Don't Get Bitten by an ASP
Nightmare on Broadband Street
All the computer world's atwitter over the arrival of the ASP (Application Server Provider) technology and business model. This is the shiny new way we'll all compute in the near future, some pundits and analysts (and, least surprising of all, some vendors) would have us believe. After all, why endure the seemingly infinite hassle and expense of maintaining desktop computers, whether it's just your family PC in the rec. room, or thousands of corporate desktops? In The Age of The Fat Pipe there's no reason to keep all that software on your desktop or (horrors!) on your laptop.
To be honest, I've long thought this was an enticing argument. I've been working with desktop computers since before IBM introduced theirs, and I've spent more time wrestling with bugs, hardware failures, and bizarre configuration problems on these beige monstrosities than I care to think about. And I've got the scars to prove it. So, when I read about surveys and studies that say a large part of the expense of a corporate PC, up to 80% over a four-year life cycle, is support, upgrades, training, and the cost of lost work and time due to system failures, I believe it. So why shouldn't we be eager to minimize the pain we're inflicting on ourselves by simplifying the box on the desktop, and centralizing control, configuration, and security as much as possible?
Nightmare on Broadband Street
But there's at least one troubling aspects to the rise of ASPs that I haven't seen mentioned, particularly in light of Microsoft's intention to ".Net" their entire company and product line. The issue is simply: How much will your ASP spy on what you're doing, and how will they use their knowledge of what you're doing?
Before you brand me as yet another paranoid fruitloop with a net connection, let's consider the possibilities in light of some of the things we're already seeing companies do in other corners of the industry. For the sake of an example, let's say you have an ASP account with Bill's Omnipresent Online Bits (BOOB). Your BOOB account gives you access to e-mail, the web, and an entire suite of first-class office apps, along with a hefty portion of encrypted online space for your documents. You can log in from any web browser in the world and work with your docs just as if everything lived on your desktop.
Would it bother you if BOOB tracked the way you configure your apps--which features you turn off, which ones you tailor--as well as which ones you do and don't use? Most people, myself included, probably would dismiss this as nothing more than another round in the game of hide and seek we've all been playing with market researchers for years. You can make a reasonable argument that this type of "spying" would let our friends at BOOB make their product adhere more closely to their users' wishes in future releases. Amazon.com customers are already used to this, in the form of their recommendations based on your prior purchases. I found this unnerving the first few times I saw it, but I adjusted quickly enough.
What if you stored some sensitive information in your ASP-resident files, like credit card information, and then found out that someone had cracked into BOOB's systems and made off with unencrypted copies of a million or so users? And further, you then found out that in the nanoprint of the service agreement you signed, you absolved BOOB in advance of all damages if such a thing should happen? Still feeling good about surrendering your desktop office suite for BOOB's offerings?
What if you wrote a letter to a kitchen appliance company complaining about the toaster oven you bought that flamed out after only six months, and you then started getting spam e-mail from other appliance companies, because BOOB's docbots read your letter and added your name and e-mail address to the list BOOB sold to appliance companies? Think this is far-fetched? I don't, and it feels like an all-too-short jump from getting banner ads in a search engine that relate to your search keywords to this scenario. After all, the ASP hasn't disclosed your documents to anyone else--they've merely sold your contact information to some companies with an assurance that you're a more likely than average candidate for their wares.
Let's go one more step up the creepy scale, and say that you get an off-color joke in e-mail from a friend, who's accidentally sent you the same file several times. (Hey, e-mail happens.) Just to kid your friend, you reply to the note with, "Stop stalking me already!". As soon as you click the Send button, BOOB "helpfully" pops up a dialog box offering to put you in touch with authorities, and providing information about how to prevent cyberstalking. Squirming yet? I am, and was, when a relative told me about exactly this happening to her on AOL--she sent an IM to her (adult-age) son using the magic word "stalking", and AOL sprang into action with a dialog box for her to report the incident.
If you skin's not crawling yet, think about what else BOOB might find of commercial value in your files. Got a spreadsheet that shows your firm is suffering from tight credit? No problem! Just leave the file there, and BOOB will surely sell your contact info to a commercial credit company. Got some copyrighted music MP3's? Better hope the authorities don't ask BOOB for a listing of everyone's files, because you can bet some of them will cooperate, even without a search warrant or any reason to think you've done anything wrong. Once you (or, more important, an ASP trying to survive in a highly competitive market) start thinking along these lines, there's almost no end to the things that you can program a bot to search for in that large a collection of files.
Take a Deep Breath
Let me be painfully clear about this: I'm not saying that ASPs are collectively evil or are planning to take away our civil liberties or spy on us. But we should all remember that we're at the convergence of a phenomenal set of technological, economic, and social forces. Between the lack of specific privacy legislation regarding online activities, the established and growing practice of using data mining to extract value from customer information, as well as the hyper-competitive nature of all online business, we're headed for uncertain times. And that, in turn, means we should all approach it with appropriate caution.
By all means, we should "embrace" new technology, and we should definitely be as creative as we can in figuring out ways to use it to work better and have more fun. But whenever we contemplate giving up physical control of our data to someone else, we should we should do so with our eyes wide open, and with just a pinch of paranoia, to keep from being abused by that same technology. If we don't, we'll be at the mercy of the BOOB's of the world, with no one to blame but ourselves.