Category: Privacy (Page 5 of 5)

Coming to terms

June 4, 2012 / / 12 Comments

We lie every time we “accept” terms that we haven’t read — a pro forma  behavior that is all but required by the calf-cow model of the Web that’s prevailed since 1995. We need to change that. And so we are.

StandardLabel.org is working on “A clear, consistent way for websites to say what they do with the data they share, before we share it.” While its recent Kickstarter campaign came up a bit short, the work continues. Here is one (prototypical) way that label might look:

(The actual image I wanted there was this one, but heard it wasn’t showing up in all browsers, so I went with the one above.)

The StandardLabel folks also have a survey, which I recommend taking.

CommonTerms intends “to solve the problem of non-accessible online legal texts in a way similar to how Creative Commons made different copyright licenses accessible,” adding, “We thought that by analyzing existing agreements, we could identify the most common terms, and then create icons to symbolize them.” Background:

The CommonTerms project is coordinated by Metamatrix AB andsponsored by Internetfonden.se

The project is a result of a session on “sustainable web development” by Pär Lannerö and Thomas Bjelkeman at the Sweden Social Web Camp, in August 2010.

Their prototype, focused on icons, stars Pär and looks like this:

Par and  Lars-Erik Jakobsson (icon), Gregg BernsteinCarl TörnquistHanna ArkestålMax WalterMattias AspelundAnders Carlman have since added BiggestLie.com, source of the image at the top of this post, plus this one here, which I just earned:

The idea is to start getting real about what we’re all doing and not doing.

What we’re doing is lying: i.e. agreeing not only to what we don’t read, but to the rotted status quo of which one-sided non-agreements are a part. What we’ve not been doing for most of the last 17 years is solving the problem.

But, thanks to the work above (plus whatever I’ve missed), we are doing some things. So are PDEC.cc and companies like Personal. Other work is happening with personal clouds. (PDEC is on that case too.) Aza Raskin‘s Privacy Icons are an effort in this same direction. (CommonTerms has a longer list.)

Still, looks to me like most of the work being done so far is on the cow side of the calf-cow relationship. On our side, we need to stop being calves, for real. That is, we need to have full agency in the original sense of the word: power to cause intended effects on our own.

For that we will need machine- and user-readable ways to express own terms, preferences and policies, so they can be read by sites (the cows) and matched up. That’s the idea behind EmanciTerm, described in How about using the ‘No Track’ button we already have? and in The Intention Economy. There I explain,

With full agency, however, an individual can say, in the first person voice, “I own my data, I control who gets access to it, and I specify what I wish to happen under what conditions.” In the latter category, those wishes might include:

  • Don’t track my activities outside of this site.
  • Don’t put cookies in my browser for anything other than helping us remember each other and where we were.
  • Make data collected about me available in a standard, open format.
  • Please meet my fourth-party agent, Personal.com (or whomever).

These are EmanciTerms, and there will be corresponding ones on the vendor’s side. Once they are made simple and straightforward enough, they should become normative to the point where they serve as de facto stan- dards, in practice.

Since the terms should be agreeable and can be expressed in text that code can parse, the process of arriving at agreements can be automated.

For example, when using a public wi-fi access point, a person’s EmanciTerms might say, “I will not knowingly hog this shared resource, for example, by watching high-def video on it,” or “I will not engage in illegal activities here.” If the provider of the access point has a VRM-ready service that is willing to deal with the user on his or her own EmanciTerms as well as those of the provider, it should be possible to automate the formalities and let the user bypass the usual “read and accept our agreement” ritual.

Not everything we express in the proposed ceremony here has to be one side of a binding agreement. If we express these terms as preferences or policies they can still be heard, even if they’re not agreed to. Being heard is one idea behind BiggestLie. But the cows can’t fix this on their own. We need to work both sides.

The only problem with all this is that our work is scattered. Let’s get it together.

VRM at IIW

May 9, 2012 / / 3 Comments

VRM was a hot topic at IIW last week, with at least one VRM or VRM-related breakout per session — and that was on top of the VRM workshop held at Ericsson on Monday, April 30, the day before IIW started. (Thanks to Nitin Shah and the Ericsson folks for making the time and space available, in a great facility.) Here’s a quick rundown from the #IIW14 wiki:

Tuesday, May 1, Session 1

Tuesday, May 1,Session 2

Tuesday, May 1, Session 3

Tuesday, May 1,Session 4

Tuesday, May 1,Session 5

Wednesday, May 2, Session 1

Wednesday, May 2,Session 2

Wednesday, May 2,Session 3

Wednesday, May 2,Session 4

Wednesday, May 2,Session 5

Thurssday, May 3,Sessions 1-5

On Friday, May 4, I also visited with Jeremie Miller, Jason Cavnar and the Locker Project / Singly team in San Francisco. Very impressed with what they’re up to as well.

Bonus IIW linkage:

Your actual wallet vs./+ Google’s and Apple’s

March 6, 2012 / / 2 Comments

Now comes news that Apple has been granted a patent for the iWallet. Here’s one image among many at that last link:

iwallet

Note the use of the term “rules.” Keep that word in mind. It is a Good Word.

Now look at this diagram from Phil Windley‘s Event Channels post:

event channels

Another term for personal event network is personal cloud. Phil visits this in An Operating System for Your Personal Cloud, where he says, “In contrast a personal event network is like an OS for your personal cloud. You can install apps to customize it for your purpose, it canstore and manage your personal data, and it provides generalized services through APIsthat any app can take advantage of.” One of Phil’s inventions is the Kinetic Rules Language, or KRL, and the rules engine for executing those rules, in real time. Both are open source. Using KRL you (or a programmer working for you, perhaps at a fourth party working on your behalf, can write the logic for connecting many different kinds of events on the Live Web, as Phil describes here).

What matters here is that you write your own rules. It’s your life, your relationships and your data. Yes, there are many relationships, but you’re in charge of your own stuff, and your own ends of those relationships. And you operate as  free, independent and sovereign human being. Not as a “user” inside a walled garden, where the closest thing you can get to a free market is “your choice of captor.”

Underneath your personal cloud is your personal data store (MyDex, et. al.), service (Higgins), locker (Locker Project / Singly), or vault (Personal.com). Doesn’t matter what you call it, as long as it’s yours, and you can move the data from one of these things into another, if you like, compliant with the principles Joe Andrieu lays out in his posts on data portability, transparency, self-hosting and service endpoint portability.

Into that personal cloud you should also be able to pull in, say, fitness data from Digifit and social data from any number of services, as Singly demonstrates in its App Gallery. One of those is Excessive Mapper, which pulls together checkins with Foursquare, Facebook and Twitter. I only check in with Foursquare, which gives me this (for the U.S. at least):

Excessive Mapper

The thing is, your personal cloud should be yours, not somebody else’s. It should contain your data assets. The valuable nature of personal data is what got the World Economic Forum to consider personal data an asset class of its own. To help manage this asset class (which has enormous use value, and not just sale value), a number of us (listed by Tony Fish in his post on the matter) spec’d out the Digital Asset Grid, or DAG…

DAG

… which was developed with Peter Vander Auwera and other good folks at SWIFT (and continues to evolve).

There are more pieces than that, but I want to bring this back around to where your wallet lives, in your purse or your back pocket.

Wallets are personal. They are yours. They are not Apple’s or Google’s or Microsoft’s, or any other company’s, although they contain rectangles representing relationships with various companies and organizations:

Still, the container you carry them in — your wallet — is yours. It isn’t somebody else’s.

But it’s clear, from Apple’s iWallet patent, that they want to own a thing called a wallet that lives in your phone. Does Google Wallet intend to be the same kind of thing? One might say yes, but it’s not yet clear. When Google Wallet appeared on the development horizon last May, I wrote Google Wallet and VRM. In August, when flames rose around “real names” and Google +, I wrote Circling Around Your Wallet, expanding on some of the same points.

What I still hope is that Google will want its wallet to be as open as Android, and to differentiate their wallet from Apple’s through simple openness.  But, as Dave Winer said a few days ago

Big tech companies don’t trust users, small tech companies have no choice. This is why smaller companies, like Dropbox, tend to be forces against lock-in, and big tech companies try to lock users in.

Yet that wasn’t the idea behind Android, which is why I have a degree of hope for Google Wallet. I don’t know enough yet about Apple’s iWallet; but I think it’s a safe bet that Apple’s context will be calf-cow, the architecture I wrote about here and here. (In that architecture, you’re the calf, and Apple’s the cow.) Could also be that you will have multiple wallets and a way to unify them. In fact, that’s probably the way to bet.

So, in the meantime, we should continue working on writing our own rules for our own digital assets, building constructive infrastructure that will prove out in ways that require the digital wallet-makers to adapt rather than to control.

I also invite VRM and VRooMy developers to feed me other pieces that fit in the digital assets picture, and I’ll add them to this post.

How about using the ‘No Track’ button we already have?

February 23, 2012 / / 3 Comments

left r-buttonright r-buttonFor as long as we’ve had economies, demand and supply have been attracted to each other like a pair of magnets. Ideally, they should match up evenly and produce good outcomes. But sometimes one side comes to dominate the other, with bad effects along with good ones. Such has been the case on the Web ever since it went commercial with the invention of the cookie in 1995, resulting in a calf-cow model in which the demand side — that’s you and me — plays the submissive role of mere “users,” who pretty much have to put up with whatever rules websites set on the supply side.

Consistent with Lord Acton’s axiom (“Power corrupts; absolute power corrupts absolutely”) the near absolute power of website cows over user calves has resulted in near-absolute corruption of website ethics in respect to personal privacy.

This has been a subject of productive obsession by Julia Anguin and her team of reporters at The Wall Street Journal, which have been producing the What They Know series (shortcut: http://wsj.com/wtk) since July 30, 2010, when Julia by-lined The Web’s New Gold Mine: Your Secrets. The next day I called that piece a turning point. And I still believe that.

Today came another one, again in the Journal, in Julia’s latest, titled Web Firms to Adopt ‘No Track’ Button. She begins,

A coalition of Internet giants including Google Inc. has agreed to support a do-not-track button to be embedded in most Web browsers—a move that the industry had been resisting for more than a year.

The reversal is being announced as part of the White House’s call for Congress to pass a “privacy bill of rights,” that will give people greater control over the personal data collected about them.

The long White House press release headline reads,

We Can’t Wait: Obama Administration Unveils Blueprint for a “Privacy Bill of Rights” to Protect Consumers Online

Internet Advertising Networks Announces Commitment to “Do-Not-Track” Technology to Allow Consumers to Control Online Tracking

Obviously, government and industry have been working together on this one. Which is good, as far as it goes. Toward that point, Julia adds,

The new do-not-track button isn’t going to stop all Web tracking. The companies have agreed to stop using the data about people’s Web browsing habits to customize ads, and have agreed not to use the data for employment, credit, health-care or insurance purposes. But the data can still be used for some purposes such as “market research” and “product development” and can still be obtained by law enforcement officers.

The do-not-track button also wouldn’t block companies such as Facebook Inc. from tracking their members through “Like” buttons and other functions.

“It’s a good start,” said Christopher Calabrese, legislative counsel at the American Civil Liberties Union. “But we want you to be able to not be tracked at all if you so choose.”

In the New York Times’ White House, Consumers in Mind, Offers Online Privacy Guidelines Edward Wyatt writes,

The framework for a new privacy code moves electronic commerce closer to a one-click, one-touch process by which users can tell Internet companies whether they want their online activity tracked.

Much remains to be done before consumers can click on a button in their Web browser to set their privacy standards. Congress will probably have to write legislation governing the collection and use of personal data, officials said, something that is unlikely to occur this year. And the companies that make browsers — Google, Microsoft, Apple and others — will have to agree to the new standards.

No they won’t. Buttons can be plug-ins to existing browsers. And work has already been done. VRM developers are on the case, and their ranks are growing. We have dozens of developers (at that last link) working on equipping both the demand and the supply side with tools for engaging as independent and respectful parties. In fact we already have a button that can say “Don’t track me,” plus much more — for both sides. Its calle the R-button, and it looks like this: ⊂ ⊃. (And yes, those symbols are real characters. Took a long time to find them, but they do exist.)

Yours — the user’s — is on the left. The website’s is on the right. On a browser it might look like this:

r-button in a browser

Underneath both those buttons can go many things, including preferences, policies, terms, offers, or anything else — on both sides. One of those terms can be “do not track me.” It might point to a fourth party (see explanations here and here) which, on behalf of the user or customer, maintains settings that control sharing of personal data, including the conditions that must be met. A number of development projects and companies are already on this case. All the above falls into a category we call EmanciTerm. Much has been happening as well around personal data stores (PDSes), also called “lockers,” “services” and “vaults.” These include:

Three of those are in the U.S., one in Austria, one in France, one in South Africa, and three in the U.K. (All helping drive the Midata project by the U.K. government, by the way.) And those are just companies with PDSes. There are many others working on allied technologies, standards, protocols and much more. They’re all just flying below media radar because media like to look at what big suppliers and governments are doing. Speaking of which… 🙂

Here’s Julia again:

Google is expected to enable do-not-track in its Chrome Web browser by the end of this year.

Susan Wojcicki, senior vice president of advertising at Google, said the company is pleased to join “a broad industry agreement to respect the ‘Do Not Track’ header in a consistent and meaningful way that offers users choice and clearly explained browser controls.”

White House Deputy Chief Technology Officer Daniel Weitzner said the do-not-track option should clear up confusion among consumers who “think they are expressing a preference and it ends up, for a set of technical reasons, that they are not.”

Some critics said the industry’s move could throw a wrench in a separate year-long effort by the World Wide Web consortium to set an international standard for do-not-track. But Mr. Ingis said he hopes the consortium could “build off of” the industry’s approach.

So here’s an invitation to the White House, Google, the 3wC, interested BigCos (including CRM companies), developers of all sizes and journalists who are interested in building out genuine and cooperative relationships between demand and supply::::

Join us at IIW — the Internet Identity Workshop — in Mountain View, May 1-3. This is the unconference where developers and other helpful parties gather to talk things over and move development forward. No speakers, no panels, no BS. Just good conversation and productive work. It’s our fourteenth one, and they’ve all been highly productive.

As for the r-button, take it and run with it. It’s there for the development. It’s meaningful. We’re past square one. We’d love to have all the participation we can get, from the big guys as well as the little ones listed above and here.

To help get your thinking started, visit this presentation of one r-button scenario, by Adam Marcus of MIT. Here’s another view of the same work, which came of of a Google Summer of Code project through ProjectVRM and the Berkman Center:

(Props to Oshani Seneviratne and David Karger, also both of MIT, and Ahmad Bakhiet, of Kings College London, for work on that project.)

If we leave fixing the calf-cow problem entirely up to the BigCos and BigGov, it won’t get fixed. We have to work from the demand side as well. In economies, customers are the 100%.

Here are some other stories, mostly gathered by Zemanta:

All look at the symptoms, and supply-side cures. Time for the demand side to demand answers from itself. Fortunately, we’ve been listening, and the answers are coming.

Oh, and by the way, Mozilla has been offering “do not track” for a long time. Other tools are also available:

Agency

July 27, 2011 / / 1 Comment

Agency, by its original meaning, is the ability to act independently, and with one’s own will. It derives from the Latin agere, which means to do. More recently it has come to mean a person or company acting on our behalf: an agent. A fiduciary is a step beyond: one we hold in trust, either ethically or legally, or both. It derives from fiduci, the Latin word for trust.

To have agency one must be independent and sovereign. We have that in some contexts, but not in the marketplace, and not in our relationship to governments, or even to our school systems. Ever since Industry won the Industrial Revolution, individual independence and sovereignty has been severely reduced. If you don’t believe that, think about how much choice you really have, the next time you click “accept” to an agreement that isn’t, from a company that sets all the terms, one of which is reserving the right to change those terms whenever it pleases. Also bear in mind that this has been so normative, so pro forma, for so long, that we take this ubiquitous and unavoidable form of utter subordination as a fact as binding as gravity—even though it isn’t, and shouldn’t be, in the Internet Age.

Moxy Tongue (aka @NZN) puts all this on the table with VRM Hopes. It’s a long and thoughtful post, and in it Moxy issues a challenge to VRooMers:

If we want to change the structure of power in this world, we must begin by changing the structure of work. A 1st party customer is systemically motivated in a circular process to function as a W2 worker-customer. Our public schools enforce this model. Our government policies enforce this model. Real world needs enforce this model.

There should not be a time in the life of a Human being when they cede their personal power to a corporate shell without personal accountability remaining intact. The negative consequences of this current structural flaw are real and pervasive across the whole of our species existence as a socio-economic organism.

We must confront the nature of socio-economics. Freedom is not the highest ideal in a socio-economic Universe. Ownership trumps freedom everyday, in a million different ways. For Human babies to be born and structured as anything other than OWNER_ENTREPRENEUR by default, is a direct afront on the freedom and liberty of Individual Human beings. In this digital dataverse that is now taking shape and taking over the whole of our socio-economic model, we can not afford to misappropriate power, defined within the IDENTITY of every Individual life, any longer. We are introducing our young to a forced model of data-enslavement that is unsustainable. This can not remain a high-minded conversation. Humans make slaves of themselves all too easily. Leadership is required to create change and to protect the integrity of what it means to be an Individual Human.

I call on the VRM community to confront these ideas directly, to put a priority on addressing the base structure of socio-economic participation so that we can move towards a healhty and fruitful market relationship between 1st, 2nd, 3rd and 4th parties and the services they enable. It will be impossible to fix the structural flaws inherent in market transactions without first addressing the strucutral flaws found in your personal IDENTITY and its correlated activities.

You must be an OWNER_ENTREPRENEUR by default in this world. Your IDENTITY must be SOVEREIGN by design, meaning that its point of origin must be accurately conveyed administratively. And the power that you give to the “We the People” construct must deploy this sovereignty from its inception through the same willful act afforded the founders of this nation via a sovereign signatory.

On that foundation… a VRM future is possible. And no other.

While I have been involved in countless digital identity workshops, conferences and development efforts for more than ten years, I have tried with VRM to move both development and conversation outside the identity sphere. Three reasons:

  1. To make sure VRM is not understood as a suburb or a subset of identity.
  2. Because I believe some kinds of VRM development will obviate some of the problems we’ve experienced with (or addressed through) identity development. For example, by working out agreement terms that the individual asserts.
  3. Because I don’t think we need to solve identity problems as a precondition for solving VRM ones (partly because I also believe that, if we do, we may end up waiting forever).

Reading Moxy’s piece, I find myself wondering if sovereignty and identity are the same thing. Not sure if he’s saying that, but it seems so. Even if it is, I’m not sure solving identity issues first is the only way to go, even if that’s where we end up. In any case, my mind isn’t made up about it.

I do agree with Moxy that we acquiescence to a kind of slavery, and I laid out much of my thinking about that in A sense of bewronging, to which Moxy links in his piece. And Moxy is right that this problem extends even to our schools.

As for leadership on this front, I believe what we need is code. As Craig Burton puts it, “Code talks, and talk walks.” Code is the means to our ends. We need inventions that mother the necessities of independence, sovereignty and agency — both personal and fiduciary. Without code, we’re just talking. That’s why, from my own leadership position with ProjectVRM, I’ve pushed development first.

Of course we should keep talking in the meantime, but we also need to keep writing the code. Many of us have indeed been doing that, and I expect we’ll start seeing some dramatic results, over the next few months.

Meanwhile, I invite more responses to Moxy’s challenge.

 

Enhanced by Zemanta

Personal leverage for personal data

April 28, 2011 / / 4 Comments

VRM is starting to snowball. You can see it in the Twitter scroll there on the right, and in Twitter searches for #VRM. Gaining velocity lately is personal data. To look down that vector, I’ll connect several links.

The first is Show Us the Data. (It’s Ours, After All), by Richard H. Thaler in the . The gist:

The collection and dissemination of this information raises a host of privacy issues, of course, and the bipartisan team of Senators John Kerry and John McCain has proposed what it is calling the Commercial Privacy Bill of Rights to deal with many of them. Protecting our privacy is important, but the senators’ approach doesn’t tackle a broader issue: It doesn’t include the right to access data about ourselves. Not only should our data be secure; it should also be available for us to use for our own purposes. After all, it is our data.

Here is a guiding principle: If a business collects data on consumers electronically, it should provide them with a version of that data that is easy to download and export to another Web site. Think of it this way: you have lent the company your data, and you’d like a copy for your own use.

This month in Britain, the government announced an initiative along these lines called “mydata.” (I was an adviser on this project.) Although British law already requires companies to provide consumers with usage information, this program is aimed at providing the data in a computer-friendly way. The government is working with several leading banks, credit card issuers, mobile calling providers and retailers to get things started.

Here’s the long-form .pdf on mydata. What’s most important about it, especially for U.S. domestic purposes, is that its case is not just for protective legislation to keep customers safe from abuse by big bad companies, but for empowering customers in the marketplace. (When you dig into his work you see that this is Thaler’s case as well.) In this respect, mydata is a very VRM-ish move. But then, the U.K. government has been pro-VRM for awhile now. (Somewhere around here I have a link to a speech by a U.K. official that names VRM specifically. If it shows up, I’ll put it here.)

The good people at Ctrl-SHIFT, a U.K. company that’s highly active in the VRM movement, explains the mydata initiative:

The announcement is a first on two fronts:

1) Its ‘mydata’ programme encourages companies to release data they hold about individuals back to them, so that they can use this data for their own purposes. This is the first major Government initiative, globally, towards a changed personal data consensus: personal data is a personal asset, and individuals should have the right and ability to manage and use this asset to pursue their own goals.

2) The Government programme is also the first official recognition that there is a market for decision-making services (or ‘choice tools’ in Government parlance) that operates independently of existing markets for products and services – the market for what we call Personal Information Management Services (PIMS).

Want to know more?

Do you want to join your peers in debating this initiative and related issues? If so, then join our new Explorers Club on May 12 (in central London). It’s got a packed agenda including slots on both the Government’s new mydata initiative and on PIMS.

They also have a briefing paper on the topic.

Meanwhile, here in the U.S. we’ve been  focused more on prophylaxis than empowerment, at least at the federal level. This is a problem with our obsession with privacy as an issue in itself. Focus on privacy alone, and conversation inevitably veers toward policy. What new laws and regulations do we need to protect ourselves? we ask. That may be a good question, but it ignores answers that are already coming from the marketplace — answers that see today’s privacy problems as secondary effects of market dysfunction, and which pursue opportunities that marginalize and obsolete today’s privacy-threatening business practices.

Rex Hammock deals with this in his post, VRM: I’ll show you mine if you’ll show me yours, which begins with a response to the same NYTimes piece:

…the examples of initiatives the writer points to may lead the reader to believe that government-led initiatives are the best route to take. That may be the best route one day, if companies don’t, themselves, join in the types of initiatives Project VRM is trying to foster.

However, it is important to recognize there are lots of startups, non-profits, academic and open source / grassroots (note: where I’ll place my bets) and even big-company initiatives in this arena, as well. It is also important to note that this issue is not something that sprang forth last week: For as long as I can remember, there have been those who embrace the internet, but who believe relationships (and identity) should belong to the users and buyers, not just hosts and sellers.

I will be writing more on this topic in the future. I just wanted to post this to alert people that the next big thing is not going to be about what others are doing to collect your data and lock you into their data-protectorates. The next big thing is going to be about you having better ways to access and use the relationships and data that belong to you, in ways that recognizes that markets are conversations — not plantations.

That last link is mine, pointing to an earlier post that unpacks the agricultural metaphor behind Rex’s point.

In vrm, fourth party and the empowered consumer, Gam Das gives a terrific example of VRM’s potential for radically improving the way markets work:

What appears to be missing is a service where vendors (manufacturers and retailers) are able to locate individuals looking for products that they might supply. Service Magic and Elance allow seekers to find providers in the Service space, yet nothing really exists yet in the consumer-product space.

vrm and the fourth party

The Fourth Party is a concept that has emerged from the VRM movement – it proposes a fourth party that acts on behalf of the Customer in the same way that a Third Party acts on behalf of the Vendor. If the Vendors are the hotel chains, airlines and car rental companies, then the third parties are ExpediaOrbitz andTravelocity and a fourth party might be the “agent” that negotiates with the travel aggregators to find the best deal.

The advantages to the customer of a four party system are huge and easily understandable. Booking my recent trip to Las Vegas involved a large number of parameters (flight times, airline options, hotel locations and star ratings, car rental companies and car sizes and above all the price parameters) – booking the trip took 3 hours and ended up with a deal for flight and hotel from Expedia and car from Hotwire. If there had been a service to whom I could have sent all the parameters and have them take care of it, then I would have paid for that and they would have probably got me a better deal if they do it all the time.

But wait… I remember a service like that from when I was a child, I think we called it a ‘Travel Agent’. But didn’t they become extinct a few years ago? Perhaps it’s time for them to re-emerge, but not only booking travel, but also handling all sorts of complex requirements, particularly bundles of goods and services. If enough people were able to publish their requests for things and there was a fee involved in finding a solution, a human outsource agent model is likely to emerge – something like the Dedicated Assistant service.

The fourth party also gets around the problem faced by Aggregators (such asKelkoo and Nextag) – to ensure that the consumer is presented with all the offers available. With a fourth party, their value will be to ensure this.

the future state

Once this starts to scale and requests are in millions and billions, then eventually the dedicated assistants will need to be augmented with more automated service that respond faster and are perhaps able to bid at auctions or take advantage of limited time / quantity deals, then my belief is that we will see Agent Technology doing our bidding online. I’ll be watching this space closely for many reasons.

Fourth parties are just one of the many VRM topics being tee’d up for IIW in Mountain View next week. It’s also one of the reasons why for the first time we’re inviting investors along with developers, journalists and other usual suspects. (The Ctrl-SHIFT people and Gam will be there, by the way, as will I.)

By the way, I wish I had involved myself in the ‘s this week (hard to do everything while writing a book), because (one of those potential IIW topics, above) would have been a great candidate for the new business model contest. (It got through two rounds of the Knight News Challenge, for whatever that’s worth.) In any case, I highly recommend reading for the event. Here’s an idea to keep in mind: Once customers start driving the music industry bus, that industry will be much bigger than it ever was when the labels drove the thing.

And to loop back to the topic of this post, note the collection of entities in the Personal Data Ecosystem, which will also be well-represented at IIW next week.

Pushing for Pull and the Open Web

December 6, 2010 / / 3 Comments

The Open Web Movement: A Call to Action, is the latest from . He writes,

The companies with the most market share – Apple, Google, Facebook – want to “own the customer” by trapping them. And the media is buying the crack they are selling. Each of these companies has its own way of doing it, but in an important way, they are all closed systems that have a huge impact on the way we work, network, discover, and play. Facebook is the biggest threat. They want to rebuild the entire Web inside their web site, with “like” tags pointing inward, drawing more and more traffic to Facebook.com. I recently learned that vitaminwater.com resolves to Facebook.com/vitaminwater – they have just thrown in the towel and gone to Facebook, because on Facebook they can better identify their visitors, and it’s easier for people to sign up and participate. This is a bad sign. If things go much more in this direction, all the innovation and productivity increases will be brought to us by Facebook’s marketing department. Or not.

His call to action is up the VRM alley:

This Movement Needs a Framework
We have a legal framework evolving at places like Creative CommonsData Portability, the Open Rights GroupOASIS, and the Open Web Foundation. That’s great. We have standards evolving at W3C, ISO, and OpenGroup. But we still don’t have an architecture for the personal data locker, and we need one. What I mean is that all startups working on some aspect of personal data should be working on a part of the overall end solution – similar to different countries working to build the International Space Station, bit by bit. The best thing we have so far is PersonalDataEcosystem.org, a dedicated group of people from the identity and VRM worlds. They are on the right track, but they need help. For starters, we need a framework for how all the pieces are going to fit together. This may be unprecedented, but I think it’s necessary. It’s as though The Emperor and Darth Vader are building their own space station, and the people of the world are behind in building theirs. Put simply: we aren’t working together enough. We don’t have the traction we need to build what Hagel and Seely Brown call a “shaping strategy,” much less a “shaping platform.” The framework for the personal data locker must show how we will:

  • manage our identities
  • manage our belongings
  • manage vendors
  • establish a universal timeline
  • manage location and life log data
  • manage personal data (finance, health care, career, etc)
  • manage  security and permissions
  • connect to friends and colleagues
  • form groups
  • send messages
  • link data
  • protect privacy
  • build interoperability into everything
  • add services on an ad-hoc basis

The Personal Data Ecosystem is the best thing we have at the moment. Let’s give them our attention, our time, our energy. And, most important, let’s get the word out that they exist. Please tweet and blog to anyone you can reach. Tell them it’s important. Tell them if they want to live free, they need to help us build that future.

We’ve been talking with David about some new stuff around the next IIW, in May. Maybe we should do something between now and then, either as a standalone event, or added to something already going on. Since Kaliya is a driving force behind the Personal Data Ecosystem as well as IIW, she might want to weigh in here.

Meanwhile, get your hands on the two Pull books David mentions: David’s Pull, and John Hegel and John Seely Brown’s The Power of Pull.

Awake at the wheels

November 24, 2010 / / 3 Comments

A year ago, at VRooM Boston 2009, , founder and CTO of Zeo — the hot new sleep fitness company — visited questions  about who owns and controlled personal data. Was the sleep data you produce as a customer entirely Zeo’s? Was it yours? Both? Neither? What right should anybody have to use it, and under what conditions?

These kinds of questions aren’t easily answered at a time when mining and selling personal data has turned into a white-hot industry, whether people like it or not. Data about individuals is also easy to rationalize as a corporate asset: something that makes the company itself more valuable.

Since then answers have begun to sort themselves out.

First came Brian, the Cornell student who writes, “I hacked Zeo. And I got paid for it.” Specifically,

I opened Zeo up, soldered to the lines that drive the display, and got my sleep phase output to my PC in real-time! This generated substantial interest from Zeo – and Ben Rubin (Zeo CTO) and I began our discussion on hacking, open source, and Zeo. I was thrilled when I learned that part of my summer would be interning for Zeo creating official ways to get at Zeo data!

Then this month Ben wrote,

Remember everyone’s favorite Zeo-hacker-turned-intern, Brian?

This summer, Brian produced two amazing projects for Zeo: the first – the Zeo Data Decoder – allows you to get at your sleep data without uploading it. The second (the main course, if you will) is the Zeo Raw Data Library.

Use Your Brain

The Zeo Raw Data Library uses the serial port on the back of Zeo (you were wondering about that unused port, weren’t you) to pump out two very cool things:

  • Your sleep phase in real time (Wake, REM, Light, Deep every 30 seconds)
  • Your brainwaves!

We hope developers will use the Raw Data Library for cool applications.  Need some ideas?

  • Build a lucid dreaming application that triggers a light or sound when a user enters REM sleep.
  • Wake yourself during REM in the middle of the night and keep a sweet sleep journal.
  • Use brainwaves for cool Brain Computer Interface projects while you are awake.  For inspiration check out interAxon.
  • Visualize your brainwaves while awake for bio-feedback applications like concentration or relaxation.

How do I get my hands on it?!?

Calm down and step away from the brainwave detector…

You can get the documentation, the library to read the RDL, and an example sleep stage and brainwave visualizer over on sourceforge.  Yup; we decided to open source all of that stuff, so feel free to hack/modify to your needs (and share if you like!).  The special firmware (2.6.3R) needed to run the RDL is over here after you fill out a simple form.

We encourage people who are using the RDL to jump on the forums and discuss it.  People are already using the RDL to optimize polyphasic sleep naps and help them lucid dream with Zeo.  Please use the forums for support and also feel free to email us at DeveloperRelations@myZeo.com.  We’ll also do our best to help troubleshoot, but remember that this is an alpha release so there may be bugs.

The Future is Open Wide

We released the Zeo Raw Data Library because

  • It’s your data–we want you to be free to use it any way you like
  • We are really excited to see what people develop that ends up helping others get a better night’s rest

Please let us know what you think in the comments on on the forums.  Hack away!

I just had to post that whole passage because it’s so completely cool.

Next is combinatorial API fun. From Ben’s latest, All Together Now: Zeo Integrates with Digifit,

Where Sleep Quality meets Fitness and Weight

Zeo is proud to announce the first partner using ZQ outside of our own web application:  The Digifit Dashboard for Healthy LivingSM iPhone app.  Digifit is the only Healthcare and Fitness app for the iPhone that integrates heart rate monitoring for tracking cardio fitness. We’re pretty sure Columbus from Zombieland would be happy with this — his #1 Rule for a Zombified America is Cardio!

Now with the new Digifit Dashboard for Healthy Living SM ,users can also track their weight and sleep (using the Withings WiFi Body Scale and Zeo) and see them conveniently within the Digifit dashboard.  We think Digifit founder says it best:

Withings and Zeo are leading edge pioneers in the industry and we are thrilled to partner with them. With the latest upgrade, our Digifit app completes the health triad puzzle by ‘automagically’ tracking the three most important influences on one’s health: exercise, weight and sleep. We do indeed have it All Together Now.

This is close to home for me, because I’m just starting to get into serious fitness work, which started with my Withings scale. Gotta get a Zeo thing now. (Like the one above.) And Digifit.

Ben again:

This is Just the Beginning

Digifit is the first partner to leverage our soon-to-be-released Web API, which allows data from Zeo to flow out to any internet connected service that wants to leverage the power of sleep quality.  We’ll continue to partner with organizations working in athletics, nutrition, general health, and more to help their users leverage the power of sleep fully so stay tuned!

For more on API jazz, follow . I especially like his Prezi here. Gets you thinking about bi-directional or “full duplex” APIs. This tutorial shows how to do context automation with KRL webhooks and the API.

Do we have to “trade off” privacy?

September 19, 2010 / / 14 Comments

Look up privacy trade-offs and you’ll get more than 150,000,000 results. The assumption in many of those is that privacy is something one can (and often should) trade away. Also that privacy trading is mostly done with marketers and advertisers, the most energetic of which take advantage of social media such as and .

I don’t think this has to be so.

One example of a trade-off story is this one on public radio’s Marketplace program, which I heard this evening. It begins with the case of Shea Sylvia, a FourSquare user who got creeped out by an unwelcome call from a follower who knew her location. Marketplace’s Sally Herships says,

There are millions of Sylvias out there, giving away their private information for social reasons. More and more, they’re also trading it in for financial benefits, like coupons and discounts. Social shopping websites like Blippy and Swipely let shoppers post about what they buy. But first they turn over the logins to their e-mail accounts or their credit card numbers, so their purchases can be tracked online.

Later, there’s this (the voice is Herships again):

Alessandro Acquisti researches the economics of privacy at Carnegie Mellon, and he says the value we put on privacy can easily shift. In other words, if giving away your credit card information or even your location in return for a discount or a deal seems normal, it must be OK.

ALESSANDRO ACQUISTI: Five years ago, if someone told you that there’d be lots of people going online to show, to share with strangers their credit card purchases, you probably would have been surprised, you probably would thought, “No, I can’t believe this. I wouldn’t have believed this.”

But Acquisti says, when new technologies are presented as the norm, people accept them that way. Like social shopping websites.

HERSHIPS: So the more we use sites like Blippy, the more we’ll use sites like Blippy?

ACQUISTI: Or Blippy 2.0.

Which Acquisti says will probably be even more invasive, because as time passes, we’re going to care less and less about privacy.

Back in Kansas City Shea Sylvia is feeling both better and worse. She thinks the phone call she got that night at the restaurant was probably a prank. But it was a wake up call.

What we’re dealing with here is an evanescent norm. A fashion. A craze. I’ve indulged in it myself with FourSquare, and at one point was the “mayor” of ten different places, including the #77 bus on Mass Ave in Cambridge. (In fact, I created that location.) Gradually I came to believe that it wasn’t worth the hassle of “checking in” all over the place, and was worth nothing to know Sally was at the airport, or Bill was teaching a class, or Mary was bored waiting in some check-out line, much as I might like all those people. The only time FourSquare came in handy was when a friend intercepted me on my way out of a stop in downtown Boston, and even then it felt strange.

The idea, I am sure, is that FourSquare comes to serve as a huge central clearing house for contacts between companies selling stuff and potential buyers (that’s you and me) wandering about the world. But is knowing that a near-infinite number of sellers can zero in on you at any time a Good Thing? And is the assumption that we’re out there buying stuff all the time not so wrong as to be insane?

Remember that we’re the product being sold to advertisers. The fact that our friends may be helping us out might be cool, but is that the ideal way to route our demand to supply? Or is it just one that’s fun at the moment but in the long term will produce a few hits but a lot of misses—some of which might be very personal, as was the case with Shea Silvia? (Of course I might be wrong about both assumptions. What I’m right about is that FourSquare’s business model will be based on what they get from sellers, not from you or me.)

The issue here isn’t how much our privacy is worth to the advertising mills of the world, or to intermediaries like FourSquare. It’s how we maintain and control our privacy, which is essentially priceless—even if millions of us give it away for trinkets or less. Privacy is deeply tied with who we are as human beings in the world. To be fully human is to be in control of one’s self, including the spaces we occupy.

An excellent summary of our current privacy challenge is this report by Joy L. Pitts (developed as part of health sciences policy development process at the Institute of Medicine, the health arm of the National Academy of Sciences). It sets context with these two quotes:

“The makers of the Constitution conferred the most comprehensive of rights and the right most valued by all civilized men—the right to be let alone.”

—Justice Louis Brandeis (1928)

“You already have zero privacy anyway. Get over it.”

—Scott McNealy, Chairman and CEO of Sun Microsystems (1999)

And, in the midst of a long, thoughtful and well-developed case, it says this (I’ve dropped the footnotes, which are many):

Privacy has deep historical roots. References to a private domain, the private or domestic sphere of family, as distinct from the public sphere, have existed since the days of ancient Greece.  Indeed, the English words “private” and “privacy” are derived from the Latin privatus, meaning “restricted to the use of a particular person; peculiar to oneself, one who holds no public office.” Systematic evaluations of the concept of privacy, however, are often said to have begun with the 1890 Samuel Warren and Louis Brandeis article, “The Right of Privacy,” in which the authors examined the law’s effectiveness in protecting privacy against the invasiveness of new technology and business practices (photography, other mechanical devices and newspaper enterprises). The authors, perhaps presciently, expressed concern that modern innovations had “invaded the sacred precincts of private and domestic life; and . . . threatened to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.’” They equated the right of privacy with “the right to be let alone” from these outside intrusions.

Since then, the scholarly literature prescribing ideal definitions of privacy has been “extensive and inconclusive.” While many different models of privacy have been developed, they generally incorporate concepts of:

  • Solitude (being alone)
  • Seclusion (having limited contact with others)
  • Anonymity (being in a group or in public, but not having one’s name or identity known to others; not being the subject of others’ attention)
  • Secrecy or reserve (information being withheld or inaccessible to others)

In essence, privacy has to do with having or being in one’s own space.

Some describe privacy as a state or sphere where others do not have access to a person, their information, or their identity. Others focus on the ability of an individual to control who may have access to or intrude on that sphere. Alan Westin, for example, considered by some to be the “father” of contemporary privacy thought, defines privacy as “the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.” Privacy can also be seen as encompassing an individual’s right to control the quality of information they share with others.

In the context of personal information, concepts of privacy are closely intertwined with those of confidentiality and security. Privacy addresses “the question of what personal information should be collected or stored at all for a given function.” In contrast, confidentiality addresses the issue of how personal data that has been collected for one approved purpose may be held and used by the organization that collected it, what other secondary or further uses may be made of it, and when the permission of the individual is required for such uses.Unauthorized or inadvertent disclosures of data are breaches of confidentiality. Informational security is the administrative and technological infrastructure that limits unauthorized access to information. When someone hacks into a computer system, there is a breach of security (and also potentially, a breach of confidentiality). In common parlance, the term privacy is often used to encompass all three of these concepts.

Take any one of these meanings, or understandings, and be assured that it is ignored or violated in practice by large parts of today’s online advertising business—for one simple reason (I got from long ago): Individuals have no independent status on the Web. Instead we have dependent status. Our relationships (and we have many) are all defined by the entities with which we choose to relate via the Web. All those dependencies are silo’d in the systems of sellers, schools, churches, government agencies, social media, associations, whatever. You name it. You have to deal with all of them separately, on their terms, and in their spaces. Those spaces are not your spaces. (Even if they’re in a place called . Isn’t it weird to have somebody else using the first person possessive pronoun for you? It will be interesting to see how retro that will seem after it goes out of fashion.)

What I’m saying here is that, on the Web, we do all our privacy-trading in contexts that are not out in the open marketplace, much less in our own private spaces (by any of the above definitions). They’re all in closed private spaces owned by the other party—where none of the rules, none of the terms of engagement, are yours. In other words, these places can’t be private, in the sense that you control them. You don’t. And in nearly all cases (at least here in the U.S.), your “agreements” with these silos are contracts of adhesion that you can’t break or change, but the other party can—and often does.

These contexts have been so normative, for so long, that we can hardly imagine anything else, even though we have that “else” out here in the physical world. We live and sleep and travel and get along in the physical world with a well-developed understanding of what’s mine, what’s yours, what’s ours, and what’s none of those. That’s because we have an equally well-developed understanding of bounded spaces. These differ by culture. In her wonderful book , Polly Platt writes about how French —comfortable distances from others—are smaller than those of Americans. The French feel more comfortable getting close, and bump into each other more in streets, while Americans tend to want more personal space, and spread out far more when they sit. Whether she’s right about that or not, we actually have personal spaces on Earth. We don’t on the Web, and in Web’d spaces provided by others. (The Net includes more than the Web, but let’s not get into that here. The Web is big enough.)

So one reason that privacy trading is so normative is that dependency requires it. We have to trade it, if that’s what the sites we use want, regardless of how they use whatever we trade away.

The only way we can get past this problem (and it is a very real one) is to create personal spaces on the Web. Ones that we own and control. Ones where we set the terms of engagement. Ones where we decide what’s private and what’s not.

In the VRM development community we have a number of different projects and companies working on exactly this challenge.  is pure open source and has a self-explanatory name. Others (, and others) are open in many ways as well, and are working together to create (or put to use) common code, standards, protocols, terminologies and other conventions on which all of us can build privacy-supporting solutions. You’ll find links to some of the people involved in those efforts (among others) in Personal Data Stores, Exchanges, and Applications, a new post by  (of Switchbook). There’s also the One example is the and at . (For more context on that, check out Iain Henderson’s unpacking of the .) There’s also our own work at ProjectVRM and , which has lately centered on developing -like legal tools for both individuals and companies.  What matters most here is that a bunch of good developers are working on creating spaces online that are as natural, human, personal—and under personal control—as the ones we enjoy offline.

Once we have those, the need for privacy trade-offs won’t end. But they will begin to make the same kind of down-to-Earth sense they do in the physical world. And that will be a huge leap forward.

Newer posts »

© 2024 ProjectVRM

Theme by Anders NorenUp ↑