Who Really Owns Your Digital Data?
IRA FLATOW, host:
Switching gears now, if you download a digital book to your Kindle, is it yours to keep? A few weeks ago, some Kindle users found out that the answer was no. A few of their purchases were erased from their e-book readers without prior notice to them.
Amazon says they pulled the books because of a copyright violation, but it had seemed quite a bit ironic in this case, and unfortunate for Amazon, because the copyright violation happened to include George Orwell's novel "1984," about the evils of totalitarianism.
Amazon did refund their purchase price and has apologized since, saying that the move was, quote, stupid, thoughtless and painfully out of line with their principles.
But it still makes you wonder. As more and more devices move to being perpetually linked to the network, tethered up there to the cloud, do we really own these things, or do we, you know, are we sort of renting them? We think we're buying them online, but do we actually have control over them? Could the same thing happen just as easily, as say, with music, or what if Apple yanked an iPhone app it changed its mind about and deleted a certain app from your iPhone? It's there one day, gone tomorrow.
This hour, we're going to be talking about some of those issues and how some of those things tie in with your digital privacy, whether you're posting to Facebook or to Twitter or even just browsing on an online store. What should you expect about the privacy of all those places you visit?
Let me introduce my guest. Randy Stross writes the Digital Domain column for the New York Times. He's also author of "Planet Google: One Company's Audacious Attempt to Organize Everything We Know." He's a professor of business at San Jose State University, and he joins us today from KQED in San Francisco. Welcome back to SCIENCE FRIDAY.
Mr. RANDY STROSS (Columnist, New York Times; Author, "Planet Google: One Company's Audacious Attempt to Organize Everything We Know"; Professor, San Jose State University): Thanks for having me.
FLATOW: That Kindle case really shook up a lot of people, didn't it?
Mr. STROSS: I think people felt as if the long arm of Amazon had reached out into their home and snatched something that was their private property. In fact, the notion that there is this very visible wall separating outside and inside, just doesn't work very well in an electronics world.
FLATOW: So we should not - in other words, we should not assume that whatever we have on these little devices might stay forever on these little devices.
Mr. STROSS: Well, as you pointed out, all of our devices are tethered, including our PCs. I don't know if you are as irritated as I am when Microsoft decides Windows has to be updated, and everything gets shut down, and one wakes up to a blank screen. It's tethered, too.
In fact, I think it's fair to say everything is going to be tethered to servers outside our house. And so the line that separates outside from inside, that separates ownership from renting, that separates ownership from use, is all going to get very fuzzy.
FLATOW: But there's one difference between the old school, and it's not that old, like MP3 music and the Kindle and the iPhone apps or the other smart-phone apps, is that when I download music now, I can at least burn it to a CD or put it on a thumb drive, and I can keep it there, right?
I can't do that with an app, or I can't do that with my Kindle. It's totally controlled outside.
Mr. STROSS: True. Music has always had these two forms in the digital age, the digital form that you bought in the form of a CD and had the right to rip and transfer to your MP3 player or going the other direction. You have been privileged by iTunes to transfer music you've purchased to a CD, although you lose a little in the quality, but music is that special case, where you've always had from the beginning of iTunes music store, have had an alternative way of getting your digital music onto your personal devices.
Books are a different situation. There isn't a parallel way of getting a free version of, say, the paperbound version of a book onto your PC or into your iPhone. You only can obtain it through sanctioned - a sanctioned store like Amazon if it's under copyright. Public-domain books are freely available.
FLATOW: But if I'm paying nine bucks for this book online, on my Kindle, shouldn't I be able to take a copy and do whatever I want with it, if I want to read it on my PC, if I want to read it on my Kindle or my iPhone? Shouldn't I be able to do that?
Mr. STROSS: Well, one reason it's $9 instead of $25 is you aren't getting the same thing without the paper. You're getting the right to use it personally, which means you can't resell it. It has copy protection built in. And so, unlike the paperbound version, it can only be used on your machines, and it's a limited number.
The same applies to the Audible version of books. If you go to audible.com, which is now owned by Amazon, you purchase the right to listen to those books on your devices, but you can't resell them. It's part of the deal, redefined ownership.
FLATOW: Yeah. We're going to get into all these issues of redefined ownership, tethering, privacy, 1-800-989-8255 is our number. Also, you can Twitter us and tweet, @scifri, @-S-C-I-F-R-I. So stay with us. We'll be right back with Randy Stross taking your phone calls. Don't go away.
(Soundbite of music)
FLATOW: I'm Ira Flatow, and this is SCIENCE FRIDAY from NPR News.
(Soundbite of music)
FLATOW: You're listening to SCIENCE FRIDAY on NPR News. I'm Ira Flatow, talking with Randy Stross, who is a columnist for the New York Times, writes the "Digital Domain" column. He's also author of "Planet Google: One Company's Audacious Attempt to Organize Everything We Know."
Our number, 1-800-989-8255, and do you believe Google is going to be successful at that, Randy?
Mr. STROSS: It has given itself a lot of time to attain total mastery, about 300 years, so there's no rush.
(Soundbite of laughter)
FLATOW: Has it really, 300 years?
Mr. STROSS: Yes.
FLATOW: So that's something to be taken not seriously.
Mr. STROSS: Oh, they're actually serious about it. Eric Schmidt, the CEO, in a speech last year said we've done the calculations. This is how long it will take to digitize everything that can be digitized, and once it's digitized, Google will index it.
FLATOW: You mentioned before the break about how Audible is owned by Amazon, but Audible, if you lose something on your computer, allows you to re-download the file, doesn't it?
Mr. STROSS: I love that feature. I wish iTunes had the same service. When you buy a book from Audible, they know who you are. They know you bought it, and it's wonderful that they replace your files should you lose them.
It makes sense. So in a way, that's better than the old version of buying a book. If you lost it, the bookstore was not going to replace it.
FLATOW: Right, right. Let's talk about Apple and the iPhone App Store banning or pulling particular apps. Do you think that's a problem for iPhone users or primarily the app developer?
Mr. STROSS: Right now, it's the app developers who are extremely angry, and I think they have a lot of good reason to be very angry with Apple, which has always operated in a very opaque way. It has a very slow, opaque approval process that the app developers have to go through, and most maddening of all now, a number of these developers are finding that apps that they have already received approval to distribute, have distributed, are now being yanked from the store for reasons that Apple is not making clear, other than to say the features compete with those with the iPhone itself.
A lot of the controversy right now centers around Google Voice, a service that Google offers that offers all sorts of features you can't get with your cell-phone service, and the Google Voice iPhone app has been pulled. Some third-party apps that use Google Voice have been pulled, and when you look at the tech blogs, there is a firestorm of criticism directed at Apple. And it'll be interesting to see if Apple, which has acted in a very imperious way, deigns to respond.
It's a company that is not known for responding to complaints from anyone. This is a real crisis in the developer community, and it will be interesting to see if Apple acknowledges that it has a real problem on its hands.
FLATOW: Apple has reserved the right, has it not, to even pull apps off of your iPhone if it wants to.
Mr. STROSS: This came up in an interview that Steve Jobs did last year. There had been a rumored kill switch built into the iPhone, and he was asked about it. This would be a switch that Apple could throw that would delete or disable any given iPhone app, and he said yes, there is such a switch. He said it would be irresponsible for us to not have such a switch built in, in case there was a malicious app that got through our approval process and was doing bad things, stealing data or otherwise behaving in a way that it had never been approved to do. And so, he said yes, we reserve the right to disable such an app. To my knowledge, it has never actually been thrown.
FLATOW: 1-800-989-8255. Chuck(ph) in San Francisco. Hi, welcome to SCIENCE FRIDAY.
CHUCK (Caller): Hi, thanks very much. I've wondered for a while about terms-of-use agreements. It seems that, you know, you're supposed to say I have read, and I agree, and my guess is most people haven't read, and if they had read it, they very well might not agree, but nevertheless, you're sort of forced to click yes, I have, in order to use these tools which are pretty much essential to so many aspects of life nowadays.
So it seems like there's kind of a gross power imbalance here between the corporations that produce these products and the individual consumer, and I wonder if there isn't some sort of more sensible way that doesn't force people to - more or less force people, to essentially lie or at least agree to things that they maybe really don't want to agree to.
FLATOW: Good question. This has been a part of software since the beginning days, this explicit agreement that you have when you use it, too.
Mr. STROSS: Well, in the old days, it was worse because if you slit the cellophane on the packaged software, you were accepting the terms - you couldn't return it. So now, we at least nominally have the opportunity to read through a lengthy, undoubtedly hard to decipher, legal document.
I confess, I click away without reading. You're right, we all do it. There should be a better way. Maybe there should be a cap on the number of words in an end-user license agreement. Suppose it was limited to 140 characters, and it was nice, sweet and pithy. We would read that.
FLATOW: We would, but then the lawyers wouldn't be happy. 1-800-989-8255. I'm talking with Randy Stross, who writes the "Digital Domain" column for the New York Times, also author of "Planet Google: One Company's Audacious Attempt to Organize Everything We Know," and he's also a professor of business at San Jose State University in California.
I'd like to bring on another guest now. He and his colleagues have been working on something new. You may be very interested in this. It's called Vanish. Usually, vanishing data is the last thing that you want, but think about this.
If you're sending some sensitive information to a colleague, maybe, you know, this burn-after-reading type of stuff, you could each delete your own copy, but if you use Web mail, who knows if that email is really gone? It could still be sitting on some server somewhere. It could be up there in, they call it the cloud - I don't know why the cloud is a good name. We'll talk about that some other time. It could come to life someday, when you just don't want to see it, but now if you use your message, and you encode it with Vanish, that's not going to happen.
Vanish is a new software that causes the messages, as they say to Mr. Phelps, to self-destruct after a certain amount of time so that the only thing left is a scrambled, undecipherable mess.
Hank Levy is chair of the Department of Computer Science and Engineering of University of Washington in Seattle. Welcome to SCIENCE FRIDAY.
Professor HANK LEVY (Chair, Department of Computer Science and Engineering, University of Washington): Thank you, happy to be here.
FLATOW: What was your - why did you develop this?
Prof. LEVY: Well, we developed this for a number of reasons, some of which you've already referred to. There are a number of important technological trends, the result of which is to cause users to lose control of their data.
The two main things that are happening, one you just mentioned, is that more and more, we're using services in the Internet. We call this the cloud. But we're using Internet mail. We now have Internet office applications. Microsoft has announced a Web version of Office. Google has a similar thing. So we are transitioning from a world in which our data is stored on our desktops to a world where our data is stored in the Web.
The other thing is that disk storage is incredibly cheap. So there's actually no reason anymore to delete any data. We don't really have reason to delete data at home. We can buy a terabyte disk for $100, and similarly, Google and Yahoo and Microsoft have no need to delete any data.
So that's the fundamental problem, and then the question is: How do users control the lifetime of their data that lives in the Web?
FLATOW: So your product, Vanish, works between two parties. In other words, one party, who I'm sending my email to, has a copy, and I have a copy.
Prof. LEVY: Just to be clear, this is a research prototype that we've done here at the University of Washington. It's actually a project by Roxana Geambasu, who's a Ph.D. student, and we've made that software available, but it's early prototype, and we hope to see more systems like this come along.
FLATOW: So if I want to send data to someone else, I encrypt it in Vanish, it goes to them, and they have it, and then it really just self-destructs after a period of time.
Prof. LEVY: The concept that we had was that it's kind of like writing a message in the sand at low tide. For a while, anybody could come along and read that, but some number of hours later, when the high tide comes up, it washes it away. That's the concept. Whether you can achieve that is another question.
The system actually can work between multiple parties. We have a way of encrypting text such that for a while, anybody who receives that encrypted text can decode it and read it, but after some time limit, that text expires, and neither the sender nor the receiver nor anyone else who may find a copy of that data later will be able to decrypt it.
FLATOW: How does that work?
Prof. LEVY: Well, it works in a kind of interesting way. One of the key properties we wanted is that we wanted the deletion to happen on its own, without any action taken by the part of the user, and we wanted it to happen without the user having to trust anyone to do this.
There are services on which you can store data that will guarantee to delete it, but then you have to trust those services to do so and not give it away.
So, the simplest way to describe this is that we leverage a kind of interesting structure in the world, now, which are peer-to-peer data sharing systems. These are global-scale distributed systems. The nodes that are part of that are individual computers owned by people who are sharing - excuse me - who are sharing data and sharing files. There may be millions of users connected at any particular time, and the system we leverage is called Vuze. And there are over a million computers connected over 200 companies.
So what we do is we encrypt your data using a secret key that neither of the parties know. So we don't tell you the key, and therefore you can never be forced to reveal it. We take that key and we break it into a number of pieces, let's say 20 pieces. And we sprinkle those pieces over this global scale system. Now, a property of this system is that over time, nodes join the system and leave the system. And once the node leaves the system, any data that we've stored on that node is lost, even if it rejoins later.
Another property is that the nodes on these systems purposely forget anything they've learned over the last eight hours on an eight-hour period. So eight hours from now, some - the nodes that have been on for eight hours will purge the last eight hours of information. The result of this is that over time, these pieces of the key that we scatter in the Internet will disappear. And once a number of them are gone, we'll never be able to put the puzzle back together again.
FLATOW: Wow. That sounds pretty complete. And when will this be ready for primetime, do you think?
Prof. LEVY: Well, we put a prototype on the Internet. As I said, it's not a product, but people can download it and try it. We have a Web site, which is vanish.cs.washington.edu.
FLATOW: I hope you have a big server there at this moment.
(Soundbite of laughter)
Prof. LEVY: I think we have a big enough server.
FLATOW: We'll find out. Vanish - say it again.
Prof. LEVY: Vanish.cs.washington.edu.
FLATOW: I think we have that address on our sciencefriday.com. site also, in case people forget about it.
What do you think of that? Is this the future, Randy? Do you think it's going to help out what we're talking about?
Mr. STROSS: Well, I thought one of the interesting aspects of this, as Hank can talk about, the way this is conceived as offering the equivalent of a private phone call or even a conversation in the hall between two parties that isn't going to be archived. There are so many legal restrictions on deleting information in companies and in government organizations. So email is protected, but a phone call is not.
And I wonder if this technology is used widely in government organizations, where we end up - this would be a downside - would we end up with less in the archived records of what goes on, say, in Washington.
FLATOW: Let me get an answer after I remind everybody that I'm Ira Flatow, and this is SCIENCE FRIDAY from NPR News.
Prof. LEVY: This - it's a - I think that's a - it's an interesting issue. It's an important question. I don't know the answer.
We've talked to some lawyers here who have said that this - system like this is kind of ahead of the legal landscape. But it is interesting that, you know, if I - in my own university, the university keeps copies of emails. On the other hand, if I see somebody in the hall and I talk to them, I'm not required to write down and keep, you know, everything that we've said. Similarly, if we talk on the phone, I'm not required to keep a record of that. But email stays around. It's not just email, by the way. It's posts on Facebook. It's blogs. It's data - any data that's placed in the Web. We just have no idea what the lifetime of that data is.
You may be aware that there was a controversy with Facebook earlier this year in which they changed their use policies that said that they could basically keep data forever. And I think that's scary for a lot of people.
Prof. LEVY: So one of the goals of the project is just to raise people's awareness of the general issue of privacy and the fact that, you know, you've lost control of your data if someone else holds it, and you want to be aware of that.
FLATOW: Mm-hmm. Thank you for taking time to be with us, Hank.
Prof. LEVY: Sure.
FLATOW: Hank Levy is chair of the department of computer science and engineering at the University of Washington in Seattle, with his prototype called Vanish. And if you want to try it out, you can go to our Web site or go over to his Web site to give it a try.
Let's talk a bit about, Randy, about this Facebook case. A lot of -Facebook has had a lot of legal cases recently, hasn't it?
Mr. STROSS: Well, the change in its policy that was just mentioned sparked a great controversy and drew a lot of criticism, and Facebook backed off, said it had been misunderstood, and then organized a kind of plebiscite in which members were invited to vote on a governance structure. And it seems to have learned its lesson that perpetual storage of member data is not acceptable.
But there's this other story that's in the news today about the case of the school administration - I believe it's in Mississippi.
Mr. STROSS: Should we talk about that?
FLATOW: Yeah, go ahead. We've got two minutes till the break. Go ahead.
Mr. STROSS: It involves a student, a group of students who were on the school cheerleading team, and the school administration, hearing that there had been, I guess, bad language used in the messages demanded that the students turn over their passwords to their Facebook accounts. Some of them did. Some of them did not and deleted their accounts. But the school went ahead and got into whatever accounts it could, found objectionable language, and punished one student, who has now sued the school district.
It's an interesting case because unlike, say, the school newspaper -which is published under the school auspices and the school pays for it - here we're talking about a service that is offered not by the school, but by a for-profit company, and the data resides on servers that are nowhere near school property. It wasn't even accessed on school property. The school, apparently, has a ban on Web apps. So here we have a case where the line separating public and private has now shifted…
Mr. STROSS: …or been obliterated.
FLATOW: Yeah. It's an interesting case, and it's the kind of thing I'm sure we're going to be seeing more and more of. There is another side, of course, to the story about, well, should these kids have a right to, you know, say all these bad things and show bad pictures about other people. and who's responsible for these kids doing that?
We'll get into that when we get back after the break. 1-800-989-8255. We're going to take a short break, come back and talk more with Randy Stross. He writes the "Digital Domain" column for the Times and author of "Planet Google: One Company's Audacious Attempt to Organize Everything We Know."
So stay with us. We'll be right back.
(Soundbite of music)
I'm Ira Flatow. This is SCIENCE FRIDAY from NPR News.
(Soundbite of music)
FLATOW: You're listening to SCIENCE FRIDAY from NPR News. I'm Ira Flatow.
We're talking this hour about who owns your digital stuff. You pay for it, but are you just renting those Kindle books and phone apps? And what about privacy online? What should you expect about who has access to your Facebook account?
We're talking with Randy Stross, who writes the "Digital Domain" column for the New York Times, author of "Planet Google: One Company's Audacious Attempt to Organize Everything We Know." 1-800-989-8255.
Randy, we were talking about this case about Facebook, where these cheerleaders were forced to open up their Facebook accounts to the school administration, and one of them said no and started suing - is now suing - who? The school district?
Mr. STROSS: Yes, that's my understanding.
FLATOW: And on the other hand, if these kids are, you know, dissing the other people and coming up with, you know, maybe photographs and things that they should not be seen, you know, about the other person - minors on Facebook, shouldn't they have a - shouldn't someone have a right to say no to that?
Mr. STROSS: I would think the minimum threshold here should be does the activity constitute a criminal…
Mr. STROSS: …a criminal case? And if it isn't, then I would think the school should butt out.
One thing that I think ties all of these cases together is the lack of consistency, the change in the understood rules. So here, in the case of Facebook, you have users, the students, who thought there is a public portion of Facebook, and it's expected that that will be visible. And then there's a private portion, and there's the expectation that that will be restricted to only the designated friends.
The same goes with the case of the Kindle - an expectation that once a book is on your Kindle, it will stay there.
There's another case I might mention of a - of expectations that have not been fulfilled, and that is the expectation that when you go to a Web site shopping and you start to put things in a shopping cart and you decide, for whatever reason, you're not going to complete the purchase, isn't there an expectation that what you have done should not be recorded, should not be passed on, and that you shouldn't receive email or phone calls trying to get you to complete the purchase that…
Mr. STROSS: …you did not complete?
Mr. STROSS: There's new software now that can watch very carefully everything you do, every keystroke. And it can be written in such a way that you could, at the very beginning, type in an email address and never hit send, but it will have your email address if you started a purchase process that you didn't complete and then use that email to try to sell you the goods that you didn't want to buy.
Mr. STROSS: I find it kind of creepy.
Mr. STROSS: There's an expectation that if I don't hit send…
FLATOW: Yeah. But you're saying that the store may - has that kind of capability to just watch what you're doing, all the keystrokes?
Mr. STROSS: There's a company that's selling the software. It's called Abandonment Tracker…
Mr. STROSS: …trying to help e-commerce sites convert visitors so that items that are placed in an online shopping cart are actually purchased.
The industry is greatly concerned about what they call cart abandonment. Often, what people do is they open up multiple windows and look for the same item on multiple sites, look - get the best price and complete the purchase on that site. So it would be especially annoying to receive dunning notices from the other sites just because you didn't complete the purchase.
FLATOW: Wow. We'll have to keep following that, Randy. Thank you for taking time to be with us today. Good luck to you.
Mr. STROSS: Thank you.
FLATOW: Randy Stross is - writes the "Digital Domain" column for the New York Times, author of "Planet Google: One Company's Audacious Attempt to Organize Everything We Know."