The MTTLR Blog

Microsoft’s long awaited cloud computing platform, Azure, opened for business this week.  Now available in 21 countries, the platform comes with a flexible and transparent payment schedule.  This might not sound as nifty as the iPad, but startups with small budgets are sure to take notice, particularly with the free trial options Microsoft is offering.  Azure represents a major step in the development and dissemination of cloud computing, as Microsoft associates its stable, business-oriented brand appeal with the cloud.

In December, MTTLR reported on the regulatory problems posed by cloud computing.  Weighing in on this ongoing debate two weeks ago at the Brookings Institution, Microsoft’s General Counsel Brad Smith suggested the role the United States government should take in regulating cloud computing.  A recent survey, commissioned by Microsoft, concluded a majority of Americans use cloud computing services despite being unfamiliar or only vaguely familiar with the concept of cloud computing.  These survey results could be misleading, as even industry leaders seem to disagree on the proper definition for cloud computing, but the survey does highlight the significant knowledge gap that presents one of cloud computing’s biggest challenges:  What happens when most Americans store their emails, financial files, photographs, and other personal information in something as nebulous as (appropriately) the cloud?

Several indicators point strongly toward regulation:  Transaction costs of public action on this matter are extremely high, the knowledge gap between users and providers is severe, and the chance of getting caught misusing information obtained over the internet is… well, certainly not a sufficient deterrent.  Microsoft suggests a federal regulatory scheme that takes a three pronged approach, addressing issues of privacy, security, and international sovereignty. 

Microsoft’s statement about the privacy and security of consumers and businesses is obviously well-timed and serves to strengthen reliance on Azure.  It also raises questions about whether or not it is desirable to impose comprehensive regulation on the internet.  Nonetheless, their proposal for regulation is persuasive, and contributes significantly to an ongoing debate that is sure to ramp up in 2010.

I posted a few weeks ago about the Supreme Court’s decision to temporarily stay YouTube streaming in the Proposition 8 trial.  As expected, the Supreme Court later extended its temporary stay into a permanent block of the proposed stream.  The Northern District of California had to change its rules to allow for the streamed video, and the Supreme Court held that it did not properly followed the guidelines for changing its rules.

Instead of taking the ruling lying down, filmmaker and journalist John Ireland decided to take the law into his own hands by creating a re-enactment of the trial.  Ireland is filming the project with professional actors who are volunteering their time.  The episodes can be found at MarriageTrial.com or YouTube.  MarriageTrial.com also contains a wealth of other information related to the case, such as a link to the day-by-day trial transcripts.  Currently, the first episode is complete and ready for viewing.

From a technical/efficiency standpoint, it’s hard to imagine solar energy not becoming a significant contributor to our national grid.  Unlike conventional energy sources, photovoltaic cells contain no moving parts, produce minimal waste heat, and have no thermodynamic losses from fluids.  Of course, they emit no pollution and, operate safely and silently.

Unlike other energy sources, solar cells can be fully integrated into individual buildings throughout urban areas, minimizing transmission losses.  As their energy densities rise and production costs fall, solar cells are positioned to become attractive environmental and economic alternatives to traditional sources of domestic power.

Obama announced a three-part funding increase for clean energy at the annual meeting of the National Academy of Sciences in April, 2009:

• The creation of a new research agency (ARPA-E), modeled on the defense-minded DARPA, to research alternative energy sources with a proposed $400 million budget.
• Designating 46 universities and research agencies as ‘Energy Research Frontier Centers,’ and providing them with $777 million in research grants.
• Creating a link (RE-ENERGYSE) between the Department of Energy and the National Science foundation to promote energy careers among students.

In addition to environmental and efficiency benefits, Obama is using green energy as a much-needed injection of skilled positions to help ease strains on domestic employment.

Last May saw over $467 million of federal funding devoted to renewable energy from the American Reinvestment and Recovery Act.  The Department of Energy has earmarked $117.6 million dollars of this funding to the research and implementation of new solar technologies.  The bulk of this ($51.5 million) will be devoted to photovoltaic technology research.

It is a fair guess that just about anyone uses the Internet regularly has run some kind of search on themselves, a future employer, their co-workers, etc. Reviewing a Facebook profile or Googling a name are two common techniques. Capitalizing on this sleuthing, several companies now offer or are developing cell phone applications that will deliver far more detailed reports on prospective romantic partners. Stud or Dud promises bankruptcies, stable address histories, marriages and divorces, property ownership, criminal/sex offender records, business licenses, evictions, and “other useful facts.” Are They Really Single, an application from the same developer, will provide marriage and divorce records. Similarly, DateCheck will provide criminal offenses, home details including square footage and taxes, educational background, the names and ages of all persons living at their address, horoscopes, and much more.

In an interview with CNN, Bryce Lane, president of PeopleFinders Network, said that all information was publicly available and had just been combined into one database in order to facilitate accessibility. But the increased accessibility raises many areas of concern. For instance, a man who learns a woman’s name – and nothing but her name – at a bar can use one of the above sites to identify current or previous roommates and pressure them for information regarding that woman. The comments on one blog suggest that such concerns are not likely to weigh heavily on the target audience: readers of Rosa Golijan’s post on the applications commented far more frequently on her musings about which boyfriend took her stockings than on her reference to “creepy” stalkers taking advantage of the applications. To take another example, an employer might not be able to resist the ability to easily access this information when making employment decisions, even if they may not be able to legally rely upon the information.

The potential for misuse of the information is only compounded by the potential for confusing one person with another, especially since the misidentified person has no way of knowing that someone has accessed inaccurate information regarding them. A search on Stud or Dud for the author’s full name disclosed her correct age, place of birth, and the full names of her parents. But searching for the author’s phone number turned up a 107-year-old Georgia women with a very large family. A potential date or employer might not confuse those two, but what about the potential for confusing one of the more than fifty John Smith’s in Ann Arbor, Michigan? Let us say that there are two John Smith’s in the same Ann Arbor zip code who are between 45 and 55; we’ll call them JS1 and JS2. JS1 has a mortgage on one residential property at which he has lived for the past twelve years, has always filed his taxes on time, and is married. JS2 filed bankruptcy at least once in the past, has moved frequently throughout the midwest region in the past six years, and rents an apartment with two roommates. A potential employer wishes to hire someone for a position that requires allocating and tracking financial resources, and the employer hopes that the new hire will remain in the position for at least three years. The employer would likely prefer someone with JS1’s profile, but the employer running a search on one of the above sites might confuse JS2’s profile with JS1’s and deny JS1 the position. JS1 would never know the employer’s search and so would not be able to correct the error.

Paul Stevens of the Privacy Rights Clearinghouse argues that that the above problems could be mitigated if information brokers were subject to the same or similar regulations as the Fair Credit Reporting Act. In particular, Mr. Stevens wants free annual disclosures to individuals, the right to dispute inaccurate information, and time limits on reporting adverse information. See also Online and Offline Collection of Consumer Information: Hearing Before the Subcomm. on Commerce, Trade, and Consumer Protection, 111th Cong. (2009) (testimony of Pam Dixon, Executive Director, World Privacy Forum). Lane does point out in his CNN interview that individuals can have their information removed from his sites, although he suggests that only “criminals” would do so.

Other concerns are rooted in a more visceral feeling that most people do not need the information that is now at their fingertips. A bank considering whether to finance a loan has good reason to know how many properties the applicant has. The promoters of DateCheck (“look up before you hook up”) would likely argue that a woman at the bar has a strong interest in the martial status of the man who just bought her a drink. But an idly curious co-worker or classmate? The undeniably correct assertion that this information is publicly available does not necessarily justify the ease with which it can be accessed. In the past, it took some effort to obtain the information: a call to the relevant records departments, maybe a delay before delivery. Though it was not the goal of the systems by which information could be obtained, the inconveniences may have limited access to those with a strong motivation to know. Perhaps, as Lane suggest, in an age where we meet new people at a rapid pace without any means of confirming their backgrounds, we do need some means of confirming the information they provide about themselves. Or maybe we should slow down a little and establish some relationships the old-fashioned way? If the latter, consumers will require at least some greater control over the information made available through information brokers, whether that information is packaged as a dating tool or in some other format.

The Supreme Court granted certiorari to City of Ontario v. Quon on December 14, 2009 (No. 08-1332).

Quon was a SWAT member who had sent and received text messages on his work-issued pager. While the city’s written policy was that employees should have no expectation of privacy when using their work network, the supervising lieutenant who had issued the pagers had an informal policy that employees could use them for personal communications and their messages would not be inspected as long as they personally paid for any overage fees. However, when the higher-ups decided to audit the texts to determine if they should increase the texting allotments with the outside service provider, they read transcripts of Quon’s sexually explicit messages to his wife and someone it appeared he was having an affair with.

Quon, his wife, his alleged girlfriend, and another employee sued the city, claiming Fourth Amendment violations. The Ninth Circuit found that the employees had a reasonable expectation of privacy in the content of their text messages because the formal policy was in effect overridden by the supervisor’s informal one. It also determined that the search was unreasonable because there were less intrusive ways to investigate the employees’ personal usage levels.

The main issue is whether Quon, as a public employee operating under this informal policy, is protected by the Fourth Amendment against warrantless searches of the content of his text messages because of a reasonable expectation of privacy. The other issue is whether the sender of a message to a government employee on the employee’s work device (i.e., Quon’s wife) has an a reasonable expectation of privacy from employer review.

In O’Connor v. Ortega, 480 U.S. 709 (1987), the Supreme Court dealt with similar issues of employees’ right to privacy in the workplace. The plurality opinion, written by Justice O’Connor, found that there was a reasonable expectation of privacy in the public workplace, but also that a balancing test of “the employee’s legitimate expectation of privacy again the government’s need for supervision, control, and the efficient operation of the workplace” should be applied to determine whether a search is reasonable. Scalia concurred with a broader take on privacy. While the justices couldn’t all agree on whether the employee had a reasonable expectation of privacy in his office, all of them agreed that he had a reasonable expectation of privacy in his desk and file cabinets.

How to apply O’Connor’s holding to electronic communications is one of many questions courts face with our evolving use of technology in the Internet age. Some courts still try to analogize this to wire-taps on phones; anyone with a BlackBerry would disagree. Laptops, cellphones, pagers, and other digital devices are used so ubiquitously that today the line between personal and non-personal communications is blurred.

Will the Court be as divided as in O’Connor? The Court has changed since then, and of the five for public employee right to privacy, only Scalia remains. It’s expected that Sotomayor will side with the employer in Quon. She previously ruled in a 2001 case that a workplace search of an employee’s computer was reasonable, balancing the “modest intrusion” with the “need to investigate allegations of improper conduct.”

While whatever the Court decides here will only be binding on government employers (who would be subject to Fourth Amendment restrictions), it is very likely that lower courts will be applying this to private employers as well.

[ Washington Post: Supreme Court will decide whether employees' text messages are private ]

[ Wall Street Journal: Supreme Court to Review Employer Access to Text Messages ]

[ Double X: No more Sexting with Sotomayor on the Court ]

[ Oyez case summary of O'Connor v. Ortega ]

Cloud computing, though its definition can be expressed in a more detailed manner, is basically the next generation of IT systems organization, where data and applications are centrally accessible through individual portals such as laptops or desktops.  Many popular sites operate on a cloud computing model, including Facebook and Google Docs.   Earlier this year, the announcement that the U.S. government would be moving toward cloud computing raised the profile of this rapidly developing phenomenon.  By adopting a cloud computing model, the government highlighted the increased efficiency that cloud computing can produce, but also brought to the forefront some of its problems, including security and privacy risks and the difficulties posed by questions of how, or whether, to regulate this form of systems organization.

In Security in the Ether, David Talbot examines the expected expansion of cloud computing and the potential security risks posed by such computing.  Major security risks are implicated by storing data on remote servers also used by third parties, who may be able to access the data.  Providers of cloud computing services are working to increase security with more sophisticated methods of encryption.  Because cloud computing will most likely grow in popularity, and become popular amongst entities such as banks and health care providers that deal with sensitive information, cloud computing represents an area in which the government may wish to regulate the storage, protection, and use of information.

The aggregation of more and more data into fewer and fewer places provides an environment for government regulation that the internet thus far, with its seemingly infinite reach and scope, has not.  Most government regulation of information use, such as the Red Flags Rule requiring businesses to track their own information for signs of identity theft, has involved a particular provider of services monitoring its own information for potential misuse.  Large scale cloud services providers, whose servers will provide data processing and storage for numerous entities, could present an easier method of regulation of information.  In addition, because of the large amounts of data involved and the security risks posed by data centralization, the government has a strong incentive to regulate cloud computing providers.

Government involvement in cloud computing could prove problematic.  The incentive to regulate also invites the risk of over regulation.   Government regulation regarding the use and dissemination of information, though intended to increase security for individuals, could stunt technological innovation and decrease the efficiency of cloud computing.  Jonathan Zittrain, co-director of Harvard’s Berkman Center for Internet and Society, points out that the freedom and experimental nature of the internet are at risk with the rise of cloud computing.   In addition to risks posed by over regulation, cloud computing poses significant Fourth Amendment concerns.  Legal precedent for privacy rights of information stored in clouds is murky at best because of the sophisticated technology involved.  As cloud computing continues to increase in popularity, policy makers will need to balance the interests of individuals in the privacy of their data with the interests of the government in having access to that data, the interests of these same consumers in a more efficient, free, and innovative internet, and the interests of businesses that provide and utilize cloud computing services.  Any government action that does not balance these competing interests will work to the detriment of developing the next generation of systems organization that further realizes the potential of the internet.

The proposed merger between Comcast and NBC Universal is a major test for the Obama administration’s positions on vertical mergers and media consolidation.  Comcast has already made some commitments to aid it during the review process, which is likely to take at least a year.  These commitments include continuing free over-the-air broadcast of NBC and Telemundo as well as enhancing availability of children’s programming and Hispanic-focused content through on demand capabilities and some use of the digital spectrum available to various channels.

The big questions left are how the Obama administration will react to the proposed merger and what conditions might be placed on the merger once its terms become more concrete.  The merger would see a significant combination of internet service provision, television programming distribution, television programming production, and news gathering into one entity.  At the very least, Comcast’s position as “one of the nation’s leading providers of cable, entertainment and communications products and services” is certain to raise a lot of questions during the review process.

An interesting effect of entering the review process is how Comcast’s need to enhance its image to aid in regulatory agency approval, and how this might affect the ability of other television networks to demand better retransmission terms from Comcast.  It is entirely possible that Comcast may have to take a softer line in its negotiations and pay more for local broadcasts than it has in the past, in order to help convince regulatory agencies that the merger will not have anticompetitive effects.

A three judge panel of the Court of Appeals for the Federal Circuit recently upheld the injunction against Microsoft that goes into effect January 11, 2010.  The panel also upheld the nearly $300 million in damages from the U.S. District Court for the Eastern District of Texas.  The injunction will bar Microsoft from selling versions of Word that contain the ability to open documents with “custom XML.”  The injunction does not affect any versions of Word sold before January 11, 2010, but does prevent Microsoft from “instructing or assisting new customers in the custom XML editor’s use.”  Technical support can still be offered by Microsoft from versions of Word sold before January 11.  Regardless, Microsoft has said that it is ready to remove the infringing feature from copies of Word and Office that will be sold after January 11.  The upcoming 2010 versions of Word and Office should not have the infringing feature, and thus should be unaffected by the injunction.

The only changes to the injunction by the panel were a modification of the effective date of the injunction, from the original 60 days (stayed during appeal) to 5 months from the original issue date of the injunction.  This was because the panel determined that the district court erred in setting a time frame of 60 days, when the only evidence concerning time to remove the infringing XML functions from Word was “at least” 5 months.  As Microsoft has said, it initiated steps in August to remove the infringing feature, so the change in the effective date of the injunction should have little practical impact.

In regard to the damages, most significant is the $200 million damages for royalties.  The panel even admitted that, “Given the opportunity to review the sufficiency of the evidence, we could have considered whether the $ 200 million damages award was “grossly excessive or monstrous” in light of Word’s retail price and the licensing fees Microsoft paid for other patents.”  The opinion makes it sound as if the panel, if able to review sufficiency, would have significantly reduced the royalty damages.  This is because the baseline royalty rate used by i4i’s expert witness to calculate damages was $98, when certain Word products could sell for as low as $97.  On a sufficiency review, it seems entirely possible that the baseline royalty used was grossly excessive and monstrous, since it could be greater than the entire selling price of a single copy of Word.  Further, Microsoft told the court the typical license it paid to use a patent was in the $1 – $5 million range, something completely out of line with the i4i calculations of $200 million.  But the panel stated it was unable to review the sufficiency of the evidence, as Microsoft had failed to file a pre-verdict judgment as a matter of law motion, restraining the panel’s review to the standard of a clear showing of excessiveness.  The panel even seemed to question Microsoft’s failure to file a pre-verdict JMOL motion as to the sufficiency of the evidence for the damages, stating, “Had Microsoft filed a pre-verdict JMOL, it is true that the outcome might have been different” because then the panel could decide “whether there was a sufficient evidentiary basis for the jury’s damages award.”  Given the panel’s statements, Microsoft might have blown its chance to have the damages significantly reduced on appeal by deciding not to file a JMOL motion for sufficiency of the evidence as to damages.

It also seems as if i4i’s decision to file in Texas has paid off, after gaining some measure of approval from the panel of the Court of Appeals for the Federal Circuit.  I don’t know if I would go so far as to call the panel’s opinion “a complete and utter vindication of the judgment,” given the statements of the panel regarding the royalty calculation and the limited level of review available for the findings of the jury, but it does give some credence to the inability of an appeal to alter the jury verdict.  While Microsoft’s loss on appeal may not make the district court’s decision completely right, it may well signal the verdict’s irreversibility.  The Federal Circuit may well refuse a request for a full hearing, as the decision clearly sets out the limits of appellate review in this case.

The size of the verdict against Microsoft makes you wonder why they didn’t just license the patent from i4i back in 2000, when Microsoft was aware of i4i’s presence in the market, or even at the start of litigation in 2007.  At this point, there appear to be very few reasons for i4i to consider talking with Microsoft about licenses or settlement, as i4i looks to have a winning case and a firm hold on nearly $300 million from Microsoft.

Google has revolutionized the way we access information by providing world wide knowledge and information at our fingerprints- all for free.  However, there is a hidden cost of accessing this information: your privacy.  Unbeknownst to many Google users, Google maintains a log of every search with IP addresses and other information that can be used to uniquely identify the user.  Furthermore, Google keeps this data from 9 to 18 months before ‘anonomyzing it‘, or getting rid of data that can be used to trace searches back to individuals.

The contents of Google searches are often intensely private – people often search for information they otherwise are too ashamed of talking about with others.  A search done out of curiosity could easily be misconstrued by another person.  Additionally, Google’s products have the potential of capturing much more than our search queries – including email, health records, phone calls, text messages, and even your physical location.  The potential for other party’s to get this information is concerning.  For example,  U.S. Department of Justice has subpoenaed this data in the past.

But what’s really concerning is not the potential for abuse, but rather Google’s attitude about data privacy.  In a recent interview with CNBC, Google CEO Eric Schmidt said, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place…the reality is that search engines including Google do retain this information for some time...”  This attitude is sickening, and is a serious threat to data privacy.  Afterall, it is Google who we entrust to protect our personal data against hackers, overzealous government prosecutors, or disgruntled company employees.  Furthermore, what happens to this data if Google is acquired by another company or goes out of business?

European Union (EU) regulators closed their investigation of  Qualcomm Inc. after all of the companies accusing Qualcomm of charging excessive royalties on technology patents withdrew their complaints. In 2005, six technology companies filed complaints alleging that the royalties Qualcomm has charged since its patented technology became part of Europe’s 3G standard are unreasonably high. Two of the companies, Nokia and Broadcom, withdrew their complaints after reaching separate outside settlements. Ericsson said in a statement that it is withdrawing the complaint and continuing “its ongoing dialogue with competition authorities around the world in relation to Qualcomm’s licensing practices.” Since all complaints have now been withdrawn, the EU dropped its investigation and is focusing its resources elsewhere. Qualcomm still faces antitrust scrutiny elsewhere in the world. Japan’s Fair Trade Commission said in September that Qualcomm coerced Japanese mobile-phone makers into agreements that prevented them from asserting their intellectual property rights, impeding fair competition and ordered Qualcomm to rescind the restrictive provisions. Earlier this year Qualcomm was fined 260 billion Won ($220 million USD) by South Korea’s antitrust agency for deterring competition through unfair fees and is currently appealing the fine. While the EU closed its four-year old antitrust investigation without levying a fine, Qualcomm was not absolved of wronging and the investigation could be restarted if another complaint is filed.