Category: customertech (Page 1 of 2)

A beckon for Beckn

February 14, 2023 / / 0 Comments

Want to place a bet on where VRM will finally take off? Try India.

Because India is home to the Beckn protocol: one that enables peer-to-peer e-commerce at scale without the big platforms taking a large cut of the pie just for matchmaking. The possibilities are endless and extreme—especially for customers and small businesses.

Beckn is open source (here on Github),  moving into deployment, and expected to grow toward ubiquity on the same slope as Aadhaar, the government ID now held by 1.35 billion people.

To put this into perspective, India has more people than all of Europe (even when you throw in Russia and Turkey), and more than twice the population of North America. Only China has more people, but India is ready to overtake it in just four years.

We will discuss all this and more with Sujith Nair this coming Monday, 20 February, from 2-3:30 PM Eastern Time.  He is the CEO & Co-founder of FIDE.org, the nonprofit behind the Beckn protocol, and may have the clearest vision in the world toward an e-commerce future that isn’t contained inside big tech’s walled gardens: ones in which every business and every customer can operate with both independence and minimized friction.

This will kick off the Workshop’s next Beyond the Web salon series . Stay tuned for more in the coming months, but be sure to catch this one. It could hardly matter more for what our project has worked toward since 2006.

It’s both in-person and online, and free. But you need to register. Do that here.

The Rise of Robot Retail

March 1, 2022 / / 1 Comment

end of personal dealings
From Here Comes the Full Amazonification of Whole Foods, by Cecelia Kang (@CeceliaKang) in The New York Times:

…In less than a minute, I scanned both hands on a kiosk and linked them to my Amazon account. Then I hovered my right palm over the turnstile reader to enter the nation’s most technologically sophisticated grocery store…

Amazon designed my local grocer to be almost completely run by tracking and robotic tools for the first time.

The technology, known as Just Walk Out, consists of hundreds of cameras with a god’s-eye view of customers. Sensors are placed under each apple, carton of oatmeal and boule of multigrain bread. Behind the scenes, deep-learning software analyzes the shopping activity to detect patterns and increase the accuracy of its charges.

The technology is comparable to what’s in driverless cars. It identifies when we lift a product from a shelf, freezer or produce bin; automatically itemizes the goods; and charges us when we leave the store. Anyone with an Amazon account, not just Prime members, can shop this way and skip a cash register since the bill shows up in our Amazon account.

And this is just Amazon. Soon it will be every major vendor of everything, most likely with Amazon as the alpha sphincter among all the chokepoints controlled by robotic intermediaries between first sources and final customers—with all of them customizing your choices, your prices, and whatever else it takes to engineer demand in the marketplace—algorithmically, robotically, and most of all, personally.

Some of us will like it, because it’ll be smooth, easy and relatively cheap. It will also subordinate us utterly to machines. Or perhaps udderly, because we will be calves raised to suckle on the teats of retail’s robot cows.

This system can’t be fixed from within. Nor can it be fixed by regulation, though some of that might help. It can only be obsolesced by customers who bring more to the market’s table than cash, credit, appetites and acquiescence to systematic training.

What more?

Start with information. What do we actually want (including, crucially, to not be bothered by hype or manipulated by surveillance systems)?

Add intelligence. What do we know about products, markets, needs, and how things actually work than roboticized systems can begin to guess at?

Then add values, such as freedom, choice, agency, care for others, and the ability to collectivize in constructive and helpful ways on our own.

Then add tech. But this has to be our tech: customertech that we bring to market as independent, sovereign and capable human beings. Not just as “users” of others’ systems, or consumers (which Jerry Michalski calls “gullets with wallets and eyeballs”) of whatever producers want to feed us.

Time for solutions. Here is a list of fourteen market problems that can only be solved from the customers’ side.

And yes, we do need help from the sellers’ side. But not with promises to make their systems more “customer centric.” (We’ve been flagging that as a fail since 2008.) We need CRM that welcomes VRM. B2C that welcomes Me2B.

And money. Our startups and nonprofits have done an amazing job of keeping the VRM and Me2B embers burning. But they could do a lot more with some gas on those things.

Salon with Robin Chase

February 4, 2022 / / 0 Comments

Robin Chase, co-founder and original CEO of Zipcar and author of Peers Inc: How People and Platforms are Inventing the Collaborative Economy and Reinventing Capitalism, will speak at the Ostrom Workshop s Beyond the Web Salon Series at Indiana University at 2:00 PM Eastern this coming Monday, February 7, 2022. The event link is here, where you’ll also find the Zoom link.

The full theme of the salon series is Beyond the Web: Making a platform-free online marketplace for goods, ideas and everything else, about which you can read more here.

Robin’s work with transportation and peer production has been VRooMy from the start, and especially consistent with our work with the Ostrom Workshop on the Intention Byway in Bloomington, Indiana.

Upcoming speakers in the Salon Series (mark your calendars) are Ethan Zuckerman and Shoshana Zuboff. Both are BKC veterans and, like Robin, devoted to moving beyond status quos that vex us all. Ethan will be with us on March 7 and Shoshana on April 11. Days and times for both are Mondays at 2:00 PM Eastern. Details at those links.<

These events are all participatory, informative, challenging and fun. Please join us.

ProjectVRM at 15

October 5, 2021 / / 0 Comments

This project started in September 2006, when I became a fellow at what is now the Berkman Klein Center. Our ambitions were not small.:

  1. To encourage development of tools by which individuals can take control of their relationships with organizations — especially in commercial marketplaces.
  2. To encourage and conduct research on VRM-related theories, usage of VRM tools, and effects as adoption of VRM tools takes place.

The photo above is of our first workshop, at Harvard Law School, in 2008. Here is another photo with a collection of topics discussed in breakout sessions:

Zoom in on any of the topics there (more are visible on the next photo in the album), and you will find many of them still on the table, thirteen years later. Had some prophet told us then that this would still be the case, we might have been discouraged. But progress has been made on all those fronts, and the main learning in the meantime is that every highly ambitious grassroots movement takes time to bear fruit.

One example is what we discussed in the “my red dot” breakout at the May 2007 Internet Identity Workshop (the 3rd of what next week will be our 33rd ) is now finally being done with the Byway, which is about to get prototyped by our nonprofit spin-off, Customer Commons, with help from the Ostrom Workshop at Indiana University Bloomington, where Joyce and I are currently embedded as visiting scholars.

Our mailing list numbers 567 members, and is active, though it won’t hog your email flow. Check out the action at that link. And, if you like, join in.

You can also join in at our next gathering, VRM Day 2021b, which happens this coming Monday, 11 October.  We’ll visit our learnings thus far, and present progress and plans on many fronts, including

And we thank the BKC for its patience and faith in our project and its work.

How the Web sucks

September 11, 2021 / / 0 Comments

This spectrum of emojis is a map of the Web’s main occupants (the middle three) and outliers (the two on the flanks). It provides a way of examining who is involved, where regulation fits, and where money gets invested and made. Yes, it’s overly broad, but I think it’s helpful in understanding where things went wrong and why. So let’s start.

Wizards are tech experts who likely run their own servers and keep private by isolating themselves and communicating with crypto. They enjoy the highest degrees of privacy possible on and around the Web, and their approach to evangelizing their methods is to say “do as I do” (which most of us, being Muggles, don’t). Relatively speaking, not much money gets made by or invested in Wizards, but much money gets made because of Wizards’ inventions. Those inventions include the Internet, the Web, free and open source software, and much more. Without Wizards, little of what we enjoy in the digital world today would be possible. However, it’s hard to migrate their methods into the muggle population.

‍Muggles are the non-Wizards who surf the Web and live much of their digital lives there, using Web-based services on mobile apps and browsers on computers. Most of the money flowing into the webbed economy comes from Muggles. Still, there is little investment in providing Muggles with tools for operating or engaging independently and at scale across the websites and services of the world. Browsers and email clients are about it, and the most popular of those (Chrome, Safari, Edge) are by the grace of corporate giants. Almost everything Muggles do on the Web and mobile devices is on apps and tools that are what the trade calls silos or walled gardens: private spaces run by the websites and services of the world.

Sites. This category also includes clouds and the machinery of e-commerce. These are at the heart of the Web: a client-server (aka calf-cow) top-down, master-slave environment where servers rule and clients obey. It is in this category that most of the money on the Web (and e-commerce in general) gets made, and into which most investment money flows. It is also here that nearly all development n the connected world today happens.

 Ad-tech, aka adtech, is the home of surveillance capitalism, which relies on advertisers and their agents knowing all that can be known about every Muggle. This business also relies on absent Muggle agency, and uses that absence as an excuse for abusing the privilege of committing privacy violations that would be rude or criminal in the natural world. Also involved in this systematic compromise are adtech’s dependents in the websites and Web services of the world, which are typically employed by adtech to inject tracking beacons in Muggles’ browsers and apps. It is to the overlap between adtech and sites that all privacy regulation is addressed. This is why, the GDPR sees Muggles as mere “data subjects,” and assigns responsibility for Muggle’s privacy to websites and services the regulation calls “data controllers” and “data processors.” The regulation barely imagines that Muggles could perform either of those roles, even though personal computing was invented so every person can do both. (By the way, the adtech business and many of its dependents in publishing like to say the Web is free because advertising pays for it. But the Web is as free by nature as are air and sunlight. And most of the money Google makes, for example, comes from plain old search advertising, which can get along fine without tracking. There is also nothing about advertising itself that requires tracking.)

 Crime happens on the Web, but its center of gravity is outside, on the dark web. This is home to botnets, illegal porn, terrorist activity, ransom attacks, cyber espionage, and so on. There is a lot of overlap between crime and adtech, however, given the moral compromises required for adtech to function, plus the countless ways that bots, malware and other types of fraud are endemic to the adtech business. (Of course, to be an expert criminal on the dark web requires a high degree of wizardry. So I one could arrange these categories in a circle, with an overlap between wizards and criminals.)

I offer this set of distinctions for several reasons. One is to invite conversation about how we have failed the Web and the Web has failed us—the Muggles of the world—even though we enjoy apparently infinite goodness from the Web and handy services there. Another is to explain why ProjectVRM has been more aspirational than productive in the fifteen years it has been working toward empowering people on the commercial Net. (Though there has been ample productivity.) But mostly it is to explain why I believe we will be far more productive if we start working outside the Web itself. This is why our spinoff, Customer Commons, is pushing forward with the Byway toward i-commerce. Check it out.

Finally, I owe the idea for this visualization to Iain Henderson, who has been with ProjectVRM since before it started. (His other current involvements are with JLINC and Customer Commons.) Hope it proves useful.

What makes a good customer?

April 11, 2021 / / 2 Comments

For awhile the subhead at Customer Commons (our nonprofit spin-off) was this:

How good customers work with good companies

It’s still a timely thing to say, since searches on Google for “good customer” are at an all-time high:

 

The year 2004, when Google began keeping track of search trends, was also the year “good customer” hit at an all-time high in percentage of appearances in books Google scanned*:

So now might be the time to ask, What exactly is a “good customer?

The answer depends on the size of the business, and how well people and systems in the business know a customer. Put simply, it’s this:

  1. For a small business, a good customer is a person known by face and name to people who work there, and who has earned a welcome.
  2. For a large business, it’s a customer known to spend more than other customers.

In both cases, the perspective is the company’s, not the customer’s.

Ever since industry won the industrial revolution, the assumption has been that business is about businesses, not about customers. It doesn’t matter how much business schools, business analysts, consultants and sellers of CRM systems say it’s about customers and their “experience.” It’s not.

To  see how much it’s not, do a Bing or a Google search for “good customer.” Most of the results will be for good customer + service. If you put quotes around “good customer” on either search engine and also The Markup’s Simple Search (which brings to the top “traditional” results not influenced by those engines’ promotional imperatives), your top result will be Paul Jun’s How to be a good customer post on Help Scout. That one offers “tips on how to be a customer that companies love.” Likewise with Are You a Good Customer? Or Not.: Are you Tippin’ or Trippin’? by Janet Vaughan, one of the top results in a search for “good customer” at Amazon. That one is as much a complaint about bad customers as it is advice for customers who aspire to be good. Again, the perspective is a corporate one: either “be nice” or “here’s how to be nice.”

But what if customers can be good in ways that don’t involve paying a lot, showing up frequently and being nice?

For example, what if customers were good sources of intelligence about how companies and their products work—outside current systems meant to minimize exposure to customer input and to restrict that input to the smallest number of variables? (The worst of which is the typical survey that wants to know only how the customer was treated by the agent, rather than by the system behind the agent.)

Consider the fact that a customer’s experience with a product or service is far more rich, persistent and informative than is the company’s experience selling those things, or learning about their use only through customer service calls (or even through pre-installed surveillance systems such as those which for years now have been coming in new cars).

The curb weight of customer intelligence (knowledge, knowhow, experience) with a company’s products and services far outweighs whatever the company can know or guess at.

So, what if that intelligence were to be made available by the customer, independently, and in standard ways that worked at scale across many or all of the companies the customer deals with?

At ProjectVRM, this has been a consideration from the start. Turning the customer journey into a virtuous cycle explores how much more the customer knows on the “own” side of what marketers call the “customer life journey”†:

Given who much more time a customer spends owning something than buying it, the right side of that graphic is actually huge.

I wrote that piece in July 2013, alongside another that asked, Which CRM companies are ready to dance with VRM? In the comments below, Ray Wang, the Founder, Chairman and Principal Analyst at Constellation Research, provided a simple answer: “They aren’t ready. They live in a world of transactions.”

Yet signals between computing systems are also transactional. The surveillance system in your new car is already transacting intelligence about your driving with the company that made the car, plus its third parties (e.g. insurance companies). Now, what if you could, when you wish, share notes or questions about your experience as a driver? For example—

  • How there is a risk that something pointed and set in the trunk can easily puncture the rear bass speaker screwed into the trunk’s roof and is otherwise unprotected
  • How some of the dashboard readouts could be improved
  • How coins or pens dropped next to the console between the front seats risk disappearing to who-knows-where
  • How you really like the way your headlights angle to look down bends in the road

(Those are all things I’d like to tell Toyota about my wife’s very nice (but improvable) new 2020 Camry XLE Hybrid. )

We also visited what could be done in How a real customer relationship ought to work in 2014 and in Market intelligence that flows both ways in 2016. In that one we use the example of my experience with a pair of Lamo moccasins that gradually lost their soles, but not their souls (I still have and love them):

By giving these things a pico (a digital twin of itself, or what we might call internet-of-thing-ness without onboard smarts), it is not hard to conceive a conduit through which reports of experience might flow from customer to company, while words of advice, reassurance or whatever might flow back in the other direction:

That’s transactional, but it also makes for a far better relationship that what today’s CRM systems alone can imagine.

It also enlarges what “good customer” means. It’s just one way how, as it says at the top, good customers can work with good companies.

Something we’ve noticed in Pandemic Time is that both customers and companies are looking for better ways to get along, and throwing out old norms right and left. (Such as, on the corporate side, needing to work in an office when the work can also be done at home.)

We’ll be vetting some of those ways at VRM/CuCo Day, Monday 19 April. That’s the day before the Internet Identity Workshop, where many of us will be talking and working on bringing ideas like these to market. The first is free, and the second is cheap considering it’s three days long and the most leveraged conference of any kind I have ever known. See you there.

*Google continued scanning books after that time, but the methods differed, and some results are often odd. (For example, if your search goes to 2019, the last year they cover, the  results start dropping in 2009, hit zero in 2012 and stay at zero after that—which is clearly wrong as well as odd.)

†This graphic, and the whole concept, are inventions of Estaban Kolsky, one of the world’s great marketing minds. By the way, Estaban introduced the concept here in 2010, calling it “the experience continuum.” The graphic above comes from a since-vanished page at Oracle.

Toward e-commerce 2.0

March 25, 2021 / / 0 Comments

Phil Windley explains e-commerce 1.0  in a single slide that says this:

One reason this happened is that client-server, aka calf-cow  (illustrated in Thinking outside the browser) has been the default format for all relationships on the Web, and cookies are required to maintain those relationships.  The result is a highly lopsided power asymmetry in which the calves have no more power than the cows give them. As a result,

  1. The calves have no easy way even to find  (much less to understand or create) the cookies in their browsers’ jars.
  2. The calves have no identity of their own, but instead have as many different identities as there are websites that know (via cookies) their visiting browsers. This gives them no independence, much less a place to stand like Archimedes, with a lever on the world. The browser may be a great tool, but it’s neither that place to stand, nor a sufficient lever. (Yes, it should have been, and maybe still could be; but meanwhile, it isn’t.)
  3. All the “agreements” the calves have with the websites’ cows leave no readable record on the calves’ side. This severely limits their capacity for dispute, which is required for a true relationship.
  4. There exists no independent way the calves to signal their intentions—such as interests in purchase, conditions for engagement, or the need to be left alone (which is how Brandeis and Warren define privacy).

In other words, the best we can do in e-commerce 1.0 is what the calf-cow system provides: ways for calves to depend utterly on means the cows provide. And some of those cows are mighty huge.

Nearly all of signaling between demand and supply remains trapped inside these silos and walled gardens. We search inside their systems, we are notified of product and service availability inside their systems, we make agreements inside their systems (to terms and conditions they provide and require), or privacy is dependent on their systems, and product and service delivery is handled either inside their systems or through allied and dependent systems.

Credit where due: an enormous amount of good has come out of these systems. But a far larger amount of good is MLOTT—money left on the table—because there is a boundless sum and variety of demand and supply that still cannot easily signal their interest, intentions of presence to each other in the digital world.

Putting that money on the table is our job in e-commerce 2.0.

So here is a challenge: tell us how we can do that without using browsers.

Some of us here do have ideas. But we’d like to hear from you first.

Cross-posted at the ProjectVRM blog, here.

Let’s zero-base zero-party data

December 9, 2020 / / 1 Comment

Forrester Research has gifted marketing with a hot buzzphrase: zero-party data, which they define as “data that a customer intentionally and proactively shares with a brand, which can include preference center data, purchase intentions, personal context, and how the individual wants the brand to recognize her.”

Salesforce, the CRM giant (that’s now famously buying Slack), is ambitious about the topic, and how it can “fuel your personalized marketing efforts.” The second person you is Salesforce’s corporate customer.

It’s important to unpack what Salesforce says about that fuel, because Salesforce is a tech giant that fully matters. So here’s text from that last link. I’ll respond to it in chunks. (Note that zero, first and third party data is about you, no matter who it’s from.)

What is zero-party data?

Before we define zero-party data, let’s back up a little and look at some of the other types of data that drive personalized experiences.

First-party data: In the context of personalization, we’re often talking about first-party behavioral data, which encompasses an individual’s site-wide, app-wide, and on-page behaviors. This also includes the person’s clicks and in-depth behavior (such as hovering, scrolling, and active time spent), session context, and how that person engages with personalized experiences. With first-party data, you glean valuable indicators into an individual’s interests and intent. Transactional data, such as purchases and downloads, is considered first-party data, too.

Third-party data: Obtained or purchased from sites and sources that aren’t your own, third-party data used in personalization typically includes demographic information, firmographic data, buying signals (e.g., in the market for a new home or new software), and additional information from CRM, POS, and call center systems.

Zero-party data, a term coined by Forrester Research, is also referred to as explicit data.

They then go on to quote Forrester’s definition, substituting “[them]” for “her.”

The first party in that definition the site harvesting “behavioral” data about the individual. (It doesn’t square with the legal profession’s understanding of the term, so if you know that one, try not to be confused.)

It continues,

why-is-zero-party-data-important

Forrester’s Fatemeh Khatibloo, VP principal analyst, notes in a video interview with Wayin (now Cheetah Digital) that zero-party data “is gold. … When a customer trusts a brand enough to provide this really meaningful data, it means that the brand doesn’t have to go off and infer what the customer wants or what [their] intentions are.”

Sure. But what if the customer has her own way to be a precious commodity to a brand—one she can use at scale with all the brands she deals with? I’ll unpack that question shortly.

There’s the privacy factor to keep in mind too, another reason why zero-party data – in enabling and encouraging individuals to willingly provide information and validate their intent – is becoming a more important part of the personalization data mix.

Two things here.

First, again, individuals need their own ways to protect their privacy and project their intentions about it.

Second, having as many ways for brands to “enable and encourage” disclosure of private information as there are brands to provide them is hugely inefficient and annoying. But that is what Salesforce is selling here.

As industry regulations such as GDPR and the CCPA put a heightened focus on safeguarding consumer privacy, and as more browsers move to phase out third-party cookies and allow users to easily opt out of being tracked, marketers are placing a greater premium and reliance on data that their audiences knowingly and voluntarily give them.

Not if the way they “knowingly and voluntarily” agree to be tracked is by clicking “AGREE” on website home page popovers. Those only give those sites ways to adhere to the letter of the GDPR and the CCPA while also violating those laws’ spirit.

Experts also agree that zero-party data is more definitive and trustworthy than other forms of data since it’s coming straight from the source. And while that’s not to say all people self-report accurately (web forms often show a large number of visitors are accountants, by profession, which is the first field in the drop-down menu), zero-party data is still considered a very timely and reliable basis for personalization.

Self-reporting will be a lot more accurate if people have real relationships with brands, rather (again) than ones that are “enabled and encouraged” in each brand’s own separate way.

Here is a framework by which that can be done. Phil Windley provides some cool detail for operationalizing the whole thing here, here, here and here.

Even if the countless separate ways are provided by one company (e.g. Salesforce),  every brand will use those ways differently, giving each brand scale across many customers, but giving those customers no scale across many companies. If we want that kind of scale, dig into the links in the paragraph above.

With great data comes great responsibility.

You’re not getting something for nothing with zero-party data. When customers and prospects give and entrust you with their data, you need to provide value right away in return. This could take the form of: “We’d love you to take this quick survey, so we can serve you with the right products and offers.”

But don’t let the data fall into the void. If you don’t listen and respond, it can be detrimental to your cause. It’s important to honor the implied promise to follow up. As a basic example, if you ask a site visitor: “Which color do you prefer – red or blue?” and they choose red, you don’t want to then say, “Ok, here’s a blue website.” Today, two weeks from now, and until they tell or show you differently, the website’s color scheme should be red for that person.

While this example is simplistic, the concept can be applied to personalizing content, product recommendations, and other aspects of digital experiences to map to individuals’ stated preferences.

This, and what follows in that Salesforce post, is a pitch for brands to play nice and use surveys and stuff like that to coax private information out of customers. It’s nice as far as it can go, but it gives no agency to customers—you and me—beyond what we can do inside each company’s CRM silo.

So here are some questions that might be helpful:

  • What if the customer shows up as somebody who already likes red and is ready to say so to trusted brands? Or, better yet, if the customer arrives with a verifiable claim that she is already a customer, or that she has good credit, or that she is ready to buy something?
  • What if she has her own way of expressing loyalty, and that way is far more genuine, interesting and valuable to the brand than the company’s current loyalty system, which is full of gimmicks, forms of coercion, and operational overhead?
  • What if the customer carries her own privacy policy and terms of engagement (ones that actually protect the privacy of both the customer and the brand, if the brand agrees to them)?

All those scenarios yield highly valuable zero-party data. Better yet, they yield real relationships with values far above zero.

Those questions suggest just a few of the places we can go if we zero-base customer relationships outside standing CRM systems: out in the open market where customers want to be free, independent, and able to deal with many brands with tools and services of their own, through their own CRM-friendly VRM—Vendor Relationship Management—tools.

VRM reaching out to CRM implies (and will create)  a much larger middle market space than the closed and private markets isolated inside every brand’s separate CRM system.

We’re working toward that. See here.

 

Markets as conversations with robots

February 5, 2020 / / 7 Comments

From the Google AI blogTowards a Conversational Agent that Can Chat About…Anything:

In “Towards a Human-like Open-Domain Chatbot”, we present Meena, a 2.6 billion parameter end-to-end trained neural conversational model. We show that Meena can conduct conversations that are more sensible and specific than existing state-of-the-art chatbots. Such improvements are reflected through a new human evaluation metric that we propose for open-domain chatbots, called Sensibleness and Specificity Average (SSA), which captures basic, but important attributes for human conversation. Remarkably, we demonstrate that perplexity, an automatic metric that is readily available to any neural conversational models, highly correlates with SSA.

A chat between Meena (left) and a person (right).
Meena
Meena is an end-to-end, neural conversational model that learns to respond sensibly to a given conversational context. The training objective is to minimize perplexity, the uncertainty of predicting the next token (in this case, the next word in a conversation). At its heart lies the Evolved Transformer seq2seq architecture, a Transformer architecture discovered by evolutionary neural architecture search to improve perplexity.
 
Concretely, Meena has a single Evolved Transformer encoder block and 13 Evolved Transformer decoder blocks as illustrated below. The encoder is responsible for processing the conversation context to help Meena understand what has already been said in the conversation. The decoder then uses that information to formulate an actual response. Through tuning the hyper-parameters, we discovered that a more powerful decoder was the key to higher conversational quality.
So how about turning this around?

What if Google sold or gave a Meena model to people—a model Google wouldn’t be able to spy on—so people could use it to chat sensibly with robots or people at companies?

Possible?

If, in the future (which is now—it’s freaking 2020 already), people will have robots of their own, why not one for dealing with companies, which themselves are turning their sales and customer service systems over to robots anyway?

What law might clear the way for VRM/Me2B development?

September 16, 2019 / / 1 Comment

VRM/Me2B developers shouldn’t have to wait for laws to pave the way through a wall-like status quo.  (And we say that in our Privacy Manifesto.) But a good law or two should help.

That was I had hoped—even expected—the GDPR to do.  Specifically, I called it  “the world’s most heavily weaponized law protecting personal privacy,” said it was “aimed at companies that track people without asking” and that it would “blow away the (mostly US-based) surveillance economy, especially tracking-based ‘adtech,’ which supports most commercial publishing online.”

That hasn’t happened.

It has been sixteen months since the GDPR went into effect (May 2018), and violation of personal privacy online today remains as pervasive as ever. Worse, violators take advantage of a loophole* in the GDPR that allows them to continue tracking people by requiring (or appearing to require) “consent” to  cookies and other means of tracking (so you can get “personalized,” “interest-based” or “relevant” advertising, the perpetrators say). As long as various EU countries’ Data Protection Authorities (who enforce the GDPR) fail to focus on simple fact that nearly every website and its third parties are doing the same bad things Google and Facebook are accused of doing, the practice will continue, and the GDPR will remain a failure at stopping widespread spying-based adtech.

Meanwhile, many privacy advocates in the U.S. (including me) have invested hope in the California Consumer Privacy Act (CCPA), which will go into effect on January 1, 2020.  I invite you to visit the operative language in that law, starting  here. As legalese goes, it’s remarkably readable. Meanwhile, Wikipedia compresses these rather well under the heading Intentions of the Act:

The intentions of the Act are to provide California residents with the right to:

  1. Know what personal data is being collected about them.
  2. Know whether their personal data is sold or disclosed and to whom.
  3. Say no to the sale of personal data.
  4. Access their personal data.
  5. Request a business to delete any personal information about a consumer collected from that consumer.
  6. Not be discriminated against for exercising their privacy rights.

Note that this presumes that nearly all agency resides on the data collectors’ side, and that the only agency possible on the individual’s side is asking to know or say no to what others who collected personal data can do with it.

That’s not enough.

Making matters worse is that we are mere “consumers” to the CCPA, “data subjects” to the GDPR and “users” to the computer industry—in each case with no more freedom and agency than what potential violators of our privacy (e.g. the websites and services of the world) separately grant us, through their countless, lengthy and infinitely varied privacy policies, terms and “agreements.”

In other words, we’re still at Square Zero, and Square One is neither the CCPA nor the GDPR. Those are relevant in the ways that guard rails are relevant to a winding road; but we don’t have the road yet.

While I’ve made it clear elsewhere that we need tech more than policy (because tech of our own—VRM tech—gives us agency), it will sure help to have policy that guides the deployment of that tech.

So,  what law might actually open the way for VRM development, preferably by simply giving individuals a new power they’ve been lacking, such as real control over just one aspect of their privacy: what Louis Brandeis and Samuel Warren called “the right to be let alone” when we’re online?

I like two.

First is the Do-Not-Track Act of 2019. It’s model legislation from DuckDuckGo, and explained this way:

When you turn on the setting in your browser that says “Do Not Track”, you probably expect to no longer be tracked on most websites you visit. Right? Well, you would be wrong. But don’t worry, you’re not alone.

Our recent study on the Do Not Track (DNT) browser setting indicated that about a quarter of people have turned on this setting, and most were unaware big sites do not respect it. That means approximately 75 million Americans, 115 million citizens of the European Union, and many more people worldwide are, right now, broadcasting a DNT signal.

All of these people are actively asking the sites they visit to not track them. Unfortunately, no law requires websites to respect your Do Not Track signals, and the vast majority of sites, including most all of the big tech companies, sadly choose to simply ignore them.

Let’s change that now. Let’s put teeth behind this widely used browser setting by making a law that would align with current consumer expectations and empower people to more easily regain control of their online privacy.

While DuckDuckGo actively supports the passing of strong, comprehensive privacy laws, we also recognize that it will take time for them to take effect worldwide. In the meantime, governments can provide immediate relief by enacting separate, simpler Do Not Track legislation.

It is extremely rare to have such an exciting legislative opportunity like this, where the hardest work — coordinated mainstream technical implementation and widespread consumer adoption — is already done.

That’s why we’re announcing draft legislation that can serve as a starting point for legislators in America and beyond. It’s entitled the “Do-Not-Track Act of 2019” and, if it were to be enacted, would require sites to respect the Do Not Track browser setting in this manner:

  1. No third-party tracking by default. Data brokers would no longer be legally able to use hidden trackers to slurp up your personal information from the sites you visit. And the companies that deploy the most trackers across the web — led by Google, Facebook, and Twitter — would no longer be able to collect and use your browsing history without your permission.
  2. No first-party tracking outside what the user expects. For example, if you use Whatsapp, its parent company (Facebook) wouldn’t be able to use your data from Whatsapp in unrelated situations (like for advertising on Instagram, also owned by Facebook). As another example, if you go to a weather site, it could give you the local forecast, but not share or sell your location history.

Under this proposed law, these restrictions would only come into play if a consumer has turned on the Do Not Track signal for their Internet traffic. To keep the Internet from breaking, these restrictions would have very narrowly tailored exceptions for debugging, auditing, security, non-commercial security research, and reporting, and further limited by mandated data-minimization requirements.

In particular, each of these narrow exceptions would only apply if a site adopts strict data-minimization practices, such as using the least amount of personal information needed, and anonymizing it whenever possible. And importantly, this draft legislation takes a more realistic view of what constitutes anonymous data vs. de-identified data. Legislators need to appreciate that users can be re-identified unless companies implement extra measures of protection.

Katherine Druckman and I also talked about this a bit with Gabriel Weinberg, CEO and founder of DuckDuckGo, in our Reality 2.0 podcast with him last month.

The other is Adrian Gropper‘s Patient Privacy Rights Information Governance Label. It says,

Patient Privacy Rights Information Governance Label August 19, 2019 Note: 0-to-5 of the boxes to be checked by the application, device, or service provider.1. No sharing: The data is never shared with any external entities. It is not even shared in de-identified form.

2. No aggregation: The data is never aggregated with other types of input or data from external sources. This includes mixing the data gathered via The Service with other data, such as patient-reported outcomes.

3. Always voluntary self-identification: The user of The Service is able to choose their own identity. The user does not need to have their identity verified unless required by law.

4. Digital agent support: The user is able to specify a digital agent, trustee, or equivalent information manager, and this specified agent will not be subject to certification or censorship.

5. No vendor lock-in: The Service is easily and conveniently substitutable, so the user can easily move their data to another vendor providing a similar service. This prevents vendor lock-in and is often accomplished using Open Standards. Indications for Use: The five separately self-asserted statements on the PPR Information Governance Label are subject to legal enforcement as would the privacy policy associated with The Service.

While not proposed as a law, it would be good to have a law that imposes those requirements, and leaves room for individuals to provide for exceptions, for example when they have working relationships with a service provider.

Maciej Ceglowski also has some good suggestions.

*Part 1 under Article 6 of the GDPR, covering the “Lawfulness of processing,” says, “Processing shall be lawful only if and to the extent that at least one of the following applies: (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.” Hence the consent notices with an “accept” button in front of websites.  These are most often presented as “cookie notices.” (Which are actually required by earlier EU law that was to some degree ignored until the GDPR came along.)

Whether a notice on the front of a website talks cookies or not, it usually means the site is obtaining your consent to being tracked “to personalize content and advertising” (or whatever) by spying on you. I’ve been told by GDPR experts that this really isn’t a loophole, and that most of these consent notices actually violate the GDPR’s letter and not just its spirit. Still, while that might be true, violation of the GDPR’s spirit remains normative.

« Older posts

© 2024 ProjectVRM

Theme by Anders NorenUp ↑