We Regret The New York Times’ Error

In “Kindling a Consumer Revolt,” I quoted the New York Times:

But no, apparently the publisher changed its mind about offering an electronic edition, and apparently Amazon, whose business lives and dies by publisher happiness, caved. It electronically deleted all books by this author from people’s Kindles and credited their accounts for the price.”

What seems to have happened is that a publisher, Mobile Reference, incorrectly loaded the Orwell works onto their Amazon site. (1984, published 61 years ago, is out of copyright in most of the world.)

So the claim of the Times that the publisher “changed its mind” is a little misleading, and Amazon seems to have deleted only those copies, not all books by the author.

I had read this New York Times story as I wrote “Kindling a Consumer Revolt,” and decided that the story that interested me was that of what happened after the books were sold, and how that differed from the physical world, and so didn’t point this out. (It did influence my writing-I wrote “Eric Blair, a publisher…” rather than “his publisher.”)

This morning Jer Warren posted a comment on that article, pointing out his post on what happened, and we’ve emailed back and forth a little.

My take is that the inaccuracies were in cited and reputable sources, and are tangential to my main line of discussion which is about the way our laws and expectations are different in the physical and digital worlds, and a suggestion that Amazon change the Kindle to give them less control over the devices they sell.

But I can see Jer’s side of it, and thus, the title of this post. I’d be interested in your thoughts–how should we handle corrections like this that might be relevant?

Kindle Brouhaha Isn’t About DRM

In case you haven’t heard about it, there is a brouhaha about Amazon un-selling copies of two Orwell books, 1984 and Animal Farm. There has been much hand-wringing, particularly since it’s deliciously amusing that that it’s Orwell.

The root cause of the issue is that the version of the Orwell novels available on the Kindle weren’t authorized editions. When contacted by the owners of Orwell’s copyrights, they deleted the books and refunded customers’ money.

All things considered, Amazon did something approximating a right thing in this matter. They didn’t have the right to sell the novels, and so they pulled the novels from the store and customers, and gave the customers a refund. About the only thing they could have done righter was to give something to the people who thought they had the books. The best thing to give them would have been authorized copies of the books, but store credit would be nice, too.

You can find a New York Times article on it, as well as a CNET article, as well as a Tech Dirt article that brings up the very good point that deleting the books was very likely against the Kindle terms of service, which is why Amazon likely should offer those people something.

Among all the handwringing, there are a number of stupid people — or perhaps people who should just know better — who somehow mutter dark things about how this serves people right for getting a device that has DRM in it. (As if they’ve never owned a DVD.)

Some of these people who should know better might think that I’m somehow in favor of DRM, so let me say that I am not. I am against DRM. I am also against nuclear war, swine flu, totalitarian governments, and bad service in restaurants. I’m also against one or two other things. None of them had anything to do with this little contretemps.

The issue is caused not by DRM, but by cloud computing. The problem is that Amazon has a cloud service in which Kindle customers can keep their e-books on Amazon’s shelf, and shuffle them around to any Kindle-enable device they have (like a Kindle proper, or an iPhone running the Kindle app). Customers can even delete a book from their Kindle and get it back from the cloud at a later date.

The event is that Amazon removed the book from the cloud, not that it had DRM in it. If you are concerned by this, you should be concerned by the cloud service. The cloud service enabled Amazon to respond to a legal challenge by removing customers’ data from the cloud. They didn’t need DRM to do it. In contrast, if iTunes store or the Sony e-book store had improperly sold a book, they wouldn’t be able to revoke it because they don’t have a cloud service as part of the store. (eMusic, incidentally, regularly adds and removes music from their store with the waxing and waning of desire to sell it.)

This is why we need to look at it for what it is, a failure in a business model and in the cloud service. Interestingly, the newly-formed Cloud Security Alliance predicts similar issues in which outside parties cause a cloud provider to shaft its customers. Not bad.

Their prescience is a bit limited because the proposed solution to this problem is to encrypt the cloud data with some fancy key management. That wouldn’t work here for the same reason that DRM isn’t an issue. If I know you have a resource, it doesn’t matter if magic fairies protect it, if I can delete it. It’s still good advice, it just wouldn’t have worked here.

What’s needed is some sort of legal protection for the customers, not technical protection. There are many potential warts here. If the owners of Orwell’s copyrights do not desire any ebooks of his works, it’s hard for Amazon to go buy legal copies for their customers (which would have been the most right thing to do). And it’s hard to argue that the seller shouldn’t do everything in their power to undo a sale they shouldn’t have made.

The correct way to deal with this is through some sort of contract arrangement to protect the customer. (The Cloud Security Alliance is prescient on this, as well.) That contract should be the Terms Of Service between the cloud provider and its customers. As TechDirt pointed out, this was likely a breach of Amazon’s TOS. They’re not supposed to delete books. They said they wouldn’t. Because of this, they owe something to their customers who were on the losing end of this breach of contract beyond the refund. I think ten bucks store credit is fine, myself.

They really need to do something, however, because without doing something, then someday someone will violate their TOS with Amazon and defend it with this breach of the TOS.

However, if you want to cluck your tongue, it should not be about buying goods with DRM, it should be about goods stored in the cloud. Everyone who offers cloud services ought to be clarifying now what they will do to protect their customers against lawsuits from outside parties. It can be crypto or contracts, it doesn’t matter, it just needs to work. This may be the first major cloud-based customer service failure, but it won’t be the last.

Kindling a Consumer Revolt

Well, by now it’s all over the blogo/twitter spheres, and everything that might be said has already been said about Eric Blair, a publisher and Amazon:

This morning, hundreds of Amazon Kindle owners awoke to discover that books by a certain famous author had mysteriously disappeared from their e-book readers. These were books that they had bought and paid for—thought they owned.

But no, apparently the publisher changed its mind about offering an electronic edition, and apparently Amazon, whose business lives and dies by publisher happiness, caved. It electronically deleted all books by this author from people’s Kindles and credited their accounts for the price. [Update: This is misleading, see “We Regret The New York Times’ Error“]

This is ugly for all kinds of reasons. Amazon says that this sort of thing is “rare,” but that it can happen at all is unsettling; we’ve been taught to believe that e-books are, you know, just like books, only better. Already, we’ve learned that they’re not really like books, in that once we’re finished reading them, we can’t resell or even donate them. But now we learn that all sales may not even be final. (“Some E-Books Are More Equal Than Others,” David Pogue, New York Times.)

Jack Balkin has some interesting commentary in “Control at a Distance:”

This is because of the combination of the first sale doctrine in copyright law and the fact that the book is a physical copy. Because it is a physical copy, nobody would think that the publisher of the book would have the rights to enter your house and remove the book. But when you purchase an e-book, what you really purchase is merely a license to store the an electronic copy on the Kindle’s hard drive according to end user license agreement that Amazon provides (and that you agree to when you purchase and first use the device). As a result you may not have the rights to do things with the e-book that you think you can.

For example, you may not have the right to read or write code like “MobiDeDRM.zip.” You probably have a right to read English about it in places like “Converting Kindle Books: a painful process that works for reading Kindle books without a Kindle.” I probably have the right to tell you that this will give you advice to type sentences like python mobidedrm.py Title-of-Book.azw Title-of-Book.mobi (your kindle serial number> (which is just an imperative form verb, a noun and three adjectives.) That sentence is incredibly expressive, and even emotionally evocative to any Kindle owner who is upset over what Amazon has done, and who takes the time to think through what the sentence means. It means that the boot can be removed from the device.

Back in the days of the crypto wars, we had the ITAR regulations which treated crypto like a munition, and helped keep the internet insecure against wiretappers. (The knock-on effects of the ITARs probably substantially enabled the Iranian government’s monitoring of internet traffic, as standards stay deployed for a long time, and the 3G phone standards were written in a world where crypto was radioactive.)

Back to the ITAR, people like Phil Karn and John Gilmore printed some crypto software and applied for an export license for the printed form, and the same software on a disk. Obviously, the paper form was covered by the first amendment, and to restrict something based on form was silly and ineffectual. Confronted with that, the NSA went back to the drawing board and revised their regulations. I’m hopeful that this “Memory Hole 2.0” that Amazon has just demonstrated to the world will draw attention to the DMCA and its provisions which prohibit people from speaking certain sentences which cause ‘technological protection measures’ to be bypassed. Those sentences might be powerful, but they’re really little different from other sentences you might write in languages which you didn’t learn growing up. Written words have long been powerful. The pen is mightier than the sword, and all that.

Amazon is between a rock and a publisher here. They need the cooperation of publishers to get most any content created in the last 70 years onto the Kindle. They know consumers who discover book removal hate it. But I think they’ve chosen a sub-optimal position between that rock and publisher. I don’t believe they need the ability to reach out into Kindles and change things. They should treat that as a bug and fix it.

The alternative would be that consumers fix it themselves, and who knows what else they might do with the Kindles they’ve purchased? Folders? A private PDF reader? Chaos might emerge.

Oh, the very best part? The books in question? The ones that went down the memory hole? Blair wrote them under a pen name, George Orwell. And the books? Animal Farm and 1984.

Some additional links which I think are worth reading:

Image: Gizmodo.

Up Again

We had some expected downtime this morning. Thanks for your notes and IMs. If you’re reading this, things are now working again.

Do Audit Failures Mean That Audit Fails In General?

Iang’s posts are, as a rule, really thought provoking, and his latest series is no exception.
In his most recent post, How many rotten apples will spoil the barrel, he asks:

So we are somewhere in-between the extremes. Some good, some bad. The question then further develops into whether the ones that are good are sufficiently valuable to overcome the ones that are bad. That is, one totally fraudulent result can be absorbed in a million good results. Or, if something is audited, even badly or with a percentage chance of bad results, some things should be improved, right?

This is a fascinating question. How do we measure how well Audit works? Are we, in fact, better off Auditing even with the issues we’ve recently faced? Or as Ian puts it:

How many is a few? One failed audit is not enough. But 10 might be, or 100, or 1% or 10%, it all depends. So we need to know some sort of threshold, past which, the barrel is worthless. Once we determine that some percentage of audits above the threshold are bad, all of them are dead, because confidence in the system fails and all audits become ignored by those that might have business in relying on them.

We clearly need someone with a Levitt-eque mindset who can come up with a creative way of solving this measurement problem we have on our hands…

Wells Fargo vs Wells Fargo


You can’t expect a bank that is dumb enough to sue itself to know why it is suing itself.

Yet I could not resist asking Wells Fargo Bank NA why it filed a civil complaint against itself in a mortgage foreclosure case in Hillsborough County, Fla.

“Due to state foreclosure laws, lenders are obligated to name and notify subordinate lien holders,” said Wells Fargo spokesman Kevin Waetke.

Being a taxpayer-subsidized, too-big-to-fail institution, it’s possible that one of the few ways for Wells Fargo & Co. (WFC) to know what it is doing is to notify itself with a court filing. (“Wells Fargo Bank Sues Itself“)

As your attorney, I advise you to buy lots of Wells Fargo stock.

(My attorneys will be ensuring that Dave Birch is appropriately notified that I appreciate his pointing this out.)

Origins of time-sync passwords


In “Who Watches the Watchman” there’s an interesting history of watchclocks:

An elegant solution, designed and patented in 1901 by the German engineer A.A. Newman, is called the “watchclock”. It’s an ingenious mechanical device, slung over the shoulder like a canteen and powered by a simple wind-up spring mechanism. It precisely tracks and records a night watchman’s position in both space and time for the duration of every evening. It also generates a detailed, permanent, and verifiable record of each night’s patrol.

The market for these devices was well established when John Brainard Ken Weiss invented the SecurID token. In fact, either John or Vin McLellan told me that the reason Security Dynamics built a time-based system was so that it could play in the wandering guard market. The guard needed the SecurID to write a code in a book, and with that, you could determine when he was at a given watch station. Only later did they discover that their device had value for information security. [Update: Vin corrects some of my historical details in the comments.]

Security Dynamics did an impressively good job of building a complete system, and an ecosystem for their devices, but creating plug-in authentication modules for all sorts of things. Frankly, their security wasn’t really great in any theoretical sense. There were relatively obvious flaws like Mudge’s ‘listen and guess’ attack on the last digit being sent over a cleartext channel. His “Vulnerabilities in OTP’s – SecurID and S/key” was presented at DefCon IV, but I can’t find a copy of the paper. There were more difficult to find flaws as I pointed out in my “Apparent Weaknesses in the Security Dynamics Client Server Protocol“. Later Biryukov, Lano and Preneel presented “ Cryptanalysis of the Alleged SecurID Hash Function.”

What John, and later Art Covellio understood far better than Mudge or I understood at the time was that the security didn’t really matter all that much. The system and its components needed a baseline of security, and they invested in that, and beyond. They had their system reviewed by top outside experts. They needed to be able to handle the baseline questions about someone tampering with the card, and the algorithms and protocols were kept secret in accordance with practice at the time. (John told me that I settled a debate between their engineers and marketing when I published them. Had I known that, I would have included the hash function in my paper, but on advice of counsel I’d removed it. He called it “waving a red flag in front of Security Dynamics just because you can.”)

What did matter was that their customers were doing better than static passwords, and they mostly delivered, unless Bart Preneel or I was your adversary.

Security Dynamics also won on the usability of the system, relative to other tokens. Some alternatives, implemented challenge/response systems. To use them, you needed to enter a challenge, then press enter, your PIN and then enter, and then type in the response. All prompts and errors were in an 8 character LCD display. It was hard to deploy to real people.

Another advantage that Security Dynamics delivered was integration into everything. They had a server of their own. Clients to replace /bin/login on a dozen unixes, Netware and a GINA plugin for Windows. Radius and TACACS integration. They made themselves the easiest system to actually deploy. That’s important. A system with much greater security and double the cost of deployment would have been hard to justify.

Anyway, Security Dynamics was a good enough business that when they went to get an RSA license, it turned out to be “easier to buy the company than to get a license.” (As Art Covellio says in this Hearsay podcast with Dennis Fisher.)

And at the end of the day, developing products that people can actually understand and deploy for their protection and risk management is what it’s about. Knowing where to start innovating is a key part of that.