Category: decentralized

Why personal agency matters more than personal data

Lately a lot of thought, work and advocacy has been going into valuing personal data as a fungible commodity: one that can be made scarce, bought, sold, traded and so on.  That’s all fine, but I also think it steers attention away from a far more important issue it would be best to solve first: personal agency.

I see two reasons why personal agency matters more than personal data.

The first reason is that we have far too little agency in the networked world, mostly because we settled, way back in 1995, on a model for websites called client-server, which should have been called calf-cow or slave-master, because we’re always the weaker party. Fortunately the Net’s and the Web’s base protocols remain mostly peer-to-peer, by design. We can still build on those. It’s early.

A critical start in that direction is making each of us the first party rather than the second when we deal with the sites, services, companies and apps of the world—and doing that at scale across all of them.

Think about how much more simple and sane it is for websites to accept our terms and our privacy policies, rather than to force each of us, all the time, to accept their terms, all expressed in their own different ways. (Because they are advised by different lawyers, equipped by different third parties, and generally confused anyway.)

Getting sites to agree to our own personal terms and policies is not a stretch, because that’s exactly what we have in the way we deal with each other in the physical world.

For example, the clothes that we wear are privacy technologies. We also have  norms that discourage others from, for example sticking their hands inside our clothes without permission.

The fact that adtech plants tracking beacons on our naked digital selves and tracks us like animals across the digital frontier may be a norm for now, but it is also morally wrong, massively rude and now illegal under the  GDPR.

We can easily create privacy tech, personal terms and personal privacy policies that are normative and scale for each of us across all the entities that deal with us. (This is what ProjectVRM’s nonprofit spin-off, Customer Commons is all about.)

Businesses can’t give us privacy if we’re always the second parties clicking “agree.” It doesn’t matter how well-meaning and GDPR-compliant those businesses are. Making people second parties is a design flaw in every standing “agreement” we “accept,” and we need to correct that.

The second reason agency matters more than data is that nearly the entire market for personal data today is adtech, and adtech is too dysfunctional, too corrupt, too drunk on the data it already has, and absolutely awful at doing what they’ve harvested that data for, which is so machines can guess at what we might want before they shoot “relevant” and “interest-based” ads at our tracked eyeballs.

Not only do tracking-based ads fail to convince us to do a damn thing 99.xx+% of the time, but we’re also not buying something most of the time as well.

As incentive alignments go, adtech’s failure to serve the actual interests of its targets verges on the absolute. (It’s no coincidence that more than a year ago, 1.7 billion people were already blocking ads online.)

And hell, what they do also isn’t really advertising, even though it’s called that. It’s direct marketing, which gives us junk mail and is the model for spam. (For more on this, see Separating Advertising’s Wheat and Chaff.)

Privacy is personal. That means privacy is an effect of personal agency, projected by personal tech and personal expressions of intent that others can respect without working at it. We have that in the offline world. We can have it in the online world too.

Privacy is not something given to us by companies or governments, no matter how well they do Privacy by Design or craft their privacy policies. It simply can’t work.

In the physical world we got privacy tech and norms before we got privacy law. In the networked world we got the law first. That’s why the GDPR has caused so much confusion. It’s the regulatory cart in front of the technology horse. In the absence of privacy tech, we also failed to get and the norms that would normally and naturally guide lawmaking.

So let’s get the tech horse back in front of the lawmaking cart. With the tech working, the market for personal data will be one we control.  For real.

If we don’t do that first, adtech will stay in contol. And we know how that movie goes, because it’s a horror show and we’re living in it now.

 

Our time has come

For the first time since we launched ProjectVRM, we have a wave we can ride to a shore.

That wave is the GDPR: Europe’s General Data Protection Regulation. Here’s how it looks to Google Trends:

It crests just eight days from now, on May 25th.

To prep for the GDPR (and to avoid its potentially massive fines), organizations everywhere are working like crazy to get ready, especially in Europe. (Note: the GDPR protects the privacy of EU citizens, and applies worldwide.)

Thanks to the GDPR, there’s a stink on surveillance capitalism, and companies everywhere that once feasted on big data are now going on starvation diets.

Here’s one measure of that wave: my post “GDPR will pop the adtech bubble” got more than 50,000 after it went up during the weekend, when it also hit #1 on Hacker News and Techmeme. And this Hacker News comment thread about the piece is more than 30,000 words long. So far.

The GDPR dominates all conversations here at KuppingerCole‘s EIC conference in Munich where my keynote Tuesday was titled How Customers Will Lead Companies to GDPR Compliance and Beyond. (The video is up, alas behind a registration wall. I’ll see if we can fix that.)

Ten years ago at this same conference, KuppingerCole gaveEIC award ProjectVRM an award (there on the right) that was way ahead of its time.

Back then we really thought the world was ready for tools that would make individuals both independent and better able to engage—and that these tools that would prove a thesis: that free customers are more valuable than captive ones.

But then social media happened, and platforms grew so big and powerful that it was hard to keep imagining a world online where each of us are truly free.

But we did more than imagine. We worked on customertech that would vastly increase personal agency for each of us, and turn the marketplace into a Marvel-like universe in which all of us are enhanced:

In this liberated marketplace, we would be able to

  1. Make companies agree to our terms, rather than the other way around.
  2. Control our own self-sovereign identities, and manage all the ways we are known to the administrative systems of the world. This means we will be able to —
  3. Get rid of logins and passwords, so we are simply known to others we grace with that privilege. Which we can also withdraw.
  4. Change our email or our home address in the records of every company we deal with, in one move.
  5. Pay what we want, where we want, for whatever we want, in our own ways.
  6. Call for service or support in one simple and straightforward way of our own, rather than in as many ways as there are 800 numbers to call and punch numbers into a phone before we wait on hold while bad music plays.
  7. Express loyalty in our own ways, which are genuine rather than coerced.
  8. Have an Internet of MY Things, which each of us controls for ourselves, and in which every thing we own has its own cloud, which we control as well.
  9. Own and control all our health and fitness records, and how others use them.
  10. Help companies by generously sharing helpful facts about how we use their products and services — but in our own ways, through standard tools that work the same for every company we deal with.
  11. Have wallets of our own, rather than only those provided by platforms.
  12. Have shopping carts of our own, which we could take from store to store and site to site online, rather than ones provided only by the stores themselves.
  13. Have real relationships with companies, based on open standards and code, rather than relationships trapped inside corporate silos.

We’ve done a lot of work on most of those things. (Follow the links.) Now we need to work together to bring attention and interest to all our projects by getting behind what Customer Commons, our first and only spin-off, is doing over the next nine days.

First is a campaign to make an annual celebration of the GDPR, calling May 25th #Privmas.

As part of that (same link), launching a movement to take control of personal privacy online by blocking third party cookies. Hashtag #NoMore3rds. Instructions are here, for six browsers. (It’s easy. I’ve been doing it for weeks on all mine, to no ill effects.)

This is in addition to work following our Hack Day at MIT several weeks ago. Stay tuned for more on that.

Meanwhile, all hands on deck. We need more action than discussion here. Let’s finish getting started making VRM work for the world.

How should customers look to business?

The world of business has a default symbol for customers: the ones they put on restroom doors.

Outside of those, there is no universal symbol for a customer.

When business talks to itself, it mostly uses generic cartoon images such as these (from a Bing search) and these (from a Google one):

I’m sure all of us identify more with the restroom symbols (and emojis) than we do with those things.

It’s interesting how, even though we comprise 100% of the marketplace, we remain a prevailing absence in nearly every business conference, business book and business school class.

The notion that customers can be independent and fully empowered agents of themselves, with scale across all the businesses they deal with, at best gets the intellectual treatment (seeing customers, for example, as “rational actors”).

At worst, customers are seen as creatures that go moo and squit money if they’re held captive and squeezed the right ways.  Listen to the talk. Typically customers are “targets” that businesses “acquire,” “manage,” “control” or “lock in” as if we are cattle or slaves.

Often customers are simply ignored.

One example that showed up today was this press release announcing “an innovative initiative focused on the overhaul of open account trade finance infrastructure.” It’s from R3, which makes Corda, a ” distributed ledger platform designed specifically for financial services,” and is “a joint undertaking between R3, TradeIX, and twelve financial institutions.” This network, says the release, will “improve access to open account trade for the global ecosystem of banks, buyers, suppliers, technology providers, insurers, and other parties, such as logistics companies, that are critical to facilitating global open account trade flows.”

Never mind that distributed ledgers have been hailed as the second coming (or even the first) of the customer-empowering peer-to-peer world. Instead note the absence of customers: people and institutions who entrust their money and assets to all the parties listed in that long sentence.

Our goal with ProjectVRM is to equip customers (not just “consumers,” or “end users”) to say We’re not just at the same table with you guys. We are that table. And we are much bigger and far more powerful than you can ever make us on your own.

In other words, our job here is to give customers superpowers.

There are lots of people arguing that more policy is the answer. But we already have the GDPR. Huge leverage there. Let’s use it to highlight how own customer-empowering solutions put the companies that serve us in compliance.

In the last post we named one. That and many other forms of #customertech will be featured at VRM Day and IIW, later this month at the Computer History Museum in Silicon Valley. Looking forward to seeing many of you there.

Let’s make customers powerful. Then it won’t matter how they look to business, other than real.

 

“Disruption” isn’t the whole VRM story

250px-mediatetrad-svg

The vast oeuvre of Marshall McLuhan contains a wonderful approach to understanding media called the tetrad (i.e. foursome) of media effects.  You can apply it to anything, from stone tools to robots. McLuhan unpacks it with four questions:

  1. What does the medium enhance?
  2. What does the medium make obsolete?
  3. What does the medium retrieve that had been obsolesced earlier?
  4. What does the medium reverse or flip into when pushed to extremes?

I suggest that VRM—

  1. Enhances CRM
  2. Obsoletes marketing guesswork, especially adtech
  3. Retrieves conversation
  4. Reverses or flips into the bazaar

Note that many answers are possible. That’s why McLuhan poses the tetrad as questions. Very clever and useful.

I bring this up for three reasons:

  1. The tetrad is also helpful for understanding every topic that starts with “disruption.” Because a new medium (or technology) does much more than just disrupt or obsolete an old one—yet not so much more that it can’t be understood inside a framework.
  2. The idea from the start with VRM has never been to disrupt or obsolete CRM, but rather to give it a hand to shake—and a way customers can pull it out of the morass of market-makers (especially adtech) that waste its time, talents and energies.
  3. After ten years of ProjectVRM, we still don’t have a single standardized base VRM medium (e.g. a protocol), even though we have by now hundreds of developers we call VRM in one way or another. Think of this missing medium as a single way, or set of ways, that VRM demand can interact with CRM supply, and give every customer scale across all the companies they deal with. We’ve needed that from the start. But perhaps, with this handy pedagogical tool, we can look thorugh one framework toward both the causes and effects of what we want to make happen.

I expect this framework to be useful at VRM Day (May 1 at the Computer History Museum) and at IIW on the three days that follow there.

Save

The distributed future is personal

The End of Cloud Computing, is a prophetic presentation by  Peter Levine, of Andreesen Horowitz, and required viewing by anyone interested in making the distributed future happen.

His key point: “We are returning to an edge-intelligence distributed computing model that’s absolutely thematic with the trends in computing moving from centralized out to distributed,” which he illustrates this way:

back-to-the-future

Later he adds, “We are absolutely going to return to a peer-to-peer computing model where the edge devices connect together creating a network of end point devices not unlike what we sort of saw in the original distributed computing model.” Here’s a graphic for that one:

sensor-data-explosion

I added the face in the middle, because the edge is individuals and not just the technology and data occupying their lives.

Joe Andrieu wrote about this a decade ago in his landmark post VRM: The user as point of integration.  An excerpt:

User Centrism as System Architecture

Doc Searls shared a story about his experience getting medical care while at Harvard recently. As a fellow at the Berkman center, he just gave them his Harvard ID card and was immediately ushered into a doctor’s office–minimal paperwork, maximal service. They even called him a cab to go to Mass General and gave him a voucher for the ride. At the hospital, they needed a bit more paperwork, but as everything was in order, they immediately fixed him up. It was excellent service.

But what Doc noticed was that at every point where some sort of paperwork was done, there were errors. His name was spelled wrong. They got the wrong birthdate. Wrong employer. Something. As he shuffled from Berkman to the clinic to the cabbie to the hospital to the pharmacy, a paper (and digital trail) followed him through archaic legacy systems with errors accumulating as he went. What became immediately clear to Doc was that for the files at the clinic, the voucher, the systems at the hospital, for all of these systems, he was the natural point of data integration… he was the only component gauranteed to contact each of these service providers. And yet, his physical person was essentially incidental to the entire data trail being created on his behalf.

User as Point of Integration

But what if those systems were replaced with a VRM approach? What if instead of individual, isolated IT departments and infrastructure, Doc, the user was the integrating agent in the system? That would not only assure that Doc had control over the propagation of his medical history, it would assure all of the service providers in the loop that, in fact, they had access to all of Doc’s medical history. All of his medications. All of his allergies. All of his past surgeries or treatments. His (potentially apocryphal) visits to new age homeopathic healers. His chiropractic treatments. His crazy new diet. All of these things could affect the judgment of the medical professionals charged with his care. And yet, trying to integrate all of those systems from the top down is not only a nightmare, it is a nightmare that apparently continues to fail despite massive federal efforts to re-invent medical care.

(See The Emergence of National Electronic Health Record Architectures in the United States and Australia: Models, Costs, and Questions and Difficulties Implementing an Electronic Medical Record for Diverse Healthcare Service Providers for excellent reviews of what is going on this area, both pro and con.)

Profoundly Different

Doc’s insight–and that of user-centric systems–isn’t new. What’s new is the possibility to utilize the user-centric Identity meta-system to securely and efficiently provide seamless access to user-managed data stores. With that critical piece coming into place, we have the opportunity to completely re-think what it means to build out our IT infrastructure.

Which brings us to Peter Levine’s final point, and slide:

entireworld-it

That world will be comprised of individuals operating with full agency, rather than as peripheral entities, and concerns, of centralized systems. Which is exactly what we’ve been fostering here at ProjectVRM from the start, ten years ago.

To obtain full agency, with control over the data and machine power suffusing our connected lives, we will need what’s been called first person or self-sovereign technologies. Not “personal power as a service” from some centralized system.

One immediate example is Adrian Gropper‘s Free Independent Health Records, which he’ll talk about on Thursday, January 26, at the Berkman Klein Center at Harvard University.  At that link: “Gropper’s research centers on self-sovereign technology for management of personal information both in control of the individual and as hosted or curated by others.”

For other efforts in the same direction, see our VRM Development Work page.

 

 

Save

Save

The new frontier for CRM is CDL: Customer Driven Leads

cdlfunnelImagine customers diving, on their own, straight down to the bottom of the sales funnel.

Actually, don’t imagine it. Welcome it, because it’s coming, in the form of leads that customers generate themselves, when they’re ready to buy something. Here in the VRM world we call this intentcasting. At the receiving end, in the  CRM world, they’re CDLs, or Customer Driven Leads.

Because CDLs come from fully interested customers with cash in hand, they’re worth more than MQLs (Marketing Qualified Leads) or  SQLs (Sales Qualifed Leads), both of which need to be baited with marketing into the sales funnel.

CDLs are also free.  When the customer is ready to buy, she signals the market with an intentcast that CRM systems can hear as a fresh CDL. When the CRM system replies, an exchange of data and permissions follows, with the customer taking the lead.

It’s a new dance, this one with the customer taking the lead. But it’s much more direct, efficient and friendly than the old dances in which customers were mere “targets” to be “acquired.”

The first protocol-based way to generate CDLs for CRM is described in At last, a protocol to connect VRM and CRM, posted here in August. It’s called JLINC. We’ll be demonstrating it working on a Salesforce system on VRM Day at the Computer History Museum in Silicon Valley, on Monday, October 24. VRM Day is free, but space is limited, so register soon, here.

We’ll also continue to work on CDL development  over the next three days in the same location, at the IIW, the Internet Identity Workshop. IIW is an unconference that’s entirely about getting stuff done. No keynotes, no panels. Just working sessions run by attendees. This next one will be our 23rd IIW since we started them in 2005. It remains, in my humble estimation, the most leveraged conference I know. (And I go to a lot of them, usually as a speaker.)

As an additional temptation, we’re offering a 25% discount on IIW to the next 20 people who register for VRM Day. (And it you’ve already reigstered, talk to me.)

Iain Henderson, who works with JLINC Labs, will demo CDLs on Salesforce. We also invite all the other CRM companies—IBM, Microsoft Dynamics, SAP, SugarCRM… you know who you are—to show up and participate as well. All CRM systems are programmable. And the level of programming required to hear intentcasts is simple and easy.

See you there!

 

Save

VRM at MyData2016

mydata2016-image

As it happens I’m in Helsinki right now, for MyData2016, where I’ll be speaking on Thursday morning. My topic: The Power of the Individual. There is also a hackathon (led by DataBusiness.fi) going on during the show, starting at 4pm (local time) today. In no order of priority, here are just some of the subjects and players I’ll be dealing with,  talking to, and talking up (much as I can):

Please let me know what others belong on this list. And see you at the show.

Save

The Castle Doctrine

home castle

The Castle doctrine has been around a long time. Cicero (106–43 BCE) wrote, “What more sacred, what more strongly guarded by every holy feeling, than a man’s own home?” In Book 4, Chapter 16 of his Commentaries on the Laws of England, William Blackstone (1723–1780 CE) added, “And the law of England has so particular and tender a regard to the immunity of a man’s house, that it stiles it his castle, and will never suffer it to be violated with impunity: agreeing herein with the sentiments of ancient Rome…”

Since you’re reading this online, let me ask, what’s your house here? What sacred space do you strongly guard, and never suffer to be violated with impunity?

At the very least, it should be your browser.

But, unless you’re running tracking protection in the browser you’re using right now, companies you’ve never heard of (and some you have) are watching you read this, and eager to use or sell personal data about you, so you can be delivered the human behavior hack called “interest based advertising.”

Shoshana Zuboff, of Harvard Business School, has a term for this:surveillance capitalism, defined as “a wholly new subspecies of capitalism in which profits derive from the unilateral surveillance and modification of human behavior.”

Almost across the board, advertising-supported publishers have handed their business over to adtech, the surveillance-based (they call it “interactive”) wing of advertising. Adtech doesn’t see your browser as a sacred personal space, but instead as a shopping cart with ad space that you push around from site to site.

So here is a helpful fact: we don’t go anywhere when we use our browsers. Our browser homes are in our computers, laptops and mobile devices. When we “visit” a web page or site with our browsers, we actually just request its contents (using the hypertext protocol called http or https).

In no case do we consciously ask to be spied on, or abused by content we didn’t ask for or expect. That’s why we have every right to field-strip out anything we don’t want when it arrives at our browsers’ doors.

The castle doctrine is what hundreds of millions of us practice when we use tracking protection and ad blockers. It is what called the new Brave browser into the marketplace. It’s why Mozilla has been cranking up privacy protections with every new version of Firefox . It’s why Apple’s new content blocking feature treats adtech the way chemo treats cancer. It’s why respectful publishers will comply with CHEDDAR. It’s why Customer Commons is becoming the place to choose No Trespassing signs potential intruders will obey. And it’s why #NoStalking is a good deal for publishers.

The job of every entity I named in the last paragraph — and every other one in a position to improve personal privacy online — is to bring as much respect to the castle doctrine in the virtual world as we’ve had in the physical one for more than two thousand years.

It should help to remember that it’s still early. We’ve only had commercial activity on the Internet since April 1995. But we’ve also waited long enough. Let’s finish making our homes online the safe places they should have been in the first place.

 

IoT & IoM next week at IIW

blockchain1

(This post was updated and given a new headline on 20 April 2016.)

In  The Compuserve of Things, Phil Windley issues this call to action:

On the Net today we face a choice between freedom and captivity, independence and dependence. How we build the Internet of Things has far-reaching consequences for the humans who will use—or be used by—it. Will we push forward, connecting things using forests of silos that are reminiscent the online services of the 1980’s, or will we learn the lessons of the Internet and build a true Internet of Things?

In other words, an Internet of Me (#IoM) and My Things. Meaning things we own that belong to us, under our control, and not puppeted by giant companies using them to snarf up data about our lives. Which is the  #IoT status quo today.

A great place to work on that is  IIW— the Internet Identity Workshop , which takes place next Tuesday-Thursday, April 26-28,  at the Computer History Museum in Silicon Valley. Phil and I co-organize it with Kaliya Hamlin.

To be discussed, among other things, is personal privacy, secured in distributed and crypto-secured sovereign personal spaces on your personal devices. Possibly using blockchains, or approaches like it.

So here is a list of some topics, code bases and approaches I’d love to see pushed forward at IIW:

  • OneName is “blockchain identity.”
  • Blockstack is a “decentralized DNS for blockchain applications” that “gives you fast, secure, and easy-to-use DNS, PKI, and identity management on the blockchain.” More: “When you run a Blockstack node, you join this network, which is more secure by design than traditional DNS systems and identity systems. This  is because the system’s registry and its records are secured by an underlying blockchain, which is extremely resilient against tampering and control. In the registry that makes up Blockstack, each of the names has an owner, represented by a cryptographic keypair, and is associated with instructions for how DNS resolvers and other software should resolve the name.” Here’s the academic paper explaining it.
  • The Blockstack Community is “a group of blockchain companies and nonprofits coming together to define and develop a set of software protocols and tools to serve as a common backend for blockchain-powered decentralized applications.” Pull quote: “For example, a developer could use Blockstack to develop a new web architecture which uses Blockstack to host and name websites, decentralizing web publishing and circumventing the traditional DNS and web hosting systems. Similarly, an application could be developed which uses Blockstack to host media files and provide a way to tag them with attribution information so they’re easy to find and link together, creating a decentralized alternative to popular video streaming or image sharing websites. These examples help to demonstrate the powerful potential of Blockstack to fundamentally change the way modern applications are built by removing the need for a “trusted third party” to host applications, and by giving users more control.” More here.
  • IPFS (short for InterPlanetary File System) is a “peer to peer hypermedia protocol” that “enables the creation of completely distributed applications.”
  • OpenBazaar is “an open peer to peer marketplace.” How it works: “you download and install a program on your computer that directly connects you to other people looking to buy and sell goods and services with you.” More here and here.
  • Mediachain, from Mine, has this goal: “to unbundle identity & distribution.” More here and here.
  • telehash is “a lightweight interoperable protocol with strong encryption to enable mesh networking across multiple transports and platforms,” from @Jeremie Miller and other friends who gave us jabber/xmpp.
  • Etherium is “a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.”
  • Keybase is a way to “get a public key, safely, starting just with someone’s social media username(s).”
  • ____________ (your project here — tell me by mail or in the comments and I’ll add it)

In tweet-speak, that would be @BlockstackOrg, @IPFS, @OpenBazaar, @OneName, @Telehash, @Mine_Labs #Mediachain, and @IBMIVB #ADEPT

On the big company side, dig what IBM’s Institute for Business Value  is doing with “empowering the edge.” While you’re there, download Empowering the edge: Practical insights on a decentralized Internet of Things. Also go to Device Democracy: Saving the Future of the Internet of Things — and then download the paper by the same name, which includes this graphic here:

ibm-pyramid

Put personal autonomy in that top triangle and you’ll have a fine model for VRM development as well. (It’s also nice to see Why we need first person technologies on the Net , published here in 2014, sourced in that same paper.)

Ideally, we would have people from all the projects above at IIW. For those not already familiar with it, IIW is a three-day unconference, meaning it’s all breakouts, with topics chosen by participants, entirely for the purpose of getting like-minded do-ers together to move their work forward. IIW has been doing that for many causes and projects since the first one, in 2005.

Register for IIW here: https://iiw22.eventbrite.com/.

Also register, if you can, for VRM Day: https://vrmday2016a.eventbrite.com/. That’s when we prep for the next three days at IIW. The main focus for this VRM Day is here.

Bonus link: David Siegel‘s Decentralization.

 

 

 

© 2018 ProjectVRM

Theme by Anders NorenUp ↑