Let The Market Decide

What the ACLU is asking is not difficult.  Rather than have the FTC order carriers to ship security updates to the Android operating system as soon as they are made available by Google, the ACLU wants customers to be told upfront that they won't be getting the updates needed to protect their personal data from hackers.

"We think the companies should be forthcoming about this," Christopher Soghoian, principal technologist and a senior policy analyst for the ACLU, said. "If consumers knew that certain phones weren't going to get updates, they might not buy those phones in the first place."

Rather than force carriers to spend a lot of money on automatic update services, the ACLU wants the market to fix the problem, a stand that many lawmakers in Congress should applaud.

"We want the market to work, but consumers are never going to get to vote with their wallets if they don't know which phones are secure and which phones are not secure," Soghoian said.

(See also: FTC To Carriers: Fix Security Or End Up Like HTC)

The ACLU complaint names AT&T, Verizon Wireless, Sprint Nextel and T-Mobile USA. AT&T declined comment, Sprint said it follows "industry-standard best practices," and Verizon said it works closely with manufacturers to provide "mandatory updates to devices as quickly as possible."

T-Mobile was the only carrier to say that it keeps Android customers up to date with the latest software. "T-Mobile takes security very seriously, and regularly provides security updates to our customers, including those using the Android operating system," a company spokesman said.

The FTC Plays The Heavy

If that is what T-Mobile does, then it is more in line with the FTC's thinking than its rivals. In a February settlement with smartphone manufacturer HTC, the agency pointedly emphasized the need to secure mobile devices.

Under FTC pressure, HTC agreed to a "comprehensive security program" that includes patching vulnerabilities that could be exploited by hackers and spammers. The agreement was significant because it outlined for all device manufacturers what the FTC considers best practices for security.

Keeping software up to date is a critical defense against hackers, who often target known vulnerabilities in software because so many users continue to run older, bug-ridden versions. In a blog post following the HTC settlement, FTC chief technologist Steve Bellovin made it clear that securing mobile devices was the responsibility of manufacturers and carriers, and they have to work together at getting updates out to customers.

"Bugs happen, ergo fixes have to happen," Bellovin said.

Android malware is a much larger problem outside the U.S., particularly in Asia and Eastern Europe. That's because people in those regions will download applications from third-party app stores, many of which distribute malware-infected software. In the U.S., most people get their apps from the Google Play store, which regularly checks for malicious software.

Nevertheless, 97% of new mobile malware is directed at Android devices, which comprise 72% of the smartphone market, according to security vendor Symantec's latest Internet Security Threat Report. While most infections today occur from downloading bad apps, experts say hackers are increasingly trying to compromise devices through spam that carries links to malicious Web sites.

Given the mood of the FTC, and trends in Android malware, it should be obvious to carriers that the status quo is unacceptable. If they aren't ready to make changes on their own, then they're likely to get an unfriendly shove from the feds.

Image courtesy of Shutterstock

The messages promised consumers free gift cards worth as much as $1,000 to retailers like Best Buy, Target and Walmart, according to an FTC release. Consumers that clicked on the messages were prompted to provide personal information, apply for credit or pay to subscribe to get access to the supposedly free gift cards.

The FTC complaints targeted both the senders of the spam messages as well the owners of the deceptive websites. In addition, the FTC filed contempt charges against serial spammer Phil Flora, who was barred from sending spam text messages in 2011 and was found to be part of the recent complaints. 

Of the eight complaints the FTC issued, seven were against the text senders and one against a website operator. According to the FTC, the defendants that sent the text messages were paid by the operators of the free gift card websites based on how many people were eventually duped into entering their personal information. The FTC alleges that the sites violate the FTC Act by failing to tell consumers of all the conditions set forth to obtain the supposedly free gift cards. 

The complaints are levied against companies and individuals. The list of text spammers includes several marketing firms such as Superior Affiliate Management, Rentbro, Inc., Jason Q. Cruz (doing business as Appidemic, Inc.), AdvertMarketing, Rishab Verma (Verma Holdings) and Seaside Building Marketing. The one complaint against a website operator was made against SubscriberBase Holdings, Inc.

The FTC filings at this point are just complaints. The FTC notes that it, “files a complaint when it has 'reason to believe' that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendant has actually violated the law. The cases will be decided by the court.”

Image courtesy of Shutterstock.

How It Started

HTC drew the attention of the FTC by deploying customized software in 22.5 million Android devices that allowed third-party applications to bypass a security mechanism requiring user permission before installation. The HTC software was meant to gather data only to help the manufacturer troubleshoot problems, but its implementation showed HTC was clueless when it came to security.

In investigating HTC's sloppy work, the FTC found a number of poor security practices. For example, HTC had no effective program for assessing the security of products before shipping them to consumers. In addition, engineering staff was not properly trained in security and privacy and there was no testing for security flaws. Also, there was no process for receiving and addressing vulnerabilities found by third-party researchers and academics.

The FTC's findings were listed in a complaint that HTC settled by agreeing to a "comprehensive security program" that includes patching vulnerabilities that could be exploited by hackers and spammers. The agreement is a big deal, because taken together with the original complaint, the FTC has outlined for all device manufacturers what it considers best practices for security.

"To settle the case - the FTC’s first against a device manufacturer - HTC has agreed to a far-reaching settlement that imposes a first-of-its-kind remedy: patching vulnerabilities on millions of mobile devices," FTC senior attorney Lesley Fair wrote in the commission's Bureau of Consumer Protection blog.

Dismal Android Security

Makers of Android smartphones and tablets have created a huge security problem by shipping devices with older versions of the operating system and then failing to quickly update the software with the latest security fixes from Google. This has left millions of customers with devices that contain known vulnerabilities that cybercriminals are working feverishly to exploit.

"It's reasonable to assume that the next thing the FTC will look at is the unpatched vulnerabilities in Android itself that Google has fixed, but where the fixes haven't reached end users either because of the handset vendors or the wireless carriers," Christopher Soghoian, principal technologist for the American Civil Liberties Union, said. "This is probably the most interesting FTC case to come out in the last couple of years."

The rise in Android malware is substantially faster than any other Internet-delivered malicious app, according to Cisco's recent 2013 Annual Security Report. At the same time, cybercriminals are developing better software tools for breaking into Android devices.

In October 2012, the FBI warned that cybercriminals had built a mobile version of FinFisher, commercial spyware sold to law enforcement and governments, to steal personal data from Android phones. Also last year, the first Android botnet was discovered on the Internet, according to Cisco. A botnet is a network of compromised devices used to distribute malware and spam.

The FTC Isn't Alone

The FTC won't be alone in demanding better consumer protection from device manufacturers. Rep. Ed Markey (D-Mass.), co-chair of the bi-partisan Congressional Privacy Caucus, plans to reintroduce this year "The Mobile Device Privacy Act," which would require companies to get the permission of consumers before using any monitoring software on mobile devices.

“With this important settlement, the FTC has sent a strong signal to the mobile marketplace that consumers’ sensitive information must be safeguarded,” Markey said.

With so much government attention on mobile device security, it's clear that manufacturers can no longer treat data protection and consumer privacy as an afterthought. Both will soon have to become a top priority.

Image courtesy of Shutterstock.

Patent trolls are also deliberately provocative to produce the most amount of disruption possible. The end goal for patent trolls, however, is to line their wallets. They may think of themselves as purveyors of fine intellectual property, but they are not actually creating anything or delivering useful items to the innovation economy. Patent trolls, by definition, are Non-Practicing Entities (NPEs) – they do not practice what they preach (or litigate over). 

InterDigital: A Fine Line In The Sand

A very fine line has been drawn in the sand on what constitutes a patent troll and what does not. A company called InterDigital, an “innovator” of 3G/4G wireless solutions, straddles that line. On one hand, InterDigital has a large engineering team that works to create patentable material on wireless technology. On the other hand, InterDigital does not create anything with those patents. It doesn't build the networks, the hardware, the base stations, servers or processors. It takes its patents and attempts to license them to mobile manufacturers and when those manufacturers refuse, InterDigital sues them. 

Nokia, Samsung, RIM, ZTE and Huawei have all run afoul InterDigital in the last year. In particular, the Nokia vs. InterDigital battle has been going on for a long time and has grown contentious over the last months. Today, InterDigital brought new patent suits regarding wireless technology against Samsung, Huawei, ZTE and Nokia, alleging that products from the companies using 3G/4G technology violate InterDigital’s patents.

From the complaint:

"The wireless devices at issue operate as, for example, cellular mobile telephones (including “smart phones”), cellular PC cards, cellular USB dongles or sticks, personal computers such as laptops, notebooks, netbooks, tablets and other mobile internet devise with cellular capabilities, cellular access points or “hotspots”, and cellular modems."

Basically, this covers anything you could possibly think of that might connect to the Internet in any way using cellular connections. InterDigital proposes an import ban for the four companies for any products that allegedly violate its patents. 

This is where the line between a company looking to protect its own intellectual property and status in a marketplace and a patent troll exists. Though many patent lawsuits from the likes of Apple, Samsung, Nokia, RIM, Motorola or others in the mobile manufacturer ecosystem are looking to hurt their rivals by keeping smartphones and other devices off retail shelves, InterDigital has no such marketable product to protect. 

In other words, this looks like a shakedown. 

InterDigital threatens import bans from these manufacturers with the hopes that the companies will back down and eventually license the patents in question. RIM has already succumbed to InterDigital and extended an agreement it had with the company to cover 4G technology like LTE and LTE-Advanced. 

“[InterDigital] is a patent licensing organization, not a technology licensing operation,” said James Bessen, a lecturer at the Boston University School Of Law and an expert on NPEs. “I do know people that study trolls who do consider it a patent troll … [InterDigital] is definitely considered a non-practicing entity.”

Lawyers like Bessen are not technically supposed to use the word “troll” when defining companies that act like patent trolls. The preferred technical term is “patent assertion entity.” A variety of companies fit into this category, notably the RockStar Consortium backed by the likes of Apple and Microsoft that deals with the leftover patents from the Nortel auction. InterDigital has the fifth largest holding of patents among companies considered to be NPEs in the United States with 3,138 patents, according to PatentFreedom. Intellectual Ventures is considered the biggest troll of them all, with 15,000 – 20,000 patents held. 

Manufacturers' Drag Fishing

InterDigital and its NPE cohorts are, of course, not the only companies that make news in patent litigation these days. The biggest tech story of 2012 was the patent fight between Samsung and Apple in which a jury awarded the Cupertino-based iPhone maker $1.05 billion in damages. Another top story of the year was the Google and Oracle smack down over the use of Java in Android. Apple and HTC got into a patent dispute and we learned that Apple and Microsoft have a patent settlement in place that required no litigation from either party. Ericsson has just filed a patent claim against Samsung in the U.S. with the International Trade Commission. Nokia and Research In Motion have had their patent battles. Such a complicated web patents weave.

Would you call Apple a patent troll? Google? Some people have and will continue to do so while the lawsuits continue to fly around courts. Technically, of course, they are not considered patent trolls under the definition of NPEs. These are definitely practicing entities, putting patented technology to work in products that people can actually buy. 

Yesterday, the U.S. Federal Trade Commission ruled on its 19-month investigation of Google’s antitrust case. While Google escaped mostly unscathed from the unfair search practices, the FTC did come down on Google-owned subsidiary Motorola for its patent-wielding practices. Motorola (even before the Google acquisition became final) had been suing rivals using patents that were considered SEP – Standard Essential Patents. SEPs are the type of patents commonly used by many companies because the ecosystem could not function without that particular technology. Think of Wi-Fi or cellular patents and you get the idea. 

SEP patents are supposed to be licensed on fair, reasonable and non-discriminatory terms (FRAND), meaning that companies like Motorola are not supposed to use these patents to sue other companies or seek injunctions and import bans. To a certain extent, that is what Motorola was doing and the FTC put a kibosh on the practice, hoping to create a template for future patent licensing between manufacturers. 

Where Does That Leave InterDigital?

InterDigital has seven specific patents pertaining to 3G/4G technology in its most recent suit against the four major manufacturers. InterDigital could be hurt by the FTC’s ruling on Motorola’s patent practices because of the SEP nature of InterDigital’s patents. In its complaint, InterDigital says that the FRAND defense would not apply to its patents. It also says that barring devices from the four listed manufacturers would not harm competition in the U.S. because InterDigital's other licensees (which now includes RIM), "would easily meet market demand with non-infringing devices." 

Seems like a convenient argument, no? InterDigital claims it is neither subject to FRAND nor would it provide a negative impact on competition. The latter might be true if Samsung was not listed in the complaint, but the Korean mobile manufacturer is largest smartphone supplier by volume in the U.S. 

In the end, InterDigital may find the Motorola ruling from the FTC will harm its ability to litigate going forward. We will also see in 2013 how courts end up treating other NPEs, like Intellectual Ventures. 

InterDigital is clever, though. It rides that fine line between patent troll and innovator with a large research and development department. But, as Bessen put it, InterDigital still looks like a troll by any other name. 

Top image courtesy Shutterstock

Even as the Federal Trade Commission ends its two-year investigation of Google with a whimper, Microsoft is desperately hoping that the war isn't yet over. The latest battleground: the YouTube app for Windows Phone.

In a blog post on Thursday night, Dave Heiner, vice president and deputy general counsel from Microsoft, expressed his disappointment in the ruling, complaining that the FTC missed the boat on issues of data portability, standard-essential patents, and other issues that include search bias.

On the face of it, whether or not Google should be obligated to license Microsoft the API technology necessary to build a Windows Phone app to access Google's YouTube video service seems relatively trivial. In a blog post, Microsoft said that Google has unreasonably blocked access to the necessary APIs, preventing it from doing so. Google already supplies a YouTube "app," which is merely an HTML5 version of its website, which runs inside the Internet Explorer browser on the phone.

For its part, Google believes that's more than enough. “Contrary to Microsoft’s claims, it’s easy for consumers to view YouTube videos on Windows phones," a YouTube spokeswoman wrote in an email. "Windows phone users can access all the features of YouTube through our HTML5-based mobile website, including viewing high-quality video streams, finding favorite videos, seeing video ratings, and searching for video categories.  In fact, we’ve worked with Microsoft for several years to help build a great YouTube experience on Windows phones.”

The problem, according to Microsoft, is that Google's behavior with regard to Windows Phone YouTube app is emblematic of its behavior in general. Two years ago, Microsoft complained to the European Union about Google's tactics, as well as the U.S. Federal Trade Commission. (Longtime Microsoft watchers have long noted the irony of Microsoft complaining about anti-competitive actions, given the company's issues with the U.S. Department of Justice, and the possibility that the EU may impose fines or other sanctions after Microsoft ignored the browser choice restrictions from a previous EU settlement.)

But now the FTC has ended its Google investigation with a slap on the wrist, Microsoft can't seem to give up the fight: Dave Heiner, vice president and deputy general counsel from Microsoft said Wednesday that the YouTube app dispute is simply a representative example of the "misconduct" that Google has employed with respect to its practices on the Internet. "Just last month, we learned from YouTube that senior executives at Google told them not to enable a first-class YouTube experience on Windows Phones," Heiner wrote.

"Google often says that the antitrust offenses with which it has been charged cause no harm to consumers," Heiner added. "Google is wrong about that. In this instance, for example, Google’s refusal deprives consumers who use competing platforms of a comparable experience in accessing content that is generally available on the Web, almost all of which is created by users rather than by Google itself. And it’s inconsistent, to say the least, with Google’s public insistence that other competing services, such as Facebook, should offer Google complete access to their content so they can index and include it on their search site."

In his midnight post Thursday night, Heiner claimed that Google "inexplicably has not promised to allow all advertisers to port their campaign data to other ad platforms—only those with a primary billing address in the United States".

Microsoft also characterized the FTC's ruling on the so-called FRAND patent issues ineffective. Motorola Mobility, which was acquired by Google last year, has embroiled itself in a string of lawsuits, seeking to coerce royalties for patents used in developing standards like Wi-Fi. Heiner claimed that the FTC's lukewarm requirements, full of legal loopholes, would allow Google to continue its anti-competitive behavior.

"During patent licensing negotiations, Google can continue to threaten that it will sue for an injunction, knowing that many would-be licensees will not be in a position to engage in litigation or arbitration with Google and also meet all of the other procedural requirements set forth in the decree that are imposed on the licensee," Heiner wrote. "Google can even continue to use its standard essential patents to fend off patent infringement actions against it: the proposed decree gives Google leeway to sue for an injunction on its standard essential patents if it takes the position that injunctive relief sought against it is based on a patent that is standard essential."

Now that the FTC has made its ruling, those concerns may be moot. But Microsoft made several references to behavior overseas, an indication that it may be seeking to tacitly plead its case before the European Union - which some now see as the "hard man" of international antitrust law. Whatever the situation, it's clear that Microsoft has no intention of giving up its fight against Google.

See also Google Escapes Unscathed From FTC Settlement and Google's FTC Settlement Is An Epic Fail For Microsoft.

But those pale in comparison to what may be the biggest disappointment in Microsoft’s history — its failure to convince antitrust regulators to take action against Google.

After a 19-month investigation and despite much prodding from Microsoft, the Federal Trade Commission has reached a settlement with Google that basically amounts to a slap on the wrist.

This is a crushing blow to Microsoft, which has spent millions of dollars on lobbyists and phony grassroots groups over the past several years hoping to land Google in hot water.

Indeed, Microsoft’s obsession with Google doesn’t just border on crazy. It is crazy, and not just a little tiny bit crazy but full-blown, bunny-boiling, Ahab-versus-the-whale nutso.

The Shadow War

For years Microsoft has devoted massive resources and energy to waging a sneaky shadow war against Google, fielding an army of lobbyists and front groups that exist almost completely to spread anti-Google propaganda, including ICOMP.org, the Association for Competitive Technology, FairSearch and SafeGov. 

They call themselves “industry groups,” and they have lots of members, but they’re basically Microsoft fronts devoted to hating on Google. Take a glance through ICOMP’s “newsroom” and “Voices” section and white papers and “ICOMP in the News” section. It’s pretty much all Google, all the time — and all negative. It’s a whole website devoted to bashing Google, and frankly it’s kind of incredible, in a twisted way.

FairSearch does much the same. Its site is loaded with Google bashing. FairSearch's spokesman is Ben Hammer, who works for the Glover Park Group, a lobbying and PR firm in Washington, D.C., that used to lobby for Microsoft. Before taking on his role at FairSearch, Hammer worked on the Microsoft account for Glover Park.

FairSearch also hired Patrick Lynch, the former attorney general in Rhode Island, as a consultant —  and then Lynch began lobbying states to investigate Google and publishing op-ed pieces in newspapers bashing Google for "abusing its power," among other things.

Microsoft even hired Randall Long, a former FTC attorney who had worked on investigations into Google during his time at the commission. A watchdog group protested and called the hire "suspicious."

In 2009 Microsoft spent millions of dollars to kill a proposed deal between Google and Yahoo. Read this Wired story about what Microsoft did, and you’ll be flabbergasted.

That battle was fought by an internal SWAT team that is devoted to hobbling Google. The team is led by a lawyer, John Kelly. (See his LinkedIn bio here.) Also on the team is Kate O’Sullivan, a former exec at Burson-Marsteller, a top Microsoft PR agency that has a hand in running ICOMP.

The SafeGov 'Grassroots' Campaign

More recently, as Google started trying to sell Google Apps to government agencies - competing against Microsoft Office by offering much lower prices - Microsoft helped create a new group called SafeGov.org, another so-called “grassroots” organization whose mission supposedly is to discuss issues around government computing policies, but really ends up being just another front for bashing Google.

SafeGov’s "experts" include Doug Miller of Milltech Consulting, who used to work at Microsoft doing “competitive strategy,” and earlier this year disclosed a consulting relationship with Microsoft. There’s also Jeff Gould of Peerstone Research, another SafeGov expert who has disclosed his consulting connection to Microsoft in the Washington Post and on a site called The Open Enterprise, but not in his SafeGov bio. Finally there’s Bryan Cunningham of Cunningham Partners who co-founded a company called Polaris Consulting whose lobbying clients included Microsoft —  though again this connection is not mentioned in his SafeGov bio.

SafeGov’s other experts include four people from the Chertoff Group — a lobbying organization run by former Secretary of Homeland Security Michael Chertoff. They've done their part to bash Google. Chertoff criticized Google in the Wall Street Journal in July 2012. Richard Falkenrath, a principal at Chertoff and a SafeGov expert, criticized Google in the Financial Times in February 2012. Yet another SafeGov expert, Andrew Weis of Civitas, warned about Google and privacy in the Chronicle of Higher Education in February 2012.

All For Nothing

And now all Microsoft's plotting and scheming has come to nothing. Or almost nothing.

The FTC has settled with Google on the allegations of search engine manipulation. As FTC Chairman Jon Liebowitz has stated, the investigation is closed and the FTC is satisfied that Google was not acting in anti-competitive fashion. "On balance, we didn't believe that the evidence supported an FTC challenge to this aspect of Google's business under American law," Leibowitz said in a press conference on Thursday. There won't be any protracted (and distracting) legal battle. There won't be any embarrassing depositions. Google will just make a few little changes that it has already agreed to and the Feds will back off.

Of course FairSearch is howling about the settlement and claiming the FTC "failed in its mission to protect American consumers." Microsoft is still holding out hope that European regulators will do something to hobble Google. And that may happen.

But here in the States, the whole campaign is starting to look not just evil but also ridiculous and even pathetic, a failed crusade that smacks of revenge and failure and sad psychodrama.

Why Not Just Make Better Products?

Microsoft has spent the past 10 years missing out on every big new trend — search, social, mobile. Instead of looking inward and trying to fix its own problems, Microsoft has become ever more obsessed with Google.

The crusade extends to PR as well. Last year Microsoft hired Mark Penn, the pollster and PR guy who led Hillary Clinton’s 2008 train wreck of a campaign.

Penn’s mission is to create smear campaigns about Google. One of his big brainstorms was the “Scroogled” campaign which tried to persuade people that Google’s search results are tainted by advertising. Microsoft ran full-page ads in newspapers and spots on Monday Night Football. It even created a site, scroogled.com, and urged people to complain about Google on Facebook.

Then came the “Droid Rage” ploy, where Microsoft used its Windows Phone account on Twitter to ask Android users to send in Android malware stories to win a prize. The campaign backfired when Android fans used the hashtag to mock Microsoft.

Going negative might work in politics, but when you're selling products it's probably wiser to tout the virtues of your own product. The risk Microsoft is taking is that by howling about Google, Microsoft starts to look like a company that can no longer compete, a desperate dinosaur that has toppled into the tar pit.

Worse, Microsoft starts to seem a little unhinged. Nevertheless, don’t expect this freak show to end anytime soon. Supposedly Penn has been going around Washington trying to recruit consultants, telling them that Microsoft has armed him with a $50 million budget to go after Google.

Imagine the kind of cool product that a team of great engineers could dream up with $50 million. Instead, we’ll get more negative ads and ineffective lobbying, while the Surface continues to post disappointing sales figures, and Windows Phone languishes in the cellar of the smartphone market, and while Android continues to gain market share in smartphones and tablets and the FTC can't find a way, despite all of Microsoft's finagling and pleading, to make a case against Google. 

Keep up the great work, Microsoft.

See also: Google Escapes Unscathed From From FTC Settlement and Microsoft's Fight Against Google Continues With YouTube App Complaint.

Image by ReadWrite.