[T]he most difficult challenge — both to grasp and to solve — of the cloud is its effect on our freedom to innovate. The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you — and the vendors of the PC and its operating system have no more to say about it than your phone company does about which answering machine you decide to buy. [snip] This freedom is at risk in the cloud, where the vendor of a platform has much more control over whether and how to let others write new software.

If you think about info/law very much, none of this is quite new. And as I have said before about Zittrain’s work, I think he is too pessimistic about the certainty of lockdown (after all, we were worried about the walled gardens of AOL and Compuserve too, and look what happened).

But the danger is real and must be addressed, presumably in large part by the audience who reads the Times op-ed page. JZ is such an excellent communicator and synthesizer, and he conveys the seriousness and complexity of the problem very nicely to a key audience in a format where it is difficult to do that. Go read the whole op-ed right now.

[UPDATE: Adam Thierer does not care for this op-ed at all, and has some interesting responses.]

Amazon, Blount says, “is not paying anyone for audio rights.” Likely true. But, um, what rights are those? Copyright gives an author five entitlements: to reproduce copies of the book, make derivative works based on it, distribute it, perform it publicly, and display it publicly. So, let’s take them one by one. If an ebook is available through Kindle, Amazon (presumably) has the right to distribute the book, which also entails letting the end user (consumer) make copies of it. Copies: one that’s stored on the Kindle’s hard drive, and one that is loaded into RAM for display (and, perhaps, the on-screen display itself). “Displaying” a work via audio doesn’t make much logical sense, so we’re left with either public performance or derivative works as rights that the Kindle treads upon.

Is the reading a public performance? Well, let’s take Blount’s example: “the Authors Guild does not expect royalties from anybody doing non-commercial performances of ‘Goodnight Moon.’ If parents want to send their children off to bed with the voice of Kindle 2, however, it’s another matter.” While playing “Goodnight Moon” is certainly a performance, in my experience few children have bedrooms that qualify as public. What’s “public,” for copyright purposes? One of two things: it’s performing it “at a place open to the public or at any place where a substantial number of persons outside of a normal circle of a family and its social acquaintances is gathered,” or to “to transmit or otherwise communicate a performance or display of the work to [such] a place.” It may take a village to raise a child, but rarely is one involved in putting her to bed. So, public performance is out.

What about a derivative work? Well, the definition of derivative work is amazingly broad: it is any work based upon an existing work. I wonder, though, about two things: fixation, and added expression. Technically, derivative works don’t have to be fixed (unlike the requirement for copyright protection initially), but many courts read in a fixation requirement to the statute. I don’t know how the Kindle converts text to speech, but if it fixes it, it probably does so by buffering only a few words at a time, which likely isn’t enough to infringe (either because it doesn’t copy enough of the protected work, or based on fair use). Second, does reading a work aloud create a derivative? Again, the standards are minimal, and vary by Circuit: the 7th requires added originality, while the 9th requires that the work be recasted, transformed, or adapted. I’m not sure reading aloud qualifies under either of those tests, no matter how much personality Kindle’s fake voice offers. Moreover, this seems like a classic case of overlap: if reading aloud is a derivative work, it seems that the derivative works right renders the public performance right superfluous, which is in tension with our standard canons of statutory construction.

Even if we assume that the Kindle fixes an entire copy of the ebook as part of its text-to-speech conversion, is that a violation? After all, Amazon is allowed to make several copies of the ebook already (on the hard drive and in RAM, remember), so what’s one more? That’s really a contract issue that depends on the agreement between Amazon and the copyright owner (author or publisher).

Blount’s argument is, at heart, one that sounds in John Locke’s labor-desert theory: Amazon has created new value, and likely new demand, for authors’ books, and so they should share in the reward. But why? Amazon did the hard work here, and the Kindle is probably going to be a huge driver for sales of books generally. Authors already have incentives to produce books. Won’t taking away some of Amazon’s returns reduce incentives for future innovators? Here’s a thought experiment: I invent a new way to make an existing product even more worthwhile — say, I write a software program that makes Windows incredibly simple to use, or a way to make Spam taste like sirloin. Sales of Windows, or Spam, are going to go up. Should I write a check to Microsoft or Hormel? Obviously not. So, why is it different just because we’re throwing copyright around?

This is a land grab. It’s ill-advised. Blount’s argument is wrong as a matter of copyright law and just plain dumb as a way of relating to a product that will make authors richer. Better head back to the locker room, Roy.

Spam’s basic problem is the same: our social norms of trust are at odds with the insecure foundations of e-mail. Put another way, both we and our e-mail systems are too trusting, and thus easily duped. Spam exploits the credulous (”If my friend forwarded this link, it must be OK!”) and the opportunistic (”Hey, free Anna Kournikova pictures!).

I still think we should do three things. First, e-mail just doesn’t work for communications that need security and the ability to authenticate senders. I proposed “safe mail” a few years back, and as with most academic ideas, it’s garnered almost as many supporters as Blagojevich for President. But it’s still a good approach. Second, ISPs need to think about rather paternalistic approaches (=URL blocking) in some cases, with opt-out for those willing to take informed risks. Think of this as mandatory StopBadware – when you try to connect to a spoofed or phishing site, you can’t. Finally, we need better defenses on our computers. Microsoft Vista tried for this, but its constant security warnings annoyed everyone without increasing security, leading to defensive ad campaigns rather than defensive computing.

Spam will always be around. It worries me, though, that our perception of its threat seems to be inversely proportional to the harm its payload carries…

The question: do Linux folks care? Do Notes proponents care? Even Linus Torvalds is a skeptic about Linux on the desktop. (Sorry, Tim!)

The fun part is that this is the sequel to Symphony – the original, released in 1984, ran on DOS and was named by John Dvorak as one of the 10 worst software disasters. (Symphony is #4, Microsoft Bob is #10. That hurts.) Thus, IBM is recycling a trademark – and one with questionable associations to boot. (That “boot” may take a while if you use Windows.)

From a classical trademarks perspective, this makes sense. Trademarks allow IBM, as the Lanham Act tells us, to “identify and distinguish [its] goods… from those manufactured or sold by others and to indicate the source of the goods.” Computer users see “Symphony” and know immediately that IBM produces the software. (Let’s assume the users understand that IBM bought Lotus back in the 1990s.) As law students learn, trademarks help reduce consumers’ error costs by helping them find goods generated by a particular producer.

But trademarks do much more than that, and this is what interests me. Do you think Ford has plans to revive the Edsel? No? After all, car consumers probably know instantly that Edsel = Ford. But they also think Edsel = lemon. Trademarks indicate not only source, but also product characteristics. The challenging part is that those characteristics aren’t stable – Symphony, Tab, Taurus – and it’s not clear why we protect a brand trademark that may no longer usefully convey information about what the product is rather than who it’s from.

Technically, trademark law has a tool for this: abandonment. If you take actions that cause your brand to “lose its significance as a mark,” then your mark can be canceled – and your competitors may move to do so. But abandonment is difficult to show, and courts are reluctant to find abandonment. Moreover, it’s not clear what “significance as a mark” means. When Ford slaps Taurus on an entirely different model – the Five Hundred – car buyers still know instantly that the model is a Ford. They just don’t know what the car itself is like. So, if “significance” means only “source designation,” then abandonment doesn’t work well.

I think we need a legal tool to police moves by mark owners that may lead consumers astray when a mark for a model or product type – think iPod or Blackberry – no longer accurately reflects the product’s characteristics. There are at least two hard problems here. First, producers need to innovate; freezing consumer expectations at a given point in time is not helpful. Second, how do we measure and capture the key characteristics of a product that consumers associate with a mark? How much does Coca-Cola have to change the drink before we force them to call it New Coke? I’d love your thoughts on this.

The biggest bombshell in the study must be the ranking of Google as the worst company — alone in the lowest of six color-coded ranks of companies, in the “black” zone labeled “comprehensive consumer surveillance and entrenched hostility to privacy.” (Why don’t you tell us what you really think without any candy-coating?) It’s another sign, if more were needed, that Google has now taken over Microsoft’s former role in many info/law discussions as the villainous tech company.

Now, this is an extremely subjective ranking. And it is based on limited information in many circumstances. The group concedes both points, notes that these are reasons why the rankings are preliminary, and solicits more information and input. But if the goal was to start discussion, I don’t know if this initiative will succeed or backfire.

On one hand, rankings or grades sharpen these sorts of issues very effectively in public debate. I learned this working on Capitol Hill, where countless groups release annual scorecards of representatives’ records, and where the politicians themselves draw attention to pet topics by releasing rankings of various sorts. The media love them. And once you get people debating whether Friendster really is two notches better than Facebook on privacy (as this study suggests), then you have already drawn their attention to the larger issue you wanted them to consider.

That said, the subjectivity of the standards and the rather harsh language the group uses undermine its credibility. And the release of the report was accompanied by an aggressive “open letter” to Google accusing the company of “smearing” Privacy International in responses to the media that questioned the group’s independence. (I don’t know the particulars of this side dispute, but substance aside neither party comes out of it looking very noble.) It seems that Privacy International completed and published this draft without contacting companies, and only then invited the companies it attacked to enter into dialogue — indeed, summoned them to what appears to be a unilaterally scheduled meeting on these issues in July. (Somehow I don’t think Google will be there.) Finally, the choice to focus on Google so intently may divert the whole project into a tit-for-tat with that single company rather than a broader discussion of online privacy. Predictably, the coverage of the report has concentrated very much on the Google angle (as in these representative examples from mainstream media and tech media alike).  Danny Sullivan of Search Engine Land has also posted a detailed critique that probably represents a lot of folks’ reactions.

If this report goes nowhere, it would be an unfortunate lost opportunity. There is a lot of work to be done in encouraging social responsibility and respect for privacy among the internet giants. An ongoing initiative to develop industry standards, with the Berkman Center’s involvement, could bear some fruit. There is little question in my mind that large companies’ privacy practices are deteriorating, and I’m all for holding them accountable for it. But the end result should be an improvement, not an impasse.

As Ethan explains:

Google identifies sites that they believe are spreading badware and registers them with Stop Badware. My colleagues with Stop Badware have the unenviable task of managing the Google review process – if a site is tagged as spreading badware, the site’s administrator has the option of protesting and having the site reviewed by a team that includes folks at the Berkman Center. This is a very emotional issue for site owners, as having your site de-listed by Google can have very serious consequences for your traffic, your reputation, etc.

That may not be the sort of self-governing cyberspace that some luminaries envisioned fifteen years ago, but it may be a pretty interesting example of a private resolution process that is nevertheless open and principled. You should go read Ethan’s post.

[UPDATE: And read the commenters at Ethan's post too. Some of them say they too have been tagged with this "harm your computer" notification and are having trouble getting rid of it -- even after they fix the problem. A definite challenge for the Stop Badware model, but I am optimistic that they will work through it.]

One feature that has taken the brunt of the criticism has been the Zune’s ability to share, on a limited basis, songs with other Zunes via the player’s built-in WiFi. If you and I both have Zunes, you can send me a song (known, appallingly, as “squirting” – apparently the work of a marketing summer intern with a sense of humor) that I can play 3 times or keep for 3 days (whichever comes first). This feature has been panned on numerous fronts: it ignores fair use, it’s too short a trial period, it’s an unimaginative use of the WiFi capabilities, and it’s likely to annoy users. All are true.

With that said, I think the critics, in some cases, have short memories. One of the primary defenses of the Napster peer-to-peer file sharing network was that it allowed music consumers to try out songs or artists before buying – in effect, a sampling or trial-basis argument. The Ninth Circuit didn’t buy that this constituted fair use, and Napster went down for the dirt nap. However, if we take this argument seriously, then Microsoft’s Zune is meeting precisely this strongly-felt consumer need, and in a way that’s concordant with the goals of “try before you buy.” Squirting (what’s the likelihood that Info/Law gets filtered in Saudi Arabia based on this post?) is quite limited, but those limits seem well-tailored to the sampling theory that many put forward as a key justification for Napster.

The real argument, of course, is that consumers want to do more with songs than just sample them and go on to buy them. Consumers unhappy on this basis, though, should take it up with the record labels rather than Microsoft; the labels are the ones who’ve resisted more expansive uses of their material and who’ve claimed that even ripping one’s songs from CD to MP3 is a licensed use – one that violates copyright, but that operates at the label’s grace. Thus, squirting may be a good thing, even if we’d prefer a gusher rather than a trickle.