Surveillance State

Minor update: Boost uses the Nextel/Sprint network, not Alltel.

Apple's iPhones seem to have a monopoly when it comes to usable mobile Web browsing. Until now, freedom-loving users not wishing to get into bed with Steve Jobs were, for the most part, out of luck. This article explains how to get an even better mobile Internet experience, without having to do business with either AT&T or Apple--with no contracts and no $60 per month bill just to surf the Net.

Apple's iPhone: No user apps for you!

The iPhone is clearly the must-have device of the digerati. All of my colleagues seem to have one, and frankly, I'm rather jealous. However, I have several deep moral problems with the iPhone that have prevented me from giving Apple my money.

Steve Jobs treats his customers with contempt. On a "stock" iPhone, you have no control over the applications you can install, cannot use MP3 ringtones, and can't even download songs to iTunes over the 802.11 connection. Yes, you can join the customer vs. company arms race, and try to hack your phone. However, the next time a software update is released, you may find yourself the owner of a $400 brick.

In addition to my problems with Apple, I really dislike the wireless carrier it's gotten into bed with--AT&T. My complaints about AT&T's profit-motivated collaboration with the NSA's warrantless wiretapping program have been frequently aired on this blog. Furthermore, the company only really offers practical data services to customers who sign up for a two-year contract--something I am unwilling to do. Finally, I see no reason to hand over $15 of my monthly wireless bill to Steve Jobs.

I want a device that gives me freedom, that does not lock me into a specific platform, and that is sold by a company that treats its customers with respect. I want to be able to leverage the significant base of existing Linux/open-source applications. I want to be able to run Firefox and the hundreds of community-made extensions for the browser. I want to download MP3s and podcasts directly to the device, and I'd prefer a real GPS chip, not some triangulation hack.

Furthermore, I am extremely nomadic. I can rarely plan more than six months into the future, and can't predict the country I'll call home a year from now. Thus, a two-year contract with AT&T is simply not an option.

Help from Helsinki

Luckily, help has arrived. The solution to my problems does not come from Cupertino, Calif., but Finland.

N810 Internet Tablet

(Credit: Nokia)

Nokia has gotten quite a bit of press over the last year for its N800 and N810 Internet Tablets. The devices run Linux, and are built on an open-source core. They include 802.11 Wi-Fi support, Bluetooth (including A2DP stereo audio) and a built-in Webcam that can be used for videoconferencing.

On the software side, the devices ship with a Mozilla/Firefox-derived browser and support the hugely popular Web-advertisement blocking extension Adblock Plus. Internet telephony is made possible through Skype and Gizmo, both of which come preinstalled. Prefer to use someone else (or your own Asterisk server)? No problem--SIP-based voice over IP software is also included.

What else?....

A BitTorrent client? Yep. Encrypted instant messaging for AIM and Google talk users? Yep.

Want to sniff a wireless network, break a WEP encryption key, or hack into a server? No problem. Metasploit, Kismit, and nmap are all supported.

Would you like to hook up an external hard disk, an Ethernet adapter, or a thumb drive? No problem. The tablets all include a USB port that supports "host mode."

The N800 ($200) and N810 ($400) have practically the same hardware powering them, the only real difference is the GPS chip and slide-out hardware keyboard that is included with the N810.

In terms of technology and software, the N810 does everything and more that the iPhone does. The only real problem thus far has been the issue of Internet connectivity. That is, when there is no open Wi-Fi access point nearby, my N810 has been pretty useless.

The data problem

The data offerings from U.S. mobile providers are, sadly, pretty awful. While users on some expensive plans can surf the Web from their phones, tethering (the act of sharing your phone's data connection with another device) is often forbidden. Verizon went so far as to totally cripple the Bluetooth functionality in several of its Motorola phones.

Worse, to get data, users are often required to sign lengthy contracts with the wireless carriers. A few do offer data services to prepaid users, but at rates that'll make you cry. For example, AT&T prepaid customers can purchase monthly allotments of bandwidth--1MB for $5 and 5MB for $10. Data hungry users who go over their 5MB per month are charged 1 cent per kilobyte. Want to use AT&T's prepaid plan to look at a few Flickr photos? That'll be $24.07 please.

The Boost connection

Thanks to YoDude from the Internet Tablet Talk forums, I now have a solution that works, with no contract, and at a price that I can afford.

Boost is a prepaid wireless company that resells access to the Sprint/Nextel nationwide wireless networks. Their voice services aren't particularly attractive (at 20 cents per minute). However, the Sprint/Nextel network uses Motorola's iDEN technology and provides a free, always-on data connection to phone customers. The data service isn't speedy, at 19.2 kbps, it harks back to the days of dial-up. For a free service, however, it simply can't be beat.

Following YoDude's advice, I went onto eBay and purchased a used Nextel/Motorola i605 phone. There are plenty of these listed for sale online, and can be found for about $40 including shipping. I also purchased a new Boost phone SIM (subscriber identity module) card for $2 including shipping.

A week later, with the phone and SIM in hand, I called up Boost to activate. The process took about 20 minutes, required no hacking of devices, flashing of firmware, or anything similar. I gave Boost my credit card number, and the company loaded $20 onto my account.

I then followed YoDude's simple instructions for setting up the Nokia Tablet with a Boost iDEN phone, and within minutes, I was using my N810 to check my e-mail via the Bluetooth-provided cellular data link.

Boost requires that you load up your phone with a minimum of $20 in credit at least once every 90 days. Voice service costs 10 to 20 cents a minute, depending on the time of day. Interesting enough, incoming text messages are free--which is not something I've seen any other prepaid carrier offer. Thus, for a little bit more than $6 per month, mobile users can get access to an always-on data connection that is perfect for e-mail, IM, and Google searches.

I won't lie. It's not speedy. But for airports, waiting rooms, and the bank lobby--it's perfect. By switching to IMAP based e-mail and an offline RSS reader, it's actually surprisingly usable.

For those of you with a thirst for faster data, and a willingness to pay for it, there may be other options. The uber-phone hackers at HowardForums report that Verizon offers prepaid users access to its 115KB/s EVDO data service for 99 cents per day. Setting this up seems to require a fair bit of hackery, including re-flashing special firmware onto your phone. Furthermore, at $30 per month, this is quite a bit more than I want to pay just to be able to google in line at the grocery store.

Got a better solution? Found a way to get a high-speed Bluetooth tethered connection at a low price? Leave a note in the comments, and I'll be sure to update this post.

Disclaimer: While I paid retail for a Nokia N800, the company did give me a heavily discounted N810 as part of a developer program. I interviewed with Nokia for a summer internship last week. I interned with Apple (along with several other companies) in the past.

Apple set the blogosphere on fire Monday when word leaked of the company's latest effort to limit iPhone unlocking. Recent media reports reveal that that the company has instituted a two-device-per-visit limit for iPhone purchases and has banned the use of cash for such transactions. However, the latest news indicates that Apple is now also banning the use of Apple Gift Cards for iPhone sales. Wired News confirmed the rumor on Monday afternoon. A representative from the Burlingame, Calif., Apple store told Wired News that "official" policy is now that gift cards will not be accepted for the sale of iPhones.

Before we get into the nitty gritty of this incident, lets step back and explore exactly how Apple describes the gift cards on its Web site:

Apple Gift Cards

(Credit: Apple)

"An Apple Gift Card lets you take the guesswork out of gift-giving. Your friends and family can choose exactly what they want from any retail Apple Store, from the online Apple Store, or by calling 1-800-MY-APPLE in the United States."

Also...

"You can purchase just about anything sold by Apple (except another Apple Gift Card, an iTunes Gift Certificate or purchases at the iTunes Music Store), including products from both Apple and third-party makers."

There does not appear to be any small print on the gift card program Web site stating that Apple reserves the right to reject gift cards for any purchase or change the terms and conditions after the fact.

On Monday afternoon, I spoke with Professor Avery W. Katz, vice dean and Milton Handler Professor of Law at Columbia Law School. Katz regularly teaches classes in contracts, secured transactions, and payment systems.

When asked if he had heard of any other companies refusing to take their own store gift cards in the past, Katz replied that "(this is) a new one to me," and that he believes that "most customers will be surprised to learn that their gift cards will not be accepted" for the purchase of items from a company's official store.

Professor Katz noted that even if Apple's gift cards were covered by a small-print or shrink-wrap contract, "in the case of a consumer purchase, not everything in the fine print of a consumer contract is enforceable. This area is one of some controversy in contract law." In general, he said, "the enforceability of these fine-print terms depends on how reasonable the fine print is and what a consumer can reasonably expect of the sale."

Katz also confirmed that the courts did not expect consumers to have legal counsel read the terms of a gift card before they buy it in the store. He further noted that different states' laws apply, and in particular that some states' laws are far more pro-consumer than others.

Katz was not willing to speculate on the legal options available to consumers who purchased Apple Gift Cards and were no longer able to use them to buy iPhones. However, he did confirm that consumers have much stronger level of protection in cases where the gift cards were purchased with credit cards as opposed to cases where the gift cards were purchased with cash. In such cases, consumers have the right of "chargeback," in which they can dispute the purchase when they are not happy with the goods (in the event the item is defective, for example, or if a gift card is not redeemable in the way that the consumer believed it to be at time of sale).

Protesters show Apple some anti-DRM love

(Credit: quinnums / flickr)

I also spoke to Russ Heimerich, a spokesperson for the California Department of Consumer Affairs. California has specific civil laws that relate to the sale and use of gift cards, although they mainly relate to expiration dates, fees, and the ability of consumers to get cash refunds for low amounts of trapped funds. Consumers who purchased gift cards with the intention of using them to buy iPhones should, Heimerich said, go back to the Apple store and ask for a refund. When asked about the legality of what some might consider to be a bait and switch by Apple, Heimerich said that "(the situation) doesn't sound right to me," and referred me to the California Attorney General's office, which has not yet returned my calls. Calls made to Apple have also yet to be returned.

Apple is no stranger to class action lawsuits. With respect to the current gift card issue, the company has sold the cards to consumers stating that consumers can use the gift cards to purchase "exactly what they want from any retail Apple Store." And now, once people have given the company money, Apple has decided to no longer accept lawfully purchased gift cards for one of the most popular items it sells. I'm no gambling man, but if Apple doesn't see a lawsuit or attorney general investigation into this incident in the next six months, I'll sell my open-source Linux-based Nokia N800, and buy an iPhone.

According to The New York Times, analysis of Apple's recent financial statements indicates that the company receives up to $18 per customer per month from AT&T. Over the life of a two-year contract, Apple stands to earn up to $432. Add in the cost of the iPhone device itself, and Apple earns more than $830 from every iPhone customer who signs up for an AT&T contract. Compare this to the cost of the physical components that go into the iPhone, which was reported to be $220 back in July of this year, and it's clear that the iPhone is a gold mine.

There seems to be some uncertainty among commentators and even some legislators over the iPhone. Let's get one thing straight: the iPhone is subsidized. The fact that Apple makes almost $200 profit on every iPhone sold is irrelevant. Apple sells the iPhone for less than its expected profit from the device with the expectation that the other $400 will come from its profit-sharing agreement with AT&T. Customers who buy the phone, unlock it, and use it with T-Mobile or an international carrier are denying Apple the funds that it expected to receive.

With more than 250,000 iPhones sold since June 29 without being activated on AT&T's network (phones most likely unlocked and used elsewhere), Apple has been denied subscriber-generated profit of more than $100 million. Thus, it's not too difficult to see why Apple "unintentionally" turned unlocked iPhones into bricks and then, most recently, limited the sale of iPhones to two per customer and banned cash and gift card transactions. The company doesn't want people buying the phones, unlocking them, and then reselling them, either in the U.S. or in even more-profitable foreign markets.

Now, lets take a deeper look at the issues at play here. In particular, which other companies try to limit the number of devices that customers can purchase?

In August 2006, three Arab-American men were arrested in Michigan; the men had in their possession more than 1,000 prepaid mobile phones, most of which had been purchased at Wal-Mart stores around the state. Local prosecutors initially charged them with collecting or providing materials for terrorist acts, although these charges were later dropped. The three men from Michigan were engaged in a modified form of arbitrage: they bought heavily subsidized devices, removed the software, and resold them to consumers wishing to use them on other networks. Tracfone, the company whose telephones the men had purchased, claims that it is losing millions of dollars a year from the practice.

Apple: No tinkering with our hardware!

(Credit: Wysz / Flickr)

Unfortuntely for Tracfone, in November 2006 the Librarian of Congress cemented the right of consumers to hack their own phones and created a new exemption to the anti-circumvention provisions of the Digital Millennium Copyright Act. With the law no longer on its side, Tracfone had to shift tactics, and as of October 2006, major retailers such as Wal-Mart began limiting customers to two prepaid phones per visit.

That's right--Apple has now adopted the same tactics as Tracfone, a prepaid-phone company that targets low-income consumers who do not have the credit necessary to enter into a contract.

I've written about Tracphone's troubles, as well as the more general problems faced by other companies in similar markets, in a new research paper Caveat Venditor: Technologically Protected Subsidized Goods and the Customers Who Hack Them, which will be published later this fall in the Northwestern Journal of Technology and Intellectual Property. While I recommend that you read my paper, the take-home lesson from it is that by not giving consumers a non-locked iPhone (albeit at a higher price in order to make up for the lack of AT&T profit sharing), Apple is only inviting hackers and tinkerers. For those of you who claim that the iPod Touch is just this: remember that only the iPhone has a camera and Bluetooth, which are essential features for anyone wants to create VoIP and videoconferencing software for the device.

Apple has fought (and lost, thankfully) a very public legal battle against the right of bloggers to remain anonymous. Thanks to its its trigger-happy legal department, it has made lifelong enemies of a number of security researchers. Now, over the space of just a few years, the company has gone from a much-loved underdog in the personal-computer space to the DRM-loving 800-pound gorilla of the online music business, and now has adopted the tactics of low-end prepaid phone companies whose products are sold at 7-Eleven.

Oh, how the mighty have fallen.

With Steve Jobs' recent announcement of his intention to fight off the independent iPhone developers, the question that must be asked is how will Apple try to defeat the hackers: Frequent and disruptive software updates, or lawsuits? Will Apple risk losing its most frequently (ab)used legal tool, the Digital Millennium Copyright Act, to try to punish the developers of the iPhone unlocking tools?

The wait is over. After being teased over the past few weeks with rumors that Apple would turn a blind eye to iPhone hacking or *gasp* even encourage it, the news is in and it ain't good for the hackers.

At the official U.K. launch of the iPhone Tuesday, CEO Steve Jobs made it clear that Apple will fight attempts to use the popular device on unauthorized networks. "It's a cat-and-mouse game," said Jobs. "We try to stay ahead. People will try to break in, and it's our job to stop them breaking in."

anySIM iPhone unlocker

(Credit: iPhone Dev Team/Hackintosh)

For the loose-knit community of iPhone developers, the last few months have been an around-the-clock hacking session. As a result, programmers have released a plethora of applications. Some, including an instant-messaging tool, a general purpose application installer and even a Nintendo game emulator, can be seen simply as developers releasing applications that Apple just didn't get around to writing itself. Other hacks, such as the much hyped iPhone Dev Team's anySIM unlocking tool, or the numerous free-ringtone tutorials that have been floating around the Net, can be more accurately described as a developer-lead attack upon Apple's revenue streams.

Apple has sunk a significant amount of developer time and marketing dollars into creating a product so drool-worthy that fans spent days queuing outside stores around the nation. Because of the significant hype surrounding the device, and the millions of customers who would flock to whichever wireless carrier with whom Apple signed an exclusive distribution deal, Jobs and his negotiation team were able to extract highly favorable, if not downright obscene amounts of money from the wireless carriers. While AT&T agreed to give Apple up to $11 per month for new customers who came to the carrier due to an iPhone purchase, some media reports are suggesting that Jobs was able to extract 40 percent of the monthly subscription fees that U.K. network O2 is charging its customers.

O2 is charging customers between $70 and $110 for its different monthly iPhone plans. With an 18-month contract, Apple is looking at between $500 to $800 in revenue share per customer. While the approximately $250 that AT&T will give Apple for a new customer over the lifetime of a 2-year contract is rather paltry in comparison, it still provides enough of a financial incentive for Apple to do all that it possibly can to lock the devices down, and keep hackers from unlocking the platform. Furthermore, if keeping open-source tinkerers away from the guts of the iPhone can also protect Apple's new, but potentially hugely profitable venture into the mobile phone ringtone market (99 cents per ringtone for each song already purchased), even better for Mr. Jobs and his stockholders.

Now that Jobs has declared war on the iPhone hackers, the only question that remains is the approach that Apple will take: software updates that'll break the iPhone hacks, or lawsuits against the trouble-making developers. To answer this question, we to look to the law and, most importantly, the Digital Millennium Copyright Act.

The most powerful weapon in Apple's legal arsenal is the Digital Millennium Copyright Act (DMCA). This law, much hated by open-source developers and much loved by copyright holders and mega corporations, was passed by a unanimous vote in the U.S. Senate before being signed into law by President Bill Clinton in 1998.

DRM protest outside Apple store

(Credit: Quinn Norton)

The DMCA is fairly complicated, but there are two main parts that seriously threaten researchers, hackers and hobbyists. First, the law makes it a crime to circumvent the technological locks that control access to copyrighted works. Second, the law makes it a crime for anyone to "traffic" or share such circumvention tools. That is, it's a crime to break the encryption protecting a copyrighted work, and it's an additional crime to share the software that breaks the encryption with anyone else.

While the law was originally intended to protect music and movie owners who were scared of infringement in the Digital Age, it has been used to try to block the sale of third-party printer cartridges, universal garage door openers, and even Web sites that publish leaked copies of scanned fliers for post-Thanksgiving "black Friday" sales. A few years ago, a number of prepaid mobile phone companies started using the DMCA to go after people who were buying their subsidized phones, stripping off the software and re-selling them to others.

When it passed the DMCA, Congress empowered the Librarian of Congress to issue exemptions to the anti-circumvention provision of the law. This power is intended to protect the public from access-control technologies that substantially interfere with their right to make non-infringing uses of copyrighted works. Current exemptions include the right for users to hack restrictive e-book digital rights management technology to allow for inter-operation with screen-readers and other helpful technologies used by blind and disabled people.

In 2006, Stanford professor (and now EFF cyber-lawyer) Jennifer Granick petitioned the Librarian of Congress to permit mobile phone customers to hack their own phones. Citing a need to reduce environmental waste due to prematurely disposed locked phones, and the needs of business travelers to be able to communicate around the world without carrying a phone for each country, the Copyright Office agreed with Granick, and granted mobile phone customers an exemption to the anti-circumvention rule.

That should be the end of it, right? An exception to the anti-circumvention rule exists for mobile-phone inter-network interoperability, and thus Apple should have no DMCA-related leg to stand on. The problem lies in the fact that the DMCA has two nasty provisions: the anti-circumvention rule and the anti-trafficking rule. As crazy as it may sound, while it's perfectly legal for a blind programmer to reverse engineer Adobe's e-book technology, it's illegal for her to share it with another, perhaps less technically savvy blind friend. As far as the law is currently concerned, if you don't have the technical skills to reverse engineer, you're not permitted to free your e-books or your mobile phone.

Unless this legal snafu is some kind of incentive-via-necessity based plan to turn every blind American into a reverse-engineering uber-hacker, the law is clearly broken. It is most likely an unfortunate oversight on the part of the 100 senators who unanimously voted for the DMCA, perhaps without fully understanding how it would be used in the future. Thus, we now find ourselves in a situation where it is perfectly legal to hack your own iPhone, but most probably illegal to share software with others that will automate the process.

With the DMCA most likely on Apple's side, Steve Jobs and his band of merry lawyers should have already filed a number of lawsuits against the iPhone Dev Team for its anySIM unlocking tool. Given the noticeable absence of lawsuits, one has to ask: Why hasn't Apple sued?

Apple likes the DMCA, a lot. Were there some sort of DMCA frequent-flier mile scheme, Steve Jobs would have earned himself at least a few free flights to Tahiti. While Apple is on solid legal ground when it goes after programmers for reverse engineering the Mac OS to run on cheap Dell PCs, any sort of DMCA action against the iPhone Dev Team would be far more problematic. Despite the fact that the Librarian of Congress does not have the power to create exemptions to the anti-trafficking provision of the DMCA, Congress clearly did not intend to create this artificial barrier between those with programming skills and those without. Quite simply, the law is broken. If Apple begins filing DMCA iPhone lawsuits, it could soon find itself in the unpleasant position where the courts--or worse, Congress--end up re-evaluating the merit and legality of the DMCA.

My suspicion is that Apple will not want to risk losing the golden egg-laying DMCA goose, and thus, will stick to frequent software updates for the iPhone that break community written applications. Why sue when you can patch?

Apple upset a lot of developers when they released their much-hyped iPhone to the public as a locked-down, proprietary device. Developers could write custom Web-based applications, but those coders salivating at the thought of creating and distributing more heavy-duty, downloadable applications were left out in the cold.

Conjuring up the 40-year-old ghost of AT&T, Apple CEO Steve Jobs claimed that the reason for this was because they didn't want poorly coded apps to damage AT&T/Cingular's fragile wireless network. He told Newsweek, "You don't want your phone to be an open platform," meaning that anyone can write applications for it and potentially gum up the provider's network, says Jobs. "You need it to work when you need it to work. Cingular doesn't want to see their West Coast network go down because some application messed up."

Of course, this didn't actually stop a legion of Apple fans and anti-DRM activists from reverse engineering the iPhone platform. Apple's futile attempts to lock down their platform could probably best be described as an open hacking invitation to security geeks--something similar to placing a big red button on a wall and telling an inquisitive child that under no circumstances should he or she ever press it. Predictably, within days, hackers had found and exploited flaws in the iPhone. Since then, a wealth of cool, yet unofficial installable applications have been released for the platform.

Apple announced the new iPod Touch today, essentially an iPhone without the phone. It still has the sexy touch screen, the user interface, Wi-Fi capabilities and most of the same hardware under the hood. The question that must be on every developer's mind is: "Will I be able to develop real apps for the iPod Touch?"

If Apple's main excuse in locking down the iPhone platform was a desire to protect the wireless carriers' networks, that reason would seemingly not be an issue anymore. After all, the new device doesn't have the hardware to connect to those oh-so-fragile cellular networks. As Cory Doctorow has repeatedly noted, one of Jobs' gifts is being able to lock in his customers and blame it on others. Apple blamed the record labels for the DRM lock-in on the iTunes Store, and then passed the buck to AT&T for locking developers out of the iPhone platform.

Unfortunately, the odds are that Jobs will come up with another reason for keeping developers locked out of the iPod Touch, although who he'll pass the buck to is anyone's guess.