Category: Legal (page 1 of 2)

#VRM and the OpenNotice Legal Hackathon

The OpenNotice Legal Hackathon is happening now: 12 July 2014. Go to that link and click on various links there to see the live video, participate via IRC and other fun stuff.

It’s multinational. Our hosts are in Berlin. I’m in Tel Aviv (having just arrived from Sydney by way of Istanbul). Others are elsewhere in the world.

It’s moving up on 5pm, local time here, and 10am in New York.

I’m prepping for talking #VRM at this link here and  this link here.

Here are some core questions we’ll be visiting.

I’ll add more links later. This is enough to get us started.

Reporting on the Data Privacy Hackathon

Data Privacy HackathonIn case you missed the Data Privacy Hackathon, held this past weekend in London, New York and San Francisco, there should be a good mother lode of posts, tweets and videos up now, or soon.

Here is a small starter-pile of links from the New York one:

  • The hackathon page.
  • #privacyhack on Twitter
  • Videos of the event, courtesy of the New York Chapter of the Internet Society.  VRM and I come in at ~ 27 minutes into the first video. Finalist hacks are presented in this video here. One of the entries, Re-entry, led by Lina Kaisey, Harvard Law School ’14, starts at about 56 minutes into the last video link, and is to some degree based on my challenge in the first video link. It came in second. The winner was Ghostdrop, the presentation for which follows Lina’s, and which allows private communications between individuals. (Re-entry does that too, for prisoners re-entering the free world, and communicating with The System).

More at LegalHackathon.net.

LG jumps on advertising bandwagon, runs over its own customers

Used to be a TV was a TV: a screen for viewing television channels and programs, delivered from stations and networks through a home antenna or a cable set top box. But in fact TVs have been computers for a long time. And, as computers, they can do a lot more than what you want, or expect.

Combine that fact with the current supply-side mania for advertising aimed by surveillance, and you get weirdness such as Doctor Beet‘s LG Smart TVs logging USB filenames and viewing info to LG servers. According to Doctor Beet, viewer activity is actually reported to a dead URL (which may not be, say some of the comments). The opt-out is also buried an off-screen scroll. And LG tells Doctor Beet to live with it, because he “accepted” unseen opt-out terms and conditions.

But wait: there’s more.

If you want to really hate LG — a company you barely cared about until now, watch this. It’s a promotional video for “LG Smart AD,” which “provides the smartest way to reach your targeted audiences across the borders and connected devices with excitement powered by LG’s world best 3D and HD home entertainment technology” and “enables publishers to maximize revenues through worldwide ad networks, intelligent platform to boost CPM and the remarkable ecosystem.” The screen shot above shows (I’m not kidding) a family being terrorized by their “immersive” advertising “experience.”

This promotional jive, plus the company’s utterly uncaring response to a customer inquiry, shows what happens when a company’s customers and consumers become separate populations — and the latter is sold to the former. This split has afflicted the commercial broadcast industry from the start, and it afflicts the online advertising industry today. It’s why the most popular browser add-ons and extensions are ones that thwart advertising and tracking. And it’s why the online advertising industry continues to turn deaf ears and blind eyes toward the obvious: that people hate it.

Clearly LG is getting on the surveillance-based advertising-at-all-costs bandwagon here. The sad and dumb thing about it is that they’re actually selling customers they already have (TV buyers) to ones they don’t (advertisers). Their whole strategy is so ham-fisted that I doubt they’ll get the message, even if bad PR like this goes mainstream.

The one good effect we might expect is for competing companies to sell surveillance-free viewing as a feature.

Bonus link.

Prepping for #VRM Day and #IIW

The 16th IIW (Internet Identity Workshop) is coming up, Tuesday to Thursday, 7-9 May, will be tat the Computer History Museum in Mountain View, CA. As usual, VRM will be a main topic, with lots of developers and other interested folk participating. Also as usual, we will have a VRM planning day on the Monday preceding: 6 May, also at the CHM. So that’s four straight days during which we’ll get to present, whiteboard, discuss and move forward the many projects we’re working on. From the top of my head at the moment:

  • Personal Clouds, including —
    • The Internet of Me and My Things
    • QS (Quantified Self) and Self-Hacking
  • Fully personal wallets, rather than branded ones that work only with payment silos and their partners
  • Intentcasting — where customers advertise their purchase intentions in a secure, private and trusted way, outside of any vendor’s silo
  • Browser add-ons, extensions, related developments
  • Licensing issues
  • Sovereign and administrative identity approaches, including Persona, formerly BrowserID, from Mozilla
  • Legal issues, such as creating terms and policies that individuals assert
  • Tracking and ad blocking, and harmonizing methods and experiences
  • Health Care VRM
  • Devices, such as the freedom box
  • VRM inSovereign vs./+ Administrative identities
    • Real estate
    • Banking (including credit cards, payments, transactions)
    • Retail
  • Personal data pain points, e.g. filling out forms
  • Trust networks
  • Harnessing adtech science and methods for customers, rather than only for vendors

The morning will be devoted to VRM issues, while the afternoon will concentrate on personal clouds.

We still have eight tickets left here. There is no charge to attend.

In the next few days here on the blog we’ll be going over some of the topics above. Input welcome.

 

VRM development work

I’ll be having a brown bag lunch today with a group of developers, talking about VRM and personal clouds, among other stuff that’s sure to come up. To make that easier, I’ve copied and pasted the current list from the VRM developers page of the ProjectVRM wiki. If you’d like to improve it in any way, please do — either on the wiki itself, or by letting us know what to change.

While there are entire categories that fit in the larger VRM circle — quantified self (QS) and personal health records (PHRs) are two that often come up — we’ve tried to confine this list to projects and companies that directly address the goals (as well as the principles) listed on the main page of the wiki.


Here is a partial list of VRM development efforts. (See About VRM). Some are organizations, some are commercial entities, some are standing open source code development efforts.

SOFTWARE and SERVICES
Intentcasting
AskForIt † – individual demand aggregation and advocacy
Body Shop Bids † – intentcasting for auto body work bids based on uploaded photos
Have to Have † – “A single destination to store and share everything you want online”
Intently † – Intentcasting “shouts” for services, in the U.K.
Innotribe Funding the Digital Asset Grid prototype, for secure and accountable Intentcasting infrastructure
OffersByMe † – intentcasting for local offers
Prizzm †- social CRM platform rewarding customers for telling businesses what they want, what they like, and what they have problems with
RedBeacon † – intentcasting locally for home services
Thumbtack † – service for finding trustworthy local service providers
Trovi intentcasting; matching searchers and vendors in Portland, OR and Chandler, AZ†
Übokia intentcasting†
Zaarly † intentcasting to community – local so far in SF and NYC
Browser Extensions
Abine † DNT+, deleteme, PrivacyWatch: privacy-protecting browser extentions
Collusion Firefox add-on for viewing third parties tracking your movements
Disconnect.me † browser extentions to stop unwanted tracking, control data sharing
Ghostery † browser extension for tracking the trackers
PrivacyScore † browser extensions and services to users and site builders for keeping track of trackers
Databases
InfoGrid - graph database for personal networking applications
ProjectDanube - open source software for identity and personal data services
Messaging Services and Brokers
Gliph †- private, secure identity management and messaging for smartphones
Insidr † – customer service Q&A site connecting to people who have worked in big companies and are willing to help when the company can’t or won’t
PingUp (was Getabl) †- chat utility for customers to engage with merchants the instant customers are looking for something
TrustFabric † – service for managing relationships with sellers
Personal Data and Relationship Management
Azigo.com † – personal data, personal agent
ComplainApp † – An iOS/Android app to “submit complaints to businesses instantly – and find people with similar complaints”
Connect.Me † – peer-to-peer reputation, personal agent
Geddup.com † – personal data and relationship management
Higgins - open source, personal data
The Locker Project - open source, personal data
Mydex †- personal data stores and other services
OneCub †- Le compte unique pour vos inscriptions en ligne (single account for online registration)
Paoga † – personal data, personal agent
Personal.com † – personal data storage, personal agent
Personal Clouds - personal cloud wiki
Privowny † – privacy company for protecting personal identities and for tracking use and abuse of those identities, building relationships
QIY † – independent infrastructure for managing personal data and relationships
Singly † – personal data storage and platform for development, with an API
Transaction Management
Dashlane † – simplified login and checkout
Trust-Based or -Providing Systems and Services
id3 - trust frameworks
Respect Network † – VRM personal cloud network based on OAuth, XDI, KRL, unhosted, and other open standards, open source, and open data initiatives. Respect Network is the parent of Connect.Me.
Trust.cc Personal social graph based fraud prevention, affiliated with Social Islands
SERVICE PROVIDERS OR PROJECTS BUILT ON VRM PRINCIPLES
First Retail Inc. † commodity infrastructure for bi-directional marketplaces to enable the Personal RFP
dotui.com † intelligent media solutions for retail and hospitality customers
Edentiti Customer driven verification of idenity
Real Estate Cafe † money-saving services for DIY homebuyers & FSBOs
Hover.com Customer-driven domain management†
Hypothes.is - open source, peer review
MyInfo.cl (Transitioning from VRM.cl) †
Neustar “Cooperation through trusted connections” †
NewGov.us - GRM
[1] † – Service for controlling one’s reputation online
Spotflux † malware, tracking, unwanted ad filtration through an encrypted tunnel
SwitchBook † – personal search
Tangled Web † – mobile, P2P & PDS
The Banyan Project- community news co-ops owned by reader/members
TiddlyWiki - a reusable non-linear personal Web notebook
Ting † – customer-driven mobile virtual network operator (MVNO – a cell phone company)
Tucows †
VirtualZero - Open food platform, supply chain transparency
INFRASTRUCTURE
Concepts
EmanciPay - dev project for customer-driven payment choices
GRM: Government Relationship Management - subcategory of VRM
ListenLog - personal data logging
Personal RFP - crowdsourcing, standards
R-button - UI elements for relationship members
Hardware
Freedom Box - personal server on free software and hardware
Precipitat, WebBox - new architecture for decentralizing the Web, little server
Standards, Frameworks, Code bases and Protocols
Datownia † – builds APIs from Excel spreadsheets held in Dropbox
Evented APIs - new standard for live web interactivity
KRL (Kinetic Rules Language) - personal event networks, personal rulesets, programming Live Web interactions
Kynetx † – personal event networks, personal rulesets
https://github.com/CSEMike/OneSwarm Oneswarm] – privacy protecting peer-to-peer data sharing
http://www.mozilla.org/en-US/persona/ Mozila Persona] – a privacy-protecting one-click email-based way to do single sign on at websites
TAS3.eu — Trusted Architecture for Securely Shared Services - R&D toward a trusted architecture and set of adaptive security services for individuals
Telehash - standards, personal data protocols
Tent - open decentralized protocol for personal autonomy and social networking
The Mine! Project - personal data, personal agent
UMA - standards
webfinger - personal Web discovery, finger over HTTP
XDI - OASIS semantic data interchange standard
PEOPLE
Analysts and Consultants
Ctrl-SHIFT † – analysts
Synergetics † – VRM for job markets
VRM Labs - Research
HealthURL - Medical
Consortia, Workgroups
Fing.org - VRM fostering organization
Information Sharing Workgroup at Kantara - legal agreements, trust frameworks
Pegasus - eID smart cards
Personal Data Ecosystem Consortium (PDEC) – industry collaborative
Meetups, Conferences, and Events
IIW: Internet Identity Workshop - yearly unconference in Mountain View
VRM Hub - meeting in LondonNOTES:
† Indicates companies. Others are organizations, development projects or both. Some development projects are affiliated with companies. (e.g. Telehash and The Locker Project with Singly, and KRL with Kynetx.)
A – creating standard
B – Using other standards
1 – EventedAPI

Let’s turn Do Not Track into a dialog

Do Not Track (DNT), by resembling Do Not Call in name, sounds like a form of prophylaxis.  It isn’t. Instead it’s a request by an individual with a browser not to be tracked by a website or its third parties. As a request, DNT also presents an interesting opportunity for dialogue between user and site, shopper and retailer, or anybody and anything. I laid out one possibility recently in my Inkwell conversation at The Well. Here’s a link to the page, and here’s the text of the post:

The future I expect is one in which buyers have many more tools than they have now, that the tools will be theirs, and that these will enable buyers to work with many different sellers in the same way.

One primitive tool now coming together is “Do Not Track” (or DNT): http://en.wikipedia.org/wiki/Do_Not_Track It’s an HTTP header in a user’s browser that signals intention to a website. Browser add-ons or extensions for blocking tracking, and blocking ads, are also tools, but neither constitute a social protocol, because they are user-side only. The website in most cases doesn’t know ad or tracking blocking being used, or why. On the other hand, DNT is a social gesture. It also isn’t hostile. It just expresses a reasonable intention (defaulted to “on” in the physical world) not to be followed around.

But DNT opens the door to much more. Think of it as the opening to dialog:

User: Don’t track me.
Site: Okay, what would you like us to do?
User: Share the data I shed here back to me in a standard form, specified here (names a source).
Site: Okay. Anything else?
User: Here are my other preferences and policies, and means for matching them up with yours to see where we can agree.
Site: Good. Here are ours.
User: Good. Here is where they match up and we can move forward.
Site: Here are the interfaces to our CRM (Customer Relationship Management) system, so your VRM (Vendor Relationship Management) system can interact with it.
User: Good. From now on my browser will tell me we have a working relationship when I’m at your site, and I can look at what’s happening on both sides of it.

None of this can be contemplated in relationships defined entirely by the sellers, all of which are silo’d and different from each other, which is what we’ve had on the commercial Web since 1995. But it can be contemplated in the brick & mortar world, which we’ve had since Ur. What we’re proposing with VRM is nothing more than bringing conversation-based relationships that are well understood in the brick-and-mortar world into the commercial Web world, and weaving better marketplaces in the process.

A bit more about how the above might work:
http://blogs.law.harvard.edu/vrm/2012/02/23/how-about-using-the-no-track-button-we-already-have/

And a bit more about what’s wrong with the commercial Web (so far, and it’s not hard to fix) here:
http://blogs.law.harvard.edu/vrm/2012/02/21/stop-making-cows-stop-being-calves /

So, to move forward, consider this post a shout-out to VRM developers, to the Tracking Protection Working Group at the W3C, to browser developers, to colleagues at Berkman (where Chris Soghoian was a fellow, about at the time he helped think up DNT) — and to everybody with the will and the ways to move forward on this thing.

And hey: it’s also our good luck that the next IIW is coming up at the Computer History Museum in Mountain View, from October 23rd to 25th. IIW is the perfect place to meet and start hashing out DNT-D (I just made that up: DNT-Dialog) directions. IIW is an unconference: no keynotes, panelists or vendor booths. Participants vet and choose their own topics and break out into meeting rooms and tables. It’s an ideal venue for getting stuff done, which always happens, and why this is the 15th of them.

Meanwhile, let’s get in touch with each other and start making it happen.

Can we each be our own Amazon?

The most far-out chapter in  is one set in a future when free customers are known to be more valuable than captive ones. It’s called “The Promised Market,” and describes the imagined activities of a family traveling to a wedding in San Diego. Among the graces their lives enjoy are these (in the order the chapter presents them):

  1. Customer freedom and intentions are not restrained by one-sided “agreements” provided only by sellers and service providers.
  2. — service organizations working as agents for the customer — are a major breed among user driven services.
  3. The competencies of nearly all companies are exposed through interactive that customers and others can engage in real time. These will be fundamental to what calls .
  4. s (now also called intentcasts), will be common and widespread means for demand finding and driving supply in the marketplace.
  5. Augmented reality views of the marketplace will be normative, as will mobile payments through virtual wallets on mobile devices.
  6. Loyalty will be defined by customers as well as sellers, in ways that do far more for both than today’s one-sided and coercive loyalty programs.
  7. Relationships between customers and vendors will be genuine, two-way, and defined cooperatively by both sides, which will each possess the technical means to carry appropriate relationship burdens. In other words, VRM and CRM will work together, at many touch-points.
  8. Customers will be able to proffer prices on their own, independently of intermediaries (though those, as fourth parties, can be involved). Something like EmanciPay will facilitate the process.
  9. Supply chains will become “empathic” as well as mechanical. That is, supply chains will be sensitive to the demand chain: signals of demand, in the context of genuine relationships, from customers and fourth parties.
  10. The advertising bubble of today has burst, because the economic benefits of knowing actual customer intention — and relating to customers as independent and powerful economic actors, worthy of genuine relationships rather than coercive — bob will have became obvious and operative. Advertising will continue to do what it does best, but not more.
  11. Search has evolved to become far more user-driven and interactive, involving agents other than search engines.
  12. ‘s will be taken for granted. There will still be businesses that provide connections, but nobody will be trapped into any one provider’s “plan” that excludes connection through other providers. This will open vast new opportunities for economic activity in the marketplace.

In , Sheila Bounford provides the first in-depth volley on that chapter, focusing on #4: personal RFPs. I’ll try to condense her case:

I’ve written recently of a certain frustration with the seemingly endless futurology discussions going on in the publishing world, and it’s probably for this reason that I had to fight my way through the hypothesis in this chapter. However on subsequent reflection I’ve found that thinking about the way in which Amazon currently behaves as a customer through its Advantage programme sheds light on Searls’ suggestions and projections…

What Searls describes as the future for individual consumers is in fact very close to the empowered relationship that Amazon currently enjoys with its many suppliers via Amazon Advantage…  Amazon is the customer – and a highly empowered one at that.

Any supplier trading with Amazon via Advantage (and that includes most UK publishing houses and a significant portion of American publishers) has to meet all of the criteria specified by Amazon in order to be accepted into Advantage and must communicate online through formats and channels entirely prescribed and controlled by Amazon…

Alone, an individual customer is never going to be able to exert the same kind of leverage over vendors in the market place as a giant like Amazon. However individual customers online are greater than the sum of their parts: making up a crucial market for retailers and service providers. Online, customers have a much louder voice, and a much greater ability to collect, organise and mobilise than offline. Searls posits that as online customers become more attuned to their lack of privacy and control – in particular of data that they consider personal – in current normative contracts of adhesion, they will require and elect to participate in VRM programmes that empower them as individual customers and not leave them as faceless, impotent consumers.

So? So Amazon provides us with a neat example of what it might look like if we, as individuals, could control our suppliers and set our terms of engagement. That’s going to be a very different online world to the one we trade in now.  Although I confess to frustration with the hot air generated by publishing futurology, it seems to me that the potential for the emergence VRM and online customer empowerment is one aspect of the future we’d all do well to work towards and plan for.

From the start of ProjectVRM, Iain Henderson (now of The Customer’s Voice) has been pointing to B2B as the future model for B2C. Not only are B2B relationships rich, complex and rewarding in ways that B2C are not today (with their simplifications through customer captivity and disempowerment), he says, but they also provide helpful modeling for B2C as customers obtain more freedom and empowerment, outside the systems built to capture and milk them.

Amazon Advantage indeed does provide an helpful example of where we should be headed as VRM-enabled customers. Since writing the book (which, except for a few late tweaks, was finished last December) I have become more aware than ever of Amazon’s near-monopoly power in the book marketplace, and possibly in other categories as well. I have heard many retailers complain about “scan and scram” customers who treat brick-and-mortar stores as showrooms for Amazon. But perhaps the modeling isn’t bad in the sense that we ought to have monopoly power over our selves. Today the norm in B2C is to disregard that need by customers. In the future I expect that need to be respected, simply because it produces more for everybody in the marketplace.

It is highly astute of Sheila to look toward Amazon as a model for individual customers. I love it when others think of stuff I haven’t, and add to shared understanding — especially of a subject as protean as this one. So I look forward to the follow-up posts this week on her blog.

Coming to terms

We lie every time we “accept” terms that we haven’t read — a pro forma  behavior that is all but required by the calf-cow model of the Web that’s prevailed since 1995. We need to change that. And so we are.

StandardLabel.org is working on “A clear, consistent way for websites to say what they do with the data they share, before we share it.” While its recent Kickstarter campaign came up a bit short, the work continues. Here is one (prototypical) way that label might look:

(The actual image I wanted there was this one, but heard it wasn’t showing up in all browsers, so I went with the one above.)

The StandardLabel folks also have a survey, which I recommend taking.

CommonTerms intends “to solve the problem of non-accessible online legal texts in a way similar to how Creative Commons made different copyright licenses accessible,” adding, “We thought that by analyzing existing agreements, we could identify the most common terms, and then create icons to symbolize them.” Background:

The CommonTerms project is coordinated by Metamatrix AB andsponsored by Internetfonden.se

The project is a result of a session on “sustainable web development” by Pär Lannerö and Thomas Bjelkeman at the Sweden Social Web Camp, in August 2010.

Their prototype, focused on icons, stars Pär and looks like this:

Par and  Lars-Erik Jakobsson (icon), Gregg BernsteinCarl TörnquistHanna ArkestålMax WalterMattias AspelundAnders Carlman have since added BiggestLie.com, source of the image at the top of this post, plus this one here, which I just earned:

The idea is to start getting real about what we’re all doing and not doing.

What we’re doing is lying: i.e. agreeing not only to what we don’t read, but to the rotted status quo of which one-sided non-agreements are a part. What we’ve not been doing for most of the last 17 years is solving the problem.

But, thanks to the work above (plus whatever I’ve missed), we are doing some things. So are PDEC.cc and companies like Personal. Other work is happening with personal clouds. (PDEC is on that case too.) Aza Raskin‘s Privacy Icons are an effort in this same direction. (CommonTerms has a longer list.)

Still, looks to me like most of the work being done so far is on the cow side of the calf-cow relationship. On our side, we need to stop being calves, for real. That is, we need to have full agency in the original sense of the word: power to cause intended effects on our own.

For that we will need machine- and user-readable ways to express own terms, preferences and policies, so they can be read by sites (the cows) and matched up. That’s the idea behind EmanciTerm, described in How about using the ‘No Track’ button we already have? and in The Intention Economy. There I explain,

With full agency, however, an individual can say, in the first person voice, “I own my data, I control who gets access to it, and I specify what I wish to happen under what conditions.” In the latter category, those wishes might include:

  • Don’t track my activities outside of this site.
  • Don’t put cookies in my browser for anything other than helping us remember each other and where we were.
  • Make data collected about me available in a standard, open format.
  • Please meet my fourth-party agent, Personal.com (or whomever).

These are EmanciTerms, and there will be corresponding ones on the vendor’s side. Once they are made simple and straightforward enough, they should become normative to the point where they serve as de facto stan- dards, in practice.

Since the terms should be agreeable and can be expressed in text that code can parse, the process of arriving at agreements can be automated.

For example, when using a public wi-fi access point, a person’s EmanciTerms might say, “I will not knowingly hog this shared resource, for example, by watching high-def video on it,” or “I will not engage in illegal activities here.” If the provider of the access point has a VRM-ready service that is willing to deal with the user on his or her own EmanciTerms as well as those of the provider, it should be possible to automate the formalities and let the user bypass the usual “read and accept our agreement” ritual.

Not everything we express in the proposed ceremony here has to be one side of a binding agreement. If we express these terms as preferences or policies they can still be heard, even if they’re not agreed to. Being heard is one idea behind BiggestLie. But the cows can’t fix this on their own. We need to work both sides.

The only problem with all this is that our work is scattered. Let’s get it together.

How about using the ‘No Track’ button we already have?

left r-buttonright r-buttonFor as long as we’ve had economies, demand and supply have been attracted to each other like a pair of magnets. Ideally, they should match up evenly and produce good outcomes. But sometimes one side comes to dominate the other, with bad effects along with good ones. Such has been the case on the Web ever since it went commercial with the invention of the cookie in 1995, resulting in a calf-cow model in which the demand side — that’s you and me — plays the submissive role of mere “users,” who pretty much have to put up with whatever rules websites set on the supply side.

Consistent with Lord Acton’s axiom (“Power corrupts; absolute power corrupts absolutely”) the near absolute power of website cows over user calves has resulted in near-absolute corruption of website ethics in respect to personal privacy.

This has been a subject of productive obsession by Julia Anguin and her team of reporters at The Wall Street Journal, which have been producing the What They Know series (shortcut: http://wsj.com/wtk) since July 30, 2010, when Julia by-lined The Web’s New Gold Mine: Your Secrets. The next day I called that piece a turning point. And I still believe that.

Today came another one, again in the Journal, in Julia’s latest, titled Web Firms to Adopt ‘No Track’ Button. She begins,

A coalition of Internet giants including Google Inc. has agreed to support a do-not-track button to be embedded in most Web browsers—a move that the industry had been resisting for more than a year.

The reversal is being announced as part of the White House’s call for Congress to pass a “privacy bill of rights,” that will give people greater control over the personal data collected about them.

The long White House press release headline reads,

We Can’t Wait: Obama Administration Unveils Blueprint for a “Privacy Bill of Rights” to Protect Consumers Online

Internet Advertising Networks Announces Commitment to “Do-Not-Track” Technology to Allow Consumers to Control Online Tracking

Obviously, government and industry have been working together on this one. Which is good, as far as it goes. Toward that point, Julia adds,

The new do-not-track button isn’t going to stop all Web tracking. The companies have agreed to stop using the data about people’s Web browsing habits to customize ads, and have agreed not to use the data for employment, credit, health-care or insurance purposes. But the data can still be used for some purposes such as “market research” and “product development” and can still be obtained by law enforcement officers.

The do-not-track button also wouldn’t block companies such as Facebook Inc. from tracking their members through “Like” buttons and other functions.

“It’s a good start,” said Christopher Calabrese, legislative counsel at the American Civil Liberties Union. “But we want you to be able to not be tracked at all if you so choose.”

In the New York Times’ White House, Consumers in Mind, Offers Online Privacy Guidelines Edward Wyatt writes,

The framework for a new privacy code moves electronic commerce closer to a one-click, one-touch process by which users can tell Internet companies whether they want their online activity tracked.

Much remains to be done before consumers can click on a button in their Web browser to set their privacy standards. Congress will probably have to write legislation governing the collection and use of personal data, officials said, something that is unlikely to occur this year. And the companies that make browsers — Google, Microsoft, Apple and others — will have to agree to the new standards.

No they won’t. Buttons can be plug-ins to existing browsers. And work has already been done. VRM developers are on the case, and their ranks are growing. We have dozens of developers (at that last link) working on equipping both the demand and the supply side with tools for engaging as independent and respectful parties. In fact we already have a button that can say “Don’t track me,” plus much more — for both sides. Its calle the R-button, and it looks like this: ⊂ ⊃. (And yes, those symbols are real characters. Took a long time to find them, but they do exist.)

Yours — the user’s — is on the left. The website’s is on the right. On a browser it might look like this:

r-button in a browser

Underneath both those buttons can go many things, including preferences, policies, terms, offers, or anything else — on both sides. One of those terms can be “do not track me.” It might point to a fourth party (see explanations here and here) which, on behalf of the user or customer, maintains settings that control sharing of personal data, including the conditions that must be met. A number of development projects and companies are already on this case. All the above falls into a category we call EmanciTerm. Much has been happening as well around personal data stores (PDSes), also called “lockers,” “services” and “vaults.” These include:

Three of those are in the U.S., one in Austria, one in France, one in South Africa, and three in the U.K. (All helping drive the Midata project by the U.K. government, by the way.) And those are just companies with PDSes. There are many others working on allied technologies, standards, protocols and much more. They’re all just flying below media radar because media like to look at what big suppliers and governments are doing. Speaking of which… :-)

Here’s Julia again:

Google is expected to enable do-not-track in its Chrome Web browser by the end of this year.

Susan Wojcicki, senior vice president of advertising at Google, said the company is pleased to join “a broad industry agreement to respect the ‘Do Not Track’ header in a consistent and meaningful way that offers users choice and clearly explained browser controls.”

White House Deputy Chief Technology Officer Daniel Weitzner said the do-not-track option should clear up confusion among consumers who “think they are expressing a preference and it ends up, for a set of technical reasons, that they are not.”

Some critics said the industry’s move could throw a wrench in a separate year-long effort by the World Wide Web consortium to set an international standard for do-not-track. But Mr. Ingis said he hopes the consortium could “build off of” the industry’s approach.

So here’s an invitation to the White House, Google, the 3wC, interested BigCos (including CRM companies), developers of all sizes and journalists who are interested in building out genuine and cooperative relationships between demand and supply::::

Join us at IIW — the Internet Identity Workshop — in Mountain View, May 1-3. This is the unconference where developers and other helpful parties gather to talk things over and move development forward. No speakers, no panels, no BS. Just good conversation and productive work. It’s our fourteenth one, and they’ve all been highly productive.

As for the r-button, take it and run with it. It’s there for the development. It’s meaningful. We’re past square one. We’d love to have all the participation we can get, from the big guys as well as the little ones listed above and here.

To help get your thinking started, visit this presentation of one r-button scenario, by Adam Marcus of MIT. Here’s another view of the same work, which came of of a Google Summer of Code project through ProjectVRM and the Berkman Center:

(Props to Oshani Seneviratne and David Karger, also both of MIT, and Ahmad Bakhiet, of Kings College London, for work on that project.)

If we leave fixing the calf-cow problem entirely up to the BigCos and BigGov, it won’t get fixed. We have to work from the demand side as well. In economies, customers are the 100%.

Here are some other stories, mostly gathered by Zemanta:

All look at the symptoms, and supply-side cures. Time for the demand side to demand answers from itself. Fortunately, we’ve been listening, and the answers are coming.

Oh, and by the way, Mozilla has been offering “do not track” for a long time. Other tools are also available:

Stop making cows. Quit being calves.

The World Wide Web that invented in 1990 was a collection of linked documents. The Web we have today is a collection not just of documents (some of which we quaintly call pages), but of real estate we call sites. This Web is mostly a commercial one.

Even if most sites aren’t commercial (which they probably are), most search results bring up commercial sites anyway, thanks both to the abundance of commercial sites on the Web, and “search engine optimization” (SEO) by commercial site operators. Online ad spending in the U.S. alone will hit $40 billion this year, and much of that money river runs through Google and Bing.

But that’s a feature, not a bug. The bug is that we’ve framed our understanding of the Web around locations and not around the fabric of connections that define both the Net and the Web at the deepest level. That’s why nearly every new business idea starts with real estate: a site with an address. Or, in the ranching-based lingo of marketing, a brand.

The problem isn’t with the sites themselves, or even with the real estate model we use to describe and undersand them. It’s with their underlying architecture, called client-server. What client-server does is subordinate visitors to websites. It does this by putting nearly all responsibility on the server side, so visitors are just users, rather than participants with equal power and shared responsibility in a full-fledsged relationship. Thus the client-server relationship is roughly that of calf to cow:

calf-cow

From the teats of the cow-server, the calf-client sucks the milk of HTML, plus cookies.

are text files deposited by a website’s server in a visitor’s browser. Their original purpose was to help both the site and the visitor (the cow and the calf) remember where they were last time, and to retain other helpful information, such as logins and passwords.

Cookies are also a way for commercial cows and their business friends to keep track of their calves, regardless of where those calves travel, and what other cows they might suckle. Based on what they learn from tracking, these cows can, for example, produce much more “personalized” milk. So can third parties working with the cows. This motivation is all the rage today, especially around advertising.

But nearly all the investment is still on the sell side: the cow side, because that’s where all the power is concentrated, thanks to client-server. So we keep making better cows and cow-based systems, forgetting that the calves are actual human beings called customers. We also overlook opportunity in helping demand drive supply, rather than just in helping supply drive demand.

But some of us haven’t forgotten. One is Phil Windley, a Ph.D. computer scientist, former CIO of Utah, co-founder of , and the inventor and lead maintainer of a language called , plus the rules engine for executing KRL code. (Both are open source.) The rules are the individual’s own. The rules engine can go anywhere. No cow required.

To describe the box outside of which Phil thinks, he gives a great presentation on the history of e-commerce. It goes like this:

1995: Invention of the Cookie.

The End.

To describe where he’s going (along with Kynetx and the rest of the VRM development community), Phil wrote a new book, The Live Web (a term you might have first read about here), and has been publishing a series of blog posts that deal with what he calls . Think of your Personal Event Network as the Live Web that you, as a human being (rather than as a calf) operate. Live. In real time. Your own way. You can take advantage of services offered by the servers of the world (through APIs, for example). But it’s your network, and it’s built with your own relationships. It doesn’t replace client-server, but it gives servers lots to do besides being cows. In fact, the opportunities are boundless, because they’re in wide-open virgin territory.

A Personal Event Network puts you at the center of your Live Web, with your own apps, and your own rules for what follows from events in your web of relationships. “Personal event networks interact with each other as equals,” Phil says. “They aren’t client server in nature.” Here’s how Phil draws one example:

Personal Event Network

Look at the three items indside the personal cloud:

  • At the center are apps. We’re already familiar with those on our computers and mobile devices. While they might have connections to outside services, they are personal tools of our own. They are neither calves nor cows.
  • On the left is an RFQ, or a Request For Quote, also called a .
  • On the right are rules, written in KRL.

Together those control how we interact with all the devices and services on the outside, on the Live Web. Note that those outside items are not functioning as cows, even though they also live in the commercial Web’s client-server world. They are being engaged outside the cow function, mostly through s.

Here’s how Phil explains how this works for a guy named Tim, who has a relationship with a flower shop, described here:

Tim’s personal event network has a number of apps installed. It’s also is listening on many event channels. These channels are carrying events about everything from Tim’s phone and appliances to merchants he frequents.

REI and the flowershop both have separate channels into Tim’s personal event network. Consequently, Tim can

  • Manage them independently. If REI starts spamming Tim with events he doesn’t like, he can simply delete the channel and they’re gone.
  • Permission them independently. Tim might want to get certain events from REI and other’s from the flowershop. Which events can be carried on which channels is up to Tim.
  • Respond to them independently. Tim might want to get notification events from the flowershop delivered to his phone today because it’s his wife’s birthday whereas normally merchant communications are sent to his mail box.

Tim is in charge of whether and how events are delivered. He manages the channel, delivery, and response while the publishers of these event choose the content.

This cannot be done within the bovine graces of any one company — not Apple, Facebook, Google or Microsoft — no matter how rich their services might be, and no matter how well they treat their users and customers. And not matter how much they might insist that they’re not really treating their users and customers as calves.

But they’re still playing the cow role, and we’re still stuck as calves. That’s why we keep looking for better cows.

For example take The Real Problem With Google’s New Privacy Policy, in . The subtitle explains, “The tech giant owes users better tools to manage their information.” Well, that might be true. But we also need our own tools for managing relationships with Google — and every other site and service on the Web. And we need those tools to work the same way with every company, rather than different ways with every company.

(We have this, for example, with email, thanks to open, standard and widely deployed protocols. Email is fully human, even if we submit to playing the half-calf role inside, say, Gmail. We can still take our whole email pile outside of Gmail and put it on any other server, or host it ourselves. Email’s protocols and standards support that degree of independence, and therefore of humanity as well.)

Another example is The Ecommerce Revolution is All About You, in . Here’s the closing paragraph:

So shoppers, be prepared to give up your data. In the coming year, we’re going to see many more retail sites ramping up data-driven discovery. And e-commerce sites who aren’t thinking about how to mine social and other forms of data are probably going to be left in the dust by the Amazons and Netflix’s of the next wave of personalization.

Credit where due to Amazon and Netflix: their personalization is best-of-breed. Their breed just happens to be bovine.

As it did in 1995, Amazon today provides their own milk and cookies for their own calf-customers. As a loyal Amazon customer, I have no problem being its calf. But I can’t easily take my data (preferences, history, reviews etc.) from Amazon and use it myself, in my own ways, and for my own purposes. It’s their data, not mine.

The problem with this — for both Amazon and me — is that Amazon isn’t the whole World Live Web. I don’t shop only at Amazon, and I would like better ways of interacting with all sellers than any one seller alone can provide, even if they’re the world’s best online seller. (Which Amazon, arguably, is.)

So sure, the Ecommerce Revolution is “about us.” But if it’s our revolution, why aren’t we getting more of our own tools and weapons? Why should we keep depending on sellers’ personalization systems to do all the work of providing relevance for us as shoppers? Should we give up our data to those companies just so they can raise the click-through rates of their messages from one in less than a hundred to one in ninety-eight — especially when many of the misses will now be creepily “personalized” as well?

Shouldn’t we know more about what to do with our data than any seller can guess at? And if we don’t know yet, why not create companies that help us buy at least as well as other companies are help sellers sell?

Well, those kinds of companies are being created, and you’ll find a pile of them listed here, Kynetx among them.

VCs need to start looking seriously at development on the demand side. Kynetx is one among dozens of companies that are flying below the radar of too many VCs just looking at better cows, and better ways to sell — or worse, to “target,” “capture,” “acquire,” “lock in” and “manage” customers as if they were slaves or cattle.

The idea that free markets are your-choice-of-captor is a relic of a dying mass-market-driven mentality from the pre-Internet age. Free markets need free customers. And we’ll get them, because we’ll be them.

We — the customers — are where the money that matters most comes from. Driving that money into the marketplace are our own intentions as sovereign and independent human beings.

In the next few years we’ll build an Intention Economy, driven by customers equipped with their own tools, and their own ways of interacting with sellers, including their own terms of engagement. This was the promise of the Net and the Web in the first place, and we’ve awaited delivery for long enough.

Time’s up. The age of captivity is ending. Start placing your bets on the demand side.

Older posts

© 2014 ProjectVRM

Theme by Anders NorenUp ↑