Category: Problems (page 1 of 3)

State of the VRooM, 2014

As of today, ProjectVRM is eight years old.

So now seems like a good time for a comprehensive (or at least long) report on what we’ve been doing all this time, how we’ve been doing it, and what we’ve been learning along the way.

ProjectVRM has always been both a group effort and provisional in its outlook and methods. So look at everything below as a draft requiring improvement, and send me edits, either by email (dsearls at cyber dot law dot harvard dot edu) or by commenting below.


After eight years of encouraging development of tools and services that make individuals both independent and better able to engage, ProjectVRM (VRM stands for vendor relationship management) is experiencing success in many places; most coherently in France, the UK and Oceania (Australia and New Zealand). There are now dozens of VRM developers (though many descriptors besides VRM are used), and investor interest is shifting from the “push” to the “pull” side of the marketplace. Government encouragement of VRM is strongest in the UK and Australia.  ProjectVRM and its community are focused currently on “first person” technologies, privacy, trust, identity (including anonymity), relationship (including experience co-creation), substituability of services and the Internet of Things. Verticals are personal information management, relationship (VRM+CRM), identity, on-demand services, payments, messaging (e.g. secure email), health, automotive and real estate.  There are many possibilities for research, possibly starting with the effects on business of individuals being in full control of their sides of agreements with companies.

Here are shortcuts to each section:

  1. History
  2. Development
  3. Community
  4. Influence
  5. Issues
  6. Verticals
  7. Investment
  8. Research
  9. Questions

1. History

ProjectVRM is one of many research projects at the Berkman Center for Internet and Society at Harvard University. It started when I began a four-year fellowship at Berkman in September, 2006. In those days Berkman fellows were encouraged to work on a project. I had lots of guidance from Berkman staff and other veterans; but what best focused my purpose was something Terry Fisher said at one of the orientation talks. He said Berkman did its best to be neutral about the subjects it studies, but also that “we do look for effects.”

The effect-generating work for which I was best known at the time was The Cluetrain Manifesto, which I co-authored seven years earlier with Chris Locke, David Weinberger and Rick Levine. By most measures Cluetrain was a huge success. The original website launched a meme that won’t quit, and the book that followed was a bestseller.(It still sells well today). But I felt that its alpha clue, written by Chris Locke, still wasn’t true. It said,

we are not seats or eyeballs or end users or consumers.
we are human beings and our reach exceeds your grasp. deal with it.

There is a theory in there that says the Internet gives human beings (the first person we) the reach they need to exceed the grasp of marketers (the second person your).

So either the theory wasn’t true, or the Internet was a necessary but insufficient condition for the theory to prove out. I went with the latter and decided to to work on the missing stuff.

That stuff couldn’t come from marketers, because they were on the second person side. In legal terms, they were the second party, not the first. This is why their embrace  of  Cluetrain’s “markets are conversations” couldn’t do the job. Demand needed help that Supply couldn’t provide. What we needed, as individuals, were first party solutions — ones that worked for us.

The more I thought about the absence of first party solutions, the more I realized that this was a huge hole in the marketplace: one that was hard to see from the client-server perspective, always drawn like this:


While handy and normative, client-server is also retro. Here’s a graphic from Virtual Teams: People Working Across Boundaries with Technology (Jessical Lipnack and Jeffrey Stamps, 2000,  p. 47) that puts it in perspective:


Client-server is hierarchical, bureaucratic industrial and agricultural (see the image below). But it’s also most of what we experience on the Web, and also where the entirety of the supply side sits. So, even if Cluetrain is right when it says (in Thesis #7) “hyperlinks subvert hierarchy,” subversion goes slow when the people running the servers are in near-absolute control and hardly care at all about links. In less abstract terms, what we have on the Web is this:


As clients we go to servers for the milk of text, graphics, sound and videos. We get all those, plus cookies (and other tracking methods) to remember who we are and where we were the last time we showed up. And, since we’re just clients, and servers do all the heavy lifting  (and with technology what can be done will be done) the commercial Web’s ranch has turned into what Bruce Schneier calls Our Internet surveillance state.

By 2006 it was already clear to me that we could make the whole marketplace a lot bigger if individuals were fully capable human beings and not just calves — if we equipped Demand to drive Supply at least as well as Supply drives Demand.

To help people imagine what will happen when Demand reaches full power, I wrote a Linux Journal column a few months earlier, titled “The Intention Economy.” Here’s the gist of it:

The Intention Economy grows around buyers, not sellers. It leverages the simple fact that buyers are the first source of money, and that they come ready-made. You don’t need advertising to make them.

The Intention Economy is about markets, not marketing. You don’t need marketing to make Intention Markets.

The Intention Economy is built around truly open markets, not a collection of silos. In The Intention Economy, customers don’t have to fly from silo to silo, like a bees from flower to flower, collecting deal info (and unavoidable hype) like so much pollen. In The Intention Economy, the buyer notifies the market of the intent to buy, and sellers compete for the buyer’s purchase. Simple as that.

The Intention Economy is built around more than transactions. Conversations matter. So do relationships. So do reputation, authority and respect. Those virtues, however, are earned by sellers (as well as buyers) and not just “branded” by sellers on the minds of buyers like the symbols of ranchers burned on the hides of cattle.

The Intention Economy is about buyers finding sellers, not sellers finding (or “capturing”) buyers.

In The Intention Economy, a car rental customer should be able to say to the car rental market, “I’ll be skiing in Park City from March 20-25. I want to rent a 4-wheel drive SUV. I belong to Avis Wizard, Budget FastBreak and Hertz 1 Club. I don’t want to pay up front for gas or get any insurance. What can any of you companies do for me?” — and have the sellers compete for the buyer’s business.

This car rental use case is one I’ve used to illustrate what would be made possible by “user-centric” or “independent” identity, which was also the subject of the cover story in last October’s Linux Journal, plus this piece a year earlier, and various keynotes I’ve given at Digital Identity World, going back to 2002. It is also the use case against which the new open source Higgins project was framed.

Even though I’ve been thinking out loud about Independent Identity for years, I didn’t have a one-word adjective for the kind of market economy it would yield, or where it would thrive. Now, thanks to all the unclear talk at eTech about attention, intentional is that adjective, because intent is the noun that matters most in any economy that gives full respect to what only customers can do, which is buy.

Like so many other things that I write about (including everything I’ve written about identity), The Intention Economy is a provisional idea. It’s an observation that might have no traction at all. Or, it might be a snowball: an core idea with enough heft to roll, and with enough adhesion to grow, so others add their own thoughts and ideas to it.

So that’s the purpose I chose for my new Berkman project: to get a snowball of development rolling toward the Intention Economy.

The project has been lightweight from the start, consisting of myself* and other volunteers. Our instruments are this blog, a wiki, a mailing list and events. In gatherings of project volunteers at Berkman and elsewhere, we narrowed our focus to encouraging development of tools for independence and engagement. That is, tools that would make individuals both independent of other entities (especially companies) and better able to engage with them. These shaped the principles, goals and tools listed on our wiki.

The term VRM came about accidentally. I was talking about my still-nameless project on a Gillmor Gang podcast in October 2006. Another guest on the show, Mike Vizard, started using the term VRM, for Vendor Relationship Management — or the customer-side counterpart of CRM, for Customer Relationship Management, which was then about a $6.2 billion B2B software and services industry.  (It’s now past $20 billion.) The Gillmor Gang is a popular show, and the term stuck. It wasn’t perfect (we wanted a broader focus than “vendors,” which is also a B2B term, rather than C2B). But the market made a decision and we ran with it. Since then VRM has gained a broader meaning anyway. Every thing (hardware, software, policies, legal moves) that enables an individual to interact with full agency in any relationship is a  VRM thing. “RM” turns out to  be handy for sub-categories as well, such as GRM (government relationship management) and HRM (health relationship management).

ProjectVRM has always been unusual for Berkman in two ways. One is that it has been focused on business — the commercial side of the “society” in Berkman’s name. The other is that it put the development horse ahead of the research cart. So, while we always wanted to do research (and did some along the way, such as with ListenLog), we felt it was important to create research-worthy effects first.

My first mistake was thinking we would have those effects within a year. My second mistake was thinking we would have them within four years — the length of my fellowship. It has taken twice that long, and still requires one more piece. More about that below, in the Research and Opportunities sections.

In its early years, when it was pure pioneering, ProjectVRM had a lot of volunteer organizational help. There were weekly conference calls and meetings, and events held in Cambridge, London, San Francisco and elsewhere. But the main gatherings from the start were at the Internet Identity Workshop (IIW), an unconference I co-organize at the Computer History Museum in Mountain View. (Our next VRM Day is 27 October. Register here.)

IIW also started with Berkman help. It was first convened as a group I pulled together for a December 31, 2004 Gillmor Gang podcast on identity. Steve Gillmor called the nine participants in the show “The Identity Gang.” The conversation continued by phone and email, with growing energy. So we convened again, this time in person with a larger group, in February 2005 at Esther Dyson’s PC Forum in Scottsdale, Arizona. It was there that John Clippinger asked if we would like “a clubhouse” at Berkman. I said yes, and John had Paul Trevithick create a Berkman site for the gang. As interest collected around the site and its list, three members — Phil Windley (then CIO of Utah), Kaliya Hamlin (aka “IdentityWoman“) and I morphed the gang meetings into IIW, which met for the first time in Fall of 2005. Our 19th is coming up on 28-30 October. (Register here.)  It tends to have 180-250 participants from all over the world. While identity remains the central theme, as an unconference its topics can be whatever participants choose. VRM is always a main focus, however. And we always have a “VRM Day” at the Museum the day before IIW. The next is on 27 October. It’s free.

The Identity Gang  also grew out of other efforts by a number of individuals and groups:

I’ll leave it at those for now. Others can add to it and help me connect the dots later. What matters is that ProjectVRM has both roots and branches that intertwine with the digital identity movement. I unpack more in the Community section below. Meanwhile it is essential to note that Kim Cameron’s Seven Laws of Identity had a large guiding influence on ProjectVRM. This is partly because they were all good laws, but mostly because they came from the individual’s side:

  1. User control and consent
  2. Minimal disclosure for a constrained use
  3. Justifiable parties (“disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship”)
  4. Directed identity (“facilitating discovery while preventing unnecessary release of correlation handles”)
  5. Pluralism of operators and technologies
  6. Human integration
  7. Consistent experience across contexts

As you see, all of those should apply just as well to VRM tools and services.

We have had two interns in our history, both hugely helpful. The first was Doug Kochelek, an HLS law student with a BS and a EE from Rice. He came on board at the very beginning, in September 2006. He’s the guy who worked with Berkman’s Geek Cave to create the wiki, the blog and the list. He also shook down many technical problems along the way. The second was Alan Gregory, a 2009 summer intern and a law student at the University of Florida. Alan helped with research on the chilling effects of copyright expansion on Web streaming, which was a focus of a research project we did with PRX called ListenLog — a self-tracking feature installed in PRX’s Public Media Player iPhone app. (Here’s a presentation Alan and I did at a Fellows Hour.) ListenLog was the brainchild of Keith Hopper, then of NPR, and was years ahead of its time. Work on those projects was funded by a grant from the Surdna Foundation.

To keep its weight light and its work focused on development and relevant issues, ProjectVRM does not have its own presence on Twitter or Facebook. Its social media activity is instead comprised of postings by individual participants in the project, and the memes they drive. #VRM, for example, gets tweeted plenty, and has come to serve as shorthand for individual empowerment.

In 2007 we did a good job of publicizing what VRM and ProjectVRM were about, and got a lot of buzz. It was  premature, and our first big lesson: it’s not good to publicize anything for which the code isn’t ready. In the absence of code, it’s easy for commentators (such as here) to assume that what we’re trying to do can’t be done.

So we got more heads-down after that, and avoided publicity for its own sake.

not_iball1Still, the idea of VRM is attractive, especially to folks at the leading edge of CRM. This is what caused nearly an entire issue of CRM magazine to be devoted to VRM ,in May 2010. It too was ahead of its time, but it helped. So did two books that came out the same year: John Hagel’s The Power of Pull, and David Siegel’s Pull: The Power of the Semantic Web to Transform Your Business. John also helped in June 2012 with The Rise of Vendor Relationship Management.

That essay was a review of  The Intention Economy: When Customers Take Charge, which arrived in May from Harvard Business Review Press. The book reported on VRM development progress and detailed the projected shifts in market power that I first called for in my 2006 column with the same title.

While  The Cluetrain Manifesto has been a bigger seller, The Intention Economy Intention-economy-cover has had plenty of effects. Currently, for example, it is informing the work of Mozilla’s commercial arm, headed by Darren Herman, who this year hired @SeanBohan from the VRM talent pool. (Here’s a talk I gave at Mozilla in New York last month.) On the publicity side, the book was compressed to a Wall Street Journal full-page Review section cover essay titled “The Customer as a God.”

So far ProjectVRM has one spin-off: Customer Commons, a California-based nonprofit. Its mission is “restore the balance of power, respect and trust between individuals and organizations that serve them.” CuCo is a membership organization with the immodest ambition of attracting “the 100%.” In other words, all customers. And it is modeled to some degree on Creative Commons CustomerCommonsLogo4(a successful early Berkman spin-off), by serving as the neutral place where machine- and person-readable versions of personal terms, conditions, policies and preferences of the individual can be maintained. Among those terms will be those restricting or preventing unwanted tracking, and among those policies will be those establishing the boundaries we call privacy. Customer Commons is a client of the Cyberlaw Clinic, which is helping develop both. But much more can be done. We’ll visit that in the Opportunities section below.

2. Development

The list of VRM developers is now up to many dozens. While most don’t use the term “VRM” in marketing their offerings (nor do we push it), the term is gathering steam. For example, while updating the developers list a few minutes ago, I found two new companies that use VRM in the description of their offerings: InformationAnswers (“Where CRM meets VRM.”) and PeerCraft (“The main purpose for PeerCraft is to support Vendor Relation Management.”)

Some developers on our list are now familiar brands, though none started that way, and most did not exist when ProjectVRM began. Some of the successes (e.g. Uber and Lyft) have not been directly engaged with ProjectVRM, but are listed because they are what we call “VRooMy.” Other successes (e.g., and GetSatisfaction) have been engaged, one way or another. One that got a lot of notice lately is Thumbtack, for picking up a $100 million investment from Google. That’s atop the $30 million they got earlier this year.

In fact many VRM developers are now having an easier time getting money, thanks to a trend on which ProjectVRM has had influence: a shift of market interest away from “push” (e.g. advertising) and toward “pull” (e.g. VRM). (More about investment below.)

Several years ago, a bunch of VRM developers (and I) worked on developing SWIFT’s Digital Asset Grid. (SWIFT is the main international system for moving money around, and is headquartered in Belgium.) The code is open source, as is other VRooMy work in the financial sector. (Such as the stuff being done by the Romanian company I wrote about here.) OIX also maintains a set of “trust frameworks,” one of which is at the heart of the Respect Network, which I’ll unpack below.

While there is a lot of development in the U.S., and there are VRM startups scattered around the world, the three main hotbeds of activity are the UK, France and Oceania (Australia and New Zealand). Each is a community of its own, cohering in different ways. It’s helpful to visit each, because they represent unique contexts and resources for moving forward.

The UK

In the UK, government is central, through a role one official there calls “being a giant consumer of personal data from citizens.” It gets that data either from individuals directly or from companies that provide individuals with what are called variously called personal clouds, data stores, lockers and vaults. While all these companies perform as intermediaries, they work primarily for the individual. To differentiate this new class of company from traditional third parties, ProjectVRM calls them “fourth parties”. (That term is alien to lawyers, but is catching on anyway. For example, there is a new VRM company in Australia with the name “4th Party.”)

Leading the UK government in a VRooMy direction from the inside is in the Efficiency and Reform Group of the Government Digital Service (GDS) in the Cabinet Office.  In this presentation by Chris Ferguson, Deputy Director of the GDS we see the government pulling in big companies (e.g. Google, Equifax, Lexis-Nexis, Experian, Paypal, Royal Mail, BT, Amazon, O2, Symantec) to legitimize and engage fourth parties serving individuals (e.g. Mydex, Paoga and Allfiled).

Two outside groups working with the UK government are Ctrl-Shift and OIX (Open Identity Exchange). Ctrl-Shift is a research consultancy that has been engaged with ProjectVRM from the beginning. OIX is a Washington-based international .org focused on ‘building trust in online transactions.’


VRM is a familiar and well-understood concept in France. There are meetups (such as this one) and many VRooMy startups, such as Privowny (led by French folk and HQ’d in Palo Alto), CozyCloud, and OneCub. A big organizational driver of VRM in France is, a think tank that brings together large companies (e.g. Carrefour, Societe General, Orange and LaPoste) with small companies such as the ones I just mentioned. They do this around research projects. For example, ProjectVRM informed Fing’s Mesinfos research project (described here).


If we were to produce a heat map of VRM activity, perhaps the brightest area would be Australia and New Zealand. I’ve been down that way three times since June of last year, to help developers and participate in meetings and events. As with the UK, government in Australia is very supportive of VRM development, and with empowering individuals generally. (We met with three agencies on one of the trips: one with the federal government in Canberra and two with the New South Wales government in Sydney. One of them called citizens “customers” of government services, because “they pay for them.”) Startups there include Flamingo, Meeco, Welcomer, Geddup,4th Party, Fifth Quadrant, Onexus and the New Zealand based MyWave.

Recent changes in Australian privacy policy also attract and support VRM development. Australian companies (and government agencies) collecting personal data from people on the Web (or anywhere) are now required to make that data available to those people to use as they please. (Or so I understand it.) This gives Canberra-based Welcomer, for example, a reason to exist. Welcomer makes “private data dashboards” that “show collected summaries of the personal data held by organisations and by individuals including the person themselves. The dashboard gives a summary of personal data with the ability to link through to the source data (where required).”

This summer, the first commercial community to grow out of ProjectVRM work, the Respect Network (which Privacy By Design (PbD) calls the “World’s First Global Private Cloud Network”) held a world tour to launch the community and stimulate funding for members’ common goals, standards and code development. I was on the tour (London, San Francisco, Sydney, Tel Aviv), and wrote a report on the ProjectVRM blog. (Naturally, I shot pictures. Those are here. I also spoke at each venue. One of my Sydney talks is here.)

3. Community

To understand where ProjectVRM fits in the world, and how it works, I like the Competing Values Framework by Kim S. Cameron (no relation to the one above), Robert E. Quinn, Jeff DeGraff and Anjan Thakor:

Screen Shot 2014-09-01 at 5.48.45 PM

While there are many VRM developers operating in the lower half of that graphic, what ProjectVRM does is in the upper half of that diagram.  We have a collaborative clan of flexible and creative individuals in an adhocracy, working together on long-term transformational change.

Pretty much everything that gets criticized about our efforts falls in the lower half. That’s because we have no hierarchy and don’t work to control what anybody does. And progress on the whole  has been slow. (Though there are exceptions, such as Uber, Lyft and Thumbtack.)

That graphic is just one of many helpful ones in David Ronfeldt‘s Organizational forms compared, which he’s been updating since first publishing it in May 2009. One reason it is helpful is that the hierarchical short-term stuff is obvious and easily understood, while collaborative long term stuff is much harder to grok. It’s like the difference between weather and geology. Which makes me think that graphic should be flipped vertically: slow stuff on the bottom, fast stuff at the top. That’s what the Long Now foundation does with this graphic, which I’ve always loved:

layers of time

The change we want most is down in the culture, governance and infrastructure layers, even though our focus is on commerce. This also explains why we run into trouble when we play with fashion. The last thing we want is for VRM to be cool. (This is also a lesson I learned and re-learned over two decades of watching Linux, free software and open source for Linux Journal.)

The following graphics are all from David Ronfeldt’s scholastic gatherings. Each in its own way helps explain how our community works — and how it doesn’t. First, from one of Bob Jessop‘s many papers on governance and metagovernance (this one from 2003):

jessop figure

That’s our column on the right.

Then there is this, from Federico Iannacci and Eve Mitleton–Kelly’s Beyond markets and firms: the emergence of Open Source networks (First Monday, May, 2005):


That’s us in the middle. We’re a stable and decentralized heterarchy that coordinates by mutual adjustment.

Then there is this from Karen Stephenson‘s Neither Hierarchy nor Network: An Argument for Heterarchy (in Ross Dawson’s Trends in the Living Networks, April, 2009):


Again that’s us on the right.

Something I like about those last two is the respect they give to heterarchy, which has been a focus for many years of Adriana Lukas, another VRM stalwart who has been with the project since before the beginning. Here’s her TED talk on the subject.

Finally, there is this graphic, from  Clay Spinuzzi‘s Toward a Typology of Activities (2013):


In Spinuzzi’s Losing by Expanding: Corralling the Runaway Object, an object is identified as “a material or problem that is cyclically transformed by collective activity.” With our tacit, inductive and flexible approach, this also characterizes the way our community works.

One can see all this at work on the ProjectVRM mailing list, an active collection of 615 subscribers. We also meet in person twice a year at IIW, starting one day in advance of the event, with “VRM Day.” This adds up to a total of at least eight days per year of in-person collaboration time.

Most of the rest of the VRM community meets locally, or through the organizing work of organizations such as Respect Network (U.S. based, but spanning the world) and Fifth Quadrant (Sydney based, and focused on Australia and New Zealand).

There are many other organizations with which ProjectVRM is well aligned. Among them are:

If things go the way I expect, Mozilla will also emerge as a center of VRM interest and development as well. (For example, I expect VRM to be a topic in October at MozFestival in the U.K.

4. Influence

Nearly all VRM influence derives from the work of its volunteers and its developers. “Markets are conversations,” Cluetrain said, and we drive a lot of those. But they rarely get driven exactly the way I, or we, would like. Conversations are like that. EIC awardSo are heterarchical networks. Everybody wants to come at issues from their own angle, and often with their own vocabulary. We see that especially with analysts and think tanks. None of them like the term VRM. (In fact lots of developers avoid it as well. I don’t blame them, but we’re stuck with it.) Ctrl-Shift, for example, calls fourth parties PIMS, for Personal Information Management Services. Kuppinger-Cole, which gave ProjectVRM an award in 2008 (that’s the trophy on the right), insists on the term “Life Management Platforms.” (I pushed it for awhile. Didn’t take.) Here in the U.S., Forrester Research calls the same category PIDM for Personal Identity and Data Management. We don’t care, because we look for effects.

As for the influence of others on ProjectVRM, there are too many to list.

5. Issues

Privacy is the biggest one right now. (A Google search brings up more than five billion results). We’ve done a lot to drive interest in the topic, and have brought thought leadership to the topic as well. (Here is one example.) On behalf of ProjectVRM, I’ve participated in many privacy-focused events, such as the Data Privacy Hackathon earlier this year, and at GovLab gatherings such as the one reported on here. I’m also in Helen Nissenbaum‘s Privacy Research Group at the NYU Law School, where I presented ProjectVRM developers’ privacy work on February 26 of this year.

Tied in with privacy online, or lack of it, is users’ need to submit to onerous terms of service and meaningless privacy policies. Those terms, also called contracts of adhesion, have been normative ever since industry won the industrial revolution, but have become especially egregious in the online world. Today there is a crying need both for better terms on the sites’ and services’ side, and for terms individuals can asset on their side. From the beginning ProjectVRM has been focused mostly on the latter.

Trust is another huge issue, also tied with privacy. ProjectVRM has both encouraged and influenced the growth of “trust frameworks” such as the Respect Trust Framework and others (there are five) at OIX, as well as Open Mustard Seed and OpenPDS under IDcubed at the MIT Media Lab.

VRM+CRM has been a focus from the start, but the timing has not been right until now. At the beginning, we expected CRM companies to welcome VRM. Press and analysts in the CRM space were encouraging from the start (CRM Magazine devoted an entire issue to it in 2010), but the big CRM companies showed little interest, until this year.

Sitting astride or beside VRM and CRM is a category variously called CX (for Customer Experience), CRX (for Customer Relationship Experience), EM (for Experience Management) CEM or CXM (for Customer Experience Management) and other two and three-letter initialisms. Another happening in the midst of all these is “co-creation” of customer experience. The purpose here is to bring customers and companies together to co-create experience in a lab-like setting where research can be done. This is what Flamingo does in Australia. In a similar way, MyWave in New Zealand (with developers in Australia) “puts the customer in charge of their data and the experience” for a “direct ‘segment of one’ relationship with businesses.”

With the Internet of Things (IoT) heating up as a topic, there is also an increased focus, on the “own cycle,” rather than the “buy cycle” of the customer experience. I explain the difference here, using this graphic from Esteban Kolsky:


In our lives the own cycle is in fact the largest, because we own things — lots of them — all the time and are buying things only some of the time. In fact, most of the time we aren’t buying anything, or even close to looking. This is a festering problem with the advertising-driven commercial Web, which assumes that we are constantly in the market for whatever it is they push at us. In addition to not buying stuff all the time, we are employing more and more ways of turning advertising off (ad blockers are the top browser extensions). For advertising and ad-supported companies, including millions of ad-supported publishers on the Web, this is a mounting crisis. According to an August 2013 PageFair report, “up to 30% of web visitors are blocking ads, and that the number of adblocking users is growing at an astonishing 43% per year.” In The Intention Economy, I called online advertising a “bubble” and I stand by the claim. It’s just a matter of time.

As the stuff we own gets smart, and as more of it finds its way onto the Net service becomes far more important to companies than sales. And VRM developers are laying important groundwork in service. I wrote about this in Linux Journal last year, drawing special attention to the pioneering work led by Phil Windley, who has been a VRM stalwart since before the beginning. In fact it’s Phil’s work that makes clear that things themselves don’t need to be smart to exist on the Internet. All they need is clouds that are smart, which Phil calls picos for persistent computing objects. In this HBR post I explain how the shared clouds of products can be platforms for relationship between company and customers , with learnings flowing in both directions.

6. Verticals


This was the first for VRM, and it’s still a primary interest. We need tools on the individual’s side for managing many relationships. There still is not a good “relationship dashboard,” though there are a number of efforts in this direction. But as soon as we have code on the VRM side that matches up with code on the CRM side (including, for example, call centers, which are also interested in VRM), we’ll rock.


Even though ProjectVRM’s mission is centered around relationship and conversation, transaction is a big part of it too — just not the only part, as business often assumes. Our first efforts, starting in 2006, were around making it as easy as possible for individuals to donate money in one standard way to many different public radio stations.

We have been involved in many meetings and discussions around payments and secure data transactions, and some projects as well. We worked with SWIFT on the Digital Asset Grid, and have been in conversations with banks (e.g. Chase) and VISA Europe for a long time as well. With the rise of alternative currencies (e.g. Bitcoin), distributed accounting (e.g. Blockchain), digital wallets and other new means for transacting and accounting, there are many ways for VRM developments to play.


In what is being called “post-Snowden time,” many new secure and encrypted email approaches have evolved. While some are listed on the ProjectVRM developers list, we haven’t been very involved with them — at least not yet. But we are involved with developers working on privacy-protecting tools that can either be embedded in existing email systems or offer alternative communications “tunnels.”

Personal information Management

There are two breeds of development here.

One is fourth party services and code bases for managing and sharing personal data selectively online. There are now many of these. Some support self-hosting as well. (ProjectVRM has always been supportive of free software, open source, and the “first person technology” and “indie” movements.) One organization, the Respect Network, was created to provide a framework for substitutability of services and apps.

The other is code the individual uses to manage his or her own life, and connections out to the world. This is where calendar, email, IM, to-do lists, password managers and other convenience-producing apps for the connected world come together. There is no leader here, though there are many players, including Apple, Microsoft and Google.  So far, this area has only seen centralized and siloed players, with inherent security and data mining disadvantages. But recently, commercial and open source conversations about a decentralized approach to this opportunity have been taking place.

A test case for VRM that applies to both kinds of solutions is this: being able to change my address, my last name or my phone number for many services in one move. This is exactly what the UK government is calling for from citizens’ personal information management systems (what Ctrl-Shift calls PIMS). A citizen should be able to change her address for the Royal Mail, the Passport Office and the National Health Service, all at once. Bonus links: Making things open, making things better, by Mike Bracken in the Gov.UK Government Digital Service blog, where Mike’s prior post, Reading the Digital Revolution featured this illustration by our old friend Paul Downey:


Apple’s HealthKit and HomeKit, which go live with the release of iOS 8on 9 September, also have some VRM developers excited, because it will make this kind of integration at the individual end easy to do in two verticals: Health and Home Automation.


Early on with ProjectVRM, I avoided health as an issue, because I wanted to see real progress in my lifetime — and I felt that the situation in the U.S. was fubar. But other VRM folk did not agree, and have pushed VRM forward very aggressively in the health field. Dr. Adrian Gropper and Dr. Deborah Peel of Patient Privacy Rights have done a remarkable job of carrying the VRM flag up a very steep and slippery hill. Berkman veteran John Wilbanks is another active ProjectVRM volunteer whose work in health is broad, deep, influential and at the leading edge of the pioneering space where personal agency engages the wild and broken world of the U.S. health care system. Brian Behlendorf, the primary developer of the Apache Web server (which hosts the largest share of the world’s Web sites and services) and the CONNECT open source code base for health service collaboration, is also an active participant in ProjectVRM.

A number of VRM developers are working with, or paying close attention to, Apple’s HealthKit. In the words of one of those developers, “It’s very VRooMy.” HealthKit developments go live when Apple rolls out iOS 8 on 9 September.


While a number of car makers are eager to spy on drivers, Volkswagen has put a stake in the ground. In March, Volkswagen CEO Martin Winkerhorn gave a keynote at the Cebit show that drew this headline: “Das Auto darf nicht zur Datenkrake warden.” My rusty Deutsch tells me he’s saying the car shouldn’t be a data octopus.

Toward that end, Phil Windley’s Kickstarter-based  Fuse will give drivers and car owners all the data churned out of their cars’ ODB-II port, which was created originally for diagnostics at car dealers and service stations. With an open API around that data, developers can create apps to alert you to schedule maintenance, monitor your teen’s driving and much more.

Real Estate

The only products that cost us more than cars are homes. Here too we have a VRM advocate in Cambridge-based Bill Wendell of Real Estate Café. He has always been way ahead of his time, but it’s clear his time is coming. (Here’s Bill leading a session on VRM in Real Estate at IIW 18 in May.)

7. Investment

There is an upswing of investment in start-ups on the “pull” — the individual’s — side of the marketplace. Many wealthy individuals, some quite new to tech investing, perceive an opportunity in “pull” side tools, so interest is building, especially in angel funding. There are currently at least three initiatives coming together to invest in VRM or intention based start-ups in Silicon Valley and Europe. This is one of the outcomes of the last IIW (in May of this year), where investment emerged as a big theme, with a number of VC’s for the first time participating in IIW sessions. I’m involved in planning a VRM specific fund, which is still in its preliminary stages. If it moves forward (which I believe it will), it should come into shape by next year.

In some cases government is also involved. In the UK, for example, the SEIS (Seed Enterprise Investment Scheme) program offers huge tax incentives to angel investors.

8. Research

There are many questions we can probe with research, but only one I want to work on in the near term: What happens when individuals come to websites with their own agreeable terms?creativecommons-licenses

Such as, “I’m cool with you tracking me on your site, but don’t follow me when I leave.” And, on the site’s side,  “We’re cool with that.” In proper legalese, of course — but expressed on both sides in code and symbols that work like Creative Commons’ licenses (there on the right).

The Cyberlaw Clinic is already involved, though its work with Customer Commons on a broader set of terms than the one I just mentioned, and Berkman’s own  Privacy Tools for Sharing Research Data could assist with and follow the process, both through the term-creation process and as the terms get implemented in code and materialize on the Web.

We would be dealing with cooperative efforts that require this already. One is Respect Network’s Respect Connect “Login with Respect” button.  As I explain here, the terms of OIX’s Respect Trust frame require the setting of, and respect for, the boundaries of individuals. This can be done, even within the calf-cow framework of client-server.

Respect Connect  is based onXDI, which the Respect Trust Framework also specifies. XDI is a protocol that employs “link respect-connect-buttoncontracts.” Drummond Reed, the father of XDI (and CEO of the Respect Network) describes link contracts as “machine-readable XDI descriptions of the permissions an individual is giving to another party for access to and usage of the owner’s personal data.” Very handy. And binding. In code.

Mozilla has also made efforts in this same direction, most recently with  Persona (there on the right). We can help them out with this work, and I am sure other and other browser makers will also want to get on board — which they should, and with Berkman’s convening power probably will.

At the end of the project we will have both standard terms for posting at Customer Commons and reference implementations hosted by Berkman, or shared by Berkman over Github or some other data repository.

And we would bring to the table many dozens of developers already eager to see increased agency and term-proffering power on the individual’s side. I can easily see privacy dashboards, on both the client and the server sides of websites.

(Thinking out loud here…) We could host focused discussions and invite participants (including law folk — especially students, from anywhere) to vet terms the way the IETF vets Internet standards: with RFCs, or Requests for Comments. Some open source code for this already exists with Adblock Plus’s white list for non-surveillance-based advertisers. I would hope they’d be eager to participate as well. We (ProjectVRM, the Berkman Center or Customer Commons) could publish lists of conformant requirements for website and Web service providers, and lists (or databases) of conformant ones.

This work would also separate respectful actors on the supply side of the marketplace from ones that want to stick with the surveillance model.

While there are lots of things we could do, this is the one I know will have the most leverage in the shortest time, and would be great fun as well.

It is also highly cross-disciplinary, with many lines of cooperation and collaboration within the university and out to the rest of the world. Right at Berkman we have the  Privacy Tools for Sharing Research Data project and its many connections to other centers at Harvard. Its mission — “to help enable the collection, analysis, and sharing of personal data for research in social science and other fields while providing privacy for individual subjects” — is up many VRM development alleys, especially around health care.

9. Questions

What if we fail?

What if it turns out that free customers are not more valuable than captive ones for most businesses? That’s been the default belief of big business ever since it was born.

What if the free market on the Net turns out to be “Your choice of captor?” Client-server lends itself to that, although we can work around its inequities with moves like the one proposed in the Research section above.

What if the only VRM implementations that succeed in the marketplace are silo’d and non-substitutable ones? To some degree, that’s what we have with Uber and Lyft. While they are substitutable (as two apps on one phone), we don’t yet have a way to intentcast to multiple ride sharing providers at once, or to keep data that applies to both. Maybe we will in the long run, but so far we don’t.

Apple may be VRooMy with HealthKit and HomeKit, but both still operate within Apples silo. You won’t be able to use them on Android (far as I know, anyway).

And what if the Internet of Things turns out to be a world of silos as well? This too is the default, so far. Phil Windley mocks the Apple of Things and the Google of Things by calling both The Compuserve of Things — and making the case for substitutablility as well.

And what if customers just don’t care? This too is the default: the body at rest that tends to stay at rest. For VRM to fully happen, the whole body needs to be in motion — to move from one Newtonian state to another. It’s doing that in places, but not across the board.

Finally, what if we succeed? VRM is about making a paradigm shift happen. So was  Cluetrain before it. On the plus side, the Net itself lays the infrastructural groundwork for that shift. But the rest is up to us.

Whether we  fail or succeed (or both), there will be plenty to study. And that’s been the idea from the start too.


* Disclosures: I was paid modest sums as a fellow early on, but otherwise have received no compensation from the Berkman Center. I make my living as a speaker, writer and consultant. I have consulted a number of companies listed on the ProjectVRM development work page, and am on the boards of two start-ups: Qredo in the U.K. and Flamingo in Australia. In my work for them my main goal is to see VRM succeed, and I don’t play favorites in competition between VRM companies.

Cluetrain’s One Clue

dillo2Most people reading The Cluetrain Manifesto go straight to its 95 Theses, and usually quote the top one. I won’t mention it, because I would rather focus on Cluetrain’s main clue, which most people miss. It says this:

“if you only have time for one clue this year, this is the one to get…

we are not seats or eyeballs or end users or consumers.
we are human beings and our reach exceeds your grasp.

deal with it.

This statement expresses the full Cluetrain spirit —not only because of what it says, but because it adrenalized us, and guided everything we wrote in the Manifesto from that moment forward.

If Chris Locke hadn’t sent that little .gif to David Weinberger, Rick Levine and me, it’s possible (or probable) that Cluetrain would not have been written. The One Clue was, and remains, that important.

I think there are four reasons why Cluetrain’s One Clue rarely gets quoted:

  1. It’s separated from the 95.
  2. It’s a graphic, so people can’t copy/paste text out of it.
  3. It’s too hard for business people to accept.  And, because of that,
  4. It’s not yet true.

I have come to believe it is mostly #3 and #4.

Cluetrain went up first as a website, in April 1999. Its first edition as a book went out in January 2000. (“Just in time to cause The Crash,” some have said.) It was niched from the start as a business book (subhead: “The end of business as usual”). And, from the start, it has been  stocked with marketing books in the business sections of bookstores, libraries, and  Amazon. Most of its readers are also marketing folk. They’re the ones who made the book a bestseller, and they are the ones tweeting about it as well. (Typically, many times per day.)

Irony: the One Clue was spoken straight to marketers, yet many of them (even clueful ones) are still treating us as seats, eyeballs, end users and consumers, and not as fully empowered human beings. Worse, many of them (or their systems) are spying on us in ways that simple manners would never allow in the physical world.

I started ProjectVRM because I believed #4 was true: our reach did not yet exceed marketers’ grasp. I also felt that marketers (and all of business) would benefit from increased native individual power. But something needed to be done before that could prove out.

We adopted the term VRM — Vendor Relationship Management — because it worked as the customer-side counterpart of CRM — Customer Relationship Management, which was already a many-$billion B2B business. In fact VRM is broader than that, because it applies to relationships with organizations, government agencies, and even each other. But the baby was named, and we stuck with it.

ProjectVRM is coming up on its 8th birthday in September.  We’ve made huge progress over the years. There are now many dozens of developers around the world, working on VRooMy tools, services and code bases. But we will not have succeeded fully until the One Clue proves true — or at least accepted , and therefore a just a historic artifact, rather than a glaring irony stuck in the craw of Business as Usual.

One tool still missing in the VRM box is the ability to set one’s own terms, conditions, policies and preferences, in one’s own way, for every company or service one deals with.

This capability was foreclosed early in the Industrial Age. That was when mass manufacturing, distribution and (eventually) marketing needed scale. Thus “standard form” or “adhesive” agreements, for many customers at once, became the norm in big business throughout the Industrial Age.

I expected them to be obsoleted as soon as we got the Internet. Instead they became far more widespread and abused on the Net than in the physical world.

An example is websites. We need to be able to say, for example, “I will only accept the following kinds of cookies, for the following constrained purposes.” Or, “If we already know each other, and it’s cool with me, you can follow me as I go about my business, but only for purposes I allow and you agree to.”

We would say this in proper legalese, of course, and in forms that are readable by machines and ordinary muggles, as well as lawyers — like we have with Creative Commons licenses.

Writing these personal terms and policies is a challenge raised by references to “boundaries” in the Respect Trust Framework, which I visited in Time for digital emancipation  and  What do sites need from social login buttons?

We created Customer Commons to do for  personal boundaries what Creative Commons does for copyright. That’s why I want to see at least some of those terms inside Customer Commons, and put to use across the Web, before ProjectVRM’s 9th birthday.

Meanwhile, big thanks to the Berkman Center for giving us a great clubhouse for all these years. It’s been huge.

Cracks in the walls of the online advertising castle

On the advice of @SteveLohr and @michikokakutani ‘s review in The New York Times, I just ordered Dave Eggers‘ The Circle — a tale of the dystopian present taken to its future extreme: a world where we are all fully devolved into data, and one big company serves us exactly the poop it knows — and helps — us want.

Provided, of course, that there is still money in it.

But there won’t be. The most vulnerable big money game in the commercial Web today is advertising — and it’s headed for a dive, if not a crash. That’s the case @TimHwang and @AdiKamdar make in The Theory of Peak Advertising and the Future of the Web. It’s also the one @DonMarti makes in Targeted Advertising Considered Harmful, and that I make too, in both The Intention Economy: When Customers Take Charge and Beyond the Advertising Bubble, a post I put up earlier today at Customer Commons.

In addition to the evidence compiled in those sources, there’s Flash Ad Takeovers Drive 55% of Consumers Away (by Tyler Loechner in MediaPost). The headline actually understates the case. Here’s the opener:

Adblade, a content-style ad network, commissioned a study carried out by research company Toluna which found that 82% of consumers feel that online ads are “detrimental” to their online experience at least some of the time. The report focused on questions revolving around the obtrusiveness of ads…

The emphasis is mine, not that it’s required. More stats:

When it comes to ads causing one to navigate away from content, an overwhelming majority (55%) of respondents said flash ad takeovers are most likely to do the trick. The ad type that is second-most likely to drive consumers away from a page are right-side banner ads (10.4%). Pre-roll (9%), top banner (8.5%), and middle-of-the-page ads (7.1%) round out the top five.

The source might be a bit self-serving, though. See here:

Over 66% of respondents believe middle-of-the-page ads to be the most obtrusive, compared to just 4% for end-of-article ads.

Adblade specializes in end-of-article ad placements, so those particular results play into their hands.

Still, we’re talking about least-aversive stuff here.

That’s always been an imperative of sub-optimal advertising, though not of advertising that actually appeals. And indeed, appealing advertising does exist. Every fat magazine testifies to the fact of advertising that appeals in some settings at least as much as does the editorial. Note that those ads are not personal, and depend not at all on surveillance of privacy invasions of any kind. They simply do a good job of sending strong signals — economic and otherwise — to populations that are interested in them.

The other breed of in-demand advertising, I would ad, are classifieds. The success of Craigslist and Google’s (search-results) Adwords  attest to that as well. Note that those don’t creep us out. At their best, they just work.

And that’s what always wins in the long run.

Identity is personal

It’s as simple as that.

Identity is not corporate. That means no company is going to “win” at personal identity, any more than any company can win at being you or me. It makes no sense.

But meanwhile, there’s this big war going on over identity, that Mike Elgan of CultOfMac covers (from the Apple side) in Why the ‘i’ in iPhone Will Stand For ‘Identity’. Writes Mike,

Google honcho Eric Schmidt came right out and said it: “Google+ was created primarily as an identity service.”

And Om Malik nailed it when he said: “The real power of Facebook lies in controlling connected identity.”

Both Google and Facebook made big pushes to turn their social networks into solid identity services. And both those attempts have largely failed so far.

But Apple can win, Mike says. Here’s why:

think Apple can succeed where the social networks failed.

The reason is that Apple has a better deal for users. The social network proposed both a small stick and a small carrot: Use one account and use your real name because then everything is better. That approach failed.

Apple’s proposition is much better: Use the Identity iPhone, and stop keying in passwords, credit card numbers, billing information and more. As you cruise through the Internet, all the doors will open for you and you can securely use and buy and access anything you want without any work.

How Apple Will Use the Identity iPhone

Once you’ve associated your actual fingerprint with your iPhone, your iPhone becomes you — better than a photo ID, better than a signature, better than a password.

Today, a swipe of the finger on an iPhone conjures up the 4-digit passcode lock. If you spend some quality time with the Passcode Lock page in Settings, you can see that you have an option to turn it on or off, require it immediately or after one, five or fifteen minutes or after one or four hours. It also allows you to access or not access Passbook and the ability to reply to a message when the phone is locked.

All those settings may be identical to the fingerprint scanning feature of the next iPhone….

I believe Apple intends to build both NFC and fingerprint readers into iMacs and iPads.

When you set your iPhone next to the keyboard of your iMac, all your online activity will identity you to various sites, which means that you’ll have an “E-Z Pass” right through password dialogs and credit card pages. You’ll just be able to log in as you and buy stuff without typing anything…

In the Real World, you’ll be able to authenticate purchases either via Bluetooth or NFC, skipping the line at the movie theater, department store and gas station. You’ll be billed, and be able to pay for your restaurant meal without the waiter’s involvement. (Letting a stranger take your credit card out of your sight is one of the weakest links in the way commerce works right now.)

As I wrote in Identity systems, failing to communicate,

What’s fucked up about identity is that every site and service has its own identity system. None are yours. All are theirs, all are silo’d, and all are different. For this we can thank the calf-cow model of client-server computing, and we are stuck in it. That’s why we are forced to remember how we identify ourselves, separately, as calves, to many different cows, each of which act like they’re the only damn cow in the world.

And I gotta say, Apple sucks at being an identity cow. I am three different calves to Apple right now. That is, three different AppleIDs. I have spoken to Apple people many times about their need to merge customer namespaces, and they give me the same answer every time: it’s too hard. Worse, they’ve screwed it up over and over. An Apple mail account that was once  foo at then became  foo at is now also  foo at  On that basis alone Apple amply demonstrates the namespace problem, which might be the oldest problem (that’s still with us) in all of computing.

Einstein saidNo problem can be solved from the same level of consciousness that created it. The namespace problem was created — and worsened — by companies creating more namespaces. One more bigfoot creating one more way to leverage its own private namespace to the whole world is not a solution. It’s one more problem to solve.

The only way to solve the identity problem is where the most pain is felt: at the individual level.

This is a very hard fact for enterprise-level solution-makers to grok, because at their level the solution is always yet another namespace or yet another bigfoot company pushing yet another technical solution. That, in effect, is what Mike says Apple will do here. And they will fail, just like Facebook, Google, Microsoft (remember Hailstorm and Passport?) and every other bigfoot has failed. Because they can’t solve it.

Meanwhile, we’ve solved this kind of thing before at the personal level, over and over, and we will do it again.

If you want to help work on it, come to the Internet Identity Workshop next week in Mountain View. That’s where the real work is happening.


The VRM perspective

The VRM perspective is independence.Liberty Bell

This isn’t new. In fact, it’s as old as the Net. It is also nearly forgotten. Billions have never experienced it.

When the Net first came into common use, in 1995, independence was what anybody felt who started up a browser and surfed from place to place, or who built a site on a domain of one’s own, with its own name and email addresses.

To do anything substantive on the Net today, we use personalized services that require us to live inside corporate walled gardens. We have these with Google apps and Drive, Apple’s iCloud, and “social” systems such as Facebook and Twitter. Adobe and Microsoft are also now pushing hard for us to rent software as a service (SaaS), so we no longer own and run software for ourselves on our own machines.

Bruce Schneier compares today’s walled gardens to castles in a feudal system. We are vassals within these systems. Our job with VRM is not to fight these systems, but to equip individuals with their own tools of independence and engagement: to make them the points of integration for their own data, and of origination for what gets done with it.

To cease being vassals requires that we possess full agency: the power to act, with effect. We cannot do that without tools that are ours alone. Just as our bodies and souls are ours alone, yet also work in human society, we need tools that are ours alone, yet also work in the world of connections that comprises the Net.

To operate with full agency we need a full box of VRM tools — plus two other things. One is substitutability of the services we engage. The other is freedom of contract.

Substitutability means we have a choice, say, of intentcasting services, of quantified self gizmos and service providers, of health care data and service providers, and of trust networks and personal cloud service providers — just as we have a choice today among email service providers, including the choice to host our own email.

Freedom of contract means we don’t always have to subordinate our power and will to dominant parties in calf-cow ceremonies (e.g. clicking “accept” to one-sided terms we don’t read because there’s no point to it). We can design automated processes by which both parties come to mutually respectful agreements, just as we have with handshake agreements in the physical world.

Both of these virtues need to be design principles for VRM developers. If they are, we can save the Net by empowering ourselves.


Wanted: a handshake across the paywall

For five years I was a loyal subscriber to the Boston Globe. When I was out of town, which was a lot, I’d read it online, because the print subscription covered that too.

This academic year I’m out of town more, so I canceled the subscription, because I didn’t want to pay $3.99 per week for a digital-only subscription. Not when I’m also in Santa Barbara, Los Angeles, San Francisco, New York and other places, with other papers that I also like to read — and to pay for, preferably on an à la carte basis, or something close to it, like I can when I buy a paper at a newsstand. There’s no way to do that. But I still go to the Globe often, to catch a story, such as this one, which hits a paywall:

I only get that on the browser I use most, and which I assume carries a cookie telling the Globe that I’ve visited too often without subscribing. It’s annoying, but I get around it by using other browsers and other machines.

I don’t do that to avoid paying. In fact I’d be glad to pay, because I believe information wants to be free but value wants to be paid for. That means I’m willing to pay something for all the media I use, including music for which I hold rights to play (one doesn’t really “own” music, but instead holds rights to it). But this is impossible as long as media vendors supply all the mechanisms of relationship. There’s no handshake with that system. Just the sound of one hand slapping.

The promo-covered paywall in the screen shot above tells me the Globe’s subscription system has no idea that I was a loyal subscriber for a long time, and am willing to pay more than the $0 that I’m paying when I go around their wall. It also tells me the Globe values data justifying its 99¢/week promo more than its relationship with me as a reader and a long-term subscriber. But I’m not insulted because I know I’m not dealing with human beings here; just a software routine.

Many questions come to mind when I look at a fail like this. Like, Why should a new subscriber get a better deal than a veteran one? Why not have, say, a frequent-reader program, modeled on airline frequent flyer programs?

The answer is that it’s a pain in the ass for a paper (or any business) to do something different than what it already does. In the Globe’s case the bureaucratic overhead is even higher than it looks, because the Globe is a subsidiary of the New York Times, which has the same 99¢ promo (that I wrote about almost a year ago). Even if the two papers don’t use the same content management and subscription software, the policies obviously work in tandem, meaning there is at least twice the inertia to overcome.

Additional inertia is locked up in the heavy burden of sole responsibility for a “relationship” that barely qualifies for the noun. If I had a real relationship with the Globe, I could respond to the above with a message that says “Hi, there. You know me. Remember? I do. Here’s the evidence. Now, can we come up with something that works for both of us here?”  CRM (Customer Relationship Management systems should help, but typically don’t. “Social” CRM is built to listen for signals from prospects or customers; but neither Twitter nor Facebook are mine, nor do they represent me as fourth parties — ones that work for me.  (Twitter and Facebook may serve me, in a way; but they are paid for that work by advertisers.)

There are some VRM-friendly signs on the horizon. For example, in this Guardian interview, Tien Tzuo, the founder and CEO of Zuora, explains what he calls “Paywall 2.0.” Here’s what he says about 3:50 into the video:

Don’t think about it as just a paywall. Don’t think about it as just a tollbooth for you to make money. Think about it as an ongoing dialog with your customers, and allow your paywall to stretch, and go to where your customers really want to go.

(Disclosure: last year I gave a speech at a Zuora event in London.) I want the Globe and the Times to have 2.0-generation paywalls: ones that stretch to embrace my loyalty and my good intentions. I would also like that embrace to appreciate independent signaling from my side of the relationship, not just what it picks up from CRM radar pointed at social media. (And let’s face it: If I have to go on Twitter to get some action out of a company, there’s a failure in direct communication. Here’s one example.)

We also need the VRM tools that match up with 2.0 generation ones on the media sellers’ side. For example, let’s say I budget $2 per day toward all the media I use. (A lexical digression: I don’t “consume” media any more than I consume a hammer. That’s why I say “use” instead of “consume.”) And let’s say  I have the capacity to track what I use, in a QS (quantified self) kind of way. Then let’s say that I’m ready to divide that $2 up and parse it out, using an EmanciPay system. This would put money on the market’s table.

Then maybe, once the money is on the table, we can shake hands over it and actually do business.

Bonus link: House of news



VRM in 2013

Two positive pats on the VRM back greeted the new year and got me thinking.

The first is Jim Harris’ Small Data and VRM — his prediction for 2013 in the @DataRoundtable blog. He writes,

One of the reasons that vendors are getting geeky over Big Data is because they claim that they want to use it to become more customer-centric and better understand customer behavior when, in reality, what vendors really want is to become more customer-captive and better control customer behavior.

However, the alternative to each individual vendor using Big Data to collect and manage HoardaBytesof information about multiple customers is to invert the one-vendor-to-many-customers paradigm by embracing a one-customer-to-many-vendors paradigm. Individual customers would own and manage the Small Data needed to accurately describe themselves, protect the privacy of their data and decide for themselves how their data – and how much of their data – is shared with vendors.

My lament over vendors historically not allowing us to own our own data, which I have been referring to as the Fundamental Flaw of Customer MDM since 2010, is a topic I return to on a regular basis, including my recent blog series about social MDM that received some thought-provoking commentary, among which was an excellent book recommendation made by Jean-Michel Franco.

… and then quotes The Intention Economy for several paragraphs before concluding,

The status quo will always fight the future, but change is the only universal constant. I hope 2013 will see the beginning of the changes – almost none of which are technological in nature – needed to bring about this long overdue paradigm shift in data and customer relationship management.

Keith Teare in Techcrunch sees the same changes coming, and visits them at length in Unnatural Acts and the Rise of Mobile. Here’s a compressed version of his post:

There is a new law emerging in cyberspace. As desktop traffic growth declines, and mobile adoption explodes, predatory marketers need to monetize mobile traffic or die trying.

As this law takes hold, bad behavior is replacing smart long-term product thinking. The result is an explosion of unnatural acts of engagement. Facebook allows users to escape its filters (designed to give a good experience) by paying to force their Facebook posts in front of their friends — $7 a time and you’re golden. Twitter sends constant reminders about “what you missed” on its service. Google Plus has notification defaults set to a level that results in constant stream of inane emails.

Users are the net losers in this festival of lowering the bar when it comes to how badly behaved a marketer is permitted to be in order to drive use…

The possibility exists in 2013 that the absolute revenues of the major players will decline as desktop revenues suffer and mobile revenues fail to make up the difference, even as they grow dramatically. This nightmare scenario is key to understanding what is driving bad behavior by marketers and product leaders. Bradley Horowitz recently made some pretty good jokes about Facebook’s bad behavior, but Google is not immune from this disease…

The need to monetize mobile traffic will dominate Google, Facebook, Twitter and others in 2013. And the pressure is to do it quickly due to the collapse in the growth of desktop-based traffic. Successful CMOs will avoid the pitfalls of driving unnatural acts of engagement and focus on user-benefits derived from monetization strategies…

I have lost count of how many ads offering me products that I have already purchased have flown past me on various sites and devices recently. Even the ad stream is becoming polluted. Targeting efforts are at the bottom of this trend. But from a user point of view targeting is poor and therefore irritating. The recent attempt by Facebook to alter the Instagram terms and conditions, and privacy policy, was a mistake, and acknowledged, but nonetheless it was driven by these desperate efforts…

currently all roads point to several varied attempts to re-portalize; that is to say, to own your own traffic and seek to monetize it. This is the old Yahoo view of the world and it clearly represents a limited mindset that will not scale to the huge mobile opportunity. For Twitter in particular, which has a large global opportunity as a platform, this trend represents a shrinking of its real opportunity…

Advertising is so far disappointing both in terms of its scale and its growth trajectory, as well as the value of a CPM. This disappointment forces mobile marketers to either innovate in the meaning of advertising on mobile or to systematically force feed both a large volume of ads, as well as attempt to target those ads in such a way that higher CPMs can be achieved. Everybody becoming an advertiser and paying for one’s attention is one way we see this. Limiting the distribution of a post, and then incenting payment for the post to be seen, is the ultimate in bad behavior. It won’t work out well…

Intimacy and long-term relationships are a forgotten goal.

The essence of good behavior is to start by helping the user achieve a goal. The essence of a mobile device is that it is intimate… The short-term revenue win from displaying an ad is offset by the long-term relationship damage done between the user and the publisher showing the ad. The sense of being a “target” rather than a person is a growing experience, as our sensibilities are increasingly offended…

The net impact of desperation-driven bad behavior is that users become cynical of publishers they formerly embraced. Privacy invasions, behavior changes by apps, and other experiences lead to the assumption that we, the users, are nothing more than ad fodder. The sad thing here is that users want their favorite publishers to make money, so that they can fund the app or service in question. But the crude methods of monetization are leading to alienation, not love…

The real nightmare for the industry here is that advertisers also become cynical. Upsetting users is not high on the list of advertisers’ goals. As users react, advertisers will run in the opposite direction. The already slow growth of mobile advertising will slow even further and the already large gap between the hours spent on mobile and the advertising dollars focused on it will grow further. Nobody wants this, but everybody is fuelling it. It is time to take a deep breath and collectively think about how to have the opposite impact…

New apps and services can grow quickly by offering intimacy and control to users.

Intimacy is the currency on mobile. Intimacy is a great thing, of course. Users love the ability to engage with those they like, love, and admire, and even those they hate and detest, in a personal mobile space. Apps that feed or empower this intimacy have prospered. Apps that trample over it have suffered… Mobile is 100 percent intimate, and bad behavior – and I include targeting here – will fail to produce scalable revenues. Doc Searls, in his Vendor Realtionship Management thoughts, has captured much of this thinking. His book “The Intention Economy, When Customers Take Charge” is a must-read book for the class of 2013 CMOs…

I definitely long for an unpolluted stream that is 100 percent capable of telling me things I want to be told. I also would love a way to tell the advertisers which brands I love, whether it be my favorite airline, movie theater, restaurant, camera vendor or whatever. I would love a way to regulate or control how my favorite vendors interact with me. Throttling them when they send too much or the wrong stuff, killing their ability to reach me when they behave badly, embracing them when they serve me well. Mobile, as an intimate device, is a great area to place the controls needed to realize much of this. And it scales too. Every human being on the planet has intimate tastes and relationships they love. This is true for their relationships to people, brands, products, organizations, and other entities. Two billion smartphones by the end of 2013 and every entity on the planet makes for a very large opportunity to allow users to become the boss, and for brands to enter into adult relationships with the customers who love them. Mobile is the perfect platform for the dream of one-to-one marketing to finally exist.

Markets are dance floors. If marketers want to dance one-to-one with customers, they need to let customers take the lead at least half the time. Here’s what I say about that in a chapter of The Intention Economy titled “The Dance”:

Right now, most retail market categories are dance floors where every customer hears dozens, hundreds, or thousands of companies, each with a megaphone, calling out dance moves. What those companies need to do instead is put down the megaphone, and—in the manner of Trader Joe’s and Zappos—shop along with customers. Dance. Sure, lead sometimes, but follow, too.

Not easy. Throughout the industrial age, business on the whole has always taken the lead—or thought it had to. But for customers to take charge—which they will, at least half the time—they have to take the lead, too.

It helps that vendors and customers both bring qualities to the dance floor that the other does not, and that both need each other for the economy to work and for civilization to thrive. They don’t always need to love each other or even to know each other. But they do need to respect, understand, and learn from each other. They can’t do that to full effect if one side tries constantly to dominate the other.

One thing companies are free to do is please and delight customers with products and services that are truly worthwhile. The chances of doing that only go up if customers are both heard and engaged as equals, and not as slaves or suckling calves.

So if you, Mr. or Ms. CMO, want to dance with customers, start by taking a look at the VRM developments that are already underway, because they’re supplying the dance shoes customers are starting to wear. (In some cases, such as browser extensions for blocking ads and tracking, the shoes have cleats, and customers are putting them on to run away from you.)

If you, big data masters, want to truly understand customers, do two things: 1) Look in the mirror. There you’ll find a human being who will never be fully described by data of any size — least of all by data gained by unwelcome surveillance; and 2) Give people, especially customers, the data you have about them. Remember what happened to computing with PCs and communications with the Net: individuals could do far more with both than could any big companies — least of all ones that thought they could do it all with big centralized systems.

If you, investors (and investment-focused media such as Techcrunch), want to ride a true sea change rather than surf the next buzz wave, consider this: VRM is about equipping the entire buy side of the market with its own tools of engagement — tools that can signal true intention, good will and countless other forms of economic signaling. This was a promise from the start of personal computing, of the Net, and of mobile devices. Rather than looking at those things as ways to target, capture, drive, trap, own or lock in customers, look at them as ways for customers to reach out and engage you, in their own ways and on their own terms. Remember that customers are where the money that matters comes from. They’re also the ones in the best position to keep it mattering, by exercising genuine loyalty, rather than the kind coerced or enticed with gimmicks like loyalty cards, rewards and discounts.

And happy new year.


The identity problem

Robin Wilton (@futureidentity) has been wrestling with identity issues for longer than I have, and deeper in the trenches. It is from one of those — IGF2012 (The Internet Governance Forum for Sustainable Human and Economic Development) — that he issued a deep and thoughtful post today on the topic of identity. His central distinction:

2. So let me describe two ways of looking at digital identity. I’ll describe the first one and then contrast its characteristics with the second. The first, I’ll call the Classic model. It is based on:

- Single authoritative source
- Credential
- Authentication
- Binary (Y or N)
- Level of assurance and a chain of trust, both of which can be formalised into procedures and assigned liability models (retroactive).
The second is what I’ll call the Emerging model. It looks like this:
- Multiple, low-assurance sources
- Attributes
- Authorisation
- Contextual and adaptive
- A web of trust, notions of mutable reputation, and quantifiable mainly in terms of risk management (predictive).

The Classic model is “fundamentally retrospective,” he writes; and

The Emerging model is future-facing. It is much more dynamic, and it is also completely compatible with anonymous authorisation. But it alters our conception of identity and trust, and relies on immature disciplines such as reputation management and contextual authorisation.

This is correct and astute. It also lays out much to be feared if we stick with either one. So I weighed in at his post with a long comment from a VRM perspective:

The reason “your digital identity” is not “close to being a reflection of your personal identity” is that you are a “user” on the Web and not a sovereign and independent human being.

The reason you are a user and not a human being on the Web is that in 1995 we settled on a model called “client-server” in which every server carried responsibility for authentication and pretty much everything else. You, as an individual, were just a user. It is not a coincidence that only two industries call individual human beings “users.” The other is drugs.

Nothing substantive has yet been built toward independence for individuals on the client side. We remain dependent variables rather than independent ones — a situation that has not changed in the seventeen years since. Client-server has become calf-cow, where users are the calves and sites are the cows. (More here:

Both the classic and the emergent models you describe rely on cows. Neither allows the user to perform as an independent individual. Neither attempts to fix the problem of identity from the individual’s side.

Truly fixing identity is un-done work. Some companies and development efforts listed in the ProjectVRM wiki are working on it. Every six months it also comes up at Internet Identity Workshops But it’s a hard problem, akin to solving personal transportation with better railroads.

What we need online are the digital equivalents of cars and bicycles: personal transportation. Remember the “information superhighway” — this communications path on which you would “drive”? The idea was that each browser was a personal vehicle on which we “surfed” from place to place. Think of the literal meanings of drive, browse and surf. They are what independent human beings do. When all we do is “use,” we are dependent. Simple as that.

This is why the browser morphed from a car or a surfboard into a shopping cart that gets re-skinned with every commercial site it “uses.” At each site the user iis known in ways exclusive to the site, over which the individual has little control, except to opt out of the site and its systems. Add Twitter or Facebook login to the mix, and you just have more, and bigger, cows involved.

The burden of subordination to each of us is hundreds of different login/password combinations and acceptance of one-sided “agreements” offered by each site or service we use, on a take-it-or-leave-it basis. The “agreements” are ones we never read because they are written by and for lawyers, and are built to offload as much risk and liability as possible to users, along with minimized control over the user’s “experience.”

So there is much more to fix here than identity alone. But identity is the oldest challenge, and perhaps still the largest one.

I  hope it helps. I also want to tip my hat toward Devon Loffreto, aka Moxy Tongue and @EnzionXavier, who writes posts such as this one. It is to Devon that I owe the adjective sovereign for what matters most about personal identity. I also owe much to Walt Whitman, who writes,

The spotted hawk swoops by and accuses me.
He complains of my gab and my loitering.

I too am not a bit tamed. I too am untranslatable.
I sound my barbaric yawp over the roofs of the world.

To mix metaphors one more time, we have ceased being hawks, or inspired by them.

If now is not the time to fly, when will we?

[Later...] Crosbie Fitch has also been a helpful influence. His is the first comment below.




Time for subscribers to fix the broken subscription business

I love the New York Times. I’ve been buying and reading the Times for most of my life, and consider it the best newspaper in the world. And, now that I’m spending more time in New York, I want to subscribe, to at least the digital edition. But trying to do that is a freaking ordeal.

First, when I go to, I see this*:

NYTimes digital subscription first page

Note that this is only for “the first four weeks.” After that it’s what? It doesn’t say. While I’m sure the Times has analytics galore to rationalize hiding the full costs of subscriptions longer than four weeks (which the Times of course wants), it amounts to bait-and-switch.

But I want to subscribe, so I click on “continue.”

Up comes a pop-over form that wants me to re-enter my password or log out. My password guess fails, but I don’t want to log out, or go through the “don’t know your password” routine. So let’s count the frictions here:

  1. Popover. Hate them.
  2. Requiring logins and passwords. It’s 2012. This “system” was a kluge in 1995. That it’s still with us is one of the great fails of e-commerce. That it started modeling loyalty cards that same year is one of the great fails of retailing.
  3. Retrieving a forgotten password through email and re-logging only compounds the same fail.
  4. Logging out feels like pulling the lever on a trap door. I’m part-way there and don’t want to give up, says the brain, right before it says, Fuggit, I give up.

But I don’t give up, because I really want a damn subscription. So I log out, and find myself at…, where it says,

You are now logged out of Thanks for visiting.

Then adds,

And, over on in a column on the right, all this:

My Account Common Tasks

Contact Us

So where’s what it costs after four weeks? I have no idea. So I click on “Register a new account,” and see it’s a come-on to sign up for newsletters and stuff. I already get some of those. This tells me I need to go recover the password, unless I want to have two accounts rather than one. So I try logging in again.

This time I go through several tries using a variety of old passwords, and find one that works. Now I’m at At the top of the page, where it says Digital / Home Delivery, I click on the first link and find myself at the same page I show at the top.

This time when I click on “continue,” an ORDER SUMMARY page comes up. Here’s a screen shot of the parts that matter:

Note how the full costs — $15 every four weeks — are mumbled. According to Google’s calculator, the cost comes to 53.571428571¢ per day. I think that’s worth it, but I also think the system is worse than broken, and don’t wish to reward it.

But I don’t want just to complain. (Which I’ve done before anyway, to no effect.) I want to build a better system: one that works for both subcribers and publishers. This can only be done by developers and users working together, for all subscribers and all publishers. One thing should be clear, after seventeen years of failure here: the publishers can’t fix it from their side alone. The demand side needs to build the table at which every subscriber and publisher can sit. A zillion different tables for a zillion different publishers is exactly the kind of mess that the Internet and the Web are ideally positioned to solve. So let’s finish the job.

Subscribers know that information is free, but value wants to be paid for. The New York Times has enormous value. For people who value the content of its character and just its curb weight on streets and tablets, four bits a day is cheap. The Times doesn’t need to conceal that cost.

But as long as the Times and other papers remain stuck in the commercial Web’s antique calf-cow system — in which subscribers come as calves to the publishers’ cows for the milk of “content” and cookies they don’t want — everybody will be stuck in the wrong species and the market won’t evolve past the cattle industry stage.

So, at #IIW today, I will propose a #VRM session titled Fixing subscriptions from the customer’s side. Suggestions welcome. But they have to be VRM suggestions — ones that give us both independence and better means of engagement, for all publishers, and not each separately. Think of how today’s email system (SMTP, IMAP, POP3 and other protocols) fixed the problem of different proprietary email systems from MCI, Compuserve, Prodigy and for every company that could afford to mount its own internal systems. We need that kind of thing now for subscriptions. Asking for better behavior on the publishers’ side won’t work. Making better cows won’t work. We need something that makes us all peers, as email, the Web, and the Internet do. Let’s build that.

Bonus Link, two weeks later, from Dave Winer.

* [Later... When I first wrote this, I missed the "Regular Rate" column above, with the lines through the prices. This was clearly an oversight on my part, for which I was offered corrections aplenty in the comments below. Still, looking for what was also in plain sight sent me on the rest of this journey, which is why I am leaving it intact. I would also direct the reader (and the Times, if they're reading this) to what Scott Adams says about confusopolies, of which the newspaper subscription business is one example. Thanks to the confusopolistic nature of that business, there is no reason to believe that the "regular" prices listed are the only long-term ones, or that the 99¢ prices are the only discounted ones. This too makes the rest of the journey I took — and this post as well — worthwhile... I hope.]

Scaling business in parallel

Companies and customers need to be able to deal with each other in two ways: as individuals and as groups.

As of today companies can deal with customers both ways. They can get personal with customers, and they can deal with customers en masse. Without the latter capability, mass marketing would not be possible.

Customers, on the other hand, can only deal with companies as individuals, one at a time. Dealing with companies as groups is still a challenge. Consider the way you engage companies in the marketplace, both online and off. Your dealings with companies, on the whole, are separate and sequential. Nothing wrong with that, but it lacks scale. Hence: opportunity.

We can arrive at that opportunity space by looking at company and personal dealings, each with two kinds of engagement circuits: serial and parallel.

Start with a small company, say a store with customers who line up at the counter. That store  deals with customers in a serial way:

business, serial

The customers come to the counter, one after another, in a series. Energy in the form of goods goes out, and money comes back.

As companies scale up in size, however, they’d rather deal with many customers in parallel rather than in series. A parallel circuit looks like this:

business, parallel

Here customers are dealt with as a group: many at once, and in the same way. This, in an extremely simplified form, is a diagram of mass marketing. While it is still possible for a company to deal with customers individually, the idea is to deal with as many customers as possible at once and in the same ways.

I use electronic symbols in those circuits because resistance (the zig-zag symbol) adds up in series, while it goes down in parallel. This too is a virtue of mass marketing. Thus one-to-many works very well, and has proven so ever since Industry won the Industrial Revolution.

Over on the customers’ side, the marketplace on the whole looks like this:

customer, serial

The customer goes from one company to the next. This is not a problem on the vendors’ side, except to the degree that vendors would rather customers not shop elsewhere. This is why vendors come up with loyalty programs and other schemes to increase “switching costs” and to otherwise extract as much money and commitment as possible out of the customer.

But, from the customer’s side, it would also be cool if they could enjoy scale in parallel across many companies, like this:

In the physical world this is all but unthinkable. But the Internet makes it very thinkable, because the Net reduces nearly to zero the functional distance between any two entities, and presents an open space across which many connections can be made, at once if necessary, with few limits on the number or scope of possibilities. There is also no limit to the new forms of interaction that can happen here.

For example, a customer could scale in parallel by expressing demand to multiple vendors at the same time, or could change her contact information at once with many companies. In fact this is basically what VRM projects are about: scaling in parallel across many other entites. (Not just vendors, but also elected officials, government agencies, churches, clubs, and so on.)

It is easy to see how companies can feel threatened by this. For a century and a half we in business have made a virtue of “targeting,” “acquiring,” “capturing,” “managing,” “locking in” and “owning” customers. But think about the free market for a minute. Shouldn’t free customers be more valuable than captive ones? Wouldn’t it be better if customers and prospects could send many more, and better, signals to the marketplace, and to vendors as well, if they were capable of having their own native ways of dealing, consistently, across multiple vendors?

We have that now with email and other forms of messaging. But why stop there?

Naturally, it’s easy to ask, Could social media such as Facebook, Google+ and Twitter provide some of what we need here? Maybe, but the problem is that they are not ours, and they don’t work for us — in the sense that they are accountable to us. They work for advertisers. Email, IM and browsing aren’t owned by anybody. They are also substitutable. For example, you can move your mail from Gmail to your own server or elsewhere if you like. Google doesn’t own email’s protocols. No browser company owns HTTP, HTML or any of the Web’s protocols.

The other problem with social solutions is that they’re not personal. And that’s the scale we’re talking about here: adding parallel capabilities to individuals. Sure, aggregation is possible, and a good thing. (And a number of VRM projects are of the aggregating-demand sort.) But the fallow ground is under our own feet. That’s where the biggest market opportunity is located. Also where, still, it is most ignored. Except, of course, here.

[Continued in VRM/CX + CRM/CX.]

Older posts

© 2014 ProjectVRM

Theme by Anders NorenUp ↑