Page 3 of 29

Reporting on the Data Privacy Hackathon

Data Privacy HackathonIn case you missed the Data Privacy Hackathon, held this past weekend in London, New York and San Francisco, there should be a good mother lode of posts, tweets and videos up now, or soon.

Here is a small starter-pile of links from the New York one:

  • The hackathon page.
  • #privacyhack on Twitter
  • Videos of the event, courtesy of the New York Chapter of the Internet Society.  VRM and I come in at ~ 27 minutes into the first video. Finalist hacks are presented in this video here. One of the entries, Re-entry, led by Lina Kaisey, Harvard Law School ’14, starts at about 56 minutes into the last video link, and is to some degree based on my challenge in the first video link. It came in second. The winner was Ghostdrop, the presentation for which follows Lina’s, and which allows private communications between individuals. (Re-entry does that too, for prisoners re-entering the free world, and communicating with The System).

More at LegalHackathon.net.

Personal = Sovereign

We are all different.different

We look different, we sound different, we think and act different. Even soldiers marching lock-step in uniform are all different. Emperor Qui Shi Huang recognized this fact by having his sculptors put a different face on every soldier in the terracotta army.

Even identical twins are not identical.

Devon Loffreto has a useful word for this state. He calls it sovereign. Here are a few of his posts on the matter:

I wrote about it here:

For as long as we’ve had identifiers in computer and network system namespaces, we have been talking about administrative identities, not sovereign ones.

All administrative identities are silo’d: isolated inside systems and their namespaces. The Internet, which cyber-utopians (me included) cheer for its decentralized peer-to-peer and end-to-end architectural graces, has become a vast forest of centralized systems, each a silo. This Great Silo Forest is a hall of administrative mirrors. Your reflection in each is not you, but an administrative version of you.

Want a sense of how bad this is? Go into your browser prefs and hunt down the place where your logins and passwords are kept. Every one of those login/password combinations is for a different you, that each different system knows separately, owns separately and controls separately.

The concern in that post is identity. That’s personal, but so is much else: personal spaces, personal possessions, personal preferences, personal relationships and so on. What do we mean by personal in each of those cases?

In the physical world, the meaning is obvious, and the usage so common that we use the pronouns my and mine. But in the virtual world the boundaries are not so clear. Is the data a company collects about me really mine?

Yet we need to develop better  understandings, better definitions, better vocabularies — before the norms of the still-young virtual world catches up with the physical one, where civilization has been around for millennia.

I heard last night from a colleague that a word gaining currency with some young people is sovereign. In the past it was a word that applied mostly to countries and governments. Says the Free Dictionary,

adj.

1. Self-governing; independent: a sovereign state.
2. Having supreme rank or power: a sovereign prince.
3. Paramount; supreme: Her sovereign virtue is compassion.
4. a. Of superlative strength or efficacy: a sovereign remedyb. Unmitigated: sovereign contempt.

Since so much of what we do as persons in the virtual world was once do-able only by large organizations (computing and networking, for example), this makes sense.

And, given our much our personal spaces and our agency have been compromised, sovereignty is a state devoutly to be wished for.

Here is how Chris Locke put it in The Cluetrain Manifesto, fifteen years ago:

we are not seats or eyeballs or end users or consumers. we are human beings and our reach exceeds your grasp. deal with it.

While privacy is a huge concern, and something about which VRM developers have much to offer, it tends also to be understood in defensive terms.  Sovereign is more positive, and has a great deal of dignity as well.

So I’m rooting for it.

Good news for VRM and financial transactions

FinTPTomorrow, 24 January, is code launch day for FinTP, described by its parent, Allevo, as “the first open source application for financial transactions.” The code is being released under the GPL v3 license on Github.

FinTP’s development is intended, among other things, to support VRM product and service development. This began in 2011, when Allevo folks discovered that VRM developers were collaborating with SWIFT‘s Innotribe on what would become the Digital Asset Grid (described as “a new infrastructure providing a platform for secure, authorised peer to peer data sharing between known, trusted people, businesses and devices”).

Since FinTP is open source, VRM developers — especially those dealing with financial transactions (and there are many) — should check it out and consider getting involved as well. (On my own wish list: EmanciPay.)  The FinTP community is FINkers United, and looks like this:

FinTP community

Read more at the Allevo blog.

By the way, SWIFT has an annual Startup Challenge it would be wise for VRM developers to check out — especially those dealing with banking and financial transactions.

 

 

VRM Linklings

The marketplace

VRM and Personal Clouds

Surveillance vs. Privacy

Research

  • Data & Society issues a Call for Fellows. Particulars: The fellowship program is intended to bring together an eclectic network of researchers, entrepreneurs, activists, policy creators, journalists, geeks, and public intellectuals who are interested in engaging one another on the key issues introduced by the increasing availability of data in society. We are looking for a diverse group of people who can see both the opportunities and challenges presented by access to data and who have a vision for a project that can inform the public or shape the future of society.

 

A Holiday list of VRM links

New VRM developers (in alphabetical order, two from Australia, one from New Zealand)

  • Flamingo. Descriptions:  Personalizing Customer Experience…Empowering businesses…>Flamingo knows that true customer empowerment is achieved by empowering businesses too. Thankfully technology and some clever analytics allow us to do just that….>We have a unique set of tools, created especially for business that will empower individuals across sales, marketing, service, support and business intelligence to know what experience customers and potential customers actually want. Our research tells us organisations that can do this get significant competitive advantage and bottom line growth.
  • Meeco. The Blog. Descriptions: >Your dashboard for life. >It’s time to make digital life simple. >>Be rewarded for being you… >Meeco is a new and easy way to manage your life and the data inside your personal cloud…>Meeco’s beautiful dashboard means one click to your favourite brands, bill payments, travel, banking and shopping…>Meeco gives you a private browser so you control, manage and track your own habits, providing you with rich insight… >>When you decide to share or signal what you want, you can do it anonymously or identified with the brands your trust in exchange for value, discounts or financial reward…  >Meeco will never sell your data because we know it’s yours.
  • MyWave. The Blog. Descriptions: Really putting customers at the centre of the relationship…Founded by former SAP North America President Geraldine McBride in 2013, MyWave is leading a fundamental change in the way enterprises do business with their customers – and how customers interact with enterprises…MyWave’s services and technology platform provide the means for enterprises to evolve away from the existing but outdated push‑based transaction model to a new two-way permission-based relationship based on Mutual Value…MyWave Customer Experience Consulting Services – Customer experience design experts who help businesses re-imagine their customer experiences through the lens of the customer, moving business from the old push-based transaction model to a personalized model….MyWave CMR technology platform – CMR turns CRM on its head by putting the customer in control of getting those personalized experiences anytime, anywhere, on any device. The MyWave CMR platform is constructed so that the customer owns their data. This removes privacy concerns and allows a new dynamic based on trust, advocacy and mutual value in each exchange.

Privacy

Hellbound handbasketry

VRooMy links

VRM developments

  • List of developers and related projects and people on the ProjectVRM wiki. Please make or send your updates.
  • Phil Windley: Intention Generation: Fuse and VRM. Pull-quotage:Fuse, our connected-car product is an intention generator. Here’s a few examples:
    • When Fuse sees your gas tank is nearly empty it can generate an intention to buy gas.
    • When Fuse indicates it’s time for an oil change or tire rotation, it can generate an intention to have the car serviced.
    • When the vehicle raises a diagnostic code, Fuse can generate an intention to get the car fixed.
    • When insurance is up for renewal, Fuse can generate an intention to solicit quotes for a new policy.
    • Geofences could be linked to intentions.
    • Even a crash, sensed by Fuse’s accelerometers, is an intention to seek emergency services.

    As an intention generator Fuse could be seen as a brand-new way for companies to spy on drivers. But we don’t think it has to be that way. If Fuse is going to generate intentions that can be acted on while preserving owner choice and privacy, it must also provide owners with two things:

    1. A way to see, select, and interact with vendors—both those who the owner has an existing relationship with and those who might be good candidates for future purchases.
    2. A way to use intentions and the make the choices that only the owner can make. For example, when my insurance is due, Fuse needs to ask me if I’m happy with my current insurance before going out to solicit bids.

    Both of these features are about providing owner choice and putting the owner in control. In the terminology of VRM, the thing providing these features is typically called the “4th party” and refers to the system that is acting on the customer’s behalf.

  • Customer Commons Web Pal.
  • Joshua Kopstein in The New Yorker: The mission to decentralize the Internet. Has this line: … average users can create personal clouds to store data that they can access anywhere, without relying on a distant data center owned by Dropbox or Amazon.

Privacy

Business

  • Jamie Smith: Thinking about Moments and Thinking about Context.
  • Karl Bode in Broadband ReportsAT&T Offers $70 1 Gbps in Austin — With a Big Catch. Pull-quote: “The asterisks (**) on the Premiere offer indicates that you must agree to participate in AT&T Internet Preferences behavioral tracking and ad service if you want that price point. Internet Preferences “may use your Web browsing information, like the search terms you enter and the Web pages you visit, to provide you relevant offers and ads tailored to your interests,” says AT&T. That’s a thirty dollar markup from Google Fiber pricing simply for not wanting to have your online activity watched and monetized by AT&T. While Google tracks search history, cookies and GPS location data, AT&T’s Internet Preferences appears to use deep packet inspection (a la Phorm or NebuAD) to monitor each and every packet, including how long you spend on specific websites.
  • Johannes Ernst: There are only three business models.

Big Data, meet Big Privacy

Look up “big data” (with the quotes) today on Google, and you’ll results that look like this:

Basically, a heap of hype. The only visible organic search results are a Wikipedia article and the a May 2011 report that McKinsey wrote for corporate customers. I am sure some of those same customers are among the advertisers hogging acreage in search results.

Whenever you see a money river that gets bigger and bigger while flowing in a circle, you’ve looking at a mania. That’s what we see here, and in Google Trends as well:

Big Data today is entirely an obsession of the B2B (Business to Business) world. It may fuel B2C (Business to Consumer); but the consumer does not participate except as a source of data and as a target for marketing messages guided by Big Data analytics. So, while we get to witness the Big Data mania as individuals, we don’t participate in it.

But we will.

Think about computing before it got personal around the turn of the ’80s. Before then, “personal computer” was an oxymoron. But eventually computers became something everybody had. Today our phones are computers. The same thing happened with networking. Before the Internet got huge in the mid-’90s, networking was something companies and governments did.  Today computing and networking are fully personal as well as fully corporate. And far more value is generated by people computing and networking than by companies doing it only with themselves and each other.

It’s a good bet that Big Data will follow the same path. Individuals will be able to do far more with data of all sizes than would ever be possible in the B2B world alone.

Meanwhile, the B2B appetite for “big data,” and eagerness to use it to market at us, has raised privacy as an issue. Back in the pre-Internet world, privacy wasn’t very controversial. We all knew what it was, and how to protect it most of the time. In the new digital world, we don’t, except through relatively primitive means, such as ad and tracking blocking. In The Rise of Ad Blocking, published in August 2013, PageFair found an average ad blocking rate of 22.7%. On some browsers it’s much higher:

This is the market speaking.

So is Big Privacy: Bridging Big Data and the Personal Data Ecosystem Through Privacy by Design, a paper published today by Ann Cavoukian, Ph.D. and Drummond Reed. Ann is the Information & Privacy Commissioner for Ontario, Canada, and Drummond is Co-Founder and CEO of Respect Network. Ann is also behind Privacy By Design, which “advances the view that the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must become an organization’s default mode of operation.”

Both Ann and Drummond are coming from the customer side of the C2B relationship. In other words, they are coming from the need for VRM ways to solve market problems and open up new opportunities. It also goes straight after “big data”:

Recent technological and business developments have given rise to a new understanding of personal information. It is now being compared to currency and energy1—often being referred to as “the new oil.” It is an economic asset generated by the identities and behaviors of individuals and their technological surrogates. These metaphors, which express its increasing economic value to organizations, ring especially true in the case of Big Data. Indeed, Big Data derives economic value from its use of personal information to such an extent that if personal information is considered to be “the new oil,” then Big Data is the machinery that runs on it.

However, like our current dependence on fossil fuels, Big Data’s current use of personal information is unsustainable, increasingly resulting in “pollution” via privacy infringement. At the moment, individuals have little, if any, control over their information’s use and disclosure in Big Data analytics. In addition to a host of privacy concerns, this lack of informational self-determination gives rise to an uneven exchange of the economic value. While the owners of Big Data algorithms profit from their use and disclosure of personal information, the individuals the personal information relates to do not—at least not directly. If not properly addressed, the privacy and economic concerns raised by Big Data threaten to decrease individuals’ willingness to share their personal information—in effect, cutting off the flow of the “oil” on which the analytic “machinery” of Big Data runs.

The report describes the Personal Data Ecosystem (PDE) as “the emerging landscape of companies and organizations that believe individuals should be in control of their personal information and directly benefit from its use, making available a growing number of tools and technologies to enable such control,” adding (in boldface type), “So if privacy infringement is the negative externality that Big Data frequently ignores, the PDE is the emerging positive externality that can turn the combination into a positive-sum outcome where both data subjects and Big Data users benefit.
The paper defines Big Privacy this way:

Big Privacy is Privacy by Design writ large, i.e., it is the application of the 7 principles of Privacy by Design, not only to individual organizations, applications, or contexts, but to entire networks, value chains, and ecosystems, especially those that produce and use Big Data. The goal of Big Privacy is the systemic protection of personal data and radical personal control over how it is collected and used. Radical control is an embodiment of “informational self- determination”—the right enshrined in the German Constitution relating to the individual’s ability to determine the fate of one’s information.12 This means that it must be possible to assure whole populations that their privacy is being respected because the network, value chain, and/or ecosystem producing and processing Big Data has implemented Privacy by Design at a system-wide level, enabling individuals who consent to the use of their personal information to reap a proportion of the benefits. 

The paper goes on to detail seven architectural elements of Big Privacy:

  1. Personal Clouds
  2. Semantic Data Interchange
  3. Trust Frameworks
  4. Identity and Data Portability
  5. Data-By-Reference (or Subscription)
  6. Accountable Pseudonyms
  7. Contractual Data Anonymization

These in turn leverage the  “Seven Foundational Principles of Privacy by Design”:

  1. Proactive not Reactive; Preventative not Remedial
  2. Privacy as the Default Setting
  3. Privacy Embedded into Design
  4. Full Functionality – Positive-Sum, not Zero-Sum
  5. End-to-End Security – Full Lifecycle Protection
  6. Visibility and Transparency – Keep it Open
  7. Respect for User Privacy – Keep it User-Centric

ProjectVRM gets a mention. I’d also like to add a pointer to the Personal Data Ecosystem Consortium, which has done pioneering work in the PDI, and whose work pulls toward the future alongside ours here.

The paper also does the best job I’ve seen yet of explaining the Respect Trust Framework and XDI, both of which normally require a lot of mental chewing to get down. They still do; just less this time.

I’ve always thought that XDI was a brilliant and elegant solution looking for a problem. I still do. The difference now is that it’s found the right one.

LG jumps on advertising bandwagon, runs over its own customers

Used to be a TV was a TV: a screen for viewing television channels and programs, delivered from stations and networks through a home antenna or a cable set top box. But in fact TVs have been computers for a long time. And, as computers, they can do a lot more than what you want, or expect.

Combine that fact with the current supply-side mania for advertising aimed by surveillance, and you get weirdness such as Doctor Beet‘s LG Smart TVs logging USB filenames and viewing info to LG servers. According to Doctor Beet, viewer activity is actually reported to a dead URL (which may not be, say some of the comments). The opt-out is also buried an off-screen scroll. And LG tells Doctor Beet to live with it, because he “accepted” unseen opt-out terms and conditions.

But wait: there’s more.

If you want to really hate LG — a company you barely cared about until now, watch this. It’s a promotional video for “LG Smart AD,” which “provides the smartest way to reach your targeted audiences across the borders and connected devices with excitement powered by LG’s world best 3D and HD home entertainment technology” and “enables publishers to maximize revenues through worldwide ad networks, intelligent platform to boost CPM and the remarkable ecosystem.” The screen shot above shows (I’m not kidding) a family being terrorized by their “immersive” advertising “experience.”

This promotional jive, plus the company’s utterly uncaring response to a customer inquiry, shows what happens when a company’s customers and consumers become separate populations — and the latter is sold to the former. This split has afflicted the commercial broadcast industry from the start, and it afflicts the online advertising industry today. It’s why the most popular browser add-ons and extensions are ones that thwart advertising and tracking. And it’s why the online advertising industry continues to turn deaf ears and blind eyes toward the obvious: that people hate it.

Clearly LG is getting on the surveillance-based advertising-at-all-costs bandwagon here. The sad and dumb thing about it is that they’re actually selling customers they already have (TV buyers) to ones they don’t (advertisers). Their whole strategy is so ham-fisted that I doubt they’ll get the message, even if bad PR like this goes mainstream.

The one good effect we might expect is for competing companies to sell surveillance-free viewing as a feature.

Bonus link.

When the customer gets the pricing gun

Customers don’t normally operate pricing guns. That’s why we have this old Steven Wright joke:

The lady across the hall tried to rob a department store — with a pricing gun.
She said, “Give me all of the money in the vault, or I’m marking down everything in the store.”

It wouldn’t be funny if it wasn’t a scary prospect for retailers.

But what if customers actually do get that power, on their own — meaning they don’t get that power from any seller, but from themselves. Like they get their car on their own. Or their . Or their browser. Or their email.

For example, what if each of us had a way to publish an offer price to many retailers at once? For example, “I’ll pay $2500 for a Canon 5D Mk III camera.” (In fact I’ve already said that, through a VRM company called .) And what if I had a way to escrow that money — and that intention-to-buy — at a bank, ready to pay when a seller meets my price and my terms? That’s the idea (though not the only one) behind . It should be a good business for banks — or for anybody wanting to help activity in markets move faster and more efficiently.

There has already been work in that direction, through the companies listed under Intentcasting here, plus the work some of us did with , a division of . That work began with discussions at around digital identity, personal data and the EmanciPay idea. Once underway, it evolved into the Digital Asset Grid: a way to move data on the SWIFT network that also moves money, with the same high degree of security. Having a secure way to move both personal data and money seemed like good idea, so we created it, and it’s there for the taking.

Meanwile, let’s say that EmanciPay, or something like it, takes off, and the pricing gun really is in the hands of the customer. Will this be the end of the world for mass marketing? Or for anything? Or will it open a huge new greenfield of opportunity, based on much better signaling of pricing — and other variables — by customers?

Like, what if we could signal real loyalty, rather than just the coerced kind we get with loyalty cards? What about convenience? Reliability? Experience with the product, the vendor, and the quality of service?

How would it work if every product we buy, or service we engage, would also serve as the platform for a genuine relationship with maker and/or the seller? This can happen if the product or service comes with its own cloud. Think about that. Your car, your cable modem, your TV, your stove, your dishwasher, your anything can have a cloud of its own, today. picos, for persistent compute objects. When you buy a product with a pico, that cloud might come with all the service materials required, be updated automatically, and contain all the service records as well. And you can add whatever you want to it, or use it as a communications conduit between you and the product’s maker or seller.

This is what makes . It’s not just a second dashboard for your car in a mobile app. It’s your platform for relationships with the car maker, your mechanic, or others in your family who also use the car. Think of it as a service gun. Or the platform for one.

There’s no limit to what you can imagine if you’re an independent party with full agency, rather than a serf in some company’s castle. Or to what can happen between people and companies that value each other’s independence.

 

Come to VRM & Personal Cloud Day

Tomorrow, Monday 21 October, is VRM and Personal Cloud Day at the Computer History Museum. Register at that link. It’s free. Or just show up. (Registering gives us a better idea of head count.)

It’s the time and place to brainstorm about both topics, plus what we’ll be discussing and moving forward the following three days at IIW, also at the CHM.

More details here.

It’s all about leverage on the future. So be there.

« Older posts Newer posts »

© 2014 ProjectVRM

Theme by Anders NorenUp ↑