Amazon VPC trojan horse finds its mark: Private Cloud

Now we've all had a chance to digest the Amazon Virtual Private Cloud announcement and the dust has settled I'm joining the fray with a "scoop of interpretation". Positioned as "a secure and seamless bridge between a company’s existing IT infrastructure and the AWS cloud" the product is (like Google's Secure Data Connector for App Engine which preceded Amazon VPC by almost 6 months) quite simply a secure connection back to legacy infrastructure from the cloud - nothing more, nothing less. Here's a diagram for those who prefer to visualise (Virtual Private Cloud.svg on Wikimedia Commons):

Notice that "private cloud" (at least in the sense that it is most often [ab]used today) is conspicuously absent. What Amazon and Google are clearly telling customers is that they don't need their own "private cloud". Rather, they can safely extend their existing legacy infrastructure into the [inter]cloud using VPN-like connections and all they need to do to get up and running is install the software provided or configure a new VPN connection (Amazon uses IPsec).

Remember, a VPN is the network you have when you're not having a network - it behaves just like a "private network" only it's virtual. Similarly a VPC is exactly that: a virtual "private cloud" - it behaves like a "private cloud" (in that it has a [virtual] perimeter) but users still get all the benefits of cloud computing - including trading capex for opex and leaving the details to someone else.

Also recall that the origin of the cloud was network diagrams where it was used to denote sections of the infrastructure that were somebody else's concern (e.g. a telco). You just needed to poke your packets in one side and [hopefully] they would reappear at the other (much like the Internet). Cloud computing is like that too - everything within the cloud is somebody else's concern, but if you install your own physical "private cloud" then that no longer holds true.

Of course the "private cloud" parade (unsurprisingly consisting almost entirely of vendors who peddle "private cloud" or their agents, often having some or all of their existing revenue streams under direct threat from cloud computing) were quick to jump on this and claim that Amazon's announcement legitimised "private cloud". Au contraire mes amis - from my [front row] seat the message was exactly the opposite. Rather than "legitimis[ing] private cloud" or "substantiating the value proposition" they completely undermined the "private cloud" position by providing a compelling "public cloud" based alternative. This is the mother of all trojan horses and even the most critical of commentators wheeled it right on in to the town square and paraded it to the world.

Upon hearing the announcement Christofer Hoff immediately claimed that Amazon had "peed on [our] fire hydrant" and Appistry's Sam Charrington chimed in, raising him by claiming they had also "peed in the pool" ([ab]using one of my favourite analogies). Sam went on to say that despite having effectively defined the term Amazon's product was not, in fact, "virtual private cloud" at all, calling into question the level of "logical isolation". Reuven Cohen (another private cloud vendor) was more positive having already talked about it a while back, but his definition of VPC as "a method for partitioning a public computing utility such as EC2 into quarantined virtual infrastructure" is a little off the mark - services like EC2 are quarantined by default but granular in that they don't enforce the "strong perimeter" characteristic of VPCs.

Accordingly I would (provisionally) define Virtual Private Cloud (VPC) as follows:

Virtual Private Cloud (VPC) is any private cloud existing within a shared or public cloud (i.e. the Intercloud).

This is derived from the best definition I could find for "Virtual Private Network (VPN)"

Twitter Pro: Best Buy's @twelpforce is full of [security] fail

Update: Enomaly's Lars-Eric Forsberg, "the manager responsible for overseeing projects outside of our product group at Enomaly including Twelpforce" emailed me to let me know that they "have taken steps to address the security issues you outlined in your post". He requested that "[I] give [them] a head's up if [I] do notice any issues like this in the future before posting about it publicly to give [them] an opportunity to rectify the situation", and while it's ironic that I've dealt with Enomaly before, none of the Best Buy sites mentioned their involvement and Twelpforce itself still lacks contact details. While they have enabled SSL there was no mention about third-party services unnecessarily handling corporate credentials (aside from an obscure reference to "other mitigating factors that have been present in the environment from the beginning"), nor what steps were taken to audit or remediate those accounts that may have been compromised while the site was insecure.

 

As you know I've been paying very close attention to Twitter this week and while trawling through their blog looking for [ab]use of various terms they're trying to trademark I found this little chestnut: BestBuy, Good Stuff. Basically, "BestBuy has created a program they call Twelpforce. The idea is that employees from across the organization can interact quickly and easily with customers who have questions about products". Curious I took a look at @twelpforce and was greeted with this:

Just in case you can't see it from here (or click through to the full size version), the first tweet is:

@SimonTheSnowman this is true, Best Buy will rule the world. via @mikelinsalaco

Here we have 12 year old Simon of Being Freakin' Awesome, Inc. (who can be reached on 1337 and who blogs at http://simonthesnowmanftw.tk/) being reassured by Mikel Insalaco: "I am the infamous Mikel Insalaco, I am kind of a big thing. Muthasuckin Mahogany and leatherbound books". As James Watters would say, the critique here writes iself?

This is in line with Dave Zatz's observations too in suggesting Has Best Buy’s Twelpforce Already Failed? Dave draws attention to this classy twelpforcer tweet (among others): "tweet tweet...im such a homo" - definitely not the sort of thing I'd want associated with my corporate branding, that's for sure.

This, viewers, is what Twitter has in mind for companies (having come clean after TechCrunch aired their dirty laundry in public). They are so excited in fact that "[they]'ve been studying how customers and businesses interact and derive value from Twitter [and] are putting together a document based on our studies and we'll find a spot on our web site to share it with everyone when it's ready". Definitely looking forward to leafing through that when it's available, though I'm guessing there'll have to be some fairly agressive pre-press filtering if this is what the raw feed looks like. Despite appearances I do rather like Twitter and hope they do well - I'm just not convinced this is how they're going to make their millions.

Cutting to the chase, see that third tweet: "@missladii0430 #Twelpforce If you are a Best Buy employee you can sign up here. --> http://tinyurl.com/kp8jwb via @Agent8819". That employee sign up link takes you here: http://bbyconnect.appspot.com/connect/signup/ See the problem yet? The first thing they ask you for is "Please enter your Best Buy employee number and password", followed immediately by your "Best Buy Corporate email address".

What's that? You want my name (Best Buy addresses are firstname.lastname@bestbuy.com), corporate email, employee number and corporate password to be sent over the big bad Internet? To a preview release of a service hosted by someone else? That's ok, it's encrypted, right? WRONG. Never mind, I'll just change "http" to "https". Wrong again. Though Google App Engine supports SSL it's disabled for this application/URL so even though it looks like it works you've just been silently redirected back to the insecure address. Oops.

So here we have Best Buy soliciting corporate credentials with no encryption whatsoever, over the public Internet (including any local, potentially unprotected wireless), to a preview release of a service they have little control over and, it gets better, verifying them in real time! If you enter random details into the form it will tell you instantly (that's right, no tarpitting or other delays) that "Employee number or password is incorrect". Don't have a Best Buy employee number to try? That's ok because they're only a Google search away (along with network configuration information including server names) and there doesn't appear to be anything stopping you from trying as many times as you like either so brute force away.

Normally I'd have reported this via the usual channels but they've not given any contact information whatsoever (except via public Twitter) and besides, it's such a comedy of errors that they're probably better off shutting it down than trying to fix it anyway. What I don't get more than anything else is why they would bother trying to roll their own when there are plenty of perfectly good services like CoTweet and HootSuite that are being used with far better results by the likes of Ford, Coke, Pepsi, JetBlue, Sprint and StarBucks.

Crystal ball: Data-only carriers to destroy the telco industry RSN

This is one of those random thoughts that fits in a tweet but deserves a little more explanation. Like most I currently pay around €100 a month for a mobile package that includes some texts, airtime (2+2 hours on and off peak), some data and usually some useless gimmicks (free calls at certain times or to certain phones, etc.). This of course makes it truly impossible to compare apples to apples and I almost feel like choosing the right plan should be a profession (I'm sure there must be businesses that do this for a living).

Under the covers though it's all just 1's and 0's and it's been that way for a while - Australia turned off it's analog mobile network (AMPS) while I was still there and like here in Europe uses the Global Standard for Mobiles (GSM). This shares the limited airwaves with timeslices (TDMA) and over in the US they do a similar thing with code (CDMA), probably because TDMA has timing problems when you get out to tens of kilometers (irrespective of the strength of the signal) and the US has a lot of land to cover. Point is that under the covers it's all data. Of course things have changed a bit since I was helping design Australia's first digital mobile network - now we've got 3G, LTE, WiFi, WiMax, etc. to play with too.

Traditional telephony was what we call "circuit switched", which means it was about creating a dedicated connection between two endpoints. First these were hardwired, then switched manually by operators, then clicks on the line would operate mechanical switches at the exchange, more recently tones (DTMF) would tell chips what to do and nowdays connections are set up out-of-band over data connections. But it all still revolves around circuits, even though these days we're not tying up a pair of copper for the duration of the call, rather sending as much data as we need to when we need it (silence often uses little or no bandwidth but then we have to simulate background noise at the other end so as not to confuse the human).

That is to say it's time we stopped thinking about circuits which tend to be billed by time (after all, the resource could not be shared when you were using it) and start thinking about data (which is typically billed by quantity transferred or bandwidth available). In other words we are paying (generally more) for our communications because of technological limitations that have long since been removed. Even Skype go to great lengths to identify which country you are calling from so as to impose the legacy billing system we are used to (so many cents per minute depending on the country) rather than take advantage of what the Internet has to offer in terms of being unaffected by geography.

Then there's texts which are an even bigger rort. These were basically an afterthought which are sent out-of-band over the relatively limited control channel - the one that's used to set up calls and so on (that's why they take a while to send and why you can jam a phone by sending/receiving too many). Knowing that everything is 1's and 0's anyway, did you ever stop to think about how many texts a minute of voice is worth (even using strong compression)? It's a *lot* but let's work it out. Full rate GSM consumes 13Kbps or just shy of 100,000 8-bit characters per minute assuming my maths are correct. Each SMS is 140 8-bit (or 160 7-bit) characters or around 700 texts per minute. In Australia those texts cost $0.25 each so we're paying $175.00 a minute to consume the bandwidth as texts when we'd pay around $0.50 to consume it as voice. You can see why they love them now, can't you!

The telcos have been on the gravy train for long enough at our expense and it's long since been time for the next generation of carrier to take over. There's a massive opportunity here for someone to enter the market with a data-only service and in doing so destroy the existing industry literally overnight. We've already got devices (iPhones, Android) that are more than capable of doing everything we need over data, but which are being deliberately crippled by hardware and software vendors in order to protect the legacy carriers. That's not to say that Apple and Google are to blame for contracts they are almost certainly forced into by the likes of AT&T, but seeing Google taking the high road while having to concede that "individual operators can request that certain applications be filtered if they violate their terms of service" is disappointing.

Why can't we have Google Voice on the iPhone? Or use Skype over 3G (without jailbreaking and installing 3G Unrestrictor)? Or open source/open standard SIP telephony for that matter? Why are we sending texts when we have instant messaging? Or dialing in to retrieve voicemails that could just as easily be translated and/or emailed? Why are we paying for silence on the line when we should be paying for bandwidth and/or quantity of data? Why do we pay for minutes at all?

The telcos will tell you it's to protect their networks, and ultimately to protect you, no doubt from the evils of illegal filesharing, terroristing and child pornography. There's an element of truth to this (it only takes a few greedy customers to ruin it for the rest and as always 10% of the users use 90% of the traffic), ut there are simple, effective solutions for this too. People will pay more for a premium/priority service and at the end of the day you can always reign in abusers with packet shaping. The fairest mechanism I can think of comes in the form of a logarithmic bandwidth policy whereby the more you use the slower you go, but the point is that there are solutions so this is pure FUD. My "unlimited" data connection was just throttled from 3G+ to 3G speeds at 800Mb and again at 1000 Mb (so much for unlimited), but I'd happily pay more for a more "unlimited" service if it meant I could say goodbye to minutes and texts forever.

It will happen - it's just a case of when (and where first). Australia's regularly used as a test market and capped ($99 all you can talk) style plans took over by storm a few years ago, so let's just help an existing innovative carrier like 3 or a new one altogether teach the incumbents a lesson, with any luck by the time I get back there.

Twitter Retries Registering Retweet

Hopefully you're not sick of hearing about Twitter, Inc's trademark woes (and yet another alliteration) because yes, they've been at it again.

Conceding that the USPTO has successfully torpedoed their trademark on "tweet" but otherwise undeterred they've just tried to lay claim to the more specific term "retweet" (#77804841). While admittedly more distinctive (and therefore less problematic from a legal point of view), let's not forget that they recently came under fire from developers for unjustly suspending retweet.com's @retweet account, having announced plans for an official retweet function of their own (more on Project Retweet at Mashable).

This functionality could well prove as important for microblogging as Google's PageRank did for Internet search and it's definitely not the sort of thing we want to have locked up with a single provider. The idea is that it provides a way to value a user's contribution based on how many people (and who) retweet a user's tweets (a TweetRank, for want of a better name).

So what's the problem with Twitter, Inc registering "retweet" as a trademark? It's not theirs to register, that's what. That's right, the "gesture and syntax of retweet was invented by users" and even Twitter's own web interface still lacks the very functionality they are trying to take control of (and will for weeks to come no less). The retweet "micro-convention" has been meticulously documented and extensively discussed by active twitterers (twits?) who have gone so far as to write an essay on retweeting etiquette. Nothing I have seen anywhere credits Twitter with the invention of the retweet (which according to Google Trends took off at the start of this year) and in my opinion asking the authorities to remove this term from the public lexicon is nothing short of highway robbery.

It's no secret they didn't come up with the idea either. Shooting themselves in the foot once again, Twitter's help pages (archived for posterity) define retweeting as follows (emphasis mine):

What does RT, or retweet mean?
RT is short for retweet, and indicates a re-posting of someone else's tweet. This isn't an official Twitter command or feature, but people add RT somewhere in a tweet to indicate that part of their tweet includes something they're re-posting from another person's tweet, sometimes with a comment of their own.Check out this great article on re-tweeting, written by a fellow Twitter user, @ruhanirabin.

So there you have it, even Twitter admit the idea isn't theirs, defining it as a verb (another sure fire way to destroy a trademark) and then referring to a user article for more information. Of course that won't stop them claiming it as their own now with a view to preventing competitors from delivering it themselves.

To put things in perspective that's about as reasonable as Google claiming ownership of our ideas because they're in their index.

Unfortunately though I have a sneaking suspicion that Twitter will get away with it this time unless we stand our ground now. ReTweet.com are in a particularly good position to prevent this from happening (they already claim trademark status over the word):

TRADEMARK INFORMATION
Retweet.com, the Retweet.com logo and other Mesiab Labs trademarks including service marks, and product and service names are Mesiab Labs trademarks or registered trademarks in the United States and in other countries (the "Mesiab Labs Marks"). All other names and designs may be trademarks of their respective owners. Users may display or use the Retweet.com and Mesiab Labs Marks only in accordance with Mesiab Labs Trademark Use Guidelines. 

Here's hoping they (or one of the many other retweet sites) file an opposition to the trademark when the appropriate time comes.

"Twitter" Trademark in Trouble Too

Yesterday I apparently struck a nerve in revealing Twitter's "Tweet" Trademark Torpedoed. The follow up commentary both on this blog and on Twitter itself was interesting and insightful, revealing that in addition to likely losing "tweet" (assuming you accept that it was ever theirs to lose) the recently registered Twitter trademark itself (#77166246) and pending registrations for the Twitter logo (#77721757, #77721751) are also on very shaky ground.

Trademarks 101

Before we get into details as to how this could happen lt's start with some background. A trademark is one of three main types of intellectual property (the others being copyrights and patents) in which society grants a monopoly over a "source identifier" (e.g. a word, logo, scent, etc.) in return for being given some guarantee of quality (e.g. I know what I'm getting when I buy a bottle of black liquid bearing the Coke® branding). Anybody can claim to have a trademark but generally they are registered which makes the process of enforcing the mark much easier. The registration process itself is thus more of a sanity check - making sure everything is in order, fees are paid, the mark is not obviously broken (that is, unable to function as a source identifier) and perhaps most importantly, that it doesn't clash with other marks already issued.

Trademarks are also jurisdictional in that they apply to a given territory (typically a country but also US states) but to make things easier it's possible to use the Madrid Protocol to extend a valid trademark in one territory to any number of others (including the EU which is known as a "Community Trademark"). Of course if the first trademark fails (within a certain period of time) then those dependent on it are also jeopardised. Twitter have also filed applications using this process.

Moving right along, there are a number of different types of trademarks, starting with the strongest and working back:

• Fanciful marks are created specifically to be trademarks (e.g. Kodak) - these are the strongest of all marks.
• Arbitrary marks have a meaning but not in the context in which they are used as a trademark. We all know what an apple is but when used in the context of computers it is meaningless (which is how Apple Computer is protected, though they did get in trouble when they started selling music and encroached on another trademark in the process). Similarly, you can't trademark "yellow bananas" but you'd probably get away with "blue bananas" or "cool bananas" because they don't exist.
  
• Suggestive marks hint at some quality or characteristic without describing the product (e.g. Coppertone for sun-tan lotion)
• Descriptive marks describe some quality or characteristic of the product and are unregistrable in most trademark offices and unprotectable in most courts. "Cloud computing" was found to be both generic and descriptive by USPTO last year in denying Dell. Twitter is likely considered a descriptive trademark (but one could argue it's now also generic).
• Generic marks cannot be protected as the name of a product or service cannot function as a source identifier (e.g. Apple in the context of fruits, but not in the context of computers and music)

Twitter
Twitter's off to a bad start already in their selection of names - while Google is a deliberate misspelling of the word googol (suggesting the enormous number of items indexed), the English word twitter has a well established meaning that relates directly to the service Twitter, Inc. provides. It's the best part of 1,000 years old too, derived around 1325–75 from ME twiteren (v.); akin to G zwitschern:

- verb (used without object)

1. to utter a succession of small, tremulous sounds, as a bird.
2. to talk lightly and rapidly, esp. of trivial matters; chatter.
3. to titter, giggle.
4. to tremble with excitement or the like; be in a flutter.

- verb (used with object)

5. to express or utter by twittering.

- noun

6. an act of twittering.
7. a twittering sound.
8. a state of tremulous excitement.

Although the primary meaning people associate these days is that of a bird, it cannot be denied that "twitter" also means "to talk lightly and rapidly, esp. of trivial matters; chatter". The fact it is now done over the Internet matters not in the same way that one can "talk" or "chat" over it (and telephones for that matter) despite the technology not existing when the words were conceived. Had "twitter" have tried to obtain a monopoly over a more common words like "chatter" and "chat" there'd have been hell to pay, but that's not to say they should get away with it now.

Let's leave the definition at that for now as twitter have managed to secure registration of their trademark (which does not imply that it is enforceable). The point is that this is the weakest type of trademark already and some (including myself) would argue that it a) should never have been allowed and b) will be impossible to enforce. To make matters worse, Twitter itself has gained an entry in the dictionary as both a noun ("a website where people can post short messages about their current activities") and a verb ("to write short messages on the Twitter website") as well as the AP Sytlebook for good measure. This could constitute "academic credability" or "trademark kryptonite" depending how you look at it.

Enforcement


This brings us to the more pertinent point, trademark enforcement, which can essentially be summed up as "use it or lose it". As at today I have not been able to find any reference whatsoever, anywhere on twitter.com, to any trademark rights claimed by Twitter, Inc. Sure they assert copyright ("© 2009 Twitter") but that's something different altogether - I have never seen this before and to be honest I can't believe my eyes. I expect they will fix this promptly in the wake of this post by sprinking disclaimers and [registered®] trademark (TM) and servicemark (SM) symbols everywhere, but the Internet Archive never lies so once again it's likely too little too late. If you don't tell someone it's a trademark then how are they supposed to avoid infringing it?

Terms of Service

The single reference to trademarks (but not "twitter" specifically) I found was in the terms of service (which are commendably concise):

We reserve the right to reclaim usernames on behalf of businesses or individuals that hold legal claim or trademark on those usernames.

That of course didn't stop them suspending @retweet shortly after filing for the ill-fated "tweet" trademark themselves, but that's another matter altogether. The important point is that they don't claim trademark rights and so far as I can tell, never have.

Logo


To rub salt in the (gaping) wound they (wait for it, are you sitting down?) offer their high resolution logos for anyone to use with no mention whatsoever as to how they should and shouldn't be used ("Download our logos") - a huge no-no for trademarks which must be associated with some form of quality control. Again there is no trademark claim, no ™ or ® symbols, and for the convenience of invited infringers, no less than three different high quality source formats (PNG, Adobe Illustrator and Adobe Photoshop):

Advertising

Then there's the advertising, oh the advertising. Apparently Twitter HQ didn't get the memo about exercising extreme caution when using your trademark; lest be the trademark holder who refers to her product or service as a noun or a verb but Twitter does both, even in 3rd-party advertisements (good luck trying to get an AdWords ad containing the word "Google"):

Internal Misuse

Somebody from Adobe or Google please explain to Twitter why it's important to educate users that they don't "google" or "photoshop", rather "search using Google®" and "edit using Photoshop®". Here's some more gems from the help section:

• Now that you're twittering, find new friends or follow people you already know to get their twitter updates too.
• Wondering who sends tweets from your area?
• @username + message directs a twitter at another person, and causes your twitter to save in their "replies" tab.
• FAV username marks a person's last twitter as a favorite.
• People write short updates, often called "tweets" of 140 characters or fewer.
• Tweets with @username elsewhere in the tweet are also collected in your sidebar tab; tweets starting with @username are replies, and tweets with @username elsewhere are considered mentions.
• Can I edit a tweet once I post it?
• What does RT, or retweet, mean? RT is short for retweet, and indicates a re-posting of someone else's tweet. This isn't an official Twitter command or feature, but people add RT somewhere in a tweet to indicate that part of their tweet includes something they're re-posting from another person's tweet, sometimes with a comment of their own. Check out this great article on re-tweeting, written by a fellow Twitter user, @ruhanirabin. <- FAIL x 7

Domains

According to this domain search there are currently 6,263 domains using the word "twitter", almost all in connection with microblogging. To put that number in perspective, if Twitter wanted to take action against these registrants given current UDRP rates for a single panelist we're talking $9,394,500 in filing fees alone (or around 1.5 billion nigerian naira if that's not illustrative enough for you). That's not including the cost of preparing the filings, representation, etc. that their lawyers (Fenwick & West LLP) would likely charge them.

If you (like Doug Champigny) happen to be on the receiving end of one of these letters recently you might just want to politely but firmly point them at the UDRP and have them prove, among other things, that you were acting in bad faith (don't bother coming crying to me if they do though - this post is just one guy's opinion and IANAL remember ;).

I could go on but I think you get the picture - Twitter has done such a poor job of protecting the Twitter trademark that they run the risk of losing it forever and becoming a lawschool textbook example of what not to do. There are already literally thousands of products and services [ab]using their brand and while some have recently succombed to the recent batch legal threats they may well have more trouble now that people know their rights and the problem is being actively discussed. Furthermore, were it not for being extremely permissive with the Twitter brand from the outset they arguably would not have had anywhere near as large a following as they do now. It is only with the dedicated support of the users and developers they are actively attacking that they have got as far as they have.

The Problem: A Microblogging Monopoly

Initially it was my position that Twitter had built their brand and deserved to keep it, but that they had gone too far with "tweet". Then in the process of writing this story I re-read the now infamous May The Tweets Be With You post that prompted the USPTO to reject their application hours later and it changed my mind too. Most of the media coverage took the money quote out of context but here it is in its entirity (emphasis mine):

We have applied to trademark Tweet because it is clearly attached to Twitter from a brand perspective but we have no intention of "going after" the wonderful applications and services that use the word in their name when associated with Twitter.

Do you see what's happening here? I can't believe I missed it on the first pass. Twitter are happy for you to tweet to your heart's content provided you use their service. That is, they realised that outside of the network effects of having millions of users all they really do is push 1's and 0's around (and poorly at that). They go on to say:

However, if we come across a confusing or damaging project, the recourse to act responsibly to protect both users and our brand is important.

Today's batch of microblogging clients are hard wired to Twitter's servers and as a result (or vice versa) they have an effective microblogging monopoly. Twitter, Inc has every reason to be happy with that outcome and is naturally seeking to protect it - how better than to have an officially sanctioned method with which to beat anyone who dare stray from the path by allowing connections to competitors like identi.ca? That's exactly what they mean with the "when associated with Twitter" language above and by "confusing or damaging" they no doubt mean "confusing or damaging [to Twitter, Inc]".

The Solution: Distributed Social Networking

Distributed social networking and open standards in general (in the traditional rather than Microsoft sense) are set to change that, but not if the language society uses (and has used for hundreds of years) is granted under an official monopoly to Twitter, Inc - it's bad enough that they effectively own the @ namespace when there are existing open standards for it. Just imagine if email was a centralised system and everything went through one [unreliable] service - brings a new meaning to "email is down"! Well that's Twitter's [now not so] secret strategy: to be the "pulse of the planet" (their words, not mine).

Don't get me wrong - I think Twitter's great and will continue to twitter and tweet as @samj so long as it's the best microblogging platform around - but I don't want to be forced to use it because it's the only one there is. Twitter, Inc had ample chance to secure "twitter" as a trademark and so far as I am concerned they have long since missed it (despite securing dubious and likely unenforceable registrations). Now they need to play on a level playing field and focus on being the best service there is.

Update: Before I get falsely accused of brand piracy let me clarify one important point: so far as I am concerned while Twitter can do what they like with their logo (despite continuing to give it away to the entire Internet no strings attached), the words "twitter" and "tweet" are fair game as they have been for the last 700+ years and will be for the next 700. From now on "twitter" for me means "generic microblog" and "tweet" means "microblog update".

If I had a product interesting enough for Twitter, Inc to send me one of their infamous C&D letters I would waste no time whatsoever in scanning it, posting it here and making fun of them for it. I'm no thief but I am a fervent believer in open standards.

Twitter's "Tweet" Trademark Torpedoed

Last month Twitter founder Biz Stone announced in a blog post (May The Tweets Be With You) that they "have applied to trademark Tweet because it is clearly attached to Twitter from a brand perspective". This understandably caused widespread upset as the word "tweet" has been used generically by users for some time as well as in any number of product names by independent software vendors. Here's some samples from the resulting media storm:

• CNET News: Is Twitter freaking out over 'tweet' trademark?
  
• TechExpert: Twitter Trying to Trademark "Tweet"
• LA Times: Will Twitter trademark 'tweet' before it’s genericized?
• PC Magazine: Twitter Trying to Trademark 'Tweet'
• TechCrunch: Twitter Grows “Uncomfortable” With The Use Of The Word Tweet In Applications
• TechCrunch: Twitter To Developers: “Tweet” Your Heart Out, But Don’t “Twitter” It
  
• Bloomberg: Twitter Lays Claim to ‘Tweet’ Trademark in Bid to Protect Brand
  

What they failed to mention though was that according to USPTO records (#77715815) not only had they actually applied some months before (on 16 April 2009) but that their application had been refused that very same day (1 July 2009).

According to documents from the Trademark Document Retrieval system, their lawyers (Fenwick & West LLP) were notified of the rejection by email to trademarks@fenwick.com that day. The USPTO had explained that "marks in prior-filed pending applications may present a bar to registration of applicant’s mark. [...] If the marks in the referenced applications register, applicant’s mark may be refused registration under Trademark Act Section 2(d) because of a likelihood of confusion between the two marks", referencing and attaching not one, not two but three separate trademark applications:

• #77695071 for TWEETMARKS (pending receipt of Statement of Use)
• #77697186 for COTWEET (pending clarification)
  
• #77701645 for TWEETPHOTO (pending transfer to Supplemental Register)

Now I may not be a lawyer (I did play a role in overturning Dell's "cloud computing" and Psion's "Netbook" trademarks) but given all three of the marks identified look like proceeding to registration (it only takes one to rain on their parade), it's my non-expert opinion that Twitter has a snowflake's chance in hell of securing a monopoly over the word "Tweet".

That's too bad for Twitter but it's great news for the rest of the community as it's one less tool for locking in Twitter's rapidly growing microblogging monopoly. People do use the word "tweet" generically (including with non-Twitter services) and if Twitter, Inc. were successful in removing it from the public lexicon then we could all suffer in the long run.

In any case it is neither serious nor safe for one company to become the "pulse of the planet" and that is why I will be following up with a series of posts as to how distributed social networking can be made a reality through open standards (if that stuff is of interest to you then subscribe and/or follow me for updates). I've also got some interesting things in the pipeline in relation to standards and trademarks in general so watch this space.

Anyway it just goes to show that with trademarks you need to "use it or lose it". The "propagation delay" of the media has dropped from months at the outset to near real-time today so companies need to move fast to protect their marks or lose them forever. As for whether the 1 July post was a scramble to protect the mark on receipt of the USPTO's denial, whether the USPTO was acting in response to it, or whether it was just a coincidence and particularly bad timing I don't know. I don't really care either as the result is the same, but I would like to believe that the USPTO is becoming more responsive to the needs of the community (after all, they revoked Dell's cloud computing trademark in the days following the uproar, despite having already issued a "Notice of Allowance" offering it to them).

Update: It turn out that USPTO most likely acted in response to Twitter's 10:37am blog post as (after months without action) they conducted an XSearch at 8:30pm and sent the rejection notice at 9:00pm. I'd chalk that up as a FAIL for Twitter and a WIN for the USPTO.

Update: See also: The Inquisitr: No Tweet trademark for Twitter, complete with the hilarious graphic at the top (used without permission but with thanks to the creative genius at The Inquisitr).

Update: See also: CNET News: Not so fast, Twitter: 'Tweet' isn't yours, which is a good, balanced, albeit unsourced article.