The Intention Economy subtitle. It’s the whole thing, right there.
A recent post by Simon Taylor on X expresses something important about AI agents and markets: if an AI agent arrives in a market with a clear mandate—
Get me X. Budget Y. Constraints Z.
—it obsolesces business-as-usual for digital marketing.
See, all of martech and adtech starts with the assumption that human intent is fuzzy and manipulable—and that the best customers are captive and manipulated. Let’s look at this from three angles, which are also the three things that happen in markets:
transactions
conversations
relationships.
On the transaction side, companies invest heavily in tracking people, analyzing their behavior, targeting ads at them, and then (in many cases) rationalizing extremely wasteful results. Plus, of course, discounting or ignoring boundless negative externalities, such as the annoying people to new extremes and massively abusing personal privacy. (In fact, the system treats absent personal privacy as a base feature.) Anyway, the entire surveillance-based advertising fecosystem exists to guess what people want, or to influence what they might want.
What many of us, including Simon Taylor, suggest is facilitating conversation through AI agents. Simon’s case, specifically, is that an agent representing a person doesn’t need to be guessed at. It already knows the user’s intent. So there is no attention to capture and no desire to manufacture or manipulate. The demand signal is clear from the start. That’s why he says agents can collapse the attention economy.
The underlying shift in this direction has been visible for a long time. In The Intention Economy: When Customers Take Charge (Harvard Business Review Press, 2012), I argued that markets work best when customers drive them with clear signals of demand, rather than when sellers try to infer demand through surveillance and unwelcome persuasion. I also said markets can be far richer and more vital when customers and companies operate as equals, with relationships based on mutual interest rather than forms of coercion (such as “loyalty” programs that aren’t).
Instead of companies managing relationships with customers through CRM (Customer Relationship Management) systems, we need customers able to manage relationships with vendors through VRM (Vendor Relationship Management) tools.
Note that relationship is the middle name of both CRM and VRM. Markets are not just about transactions. They are about relationships that continue over time.
That’s why a working intention economy will involve far more than simple buying transactions.
As Esteban Kolsky once put it, companies often focus almost entirely on the “buy cycle.” But customers live mostly in the “own cycle”—the long period of using, maintaining, fixing, improving, and learning from the products and services they already have:
In an intention economy, intelligence about that experience flows both ways between customers and companies. I wrote about this recently here:
VRM has long described one key mechanism for this: intentcasting, where customers signal their needs directly to the market rather than being targeted by guesses and ads.
Agents may make this far more feasible than it was when we first started talking about VRM nearly two decades ago.
But there’s an important point that often gets missed in current AI discussions.
The agency that matters most is the person’s, not the agent’s.
A personal AI agent is an instrument—like a phone, a computer, or a car. It acts on behalf of the individual, but the intention behind it must be the person’s own.
And that leads to another requirement:
The only truly personal agents will be owned and operated by individuals.
We don’t have that yet.
What we have instead are assistants that live inside corporate systems—helpful, sometimes impressive, but ultimately operating within feudal structures run by very large companies.
They are, at best, friendly suction cups on the tentacles of giants.
Individuals may well rent or borrow AI models from those giants. But the agents that represent us should operate inside our own environments, in our exclusive interest, rather than inside corporate systems whose interests may diverge from ours.
In other words, our agents should live in our own castles, not inside someone else’s kingdom.
When that happens—when individuals can show up in markets through tools they control—then the deeper shift becomes possible: from guesswork based on surveillance of captive customers to servicing self-qualified leads from free customers in the open marketplace.
Markets then begin to work the way markets are supposed to work: with demand and supply meeting in the open, in relationships that can last far beyond a single transaction.
This is also where work like MyTerms and the emerging ecosystem around personal AI becomes important. If individuals are to operate in markets through their own agents, those agents need ways to assert the person’s terms, preferences, and boundaries in forms that other systems can recognize and respect.
That is the direction VRM has been pointing for nearly twenty years: toward a world where individuals can arrive in markets with their own tools, their own data, and their own terms—and where markets can finally listen.
When that happens, markets will stop guessing what customers want—and start hearing them.
[Later… I actually wrote this post about a month ago, and put off publishing it while I worked on other things. Meanwhile, Adrian Gropper posted A Fork in the Road, which is required reading. I thank him for reminding me in the comments below, and for being a founding participant in ProjectVRM—going back to our earliest meetings almost 20 years ago.]
The Google and Microsoft initiatives would give much more control to individuals, a trend many health experts see as inevitable. “Patients will ultimately be the stewards of their own information,” said John D. Halamka, a doctor and the chief information officer of the Harvard Medical School.
The initiatives were Google Health and Microsoft Healthvault. Never mind why they died. Those links will tell you. What matters more is what I said way back then: The key, as with all VRM projects, is that the solution needs to be anchored on the customer side — in this case the patient side — of the relationship.
As it happens, Adrian Gropper, techie and MD, was on this case long before Google and Microsoft showed up to waste $billions failing to solve a problem they could only compound. And he’s still at it, with HIE of One and related efforts. Here is his Substack. These subjects will be on the floor at VRM Day and IIW later this month. VRM for healthcare will save the world $billions, in addition to countless lives.
There is no organisation on Earth with a more audacious purpose than this one:
From Customer Commons’ current index page.
This isn’t shooting for the Moon. It’s shooting for the whole world of business.
What Customer Commons wants to restore isn’t just what was lost when the Internet got real. (For example, privacy.) Customer Commons also wants to restore personal agency that was lost when Industry won the Industrial Revolution. That’s when jobs replaced work, labour replaced teams, and customers became consumers.
That last shift, Jerry Michalski explains, was from human beings to “gullets with wallets and eyeballs.” After that shift, freedom of contract in marketplaces was enjoyed only by businesses. Not by gullets.
Customer Commons was created to change that. It was spun out of ProjectVRM as a 501(c)3 nonprofit in 2013, shortly after Harvard Business Review Press published The Intention Economy: When Customers Take Charge. That book specifically gave Customer Commons the job of doing for personal privacy terms what Creative Commons did for personal copyright. And to do it by making privacy a contract between customers and businesses, rather than a “consent” to whatever the hell businesses wanted to shove down our gullets. (For example, with interruptive cookie “choices” that really aren’t and leave no audit trail.)
Work on that began in 2017, when the IEEE approached Customer Commons with an offer to host development of a standard for machine-readable personal privacy terms. That standard, officially called IEEE 7012-2025, and nicknamed MyTerms, was published this past January, concluding nine years of work.
Now what?
MyTerms is a great start toward completing Customer Commons’ audacious mission. Here are some goals we will achieve when that mission is accomplished:
VRM will be a business category, welcomed and engaged by CRM and CX functions on the sell sides of markets.
We will have proof that free customers are worth more than captive ones—to companies they engage, to whole markets, and to themselves. This was ProjectVRM’s original mission in 2006.
The intention economy will materialize when voluntary signaling from customers to companies outperforms and obsolesces surveillance as the primary means for companies to obtain data about customers.
MyTerms is required for all three, because a contract is the only way for companies to commit to respecting personal privacy, and MyTerms is the standard for doing that.
So the first challenge is to make Customer Commons viable as the first mover in establishing MyTerms in the world.
The second challenge is to make Customer Commons substantial enough to lead work toward all three of the challenges listed above. Customer Commons won’t be the only entity working on those. In the U.S., Consumer Reports has already stepped forward as a natural ally. MyData Global is partnering with Customer Commons in standing up the MyTerms Alliance, which is HQ’d in Europe. There are many other potential partners, such as Mozilla and the EFF.
There is development work on MyTerms already. You can learn more about those at VRM Day, IIW, and AIW, which run M-F through the last week of this month (April 27 to May 1) at the Computer History Museum in Silicon Valley.
Here are other ideas that have been floated in the past for Customer Commons:
Customers Union. Being for customers what the AARP is for retired people. Only bigger, because it would include everybody who is a customer of anything. This isn’t far from Consumers Union, which begat Consumer Reports, and is now its advocacy group.
CustomerCon. A trade show with company booths run by customers, to which companies are invited as guests. Key feature: no complaining. Guest companies are treated only to positive and constructive ideas. HT to Tim Hwang for helping come up with that one.
Omie. A tablet with apps free of Google and Apple. HT to Iain Henderson.
The Free Customer Award. This would be given to companies that value free customers and do nothing to entrap them. The canonical example described in The Intention Economy is Trader Joe’s. But there are others. In-N-Out Burger, for example.
I share those only to give you an idea of how big and influential Customer Commons might be, and how it’s possible to have fun making a new and better economy happen.
We’re not at Square One. Customer Commons is an extant nonprofit, has an energetic board, and a huge accomplishment by getting MyTerms finished. What it needs now is to build out a working organisation. How can we do that?
Let’s look at how Creative Commons got rolling in 2002 and kept moving after that. Here is what I’ve found in diggings so far—
The History of Creative Commons in Wired (December 2011) says, “An hour after the court’s decision was announced, the William and Flora Hewlett Foundation presented Creative Commons with $1,000,000 to launch the movement.” The case was Eldred v. Ashcroft.
In 2008, there was a successful funding challenge from Hewlett: “The 5×5 challenge, issued in honor of Creative Commons’ fifth birthday, called for the organization to find five funders to each promise five years of support at $500,000 per year. In addition to the Hewlett Foundation, Creative Commons received pledges of $500,000 in yearly support for five years from Omidyar Network, as well as from an anonymous European trust. Google has pledged $300,000 in support renewable for five years, while Mozilla and Red Hat have each pledged to contribute $100,000 annually for five years. The final block of support comes from the board of Creative Commons, which has promised to personally raise or contribute $500,000 to the organization annually for five years.”(Source: Creative Commons Newsletter No.5, February 2008)
$750,000 in 2005 to support general operations for three years
$500,000 in 2007 to support Science Commons for two years
$700,000 in2008 to support general operations and an endowment campaign for three years
$25,000 in 2015 to provide travel and other support for attendees of the Creative Commons Global Summit in South Korea, for two months. The meeting was also funded in part by the Institute for Museu m and Library Services and th e Gates Foundation, and by the Korean Ministry of Culture, Sports and Tourism ($25,000), Mozilla ($10,000), and the Wikimedia Foundation ($10,000).
$50,000 in 2022 to support dedicated programming on open journalism issues at the 2023 Global Summit, “which is an annual event that brings together educators, artists, technologists, legal experts, and activists to promote the power of open licensing and global access.”
So, by inference, the phases were roughly this:
Launch (2001–2002) $1M of initial funding
Early build-out (2002–2004) +$1–3M with additional foundation support
Continuous operations (2005 onward) at ~$1–3M/year
That gives us an idea of what we need to raise. (Given inflation, multiply those numbers by 1.5x.)
I’ll tell you more when I find out more. Meanwhile, watch this space. Better yet, jump in and help out.
Nor can CRM. Not really. The middle name of both is Relationship, and those require respect for each other’s boundaries. We don’t have that yet online, and can’t without working standards (hello MyTerms), tech, and norms. In fact, the opposite prevails: extreme exploitation of absent personal privacy.
Helen Nissenbaum has been teaching us that for decades, and working on solutions. One is Adnauseum, which may be on your browser already. It works (says that last link) “by automating ad clicks universally and blindly on behalf of its users. Built atop uBlock Origin, AdNauseam quietly clicks on every blocked ad, registering a visit on ad networks’ databases. As the collected data gathered shows an omnivorous click-stream, user tracking, targeting and surveillance become futile.” In another word, obfuscation.
And that’s what Helen will unpack when she speaks in our salon series here at Indiana University next Tuesday at 4 pm Eastern, and on Zoom. Her title is Why Obfuscation is (still) Needed (more than ever). Here’s the flyer, with the registration and Zoom links:
No regulation to make organizations respect personal privacy will work.
We’ve had cookie laws since the ’00s, the GDPR since the ’10s, and the CCPA since 2020. None of them has worked.
All those regulations are aimed at reducing the power of organizations to violate personal privacy. None is to empower people. That’s why, under those regulations, all we can do is agree to the terms organizations provide. We have no independent agency. All we have is what they promise, and their promises aren’t worth the pixels they’re printed on.
The only way we will get privacy is with contracts, which are laws that two parties make for themselves.
And the only way to make contracts work, at scale, is if we are the ones proffering those terms as first parties, and organizations agree to them as second parties. This flips the script on business-as-usual online.
By the old script, privacy is a grace of corporate obedience to selections in cookie notices, many of which provide no choice at all. There is “Accept,” and that’s it. In that case, all you’re accepting is a corporate privacy policy, which is typically just a fig leaf over the company’s hard-on for personal data.
Regardless of what you do with a cookie notice, chances are the company still tracks you like a marked animal. See here and here. You also have no easy of auditing compliance, because you keep no record of your “choices.” And we have that system because the incentives are worse than misaligned: they are completely broken.
See, if you are a typical website, you get paid for allowing third parties to harvest visitors’ personal data and use it to aim personalized advertising at their eyeballs. This is morally wrong on its face, but easily rationalized because it pays.
In the natural world, a store would never plant tracking beacons on every shopper, or require those shoppers to “choose” privacy protections by stripping naked and then selecting the purposes to which their personal tracking beacons will be put. Shoppers would avoid that store like the plague,
However, on the Net and the Web, we haven’t yet invented privacy, just as we hadn’t in the natural world before we invented clothing and shelter. So, on the Net and the Web, we are still naked as fish. As a result, a plague of near-ubiquitous surveillance has been raging online for decades. It is nearly impossible to avoid getting infected.
Most of that surveillance is for the $742 Billion surveillance-fed fecosystem* called adtech. And the only way we can obsolesce it is with a business ecosystem that works for everyone: customers and companies alike, and together.
It describes a protocol in the diplomatic sense: a way to reach and record agreements. Here is a diagram that shows how it works:
It is also the ultimate product of ProjectVRM, which began in 2006 with a mission: to prove that free customers are more valuable than captive ones—to companies, to markets, and to themselves. It was to ProjectVRM’s nonprofit spinoff, Customer Commons, that the IEEE came in 2017 with the challenge to create the MyTerms standard.
Of course, every agreement needs to be good for both sides. Right now we have five draft agreements for that. SD-BASE says “Service Delivery only.” This one requires that the site or service provide the visitor only what the visitor came for, and not to share personal data with third parties. This will make the site or service more inviting. (Customer Commons also plans to offer a trustmark to sites and services that sign MyTerms Agreements.) Lots of other mutually respectful agreements can also be built on top of SD-BASE: agreements that respect personal agency as well as privacy.
Other initial MyTerms agreements cover data portability, intentcasting, data-for-good, and AI training.
MyTerms will foster businesses and business methods that the surveillance fecosystem prevents. We describe how that will work, and some of the businesses MyTerms will create and improve, in The Cluetrain Will Run from Customers to Companies.
Of course, we need to develop tools and services for making that cluetrain run. Please tell us what you’ve got or plan.
The place to list those is in a new section of our Developments page. We also need to re-write and condense our privacy manifesto, and welcome help with both.
We also need to thank our many teams over the past two decades for jobs well done, even if many of those jobs didn’t go anywhere, mostly because they were too early.
Now is the time, because the world is fed up with surveillance—and it is easier than ever to develop tools and services using AI.
What is your best friend’s personal brand? How about your spouse’s?
Those questions came to mind as I read through The Death of Merchandising in an Online World, by Dana Blankenhorn, who is reliably wise. In that post, Dana correctly observes that brand value is declining as merchandising shifts from stores to online services, and to influencers who are also stores.
I think there’s also something else going on at the same time: the shift in media from real advertising to the online equivalent of junk mail, which is what you see with nearly every ad you encounter on your browsers and apps. To marketers, browsers and apps are boxes for junk mail, which at its most ideal is personalized by surveillance. As I put it in Separating Advertising’s Wheat and Chaff, ” Madison Avenue fell asleep, direct response marketing ate its brain, and it woke up as an alien replica of itself.”
I wrote that a decade ago. With AI today, that alien replica is the real thing. Madison Avenue is now AM radio, with a whip antenna and tail fins.
Brand advertising worked best when “the media” were mostly print and broadcast. Sources of both were so few that they all fit on a newsstand and the dials of radios and TVs. To operate a source of either, you needed a printing plant or transmitting towers. Publishers and broadcasters are still around, but now their goods are mostly distributed over the Internet and consumed through glowing rectangles. And they’re competing in a world where the abundance of other sources of content is incalculably vast. In that world, the only places you can still reliably create and maintain brands is by sponsoring live events. Especially sports. That’s why I know fifteen minutes will save me fifteen percent with Geico, even though Geico stopped saying that years ago. I also know that you only pay for what you need with Liberty Mutual. And I’ll never get the Shaefer Beer jingle out of my mind.
On the whole, however, branding has finished running the same course as the broadcasting it paid for.
It helps to remember that the words brand and branding were borrowed from ranching. They applied especially well when people had few choices of media, and few if any ways to avoid ads meant to burn the names of companies and products onto mental hides.
What we really (or at least should) mean by brand today is reputation. How a business obtains that in our still-new Digital Age (now with AI!) is an open question.
I believe the answer will come from the natural world, where markets have been working far longer than we’ve had digital media, broadcasting, or print. It was in the natural world that two very different people—one an athiest and the other a pastor—separately explained to me, not long after The Cluetrain Manifesto came out, that markets are not just about transactions and (as Cluetrain insisted) conversations. They are about relationships.
Marketing prevents those. Or shortcuts them. Especially as it continues to devolve into funnels at the bottom end of which are transactions alone, or entrapment in a company’s “loyalty” system.
The Internet and the Web were both designed to support maximum agency and independence for every entity using them. We can have far better markets and marketing if demand and supply both work with maximized agency, and scale in ways that are good for both. That’s the idea behind market intelligence that flows both ways.
Making and maintaining those kinds of relationships will be VRM+CRM, What those together will make are wholes that exceed the sum of either part.
So here is a challenge for Admiral , OneTrust, and the rest of them: make VRM mean Vendor Relationship Management (like it says in Wikipedia).
Our case: real relationships are based on mutual trust, which can only happen if personal privacy is fully respected as a starting point. Consent management by cookie notice can’t cut it. For real trust, we need people to bring their own terms to every website’s table, and have agreements to those. This is why we, the ProjectVRM community, through Customer Commons (our nonprofit spinoff) and the IEEE P7012 (aka MyTerms) working group, created the draft standard (on track to become official early next year) for machine-readable personal privacy terms. Three years ago, I called MyTerms The Most Important Standard in Development Today. The CMP business can help make it so, by getting on the Cluetrain.
Here are some opportunities:
CMPs can provide sites & services with easy ways to respond to MyTerms choices brought to the table by visitors. Let’s call this a Terms Matching Engine.The current roster of terms we’re working with at Customer Commons (abbreviated CuCo, hence the cuco.org shortcut) starts with CC-BASE, which is “service provision only.” It says to a website, “just give me your service, and nothing more.” In other words, no tracking. Yet. Negotiation toward additional provisions comes after that. Those can be anything, but they should be in the spirit of We’re starting with personal privacy here, and the visitor sets the terms for that.
There is a whole new business (which, like the VPN, grammar-help, and password management businesses, people would pay for) in helping people present, manage, remember, and monitor compliance with their terms, and what additional agreements have been arrived at. This can involve browser add-ons such as the one pictured on the ProjectVRM r-button page. CMP companies can make money there too, adding a C2B business to their B2B ones.
Go beyond #2 to provide real VRM. Back in the last millennium, Iain Henderson pointed out that B2B relationships tend to have hundreds or thousands of variables over which both parties need to agree. Nitin Badjatia, another CRM veteran (and a Customer Commons board member like Iain and myself), has also pointed out that companies like Oracle have long provided AI-assisted ways for B2B relationships to arrive at contractual agreements. The same can work for C2B, once the base privacy agreement is established. There can be a business here that expands on what gets started with that first agreement.
Verticals. There can be strong value-adds for regulated industries or companies wanting to acquire and signal accountability, or look for firmer ways to establish a privacy regime better than the called consent, which doesn’t work (except as thin ass-covering for companies fearing the GDPR and the CCPA). For example: banks, insurers, publishers, health care providers.
For people (not just corporate clients), CMPs could offer browser plugins or apps (mobile and/or computer) that help people choose and present their privacy terms, track who honors them, notify them of violations, and have r-buttons mean something. Or multiple things.
Here is what a VRM-friendly person in the UK came up with as a prototypical first by a CMP away from cookie notices:
That was after this post went up. (Which is great.)
Obviously, we want cookie notices (and other forms of friction) to go away, but we also want CMPs to have a nice way to participate in a customer-led world in which intention-based economies can grow.
And here is an example of r-buttons in a browser:
Real relationships, including records of agreements, can be unpacked when a person (not a mere “user”) clicks on either the ⊂ or the ⊃ symbols. There are golden opportunities here for both VRM and CRM vendors. And, of course, companies such as Admiral and OneTrust working both sides—and being truly trusted.
Customers need privacy, respect, and the ability to provide good and helpful information to the companies they deal with. The good clues customers bring can include far more than what companies get today from their CRM systems and from surveillance of customer activities. For example, market intelligence that flows both ways can happen on a massive scale.
But only if customers set the terms.
Now they can, using a new standard from the IEEE called P7012, aka MyTerms. It governs machine readability of personal privacy terms. These are terms that customers proffer as first parties, and companies agree to as second parties. Lots of business can be built on top of those terms, which at the ground level start with service provision without surveillance or unwanted data sharing by the company with other parties. New agreements can be made on top of that, but MyTerms are where genuine and trusting (rather than today’s coerced and one-sided) relationships can be built.
When companies are open to MyTerms agreements, they don’t need cookie notices. Nor do they need 10,000-word terms and conditions or privacy policies because they’ll have contractual agreements with customers that work for both sides.
On top of that foundation, real relationships can be built by VRM systems on the customers’ side and CRM systems on the corporate side. Both can also use AI agents: personal AI for customers and corporate AI for companies. Massive businesses can grow to supply tools and services on both sides of those new relationships. These are businesses that can only grow atop agreements that customers bring to the table, and at scale across all the companies they engage.
This is the kind of thing that four guys (me included)† had in mind when they posted The Cluetrain Manifesto* on the Web in April 1999. A book version of the manifesto came out in early 2000 and became a business bestseller that still sells in nine languages. Above the manifesto’s 95 theses is this master clue**, written by Christopher Locke:
MyTerms is the only way we (who are not seats or eyeballs or end users or consumers) finally have reach that exceeds corporate grasp, so companies can finally deal with the kind of personal agency that the Internet promised in the first place.
The MyTerms standard requires that a roster of possible agreements be posted at a disinterested nonprofit. The individual chooses one, the company agrees to it (or not). Both sides keep an identical record of the agreement.
The first roster will be at Customer Commons, which is ProjectVRM’s 501(c)3 nonprofit spinoff. It was created to do for personal privacy terms what Creative Commons does for personal copyright licenses. (It was Customer Commons, aka CuCo, that the IEEE approached with the idea of creating the MyTerms standard.)
Work on MyTerms started in 2017 and is in the final stages of IEEE approval process. While it is due to be published early next year, what it specifies is simple:
Individuals can choose a term posted at Customer Commons or the equivalent
Companies can agree to the individual’s choice or not
The decision can be recorded identically by both sides
Data about the decision can be recorded by both sides and kept for further reference, auditing, or dispute resolution
Both sides can know and display the state of agreement or absence of agreement (for example, the state of a relationship, should one come to exist)
MyTerms not a technical spec, so implementations are open to whatever. Development on any of those can start now. So can work in any of the six areas listed above.
The biggest thing MyTerms does for customers—and people just using free services—is getting rid of cookie notices, which are massively annoying and not worth the pixels they are printed on. If a company really does care about personal privacy, it’ll respect personal privacy requirements. This is how things work in the natural world, where tracking people like marked animals has been morally wrong for millennia. In the digital world, however, agreements need to be explicit, so programming and services can be based on them. MyTerms does that.
For business, MyTerms has lots of advantages:
Reduced or eliminated compliance risk
Competitive differentiation
Lower customer churn
Grounds for real rather than coerced relationships (CRM+VRM)
Grounds for better signaling (clues!) going in both directions
Reduced or eliminated guesswork about what customers want, how they use products and services, and how both might be improved
Lawyers get a new market for services on both the buy and sell sides of the marketplace. Companies in the CMP (consent management platform) business (e.g. Admiral and OneTrust) have something new and better to sell.
Lawmakers and Regulators can start looking at the Net and the Web as places where freedom of contract prevails, and contracts of adhesion (such as what you “agree” to with cookie notices) are obsolesced.
Developers can have a field day (or decade). Look for these categories to emerge
Agreement Management Platforms – Migrate from today’s much-hated consent management platforms (hello OneTrust, Admiral, and the rest).
Vendor Relationship Management (VRM) Tools and services – Fill the vacuum that’s been there since the Web got real in 1995.
Customer Relationship Management (CRM) – Make its middle name finally mean something.
Customer Data Return (CDR) – Give, sell back, or share with customers the data you’ve been gathering without their permission since forever. Talking here to car companies, TV makers, app makers, and every other technology product with spyware onboard for reporting personal activity to parties unknown.
Platform Relief – Free customers from the walled gardens of Apple, Microsoft, Amazon, and every other maker of hardware and software that currently bears the full burden of providing personal privacy to customers and users. Those companies can also embrace and help implement MyTerms for both sides of the marketplace.
New dances between customers and companies, demand and supply. (“The Dance” is a closing chapter of The Intention Economy.)
New commercial ecosystems can grow around a richer flow of clues in both directions, based on shared interest and trust between demand and supply.
Surveillance capitalism will be obsolesced — and replaced by an economy aligned with personal agency and respect from customers’ corporate partners.
A new distributed P2P fabric of personally secure and shared data processing and storage — See what KwaaiNet + Verida, for example, might do together.
All aboard!
†Speaking for myself in this post. I invite the other two surviving co-authors to weigh in if they like.
*At this writing, the Cluetrain website, along with many others at its host, is offline while being cured of an infection. To be clear, however, it will be back on the Web. Meanwhile, I’m linking to a snapshot of the site in the Internet Archive—a service for which the world should be massively grateful.
**The thesis that did the most to popularize Cluetrain was “Markets are conversations,” which was at the top of Cluetrain’s ninety-five theses. Imagining that this thesis was just for them, marketers everywhere saw marketing, rather than markets, as “conversations.” Besides misunderstanding what Cluetrain meant by conversation (that customers and companies should both have equal and reciprocal agency, and engage in human ways), marketing gave us “conversational” versions of itself that were mostly annoying. And now (thank you, marketing), every damn topic is now also a fucking “conversation”—the “climate conversation,” the “gender conversation,” the “conversation about data ownership.” I suspect that making “conversation” a synonym for “topic” was also a step toward making every piece of propaganda into a “narrative.” But I digress. Stop reading here and scroll back to read the case for MyTerms. And please, hope that it also doesn’t become woefully misunderstood.
Look up customer journey or customer experience (aka CX) and you’ll find nothing about what the customer drives, or rides. All results will be for systems meant for herding customers like cattle into a chute that the CX business (no kidding) calls a sales funnel:
Do any customers want to go down these drains?
But let’s stick with the journey metaphor, because there are good people in the marketing business who have thought deeply about how people buy and own things. Chief among those people is Estaban Kolsky, of Constellation Research. He visualizes the journey in a way that not only gives weight to the ownership experience, but separates it from the sales experience :
As for our actual experience, we spend 100 percent of our lives with things we own, and just a tiny percentage on buying them. So the real ratio should look more like this:
…consider the curb weight of “solutions” in the world of interactivity between company and customer today. In the BUY loop of the customer journey, we have:
3. All the rest of marketing, which has too many segments for me to bother looking up
So, in the OWN loop we have a $0 trillion greenfield.
To enter that greenfield, we need customers to be in charge of their side of these relationships— preferably through means for interaction that customers themselves control—on terms that are agreeable to both sides, rather than the one-sided terms we suffer every time we click AGREE on a cookie notice.
To help imagine how that will work, I volunteer a real-world example from my own life.
A few years back, I bought a pair of LAMOMens Mocs at a shopping mall kiosk in Massachusetts. Here’s one:
I like them a lot. They’re very comfortable and warm on winter mornings. In fact I still wear them, even though the soles have long since come apart and fallen off. Here is how they looked after a few years of use:
I’m showing this so you, and LAMO, can see what happens, and how we can both use my experience—and those of other customers—to change the world.
See, I like LAMO, and would love to help the company learn from my experience with one of their products. As of today, there are four choices for that:
Do nothing (that’s the default)
Send them an email
Go on some website and talk about it. (A perfect Leightoncartoon in the New Yorker shows a couple registering at a hotel while the person behind the counter says, “If there’s anything we can do to make your stay more pleasant, just rant about it on the Internet.”)
So here is a fifth choice: give these moccasins their own virtual cloud, where LAMO and I can share intelligence about whatever we like, starting (on my side) with reports on my own experience, requests for service, or whatever. Phil Windley calls these clouds picos, for persistent compute objects. Picos are breeds of what Bruce Sterling calls spime: persistent intelligence for things. Picos have their own operating system (e.g., Wrangler, which Phil most recently posted about here), and don’t need intelligence on board. Just scan a QR code, and you’ll get to the pico. Here’s the QR code on one of my LAMO moccasins:
Go ahead and scan the code with your phone. You’ll get to a page that says it’s my moccasin.
That’s just one view of a potential relationship between me and Lamo — one in which I can put a message that says “If found, call or text _______.” Another view is on my own dashboard of things in my OWN cycle, and direct connections to every one of those companies. That relationship can rest on friendly terms in which I’m the first party and the company is the second party. (For more on that, see here and here.)
So look at the relationship between me and Lamo as a conduit (the blue cylinder below) that lives in the pico for my mocassin. That conduit goes from my VRM (vendor relationship management) dashboard to Lamo’s CRM (customer relationship management) system. There is no limit to the goodness that can pass back and forth between us, including intelligence about how I use my moccasins.
Let’s look at what can happen at either or both ends of that conduit.
A pico for a product is a CRM dream come true: a standard way for every copy of every product to have its own unique identity and virtual cloud (in which any data can live), and standard way any customer can report usage and other intelligence about any product they own—without any smarts needing to live on the thing itself.
If I scan that QR code, I can see whatever notes I’ve taken. I can also see whatever LAMO has put in there, with my permission. Also in that cloud is whatever programming has been done on it. Here is one example of simple relationship logic at work:
IF this QR code is scanned, THEN send LAMO a note that Doc has a new entry in our common journal.
Likewise, LAMO can send me a note saying that there is new information in the same journal. Maybe that information is a note telling me that the company has changed sole manufacturers, and that the newest Mens Mocs will be far more durable. Or maybe they’ll send a discount on a new pair. The correct answer for what goes in the common journal (a term I just made up) is: whatever.
Now let’s say LAMO puts a different QR code, or other identifier, in every moccasin it sells. Or has a CRM system that is alert to notifications from customers who have turned their LAMO moccasins into picos, making all those moccasins smart. LAMO can then not only keep up with its customers through CRM-VRM conduits, but tie interactions through those conduits to the dashboards of their accounting systems (from Xero or other companies that provide enriched views of how the company is interacting with the world).
Follow the links in the last paragraph (all to Wikipedia), and you’ll find each of them has “multiple issues.” The reason for that is simple: the customer is not involved with any of them. All those entries make the sound of industries talking to themselves — or one hand slapping.
This is an old problem that can only be fixed on the customer’s side. Before the Internet, solving things from the customer’s side — by making the customer the point of integration for her own data, and the decider about what gets done with that data — was impossible. Now that we have the Internet, it’s very possible, but only if we get our heads out of business-as-usual and back into our own lives. This will be good for business as well.
A while back I had meetings with two call center companies, and reviewed this scenario:
A customer scans the QR code on her cable modem, activating its pico.
By the logic described above, a message to the call center says “This customer has scanned the QR code on her cable modem.”
The call center checks to see if there is an outage in the customer’s area, and — if there is — finds out how soon it will be fixed.
The call center sends a message back saying there’s an outage and that it will be fixed within X hours.
In both cases, the call center company sai,d “We want that!” Because they really do want to be fully useful. And — get this — they are programmable.
Unfortunately, in too many cases, they are programmed to avoid customers or to treat them as templates rather than as individual human beings who might actually be able to provide useful information. This is old-fashioned mass-marketing thinking at work, and it sucks for everybody. It’s especially bad at delivering (literal) on-the-ground market intelligence from customers to companies.
Call centers would rather be sources of real solutions rather than just customer avoidance machines for companies and anger sinks for unhappy customers. The solution I’m talking about here takes care of that. And much more.
Now let’s go back to shoes.
I’m not a hugely brand-loyal kind of guy. I use Canon cameras because I like the long-standing 5D user interface more than the competing Nikon ones, and Canon’s lens prices tend to be lower. I use Apple computers because they’re easy to get fixed and I can open a command line shell and get geeky when I need to. I drive a 2017 VW wagon because I got it at a good price. And I buy Rockport shoes because, on the whole, they’re pretty good.
Used to be they were great. That was in the ’70s and early ’80s when Saul and Bruce Katz, the founders, were still in charge. That legacy is still there, under Reebok ownership; but it’s clear that the company is much more of a mass marketing operation than it was back in the early days. Still, in my experience, they’re better than the competition. That’s why I buy their shoes. Rockports are the only shoes I’ve ever loved. And I’ve had many.
So here is a photo I took of wear-and-tear on two pairs of Rockport casual shoes I still use, because they’re damned comfortable:
Shots 1 and 2 are shoes I bought in June 2012, and are no longer sold, near as I can tell. (Wish they were.) Shots 3 and 4 are of shoes called Off The Coast 2 Eye. I bought mine in late 2013, but didn’t start wearing them a lot until early this year. I bought both at the Rockport store in Burlington Mall, near Boston. I like that store too.
The first pair has developed a hole in the heel and loose eyelet grommets for the laces around the side of the shoe. The hole isn’t a big deal, except that it lets in water. The loose eyelets are only a bother when I cross my feet sitting down: they bite into the other ankle. The separating outer sole of the second pair is a bigger concern, because these shoes are still essentially new, and look new except for that one flaw. A design issue is the leather laces, which need to be double-knotted to keep from coming undone, and even the double-knots come undone as well. That’s a quibble, but perhaps useful for Rockport to know.
I’d like to share these experiences privately with Rockport, and for that process to be easy. Same with my experiences with LAMO moccasins.
It could be private if Rockport and LAMO footwear came with QR codes for every pair’s pico — it’s own cloud. Or if Rockport’s CRM or call center system was programmed to hear pings from my picos.
Ideally, customers would get the pico along with the shoe. Then they would have their own shared journal and message space — the conduit shown above — as well as a programmable system for creating and improving the whole customer-company relationship. They could also get social about their dialogs in their own ways, rather than only within Facebook and Twitter, which are the least private and personal places imaginable.
This kind of intelligence exchange can only become a standard way for companies and customers to learn from each other if the code for picos is open source. If Rockport or LAMO try to “own the customer” by locking her into a closed company-controlled system — the current default for customer service — the Internet of Things will be what Phil calls “the Compuserve of things”. In other words, divided into the same kind of closed and incompatible systems we had before the Net came along.
One big thing that made the Internet succeed was substitutability of services. Cars, banks, and countless other product categories you can name are large and vital because open and well-understood standards and practices at their base have made substitutability possible. Phil says we can’t have a true Internet of Things without it, and I agree.
The smartest people working for companies are their customers. And the best way to activate customer smarts is by giving them scale. That’s what picos do.
As a bonus, they also give companies scale. If we can standardize picos, we’ll have common and standard ways for any customer and any company to relate to each other through any VRM + CRM system. Think about how much more, and better, intelligence a company can get from its customers this way, rather than through the ones barely succeeding now, where the company does all the work, and fails to know an infinitude of useful stuff customers could be telling them. Think about how much more products can be improved, an iterated over time. Think about how much more genuine loyalty can be created and sustained with this kind of two-way system.
Then think how much companies can save by not constantly spying on customers, guessing about what they might want, spamming them with unwanted and unnecessary sales messages, maintaining systems try to relate but actually can’t, and herding customers into imaginary funnels that customers would loathe if they could see what’s going on.
It’s a lot.
So let’s start working on growing a sane world of business that’s based on market intelligence that flows both ways, instead of the surveillance-based guesswork and delusional imaginings of marketing that smokes its own exhaust. We can do it, privately, and at scale.
With MyTerms, the person (and their electronic agent) is the first party, and the corporate entity (with its agent) is the second party. This is essential for assuring full respect for personal privacy in the digital world.
Here is the PAR for EEE P7012 (nicknamed MyTerms—much as IEEE 802.11 is nicknamed Wi-Fi). It launched a working group in 2017 (that I now chair), and is expected to go from draft to done by early 2026.
Because what the standard will do is plainly laid out in the PAR, I’m breaking its paragraph into separate sentences to make reading it easier:
This draft standard covers contractual interactions and agreements between individuals and the service providers they engage on a network, including websites.
It describes how individuals, acting as first parties, can proffer their privacy requirements as contractual terms and arrive at agreements recorded and kept by both sides.
These terms shall be chosen from a collection of standard-form agreements in a roster kept by an independent and neutral non-business entity.
Computing devices and software performing as agents for both first and second parties shall engage using any protocol that serves the purpose.
The first party shall point to a preferred agreement, or a set of agreements, from which the second party shall accept one.
Party-to-party negotiations over terms in any of these contracts or other agreements are outside the scope of this standard. If both parties agree, the chosen contract or agreement shall be signed electronically by both parties or their agents.
A matching record shall be kept by both sides in a form that can be retrieved, audited, or disputed, if necessary, at some later time–and which is available to do so easily.*
I can’t share the draft before the final version is published, but I can say that what it says is about as simple as what you read above. It also does not specify what tech or protocol to use. This is to leave development as open as possible.
The main thing is that MyTerms obsolesces notice-and-consent by basing privacy agreements on contracts that individuals proffer as first parties, and sites and services agree to as second parties.
Never mind that this hardly seems thinkable to the status quo. The same was once said of the Internet, the Web, email, and other free and open graces we take for granted today.
If you want to get involved, help us build out Customer Commons, so it can play the same role for personal privacy terms that Creative Commons plays for personal copyright.
*Shall is IEEE-speak for will or must. The purpose of that rule is to make clear that it does not mean should, could, or any other modal auxiliary verb.
