The Wall Street Journal has an informative conversation with Lawrence Lessig: Technology Will Create New Models for Privacy Regulation. What underlies a change toward new models are two points: the servers holding vast user databases are increasingly (and very cheaply) breached, and the value of the information in those databases is being transferred to something more aligned to VRM: use of the data, on a need to know basis. Lessig notes:
The average cost per user of a data breach is now $240 … think of businesses looking at that cost and saying “What if I can find a way to not hold that data, but the value of that data?” When we do that, our concept of privacy will be different. Our concept so far is that we should give people control over copies of data. In the future, we will not worry about copies of data, but using data. The paradigm of required use will develop once we have really simple ways to hold data. If I were king, I would say it’s too early. Let’s muddle through the next few years. The costs are costly, but the current model of privacy will not make sense going forward.
The challenge, notes Lessig, is “a corrupt Congress” that is more interested in surveillance than markets and doing business. Perhaps that isn’t a problem, according to an Associated Press poll (which has no bias, of course!):
According to the new poll, 56 percent of Americans favor and 28 percent oppose the ability of the government to conduct surveillance on Internet communications without needing to get a warrant. That includes such surveillance on U.S. citizens. Majorities both of Republicans (67 percent) and Democrats (55 percent) favor government surveillance of Americans’ Internet activities to watch for suspicious activity that might be connected to terrorism. Independents are more divided, with 40 percent in favor and 35 percent opposed. Only a third of Americans under 30, but nearly two-thirds 30 and older, support warrantless surveillance.
Right. After all, who needs business?
In Volvo launches in-car package delivery service in Gothenburg, Volvo’s new service “lets you have your Christmas shopping delivered directly to your car.” Intriguing idea that saves on parking hassles like those people who are waiting/idling around the favored spots.
With just days to go before Black Friday and Cyber Monday – the busiest online shopping days of the Christmas season – Sweden’s Volvo Cars has unveiled a brand new way to take some of the hassle out Christmas shopping.
The premium car maker has launched the world’s first commercially available in-car delivery service by teaming up with PostNord, the Nordic region’s leading communication and logistics supplier, Lekmer.com, the leading Nordic online toy and baby goods store, and Mat.se, a Swedish online grocery retailer, to have Christmas toys, gifts, food and drinks delivered to its cars. …
The Volvo In-car Delivery works by means of a digital key, which is used to gain one-time access to your vehicle. Owners simply order the goods online, receive a notification that the goods have been delivered and then just drive home with them.
Alas, not available everywhere. Yet.
The Personal Information Economy 2015 conference is coming up! From the event page:
As a new digital age unfolds brands have a make-or-break strategic opportunity to place their customer relationships on a powerful new footing.
The opportunity: to work with customers to create new ‘Me2B’ services that empower them with data and help them use this data to meet previously unmet needs, such as making better decisions and organising and managing their lives better.
Brands that enable these new relationships and services are sustaining and deepening customer trust, growing revenue streams and profits, differentiating themselves in crowded markets, and positioning themselves strategically at the forefront of the digital economy.
Personal Information Economy 2015: Growth Through Trust
The rise of Me2B commerce
Event Venue: Kings Place, 90 York Way, London, N1 9AG
Event Date: Tuesday, December 8th 2015 from 09:00 to 19:00 (GMT)
More information here.
Above is a strawman proposal for icons for user-submitted terms that I’ve been presenting in talks and in prototypes for creating privacy-protecting technology for individuals. I’ve been sharing this with people for the last couple of years to increasing recognition that we need a simple way to assert our terms. I made it up to demonstrate what and how user submitted terms might work, as part of a larger system for individuals to control and share their personal data.
Basically, the idea is that an individual would select some default settings for sharing their data, and this would be managed by a user-agent which would use a ‘machine readable’ version of the user-terms. The individual would see the icons, but also be able to read the ‘human-readable’ terms connected to each category of choice and the individual icons chosen. And there would be a ‘legal readable’ version that be available for creating a legally enforceable agreement, if the individual and those they submit terms to agreed. And if the requested term was not agreed to, the individual would know and be able to choose whether to share data anyway.
You can see the choices for terms, including Sharing. This might involve allowing shared data to be public, or shared with 3rd parties, or just sharing with the direct 1st party relationship. Duration might be for as long as there is an active account, for say, 3 months, or for just the extent of the business session. Purpose might be for 3rd party advertising, for just site use, or for the extent of the business transaction. And Tracking might allow either tracking or Do Not Track choices.
These choices are simple and easy for a person to understand, and should be the sort of thing that is selected once, and then the general choices become defaults. It might be that there are a few defaults, say for news sites or apps, verses say, for social networks, or for entities we purchase from. We might want to get really granular with some relationships we have that really matter to us, and specify a set of terms just for that vendor. But the net of this is that individuals would be able to say what matters to them before they share any data, and their agent could negotiate the relationship with a potential vendor, to make it easy and painless.
Customer Commons, as advocates for individuals, could develop and maintain for public use these terms and their icons. We could provide this part of the puzzle for a privacy protecting system to help individuals have more control over their own sharing. And we could help vendors navigate these negotiations with customers so that vendors might use better privacy as a competitive advantage in the marketplace.
All of this, the choices we individuals make and submit, and the responses from vendors, ought to be recorded in a Consent Receipt, something Open Notice has been working toward and which is very complementary to user-submitted terms.
I’d love to hear what you think in comments about this idea.
Customer Commons User Terms by Mary Hodder is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Post from 2009 reposted here to facilitate further discussion.
At the VRM workshop, we discussed the need for the concept of the Personal Data Store, what it would do in practice, and what that will ultimately enable.
Why we need such things – because individuals have a complex need to manage personal information over a lifetime, and the tools they have at their disposal today to do so are inadequate. Existing tools include the brain (which is good but does not have enough RAM, onboard storage, or an ethernet socket……thankfully), stand alone data stores (paper, spreadsheets, phones, which are good but not connected in secure ways that enable user-driven data aggregation and sharing), and supplier based data stores (which can be tactically good but are run under the supplier provided terms and conditions). NB Our current perception of ‘personal data stores’ is shaped by the good ones that are out their (e.g. my online bank, my online health vault); what we need is all of that functionality, and more – but working FOR ME.
What they will do/ enable – the term Personal Data Store is not an ideal term to describe a complex set of functions, but it is what it is until we get a better one (the analogy I’d use in more ways than one is the term ‘data warehouse’ – again a simplistic term that masks a lot of complex activity). A Personal Data Store can take two basic forms:
Operational Data Stores – that get things done, and only need store sufficient breadth and depth of data to fulfill the operation they are built for (e.g. pay a credit card bill, book a doctor’s appointment, order my groceries).
Analytical Data Stores – that underpin and enable decision making, and which typically need a more tightly defined, but much deeper data-set that includes data from a range of aspects of life rather than just that from one specific operation (e.g. plan a home move, buy a car, organise an overseas trip).
A sub-set of the individual’s overall data requirement will lie in both of the above, this being the data that then integrates decision-making and doing.
In both cases, the functionality required is to source, gather, manage, enhance and selectively disclose data (to presentation layers, interfaces or applications).
We also discussed ‘who has what data on you’ and introduced the following diagrams to explain current state and target state (post deployment of Volunteered Personal Information (VPI) tech and standards).
The key terms that require explanation are:
My Data – is the data that is undeniably within, and only within, the domain of an individual. It’s defining characteristic is that it has demonstrably not been made available to any other party under a signed, binding agreement. This space has been increasingly encroached upon by technology and organisations in recent history (e.g. behavioural tracking tools like Phorm) and this encroachment will continue. Indeed a general comment can be made that ‘my data’ equates to privacy in the context of personal data; so the rise of the surveillance society and state is a direct assault on ‘My Data’. Management of ‘My Data’ can be run by the individual themselves, or outsourced to a ‘fourth party service’.
Your Data – is the data that is undeniably within the domain of an organisation; either private, public or third sector. Proxy views of this data may exist elsewhere but are only that. This data would include, for example, the organisations own master records of their product/ service range, their pricing, their costs, their sales outlets and channels. Customer-facing views of much of Your Data is made available for reproduction in the ‘Our Data’ intersect.
Our Data – is the data that is jointly accessible to both buyer and seller/ service provider, and also potentially to any other parties to an interaction, transaction or relationship. It is the data that is generated through engaging in interactions and transactions in and around a customer/ supplier relationship. Despite being ‘our’ data, it is probably technically owned, or at least provided under terms of service designed by the seller/ service provider; in practical terms this also means that the seller/ service provider dictates the formats in which this data exists/ is made available.
Their Data – is the data built/ owned/ sold by third party data aggregators, e.g. credit bureaux, marketing data providers in all their forms. It’s defining characteristic is that it is only available/ accessible by buying/ licensing it from the owner.
Everybody’s Data – is the public domain data, typically developed/ run by large, public sector(ish) entities including local government (electoral roll), Post Offices (postal address files), mapping bureau (GIS). Typically this data is accessible under contract, but the barriers to accessing these contracts are set low – although often not low enough that an individual can engage with them easily.
The Basic Identifier Set/ Bit in the Middle – this is the core personal identity data which, like it or not, exists largely in the public domain – most typically (but not exclusively) as a result of electoral rolls being made available publicly, and specifically to service providers who wish to build things from them. This characteristic is that which enables the whole personal eco-system and its impact on data privacy to exist, with the individual as the un-knowing ‘point of integration’ for data about them.
The ovals in the venn diagram represent the static state, i.e. where does data live at a point in time. The flow arrows show where data flows to and from in this eco-system; I use red to signify data flowing under terms and conditions NOT controlled by the individual data subject.
Flow 1 (My Data to Your Data, and My Data to Our Data) – Individuals provide data to organisations under terms and conditions set by the organisation, the individual being offered a ‘take it or leave it’ set of options. Some granularity is often offered around choices for onward data sharing and use, i.e. the ‘tick boxes’ we all know and which are one of the main bitsof legacy CRM that VRM will fix.
Flow 2 (Your Data to Your Data, including Our Data) – Organisations share data with other organisations, usually through a back-channel, i.e. the details of the sharing relationship are typically not known to the data subject.
Flow 3 (Your Data, including Our Data to Their Data) – Organisations share data with a specific type of other organisation, data aggregators, under terms and conditions that enable onward sale. Typically the sharer is paid for this data/ has a stake in the re-sale value.
Flow 4 (Everybody’s Data to Their Data) – Data Aggregators use public domain data sources to initiate and extend their commercial data assets.
The target state is shown below, a different scenario altogether – and one which I believe will unfold incrementally over the next ten years or so…..data attribute by data attribute, customer/ supplier management process by customer/ supplier management process, industry sector by industry sector. In this scenario, the individual and ‘My Data’ becomes the dominant source of many valuable data types (e.g. buying intentions, verified changes of circumstance), and in doing so eliminates vast amounts of guesswork and waste from existing customer/ citizen managment processes.
The key new capabilities required to enable this to happen are those being worked on in the User Driven and Volunteered Personal Information work groups at Kantara (one tech group, one policy/ commerce one), and elsewhere within and around Project VRM. The new capabilities will consist of:
– personal data store(s), both operational and analytical
– data and technical standards around the sharing of volunteered personal information
– volunteered personal information sharing agreements (i.e. contracts driven by the individual perspective, creative commons-like icons for VPI sharing scenarios)
– audit and compliance mechanics
Around those capabilities, we will need to build a compelling story that clearly articulates, in a shared lexicon (thanks to Craig Burton for reminding us of the importance of this – watch this space), the benefits of the approach – for both individuals and organisations.
The target state that will emerge once these capabilities begin to impact will include the 4 additional individual-driven information flowsover and above the current ones. The defining characteristic of these new flows is that the can only be initiated by the data subject themselves, and most will only occur when the receiving entity has ’signed’ the terms and conditions asserted by the individual/ data subject. The new flows are:
Flow 5 (My Data to Your Data (inc Our Data) – Individuals will share more high value, volunteered information with their existing and potential suppliers, eliminating guesswork and waste from many customer management processes. In turn, organisations will share their own expertise/ data with individuals, adding value to the relationship.
Flow 6 (Everybody’s Data to My Data) – With their new, more sophisticated personal information management tools, individuals will be able to take direct feeds from public domain sources for use on their own mashups and applications (e.g. crime maps covering where I live/ travel)
Flow 7 (My Data to (someone else’s) My Data) – An enhanced version of ‘peer to peer’ information sharing.
Flow 8 (My Data to Their Data) – The (currently) unlikely concept of the individual making their volunteered information available to/ through the data aggregators. Indeed we are already starting to see the plumbing for this new flow being put in place with the launch of the Acxiom Identity Card.
The implications of the above are enormous, my projection being that over time some 80% of customer management processes will be driven from ‘My Data’. I’m pretty confident about that, a) because we are already see-ing the beginning of the change in the current rush for ‘user generated content’ (VPI without the contract), and b) because the economics will stack up. Organisation need data to run their operations – they don’t really mind where it comes from. So, if a new source emerges that is richer, deeper, more accurate, less toxic – and all at lower cost than existing sources; then organisations will use this source.
It won’t happen overnight obviously; as mentioned above specific tools, processes and commercial approaches need to emerge before this information begins to flow – and even then the shift will be slow but steady, probably beginning with Buying Intention data as it is the most obvious entry point with enough impact to trigger the change. That said, the Mydex social enterprise already has a working proof of concept up and running showing much of the above working. A technical write up of the proof of concept build can be found here. And the market implications of this are explored in more detail in new research on the market value of VPI shortly to be published by Alan Mitchell at Ctrl-Shift.
The two hour session at the VRM workshop was barely enough to scratch the surface of the above issues, so the plan is to continue the dialogue and begin specifying the capabilities required in detail in the User Driven and Volunteered Personal Information (technology) workgroup at The Kantara Initiative. The workgroup charter can be found here. A parallel workgroup focused on business and policy aspects will also be launched in the next few weeks. Anyone wishing to get involved in the workgroup can sign up to the mailing list hereand we’ll get started with the work in the next couple of weeks.
This is how the Internet looks to the online advertising business today:
This is how they approach it:
And this is the result:
What’s wrong with this view, and this approach, is the architectural assumption that:
- We are consumers and nothing more. Fish in a bowl.
- The Net — and the Web especially — is a container.
- Advertisers have a right to target us in that container. And to track us so we can be targeted.
- Negative externalities, such as data pollution, don’t matter.
- This can all be rationalized as an economic necessity.
Yet here is what remains true, regardless of the prevailing assumptions of the marketing world:
- We are not fish. Rather, as Cluetrain put it (in 1999!), we are not seats or eyeballs or end users or consumers. we are human beings and our reach exceeds your grasp. deal with it.
- The Net was designed as a wide open space where all the intelligence that matters is at its ends, and each of us sits (stands, walks, drives) at one.
- Even if advertisers have a legal right to target us, their manners are terrible and doomed for correction.
- Negative externalities matter. A lot. As Fred said in his talk, we eventually dealt with the pollution caused by industry, and we’ll deal with it in the virutal world as well.
- The larger economic necessity is for a well-functioning marketplace. We’ll get that online once free customers prove more valuable than captive ones.
The key is to replicate online the experience of operating as a free and independent customer in the physical world.
For example, when you go into a store, your default state is anonymity. Unless you are already known by name to the people at the store, you are nameless by default. This is a civic grace. There is no need to know everybody by name, and to do so might actually slow things down and make the world strange and creepy. (Ask anybody who has lived in a surveillance state, such as East Germany before it fell, what it is like to be followed, or to know you might be followed, all the time.) We haven’t yet invented ways to be anonymous online, or to control one’s anonymity. But that’s a challenge, isn’t it? Meaning it is also a market opportunity.
We’ve lived in a fishbowl long enough. Time to get human. I guarantee there’s a lot more money coming from human beings than from fish whose only utterances are clicks.
Customer Commons is supporting, and board member, Mary Hodder, is hosting the Bay Area event. Additionally, there are NYC and London locations. Please join us if you are interested:
This is an unprecedented year documenting our loss of Privacy. Never before have we needed to stand up and team up to do something about it. In honour of Privacy Day, the Legal Hackers are leading the charge to do something about it, inspiring a two-day international Data Privacy Legal Hackathon. This is no ordinary event. Instead of talking about creating privacy tools in theory, the Data Privacy Legal Hackathon is about action! A call to action for tech & legal innovators who want to make a difference!
We are happy to announce a Data Privacy Legal Hackathon and invite the Kantara Community to get involved and participate. We are involved in not only hosting a Pre-Hackathon Project to create a Legal Map for consent laws across jurisdictions, but the CISWG will also be posting a project for the Consent Receipt Scenario that is posted in on the ISWG wiki.
The intention is to hack Open Notice with a Common Legal Map to create consent receipts that enable ‘customisers’ to control personal information If you would like to get involved in the hackathon, show your support, or help build the consent receipt infrastructure please get involved right away — you can get intouch with Mark (dot) Lizar (at)gmail (dot) com, Hodder (at) gmail (dot) com, or join the group pages that are in links below.
Across three locations on February 8th & 9th, 2014, get your Eventbrite Tickets Here:
This two-day event aims to mix the tech and legal scenes with people and companies that want to champion personal data privacy. Connecting entrepreneurs, developers, product makers, legal scholars, lawyers, and investors.
Each location will host a two-day “judged” hacking competition with a prize awarding finale, followed by an after-party to celebrate the event.
The Main Themes to The Hackathon Are:
- Crossing the Pond Hack
- Do Not Track Hack
- Surveillance & Anti-Surveillance
- Transparency Hacks
- Revenge Porn Hack
Prizes will be awarded:
- 1st Prize: $1,000
- 2nd Prize: $500
- 3rd Prize: $250
There are pre-hackathon projects and activities. Join the Hackerleague to participate in these efforts and list your hack:
- A Consent Legal Map & Schema Project to create a legal map of the consent laws as a legal hackers tool for the event and projects posted at the event (many volunteers needed)
- Brainstorming List of Hacks – Add your ideas
- Share Tech and Links Page – Share your Knowledge
- Hacks (Project) Page – Propose or Join a project
- IRC Channel for Discussion
Sponsorship Is Available & Needed
Any organization or company seeking to show active support for data privacy and privacy technologies is invited to get involved.
- Sponsor: prizes, food and event costs by becoming a Platinum, Gold or Silver Sponsor
- Participate: at the event by leading or joining a hack project
- Mentor: projects or topics that arise for teams, and share your expertise.
Contact NYC sponsorship: Phil Weiss email or @philwdjjd
Contact Bay Area sponsorship: Mary Hodder – Hodder (at) gmail (dot) com – Phone: 510 701 1975
Contact London sponsorship: Mark Lizar – Mark (dot) Lizar (at)gmail (dot) com – Phone: +44 02081237426 – @smarthart
We’re overdue an update on the Omie Project…., so here goes.
We at Customer Commons believe there is room/ need for a device that sits firmly on the side of the individual when it comes to their role as a customer or potential customer.
That can and will mean many things and iterations over time, but for now we’re focusing on getting a simple prototype up and running using existing freely available components that don’t lock us in to any specific avenues downstream.
Our role is demonstrate the art of the possible, catalyse the development project, and act to define what it means to ‘sit firmly on the side of the customer’.
For now, we’ve been working away behind the scenes, and now have a working prototype (Omie 0.2). But before getting into that, we should cover off the main questions that have come up around Omie since we first kicked off the project.
What defines an Omie?
At this stage we don’t propose to have a tight definition as the project could evolve in many directions; so our high level definition is that an Omie is ‘any physical device that Customer Commons licenses to use the name, and which therefore conforms to the ‘customer side’ requirements of Customer Commons.
Version 1.0 will be a ‘Customer Commons Omie’ branded white label Android tablet with specific modifications to the OS, an onboard Personal Cloud with related sync options, and a series of VRM/ Customer-related apps that leverage that Personal Cloud.
All components, wherever possible, will be open source and either built on open specs/ standards, or have created new ones. Our intention is not that Customer Commons becomes a hardware manufacturer and retailer; we see our role as being to catalyse a market in devices that enable people in their role of ‘customer’, and generate the win-wins that we believe this will produce. Anyone can then build an Omie, to the open specs and trust mechanisms.
What kind of apps can this first version run?
We see version 1 having 8 to 10 in-built apps that tackle different aspects of being a customer. The defining feature of all of these apps is that they all use the same Personal Cloud to underpin their data requirements rather than create their own internal database.
Beyond those initial apps, we have a long list of apps whose primary characteristic is that they could only run on a device over which the owner had full and transparent control.
We also envisage an Omie owner being able to load up any other technically compatible app to the device, subject to health warnings being presented around any areas that could breach the customer-side nature of the device.
How will this interact with my personal cloud?
As noted above, we will have one non-branded Personal Cloud in place to enable the prototyping work (on device and ‘in the cloud’), but we wish to work with existing or new Personal Cloud providers wishing to engage with the project to enable an Omie owner to sync their data to their branded Personal Clouds.
Where are we now with development?
We now have a version 0.2 prototype, some pics and details are below. We intend, at some point to run a Kickstarter or similar campaign to raise the funds required to bring a version 1.0 to market. As the project largely uses off the shelf components we see the amount required being around $300k. Meantime, the core team will keep nudging things forward.
How can I get involved?
We are aiming for a more public development path from version 0.3. We’re hoping to get the Omie web site up and running in the next few weeks, and will post details there.
Alternatively, if you want to speed things along, please donate to Customer Commons.
Below are a few pics from our 0.2 prototype.
Home Screen – Showing a secure OS, a working, local Personal Cloud syncing to ‘the cloud’ for many and varied wider uses. This one shows the VRM related apps, there is another set of apps underway around Quantified Self.
My Suppliers – Just as a CRM system begins with a list of customers, a VRM device will encompass a list of ‘my suppliers’ (and ‘my stuff’).
My Transactions – Another critical component, building my transaction history on my side.
Intent Casting/ Stroller for Twins – Building out Doc’s classic use case, real time, locally expressed intention to buy made available as a standard stream of permissioned data. Right now there are about 50 online sellers ‘listening’ for these intent casts, able to respond, and doing business; and 3 CRM systems.
So what have we learned in the build of version 0.2?
Firstly, that it feels really good to have a highly functional, local place for storing and using rich, deep personal information that is not dependent on anyone else or any service provider, and has no parts of it that are not substitutable.
Secondly, that without minimising the technical steps to take, the project is more about data management than anything else, and that we need to encourage a ‘race to the top’ in which organisations they deal with can make it easy for customers to move data backwards and forwards between the parties. Right now many organisations are stuck in a negative and defensive mind-set around receiving volunteered information from individuals, and very few are returning data to customers in modern, re-usable formats through automated means.
Lastly that the types of apps that emerge in this very different personal data eco-system are genuinely new functions not enabled by the current eco-system, and not just substitutes for those there already. For example, the ‘smart shopping cart’ in which a customer takes their requirements and preferences with them around the web is perfectly feasible when the device genuinely lives on the side of the customer.