Media Influencer

helping people break out of pigeonholes since 2003

Privacy ain’t dead yet

Tags: , , , ,

Last couple of months I have found myself giving several talks on privacy. This isn’t exactly news as I have been banging on that drum for ages, but there does seem to be more interest in privacy and requests to talk about the topic.

This may be because people are realising how elusive privacy becomes as the web platforms are turning the screws on user data they have accumulated. I am looking at you, Facebook, though Facebook is not the only perp in town…

The first talk on the topic, which I enjoyed very much was the one I gave in June to the Oxford Libertarian Society. I tried to cover various notions of privacy and argued that privacy is to identity what freedom is to morality – the latter can’t exist without the former. Here’s the text in full.

Oxford Libertarian Society talk on privacy

My second recent talk on privacy was at LIFT France 2010, as part of the session called Privacy Revisited, Protect and Project with Daniel Kaplan, the founder of FING and Alma Whitten, Google’s Engineering Lead for Privacy. It is a sign of a good session where one learns much from the other speakers. After watching Alma’s interesting presentation, it occurred to me that in the world of web platforms and clouds, even ones that are trying to be benign, privacy boils down to something I should have opened my talk with…

Privacy is never having to delete things you don’t want anyone to see.

LIFT France Privacy

LIFT Privacy Talk

Fuck the cloud – a reminder

Tags: , , , ,

… worth making in these troubled times:

Insult, berate and make fun of any company that offers you something like a “sharing” site that makes you push stuff in that you can’t make copies out of or which you can’t export stuff out of. They will burble about technology issues. They are fucking lying. They might go off further about business models. They are fucking stupid. Make fun of these people, and their shitty little Cloud Cities running on low-grade cooking fat and dreams. They will die and they will take your stuff into the hole. Don’t let them.
Jason Scott of ASCII in Fuck the Cloud

Digital Identity Roundtable

Tags: , ,

Yesterday I attended a meeting called a mashup* event – private Digital Identity Roundtable, organised by the indefatiguable Tony Fish – whose book My Digital Footprint also came out yesterday.

The conversation was varied and under Chatham House rules so can’t talk about it in detail. What I can repeat here is my closing remark – a result of pervasive assumption that there should be identity provider(s) and my data doesn’t need to be mine:

I want to own and drive, manage, share my identity.
I want to do that on my own terms, using technology that enables me rather than provides for me.
I want to be my own ‘identity provider’ and I’d rather address challenges that this would pose than shoe-horn notions and practices of offline identity management onto the online networked world.

There you go, I said it. Here I try to work on it.

Quote to remember

TAGS: None

Cloud computing becomes fog when it goes down.
- Todd Spraggins on Twitter regarding Ma.gnolia data failure

It’s the context, stupid

TAGS: None

Doc Searls was asked about the last three paragraphs of this post by Daniel Goleman in connection with VRM.

The singular force that can drive this transformation of every manmade thing for the better is neither government fiat nor the standard tactics of environmentalists, but rather radical transparency in the marketplace. If we as buyers can know the actual ecological impacts of the stuff we buy at the point of purchase, and can compare those impacts to competing products, we can make better choices. The means for such radical transparency has already launched. Software innovations now allow any of us to access a vast database about the hidden harms in whatever we are about to buy, and to do this where it matters most, at the point of purchase. As we stand in the aisle of a store, we can know which brand has the fewest chemicals of concern, or the better carbon footprint. In the Beta version of such software, you click your cell phone’s camera on a product’s bar code, and get an instant readout of how this brand compares to competitors on any of hundreds of environmental, health, or social impacts. In a planned software upgrade, that same comparison would go on automatically with whatever you buy on your credit card, and suggestions for better purchases next time you shop would routinely come your way by email.

Such transparency software converts shopping into a vote, letting us target manufacturing processes and product ingredients we want to avoid, and rewarding smarter alternatives. As enough of us apply these decision rules, market share will shift, giving companies powerful, direct data on what shoppers want — and want to avoid — in their products.

Creating a market force that continually leverages ongoing upgrades throughout the supply chain could open the door to immense business opportunities over the next several decades. We need to reinvent industry, starting with the most basic platforms in industrial chemistry and manufacturing design. And that would change every thing

The article seems to imply that the data is out there in a form or format provided via some centralised source. My immediate reaction was that is not how the social web or the Live Web works: a) data is generated by anyone and everyone and b) it’s messy and the context emergent.

Technology and tools should serve us better and help us, as individuals, to filter and structure that information. Somehow, even in the best case scenario, I don’t see everything on tap from a unified source. Or digested, which is an uncomfortable implication that leaps out of the piece at me.

For example, assessing environmental or health impact of anything is subject to years, decades even, of debate, controversy, lobbying, vested interest, political play… and so it seems to me that the only way I can get information clear enough for making decisions is to ’subscribe’ to a particular view via sources promoting it. Of course, I can get a more balanced take on everything these days by finding alternative views somewhere on the web but I am not sure I want to stand in the supermarket, trying to follow a potentially heated and complicated online debate about the impact of the washing liquid I am about to put in my basket. Can technology speed up and simplify this process to the point where it becomes practical, without losing context for delibration in the process? That is one of the questions I ask myself whenever I come across yet another tool to help us search, compare, aggregate or match information online.

That said, information about nutrients and other non-controversial data of interest to me is easy enough to provide and sadly, this is where most vendors do fall short of what’s possible with existing technology. The operative word here is non-controversial, which is the trojan horse of any implementation of such resource(s). I mean that even what is meant to be gathering of ‘encyclopedic’ knowledge can be controversial at times. Trying to do that with live streams of information means that the checks and balances must reside in the context, not the source itself.

At the more fundamental level, the web and information technology made data cheap. It is the context to data that got expensive, in time and social interactions. On the web the best context costs you time spent browsing and researching and/or time spent cultivating a quality network to supply you with context as you need it. Here I elaborate:

The web has removed physical limitations on space. Data was expensive to create, store and move around and now it is not. This made room for context, which is becoming at least as important as the data. In fact, it is what make data and information the skeleton, giving shape to the flesh and skin but it is no longer the whole body and finish. The important thing is that context can be provided only by a human mind. It cannot be automated – when creating or absorbing it.

Update: The Guardian advert making similar point with regard to media and interpretations of ‘facts’ one sees.




It comes down to whether you prefer context to be provided by:

  1. automated algorithms a la Google and the thousands aggreation sites,
  2. trusted sources including vendors, manufacturers, even third parties and intermediaries, or
  3. your network of friends aka social network

The answer is obvious.

It depends! We use all three at different points in our information gathering, sharing and exchange and transactions. The challenge for VRM is to understand advantages and disadvantages of all three and encourage development of tools that give me, the individual user or customers, the best of all three.

My bet is on no.3. I want to help individuals to capture both data and context on their own terms. This will give rise to another layer of knowledge that serves both the individual and his network. For example, I want to collect data about my shopping, with my own comments and with sources of information useful to me. I want to have pictures of products I have bought, links to reviews by others and my own, comments by friends in my network, record of interactions with the vendors and third parties etc etc. I want it in a place I can further analyse it and share it based on my privacy requirements.

With time, all this can become a source of better understanding of my own behaviour and preferences, and, with practice, a better negotiating position in future transactions. In other words, I will be the most authoritative source of my own history, with data, information and knowledge about me.

And that might change everything.

Young Girl-Old Woman illusion
Young Girl-Old Woman Illusion


Bonus link: TED talk Chris Jones Picturing excess

CRM, CMR or VRM

TAGS: None

The acronym galore notwithstanding, the indefatiguable David Tebbutt has come across CMR (customer managed relationships):

twitter_tebbo_cmr.png

My immediate reaction was, hey, that’s a better way of naming something that is meant to give control to a customer. CMR started from the same position as VRM, which is flipping CRM:

Who invented the term “Customer Relationship Management” or “CRM”? Who cares I hear you mutter in response. Well for those of you who think you invented the term it probably matters. For those of you trying to make CRM work you might like to get hold of and strangle them!!

I second that motion!

Just imagine if all the marketing spend that went into getting CRM onto the board’s agenda had gone into CMR instead. For those of you who believe in neurolinguistics (i.e. something along the lines of “the words you use show what you are thinking”) using the term CMR would mean that the board actually thought the customer was in control, that the customer managed the relationship.

But what is Customer Managed Relationship? CRM Today article explains:

CMR is three things:

  1. An ability to rethink, to reshape your organisation and its knowledge so that it is at the disposal of your customers
  2. Internet enabled management tools which customers use to get what they want
  3. An ability to react to the information being generated and used by customers in order to increase profitability

So far, so good. And the benefits?

If executed well CMR generates three major benefits over CRM:

  1. It is easier to implement because the customer is doing the complex stuff
  2. It creates lock in since customers having invested their data with you will not move easily
  3. It allows you to move faster than your competitor since you are in a trusted relationship with your customer

This seems at least halfway to what VRM is trying to achieve. The benefits are spelled out only from the vendor side, given the audience of the article not surprising and there are examples of how a customer would benefit from having his tax done via a CMR system. It also gets the ‘why not outsource data management to customers’ bit right, again from the company perspective.

The catch is in the benefit no. 2:

“It creates lock in since customers having invested their data with you will not move easily.”

One of the VRM principles is that a free customer is more valuable than a captive one (scroll down to the bottom of the page. Alas, Project VRM site is down so can’t link directly. Will remedy as soon as back up again). So it seems that CMR hasn’t really moved from lock-in as the holy grail of customer management and retention. Be that as it may, so far, I’d give CMR from vendor perspective 8 out of 10, from customer perspective 5 out of 10, for the insistence on customers owning their data:

… customers should own their own information including their profile, transaction history, and any inferred information such as marital history and even behavior.

Two further issues leap out.

  • It’s all on vendors’ side and as a customer I am not meant to be independent of them.
  • There is no incentive for companies to implement and change the balance of power. They may want the benefit of data management and its complexity ‘outsourced’ to the customer but giving up any control goes against most companies instincts and systems.

The first is where CMR differs VRM at the first glance already, the second is often raised about VRM as a criticism.

And now for the vision:

I’m now living in a CMR world. I have tools with which to manage the big picture of my finances. I get best offers all the time. If service levels are not good I get to know before I buy by asking other customers of the companies concerned. These financial services companies are now wholesalers or manufacturers or advisors. The whole clearing system is a subset of this system. Banks do not do that anymore. Of course I need some cash sometimes but that’s getting rarer because my PFA (personal financial assistant – Laura) can’t track it for me, so I have to enter stuff manually. That will never die out though since lots of people still want anonymity for many things. Financial service always was an oxymoron!

I must say, this sounds awfully like most of the VRM ideas I hear from people hanging around the project, namely, various matching services, automation or aggregation, platforms for customers communicating with other customers, clearlng systems etc. They usually set off my lock-in detectors fast but this gets my warning alarm blaring full blast:

The system networks all the relevant knowledge, process and contact I need. It is regulated and government backed. For the moment government owned. They’ve made more money out of online tax collection and the equity value they have in than the national lottery and the G3 licenses put together.

The hardest part they had to play was to persuade all the vested interests to set up the new system and to select smart, sharp operators who could build and operate such a scaled up system in the new technologies.

Apart from the glaring ‘government-owned’ issue, there is another major problem I have with this approach, and with many other VRM implementations. It is the assumption, explict or implicit, that the individual-customer-user has to be provided for. And that this can or should be done by a third party service, system or platform. And that in order for us as individuals to be able to do anything sensible and useful with our data, or in order to be secure, or private or whatever else we might want, we have to turn to the ’supply side’. And finally, among those subscribing VRM vision, the assumption that solutions will come from the vendor side or that vendors will have to be sold on this first, in order to reach users and make VRM happen.

I see this assumption not only around CMR or VRM but everywhere other than the social or live web. It is a place where the demand side can and often is supplying itself, where ‘users’ can and often become ‘creators’, audience have become distributors, and intermediaries are melting away in decentralised networks and direct connections of all kinds. Alas, even on the web, it’s not all P2P roses. My online existence gets scattered across many platforms, google, wordpress, flickr, dopplr, twitter, and many more.

fractured_identity_sml.jpg

I have reached the limits of usefulness for apps that give me nice functionality but take away my ability to manage data across my entire ‘identity’. As I said elsewhere, the collection of tools should be clustered around the user, not around platforms or applications. It all starts with the individual. And as an individual user, I want a range of applications to manage my data, metadata, identity etc so I, and hopefully other similarly motivated users, can get on with learning how to control and manage our ‘identity’.

Individuals with independent tools, networked and informed, will be able to capture and manage information about themselves and about vendors. Once people can do that – manage their data, relationships, identities, purchase histories, their records, locations and god knows what – then more cool things will start to happen. And it will be those cool things that will ultimately determine the direction vendors should be looking.

To sum up, the article on CMR hits a few of the targets VRM is aiming at too. It calls for giving greater control to customers over their data as well as proposes that businesses arrange themselves better around customer needs. In order to achieve this laudable goal, it looks to businesses for solutions and implementation, assuming third party providers, intermediaries and closed proprietary platforms to build the CMR world. There is nothing about individuals’ sovereignty over data rather than access to it, no room for user-driven tools, only managed on my user’s behalf or user-centric at best, or user’s privacy and security policy.

One of the fundamental building blocks of VRM is the ability of individual users to take charge of their data instead of managing them via a platform and ‘trading’ that data for the functionality that the platform might provide. Once I have it in my hands, I can manage, analyse and whatever else I wish to do with them, applying various functionality directly*. And share and interact with others in ways richer than platforms currently allow. It might be messier to start with but closer to human affairs in its complexity. And that is a Good Thing.

I want to be able to connect and create relationships without lock-ins (other than the ones that some relationships bring with them naturally :) ). I don’t believe I will be able to do that unless the tools are built around me, for me and eventually by me. Blogging took off when people could set up a page and start publishing in a way previously available only to geeks with HTML skillz. Today I can do more things with my blog than just publish – tag, add videos, plug-in more functionality etc. with the underlying technology invisible to me now. So I want tools and applications that will help me do all that for transactions as well as relationships. Eventually.

—–
* My contribution to this aim is the Mine! project set up to equip individuals with tools to take charge of their data (content, relationships, transactions, knowledge), arrange (analyse, manipulate, combine, mash-up) them according to their needs and preferences and share them on their own terms whilst connected and networked on the web.

Whose data is it anyway?

TAGS: None

Follow up on previous thoughts on data and ownership… as cross-posted from VRM Hub.

Talking about ownership of data online in terms of control is fairly pointless. Once your data is out, it’s out. So instead of delving into the meaning of ownership and what it means in a decentralised, distributed and open network where sharing and transparency are default, let’s look at how the data is generated by the individual and shared through interactions with others.

Data as generated online is akin to a positive externality for the vendors and platforms that capture our data. Positive externality* is something that is not part of the value traded in market exchanges. It is something one of the parties in the trade benefits from, without having to pay for it. For illustration, pollution is considered a negative externality as it is

a) a by-product of manufacturing processes and,
b) is not included in the cost or price of the products.

So, when I am buying something from Amazon or Virgin Atlantic site, the explicit value exchange is the goods they provide and the money I pay for those goods. My data is external to that value exchange – the vendor is not paying for it and I am not being paid for it. In the current set-up (no pun intended), the vendors benefit by using the data in ways that help their business, from mining to selling it on. I, on the other hand, have scant legal protection against that and even with all the laws in place such as Data Protection Act and other restrictions on those who capture my data, a large portion of data collected from me is for marketing purposes.. and usually way above the threshold of legally required data to complete transactions.

The advent of the ‘free’ web has mightily confused the distinction between data as part of a value exchange and data as a positive externality – simply because most platforms with web services have turned what is essentially an external benefit from other exchanges to foundations of their business models. The ‘free services’ I receive are ‘paid for’ by my attention and/or my data – both eagerly gathered by various platforms. Advertising is a way to monetise my attention aka eyeball and the race to monetising my data (short of crude selling on) is still on.

In this context I own my data (in a way I own my attention) and neither should be considered a payment for the (free) web services unless it is specified in the terms of the exchange or service. It is merely a shift from one business model – online retail such as Amazon – to another where data becomes the value exchanged tacitly and without clear understanding. This is another reason why privacy remains an issue with such web services and platforms. As long as I have to depend on a third party to protect my privacy, it will be exposed by accident (incompetence), force (authorities) or abuse (marketing & advertising).

The tensions between the data created and managed by us and the tools we use belonging to someone else, are becoming obvious on the social web. Mike Arrington’s outrage a few months back when Facebook was turning its back on FriendConnect is justified.

The fact is, this isn’t Facebook’s data. It’s my data. And if I give Google permission to do stuff with it, I’m damned well within my rights to do so. By blocking Google, Facebook has blocked ME. And that, frankly, kind of frustrates me.

Let me put this another way. How dare Facebook tell ME that I cannot give Google access to this data!

Arrington also condemns Scoble’s early attempts at ‘data portability’:

Scoble has been on the wrong side of this issue before, when he tried to scrape his friend’s contact information out of Facebook and export it to Plaxo. In that case, it wasn’t his data and he didn’t have the right to make it portable. It’s MY data, once again, and only I should be allowed to make that decision. He thinks his new position shows that he gets the importance of privacy, but once again he isn’t thinking in terms of who really owns the data and should be allowed to make decisions around it.

Here we go, ownership of data again. So when I add someone to my network, together with his photo and other profile details, I do not ‘own’ that data. It seems pretty pointless to debate that as whenever I sign-up to a social network platform, I am agreeing to the terms and conditions of their relationship with me and to what happens to my data, privacy etc. All my agreements are with the platforms and the way I enter those agreements is definitely lacking in balance of power. We do live in the early days of individual empowerement… but even so, there is a distinct lack of tools that will allow me to be a node in a network independent of someone else’s silo or a platform. I have the same question as Danny O’Brien:

When you want to make a private picture or note available only to your friends, why do you hand it over to a multi-national corporation first?

Moreover, within social networking platforms, there is no corresponding agreement with other users. The terms of service are between me and Facebook, me and MySpace, me and Twitter, me and Flickr, me and Plaxo, me and LinkedIn, me and the socnet du jour… but they do not extend to my relationships with other individuals on the same platform. Relationships are pre-defined, much the same way terms & conditions are, from the point of the platoform, not from the point of the individual. So ironically, social networking platforms designed to help me connect with others, to create and maintain relationships with them, are not allowing me to define those very relationships…

In other words, there is no way to interact with others within the silos based on what I call P2P terms and conditions. These could be privacy agreements, if we so wish, ranging from simply not-bothered-about-what-happens-to-my-contact -details-in-your-social-graph all the way to granulated preferences for different people in my contact list. So just like in the real world – there are people I’d trust with my address book and there are some I wouldn’t trust with my address. Instead of building complicated systems and using technology to make such nuances in relationships explicit, I need tools to help me manage the complexity of human relationships. I need tools to reflect what is already in my head implicitly and defines me as a social animal. Do not tie me up in legal pretzels over various policies, creating permissions and access management nightmares in the process. In the words of Kevin Marks as paraphrased from his Social Cloud talk at Lift08:

Software cannot match out ability to sort out our friends and contact, establish how much we trust them and how we arrive at that trust. No software can fully map the relationships, let alone replace our natural ability to create and maintain them The implication is that therefore software should support the kind of cloud abstraction we have around the internet, also around our social relationships. You can feed it (the social networking app) relationships that are in the ’software in your head’, feed the stuff related to people in your network to software online. Users will assume that your software (this is aimed at developers) will be able to see the information that they have already fed into the software and be able to use it.

Indeed! By I digress. To recap, my data is a kind of externality to purchasing transactions, just like attention is an externality to my reading, watching or listening to something else. Marketing lives off my data, advertising lives off my attention. My data (and by extension me) is not respected because companies can trade it as a commodity without paying for it. The way to address this is not to make them pay for the data (and create many snake oil intermediaries in the process) but to make it possible for companies to enter into relationships with the true owners of the data.

So what is to be done? How to internalise the externality? How do I regain control over something that originates from me and is used in my transactions with others? This is the stuff of VRM.

Broadly speaking, it is about finding tools & technology to give the individual sovereignty over his data, so he can exercise choice over who gets to see it and under what circumstances. This will change the balance of powers and eventually demonstrate to companies that respecting people’s data (and by extension them), they can make more money.

—-
* Definition of externality: Economic theory considers any voluntary exchange to be mutually beneficial to both parties, for example a buyer and seller. Any exchange, however, can result in additional positive or negative effects on third parties. Those who suffer from external costs do so involuntarily, while those who enjoy external benefits do so at no cost. Data is an externality without the third party, where the afffected party is also participating in the transaction. So not an exact theoretical match, but perhaps still helpful in understanding how we got to the point where ‘free services’ feel entitled to their users data.

Ownership of data, privacy policies and other VRM creatures

TAGS: None

Here are some thoughts based on what I posted to the Project VRM mailing list on the discussion about data ownership:

The ownership of data, whatever that means, is merely a starting point of VRM and our attempts to redress the balance of power between vendors and customers. I might volunteer information – to me that means I share it on my own terms – but I also need the ability to establish and
maintain relationships. For that I (others may not) need and want
the following ‘functionality’:

  1. take charge of my data (content, relationships, transactions, knowledge),
  2. arrange (analyse, manipulate, combine, mash-up) it according to my needs and preferences and
  3. share it on my own terms
  4. whilst connected and networked on the web.

That’s what I mean when I talk about turning the individual into a platform, etc etc.

This does not happen by creating a database or a data store, however personal. Store implies passive and static, even with some sort of distribution. The objective is equipping individuals with analytical and other tools to help them understand themselves better and give them an online spring board to relationships with others (in VRM context this includes vendors).

I think it’s the user who should define the nature of the data stored/shared/analysed and what data is called what – whether confidential or premium or whatever. The crucial point is being able to share it (as well as do all sorts of groovy things with it, independently of third party and without the data being hijacked, er, harvested by third parties in the process.)

In the spirit of user-driven-ness, it should be the user who determines the ‘policies’ by which his or her data is managed and shared. I don’t see why they need to be standard(ised) as my sharing preferences and tolerance are a matter of my policy* – just like security and privacy are policies, not systems, i.e. what’s secure or private to me is not necessarily the same to you and vice versa.

What happens after information/data/whatever is shared is partly provenance of the law but mostly of a relationship I have with those the data is shared with… The main issue with the latter is that it can become meaningful only if the user is the most authoritative source of his or her data. Hence I call the means of doing this the Mine!

—-
*My take on privacy is that it is a policy of the individual, not in a sense of privacy policy for the individual selected from a given selection, in the style of Creative Commons. Huge difference. For instance, I have a policy about who I let into my house. I don’t need to display it on my doors or attach it to my address or business cards. It is far more convenient and flexible for me to decide there and then, when someone’s knocking at the door. It is my implicit privacy policy that kicks in. Sure, I don’t want junk mail or door-to-door salesmen but just because I can display notices to that effect, doesn’t mean that is the way to deal with the rest of the humankind. So online, it is about creating tools that help the individual control the data to the point that he/she decides practically and directly who gets to see what – without a third party or intermediary…

cross-posted from VRM Hub

On data shadows and giving up control

TAGS: None

Bruce Schneier on what keeps me awake these days.

In the information age, we all have a data shadow.
….

What happens to our data happens to ourselves.
….

Who controls our data controls our lives.
….

We need to take back our data.
….

This is a tall order, and it will take years for us to get there. It’s easy to do nothing and let the market take over. But as we see with things like grocery store club cards and click-through privacy policies on websites, most people either don’t realize the extent their privacy is being violated or don’t have any real choice. And businesses, of course, are more than happy to collect, buy, and sell our most intimate information. But the long-term effects of this on society are toxic; we give up control of ourselves.

This is why I want the Mine! and why I have designed it as a place where you can reclaim your data, without abandoning the goodness of connectivity and benefits of the network. As I keep saying in my email signature: The network is always stronger than the node… but a network starts with a node.

The individual needs to be stronger, more in charge of their domain. I believe that will improve relationships and transactions with others as well as bring benefits to the whole network.

Models of data imprisonment

TAGS: None

I have been thinking about my data and online data logistics a lot these days in connection with VRM infrastructure as I have been working on (Mine!). As an individual my relationship to my data can be described in matrix of several types of imprisonment. I am interested in building an option where this is not the case.

jail_behind_bars.jpgJail with visiting rights – closed platform a la Facebook, MySpace, Bebo, Flickr, Amazon, Expedia, online bank statements and any site that doesn’t allow export of data in interoperable format. My data is under lock and key elsewhere, and I cannot get more than a view of it through the bars of the jail. For instance I would manually enter my profile or other data into a Facebook applications (and now a few ‘trusted parties’), but there is little or no hope that I could get the data back out again, other to save the JPEGs of the resulting output (screen grabs) – which decimate rather than reflect the value of the original input. Further, my data starts losing weight, as any inmate locked up. As the original data is never at my beckoning, only its representation is what I can play with.

housearrest.jpgHouse arrest – desktop applications for data management, iTunes, Excel spreadsheet, word processing, etc. Example, my music (ripped not bought from iTunes store) is my data is on my computer in a format that is hard to share with anyone. The software is not designed to enable sharing of data – the net result is my data is nominally under my control, but it is just as locked up as Facebook. (No export or no guarantee that exported data is in a mashable format)

open_prison.jpgOpen prison – online data management tools, Wesabe, uploading from iPhoto or Picasa to Flickr.com. This means I can share (better than house arrest) but the data is centralised a little like Facebook (almost as bad as jail with visiting rights) and although the rendering tools are more advanced and, being centralised, can be upgraded without user intervention, there is still a big similarity to glimpsing my data which is held within the jail.

out_on_bail.jpgOut on bail – feed readers and online calendars, e.g. OPML, Google Calendar, iCal. The data is more or less yours and mostly under your control for export, import and sharing. But it can’t travel far and there is only so much you can do with it. It certainly can’t be mashed up with data in other formats or on other topics than calendar or feeds. (Dopplr lets you go furthest in combining calendar, Flickr and map data etc).

out_of_jail2.jpgOut of jail – I hold my data on (explicitly) my resource for sharing; I can share my data beyond just what Flickr, del.icio.us etc provide as a tool to render my data, and in more places than just those platforms – for instance with a supermarket or gym or others (vendor?) who could benefit from knowing what I am eating and when I am exercising. In short: the Mine! enables controlled sharing beyond the Mine!’s own rendering itself. The bars are removed and your data can go where you desire it to.

dance_prison_parade.jpgHm, to push the analogy further, doesn’t that make Plaxo Pulse, Friendfeed and other such aggregators a prison parade? :)

In case I haven’t made it clear enough, I want my data out of jail. By that I mean being able to exist online with four requirements met: take charge of my data (content, relationships, transactions, knowledge), arrange (analyse, manipulate, combine, mash-up) it according to my needs and preferences and share it on my own terms whilst connected and networked on the web. That is what the Mine! is designed for.

Bringing identity home

TAGS: None

Identity is one of those elusive concepts that underpin several important debates. It appears to me that identity can be tied to a systemic view or an individual view. The former is the provenance of centralised systems and intrusive governments, the latter usually confined to the realms of philosophy or psychology. I’d argue that individual focus plays an increasingly important role in the online world as individuals drive their own identity. My aim (in working on the VRM project) is to find ways to equip them with better tools to continue to do so in all areas of their life, if they choose so.

Offline, we have the crowd who argue about identity in the political sphere, where the debate is really about privacy, rights of the individual, the relationship between the state and its citizens, efficacy of various methods of authentication and security implications. This involves fighting the Big and Bureaucratic Brother in all his shapes and guises, and his equally overbearing cousin the national database or register.

Online, we have the identity gangs within Identity Commons, Identity 2.0 and other identity related projects. Let’s look at Dick’s articulate case for digital identity, Identity 2.0. Without going into too much details, I believe the objective is to mimic the modern identity that revolves around photo IDs (passport, driving license, student card etc) in our online identity transactions. In other words, to enable the user to have the kinds of benefit in the online environment that identity management affords us in the offline world. The requirements for that are scalability of trust, privacy, re-usability, less fragmented identity, convenient ways of accessing and managing one’s identity, secure and private handling of sensitive or private information. For example, the same way your driving license proves your age and allows you to buy alcohol legally, Identity 2.0 is about you being able to prove claims relevant to your online transactions. On another level it is making it more convenient to manage what is currently an ‘identity’ scattered across the net – the ubiquitous logins with passwords, one for every time you deal with someone who created a platform to a) interact or transact with them and b) offer some functionality/capability in exchange for your data. The requirements for that is to be simple & open.

This is all good, as Doc is fond of saying, but this is not the kind of identity I had in mind when thinking about where to start with VRM and how identity relates to it.

According to Dick Hardt identity is what I say about me and what others say about me. The latter being more trustworthy, it makes sense to identify myself through referring to someone who can corroborate what I say. I am therefore defined by external, verifiable and validated statements, facts and information – identifiers. Dick defines his identity as consisting roughly of address, date of birth, URLs of blogs he writes, emails he uses, phone numbers, banks, airlines, clothes and car brands he uses, books, movies and magazines he likes.

These are all shortcuts to what constitutes Dick Hardt as a person, they put his identity in a recognisable frame of reference and allow him to participate in identity transactions.

In the offline world identity is really third-party driven, to put it crudely, we are what our papers say we are. Your birth certificate attests to your date of birth, your utility bills to your residence, your diploma to your education etc etc. It has been so because our identity management has had several fundamental features – it is centralised, system-centric and it is read-only. We are used to deriving our authority and credibility from a system that grants and confirms it. It is important that we can do that as the only way we can transact in a hierarchical environment is via authorisation from the level above us. (a definition of hierarchy is that in order to interact with somebody on the same level I have to go via a superior level).

Whatever the web turns out to be, it is not a hierarchy. It is a network, i.e. a heterarchy, a network of elements in which each element shares the same “horizontal” position of power and authority, each playing a theoretically equal role. This has impact on how my identity is defined and who defines it. From blogs to social network profiles, people are learning how to define their thoughts and ideas, record their lives in multimedia formats, share their experiences, swarm around causes and defy companies, institutions and authorities. From linky love to P2P, they are bypassing traditional media and distribution channels, learning the ways of direct connections.

People online build and destroy reputations, create and squander careers, establish themselves as experts or celebrities. That’s the bird’s eye view. The closer look reveals emergence of self-defined (and self-driven) identities. By writing I learn to articulate my thoughts better, by sharing I learn to differentiate from, as well as identify with, others. I become aware of myself and my preferences in ways that in the times before the web were available to a select few – writers, artists, politicians and the more articulate celebrities. We have ways of connecting with others who become validators and authenticators of our self-defined and persistent identities. The challenge is to understand and find how to evolve and use those for other than communication and information transactions.

And yet, instead we build platforms – vestiges of offline identity – third-party defined spaces designed to ‘contain’ bits of your identity. They clash with my ability as an individual to define and drive my identity. Over time I learn to manage who I am and as more tools and networks emerge my fractured existence, scattered across others’ silos becomes more obvious. The silos are a result of various platforms vying for my data, offering bits and pieces of functionality that I find useful and empowering. It got me where I am now as an ‘empowered’ individual. However, a picture of fractured identity emerges.

fractured_identity_sml.jpg

Centralised database(s) of identity information and its verification, authentication etc is based on a hierarchy mindset. In a heterarchy, each node is self-defined first and then defined by its relationships. I want to have an identity that evolves and exists in a network, i.e. a structural heterarchy. Why not start by ‘defragging’ identity by outsourcing its definition to individuals as they are capable of creating much richer identities than any system.

identity_shadow_sml.jpgTo my amazement I often see logins and passwords to various sites and platforms described as “identity”. I don’t think of them as my identity, but as things that I currently need to access bits of my scattered identity, at best they are my meta-identity. (Btw, by self-defined identity I am not referring to self-asserted identity which still relates to identifiers of the kind I’d call meta-identity. I am looking for ways of establishing identifiers that are part emergent, part validated by relationships rather than by a systemic-level third parties designed to do that. Let’s not have a ‘centralised’ trust, let’s have distributed one.)

What I want is option (with set of tools) for individuals taking charge of their identities.* And on the web that starts with exercising sovereignty over my data. This alternative must be networked and not third party dependent or platform based. As I have said before, there are only two ‘natural’ online platforms – the individual and the web.

But what about authentications and authorisations that are needed for transactions, aside from all the fluffy social empowering self-publishing identity utopia? …I hear you cry. As is often the case on the web, there may be other ways to skin the authentication cat than using identity. The key is in realising that authorisation and identity are related but separate.

Authentication is the act of establishing an identity – this is separate from the existing identity approach where the focus is on collection and disbursement of bits of data to do with someone. The cheap and cheerful explanation of this is that you can authenticate with a password (i.e. something that only you know). However, that password need not reveal anything about you/your identity. It just reveals that you are someone who knows the password. Therefore, authentication is free to be separate from identity. They are in separate but related domains. Have I mentioned that they are separate?

I owe this point to Alec who explains:

Traditionally authentication is one-or-more of three things.

  1. something you KNOW, e.g, you KNOW the password
  2. something you HAVE, e.g, you HAVE the door key,
  3. something you ARE, e.g, you ARE a 4-star general on an army base
  4. The latter tends to be a bit weak, as authentication goes, in my experience it is prone to social hacking. Good authentication might be combining something like: KNOWING the password that UNLOCKS the certificate that you HAVE on the laptop, that permits a remote website to challenge you and get the response it expects, since it KNOWS that you have your certificate on your laptop…

In short, let me have a go at my identity myself, on my own terms, the web way, without intermediaries, ‘trusted’ parties and hierarchical non-direct ways. Locking me into new ‘better’ platforms, offering ’services’ to manage my meta-identity is like putting a band-aid on a gaping wound. Instead, give me tools, flexible and modular, to reclaim my digital personae, help me piece together my fractured identity. And then allow me to drive it forward with all of the benefits that it can bring me and to those I interact and transact with. Learn to live with the unpredictability and emergent juicy goodness that comes from my independence and lack of your control over me. Finally, let me learn from my mistakes, my first uncertain steps with my data sovereignty. Without those how can I ever learn to fully value privacy, security and engage in mutually beneficial interactions?

*I plan to cover this in more detail in the upcoming white paper on the infrastructural level elements (the Mine! and FeedMe) that enable people to reclaim their data, manage and share them on their own terms whilst being connected, networked and part of the web.

© 2009 Media Influencer. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.