Posts tagged as:

The Costs of SSL Encryption for Webmail & Other Cloud Services

by on June 16, 2009 · 23 comments

Internet policy Shame Artist extraordinaire Chris Soghoian has struck again! Chris recently shamed the online advertising industry into improving their privacy practices with his Targeted Advertising Cookie Opt-Out (TACO) plug-in for Firefox. Now Chris has set his sight on the security practices of cloud service providers.

A letter released this morning, signed by 37 leading online security experts (and organized by Chris), calls on Google to offer persistent SSL (HTTPS) encryption by default for all Google servicesor at the very least, to make more visible the option currently given to users to opt-in to use SSL for all communications. Google, in its response, indicated that it was already “looking into whether it would make sense to turn on HTTPS as the default for all Gmail users.”

While Google’s response identifies some clear problems with implementing persistent SSL for all users (esp. connection speed), few would deny that it makes sense for webmail providers to encrypt all traffic using SSL, rather than sending email data “in the clear,” which risks interception by hackers. We at PFF hold no brief for Google, in fact we have found ourselves disagreeing with them on many other occasions on a range of issues (most notably net neutrality mandates). Nonetheless, on this front, Google has long been a leader, having offered SSL since Gmail launched and having begun providing the persistent HTTPS option last summer while most of their competitors still use SSL only for the initial authentication that occurs when a user first signs in. While the letter focuses on Google and webmail in particular, this issue has far broader implications for all online cloud service providers.

No Free Lunch: The Costs of Encryption Gmail, Yahoo! Mail, Hotmail, etc. are, of course, “free” ( i.e., ad-supported). Google in particular has lead the way in increasing the functionality offered in Gmail, not just constantly increasing the total storage space provided to every user (now over 7GB), but regularly adding innovative new features—at no charge to users. Continue reading →

SHARE: 23 comments

European Regulators Think Consumers Too Stupid to Know How to Download a Different Browser

by on June 11, 2009 · 30 comments

According to Ina Fried of CNet News, Microsoft plans to remove its Internet Explorer web browser from the new versions of Windows 7 when it ships it in Europe later this year. [Additional coverage at ZDNet.]  MS is apparently doing so to assuage the concerns of EU antitrust officials, who have been obsessed with the company for the past decade. [Update: Here is MS official announcement.]

Apparently, European officials think their citizens are too stupid to find an alternative browser.  I mean, seriously, how hard is it?  Does the competition lack name recognition such that consumers can’t find them?  Hmmm… Google and Apple seem to be pretty well known brands, and their browsers (Chrome & Safari) are pretty easy to find.  And then there’s Mozilla’s Firefox browser (my PC favorite) and Opera (my mobile phone favorite), which are outstanding browsers. [Incidentally, Firefox already has 31% share of the European market.]

OK, OK, the regulators might say, but these competitors are just too expensive!  Uh, no, wait… every one of them is free. So, strike that theory.

Well, the regulators need another theory then. How about illegal tying of products and services! You know, there’s only certain sites or services you can use with IE, right?   Nope, that theory doesn’t work either.  And does anyone believe that MS could really tie OS functionality to the use of IE? How long would the world tolerate Outlook e-mails or Word documents that only allowed linking to URLs via IE??  Come on.

OK, any other theories left? Not that I can think of. Which brings us back to the only theory the Euro-crats have left: people are sheep. They’ll take whatever MS bundles into the OS free, you see, and they will use it more than they use competing products.  Thus, we regulators have to save them from their own stupidity! The masses just don’t know what’s good for them!  These free, integrated services are harming them! And, therefore, the only remaining solution is to kill innovation by crippling functionality and removing the free offering. That’s pro-consumer! … or so say the European antitrust bureaucrats.

Meanwhile, back in the real world, a whole lotta innovation continues to take place. But shhhh.. don’t tell the Euro-crats. They need a company to pick on. Welcome to the Theater of the Techno-Absurd.

SHARE: 30 comments

First Amendment Protection of Search Algorithms as Editorial Discretion

by on June 4, 2009 · 34 comments

Cory Doctorow has called for a Wikipedia-style effort to build an open source, non-profit search engine. From his column in The Guardian:

What’s more, the way that search engines determine the ranking and relevance of any given website has become more critical than the editorial berth at the New York Times combined with the chief spots at the major TV networks. Good search engine placement is make-or-break advertising. It’s ideological mindshare. It’s relevance… It’s a terrible idea to vest this much power with one company, even one as fun, user-centered and technologically excellent as Google. It’s too much power for a handful of companies to wield. The question of what we can and can’t see when we go hunting for answers demands a transparent, participatory solution. There’s no dictator benevolent enough to entrust with the power to determine our political, commercial, social and ideological agenda. This is one for The People. Put that way, it’s obvious: if search engines set the public agenda, they should be public.

He goes on to claim that “Google’s algorithms are editorial decisions.”   For Doctorow, this is an outrage: “so much editorial power is better vested in big, transparent, public entities than a few giant private concerns.”

I wish Doctorow well in his effort to crowdsource a Google-killer, but I’m more than a little skeptical that anyone would actually want to use his search engine of The People.  My guess is that, like most things produced in the name of “The People” (Soviet toilet paper comes to mind), it will probably won’t be much fun to use, and will likely chafe noticeably. (For the record, I love and regularly use Wikipedia; I just don’t think that model is unlikely to produce a particularly useful search engine.  As Doctorow himself has noted of Google, “they make incredibly awesome search tools.”)

But I’m glad to see that Doctorow has conceded an important point of constitutional law: The First Amendment protects the editorial discretion of search engines, like all private companies, to decide what to content to communicate.  For a newspaper, that means deciding which articles or editorials to run.  For a library or bookstore, it means which books to carry.  For search engines, it means how to write their search algorithims. Continue reading →

SHARE: 34 comments

COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech

by on May 24, 2009 · 33 comments

Adam Thierer & I have just released a detailed examination (PDF) of brewing efforts to expand the Children’s Online Privacy Protection Act of 1998 to cover adolescents and potentially all social networking sites—an approach we call “COPPA 2.0.”

As Adam explained on Larry Magid’s CNET podcast, COPPA mandates certain online privacy protections for children under 13, most importantly that websites obtain the “verifiable consent” of a child’s parent before collecting personal information about that child or giving that child access to interactive functionality that might allow the child to share their personal information with others. The law was intended primarily to “enhance parental involvement in a child’s online activities” as a means of protecting the online privacy and safety of children.

Yet advocates of expanding COPPA—or “COPPA 2.0″—see COPPA’s verifiable parental consent framework as a means for imposing broad regulatory mandates in the name of online child safety and concerns about social networking, cyber-harassment, etc. Two COPPA 2.0 bills are currently pending in New Jersey and Illinois. The accelerated review of COPPA to be conducted by the FTC next year (five years ahead of schedule) is likely to bring to Washington serious talk of expanding COPPA—even though Congress clearly rejected covering adolescents age 13-16 when COPPA was first proposed back in 1998.

We’ll discuss some of the key points of our paper in a series of blog posts, but here are the top nine reasons for rejecting COPPA 2.0, in that such an approach would:

  • Burden the free speech rights of adults by imposing age verification mandates on many sites used by adults, thus restricting anonymous speech and essentially converging—in terms of practical consequences—with the unconstitutional Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA;
  • Burden the free speech rights of adolescents to speak freely on—or gather information from—legal and socially beneficial websites;
  • Hamper routine and socially beneficial communication between adolescents and adults;
  • Reduce, rather than enhance, the privacy of adolescents, parents and other adults because of the massive volume of personal information that would have to be collected about users for authentication purposes (likely including credit card data);

Continue reading →

SHARE: 33 comments

What #googlefail Tells Us About Markets

by on May 18, 2009 · 10 comments

Google recently experienced failures of its core services — a phenomenon that quickly spawned the hashtag “googlefail” on the popular social networking platform Twitter.  These failures show that a company once thought of as the odds-on favorite for dominating the global market in all things web — the monolith of Mountain View — is looking more and more like a search-only player.

Big firms consistently fail to use their “market dominance” to take over adjacent markets, something that should give antitrust warriors in the Obama administration reason for pause.  The renewed call for tough antitrust enforcement comes at a time when Google, a poster-child for market dominance, simply can’t leverage its position at all.

Continue reading →

SHARE: 10 comments

Google’s New Advertising Trademark Policy & Consumer Welfare

by on May 15, 2009 · 13 comments

Google has announced that it will soon begin allowing U.S. advertisers to use trademarked keywords in limited circumstances in text ads, much as Yahoo! already does.  Google currently allow advertisers to bid on trademarked terms as keywords that could cause an ad to appear, either next to Google search results or on a third-party publisher’s website.  That policy will not change, and is discussed here by my PFF colleague Sid Rosenzweig.  The new policy is focused on the text seen by users in ads themselves and applies only if the “landing page” (to which the ad links) is used by a reseller, aggregator or parts supplier to sell only products that are relevant to the mark in question, or if the page is used to provide impartial reviews or other information about the trademarked product.  The new policy does not apply to sites/pages that (a) facilitate the sale of counterfeit goods, (b) allow the sale of a competitor’s goods, (c) criticize the trademarked good, or (d) do not provide substantial information or a purchase option.  Despite these limitations and other safeguards, Google has been sharply criticized by some trademark holders and might even be sued (e.g., for contributory infringement).

I’ll defer to the real trademark lawyers to figure out whether Google is correct that its new policy falls within the bounds of trademark law (particularly the “nominative fair use” doctrine).  But since Adam Thierer and I have been involved in an ongoing defense of online advertising against those who would squelch it through regulation in the name of privacy concerns (not at play here), I think it’s important to highlight the potential benefits to users from this seemingly arcane policy change-and to consider what this episode says about online advertising generally.  I see three main benefits to consumers from the policy change that should be considered alongside the vitally important role that trademarks play in our economy in communicating reputational information.

First, Google’s new policy will allow consumers to find products more easily because advertisers will be able to offer more descriptive and therefore informative ads, mentioning what they sell by name. Continue reading →

SHARE: 13 comments

Schneier on Data Collection and “Deception”

by on April 28, 2009 · 11 comments

I’ve been quite depressed to witness Bruce Schneier’s ongoing conversion from opponent of government intervention in the high-tech economy (at least on encryption) to vociferous proponent (at least in terms of privacy regulation).  Anyway, his latest cheerleading piece for government privacy regulation in The Wall Street Journal includes lots of fear-mongering about private website data collection for, God forbid, purposes of trying to better target advertising and market us products we might actually want.

Schneier uses the term “deceptive” several times in the piece to refer to privacy policies that don’t make it explicitly clear that some of the information you leave on a site, or that is collected preemptively by them, will be used to craft more targeted marketing efforts.  Like many other would-be privacy regulators, Schneier seemingly wants companies to fly blimps over your desk as you surf the Net with big signs that basically say: ‘Hey stupid, your info may be used to market you stuff.’  It’s hard to be against more disclosure, of course — and most sites spell out what they do with data in their privacy policies — but it never seems to be good enough for most privacy advocates, who paint consumers out to be mindless sheep who cannot be trusted to make wise decisions for themselves.  Sorry, but I just don’t buy it.

Continue reading →

SHARE: 11 comments

Major Filings in FCC’s “Child Safe Viewing Act” Notice of Inquiry

by on April 20, 2009 · 12 comments

As anyone who has spent time searching for comments on the FCC’s website can tell you, the agency doesn’t exactly have the most user-friendly website.  In the interest of making it easier for others to read the comments that came in last week in the agency’s “Child Safe Viewing Act” Notice of Inquiry, I have compiled all the major comments (those over 3 or 4 pages) and provided links to them below the fold.

Again, this proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.”  I filed 150+ pages worth of comments in this matter last week, and here’s my analysis of why this bill and the FCC’s proceeding are worth monitoring closely.

Continue reading →

SHARE: 12 comments

Comments in FCC “Child Safe Viewing Act” Proceeding

by on April 15, 2009 · 13 comments

Today I filed comments with the Federal Communications Commission (FCC) in its proceeding examining the marketplace for “advanced blocking technologies.”  This proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.”  My colleagues will no doubt laugh about the fact that I have dropped an absurd 150 pages worth of comments on the FCC in this matter, but I had a lot to say on this topic!  Parental controls, child safety, and free speech issues have been the focus of much of my research agenda over the past 10 years.

In my filing, I argue that the FCC should tread carefully in this matter since the agency has no authority over most of the media platforms and technologies described in the Commission’s recent Notice of Inquiry.  Moreover, any related mandates or regulatory actions in in this area could diminish future innovation in this field and would violate the First Amendment rights of media creators and consumers alike.  The other major conclusions of my filing are as follows:

  • There exists an unprecedented abundance of parental control tools to help parents decide what constitutes acceptable media content in their homes and in the lives of their children.
  • There is a trade-off between complexity and convenience for both tools and ratings, and no parental control tool is completely foolproof.
  • Most homes have no need for parental control technologies because parents rely on other methods or there are no children in the home.
  • The role of household media rules and methods is underappreciated and those rules have an important bearing on this debate.
  • Parental control technologies work best in combination with educational efforts and parental involvement.
  • The search for technological silver-bullets and “universal” solutions represent a quixotic, Holy Grail-like quest and it will destroy innovation in this marketplace.
  • Enforcement of “household standards” made possible through use of parental controls and other methods negates the need for “community standards”-based content regulation.

My entire filing can be found here and down below in a Scribd reader.  All comments in the matter are due tomorrow and then reply comments are due on May 18th.

Continue reading →

SHARE: 13 comments

The Pepsi Challenge 2.0, Reputational Incentives & Genericide as a Check on Google’s Brand Power

by on April 8, 2009 · 12 comments

It seems Microsoft is facing much the same problem Pepsi faced in the 70s, when it created the Pepsi challenge (a blind taste test between Coke and Pepsi):

A stark sign of the challenge Yusuf Mehdi faces as a point man for Microsoft in the company’s battle with Google comes from the company’s own research into the habits of consumers online. During regular “blind taste tests,” in which Microsoft asks randomly-selected consumers to score the quality of results from various Internet search engines, the quality of Microsoft’s search results have so improved that people can’t tell the difference between Microsoft and Google search results, says Mr. Mehdi, senior vice president of Microsoft’s online audience business group. But when Microsoft slaps the Google brand name on the results from Microsoft’s own search engine during another portion of its tests, users invariably score them highest. “Just by putting the name up, people think it’s more relevant,” he says. … Microsoft still faces the problem of the strong association in consumers’ minds between Google and Internet search. In theory, it’s far easier for a consumer to switch Internet search engines than it is for them to switch other forms of software. But Mr. Mehdi–a veteran of the Web browser wars of the late 90s in which Microsoft managed to overtake the pioneer in the category, Netscape Communications–says in reality it’s very hard to convince consumers to change their search behavior.

So, Microsoft faces an uphill battle.  Happily for the Internet marketplace, it seems they’re embracing the challenge cheerily by attempting to kill two birds with one stone:  launching an innovative new semantic search engine capable of answering users’ questions more directly while also creating a fresh new brand for what Microsoft acknowledges is a “confusing jumble of brand names for its search efforts.”  I, for one am looking forward to Microsoft’s forthcoming search engine, dubbed “Kumo.”

But I think there’s a bigger lesson here:  Google’s most valuable asset is its brand. Continue reading →

SHARE: 12 comments

← Previous Entries

Next Entries →