Another day, another bunch of sour grapes about the sorry state of the Canadian wireless industry (check the comments for the real gold). The trouble is no longer that there is a lack of competition to the established players and although more competition never hurts, the problem is consumer expectations.

Bell, Telus and Rogers have a relatively simple business model: sell handsets at a substantial discount and lock customers into a three year contract. That’s done through a legal agreement and a software lock on the phone that will prevent that device from being used on a competitor’s wireless network. That substantial discount translates into hottest phones like the iPhone 3GS being sold for $99, at least $300 off its regular (ebay/craigslist) price. Bell/Telus/Rogers in turn make back their investment by knowing that you will be their customer and hence be paying them monthly fees. In other words, the full cost of the cool new phone is amortized by (a.k.a. buried in) your monthly costs. This prevents sticker shock and makes the newest phones accessible to people who may not otherwise be able to afford them.

Enter the new players like Wind and Mobilicity. These guys sound great: $25-$35 unlimited everything plans with no contracts. That is until you realize a couple of very important things:

• You pay the full cost of your phone. For example, a Blackberry Bold 9700 costs $450.
• You will have a lot of trouble buying phones online because these guys use non-standard frequencies
• Finally, your place is only “unlimited” as long as you stay in the area of coverage for your carrier. The minute you leave the area, you are roaming and you will pay through the nose for it. The coverage exists only in big cities. I live in London, Ontario and I am out of luck.

Considering the prices of the best phones, if they are even available on those networks, the Bell/Telus/Rogers 3 year contract starts to look pretty decent. Unfortunately, consumers cannot have it both ways and must pick between the discounted phone option that comes with a contract or expensive phone that comes with no contract. Incidentally, for about the price of an iPhone 3GS from Rogers you can get a candybar phone from some company called Huawei. That phone looks like it came from six years ago. If you just want to talk, text and don’t mind being tied to a big city, this is perfect. For many people, myself included, this is not a good solution.

And so Bell it is.

The other major problem faced by the new entrants into the wireless market is the cost of building a coast to coast network. Until they are able to do that, forcing their customers to pay roaming fees will be a huge setback to them. The issue is Bell, Telus and Rogers were able to build their cross-country networks because they were all at some point publicly subsidized. They are also very well established and are probably not going anywhere absent some very substantial changes in the regulations that govern them. Thus, they have access to a lot of capital that new entrants are not able to secure.

The new guys will have to somehow overcome that problem.

I have been noticing recently that there have been decisive steps taken against openness when it comes to new devices, and it bothers me. Before I go into this further, let me explain what I mean by “openness”.

Openness

In order for any device to be useful, it needs some kind of software. This is true of everything electronic,  from calculators, to TV’s, to telephones and to most obviously, computers. In the past few years, there has been an explosion in computer-like devices, that is hardware that has an operating system and which can run software other than what is preloaded.

To use an easy example, take a cell phone. Originally, all the cell phone is programmed to do is make phone calls. Then, someone said “why don’t we put games on it?”. Then, “why not a camera?”. Followed by “why don’t we connect it to the internet?”. Lo and behold, we have smartphones. We can now extend the capabilities of our phones and similar devices in ways that were not imagined by their original designers.

Original multi-purpose phones were relatively open. This was done mostly as a convenience to developers: they did not want to reinvent the wheel by writing a new operating system, so they used one that was time-tested: java. This meant that anything that was created using java mobile edition (J2ME) could probably run on a java-enabled cell phone.

Even the original smartphones were open (“smartphone” is a difficult concept. I’ll refer to anything that connects to the internet and allows user-installed programs as a “smartphone”). Windows Mobile (used to be called Windows CE) allowed developers basically unlimited flexibility in creating and distributing software for Windows Mobile devices. Installing software did not require any reverse-engineering, hacking or any type of security bypasses.

I use the term “openness” to refer to precisely this flexibility. Openness does not mean open source, does not mean free software, does not guarantee any freedoms to users. However, developers have a lot of freedom that they can choose to pass on to their users (or not). They can distribute their creations in any form, on any website, charge fees or not, etc.

Current State

Since the introduction of the iphone, there has been a trend in the opposite direction. To use the example of the iphone itself, the only (legal) way for software developers to distribute their wares is through a process that is controlled by Apple from end to end. Apple controls what applications can be distributed, it tracks each user that installs the application, and of course, takes a nice commission from the sale of each app. There are obvious problems with such end-to-end control, including this one.

The problem is that this is not limited to the iphone. Blackberry is doing something similar with App World, although I believe it’s still possible to install apps without appworld. Even the Android platform is jumping on the bandwagon with Android Market.

The only holdout thus far is Windows Mobile probably because the users of those phones are way too used to not having any restrictions on them. We will see what happens once Windows Mobile 7 comes out later this year. I would not be surprised if it has new limitations on the type of software that can be installed.

Of course this is not a problem that is limited to phones. For example, the PSP, a device that is theoretically capable of many computer-like features has been completely locked down and can only play games (that you have to buy and where Sony can take a cut). The Wii has bluetooth functionality that can only work with its own wiimote. Why not other bluetooth devices? This is not even considering upcoming hardware such as the Apple iPad that will mimic the iphone in every way in terms of dealing with third party software.

This is a shame

The main reason I don’t like this is that a lot of potential remains under lock and key. If you look at what the latest iPod Touch is, it’s a computer with 800MhZ, 256MB of RAM, and a 32 (or 64) GB hard disk. I had a computer with similar specs in 2002. My computer in 2002 could do a lot more than my iPod today, even though they are technologically similar. The reason has nothing to do with technology, but has everything to do with poor decisions that keep such devices locked down.

Solutions

Unfortunately, the current solutions to this problem are quasi-legal at best (downright illegal at worst). It involves a healthy dose of hacking and looking for exploits. This in turn can lead to serious breaches of security when the same hack that can be used to install an unauthorized program is used to distribute a virus (again, an iphone example).

The easiest way to prevent this is to avoid having as many people looking for these kinds of hacks. The overwhelming majority of hackers are not malicious people and would not be hacking if their phones were open to third party software. And even if they were hacking, there would not be a need for a wide dissemination of these hacks. This means that the efforts of people who mean well would not end up in the hands of the malicious.

The Business Case

I am well aware of the fact that companies that release locked down devices see a business opportunity in controlling the software that can be loaded onto them. Indeed taking a cut of every program sold online is a good revenue model. However, opening up these devices will inevitably increase their sales. This is pure common sense: the more a device can do, the more people it attracts.

By the way, I am not saying that hardware manufacturers have to stop selling software. Indeed it may continue to make a lot of sense to sell through a centralized place where users know and trust the source of the program. Opening up the device up to users “at their own risk” though needs to be done. Users need to have control over their devices.

Conclusion

The PC industry has realized a long time ago that openness is the way to go. It allows devices to what was never intended or imagined by the original designers of computers. Who would have through 40 years ago that computers would be used for live DJing or advanced image creation (Traktor and Photoshop, respectively)? The engineers that created modern computers 40 years ago were looking for advanced calculators and processing power. Openness and ingenious software developers did the rest.

It’s time for the same thing to happen to our phones, games, and other devices.

Cross-posted at LawIsCool.com

I read about William Kamkwamba, the boy who built a windmill in a rural area of Malawi that was eventually able to power several houses and a water irrigation system in his village. It is an incredibly inspirational story that I urge everyone to read.

What really got me thinking though were some of the comments of the Toronto Star readers. Among the praise, vitirol, and accusations of the whole thing being fake, there are a couple of issues that need to be discussed.

“And….just why exactly is a story about someone in Africa a lead story in a Toronto newspaper? Has multiculturalism confused us that much that we cannot distinguish between Malawi and Toronto?”
- granted this was written by someone who calls him(her?)self “Canada for Canadians”. I didn’t even realize there was such a movement afoot. This is dangerous close-mindedness. Reminds me of “Germany for the Germans” (that led to the Holocaust) and “Russia for the Russians” (that led to beatings of Jews and people from the former USSR republics in the late 90′s and early 2000′s). Aside from that, the comment is itself idiotic: Toronto Star has a “World” section for a reason. Some people are actually interested about what happens outside of Toronto.

“Good to see people taking some initiative in life to make things better for themselves and the people around them. I had the same idea a year ago and ran it across my colleagues. It was immediately shot down because of the noise pollution laws. I think it’s an excuse to protect the utility companies. http://www.cbc.ca/technology/story/2009/06/10/ontario-wind-turbines.html”
- I would like to know how much of this is true and if anyone can chime in, please do. I understand NIMBYs to some degree (I wouldn’t want a wind turbine howling outside my window all day and night), but I’d like to know how much of the bylaws are there to protect a government monopoly.

“Compare this amibitous young man with our average (not all, average) Candadian teenager. He was driven to do something better for himself and his community. Canadian teenagers are no longer driven, parents give them everything they want (not just need anymore, want) so there is no reason for them to be ambitious. Parents actually complain when their children are given homework! Instead of encouraging our children to learn, earn and become productive, we are encouraging them to be lazy and entitled.”
-I take some issue with this comment. It is true that necessity breeds invention, but so does laziness. We in Canada are lucky to have a lot more than they do in Malawi, but this does not mean that we stop inventing. Our invention and innovation happens on a different level (the two university-aged guys who started RIM are a good example. Across the border, two similar types of guys started Google).
As for homework, if you looked at grade-school homework recently, you would see that a lot of it is mindless busywork (i.e. the “guess and check” crap that grade school math teachers love to assign). It takes hours and teaches precisely nothing. It’s good to assign homework, but school-aged kids also need time and energy to think and to create. By assigning mindless busywork, we are not creating inventors, we’re creating drones, and that is something to complain about. I’d rather see kids get no homework and spend their time entertaining themselves (and maybe creating something in the process) than spend time doing mindless busywork.
Of course not all homework is busywork, but I remember going through school and I’m seeing my sister go through it now, and almost half of all homework by time is stuff that teaches absolutely nothing and could be eliminated with no detriment to education.

Introduction (Surprise!)

I got a new iPod Touch today and one of the first things I did was fire up wi-fi and launch google maps. I noticed a button that allowed the system to automatically zoom in to my “current location”. Because the iPod does not have a GPS chip, I was expecting it to use my IP to narrow me down to a city or even a province. Imagine my surprise when it narrowed me down with an accuracy 30 meters (~100 feet)!

The first time I tried this, I was at the university. I was not too surprised by this because I know that the university has static IPs that may well be in some geo-locator database. I was more surprised (and concerned) when this worked at home. My IP is dynamic, so there is no way it could be stored in a central database. For curiosity, I looked my current IP up in a geo-locator database and it pointed me to Kingston, ON, which is 500km off, but it makes sense because my ISP operates all over Canada.

Technical Explanation (With Limited Amounts of Geekiness)

So how did the iPod do it? A few minutes of googling took me to a company called Skyhook Wireless. Without getting too technical, what this company does is it sends out about 200 cars in all cities in North America and they do what is known as “wardriving”. Essentially, they take a unique ID (MAC address for the technically inclined) from all wireless routers and log the physical location of those routers in a central database. The MAC address is freely available, even from protected networks. To be perfectly clear: you do not need to connect to a network (and thus do not need any passwords) in order to get a MAC address.

Once the location is in a central database, it is available for triangulation. Say I’m walking down the street with my iPod and press the “locate me” button. The Wi-Fi radio on my iPod sends Skyhook the MAC addresses of all the routers around me in a 80-200 meter radius. If three of those are in Skyhook’s database, I am triangulated, and skyhook knows where I am (give or take a few meters). The data is sent back to me and I get a google map of my surroundings.

Implications (Why You Should Turn Off the Wi-Fi on Your Cell Phone/iPod)

The negative implications of this can be quite clear. What if, for example, you’re not the one who requested your location? What if it was done by a virus/trojan or spyware (brings a new meaning to the term, eh?)? But your location is probably of little use to petty hackers and virus-writers. It’s also not precise enough for someone to physically walk up to you, especially if you’re in a dense place such as any city center. 30 meters worth of error downtown Toronto (or even downtown London) is enough for someone to never find you.

But what if your location is wanted by someone who knows you personally? Let’s say a spouse/significant other who thinks you’re cheating. Then your location with a 30 meter margin of error becomes more than enough for that person to know what you’re doing.

Legal Issues (This is a Law Blog, right?)

I can’t definitively say whether any of this is an invasion of privacy. Skyhook’s technologies does not circumvent any security systems and uses only information that is publicly available. I am not sure whether posting a location of a MAC address constitutes invasion of privacy (an enterprising “enthusiast” found a way to query Skyhook’s database to get Lat/Lon coordinates associated with MAC addresses). There’s an argument to be made both ways and of course none of this has been tested by a court.

What’s more concerning is that router owners cannot opt out of this. Furthermore, once a router’s MAC address is in the database, it cannot come out. The company’s stance on the issue is the following:
“we cannot remove individual access points…every access point by
definition broadcasts a radio beacon …The only way to stop an access point from broadcasting its
presence is to unplug it….we don’t actually identify the location of access points, just the signals
that they create”
That statement is technically true, but misses the point entirely. “The signals” (MAC address broadcasts) can be definitively associated with the physical router because every router has a unique MAC address (otherwise their system wouldn’t work). So, yes, they are tracking the location of access points. It is true though that once that access point (router, switch, etc.) is no longer broadcasting, it cannot be identified. This is the same thing that was said by computer security experts back in the 1980′s:
“…the only truly safe computer system is one that is disconnected from the network, switched off and buried six feet under ground…and even then I’m not sure.”
Mitigating Factors (Why You Should Not Lose Sleep Over This)

I have already alluded to some of the mitigating circumstances. Some of them are social (i.e. your location within 30 meters is useless to 99.999999% of the population) others are more technical. For example, most devices that are not laptops shut off wi-fi connectivity when their screens turn off in order to conserve their batteries. This is certainly true for iPods and iPhones and is also true for every Windows Mobile device I ever owned. Also, an internet connection is not needed to establish your coordinates (unconnected wi-fi is enough), but an internet connection IS required in order to do anything with those coordinates (i.e. send them to someone).

Also note that there need to be at least three known broadcasting access points within at most 200 meters, which likely means that this positioning system will not work in rural areas.

Lastly, and perhaps most importantly, I did not find any evidence of this system being misused. So far, there has not been any malware written that would take advantage of Skyhook’s database to track people. That doesn’t mean it cannot happen, it just means that it is not something to worry about today.

For More Info…

For the more technically inclined, you can check out my source material:

http://thebmxr.googlepages.com/Don_t_Locate_me.pdf (Background and tricking the system, very technical)
http://en.wikipedia.org/wiki/Skyhook_Wireless (Wikipedia entry on skyhook. Describes the technology)
http://en.wikipedia.org/wiki/Wifi (Wikipedia entry on wifi. Look at “Reach” for wifi service ranges)

A triumphant Jennifer Stoddart, Canada’s Privacy Commissioner came out this morning and said that Facebook agreed to make changes to its privacy policy within a year. The following changes are being touted:

• Denying third-party application developers access to user information without the user’s express consent in each of the categories the applications wants to access (currently, a user clicks just one button and the application can access all info regardless of whether or not it needs it);
• Giving users the opportunity to provide meaningful consent to retain profile pages after their death (currently there is no such provision that I know of);
• Add information about the privacy of non-users;
• Allow users the option of deleting accounts and all information associated with the account from Facebook’s databases (currently, a user may “deactivate” their account, meaning that the info still stays on Facebook’s servers).

This is indeed a meaningful victory. However, it does raise some interesting questions. Facebook is not the only platform out there that indefinitely maintains the information of its users. Other platforms such as Myspace, twitter, countless small(er) sites such as meetmeinto and the ever expanding vacuum of information called Google.

Are the laws on privacy clear? How do they apply to non-Canadian companies? How can they be meaningfully enforced, especially outside borders? I see Facebook’s agreement to comply with laws as largely a goodwill measure. If the company wanted to dig in its heels and refuse to make any changes, what could the Privacy Commissioner have done? Let’s see if someone can answer this question.

Source

Cross-posted on LawIsCool