Category: Questions (page 1 of 4)

What would a VRM social network be?

The Big Bang of Social Networking 128px-Emoji_u1f4c7.svgis a piece by Jim Dwyer in The New York Times that will likely be a subject of a session today or tomorrow at IIW. So here are a few thoughts of my toward that discussion…

  1. All of us had social networks before Facebook, Diaspora and Ello existed. We still do. They’re in our heads, hearts, contact lists and address books.
  2. Facebook, Diaspora* and Ello are silo’d commercial services. They do serve many social purposes, of course, and a few very well, or they wouldn’t be so popular.
  3. If we want real social networks online, we need to start with our own genuine personal ones.
  4. To be VRM, they need to support independence and engagement. They should also be substitutable in the same way that, say, browsers and email apps and services are substitutable.

It is essential to start outside the box of thinking that says everything needs to be a service. Inside that box we risk thinking only of other calf-cow solutions to calf-cow problems.

Facebook and Ello are both cows. Even though one doesn’t advertise at us, we’re still calves in its fenced farm.

Unless, of course, we can take our social graphs away with us, to use on our own, or with some substitutable service.

VRM social network solutions to the problems of calf-cow designs need to be first person technologies. At that link, I explain,

Only a person can use the pronouns  “I,” “me,” “my” and “mine.” Likewise, only a person can use tools such as screwdrivers, eyeglasses and pencils. Those things are all first person technologies. They were invented for individual persons to use.

I suggest we start with address books and calendars. Those could not be more personal, yet more social. And, far as I know, nobody has yet done them in a way that’s useful for scaffolding the successor to Facebook on top of them. But that shouldn’t stop us.

* [Later...] This was a copy/paste/rush error.  In fact Diaspora is quite VRooMy. The Wikipedia  entry makes that clear.

 

 

State of the VRooM, 2014

As of today, ProjectVRM is eight years old.

So now seems like a good time for a comprehensive (or at least long) report on what we’ve been doing all this time, how we’ve been doing it, and what we’ve been learning along the way.

ProjectVRM has always been both a group effort and provisional in its outlook and methods. So look at everything below as a draft requiring improvement, and send me edits, either by email (dsearls at cyber dot law dot harvard dot edu) or by commenting below.

Summary

After eight years of encouraging development of tools and services that make individuals both independent and better able to engage, ProjectVRM (VRM stands for vendor relationship management) is experiencing success in many places; most coherently in France, the UK and Oceania (Australia and New Zealand). There are now dozens of VRM developers (though many descriptors besides VRM are used), and investor interest is shifting from the “push” to the “pull” side of the marketplace. Government encouragement of VRM is strongest in the UK and Australia.  ProjectVRM and its community are focused currently on “first person” technologies, privacy, trust, identity (including anonymity), relationship (including experience co-creation), substituability of services and the Internet of Things. Verticals are personal information management, relationship (VRM+CRM), identity, on-demand services, payments, messaging (e.g. secure email), health, automotive and real estate.  There are many possibilities for research, possibly starting with the effects on business of individuals being in full control of their sides of agreements with companies.

Here are shortcuts to each section:

  1. History
  2. Development
  3. Community
  4. Influence
  5. Issues
  6. Verticals
  7. Investment
  8. Research
  9. Questions

1. History

ProjectVRM is one of many research projects at the Berkman Center for Internet and Society at Harvard University. It started when I began a four-year fellowship at Berkman in September, 2006. In those days Berkman fellows were encouraged to work on a project. I had lots of guidance from Berkman staff and other veterans; but what best focused my purpose was something Terry Fisher said at one of the orientation talks. He said Berkman did its best to be neutral about the subjects it studies, but also that “we do look for effects.”

The effect-generating work for which I was best known at the time was The Cluetrain Manifesto, which I co-authored seven years earlier with Chris Locke, David Weinberger and Rick Levine. By most measures Cluetrain was a huge success. The original website launched a meme that won’t quit, and the book that followed was a bestseller.(It still sells well today). But I felt that its alpha clue, written by Chris Locke, still wasn’t true. It said,

we are not seats or eyeballs or end users or consumers.
we are human beings and our reach exceeds your grasp. deal with it.

There is a theory in there that says the Internet gives human beings (the first person we) the reach they need to exceed the grasp of marketers (the second person your).

So either the theory wasn’t true, or the Internet was a necessary but insufficient condition for the theory to prove out. I went with the latter and decided to to work on the missing stuff.

That stuff couldn’t come from marketers, because they were on the second person side. In legal terms, they were the second party, not the first. This is why their embrace  of  Cluetrain’s “markets are conversations” couldn’t do the job. Demand needed help that Supply couldn’t provide. What we needed, as individuals, were first party solutions — ones that worked for us.

The more I thought about the absence of first party solutions, the more I realized that this was a huge hole in the marketplace: one that was hard to see from the client-server perspective, always drawn like this:

468px-Client-server-model.svg

While handy and normative, client-server is also retro. Here’s a graphic from Virtual Teams: People Working Across Boundaries with Technology (Jessical Lipnack and Jeffrey Stamps, 2000,  p. 47) that puts it in perspective:

lipnack

Client-server is hierarchical, bureaucratic industrial and agricultural (see the image below). But it’s also most of what we experience on the Web, and also where the entirety of the supply side sits. So, even if Cluetrain is right when it says (in Thesis #7) “hyperlinks subvert hierarchy,” subversion goes slow when the people running the servers are in near-absolute control and hardly care at all about links. In less abstract terms, what we have on the Web is this:

calf-cow

As clients we go to servers for the milk of text, graphics, sound and videos. We get all those, plus cookies (and other tracking methods) to remember who we are and where we were the last time we showed up. And, since we’re just clients, and servers do all the heavy lifting  (and with technology what can be done will be done) the commercial Web’s ranch has turned into what Bruce Schneier calls Our Internet surveillance state.

By 2006 it was already clear to me that we could make the whole marketplace a lot bigger if individuals were fully capable human beings and not just calves — if we equipped Demand to drive Supply at least as well as Supply drives Demand.

To help people imagine what will happen when Demand reaches full power, I wrote a Linux Journal column a few months earlier, titled “The Intention Economy.” Here’s the gist of it:

The Intention Economy grows around buyers, not sellers. It leverages the simple fact that buyers are the first source of money, and that they come ready-made. You don’t need advertising to make them.

The Intention Economy is about markets, not marketing. You don’t need marketing to make Intention Markets.

The Intention Economy is built around truly open markets, not a collection of silos. In The Intention Economy, customers don’t have to fly from silo to silo, like a bees from flower to flower, collecting deal info (and unavoidable hype) like so much pollen. In The Intention Economy, the buyer notifies the market of the intent to buy, and sellers compete for the buyer’s purchase. Simple as that.

The Intention Economy is built around more than transactions. Conversations matter. So do relationships. So do reputation, authority and respect. Those virtues, however, are earned by sellers (as well as buyers) and not just “branded” by sellers on the minds of buyers like the symbols of ranchers burned on the hides of cattle.

The Intention Economy is about buyers finding sellers, not sellers finding (or “capturing”) buyers.

In The Intention Economy, a car rental customer should be able to say to the car rental market, “I’ll be skiing in Park City from March 20-25. I want to rent a 4-wheel drive SUV. I belong to Avis Wizard, Budget FastBreak and Hertz 1 Club. I don’t want to pay up front for gas or get any insurance. What can any of you companies do for me?” — and have the sellers compete for the buyer’s business.

This car rental use case is one I’ve used to illustrate what would be made possible by “user-centric” or “independent” identity, which was also the subject of the cover story in last October’s Linux Journal, plus this piece a year earlier, and various keynotes I’ve given at Digital Identity World, going back to 2002. It is also the use case against which the new open source Higgins project was framed.

Even though I’ve been thinking out loud about Independent Identity for years, I didn’t have a one-word adjective for the kind of market economy it would yield, or where it would thrive. Now, thanks to all the unclear talk at eTech about attention, intentional is that adjective, because intent is the noun that matters most in any economy that gives full respect to what only customers can do, which is buy.

Like so many other things that I write about (including everything I’ve written about identity), The Intention Economy is a provisional idea. It’s an observation that might have no traction at all. Or, it might be a snowball: an core idea with enough heft to roll, and with enough adhesion to grow, so others add their own thoughts and ideas to it.

So that’s the purpose I chose for my new Berkman project: to get a snowball of development rolling toward the Intention Economy.

The project has been lightweight from the start, consisting of myself* and other volunteers. Our instruments are this blog, a wiki, a mailing list and events. In gatherings of project volunteers at Berkman and elsewhere, we narrowed our focus to encouraging development of tools for independence and engagement. That is, tools that would make individuals both independent of other entities (especially companies) and better able to engage with them. These shaped the principles, goals and tools listed on our wiki.

The term VRM came about accidentally. I was talking about my still-nameless project on a Gillmor Gang podcast in October 2006. Another guest on the show, Mike Vizard, started using the term VRM, for Vendor Relationship Management — or the customer-side counterpart of CRM, for Customer Relationship Management, which was then about a $6.2 billion B2B software and services industry.  (It’s now past $20 billion.) The Gillmor Gang is a popular show, and the term stuck. It wasn’t perfect (we wanted a broader focus than “vendors,” which is also a B2B term, rather than C2B). But the market made a decision and we ran with it. Since then VRM has gained a broader meaning anyway. Every thing (hardware, software, policies, legal moves) that enables an individual to interact with full agency in any relationship is a  VRM thing. “RM” turns out to  be handy for sub-categories as well, such as GRM (government relationship management) and HRM (health relationship management).

ProjectVRM has always been unusual for Berkman in two ways. One is that it has been focused on business — the commercial side of the “society” in Berkman’s name. The other is that it put the development horse ahead of the research cart. So, while we always wanted to do research (and did some along the way, such as with ListenLog), we felt it was important to create research-worthy effects first.

My first mistake was thinking we would have those effects within a year. My second mistake was thinking we would have them within four years — the length of my fellowship. It has taken twice that long, and still requires one more piece. More about that below, in the Research and Opportunities sections.

In its early years, when it was pure pioneering, ProjectVRM had a lot of volunteer organizational help. There were weekly conference calls and meetings, and events held in Cambridge, London, San Francisco and elsewhere. But the main gatherings from the start were at the Internet Identity Workshop (IIW), an unconference I co-organize at the Computer History Museum in Mountain View. (Our next VRM Day is 27 October. Register here.)

IIW also started with Berkman help. It was first convened as a group I pulled together for a December 31, 2004 Gillmor Gang podcast on identity. Steve Gillmor called the nine participants in the show “The Identity Gang.” The conversation continued by phone and email, with growing energy. So we convened again, this time in person with a larger group, in February 2005 at Esther Dyson’s PC Forum in Scottsdale, Arizona. It was there that John Clippinger asked if we would like “a clubhouse” at Berkman. I said yes, and John had Paul Trevithick create a Berkman site for the gang. As interest collected around the site and its list, three members — Phil Windley (then CIO of Utah), Kaliya Hamlin (aka “IdentityWoman“) and I morphed the gang meetings into IIW, which met for the first time in Fall of 2005. Our 19th is coming up on 28-30 October. (Register here.)  It tends to have 180-250 participants from all over the world. While identity remains the central theme, as an unconference its topics can be whatever participants choose. VRM is always a main focus, however. And we always have a “VRM Day” at the Museum the day before IIW. The next is on 27 October. It’s free.

The Identity Gang  also grew out of other efforts by a number of individuals and groups:

I’ll leave it at those for now. Others can add to it and help me connect the dots later. What matters is that ProjectVRM has both roots and branches that intertwine with the digital identity movement. I unpack more in the Community section below. Meanwhile it is essential to note that Kim Cameron’s Seven Laws of Identity had a large guiding influence on ProjectVRM. This is partly because they were all good laws, but mostly because they came from the individual’s side:

  1. User control and consent
  2. Minimal disclosure for a constrained use
  3. Justifiable parties (“disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship”)
  4. Directed identity (“facilitating discovery while preventing unnecessary release of correlation handles”)
  5. Pluralism of operators and technologies
  6. Human integration
  7. Consistent experience across contexts

As you see, all of those should apply just as well to VRM tools and services.

We have had two interns in our history, both hugely helpful. The first was Doug Kochelek, an HLS law student with a BS and a EE from Rice. He came on board at the very beginning, in September 2006. He’s the guy who worked with Berkman’s Geek Cave to create the wiki, the blog and the list. He also shook down many technical problems along the way. The second was Alan Gregory, a 2009 summer intern and a law student at the University of Florida. Alan helped with research on the chilling effects of copyright expansion on Web streaming, which was a focus of a research project we did with PRX called ListenLog — a self-tracking feature installed in PRX’s Public Media Player iPhone app. (Here’s a presentation Alan and I did at a Fellows Hour.) ListenLog was the brainchild of Keith Hopper, then of NPR, and was years ahead of its time. Work on those projects was funded by a grant from the Surdna Foundation.

To keep its weight light and its work focused on development and relevant issues, ProjectVRM does not have its own presence on Twitter or Facebook. Its social media activity is instead comprised of postings by individual participants in the project, and the memes they drive. #VRM, for example, gets tweeted plenty, and has come to serve as shorthand for individual empowerment.

In 2007 we did a good job of publicizing what VRM and ProjectVRM were about, and got a lot of buzz. It was  premature, and our first big lesson: it’s not good to publicize anything for which the code isn’t ready. In the absence of code, it’s easy for commentators (such as here) to assume that what we’re trying to do can’t be done.

So we got more heads-down after that, and avoided publicity for its own sake.

not_iball1Still, the idea of VRM is attractive, especially to folks at the leading edge of CRM. This is what caused nearly an entire issue of CRM magazine to be devoted to VRM ,in May 2010. It too was ahead of its time, but it helped. So did two books that came out the same year: John Hagel’s The Power of Pull, and David Siegel’s Pull: The Power of the Semantic Web to Transform Your Business. John also helped in June 2012 with The Rise of Vendor Relationship Management.

That essay was a review of  The Intention Economy: When Customers Take Charge, which arrived in May from Harvard Business Review Press. The book reported on VRM development progress and detailed the projected shifts in market power that I first called for in my 2006 column with the same title.

While  The Cluetrain Manifesto has been a bigger seller, The Intention Economy Intention-economy-cover has had plenty of effects. Currently, for example, it is informing the work of Mozilla’s commercial arm, headed by Darren Herman, who this year hired @SeanBohan from the VRM talent pool. (Here’s a talk I gave at Mozilla in New York last month.) On the publicity side, the book was compressed to a Wall Street Journal full-page Review section cover essay titled “The Customer as a God.”

So far ProjectVRM has one spin-off: Customer Commons, a California-based nonprofit. Its mission is “restore the balance of power, respect and trust between individuals and organizations that serve them.” CuCo is a membership organization with the immodest ambition of attracting “the 100%.” In other words, all customers. And it is modeled to some degree on Creative Commons CustomerCommonsLogo4(a successful early Berkman spin-off), by serving as the neutral place where machine- and person-readable versions of personal terms, conditions, policies and preferences of the individual can be maintained. Among those terms will be those restricting or preventing unwanted tracking, and among those policies will be those establishing the boundaries we call privacy. Customer Commons is a client of the Cyberlaw Clinic, which is helping develop both. But much more can be done. We’ll visit that in the Opportunities section below.

2. Development

The list of VRM developers is now up to many dozens. While most don’t use the term “VRM” in marketing their offerings (nor do we push it), the term is gathering steam. For example, while updating the developers list a few minutes ago, I found two new companies that use VRM in the description of their offerings: InformationAnswers (“Where CRM meets VRM.”) and PeerCraft (“The main purpose for PeerCraft is to support Vendor Relation Management.”)

Some developers on our list are now familiar brands, though none started that way, and most did not exist when ProjectVRM began. Some of the successes (e.g. Uber and Lyft) have not been directly engaged with ProjectVRM, but are listed because they are what we call “VRooMy.” Other successes (e.g. Personal.com, Reputation.com and GetSatisfaction) have been engaged, one way or another. One that got a lot of notice lately is Thumbtack, for picking up a $100 million investment from Google. That’s atop the $30 million they got earlier this year.

In fact many VRM developers are now having an easier time getting money, thanks to a trend on which ProjectVRM has had influence: a shift of market interest away from “push” (e.g. advertising) and toward “pull” (e.g. VRM). (More about investment below.)

Several years ago, a bunch of VRM developers (and I) worked on developing SWIFT’s Digital Asset Grid. (SWIFT is the main international system for moving money around, and is headquartered in Belgium.) The code is open source, as is other VRooMy work in the financial sector. (Such as the stuff being done by the Romanian company I wrote about here.) OIX also maintains a set of “trust frameworks,” one of which is at the heart of the Respect Network, which I’ll unpack below.

While there is a lot of development in the U.S., and there are VRM startups scattered around the world, the three main hotbeds of activity are the UK, France and Oceania (Australia and New Zealand). Each is a community of its own, cohering in different ways. It’s helpful to visit each, because they represent unique contexts and resources for moving forward.

The UK

In the UK, government is central, through a role one official there calls “being a giant consumer of personal data from citizens.” It gets that data either from individuals directly or from companies that provide individuals with what are called variously called personal clouds, data stores, lockers and vaults. While all these companies perform as intermediaries, they work primarily for the individual. To differentiate this new class of company from traditional third parties, ProjectVRM calls them “fourth parties”. (That term is alien to lawyers, but is catching on anyway. For example, there is a new VRM company in Australia with the name “4th Party.”)

Leading the UK government in a VRooMy direction from the inside is in the Efficiency and Reform Group of the Government Digital Service (GDS) in the Cabinet Office.  In this presentation by Chris Ferguson, Deputy Director of the GDS we see the government pulling in big companies (e.g. Google, Equifax, Lexis-Nexis, Experian, Paypal, Royal Mail, BT, Amazon, O2, Symantec) to legitimize and engage fourth parties serving individuals (e.g. Mydex, Paoga and Allfiled).

Two outside groups working with the UK government are Ctrl-Shift and OIX (Open Identity Exchange). Ctrl-Shift is a research consultancy that has been engaged with ProjectVRM from the beginning. OIX is a Washington-based international .org focused on ‘building trust in online transactions.’

France

VRM is a familiar and well-understood concept in France. There are meetups (such as this one) and many VRooMy startups, such as Privowny (led by French folk and HQ’d in Palo Alto), CozyCloud, and OneCub. A big organizational driver of VRM in France is Fing.org, a think tank that brings together large companies (e.g. Carrefour, Societe General, Orange and LaPoste) with small companies such as the ones I just mentioned. They do this around research projects. For example, ProjectVRM informed Fing’s Mesinfos research project (described here).

Oceania

If we were to produce a heat map of VRM activity, perhaps the brightest area would be Australia and New Zealand. I’ve been down that way three times since June of last year, to help developers and participate in meetings and events. As with the UK, government in Australia is very supportive of VRM development, and with empowering individuals generally. (We met with three agencies on one of the trips: one with the federal government in Canberra and two with the New South Wales government in Sydney. One of them called citizens “customers” of government services, because “they pay for them.”) Startups there include Flamingo, Meeco, Welcomer, Geddup,4th Party, Fifth Quadrant, Onexus and the New Zealand based MyWave.

Recent changes in Australian privacy policy also attract and support VRM development. Australian companies (and government agencies) collecting personal data from people on the Web (or anywhere) are now required to make that data available to those people to use as they please. (Or so I understand it.) This gives Canberra-based Welcomer, for example, a reason to exist. Welcomer makes “private data dashboards” that “show collected summaries of the personal data held by organisations and by individuals including the person themselves. The dashboard gives a summary of personal data with the ability to link through to the source data (where required).”

This summer, the first commercial community to grow out of ProjectVRM work, the Respect Network (which Privacy By Design (PbD) calls the “World’s First Global Private Cloud Network”) held a world tour to launch the community and stimulate funding for members’ common goals, standards and code development. I was on the tour (London, San Francisco, Sydney, Tel Aviv), and wrote a report on the ProjectVRM blog. (Naturally, I shot pictures. Those are here. I also spoke at each venue. One of my Sydney talks is here.)

3. Community

To understand where ProjectVRM fits in the world, and how it works, I like the Competing Values Framework by Kim S. Cameron (no relation to the one above), Robert E. Quinn, Jeff DeGraff and Anjan Thakor:

Screen Shot 2014-09-01 at 5.48.45 PM

While there are many VRM developers operating in the lower half of that graphic, what ProjectVRM does is in the upper half of that diagram.  We have a collaborative clan of flexible and creative individuals in an adhocracy, working together on long-term transformational change.

Pretty much everything that gets criticized about our efforts falls in the lower half. That’s because we have no hierarchy and don’t work to control what anybody does. And progress on the whole  has been slow. (Though there are exceptions, such as Uber, Lyft and Thumbtack.)

That graphic is just one of many helpful ones in David Ronfeldt‘s Organizational forms compared, which he’s been updating since first publishing it in May 2009. One reason it is helpful is that the hierarchical short-term stuff is obvious and easily understood, while collaborative long term stuff is much harder to grok. It’s like the difference between weather and geology. Which makes me think that graphic should be flipped vertically: slow stuff on the bottom, fast stuff at the top. That’s what the Long Now foundation does with this graphic, which I’ve always loved:

layers of time

The change we want most is down in the culture, governance and infrastructure layers, even though our focus is on commerce. This also explains why we run into trouble when we play with fashion. The last thing we want is for VRM to be cool. (This is also a lesson I learned and re-learned over two decades of watching Linux, free software and open source for Linux Journal.)

The following graphics are all from David Ronfeldt’s scholastic gatherings. Each in its own way helps explain how our community works — and how it doesn’t. First, from one of Bob Jessop‘s many papers on governance and metagovernance (this one from 2003):

jessop figure

That’s our column on the right.

Then there is this, from Federico Iannacci and Eve Mitleton–Kelly’s Beyond markets and firms: the emergence of Open Source networks (First Monday, May, 2005):

iannacci

That’s us in the middle. We’re a stable and decentralized heterarchy that coordinates by mutual adjustment.

Then there is this from Karen Stephenson‘s Neither Hierarchy nor Network: An Argument for Heterarchy (in Ross Dawson’s Trends in the Living Networks, April, 2009):

stephenson

Again that’s us on the right.

Something I like about those last two is the respect they give to heterarchy, which has been a focus for many years of Adriana Lukas, another VRM stalwart who has been with the project since before the beginning. Here’s her TED talk on the subject.

Finally, there is this graphic, from  Clay Spinuzzi‘s Toward a Typology of Activities (2013):

Spinuzzi

In Spinuzzi’s Losing by Expanding: Corralling the Runaway Object, an object is identified as “a material or problem that is cyclically transformed by collective activity.” With our tacit, inductive and flexible approach, this also characterizes the way our community works.

One can see all this at work on the ProjectVRM mailing list, an active collection of 615 subscribers. We also meet in person twice a year at IIW, starting one day in advance of the event, with “VRM Day.” This adds up to a total of at least eight days per year of in-person collaboration time.

Most of the rest of the VRM community meets locally, or through the organizing work of organizations such as Respect Network (U.S. based, but spanning the world) and Fifth Quadrant (Sydney based, and focused on Australia and New Zealand).

There are many other organizations with which ProjectVRM is well aligned. Among them are:

If things go the way I expect, Mozilla will also emerge as a center of VRM interest and development as well. (For example, I expect VRM to be a topic in October at MozFestival in the U.K.

4. Influence

Nearly all VRM influence derives from the work of its volunteers and its developers. “Markets are conversations,” Cluetrain said, and we drive a lot of those. But they rarely get driven exactly the way I, or we, would like. Conversations are like that. EIC awardSo are heterarchical networks. Everybody wants to come at issues from their own angle, and often with their own vocabulary. We see that especially with analysts and think tanks. None of them like the term VRM. (In fact lots of developers avoid it as well. I don’t blame them, but we’re stuck with it.) Ctrl-Shift, for example, calls fourth parties PIMS, for Personal Information Management Services. Kuppinger-Cole, which gave ProjectVRM an award in 2008 (that’s the trophy on the right), insists on the term “Life Management Platforms.” (I pushed it for awhile. Didn’t take.) Here in the U.S., Forrester Research calls the same category PIDM for Personal Identity and Data Management. We don’t care, because we look for effects.

As for the influence of others on ProjectVRM, there are too many to list.

5. Issues

Privacy is the biggest one right now. (A Google search brings up more than five billion results). We’ve done a lot to drive interest in the topic, and have brought thought leadership to the topic as well. (Here is one example.) On behalf of ProjectVRM, I’ve participated in many privacy-focused events, such as the Data Privacy Hackathon earlier this year, and at GovLab gatherings such as the one reported on here. I’m also in Helen Nissenbaum‘s Privacy Research Group at the NYU Law School, where I presented ProjectVRM developers’ privacy work on February 26 of this year.

Tied in with privacy online, or lack of it, is users’ need to submit to onerous terms of service and meaningless privacy policies. Those terms, also called contracts of adhesion, have been normative ever since industry won the industrial revolution, but have become especially egregious in the online world. Today there is a crying need both for better terms on the sites’ and services’ side, and for terms individuals can asset on their side. From the beginning ProjectVRM has been focused mostly on the latter.

Trust is another huge issue, also tied with privacy. ProjectVRM has both encouraged and influenced the growth of “trust frameworks” such as the Respect Trust Framework and others (there are five) at OIX, as well as Open Mustard Seed and OpenPDS under IDcubed at the MIT Media Lab.

VRM+CRM has been a focus from the start, but the timing has not been right until now. At the beginning, we expected CRM companies to welcome VRM. Press and analysts in the CRM space were encouraging from the start (CRM Magazine devoted an entire issue to it in 2010), but the big CRM companies showed little interest, until this year.

Sitting astride or beside VRM and CRM is a category variously called CX (for Customer Experience), CRX (for Customer Relationship Experience), EM (for Experience Management) CEM or CXM (for Customer Experience Management) and other two and three-letter initialisms. Another happening in the midst of all these is “co-creation” of customer experience. The purpose here is to bring customers and companies together to co-create experience in a lab-like setting where research can be done. This is what Flamingo does in Australia. In a similar way, MyWave in New Zealand (with developers in Australia) “puts the customer in charge of their data and the experience” for a “direct ‘segment of one’ relationship with businesses.”

With the Internet of Things (IoT) heating up as a topic, there is also an increased focus, on the “own cycle,” rather than the “buy cycle” of the customer experience. I explain the difference here, using this graphic from Esteban Kolsky:

oracle-twist

In our lives the own cycle is in fact the largest, because we own things — lots of them — all the time and are buying things only some of the time. In fact, most of the time we aren’t buying anything, or even close to looking. This is a festering problem with the advertising-driven commercial Web, which assumes that we are constantly in the market for whatever it is they push at us. In addition to not buying stuff all the time, we are employing more and more ways of turning advertising off (ad blockers are the top browser extensions). For advertising and ad-supported companies, including millions of ad-supported publishers on the Web, this is a mounting crisis. According to an August 2013 PageFair report, “up to 30% of web visitors are blocking ads, and that the number of adblocking users is growing at an astonishing 43% per year.” In The Intention Economy, I called online advertising a “bubble” and I stand by the claim. It’s just a matter of time.

As the stuff we own gets smart, and as more of it finds its way onto the Net service becomes far more important to companies than sales. And VRM developers are laying important groundwork in service. I wrote about this in Linux Journal last year, drawing special attention to the pioneering work led by Phil Windley, who has been a VRM stalwart since before the beginning. In fact it’s Phil’s work that makes clear that things themselves don’t need to be smart to exist on the Internet. All they need is clouds that are smart, which Phil calls picos for persistent computing objects. In this HBR post I explain how the shared clouds of products can be platforms for relationship between company and customers , with learnings flowing in both directions.

6. Verticals

Relationship

This was the first for VRM, and it’s still a primary interest. We need tools on the individual’s side for managing many relationships. There still is not a good “relationship dashboard,” though there are a number of efforts in this direction. But as soon as we have code on the VRM side that matches up with code on the CRM side (including, for example, call centers, which are also interested in VRM), we’ll rock.

Payments

Even though ProjectVRM’s mission is centered around relationship and conversation, transaction is a big part of it too — just not the only part, as business often assumes. Our first efforts, starting in 2006, were around making it as easy as possible for individuals to donate money in one standard way to many different public radio stations.

We have been involved in many meetings and discussions around payments and secure data transactions, and some projects as well. We worked with SWIFT on the Digital Asset Grid, and have been in conversations with banks (e.g. Chase) and VISA Europe for a long time as well. With the rise of alternative currencies (e.g. Bitcoin), distributed accounting (e.g. Blockchain), digital wallets and other new means for transacting and accounting, there are many ways for VRM developments to play.

Email

In what is being called “post-Snowden time,” many new secure and encrypted email approaches have evolved. While some are listed on the ProjectVRM developers list, we haven’t been very involved with them — at least not yet. But we are involved with developers working on privacy-protecting tools that can either be embedded in existing email systems or offer alternative communications “tunnels.”

Personal information Management

There are two breeds of development here.

One is fourth party services and code bases for managing and sharing personal data selectively online. There are now many of these. Some support self-hosting as well. (ProjectVRM has always been supportive of free software, open source, and the “first person technology” and “indie” movements.) One organization, the Respect Network, was created to provide a framework for substitutability of services and apps.

The other is code the individual uses to manage his or her own life, and connections out to the world. This is where calendar, email, IM, to-do lists, password managers and other convenience-producing apps for the connected world come together. There is no leader here, though there are many players, including Apple, Microsoft and Google.  So far, this area has only seen centralized and siloed players, with inherent security and data mining disadvantages. But recently, commercial and open source conversations about a decentralized approach to this opportunity have been taking place.

A test case for VRM that applies to both kinds of solutions is this: being able to change my address, my last name or my phone number for many services in one move. This is exactly what the UK government is calling for from citizens’ personal information management systems (what Ctrl-Shift calls PIMS). A citizen should be able to change her address for the Royal Mail, the Passport Office and the National Health Service, all at once. Bonus links: Making things open, making things better, by Mike Bracken in the Gov.UK Government Digital Service blog, where Mike’s prior post, Reading the Digital Revolution featured this illustration by our old friend Paul Downey:

cluetrain-620x295

Apple’s HealthKit and HomeKit, which go live with the release of iOS 8on 9 September, also have some VRM developers excited, because it will make this kind of integration at the individual end easy to do in two verticals: Health and Home Automation.

Health

Early on with ProjectVRM, I avoided health as an issue, because I wanted to see real progress in my lifetime — and I felt that the situation in the U.S. was fubar. But other VRM folk did not agree, and have pushed VRM forward very aggressively in the health field. Dr. Adrian Gropper and Dr. Deborah Peel of Patient Privacy Rights have done a remarkable job of carrying the VRM flag up a very steep and slippery hill. Berkman veteran John Wilbanks is another active ProjectVRM volunteer whose work in health is broad, deep, influential and at the leading edge of the pioneering space where personal agency engages the wild and broken world of the U.S. health care system. Brian Behlendorf, the primary developer of the Apache Web server (which hosts the largest share of the world’s Web sites and services) and the CONNECT open source code base for health service collaboration, is also an active participant in ProjectVRM.

A number of VRM developers are working with, or paying close attention to, Apple’s HealthKit. In the words of one of those developers, “It’s very VRooMy.” HealthKit developments go live when Apple rolls out iOS 8 on 9 September.

Automotive

While a number of car makers are eager to spy on drivers, Volkswagen has put a stake in the ground. In March, Volkswagen CEO Martin Winkerhorn gave a keynote at the Cebit show that drew this headline: “Das Auto darf nicht zur Datenkrake warden.” My rusty Deutsch tells me he’s saying the car shouldn’t be a data octopus.

Toward that end, Phil Windley’s Kickstarter-based  Fuse will give drivers and car owners all the data churned out of their cars’ ODB-II port, which was created originally for diagnostics at car dealers and service stations. With an open API around that data, developers can create apps to alert you to schedule maintenance, monitor your teen’s driving and much more.

Real Estate

The only products that cost us more than cars are homes. Here too we have a VRM advocate in Cambridge-based Bill Wendell of Real Estate Café. He has always been way ahead of his time, but it’s clear his time is coming. (Here’s Bill leading a session on VRM in Real Estate at IIW 18 in May.)

7. Investment

There is an upswing of investment in start-ups on the “pull” — the individual’s — side of the marketplace. Many wealthy individuals, some quite new to tech investing, perceive an opportunity in “pull” side tools, so interest is building, especially in angel funding. There are currently at least three initiatives coming together to invest in VRM or intention based start-ups in Silicon Valley and Europe. This is one of the outcomes of the last IIW (in May of this year), where investment emerged as a big theme, with a number of VC’s for the first time participating in IIW sessions. I’m involved in planning a VRM specific fund, which is still in its preliminary stages. If it moves forward (which I believe it will), it should come into shape by next year.

In some cases government is also involved. In the UK, for example, the SEIS (Seed Enterprise Investment Scheme) program offers huge tax incentives to angel investors.

8. Research

There are many questions we can probe with research, but only one I want to work on in the near term: What happens when individuals come to websites with their own agreeable terms?creativecommons-licenses

Such as, “I’m cool with you tracking me on your site, but don’t follow me when I leave.” And, on the site’s side,  “We’re cool with that.” In proper legalese, of course — but expressed on both sides in code and symbols that work like Creative Commons’ licenses (there on the right).

The Cyberlaw Clinic is already involved, though its work with Customer Commons on a broader set of terms than the one I just mentioned, and Berkman’s own  Privacy Tools for Sharing Research Data could assist with and follow the process, both through the term-creation process and as the terms get implemented in code and materialize on the Web.

We would be dealing with cooperative efforts that require this already. One is Respect Network’s Respect Connect “Login with Respect” button.  As I explain here, the terms of OIX’s Respect Trust frame require the setting of, and respect for, the boundaries of individuals. This can be done, even within the calf-cow framework of client-server.

Respect Connect  is based onXDI, which the Respect Trust Framework also specifies. XDI is a protocol that employs “link respect-connect-buttoncontracts.” Drummond Reed, the father of XDI (and CEO of the Respect Network) describes link contracts as “machine-readable XDI descriptions of the permissions an individual is giving to another party for access to and usage of the owner’s personal data.” Very handy. And binding. In code.

Mozilla has also made efforts in this same direction, most recently with  Persona (there on the right). signinWe can help them out with this work, and I am sure other and other browser makers will also want to get on board — which they should, and with Berkman’s convening power probably will.

At the end of the project we will have both standard terms for posting at Customer Commons and reference implementations hosted by Berkman, or shared by Berkman over Github or some other data repository.

And we would bring to the table many dozens of developers already eager to see increased agency and term-proffering power on the individual’s side. I can easily see privacy dashboards, on both the client and the server sides of websites.

(Thinking out loud here…) We could host focused discussions and invite participants (including law folk — especially students, from anywhere) to vet terms the way the IETF vets Internet standards: with RFCs, or Requests for Comments. Some open source code for this already exists with Adblock Plus’s white list for non-surveillance-based advertisers. I would hope they’d be eager to participate as well. We (ProjectVRM, the Berkman Center or Customer Commons) could publish lists of conformant requirements for website and Web service providers, and lists (or databases) of conformant ones.

This work would also separate respectful actors on the supply side of the marketplace from ones that want to stick with the surveillance model.

While there are lots of things we could do, this is the one I know will have the most leverage in the shortest time, and would be great fun as well.

It is also highly cross-disciplinary, with many lines of cooperation and collaboration within the university and out to the rest of the world. Right at Berkman we have the  Privacy Tools for Sharing Research Data project and its many connections to other centers at Harvard. Its mission — “to help enable the collection, analysis, and sharing of personal data for research in social science and other fields while providing privacy for individual subjects” — is up many VRM development alleys, especially around health care.

9. Questions

What if we fail?

What if it turns out that free customers are not more valuable than captive ones for most businesses? That’s been the default belief of big business ever since it was born.

What if the free market on the Net turns out to be “Your choice of captor?” Client-server lends itself to that, although we can work around its inequities with moves like the one proposed in the Research section above.

What if the only VRM implementations that succeed in the marketplace are silo’d and non-substitutable ones? To some degree, that’s what we have with Uber and Lyft. While they are substitutable (as two apps on one phone), we don’t yet have a way to intentcast to multiple ride sharing providers at once, or to keep data that applies to both. Maybe we will in the long run, but so far we don’t.

Apple may be VRooMy with HealthKit and HomeKit, but both still operate within Apples silo. You won’t be able to use them on Android (far as I know, anyway).

And what if the Internet of Things turns out to be a world of silos as well? This too is the default, so far. Phil Windley mocks the Apple of Things and the Google of Things by calling both The Compuserve of Things — and making the case for substitutablility as well.

And what if customers just don’t care? This too is the default: the body at rest that tends to stay at rest. For VRM to fully happen, the whole body needs to be in motion — to move from one Newtonian state to another. It’s doing that in places, but not across the board.

Finally, what if we succeed? VRM is about making a paradigm shift happen. So was  Cluetrain before it. On the plus side, the Net itself lays the infrastructural groundwork for that shift. But the rest is up to us.

Whether we  fail or succeed (or both), there will be plenty to study. And that’s been the idea from the start too.

_________________

* Disclosures: I was paid modest sums as a fellow early on, but otherwise have received no compensation from the Berkman Center. I make my living as a speaker, writer and consultant. I have consulted a number of companies listed on the ProjectVRM development work page, and am on the boards of two start-ups: Qredo in the U.K. and Flamingo in Australia. In my work for them my main goal is to see VRM succeed, and I don’t play favorites in competition between VRM companies.

Learning from bad @TWC #CX

Here in New York City, Time Warner Cable is down. (I’m getting on over my mobile phone’s T-Mobile data connection.)

According to DownDetector, TWC is also down in a lot of places:

Screen Shot 2014-08-27 at 7.44.38 AM

This is a developing story, in the midst of which I can take the opportunity to have a meaningful encounter with CX — Customer eXperience. Let’s make lemonade.

My cable modem shows the connection is live, but just blinking steadily in its attempt to pass data back and forth with TWC itself. Earlier ping tests (when the connection was merely bad) went somewhere, but latencies were all high. Now they go nowhere.

Calls to Time Warner Cable get me a message: “All circuits are busy now. Please try again later. Message NY-224-55.”

A visit to @TWC_Help finds the last two postings are on 15 and 22 August. TWC’s many other social channels on Twitter are useless promotional vehicles. A Twitter search for TWC shows lots of problems in lots of places, right now. So this is a developing story.
No doubt the story in the mainstream media will go along the lines of these two:
The big angle will be around the planned merger of  TWC and Comcast — two well-hated ogres.
But we’re here to help, not complain. What can we do with VRM here? Not just for TWC, but for every company in TWC’s position? Specifically,
  1. What code do we have already? and 
  2. What development paths are VRooMers on that can lead toward better CX?

[Later...] Nice follow from @Comradity.

#VRM and the OpenNotice Legal Hackathon

The OpenNotice Legal Hackathon is happening now: 12 July 2014. Go to that link and click on various links there to see the live video, participate via IRC and other fun stuff.

It’s multinational. Our hosts are in Berlin. I’m in Tel Aviv (having just arrived from Sydney by way of Istanbul). Others are elsewhere in the world.

It’s moving up on 5pm, local time here, and 10am in New York.

I’m prepping for talking #VRM at this link here and  this link here.

Here are some core questions we’ll be visiting.

I’ll add more links later. This is enough to get us started.

Prepping for #VRM Day and #IIW

The 16th IIW (Internet Identity Workshop) is coming up, Tuesday to Thursday, 7-9 May, will be tat the Computer History Museum in Mountain View, CA. As usual, VRM will be a main topic, with lots of developers and other interested folk participating. Also as usual, we will have a VRM planning day on the Monday preceding: 6 May, also at the CHM. So that’s four straight days during which we’ll get to present, whiteboard, discuss and move forward the many projects we’re working on. From the top of my head at the moment:

  • Personal Clouds, including —
    • The Internet of Me and My Things
    • QS (Quantified Self) and Self-Hacking
  • Fully personal wallets, rather than branded ones that work only with payment silos and their partners
  • Intentcasting — where customers advertise their purchase intentions in a secure, private and trusted way, outside of any vendor’s silo
  • Browser add-ons, extensions, related developments
  • Licensing issues
  • Sovereign and administrative identity approaches, including Persona, formerly BrowserID, from Mozilla
  • Legal issues, such as creating terms and policies that individuals assert
  • Tracking and ad blocking, and harmonizing methods and experiences
  • Health Care VRM
  • Devices, such as the freedom box
  • VRM inSovereign vs./+ Administrative identities
    • Real estate
    • Banking (including credit cards, payments, transactions)
    • Retail
  • Personal data pain points, e.g. filling out forms
  • Trust networks
  • Harnessing adtech science and methods for customers, rather than only for vendors

The morning will be devoted to VRM issues, while the afternoon will concentrate on personal clouds.

We still have eight tickets left here. There is no charge to attend.

In the next few days here on the blog we’ll be going over some of the topics above. Input welcome.

 

Driving VRM with car data and APIs

Go read OnStar gives Volt owners what they want: their data, in the cloud, by Sean Gallagher, in Ars Technica. It’s a VRM story. The vendor is Chevrolet, the vended product is the Volt, and the relationship management is a DIY hack by one customer. The story begins,

You probably don’t think of your car as a developer platform, but Mike Rosack did. A few days after buying his Chevy Volt, Rosack started slowly mining his driving data. But he eventually revved up his efforts and created a community platform for drivers to track their own efficiency. Today more than 1,800 Volt owners compare stats with each other, jockeying for position on Rosack’s Volt Stats leader board.

volt dash with r-buttonThe Volt uses OnStar, a GM subsidiary known through its advertising for providing a way for drivers to call for roadside assistance; but which is actually a sophisticated cell-based data system through which cars communicate constantly with the mother ship’s cloud. While OnStar generously shares data back to customers through an app called RemoteLink, much more can be done with it, since it’s data and comes out through an API. Now here is where the story gets VRooMy:

Rosack initially wanted to do more with his own driving data than just view it on his phone. So he built what eventually became Volt Stats to capture this data, then started sharing it with other Volt owners. There was just one small problem: Volt Stats relied on Rosack’s reverse engineering of an interface for OnStar’s RemoteLink mobile application (iOS and Android). When OnStar moved to shut down the Web services interface Rosack had plugged into in mid-October, Volt Stats arrived at a screeching halt.

Rather than leaving Volt Stats stalled on the roadside, GM and OnStar accelerated efforts to give developers a new public Web API to create services on top of OnStar data. The companies even worked with Rosack to get him onboard and get Volt Stats re-launched. Now, Volt Stats is back online and other would-be car data hackers will soon be able to connect their Web applications to GM owners’ vehicle data (provided, of course, that they have privacy policies that meet with the approval of GM and OnStar lawyers).

OnStar had already developed an API for GM partners such as the car-sharing service RelayRides, who need to get access to some of the remote control and telematics elements of the service. But this new interface takes advantage of technologies such as OAuth and JAX-RS and it’s a step toward turning OnStar into a broader platform for the “Internet of things.” It’s also a way to give car enthusiasts a new kind of access to something they’ve always thought of as their own—their cars’ data.

Now come the VRM questions:

  • Where and how might customers store that data? Are current PDS (personal data stores) compatible and ready for it?
  • How might customers use that data — especially outside and between multiple vendors’ apps, APIs and relationship silos?
  • Might we see an  ⊂ (r-button) on the dashboards of car? How might that work? And if it does, how do we make it standard?
  • What usage and new market-driving scenarios might we start to imagine here?
  • How might customers assert their own privacy policies and terms as demand begins to drive supply?
  • What other interfaces do cars have that might be brought into the picture?
  • How can what happens here model what we do with the rest of the “Internet of things?”
  • What are the meshy wireless things we can do among ourselves and our cars, outside any vendor’s box? (Would love Robin Chase‘s thinking here.)

These are questions especially for VRM developers. Look for answers (and more questions) here and on various blogs.

To your owned self be true

After getting this provocative tweet, I checked the source (@NZN), and found Ready to make change? A sample:

…my son BELIEVES he OWNS the Internet. His Internet. His Facebook.

And in case you think that is not how reality works, I suggest that you also consider that my son also BELIEVES that he OWNS his government.

We all know that we are a part of a fucked up socio-economic system that has been designed over 1000′s of years by countless contributions into what is, in my arrogant Human perspective, true Genius. We are surviving, we are struggling, we are prospering, we are becoming….

We are becoming something new. The Internet will increasingly come to be seen by the Individuals within our species as an inherent element of their lives, indeed, of their freedom. As a result, a new royalty is emerging on our planet. There is good reason for the mad dash to wealth and power we are experiencing in our bubble-forming industries; strategic positioning in the face of rampant change. It is both a rational and immature way of dealing with the substance of change we are all confronting.

He (I’m assuming it’s he, but I dunno) concludes,

Facebook, Inc. today has constructed the relationship it has with its data sources as secured assets under its incorporated control. Modern law will substantiate that position.

Thus, we have two positions to contend with:

1. Facebook: that data you are building tools to service as a social utility, has been co-opted due to the present ignorance of the general public which willingly constructs itself as “data slaves” within most public relational database constructs. This dynamic is easily changed, and Rights will be afforded the General population today representing your customer base that changes the nature of the relationship that you now possess as a private asset. This is important for any investor in Facebook to recognize, as it points to the finite temporal nature of the ROI formula Facebook is today using to evaluate its market valuation, which I believe stands at $65 billion?

2. Modern law was formed upon a foundation that is no longer represented within its construct; Individual Sovereignty was an implied Right and natural feature of Human existence as demonstrated by the signatures which founded our Declaration of Independence and Constitutional Democracy. Individual Sovereignty is the only force standing behind ‘John Hancock’ meaning anything, as written on these legal documents. And either that Individual Sovereignty is part of the inherent structure of my IDENTITY as a citizen, or CITIZENSHIP has co-opted my Individual Sovereignty without acknowledging the recursive nature of that original signature moment. Either way, something needs to change. And in every case, its the structure of our governmental bureaucracy. I own America as a citizen. I own myself, pre-citizenship. If anyone wants to say different, lets get that started asap.

I’m ready to create change. Are you?

So there ya go. I’ve got a book to finish, but maybe one of the rest of ya’ll can engage. (I will eventually, just not right now.)

VRM as Agency

Most of us understand agency to mean a kind of company: one that represents other companies, or individuals. Insurance, real estate and advertising agencies come to mind.

In fact agency has a deeper and more important meaning. Namely, the capacity of individuals to act independently, to make choices, and to impose their will in the world. By this meaning, agency is a big deal in sociology, psychology, philosophy, law and many other fields. But it’s missing is business. That’s because we’re accustomed to understanding business as a structural thing:  an instrument of control.

Wikipedia frames this problem well in the opening paragraph of its Structure vs. Agency Debate article:

The debate concerning the primacy of either structure or agency on human behaviour is a central ontological issue in sociology, political science, and the other social sciences. In this context, “agency” refers to the capacity of individuals to act independently and to make their own free choices.[1]Structure“, by contrast, refers to the recurrent patterned arrangements which seem to influence or limit the choices and opportunities that individuals possess.[2] The structure versus agency debate may therefore be understood simply as the issue of socialisation against autonomy.

Limiting individual choices through “patterned arrangements” has been an ideal of big business for a very long time. Choice is an ideal too, provided your product or service provides a choice for customers to not choose competing products or services. Agency-type choice, in which individuals are free to assert their will and their means, doesn’t get much respect.

In fact, most big businesses aren’t interested in customers that have lots of agency — unless those customers aren’t captured yet. Instead big business has long idealized controlling customers. That’s why they talk about “capturing,” “acquiring,” “managing,” “locking in” and “owning” them. And spend billions on systems that help them do that.

These controlling ideals are still with us in the era of “social networking” and “social media.” (Or what one friend calls SEFTTI, for “social every fucking thing there is.”) Sure, Facebook is as social as a kegger (or more so), but it is also a “patterned arrangement that seems to influence or limit the choices and opportunities that individuals possess.”

Personal autonomy on Facebook only goes as far as Facebook lets it go. Same with every other “social” system run by an entity other than yourself. They put a lid on your agency. You are not free.

I’m not saying there’s anything wrong with social systems, or structures, or even with businesses that want to control your choices. I am saying that agency has been AWOL from the market’s table. And bringing it there is what we’re doing with VRM.

I realized that VRM is about agency when I was talking with Iain Henderson the other day. Iain and his company MyDex have been working on creating and deploying personal data stores, or PDSes. These are the means by which individuals manage and  share personal data selectively. In that conversation Iain casually mentioned that the U.K. government was clearly invested in “user agency.” That is, in citizen responsibility for data about themselves and generated by themselves. In this fundamental way, he said, the U.K. government is far ahead of our own here in the U.S. — and the U.K. is therefore a more ideal environment for testing out VRM tools, such as the personal data store. (In fact MyDex’s prototype trials are going on right now, in three U.K. towns.)

What we’ll have, as VRM tools roll out and come into use, is many ways to test concepts such as methodological individualism and action theory. Mostly, however, I think it’s a way to see how much larger, and better, we can make the economy once individual customers are free to express their intentions.

Bonus link — which I put here hoping that somebody can fix it. Since it’s about me and some stuff I’ve said, I’m not the one to do that.

Do we have to “trade off” privacy?

Look up privacy trade-offs and you’ll get more than 150,000,000 results. The assumption in many of those is that privacy is something one can (and often should) trade away. Also that privacy trading is mostly done with marketers and advertisers, the most energetic of which take advantage of social media such as and .

I don’t think this has to be so.

One example of a trade-off story is this one on public radio’s Marketplace program, which I heard this evening. It begins with the case of Shea Sylvia, a FourSquare user who got creeped out by an unwelcome call from a follower who knew her location. Marketplace’s Sally Herships says,

There are millions of Sylvias out there, giving away their private information for social reasons. More and more, they’re also trading it in for financial benefits, like coupons and discounts. Social shopping websites like Blippy and Swipely let shoppers post about what they buy. But first they turn over the logins to their e-mail accounts or their credit card numbers, so their purchases can be tracked online.

Later, there’s this (the voice is Herships again):

Alessandro Acquisti researches the economics of privacy at Carnegie Mellon, and he says the value we put on privacy can easily shift. In other words, if giving away your credit card information or even your location in return for a discount or a deal seems normal, it must be OK.

ALESSANDRO ACQUISTI: Five years ago, if someone told you that there’d be lots of people going online to show, to share with strangers their credit card purchases, you probably would have been surprised, you probably would thought, “No, I can’t believe this. I wouldn’t have believed this.”

But Acquisti says, when new technologies are presented as the norm, people accept them that way. Like social shopping websites.

HERSHIPS: So the more we use sites like Blippy, the more we’ll use sites like Blippy?

ACQUISTI: Or Blippy 2.0.

Which Acquisti says will probably be even more invasive, because as time passes, we’re going to care less and less about privacy.

Back in Kansas City Shea Sylvia is feeling both better and worse. She thinks the phone call she got that night at the restaurant was probably a prank. But it was a wake up call.

What we’re dealing with here is an evanescent norm. A fashion. A craze. I’ve indulged in it myself with FourSquare, and at one point was the “mayor” of ten different places, including the #77 bus on Mass Ave in Cambridge. (In fact, I created that location.) Gradually I came to believe that it wasn’t worth the hassle of “checking in” all over the place, and was worth nothing to know Sally was at the airport, or Bill was teaching a class, or Mary was bored waiting in some check-out line, much as I might like all those people. The only time FourSquare came in handy was when a friend intercepted me on my way out of a stop in downtown Boston, and even then it felt strange.

The idea, I am sure, is that FourSquare comes to serve as a huge central clearing house for contacts between companies selling stuff and potential buyers (that’s you and me) wandering about the world. But is knowing that a near-infinite number of sellers can zero in on you at any time a Good Thing? And is the assumption that we’re out there buying stuff all the time not so wrong as to be insane?

Remember that we’re the product being sold to advertisers. The fact that our friends may be helping us out might be cool, but is that the ideal way to route our demand to supply? Or is it just one that’s fun at the moment but in the long term will produce a few hits but a lot of misses—some of which might be very personal, as was the case with Shea Silvia? (Of course I might be wrong about both assumptions. What I’m right about is that FourSquare’s business model will be based on what they get from sellers, not from you or me.)

The issue here isn’t how much our privacy is worth to the advertising mills of the world, or to intermediaries like FourSquare. It’s how we maintain and control our privacy, which is essentially priceless—even if millions of us give it away for trinkets or less. Privacy is deeply tied with who we are as human beings in the world. To be fully human is to be in control of one’s self, including the spaces we occupy.

An excellent summary of our current privacy challenge is this report by Joy L. Pitts (developed as part of health sciences policy development process at the Institute of Medicine, the health arm of the National Academy of Sciences). It sets context with these two quotes:

“The makers of the Constitution conferred the most comprehensive of rights and the right most valued by all civilized men—the right to be let alone.”

—Justice Louis Brandeis (1928)

“You already have zero privacy anyway. Get over it.”

—Scott McNealy, Chairman and CEO of Sun Microsystems (1999)

And, in the midst of a long, thoughtful and well-developed case, it says this (I’ve dropped the footnotes, which are many):

Privacy has deep historical roots. References to a private domain, the private or domestic sphere of family, as distinct from the public sphere, have existed since the days of ancient Greece.  Indeed, the English words “private” and “privacy” are derived from the Latin privatus, meaning “restricted to the use of a particular person; peculiar to oneself, one who holds no public office.” Systematic evaluations of the concept of privacy, however, are often said to have begun with the 1890 Samuel Warren and Louis Brandeis article, “The Right of Privacy,” in which the authors examined the law’s effectiveness in protecting privacy against the invasiveness of new technology and business practices (photography, other mechanical devices and newspaper enterprises). The authors, perhaps presciently, expressed concern that modern innovations had “invaded the sacred precincts of private and domestic life; and . . . threatened to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.’” They equated the right of privacy with “the right to be let alone” from these outside intrusions.

Since then, the scholarly literature prescribing ideal definitions of privacy has been “extensive and inconclusive.” While many different models of privacy have been developed, they generally incorporate concepts of:

  • Solitude (being alone)
  • Seclusion (having limited contact with others)
  • Anonymity (being in a group or in public, but not having one’s name or identity known to others; not being the subject of others’ attention)
  • Secrecy or reserve (information being withheld or inaccessible to others)

In essence, privacy has to do with having or being in one’s own space.

Some describe privacy as a state or sphere where others do not have access to a person, their information, or their identity. Others focus on the ability of an individual to control who may have access to or intrude on that sphere. Alan Westin, for example, considered by some to be the “father” of contemporary privacy thought, defines privacy as “the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.” Privacy can also be seen as encompassing an individual’s right to control the quality of information they share with others.

In the context of personal information, concepts of privacy are closely intertwined with those of confidentiality and security. Privacy addresses “the question of what personal information should be collected or stored at all for a given function.” In contrast, confidentiality addresses the issue of how personal data that has been collected for one approved purpose may be held and used by the organization that collected it, what other secondary or further uses may be made of it, and when the permission of the individual is required for such uses.Unauthorized or inadvertent disclosures of data are breaches of confidentiality. Informational security is the administrative and technological infrastructure that limits unauthorized access to information. When someone hacks into a computer system, there is a breach of security (and also potentially, a breach of confidentiality). In common parlance, the term privacy is often used to encompass all three of these concepts.

Take any one of these meanings, or understandings, and be assured that it is ignored or violated in practice by large parts of today’s online advertising business—for one simple reason (I got from long ago): Individuals have no independent status on the Web. Instead we have dependent status. Our relationships (and we have many) are all defined by the entities with which we choose to relate via the Web. All those dependencies are silo’d in the systems of sellers, schools, churches, government agencies, social media, associations, whatever. You name it. You have to deal with all of them separately, on their terms, and in their spaces. Those spaces are not your spaces. (Even if they’re in a place called . Isn’t it weird to have somebody else using the first person possessive pronoun for you? It will be interesting to see how retro that will seem after it goes out of fashion.)

What I’m saying here is that, on the Web, we do all our privacy-trading in contexts that are not out in the open marketplace, much less in our own private spaces (by any of the above definitions). They’re all in closed private spaces owned by the other party—where none of the rules, none of the terms of engagement, are yours. In other words, these places can’t be private, in the sense that you control them. You don’t. And in nearly all cases (at least here in the U.S.), your “agreements” with these silos are contracts of adhesion that you can’t break or change, but the other party can—and often does.

These contexts have been so normative, for so long, that we can hardly imagine anything else, even though we have that “else” out here in the physical world. We live and sleep and travel and get along in the physical world with a well-developed understanding of what’s mine, what’s yours, what’s ours, and what’s none of those. That’s because we have an equally well-developed understanding of bounded spaces. These differ by culture. In her wonderful book , Polly Platt writes about how French —comfortable distances from others—are smaller than those of Americans. The French feel more comfortable getting close, and bump into each other more in streets, while Americans tend to want more personal space, and spread out far more when they sit. Whether she’s right about that or not, we actually have personal spaces on Earth. We don’t on the Web, and in Web’d spaces provided by others. (The Net includes more than the Web, but let’s not get into that here. The Web is big enough.)

So one reason that privacy trading is so normative is that dependency requires it. We have to trade it, if that’s what the sites we use want, regardless of how they use whatever we trade away.

The only way we can get past this problem (and it is a very real one) is to create personal spaces on the Web. Ones that we own and control. Ones where we set the terms of engagement. Ones where we decide what’s private and what’s not.

In the VRM development community we have a number of different projects and companies working on exactly this challenge.  is pure open source and has a self-explanatory name. Others (, and others) are open in many ways as well, and are working together to create (or put to use) common code, standards, protocols, terminologies and other conventions on which all of us can build privacy-supporting solutions. You’ll find links to some of the people involved in those efforts (among others) in Personal Data Stores, Exchanges, and Applications, a new post by  (of Switchbook). There’s also the One example is the and at . (For more context on that, check out Iain Henderson’s unpacking of the .) There’s also our own work at ProjectVRM and , which has lately centered on developing -like legal tools for both individuals and companies.  What matters most here is that a bunch of good developers are working on creating spaces online that are as natural, human, personal—and under personal control—as the ones we enjoy offline.

Once we have those, the need for privacy trade-offs won’t end. But they will begin to make the same kind of down-to-Earth sense they do in the physical world. And that will be a huge leap forward.

Getting Real and VRM

Deep in a post about other stuff, Tony Fish asks, “What is Vendor Relationship Management (VRM) and how will it effect your future customer relationship strategy?” The parties to whom that is addressed are corporate CRM and marketing folks. Alan Mitchell provides some answers, along with more questions, in Get ready for Vendor Relationship Management:

Why should marketers be interested in VRM? Because, given a choice between a product that isn’t really addressing their needs (CRM) and one that is (VRM), customers are more likely to opt for VRM. In other words, VRM is a game changer.

A VRM filter helps create a new operational and innovation agenda. The simple question ‘how does this help the customer achieve his or her relationship management goals’ can go a long way to predicting which initiatives will stick, and which won’t. Creating systems to recognise customers at every touchpoint and treat them in a seamless fashion looks pretty good under this spotlight. Profiling and propensity modelling for the purposes of direct marketing? Not so sure.

More answers and questions emerge in a thread that starts with Denis Pombriant‘s The Relationship Entity, at the heart of which is this:

Who owns the customer relationship?  Is it the customer?  The vendor?  Both?  I think this is a trick question because a relationship is a duality that exists independent of both parties but requires both to exist at all.  In fact, the relationship becomes an entity of itself, a mass-less, weightless entity but a reality nonetheless.  Substitute the word marriage for relationship and you see my point.

(Tell me about it. Inside our wedding rings my wife and I have engraved “The couple decides.”)

Denis concludes,

I advocate thinking about the relationship as an independent entity, one that has to be nurtured from both sides.  And that drives my thinking on social CRM.

Paul Greenberg follows with Customer Ownership: Relationship? Conversation? Simply Put. SCRM is not VRM. Simple Being the Operative Principle. Some excerpts:

…the company owns the company, the customer owns their own personal value chain so to speak. That’s why there is a difference between SCRM and VRM.  Vendor Relationship Management is what the customer does to command their side of the relationship.  SCRM is what the company does in response to the customer’s control of the conversation – and all the other things associated with that.  But the company still owns itself – meaning its operational practices and its objectives and its records and its legal status as a company.

I think that the customer is at the hub of business ecosystem – to the point that you can call it a customer ecosystem. Meaning the customer drives demand and the company is now forced to respond to that.   But a relationship between company and customer is exactly what Denis says it is and that relationship’s success is the essence of SCRM…

Companies are increasingly being pushed to respond to customers and that is where SCRM begins to show itself.

So let me put it this way.  The final line of my definition of CRM says, “Its the company’s response to the customer’s control of the conversation.”  At this time, the ongoing way that the company responds to the customers control of the conversation IS the relationship.

Thanks to Chris Carfi for pointing us to that thread.

On the topic of branding (one of marketing’s oldest terms, borrowed originally by Procter & Gamble from the cattle industry), Alan Mitchell gets us started again with Brand messsaging: the heart of it. He begins,

I’ll be as blunt as possible. So long as marketers accept the conventional wisdom so neatly summed up by McKinsey, that the job of marketers is to increase “brands’ power to generate messages that influence the consumer’s decision to purchase” we will never – repeat, never – be able to make the mental and operational changes we need to flourish in the emerging era…

To explore the dynamics of what’s happening here, let’s approach the issue obliquely via a wonderful passage in Youngme Moon’s new book Different

In this passage she describes how modern markets work (or, to be more precise, our prevailing mental model of how they work). They display at least five defining characteristics.

  1. Consumers are exercising choice (but only from among the choices that producers have decided to offer them).
  2. Every consumer in every category is on a journey from novicedom to connoisseurship: most of us are neither novices or connoisseurs, we’re somewhere in the middle, learning. This learning is achieved almost entirely via DIY methods (there are no GSCEs or degrees in shopping).
  3. Aside from advertising, most product information is inseparable from the product itself: we go to market to inspect the product, to understand its features, attributes and qualities etc. To learn, in other words.
  4. Virtually all the information provided about the product is provided by the seller …
  5. … designed and distributed in furtherance of the seller’s goals, i.e. to persuade the buyer to buy.

This is the environment that created the brand-messaging consumer-influencing agenda. But it’s an environment that is fading fast. If we look at the emerging environment it looks rather different:

  1. An increasing proportion of the information that’s made available about the product is separate from the product itself: e.g. online.
  2. An increasing proportion of this information comes from independent sources (including other consumers), not the seller …
  3. … so an increasing proportion of this information addresses the consumer’s goal of making better decisions, rather than the seller’s goal of influence.
  4. These last two developments mean that learning about products and markets isn’t just a DIY activity any more: specialist services (search, comparison, peer-to-peer advice etc) are emerging to help consumers on this front; to provide them with the information they need; to help them become more ‘professional’ in their product judgements and choices.
  5. The more consumers get to understand what’s available and what’s possible, the more the process of arriving at a decision changes – from ‘choosing from among the choices presented to me’ to ‘building a specification of what I would like, and then finding the best fit’.

What this means is that we are in transition. Let’s accept that sellers will always want to influence consumers’ decisions in their favour and that consumers will always want to make better decisions. That’s not changing, but how they go about these tasks is being turned upside down (or, to be more precise, right side up).

For many decades now we have lived in a seller-centric market largely shaped and defined by marketers’ quest to influence consumers’ decisions. Consumers have had to pursue their goals within this context. We are now moving towards a buyer-centric market shaped and defined by consumers’ quest for better decisions, with marketers having to pursue their goals within this context. This is the “tectonic power shift”, the “dramatically altered” balance of power between companies and consumers that McKinsey so rightly referred to.

In Sixth Characteristic, Jacek Chwalisz adds to Alan’s list,

Using current communications tools it is possible to find, understand, communicate and satisfy people who at the moment are looking for particular object, not only its perception.

In that post Jacek probes the distance between the real and the unreal, and the role of branding in creating the latter. He sees in brands a “magic” that is “not rational.” Specifically,

I think people taking under consideration different choices than offered by brands feel risk related to possible lost of this “magic”. And they are right, because brands satisfy their needs of “magic”. How this “magic” works? People have a tendency to mix up subject of perception and method of perception. For many people “story about facts” is the same as “facts”, “knowledge about something” is the same as “something”, “self perception” is the same as “self” (this mechanism was described many times, even in European Middle Ages as “medium quo” and “medium quod”).

This distance between perception and reality is reduced by authenticity, and therein lies the problem with branding itself, of the current craze around “personal branding,” and why the latter is oxymoronic.

I took all this on earlier this month in a string of posts titled Brands are Boring, Branding is Bull, and The Unbearable Lightness of Branding. Quite a few comments followed, but none does a better job than Phil Windley’s
Branding and Indispensability vs Reputation and Influence. “We already have an identity and we have our humanity. Those are the things that we need to emphasize, not the idea of personal brand.”

As everybody above make clear, VRM is something that happens on the customer’s side of his or her relationship with vendors (or with any other entity). As Jacek suggests, real relationship requires authenticity. For that, traditional branding is largely a side issue. In fact, I suggest that all branding is essentially a distraction. I might even suggest that nearly all marketing is too. That’s because marketing is still mostly about push. Let’s face it: pushing is what most marketers get paid to do.

But pull will outperform push, because it will involve less — or no — guesswork. It will be based on what the customer actually wants, rather than what vendors want to push at them.

Back in 1997, before blogging got started, I wrote two pieces no publisher would touch, both about “push,” which was then a big buzzcraze: Shoveling Push Media, and When Push Comes to Shove. The craze went away, but the urge to push hasn’t, and shouldn’t. Sellers need to let buyers know what they’ve got and why it’s good. But the waste involved in blasting out message, and “branding,” is huge. And it wastes more than money.

Bonus link: VRM is #15 on Web Design Cool’s list of 21 Twitter Tips From Socially Savvy Companies.

Older posts

© 2014 ProjectVRM

Theme by Anders NorenUp ↑