The Danger of the New iPhoneBy Edward Cone | Posted 06-22-2008
The Danger of the New iPhone
Many people lust after the iPhone, but Jonathan Zittrain sees danger in the device.
Zittrain, a professor at Harvard Law School and co-founder of its Berkman Center for Internet and Society, worries that closed appliances like the iPhone and walled gardens like Facebook will stifle the creativity that has fueled the development of the Internet. Tools such as PCs and the Net itself, which are open by nature and allow people to hack and tinker, are "generative," he says--capable of spinning off new capabilities from unexpected directions. Tightly controlled devices and services--not so much.
Zittrain wrote a book about his concerns, The Future of the Internet--And How to Stop It. CIO Insight senior writer Edward Cone spoke with him about his thesis--and the reasons CIOs may find themselves on both sides of the issue.
CIOI: What's the 50-cent tour of the generative concept?
Zittrain: Our current information technology ecosystem is generative--it welcomes contribution and code and content from pretty much any outsiders, even if they're not that wealthy or accredited or anything else. That's an unusual state of affairs. That's not the only way to build an ecosystem. We stumbled into this one--some would say lucked into it--when we know that in the 1980s and 1990s we had proprietary networks like CompuServe and Prodigy and things like that. Those systems have security models that the Internet doesn't have. The Internet barely has a measurement model; you can't even tell how many people are hooked up to it, which is something that somebody at AOL could tell you in a heartbeat because AOL needs to know how many subscribers it has so it can send them a bill.
A PC is similarly open in that you can run any code you want on it, unlike, say, information appliances like the smart word processors of the 1980s that were built for one purpose, did it really well and that was it, which made them much more easy to maintain-- a factor CIOs are very familiar with.
Not to be heretical when we're discussing something as important as the future of innovation, but I'm thinking that a lot of CIOs might actually be nodding their heads in approval at the idea of walled gardens and appliances.
The CIO is particularly attuned to seeing the bad surprises that a generative system can give us. To CIOs, there's a reason we call things mission-critical. They are the ones who know just how costly it is to manage a help desk, trying to help these users get out of all these things they do that they regret instantly, and that's why they led the charge on lockdown. In the typical corporation today, the PCs are configured so you can't just install a Flying Toaster screensaver, and with it expose your entire LAN to some kind of worm or Trojan or data-gathering bot. I don't blame CIOs; it's a best practice to keep the network locked down pretty thoroughly if there's anything sensitive on it. It's totally understandable, but it's also unfortunate.
The Lockdown Downside
What's the downside of lockdown in the enterprise?
The corporate world has given a huge subsidy to the generative Internet. Long before some companies realized how much money they could save with VOIP, there were people loading Skype onto their computers. Lots of applications had their proving ground on corporate PCs. It's unfortunate to see that thin edge of the wedge, even though it's rational, lead to a cascade of lockdowns in corporate environments and cybercafes and libraries and schools, and ultimately on home computers, as people say they want security and stability more than they want the uncertainty of not knowing if any given piece of code is out to do harm to their machine or their money or personal data.
I would just hate it if it turned out that we'd lost our critical mass. There are some new great apps whose very value depends on multiple people taking them up--Wikipedia with only 10 people using it is not going to be that impressive.
Most of us can't tinker with the engine of a modern car, which resembles in some ways a sealed appliance. Is there a point where technologies or systems are mature enough that there's more value to lockdown than openness?
I think we're just in the first 10 years of what's going to be a 50-year build-out of amazing applications coming out of left field, again and again. Look back at things like peer to peer, instant messaging, Wikipedia, Facebook. Stuff is devised by college juniors or two guys from Estonia at a time when there's a huge, structured industry also desperate to get the next killer app. I would hate to see that slice of outsiders excluded from being able to inject their creativity into the system.
I also recognize that it was extremely difficult to make a case for Wikipedia in 2000, before anyone knew what it was. That's the nature of real innovation. The word gets bandied about so much, often as a way to say "bigger, faster, louder," but something better may seem crazy to begin with--otherwise it can't be that new and different.
I don't mind ways of locking in some of the crucial gains we have, ways of trying to stabilize the gains that have been made so far. I don't mind a hybrid ecosystem, where people are happily using their iPhones in one corner and their PC in another. Some of the solutions I suggest in the book have to do with dual-purpose PCs, with a red zone and a green zone, so you can run the untrusted, goofy software in one zone and it can't reach the other zone, and you can flush it very easily. It's not a permanent solution, but one that recognizes the need to reconcile the experimentalist spirit with the fact that things are now mission-critical.
So what can CIOs do to maintain order in their own shops without stifling creativity on the Net?
I am hoping that there are ways forward that don't compel us to make a stark choice between the insecurity of an open PC and having to lock it down so that employees can no longer innovate on their own as they take up software that maybe central IT hasn't heard of. That may include installing software that radiates their vital signs, so we get a sense of what's going on the Internet--where is the bad code and the trustworthy code? Where is the code that professionals have decided is OK to run on their machines? We don't have those technologies, but we can build them. There's an Oxford/Harvard project called Stop Badware that wants to build that software. Maybe CIOs could become officers of technology, like lawyers are officers of the court, and take a role that recognizes the larger issue.
Since your book went to print, Apple has announced a Software Development Kit for the iPhone. Isn't that good news for generative technology?
Apple wants to have its cake and eat it too. Who doesn't? But systemically, what it's doing is a real danger. It could be the best of both worlds, but I worry that it's the worst. It certainly doesn't undercut the thesis of the book--much as I'd like it to, to the extent that I'm predicting a world I don't like, I'd much prefer to be wrong and have a world I like.
This is why words like "open" don't really capture the stuff that matters. That's why I bothered to deploy this word "generative." In my vernacular, what Apple is producing is also what Facebook apps represent--what I call contingently generative technologies. They're generative until they're not, and the ax can drop any time, on the whole enterprise or on one app at a time. And that kind of winnowing is very worrisome to me.
With the first version of iPhone, Steve Jobs said, "We will control everything that's on the phone; you don't want to load up apps and have the phone not work; this is more like an iPod than a PC." That's sterile, non-generative technology. Then it gets hacked. I think reports of widespread hacking are overplayed. I don't trust the statistics, and if the hackers share the fruit of their labors, others may not want to void their warranties. The cat-and-mouse game is different here because of the ongoing relationship the vendor has with its product. It's one thing to take something home and hack it; it's another to know that it's talking to the mothership 24 hours a day, and at any moment it could be changed.
The next version of iPhone, Steve Jobs said, "OK, we're going to have a software development kit, because good stuff is happening despite our best efforts, and we might as well harness that." The thing to look at is how the legal and technical architecture Apple puts out for software development by outsiders compares to the architecture we've had for 35 years with the PC. The answer is: They're very different. Once a PC leaves a factory, it's out of Bill Gates' control. That's why you couldn't demand that he should shut down a P2P system.
Whereas on the iPhone they've built an architecture that says, "If you want to write software for the iPhone, first you've got to pay us for a software development kit. Second, you can't just shoot the software over to somebody who has a phone, and you can't just put it on a shelf in a store for someone to buy and put on their phone. All software for this phone must go through the iPhone Apps Store." The most recent version has something called Ad Hoc, where for a fee you can have 100 people share your app without going to the store. How that's enforced is still not clear. But for mass distribution, it goes to the iPhone Apps Store, Steve Jobs takes a cut, and he reserves the right to reject, prospectively or retroactively, any software he doesn't like, for any reason.
We have only hints about what those reasons will be. There was a slide he had up when he introduced the SDK in February of 2008 that said what won't be available in the store: porn, privacy, bandwidth hogs and unforeseen.
That's the point where I say, "Yikes."
This could be attractive enough to the dark energy of the hackers, so they no longer create code for Windows but for the iPhone or Facebook apps, but then that code could be killed at any moment--by Apple for its own reasons or by the government telling Apple you have to kill it. I think that's a real worry.
There seem to be threats to the iPhone out there, just as the open PC bested the superior Mac. What about Google's Android project?
There are natural predators for generativity out there. Android will be a great canary in the coal mine, to see just how the pressures turn out. I'd be delighted to see Android succeed, but in the absence of a security model, it's going to face all the problems that are driving people away from a PC.
You describe software services and cloud platforms as being similar to appliances. Can you expand on that a bit?
The minute you are in a service relationship with a vendor, rather than a product relationship, there are additional natural paths of lock-in. I call for portability policies to match the privacy policies at Web sites, so that people have a sense going in that they can extract their data in some reasonable format that lets them go somewhere else. That's not a given on the sites of today. If they go down, or the government changes the way they operate, it could be a huge barrier to exit if you can't take your data with you.
It's interesting how much these cloud computing application platforms are basically the same thing as these tethered appliances, these physical devices that are updated constantly by their vendors. I'm not joining a religious war between server and client. It may be sensible to have cloud computing in a world of fully saturated bandwidth, but some of the natural protections we had when the physical locus of the data and the activity was a box we could wrap our arms around and unplug if we wanted to--that's evaporating, and we need to be sensitive to that, and to explore technical and legal architectures that carry over some of the protections we naturally got on those more endpoint-based platforms.