Tag: Berkman Center

Do we have to “trade off” privacy?

Look up privacy trade-offs and you’ll get more than 150,000,000 results. The assumption in many of those is that privacy is something one can (and often should) trade away. Also that privacy trading is mostly done with marketers and advertisers, the most energetic of which take advantage of social media such as and .

I don’t think this has to be so.

One example of a trade-off story is this one on public radio’s Marketplace program, which I heard this evening. It begins with the case of Shea Sylvia, a FourSquare user who got creeped out by an unwelcome call from a follower who knew her location. Marketplace’s Sally Herships says,

There are millions of Sylvias out there, giving away their private information for social reasons. More and more, they’re also trading it in for financial benefits, like coupons and discounts. Social shopping websites like Blippy and Swipely let shoppers post about what they buy. But first they turn over the logins to their e-mail accounts or their credit card numbers, so their purchases can be tracked online.

Later, there’s this (the voice is Herships again):

Alessandro Acquisti researches the economics of privacy at Carnegie Mellon, and he says the value we put on privacy can easily shift. In other words, if giving away your credit card information or even your location in return for a discount or a deal seems normal, it must be OK.

ALESSANDRO ACQUISTI: Five years ago, if someone told you that there’d be lots of people going online to show, to share with strangers their credit card purchases, you probably would have been surprised, you probably would thought, “No, I can’t believe this. I wouldn’t have believed this.”

But Acquisti says, when new technologies are presented as the norm, people accept them that way. Like social shopping websites.

HERSHIPS: So the more we use sites like Blippy, the more we’ll use sites like Blippy?

ACQUISTI: Or Blippy 2.0.

Which Acquisti says will probably be even more invasive, because as time passes, we’re going to care less and less about privacy.

Back in Kansas City Shea Sylvia is feeling both better and worse. She thinks the phone call she got that night at the restaurant was probably a prank. But it was a wake up call.

What we’re dealing with here is an evanescent norm. A fashion. A craze. I’ve indulged in it myself with FourSquare, and at one point was the “mayor” of ten different places, including the #77 bus on Mass Ave in Cambridge. (In fact, I created that location.) Gradually I came to believe that it wasn’t worth the hassle of “checking in” all over the place, and was worth nothing to know Sally was at the airport, or Bill was teaching a class, or Mary was bored waiting in some check-out line, much as I might like all those people. The only time FourSquare came in handy was when a friend intercepted me on my way out of a stop in downtown Boston, and even then it felt strange.

The idea, I am sure, is that FourSquare comes to serve as a huge central clearing house for contacts between companies selling stuff and potential buyers (that’s you and me) wandering about the world. But is knowing that a near-infinite number of sellers can zero in on you at any time a Good Thing? And is the assumption that we’re out there buying stuff all the time not so wrong as to be insane?

Remember that we’re the product being sold to advertisers. The fact that our friends may be helping us out might be cool, but is that the ideal way to route our demand to supply? Or is it just one that’s fun at the moment but in the long term will produce a few hits but a lot of misses—some of which might be very personal, as was the case with Shea Silvia? (Of course I might be wrong about both assumptions. What I’m right about is that FourSquare’s business model will be based on what they get from sellers, not from you or me.)

The issue here isn’t how much our privacy is worth to the advertising mills of the world, or to intermediaries like FourSquare. It’s how we maintain and control our privacy, which is essentially priceless—even if millions of us give it away for trinkets or less. Privacy is deeply tied with who we are as human beings in the world. To be fully human is to be in control of one’s self, including the spaces we occupy.

An excellent summary of our current privacy challenge is this report by Joy L. Pitts (developed as part of health sciences policy development process at the Institute of Medicine, the health arm of the National Academy of Sciences). It sets context with these two quotes:

“The makers of the Constitution conferred the most comprehensive of rights and the right most valued by all civilized men—the right to be let alone.”

—Justice Louis Brandeis (1928)

“You already have zero privacy anyway. Get over it.”

—Scott McNealy, Chairman and CEO of Sun Microsystems (1999)

And, in the midst of a long, thoughtful and well-developed case, it says this (I’ve dropped the footnotes, which are many):

Privacy has deep historical roots. References to a private domain, the private or domestic sphere of family, as distinct from the public sphere, have existed since the days of ancient Greece.  Indeed, the English words “private” and “privacy” are derived from the Latin privatus, meaning “restricted to the use of a particular person; peculiar to oneself, one who holds no public office.” Systematic evaluations of the concept of privacy, however, are often said to have begun with the 1890 Samuel Warren and Louis Brandeis article, “The Right of Privacy,” in which the authors examined the law’s effectiveness in protecting privacy against the invasiveness of new technology and business practices (photography, other mechanical devices and newspaper enterprises). The authors, perhaps presciently, expressed concern that modern innovations had “invaded the sacred precincts of private and domestic life; and . . . threatened to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.’” They equated the right of privacy with “the right to be let alone” from these outside intrusions.

Since then, the scholarly literature prescribing ideal definitions of privacy has been “extensive and inconclusive.” While many different models of privacy have been developed, they generally incorporate concepts of:

  • Solitude (being alone)
  • Seclusion (having limited contact with others)
  • Anonymity (being in a group or in public, but not having one’s name or identity known to others; not being the subject of others’ attention)
  • Secrecy or reserve (information being withheld or inaccessible to others)

In essence, privacy has to do with having or being in one’s own space.

Some describe privacy as a state or sphere where others do not have access to a person, their information, or their identity. Others focus on the ability of an individual to control who may have access to or intrude on that sphere. Alan Westin, for example, considered by some to be the “father” of contemporary privacy thought, defines privacy as “the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.” Privacy can also be seen as encompassing an individual’s right to control the quality of information they share with others.

In the context of personal information, concepts of privacy are closely intertwined with those of confidentiality and security. Privacy addresses “the question of what personal information should be collected or stored at all for a given function.” In contrast, confidentiality addresses the issue of how personal data that has been collected for one approved purpose may be held and used by the organization that collected it, what other secondary or further uses may be made of it, and when the permission of the individual is required for such uses.Unauthorized or inadvertent disclosures of data are breaches of confidentiality. Informational security is the administrative and technological infrastructure that limits unauthorized access to information. When someone hacks into a computer system, there is a breach of security (and also potentially, a breach of confidentiality). In common parlance, the term privacy is often used to encompass all three of these concepts.

Take any one of these meanings, or understandings, and be assured that it is ignored or violated in practice by large parts of today’s online advertising business—for one simple reason (I got from long ago): Individuals have no independent status on the Web. Instead we have dependent status. Our relationships (and we have many) are all defined by the entities with which we choose to relate via the Web. All those dependencies are silo’d in the systems of sellers, schools, churches, government agencies, social media, associations, whatever. You name it. You have to deal with all of them separately, on their terms, and in their spaces. Those spaces are not your spaces. (Even if they’re in a place called . Isn’t it weird to have somebody else using the first person possessive pronoun for you? It will be interesting to see how retro that will seem after it goes out of fashion.)

What I’m saying here is that, on the Web, we do all our privacy-trading in contexts that are not out in the open marketplace, much less in our own private spaces (by any of the above definitions). They’re all in closed private spaces owned by the other party—where none of the rules, none of the terms of engagement, are yours. In other words, these places can’t be private, in the sense that you control them. You don’t. And in nearly all cases (at least here in the U.S.), your “agreements” with these silos are contracts of adhesion that you can’t break or change, but the other party can—and often does.

These contexts have been so normative, for so long, that we can hardly imagine anything else, even though we have that “else” out here in the physical world. We live and sleep and travel and get along in the physical world with a well-developed understanding of what’s mine, what’s yours, what’s ours, and what’s none of those. That’s because we have an equally well-developed understanding of bounded spaces. These differ by culture. In her wonderful book , Polly Platt writes about how French —comfortable distances from others—are smaller than those of Americans. The French feel more comfortable getting close, and bump into each other more in streets, while Americans tend to want more personal space, and spread out far more when they sit. Whether she’s right about that or not, we actually have personal spaces on Earth. We don’t on the Web, and in Web’d spaces provided by others. (The Net includes more than the Web, but let’s not get into that here. The Web is big enough.)

So one reason that privacy trading is so normative is that dependency requires it. We have to trade it, if that’s what the sites we use want, regardless of how they use whatever we trade away.

The only way we can get past this problem (and it is a very real one) is to create personal spaces on the Web. Ones that we own and control. Ones where we set the terms of engagement. Ones where we decide what’s private and what’s not.

In the VRM development community we have a number of different projects and companies working on exactly this challenge.  is pure open source and has a self-explanatory name. Others (, and others) are open in many ways as well, and are working together to create (or put to use) common code, standards, protocols, terminologies and other conventions on which all of us can build privacy-supporting solutions. You’ll find links to some of the people involved in those efforts (among others) in Personal Data Stores, Exchanges, and Applications, a new post by  (of Switchbook). There’s also the One example is the and at . (For more context on that, check out Iain Henderson’s unpacking of the .) There’s also our own work at ProjectVRM and , which has lately centered on developing -like legal tools for both individuals and companies.  What matters most here is that a bunch of good developers are working on creating spaces online that are as natural, human, personal—and under personal control—as the ones we enjoy offline.

Once we have those, the need for privacy trade-offs won’t end. But they will begin to make the same kind of down-to-Earth sense they do in the physical world. And that will be a huge leap forward.

VRMomentum

Thanks to a question from , VRM is now on the radar of , a business consulting group I have followed and respected for nearly two decades. Much of what we’re doing with VRM is right in line with what Peppers & Rogers have been writing and talking about for the duration, so I’m not surprised to see them groking VRM in just one pass. Responding to Rebecca, posted VRM: Next Destination in Technology’s March?, where he says this:,

Think about it: “Management” is synonymous with control or direction by someone, while “social” represents an inherently collective, non-managed value. Trying to describe “social CRM” in other words, is something like trying to describe “citrus watermelon.” And in fact, many of the pioneers in SCRM are finding that in order to have any traction at all in social media they must first give up control – that is, they must admit that they cannot by themselves “manage” the process or its outcomes.

But the VRM idea may just describe the next destination in this march of technology. In our view, VRM makes the most sense for consumers when the process involves highly personal computers with mobile applications that allow consumers to mange their own information more directly, even as they continue to participate in the economic system, buying products and services and putting them to use.

Whether VRM actually takes root or not, however, depends on whether the right intermediaries spring to life to facilitate it. In The One to One Future, back in 1993, we speculated that eventually a form of business would emerge that we termed a “privacy intermediary.” This would be a business that would collect an individual’s personal information and use it to extract the best possible deal from a vendor while protecting the person’s privacy – that is, without allowing the vendor to gain its own access to the individual (see Chapter 9.)

Martha and I often say that if we made one big error in the predictions inside this book, it was overestimating the degree of interest consumers would have in protecting their own privacy. We thought privacy intermediation would be a big business, but so far this just hasn’t happened. On the other hand, it may be that technology has now reached the point that this kind of intermediary function might soon be handled as a simple mobile phone app. And when that happens, VRM will arrive for real.

Don & Martha, if you’re reading this, check out . (Also find more background on VRM here, here and here.)  And look here for some examples of efforts that qualify as “privacy intermediaries.” I think Azigo, , , and  are all in that ball park, each with different roles. (For more on that park, see Joe Andrieu’s series on user driven services.)

I need to add, however, that we don’t always need intermediaries. VRM is about independence as well as engagement. We need self-hosted and self-directed solutions as well. We also need to build on free and open code, standards and protocols if we don’t want VRM to become as silo’d as “social media” have become. (The big two, Twitter & Facebook, are both companies, not functional categories.) This is what is for. Also , the code-child of , whose fingerprints are also on both Twitter and Oauth. Here’s a nice interview with Blaine by Tom Murphy at .

has a customarily thoughtful post with The customer is not king. He explains,

…today that’s changing and we can look at the world through a different lens – that of the decision-maker (the person) rather than that of the decision-influencer (the seller). Once you do this it quickly becomes apparent that this meta-need – to make (and implement) better decisions – is bigger than all other needs (for chocolates, for cars, for current accounts etc) because it embraces them all, subsuming them into the bigger task of achieving what the person (not the seller) wants to achieve.

Person- or buyer-centric services then, sit on the side of the individual, helping the individual achieve what the individual wants to achieve, including managing relationships with many different suppliers more efficiently and more effectively (VRM, or Vendor Relationship Management). The central questions here are, What challenges does the person face when doing this? How to do it better?

The difference between now and say, twenty years ago, is that twenty years ago this person-centric perspective was operationally irrelevant. You couldn’t do anything practical to help people address these challenges. When marketers said ‘the customer is king’, it was just a disguised way of saying ‘the organisation is king’.

Now, however, as information becomes a tool in the hands of the individual, that’s changing. The organisational king is being deposed. This is not about superficial changes in ‘how to achieve the same old marketing goals better’. For example, it’s got nothing to do with arguments about whether it’s easier, cheaper or better to get marketing messages across via social media or mass advertising. It’s a deep, structural, tectonic, remorseless and comprehensive transformation in the relationship between individuals and organisations.

And if you keep on looking in the customer mirror, you simply won’t see it coming.

Denis Pombriant, who was a very helpful contributor to VRM+CRM 2010 a couple weeks ago at Harvard (with big thanks again to the Berkman Center staff), followed with VRM, CRM and Social Media. While mostly complimentary, Denis adds,

I can’t say the same for VRM and that’s one of the big hang-ups for it.  Who makes VRM and who pays for it?  The customers don’t seem interested in paying for anything so don’t look there.  And savvy vendors tend to look at VRM as slitting their own throats.  Pretty quickly you realize that while there is a need for what VRM does, there doesn’t seem to be a constituency ready to pay for it.

Well, we’ll see. Customers will pay for lots of stuff that has real value, provided the means are provided. When the only easy way to get digital music was Napster, everybody talked about how nobody wanted to pay for music anymore. Then Apple made it easy to pay 99¢ per tune, and since then more than ten billion tunes have been sold on iTunes alone. Mobile apps are another one. At a more mundane level, how about coffee. Before Starbucks, coffee was one of the cheapest drinks you could get. Now the new norm is $3+ for a cappuccino or a latte.

But Denis’ point is well-taken. VRM solutions need to provide real value to customers, or those solutions won’t thrive in the marketplace. Some of that value will come from free stuff that business can be built on. Some will come from services that customers — or somebody — will pay for.

David Cutler also has a nice post on VRM, borrowing a very helpful graphic from Julian Gay, which was the subject of much discussion at VRM+CRM 2010. A gallery of pix is here.

And the Danish Magazine  interviewed me, about VRM, e a few weeks back. The piece is up now, in Dansk. Here’s a blog post about it in English, with a short video by , shot over lunch outside in Paris. Scenario also got some great shots of me, also in Paris, to go with the piece.

Finally (for now), check out this Klint Finley interview with Josh Bernoff on Josh’s new book (co-authored with Ted Schadler, Empowered. I dunno if VRM comes up in there, but VRM is certainly more than consistent with the title.

VRM Mojo Working

Think of the industrialized world as Kansas and the Internet as Oz. The difference is actually more radical than that, because the Internet is real. From the perspective of industry, the Internet is actually surreal. It’s a place that calls for depiction by Dalí, or Escher or Magritte. For example, the term “content” suggests a quantity of stuff we can “upload”, “download” and “distribute.” Yet, most of the time we are actually copying and proliferating. That’s because data moves by a process of replication. “The Internet is a copy machine”, Kevin Kelly says.

So, how do we “protect” something that is not a thing, has value, and is easily copied? Well, there are lots of ways, but maybe that’s the wrong question. Maybe the better question is, Who do we share it with, and what decisions about it do we, as a couple, make about it?

Questions about protection usually devolve into arguments about ownership, and that’s a red herring. As Joe Andrieu explains in Beyond Data Ownership to Information Sharing, “sometimes the arguments behind these efforts are based on who owns—or who should own–the data. This is not just an intellectual debate or political rallying call, it often undermines our common efforts to build a better system.” Joe offers five propositions for consideration:

  1. Privacy as secrecy is dead
  2. Data sharing is data copying
  3. Transaction data has dual ownership
  4. Yours, mine, & ours: Reality is complicated
  5. Taking back ownership is confrontational

Of #3, Joe says,

In the movie Fast Times at Ridgemont High, in a confrontation with Mr. Hand, Spicoli argues “If I’m here and you’re here, doesn’t that make it our time?” Just like the time shared between Spicoli and Mr. Hand, the information created by visiting a website is co-created and co-owned by both the visitor and the website. Every single interaction between two endpoints on the web generates at least two owners of the underlying data.

This is not a minor issue. The courts have already ruled that if an email is stored for any period of time on a server, the owner of that server has a right to read the email. So, when “my” email is out there at GMail or AOL or on our company’s servers, know that it is also, legally, factually, and functionally, already their data.

Because of all five points, Joe suggests,

Rather than building a regime based on data ownership, I believe we would be better served by building one based on authority, rights, and responsibilities. That is, based on Information Sharing.

Joe isn’t just talking here. He and others are working on exactly that regime:

At the Information Sharing Work Group at the Kantara Initiative, Iain Henderson and I are leading a conversation to create a framework for sharing information with service providers, online and off. We are coordinating with folks involved in privacy and dataportability and distinguish our effort by focusing on new information, information created for the purposes of sharing with others to enable a better service experience. Our goal is to create the technical and legal framework for Information Sharing that both protects the individual and enables new services built on previously unshared and unsharable information. In short, we are setting aside the questions of data ownership and focusing on the means for individuals to control that magical, digital pixie dust we sprinkle across every website we visit.

Because the fact is, we want to share information. We want Google to know what we are searching for. We want Orbitz to know where we want to fly. We want Cars.com to know the kind of car we are looking for.

We just don’t want that information to be abused. We don’t want to be spammed, telemarketed, and adverblasted to death. We don’t want companies stockpiling vast data warehouses of personal information outside of our control. We don’t want to be exploited by corporations leveraging asymmetric power to force us to divulge and relinquish control over our addresses, dates of birth, and the names of our friends and family.

What we want is to share our information, on our terms. We want to protect our interests and enable service providers to do truly amazing things for us and on our behalf. This is the promise of the digital age: fabulous new services, under the guidance and control of each of us, individually.

And that is precisely what Information Sharing work group at Kantara is enabling.

The work is a continuation of several years of collaboration with Doc Searls and others at ProjectVRM. We’re building on the principles and conversations of Vendor Relationship Management and User Driven Services to create an industry standard for a legal and technical solution to individually-driven Information Sharing.

Our work group, like all Kantara work groups, is open to all contributors–and non-contributing participants–at no cost. I invite everyone interested in helping create a user-driven world to join us.

It should be an exciting future.

It isn’t easy to “set aside questions of data ownership”, of course, because possession is 9/10ths of human perception. We are grabby animals. Our thumbs do not oppose for nothing. We even “grasp” ideas. This is why one of the first words a toddler utters is “mine!”

As it happens, this is also a key insight of The Mine! Project, whose About page says,

The Mine! project is about equipping people with tools and functionality that will help them:

  1. take charge of their data (content, relationships, transactions, knowledge),
  2. arrange (analyse, manipulate, combine, mash-up) it according to their needs and preferences and
  3. share it on their own terms
  4. whilst connected and networked on the web.

The Mine! aims to be an (infra)structure for other solutions – VRM (relationships with individuals and vendors, transactions), self-defined identity, authentication, data portability and hopefully many more.

These and other projects are visited by Neil Davey in a post in MyCustomer.com on VRM and the new tools of engagement. This follows up on an earlier post, based on the same interview with me. I wrote about it as well in How VRM helps CRM.

When we started here at the Berkman Center, the idea was never that we’d do this development ourselves, but would instead provide a place where we could share our thoughts, show our work, do research, publish what we’ve learned, and encourage more development.

Nice to see the mojo working.

Dear Hollywood,

Please get rid of the @#$%^& region coding on your movies.

We meant to bring along some movies when we came to Switzerland for our holiday vacation, which we’re on now. Forgetting the DVDs was my fault. Not being able to watch other movies, however — ones that we would be glad to pay for and watch on our laptop, is not our fault. It’s yours. It’s way past time to fix that.

Thanks to the insanity of region coding, we can’t play DVDs rented or bought here, because they’re encoded for Region 2, while our laptops are set for Region 1. There are workarounds, but we don’t feel like screwing with those.

But, we thought, Hey, we’re Netflix customers. Maybe we could watch live online. The wi-fi connection at the hotel here is surprisingly good (considering that we’re way back up in the Alps). Alas, when we go to Netflix, it says,

Watching Instantly is Not Available Outside the US

Our systems indicate that the computer you are using is not located within the 50 United States or District of Columbia. Due to studio licensing reasons, movies are available to watch instantly only on computers in those locations.

I don’t know if this retro craziness actually creates any business for the studios, but it clearly prevents business in our case, and many others.

So, Hollywood, why screw your own customers? You have a direct relationship with me. I pay to watch your movies. We have a relationship. Why should that relationship fail when I leave the country? This is the freaking Internet we’re on. My watching a Netflix movie should not have a damn thing to do with where I am in the world. What am I going to do that’s a risk to you? Copy and re-encode it for sale over here? Let’s get real.

There has to be a better way than this.

If you can’t figure one out for yourselves (and, after eleven years, there is good reason to believe you won’t), how about working with customers to develop a solution that involves point-to-point, customer-seller relationships that enable business and support good will, rather than preventing both?

If you’re interested, let us know.

How VRM Helps CRM

CRM — Customer Relationship Management — is a huge business. According to this article, Forrester expected the CRM software market to hit $74 billion in 2007. This more modest Gartner report says the worldwide CRM market totalled $9.15 billion in 2008, growing at a 12.5% rate over 2007.

CRM is pure B2B: business to business. You’re not involved, except as a customer of CRM’s customers. It’s your relationship with a company that’s being managed—by the company. Not by you.

Last month Neil Davey of reached out from the CRM world to interview me on the subject of VRM. The result is Doc Searls: Customers will use ID data to force CRM change. The angle was data. If VRM gives customers more control over their data and how it is used, how does that help CRM? Wouldn’t customers want to share less of their data rather than more?

In fact data will be front and center as a topic at —

200px-Vroomboston2009_small

on Monday and Tuesday of next week at Harvard Harvard  (please come, it’s free). While most of the workshop will be organized on the open space model (participants choose the topics and break off into groups to move those topics forward), we decided to have one panel, titled Getting Personal With Data: How Users Get Control and What They Do With It. I invite local CRM folks (and everybody interested) to come and participate.

In his piece Neil sourced my new chapter (“Markets are Relationships”) in The Cluetrain Manifesto, as well as text from an interview by email. Since CRM+VRM is our topic here, I thought it would be cool to provide the long form of my answers to Neil’s questions.Here goes…

About what VRM does that CRM alone cannot…

Think of a buyer-seller relationship as vehicle that can be driven by two people: the buyer and the seller. The problem we have today is that only the seller—what in business we call the vendor—can drive. The buyer is in the passenger’s seat. She can’t drive. She can choose to spend or not to spend—or to leave the car and ride with some other vendor. But she can’t drive.

VRM gives her a way to drive.

To mix metaphors a bit, CRM systems are designed to operate what in the tech world we call “silos” or “walled gardens.” It doesn’t matter how nice a company makes its walled garden—it’s still owned and run by the company as a habitat for customers. The company makes all the rules, sets all the terms, provides all the means for everything the customer does with the company. The customer’s only choice is to take the whole deal or leave it.

Every one of CRM’s walled gardens is also different, and most treat the customer as if he or she has no other business relationships, save those to the government or to credit card companies. As a result customers have no common means for relating with multiple vendors. Thus, as CRM system adoption goes up, so do complications for customers.

Perfect example: loyalty programs. Most of these burden the customer with cards and key-ring tags—all to “increase switching costs,” to obtain a higher “share of wallet” or to impose other inconveniences. I know one guy who carries around a key ring with dozens of little tags. In my own case I recently counted fifteen different loyalty cards populating my wallet, my key chains and my glove compartment. None make me feel loyal. All increase my resentment more than “loyalty” by any measure.

Limiting customer choices amounts to wearing blinders. Companies can’t see what they won’t let themselves see. For example, they can’t see customers who choose not to shop at a store because the store only gives discounts and benefits to loyalty card holders. In my own case I buy groceries at Trader Joe’s. rather than Stop & Shop because Trader Joe’s doesn’t require that I carry a loyalty card to get a “discount” that I believe is nothing more than a regular price—while the non-card price amounts to a surcharge and a punishment for non-card-carrying customers. Whether or not this is true, it’s a legitimate perception, and an unintended negative consequence of the loyalty card system. Stop & Shop can put the world’s best data-collection behind its loyalty cards, but one thing they won’t find in that data is why I don’t buy at their store.

Being customer-driven means a company knows what customers actually want and what they actually feel. Wouldn’t it be better to know directly when a customer wants something, rather than to guess at it? Wouldn’t it be better to have whatever market intelligence the customer can provide, willingly, rather than to give the customer a limited set of choices, which may exclude the one thing that might cause a sale or make a better customer?

Friends of mine who have worked in the CRM business, and studied it over many years, tell me that in many — perhaps most — cases, customer-centricity is secondary to organization-centricity. They know of few cases where customers actually drive the company.

In the beginning CRM was about building a “single customer view,” with lots of talk about better understanding the customer’s needs, and how that should be become part of “integrated” marketing, selling and customer service. Over the years, however, this ambition was compromised by minimal data and cost-cutting requirements.

My wife, a business veteran with a long history in retailing (both at the store level and as a supplier) has observed that the trend in recent years has been to out-source support to the customer herself. “Go to our website,” the call center says. Yet typical websites are so poor at customer support that the customer is left to seek help from other customers, or from websites other than the company’s own. This is why so many customers now support each other, rather than bothering with companies’ own support sites and services.

The problem here isn’t bad CRM. It’s that there is nothing yet on the customer’s side to carry some of the relationship weight — other than what CRM systems provide. That means the whole responsibility lies with the vendor. With VRM we want to give the customer means for carrying some of the burden herself.

About VRM and its community…

The current VRM community is a convergence of several formerly separate efforts. In the UK, the Buyer Centric Commerce Forum came together in 2003. In the U.S., VRM grew out of the Internet Identity Workshops, which started in early 2005 — as a workshop discussion subject that broke off and acquired a life of its own. In my own case, VRM started as a sense of unfinished business after Chris Locke, Rick Levine, David Weinberger and I wrote The Cluetrain Manifesto in 1999. Listen to what Chris was saying (in the original manifesto posted at Cluetrain.com) with “we are not seats or eyeballs or end users or consumers. we are human beings and our reach exceeds your grasp. deal with it.” That is the voice of the customer, energized by powers granted by the Internet but not understood by sellers there.

After Cluetrain came out, I realized that Chris’s statement wasn’t quite true, because if customer reach truly did exceed vendor grasp, loyalty cards would be pointless. Customers would have native means for expressing their own wants, needs, terms of engagement and loyalties. Thus I came to realize that relationship was the next frontier. Something had to be done to liberate both sellers and buyers from the belief that a free market is “your choice of captor.”

We didn’t call it VRM, however, until Mike Vizard suggested it during a Gillmor Gang podcast in October 2006. Before that we had called it CoRM (for Company Relationship Management) and other names. As a new fellow at Harvard’s Berkman Center, I needed a project. So I titled mine ProjectVRM, and the rest is history.

On how customers control personal data and its exposure…

The short answer is that customers will disclose data on an as-needed basis, within the context of a secure and genuine relationship, and not a coerced one where the vendor does all the asking.

The longer answer is that this requires a new system on the customer’s part and a modified one on the vendor’s part. That’s how VRM + CRM will work together.

Both systems need to recognize that the individual, and not the organization, should be the point of integration for his or her own data, the point of origination for sharing that data, and the authority about what gets done with that data.

The ‘single customer view’ is naturally that of the customer, not the company. If a working relationship is in place, the customer will share required information when the right time comes — and do it, when need be, for many relationships at once, and in consistent, standardized ways. For example, the customer can issue a trusted change of address just once for many companies, rather than many times and many ways for many companies. In the absence of a customer-driven data-sharing system, we have companies constantly running after the customer for updates and becoming increasingly invasive of privacy over time (Phorm being just one familiar example.)

VRM enables personal data management by the individual, in ways that work for the individual and which can also enable selective disclosure to companies. There are various ways of achieving that, many of which are being actively worked on at present. The plumbing part is easy. Processes and business models are harder, but those are being worked on too.

The challenge lies in developing a more granular view of what data is shared, by whom, how, where and why. For CRM today that equates to WHO, bought WHAT, WHERE, WHEN and HOW it was offered to them. These are all data that can be derived from a system if it is built well enough. These data can then be used to make good guesswork about WHY customers bought products, and then make educated guesses about what customers will buy next.

A well designed VRM system will eliminate much of the the guesswork that CRM currently involves. For example, VRM can provide customers with tools to say “Here’s what I’m in the market for,” or “Here’s my current circumstances. What have you got that is relevant?” — in ways that prevent that data from being used later against the individual, or to inform guesswork that wastes both the vendor’s and the customer’s time and money. The customer also needs to be able to assert his or her own terms of engagement, rather than being forced to accept those required by the vendor. Customer-driven terms would naturally include commitments to pay and otherwise behave honorably; but they might also include preferences (such as “send no junk mail” or “email my receipts”). They might even include expressions of willingness to pay for good service.

On the personal data side, this system will involve what we call “volunteered personal information.” In effect this is a new class of data. Right now that data lives mostly in the heads of customers, because they don’t have the tools or systems to express any of it on their own.

Companies need to be willing to engage with this new type of data. While this may seem scary — giving up control always is — in practice it is just a more highly qualified sales lead and a smoother customer interaction than the current system allows.

On how VRM will influence vendors who don’t want to give up control…

Money talks. Consider one form of VRM we call the Personal RFP. This is where the customer advertises his or her desire to buy a product or service at a given place and time. (And not just through a walled garden such as Facebook or eBay.) For example, “I need a stroller for twins in Grand Rapids in the next 5 hours.” Data with money behind it will fund all kinds of changes in data collection systems.

On other appeals to the CRM side…

A core purpose of VRM is to eliminate the guesswork that has wasted enormous sums of money and energy for marketing and sales — while also wasting the customer’s attention and time. We can save that money, energy and time by giving customers the means to control means of engagement with companies, and to do it in standard ways that work across the board.

It is not possible to see how any of this will work if you look at it only from the supply side of the marketplace — from the standpoint of the seller. You have to take off your seller’s hat and be the other self you’ve always been: a customer.

No customer wants to be “acquired,” “retained,” “managed” or “owned” by any seller. Customers want to be respected on their own terms, and not those of a company that seeks constantly to maintain the advantage in a relationship that actually isn’t.

In other words, they want a real relationship. Not something that is a relationship in name only.

The new dynamic is a green field. We’ve never had it. I believe that if we create the means for enabling good will as well as easy sales, real relationships will follow.

On how “realistic” VRM is…

How realistic was the Internet in 1985?

Look at networks in the 80s and early 90s. If you wanted email, or instant messaging, you had to join a walled garden called AOL or Compuserve or Prodigy. If you were an AOL member and wanted to send an email to a Compuserve member, you couldn’t. Just as today you can’t use a Costco loyalty card at a Best Buy.

The Internet changed all that, by providing new protocols for communication that weren’t owned by anybody, but could be used by anybody and improved by anybody.

VRM will likewise change buyer-seller relationships by providing new means for engagement that aren’t owned by anybody, but can be used by anybody and improved by anybody.

Customers are resigned to stuff they hate when they think there are no alternatives. Once the alternatives show up, they will get energized. “Invention is the mother of necessity,” Thorstein Veblen said. What we’re doing with VRM is inventing protocols for buying and selling that will mother many new market necessities. One of those will be reforming CRM so it can respond to real customer demand, along with much better data than was ever before possible.

About where data lives, and how…

Some VRM folks (e.g. Mydex.org) are working on “Personal Data Stores” that can be replicated with trusted “fourth parties“. Some are working on ways of representing personal data (e.g. Azigo.com, Kynetx.com). Some are working on ways of consolidating loyalty data on the customer side and reforming loyalty programs from the outside in (e.g. Scanaroo from Cerado.com). All the many digital identity systems and communities have VRM components and constituents (e.g. Kantara.org, IdentityCommons.org, InformationCard.net, OpenID.org, XDI.org). Some are working on simple customer-held means for organizing one’s own data and relationships (e.g. TheMineProject.org). Some are working on means for logging one’s own media usage, and providing means for putting the pricing gun in customer hands (e.g. ProjectVRM and its friends in various media businesses). Some are working on customer-driven terms of service (e.g. ProjectVRM and friends at Harvard Law School and elsewhere). Some are working on patient control of their own health care data and relationships with health care providers (too many efforts to name, but Google and Microsoft are on this list). Some are working on user driven search, outside the walled gardens of Google and Bing (Switchbook.com). I am probably insulting many by ending the list there, but that should be enough.

About ProjectVRM.org

ProjectVRM is a research and development project at Harvard’s Berkman Center for Internet & Society. The project was created in 2006, and has focused mostly on development over the following three years. This next year we will be doing much more research as well.

I am a fellow at the center, and I run the project. The vast majority of the development work is going on among members of the VRM community. For them ProjectVRM serves as a central clubhouse, with workshops several times per year, a mailing list, a wiki and other supportive services. The idea isn’t to create a central VRM body, but rather to focus disparate VRM efforts on common goals.

I want to say before closing that we do not mean to give CRM a hard time. The problem CRM has had from the start is that it carries the full burden of systematizing relationships with customers. All VRM does is give customers means for carrying their end of the relationship. We won’t succeed unless it’s VRM + CRM, rather than VRM vs. CRM. If VRM succeeds, it will improve CRM enormously.

Hot Fodder for next week’s VRM Workshop

A few weeks ago I was interviewed by Neil Davey of MyCustomer.com, a major voice in the CRM (Customer Relationship Management) field. The results are up at Doc Searls: Customers will use ID data to force CRM change. Much of what Neil sources for that piece come from my new chapter (“Markets are Relationships”) in the latest edition of The Cluetrain Manifesto (Now with 30% more clues!). In that chapter, Neil says,

Searls sticks the boot into customer relationship management. And even though CRM has become accustomed to bruising encounters, some of these blows hurt – perhaps because there are some painful truths being delivered. CRM, as Searls sees it, would rather have captive customers rather than free ones. To demonstrate this, we only have to examine the language organisations use when referring to customers – how they try to ‘lock in’ customers and ‘retain’ them after they have been ‘acquired’.

Later this week, after I’ve looked more closely at what did and didn’t make it into Neil’s piece (what I said to him, by emai, was quite long), I’ll post some of what was missed.

Meanwhile, a little summary for VRM newbies arriving from the lands of CRM…

The purpose of VRM is to improve markets by enlarging what customers can do, not just what vendors can do. The latter is necessary too; but that’s what all good sellers have always been doing. And there’s a limit to how far that can go.

Better selling alone can’t make better buying. Better marketing alone can’t make better markets. Better CRM alone can’t make better customers. At a certain point customers have to do that for themselves.

That point came when the Internet arrived. It was announced by Chris Locke in The Cluetrain Manifesto, with this very graphic:

notThere was an equipment problem with that statement. Customers were not yet self-equipped with the means for reaching beyond the grasp of old-school marketers and sellers—a school that is still very much in session.

VRM (Vendor Relationship Management) is about equipping customers with their own ways of of relating to vendors. In the larger sense, it’s also for equipping individuals with their own ways of relating to any organization.

Thats the mission of ProjectVRM.org, which I lead as a fellow at Harvard’s Berkman Center. It’s also the mission of a variety of related projects and companies: The Mine! Project, PAOGA, The Banyan Project, MyDex, ListenLog, EmanciPay, Scanaroo, Kynetx, r-button and SwitchBook, to name a subset of the whole community.

Adriana Lukas, who started The Mine! Project, has something new at Market RIOT (Relationships on Individuals’ Own Terms): MINT, for My Information, Not Theirs. She calls it “a movement to redress the balance of market power between vendors and customers, institutions and individuals, web services/platforms and users.” Its obectives:

  • “to create an ecosystem where customer data belongs to the customer, is freely available to individual customer or user, in open formats
  • ‘to help the individual to become the point of integration for his or her transactional data
  • “to encourage development of applications that enable individuals to enjoy the value they can add by managing and analysing their own data (buying behaviour, purchasing patterns and preferences) and potentially benefit vendors, when such information is voluntarily shared by customers.”

This should bring up plenty of discussion at the VRM East Coast Workshop next Monday and Tuesday at Harvard Law School. It’s free. The agenda will be set by participants (on the “open space” model). In addition I am working right now on lining up an opening panel on Tuesday to lead off discussion of user control of data. Stay tuned for more on that.

Meanwhile, if you haven’t signed up already, go here to register for the workshop.

What’s completely screwed about this picture

So I got an email today from Forbes, with the subject “You are Important to Us”. It says this:

Dear Subscriber:

Forbes values you as a customer and your opinions are very important to us.  We are conducting a study and would like to include your opinions.

The survey will take about 10 minutes to complete and we think you’ll find it interesting and enjoyable. Your responses will be used for research purposes only and will be held in the strictest confidence.

Simply click on the link below to visit our survey.

Click here to take the survey [The link goes to a long address that begins http://forbes.puresendmail.com/print.]

Again, we thank you so much for participation.

Sincerely,

Bruce Rogers, Chief Brand Officer – Forbes

You are receiving this email because you registered at Forbes.com LLC. and signed up to receive third party emails To manage your preferences or change your delivery address, please click here.

You may also email your opt-out request to  privacy at forbes.net or send your request in the mail directly to:

 click here.

Copyright 2008 Forbes.com LLC TM

I thought, “Hey, I’m busy, but I like Forbes, and I’m inclined to cooperate, even if I hate most surveys and would rather relate to Forbes in a less one-sided and impersonal way. So I punched on “Click here to take the survey”.

The first step was one that asked me what my title was. I have several, but none of them are from the lexicon of corporate hierarchies. So, next to “other” I wrote “fellow”. Because that’s what I am, here at the Berkman Center. (I’m also Senior Editor of Linux Journal and President of my own small company, but I went with “fellow” because I get Forbes where I live near Berkman and not at my home office in California.)

The first survey page told me the thing would take about ten minutes. That’s a lot, but I thought, “Okay, I’m still game. Let’s see how fast we can make this.”

It was over in one second. Or however long it took for the survey server to send me to a page with the title “Thank You - InsightExpress.com“. Its entire contents were this:

Return to Your Originating Web Page

I hit the back button and it went nowhere. Then I clicked on the address in the email. That timed out. So did I.

This is the point at which one might be tempted to write to Bruce Rogers or the nameless  Privacy Administrator, but Forbes has gone out of its way here to avoid human contact (no email address for Bruce, a surface mail address for ATT:Privacy Administrator — both of which scream “WE ARE AVOIDING YOU. PLEASE COOPERATE.) But that would be weak and supplicating, and I have no interest in being either. I’d rather be the good Forbes subscriber that I’ve been for years and attempt to make constructive human contact instead.

I’ll do that three ways. First is with the headline above, plus links and other bait that might get the attention of Bruce Rogers or one of his factota. [Note: I posted this at 1:12pm, and Bruce responded personally at 1:56. Well done!] Second is with an email to some folks I know at Forbes. Third, and most importantly, I’ll try to explain the VRM angle on this.

VRM is Vendor Relationship Management. It’s how customers manage relationships with vendors. (Or with other individuals, or with organizations of any kind — such as churches or governments.)

Most vendors are familiar with CRM, for Customer Relationship Management. I can’t tell if a CRM system was involved in this little exchange, but a failure of this kind is certainly within the scope of CRM’s concerns. (To visit those, check out the CRM sites for SAP, Oracle, SalesForce, Amdocs and Microsoft, which are the top four companies in an $8+ billion business.)

Right now VRM is a $0 billion business. But in the long run it’ll be big, and it’ll improve the CRM business along with it, because it’ll give CRM something more substantial than mailing addresses to relate to.

A number of development communities are working on VRM solutions right now, but rather than talk about those I’ll just say what I’d like here. Not from Forbes, but from VRM developers. If Forbes or any CRM companies want to help with that, cool.

I would like a simple dashboard that tells me what I’m subscribed to and what I’m not — both for print publications such as Forbes and for email subscriptions of every kind. I would like to have global preferences that would govern how I relate to each of those publishers, and how they relate to me. For example, I would like to throw a switch that says “No” to all third party mailings, both to my font door and to my email addresses. When I establish a relationship with a new publisher, or publication, or supplier of any kind, I would like them all to know, as a matter of policy, that I don’t want them to waste their time, money and server cycles by sending me junk mail of any kind. And that I don’t appreciate having my own bandwidth, cycles, disk space, rods, cones and time wasted dealing with any of it. I might give a global or selective thumbs up to surveys, provided I also have a standard way to send error messages and other feedback to survey sources.

On the positive side, I would also like to open conduits through which productive interaction could take place with the publishers, authors and circulation officials whose “content” I pay to get. (And even those that I don’t pay.) I would like a simple, straightforward, universally understandable way to do this, across all “content providers”, so I don’t have to relate only inside each provider’s silo. (By the way, we’re already working on change-of-address, to pick just one subcategory of subscriber-publisher interaction that can be a pain in the butt for everybody. That last link is a working draft, by the way. More work is happening off-wiki.)

That’s just one part of what we’re doing at ProjectVRM. But it’s one I’d like the “content providers” and CRM folks out there to know about. Because it’s going to happen anyway, and I’d suggest getting interested, and perhaps also involved, sooner rather than later.

VRM + CRM

Last night my wife asked me what we mean by “Free customers are more valuable than captive ones” and “equipping customers with tools of independence and engagement”. I thought about it and said, “Knights are more valuable than serfs.”

When a company speaks of “capturing”, “acquiring”, “owning” and “locking in” customers, they’re treating customers like serfs. What we want to do with VRM is make customers into knights: to arm them with status, respect, armor and weapons. But not to do battle against sellers and their fortifications. Instead, customers and sellers both need to fight against ignorance surronding the idea that the ways they can engage should be limited to the relatively few imagined by today’s CRM systems.

I’ve noticed a change in the last few months at the CRM wikipedia entry, and at CRM company websites. It seems to me that the CRM business is getting back to its original ambitions, which were all about understanding and helping individual customers — and improving the seller’s offerings in the process. There’s a limit to what can be done only from the sell side, or from researching groups rather than engaging individual customers. Some of the relationship burden needs to be borne by the buy side, by individual customers. They need tools of engagement for that. So it’s VRM + CRM, not VRM vs. CRM.

Which brings me to Paul Greenberg’s CRM 2009 – Part 2.1 – Can’t Believe I Forgot These (in which he adds two items to his 2009 CRM forecast). They are: “(8) “Feedback 3.0″ will become an intimate feature of most companies’ customer strategy” and “(7)Vendor Relationship Management (VRM) releases its first tools for the customer in 2009″. Here’s what he says:

For those of you who don’t know, VRM is something that has been on the table for a long time and has been championed by Cluetrain Manifesto writer and Web pioneer, Doc Searls.  I call it the “labor movement” for customers. It is the customer’s side of that conversation control we’ve been talking about. A VRM tool, thus is one that is unlike a CRM 2.0 tool. A CRM 2.0 tool would be something a vendor produces for the benefit of a company to engage its customers. A VRM tool would be something the customers would use to control how they relate or any or multiple vendors. If you’re interested in this thinking, go to the Project VRM wiki at Harvard Law that Doc Searls, an amazing dude, runs and read up. Worth your involvement with.  But the one thing that has had me a little concerned (as an ardent VRM believer) is that there haven’t been much in the way of tools that have at least been produced and labeled as VRM related.  One of the first that can be applied as a VRM tool, though not called as such, and a great one to start, is Cerado’s Ventana – a mobile social aggregation tool that’s used by companies and customers – it has a hybrid kind of approach. Take a look at its uses here.  But there isn’t much else. I think that 2009 will begin to see the evolution of the tools of what is already an established body of thought becoming increasingly accepted. But the tools need to come and this year is the year they will.

This is a good call. It’s also why we’ve been cautious about publicizing what the community is up to. There is in fact much work going on — around peer-to-peer relating, search, personal data stores, paychoice (where the buyer pays what they want, on their terms, for goods that are otherwise free — such as podcasts, broadcast programs and music), and symbols representing actions and relationship states. This next year we should see ProjectVRM get beefed up at the Berkman Center, the start of serious research around some of VRM’s core theses, and the formation of an independent nonprofit centered on VRM. (One model for this is Creative Commons — a concept that was the brainchild of Larry Lessig, back when he was at the Berkman Center).

We’ll also see more VRM workshops, on the East and West coast of the U.S. and in Europe. Some will be focused on vertical categories such as VRM+CRM.

So stay tuned. It’s going to be a fun year.

© 2014 ProjectVRM

Theme by Anders NorenUp ↑