high quality, so gatekeeping might help keep malicious or poor-quality apps away.

On the other hand, people don’t know what they’re missing—and firms can be very ineffective, despite their own economic interests, in recognizing the value of truly novel contributions from outsiders that might take a while to catch on. Who would have invested in Wikipedia at the beginning? And if Wikipedia required an incumbent gatekeeper’s approval or permission to get started, it might have failed to receive it—or languished at the bottom of a to-do list among hundreds of other apps and services awaiting review.

This phenomenon isn’t exclusive to Apple, of course. Even today’s PCs have a flavor of it. Microsoft offers a monthly malicious software removal tool, which unobtrusively goes through a PC to remove malware. Presumably it would become much less popular if Microsoft, or someone regulating Microsoft, tried to use the tool to remove software that people liked; no one seems to have tried to get Microsoft to kill anything yet, though, and such attempts are limited since any new app can immediately be installed on a PC—including one that shuts down a Microsoft app-removal tool.

Back on the whitelisting side of the spectrum, Web development platforms like Facebook Apps have restrictions that essentially mirror those of the iPhone. And when Facebook kills an app, the app is naturally not only unavailable to new users, but disabled for current ones, too. So Superwall or Secret Crush can go from millions of users to zero in a heartbeat. People learn about new apps through their friends’ Facebook newsfeeds—and Facebook can adjust just how much news an app will generate there. A Great Apps program allows Facebook to pick winners and feature them more openly, even as some developers grumble that the functionalities they build are sometimes incorporated into apps written by Facebook itself²—and then effortlessly promoted more than the outsiders’ original.

Its modest malicious software removal tool aside, imagine if Microsoft had adjusted Windows to act the way the iPhone and Facebook apps platforms do.

the iPhone apps
model is powerful,
and it is serving
some useful purpose
in shielding people,
prospectively
and retroactively,
against bad code.

WordPerfect would owe Microsoft 30% on sales of every copy of its word processor—if it sold any, since Word could be featured by Microsoft to its users much more readily, or rejected entirely as duplicative of Word. ( Recall that a main basis for the Microsoft antitrust case in the 1990s arose from Microsoft’s attempts to force PC sellers to include the Internet Explorer browser on their PCs’ desktops out of the box. The ways in which Facebook or Apple can feature their own apps over those of others dwarf that.) Of course, Microsoft could change that percentage owed at any time—or make it a flat fee. The makers of, say, Quicken, could find that they owe 70% or 80% on every app, take it or leave it. If they leave it, Quicken would stop working on every PC on which it had previously been installed.

And anyone objecting to an app— say, the movie and music industries beholding the rise of Kazaa or BitTor-rent—could pressure Microsoft to kill it the day it appeared. We recently experienced this scenario when Hasbro, owner of the intellectual property rights to Scrabble in the U.S. and Canada, pressured Facebook to kill Scrabulous, a Scrabble knockoff. No court needed to weigh in on this decision.

We likely wouldn’t accept this situation in PC architecture, and yet it is commonplace in the ecosystem that will soon replace it. Is the difference that Microsoft had overwhelming market share—an acknowledged monopoly—over PCs? That certainly counts, but even if one vendor

doesn’t capture the mobile phone or social networking spaces, the choices among them are shaping up to be choices among gated communities: equivalent to the old AOL vs. Prodigy vs. CompuServe, with the Internet not in the running. This is one reason why Google’s Android project is so fascinating: an attempt to bring the generativity of the PC to the mobile phone space. Without a security model better than the PC’s security provisions, however, Android is a tough proposition. How long will users tolerate a phone for which clicking on the wrong link can disable it?

The iPhone apps model is powerful, and it is serving some useful purpose in shielding people, prospectively and retroactively, against bad code. It is so powerful and popular that we will see it extended to PC-like platforms, too, with the 30-year run of open season for new software drawing to a close.

The way forward—for both PCs and smartphones—lies in a new security architecture that lets users make better-informed decisions about whether to run new software. We could aggregate data and make it freely available—how many experts have installed this same code? On average, what impact does the code have on the environment in which it runs, as measured by crashes or pop-ups or user satisfaction? A user deciding whether to run new code could use that data to make a simple decision, instead of letting the autocratic voice of preprogrammed security software dictate the result. Such an architecture would be more flexible than what we currently use. There are many details to work out, but without ways of managing our generative platforms without a central gatekeeper, chances seem strong that most people will accept— even demand—outside control.

 

References

1. computers in use pass 1 billion mark: gartner. reuters (June 23, 2008); www.reuters.com/article/ technologynews/idusl2324525420080623.

22. stone, b. new tool from facebook extends its web presence. New York Times (July 24, 2008); www. nytimes.com/2008/07/24/technology/24facebook. html.

3. zittrain, J. The Future of the Internet—And How to Stop It. yale university Press, Penguin u. K., and creative commons, 2008; www.futureoftheinternet. org/download.

 

Jonathan Zittrain ( zittrain@law.harvard.edu) is Professor of law at harvard law school in cambridge, ma.