Media Influencer

helping people break out of pigeonholes since 2003

Privacy ain’t dead yet

Tags: , , , ,

Last couple of months I have found myself giving several talks on privacy. This isn’t exactly news as I have been banging on that drum for ages, but there does seem to be more interest in privacy and requests to talk about the topic.

This may be because people are realising how elusive privacy becomes as the web platforms are turning the screws on user data they have accumulated. I am looking at you, Facebook, though Facebook is not the only perp in town…

The first talk on the topic, which I enjoyed very much was the one I gave in June to the Oxford Libertarian Society. I tried to cover various notions of privacy and argued that privacy is to identity what freedom is to morality – the latter can’t exist without the former. Here’s the text in full.

Oxford Libertarian Society talk on privacy

My second recent talk on privacy was at LIFT France 2010, as part of the session called Privacy Revisited, Protect and Project with Daniel Kaplan, the founder of FING and Alma Whitten, Google’s Engineering Lead for Privacy. It is a sign of a good session where one learns much from the other speakers. After watching Alma’s interesting presentation, it occurred to me that in the world of web platforms and clouds, even ones that are trying to be benign, privacy boils down to something I should have opened my talk with…

Privacy is never having to delete things you don’t want anyone to see.

LIFT France Privacy

LIFT Privacy Talk

The stories never told

TAGS: None

From a book I am reading*:

He did a new thing with a new set of people every day of his life. And that made him just as different from the people in the traffic jam as I was.
So I looked with fascination at those people in their [cars]**, and tried to fathom what it would be like. Thousands of years ago, the work that people did had been broken down into jobs that were the same every day, in organisations where people were interchangeable parts. All of the story had been bled out of their lives. That was how it had to be; it was how you got a productive economy. But it would be easy to see a will at work behind this: not exactly an evil will, but a selfish will. The people who’d made the system thus were jealous, not of money and not of power but of story. If their employees came home at day’s end with interesting stories to tell, it meant that something had gone wrong: a blackout, a strike, a spree killing. The Power That Be would not suffer others to be in stories of their own unless they were fake stories that had been made up to motivate them. People who couldn’t live without story had been driven [out]**. All others had to look somewhere outside of work for feeling that they were part of a story, which I guessed was why people were so concerned with sports, and with religion. How else could you see yourself as part of an adventure? Something with a beginning, middle, and end in which you played a significant part?

In other words, creating and living your own story means you have autonomy. And that is one thing that nobody working in a corporation, institution or another system has. And why in the New Year, it will be disruption management full blast for me…

*Neal Stephenson’s Anathem

**sci-fi terms replaced by their Earth equivalents.

Enabling vs Providing

TAGS: None

Talking to Doc earlier this week, I tried to explain my unease with various interpretations of VRM that come thick and fast as the concepts gain traction by identifying the fundamental problem.*

It is the assumption that “the individual needs to be provided for” that I see everywhere other than on the social (or live) web where the demand side can, and often does, supply itself, where users can and often do become creators, where the audiences have become distributors, and intermediaries of all kinds are melting away from decentralised networks and direct connections. Alas, even on the web, it’s not all P2P roses – my online existence is scattered across many platforms, Google, WordPress, Flickr, Dopplr, Twitter, and many more.

Most VRM approaches or implementations I have seen involve a third party as a provider. I believe we first need to focus on changing the relationships between individuals and companies or institutions. First comes redressing the balance – manually, as it were – by helping individuals relate to companies in ways that change companies’ behaviour.

Most of all, I want to avoid using technology to address a non-technology problem, using automation or aggregation for the aspects of relationships which should be processed by a human mind. I want to avoid jumping straight into ‘industrial’ processing of data treasures found on the customer side. We need a more balanced relationships with vendors and institutions, with different tools and possibly rules of interaction. Then we can look at ways to rationalise the technology and processes that help us create and maintain those relationships.

The most common solutions for providing individuals with online services are based around centralised databases or platforms. They are suspect on security and privacy grounds even though they may be created by a trustworthy party. So, any framework or structure provided by a third party that is meant to provide a place for individuals to create, gather, manage and share data as well as allowing a degree of aggregation, connectivity, will have to have in-built checks and balances as it may ultimately expose individuals to potential data-mining (whether the more private among us like it or not!). The challenge is to separate the data storage provider and a services/application provider. If I let someone store or back up my data – reluctantly admitting it may still be necessary for now – I would want them to store my data only, and not push or even provide any other apps based on that data. I should then be able to choose and apply whatever application I want, to my data, at my convenience.

Jason Scott of ASCII has a juicy way of putting this:

This is about your data. This is about your work. This is about you using your time so that you make things and work on things and you trust a location to do “the rest” and guess what, here is what we have learned:

  • If you lose your shit, the technogeeks will not help you. They will giggle at you and make fun of your not understanding the fundamental principles and engineering of client-server models. This is kind of like firemen sitting around giggling at you because you weren’t aware of the inherent lightning-strike danger of improperly bonded CSST.
  • Since the dawn of time, companies have hired people whose entire job is to tell you everything is all right and you can completely trust them and the company is as stable as a rock, and to do so until they, themselves are fired because the company is out of business.
  • You are going to have to sit down and ask yourself some very tough questions because the time where you could get away without asking very tough questions with regard to your online presence and data are gone.

And his advice further into the wonderful rant is even juicier:

  • Insult, berate and make fun of any company that offers you something like a “sharing” site that makes you push stuff in that you can’t make copies out of or which you can’t export stuff out of. They will burble about technology issues. They are fucking lying. They might go off further about business models. They are fucking stupid. Make fun of these people, and their shitty little Cloud Cities running on low-grade cooking fat and dreams. They will die and they will take your stuff into the hole. Don’t let them.

…but is no less sound for it!

Please, let’s have more of enabling and less of mere providing.

* as described in the paper A VRM journey.

cross-posted from VRM Hub

VRM journey

TAGS: None

For those who follow my VRM escapades, I have tried to capture what VRM is about and why I am working on it. So here is my paper (and manifesto) A VRM journey.

Loosely speaking, apart from my consolidate position on VRM, this is what it’s about (as summed up by my friend Carrie):

  1. ‘Social media’ is limited and people are outgrowing it
  2. There is demand from growing number of people for more control over their online ’stuff’
  3. There are benefits to users and ‘vendors’ for re-working the current imbalanced relationship
  4. Some tools are being developed to make that a reality
  5. It will be a hard slog but there is a call to arms for users to even out the balance; the most open vendors will also benefit – bringing more certainty to their future in this uncertain economic climate

Here is the PDF version for those who prefer a non-web format.

It’s the context, stupid

TAGS: None

Doc Searls was asked about the last three paragraphs of this post by Daniel Goleman in connection with VRM.

The singular force that can drive this transformation of every manmade thing for the better is neither government fiat nor the standard tactics of environmentalists, but rather radical transparency in the marketplace. If we as buyers can know the actual ecological impacts of the stuff we buy at the point of purchase, and can compare those impacts to competing products, we can make better choices. The means for such radical transparency has already launched. Software innovations now allow any of us to access a vast database about the hidden harms in whatever we are about to buy, and to do this where it matters most, at the point of purchase. As we stand in the aisle of a store, we can know which brand has the fewest chemicals of concern, or the better carbon footprint. In the Beta version of such software, you click your cell phone’s camera on a product’s bar code, and get an instant readout of how this brand compares to competitors on any of hundreds of environmental, health, or social impacts. In a planned software upgrade, that same comparison would go on automatically with whatever you buy on your credit card, and suggestions for better purchases next time you shop would routinely come your way by email.

Such transparency software converts shopping into a vote, letting us target manufacturing processes and product ingredients we want to avoid, and rewarding smarter alternatives. As enough of us apply these decision rules, market share will shift, giving companies powerful, direct data on what shoppers want — and want to avoid — in their products.

Creating a market force that continually leverages ongoing upgrades throughout the supply chain could open the door to immense business opportunities over the next several decades. We need to reinvent industry, starting with the most basic platforms in industrial chemistry and manufacturing design. And that would change every thing

The article seems to imply that the data is out there in a form or format provided via some centralised source. My immediate reaction was that is not how the social web or the Live Web works: a) data is generated by anyone and everyone and b) it’s messy and the context emergent.

Technology and tools should serve us better and help us, as individuals, to filter and structure that information. Somehow, even in the best case scenario, I don’t see everything on tap from a unified source. Or digested, which is an uncomfortable implication that leaps out of the piece at me.

For example, assessing environmental or health impact of anything is subject to years, decades even, of debate, controversy, lobbying, vested interest, political play… and so it seems to me that the only way I can get information clear enough for making decisions is to ’subscribe’ to a particular view via sources promoting it. Of course, I can get a more balanced take on everything these days by finding alternative views somewhere on the web but I am not sure I want to stand in the supermarket, trying to follow a potentially heated and complicated online debate about the impact of the washing liquid I am about to put in my basket. Can technology speed up and simplify this process to the point where it becomes practical, without losing context for delibration in the process? That is one of the questions I ask myself whenever I come across yet another tool to help us search, compare, aggregate or match information online.

That said, information about nutrients and other non-controversial data of interest to me is easy enough to provide and sadly, this is where most vendors do fall short of what’s possible with existing technology. The operative word here is non-controversial, which is the trojan horse of any implementation of such resource(s). I mean that even what is meant to be gathering of ‘encyclopedic’ knowledge can be controversial at times. Trying to do that with live streams of information means that the checks and balances must reside in the context, not the source itself.

At the more fundamental level, the web and information technology made data cheap. It is the context to data that got expensive, in time and social interactions. On the web the best context costs you time spent browsing and researching and/or time spent cultivating a quality network to supply you with context as you need it. Here I elaborate:

The web has removed physical limitations on space. Data was expensive to create, store and move around and now it is not. This made room for context, which is becoming at least as important as the data. In fact, it is what make data and information the skeleton, giving shape to the flesh and skin but it is no longer the whole body and finish. The important thing is that context can be provided only by a human mind. It cannot be automated – when creating or absorbing it.

Update: The Guardian advert making similar point with regard to media and interpretations of ‘facts’ one sees.




It comes down to whether you prefer context to be provided by:

  1. automated algorithms a la Google and the thousands aggreation sites,
  2. trusted sources including vendors, manufacturers, even third parties and intermediaries, or
  3. your network of friends aka social network

The answer is obvious.

It depends! We use all three at different points in our information gathering, sharing and exchange and transactions. The challenge for VRM is to understand advantages and disadvantages of all three and encourage development of tools that give me, the individual user or customers, the best of all three.

My bet is on no.3. I want to help individuals to capture both data and context on their own terms. This will give rise to another layer of knowledge that serves both the individual and his network. For example, I want to collect data about my shopping, with my own comments and with sources of information useful to me. I want to have pictures of products I have bought, links to reviews by others and my own, comments by friends in my network, record of interactions with the vendors and third parties etc etc. I want it in a place I can further analyse it and share it based on my privacy requirements.

With time, all this can become a source of better understanding of my own behaviour and preferences, and, with practice, a better negotiating position in future transactions. In other words, I will be the most authoritative source of my own history, with data, information and knowledge about me.

And that might change everything.

Young Girl-Old Woman illusion
Young Girl-Old Woman Illusion


Bonus link: TED talk Chris Jones Picturing excess

CRM, CMR or VRM

TAGS: None

The acronym galore notwithstanding, the indefatiguable David Tebbutt has come across CMR (customer managed relationships):

twitter_tebbo_cmr.png

My immediate reaction was, hey, that’s a better way of naming something that is meant to give control to a customer. CMR started from the same position as VRM, which is flipping CRM:

Who invented the term “Customer Relationship Management” or “CRM”? Who cares I hear you mutter in response. Well for those of you who think you invented the term it probably matters. For those of you trying to make CRM work you might like to get hold of and strangle them!!

I second that motion!

Just imagine if all the marketing spend that went into getting CRM onto the board’s agenda had gone into CMR instead. For those of you who believe in neurolinguistics (i.e. something along the lines of “the words you use show what you are thinking”) using the term CMR would mean that the board actually thought the customer was in control, that the customer managed the relationship.

But what is Customer Managed Relationship? CRM Today article explains:

CMR is three things:

  1. An ability to rethink, to reshape your organisation and its knowledge so that it is at the disposal of your customers
  2. Internet enabled management tools which customers use to get what they want
  3. An ability to react to the information being generated and used by customers in order to increase profitability

So far, so good. And the benefits?

If executed well CMR generates three major benefits over CRM:

  1. It is easier to implement because the customer is doing the complex stuff
  2. It creates lock in since customers having invested their data with you will not move easily
  3. It allows you to move faster than your competitor since you are in a trusted relationship with your customer

This seems at least halfway to what VRM is trying to achieve. The benefits are spelled out only from the vendor side, given the audience of the article not surprising and there are examples of how a customer would benefit from having his tax done via a CMR system. It also gets the ‘why not outsource data management to customers’ bit right, again from the company perspective.

The catch is in the benefit no. 2:

“It creates lock in since customers having invested their data with you will not move easily.”

One of the VRM principles is that a free customer is more valuable than a captive one (scroll down to the bottom of the page. Alas, Project VRM site is down so can’t link directly. Will remedy as soon as back up again). So it seems that CMR hasn’t really moved from lock-in as the holy grail of customer management and retention. Be that as it may, so far, I’d give CMR from vendor perspective 8 out of 10, from customer perspective 5 out of 10, for the insistence on customers owning their data:

… customers should own their own information including their profile, transaction history, and any inferred information such as marital history and even behavior.

Two further issues leap out.

  • It’s all on vendors’ side and as a customer I am not meant to be independent of them.
  • There is no incentive for companies to implement and change the balance of power. They may want the benefit of data management and its complexity ‘outsourced’ to the customer but giving up any control goes against most companies instincts and systems.

The first is where CMR differs VRM at the first glance already, the second is often raised about VRM as a criticism.

And now for the vision:

I’m now living in a CMR world. I have tools with which to manage the big picture of my finances. I get best offers all the time. If service levels are not good I get to know before I buy by asking other customers of the companies concerned. These financial services companies are now wholesalers or manufacturers or advisors. The whole clearing system is a subset of this system. Banks do not do that anymore. Of course I need some cash sometimes but that’s getting rarer because my PFA (personal financial assistant – Laura) can’t track it for me, so I have to enter stuff manually. That will never die out though since lots of people still want anonymity for many things. Financial service always was an oxymoron!

I must say, this sounds awfully like most of the VRM ideas I hear from people hanging around the project, namely, various matching services, automation or aggregation, platforms for customers communicating with other customers, clearlng systems etc. They usually set off my lock-in detectors fast but this gets my warning alarm blaring full blast:

The system networks all the relevant knowledge, process and contact I need. It is regulated and government backed. For the moment government owned. They’ve made more money out of online tax collection and the equity value they have in than the national lottery and the G3 licenses put together.

The hardest part they had to play was to persuade all the vested interests to set up the new system and to select smart, sharp operators who could build and operate such a scaled up system in the new technologies.

Apart from the glaring ‘government-owned’ issue, there is another major problem I have with this approach, and with many other VRM implementations. It is the assumption, explict or implicit, that the individual-customer-user has to be provided for. And that this can or should be done by a third party service, system or platform. And that in order for us as individuals to be able to do anything sensible and useful with our data, or in order to be secure, or private or whatever else we might want, we have to turn to the ’supply side’. And finally, among those subscribing VRM vision, the assumption that solutions will come from the vendor side or that vendors will have to be sold on this first, in order to reach users and make VRM happen.

I see this assumption not only around CMR or VRM but everywhere other than the social or live web. It is a place where the demand side can and often is supplying itself, where ‘users’ can and often become ‘creators’, audience have become distributors, and intermediaries are melting away in decentralised networks and direct connections of all kinds. Alas, even on the web, it’s not all P2P roses. My online existence gets scattered across many platforms, google, wordpress, flickr, dopplr, twitter, and many more.

fractured_identity_sml.jpg

I have reached the limits of usefulness for apps that give me nice functionality but take away my ability to manage data across my entire ‘identity’. As I said elsewhere, the collection of tools should be clustered around the user, not around platforms or applications. It all starts with the individual. And as an individual user, I want a range of applications to manage my data, metadata, identity etc so I, and hopefully other similarly motivated users, can get on with learning how to control and manage our ‘identity’.

Individuals with independent tools, networked and informed, will be able to capture and manage information about themselves and about vendors. Once people can do that – manage their data, relationships, identities, purchase histories, their records, locations and god knows what – then more cool things will start to happen. And it will be those cool things that will ultimately determine the direction vendors should be looking.

To sum up, the article on CMR hits a few of the targets VRM is aiming at too. It calls for giving greater control to customers over their data as well as proposes that businesses arrange themselves better around customer needs. In order to achieve this laudable goal, it looks to businesses for solutions and implementation, assuming third party providers, intermediaries and closed proprietary platforms to build the CMR world. There is nothing about individuals’ sovereignty over data rather than access to it, no room for user-driven tools, only managed on my user’s behalf or user-centric at best, or user’s privacy and security policy.

One of the fundamental building blocks of VRM is the ability of individual users to take charge of their data instead of managing them via a platform and ‘trading’ that data for the functionality that the platform might provide. Once I have it in my hands, I can manage, analyse and whatever else I wish to do with them, applying various functionality directly*. And share and interact with others in ways richer than platforms currently allow. It might be messier to start with but closer to human affairs in its complexity. And that is a Good Thing.

I want to be able to connect and create relationships without lock-ins (other than the ones that some relationships bring with them naturally :) ). I don’t believe I will be able to do that unless the tools are built around me, for me and eventually by me. Blogging took off when people could set up a page and start publishing in a way previously available only to geeks with HTML skillz. Today I can do more things with my blog than just publish – tag, add videos, plug-in more functionality etc. with the underlying technology invisible to me now. So I want tools and applications that will help me do all that for transactions as well as relationships. Eventually.

—–
* My contribution to this aim is the Mine! project set up to equip individuals with tools to take charge of their data (content, relationships, transactions, knowledge), arrange (analyse, manipulate, combine, mash-up) them according to their needs and preferences and share them on their own terms whilst connected and networked on the web.

Driving your car

TAGS: None

See here:

Now consider the new world of social networks. Facebook, unwittingly or on purpose, has been teaching people to manage their own data about themselves. Facebook’s launch of the Beacon service — which informs Facebook of members’ activities (i.e., purchases) on other sites — was a PR fiasco. But it still familiarized millions of users with the notion that they can control information about themselves online — and determine to whom it is visible.

And here:

Networking on Facebook, MySpace and other silos is like taking driving lessons. There is no recognisable direction. It seems kind of pointless unless you know that it is just learning and practising. Facebook and MySpace seems a lot like that to me. But once people work out how to drive, how to operate the machine and how to get from point A to point B, they will be able to decide what the B is and get around on their own. And that’s when the real fun starts.

And then here:

So the Mine! is an attempt to give people their own car, getting them to decide where they go with it, how fast and who they take along as passangers. They will have to look after it a bit and perhaps learn to maintain it but that will be easier with time too. It is an alternative for networked and social existence on the web for those ready and willing to break out of silos.

Nuff said.

Faust 2.0

TAGS: None

This made me laugh outloud. It flips the helplessness I feel as a user/customer/individual facing a legal boiler plate when dealing with companies, organisation and institutions. Time to do a flip of our own

Devil and EULA

Quote to remember

TAGS: None

- Open source is the altrusitic synchronisation of self interests.
Simon Phipps replying on Twitter

Whose data is it anyway?

TAGS: None

Follow up on previous thoughts on data and ownership… as cross-posted from VRM Hub.

Talking about ownership of data online in terms of control is fairly pointless. Once your data is out, it’s out. So instead of delving into the meaning of ownership and what it means in a decentralised, distributed and open network where sharing and transparency are default, let’s look at how the data is generated by the individual and shared through interactions with others.

Data as generated online is akin to a positive externality for the vendors and platforms that capture our data. Positive externality* is something that is not part of the value traded in market exchanges. It is something one of the parties in the trade benefits from, without having to pay for it. For illustration, pollution is considered a negative externality as it is

a) a by-product of manufacturing processes and,
b) is not included in the cost or price of the products.

So, when I am buying something from Amazon or Virgin Atlantic site, the explicit value exchange is the goods they provide and the money I pay for those goods. My data is external to that value exchange – the vendor is not paying for it and I am not being paid for it. In the current set-up (no pun intended), the vendors benefit by using the data in ways that help their business, from mining to selling it on. I, on the other hand, have scant legal protection against that and even with all the laws in place such as Data Protection Act and other restrictions on those who capture my data, a large portion of data collected from me is for marketing purposes.. and usually way above the threshold of legally required data to complete transactions.

The advent of the ‘free’ web has mightily confused the distinction between data as part of a value exchange and data as a positive externality – simply because most platforms with web services have turned what is essentially an external benefit from other exchanges to foundations of their business models. The ‘free services’ I receive are ‘paid for’ by my attention and/or my data – both eagerly gathered by various platforms. Advertising is a way to monetise my attention aka eyeball and the race to monetising my data (short of crude selling on) is still on.

In this context I own my data (in a way I own my attention) and neither should be considered a payment for the (free) web services unless it is specified in the terms of the exchange or service. It is merely a shift from one business model – online retail such as Amazon – to another where data becomes the value exchanged tacitly and without clear understanding. This is another reason why privacy remains an issue with such web services and platforms. As long as I have to depend on a third party to protect my privacy, it will be exposed by accident (incompetence), force (authorities) or abuse (marketing & advertising).

The tensions between the data created and managed by us and the tools we use belonging to someone else, are becoming obvious on the social web. Mike Arrington’s outrage a few months back when Facebook was turning its back on FriendConnect is justified.

The fact is, this isn’t Facebook’s data. It’s my data. And if I give Google permission to do stuff with it, I’m damned well within my rights to do so. By blocking Google, Facebook has blocked ME. And that, frankly, kind of frustrates me.

Let me put this another way. How dare Facebook tell ME that I cannot give Google access to this data!

Arrington also condemns Scoble’s early attempts at ‘data portability’:

Scoble has been on the wrong side of this issue before, when he tried to scrape his friend’s contact information out of Facebook and export it to Plaxo. In that case, it wasn’t his data and he didn’t have the right to make it portable. It’s MY data, once again, and only I should be allowed to make that decision. He thinks his new position shows that he gets the importance of privacy, but once again he isn’t thinking in terms of who really owns the data and should be allowed to make decisions around it.

Here we go, ownership of data again. So when I add someone to my network, together with his photo and other profile details, I do not ‘own’ that data. It seems pretty pointless to debate that as whenever I sign-up to a social network platform, I am agreeing to the terms and conditions of their relationship with me and to what happens to my data, privacy etc. All my agreements are with the platforms and the way I enter those agreements is definitely lacking in balance of power. We do live in the early days of individual empowerement… but even so, there is a distinct lack of tools that will allow me to be a node in a network independent of someone else’s silo or a platform. I have the same question as Danny O’Brien:

When you want to make a private picture or note available only to your friends, why do you hand it over to a multi-national corporation first?

Moreover, within social networking platforms, there is no corresponding agreement with other users. The terms of service are between me and Facebook, me and MySpace, me and Twitter, me and Flickr, me and Plaxo, me and LinkedIn, me and the socnet du jour… but they do not extend to my relationships with other individuals on the same platform. Relationships are pre-defined, much the same way terms & conditions are, from the point of the platoform, not from the point of the individual. So ironically, social networking platforms designed to help me connect with others, to create and maintain relationships with them, are not allowing me to define those very relationships…

In other words, there is no way to interact with others within the silos based on what I call P2P terms and conditions. These could be privacy agreements, if we so wish, ranging from simply not-bothered-about-what-happens-to-my-contact -details-in-your-social-graph all the way to granulated preferences for different people in my contact list. So just like in the real world – there are people I’d trust with my address book and there are some I wouldn’t trust with my address. Instead of building complicated systems and using technology to make such nuances in relationships explicit, I need tools to help me manage the complexity of human relationships. I need tools to reflect what is already in my head implicitly and defines me as a social animal. Do not tie me up in legal pretzels over various policies, creating permissions and access management nightmares in the process. In the words of Kevin Marks as paraphrased from his Social Cloud talk at Lift08:

Software cannot match out ability to sort out our friends and contact, establish how much we trust them and how we arrive at that trust. No software can fully map the relationships, let alone replace our natural ability to create and maintain them The implication is that therefore software should support the kind of cloud abstraction we have around the internet, also around our social relationships. You can feed it (the social networking app) relationships that are in the ’software in your head’, feed the stuff related to people in your network to software online. Users will assume that your software (this is aimed at developers) will be able to see the information that they have already fed into the software and be able to use it.

Indeed! By I digress. To recap, my data is a kind of externality to purchasing transactions, just like attention is an externality to my reading, watching or listening to something else. Marketing lives off my data, advertising lives off my attention. My data (and by extension me) is not respected because companies can trade it as a commodity without paying for it. The way to address this is not to make them pay for the data (and create many snake oil intermediaries in the process) but to make it possible for companies to enter into relationships with the true owners of the data.

So what is to be done? How to internalise the externality? How do I regain control over something that originates from me and is used in my transactions with others? This is the stuff of VRM.

Broadly speaking, it is about finding tools & technology to give the individual sovereignty over his data, so he can exercise choice over who gets to see it and under what circumstances. This will change the balance of powers and eventually demonstrate to companies that respecting people’s data (and by extension them), they can make more money.

—-
* Definition of externality: Economic theory considers any voluntary exchange to be mutually beneficial to both parties, for example a buyer and seller. Any exchange, however, can result in additional positive or negative effects on third parties. Those who suffer from external costs do so involuntarily, while those who enjoy external benefits do so at no cost. Data is an externality without the third party, where the afffected party is also participating in the transaction. So not an exact theoretical match, but perhaps still helpful in understanding how we got to the point where ‘free services’ feel entitled to their users data.

Ownership of data, privacy policies and other VRM creatures

TAGS: None

Here are some thoughts based on what I posted to the Project VRM mailing list on the discussion about data ownership:

The ownership of data, whatever that means, is merely a starting point of VRM and our attempts to redress the balance of power between vendors and customers. I might volunteer information – to me that means I share it on my own terms – but I also need the ability to establish and
maintain relationships. For that I (others may not) need and want
the following ‘functionality’:

  1. take charge of my data (content, relationships, transactions, knowledge),
  2. arrange (analyse, manipulate, combine, mash-up) it according to my needs and preferences and
  3. share it on my own terms
  4. whilst connected and networked on the web.

That’s what I mean when I talk about turning the individual into a platform, etc etc.

This does not happen by creating a database or a data store, however personal. Store implies passive and static, even with some sort of distribution. The objective is equipping individuals with analytical and other tools to help them understand themselves better and give them an online spring board to relationships with others (in VRM context this includes vendors).

I think it’s the user who should define the nature of the data stored/shared/analysed and what data is called what – whether confidential or premium or whatever. The crucial point is being able to share it (as well as do all sorts of groovy things with it, independently of third party and without the data being hijacked, er, harvested by third parties in the process.)

In the spirit of user-driven-ness, it should be the user who determines the ‘policies’ by which his or her data is managed and shared. I don’t see why they need to be standard(ised) as my sharing preferences and tolerance are a matter of my policy* – just like security and privacy are policies, not systems, i.e. what’s secure or private to me is not necessarily the same to you and vice versa.

What happens after information/data/whatever is shared is partly provenance of the law but mostly of a relationship I have with those the data is shared with… The main issue with the latter is that it can become meaningful only if the user is the most authoritative source of his or her data. Hence I call the means of doing this the Mine!

—-
*My take on privacy is that it is a policy of the individual, not in a sense of privacy policy for the individual selected from a given selection, in the style of Creative Commons. Huge difference. For instance, I have a policy about who I let into my house. I don’t need to display it on my doors or attach it to my address or business cards. It is far more convenient and flexible for me to decide there and then, when someone’s knocking at the door. It is my implicit privacy policy that kicks in. Sure, I don’t want junk mail or door-to-door salesmen but just because I can display notices to that effect, doesn’t mean that is the way to deal with the rest of the humankind. So online, it is about creating tools that help the individual control the data to the point that he/she decides practically and directly who gets to see what – without a third party or intermediary…

cross-posted from VRM Hub

Whit Diffie’s honorary doctorate at Holloway College

TAGS: None

Yesterday, I had the priviledge to attend the graduation ceremony at the Royal Holloway College as a guest of Whit Diffie who received an honorary doctorate for his achievements in the field of cryptography, namely, his pioneering work on the public private key. Wired article from 1994 on the topic sums it up:

Whitfield Diffie took cryptography out of the hands of the spooks and made privacy possible in the digital age – by inventing the most revolutionary concept in encryption since the Renaissance.

The ceremony started at 10.30am in the splendid college Chapel. Alas, as my flight from Boston was delayed by 3 hours the night before, I arrived too late to see whole thing. However, thanks to Alec I got there in time for Whit’s award and his acceptance speech and managed to record all but the first 10-15 seconds of it. Apologies for the quality, as this is recorded with my normal camera, from a screen outside the chapel.

…open to the opportunity to take risks and do things in unexpected ways and do what you want to but not what people recommend. On the other hand I think I can be said to have overdone this so they, when they give my resume, they normally, they gloss over details. I managed to graduate from MIT and I was later immatriculated at Standford university. Alumni register very tactfully shows me as having “graduated” in 1987, that is to say that have lost track of me. And I have two doctorates both kindly given by universities, both kindly given by universities that recognise quality of the work. And so, I find myself, you know, my work doesn’t seem that impressive to me, but fortunately it seems to have made a better impression on other people. So I found this eaxmple of the fact that it is possible to have a successful career without following the socially recommended paths. But I can also tell you that it must be much… easier to do it in the standard forms. As I can hardly say, I cannot say I don’t regret not having been more capable of a more sustained study and having been able to learn what I needed to learn rather than any given moment merely what I happened to be interested in. Thank you very much.

Diffie hasn’t just refused to fit into an educational system or innovate in structured ways. It was the thinking, Damned-if-I-follow-some-of-your-stupid-rules. Because some of them are stupid. As Steven Levy puts in his book Crypto:

Ultimately, it was only by questioning the conventional rules of cryptography and finding some of them “stupid” that Diffie made his breakthroughs. A case in point: the belief that the workings of a secure cryptosystem had to be treated with utmost secrecy. That might have held true for military organisations, but in the computer age, that didn’t make sense. There would be unlimited users who needed a system for privacy; obviously, such a system would have to be distributed so widely that potential crackers would have no trouble getting their hands on it and would have plenty of opportunity to practice attacking it. Instead, the secrecy had to rest somewhere else in the system.

The issue of privacy, boiled down for Whit Diffie to: How do you deal with a trustworthy person in the midst of a world full of untrustworthy people?

Diffie also believed in what he called “a decentralised view of authority”. By creating the proper cryptographic tools, he felt, you could solve the problem – by transferring the data protection from a disinterested third party to the actual user, the one whose privacy was actually at risk.

And this, in my view, applies not only to privacy and cryptographic tools but also to all the other tools that have made the web social and empowering to the individual. To that end, I want to look for ways to build tools that transfer the the data created by the individual in pursuit of his own goals (whether it involves conversations, relationships or transactions) from an abusive or exploitative party (vendor, platform and potentially any third party) to the actual user, the one who benefits from the data, communication and relationships directly.

Whit Diffie’s challenging of accepted rules, whether Doctor of Science or not, has been an inspiration to me, which couldn’t have come at a better time as I see several assumptions about the web ripe for such challenge…

Here are more photos from the event.

Whit Diffie in Holloway Chapel

© 2009 Media Influencer. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.