Schneier on Security
A blog covering security and security technology.
« How the MPAA Might Enforce Copyright on the Internet |
| U.S. Customs Seizing Laptops »
February 12, 2008
Buying an iPhone isn't the same as buying a car or a toaster. Your iPhone comes with a complicated list of rules about what you can and can't do with it. You can't install unapproved third-party applications on it. You can't unlock it and use it with the cellphone carrier of your choice. And Apple is serious about these rules: A software update released in September 2007 erased unauthorized software and -- in some cases -- rendered unlocked phones unusable.
"Bricked" is the term, and Apple isn't the least bit apologetic about it.
Computer companies want more control over the products they sell you, and they're resorting to increasingly draconian security measures to get that control. The reasons are economic.
Control allows a company to limit competition for ancillary products. With Mac computers, anyone can sell software that does anything. But Apple gets to decide who can sell what on the iPhone. It can foster competition when it wants, and reserve itself a monopoly position when it wants. And it can dictate terms to any company that wants to sell iPhone software and accessories.
This increases Apple's bottom line. But the primary benefit of all this control for Apple is that it increases lock-in. "Lock-in" is an economic term for the difficulty of switching to a competing product. For some products -- cola, for example -- there's no lock-in. I can drink a Coke today and a Pepsi tomorrow: no big deal. But for other products, it's harder.
Switching word processors, for example, requires installing a new application, learning a new interface and a new set of commands, converting all the files (which may not convert cleanly) and custom software (which will certainly require rewriting), and possibly even buying new hardware. If Coke stops satisfying me for even a moment, I'll switch: something Coke learned the hard way in 1985 when it changed the formula and started marketing New Coke. But my word processor has to really piss me off for a good long time before I'll even consider going through all that work and expense.
Lock-in isn't new. It's why all gaming-console manufacturers make sure that their game cartridges don't work on any other console, and how they can price the consoles at a loss and make the profit up by selling games. It's why Microsoft never wants to open up its file formats so other applications can read them. It's why music purchased from Apple for your iPod won't work on other brands of music players. It's why every U.S. cellphone company fought against phone number portability. It's why Facebook sues any company that tries to scrape its data and put it on a competing website. It explains airline frequent flyer programs, supermarket affinity cards and the new My Coke Rewards program.
With enough lock-in, a company can protect its market share even as it reduces customer service, raises prices, refuses to innovate and otherwise abuses its customer base. It should be no surprise that this sounds like pretty much every experience you've had with IT companies: Once the industry discovered lock-in, everyone started figuring out how to get as much of it as they can.
Economists Carl Shapiro and Hal Varian even proved that the value of a software company is the total lock-in. Here's the logic: Assume, for example, that you have 100 people in a company using MS Office at a cost of $500 each. If it cost the company less than $50,000 to switch to Open Office, they would. If it cost the company more than $50,000, Microsoft would increase its prices.
Mostly, companies increase their lock-in through security mechanisms. Sometimes patents preserve lock-in, but more often it's copy protection, digital rights management (DRM), code signing or other security mechanisms. These security features aren't what we normally think of as security: They don't protect us from some outside threat, they protect the companies from us.
Microsoft has been planning this sort of control-based security mechanism for years. First called Palladium and now NGSCB (Next-Generation Secure Computing Base), the idea is to build a control-based security system into the computing hardware. The details are complicated, but the results range from only allowing a computer to boot from an authorized copy of the OS to prohibiting the user from accessing "unauthorized" files or running unauthorized software. The competitive benefits to Microsoft are enormous (.pdf).
Of course, that's not how Microsoft advertises NGSCB. The company has positioned it as a security measure, protecting users from worms, Trojans and other malware. But control does not equal security; and this sort of control-based security is very difficult to get right, and sometimes makes us more vulnerable to other threats. Perhaps this is why Microsoft is quietly killing NGSCB -- we've gotten BitLocker, and we might get some other security features down the line -- despite the huge investment hardware manufacturers made when incorporating special security hardware into their motherboards.
In my last column, I talked about the security-versus-privacy debate, and how it's actually a debate about liberty versus control. Here we see the same dynamic, but in a commercial setting. By confusing control and security, companies are able to force control measures that work against our interests by convincing us they are doing it for our own safety.
As for Apple and the iPhone, I don't know what they're going to do. On the one hand, there's this analyst report that claims there are over a million unlocked iPhones, costing Apple between $300 million and $400 million in revenue. On the other hand, Apple is planning to release a software development kit this month, reversing its earlier restriction and allowing third-party vendors to write iPhone applications. Apple will attempt to keep control through a secret application key that will be required by all "official" third-party applications, but of course it's already been leaked.
And the security arms race goes on ...
This essay previously appeared on Wired.com.
EDITED TO ADD (2/12): Slashdot thread.
And critical commentary, which is oddly political:
This isn’t lock-in, it’s called choosing a product that meets your needs. If you don’t want to be tied to a particular phone network, don’t buy an iPhone. If installing third-party applications (between now and the end of February, when officially-sanctioned ones will start to appear) is critically important to you, don’t buy an iPhone.
It’s one thing to grumble about an otherwise tempting device not supporting some feature you would find useful; it’s another entirely to imply that this represents anti-libertarian lock-in. The fact remains, you are free to buy one of the many other devices on the market that existed before there ever was an iPhone.
Actually, lock-in is one of the factors you have to consider when choosing a product to meet your needs. It's not one thing or the other. And lock-in is certainly not "anti-libertarian." Lock-in is what you get when you have an unfettered free market competing for customers; it's libertarian utopia. Government regulations that limit lock-in tactics -- something I think would be very good for society -- is what's anti-libertarian.
Here's a commentary on that previous commentary. This is some good commentary, too.
Posted on February 12, 2008 at 6:08 AM
• 71 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Ok, we see 'lock-in' in almost everything - from the radiator cap in our car to vacuum cleaner bags and even - annoyingly - mobile phone chargers (although the value of lock-in there has fallen over the past few years).
And the point is? This is a law of economics. Rarely do manufacturers do things where the greater good for society trumps the greater good for making more money: that would go against the grain of capitalism.
The manufacturers want complete contrrol over YOU; however bugs in the software they write are somehow beyond their control and not their fault.
As soon as the user license says something like "and if a design flaw in our product cause a loved one of yours to die unecessarily, we will pile up money on the desk in front of you until you giggle out loud" then I will consider it an agreement between equals. Until then; crack away.
Generally OK, but iPhone example is bad one. Do you know, that Nokia doing same thing exactly?
And do you know, that I found it actually _very_ _good_ _thing_. Why? Because I want every application available on my phone that can access core phone functions (like make a call) to be screened and signed by Nokia.
I want my phone reliable 100% of the time, and I want someone to be responsible for it.
The people that talk about "choosing a product that meets your needs" assume that those products (or services) are available on the market for a reasonable price. Here comes a serious issue with monopolies and cartels: when the producers have sufficient power to avoid than the better product appears onto the market, it won't appear there.
The iPhone is a prime example: Motorola, Nokia, Sony-Ericson (and several other "traditional" phone makers) had the technology to bring an iPhone-like phone on the market. Why didn't they do it? Why could an outsider like Apple step into this segment of the market?
If you look closely, you will find more markets where competition could be better: broadband networking, software, etc.
They're learning from the US Government. Think of how pissed off the G would have to make you to make it worth your while to give up and emigrate.
Stuart Langridge's point about not being able to see what the rules are without agreeing to abide by them beforehand also rankles me. But I wouldn't buy an iPhone. Or an iPod. (It's JUST an MP3 player! A VERY expensive MP3 player!)
I'm with Bruce on this one, it is about the choice between liberty and being controlled. And given the choice between lock-in or not, I'd almost never choose lock-in. Yes, it may be cheaper NOW...
(There are plenty of essays out there about ethical problems regarding unfair knowledge differences between buyers and sellers.)
The problem is, unfortunately, in order for there to really be a choice on this (and for other issues), it requires a lot of education on the part of the citizen/user/consumer/human. Mind you, once you're up to speed, it's really not effort at all.
Most people are too lazy, uninterested, or passive to be informed. Hence, there's no real choice 'cuz they don't understand the issues.
I foolishly keep saving all my documents in open document formats (no, not OOXML). And I'm foolishly switching all my apps to open-source, er, sources.
I have faith in the computer-makers (as opposed to '-user') community. They do take the time and make the effort to be informed, and give themselves (and me!) some real choice. And I support them, when I can.
It's why music purchased from Apple for your iPod won't work on other brands of music players.
But it will. If I buy iTunes Plus files they are unencrypted AAC. I don't know of other players that play AAC, but if they exist, they'll play the iTunes Plus files.
we see 'lock-in' in almost everything ... and even mobile phone chargers
Actually, many mobile manufacturers are moving to USB connections.
>>It's why Microsoft never wants to open up its file formats so other applications can read them.
The binary file formats (I'm assuming you mean Microsoft Office) have been available since 2006, where anyone could get the documentation by sending an email to Microsoft as described as http://support.microsoft.com/kb/840817/en-us. The documents were available royalty-free under RAND-Z.
Recently, Microsoft has announced that they'd just get rid of the need to send an e-mail and provide it for direct download under the OSP (Open Specification Promise).
That being said... I hate lock-in too!
@Yosi: "I want my phone reliable 100% of the time, and I want someone to be responsible for it."
What kind of EULAs do you have with Nokia??
Huh? Radiator caps? There's no lock-in; like iPod chargers, one cap will fit many models, and there are 3rd party vendors who sell caps at the auto parts store.
Vacuum bags? Seriously, have you even shopped for bags? They have standard codes on the bags, like type "S" which fits different models from different companies, all which also make type "S" bags.
"If it cost the company less than $50,000 to switch to Open Office, they would. If it cost the company more than $50,000, Microsoft would increase its prices."
Um. If I'm assessing the cost of switching word processors, then part of that cost is the logistic business of switching over (lock-in). But another part is the ongoing cost of using one program as compared with another. For example, suppose (counter-factually) that Office allows my secretaries to do their work 10 times faster than they ever could with Ooo. Then that figure of $50,000 has to include the cost of hiring 10 times as many secretaries as I do now. If Ooo is faster, then the $50,000 has to include the savings from firing 90% of my secretaries, and the value of Office is actually *less* than the lock-in.
So if "having a better product than any competitor" is part of "lock-in" then, sure, the only value a software company has is lock-in.
But I think it's misleading to describe that as lock-in, which usually refers to the point costs of changing supplier, rather than the difference in ongoing total cost of ownership.
Unless, of course, economists are asserting that for every software product there is an equally valuable alternative available without paying anything to any software company.
While this might be true in some model of a perfect market (if there wasn't a free version, then a company could make a profit by selling one at half the price of the cheapest current product, therefore the price of software approaches 0), in practice the question isn't "will this happen?", but "will this happen soon?". Economics is very good at finding stable solutions to a given question, but somewhat less good at predicting when and how the market will approach that solution.
I notice a typo, you say "On the one hand, there's this analyst report that claims there are over a million unlocked iPhones, costing Apple between $300 million and $400 million in revenue", when what you probably meant to say is "By under pricing the initial sale and hoping users sign up for service, Apple's poor choice of business model is potentially costing them between $300 million and $400 million"
Or, you might have even meant to say "despite the 50% markup that Apple currently realizes on phones subscribed to legitimate channels, Apple also benefits from sales totaling over a million additional units into the 'black-market' of unlocked phones"
"Government regulations that limit lock-in tactics -- something I think would be very good for society -- is what's [some abstraction]."
Why grasp at a hypostatized abstraction "society" here in order to bash some other abstraction "anti-libertarianism" (whatever _that_ may be -- some term used in the United States but of little interest elsewhere, presumably).
The term "Civil Society" is used in Hegelian political philosophy as a way to draw a particular distinction State/Civil Society (Staat/burgerliche Gesellschaft). The two are different "moments" (in Hegelian jargon), and here we have a paradox in that they are both the same and not the same.
And the term is useful enough in Hegel (although man's condition can be theorized in other terms: for example, Aristotle had not read Hegel and used the term "City", knowing nothing of the distinction between State and Society). But what is "society" doing here? -- or is this article an amateur attempt at political philosophy? I had thought one came here for professional computer science.
Why not simply write as follows?
"Government regulations that limit lock-in tactics [would, I think] ... be ... good for [buyers of mobile phones]."
Why do so many current writers immediately feel the need to use abstract language and (usually poorly-understood) technicalities from theories they almost certainly haven't read rather than ***simply writing directly in natural language***?
I'm not sure that what Apple is doing with the iPhone and iPod is "lock-in", but it is definitely a use of "leverage". The iPhone has enough strong unique features that people want, that many people are willing to accept not being able to control which applications they can install. There is little technical reason for that lock-in, but it gives Apple more control. It's understandable why they want that control, and perfectly legal since Apple only has a small percentage of the cell phone market, but I still think it sucks. The iPod/iTunes situation has been more legally questionable since the iPod dominates the market, and until recently Apple was able to exploit that advantage to require people purchase music from the iTunes store.
Buying an iPhone isn't the same as buying a car or a toaster. Your iPhone comes with a complicated list of rules about what you can and can't do with it.
Surely you're not suggesting that we don't have to follow some very specific rules about what we can and can't do with our cars!
What Schneier wrote was correct. Anti-lockin regs are generally good for most of the economy -- insofar as they are the obvious end-point for an otherwise free market -- but are fundamentally anti-libertarian. No philosophical Hegelian hermeneutical mumbo-jumbo required to divine his meaning.
One minor correction: As of Microsoft Office 2007, their new file formats are open and well documented. Their .docx, .xlsx, and so forth are merely renamed zip files that contain the document and attachments (such as images used in the document) in a defined internal folder structure. The internal documents themselves are now saved as XML files which adhere to a defined schema.
"What kind of EULAs do you have with Nokia??"
The kind of EULA that allows me to return phone to store if it doesn't perform as advertised. If my phone will, for example, make "strange" phone calls on it's own - I will return it to store in same day.
This kind of EULA called "warranty", and I (and you too) have it on other goods too. You don't expect TV suddenly to switch itself on and off, right?
>>One minor correction: As of Microsoft Office 2007, their new file formats are open and well documented.
No fact-checking needed, right?
@neil: As long as you do it on your own property, there are (practically) no restrictions on what you do with an automobile. Modify it, race it, set fire to it, cut it in half with a big saw. Whatever.
Restrictions only come into play when you wish to use shared public roads (speed limits, bumper & headlight standards, catalytic convertors, insurance coverage etc). Look at race cars for an example.
Absent from the discussion so far: one of the most important weapons against lock-in is *useful* standardization.
Industry-wide standardization brings its own issues, of course.
Furthermore, cellphones are not a "free market" system. To run a cellphone service you need to have nationwide access to a limited number of frequencies. This access is auctioned by the FCC and only the winners of this auction can offer service, leaving you with effectively only 2 or 3 choices of provider in a given band/protocol; so you can not "vote with your feet" and change providers to one which offers less onerous restrictions.
"By confusing control and security, companies are able to force control measures that work against our interests by convincing us they are doing it for our own safety."
These companies are not "confusing" anything. They understand the distinction between control and security perfectly. They are merely deliberately obfuscating that distinction to make their interests appear to overlap with that of their customers, since it would be poor marketing to let it transpire there is in fact a conflict between the two.
Erm, I have an iPhone, and I don't see any lock-in, except on the carrier. The mail client supports pop3 and IMAP as well as outlook. The web client requires no special software. As far as I know, the iPhone provides much better standards support for these two critical applications than other mobile devices - that's certainly true of the mail client.
One distinction that I think was missed in the article is the difference between, what I'll call, vendor imposed lock-in vs customer imposed lock-in. Rewards programs would fall under customer imposed lock-in. Here, the customer isn't under any "legal" obligation, only their own desire to earn rewards.
This, of course, differs from the vendor imposed lock-in like closed file-formats or cell phone network lock-in. Here the customer is given no choice to change; or must pay a high premium to do so. As we have seen this often fosters hostility in customers.
In the digital age it's getting harder and harder for a vendor to impose lock-in. As we have seen iPhones can be unlocked, DRM can be cracked and software formats reverse engineered. Not to say there weren't after market parts before the digital age, but the tools and equipment necessary to create a look-alike widget are far greater than those required to overcome digital lock-in.
Insofar as the iPhone is itself the product, it has no greater "lock-in" power than any other cell phone (unless the 2-year AT&T contract requires a fee for changing phones but remaining on the plan, which I don't think it does). Want to change your phone? Go ahead. Unlike with MS Office, you haven't generated documents, workflow, or significant training based on its ideosyncrasies.
Even where the apps are concerned, it's billed as a phone/mp3 player/Web/email device; what I hear are complaints about not being able to install misc. 3rd party apps whose functions lie outside the sales pitch and primary purposes of the iPhone. But this would be called "limitation," not "lock-in" -- there's nothing about the lack of 3rd party apps that inherently engenders difficulty in ditching the iPhone for a competing product. That limitation is a consideration in buying, of course, but Apple pitches it as a consumer electronics item, not as a do-anything portable computer.
@Mike: "Libertarianism" has traction in the US because the term you know as "liberalism" (i.e. classical liberalism) was co-opted by the left in this country and no longer bears reference to the ideals of Locke, Madison, et al. The term itself might not be familiar to you, but if the ideas are, its use should still "interest" you.
@Bruce: To say that anti-lock-in legislation is desirable is, I think, to have a narrow perspective of the possible consequences.
At the very least, lock-in can act as a shifting of cost, so that at the cost of a long-term contract or tie-ins with other products, a buyer can receive a particular product, now, for a (sometimes much) lower price. You've thereby forcefully banned a particular type of mutual agreement -- which I find unethical, but which also has the practical consequences of forcing direct prices up, narrowing the band of mutually agreeable terms, and artificially making many transactions less desirable and efficient.
And, of course, the law of unintentional consequences applies here, as it does with all invasive legislation.
"On the other hand, Apple is planning to release a software development kit this month, reversing its earlier restriction and allowing third-party vendors to write iPhone applications"
I don't think Apple reversed anything. When the iPhone was released it screamed "Version 1.0." The SDK just wasn't finished at the time - much like many other features of the iPhone.
Sorry to nitpick, but I've been seeing this a lot and it bugs me.
Bricked is NOT the term. Or at least it wasn't the term as recently as a year ago. "Bricked" refers to a firmware update gone so badly that the device is not only nonfunctional, but can't be repaired. In other words, the botched update broke the updater and there's no longer any way to restore the good firmware. The device has been reduced to an expensive and not very structurally worthy brick.
This is not what happens to iPhones. As far as I'm aware nobody has gotten it into a state where it is so broken it can't even be restored to the original state. For someone everyone has decided to call this bricking, but it's not.
"Required to purchase music from the iTunes store"? In neither sense is that true. You are perfectly free to have no music whatsover on your iPod. Perhaps you are deaf and use it only for pictures. :-) More importantly, my iPod has fewer than five songs from the iTunes store. Most of its content is from CDs and LPs that I ripped to a computer years ago. They transfer over just fine. Perhaps you are unaware that one can still purchase music in this form. Sometime very cheaply at used-book stores.
BTW: as for MSFT formats being publically documented, perhaps they should get some of their own people to read those documents, so when I open a Word file from 1986 in Office 2003 it doesn't come through like a transporter malfunction. :-)
"Surely you're not suggesting that we don't have to follow some very specific rules about what we can and can't do with our cars!" -- neil
The Nissan 2009 GT-R is speed limited unless you're at an approved racetrack (checked via built-in GPS).
Also, sensors in the wheels detect & restrict the use of aftermarket rims.
> "... I want every application available on my phone that can access core phone functions (like make a call) to be screened and signed by Nokia."
Having applications screened is a good thing, but it doesn't have to be done only by the platform vendor, or only by a single trusted screener. You can have multiple trusted screeners and the consumers can decide whose evaluation they trust.
> "I want my phone reliable 100% of the time, and I want someone to be responsible for it."
I don't remember seeing any EULA of a mass market product that gives the purchaser or end user meaningful recourse if the product causes a problem.
@Jeremy: "At the very least, lock-in can act as a shifting of cost, so that at the cost of a long-term contract or tie-ins with other products, a buyer can receive a particular product, now, for a (sometimes much) lower price. You've thereby forcefully banned a particular type of mutual agreement -- which I find unethical, but which also has the practical consequences of forcing direct prices up, narrowing the band of mutually agreeable terms, and artificially making many transactions less desirable and efficient."
Did someone forget to invent banks and credit cards in your universe? Or - why shouldn't the carrier simply offer it's own financing, the way car companies do. Pay cash, or go to the competitive loan market.
The way it's currently set up, the carriers charge you extra to pay off the cost of the handset you got cheap up front. Then once that is paid off, they ... well, in most cases, they just charge you extra. At no point have I ever seen a phone bill listing a "phone loan" line.
The lock-in is in the lack of choice -- if you want a CDMA phone, you will have to buy the phone from the carrier, and take the loan from the carrier, when it may be that all you wanted was the little slice of spectrum. Meanwhile, handset manufacturers are touting new devices, which you aren't even offered because their features conflict with the carrier's business model.
I like the focus on economics here. Most people think of security in the context of security; those people also think of IT within the context of IT (perhaps with a security bias). But it is not geekdom that is the arbiter of IT adoption and investment. It is governed primarily by the laws of economics, and I'm glad Mr Schneier has a far better grasp of that than a lot of tech people out there, who see technology purely within the context of technology rather than seeing technology (or security, or whatever) within the broader context, including in the context of economics (which, in my view, represents a significant portion of that "broader context").
Lock-in is definitely problematic for customers. It can be annoying, favoring the company over the consumer. An idea briefly mentioned by Adam Smith regarding the Invisible Hand suggests that the aggregate will benefit (generally) when the person proceeds toward his rational self-interest. Obviously, there are exceptions. Fraud and theft, for example, are obvious exceptions. But is lock-in an exception? Should the Visible Hand of government step in to protect us from lock-in? I'm not so sure. Doing so will quite probably reduce the desire of companies & investors to invest capital toward a venture that might be further "regulated" for "the people's" best-interest. Rather than market efficiency, we would be left with the efficiency of an over-bearing government. And history has made clear that that model doesn't work out so well.
Maybe I'm getting ahead of myself here. I don't like customer lock-in, and maybe certain types of lock-in can validly be considered anti-competitive (and, therefore, subject to intervention by the government). But over-zealous government that is intent on "protecting" us from corporations is a model that I don't support on principle.
Of Libertarians and Lock-ins...
A couple things...
Libertarians argue that everything should be negotiated under contract law. When one side can modify the terms at will (which is just about every service agreement and closed source license), it is not a contract. If they can change my rates, sell my data and screw me in a million small ways, it is not a contract.
Another thing. The Corporate Libertarians want to allow lock-ins, but they are totally unwilling to allow everyone else the freedom to violate those lock-ins. They want the protection of the law when it comes to their business interests, but not when it comes to anyone served by that business.
Violation of patents has become a matter of Civil Disobedience. "Intelectual Property is Theft!"
To the extent that "libertarian" means what the US Libertarian party, and US libertarians, say it means (no restrictions on corporations, government's only economic role is to enforce contracts), then yes, anti-lock-in rules are anti-libertarian. Some Libertarians argue with a straight face that people should be able to sell themselves into slavery, and then have the state recognize their enslavement as a binding contract, because the market, contracts, and property rights trump every other consideration.
But there are other possible definitions. Governments could fight lock-in by doing less, for example, refusing to enforce contract or trade secrets whose effect is to promote lock-in. Alternatively, we could go back to the root and focus on policies that maximize the liberty of individuals, rather than artificial government constructs like corporations. This is closer to what libertarian socialists (sometimes called anarchists) advocate. US Libertarians claim that "libertarian socialist" is a contradiction in terms, but the phrase is almost 200 years old.
"Lock-in is what you get when you have an unfettered free market competing for customers; it's libertarian utopia. Government regulations that limit lock-in tactics -- something I think would be very good for society -- is what's anti-libertarian."
Yes, "lock-in" is libertarian utopia. "Slap them in irons!", albeit financial ones, is the libertarian rallying cry!
How utterly silly.
Making churning difficult for customers is a business strategy. Sometime it works, sometimes it doesn't. Witness the companies now that are doing precisely the opposite in the mobile phone industry, and winning customers hand over fist, those customers who dislike feeling "locked in."
Government regulations which attempt to achieve the objective of giving consumers more and better choice produce precisely the opposite, and prevent other companies and entrepreneurs from creatively offering better services, services which meet customers' desires and needs. We've seen this umpteen times.
Yet once again, we hear economic illiteracy advocating measures which create exactly the opposite effects of what they purport to accomplish. How many times shall we champion horrid policy before we take the time to understand its effects?
And in the Lack of Creativity Dept.: Has there ever been a statist apologist who DIDN'T claim his measures were only what was "good for society"? I can think of a few prominent pretenders to the American throne today who invoke that enervated cliche.
Woefully inadequate thinking, really.
Don't buy an iPhone.
It's really that simple. I have choices. I can choose other wireless providers, or phones in that same provider.
I choose the phone I do because it is relatively unfettered. I can rip my own ringtones from my own music and load them up. I can load up my own pictures for wallpaper. I can even write some Java and load it in. It's a more open phone. Oddly enough, it's on the same network as the iPhone .
I agree that there are cases where we should consider government intervention to prevent lock-in harmful to society, but this doesn't seem to be one of those cases.
"One minor correction: As of Microsoft Office 2007, their new file formats are open and well documented. Their .docx, .xlsx, and so forth are merely renamed zip files that contain the document and attachments (such as images used in the document) in a defined internal folder structure. The internal documents themselves are now saved as XML files which adhere to a defined schema."
LOL!!!!! Open and well-documented!!!!
You should NEVER, EVER use "Microsoft" and "well-documented" in the same sentence. Microsoft doesn't know how to document anything. And uh, the 2007 .docx formats are different from the 2003 .docx formats, which BTW are NOT what Microsoft refers to as "Office Open XML" (which is not Office-based, not open and not really XML). What Office 2007 produces are an extension of OOXML that uses nonstandard tags. Not to mention that OOXML itself uses warped, undocumented tags like "autoSpaceLikeWord95" that only Microsoft can use.
It's a pretend open format that keeps the Office lock-in going, while giving Microsoft good publicity from those who don't know better. See http://www.grokdoc.net/index.php/... for more.
While you can indeed drink Coke today and Pepsi tomorrow, the companies are certainly trying their best to have it otherwise. They can't lock the consumer in, but they can lock in the reseller.
At a restaurant, you can usually only buy one or the other. Your Big Mac only comes with a Coke, while there's nothing but Pepsi with your Whopper. Each franchise has an exclusive contract, and as a franchise owner you are obliged to honor it. In return for exclusivity, independent restaurants get discounts that make it extremely unfavorable to offer both. Even public school districts sign exclusivity agreements and ban the competitor's vending machines.
And the contract applies to the whole range of beverages. You can't even sell cheap bottled water but must stick with the overpriced Dasani (Coke) or Aquafina (Pepsi).
So, sorry, Pepsi vs. Coke is hardly a model example of customer choice either.
The danger is that if you submit people to enough indignities, they may desert you en masse if the next big thing comes along, and its not from you. Treat your customers well, and you won't have to compete so strenuously to maintain them.
> Uh, Bruce? ... The binary file formats ... have been available since 2006 ...
I love comments like this.
Uh, Garrett? ... ELF has been available since May 1995 ... and that was already version 1.2.
M$ is a bit behind in all things "open".
One fellow asked me once, "Where have you been, man? Terminal services has been out for over 2 years now!" ... I couldn't help but respond, "No, where have you been? Telnet has been out for over 30!".
@Backwards, as usual:
'Witness the companies now that are doing precisely the opposite in the mobile phone industry, and winning customers hand over fist, those customers who dislike feeling "locked in."'
Why should any economic structure worthy of the name tolerate the years, if not decades, of deliberate inefficiency that lock-in effectively is? Why not outlaw it in the same way, and for the same reasons we outlaw the sale of medicines that don't work or escalators that kill their users? The libertarian utopians tell us that none of those are reasonable either, as the market, given a sufficient amount of time -- and dead bodies -- will "figure" all that out as well.
Really? Why be deliberately stupid simply to enrich some oligarchs?
'Treat your customers well, and you won't have to compete so strenuously to maintain them.'
Well, the libertarians strenuously reserve the right to be borderline murderers, if necessary. That an anti-lockin, anti-customer-surveillance, etc, laws would not both even be observable to sensible businesses appears to be lost on them.
"Why should any economic structure worthy of the name tolerate the years, if not decades, of deliberate inefficiency that lock-in effectively is?"
Which century are you living in? Technology changes so fast, products and services are "obsolete before they're out the door." Claiming that the free market engenders inefficiency, and the government regulation prevents it, is to mistake exactly cause for effect, and effect for cause. (Read this: http://tinyurl.com/2x7sca , to begin with.)
"Why not outlaw it in the same way, and for the same reasons we outlaw the sale of medicines that don't work or escalators that kill their users?"
Advocating regulation is not 'outlawing in the same way.' If a product doesn't do what it claims to do, and the seller refuses a refund, then anti-fraud statutes are to be used to prosecute that seller. Government regulations prevent products from coming into existence in the first place, and cost all of us untold amounts of well-being, wealth, and in the case of some medicines, our very lives.
"Why be deliberately stupid simply to enrich some oligarchs?"
It is the very regulations that you support that enable your oligarchical corporations to prevent competition and strangle the life out of any free market that would have developed. Stop supporting them, support their repeal, and you're on your way to the efficiency that you claim to want.
@Backwards, as usual:
'Which century are you living in? Technology changes so fast, products and services are "obsolete before they're out the door." Claiming that the free market engenders inefficiency, and the government regulation prevents it, is to mistake exactly cause for effect, and effect for cause. (Read this: http://tinyurl.com/2x7sca , to begin with.)'
Sorry, I don't open tinyurl's as a matter of principle. As for the non sequitur: the argument is that lock-in, however accomplished, is inefficient. It is for the same reason monopolies are. We should outlaw it, as we do medical quackery.
Do we really need to run another 10 years of real-world economic "simulation" to prove it?
'It is the very regulations that you support that enable your oligarchical corporations to prevent competition and strangle the life out of any free market that would have developed.'
Unbridled capitalism was a disaster the last time it was tried. Non-market forces moved in and tempered it. Chances are excellent to certain you or I wouldn't even have the standard of living we do today without this moderating force.
Again, why be stupid? Is it just a coincidence that income and wealth disparities in the USA -- now approaching 3rd world levels -- are happening at the same time the State is withdrawing it's moderating influence?
Your analysis of free market vs. government regulation on lock-in overlooks one important thing. The methods of enforcing lock-in are generally unforseen consequences of intellectual property laws. It isn't hard for a crafty lobbyist to find some seemingly minor variation in a law which doesn't hurt any particular group very much, but will allow another group to exploit a lot of value from it. I'm quite sure that you will find the next law which is proposed to "limit vendor lock-in" or "protect consumers" is written by lobbyists to provide benefit for some particular group, and only disadvantage their competitors as a side effect.
You can find plenty of libertarians who fail basic common sense on their economic values. The only difference here is that you won't find people taking them seriously. Contrast this with mainstream politics, where the inability to balance a checkbook is no hindrance to being president.
@SteveJ, I think you have shown that the cost of the lock-in must be greater than the difference in the cost - value of the two products. I think it works fine to consider OOo and MS Office equivalent, and the simplifying assumptions don't invalidate the economic analysis.
Not all libertarians think assault rifles at 100 yards is the best method of settling every disagreement. Being able to see a legitimate role for government doesn't mean you support government where it isn't needed. The difference is we don't see more government regulation as the solution to the problems caused by government granted favors.
What Apple is doing is also a beneficial monopoly breaker -- here in Canada our data rates are as much as 5 times higher from cell phone carriers than US prices and artificially so. When Apple says they cannot have the license to carry iPhone traffic unless they make the data rate commensurable with the rest of the industrialised world, I can only applaud.
On the other hand, still no iPhone yet. But Rogers et al. will have to buckle eventually.
What about government regulations that *support* lock-in tactics - like the DMCA?
"Unbridled capitalism was a disaster the last time it was tried."
Unbridled capitalism has never been tried. Statists have always stepped in to violate the rights of those who peacefully attempt to 'try' it.
"Chances are excellent to certain you or I wouldn't even have the standard of living we do today without this moderating force."
You're right. Our standard of living would be much better. Read this: http://tinyurl.com/32hcyo to find out why. (link is to Amazon.)
"Is it just a coincidence that income and wealth disparities in the USA -- now approaching 3rd world levels -- are happening at the same time the State is withdrawing it's moderating influence?"
Wow. Too much just flat out wrong with that one. Good luck on your reading!
"Not all libertarians think assault rifles at 100 yards is the best method of settling every disagreement."
i don't know if i would say that this is an issue of "liberty and control". most people are unconcerned or uninformed about matters of "security". they just want things to "work". in the case of many technologies, the best way to ensure the "security" that most people desire while also ensuring that the technology "works" is often best accomplished by taking away the individual's control. the user is typically the weakest link. i don't think that we should be at all surprised when a company like apple - which is all about the aesthetic and user experience - would want to "lock" their products.
> Your iPhone comes with a complicated list of rules about what you can and can't do with it. You can't install unapproved third-party applications on it. You can't unlock it and use it with the cellphone carrier of your choice.
As DaringFireball points out quite nicely, that doesn't sound very complicated.
There's a nuance which seems to have escaped most' folks attention: there's a difference between a "lock-in" and simple incompatibility. A true lock-in costs money to implement and maintain.
A good example is DRMed music. It's far from trivial to write and maintain a passable DRMed system. You have to write a lot of code, process a lot of data, and then keep working 24/7 plugging security holes and vulnerabilities. Meanwhile, all this money really goes towards _crippling the product_. It's a waste of resources, in a sense.
On the other hand, product incompatibility, can be efficient - in the economics sense of the word. That is, the costs of compatibility features: drivers, file converters etc. may outweigh the benefits. A corporate payroll database might be an example - in most places that's a highly customized piece of software. It could be very expensive for a company to migrate away from its current solution. However, it it not because the corporate IT dept wanted to lock-in anyone and rule over HR with an iron fist. They just didn't bother to go beyond their call of duty.
> Did someone forget to invent banks and credit cards in your universe?
Apply for a loan, open a new credit card, impinge my credit from raising my revolving balance and adding to my open accounts...or finance it with a long-term contract through the vendor, without all that complication?
Sometimes you'll want the first: you have available credit, an open account, good rates. But with less credit and a poorer grasp on finances, the simplicity (and accordingly lower financial risk) might be a far better option.
I'm fine with AT&T's service, and I would probably have it for the next 2 years regardless. I'm able to use asymmetric information (my pre-existing plan of action - stick with AT&T) to take advantage of AT&T's ignorance (uncertainty about the allure of other providers), thereby exchanging lower phone costs today for a guarantee of future profits that AT&T would likely have gotten anyway.
If you remove that "lock-in" option, you've eliminated a route by which I may come to mutual terms with a vendor. You've thus narrowed the potential range of agreeable terms between us, which will necessarily result in somewhat fewer deals altogether, or at least fewer deals that leave both parties reasonably satisfied.
Um, when I bought my iPhone, it didn't come with a list of rules. It came with a cool-looking box (this is Apple, of course), and a nice little manual. I signed nothing. It was a case of me buying an item for money, and giving up no rights. I didn't have to agree to anything until I signed up for a phone number through iTunes.
Nor am I impressed by the "Apple bricked my iPhone" complaints. I'm typing this on my Ubuntu box. I've got every right in the world to hack the software as I like. If I did start fiddling with the internals in a deep sort of way, would it be a good idea for me to just accept the next minor OS update? I think not. I have no problem with people hacking their iPhones, and I doubt there's a legal problem, but why in the name of Valen accept the OS upgrade from Apple?
Nor is it impossible for lock-in to benefit the consumer. Apple's OS is licensed only for Apple computers. This means that there are a whole lot of things Apple simply doesn't have to think of when issuing upgrades. An Apple computer, running Mac OSX, usually just works, and very smoothly (when, as usual, Apple doesn't screw up). If Apple was trying to support Mac OSX on other hardware, they'd have to go through the same problems as Microsoft, without Microsoft's resources.
So, Apple sells iPods that you can load from CDs and the like (according to Apple a while ago, the average iPod had five songs from iTunes), and it's trivial to remove the iTunes DRM (burn to a CD). They are supposed to come out with the iPhone SDK this month. While Apple, like every other corporation, would like lock-in, they're really not as good an example of it as many people seem to think.
"I didn't have to agree to anything until I signed up for a phone number through iTunes."
If you hadn't signed up through iTunes and therefore with AT&T your iPhone would have been mostly just an "i". Since it wasn't sold as a handheld computer but as a mobile phone, that is locking people in. It's not specific to Apple/AT&T but it is totally unnecessary.
>> 'Unbridled capitalism was a disaster
>> the last time it was tried."
> Unbridled capitalism has never been
> tried. Statists have always stepped in
> to violate the rights of those who
> peacefully attempt to 'try' it.
And neither has communism but nobody ever felt bad-mouthing and misrepresenting that as problematic. The truth is that we have come close enough to true capitalism to knowing that it won't work. There are many arguments why, you should read up on them. To give you just one, the truly free-market requires perfect rationality in order to work. This does not and will never exist, making the truly free-market a utopia.
"Read this: http://tinyurl.com/32hcyo to find out why. (link is to Amazon.)"
If the link is to Amazon, then post a link to Amazon, not this tinyurl mystery meat bullshit.
This is, of course, why I use Linux and Free Open Source Software. To avoid lock in, and to get a better quality product.
I'm a libertarian who has addressed how libertarianism is necessary but insufficient for maintaining a stable society that doesn't become effectively totalitarian through lock-in and centralization, and so decentralism is a necessary additional rule for stability. If anyone is interested, I made a post on this on my blog as "Post-anarcho-capitalism":
It's not a question of some notion of "pure capitalism" vs government-managed capitalism or socialism. I've heard that argument before (not necessarily on this blog site) and it's silly. Capitalism simply does not exist in a vacuum; it exists within the context of everything else. It is not possible to divide a capitalist model from society, politics, and so forth.
The mistake that many Libertarians (and some libertarians) make is thinking of free marketism for its own sake. Such a model is indeed unsustainable, b/c society at large would reject it, considering their government unresponsive against "evil capitalists." Free markets must necessarily be curtailed to an extent to be supported en masse by the populace.
So, the discussion becomes framed this way: how can capitalism best be implemented such that a country is most competitive and its markets are most efficient? In a sense, the answer is both glib and easy. Government can just stay out of the way. Imagine if president Bush (or whomever) stepped in whenever the Dow dropped to a certain level? Imagine if he directed an agency with a budget surplus (Defense?) to buy up shares of companies just to prop up stock prices. Bad idea? Yep. Or if he ordered companies to stop laying people off until further notice. Disastrous? Yes.
Such meddling is clearly damanging to economies (and personal freedom). But that does not mean that government has no role in the economy. A Federal Reserve that sets lending rates is better than a silly gold standard. Regulatory agencies are required to make sure that all companies are playing on a level playing field. The Justice Dept is needed at times to pursue cases of fraud, anti-trust, and the like.
capitalism is a great model, and one that complements good governance (often going hand in hand with good governannce, actually). Neither component resides in a vacuum, and thus, analysis of a given "system" should take all pertinent aspects into consideration, thinking of them within the broader context.
"[Apple] can foster competition when it wants, and reserve itself a monopoly position when it wants. "
No. You misunderstand what a monopoly is. See here for clarification: http://www.mises.org/rothbard/mes/chap10a.asp
Umm - you folk know about preview - right?
In general, the costs of switching have been going down recently.
Also, if you want to talk about lock-in try changing government. Although, most people use the "vote with your feet" technique. (They move).
Now- how do we get rid of the unicorn hunters at Homeland Security (and/or TSA)?
"And neither has communism but nobody ever felt bad-mouthing and misrepresenting that as problematic."
As well they shouldn't. The closer one gets to "unbridled communism", the worse things get: more frequent, pervasive, and profound violations of rights; see here to get some background info: http://preview.tinyurl.com/2dkoxw
(Summary: 20 million dead should be enough to dissuade you from considering an "even more pure" imposition.)
The closer one gets to "unbridled capitalism", the better things get: more respect for rights, more diffusion of political power, better health, more wealth. Name the country where millions were killed to advance capitalism. Capitalism, mind you, not statist imperialism.
"The truth is that we have come close enough to true capitalism to knowing that it won't work."
Nope. That simply hasn't happened. You need to find out where you got that idea.
"the truly free-market requires perfect rationality in order to work."
Of course it doesn't. Why in the world would it? How silly.
There is no such thing as "unbridled Capitalism". It wouldn't last ten seconds. The only thing propping up the Capitalist system is a whole bunch of laws prohibiting things like price-fixing, false advertising, predatory pricing, dishonesty, collusion, counterfeiting, embezzlement, insider trading, and just plain fraud.
Problems like those cannot be solved by leaving it to "market forces": this was discovered way back in the mists of prehistory when the first two primitive people decided they wanted to do a trade.
So the argument isn't whether Government regulation is good or bad: it's how to apply that regulation to ensure the outcome that is best for society. Which is where all the ideological arguments come in...
"There is no such thing as "unbridled Capitalism". "
Well, you got that part right.
"Problems like those cannot be solved by leaving it to "market forces":
Right. Respect for property laws is the bedrock of capitalism. Each of the problems you listed (counterfeiting, embezzlement, fraud, etc.) is a form of theft; in other words, a violation of property rights.
"So the argument isn't whether Government regulation is good or bad: it's how to apply that regulation to ensure the outcome that is best for society."
Well, be sure not to confuse what is most often meant by "government regulation", and that is regulations, promulgated by unelected bureaucrats in regulatory agencies, which violate property rights, supposedly in the name of the public good. These regulations often create exactly the conditions that they were enacted to prevent.
If by 'government regulations' you meant 'enforcement of property rights' (prosecution of fraud, embezzlement, counterfeiting, etc.), then your statement is partially correct: such regulations are good, and being good, they promote the best outcome for all individuals in the society.
Lock-in is neither libertarian utopia or anti-libertarian. It's a response to prevailing market conditions.
And the sad truth is that most people simply don't care enough about lock-in to make its absence a priority in their buying decisions.
Enough people do care, however, to give rise to niche markets for products without lock-in.
If enough people did care about lock-in to make it unprofitable to do so, you would not see Apple or Microsoft doing it.
The solution, if you want to see companies stop doing this, is to convince their customers that lock-in is something they should care about.
Consider the situation with a certain item of medical records software. For at least one doctor, support fees for the software were increased. After refusing to pay, the doctor went through a week during which they supposedly could not access their patients' records. Ideally, the ability to access important data would not be in the hands of a single vendor.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.