Archive for the 'Geek Stuff' Category

Why Apple’s iBook Author EULA is not as frightening as it might first appear

Published January 21, 2012 Geek Stuff , In the Media , Intellectual Property Comment

Following Apple’s launch earlier this week of iBooks 2 and the iBooks Author (iBA) app, there’s been a bit of internet outrage (here, here, here, and also here) about the apparently unfair terms of the EULA applying to iBA.

iBooks 2 now allows content distributors to create textbooks, with interactive content – such as video and diagrams etc. To allow such content to be created, Apple has created a (free) app for the Mac – iBA. I haven’t played with the app yet, but I’m guessing that as well as allowing users to create all singing and dancing interactive e-textbooks, it will also allow users to self-publish more conventional literary works onto the iBooks platform (although given that iBooks can already read normal epub files, this isn’t exactly breaking new ground).

The catch is that (as the EULA makes clear) iBA content may only be distributed through Apple’s iBookstore.

So what’s the concern?
The source of the anger appears to be this clause in the EULA:

B. Distribution of your Work. As a condition of this License and provided you are in compliance with its terms, your Work may be distributed as follows:

    (i) if your Work is provided for free (at no charge), you may distribute the Work by any available means;
    (ii) if your Work is provided for a fee (including as part of any subscription-based product or
    service), you may only distribute the Work through Apple and such distribution is subject to the following limitations and conditions: (a) you will be required to enter into a separate written agreement with Apple (or an Apple affiliate or subsidiary) before any commercial distribution of your Work may take place; and (b) Apple may determine for any reason and in its sole discretion not to select your Work for distribution.

In essence, this clause says that if you want to distribute your work for free then go ahead. But if you want to charge users for downloading your literary work, then you have to enter into a contract with Apple, under which Apple will presumably take a cut.

Cue outrage.

Dispelling a couple of myths
But I think this outrage is a little misplaced.

Firstly, the clause in the contract does not transfer ownership of the work to Apple. It simply states that if you want to commercially exploit it on the iOS platform (to users of Apple’s iBooks app), then Apple will take a cut. This is no different to the way in which the App Store, Newsstand or in-app purchases work. In each case, Apple will take a cut (30% in the case of apps) of each sale that is made. That 30% covers Apple’s commission for providing distribution through the relevant App store, and payment processing.

Secondly, the EULA only applies to the work that you create using iBA. It does not apply to the underlying content that you include in that work. At present, it appears that iBA works can only be read by iBooks 2 – it uses a proprietary format. There is no option to export the work in another rich format. This is important, as it means that even without the EULA works created through iBA would not be accessible on other ebook readers anyway. If iBA used an open format, and purported to restrict use, that would be a different matter.

Thirdly, because the EULA only applies to the distribution of the file created by iBA, there is nothing stopping users using the same underlying content to generate a standard epub file (using another publishing app) to distribute that content on other platforms – for example Kindle, or one of the many other ebook readers available on iOS.

So, yes if you want to sell your iBA-created work to users of iBooks Apple will take a cut, and yes it can decide not to approve your work for distribution. But that doesn’t stop the user from distributing that content full stop – simply the iBA created file.

Why Apple had no choice
The point to take from this is that no one is being forced to use iBA (unless they wish to create an e-textbook that takes advantage of iBooks 2′s latest features), and Apple is not claiming ownership (or even restricting use) of the underlying content. iBA is a free app, and this is the way that Apple is monetising it. The app is a free tool that allows the masses to publish to a previously closed platform.

Indeed, to apply a different policy for iBA users would completely undermine Apple’s in-app purchase policy and its current iBookstore and Newsstand distribution agreements with publishers. If you want to use the tool to publish to the iBooks platform, then you need to play by the same rules that everyone else has signed up to. Apple has spent time building a catalogue of content on the iBookstore and Newsstand. If iBA didn’t include these conditions on iBA users, then it large publishers could simply circumvent the iBookstore and sell directly to consumers. This would be commercial suicide for Apple and the iBooks platform.

Whether this model will be commercially successful* with individuals and small publishers is another question, and it may be that the commercials will vary. In return for its cut, Apple will distribute iBA created works through the iBooks store, and provide payment processing services. That alone may be sufficient incentive for publishers (large and small) to sign up to Apple’s terms.

*Or survives potential competition law issues – see my previous blog on the policy that Apple introduced last year on in-app purchases, and potential competition law issues.

Update – 3/2/2012: Apple has today issued iBook Author 1.01, which contains an updated EULA which clarifies this issue and expressly states that the restrictions on charged-for distribution apply *only* to .ibooks files created using iBA, thus vindicating what I have said above. So you can even use iBA to create a book in PDF format and charge for that outside the iBookstore ecosystem – Apple only is only interested in files distributed through the iBookstore platform.

Embedding accessible design skills in the next generation of web developers

Published November 28, 2011 Disability discrimination , eCommerce , Geek Stuff , web law Comments

Last Monday I was in Dundee, speaking to final students at the University of Dundee’s School of Computing.

The School of Computing takes quite a holistic view of teaching computing, and one of the modules covers the “real world”. The School asks external experts to come in and talk to the students about things like identity theft and security standards (such as PCI-DSS), and other laws and regulations that may impact upon what they do when they get out into the working world.

The area that I talk to students about each November is disability discrimination laws and accessible design for websites and mobile apps, an area I’ve been involved with for a number of years (my honours dissertation was on this). This particular talk dovetails with the School’s technical expertise in relation to accessible and usable design.

Rather than bore the students with a dry lecture on The Law, I try to show them how it is relevant to the future careers, and why having a good understanding of the relevant laws will make them more employable, and give their future employers a competitive advantage.

There are a number of key messages that I try to get across:

  • if a website or app is not designed properly, it may be inaccessible to users with disabilities;
  • operators of websites and providers of mobile apps have, in their capacity as service providers educators, and employers, legal obligations not to discriminate on the grounds of disability;
  • failure to do this may lead to that organisation being sued and, perhaps more importantly for a big organisation, suffer damage to its reputation;
  • web and software designers will be responsible for designing and delivering those websites/apps;
  • even if you are working for an independent design company, that company will have contractual liability to the client, and if a site is poorly designed the client may have the right to sue;
  • public sector organisations have a legal obligation to ensure that their ITTs set out requirements in relation to accessibility – if the designer doesn’t have the skills, then it may not get the work;
  • therefore understanding accessible and usable design and the legal obligations applying to your employer/clients will give you a competitive edge – whether in the job market or in winning business.

If we are doing things right, then hopefully accessible and usable design will become second nature to the web and app designers of tomorrow.

If you are involved in commissioning a new website, or a mobile app, then I recommend that you read BS 8878, a new(ish) British standard on commissioning accessible websites. It’s not a technical document, but instead a process that organisations can follow to assist with appointing a designer with appropriate accessibility expertise, and to help ensure the final output is accessible to users with disabilities.

News International and hard drive shredding – why its good information security practice

Published November 21, 2011 Confidentiality , Data Protection , Geek Stuff , In the Media , Outsourcing Leave a Comment

I read in the papers at the weekend that, following an office move, News International last year “shredded” most of the computers used by a large number of News of the World staff.

Leaving aside whether this was a prudent thing to do given the phone hacking allegations and court cases, shredding a hard drive is one of the best ways of securely destroying information. (I love the photos on that website – you really can shred metal).

I blogged about this last year. The problem with erasing data from a drive is that the data recovery people are becoming ever cleverer at reconstructing data. It’s essentially an arms race between data destruction and data reconstruction.

So if you want to make sure data definitely has been deleted then you need to either shred the drive or follow something like the US Department of Defense erase/rewrite standard.

Destruction of disks is something that should be addressed in an organisation’s information security policy, and appropriate requirements specified (or referenced) in any outsourcing or services agreement under which a supplier is processing personal or confidential information.

So whatever the News of the World’s other failings might have been over the years, it’s good to see that their information security policy is robust and ensures that data is properly and completely destroyed, such that it cannot ever be reconstituted.

Legal responsibility for a robot’s actions

Published November 17, 2011 Geek Stuff , IT Law Comment

On Tuesday night I attended the launch of the Strathclyde Centre for Internet Law and Policy. The launch of the centre is in tandem with Strathclyde University’s rebranding of its renowned LLM in Information Technology Law and Telecoms (which yours truly completed in 2003), which is now known as the LLM in Internet Law and Policy.

Marking the launch was a lecture on “Regulating Robots: Re-Writing Asimov’s Three Laws in the Real World?” by Professor Alan Winfield, Director of the University of West of England Science Communication Unit, EPSRC Senior Media Fellow and Lilian Edwards, Professor of E-Governance at Strathclyde University.

The lecture sought to address legal responsibility for a robot’s actions, and whether, given the rapid advances in robotics, we need to legislate for Asimov’s Three Laws:
1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey orders given it by human beings except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

I found the topic particularly interesting because I had just read an article called “Towards new recognition of liability in the digital world: should we be more creative?” in the International Journal of Law and Information Technology, which discussed the attribution of liability for “intelligent software”. I felt that the article raised a lot of interesting issues, but its conclusion – that we need some collective form of liability taking into account the role every party plays in producing the liability in question – was perhaps impractical.

I was therefore hoping that Professor Winfield and Professor Edwards might reach a different conclusion, and they didn’t disappoint.

It’s impossible to neatly summarise an hour-long lecture, but I think they were proposing that liability for robots should arguably mirror liability for software. This would mean that the party best placed to manage risk assumes it (and insures against it), and if that a robot is subsequently hacked and causes damage, then the hacker should probably be liable for any damage caused.

As for Asimov’s three laws, the Professors acknowledged that the laws were instructive, but proposed that they should be replaced with a new five-part ethical code.

Alan Winfield was very effective at making everybody in the room think differently about “robots”. I appreciate you have probably read to this point and found the confident way I’m talking about “robots” a bit silly.  Well, it turns out that robots are already all around us!  Alan pointed out, quite rightly, that nobody speaks about the “dish washer robot” – it’s just the dishwasher! (Disappointingly the montage of sci-fi robots in Alan’s introductory powerpoint slide didn’t include Optimus Prime, but since Alan bears more than a passing resemblance to the stately Patrick Stewart, I lacked the courage to complain!) The serious point here is that as society increases its use of (and reliance upon) robots, liability for their actions is something that lawyers will increasingly need to consider.

Overall it was a very enjoyable and thought provoking lecture, and I look forward to hearing more from these speakers on this subject in the future.

Cloud Computing and the risk of Data Ransom

Published May 30, 2011 Cloud , Contract Law , Geek Stuff , IT Law Comments

There have been lots of articles about cloud computing by lawyers. Most of them: i) have a dodgy pun in the title; and ii) bang on about data protection and the risk that your data is outside Europe.

That is not what I am going to write about. Partly because it’s been done to death, and partly because I think DP law is dull (sorry Grant and other data law lovers).

I am going to talk about data ransom in a cloud or hosted environment. That is the risk that your supplier goes bust and you have to buy your data from an administrator/receiver, or that you get into a commercial dispute with your supplier and they either turn off your service or ransom your data.  Both are possible scenarios.

Remember that administrators are legally bound recover as much money as possible for the creditors. They are also not too bothered what your contract with the insolvent company says.  These facts can make them quite interesting to deal with!

On the commercial dispute side it is traditional for purchasers to manage suppliers by withholding payment on invoices or similar. But with cloud or hosted apps the power has shifted – if the purchaser withholds payment then the supplier can probably turn off the service. Gulp!  Worse imagine you have decided not to renew the contract, and your supplier starts being “sticky” about handing over your data to the new supplier. Remember “sticky” could include giving the new supplier all your data, but in an incomprehensible format.

So what do you do ?

Contractually

  • Have an obligation to get a weekly or daily back-up of your data delivered to you in a format you could decode.
  • In fact why not take advantage of virtualisation technology and get a virtual copy of “your environment” and related rights to run it on your servers. (I have been putting this in contract for about a year – so far I have not seen anyone else do this).
  • Have strong exit management provisions (preventing the supplier mucking you around on exit).
  • Have a source code escrow agreement.  Note from a “self-help” basis these are probably useless (partly) because you may not have the object code; but having the right to get the source code will give you bargaining position against an administrator/receiver *.

Practically

  • Actually Enforce any of the contractual rights described above (it is probably too late to start enforcing them once the “ransom” starts).
  • Make sure your lawyer really understands concepts such as cloud, source code and virtualisation (this is an undercover sales pitch).

Not one dodgy pun!

*  I find a lot of lawyers still ask for source code escrow in a hosted app environment (where the client doesn’t even have the object code) not because of the reasons I have outlined but simply because the turnkey contract they are using as a style has an escrow clause in it. This strikes me as fairly dumb. Rant over.

The forecast: clouds, with grey linings, perhaps turning to silver later

Published May 12, 2011 Cloud , Geek Stuff , In the Media Leave a Comment

Samsung has today announced the first publicly available laptop based on Google’s Chrome OS. The laptop is aimed at both consumers and corporate users.

What’s different?
Unlike many laptops and netbooks, Samsung’s new laptop comes with only 16 GB of (solid state) storage for files. By way of comparison, my MacBook that I bought last year came with a 320GB hard drive (20 times larger). Of that 320GB, approximately 70GB of that is taken up by photos, music and videos (including a staggering 25GB of which relates to photos and video from my wedding and honeymoon last year).

So why is the storage space on a Chrome laptop so small? The reason is that users won’t store any files on the laptop itself. Instead, the user will use remotely hosted applications like Google Docs and store its files in a “secure” space in the Cloud. Google and Samsung cites a number of advantages of this approach – if the laptop breaks or is stolen, then the data won’t be lost, and because applications and files are hosted remotely, the computing power required at the user end is much less; ergo a Chrome OS laptop is much cheaper to buy.

We are seeing an increasing interest in clients (both large and small) adopting cloud computing and virtual desktops – finally realising the dream that Sun had for its thin JavaStation clients back in 1996 (I remember this well – I wrote a dissertation on it when doing Higher Computer Studies). As applications and files are hosted on a remote server, it means that users require only a very basic computer, meaning lower upfront and support costs and more flexibility to support various ways of working.

Dark clouds on the horizon
But as we saw a couple of weeks ago, the Cloud is not infallible. Leaving aside a reliance on patchy (and often slow) 3G coverage and wifi for mobile users in the UK, there are a number of risks. Users of Amazon’s EC2 cloud computing service suffered a major outage, leading to some users being affected for up to four days. The outage knocked out a number of businesses and arose notwithstanding a number of failover systems that Amazon claimed to have in place to prevent this sort of thing from happening.

Whilst a consumer may consider such an outage to be a risk worth taking given the cost and convenience benefits of using the Cloud, I suspect that businesses may take a different view. Reports have confirmed that because of the way the outage occurred, Amazon’s outage didn’t actually trigger a breach of Amazon’s service level agreement, meaning that users had no automatic entitlement to service credits (although on this occasion Amazon has made a discretionary award of compensation to affected customers). That’s a tough one for a CIO to explain to his CEO – not only did the service fail, but there isn’t even a right to any service credits.

Raining on the Cloud’s parade
The Amazon outage also highlights the risks of, to mix some more metaphors, putting all your eggs in one cloud. If a business is dependant upon the Cloud in order to trade or for its employees to carry out their day to day duties (because all data is hosted remotely), and is also dependant upon a single cloud vendor, then it needs to look very carefully at the business continuity, and DR provisions that the cloud vendor has in place and consider if those are sufficient.

Similarly, if all your data is hosted by a third party in the cloud, then you may be reliant upon that third party to ensure that your data is backed up, and may also need to consider how you can get it out of the Cloud at the end (particularly when using software as a service applications). See Damien’s previous blog on this.

Wrapping up a bad couple of weeks for the Cloud, the hacking attack and theft of data from Sony’s PlayStation network also emphasises the importance of ensuring the security of data (personal or otherwise) held in the Cloud. Just playing some Rolling Stones isn’t going to be enough.

I don’t doubt that the Cloud will continue to grow in importance, but these recent events show the legal and commercial risks associated with cloud computing, and a number of the issues that cloud providers need to overcome before the market will fully mature. In the meantime, businesses seeking to move to Cloud will need to ensure that they read the small print and carry out appropriate diligence on their proposed supplier(s).

Smartphone recipes: BlackBerry and Apple jam

Published July 29, 2010 Geek Stuff , In the Media , IT Security Comments

There has been a fair amount of heated discussion currently around the use of the iPhone as a business Smartphone – or at least there has been in my circles (note to self: must get out more).  RIM (Research In Motion, makers of the BlackBerry) have had the business Smartphone market sewn up for years now, so some healthy competition is a good thing.  I’m certainly keen on iPhone’s ease of use and Apple design some very attractive looking devices, but is it ready for the business world?  Well, I would say that depends on your attitude to risk.  Leaving aside more subjective or prosaic considerations, such as physical vs. virtual keyboard, ease of email, speed of web browsing, battery life etc., the debate for the Enterprise usually boils down to security. 

The BlackBerry began as a business device, so it has security ‘baked in’, with end-to-end message encryption, and the ability to encrypt the actual hard drive of the device (which we do).  Having said that, the data travels through RIM’s infrastructure (albeit in encrypted form), which caused the United Arab Emirates to moot the restriction of the device because the data goes offshore as a result, and the Indian government to threaten a ban unless their security forces can access encrypted content.  However, RIM point to their security chops with a long list of certifications and the fact that it has “been approved for the wireless transmission of sensitive data, up to ‘restricted’ classification, by both NATO and the UK government.”.  Perhaps the ultimate accolade though, is that apparently the BlackBerry is the device of choice for criminals as it is so difficult for the police to intercept or recover any data from it

So how does the iPhone stack up on security by comparison?  Well, we recently saw that government ministers and civil servants have been denied iPhones, with CESG deeming them not secure enough.  It is possible to secure the iPhone using third party products (there’s an app for that), but it’s fair to say Apple are playing catch-up in this area, which is unsurprising given their initial consumer focus.  While the usability, design and sheer fun of an iPhone will appeal to many business users, there’s also the thorny question of the Apps.  Most Enterprise Smartphones will be locked down to prevent users downloading applications since they may contain malware or viruses, yet it’s arguable that the whole point of the iPhone is the Apps ecosystem around it.  So if you offer the iPhone to staff and allow them to download apps you’re letting your security guard down, but if you deny them the apps then you’re taking away its USP.  Additionally, many organisations block iTunes due to concerns over piracy, illegal downloads, storage overhead etc., but you need it to download iPhone updates.  So if you allow iTunes, do you then allow staff to hold their music collection on their PC?  What happens when the iPhone dies or they leave the organisation (or vice versa), are you responsible for backing up and restoring their music collection?  Echoes of Martin’s post on the importance of back-ups here. 

So, who’s winning the war?  Well RIM aren’t giving up without a fight and are pushing new touchscreen devices and their own app store, while Apple are working on security to lure the business user.  Give it a couple of years and there may not be much to choose between them.  In the meantime though, the BlackBerry would appear to be the weapon of choice for the more paranoid email junkie, while the iPhone reigns supreme in terms of usability and multimedia.  Though whether you agree with that will probably depend on which device you pray to every 5 minutes…

Damien Behan

A metaphor for the importance of data back-ups

Published July 29, 2010 Geek Stuff Comment

I usually leave the “geek” posts for Douglas, but a comment on this article about people incurring problems upgrading their iPhone 3G to iOS 4 caught my eye.

It is in response to another comment complaining that when the person had upgraded their iphone 3G to iOS 4 they lost five months of photos taken on their iPhone. The response:

A phone is the same as a computer. If you do not make backups of your important files, you don’t own those files–you’re only leasing them from Fate.

Aside from the philosphical question of whether you can “own” data or information, I think that the idea of “leasing data from Fate” sums things up brilliantly. It emphasises the fragile nature of data and IT systems, and why making regular back-ups to multiple sources is so important. IT can and does fail from time to time; software updates can and do go wrong; and viruses can and do cause mayhem. This is why we have business continuity and disaster recovery plans (which have hopefully been tested and shown to work).

Which reminds me, I must back-up my laptop at home again…

Brodies’ Techbloggers battle the Cybermen (picture)

Published April 1, 2010 Geek Stuff Comment

Eleanor and Douglas came across this Techblog reader in Festival Square in Edinburgh earlier today…

click on the image to see a higher resolution version.

Please don’t take my BlackBerry away

Published January 19, 2010 Geek Stuff , Uncategorized Leave a Comment

In the news this week was a patent infringement claim from Kodak against the makers of the BlackBerry.  This is not the first attack on the BB, and the iPhone is subject to a number of IP infringement claims.  I guess everyone wants a share of the presumably huge profits these devices make. 

Ignoring the merits of the claim can I, with the greatest respect, ask Kodak to BACK OFF.

I love my BB, and I don’t want anyone to take it away.   My wife has a different view. She now deliberately books holidays in places with poor reception!  

In that contex I did hear about one law firm limiting the amount of time per day their lawyers could use their BB’s – a sort of tacograph for lawyers. Interesting.

Perhaps there is an employment law issue here. I asked Tony Hadden in Brodies’ employment  and pensions team (the top ranked team in Scotland) and this is what he said “While there is no case law here (yet),  there may be a problem in terms of the Working Time Directive which theoretically limits the amount an employee works to 48 hours a week.  Also Recent European decisions (Stringer and Pereda) have emphasised that the Working Time Directive relates to health and safety and employers need to understand that they have an obligation to ensure that employees hours do not impact on their health”.   

Here is what I say “Euro Wimps”!  What is wrong with ignoring your spouse, kids and friends to check your BB every twenty minutes in the evening and at weekends?  

 Actually, I think I may have answered my own question there.  

    

Next Page »

Twitter: @BrodiesTechBlog feed

 

February 2012
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
272829  
Follow

Get every new post delivered to your Inbox.

Join 135 other followers