VRM TBDs

Every construction project has a punch list of to-be-done items.  Since we’ve been at this for a dozen years, and have a rather long list of development works in progress on our wiki,  now seems like a good time and place to list what still needs to be done, but from the individual’s point of view. In other words, things they need but don’t have yet.

So  here is a  punch list of those things, in the form of a static page rather than a post such as this one. There is also a shortcut to the punch list in the menu above.

For the record, here’s that list as it stands today:

  1. Make companies agree to our terms, rather than the other way around.
  2. Control our own self-sovereign identities, and give others what little they need to know about us on an as-needed basis.
  3. Get rid of logins and passwords.
  4. Change our surname or our home address in the records of every organization we deal with, in one move.
  5. Pay what we want, where we want, for whatever we want, in our own ways.
  6. Call for service or support in one simple and straightforward way of our own, rather than in as many ways as there are 800 numbers to call and punch numbers into a phone before we wait on hold while bad music plays.
  7. Express loyalty in our own ways, which are genuine rather than coerced.
  8. Have an Internet of MY Things, which each of us controls for ourselves, and in which every thing we own has its own cloud, which we control as well.
  9. Own and control all our health and fitness records, and how others use them.
  10. generously sharing helpful facts about how we use their products and services — but in our own ways, through standard tools that work the same for every company we deal with.
  11. Have wallets of our own, rather than only those provided by platforms.
  12. Have shopping carts of our own, which we can take from store to store and site to site online, rather than being tied to ones provided only by the stores themselves.
  13. Have personal devices of our own (such as this one) that aren’t cells in a corporate silo, or suction cups on corporate tentacles. (Alas, that’s what we still have with all Apple iOS phones and tablets, and all Android devices with embedded Google apps.)
  14. Have real relationships with companies, based on open standards and code, rather than relationships trapped inside corporate silos.
  15. Remake education around the power we all have to teach ourselves and lean from each other, making optional at most the formal educational systems built more for maintaining bell curves than liberating the inherent genius of every student.

Please help us improve and correct it.

[The photo is from this collection.]

The only path from subscription hell to subscription heaven

And from customer service hell to customer service heaven too.

(If you want to jump straight to that path, scroll down to The Path. )

A small example of The Problem…

I subscribe to Vanity Fair magazine. I also get one of its newsletters, replicated on a website called The Hive. At the top of the latest Hive is this come-on: “For all that and more, don’t forget to sign up for our metered paywall, the greatest innovation since Nitroglycerin, the Allman Brothers, and the Hangzhou Grand Canal.”

When I clicked on the metered paywall link (from which I have subtracted the appended tracking cruft), it took me to a plain old subscription page. So I thought, “Hey, since they have tracking cruft on that link, shouldn’t it take me to a page that says something like, “Hi, Doc! Thanks for clicking, but we know you’re already a paying subscriber, so don’t worry about the paywall”?

So I clicked on the Customer Care link to make that suggestion. This took me to a login page, where my password manager filled in the blanks with one of my secondary email addresses. That got me to my account, which says my Condé Nast subscriptions look like this:

Oddly, the email address at the bottom there is my primary one, not the one I just logged in with.  (Also oddly, I still get Wired.)

So I went to the Vanity Fair home page, found myself logged in there, and clicked on “My Account.” This took me to a page that said my email address was my primary one, and provided a way to change my password, to subscribe or unsubscribe to four newsletters, and a way to “Receive a weekly digest of stories featuring the players you care about the most.” The link below said “Start following people.” No way to check my account itself.

So I logged out from the account page I reached through the Customer Care link, and logged in with my primary email address, again using my password manager. That got me to an account page with the same account information you see above.

It’s interesting that I have two logins for one account. But that’s beside more important points, one of which I made with this message I wrote for Customer Care in the box provided for that:

Curious to know where I stand with this new “metered paywall” thing mentioned in the latest Hive newsletter? When I go to the link there — https://subscribe.condenastdigital.com/s… — I get an apparently standard subscription page. I’m guessing I’m covered, but I don’t know. Also, even as a subscriber I’m being followed online by 20 or more trackers (reports Privacy Badger), supposedly for for personalized advertising purposes, but likely also for other purposes by Condé Nast’s third parties. (Meaning not just Google, Facebook and Amazon, but Parsely and indexww, which I’ve never heard of and don’t trust. And frankly I don’t trust those first three either.) As a subscriber I’d want to be followed only by Vanity Fair and Condé Nast for their own service-providing and analytic purposes, and not who-knows-what by all those others. If you could pass that request along, I thank you. Cheers, Doc

When I clicked on the Submit button, I got this:

An error occurred while processing your request.An error occurred while processing your request.

Please call our Customer Care Department at 1-800-667-0015 for immediate assistance or visit Vanity Fair Customer Care online.

Invalid logging session ID (lsid) passed in on the URL. Unable to serve the servlet you’ve requested.

So there ya go: one among .X zillion other examples differing only in details.

Fortunately, there is a better way. Read on.

The Path

The only way to pave a path from subscription and customer service hell to the heaven we’ve never had is by  normalizing the ways both work, across all of business. And we can only do this from the individual customer’s side. There is no other way. We need standard VRM tools to deal with the CRM and CX systems that exist on the providers’ side.

We’ve done this before.

We fixed networking, publishing and mailing online with the simple and open standards that gave us the Internet, the Web and email. All those standards were easy for everyone to work with, supported boundless economic and social benefits, and began with the assumption that individuals are full-privilege agents in the world.

The standards we need here should make each individual subscriber the single point of integration for their own data, and the responsible party for for changing that data across multiple entities. (That’s basically the heart of VRM.)

This will give each of us a single way to see and manage many subscriptions, see notifications of changes by providers, and make changes across the board with one move. VRM + CRM.

The same goes for customer care service requests. These should be normalized the same way.

In the absence of normalizing how people manage subscription and customer care relationships, all the companies in the world with customers will have as many different ways of doing both as there are companies. And we’ll languish in the login/password hell we’re in now.

The VRM+CRM cost savings to those companies will also be enormous. For a sense of that, just multiply what I went through above by as many people there are in the world with subscriptions, and  multiply that result by the number of subscriptions those people have — and then do the same for customer service.

We can’t fix this inside the separate CRM systems of the world. There are too many of them, competing in too many silo’d ways to provide similar services that work differently for every customer, even when they use the same back-ends from Oracle, Salesforce, SugarCRM or whomever.

Fortunately, CRM systems are programmable. So I challenge everybody who will be at Salesforce’s Dreamforce conference next week to think about how much easier it will be when individual customers’ VRM meets Salesforce B2B customers’ CRM. I know a number of VRM people  who will be there, including Iain Henderson, of the bonus link below. Let me know you’re interested and I’ll make the connection.

And come work with us on standards. Here’s one.

Bonus link: Me-commerce — from push to pull, by Iain Henderson (@iaianh1)

Weighings

A few years ago I got a Withings bathroom scale: one that knows it’s me, records my weight, body mass index and fat percentage on a graph informed over wi-fi. The graph was in a Withings cloud.

I got it because I liked the product (still do, even though it now just tells me my weight and BMI), and because I trusted Withings, a French company subject to French privacy law, meaning it would store my data in a safe place accessible only to me, and not look inside. Or so I thought.

Here’s the privacy policy, and here are the terms of use, both retrieved from Archive.org. (Same goes for the link in the last paragraph and the image above.)

Then, in 2016, the company was acquired by Nokia and morphed into Nokia Health. Sometime after that, I started to get these:

This told me Nokia Health was watching my weight, which I didn’t like or appreciate. But I wasn’t surprised, since Withings’ original privacy policy featured the lack of assurance long customary to one-sided contracts of adhesion that have been pro forma on the Web since commercial activity exploded there in 1995: “The Service Provider reserves the right to modify all or part of the Service’s Privacy Rules without notice. Use of the Service by the User constitutes full and complete acceptance of any changes made to these Privacy Rules.” (The exact same language appears in the original terms of use.)

Still, I was too busy with other stuff to care more about it until I got this from  community at email.health.nokia two days ago:

Here’s the announcement at the “learn more” link. Sounded encouraging.

So I dug a bit and and saw that Nokia in May planned to sell its Health division to Withings co-founder Éric Carreel (@ecaeca).

Thinking that perhaps Withings would welcome some feedback from a customer, I wrote this in a customer service form:

One big reason I bought my Withings scale was to monitor my own weight, by myself. As I recall the promise from Withings was that my data would remain known only to me (though Withings would store it). Since then I have received many robotic emailings telling me my weight and offering encouragements. This annoys me, and I would like my data to be exclusively my own again — and for that to be among Withings’ enticements to buy the company’s products. Thank you.

Here’s the response I got back, by email:

Hi,

Thank you for contacting Nokia Customer Support about monitoring your own weight. I’ll be glad to help.

Following your request to remove your email address from our mailing lists, and in accordance with data privacy laws, we have created an interface which allows our customers to manage their email preferences and easily opt-out from receiving emails from us. To access this interface, please follow the link below:

Obviously, the person there didn’t understand what I said.

So I’m saying it here. And on Twitter.

What I’m hoping isn’t for Withings to make a minor correction for one customer, but rather that Éric & Withings enter a dialog with the @VRM community and @CustomerCommons about a different approach to #GDPR compliance: one at the end of which Withings might pioneer agreeing to customers’ friendly terms and conditions, such as those starting to appear at Customer Commons.

Privacy = personal agency + respect by others for personal dignity

Privacy is a state each of us enjoys to the degrees others respect it.

And they respect what economists call signals. We send those signals through our behavior (hand signals, facial expressions) and technologies. Both are expressions of agency: the ability to act with effect in the world.

So, for example, we signal a need not to reveal our private parts  by wearing clothes. We signal a need not to have our private spaces invaded by buttoning our clothes, closing doors, setting locks on those doors, and pulling closed curtains or shades. We signal a need not to be known by name to everybody by not wearing name tags as we walk about the world. (That we are naturally anonymous is a civic grace, but a whole ‘nuther thread.)

All of this has been well understood in the physical world for as long as we’ve had civilization—and perhaps longer. It varies by culture, but remained remarkably non-controversial—until we added the digital world to the physical one.

The digital world, like the physical one, came without privacy. We had to invent privacy in the physical world with technologies (clothing, shelter, doors, locks) and norms such as respect for the simple need for personal dignity.

We have not yet done the same in the digital world. We did, however, invent administrative identities for people, because administrative systems need to know who they’re interested in and dealing with.

These systems are not our own. They belong to administrative entities: companies, government agencies, churches, civic groups, whatever. Nearly 100% of conversation about both identity and privacy take place inside the administrative context. All questions  come down to “How can this system with ways of identifying us give us privacy?” Even Privacy By Design (PbD) is about administrative systems. It is not something you and I have. Not in the way we have clothes.

And that’s what we need: the digital equivalents of clothing and ways of signaling what’s okay and what’s not okay.  Norms should follow, and then laws and regulations restricting violations of those norms.

Unfortunately, we got the laws (e.g. the EU’s GDPR and California’s AB 375) before we got the tech and the norms.

But I’m encouraged about getting both, for two reasons. One is the work going on here among VRM-ish developers. The other is that @GregAEngineer gave a talk this morning on exactly this topic, at the IEEE #InDITA conference in Bangalore.

Oh, and lest we think privacy matters only to those in the fully privileged world, watch Privacy on the Line, a video just shared here.

Why personal agency matters more than personal data

Lately a lot of thought, work and advocacy has been going into valuing personal data as a fungible commodity: one that can be made scarce, bought, sold, traded and so on.  While there are good reasons to challenge whether or not data can be property (see Jefferson and  Renieres), I want to focus on a different problem: that it misdirects attention away from a far more important issue it would be best to solve first: personal agency.

I see two reasons why personal agency matters more than personal data.

The first reason is that we have far too little agency in the networked world, mostly because we settled, way back in 1995, on a model for websites called client-server, which should have been called calf-cow or slave-master, because we’re always the weaker party. Fortunately the Net’s and the Web’s base protocols remain mostly peer-to-peer, by design. We can still build on those. It’s early.

A critical start in that direction is making each of us the first party rather than the second when we deal with the sites, services, companies and apps of the world—and doing that at scale across all of them.

Think about how much more simple and sane it is for websites to accept our terms and our privacy policies, rather than to force each of us, all the time, to accept their terms, all expressed in their own different ways. (Because they are advised by different lawyers, equipped by different third parties, and generally confused anyway.)

Getting sites to agree to our own personal terms and policies is not a stretch, because that’s exactly what we have in the way we deal with each other in the physical world.

For example, the clothes that we wear are privacy technologies. We also have  norms that discourage others from, for example sticking their hands inside our clothes without permission.

The fact that adtech plants tracking beacons on our naked digital selves and tracks us like animals across the digital frontier may be a norm for now, but it is also morally wrong, massively rude and now illegal under the  GDPR.

We can easily create privacy tech, personal terms and personal privacy policies that are normative and scale for each of us across all the entities that deal with us. (This is what ProjectVRM’s nonprofit spin-off, Customer Commons is all about.)

Businesses can’t give us privacy if we’re always the second parties clicking “agree.” It doesn’t matter how well-meaning and GDPR-compliant those businesses are. Making people second parties is a design flaw in every standing “agreement” we “accept,” and we need to correct that.

The second reason agency matters more than data is that nearly the entire market for personal data today is adtech, and adtech is too dysfunctional, too corrupt, too drunk on the data it already has, and absolutely awful at doing what they’ve harvested that data for, which is so machines can guess at what we might want before they shoot “relevant” and “interest-based” ads at our tracked eyeballs.

Not only do tracking-based ads fail to convince us to do a damn thing 99.xx+% of the time, but we’re also not buying something most of the time as well.

As incentive alignments go, adtech’s failure to serve the actual interests of its targets verges on the absolute. (It’s no coincidence that more than a year ago, 1.7 billion people were already blocking ads online.)

And hell, what they do also isn’t really advertising, even though it’s called that. It’s direct marketing, which gives us junk mail and is the model for spam. (For more on this, see Separating Advertising’s Wheat and Chaff.)

Privacy is personal. That means privacy is an effect of personal agency, projected by personal tech and personal expressions of intent that others can respect without working at it. We have that in the offline world. We can have it in the online world too.

Privacy is not something given to us by companies or governments, no matter how well they do Privacy by Design or craft their privacy policies. It simply can’t work.

In the physical world we got privacy tech and norms before we got privacy law. In the networked world we got the law first. That’s why the GDPR has caused so much confusion. It’s the regulatory cart in front of the technology horse. In the absence of privacy tech, we also failed to get and the norms that would normally and naturally guide lawmaking.

So let’s get the tech horse back in front of the lawmaking cart. With the tech working, the market for personal data will be one we control.  For real.

If we don’t do that first, adtech will stay in contol. And we know how that movie goes, because it’s a horror show and we’re living in it now.

 

Our time has come

For the first time since we launched ProjectVRM, we have a wave we can ride to a shore.

That wave is the GDPR: Europe’s General Data Protection Regulation. Here’s how it looks to Google Trends:

It crests just eight days from now, on May 25th.

To prep for the GDPR (and to avoid its potentially massive fines), organizations everywhere are working like crazy to get ready, especially in Europe. (Note: the GDPR protects the privacy of EU citizens, and applies worldwide.)

Thanks to the GDPR, there’s a stink on surveillance capitalism, and companies everywhere that once feasted on big data are now going on starvation diets.

Here’s one measure of that wave: my post “GDPR will pop the adtech bubble” got more than 50,000 after it went up during the weekend, when it also hit #1 on Hacker News and Techmeme. And this Hacker News comment thread about the piece is more than 30,000 words long. So far.

The GDPR dominates all conversations here at KuppingerCole‘s EIC conference in Munich where my keynote Tuesday was titled How Customers Will Lead Companies to GDPR Compliance and Beyond. (That’s the video.)

Ten years ago at this same conference, KuppingerCole gaveEIC award ProjectVRM an award (there on the right) that was way ahead of its time.

Back then we really thought the world was ready for tools that would make individuals both independent and better able to engage—and that these tools that would prove a thesis: that free customers are more valuable than captive ones.

But then social media happened, and platforms grew so big and powerful that it was hard to keep imagining a world online where each of us are truly free.

But we did more than imagine. We worked on customertech that would vastly increase personal agency for each of us, and turn the marketplace into a Marvel-like universe in which all of us are enhanced:

In this liberated marketplace, we would be able to

  1. Make companies agree to our terms, rather than the other way around.
  2. Control our own self-sovereign identities, and manage all the ways we are known to the administrative systems of the world. This means we will be able to —
  3. Get rid of logins and passwords, so we are simply known to others we grace with that privilege. Which we can also withdraw.
  4. Change our email or our home address in the records of every company we deal with, in one move.
  5. Pay what we want, where we want, for whatever we want, in our own ways.
  6. Call for service or support in one simple and straightforward way of our own, rather than in as many ways as there are 800 numbers to call and punch numbers into a phone before we wait on hold while bad music plays.
  7. Express loyalty in our own ways, which are genuine rather than coerced.
  8. Have an Internet of MY Things, which each of us controls for ourselves, and in which every thing we own has its own cloud, which we control as well.
  9. Own and control all our health and fitness records, and how others use them.
  10. Help companies by generously sharing helpful facts about how we use their products and services — but in our own ways, through standard tools that work the same for every company we deal with.
  11. Have wallets of our own, rather than only those provided by platforms.
  12. Have shopping carts of our own, which we could take from store to store and site to site online, rather than ones provided only by the stores themselves.
  13. Have real relationships with companies, based on open standards and code, rather than relationships trapped inside corporate silos.
  14. Remake education around the power we all have to teach ourselves and lean from each other, making optional at most the formal educational systems built more for maintaining bell curves than liberating the inherent genius of every student.

We’ve done a lot of work on most of those things. (Follow the links.) Now we need to work together to bring attention and interest to all our projects by getting behind what Customer Commons, our first and only spin-off, is doing over the next nine days.

First is a campaign to make an annual celebration of the GDPR, calling May 25th #Privmas.

As part of that (same link), launching a movement to take control of personal privacy online by blocking third party cookies. Hashtag #NoMore3rds. Instructions are here, for six browsers. (It’s easy. I’ve been doing it for weeks on all mine, to no ill effects.)

This is in addition to work following our Hack Day at MIT several weeks ago. Stay tuned for more on that.

Meanwhile, all hands on deck. We need more action than discussion here. Let’s finish getting started making VRM work for the world.

GDPR Hack Day at MIT

Our challenge in the near term is to make the GDPR work for us “data subjects” as well as for the “data processors” and “data controllers” of the world—and to start making it work before the GDPR’s “sunrise” on May 25th. That’s when the EU can start laying fines—big ones—on those data processors and controllers, but not on us mere subjects. After all, we’re the ones the GDPR protects.

Ah, but we can also bring some relief to those processors and controllers, by automating, in a way, our own consent to good behavior on their part, using a consent cookie of our own baking. That’s what we started working on at IIW on April 5th. Here’s the whiteboard:

Here are the session notes. And we’ll continue at a GDPR Hack Day, next Thursday, April 26th, at MIT. Read more about and sign up here. You don’t need to be a hacker to participate.

The most leveraged VRM Day yet

VRM Day is coming up soon: Monday, 2 April.

Register at that link. Or, if it fails, this one. (Not sure why, but we get reports of fails with the first link on Chrome, but not other browsers. Go refigure.)

Why this one is more leveraged than any other, so far:::

Thanks to the GDPR, there is more need than ever for VRM, and more interest than ever in solutions to compliance problems that can only come from the personal side.

For example, the GDPR invites this question: What can we do as individuals that can put all the companies we deal with in compliance with the GDPR because they’re in compliance withour terms and our privacy policies? We have some answers, and we’ll talk about those.

We also have two topics we need to dive deeply into, starting at VRM Day and continuing over the following three days at IIW, also at the Computer History Museum. These too are impelled by the GDPR.

First is lexicon, or what the techies call ontology: “a formal naming and definition of the types, properties, and interrelationships of the entities that really exist in a particular domain of discourse.” In other words, What are we saying in VRM that CRM can understand—and vice versa? We’re at that point now—where VRM meets CRM. On the table will be not just be the tools and services customers will use to make themselves understood by the corporate systems of the world, but the protocols, standard code bases, ontologies and other necessities that will intermediate between the two.

Second is cooperation. The ProjectVRM wiki now has a page called Cooperative Work that needs to be substantiated by actual cooperation, now that the GDPR is approaching. How can we support each other?

Bring your answers.

See you there.

2018: When Customers Finally Take Charge

In Spring of 2012, Harvard Business Review Press published The Intention Economy: When Customers Take Charge. Not long after that, word came from  The Wall Street Journal that Robert James Thomson, then Managing Editor of the paper, wanted to use the opening  chapter of the book as a cover essay for the paper’s Review section.  Amazon at the time was already giving that chapter away as a teaser for book sales, so I ended up compressing the whole book to a single 2000-word piece.  Here’s how the cover looked:

I thought, “Holy shit, that looks like the cover of Dianetics or something.” Also, “I never would have used that headline.”

But that’s why they pay big bucks to headline writers. That one proved so terrific that I want to use it as the title of my next book, to follow up on The Intention Economy now that it’s finally about to happen.

The timing is right because tectonic shifts now shaking business were twelve years in the future when I started ProjectVRM (in Fall of 2006) and six years in the future when The Intention Economy came out.

Let’s frame those shifts with a pair of graphics from Larry Lessig‘s 1999 book Code and Other Laws of Cyberspace, and its successor in 2005, Code v2. The first is this dot, representing the individual:

The second is this graphic, representing four constraints on the individual:

Each of those four ovals, Larry wrote, constrain or regulate what the individual can do in the networked world.

With ProjectVRM, our work is about turning around those arrows, empowering individuals to exert influence—or agency (the power to operate with full effect)—in all four directions:

In other words, to be a god.

In Code, Larry explains the four constraints with the example of smoking:

If you want to smoke, what constraints do you face? What factors regulate your decision to smoke or not?

One constraint is legal. In some places at least, laws regulate smoking—if you are under eighteen, the law says that cigarettes cannot be sold to you…

But laws are not the most significant constraints on smoking. Smokers in the United States certainly feel their freedom regulated… Norms say that one doesn’t light a cigarette in a private car without first asking permission of the other passengers…

The market is also a constraint. The price of cigarettes is a constraint on your ability to smoke —change the price, and you change this constraint…

Finally, there are the constraints created by the technology of cigarettes, or by the technologies affecting their supply… How the cigarette is, how it is designed, how it is built —in a word, its architecture—affects the constraints faced by a smoker.

Thus, four constraints regulate this pathetic dot—the law, social norms, the market, and architecture—and the “regulation” of this dot is the sum of these four constraints. Changes in any one will affect the regulation of the whole… A complete view, therefore, must consider these four modalities together.

But the Internet was not designed for pathetic dots. By specifying little more than how data is addressed and moved between any two points in the world, across any variety of networks, the Internet gave every conscious entity on that world a lever so huge  Archimedes could only imagine it. I explain this in How tools for customers have more leverage than tools for business alone:

Archimedes said “Give me a place to stand and a lever long enough and I can move the world.”

Alas, Archimedes didn’t have that place. Now all of us do. It’s called the Internet.

Before the Internet, the best way to improve business was with better tools and services for businesses, or with new businesses to disrupt or compete with existing ones.

With the Internet, we can improve customers. In fact, that’s where we started when the Internet showed up in its current form, on 30 April 1995. (That’s when the Net could start supporting all forms of data traffic, including the commercial kind.) The three biggest tools giving customers leverage back then (and still today) were browsers, email and the ability to do anything any company could, starting with publishing.

But then we did what came most easily to business back in the Industrial Age: create new businesses and improve old ones. Nothing wrong with that, of course. Just something inadequate.

Worse, we created giant businesses that only gave customers leverage inside their walled gardens. By now we’ve lived so long inside Google, Apple, Facebook and Amazon (called GAFA in Europe) that we can hardly think outside their boxes.

But if we do, we can see again what the promise of the Net was in the first place: Archimedes-grade power for everybody. And there are a lot more customers than companies in that population.

This is why a bunch of us have been working, through ProjectVRM, on tools that make customers both independent and better able to engage with business.

Now let’s look at one changed constraint: Law.

The tectonic shift happening there is the General Data Protection Regulation, or GDPR. It was created by the European Union to constrain what  Shoshana Zuboff calls surveillance capitalism. Nearly all that surveillance is for the purpose of providing ways to aim ads at tracked eyeballs wherever they go. The GDPR forbids doing that, and imposes potentially massive fines for violations—up to 4% of global revenues over the prior year. I am sure Google, Facebook and lesser purveyors of advertising online will find less icky ways to stay in business; but it is becoming clear that next May 25, when the GDPR goes into full effect, will be an extinction-level event for tracking-based advertising (aka adtech) as a business model.

But there is a silver lining for advertising in the GDPR’s mushroom cloud, in the form of the oldest form of law in the world: contracts. These are agreements that any two parties can form with each other.

So, if an individual proffers a term to a publisher that says,

—and that publisher agrees to it, that publisher is compliant with the GDPR, plain and simple. (I unpack how this works in Good news for publishers and advertisers fearing the GDPR and in many other pieces in the People vs. Adtech series.)

Those terms will live at Customer Commons, a non-profit spin-off of ProjectVRM. “CuCo” was created to do for personal terms what Creative Commons did, and still does, for personal copyright. (Creative Commons was a brainchild of Larry Lessig when he was a fellow at the Berkman Klein Center. We steal from the best.)

Our goal is to have our first agreement—the one two paragraphs up—working for both readers and publishers before the GDPR deadline in May. We have help toward that from the Cyberlaw Clinic at Harvard Law School and the Berkman Klein Center, from other friendly legal folk, and from equally friendly techies, such as those behind the JLINC protocol.

If publishers accept this olive branch from individuals (who are no longer mere “consumers” or “users”), it will demonstrate how existing law and a simple new architecture can alter both markets and norms in ways that make the world better for everybody.

In October 2016, I announced  the end of ProjectVRM’s Phase One and the start of Phase Two.

Making VRM happen in 2018  will complete Phase Two. At the end of it our original thesis—that free customers are more valuable than captive ones—will either prove out or wait for other projects to do the job. Either way we’ll be done. All projects need an end, and this will be ours.

I believe free customers will prove more valuable than captive ones—to themselves, and to everyone else—for two reasons. One is that the Internet was designed to prove it in the first place (and no amount of screwage by governments or service providers can stuff that genie back in the bottle). The other is what I just tweeted here:

Services providing countless different ways for countless different businesses to provide good “customer experiences” () can’t answer the customer’s need for one way to deal with all of them. In fact, they only make things worse with every new login and “loyalty” program.

In other words, we need #customertech. Simple as that. That’s the lever that makes each of us an Archimedes. We’ll get it, from one or more of the projects and companies already on our developments list—and from others who will come along to answer a need that has been in the market since long before the Internet showed up.

So consider this is a recruitment post. We have a lot of work to do in a very short time.

 

 

A positive look at Me2B

Somehow Martin Geddes and I were both at PIE2017 in London a few days ago and missed each other. That bums me because nobody in tech is more thoughtful and deep than Martin, and it would have been great to see him there. Still, we have his excellent report on the conference, which I highly recommend.

The theme of the conference was #Me2B, a perfect synonym (or synotag) for both #VRM and #CustomerTech, and hugely gratifying for us at ProjectVRM. As Martin says in his report,

This conference is an important one, as it has not sold its soul to the identity harvesters, nor rejected commercialism for utopian social visions by excluding them. It brings together the different parts and players, accepts the imperfection of our present reality, and celebrates the genuine progress being made.

Another pull-quote:

…if Facebook (and other identity harvesting companies) performed the same surveillance and stalking actions in the physical world as they do online, there would be riots. How dare you do that to my children, family and friends!

On the other hand, there are many people working to empower the “buy side”, helping people to make better decisions. Rather than identity harvesting, they perform “identity projection”, augmenting the power of the individual over the system of choice around them.

The main demand side commercial opportunity at the moment are applications like price comparison shopping. In the not too distant future is may transform how we eat, and drive a “food as medicine” model, paid for by life insurers to reduce claims.

The core issue is “who is my data empowering, and to what ends?”. If it is personal data, then there needs to be only one ultimate answer: it must empower you, and to your own benefit (where that is a legitimate intent, i.e. not fraud). Anything else is a tyranny to be avoided.

The good news is that these apparently unreconcilable views and systems can find a middle ground. There are technologies being built that allow for every party to win: the user, the merchant, and the identity broker. That these appear to be gaining ground, and removing the friction from the “identity supply chain”, is room for optimism.

Encouraging technologies that enable the individual to win is what ProjectVRM is all about. Same goes for Customer Commons, our nonprofit spin-off. Nice to know others (especially ones as smart and observant as Martin) see them gaining ground.

Martin also writes,

It is not merely for suppliers in the digital identity and personal information supply chain. Any enterprise can aspire to deliver a smart customer journey using smart contracts powered by personal information. All enterprises can deliver a better experience by helping customers to make better choices.

True.

The only problem with companies delivering better experiences by themselves is that every one of them is doing it differently, often using the same back-end SaaS systems (e.g. from Salesforce, Oracle, IBM, et. al.).

We need ways customers can have their own standard ways to change personal data settings (e.g. name, address, credit card info), call for support and supply useful intelligence to any of the companies they deal with, and to do any of those in one move.

See, just as companies need scale across all the customers they deal with, customers need scale across all the companies they deal with. I visit the possibilities for that here, here, here, and here.

On the topic of privacy, here’s a bonus link.

And, since Martin takes a very useful identity angle in his report, I invite him to come to the next Internet Identity Workshop, which Phil Windley, Kaliya @IdentityWoman and I put on twice a year at the Computer History Museum. The next, our 26th, is 3-5 April 2018.

 

 

« Older posts

© 2018 ProjectVRM

Theme by Anders NorenUp ↑