Yesterday’s little spat about the BBC’s weather data neatly illustrates a potential problem with the Web 2.0 “everything is an API” approach.
To summarise what happened yesterday… For some months the BBC have been promising that weather feeds would be available from their Backstage project. But they’ve been involved in protracted licensing negotiations with the Met Office which means that these feeds haven’t yet been released. Yesterday Ben Metcalfe (who, until leaving the BBC a couple of months ago, lead Backstage) discovered that behind the BBC News site’s new localisation features lurked access to an internal weather feed. He published this information on his blog and to the Backstage mailing list. Ian Betteridge wrote a stinging attack on Ben for doing this and after a night’s reflection Ben has now removed the information from his web site.
It’s clear that the feeds weren’t for public use and Ben has admitted that he knew that before publishing his links. But I think it’s naive of Ian to imply that Ben must have used insider information to work out how to access the feeds. It’s something that any reasonably clued up geek with an HTTP traffic sniffer could have worked out in fifteen minutes.
And that’s where the problem lies. Or, at least, potentially lies. It’s all very well building your web site out of feeds and APIs, but you need to realise that once you’re using APIs like that on a public server then there will be curious geeks trying to work out how you did it. And generally succeeding pretty quickly.
It’s like the BBC Radio streams. On the BBC site they are accessed using a version of Real Player. This version of Real Player has had some features removed in order to make the rightsholders of the content happy. But the raw links are there in the BBC web pages. Anyone can access them with a little bit of work. The thing that the BBC were uncomfortable about my pages was that it made those raw links too easy to find. So, in the interest of helping the BBC in their negotiations with the rightsholders I removed those links from my pages. But they’re still there in the BBC’s web pages. Anyone else could publish them at any time.
So by opening up you data in this way, you’re also opening it up to abuse. Sure, you can stick terms and conditions all over your site, but that only stops some people. There are a lot of people out there with no regard for legal niceties like that. If it’s important that these APIs and feeds are only used by certain people then you probably want to consider putting some kind of technological protection in place.
I think that Ben was wrong to publish the information. But I don’t think he used insider knowledge to do it. And I think that the BBC was being naive to think that the information wouldn’t get into the public domain very quickly.
The issue isn’t so much that Ben had insider information (although I have a great deal of difficulty believing that NONE of the knowledge he gained at the BBC helped him). The issue is simply that Ben knew his actions would cause Bad Things to happen internally. He didn’t bother to check to see where the licensing arrangements were heading- somehting he could easily have done. More importantly, being familiar with licensing data, he must have been aware that his actions would cost the BBC money and cause a lot of issues – including some questioning of the whole Backstage program.He knew all that, yet he did it anyway. That’s not the actions of a prankster, that’s the actions of someone who needs to grow up.