Category: Identity

VRM+CRM at IIW

Four years and a few months ago, CRM Magazine devoted much of its May issue to VRM.not_iball1 That’s the cover there on the right. It was way ahead of its time. Same goes for ProjectVRM, which started four years earlier.

Now things are starting to shift.

I’ve heard encouraging reports from friends who went to Oracle OpenWorld last month and are headed to Salesforce‘s Dreamforce  next week. They tell me it is now becoming apparent to CRM that it needs a hand to shake on the customer side that’s not a captive one. Specifically —

  • That customers need scale across the many companies they deal with, just as companies need scale across the many customers they deal with. So, for example…
  • A customer should to be able to change his or her address (plus other form fields) for every company they deal with in one move, rather than one at a time within each company’s separate CRM system.
  • A customer should be able to intentcast as a qualified lead, safely and (at least at first) anonymously, outside of any one company’s captive marketplace.
  • An individual’s sovereign identity matters more to them — and to the marketplace — than any administrative identities conferred by companies or governments.
  • The negative externalities of unwelcome surveillance tend to outweigh whatever positive internalities the practice provides.
  • Co-creating the customer experience is better than having one side in charge of the whole thing — especially when the customer has few ways to bring consistency to her experience with many different companies.
  • Customers should have clouds of their own (aka personal clouds, stores, vaults, PIMS), and not just those of silo’d services.
  • Customers need ways to express their own policies, preferences, terms and conditions, and not be forced all the time to accept those provided by sellers — and that mutually agreeable terms will be far better than the one-sided (and in many cases unenforceable) ones nobody reads because there’s no point to it.
  • There is far more leverage on customer retention in the “own cycle” than in the “buy cycle” of the customer experience.

Speaking of which, here’s how that cycle looks, thanks to Esteban Kolsky, who drew the original: oracle-twist

There are now many dozens of developers in or near the VRM space that can be helpful for CRM as well.

Given all the action that’s going on, it would be way cool if we can get players on both sides together in one room to talk and whiteboard our way onto common ground and build new and better stuff there.

So we’re in luck, because that’s what we have with VRM Day and IIW, both at the Computer History Museum in downtown Silicon Valley (101 and Shoreline Road in Mountain View), on the last week of this month.

  • VRM Day is Monday, October 27.
  • IIW (Internet Identity Workshop) is Tuesday to Thursday, October 28-30.

The two go together. VRM Day is located and timed to lead in to IIW. The topics are ones we’ll want to be working on for the next three days — and beyond.

IIW is an unconference. There are no speakers or panels. All the topics are vetted by participants, who lead discussions and push topics forward in breakout rooms. It’s designed that way so stuff gets done and not only talked about.

While the original focus was (and remains) identity, the workshop is open to anything. High on the list of topics that get worked on, every time, are VRM ones like those listed above.

VRM Day and IIW will provide an ideal week for anybody who wants CRM to truly engage customers to get together and help make that happen.

VRM developers need to know more about how to connect with and help CRM systems and related ones, such as sCRM (social CRM), Customer Experience Management and call centers.

CRM developers need to know more about how to connect with and help VRM developers.

And, since everybody with a wallet is also a customer, that character will be well-represented too.

So I encourage everybody involved in CRM or VRM to come to VRM Day and IIW — with a special shout-out to Oracle, SAP, Microsoft Dynamics, IBM, Salesforce and SugarCRM. We need you there. And so do you. :-)

It’s time to make good on the promise we’ve seen coming for way too long.

State of the VRooM, 2014

As of today, ProjectVRM is eight years old.

So now seems like a good time for a comprehensive (or at least long) report on what we’ve been doing all this time, how we’ve been doing it, and what we’ve been learning along the way.

ProjectVRM has always been both a group effort and provisional in its outlook and methods. So look at everything below as a draft requiring improvement, and send me edits, either by email (dsearls at cyber dot law dot harvard dot edu) or by commenting below.

Summary

After eight years of encouraging development of tools and services that make individuals both independent and better able to engage, ProjectVRM (VRM stands for vendor relationship management) is experiencing success in many places; most coherently in France, the UK and Oceania (Australia and New Zealand). There are now dozens of VRM developers (though many descriptors besides VRM are used), and investor interest is shifting from the “push” to the “pull” side of the marketplace. Government encouragement of VRM is strongest in the UK and Australia.  ProjectVRM and its community are focused currently on “first person” technologies, privacy, trust, identity (including anonymity), relationship (including experience co-creation), substituability of services and the Internet of Things. Verticals are personal information management, relationship (VRM+CRM), identity, on-demand services, payments, messaging (e.g. secure email), health, automotive and real estate.  There are many possibilities for research, possibly starting with the effects on business of individuals being in full control of their sides of agreements with companies.

Here are shortcuts to each section:

  1. History
  2. Development
  3. Community
  4. Influence
  5. Issues
  6. Verticals
  7. Investment
  8. Research
  9. Questions

1. History

ProjectVRM is one of many research projects at the Berkman Center for Internet and Society at Harvard University. It started when I began a four-year fellowship at Berkman in September, 2006. In those days Berkman fellows were encouraged to work on a project. I had lots of guidance from Berkman staff and other veterans; but what best focused my purpose was something Terry Fisher said at one of the orientation talks. He said Berkman did its best to be neutral about the subjects it studies, but also that “we do look for effects.”

The effect-generating work for which I was best known at the time was The Cluetrain Manifesto, which I co-authored seven years earlier with Chris Locke, David Weinberger and Rick Levine. By most measures Cluetrain was a huge success. The original website launched a meme that won’t quit, and the book that followed was a bestseller.(It still sells well today). But I felt that its alpha clue, written by Chris Locke, still wasn’t true. It said,

we are not seats or eyeballs or end users or consumers.
we are human beings and our reach exceeds your grasp. deal with it.

There is a theory in there that says the Internet gives human beings (the first person we) the reach they need to exceed the grasp of marketers (the second person your).

So either the theory wasn’t true, or the Internet was a necessary but insufficient condition for the theory to prove out. I went with the latter and decided to to work on the missing stuff.

That stuff couldn’t come from marketers, because they were on the second person side. In legal terms, they were the second party, not the first. This is why their embrace  of  Cluetrain’s “markets are conversations” couldn’t do the job. Demand needed help that Supply couldn’t provide. What we needed, as individuals, were first party solutions — ones that worked for us.

The more I thought about the absence of first party solutions, the more I realized that this was a huge hole in the marketplace: one that was hard to see from the client-server perspective, always drawn like this:

468px-Client-server-model.svg

While handy and normative, client-server is also retro. Here’s a graphic from Virtual Teams: People Working Across Boundaries with Technology (Jessical Lipnack and Jeffrey Stamps, 2000,  p. 47) that puts it in perspective:

lipnack

Client-server is hierarchical, bureaucratic industrial and agricultural (see the image below). But it’s also most of what we experience on the Web, and also where the entirety of the supply side sits. So, even if Cluetrain is right when it says (in Thesis #7) “hyperlinks subvert hierarchy,” subversion goes slow when the people running the servers are in near-absolute control and hardly care at all about links. In less abstract terms, what we have on the Web is this:

calf-cow

As clients we go to servers for the milk of text, graphics, sound and videos. We get all those, plus cookies (and other tracking methods) to remember who we are and where we were the last time we showed up. And, since we’re just clients, and servers do all the heavy lifting  (and with technology what can be done will be done) the commercial Web’s ranch has turned into what Bruce Schneier calls Our Internet surveillance state.

By 2006 it was already clear to me that we could make the whole marketplace a lot bigger if individuals were fully capable human beings and not just calves — if we equipped Demand to drive Supply at least as well as Supply drives Demand.

To help people imagine what will happen when Demand reaches full power, I wrote a Linux Journal column a few months earlier, titled “The Intention Economy.” Here’s the gist of it:

The Intention Economy grows around buyers, not sellers. It leverages the simple fact that buyers are the first source of money, and that they come ready-made. You don’t need advertising to make them.

The Intention Economy is about markets, not marketing. You don’t need marketing to make Intention Markets.

The Intention Economy is built around truly open markets, not a collection of silos. In The Intention Economy, customers don’t have to fly from silo to silo, like a bees from flower to flower, collecting deal info (and unavoidable hype) like so much pollen. In The Intention Economy, the buyer notifies the market of the intent to buy, and sellers compete for the buyer’s purchase. Simple as that.

The Intention Economy is built around more than transactions. Conversations matter. So do relationships. So do reputation, authority and respect. Those virtues, however, are earned by sellers (as well as buyers) and not just “branded” by sellers on the minds of buyers like the symbols of ranchers burned on the hides of cattle.

The Intention Economy is about buyers finding sellers, not sellers finding (or “capturing”) buyers.

In The Intention Economy, a car rental customer should be able to say to the car rental market, “I’ll be skiing in Park City from March 20-25. I want to rent a 4-wheel drive SUV. I belong to Avis Wizard, Budget FastBreak and Hertz 1 Club. I don’t want to pay up front for gas or get any insurance. What can any of you companies do for me?” — and have the sellers compete for the buyer’s business.

This car rental use case is one I’ve used to illustrate what would be made possible by “user-centric” or “independent” identity, which was also the subject of the cover story in last October’s Linux Journal, plus this piece a year earlier, and various keynotes I’ve given at Digital Identity World, going back to 2002. It is also the use case against which the new open source Higgins project was framed.

Even though I’ve been thinking out loud about Independent Identity for years, I didn’t have a one-word adjective for the kind of market economy it would yield, or where it would thrive. Now, thanks to all the unclear talk at eTech about attention, intentional is that adjective, because intent is the noun that matters most in any economy that gives full respect to what only customers can do, which is buy.

Like so many other things that I write about (including everything I’ve written about identity), The Intention Economy is a provisional idea. It’s an observation that might have no traction at all. Or, it might be a snowball: an core idea with enough heft to roll, and with enough adhesion to grow, so others add their own thoughts and ideas to it.

So that’s the purpose I chose for my new Berkman project: to get a snowball of development rolling toward the Intention Economy.

The project has been lightweight from the start, consisting of myself* and other volunteers. Our instruments are this blog, a wiki, a mailing list and events. In gatherings of project volunteers at Berkman and elsewhere, we narrowed our focus to encouraging development of tools for independence and engagement. That is, tools that would make individuals both independent of other entities (especially companies) and better able to engage with them. These shaped the principles, goals and tools listed on our wiki.

The term VRM came about accidentally. I was talking about my still-nameless project on a Gillmor Gang podcast in October 2006. Another guest on the show, Mike Vizard, started using the term VRM, for Vendor Relationship Management — or the customer-side counterpart of CRM, for Customer Relationship Management, which was then about a $6.2 billion B2B software and services industry.  (It’s now past $20 billion.) The Gillmor Gang is a popular show, and the term stuck. It wasn’t perfect (we wanted a broader focus than “vendors,” which is also a B2B term, rather than C2B). But the market made a decision and we ran with it. Since then VRM has gained a broader meaning anyway. Every thing (hardware, software, policies, legal moves) that enables an individual to interact with full agency in any relationship is a  VRM thing. “RM” turns out to  be handy for sub-categories as well, such as GRM (government relationship management) and HRM (health relationship management).

ProjectVRM has always been unusual for Berkman in two ways. One is that it has been focused on business — the commercial side of the “society” in Berkman’s name. The other is that it put the development horse ahead of the research cart. So, while we always wanted to do research (and did some along the way, such as with ListenLog), we felt it was important to create research-worthy effects first.

My first mistake was thinking we would have those effects within a year. My second mistake was thinking we would have them within four years — the length of my fellowship. It has taken twice that long, and still requires one more piece. More about that below, in the Research and Opportunities sections.

In its early years, when it was pure pioneering, ProjectVRM had a lot of volunteer organizational help. There were weekly conference calls and meetings, and events held in Cambridge, London, San Francisco and elsewhere. But the main gatherings from the start were at the Internet Identity Workshop (IIW), an unconference I co-organize at the Computer History Museum in Mountain View. (Our next VRM Day is 27 October. Register here.)

IIW also started with Berkman help. It was first convened as a group I pulled together for a December 31, 2004 Gillmor Gang podcast on identity. Steve Gillmor called the nine participants in the show “The Identity Gang.” The conversation continued by phone and email, with growing energy. So we convened again, this time in person with a larger group, in February 2005 at Esther Dyson’s PC Forum in Scottsdale, Arizona. It was there that John Clippinger asked if we would like “a clubhouse” at Berkman. I said yes, and John had Paul Trevithick create a Berkman site for the gang. As interest collected around the site and its list, three members — Phil Windley (then CIO of Utah), Kaliya Hamlin (aka “IdentityWoman“) and I morphed the gang meetings into IIW, which met for the first time in Fall of 2005. Our 19th is coming up on 28-30 October. (Register here.)  It tends to have 180-250 participants from all over the world. While identity remains the central theme, as an unconference its topics can be whatever participants choose. VRM is always a main focus, however. And we always have a “VRM Day” at the Museum the day before IIW. The next is on 27 October. It’s free.

The Identity Gang  also grew out of other efforts by a number of individuals and groups:

I’ll leave it at those for now. Others can add to it and help me connect the dots later. What matters is that ProjectVRM has both roots and branches that intertwine with the digital identity movement. I unpack more in the Community section below. Meanwhile it is essential to note that Kim Cameron’s Seven Laws of Identity had a large guiding influence on ProjectVRM. This is partly because they were all good laws, but mostly because they came from the individual’s side:

  1. User control and consent
  2. Minimal disclosure for a constrained use
  3. Justifiable parties (“disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship”)
  4. Directed identity (“facilitating discovery while preventing unnecessary release of correlation handles”)
  5. Pluralism of operators and technologies
  6. Human integration
  7. Consistent experience across contexts

As you see, all of those should apply just as well to VRM tools and services.

We have had two interns in our history, both hugely helpful. The first was Doug Kochelek, an HLS law student with a BS and a EE from Rice. He came on board at the very beginning, in September 2006. He’s the guy who worked with Berkman’s Geek Cave to create the wiki, the blog and the list. He also shook down many technical problems along the way. The second was Alan Gregory, a 2009 summer intern and a law student at the University of Florida. Alan helped with research on the chilling effects of copyright expansion on Web streaming, which was a focus of a research project we did with PRX called ListenLog — a self-tracking feature installed in PRX’s Public Media Player iPhone app. (Here’s a presentation Alan and I did at a Fellows Hour.) ListenLog was the brainchild of Keith Hopper, then of NPR, and was years ahead of its time. Work on those projects was funded by a grant from the Surdna Foundation.

To keep its weight light and its work focused on development and relevant issues, ProjectVRM does not have its own presence on Twitter or Facebook. Its social media activity is instead comprised of postings by individual participants in the project, and the memes they drive. #VRM, for example, gets tweeted plenty, and has come to serve as shorthand for individual empowerment.

In 2007 we did a good job of publicizing what VRM and ProjectVRM were about, and got a lot of buzz. It was  premature, and our first big lesson: it’s not good to publicize anything for which the code isn’t ready. In the absence of code, it’s easy for commentators (such as here) to assume that what we’re trying to do can’t be done.

So we got more heads-down after that, and avoided publicity for its own sake.

not_iball1Still, the idea of VRM is attractive, especially to folks at the leading edge of CRM. This is what caused nearly an entire issue of CRM magazine to be devoted to VRM ,in May 2010. It too was ahead of its time, but it helped. So did two books that came out the same year: John Hagel’s The Power of Pull, and David Siegel’s Pull: The Power of the Semantic Web to Transform Your Business. John also helped in June 2012 with The Rise of Vendor Relationship Management.

That essay was a review of  The Intention Economy: When Customers Take Charge, which arrived in May from Harvard Business Review Press. The book reported on VRM development progress and detailed the projected shifts in market power that I first called for in my 2006 column with the same title.

While  The Cluetrain Manifesto has been a bigger seller, The Intention Economy Intention-economy-cover has had plenty of effects. Currently, for example, it is informing the work of Mozilla’s commercial arm, headed by Darren Herman, who this year hired @SeanBohan from the VRM talent pool. (Here’s a talk I gave at Mozilla in New York last month.) On the publicity side, the book was compressed to a Wall Street Journal full-page Review section cover essay titled “The Customer as a God.”

So far ProjectVRM has one spin-off: Customer Commons, a California-based nonprofit. Its mission is “restore the balance of power, respect and trust between individuals and organizations that serve them.” CuCo is a membership organization with the immodest ambition of attracting “the 100%.” In other words, all customers. And it is modeled to some degree on Creative Commons CustomerCommonsLogo4(a successful early Berkman spin-off), by serving as the neutral place where machine- and person-readable versions of personal terms, conditions, policies and preferences of the individual can be maintained. Among those terms will be those restricting or preventing unwanted tracking, and among those policies will be those establishing the boundaries we call privacy. Customer Commons is a client of the Cyberlaw Clinic, which is helping develop both. But much more can be done. We’ll visit that in the Opportunities section below.

2. Development

The list of VRM developers is now up to many dozens. While most don’t use the term “VRM” in marketing their offerings (nor do we push it), the term is gathering steam. For example, while updating the developers list a few minutes ago, I found two new companies that use VRM in the description of their offerings: InformationAnswers (“Where CRM meets VRM.”) and PeerCraft (“The main purpose for PeerCraft is to support Vendor Relation Management.”)

Some developers on our list are now familiar brands, though none started that way, and most did not exist when ProjectVRM began. Some of the successes (e.g. Uber and Lyft) have not been directly engaged with ProjectVRM, but are listed because they are what we call “VRooMy.” Other successes (e.g. Personal.com, Reputation.com and GetSatisfaction) have been engaged, one way or another. One that got a lot of notice lately is Thumbtack, for picking up a $100 million investment from Google. That’s atop the $30 million they got earlier this year.

In fact many VRM developers are now having an easier time getting money, thanks to a trend on which ProjectVRM has had influence: a shift of market interest away from “push” (e.g. advertising) and toward “pull” (e.g. VRM). (More about investment below.)

Several years ago, a bunch of VRM developers (and I) worked on developing SWIFT’s Digital Asset Grid. (SWIFT is the main international system for moving money around, and is headquartered in Belgium.) The code is open source, as is other VRooMy work in the financial sector. (Such as the stuff being done by the Romanian company I wrote about here.) OIX also maintains a set of “trust frameworks,” one of which is at the heart of the Respect Network, which I’ll unpack below.

While there is a lot of development in the U.S., and there are VRM startups scattered around the world, the three main hotbeds of activity are the UK, France and Oceania (Australia and New Zealand). Each is a community of its own, cohering in different ways. It’s helpful to visit each, because they represent unique contexts and resources for moving forward.

The UK

In the UK, government is central, through a role one official there calls “being a giant consumer of personal data from citizens.” It gets that data either from individuals directly or from companies that provide individuals with what are called variously called personal clouds, data stores, lockers and vaults. While all these companies perform as intermediaries, they work primarily for the individual. To differentiate this new class of company from traditional third parties, ProjectVRM calls them “fourth parties”. (That term is alien to lawyers, but is catching on anyway. For example, there is a new VRM company in Australia with the name “4th Party.”)

Leading the UK government in a VRooMy direction from the inside is in the Efficiency and Reform Group of the Government Digital Service (GDS) in the Cabinet Office.  In this presentation by Chris Ferguson, Deputy Director of the GDS we see the government pulling in big companies (e.g. Google, Equifax, Lexis-Nexis, Experian, Paypal, Royal Mail, BT, Amazon, O2, Symantec) to legitimize and engage fourth parties serving individuals (e.g. Mydex, Paoga and Allfiled).

Two outside groups working with the UK government are Ctrl-Shift and OIX (Open Identity Exchange). Ctrl-Shift is a research consultancy that has been engaged with ProjectVRM from the beginning. OIX is a Washington-based international .org focused on ‘building trust in online transactions.’

France

VRM is a familiar and well-understood concept in France. There are meetups (such as this one) and many VRooMy startups, such as Privowny (led by French folk and HQ’d in Palo Alto), CozyCloud, and OneCub. A big organizational driver of VRM in France is Fing.org, a think tank that brings together large companies (e.g. Carrefour, Societe General, Orange and LaPoste) with small companies such as the ones I just mentioned. They do this around research projects. For example, ProjectVRM informed Fing’s Mesinfos research project (described here).

Oceania

If we were to produce a heat map of VRM activity, perhaps the brightest area would be Australia and New Zealand. I’ve been down that way three times since June of last year, to help developers and participate in meetings and events. As with the UK, government in Australia is very supportive of VRM development, and with empowering individuals generally. (We met with three agencies on one of the trips: one with the federal government in Canberra and two with the New South Wales government in Sydney. One of them called citizens “customers” of government services, because “they pay for them.”) Startups there include Flamingo, Meeco, Welcomer, Geddup,4th Party, Fifth Quadrant, Onexus and the New Zealand based MyWave.

Recent changes in Australian privacy policy also attract and support VRM development. Australian companies (and government agencies) collecting personal data from people on the Web (or anywhere) are now required to make that data available to those people to use as they please. (Or so I understand it.) This gives Canberra-based Welcomer, for example, a reason to exist. Welcomer makes “private data dashboards” that “show collected summaries of the personal data held by organisations and by individuals including the person themselves. The dashboard gives a summary of personal data with the ability to link through to the source data (where required).”

This summer, the first commercial community to grow out of ProjectVRM work, the Respect Network (which Privacy By Design (PbD) calls the “World’s First Global Private Cloud Network”) held a world tour to launch the community and stimulate funding for members’ common goals, standards and code development. I was on the tour (London, San Francisco, Sydney, Tel Aviv), and wrote a report on the ProjectVRM blog. (Naturally, I shot pictures. Those are here. I also spoke at each venue. One of my Sydney talks is here.)

3. Community

To understand where ProjectVRM fits in the world, and how it works, I like the Competing Values Framework by Kim S. Cameron (no relation to the one above), Robert E. Quinn, Jeff DeGraff and Anjan Thakor:

Screen Shot 2014-09-01 at 5.48.45 PM

While there are many VRM developers operating in the lower half of that graphic, what ProjectVRM does is in the upper half of that diagram.  We have a collaborative clan of flexible and creative individuals in an adhocracy, working together on long-term transformational change.

Pretty much everything that gets criticized about our efforts falls in the lower half. That’s because we have no hierarchy and don’t work to control what anybody does. And progress on the whole  has been slow. (Though there are exceptions, such as Uber, Lyft and Thumbtack.)

That graphic is just one of many helpful ones in David Ronfeldt‘s Organizational forms compared, which he’s been updating since first publishing it in May 2009. One reason it is helpful is that the hierarchical short-term stuff is obvious and easily understood, while collaborative long term stuff is much harder to grok. It’s like the difference between weather and geology. Which makes me think that graphic should be flipped vertically: slow stuff on the bottom, fast stuff at the top. That’s what the Long Now foundation does with this graphic, which I’ve always loved:

layers of time

The change we want most is down in the culture, governance and infrastructure layers, even though our focus is on commerce. This also explains why we run into trouble when we play with fashion. The last thing we want is for VRM to be cool. (This is also a lesson I learned and re-learned over two decades of watching Linux, free software and open source for Linux Journal.)

The following graphics are all from David Ronfeldt’s scholastic gatherings. Each in its own way helps explain how our community works — and how it doesn’t. First, from one of Bob Jessop‘s many papers on governance and metagovernance (this one from 2003):

jessop figure

That’s our column on the right.

Then there is this, from Federico Iannacci and Eve Mitleton–Kelly’s Beyond markets and firms: the emergence of Open Source networks (First Monday, May, 2005):

iannacci

That’s us in the middle. We’re a stable and decentralized heterarchy that coordinates by mutual adjustment.

Then there is this from Karen Stephenson‘s Neither Hierarchy nor Network: An Argument for Heterarchy (in Ross Dawson’s Trends in the Living Networks, April, 2009):

stephenson

Again that’s us on the right.

Something I like about those last two is the respect they give to heterarchy, which has been a focus for many years of Adriana Lukas, another VRM stalwart who has been with the project since before the beginning. Here’s her TED talk on the subject.

Finally, there is this graphic, from  Clay Spinuzzi‘s Toward a Typology of Activities (2013):

Spinuzzi

In Spinuzzi’s Losing by Expanding: Corralling the Runaway Object, an object is identified as “a material or problem that is cyclically transformed by collective activity.” With our tacit, inductive and flexible approach, this also characterizes the way our community works.

One can see all this at work on the ProjectVRM mailing list, an active collection of 615 subscribers. We also meet in person twice a year at IIW, starting one day in advance of the event, with “VRM Day.” This adds up to a total of at least eight days per year of in-person collaboration time.

Most of the rest of the VRM community meets locally, or through the organizing work of organizations such as Respect Network (U.S. based, but spanning the world) and Fifth Quadrant (Sydney based, and focused on Australia and New Zealand).

There are many other organizations with which ProjectVRM is well aligned. Among them are:

If things go the way I expect, Mozilla will also emerge as a center of VRM interest and development as well. (For example, I expect VRM to be a topic in October at MozFestival in the U.K.

4. Influence

Nearly all VRM influence derives from the work of its volunteers and its developers. “Markets are conversations,” Cluetrain said, and we drive a lot of those. But they rarely get driven exactly the way I, or we, would like. Conversations are like that. EIC awardSo are heterarchical networks. Everybody wants to come at issues from their own angle, and often with their own vocabulary. We see that especially with analysts and think tanks. None of them like the term VRM. (In fact lots of developers avoid it as well. I don’t blame them, but we’re stuck with it.) Ctrl-Shift, for example, calls fourth parties PIMS, for Personal Information Management Services. Kuppinger-Cole, which gave ProjectVRM an award in 2008 (that’s the trophy on the right), insists on the term “Life Management Platforms.” (I pushed it for awhile. Didn’t take.) Here in the U.S., Forrester Research calls the same category PIDM for Personal Identity and Data Management. We don’t care, because we look for effects.

As for the influence of others on ProjectVRM, there are too many to list.

5. Issues

Privacy is the biggest one right now. (A Google search brings up more than five billion results). We’ve done a lot to drive interest in the topic, and have brought thought leadership to the topic as well. (Here is one example.) On behalf of ProjectVRM, I’ve participated in many privacy-focused events, such as the Data Privacy Hackathon earlier this year, and at GovLab gatherings such as the one reported on here. I’m also in Helen Nissenbaum‘s Privacy Research Group at the NYU Law School, where I presented ProjectVRM developers’ privacy work on February 26 of this year.

Tied in with privacy online, or lack of it, is users’ need to submit to onerous terms of service and meaningless privacy policies. Those terms, also called contracts of adhesion, have been normative ever since industry won the industrial revolution, but have become especially egregious in the online world. Today there is a crying need both for better terms on the sites’ and services’ side, and for terms individuals can asset on their side. From the beginning ProjectVRM has been focused mostly on the latter.

Trust is another huge issue, also tied with privacy. ProjectVRM has both encouraged and influenced the growth of “trust frameworks” such as the Respect Trust Framework and others (there are five) at OIX, as well as Open Mustard Seed and OpenPDS under IDcubed at the MIT Media Lab.

VRM+CRM has been a focus from the start, but the timing has not been right until now. At the beginning, we expected CRM companies to welcome VRM. Press and analysts in the CRM space were encouraging from the start (CRM Magazine devoted an entire issue to it in 2010), but the big CRM companies showed little interest, until this year.

Sitting astride or beside VRM and CRM is a category variously called CX (for Customer Experience), CRX (for Customer Relationship Experience), EM (for Experience Management) CEM or CXM (for Customer Experience Management) and other two and three-letter initialisms. Another happening in the midst of all these is “co-creation” of customer experience. The purpose here is to bring customers and companies together to co-create experience in a lab-like setting where research can be done. This is what Flamingo does in Australia. In a similar way, MyWave in New Zealand (with developers in Australia) “puts the customer in charge of their data and the experience” for a “direct ‘segment of one’ relationship with businesses.”

With the Internet of Things (IoT) heating up as a topic, there is also an increased focus, on the “own cycle,” rather than the “buy cycle” of the customer experience. I explain the difference here, using this graphic from Esteban Kolsky:

oracle-twist

In our lives the own cycle is in fact the largest, because we own things — lots of them — all the time and are buying things only some of the time. In fact, most of the time we aren’t buying anything, or even close to looking. This is a festering problem with the advertising-driven commercial Web, which assumes that we are constantly in the market for whatever it is they push at us. In addition to not buying stuff all the time, we are employing more and more ways of turning advertising off (ad blockers are the top browser extensions). For advertising and ad-supported companies, including millions of ad-supported publishers on the Web, this is a mounting crisis. According to an August 2013 PageFair report, “up to 30% of web visitors are blocking ads, and that the number of adblocking users is growing at an astonishing 43% per year.” In The Intention Economy, I called online advertising a “bubble” and I stand by the claim. It’s just a matter of time.

As the stuff we own gets smart, and as more of it finds its way onto the Net service becomes far more important to companies than sales. And VRM developers are laying important groundwork in service. I wrote about this in Linux Journal last year, drawing special attention to the pioneering work led by Phil Windley, who has been a VRM stalwart since before the beginning. In fact it’s Phil’s work that makes clear that things themselves don’t need to be smart to exist on the Internet. All they need is clouds that are smart, which Phil calls picos for persistent computing objects. In this HBR post I explain how the shared clouds of products can be platforms for relationship between company and customers , with learnings flowing in both directions.

6. Verticals

Relationship

This was the first for VRM, and it’s still a primary interest. We need tools on the individual’s side for managing many relationships. There still is not a good “relationship dashboard,” though there are a number of efforts in this direction. But as soon as we have code on the VRM side that matches up with code on the CRM side (including, for example, call centers, which are also interested in VRM), we’ll rock.

Payments

Even though ProjectVRM’s mission is centered around relationship and conversation, transaction is a big part of it too — just not the only part, as business often assumes. Our first efforts, starting in 2006, were around making it as easy as possible for individuals to donate money in one standard way to many different public radio stations.

We have been involved in many meetings and discussions around payments and secure data transactions, and some projects as well. We worked with SWIFT on the Digital Asset Grid, and have been in conversations with banks (e.g. Chase) and VISA Europe for a long time as well. With the rise of alternative currencies (e.g. Bitcoin), distributed accounting (e.g. Blockchain), digital wallets and other new means for transacting and accounting, there are many ways for VRM developments to play.

Email

In what is being called “post-Snowden time,” many new secure and encrypted email approaches have evolved. While some are listed on the ProjectVRM developers list, we haven’t been very involved with them — at least not yet. But we are involved with developers working on privacy-protecting tools that can either be embedded in existing email systems or offer alternative communications “tunnels.”

Personal information Management

There are two breeds of development here.

One is fourth party services and code bases for managing and sharing personal data selectively online. There are now many of these. Some support self-hosting as well. (ProjectVRM has always been supportive of free software, open source, and the “first person technology” and “indie” movements.) One organization, the Respect Network, was created to provide a framework for substitutability of services and apps.

The other is code the individual uses to manage his or her own life, and connections out to the world. This is where calendar, email, IM, to-do lists, password managers and other convenience-producing apps for the connected world come together. There is no leader here, though there are many players, including Apple, Microsoft and Google.  So far, this area has only seen centralized and siloed players, with inherent security and data mining disadvantages. But recently, commercial and open source conversations about a decentralized approach to this opportunity have been taking place.

A test case for VRM that applies to both kinds of solutions is this: being able to change my address, my last name or my phone number for many services in one move. This is exactly what the UK government is calling for from citizens’ personal information management systems (what Ctrl-Shift calls PIMS). A citizen should be able to change her address for the Royal Mail, the Passport Office and the National Health Service, all at once. Bonus links: Making things open, making things better, by Mike Bracken in the Gov.UK Government Digital Service blog, where Mike’s prior post, Reading the Digital Revolution featured this illustration by our old friend Paul Downey:

cluetrain-620x295

Apple’s HealthKit and HomeKit, which go live with the release of iOS 8on 9 September, also have some VRM developers excited, because it will make this kind of integration at the individual end easy to do in two verticals: Health and Home Automation.

Health

Early on with ProjectVRM, I avoided health as an issue, because I wanted to see real progress in my lifetime — and I felt that the situation in the U.S. was fubar. But other VRM folk did not agree, and have pushed VRM forward very aggressively in the health field. Dr. Adrian Gropper and Dr. Deborah Peel of Patient Privacy Rights have done a remarkable job of carrying the VRM flag up a very steep and slippery hill. Berkman veteran John Wilbanks is another active ProjectVRM volunteer whose work in health is broad, deep, influential and at the leading edge of the pioneering space where personal agency engages the wild and broken world of the U.S. health care system. Brian Behlendorf, the primary developer of the Apache Web server (which hosts the largest share of the world’s Web sites and services) and the CONNECT open source code base for health service collaboration, is also an active participant in ProjectVRM.

A number of VRM developers are working with, or paying close attention to, Apple’s HealthKit. In the words of one of those developers, “It’s very VRooMy.” HealthKit developments go live when Apple rolls out iOS 8 on 9 September.

Automotive

While a number of car makers are eager to spy on drivers, Volkswagen has put a stake in the ground. In March, Volkswagen CEO Martin Winkerhorn gave a keynote at the Cebit show that drew this headline: “Das Auto darf nicht zur Datenkrake warden.” My rusty Deutsch tells me he’s saying the car shouldn’t be a data octopus.

Toward that end, Phil Windley’s Kickstarter-based  Fuse will give drivers and car owners all the data churned out of their cars’ ODB-II port, which was created originally for diagnostics at car dealers and service stations. With an open API around that data, developers can create apps to alert you to schedule maintenance, monitor your teen’s driving and much more.

Real Estate

The only products that cost us more than cars are homes. Here too we have a VRM advocate in Cambridge-based Bill Wendell of Real Estate Café. He has always been way ahead of his time, but it’s clear his time is coming. (Here’s Bill leading a session on VRM in Real Estate at IIW 18 in May.)

7. Investment

There is an upswing of investment in start-ups on the “pull” — the individual’s — side of the marketplace. Many wealthy individuals, some quite new to tech investing, perceive an opportunity in “pull” side tools, so interest is building, especially in angel funding. There are currently at least three initiatives coming together to invest in VRM or intention based start-ups in Silicon Valley and Europe. This is one of the outcomes of the last IIW (in May of this year), where investment emerged as a big theme, with a number of VC’s for the first time participating in IIW sessions. I’m involved in planning a VRM specific fund, which is still in its preliminary stages. If it moves forward (which I believe it will), it should come into shape by next year.

In some cases government is also involved. In the UK, for example, the SEIS (Seed Enterprise Investment Scheme) program offers huge tax incentives to angel investors.

8. Research

There are many questions we can probe with research, but only one I want to work on in the near term: What happens when individuals come to websites with their own agreeable terms?creativecommons-licenses

Such as, “I’m cool with you tracking me on your site, but don’t follow me when I leave.” And, on the site’s side,  “We’re cool with that.” In proper legalese, of course — but expressed on both sides in code and symbols that work like Creative Commons’ licenses (there on the right).

The Cyberlaw Clinic is already involved, though its work with Customer Commons on a broader set of terms than the one I just mentioned, and Berkman’s own  Privacy Tools for Sharing Research Data could assist with and follow the process, both through the term-creation process and as the terms get implemented in code and materialize on the Web.

We would be dealing with cooperative efforts that require this already. One is Respect Network’s Respect Connect “Login with Respect” button.  As I explain here, the terms of OIX’s Respect Trust frame require the setting of, and respect for, the boundaries of individuals. This can be done, even within the calf-cow framework of client-server.

Respect Connect  is based onXDI, which the Respect Trust Framework also specifies. XDI is a protocol that employs “link respect-connect-buttoncontracts.” Drummond Reed, the father of XDI (and CEO of the Respect Network) describes link contracts as “machine-readable XDI descriptions of the permissions an individual is giving to another party for access to and usage of the owner’s personal data.” Very handy. And binding. In code.

Mozilla has also made efforts in this same direction, most recently with  Persona (there on the right). signinWe can help them out with this work, and I am sure other and other browser makers will also want to get on board — which they should, and with Berkman’s convening power probably will.

At the end of the project we will have both standard terms for posting at Customer Commons and reference implementations hosted by Berkman, or shared by Berkman over Github or some other data repository.

And we would bring to the table many dozens of developers already eager to see increased agency and term-proffering power on the individual’s side. I can easily see privacy dashboards, on both the client and the server sides of websites.

(Thinking out loud here…) We could host focused discussions and invite participants (including law folk — especially students, from anywhere) to vet terms the way the IETF vets Internet standards: with RFCs, or Requests for Comments. Some open source code for this already exists with Adblock Plus’s white list for non-surveillance-based advertisers. I would hope they’d be eager to participate as well. We (ProjectVRM, the Berkman Center or Customer Commons) could publish lists of conformant requirements for website and Web service providers, and lists (or databases) of conformant ones.

This work would also separate respectful actors on the supply side of the marketplace from ones that want to stick with the surveillance model.

While there are lots of things we could do, this is the one I know will have the most leverage in the shortest time, and would be great fun as well.

It is also highly cross-disciplinary, with many lines of cooperation and collaboration within the university and out to the rest of the world. Right at Berkman we have the  Privacy Tools for Sharing Research Data project and its many connections to other centers at Harvard. Its mission — “to help enable the collection, analysis, and sharing of personal data for research in social science and other fields while providing privacy for individual subjects” — is up many VRM development alleys, especially around health care.

9. Questions

What if we fail?

What if it turns out that free customers are not more valuable than captive ones for most businesses? That’s been the default belief of big business ever since it was born.

What if the free market on the Net turns out to be “Your choice of captor?” Client-server lends itself to that, although we can work around its inequities with moves like the one proposed in the Research section above.

What if the only VRM implementations that succeed in the marketplace are silo’d and non-substitutable ones? To some degree, that’s what we have with Uber and Lyft. While they are substitutable (as two apps on one phone), we don’t yet have a way to intentcast to multiple ride sharing providers at once, or to keep data that applies to both. Maybe we will in the long run, but so far we don’t.

Apple may be VRooMy with HealthKit and HomeKit, but both still operate within Apples silo. You won’t be able to use them on Android (far as I know, anyway).

And what if the Internet of Things turns out to be a world of silos as well? This too is the default, so far. Phil Windley mocks the Apple of Things and the Google of Things by calling both The Compuserve of Things — and making the case for substitutablility as well.

And what if customers just don’t care? This too is the default: the body at rest that tends to stay at rest. For VRM to fully happen, the whole body needs to be in motion — to move from one Newtonian state to another. It’s doing that in places, but not across the board.

Finally, what if we succeed? VRM is about making a paradigm shift happen. So was  Cluetrain before it. On the plus side, the Net itself lays the infrastructural groundwork for that shift. But the rest is up to us.

Whether we  fail or succeed (or both), there will be plenty to study. And that’s been the idea from the start too.

_________________

* Disclosures: I was paid modest sums as a fellow early on, but otherwise have received no compensation from the Berkman Center. I make my living as a speaker, writer and consultant. I have consulted a number of companies listed on the ProjectVRM development work page, and am on the boards of two start-ups: Qredo in the U.K. and Flamingo in Australia. In my work for them my main goal is to see VRM succeed, and I don’t play favorites in competition between VRM companies.

Getting Respect

Respect Network (@RespectConnect) is a new kind of corporate animal: a for-profit company that is also a collection of developers and other interested parties (including nonprofits) gathered around common goals and principles. Chief among the latter is OIX‘s Respect Trust Framework, which is “designed to be self-reinforcing through use of a peer-to-peer reputation system.” Every person and organization agreeing to the framework is a peer. Here are the five principles to which all members agree:

Promise We will respect each other’s digital boundaries

Every Member promises to respect the right of every other Member to control the Member Information they share within the network and the communications they receive within the network.

Permission We will negotiate with each other in good faith

As part of this promise, every Member agrees that all sharing of Member Information and sending of communications will be by permission, and to be honest and direct about the purpose(s) for which permission is sought.

Protection We will protect the identity and data entrusted to us

As part of this promise, every Member agrees to provide reasonable protection for the privacy and security of Member Information shared with that Member.

Portability We will support other Members’ freedom of movement

As part of this promise, every Member agrees that if it hosts Member Information on behalf of another Member, the right to possess, access, control, and share the hosted information, including the right to move it to another host, belongs to the hosted Member.

Proof We will reasonably cooperate for the good of all Members

As part of this promise, every Member agrees to share the reputation metadata necessary for the health of the network, including feedback about compliance with this trust framework, and to not engage in any practices intended to game or subvert the reputation system.

The Respect Network’s founding partners are working, each in their own way, to bring the Respect Trust Framework into common use. I like it as a way to scaffold up a market for VRM tools and services.

This summer Respect Network launched a world tour on which I participated as a speaker and photographer. (Disclosures: Respect Network paid my way, and The Searls Group, my consultancy, has had a number of Respect Network partners as clients. I am also on the board of Flamingo and  Customer Commons, a nonprofit. I don’t however, play favorites. I want to see everybody doing VRM succeed, and I help all of them every way I can. ) We started in London, then hit San Francisco, Sydney and Tel Aviv before heading home to the U.S. Here’s the press coverage:

In the midst of that, Respect Network also announced crowd funding of this button:

respect-connect-button

It operates on the first  promise of the Respect Trust Framework: We will respect each others’ digital boundaries. Think of it as a safe alternative to the same kind of button by Facebook.

The campaign also launched =names (“equals names”) to go with the Respect Connect button, and much else, eventually. These names are yours alone, unlike, say, your Twitter @ handle, which Twitter owns.

There is a common saying: “If you’re not paying for it, you’re the product” In respect of that, =names cost something (like domain names), though not much. Selling =names are CSPs: Cloud Service Providers. There are five so far (based, respectively, in Las Vegas, Vienna, London, New York/Jerusalem and Perth):

bosonweb-logo danube_clouds-logo paoga-logo emmett_global-logo onexus-logo

They  are substitutable. Meaning you can port your =name and data cloud from one to the other as easily as you port your phone number from one company to another. (In fact the company that does this in the background for both your =name and your phone number is Neustar, another Respect Network partner.) You can also self-host your own personal cloud. Mine =name is =Doc, and it’s managed through Danube Clouds. (I actually got it a few years back. The tech behind =names has been in the works for awhile.)

The tour was something of a shakedown cruise. Lots was learned along the way, and everybody involved is re-jiggering their products, services and plans to make the most of what they picked up. I’ll share some of my own learnings for ProjectVRM in the next post.

 

 

Apple HealthKit and VRM

Withhealthkit-hero iOS8, Apple is releasing a pile of new capabilities for developers, such as HomeKit, CarPlay, Family Sharing and HealthKit. These don’t just bring new stuff to your iPhone and iPad. Start digging and you see a framework for personal control of one’s interactions in the world: one that moves Apple away from the norms set by Google, Yahoo, Facebook and other companies that make most of their money in the advertising business.  Explains Greg Lloyd,

Google, Yahoo and others gather correlate, analyze and use personal identity metadata including your location, search history, browsing history to monetize for their own purposes or to sell to others. I believe Apple is trying to build a counter story on security using identity and services encapsulated in devices you own. In addition to continuity, examples include OS8 MAC address randomization for WiFi localization privacy and hardware partitioned storage of iOS fingerprint data.

The italics are mine. Our devices — phones in particular — are becoming extensions of our selves: as personal as our chothes, wallets and keys. They bring new ways for us to engage with people, organizations and other things in the world. There is enormous room for growth in personal empowerment with these devices, especially if those devices are fully ours, and not the hands of advertising companies in our pockets.

Apple, one hopes, aims mainly to enhance our agency — our capacity to act with effect in the world — through our mobile devices. And they have an important advantage, beyond their gigantic size and influence: we pay them. We don’t pay Google, Facebook and Yahoo for most of what we get from them. Advertisers do.

Haydn Shaughnessy unpacks the difference in The Revolution Hidden In The Apple Health Kit :

When you do business with Google, as a consumer, you strike a deal. In return for free search you get ads and for those ads you agree to your data being collected, stored and sold on. The way Apple sees business up ahead, when you use an Apple health service, Apple manages data for you, on your terms. That is a revolution.

health_iconSo, as I’ve been digging thorugh the scant literature on Healthkit and Apple’s new Health app, I’ve looked for ways they line up with VRM principles, goals and tool requirements. Here’s what I see (√ is yes, ? is don’t know. x is no — but I don’t see any of those yet):

VRM Principles

√ Customers must enter relationships with vendors as independent actors
√ Customers must be the points of integration for their own data
√ Customers must have control of data they generate and gather. This means they must be able to share data selectively and voluntarily.
? Customers must be able to assert their own terms of engagement.
√* Customers must be free to express their demands and intentions outside of any one company’s control.

VRM Goals

√ Provide tools for individuals to manage relationships with organizations.
√ Make individuals the collection centers for their own data, so that transaction histories, health records, membership details, service contracts, and other forms of personal data are no longer scattered throughout a forest of silos.
√ Give individuals the ability to share data selectively, without disclosing more personal information than the individual allows.
√ Give individuals the ability to control how their data is used by others, and for how long. At the individual’s discretion, this may include agreements requiring others to delete the individual’s data when the relationship ends.
? Give individuals the ability to assert their own terms of service, reducing or eliminating the need for organization-written terms of service that nobody reads and everybody has to “accept” anyway.
? Give individuals means for expressing demand in the open market, outside any organizational silo, without disclosing any unnecessary personal information.
? Make individuals platforms for business by opening the market to many kinds of third party services that serve buyers as well as sellers
? Base relationship-managing tools on open standards and open APIs (application program interfaces).

VRM Tools:

√* VRM tools are personal. As with hammers, wallets, cars and mobile phones, people use them as individuals,. They are social only in secondary ways.
? VRM tools help customers express intent. These include preferences, policies, terms and means of engagement, authorizations, requests and anything else that’s possible in a free market, outside any one vendor’s silo or ranch.
√ VRM tools help customers engage. This can be with each other, or with any organization, including (and especially) its CRM system.
√ VRM tools help customers manage. This includes both their own data and systems and their relationships with other entities, and their systems.
√* VRM tools are substitutable. This means no source of VRM tools can lock users in.

That’s a wishful reading, and conditional in many ways. The *, for example, means “within Apple’s walled garden,” which may not be substitutable. Greg thinks this isn’t a problem:

…many people value a safer, more consistent, curated, and delightfully designed user experience to a toolkit… I want my personal information and keys to access heath, home, car, family information stored in a walled garden in a device I own, with gated access looking in for Apps I authorize, and freedom to search, link and use anything looking out. Apple appears to be develop its stack top down, starting from a vision of a seamless user experience that just works, giving developers the extensions they need to innovate and prosper.

As a guy who favors free software and open source, I agree to the extent that I think the best we can get at this stage is a company with the heft of an Apple stepping and doing some Right Things. If we’re lucky, we’ll get what Brian Behlendorf calls “minimum viable centralization.” And maximum personal empowerment. Eventually.

I am also made hopeful by some of the other stuff I’m seeing. For example, Haydn quotes this from @PaulMadsen of Ping Identity (both of which are old friends of VRM):

Apple is positioning its Health app as the point of aggregation for all the user’s different health data, and Health Kit the development platform to enable that integration.

In this I hear echoed (or at least validated) Joe Andrieu‘s landmark post, VRM — The User as a Point of Integration.

I also think Apple is the only company today that in a position to lead in that direction. Microsoft might have been able to do it when they dominated the desktop world, but those days are long gone. Our main devices are now mobile ones, where Apple has a huge share and great influence.

Apple is also working with Epic Systems (the largest B2B tech provider to the health care business) and the Mayo Clinic (the “first and largest integrated nonprofit medical group practice in the world”). Out of the gate this has enormous promise for bringing health care systems into alignment with the individual, and for providing foundations for real VRM+CRM connections.

Of course we’ll know a lot more once iOS 8 gets here.

Meanwhile, some questions.

  • Can data gathered in the Health app easily flowed out into one’s non-Apple personal cloud or data store, and then flowed into the health care system of the individual’s choice?
  • In more concrete terms, would a UK citizen with integrated data in her Health app be able to flow that data into her Mydex personal data store, and from there into the National Health Service?  I don’t know, but I hope Mydex, Paoga, Ctrl-Shift and other players in the UK can find out soon, if they don’t know already.
  • Likewise, for the U.S., I would like to know if data can flow, at the individual’s control, back and forth from one’s Personal data vault or one’s Bosonweb or Emmett personal cloud and one’s Apple-hosted health data cloud (or a self-hosted one connected to one’s Apple cloud. And if data can easily flow from those to doctors and other health care providers. In Personal’s case, I’d like to know if data can flow through the Fill It app, which would be a handy thing.
  • For Australia and New Zealand, I’d like to know if the same thing can be done for individuals from their MyWave, Welcomer, Geddup or Onexus personal clouds. I’d also like to know if data in the Health app can be viewed and used through, for example, Meeco‘s app. And what are the opportunities for any of those companies, plus 4th Party, Flamingo and other players, to participate in an ecosystem that has any and all of the companies just mentioned, plus Medicare (the Australian national health service, not to be confused with the American one just for persons 65+)?
  • Same questions go for Qiy in the Netherlands, CozyCloud in France, and many other VRooMy developers in other places. And what’s the play for the Respect Network, which brings consistencies to what many of the developers listed above bring to the market?

In all cases the unanswered question is whether or not your health data is locked inside Apple’s Health app. Apple says no: “With HealthKit, developers can make their apps even more useful by allowing them to access your health data, too. And you choose what you want shared. For example, you can allow the data from your blood pressure app to be automatically shared with your doctor. Or allow your nutrition app to tell your fitness apps how many calories you consume each day. When your health and fitness apps work together, they become more powerful. And you might, too.”

Sounds VRooMy to me. But we’ll see.

 

#VRM and the OpenNotice Legal Hackathon

The OpenNotice Legal Hackathon is happening now: 12 July 2014. Go to that link and click on various links there to see the live video, participate via IRC and other fun stuff.

It’s multinational. Our hosts are in Berlin. I’m in Tel Aviv (having just arrived from Sydney by way of Istanbul). Others are elsewhere in the world.

It’s moving up on 5pm, local time here, and 10am in New York.

I’m prepping for talking #VRM at this link here and  this link here.

Here are some core questions we’ll be visiting.

I’ll add more links later. This is enough to get us started.

VRooMy developments

Youstice is a new VRM company focused on mediating disputes online. Says the home page, “We help customers and retailers resolve shopping issues quickly and effectively.” Here’s the customer side (shop with confidence). Here’s the retailer side (manage claims easily). And here’s the pitch to partners (“help retailers and customers globally reach resolution of thousands of complaints – all through one simple online application”).

Enable your customers to better engage and make them independent. Become a VRooMer! is a new blog post by Zbynek Loebl that nicely explains VRM and the context it provides for Youstice, which is in beta now. So check it out.

Fargo is the online outliner/publishing system brought to us by Dave Winer and friends. As a tool of independence and engagement, it has many VRM possibilities, methinks. I enjoy following it both in use (I often blog through it) and in the Fargo Blog.

Phil Windley‘s The Compuserve of Things speaks to a problem we all suffer but few of us examine: silo-ization. Phil starts by insightfully observing that Web 2.o, for all the progress it brought, did so at the expense of centralization around sites, services and data sources:

Each of these online service businesses sought to offer a complete soup-to-nuts experience and capitalized on their captive audiences in order to get businesses to pay for access. In fact, you don’t have to look very hard to see that much of what’s popular on the Internet today looks a lot like sophisticated versions of these online service businesses. Web 2.0 isn’t so much about the Web as it is about recreating the online business models of the 80′s and early 90′s. Maybe we should call it Online 2.0 instead.

To understand the difference, consider GMail vs. Facebook Messaging. Because GMail is really just a massive Web-client on top of Internet mail protocols like SMTP, IMAP, and POP, you can use your GMail account to send email to any account on any email system on the Internet. And, if you decide you don’t like GMail, you can switch to another email provider (at least if you have your own domain).

Facebook messaging, on the other hand, can only be used to talk to other Facebook users inside Facebook. Not only that, but I only get to use the clients that Facebook chooses for me. Facebook is going to make those choices based on what’s best for Facebook. And most Web 2.0 business models ensure that the interests of Web 2.0 companies are not necessarily aligned with those of their users. Decisions to be non-interoperable aren’t done out of ignorance, but on purpose. For example, WhatsApp uses an open protocol (XMPP), but chooses to be a silo.

He adds,

If we were really building the Internet of Things, with all that that term implies, there’d be open, decentralized, heterarchical systems at its core, just like the Internet itself. There aren’t. Sure, we’re using TCP/IP and HTTP, but we’re doing it in a way that is closed, centralized, and hierarchical with only a minimal nod to interoperability using APIs.

We need the Internet of Things to be the next step in the series that began with the general purpose PC and continued with the Internet and general purpose protocols—systems that support personal autonomy and choice. The coming Internet of Things envisions computing devices that will intermediate every aspect of our lives. I strongly believe that this will only provide the envisioned benefits or even be tolerable if we build an Internet of Things rather than a CompuServe of Things.

When we say the Internet is “open,” we’re using that as a key word for the three key concepts that underlie the Internet:

  1. Decentralization
  2. Heterarchy (what some call peer-to-peer connectivity)
  3. Interoperability

And concludes,

The only way we get an open Internet of Things is to build it. That means we have to do the hard work of figuring out the protocols—and business models—that support it. I’m heartened by developments like Bitcoin’s blockchain algorithm, the #indieweb movement,TelehashXDI DiscoveryMaidSafe, and others. And, of course, I’ve got my own work onKRLCloudOS, and Fuse. But there is still much to do.

We are at a crossroads, with a decision to make about what kind of future we want. We can build the world we want to live in or we can do what’s easy, and profitable, in the short run. The choice is ours.

This is strong and important stuff.

Here in browser-land (where I’m writing this), Firefox has released a major new upgrade: version 29.0. Here’s an explanation. Firefox matters for VRM purposes because it’s the browser that’s closest to ours alone, and therefore in the best position to become a VRM instrument. The team there has also recently made hires — on purpose — from within our VRM orbit, and this is hugely encouraging. Oh, and they just put out this very cool video.

Same goes for WordPress. Gideon Rosenblatt‘s Automattic for the People: WordPress as a Regenerative Business singles out WordPress for praise as a paradigmatic example. He defines a regenerative business as a people- (rather than a money- or mission-) centric. So, in this respect, it helps to note that the main stakeholders in WordPress, Mozilla and Fargo are the people who put it to use. They are driven by us. This is more important than them being -centric around us. (This distinction is unpacked here and here.)

Regenerative business reminds me a lot of Umair Haque’s concept of thick value. Need to look more deeply into that.

Last but not least, dig Casius, which matches homeowners with pre-screened and qualified contractors in several European countries, so far: intentcasting, of a sort.

Looking forward to seeing lots of you at IIW next week.

Leveraging Whitman

On the ProjectVRM list the conversation has once again drifted to identity.

Nearly all conversation about identity in development circles around stuff Devon Loffreto of Noizivy calls administrative. It’s a good term. That’s what we get from every card some company, school or government agency prints with our name on it and we stick in our wallet. It’s what we also get from “social” login shortcuts such as Facebook’s and Twitter’s.

Regardless of the conveniences these administrative things bestow on us, what they provide is not our true identity. It might be one we use, but it is not imbued with our fully human essence, which Devon calls sovereign. In Recalibrating Sovereignty he makes a strong connection between that personal essence and what we write large (in the U.S. at least) as a nation-state of free people. Or that’s the idea anyway.

I don’t see this as a Libertarian thing (though I am sure Libertarians will find it agreeable). I see it as an elementary expression of what makes us most human: our individuality. This is not in conflict with what also makes us social, or the social nature of political, cultural, economic, educational and other institutions. Rather it enriches all of them. Saying that each of us is sovereign goes deeper than saying each of us is unique. Because we are not merely different. Each of us brings our own genius into the world. (Read John Taylor Gatto on genius, which he considers “common as dirt.”) Even genetically identical twins possess profoundly individual souls. That individuality is at the core of identity.

Right now I’m reading Orson Scott Card‘s Tales of Alvin Maker. By the fourth book Alvin’s surname has changed from Miller (what Alvin’s father was) to Smith (what Alvin was trained to be) to Maker (what Alvin becomes), each one expressing his role in the world. The name Maker identifies Alvin’s sovereign nature — one that transcends the identifier and is rooted in his nature as a sovereign soul. (The Tales are set in an early stage of American history in which this kind of choice was a common one. Check your own surname for evidence of what some ancestor did for a living. Searls, as I understand it, is a variation of Searle, which likely descends from Serlo, a Germanic or Norman word for soldier.)

From slightly later than Alvin’s time comes Walt Whitman, the great American poet, and a tireless advocate of personal sovereignty — though I’m not aware that he ever put those two words together. Rather than explain Whitman, I’ll compress further the abridged Song of Myself that put up on the Web more than seventeen years ago:

I know I am solid and sound.
To me the converging objects of the universe
perpetually flow.
All are written to me,
and I must get what the writing means.
I know I am deathless.
I know this orbit of mine cannot be swept
by a carpenter’s compass,

I know that I am august,
I do not trouble my spirit to vindicate itself
or be understood.
I see that the elementary laws never apologize.

I exist as I am, that is enough.
If no other in the world be aware I sit content.
And if each and all be aware I sit content.

One world is aware, and by far the largest to me,
and that is myself.
And whether I come to my own today
or in ten thousand or ten million years,
I cheerfully take it now,
or with equal cheerfulness I can wait.

My foothold is tenoned and mortised in granite.
I laugh at what you call dissolution,
And I know the amplitude of time.

I speak the password primeval.
I give the sign of democracy.
By God, I will accept nothing which all cannot have
their counterpart on the same terms.

Encompass worlds but never try to encompass me.
I crowd your noisiest talk by looking toward you.

It is time to explain myself. Let us stand up.

I am an acme of things accomplished,
and I an encloser of things to be.
Rise after rise bow the phantoms behind me.
Afar down I see the huge first Nothing,
the vapor from the nostrils of death.
I know I was even there.
I waited unseen and always.
And slept while God carried me
through the lethargic mist.
And took my time.

Long I was hugged close. Long and long.
Infinite have been the preparations for me.
Faithful and friendly the arms that have helped me.

Cycles ferried my cradle, rowing and rowing
like cheerful boatmen;
For room to me stars kept aside in their own rings.
They sent influences to look after what was to hold me.

Before I was born out of my mother
generations guided me.
My embryo has never been torpid.
Nothing could overlay it.
For it the nebula cohered to an orb.
The long slow strata piled to rest it on.
Vast vegetables gave it substance.
Monstrous animals transported it in their mouths
and deposited it with care.

All forces have been steadily employed
to complete and delight me.
Now I stand on this spot with my soul.

I know that I have the best of time and space.
And that I was never measured, and never will be measured.

I tramp a perpetual journey.
My signs are a rainproof coat, good shoes
and a staff cut from the wood.

Each man and woman of you I lead upon a knoll.
My left hand hooks you about the waist,
My right hand points to landscapes and continents,
and a plain public road.

Not I, nor any one else can travel that road for you.
You must travel it for yourself.

It is not far. It is within reach.
Perhaps you have been on it since you were born
and did not know.
Perhaps it is everywhere on water and on land.

Shoulder your duds, and I will mine,
and let us hasten forth.

If you tire, give me both burdens and rest the chuff of your hand on my hip.
And in due time you shall repay the same service to me.

Long enough have you dreamed contemptible dreams.
Now I wash the gum from your eyes.
You must habit yourself to the dazzle of the light and of every moment of your life.

Long have you timidly waited,
holding a plank by the shore.
Now I will you to be a bold swimmer,
To jump off in the midst of the sea, and rise again,
and nod to me and shout,
and laughingly dash your hair.

I am the teacher of athletes.
He that by me spreads a wider breast than my own
proves the width of my own.
He most honors my style
who learns under it to destroy the teacher.

Do I contradict myself?
Very well then. I contradict myself.
I am large. I contain multitudes.

The spotted hawk swoops by and accuses me.
He complains of my gab and my loitering.
I too am not a bit tamed. I too am untranslatable.
I sound my barbaric yawp over the roofs of the world.

No administrative entity can make that barbaric yawp.

I don’t yet know how to create a Whitman-compliant identity system (or, whatever); though my hope persists that there is already one or more in the world. Should somebody produce that system (or whatever), I’ll gladly give them SpottedHawk.com, which I’ve held for many years (with other suffixes as well), waiting like Whitman:

The last scud of day holds back for me.
It flings my likeness after the rest and true as any
on the shadowed wilds,
It coaxes me to the vapor and the desk.

I depart as air.
I shake my white locks at the runaway sun.
I effuse my flesh in eddies and drift in lacy jags.

I bequeath myself to the dirt and grow
from the grass I love.
If you want me again look for me under your boot soles.

You will hardly know who I am or what I mean.
But I shall be good health to you nevertheless.
And filtre and fiber your blood.

Failing to fetch me at first keep encouraged.
Missing me one place search another
I stop some where waiting for you.

Prepping for #VRM Day and #IIW

The 16th IIW (Internet Identity Workshop) is coming up, Tuesday to Thursday, 7-9 May, will be tat the Computer History Museum in Mountain View, CA. As usual, VRM will be a main topic, with lots of developers and other interested folk participating. Also as usual, we will have a VRM planning day on the Monday preceding: 6 May, also at the CHM. So that’s four straight days during which we’ll get to present, whiteboard, discuss and move forward the many projects we’re working on. From the top of my head at the moment:

  • Personal Clouds, including —
    • The Internet of Me and My Things
    • QS (Quantified Self) and Self-Hacking
  • Fully personal wallets, rather than branded ones that work only with payment silos and their partners
  • Intentcasting — where customers advertise their purchase intentions in a secure, private and trusted way, outside of any vendor’s silo
  • Browser add-ons, extensions, related developments
  • Licensing issues
  • Sovereign and administrative identity approaches, including Persona, formerly BrowserID, from Mozilla
  • Legal issues, such as creating terms and policies that individuals assert
  • Tracking and ad blocking, and harmonizing methods and experiences
  • Health Care VRM
  • Devices, such as the freedom box
  • VRM inSovereign vs./+ Administrative identities
    • Real estate
    • Banking (including credit cards, payments, transactions)
    • Retail
  • Personal data pain points, e.g. filling out forms
  • Trust networks
  • Harnessing adtech science and methods for customers, rather than only for vendors

The morning will be devoted to VRM issues, while the afternoon will concentrate on personal clouds.

We still have eight tickets left here. There is no charge to attend.

In the next few days here on the blog we’ll be going over some of the topics above. Input welcome.

 

VRM happenings in the U.K.

The tweets have been rolling in…

Identity Assurance: Mydex’s unique contribution. An interview with @dejalexander @MydexCIC http://www.ctrl-shift.co.uk/news/2012/11/15/identity-assurance-mydexs-unique-contribution/ …

@321CtrlShift interview with my colleague @dejalexander on @MydexCIC and #IDAssurance http://is.gd/7yyiZk  #VRM

Very thoughtful @SimonTucker blog post about today’s DWP announcement http://is.gd/zRslHa  #IDAssurance #VRM

williamheath@williamheath

For those who wondered how #VRM would first break in the popular press: http://bit.ly/107SqT9  #DailyMirror #Midata #CtrlShift

So let’s unpack those.

First, the DWP (Department for Work and Pensions) announcement. What Mydex and others will provide is online identity assurance. (Note: not “providing” an identity.) To explain, Out-Law.com gives us Online identity scheme providers selected to design new DWP framework for verifying claims by benefits seekers.

This is one step in a march of reform led by the U.K. government, and moving in a generally VRooMy direction through the Midata program. Here are some links, starting in late 2011, and listed roughly chronologically:

The piece in the Mirror focuses on health and retail discounts. VRM is much broader than that, but it’s a good start.

[Later...] More below, from William Heath.

The identity problem

Robin Wilton (@futureidentity) has been wrestling with identity issues for longer than I have, and deeper in the trenches. It is from one of those — IGF2012 (The Internet Governance Forum for Sustainable Human and Economic Development) — that he issued a deep and thoughtful post today on the topic of identity. His central distinction:

2. So let me describe two ways of looking at digital identity. I’ll describe the first one and then contrast its characteristics with the second. The first, I’ll call the Classic model. It is based on:

- Single authoritative source
- Credential
- Authentication
- Binary (Y or N)
- Level of assurance and a chain of trust, both of which can be formalised into procedures and assigned liability models (retroactive).
The second is what I’ll call the Emerging model. It looks like this:
- Multiple, low-assurance sources
- Attributes
- Authorisation
- Contextual and adaptive
- A web of trust, notions of mutable reputation, and quantifiable mainly in terms of risk management (predictive).

The Classic model is “fundamentally retrospective,” he writes; and

The Emerging model is future-facing. It is much more dynamic, and it is also completely compatible with anonymous authorisation. But it alters our conception of identity and trust, and relies on immature disciplines such as reputation management and contextual authorisation.

This is correct and astute. It also lays out much to be feared if we stick with either one. So I weighed in at his post with a long comment from a VRM perspective:

The reason “your digital identity” is not “close to being a reflection of your personal identity” is that you are a “user” on the Web and not a sovereign and independent human being.

The reason you are a user and not a human being on the Web is that in 1995 we settled on a model called “client-server” in which every server carried responsibility for authentication and pretty much everything else. You, as an individual, were just a user. It is not a coincidence that only two industries call individual human beings “users.” The other is drugs.

Nothing substantive has yet been built toward independence for individuals on the client side. We remain dependent variables rather than independent ones — a situation that has not changed in the seventeen years since. Client-server has become calf-cow, where users are the calves and sites are the cows. (More here: http://hvrd.me/yliVSX)

Both the classic and the emergent models you describe rely on cows. Neither allows the user to perform as an independent individual. Neither attempts to fix the problem of identity from the individual’s side.

Truly fixing identity is un-done work. Some companies and development efforts listed in the ProjectVRM wiki  http://bit.ly/KNZE40) are working on it. Every six months it also comes up at Internet Identity Workshops  http://www.internetidentityworkshop.com/). But it’s a hard problem, akin to solving personal transportation with better railroads.

What we need online are the digital equivalents of cars and bicycles: personal transportation. Remember the “information superhighway” — this communications path on which you would “drive”? The idea was that each browser was a personal vehicle on which we “surfed” from place to place. Think of the literal meanings of drive, browse and surf. They are what independent human beings do. When all we do is “use,” we are dependent. Simple as that.

This is why the browser morphed from a car or a surfboard into a shopping cart that gets re-skinned with every commercial site it “uses.” At each site the user iis known in ways exclusive to the site, over which the individual has little control, except to opt out of the site and its systems. Add Twitter or Facebook login to the mix, and you just have more, and bigger, cows involved.

The burden of subordination to each of us is hundreds of different login/password combinations and acceptance of one-sided “agreements” offered by each site or service we use, on a take-it-or-leave-it basis. The “agreements” are ones we never read because they are written by and for lawyers, and are built to offload as much risk and liability as possible to users, along with minimized control over the user’s “experience.”

So there is much more to fix here than identity alone. But identity is the oldest challenge, and perhaps still the largest one.

I  hope it helps. I also want to tip my hat toward Devon Loffreto, aka Moxy Tongue and @EnzionXavier, who writes posts such as this one. It is to Devon that I owe the adjective sovereign for what matters most about personal identity. I also owe much to Walt Whitman, who writes,

The spotted hawk swoops by and accuses me.
He complains of my gab and my loitering.

I too am not a bit tamed. I too am untranslatable.
I sound my barbaric yawp over the roofs of the world.

To mix metaphors one more time, we have ceased being hawks, or inspired by them.

If now is not the time to fly, when will we?

[Later...] Crosbie Fitch has also been a helpful influence. His is the first comment below.

 

 

 

© 2014 ProjectVRM

Theme by Anders NorenUp ↑