Category: Identity

Getting Respect

Respect Network (@RespectConnect) is a new kind of corporate animal: a for-profit company that is also a collection of developers and other interested parties (including nonprofits) gathered around common goals and principles. Chief among the latter is OIX‘s Respect Trust Framework, which is “designed to be self-reinforcing through use of a peer-to-peer reputation system.” Every person and organization agreeing to the framework is a peer. Here are the five principles to which all members agree:

Promise We will respect each other’s digital boundaries

Every Member promises to respect the right of every other Member to control the Member Information they share within the network and the communications they receive within the network.

Permission We will negotiate with each other in good faith

As part of this promise, every Member agrees that all sharing of Member Information and sending of communications will be by permission, and to be honest and direct about the purpose(s) for which permission is sought.

Protection We will protect the identity and data entrusted to us

As part of this promise, every Member agrees to provide reasonable protection for the privacy and security of Member Information shared with that Member.

Portability We will support other Members’ freedom of movement

As part of this promise, every Member agrees that if it hosts Member Information on behalf of another Member, the right to possess, access, control, and share the hosted information, including the right to move it to another host, belongs to the hosted Member.

Proof We will reasonably cooperate for the good of all Members

As part of this promise, every Member agrees to share the reputation metadata necessary for the health of the network, including feedback about compliance with this trust framework, and to not engage in any practices intended to game or subvert the reputation system.

The Respect Network’s founding partners are working, each in their own way, to bring the Respect Trust Framework into common use. I like it as a way to scaffold up a market for VRM tools and services.

This summer Respect Network launched a world tour on which I participated as a speaker and photographer. (Disclosures: Respect Network paid my way, and The Searls Group, my consultancy, has had a number of Respect Network partners as clients. I am also on the board of Flamingo and  Customer Commons, a nonprofit. I don’t however, play favorites. I want to see everybody doing VRM succeed, and I help all of them every way I can. ) We started in London, then hit San Francisco, Sydney and Tel Aviv before heading home to the U.S. Here’s the press coverage:

In the midst of that, Respect Network also announced crowd funding of this button:

respect-connect-button

It operates on the first  promise of the Respect Trust Framework: We will respect each others’ digital boundaries. Think of it as a safe alternative to the same kind of button by Facebook.

The campaign also launched =names (“equals names”) to go with the Respect Connect button, and much else, eventually. These names are yours alone, unlike, say, your Twitter @ handle, which Twitter owns.

There is a common saying: “If you’re not paying for it, you’re the product” In respect of that, =names cost something (like domain names), though not much. Selling =names are CSPs: Cloud Service Providers. There are five so far (based, respectively, in Las Vegas, Vienna, London, New York/Jerusalem and Perth):

bosonweb-logo danube_clouds-logo paoga-logo emmett_global-logo onexus-logo

They  are substitutable. Meaning you can port your =name and data cloud from one to the other as easily as you port your phone number from one company to another. (In fact the company that does this in the background for both your =name and your phone number is Neustar, another Respect Network partner.) You can also self-host your own personal cloud. Mine =name is =Doc, and it’s managed through Danube Clouds. (I actually got it a few years back. The tech behind =names has been in the works for awhile.)

The tour was something of a shakedown cruise. Lots was learned along the way, and everybody involved is re-jiggering their products, services and plans to make the most of what they picked up. I’ll share some of my own learnings for ProjectVRM in the next post.

 

 

Apple HealthKit and VRM

Withhealthkit-hero iOS8, Apple is releasing a pile of new capabilities for developers, such as HomeKit, CarPlay, Family Sharing and HealthKit. These don’t just bring new stuff to your iPhone and iPad. Start digging and you see a framework for personal control of one’s interactions in the world: one that moves Apple away from the norms set by Google, Yahoo, Facebook and other companies that make most of their money in the advertising business.  Explains Greg Lloyd,

Google, Yahoo and others gather correlate, analyze and use personal identity metadata including your location, search history, browsing history to monetize for their own purposes or to sell to others. I believe Apple is trying to build a counter story on security using identity and services encapsulated in devices you own. In addition to continuity, examples include OS8 MAC address randomization for WiFi localization privacy and hardware partitioned storage of iOS fingerprint data.

The italics are mine. Our devices — phones in particular — are becoming extensions of our selves: as personal as our chothes, wallets and keys. They bring new ways for us to engage with people, organizations and other things in the world. There is enormous room for growth in personal empowerment with these devices, especially if those devices are fully ours, and not the hands of advertising companies in our pockets.

Apple, one hopes, aims mainly to enhance our agency — our capacity to act with effect in the world — through our mobile devices. And they have an important advantage, beyond their gigantic size and influence: we pay them. We don’t pay Google, Facebook and Yahoo for most of what we get from them. Advertisers do.

Haydn Shaughnessy unpacks the difference in The Revolution Hidden In The Apple Health Kit :

When you do business with Google, as a consumer, you strike a deal. In return for free search you get ads and for those ads you agree to your data being collected, stored and sold on. The way Apple sees business up ahead, when you use an Apple health service, Apple manages data for you, on your terms. That is a revolution.

health_iconSo, as I’ve been digging thorugh the scant literature on Healthkit and Apple’s new Health app, I’ve looked for ways they line up with VRM principles, goals and tool requirements. Here’s what I see (√ is yes, ? is don’t know. x is no — but I don’t see any of those yet):

VRM Principles

√ Customers must enter relationships with vendors as independent actors
√ Customers must be the points of integration for their own data
√ Customers must have control of data they generate and gather. This means they must be able to share data selectively and voluntarily.
? Customers must be able to assert their own terms of engagement.
√* Customers must be free to express their demands and intentions outside of any one company’s control.

VRM Goals

√ Provide tools for individuals to manage relationships with organizations.
√ Make individuals the collection centers for their own data, so that transaction histories, health records, membership details, service contracts, and other forms of personal data are no longer scattered throughout a forest of silos.
√ Give individuals the ability to share data selectively, without disclosing more personal information than the individual allows.
√ Give individuals the ability to control how their data is used by others, and for how long. At the individual’s discretion, this may include agreements requiring others to delete the individual’s data when the relationship ends.
? Give individuals the ability to assert their own terms of service, reducing or eliminating the need for organization-written terms of service that nobody reads and everybody has to “accept” anyway.
? Give individuals means for expressing demand in the open market, outside any organizational silo, without disclosing any unnecessary personal information.
? Make individuals platforms for business by opening the market to many kinds of third party services that serve buyers as well as sellers
? Base relationship-managing tools on open standards and open APIs (application program interfaces).

VRM Tools:

√* VRM tools are personal. As with hammers, wallets, cars and mobile phones, people use them as individuals,. They are social only in secondary ways.
? VRM tools help customers express intent. These include preferences, policies, terms and means of engagement, authorizations, requests and anything else that’s possible in a free market, outside any one vendor’s silo or ranch.
√ VRM tools help customers engage. This can be with each other, or with any organization, including (and especially) its CRM system.
√ VRM tools help customers manage. This includes both their own data and systems and their relationships with other entities, and their systems.
√* VRM tools are substitutable. This means no source of VRM tools can lock users in.

That’s a wishful reading, and conditional in many ways. The *, for example, means “within Apple’s walled garden,” which may not be substitutable. Greg thinks this isn’t a problem:

…many people value a safer, more consistent, curated, and delightfully designed user experience to a toolkit… I want my personal information and keys to access heath, home, car, family information stored in a walled garden in a device I own, with gated access looking in for Apps I authorize, and freedom to search, link and use anything looking out. Apple appears to be develop its stack top down, starting from a vision of a seamless user experience that just works, giving developers the extensions they need to innovate and prosper.

As a guy who favors free software and open source, I agree to the extent that I think the best we can get at this stage is a company with the heft of an Apple stepping and doing some Right Things. If we’re lucky, we’ll get what Brian Behlendorf calls “minimum viable centralization.” And maximum personal empowerment. Eventually.

I am also made hopeful by some of the other stuff I’m seeing. For example, Haydn quotes this from @PaulMadsen of Ping Identity (both of which are old friends of VRM):

Apple is positioning its Health app as the point of aggregation for all the user’s different health data, and Health Kit the development platform to enable that integration.

In this I hear echoed (or at least validated) Joe Andrieu‘s landmark post, VRM — The User as a Point of Integration.

I also think Apple is the only company today that in a position to lead in that direction. Microsoft might have been able to do it when they dominated the desktop world, but those days are long gone. Our main devices are now mobile ones, where Apple has a huge share and great influence.

Apple is also working with Epic Systems (the largest B2B tech provider to the health care business) and the Mayo Clinic (the “first and largest integrated nonprofit medical group practice in the world”). Out of the gate this has enormous promise for bringing health care systems into alignment with the individual, and for providing foundations for real VRM+CRM connections.

Of course we’ll know a lot more once iOS 8 gets here.

Meanwhile, some questions.

  • Can data gathered in the Health app easily flowed out into one’s non-Apple personal cloud or data store, and then flowed into the health care system of the individual’s choice?
  • In more concrete terms, would a UK citizen with integrated data in her Health app be able to flow that data into her Mydex personal data store, and from there into the National Health Service?  I don’t know, but I hope Mydex, Paoga, Ctrl-Shift and other players in the UK can find out soon, if they don’t know already.
  • Likewise, for the U.S., I would like to know if data can flow, at the individual’s control, back and forth from one’s Personal data vault or one’s Bosonweb or Emmett personal cloud and one’s Apple-hosted health data cloud (or a self-hosted one connected to one’s Apple cloud. And if data can easily flow from those to doctors and other health care providers. In Personal’s case, I’d like to know if data can flow through the Fill It app, which would be a handy thing.
  • For Australia and New Zealand, I’d like to know if the same thing can be done for individuals from their MyWave, Welcomer, Geddup or Onexus personal clouds. I’d also like to know if data in the Health app can be viewed and used through, for example, Meeco‘s app. And what are the opportunities for any of those companies, plus 4th Party, Flamingo and other players, to participate in an ecosystem that has any and all of the companies just mentioned, plus Medicare (the Australian national health service, not to be confused with the American one just for persons 65+)?
  • Same questions go for Qiy in the Netherlands, CozyCloud in France, and many other VRooMy developers in other places. And what’s the play for the Respect Network, which brings consistencies to what many of the developers listed above bring to the market?

In all cases the unanswered question is whether or not your health data is locked inside Apple’s Health app. Apple says no: “With HealthKit, developers can make their apps even more useful by allowing them to access your health data, too. And you choose what you want shared. For example, you can allow the data from your blood pressure app to be automatically shared with your doctor. Or allow your nutrition app to tell your fitness apps how many calories you consume each day. When your health and fitness apps work together, they become more powerful. And you might, too.”

Sounds VRooMy to me. But we’ll see.

 

#VRM and the OpenNotice Legal Hackathon

The OpenNotice Legal Hackathon is happening now: 12 July 2014. Go to that link and click on various links there to see the live video, participate via IRC and other fun stuff.

It’s multinational. Our hosts are in Berlin. I’m in Tel Aviv (having just arrived from Sydney by way of Istanbul). Others are elsewhere in the world.

It’s moving up on 5pm, local time here, and 10am in New York.

I’m prepping for talking #VRM at this link here and  this link here.

Here are some core questions we’ll be visiting.

I’ll add more links later. This is enough to get us started.

VRooMy developments

Youstice is a new VRM company focused on mediating disputes online. Says the home page, “We help customers and retailers resolve shopping issues quickly and effectively.” Here’s the customer side (shop with confidence). Here’s the retailer side (manage claims easily). And here’s the pitch to partners (“help retailers and customers globally reach resolution of thousands of complaints – all through one simple online application”).

Enable your customers to better engage and make them independent. Become a VRooMer! is a new blog post by Zbynek Loebl that nicely explains VRM and the context it provides for Youstice, which is in beta now. So check it out.

Fargo is the online outliner/publishing system brought to us by Dave Winer and friends. As a tool of independence and engagement, it has many VRM possibilities, methinks. I enjoy following it both in use (I often blog through it) and in the Fargo Blog.

Phil Windley‘s The Compuserve of Things speaks to a problem we all suffer but few of us examine: silo-ization. Phil starts by insightfully observing that Web 2.o, for all the progress it brought, did so at the expense of centralization around sites, services and data sources:

Each of these online service businesses sought to offer a complete soup-to-nuts experience and capitalized on their captive audiences in order to get businesses to pay for access. In fact, you don’t have to look very hard to see that much of what’s popular on the Internet today looks a lot like sophisticated versions of these online service businesses. Web 2.0 isn’t so much about the Web as it is about recreating the online business models of the 80′s and early 90′s. Maybe we should call it Online 2.0 instead.

To understand the difference, consider GMail vs. Facebook Messaging. Because GMail is really just a massive Web-client on top of Internet mail protocols like SMTP, IMAP, and POP, you can use your GMail account to send email to any account on any email system on the Internet. And, if you decide you don’t like GMail, you can switch to another email provider (at least if you have your own domain).

Facebook messaging, on the other hand, can only be used to talk to other Facebook users inside Facebook. Not only that, but I only get to use the clients that Facebook chooses for me. Facebook is going to make those choices based on what’s best for Facebook. And most Web 2.0 business models ensure that the interests of Web 2.0 companies are not necessarily aligned with those of their users. Decisions to be non-interoperable aren’t done out of ignorance, but on purpose. For example, WhatsApp uses an open protocol (XMPP), but chooses to be a silo.

He adds,

If we were really building the Internet of Things, with all that that term implies, there’d be open, decentralized, heterarchical systems at its core, just like the Internet itself. There aren’t. Sure, we’re using TCP/IP and HTTP, but we’re doing it in a way that is closed, centralized, and hierarchical with only a minimal nod to interoperability using APIs.

We need the Internet of Things to be the next step in the series that began with the general purpose PC and continued with the Internet and general purpose protocols—systems that support personal autonomy and choice. The coming Internet of Things envisions computing devices that will intermediate every aspect of our lives. I strongly believe that this will only provide the envisioned benefits or even be tolerable if we build an Internet of Things rather than a CompuServe of Things.

When we say the Internet is “open,” we’re using that as a key word for the three key concepts that underlie the Internet:

  1. Decentralization
  2. Heterarchy (what some call peer-to-peer connectivity)
  3. Interoperability

And concludes,

The only way we get an open Internet of Things is to build it. That means we have to do the hard work of figuring out the protocols—and business models—that support it. I’m heartened by developments like Bitcoin’s blockchain algorithm, the #indieweb movement,TelehashXDI DiscoveryMaidSafe, and others. And, of course, I’ve got my own work onKRLCloudOS, and Fuse. But there is still much to do.

We are at a crossroads, with a decision to make about what kind of future we want. We can build the world we want to live in or we can do what’s easy, and profitable, in the short run. The choice is ours.

This is strong and important stuff.

Here in browser-land (where I’m writing this), Firefox has released a major new upgrade: version 29.0. Here’s an explanation. Firefox matters for VRM purposes because it’s the browser that’s closest to ours alone, and therefore in the best position to become a VRM instrument. The team there has also recently made hires — on purpose — from within our VRM orbit, and this is hugely encouraging. Oh, and they just put out this very cool video.

Same goes for WordPress. Gideon Rosenblatt‘s Automattic for the People: WordPress as a Regenerative Business singles out WordPress for praise as a paradigmatic example. He defines a regenerative business as a people- (rather than a money- or mission-) centric. So, in this respect, it helps to note that the main stakeholders in WordPress, Mozilla and Fargo are the people who put it to use. They are driven by us. This is more important than them being -centric around us. (This distinction is unpacked here and here.)

Regenerative business reminds me a lot of Umair Haque’s concept of thick value. Need to look more deeply into that.

Last but not least, dig Casius, which matches homeowners with pre-screened and qualified contractors in several European countries, so far: intentcasting, of a sort.

Looking forward to seeing lots of you at IIW next week.

Leveraging Whitman

On the ProjectVRM list the conversation has once again drifted to identity.

Nearly all conversation about identity in development circles around stuff Devon Loffreto of Noizivy calls administrative. It’s a good term. That’s what we get from every card some company, school or government agency prints with our name on it and we stick in our wallet. It’s what we also get from “social” login shortcuts such as Facebook’s and Twitter’s.

Regardless of the conveniences these administrative things bestow on us, what they provide is not our true identity. It might be one we use, but it is not imbued with our fully human essence, which Devon calls sovereign. In Recalibrating Sovereignty he makes a strong connection between that personal essence and what we write large (in the U.S. at least) as a nation-state of free people. Or that’s the idea anyway.

I don’t see this as a Libertarian thing (though I am sure Libertarians will find it agreeable). I see it as an elementary expression of what makes us most human: our individuality. This is not in conflict with what also makes us social, or the social nature of political, cultural, economic, educational and other institutions. Rather it enriches all of them. Saying that each of us is sovereign goes deeper than saying each of us is unique. Because we are not merely different. Each of us brings our own genius into the world. (Read John Taylor Gatto on genius, which he considers “common as dirt.”) Even genetically identical twins possess profoundly individual souls. That individuality is at the core of identity.

Right now I’m reading Orson Scott Card‘s Tales of Alvin Maker. By the fourth book Alvin’s surname has changed from Miller (what Alvin’s father was) to Smith (what Alvin was trained to be) to Maker (what Alvin becomes), each one expressing his role in the world. The name Maker identifies Alvin’s sovereign nature — one that transcends the identifier and is rooted in his nature as a sovereign soul. (The Tales are set in an early stage of American history in which this kind of choice was a common one. Check your own surname for evidence of what some ancestor did for a living. Searls, as I understand it, is a variation of Searle, which likely descends from Serlo, a Germanic or Norman word for soldier.)

From slightly later than Alvin’s time comes Walt Whitman, the great American poet, and a tireless advocate of personal sovereignty — though I’m not aware that he ever put those two words together. Rather than explain Whitman, I’ll compress further the abridged Song of Myself that put up on the Web more than seventeen years ago:

I know I am solid and sound.
To me the converging objects of the universe
perpetually flow.
All are written to me,
and I must get what the writing means.
I know I am deathless.
I know this orbit of mine cannot be swept
by a carpenter’s compass,

I know that I am august,
I do not trouble my spirit to vindicate itself
or be understood.
I see that the elementary laws never apologize.

I exist as I am, that is enough.
If no other in the world be aware I sit content.
And if each and all be aware I sit content.

One world is aware, and by far the largest to me,
and that is myself.
And whether I come to my own today
or in ten thousand or ten million years,
I cheerfully take it now,
or with equal cheerfulness I can wait.

My foothold is tenoned and mortised in granite.
I laugh at what you call dissolution,
And I know the amplitude of time.

I speak the password primeval.
I give the sign of democracy.
By God, I will accept nothing which all cannot have
their counterpart on the same terms.

Encompass worlds but never try to encompass me.
I crowd your noisiest talk by looking toward you.

It is time to explain myself. Let us stand up.

I am an acme of things accomplished,
and I an encloser of things to be.
Rise after rise bow the phantoms behind me.
Afar down I see the huge first Nothing,
the vapor from the nostrils of death.
I know I was even there.
I waited unseen and always.
And slept while God carried me
through the lethargic mist.
And took my time.

Long I was hugged close. Long and long.
Infinite have been the preparations for me.
Faithful and friendly the arms that have helped me.

Cycles ferried my cradle, rowing and rowing
like cheerful boatmen;
For room to me stars kept aside in their own rings.
They sent influences to look after what was to hold me.

Before I was born out of my mother
generations guided me.
My embryo has never been torpid.
Nothing could overlay it.
For it the nebula cohered to an orb.
The long slow strata piled to rest it on.
Vast vegetables gave it substance.
Monstrous animals transported it in their mouths
and deposited it with care.

All forces have been steadily employed
to complete and delight me.
Now I stand on this spot with my soul.

I know that I have the best of time and space.
And that I was never measured, and never will be measured.

I tramp a perpetual journey.
My signs are a rainproof coat, good shoes
and a staff cut from the wood.

Each man and woman of you I lead upon a knoll.
My left hand hooks you about the waist,
My right hand points to landscapes and continents,
and a plain public road.

Not I, nor any one else can travel that road for you.
You must travel it for yourself.

It is not far. It is within reach.
Perhaps you have been on it since you were born
and did not know.
Perhaps it is everywhere on water and on land.

Shoulder your duds, and I will mine,
and let us hasten forth.

If you tire, give me both burdens and rest the chuff of your hand on my hip.
And in due time you shall repay the same service to me.

Long enough have you dreamed contemptible dreams.
Now I wash the gum from your eyes.
You must habit yourself to the dazzle of the light and of every moment of your life.

Long have you timidly waited,
holding a plank by the shore.
Now I will you to be a bold swimmer,
To jump off in the midst of the sea, and rise again,
and nod to me and shout,
and laughingly dash your hair.

I am the teacher of athletes.
He that by me spreads a wider breast than my own
proves the width of my own.
He most honors my style
who learns under it to destroy the teacher.

Do I contradict myself?
Very well then. I contradict myself.
I am large. I contain multitudes.

The spotted hawk swoops by and accuses me.
He complains of my gab and my loitering.
I too am not a bit tamed. I too am untranslatable.
I sound my barbaric yawp over the roofs of the world.

No administrative entity can make that barbaric yawp.

I don’t yet know how to create a Whitman-compliant identity system (or, whatever); though my hope persists that there is already one or more in the world. Should somebody produce that system (or whatever), I’ll gladly give them SpottedHawk.com, which I’ve held for many years (with other suffixes as well), waiting like Whitman:

The last scud of day holds back for me.
It flings my likeness after the rest and true as any
on the shadowed wilds,
It coaxes me to the vapor and the desk.

I depart as air.
I shake my white locks at the runaway sun.
I effuse my flesh in eddies and drift in lacy jags.

I bequeath myself to the dirt and grow
from the grass I love.
If you want me again look for me under your boot soles.

You will hardly know who I am or what I mean.
But I shall be good health to you nevertheless.
And filtre and fiber your blood.

Failing to fetch me at first keep encouraged.
Missing me one place search another
I stop some where waiting for you.

Prepping for #VRM Day and #IIW

The 16th IIW (Internet Identity Workshop) is coming up, Tuesday to Thursday, 7-9 May, will be tat the Computer History Museum in Mountain View, CA. As usual, VRM will be a main topic, with lots of developers and other interested folk participating. Also as usual, we will have a VRM planning day on the Monday preceding: 6 May, also at the CHM. So that’s four straight days during which we’ll get to present, whiteboard, discuss and move forward the many projects we’re working on. From the top of my head at the moment:

  • Personal Clouds, including —
    • The Internet of Me and My Things
    • QS (Quantified Self) and Self-Hacking
  • Fully personal wallets, rather than branded ones that work only with payment silos and their partners
  • Intentcasting — where customers advertise their purchase intentions in a secure, private and trusted way, outside of any vendor’s silo
  • Browser add-ons, extensions, related developments
  • Licensing issues
  • Sovereign and administrative identity approaches, including Persona, formerly BrowserID, from Mozilla
  • Legal issues, such as creating terms and policies that individuals assert
  • Tracking and ad blocking, and harmonizing methods and experiences
  • Health Care VRM
  • Devices, such as the freedom box
  • VRM inSovereign vs./+ Administrative identities
    • Real estate
    • Banking (including credit cards, payments, transactions)
    • Retail
  • Personal data pain points, e.g. filling out forms
  • Trust networks
  • Harnessing adtech science and methods for customers, rather than only for vendors

The morning will be devoted to VRM issues, while the afternoon will concentrate on personal clouds.

We still have eight tickets left here. There is no charge to attend.

In the next few days here on the blog we’ll be going over some of the topics above. Input welcome.

 

VRM happenings in the U.K.

The tweets have been rolling in…

Identity Assurance: Mydex’s unique contribution. An interview with @dejalexander @MydexCIC http://www.ctrl-shift.co.uk/news/2012/11/15/identity-assurance-mydexs-unique-contribution/ …

@321CtrlShift interview with my colleague @dejalexander on @MydexCIC and #IDAssurance http://is.gd/7yyiZk  #VRM

Very thoughtful @SimonTucker blog post about today’s DWP announcement http://is.gd/zRslHa  #IDAssurance #VRM

williamheath@williamheath

For those who wondered how #VRM would first break in the popular press: http://bit.ly/107SqT9  #DailyMirror #Midata #CtrlShift

So let’s unpack those.

First, the DWP (Department for Work and Pensions) announcement. What Mydex and others will provide is online identity assurance. (Note: not “providing” an identity.) To explain, Out-Law.com gives us Online identity scheme providers selected to design new DWP framework for verifying claims by benefits seekers.

This is one step in a march of reform led by the U.K. government, and moving in a generally VRooMy direction through the Midata program. Here are some links, starting in late 2011, and listed roughly chronologically:

The piece in the Mirror focuses on health and retail discounts. VRM is much broader than that, but it’s a good start.

[Later...] More below, from William Heath.

The identity problem

Robin Wilton (@futureidentity) has been wrestling with identity issues for longer than I have, and deeper in the trenches. It is from one of those — IGF2012 (The Internet Governance Forum for Sustainable Human and Economic Development) — that he issued a deep and thoughtful post today on the topic of identity. His central distinction:

2. So let me describe two ways of looking at digital identity. I’ll describe the first one and then contrast its characteristics with the second. The first, I’ll call the Classic model. It is based on:

- Single authoritative source
- Credential
- Authentication
- Binary (Y or N)
- Level of assurance and a chain of trust, both of which can be formalised into procedures and assigned liability models (retroactive).
The second is what I’ll call the Emerging model. It looks like this:
- Multiple, low-assurance sources
- Attributes
- Authorisation
- Contextual and adaptive
- A web of trust, notions of mutable reputation, and quantifiable mainly in terms of risk management (predictive).

The Classic model is “fundamentally retrospective,” he writes; and

The Emerging model is future-facing. It is much more dynamic, and it is also completely compatible with anonymous authorisation. But it alters our conception of identity and trust, and relies on immature disciplines such as reputation management and contextual authorisation.

This is correct and astute. It also lays out much to be feared if we stick with either one. So I weighed in at his post with a long comment from a VRM perspective:

The reason “your digital identity” is not “close to being a reflection of your personal identity” is that you are a “user” on the Web and not a sovereign and independent human being.

The reason you are a user and not a human being on the Web is that in 1995 we settled on a model called “client-server” in which every server carried responsibility for authentication and pretty much everything else. You, as an individual, were just a user. It is not a coincidence that only two industries call individual human beings “users.” The other is drugs.

Nothing substantive has yet been built toward independence for individuals on the client side. We remain dependent variables rather than independent ones — a situation that has not changed in the seventeen years since. Client-server has become calf-cow, where users are the calves and sites are the cows. (More here: http://hvrd.me/yliVSX)

Both the classic and the emergent models you describe rely on cows. Neither allows the user to perform as an independent individual. Neither attempts to fix the problem of identity from the individual’s side.

Truly fixing identity is un-done work. Some companies and development efforts listed in the ProjectVRM wiki  http://bit.ly/KNZE40) are working on it. Every six months it also comes up at Internet Identity Workshops  http://www.internetidentityworkshop.com/). But it’s a hard problem, akin to solving personal transportation with better railroads.

What we need online are the digital equivalents of cars and bicycles: personal transportation. Remember the “information superhighway” — this communications path on which you would “drive”? The idea was that each browser was a personal vehicle on which we “surfed” from place to place. Think of the literal meanings of drive, browse and surf. They are what independent human beings do. When all we do is “use,” we are dependent. Simple as that.

This is why the browser morphed from a car or a surfboard into a shopping cart that gets re-skinned with every commercial site it “uses.” At each site the user iis known in ways exclusive to the site, over which the individual has little control, except to opt out of the site and its systems. Add Twitter or Facebook login to the mix, and you just have more, and bigger, cows involved.

The burden of subordination to each of us is hundreds of different login/password combinations and acceptance of one-sided “agreements” offered by each site or service we use, on a take-it-or-leave-it basis. The “agreements” are ones we never read because they are written by and for lawyers, and are built to offload as much risk and liability as possible to users, along with minimized control over the user’s “experience.”

So there is much more to fix here than identity alone. But identity is the oldest challenge, and perhaps still the largest one.

I  hope it helps. I also want to tip my hat toward Devon Loffreto, aka Moxy Tongue and @EnzionXavier, who writes posts such as this one. It is to Devon that I owe the adjective sovereign for what matters most about personal identity. I also owe much to Walt Whitman, who writes,

The spotted hawk swoops by and accuses me.
He complains of my gab and my loitering.

I too am not a bit tamed. I too am untranslatable.
I sound my barbaric yawp over the roofs of the world.

To mix metaphors one more time, we have ceased being hawks, or inspired by them.

If now is not the time to fly, when will we?

[Later...] Crosbie Fitch has also been a helpful influence. His is the first comment below.

 

 

 

© 2014 ProjectVRM

Theme by Anders NorenUp ↑