Technical protection measures :: Architectures of Control

Digital control round-up

Published February 11th, 2008 in Arbitrary, Architectures of Control, Business model, Censorship, Civil rights, Control, DRM, Design, Design philosophy, Digital rights, Discrimination, Do artifacts have politics?, Dongle, Indoctrination, Internet economics, Lock-in, Monopoly, Patents, Philosophy of control, Political design, Restriction, Software, Technical protection measures and Technology underclass. 1 Comment

An 'Apple' dongle

Mac as a giant dongle

At Coding Horror, Jeff Atwood makes an interesting point about Apple’s lock-in business model:

It’s almost first party only– about as close as you can get to a console platform and still call yourself a computer… when you buy a new Mac, you’re buying a giant hardware dongle that allows you to run OS X software.
…
There’s nothing harder to copy than an entire MacBook. When the dongle — or, if you prefer, the “Apple Mac” — is present, OS X and Apple software runs. It’s a remarkably pretty, well-designed machine, to be sure. But let’s not kid ourselves: it’s also one hell of a dongle.

If the above sounds disapproving in tone, perhaps it is. There’s something distasteful to me about dongles, no matter how cool they may be.

Of course, as with other dongles, there are plenty of people who’ve got round the Mac hardware ‘dongle’ requirement. Is it true to say (à la John Gilmore) that technical people interpret lock-ins (/other constraints) as damage and route around them?

Screenshot of Mukurtu archive website

Social status-based DRM

The BBC has a story about the Mukurtu Wumpurrarni-kari Archive, a digital photo archive developed by/for the Warumungu community in Australia’s Northern Territory. Because of cultural constraints, social status, gender and community background have been used to determine whether or not users can search for and view certain images:

It asks every person who logs in for their name, age, sex and standing within their community. This information then restricts what they can search for in the archive, offering a new take on DRM.
…
For example, men cannot view women’s rituals, and people from one community cannot view material from another without first seeking permission. Meanwhile images of the deceased cannot be viewed by their families.

It’s not completely clear whether it’s intended to help users perform self-censorship (i.e. they ‘know’ they ’shouldn’t’ look at certain images, and the restrictions are helping them achieve that) or whether it’s intended to stop users seeing things they ’shouldn’t', even if they want to. I think it’s probably the former, since there’s nothing to stop someone putting in false details (but that does assume that the idea of putting in false details would be obvious to someone not experienced with computer login procedures; it may not).

While from my western point of view, this kind of social status-based discrimination DRM seems complete anathema - an entirely arbitrary restriction on knowledge dissemination - I can see that it offers something aside from our common understanding of censorship, and if that’s ‘appropriate’ in this context, then I guess it’s up to them. It’s certainly interesting.

Neverthless, imagining for a moment that there were a Warumungu community living in the EU, would DRM (or any other kind of access restriction) based on a) gender or b) social status not be illegal under European Human Rights legislation?

Disabled buttons Disabling buttons

From Clientcopia:

Client: We don’t want the visitor to leave our site. Please leave the navigation buttons, but remove the links so that they don’t go anywhere if you click them.

It’s funny because the suggestion is such a crude way of implementing it, but it’s not actually that unlikely - a 2005 patent by Brian Shuster details a “program [that] interacts with the browser software to modify or control one or more of the browser functions, such that the user computer is further directed to a predesignated site or page… instead of accessing the site or page typically associated with the selected browser function” - and we’ve looked before at websites deliberately designed to break in certain browers and disabling right-click menus for arbitrary purposes.

Destroy everything you touch

Published November 19th, 2007 in Architectures of Control, Art making a point, Design, Design philosophy, Designed to be unpleasant, Designed to injure, Designers, Do artifacts have politics?, Embedding code, Interaction design, Intrusive technology, Non-lethal weapons, Philosophy of control, Sneaky and Technical protection measures. 0 Comments

The sandpaper cover of Debord's Memoires. Images from eBay

We can’t help but be familiar with the concept of ‘malicious code’ in the context of computer security and programming, but in general the idea of products or technology which, as they’re used, sabotage or degrade the performance of a ‘rival’, is intriguing and not well-explored. Scott Craver’s Underhanded C contest is a fascinating example from the ‘white hat’ side of the fence; Microsoft’s use of deliberately targeted style sheets on MSN.com to degrade Opera’s performance is another; and the CIA’s alleged planting of software bugs in Russian pipeline control software is a third. The Sony DRM rootkit might also fall into this category (as would this!)

But on a much more concrete level, we have this playful example: Memoires by Guy Debord, psychogeographer and Situationist, was originally published with a rough sandpaper cover:

Memoires was written, or rather assembled, by Guy Debord and Asger Jorn in 1957. Debord himself often referred to Memoires as an anti-book, and the original edition was bound in sandpaper, that it might destroy other books. The text is entirely composed of fragments taken from other texts: photographs, advertisements, comic strips, poetry, novels, philosophy, pornography, architectural diagrams, newspapers, military histories, wood block engravings, travel books, etc. Each page presents a collage of such materials connected or effaced by Jorn’s structures portantes, lines or amorphous painted shapes that mediate the relationships between the fragments.

(from an article by David Banash)

Debord's Memoires. Images from eBay

And from this article by Christian Nolle:

The book is most famous for its sandpaper cover. An auto-destruction feature that enabled it to damage not only the book it might be standing next to in the bookshelf, but also the person who would be reading it. An anti-book to destroy all other books.

Permild writes: “Long had he [Jorn] asked me, if I couldn’t find a unconventional material for the book cover. Preferably some sticky asphalt or perhaps glass wool. Kiddingly, he wanted, that by looking at people, you should be able to tell whether or not they had had the book in their hands. He acquiesced by my [Permild’s] final suggestion: sandpaper (flint) nr. 2: ‘Fine. Can you imagine the result when the book lies on a blank polished mahogany table, or when it’s inserted or taken out of the bookshelf. It plans shavings of the neighbours desert goat [?]’.

In all the literature that I have located, Debord is the person who is refered to as the inventor of the sandpaper cover. However, as it turns out Debord had nothing to do with it… Permild continues, «Asger loved - as he often expressed it, to place small time controlled bombs». This was certainly a bomb. A bomb invented by the printer, whose job is normally of a technical nature. The sandpaper cover was a really good idea, but practically it never managed to practice what it preached. It did, however, make its readers conscious about handling it or where to place it.

One the other hand, Memoires placed itself on a shelf among precious object, something to be handled with great care… The American Hakem Bey did something similar in the 1970s. In homage to Guy Debord, Bey made a book with sandpaper on the inside. This way he rendered the book into auto-destruct mode if you would ever dare to read it. A potential bomb to go off if you would open it. Memoires, on other hand is a bomb, not a potential bomb. No matter how you would handle it, there was always the danger that it could damage your precious collection of 1920s French poetry.

The photos above come from this French eBay listing - the copy on sale reached €3,810.

Biting Apple

Published September 28th, 2007 in Apple, Architectures of Control, Bad design, Bad profits, Blogosphere, Business model, Cell phones, Circumvention, Consumer rights, Design, Design attitudes, Design philosophy, Designed to be unpleasant, Digital rights, Distasteful corollary, Embedding code, Entropy, Feature deletion, Firmware, Freedom to tinker, Gadgets, Interaction design, Intrusive technology, Lock-in, Mobile phones, Philosophy of control, Rent-seeking, Reverse engineering, Sneaky, Software, Technical protection measures, Technology policy, Treacherous computing, Usability, User experience, Your property and iPhone. 6 Comments

BBC News headline, 28 September 2007

Interesting to see the BBC’s summary of the current iPhone update story: “Apple issues an update which damages iPhones that have been hacked by users”. I’m not sure that’s quite how Apple’s PR people would have put it, but it’s interesting to see that whoever writes those little summaries for the BBC website found it easiest to sum up the story in this way. This is being portrayed as Apple deliberately, strategically damaging the phones, rather than an update unintentionally causing problems with unlocked or modified phones.

Regardless of what the specific issue is here, and whether unmodified iPhones have also lost functionality because of some problem with the update, can’t we just strip out all this nonsense? How many people who wanted an iPhone also wanted to be locked in to AT&T or whatever the local carrier will be in each market? Anyone? Who wants to be locked in to anything? What a waste of technical effort, sweat and customer goodwill: it’s utterly pathetic.

This is exactly what Fred Reichheld’s ‘Bad profits’ idea calls out so neatly:

Whenever a customer feels misled, mistreated, ignored, or coerced, then profits from that customer are bad. Bad profits come from unfair or misleading pricing. Bad profits arise when companies save money by delivering a lousy customer experience. Bad profits are about extracting value from customers, not creating value.

…

If bad profits are earned at the expense of customers, good profits are earned with customers’ enthusiastic cooperation. A company earns good profits when it so delights its customers that they willingly come back for more—and not only that, they tell their friends and colleagues to do business with the company.

…

What is the question that can tell good profits from bad? Simplicity itself: How likely is it that you would recommend this company to a friend or colleague?

If your iPhone’s just turned into the most stylish paperweight in the office, are you likely to recommend it to a colleague?

More to the point, if Apple had moved - in the first place - into offering telecom services to go with the hardware, with high levels of user experience and a transparent pricing system, how many iPhone users and Mac evangelists wouldn’t have at least considered changing?

On the level

Published August 24th, 2007 in Architectures of Control, Black box, Business model, Cell phones, Circumvention, Consumer rights, Design, Design engineering, Design philosophy, Embedding code, Engineering, Engineering design, Gadgets, Interaction design, Intrusive technology, Mistake-proofing, Mobile phones, Packaging design, Product design, Rent-seeking, Sneaky, Technical protection measures and User experience. 2 Comments

Patent image of Tilt sensor
A tilt-detector from this 1984 US patent, with intended application on a packing box.

The liquid detection stickers in mobile phones, which allow manufacturers and retailers to ascertain if a phone has got wet, and thus reject warranty claims (whether judiciously/appropriately or not), seem to be concerning a lot of people worldwide. Around a quarter of this site’s visitors are searching for information on this subject, and the comments on last October’s post on the subject contain a wealth of useful experience and advice.

This current thread on uk.legal.moderated goes into more depth on the issue, and how the burden of proof works in this case (at least in the UK). While informed opinion seems to be that the stickers will only change colour when actual liquid is present within the phone, rather than mere moisture or damp, this may well include condensation forming within the casing, as well as the more obvious dropping-of-phone-into-puddle and so on. The main point of contention seems to be that the sticker may change colour (perhaps gradually) and the phone continue working perfectly, but when an unrelated problem occurs and the phone is taken in for repairs under warranty, the presence of the ‘voided’ sticker may be used as a universal warranty get-out even if the actual problem is something different.

Tilt detection
Along these lines, one of the posts tells of a similarly interesting design tactic - tilt-detectors on larger hardware:

30 years in the IT industry and associated customer service tells me they are trying it on and most people buy it. In the olden days, hardware used to come with a similar red dot system indicating the kit had been tilted more than 45 degrees and the manufacturers claimed the kit could not be installed and had to be written off.

Of course, 99.9% of the time the kit was fine, but they had a get-out from a warranty claim or so they thought. When the buyers tried to claim on their insurance or against the transport companies insurers the loss adjusters got involved and invariably the kit was installed and worked fine for years rather than the insurers paying out.

In some cases, of course, tilt-detectors were (are still?) necessary in this role. A piece of equipment with multiple vertically cantilevered PCBs laden with heavy components - relays, for example - might well be damaged if the PCBs were tilted away from the vertical. Certainly some devices with small moving coil components would seem as though they may be damaged by being turned upside down, for example. (Do the ultra-fine damper wires on an aperture-grille CRT monitor such as a Trinitron need to be kept in a particular orientation when handling the monitor?)

This patent, published in 1984, from which the above images were extracted, describes an especially clever ‘interlock’ system using two liquid-based detectors arranged so that if the device/package is tilted and then tilted back again, the second detector will then be triggered:

…it is desirable that the tilt detectors not be resettable. In particular, it must be possible to combine a package with at least a pair of the tilt detectors such that attempting to reset one would cause the other to be tilted beyond its pre-determined maximum angle so that the total combination would always afford an indication that the tilt beyond that allowed had been effected.

This is something of a poka-yoke - but as with the phone liquid-detection stickers, it’s being used to detect undesirable customer/handler behaviour rather than actually to prevent it happening. Other than making a package too heavy to tilt, I am not sure exactly how we might design something which actually prevents the tilting problem, aside from rectifying the design problem which makes tilting a problem in the first place (even filling the airspace in the case with non-conductive, low-density foam might help here).

But there’s certainly a way the tilt-detector could be improved to help and inform the handler rather than simply ‘condemn’ the device. For example, it could let out an audible alarm if the package or device is tilted, say, 20 degrees, to allow the handler to rectify his or her mistake before reaching the damaging 45 degrees, whilst still permanently changing colour if 45 degrees is reached. In the long run, it would probably help educated users about how to handle the device rather than just ‘punishing’ them for an infraction. I’m sure that mercury-switch (or whatever the current non-toxic equivalent is) alarms have been used in this way (e.g. on a vending machine), but how often are they used to help the user rather than alert security?

The patent description goes on to mention using tamper-evident methods of attaching the detectors to the device or packaging - this is another interesting area, which I am sure we will cover at some point on the blog.

Dishonourable discharge?

Published August 7th, 2007 in Architectures of Control, Bad profits, Business model, Cell phones, Consumer rights, DRM, Design, Design engineering, Design philosophy, Embedding code, Engineering design, Gadgets, Hidden persuaders, Intrusive technology, Lock-in, Mobile phones, Monopoly, Product design, Razor blade model, Rent-seeking, Sneaky, Technical protection measures, Techniques of persuasion, Treacherous computing, User experience and Your property. 4 Comments

Nokia phone with battery visible

Long overdue, I’m currently reading Bruce Schneier’s excellent Beyond Fear, and realising that in many ways, security thinking overlaps with architectures of control: the goal of so many systems is to control users’ behaviour or to deny the user the ability to perform certain actions. I’ll post a fuller comparison and analysis in due course, but one example Bruce mentions in passing seemed worth blogging separately:

Nokia spends about a hundred times more money per phone on battery security than on communications security. The security system senses when a consumer uses a third-party battery and switches the phone into maximum power-consumption mode; the point is to ensure that consumers buy only Nokia batteries.

Nokia is prepared to spend a considerable amount of money solving a security problem that it perceives - it loses revenue if customers buy batteries from someone else - even though that solution is detrimental to consumers.

As a battery authentication method, this is more subtle than the systems we’ve looked at before, which actually refuse to allow the device to operate if a non-original-manufacturer battery (or perhaps charger) is used.

Nokia’s system attempts to persuade the customer that the new (cheaper) battery he or she has bought is “no good” by making the phone discharge the battery more quickly - in an extremely underhanded way. From the point of view of the (uninformed) consumer, though, it makes Nokia look good. “Oh, that cheap battery I bought is rubbish, it doesn’t seem to hold its charge. Nokia make them so much better, guess I should stick to them in future.”

But if the Nokia batteries were genuinely ‘better’ than the cheap replacement ones, surely this kind of underhanded tactic wouldn’t be necessary?

P.S. I have no idea whether this Nokia ‘trick’ is real/common/still used, as Beyond Fear has no references, or whether other manufacturers do something similar (as opposed to outright battery authentication-and-denial). I’ll ask a friend at Nokia.

P.P.S. Jason Kottke also noted this tactic back in 2003.

About this blog | Blog archives

What are Architectures of Control?

Audi A2 : The user cannot open the bonnet; Bench designed to prevent lying down: 'redesigned to face contemporary urban realities'; Some HP printers shut down the cartridges at a pre-determined date regardless of whether they are empty

Increasingly, many products are being designed with features that intentionally restrict the way the user can behave, or enforce certain modes of behaviour. The same intentions are also evident in the design of many systems and environments.

This site aims—with readers’ input—to examine and analyse the ideas and techniques of these architectures of control in design, through examples and anecdotes, and by keeping up-to-date with relevant developments... More