Category: Personal (page 1 of 2)

We’re done with Phase One

Here’s a picture that’s worth more than a thousand words:

maif-vrm

He’s with MAIF, the French insurance company, speaking at MyData 2016 in Helsinki, a little over a month ago. Here’s another:

sean-vrm

That’s Sean Bohan, head of our steering committee, expanding on what many people at the conference already knew.

I was there too, giving the morning keynote on Day 2:

cupfu1hxeaa4thh

It was an entirely new talk. Pretty good one too, especially since  I came up with it the night before.

See, by the end of Day 1, it was clear that pretty much everybody at the conference already knew how market power was shifting from centralized industries to distributed individuals and groups (including many inside centralized industries). It was also clear that most of the hundreds of people at the conference were also familiar with VRM as a market category. I didn’t need to talk about that stuff any more. At least not in Europe, where most of the VRM action is.

So, after a very long journey, we’re finally getting started.

In my own case, the journey began when I saw the Internet coming, back in the ’80s.  It was clear to me that the Net would change the world radically, once it allowed commercial activity to flow over its pipes. That floodgate opened on April 30, 1995. Not long after that, I joined the fray as an editor for Linux Journal (where I still am, by the way, more than 20 years later). Then, in 1999, I co-wrote The Cluetrain Manifesto, which delivered this “one clue” above its list of 95 Theses:

not

And then, one decade ago last month, I started ProjectVRM, because that clue wasn’t yet true. Our reach did not exceed the grasp of marketers in the world. If anything, the Net extended marketers’ grasp a lot more than it did ours. (Shoshana Zuboff says their grasp has metastacized into surveillance capitalism. ) In respect to Gibson’s Law, Cluetrain proclaimed an arrived future that was not yet distributed. Our job was to distribute it.

Which we have. And we can start to see results such as those above. So let’s call Phase One a done thing. And start thinking about Phase Two, whatever it will be.

To get that work rolling, here are a few summary facts about ProjectVRM and related efforts.

First, the project itself could hardly be more lightweight, at least administratively. It consists of:

Second, we have a spin-off: Customer Commons, which will do for personal terms of engagement (one each of us can assert online) what Creative Commons (another Berkman-Klein spinoff) did for copyright.

Third, we have a list of many dozens of developers, which seem to be concentrated in Europe and Australia/New Zealand.  Two reasons for that, both speculative:

  1. Privacy. The concept is much more highly sensitive and evolved in Europe than in the U.S. The reason we most often get goes, “Some of our governments once kept detailed records of people, and those records were used to track down and kill many of them.” There are also more evolved laws respecting privacy. In Australia there have been privacy laws for several years requiring those collecting data about individuals to make it available to them, in forms the individual specifies. And in Europe there is the General Data Protection Regulation, which will impose severe penalties for unwelcome data gathering from individuals, starting in 2018.
  2. Enlightened investment. Meaning investors who want a startup to make a positive difference in the world, and not just give them a unicorn to ride out some exit. (Which seems to have become the default model in the U.S., especially Silicon Valley.)

What we lack is research. And by we I mean the world, and not just ProjectVRM.

Research is normally the first duty of a project at the Berkman Klein Center, which is chartered as a research organization. Research was ProjectVRM’s last duty, however, because we had nothing to research at first. Or, frankly, until now. That’s why we were defined as a development & research project rather than the reverse.

Where and how research on VRM and related efforts happens is a wide open question. What matters is that it needs to be done, starting soon, while the “before” state still prevails in most of the world, and the future is still on its way in delivery trucks. Who does that research matters far less than the research itself.

So we are poised at a transitional point now. Let the conversations about Phase Two commence.

 

 

 

Save

Save

Save

Save

Save

Save

Save

VRM at MyData2016

mydata2016-image

As it happens I’m in Helsinki right now, for MyData2016, where I’ll be speaking on Thursday morning. My topic: The Power of the Individual. There is also a hackathon (led by DataBusiness.fi) going on during the show, starting at 4pm (local time) today. In no order of priority, here are just some of the subjects and players I’ll be dealing with,  talking to, and talking up (much as I can):

Please let me know what others belong on this list. And see you at the show.

Save

If it weren’t for retargeting, we might not have ad blocking

jblflip2This is a shopping vs. advertising story that starts with the JBP Flip 2 portable speaker I bought last year, when Radio Shack was going bankrupt and unloading gear in “Everything Must Go!” sales. I got it half-off for $50, choosing it over competing units on the same half-bare shelves, mostly because of the JBL name, which I’ve respected for decades. Before that I’d never even listened to one.

The battery life wasn’t great, but the sound it produced was much better than anything my laptop, phone or tablet put out. It was also small, about the size of a  beer can, so I could easily take it with me on the road. Which I did. A lot.

Alas, like too many other small devices, the Flip 2’s power jack was USB micro-b. That’s the tiny flat one that all but requires a magnifying glass to see which side is up, and tends to damage the socket if you don’t slip it in exactly right, or if you force it somehow. While micro-b jacks are all design-flawed that way, the one in my Flip 2 was so awful that it took great concentration to make sure the plug jacked in without buggering the socket.

Which happened anyway. One day, at an AirBnB in Maine, the Flip 2’s USB socket finally failed. The charger cable would fit into the socket, but the socket was loose, and the speaker wouldn’t take a charge. After efforts at resuscitation failed, I declared the Flip 2 dead.

But I was still open to buying another one. So, to replace it, I did what most of us do: I went to Amazon. Naturally, there were plenty of choices, including JBL Flip 2s and newer Flip 3s, at attractive prices. But Consumer Reports told me the best of the bunch was the Bose Soundlink Color, for $116.

So I bought a white Bose, because my wife liked that better than the red JBL.

The Bose filled Consumer Reports’ promise. While it isn’t stereo, it sounds much better than the JBL (voice quality and bass notes are remarkable). It’s also about the same size (though with a boxy rather than a cylindrical shape), has better battery life, and a better user interface. I hate that it  charges through a micro-b jack, but at least this one is easier to plug and unplug than the Flip 2 had been. So that story had a happy beginning, at least for me and Bose.

It was not happy, however, for me and Amazon.

Remember when Amazon product pages were no longer than they needed to be? Those days are gone. Now pages for every product seem to get longer and longer, and can take forever to load. Worse, Amazon’s index page is now encrusted with promotional jive. Seems like nearly everything “above the fold” (before you scroll down) is now a promo for Amazon Fashion, the latest Kindle, Amazon Prime, or the company credit card—plus rows of stuff “inspired by your shopping trends” and “related to items you’ve viewed.”

But at least that stuff risks being useful. What happens when you leave the site, however, isn’t. That’s because, unless you’re running an ad blocker or tracking protection, Amazon ads for stuff you just viewed, or put in your shopping cart, follow you from one ad-supported site to another, barking at you like a crazed dog. For example:

amazon1

I lost count of how many times, and in how many places, I saw this Amazon ad, or one like it, for one speaker, the other, or both, after I finished shopping and put the Bose speaker in my cart.

Why would Amazon advertise something at me that I’ve already bought, along with a competing product I obviously chose not to buy? Why would Amazon think it’s okay to follow me around when I’m not in their store? And why would they think that kind of harassment is required, or even okay, especially when the target has been a devoted customer for more than two decades, and sure to return and buy all kinds of stuff anyway?  Jeez, they have my business!

And why would they go out of their way to appear both stupid and robotic?

The answers, whatever they are, are sure to be both fully rationalized and psychotic, meaning disconnected from reality, which is the marketplace where real customers live, and get pissed off.

And Amazon is hardly alone at this. In fact the practice is so common that it became an Onion story in October 2018: Woman Stalked Across 8 Websites By Obsessed Shoe Advertisement.

The ad industry’s calls this kind of stalking “retargeting,” and it is the most obvious evidence that we are being tracked on the Net. The manners behind this are completely at odds with those in the physical world, where no store would place a tracking beacon on your body and use it to follow you everywhere you go after you leave. But doing exactly that is pro forma for marketing in the digital world.

When you click on that little triangular symbol in the corner of the ad, you can see how the “interactive” wing of the advertising business, generally called adtech, rationalizes surveillance:

adchoices1The program is called AdChoices, and it’s a creation of those entities in the lower right corner. The delusional conceits behind AdChoices are many:

  1. That Ad Choices is “yours.” It’s not. It’s theirs.
  2. That “right ads” exist, and that we want them to find us, at all times.
  3. That making the choices they provide actually gives us control of advertising online.
  4. That our personal agency—the power to act with full effect in the world—is a grace of marketers, and not of our own independent selves.

Not long after I did that little bit of shopping on Amazon, I also did a friend the favor of looking for clothes washers, since the one in her basement crapped out and she’s one of those few people who don’t use the Internet and never will. Again I consulted Consumer Reports, which recommended a certain LG washer in my friend’s price range. I looked for it on the Web and found the best price was at Home Depot. So I told her about it, and that was that.

For me that should have been the end of it. But it wasn’t, because now I was being followed by Home Depot ads for the same LG washer and other products I wasn’t going to buy, from Home Depot or anybody else. Here’s one:

homedepot1

Needless to say, this didn’t endear me to Home Depot, to LG, or to any of the sites where I got hit with these ads.

All these parties failed not only in their mission to sell me something, but to enhance their own brands. Instead they subtracted value for everybody in the supply chain of unwelcome tracking and unwanted message targeting. They also explain (as Don Marti does here) why ad blocking has grown exactly in pace with growth in retargeting.

I subjected myself to all this by experimentally turning off tracking protection and ad blockers on one of my browsers, so I could see how the commercial Web works for the shrinking percentage of people who don’t protect themselves from this kind of abuse. I do a lot of that, as part of my work with ProjectVRM. I also experiment a lot with different kinds of tracking protection and ad blocking, because the developers of those tools are encouraged by that same work here.

For those new to the project, VRM stands for Vendor Relationship Management, the customer-side counterpart of Customer Relationship Management, the many-$billion business by which companies manage their dealings with customers—or try to.

Our purpose with ProjectVRM is to encourage development of tools that give us both independence from the companies we engage with, and better ways of engaging than CRM alone provides: ways of engaging that we own, and are under our control. And relate to the CRM systems of the world as well. Our goal is VRM+CRM, not VRM vs. CRM.

Ad blocking and tracking protection are today at the leading edge of VRM development, because they are popular and give us independence. Engagement, however, isn’t here yet—at least not at the same level of popularity. And it probably won’t get here until we finish curing business of the brain cancer that adtech has become.

Save

Save

IoT & IoM next week at IIW

blockchain1

(This post was updated and given a new headline on 20 April 2016.)

In  The Compuserve of Things, Phil Windley issues this call to action:

On the Net today we face a choice between freedom and captivity, independence and dependence. How we build the Internet of Things has far-reaching consequences for the humans who will use—or be used by—it. Will we push forward, connecting things using forests of silos that are reminiscent the online services of the 1980’s, or will we learn the lessons of the Internet and build a true Internet of Things?

In other words, an Internet of Me (#IoM) and My Things. Meaning things we own that belong to us, under our control, and not puppeted by giant companies using them to snarf up data about our lives. Which is the  #IoT status quo today.

A great place to work on that is  IIW— the Internet Identity Workshop , which takes place next Tuesday-Thursday, April 26-28,  at the Computer History Museum in Silicon Valley. Phil and I co-organize it with Kaliya Hamlin.

To be discussed, among other things, is personal privacy, secured in distributed and crypto-secured sovereign personal spaces on your personal devices. Possibly using blockchains, or approaches like it.

So here is a list of some topics, code bases and approaches I’d love to see pushed forward at IIW:

  • OneName is “blockchain identity.”
  • Blockstack is a “decentralized DNS for blockchain applications” that “gives you fast, secure, and easy-to-use DNS, PKI, and identity management on the blockchain.” More: “When you run a Blockstack node, you join this network, which is more secure by design than traditional DNS systems and identity systems. This  is because the system’s registry and its records are secured by an underlying blockchain, which is extremely resilient against tampering and control. In the registry that makes up Blockstack, each of the names has an owner, represented by a cryptographic keypair, and is associated with instructions for how DNS resolvers and other software should resolve the name.” Here’s the academic paper explaining it.
  • The Blockstack Community is “a group of blockchain companies and nonprofits coming together to define and develop a set of software protocols and tools to serve as a common backend for blockchain-powered decentralized applications.” Pull quote: “For example, a developer could use Blockstack to develop a new web architecture which uses Blockstack to host and name websites, decentralizing web publishing and circumventing the traditional DNS and web hosting systems. Similarly, an application could be developed which uses Blockstack to host media files and provide a way to tag them with attribution information so they’re easy to find and link together, creating a decentralized alternative to popular video streaming or image sharing websites. These examples help to demonstrate the powerful potential of Blockstack to fundamentally change the way modern applications are built by removing the need for a “trusted third party” to host applications, and by giving users more control.” More here.
  • IPFS (short for InterPlanetary File System) is a “peer to peer hypermedia protocol” that “enables the creation of completely distributed applications.”
  • OpenBazaar is “an open peer to peer marketplace.” How it works: “you download and install a program on your computer that directly connects you to other people looking to buy and sell goods and services with you.” More here and here.
  • Mediachain, from Mine, has this goal: “to unbundle identity & distribution.” More here and here.
  • telehash is “a lightweight interoperable protocol with strong encryption to enable mesh networking across multiple transports and platforms,” from @Jeremie Miller and other friends who gave us jabber/xmpp.
  • Etherium is “a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.”
  • Keybase is a way to “get a public key, safely, starting just with someone’s social media username(s).”
  • ____________ (your project here — tell me by mail or in the comments and I’ll add it)

In tweet-speak, that would be @BlockstackOrg, @IPFS, @OpenBazaar, @OneName, @Telehash, @Mine_Labs #Mediachain, and @IBMIVB #ADEPT

On the big company side, dig what IBM’s Institute for Business Value  is doing with “empowering the edge.” While you’re there, download Empowering the edge: Practical insights on a decentralized Internet of Things. Also go to Device Democracy: Saving the Future of the Internet of Things — and then download the paper by the same name, which includes this graphic here:

ibm-pyramid

Put personal autonomy in that top triangle and you’ll have a fine model for VRM development as well. (It’s also nice to see Why we need first person technologies on the Net , published here in 2014, sourced in that same paper.)

Ideally, we would have people from all the projects above at IIW. For those not already familiar with it, IIW is a three-day unconference, meaning it’s all breakouts, with topics chosen by participants, entirely for the purpose of getting like-minded do-ers together to move their work forward. IIW has been doing that for many causes and projects since the first one, in 2005.

Register for IIW here: https://iiw22.eventbrite.com/.

Also register, if you can, for VRM Day: https://vrmday2016a.eventbrite.com/. That’s when we prep for the next three days at IIW. The main focus for this VRM Day is here.

Bonus link: David Siegel‘s Decentralization.

 

 

 

Privacy isn’t about secrecy and freedom isn’t about license. Both are about agency.

Agency is the power to act with effect in the world. We have agency when we type on a keyboard, hammer a nail, ride a horse or drive a car.  Here’s a dictionary definition:

a·gen·cy (ā′jən-sē)
noun.

  1. The condition of being in action; operation.
  2. The means or mode of acting; instrumentality.

It is derived from agere: Latin for to do.

We are built to do a lot: with our brains, our opposable thumbs, our lack of fur, our capacity to sweat and to learn — and our strange ability to walk or run on two feet instead of four (almost ceaselessly, at least when we are young and fit) — we can do an amazing variety of things with our bodies.

For what we can’t do, we invent tools and machines. These extend our agency outward through technology. A hammer becomes another length of arm. With one in our hand, we have the power to drive nails with a metal fist. A car gives us an engine and wheels, so we can zoom down roads at dozens of miles (or kilometers) per hour. A plane gives us engines and wings, so we can fly far and high.  Each expands our agency to distant horizons of effect and experience in the world.

Infrastructure and services expand what each and all of us can do as well. But at the base of human capacity is the individual’s ability to do stuff in the world. Or, in a word, agency.

Which brings me to the second world we built alongside the physical one we all share. That second world is the Internet: a Giant Zero shaped by an oddly simple protocol: TCP/IP. Never mind how it works. Just note what it does: reduce to zero the functional distance between everything and everybody on it. Also the cost.

As a way to expand human agency, the Internet has no rivals. It gives all our voices, all our ideas, all our actions, worldwide scale. Any of us can speak, write, publish and much more, across any distance, at levels of inconvenience and cost that veer toward zero.

And we’ve been doing that, routinely, ever since the Internet assumed its current form. (That happened in April 1995, when the NSFnet‘s backbone — one network within the Internet — was decommissioned and commercial activity, which the NSFnet forbade, could begin to flourish across the whole Net.)

The Net has an end-to-end architecture. Every body and every thing is an end point, and the Net’s protocol does its best to move data between any and all of those. This is what Paul Baran, one of the Net’s fathers, described as a distributed design, rather than a centralized or decentralized one. Here is how he illustrated the difference, way back in 1962:

Paul Baran, On Distributed Communications Networks, 1962

And that became the Net’s basic design. Or at least its ideal.

Yet, for the sake of convenience — especially in the early days of the Net, when most of us were still on dial-up — we defaulted to a client-server architecture for deploying servers and services. With client-server, each server is a central point, which makes the Net, in a practical sense, a decentralized thing, rather than a distributed one.

And yet the distributed nature of the Net persists, grounding our agency in the world it defines.

Conflicts between centralized, decentralized and distributed capacities on the Net — and uneven development of tools and services enlarging our agency — are behind many of our crises on the Net today.

Take privacy for example. It’s a huge issue. Survey after survey (e.g. from Pew, TRUSTe and Customer Commons) say that 90% and more of us are concerned about personal privacy on the Net, don’t trust many service providers, or lie and hide to obscure personal identity. Advertising and tracking blockers are the most popular browser extensions, and with good reason: we are still naked on the Net.

That’s because the Net, like nature in the physical world, doesn’t come with privacy installed. We have to make it for ourselves. In the physical world we did it by inventing clothing and shelter. In the virtual world we still don’t have either. Tracking blockers are fig leaves at best. They also all work differently. We are still in early times.

Since we have no privacy yet (other than by staying off the Net, or by isolating ourselves on it by declining to accept cookies and staying away from services such as Google’s and Facebook’s), we tend to think about privacy in terms of secrets: things we don’t want others to know about us. But think instead about what we do to create privacy in the physical world, with clothing and shelter. Both do more than cover our bodies and and our lives. We express both. We also express with them. Our clothing and shelter send signals about ourselves. They speak of our tastes, our gender, our status, our memberships. Most of these speakings are subtle, but many are not. What matters is that they all valve our exposure to others. Buttons and zippers on our clothes speak of what can, can’t and shouldn’t be opened by others, without permission. Doors, shades and shutters on our homes do the same.

All of those things facilitate our agency. We need the same in the networked world.

The main difference is that we’ve had thousands of years to work them out in the physical world, and just twenty in the networked one. In the history of civilization, and even of business, this is close to nothing. We’re barely started.

There will, inevitably, emerge a symbiosis between centralized, decentralized and distributed capacities. Brian Behlendorf uses the term “minimum viable centralization” to label what we’re looking for here. Meanwhile we have maximum viable centralization on a network that is also distributed by design. Just like the humans on it.

We are seeing today a collapse of intermediary institutions. Publishing (e.g. blogs) Hospitality (e.g. Airbnb), dispatch (e.g. Uber), broadcast (e.g. Meerkat and Periscope) and payments (e.g.  Bitcoin) come quickly to mind, and many more are coming along. Yet through all of those there must remain some degree of trust in the graces that institutions — governments and companies — alone can provide. How can their minimum viable agencies help us enlarge our own? That’s the main challenge for the coming years.

The question we need to ask, as we address that challenge through VRM, is this: What is best done by the individual, and what is best done by the institution — and how an the two work together?

To answer that, agency must be key. Without it we’ll only get more centralized BS to distrust.

 

 

 

First we take Oz

Sydneydoc 017-018_combined_medAustralia’s privacy principles are among the few in the world that require organizations to give individuals personal information gathered about them.* This opens the path to proving that we can do more with our own data than anybody else can.

Estimating the size of the personal data management business is like figuring the size of the market for talking or driving. (Note: we can also do more with those than companies can.)

Starting us down this path is  Ben Grubb (@BenGrubb) of the Sydney Morning Herald. Ben requested personal data held by the Australian telco giant Telstra, and found himself in a big fightwhich he won. (Here’s the decision. Telstra is appealing, but they’re still gonna lose.)

Bravo to Ben — not just for whupping a giant, but for showing a path forward for individual empowerment in the marketplace. Thanks to Australia’s privacy principles, and Ben’s illustrative case, the yellow brick road to the VRM future is widest in Oz.

Here (and in New Zealand) we not only have lots of VRM developers (Flamingo, Fourth Party, Geddup, Meeco, MyWave, OneExus, Welcomer and others I’ll insulting by not listing yet), but legal easement toward proving that individuals can do the more with their own data than can the companies that follow us. And proving as well that individuals managing their own data will be good for those companies as well. The data they get will be richer, more accurate,  more contextual, and more useful.

This challenge is not new. It’s as old as our species. The biggest tech revolutions have always been inventions individuals could put to the best use:

  • Stone tools
  • Weaving
  • Smithing
  • Musical instruments
  • Hand-held hunting and fighting tools
  • Automobiles
  • PCs
  • The Internet (which is a node-to-node invention, not an advanced phone or cable company, even though we pay those things for access to it)
  • Mobile phones and tablets
  • Movable type (which would be nowhere without individual authors — and writing tools in the hands of those authors)

There should be symbiosis here. There are things big organizations do best, and things individuals do best. And much that both do best when they work together.

Look at cars, which are a VRM technology: we use them to get around the marketplace, and to help us do business with many companies. They give us ways to be both independent and engaging. But companies don’t drive them. We do. Companies provide parking lots, garages, drive-up windows and other conveniences for drivers. Symbiosis.

So, while Telstra is great at building and managing communication infrastructure and services, its customers will be great at doing useful stuff with the kind of data Ben requested, such as locations, calls and texts — especially after customers get easy-to-use tools and services that help them work as points of integration for their own data, and managers of what gets done with it. There are many VRM developers working toward that purpose, around the world, And many more that will come once they smell the opportunities.

These opportunities are only apparent when you look at the market through your own eyes as a sovereign human being. The same opportunities are mostly invisible when you look at the market from the eye at the top of the industrial pyramid.

Bonus links:


* My understanding is that privacy principles such as the OECD’s and Ontario’s provide guidance but not the full force of law, or means of enforcement. Australia’s differ because they have teeth. See the Determination on page 36 of the Privacy Commissioner’s investigation and decision. Canada’s also has teeth. See the list of orders issued in Ontario. If there are other examples of decisions like this one, anywhere in the world, please let us know.

Preparing for the 3D/VR future

Look in the direction that meerkatMeerkat and periscopeappPeriscope both point.

If you’ve witnessed the output of either, several things become clear about their evolutionary path:

  1. Stereo sound is coming. So is binaural sound, with its you-are-there qualities.
  2. 3D will come too, of course, especially as mobile devices start to include two microphones and two cameras.
  3. The end state of both those developments is VR, or virtual reality. At least on the receiving end.

The production end is a different animal. Or herd of animals, eventually. Expect professional gear from all the usual sources, showing up at CES starting next year and on store shelves shortly thereafter. Walking around like a dork holding a mobile in front of you will look in 2018 like holding a dial-phone handset to your head looks today.

I expect the most handy way to produce 3D and VR streams will be with  glasses like these:

srlzglasses

(That’s my placeholder design, which is in the public domain. That’s so it has no IP drag, other than whatever submarine patents already exist, and I am sure there are some.)

Now pause to dig @ctrlzee‘s Fast Company report on Facebook’s 10-year plan to trap us inside The Matrix. How long before Facebook buys Meerkat and builds it into Occulus Rift? Or buys Twitter, just to get Periscope and do the same?

Whatever else happens, the rights clearing question gets very personal. Do you want to be broadcast and/or recorded by others or not? What are the social and device protocols for that? (The VRM dev community has designed one for the glasses above. See the ⊂ ⊃ in the glasses? That’s one. Each corner light is another.)

We should start zero-basing the answers today, while the inevitable is in sight but isn’t here yet. Empathy is the first requirement. (Take the time to dig Dave Winer’s 12-minute podcast on the topic. It matters.) Getting permission is another.

As for the relevance of standing law, almost none of it applies at the technical level. Simply put, all copyright laws were created in times when digital life was unimaginable (e.g. Stature of Anne, ASCAP), barely known (Act of 1976), or highly feared (WIPO, CTEA, DMCA).

How would we write new laws for an age that has barely started? Or why start with laws at all? (Nearly all regulation protects yesterday from last Thursday. And too often its crafted by know-nothings.)

We’ve only been living the networked life since graphical browsers and ISPs arrived in the mid-90’s. Meanwhile we’ve had thousands of years to develop civilization in the physical world. Which means that, relatively speaking, networked life is Eden. It’s brand new here, and we’re all naked. That’s why it’s so easy anybody to see everything about us online.

How will we create the digital equivalents of the privacy technologies we call clothing and shelter? Is the first answer a technical one, a policy one, or both? Which should come first? (In Europe and Australia, policy already has.)

Protecting the need for artists to make money is part of the picture. But it’s not the only part. And laws are only one way to protect artists, or anybody.

Manners come first, and we barely have those yet, if at all. None of the big companies that currently dominate our digital lives have fully thought out how to protect anybody’s privacy. Those that come closest are ones we pay directly, and are financially accountable to us.

Apple, for example, is doing more and more to isolate personal data to spaces the individual controls and the company can’t see. Google and Facebook both seem to regard personal privacy as a bug in online life, rather than a feature of it. (Note that, at least for their most popular services, we pay those two companies nothing. We are mere consumers whose lives are sold to the company’s actual customers, which are advertisers.)

Bottom line: the legal slate is covered in chalk, but the technical one is close to clean. What do we want to write there?

We’ll be talking about this, and many other things, at VRM Day (6 April) and IIW (7-9 April) in the Computer History Museum in downtown Silicon Valley (101 & Shoreline, Mountain View).

Designing the VRM future at IIW

A veteran VRooMeriiwxx tells me a design fiction would be a fun challenge for VRM Day and IIW (which will run from April 6-9 at the Computer History Museum in Mountain View, CA).

He describes one as “basically a way of peeking into the near future by demonstrating an imaginary product that doesn’t exist, but could. For example, instead of talking about a possible VRM product, one instead would create a marketing brochure, screen mockups or a fake video advertisement for this imaginary product as a way to help others understand where the world is headed and possibly even further the underlying technologies or driving concepts.”

Coincidentally, the subject of VRM Day (and a focus for the three days that will follow at IIW) is a maturity model framework that will provide every VRM developer the same single sheet (or set of them) on which to show where they stand in developing VRM capabilities into their company, product, code base or whatever else they’re working on. Work has already started on it, and those doing the work will present a first draft of it on VRM Day.

You know the old saying, “all singing from the same song sheet”? The VRM maturity model framework is it. Think of it as a musical score that is starting to be written, for an orchestra will come together. When we’re done with this round, we’ll at least know what the score describes, and give the players of different instruments enough of a framework so they know where they, and everybody else, fits.

By the end of IIW, it should be ready to do several things:

  1. Provide analysts with a single framework for understanding all VRM developers and development, and the coherencies among them.
  2. Give VRM developers a way to see how their work complements and/or competes with other VRM work that’s going on — and guide future developments.
  3. Give each developer a document to use for their own internal and external purposes.
  4. Give CRM, CE. CX and other vendor-side systems a clear picture of what pieces in the VRM development community will connect with their systems, and how, so buyer-side and seller-side systems can finally connect and grow together.

While we do this, it might also be fun to work out a design fiction as a summary document or video. What would the complete VRM solution (which will surely be a collection of them) look like? How would we present it as a single thing?

All of this is food for thinking and re-thinking. Suggestions invited.

State of the VRooM, 2014

As of today, ProjectVRM is eight years old.

So now seems like a good time for a comprehensive (or at least long) report on what we’ve been doing all this time, how we’ve been doing it, and what we’ve been learning along the way.

ProjectVRM has always been both a group effort and provisional in its outlook and methods. So look at everything below as a draft requiring improvement, and send me edits, either by email (dsearls at cyber dot law dot harvard dot edu) or by commenting below.

Summary

After eight years of encouraging development of tools and services that make individuals both independent and better able to engage, ProjectVRM (VRM stands for vendor relationship management) is experiencing success in many places; most coherently in France, the UK and Oceania (Australia and New Zealand). There are now dozens of VRM developers (though many descriptors besides VRM are used), and investor interest is shifting from the “push” to the “pull” side of the marketplace. Government encouragement of VRM is strongest in the UK and Australia.  ProjectVRM and its community are focused currently on “first person” technologies, privacy, trust, identity (including anonymity), relationship (including experience co-creation), substituability of services and the Internet of Things. Verticals are personal information management, relationship (VRM+CRM), identity, on-demand services, payments, messaging (e.g. secure email), health, automotive and real estate.  There are many possibilities for research, possibly starting with the effects on business of individuals being in full control of their sides of agreements with companies.

Here are shortcuts to each section:

  1. History
  2. Development
  3. Community
  4. Influence
  5. Issues
  6. Verticals
  7. Investment
  8. Research
  9. Questions

1. History

ProjectVRM is one of many research projects at the Berkman Center for Internet and Society at Harvard University. It started when I began a four-year fellowship at Berkman in September, 2006. In those days Berkman fellows were encouraged to work on a project. I had lots of guidance from Berkman staff and other veterans; but what best focused my purpose was something Terry Fisher said at one of the orientation talks. He said Berkman did its best to be neutral about the subjects it studies, but also that “we do look for effects.”

The effect-generating work for which I was best known at the time was The Cluetrain Manifesto, which I co-authored seven years earlier with Chris Locke, David Weinberger and Rick Levine. By most measures Cluetrain was a huge success. The original website launched a meme that won’t quit, and the book that followed was a bestseller.(It still sells well today). But I felt that its alpha clue, written by Chris Locke, still wasn’t true. It said,

we are not seats or eyeballs or end users or consumers.
we are human beings and our reach exceeds your grasp. deal with it.

There is a theory in there that says the Internet gives human beings (the first person we) the reach they need to exceed the grasp of marketers (the second person your).

So either the theory wasn’t true, or the Internet was a necessary but insufficient condition for the theory to prove out. I went with the latter and decided to to work on the missing stuff.

That stuff couldn’t come from marketers, because they were on the second person side. In legal terms, they were the second party, not the first. This is why their embrace  of  Cluetrain’s “markets are conversations” couldn’t do the job. Demand needed help that Supply couldn’t provide. What we needed, as individuals, were first party solutions — ones that worked for us.

The more I thought about the absence of first party solutions, the more I realized that this was a huge hole in the marketplace: one that was hard to see from the client-server perspective, always drawn like this:

468px-Client-server-model.svg

While handy and normative, client-server is also retro. Here’s a graphic from Virtual Teams: People Working Across Boundaries with Technology (Jessical Lipnack and Jeffrey Stamps, 2000,  p. 47) that puts it in perspective:

lipnack

Client-server is hierarchical, bureaucratic industrial and agricultural (see the image below). But it’s also most of what we experience on the Web, and also where the entirety of the supply side sits. So, even if Cluetrain is right when it says (in Thesis #7) “hyperlinks subvert hierarchy,” subversion goes slow when the people running the servers are in near-absolute control and hardly care at all about links. In less abstract terms, what we have on the Web is this:

calf-cow

As clients we go to servers for the milk of text, graphics, sound and videos. We get all those, plus cookies (and other tracking methods) to remember who we are and where we were the last time we showed up. And, since we’re just clients, and servers do all the heavy lifting  (and with technology what can be done will be done) the commercial Web’s ranch has turned into what Bruce Schneier calls Our Internet surveillance state.

By 2006 it was already clear to me that we could make the whole marketplace a lot bigger if individuals were fully capable human beings and not just calves — if we equipped Demand to drive Supply at least as well as Supply drives Demand.

To help people imagine what will happen when Demand reaches full power, I wrote a Linux Journal column a few months earlier, titled “The Intention Economy.” Here’s the gist of it:

The Intention Economy grows around buyers, not sellers. It leverages the simple fact that buyers are the first source of money, and that they come ready-made. You don’t need advertising to make them.

The Intention Economy is about markets, not marketing. You don’t need marketing to make Intention Markets.

The Intention Economy is built around truly open markets, not a collection of silos. In The Intention Economy, customers don’t have to fly from silo to silo, like a bees from flower to flower, collecting deal info (and unavoidable hype) like so much pollen. In The Intention Economy, the buyer notifies the market of the intent to buy, and sellers compete for the buyer’s purchase. Simple as that.

The Intention Economy is built around more than transactions. Conversations matter. So do relationships. So do reputation, authority and respect. Those virtues, however, are earned by sellers (as well as buyers) and not just “branded” by sellers on the minds of buyers like the symbols of ranchers burned on the hides of cattle.

The Intention Economy is about buyers finding sellers, not sellers finding (or “capturing”) buyers.

In The Intention Economy, a car rental customer should be able to say to the car rental market, “I’ll be skiing in Park City from March 20-25. I want to rent a 4-wheel drive SUV. I belong to Avis Wizard, Budget FastBreak and Hertz 1 Club. I don’t want to pay up front for gas or get any insurance. What can any of you companies do for me?” — and have the sellers compete for the buyer’s business.

This car rental use case is one I’ve used to illustrate what would be made possible by “user-centric” or “independent” identity, which was also the subject of the cover story in last October’s Linux Journal, plus this piece a year earlier, and various keynotes I’ve given at Digital Identity World, going back to 2002. It is also the use case against which the new open source Higgins project was framed.

Even though I’ve been thinking out loud about Independent Identity for years, I didn’t have a one-word adjective for the kind of market economy it would yield, or where it would thrive. Now, thanks to all the unclear talk at eTech about attention, intentional is that adjective, because intent is the noun that matters most in any economy that gives full respect to what only customers can do, which is buy.

Like so many other things that I write about (including everything I’ve written about identity), The Intention Economy is a provisional idea. It’s an observation that might have no traction at all. Or, it might be a snowball: an core idea with enough heft to roll, and with enough adhesion to grow, so others add their own thoughts and ideas to it.

So that’s the purpose I chose for my new Berkman project: to get a snowball of development rolling toward the Intention Economy.

The project has been lightweight from the start, consisting of myself* and other volunteers. Our instruments are this blog, a wiki, a mailing list and events. In gatherings of project volunteers at Berkman and elsewhere, we narrowed our focus to encouraging development of tools for independence and engagement. That is, tools that would make individuals both independent of other entities (especially companies) and better able to engage with them. These shaped the principles, goals and tools listed on our wiki.

The term VRM came about accidentally. I was talking about my still-nameless project on a Gillmor Gang podcast in October 2006. Another guest on the show, Mike Vizard, started using the term VRM, for Vendor Relationship Management — or the customer-side counterpart of CRM, for Customer Relationship Management, which was then about a $6.2 billion B2B software and services industry.  (It’s now past $20 billion.) The Gillmor Gang is a popular show, and the term stuck. It wasn’t perfect (we wanted a broader focus than “vendors,” which is also a B2B term, rather than C2B). But the market made a decision and we ran with it. Since then VRM has gained a broader meaning anyway. Every thing (hardware, software, policies, legal moves) that enables an individual to interact with full agency in any relationship is a  VRM thing. “RM” turns out to  be handy for sub-categories as well, such as GRM (government relationship management) and HRM (health relationship management).

ProjectVRM has always been unusual for Berkman in two ways. One is that it has been focused on business — the commercial side of the “society” in Berkman’s name. The other is that it put the development horse ahead of the research cart. So, while we always wanted to do research (and did some along the way, such as with ListenLog), we felt it was important to create research-worthy effects first.

My first mistake was thinking we would have those effects within a year. My second mistake was thinking we would have them within four years — the length of my fellowship. It has taken twice that long, and still requires one more piece. More about that below, in the Research and Opportunities sections.

In its early years, when it was pure pioneering, ProjectVRM had a lot of volunteer organizational help. There were weekly conference calls and meetings, and events held in Cambridge, London, San Francisco and elsewhere. But the main gatherings from the start were at the Internet Identity Workshop (IIW), an unconference I co-organize at the Computer History Museum in Mountain View. (Our next VRM Day is 27 October. Register here.)

IIW also started with Berkman help. It was first convened as a group I pulled together for a December 31, 2004 Gillmor Gang podcast on identity. Steve Gillmor called the nine participants in the show “The Identity Gang.” The conversation continued by phone and email, with growing energy. So we convened again, this time in person with a larger group, in February 2005 at Esther Dyson’s PC Forum in Scottsdale, Arizona. It was there that John Clippinger asked if we would like “a clubhouse” at Berkman. I said yes, and John had Paul Trevithick create a Berkman site for the gang. As interest collected around the site and its list, three members — Phil Windley (then CIO of Utah), Kaliya Hamlin (aka “IdentityWoman“) and I morphed the gang meetings into IIW, which met for the first time in Fall of 2005. Our 19th is coming up on 28-30 October. (Register here.)  It tends to have 180-250 participants from all over the world. While identity remains the central theme, as an unconference its topics can be whatever participants choose. VRM is always a main focus, however. And we always have a “VRM Day” at the Museum the day before IIW. The next is on 27 October. It’s free.

The Identity Gang  also grew out of other efforts by a number of individuals and groups:

I’ll leave it at those for now. Others can add to it and help me connect the dots later. What matters is that ProjectVRM has both roots and branches that intertwine with the digital identity movement. I unpack more in the Community section below. Meanwhile it is essential to note that Kim Cameron’s Seven Laws of Identity had a large guiding influence on ProjectVRM. This is partly because they were all good laws, but mostly because they came from the individual’s side:

  1. User control and consent
  2. Minimal disclosure for a constrained use
  3. Justifiable parties (“disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship”)
  4. Directed identity (“facilitating discovery while preventing unnecessary release of correlation handles”)
  5. Pluralism of operators and technologies
  6. Human integration
  7. Consistent experience across contexts

As you see, all of those should apply just as well to VRM tools and services.

We have had two interns in our history, both hugely helpful. The first was Doug Kochelek, an HLS law student with a BS and a EE from Rice. He came on board at the very beginning, in September 2006. He’s the guy who worked with Berkman’s Geek Cave to create the wiki, the blog and the list. He also shook down many technical problems along the way. The second was Alan Gregory, a 2009 summer intern and a law student at the University of Florida. Alan helped with research on the chilling effects of copyright expansion on Web streaming, which was a focus of a research project we did with PRX called ListenLog — a self-tracking feature installed in PRX’s Public Media Player iPhone app. (Here’s a presentation Alan and I did at a Fellows Hour.) ListenLog was the brainchild of Keith Hopper, then of NPR, and was years ahead of its time. Work on those projects was funded by a grant from the Surdna Foundation.

To keep its weight light and its work focused on development and relevant issues, ProjectVRM does not have its own presence on Twitter or Facebook. Its social media activity is instead comprised of postings by individual participants in the project, and the memes they drive. #VRM, for example, gets tweeted plenty, and has come to serve as shorthand for individual empowerment.

In 2007 we did a good job of publicizing what VRM and ProjectVRM were about, and got a lot of buzz. It was  premature, and our first big lesson: it’s not good to publicize anything for which the code isn’t ready. In the absence of code, it’s easy for commentators (such as here) to assume that what we’re trying to do can’t be done.

So we got more heads-down after that, and avoided publicity for its own sake.

not_iball1Still, the idea of VRM is attractive, especially to folks at the leading edge of CRM. This is what caused nearly an entire issue of CRM magazine to be devoted to VRM ,in May 2010. It too was ahead of its time, but it helped. So did two books that came out the same year: John Hagel’s The Power of Pull, and David Siegel’s Pull: The Power of the Semantic Web to Transform Your Business. John also helped in June 2012 with The Rise of Vendor Relationship Management.

That essay was a review of  The Intention Economy: When Customers Take Charge, which arrived in May from Harvard Business Review Press. The book reported on VRM development progress and detailed the projected shifts in market power that I first called for in my 2006 column with the same title.

While  The Cluetrain Manifesto has been a bigger seller, The Intention Economy Intention-economy-cover has had plenty of effects. Currently, for example, it is informing the work of Mozilla’s commercial arm, headed by Darren Herman, who this year hired @SeanBohan from the VRM talent pool. (Here’s a talk I gave at Mozilla in New York last month.) On the publicity side, the book was compressed to a Wall Street Journal full-page Review section cover essay titled “The Customer as a God.”

So far ProjectVRM has one spin-off: Customer Commons, a California-based nonprofit. Its mission is “restore the balance of power, respect and trust between individuals and organizations that serve them.” CuCo is a membership organization with the immodest ambition of attracting “the 100%.” In other words, all customers. And it is modeled to some degree on Creative Commons CustomerCommonsLogo4(a successful early Berkman spin-off), by serving as the neutral place where machine- and person-readable versions of personal terms, conditions, policies and preferences of the individual can be maintained. Among those terms will be those restricting or preventing unwanted tracking, and among those policies will be those establishing the boundaries we call privacy. Customer Commons is a client of the Cyberlaw Clinic, which is helping develop both. But much more can be done. We’ll visit that in the Opportunities section below.

2. Development

The list of VRM developers is now up to many dozens. While most don’t use the term “VRM” in marketing their offerings (nor do we push it), the term is gathering steam. For example, while updating the developers list a few minutes ago, I found two new companies that use VRM in the description of their offerings: InformationAnswers (“Where CRM meets VRM.”) and PeerCraft (“The main purpose for PeerCraft is to support Vendor Relation Management.”)

Some developers on our list are now familiar brands, though none started that way, and most did not exist when ProjectVRM began. Some of the successes (e.g. Uber and Lyft) have not been directly engaged with ProjectVRM, but are listed because they are what we call “VRooMy.” Other successes (e.g. Personal.com, Reputation.com and GetSatisfaction) have been engaged, one way or another. One that got a lot of notice lately is Thumbtack, for picking up a $100 million investment from Google. That’s atop the $30 million they got earlier this year.

In fact many VRM developers are now having an easier time getting money, thanks to a trend on which ProjectVRM has had influence: a shift of market interest away from “push” (e.g. advertising) and toward “pull” (e.g. VRM). (More about investment below.)

Several years ago, a bunch of VRM developers (and I) worked on developing SWIFT’s Digital Asset Grid. (SWIFT is the main international system for moving money around, and is headquartered in Belgium.) The code is open source, as is other VRooMy work in the financial sector. (Such as the stuff being done by the Romanian company I wrote about here.) OIX also maintains a set of “trust frameworks,” one of which is at the heart of the Respect Network, which I’ll unpack below.

While there is a lot of development in the U.S., and there are VRM startups scattered around the world, the three main hotbeds of activity are the UK, France and Oceania (Australia and New Zealand). Each is a community of its own, cohering in different ways. It’s helpful to visit each, because they represent unique contexts and resources for moving forward.

The UK

In the UK, government is central, through a role one official there calls “being a giant consumer of personal data from citizens.” It gets that data either from individuals directly or from companies that provide individuals with what are called variously called personal clouds, data stores, lockers and vaults. While all these companies perform as intermediaries, they work primarily for the individual. To differentiate this new class of company from traditional third parties, ProjectVRM calls them “fourth parties”. (That term is alien to lawyers, but is catching on anyway. For example, there is a new VRM company in Australia with the name “4th Party.”)

Leading the UK government in a VRooMy direction from the inside is in the Efficiency and Reform Group of the Government Digital Service (GDS) in the Cabinet Office.  In this presentation by Chris Ferguson, Deputy Director of the GDS we see the government pulling in big companies (e.g. Google, Equifax, Lexis-Nexis, Experian, Paypal, Royal Mail, BT, Amazon, O2, Symantec) to legitimize and engage fourth parties serving individuals (e.g. Mydex, Paoga and Allfiled).

Two outside groups working with the UK government are Ctrl-Shift and OIX (Open Identity Exchange). Ctrl-Shift is a research consultancy that has been engaged with ProjectVRM from the beginning. OIX is a Washington-based international .org focused on ‘building trust in online transactions.’

France

VRM is a familiar and well-understood concept in France. There are meetups (such as this one) and many VRooMy startups, such as Privowny (led by French folk and HQ’d in Palo Alto), CozyCloud, and OneCub. A big organizational driver of VRM in France is Fing.org, a think tank that brings together large companies (e.g. Carrefour, Societe General, Orange and LaPoste) with small companies such as the ones I just mentioned. They do this around research projects. For example, ProjectVRM informed Fing’s Mesinfos research project (described here).

Oceania

If we were to produce a heat map of VRM activity, perhaps the brightest area would be Australia and New Zealand. I’ve been down that way three times since June of last year, to help developers and participate in meetings and events. As with the UK, government in Australia is very supportive of VRM development, and with empowering individuals generally. (We met with three agencies on one of the trips: one with the federal government in Canberra and two with the New South Wales government in Sydney. One of them called citizens “customers” of government services, because “they pay for them.”) Startups there include Flamingo, Meeco, Welcomer, Geddup,4th Party, Fifth Quadrant, Onexus and the New Zealand based MyWave.

Recent changes in Australian privacy policy also attract and support VRM development. Australian companies (and government agencies) collecting personal data from people on the Web (or anywhere) are now required to make that data available to those people to use as they please. (Or so I understand it.) This gives Canberra-based Welcomer, for example, a reason to exist. Welcomer makes “private data dashboards” that “show collected summaries of the personal data held by organisations and by individuals including the person themselves. The dashboard gives a summary of personal data with the ability to link through to the source data (where required).”

This summer, the first commercial community to grow out of ProjectVRM work, the Respect Network (which Privacy By Design (PbD) calls the “World’s First Global Private Cloud Network”) held a world tour to launch the community and stimulate funding for members’ common goals, standards and code development. I was on the tour (London, San Francisco, Sydney, Tel Aviv), and wrote a report on the ProjectVRM blog. (Naturally, I shot pictures. Those are here. I also spoke at each venue. One of my Sydney talks is here.)

3. Community

To understand where ProjectVRM fits in the world, and how it works, I like the Competing Values Framework by Kim S. Cameron (no relation to the one above), Robert E. Quinn, Jeff DeGraff and Anjan Thakor:

Screen Shot 2014-09-01 at 5.48.45 PM

While there are many VRM developers operating in the lower half of that graphic, what ProjectVRM does is in the upper half of that diagram.  We have a collaborative clan of flexible and creative individuals in an adhocracy, working together on long-term transformational change.

Pretty much everything that gets criticized about our efforts falls in the lower half. That’s because we have no hierarchy and don’t work to control what anybody does. And progress on the whole  has been slow. (Though there are exceptions, such as Uber, Lyft and Thumbtack.)

That graphic is just one of many helpful ones in David Ronfeldt‘s Organizational forms compared, which he’s been updating since first publishing it in May 2009. One reason it is helpful is that the hierarchical short-term stuff is obvious and easily understood, while collaborative long term stuff is much harder to grok. It’s like the difference between weather and geology. Which makes me think that graphic should be flipped vertically: slow stuff on the bottom, fast stuff at the top. That’s what the Long Now foundation does with this graphic, which I’ve always loved:

layers of time

The change we want most is down in the culture, governance and infrastructure layers, even though our focus is on commerce. This also explains why we run into trouble when we play with fashion. The last thing we want is for VRM to be cool. (This is also a lesson I learned and re-learned over two decades of watching Linux, free software and open source for Linux Journal.)

The following graphics are all from David Ronfeldt’s scholastic gatherings. Each in its own way helps explain how our community works — and how it doesn’t. First, from one of Bob Jessop‘s many papers on governance and metagovernance (this one from 2003):

jessop figure

That’s our column on the right.

Then there is this, from Federico Iannacci and Eve Mitleton–Kelly’s Beyond markets and firms: the emergence of Open Source networks (First Monday, May, 2005):

iannacci

That’s us in the middle. We’re a stable and decentralized heterarchy that coordinates by mutual adjustment.

Then there is this from Karen Stephenson‘s Neither Hierarchy nor Network: An Argument for Heterarchy (in Ross Dawson’s Trends in the Living Networks, April, 2009):

stephenson

Again that’s us on the right.

Something I like about those last two is the respect they give to heterarchy, which has been a focus for many years of Adriana Lukas, another VRM stalwart who has been with the project since before the beginning. Here’s her TED talk on the subject.

Finally, there is this graphic, from  Clay Spinuzzi‘s Toward a Typology of Activities (2013):

Spinuzzi

In Spinuzzi’s Losing by Expanding: Corralling the Runaway Object, an object is identified as “a material or problem that is cyclically transformed by collective activity.” With our tacit, inductive and flexible approach, this also characterizes the way our community works.

One can see all this at work on the ProjectVRM mailing list, an active collection of 615 subscribers. We also meet in person twice a year at IIW, starting one day in advance of the event, with “VRM Day.” This adds up to a total of at least eight days per year of in-person collaboration time.

Most of the rest of the VRM community meets locally, or through the organizing work of organizations such as Respect Network (U.S. based, but spanning the world) and Fifth Quadrant (Sydney based, and focused on Australia and New Zealand).

There are many other organizations with which ProjectVRM is well aligned. Among them are:

If things go the way I expect, Mozilla will also emerge as a center of VRM interest and development as well. (For example, I expect VRM to be a topic in October at MozFestival in the U.K.

4. Influence

Nearly all VRM influence derives from the work of its volunteers and its developers. “Markets are conversations,” Cluetrain said, and we drive a lot of those. But they rarely get driven exactly the way I, or we, would like. Conversations are like that. EIC awardSo are heterarchical networks. Everybody wants to come at issues from their own angle, and often with their own vocabulary. We see that especially with analysts and think tanks. None of them like the term VRM. (In fact lots of developers avoid it as well. I don’t blame them, but we’re stuck with it.) Ctrl-Shift, for example, calls fourth parties PIMS, for Personal Information Management Services. Kuppinger-Cole, which gave ProjectVRM an award in 2008 (that’s the trophy on the right), insists on the term “Life Management Platforms.” (I pushed it for awhile. Didn’t take.) Here in the U.S., Forrester Research calls the same category PIDM for Personal Identity and Data Management. We don’t care, because we look for effects.

As for the influence of others on ProjectVRM, there are too many to list.

5. Issues

Privacy is the biggest one right now. (A Google search brings up more than five billion results). We’ve done a lot to drive interest in the topic, and have brought thought leadership to the topic as well. (Here is one example.) On behalf of ProjectVRM, I’ve participated in many privacy-focused events, such as the Data Privacy Hackathon earlier this year, and at GovLab gatherings such as the one reported on here. I’m also in Helen Nissenbaum‘s Privacy Research Group at the NYU Law School, where I presented ProjectVRM developers’ privacy work on February 26 of this year.

Tied in with privacy online, or lack of it, is users’ need to submit to onerous terms of service and meaningless privacy policies. Those terms, also called contracts of adhesion, have been normative ever since industry won the industrial revolution, but have become especially egregious in the online world. Today there is a crying need both for better terms on the sites’ and services’ side, and for terms individuals can asset on their side. From the beginning ProjectVRM has been focused mostly on the latter.

Trust is another huge issue, also tied with privacy. ProjectVRM has both encouraged and influenced the growth of “trust frameworks” such as the Respect Trust Framework and others (there are five) at OIX, as well as Open Mustard Seed and OpenPDS under IDcubed at the MIT Media Lab.

VRM+CRM has been a focus from the start, but the timing has not been right until now. At the beginning, we expected CRM companies to welcome VRM. Press and analysts in the CRM space were encouraging from the start (CRM Magazine devoted an entire issue to it in 2010), but the big CRM companies showed little interest, until this year.

Sitting astride or beside VRM and CRM is a category variously called CX (for Customer Experience), CRX (for Customer Relationship Experience), EM (for Experience Management) CEM or CXM (for Customer Experience Management) and other two and three-letter initialisms. Another happening in the midst of all these is “co-creation” of customer experience. The purpose here is to bring customers and companies together to co-create experience in a lab-like setting where research can be done. This is what Flamingo does in Australia. In a similar way, MyWave in New Zealand (with developers in Australia) “puts the customer in charge of their data and the experience” for a “direct ‘segment of one’ relationship with businesses.”

With the Internet of Things (IoT) heating up as a topic, there is also an increased focus, on the “own cycle,” rather than the “buy cycle” of the customer experience. I explain the difference here, using this graphic from Esteban Kolsky:

oracle-twist

In our lives the own cycle is in fact the largest, because we own things — lots of them — all the time and are buying things only some of the time. In fact, most of the time we aren’t buying anything, or even close to looking. This is a festering problem with the advertising-driven commercial Web, which assumes that we are constantly in the market for whatever it is they push at us. In addition to not buying stuff all the time, we are employing more and more ways of turning advertising off (ad blockers are the top browser extensions). For advertising and ad-supported companies, including millions of ad-supported publishers on the Web, this is a mounting crisis. According to an August 2013 PageFair report, “up to 30% of web visitors are blocking ads, and that the number of adblocking users is growing at an astonishing 43% per year.” In The Intention Economy, I called online advertising a “bubble” and I stand by the claim. It’s just a matter of time.

As the stuff we own gets smart, and as more of it finds its way onto the Net service becomes far more important to companies than sales. And VRM developers are laying important groundwork in service. I wrote about this in Linux Journal last year, drawing special attention to the pioneering work led by Phil Windley, who has been a VRM stalwart since before the beginning. In fact it’s Phil’s work that makes clear that things themselves don’t need to be smart to exist on the Internet. All they need is clouds that are smart, which Phil calls picos for persistent computing objects. In this HBR post I explain how the shared clouds of products can be platforms for relationship between company and customers , with learnings flowing in both directions.

Meanwhile, VRooMy companies like trōv are helping individuals do more with what they own — taking their valuables, and making them more valuable.

6. Verticals

Relationship

This was the first for VRM, and it’s still a primary interest. We need tools on the individual’s side for managing many relationships. There still is not a good “relationship dashboard,” though there are a number of efforts in this direction. But as soon as we have code on the VRM side that matches up with code on the CRM side (including, for example, call centers, which are also interested in VRM), we’ll rock.

Payments

Even though ProjectVRM’s mission is centered around relationship and conversation, transaction is a big part of it too — just not the only part, as business often assumes. Our first efforts, starting in 2006, were around making it as easy as possible for individuals to donate money in one standard way to many different public radio stations.

We have been involved in many meetings and discussions around payments and secure data transactions, and some projects as well. We worked with SWIFT on the Digital Asset Grid, and have been in conversations with banks (e.g. Chase) and VISA Europe for a long time as well. With the rise of alternative currencies (e.g. Bitcoin), distributed accounting (e.g. Blockchain), digital wallets and other new means for transacting and accounting, there are many ways for VRM developments to play.

Email

In what is being called “post-Snowden time,” many new secure and encrypted email approaches have evolved. While some are listed on the ProjectVRM developers list, we haven’t been very involved with them — at least not yet. But we are involved with developers working on privacy-protecting tools that can either be embedded in existing email systems or offer alternative communications “tunnels.”

Personal information Management

There are two breeds of development here.

One is fourth party services and code bases for managing and sharing personal data selectively online. There are now many of these. Some support self-hosting as well. (ProjectVRM has always been supportive of free software, open source, and the “first person technology” and “indie” movements.) One organization, the Respect Network, was created to provide a framework for substitutability of services and apps.

The other is code the individual uses to manage his or her own life, and connections out to the world. This is where calendar, email, IM, to-do lists, password managers and other convenience-producing apps for the connected world come together. There is no leader here, though there are many players, including Apple, Microsoft and Google.  So far, this area has only seen centralized and siloed players, with inherent security and data mining disadvantages. But recently, commercial and open source conversations about a decentralized approach to this opportunity have been taking place.

A test case for VRM that applies to both kinds of solutions is this: being able to change my address, my last name or my phone number for many services in one move. This is exactly what the UK government is calling for from citizens’ personal information management systems (what Ctrl-Shift calls PIMS). A citizen should be able to change her address for the Royal Mail, the Passport Office and the National Health Service, all at once. Bonus links: Making things open, making things better, by Mike Bracken in the Gov.UK Government Digital Service blog, where Mike’s prior post, Reading the Digital Revolution featured this illustration by our old friend Paul Downey:

cluetrain-620x295

Apple’s HealthKit and HomeKit, which go live with the release of iOS 8on 9 September, also have some VRM developers excited, because it will make this kind of integration at the individual end easy to do in two verticals: Health and Home Automation.

Health

Early on with ProjectVRM, I avoided health as an issue, because I wanted to see real progress in my lifetime — and I felt that the situation in the U.S. was fubar. But other VRM folk did not agree, and have pushed VRM forward very aggressively in the health field. Dr. Adrian Gropper and Dr. Deborah Peel of Patient Privacy Rights have done a remarkable job of carrying the VRM flag up a very steep and slippery hill. Berkman veteran John Wilbanks is another active ProjectVRM volunteer whose work in health is broad, deep, influential and at the leading edge of the pioneering space where personal agency engages the wild and broken world of the U.S. health care system. Brian Behlendorf, the primary developer of the Apache Web server (which hosts the largest share of the world’s Web sites and services) and the CONNECT open source code base for health service collaboration, is also an active participant in ProjectVRM.

A number of VRM developers are working with, or paying close attention to, Apple’s HealthKit. In the words of one of those developers, “It’s very VRooMy.” HealthKit developments go live when Apple rolls out iOS 8 on 9 September.

Automotive

While a number of car makers are eager to spy on drivers, Volkswagen has put a stake in the ground. In March, Volkswagen CEO Martin Winkerhorn gave a keynote at the Cebit show that drew this headline: “Das Auto darf nicht zur Datenkrake warden.” My rusty Deutsch tells me he’s saying the car shouldn’t be a data octopus.

Toward that end, Phil Windley’s Kickstarter-based  Fuse will give drivers and car owners all the data churned out of their cars’ ODB-II port, which was created originally for diagnostics at car dealers and service stations. With an open API around that data, developers can create apps to alert you to schedule maintenance, monitor your teen’s driving and much more.

Real Estate

The only products that cost us more than cars are homes. Here too we have a VRM advocate in Cambridge-based Bill Wendell of Real Estate Café. He has always been way ahead of his time, but it’s clear his time is coming. (Here’s Bill leading a session on VRM in Real Estate at IIW 18 in May.)

7. Investment

There is an upswing of investment in start-ups on the “pull” — the individual’s — side of the marketplace. Many wealthy individuals, some quite new to tech investing, perceive an opportunity in “pull” side tools, so interest is building, especially in angel funding. There are currently at least three initiatives coming together to invest in VRM or intention based start-ups in Silicon Valley and Europe. This is one of the outcomes of the last IIW (in May of this year), where investment emerged as a big theme, with a number of VC’s for the first time participating in IIW sessions. I’m involved in planning a VRM specific fund, which is still in its preliminary stages. If it moves forward (which I believe it will), it should come into shape by next year.

In some cases government is also involved. In the UK, for example, the SEIS (Seed Enterprise Investment Scheme) program offers huge tax incentives to angel investors.

8. Research

There are many questions we can probe with research, but only one I want to work on in the near term: What happens when individuals come to websites with their own agreeable terms?creativecommons-licenses

Such as, “I’m cool with you tracking me on your site, but don’t follow me when I leave.” And, on the site’s side,  “We’re cool with that.” In proper legalese, of course — but expressed on both sides in code and symbols that work like Creative Commons’ licenses (there on the right).

The Cyberlaw Clinic is already involved, though its work with Customer Commons on a broader set of terms than the one I just mentioned, and Berkman’s own  Privacy Tools for Sharing Research Data could assist with and follow the process, both through the term-creation process and as the terms get implemented in code and materialize on the Web.

We would be dealing with cooperative efforts that require this already. One is Respect Network’s Respect Connect “Login with Respect” button.  As I explain here, the terms of OIX’s Respect Trust frame require the setting of, and respect for, the boundaries of individuals. This can be done, even within the calf-cow framework of client-server.

Respect Connect  is based onXDI, which the Respect Trust Framework also specifies. XDI is a protocol that employs “link respect-connect-buttoncontracts.” Drummond Reed, the father of XDI (and CEO of the Respect Network) describes link contracts as “machine-readable XDI descriptions of the permissions an individual is giving to another party for access to and usage of the owner’s personal data.” Very handy. And binding. In code.

Mozilla has also made efforts in this same direction, most recently with  Persona (there on the right). signinWe can help them out with this work, and I am sure other and other browser makers will also want to get on board — which they should, and with Berkman’s convening power probably will.

At the end of the project we will have both standard terms for posting at Customer Commons and reference implementations hosted by Berkman, or shared by Berkman over Github or some other data repository.

And we would bring to the table many dozens of developers already eager to see increased agency and term-proffering power on the individual’s side. I can easily see privacy dashboards, on both the client and the server sides of websites.

(Thinking out loud here…) We could host focused discussions and invite participants (including law folk — especially students, from anywhere) to vet terms the way the IETF vets Internet standards: with RFCs, or Requests for Comments. Some open source code for this already exists with Adblock Plus’s white list for non-surveillance-based advertisers. I would hope they’d be eager to participate as well. We (ProjectVRM, the Berkman Center or Customer Commons) could publish lists of conformant requirements for website and Web service providers, and lists (or databases) of conformant ones.

This work would also separate respectful actors on the supply side of the marketplace from ones that want to stick with the surveillance model.

While there are lots of things we could do, this is the one I know will have the most leverage in the shortest time, and would be great fun as well.

It is also highly cross-disciplinary, with many lines of cooperation and collaboration within the university and out to the rest of the world. Right at Berkman we have the  Privacy Tools for Sharing Research Data project and its many connections to other centers at Harvard. Its mission — “to help enable the collection, analysis, and sharing of personal data for research in social science and other fields while providing privacy for individual subjects” — is up many VRM development alleys, especially around health care.

9. Questions

What if we fail?

What if it turns out that free customers are not more valuable than captive ones for most businesses? That’s been the default belief of big business ever since it was born.

What if the free market on the Net turns out to be “Your choice of captor?” Client-server lends itself to that, although we can work around its inequities with moves like the one proposed in the Research section above.

What if the only VRM implementations that succeed in the marketplace are silo’d and non-substitutable ones? To some degree, that’s what we have with Uber and Lyft. While they are substitutable (as two apps on one phone), we don’t yet have a way to intentcast to multiple ride sharing providers at once, or to keep data that applies to both. Maybe we will in the long run, but so far we don’t.

Apple may be VRooMy with HealthKit and HomeKit, but both still operate within Apples silo. You won’t be able to use them on Android (far as I know, anyway).

And what if the Internet of Things turns out to be a world of silos as well? This too is the default, so far. Phil Windley mocks the Apple of Things and the Google of Things by calling both The Compuserve of Things — and making the case for substitutablility as well.

And what if customers just don’t care? This too is the default: the body at rest that tends to stay at rest. For VRM to fully happen, the whole body needs to be in motion — to move from one Newtonian state to another. It’s doing that in places, but not across the board.

Finally, what if we succeed? VRM is about making a paradigm shift happen. So was  Cluetrain before it. On the plus side, the Net itself lays the infrastructural groundwork for that shift. But the rest is up to us.

Whether we  fail or succeed (or both), there will be plenty to study. And that’s been the idea from the start too.

_________________

* Disclosures: I was paid modest sums as a fellow early on, but otherwise have received no compensation from the Berkman Center. I make my living as a speaker, writer and consultant. I have consulted a number of companies listed on the ProjectVRM development work page, and am on the boards of two start-ups: Qredo in the U.K. and Flamingo in Australia. In my work for them my main goal is to see VRM succeed, and I don’t play favorites in competition between VRM companies.

Live blogging #Smalldata NYC

I’m at SmallData NYC, hosted by Mozilla.  What I’m writing here is not a report on the event (which will be up on the Web for all to see, soon enough), but rather my own #VRM-based riffs on what the panelists (and later the audience) are saying.  The purpose of an event like this is to get people thinking and talking. So that’s what I’m doing here.

  • New word for me: deconvolve. I like it, but gotta look it up.
  • Actual and clear intent is more valuable than inferred intent.
  • Whatever happened to AskJeeves-type search?  Such as “I’m looking for Michael Jordan the AI expert, not the basketball player.”
  • Thought: Why does search have to be so effing complicated.
  • The Net has no business model. That’s why it supports an infinitude of business.
  • At the moment a common (if not prevailing) business model on the Web is surveillance-based personalized advertising. This is not the same thing as the Web itself. If protecting your privacy,  or “becoming an exile” from surveillance fails to support this business model, it does not break the model so much as provide feedback on what isn’t working — or what else might work better. And it certainly does not “break the Web.”
  • “The Industry” is an interesting term. (One of the panelists “speaks for the industry.” I think here it means “commercial players on the Web.” In Hollywood it means Hollywood. I don’t think we’re even close to that level of metonymic maturity.
  • “Small animal taxidermy is specifically an eBay problem.” I think I just heard that.
  • I like “giving a user recommendations that are out of the cone of relevance.”
  • Cone of Relevance is a good name for a band.
  • Netflix recommendations are at least partly (or largely) about developing a long-term relationship with the company. Keeping subscribers. “If you know Netflix knows you, you’ll stay.”
  • Battlestar Gallactica, by pure numbers, has high correlations with a children’s show for 3 year olds. Possibly because watchers of the show have little kids. “The math works,” but the manners don’t.
  • On break, I’m with @Deanland, who sez, “All they seem to care about is how to glean information from people for the benefit of the sell side, with no discussion or apparent thinking about what the user wants, feels, means or cares about. The data is on a one-way street from buyer to seller, but only for the benefit of the seller, not the benefit of the buyer. Saying ‘It’s about serving them better’ actually means ‘We can sell them better.’ There is also a sense that it is a given that The Machine, run by the seller, can get all this information, with no conscious involvement at all by the people yielding the information.” (Hoping Dean — and others — will bring this up after the break. We’ve only had presentations so far, not discussions yet.)
  • Also from the audience on break: “We need a personal data silo. For the person, the #smalldata holder — not the marketing machine.”
  • Wendy Davis of Mediapost (moderator) is challenging the apparent belief, by the panel,  that more information about individuals held by companies is better for individuals. (I think she’s saying.)
  • I’m a person. I want my to do my own damn personalization. Just saying.
  • David Sontag, panelist, says usage data with Internet Explorer all goes to Microsoft.
  • “People get much more upset with bad personalization than no personalization.” (Not sure I got that down right.)
  • Chris Maliwat, panelist: It’s sometimes hard to perceive a company’s intentionality.
  • All these companies are in the train business. We’re passengers, whether we like it or not. Meanwhile, what we need are cars: instruments of independence, agency and personal utility — for ourselves, following our own intentions. I believe Mozilla is the only major browser that can fill this role, because it’s on our side and not on these companies’ side. The other browsers are all instruments of their parent companies.
  • A reason people don’t get more creeped out by all this surveillance and personalization, is that there have not yet been clear, big, news-making harms. Once that happens, the game changes.
  • David Sontag: “I can ‘t get a credit card that won’t share my information with other companies.”
  • Wendy: “How do researchers get users’ true intent?” (e.g. her gender may be irrelevant to her search, but The System notes her gender anyway)
  • Chris: Personalization is not about perfection, but about providing a range of choices.
  • Wendy: “Do people actually know what they want?” My answer: yes. And the assumption that people mostly don’t know is a flaw in The System. So is the assumption that we are in the market to buy stuff all the time. If I want to know the height of Mt. Everest, that doesn’t mean I want to go there, or buy mountaineering gear, or anything commercial.
  • Pat, from the audience, on intelligibility of recommendations: Pandora has filters that are domain aware… But lack of domain makes it harder to make recommendations intelligible.
  • So far all of this is inside baseball. Except the game isn’t baseball. It’s building out the system in Minority Report. But instead of “pre-crime,” it’s all about what we might call “pre-sales.” It’s this scene here.
  • The panel conversation is currently (I think) about the user’s intent “being understood.” So I find myself channeling Walt Whitman: I know that I am august. I do not trouble my spirit to vindicate itself or be understood. I see that the elementary laws never apologize. Also, Do I contradict myself? Very well then. I contradict myself. I am large. I contain multitudes… The spotted hawk swoops by and accuses me. He complains of my gab and my loitering. I too am not a bit tamed. I too am untranslatable. I sound my barbaric yawp over the roofs of the world. I feel one of those yawps rising in me now.
  • A question from the back of the room for “opt in, rather than opt out.” (Of tracking and all that.)
  • Chris’s reply: “Google already exists.” The point is that Google and today’s Web giants are the environment. Deal with it.
  • Audience guy: There is an imbalance between their control and mine as an individual. Right.
  • Wendy: Targeting based on zip code isn’t especially personal. But what we’re talking about here is very personal. Doesn’t this raise issues?
  • Slobodan: Maybe the Net will become more like the insurance business. (Did I hear that right? Missed the point, though.)
  • Audience guy: What kinds of restraint exists now for users that don’t care about privacy at all — as with some young people.?
  • I stirred things up a bit at the end (my barbaric yawp, you might say), but it’s over now, so I’ll need to do my own wrapping later.

Currently 9:15pm, EDST.

Okay, next day, 5pm.

I had hoped that Dean, quoted above, would be called, but he wasn’t, so I raised my hand and said that what the panel had talked about up to that point was mostly inside baseball — a metaphor that at least Chris wasn’t clear on, because he asked me what I meant by it. What I meant was that all three of the panelists were inside The Industry. And what I tried then to do was get them to stand on the other side, the individual’s side, and look at what they do from that angle. When they asked what was being done on the individual’s side, I brought up VRM development, and volunteered Kenneth Lefkowitz of Emmett Global to speak as a VRM developer. Which he did.

So that was it, or as close as I’m going to get in a blog post. When the event goes up on the Web, I’ll add the links.

Older posts

© 2017 ProjectVRM

Theme by Anders NorenUp ↑