to use it against the best interests of your business. So it is better to design deliberately to avoid being drawn into this: design systems not to have the ability to monitor or control users, and that will keep you much safer from liability issues.

The privacy ceiling concept – which Scott is going to present in a paper along with Lorrie Cranor and Janice Tsai at the ACM DRM 2006 workshop – really does seem to have a significant implications for many of the architectures of control examples I’ve looked at on this site.

For example, the Car Insurance Black Boxes mostly record mileage and time data to allow insurance to be charged according to risk factors that interest the insurance company; but the boxes clearly also record speed, and whether that information would be released to, say, law enforcement authorities, if requested, is an immediate issue of interest/concern.

Looking further, though, the patent covering the box used by a major insurer mentions an enormous number of possible types of data that could be monitored and reported by the device, including exact position, weights of occupants, driving styles, use of brakes, what radio station is tuned in, and so on. Whether any insurance company would ever implement them, of course, is another question, and it would require a lot tighter integration into a vehicle’s systems; nevertheless, as Scott makes clear, whatever possibilities are designed into the architecture, will be exploited at some point, whether through pressure (external or internal) or incompetence.

I look forward to reading the full paper when it is available.

Via Dave Farber’s Interesting People, a brief New Scientist article outlines Sony’s continuing obsession with restricting and controlling its customers (the last one didn’t go too well):

“A patent filed by Sony last week suggests it may once again be considering preventing consumers making “too many” back-up copies of its CDs…

Sony’s latest idea is to place a piece of monitoring hardware inside the CD. Its patent suggests embedding a radio-frequency ID chip that could be interrogated wirelessly by a PC or CD player. The chip would record the number of times the disc was copied and prevent further recordings once it reached the limit. The device could also be fitted to DVDs. Whether Sony will turn the patent idea into reality remains to be seen.”

Of course this will require new CD players and CD-ROM drives with the ability to read, write to and act on the signal from the RFID chip – which means its impact may not be very significant.

It’s not clear whether the “permitted” copies have to be made onto “chipped” Sony-authorised discs (otherwise the technology seems rather pointless, as people will just make copies of the un-protected copies instead of repeated copies of the original) – if this is the case, then is this not just a sly “razor blade model” or “PRM” (in Ed Felten’s phrase) attempt to make Sony CD-writers require the purchase of Sony chipped blank CDs in order to copy music?

And would this break the Orange Book standard for CD-Rs?

At Freedom to Tinker, Ed Felten has posted a summary of a talk he gave at the Usenix Security Symposium, called “DRM Wars: The Next Generation”. The two installments so far (Part 1, Part 2) trace a possible trend in the (stated) intentions of DRM’s proponents, from it being largely promoted as a tool to help enforce copyright law (and defeat ‘illegal pirates’) to the current stirrings of DRM’s being explicitly acknowledged as a tool to facilitate discrimination and lock-in — and the apparent ‘benefits of this’:

“First, they argue that DRM enables price discrimination — business models that charge different customers different prices for a product — and that price discrimination benefits society, at least sometimes. Second, they argue that DRM helps platform developers lock in their customers, as Apple has done with its iPod/iTunes products, and that lock-in increases the incentive to develop platforms.

Interestingly, these new arguments have little or nothing to do with copyright. The maker of almost any product would like to price discriminate, or to lock customers in to its product. Accordingly, we can expect the debate over DRM policy to come unmoored from copyright, with people on both sides making arguments unrelated to copyright and its goals.”

As noted by some of the commenters, that unmooring also unmoors the DRM debate from being presented as an ‘honest content providers vs illegal pirating freeloaders’ one. Price-fixing, lock-ins and so on are difficult to defend, and I find it hard to think of convincing examples where “price discrimination benefits society” or “lock-in increases the incentive to develop platforms”. If customers are locked in to a platform, there is no incentive to innovate for the locker-in, and much higher barriers for competitors to draw them away. Path dependency is rarely good for companies, and rarely good for society, and lock-ins would seem to be a major contributor to path dependency. The argument that “Apple wouldn’t have developed the iPod (and the record companies wouldn’t have let Apple develop iTunes) if DRM didn’t exist to lock customers in” is specious: there were plenty of portable music players before they came on the scene, and surely most 40GB music iPods were always intended to be largely filled with music acquired from somewhere other than iTunes.

Ed goes on to talk about the trend “toward the use of DRM-like technologies on traditional physical products.” (Long-term followers – if any! – of my research might remember this is very similar to the phrase “Architectures of control: DRM in hardware” which Cory Doctorow used to link to my original web-page on the subject), and uses the example of printer cartridge lock-ins (see also here):

“A good example is the use of cryptographic lockout codes in computer printers and their toner cartridges. Printer manufacturers want to sell printers at a low price and compensate by charging more for toner cartridges. To do this, they want to stop consumers from buying cheap third-party toner cartridges. So some printer makers have their printers do a cryptographic handshake with a chip in their cartridges, and they lock out third-party cartridges by programming the printers not to operate with cartridges that can’t do the secret handshake.

Doing this requires having some minimal level of computing functionality in both devices (e.g., the printer and cartridge). Moore’s Law is driving the size and price of that functionality to zero, so it will become economical to put secret-handshake functions into more and more products. Just as traditional DRM operates by limiting and controlling interoperation (i.e., compatibility) between digital products, these technologies will limit and control interoperation between ordinary products. We can call this Property Rights Management, or PRM.”

Not too sure about that term myself, as I feel the affordances the technology is controlling are moving further and further away from actual ‘rights’. DRM is bad enough as a catch-all term for technology which in many cases is denying users rights they may legally hold in some countries (e.g. fair use or backup copies). I think “technology lock-ins” or “technology razor-blade models” might be a more descriptive label than ‘PRM’. (Or ‘architectures of control’, of course, but my definition of these is much broader than simply lock-ins).

Ed gives three examples of possible future extensions of technology lock-ins, none of which seem at all unlikely; in fact they’re all easily possible right now:

“(1) A pen may refuse to dispense ink unless it’s being used with licensed paper. The pen would handshake with the paper by short-range RFID or through physical contact.

(2) A shoe may refuse to provide some features, such as high-tech cushioning of the sole, unless used with licensed shoelaces. Again, this could be done by short-range RFID or physical contact.

(3) The scratchy side of a velcro connector may refuse to stick to the fuzzy size unless the fuzzy side is licensed. The scratchy side of velcro has little hooks to grab loops on the fuzzy side; the hooks may refuse to function unless the license is in order [hence my photo at the top of this post! - Dan] For example, Apple could put PRMed scratchy-velcro onto the iPod, in the hope of extracting license fees from companies that make fuzzy-velcro for the iPod to stick to.

Will these things actually happen? I can’t say for sure. I chose these examples to illustrate how far PRM might go. The examples will be feasible to implement, eventually. Whether PRM gets used in these particular markets depends on market conditions and business decisions by the vendors. What we can say, I think, is that as PRM becomes practical in more product areas, its use will widen and we’ll face policy decisions about how to treat it.”

The comments on both posts (Part 1 | Part 2) go into some extremely interesting discussion of the ideas and examples, with the ‘pen/licensed paper’ one being conclusively noted as ‘baked’ with Bill Higgins explaining the Anoto* technology.

(*And no, I don’t think the “www.anotofunctionality.com” of that link is deliberately in the same league as “www.powergenitalia.com,” “www.expertsexchange.com,” etc, but it’s still oddly apposite given the “no to functionality” with which so many lock-ins shed users when they’re fed up with paying over the odds for replacement parts.)

I look forward to the third part of Ed’s talk summary: this is a fascinating area of discussion which is central to much of the ‘architectures of control’ phenomenon.

“Many of us, who may find ourselves arguing based on public reasons for public policies that protect the freedom to tinker, also have a private reason to favor such policies. The private reason is that we ourselves care more about tinkering than the public at large does, and we would therefore be happier in a protected-tinkering world than the public at large would be.”

Many of the comments – and those on the follow-up post – look in more detail at the legal issues, with some very interesting analogies to freedom of expression and points made about the impact on innovation – which benefits everyone – when power users are prevented from innovating.

I felt I had to comment, since this is an issue central to the architectures of control research; here’s what I said:

“I think I’d ask the question, “Even if it becomes illegal to tinker with a device, what is there to to stop someone doing it?”

If it is purely the fear of getting caught, then tinkering will be stifled, to some extent. But power users will form groups just as they do now, and some tinkering will still go on. (If the tinkering is advanced enough, it will be too difficult for law enforcement to detect/understand it anyway).

At present much file-sharing activity is illegal, but it still goes on in vast quantities. The fear of getting caught is a major retardation to that activity, I’d suggest; there may also be an ethical component to the decision in many people’s minds. They’re told it’s analogous to stealing a CD from a store, and they believe or are persuaded, partially at least, by that. It seems immoral or unethical.

But does anyone seriously believe that tinkering with devices is unethical? (There are probably a few people who do, e.g. ZDNet’s Adrian Kingsley)

Tinkering with devices will never seem immoral or unethical to the vast majority of the public, hence the only barriers to stop them doing it are a) fear of getting caught and b) lack of knowledge or desire. Most people don’t bother tuning up their cars or tinkering with their computers, even though they could.

Power users do, and in a future where tinkering is illegal, it will again only be power users who do it, and fear of getting caught will be the only reason for not doing it.

So what about this fear of getting caught? How likely is it that one’s modifications or tinkering will be detected by some kind of enforcement agency? The only way I can see that this could be carried out in any kind of systematic way would be if observation/reporting devices were embedded in every product, e.g. every PC reporting home every few hours to squeal if it’s been modified.

But we already have that! Or at least we will soon, and therefore it seems irrelevant whether or not it becomes illegal to tinker with devices. If every computer is ‘trusted’ and spies and reports on its user’s behaviour, whether it reports to Microsoft or a Federal Anti-Tinkering Agency is, perhaps, beside the point.

Architectures to prevent or stifle tinkering can be designed into products and technologies whether or not there is a law requiring them. The user agrees to
have his/her behaviour and interactions monitored and controlled by the act of purchasing the device.

Even if the law went the other way, and there were a legally guaranteed right to tinker, all that would happen is that manufacturers will make it more difficult
to do so by the design of products. Hoods (bonnets) would start to be welded shut, in Cory Doctorow’s phrase, (the Audi A2 already has this, sort of), backed up by stringent warranty provisions. You might have a right to tinker with your device, but no law is going to compel the manufacturers to honour the warranty if you do so.

This, I think, is the crucial issue: the points Lessig makes about the designed structure of the internet, the code, superseding statute law as the dominant shaper of behaviour in the medium, apply just as strongly to technology hardware. Architectures of control in design will control users’ behaviour, however the laws themselves evolve.”

From the Sunday Times, ‘Standby buttons face axe to curb energy waste’:

“Ministers want to do away with the standby buttons that allow [users] to flick their TVs and other electronic gadgets on and off while moving barely a muscle…

Figures… show that gadgets left unnecessarily on standby or connected to chargers squander electricity worth £740m each year and are responsible for 4m tonnes of excess carbon dioxide emissions each year.

The biggest culprits are not televisions but stereo systems, responsible for £290m of wasted energy, followed by video recorders, £175m, televisions, £88m, games consoles, £70m, computer monitors, £41m, DVD players, £19m, and set-top boxes, £11m. Mobile phone chargers left plugged in unnecessarily waste £47m of electricity each year, enough to supply 66,000 homes.

The government has rejected one proposal, from the energy company Scottish Power, that standby buttons on existing electrical products be removed or disabled. But it will work with manufacturers to ‘design out’ standby buttons from new products… One likely recommendation for some products is that they be designed to switch themselves off.”

This seems a fairly sensible application of control within the design process, with the ‘feature deletion’ being done to fulfil socially beneficial intentions rather than purely commercial ones. The less energy devices use, the less money the customer spends on electricity, as well as reducing the environmental impact.

Nevertheless, there are millions of people for whom a standby button is a very useful – or even essential – design feature. If you’re confined to bed, or a static chair for most of your day, whether through disability, long-term illness or simply age, that remote control button (on the TV, radio or even the room lighting) is a godsend. One would hope that from an inclusive design point of view, there will still be such devices available, and – if I’m honest – I think they should still be available to everybody, if desired. There should be no need to ‘prove’ disability in order to buy a TV with a remote control standby function.

An alternative is, of course, a remote control/standby system that doesn’t use anywhere near so much power when the device is on standby. A clever range of current-limiting gang sockets are already available which detect the amount of current a device actually needs to draw when on standby, and limits that which it can draw to precisely that. Alternatively, we might design products so the ‘standby’ signal from the remote control is intercepted by an entirely separate, DC circuit, maybe battery-powered and drawing a minuscule current, which then switches the mains on and off using a relay when required.

The government proposals are – on the face of it – largely a rare case of a ‘win-win’ architecture of control (see diagram), though of course we need to consider the effects of the manufacture and distribution of so many millions more products (and probably, the disposal of the old ones). If we argue that this would have happened anyway (which is surely true) then the effect will be better than if the replacement devices had no environmental considerations going into their design, but this is the kind of situation where a full life-cycle analysis would be very useful.

See also Case study: Optimum lifetime products.