Archives for September 2006

Alas, poor Habeas Corpus!

This news just in from ZeFrank:

Yesterday Mr Habeas Corpus was found dead in his Washington apartment having been stabbed 65 times in the back. Mr Corpus leaves behind Mrs. Corpus and 300 million children.

A grinning President Shrub commented that he was bound to go sooner or later and that he was anyway "Uppity and old fashioned."

D.C. detectives are rounding up the usual suspects.

30/09/2006 08:47 by Matt Mower | Permalink | comments:

My kind of game

Chris has been showing off the tech demo of Reluctant Hero which is an exciting game concept his company, International Hobo, have been collaborating on:

The majority of the quest content of the game will be dynamically generated from an event system, reflecting changes in the world that will affect the player's life. Furthermore, almost everyone (and everything!) the player meets for whom they speak the appropriate language can be offered a job in a building they own - this shaman would probably not accept employment in the player's Brothel, but he might consider sharing a Sanctuary where he might impart his knowledge of the dreamworld.

I'm really interested in how an event driven world can be made to come alive. It's one of the reasons I want to play Oblivion. To see if their vaunted AI actually gives a feeling of "peopleness."

I imagine that one day it will be possible to create an event generated world that will rival worlds where designers and developers have spent a lot of time scripting a storyline and scenes. How close to that kind of day are we?

29/09/2006 11:10 by Matt Mower | Permalink | comments:

Wil speaks out on Torture USA

I've been reading Wil Wheatons blog on and off for a while. He's a funny guy with a quirky outlook on life that somehow gives me a lift. Today he spoke out against the US government, his government, taking it's first steps in making torture fully legal:

My government is supposed to represent me, and as an American citizen, I must accept responsibility for the things my country does in my name. It is with that responsibility in mind that I feel compelled to write the following, not for congress who have already ignored my calls and letters, but for my own conscience, and for my children, should they one day ask me, "What happened then? Why didn't anyone try to do anything?"

What the House did yesterday, the Senate looks to do today, and the President will surely enact as soon as possible, is a direct assault on American values, and contrary to everything our country stands for. Though cynically and cowardly enacted as a purely political tool during an election, those who supported this bill do not speak for me, do not act in my name, and do not reflect my values.

I wish a lot more Americans would start standing up and talking about whether their values are being fairly represented.

29/09/2006 10:15 by Matt Mower | Permalink | comments:
More about:

Past the antler bashing?

We are past the antler clashing approach to global politics that seems to be dragging us into a conflict with Islam at the moment ....

Euan thinks that Europe, having fought a lot of wars based on cultural differences, is well placed to help the world understand how to build a new culture by exploiting the interconnectedness of the web.

No suprise that he's at SHiFT a conference to explore:

What opportunities are there for integrating technologies into our daily routines? What problems do technologies solve and what problems are they creating for the future? Will technology increase the distances between people, those who have access to technology and those who don't?

Go read Euan's piece to see his whole argument.

I agree with Euans conclusion but my feeling about this is that Euan (like most SHiFT attendee's I would guess) is an innovator in this space, that I like to think of myself as an early adopter, and that -- based upon the news I read -- the early majority are not yet in sight.

29/09/2006 09:08 by Matt Mower | Permalink | comments:

Sometimes you just have to hear it

So I've had a suspicion for a while now that the registration experience for PAOGAperson was less than stellar. Bits of feedback here and there about it being cumbersome and overly long but nothing especially bad so, with so many other things to work on, I'd kind of mentally filed it in the "when we have time to be perfect" drawer.

All that changed yesterday because I had the privilege of going through the process with a beta tester who was prepared to give me both barrels right in the chest. He told me both in words and in feelings (and that's what you don't get from an email, how it made someone feel) just how bad it really was. As I wrote later on to the team:

You can't buy this kind of feedback.

It was a real awakener. It also helped me put registration back in it's proper context. There is little point polishing your product if the registration puts people off looking at it.

We chewed over the feedback yesterday afternoon and, this morning, came up with a completely new and streamlined approach to registration which the team is already working on. It won't be perfect but we think it will be pretty good.

Getting feedback from people is hard, getting the kind of honest feedback you need to hear is damn near impossible. I'm very grateful that we did.

27/09/2006 15:02 by Matt Mower | Permalink | comments:
More about:

Amazing Ruby Intellisense

I won't be switching back to Windows and I still don't like VisualStudio but I have to say what Huw Collingborne is doing with IntelliSense in Ruby source editing is an amazing feat:

I can tell you that after a great deal of hard work, weíve now got a decent IntelliSense system almost ready for beta testing. Itís not only possible to do Ruby IntelliSense Ė itís also possible to do a pretty complete one (but naturally, Iím biased Ö ).

It consists of a more or less complete parser for the Ruby language that handles the inclusion of modules, class inheritance, nesting and so forth.

Over the last two years I've come to not feel dependent upon this sort of stuff in the way I did with Java and IntelliJ so I'm in two minds whether it's important to me, nevertheless kudos is due for the effort.

27/09/2006 11:39 by Matt Mower | Permalink | comments:
More about:

No getting away with it

ďThatís sort of the big news here,Ē Mr. Reynolds said. ďWhat blogs make it hard for people to do in a whole lot of different ways is tell one group of people one thing and tell another group something different, and hope nobody noticed.Ē

Jon Husband quoting Glenn Reynolds of

26/09/2006 22:59 by Matt Mower | Permalink | comments:
More about:

How's this for security?

But it turned out that they've implemented a new elaborate security verification scheme. Which consists of asking me questions based on what they've found in the public record about me. They asked me about 10 different multiple-choice questions. They were basically two kinds: 1. giving me a list of domain names and asking if I've registered any of them, and if so which one, or whether I just don't recognize any of them. 2. giving me a list of addresses, and asking me whether I've had any relation to them, and if so what city they're in, chosen from multiple choices, or whether I don't recognize any of them. -- Flemming Funch

There's a lot more to Flemming's crappy experience with Western Union and it's so crazy if were someone less credible I might no believe it. What a bizarre world WU must live in.

First of all using publically available information is a pretty poor way of establishing identity. I mean if Western Union can get the information then presumably so can anyone else. Domain records? Come on!

This seems almost designed to make life harder for regular folks and easier for criminals.

26/09/2006 16:50 by Matt Mower | Permalink | comments:

Users, chickens, and eggs

One of the reasons I've come to feel so strongly about what I'm doing is that it involves giving control back to individuals whilst delivering benefits to all parties. As a libertarian this is entirely in line with my own personal philosophy. But I'm a believer, typically an early adopter, and I work for the company! My challenge is to persuade other people what's in it for them.

It's a classic chicken & egg problem:

  • How do we get businesses to use something so far from business as usual when we don't have lots of customers signed up yet?
  • How do we get customers to sign up to a service when there are so few businesses ready to give them the benefits?

In common with all the best chicken & egg problems there seems to be no easy answer.

We have chosen to start with individuals and have identified and addressed two pain points with respect to managing personal information:

  • convenience
  • peace of mind

We think that if we can deliver both we have a chance of tackling the wider problems.

26/09/2006 12:30 by Matt Mower | Permalink | comments:
More about:

You need friends

Over the last few weeks I've been trying to make a conscious effort to post about what PAOGA is doing and why I think it is topical, interesting, and important. So far I don't think I've done a very good job. I've been blogging long enough that you'd think I'd be good at it. Ah well.

Fortunately I'm still a young enough dog to learn and I'm very grateful to Paolo for his recent advice about tailoring my blogging voice and, generally, being a better blogger.

Thanks man.

26/09/2006 11:51 by Matt Mower | Permalink | comments:

Privacy is at the heart of permission based markets

I think it's worth drawing out something from my previous post about permission based marketing: Privacy is really, really, important.

One of the key features of the system we are building (which I go into in more detail elsewhere) is the ability to decide which parts of your information you want to reveal and when.

So imagine you're getting a bit bored of your job with "BigCo Inc." and put your recruitment profile into the marketplace. By publishing only selected skills and experience information you avoid anyone from BigCo seeing who you are and the tricky conversations that might arise when your manager hears "Hey Bob, did you know Matt is looking for a new job?" Instead when a request to reveal your identity comes from a BigCo hirer you can turn it down.

You will have the tools to decide what you want to reveal and to whom. If you want to be really picky about who gets to see your full details you can. If you're desparate for a job you might say "Anyone can see this." Whatever you actually do, it will have been your choice.

In order to make an informed choice you'll need to know who is asking as well. How many times have you looked at a job advert and suspected that there isn't really a real job only an opportunity for an agent to harvest your CV and your personal information? You should be able to remain anonymous until you have verified that the opportunity is genuine and choosen to release your details.

Of course this kind of selectivity cuts both ways and hirer managers too should be able to decide whether they want to reveal their information to candidates and what information to reveal.

Both sides get to choose how much privacy they need to be comfortable interacting in the marketplace.

26/09/2006 11:34 by Matt Mower | Permalink | comments:

We call it Permission Based Marketing

We need an instrument of demand that works from the demand side, outside of any of the media's own systems. We need something that works in a free-range way, by and for individuals. Something independent. We need something that expresses the user's or the customer's intentions.

It's vigin territory. And you can't get to it from the sell side. You have to approach it from the buy side. From the customer's, or the user's, side of the relationship.

(...Doc Searls talking about building a new relationship...)

Excellent post by Doc. When we talk about permission based marketing I think we're describing Doc's user driven "something else."

We're creating a service that enables individuals to take back control of their personal information. When you think about personal information broadly in terms of "my health", "my skills", "my finances", "my needs" it seems clear to us that permission based marketing is a natural reflection of that shift.

The key aspect of a permission based marketing system is that it should help:

  • to match the need of individuals with what is available in the marketplace
  • to help individuals determine new needs and opportunities in the marketplace

Such a system does not have the usual inequalities between supplier and consumer since both are considered individuals who have needs and preferences. Take recruitment for example:

  • There are many hiring managers who are individuals with competing needs (expressed as a requirement for skills, experience, and personality traits, etc..) faced with an uncertain skills marketplace.

  • There are many job seekers who are individuals with competing need (expressed as a requirement for compensation, location, challenge, etc..) faced with an uncertain opportunties marketplace.

A permission based marketing system reflects the complementary nature of these views of the marketplace and matches the needs of hirers and job seekers to create best-possible-fit employment opportunities. A PAOGA based permission based marketing system does so whilst maintaining control and privacy for the individuals involved.

What's also clear is that this needs to be a level playing field of individuals so that their needs can be properly balanced and, to the extent this is done well, I think permission based marketing will be really successful.

Like Doc we're looking to build new relationships.

26/09/2006 08:16 by Matt Mower | Permalink | comments:

So innovation is not dead after all

When I entered the number I got the following message:

Recorded Signed Forô items are only tracked after the item has been delivered.

Euan has recorded another instance of classic British innovation for which we are justly famous.

25/09/2006 21:54 by Matt Mower | Permalink | comments:
More about:

Getting the /Message

End of the day Friday I met up with Paolo and Marc for tea at Fortnum & Mason. I'm not sure how disappointed Marc was that we couldn't take Afternoon Tea but he seemed to cope.

Together we headed across town to Lars Plougmann's place in City Walk to meet Stowe Boyd who was in town for a few days. Lars (who it turns out is a friend of Allan Engelhardt) has a fantastic apartment with views across the city and, since it was a nice evening, we lounged about on the deck drinking wine and chatting. If I'd had such a place I probably wouldn't have moved!

It was great to get to catch up with Stowe who I haven't seen in such a long time (too long dude!) and Lee, Riccardo, Anu, and others too numerous and sexy for me to remember through a red wine haze.

My only regret was deciding to walk home from the railway station at a quarter to 1 in the morning. Not a good idea.

25/09/2006 18:05 by Matt Mower | Permalink | comments:
More about:

The monk wore red

Catching up on the tail end of last week, Graham and I met up with James Governor of analyst firm RedMonk to brief him on what we're doing with PAOGA.

We talked about the vision, the differences between us and companies like Sxip and PingID. James asked some searching questions about our approach and clearly understood both the implications of what we're doing (we had an interesting discussion about EULA's/Identity Rights Agreements) and the potential advantages both to individuals and enterprises if we can begin to bootstrap this infrastructure.

James is pretty forthright so I'm looking forward to hearing what he thinks of PAOGAperson and our vision.

Graham enjoyed the cuttlefish!

25/09/2006 17:10 by Matt Mower | Permalink | comments:
More about:

Links for 25/09/2006

25/09/2006 11:48 by Matt Mower | Permalink | comments:

Here's looking at you kid

Just finished watching Casablanca which is one of my favourite movies - if not my very favourite movie - of all time. Beth and I were talking about it this afternoon and I was feeling kinda sad because she & James are finally off to the US so I decided to watch it.

I'm glad I did because there's so much to love about that movie. Bogart and Bergman obviously but I also love Sydney Greenstreet (although I prefer him as Kasper Gutman in the Maltese Falcon) and the excellent Claude Rains. Rains cynical prefect of police, Captain Renault, gets all the best lines:

Renault: How extravagant you are, throwing away women like that. Some day they may be scarce.

Rick: How can you close me up? On what grounds?
Renault: I'm shocked, shocked to find that gambling is going on in here!
[a croupier hands Renault a pile of money]
Croupier: Your winnings, sir.
Renault: [sotto voce] Oh, thank you very much.
Renault: [aloud] Everybody out at once!

Renault: This is the end of the chase.
Rick: Twenty thousand francs says it isn't.
Renault: Is that a serious offer?
Rick: I just paid out twenty. I'd like to get it back.
Renault: Make it ten. I'm only a poor corrupt official.

Are just a few of my favourites.

What brought Casablanca to mind this afternoon was that I had watched The Maltese Falcon last night and I got to thinking that it's a great shame you don't see any of these old movies in the cinema. Not to mention that there are no real cinema's left either... just hundreds of identical, godawful, multiplexes with their gaggle of slack jawed youths, bad music, and loud mouthfuls of popcorn.

One day I'd love to buy and renovate an old cinema somewhere and play Casablanca, and the Maltese Falcon, and Key Largo, and North by North West, and Duck Soup and all those wonderful films that never see the light of day. One every night.

I'll call it "Ricks".

24/09/2006 23:37 by Matt Mower | Permalink | comments:
More about:

How to be a doctor

This morning I was diagnosed as having Benign Paroxysmal Positional Vertigo (BPPV). For several weeks I've been getting dizzy spells of various length and severity which were, as you may imagine, beginning to worry me. It's a relief to know the cause is probably benign and that, in all likelyhood, it will resolve itself in a few weeks.

This was also a completely different doctoring experience to last time. In this case I had a doctor who was listening, patient, and seemed interested in finding out what was wrong with me. His attitude felt entirely different. Based on this visit I would ask for him again in future.

22/09/2006 10:25 by Matt Mower | Permalink | comments:

That's what you get for backing a country into a corner

From an interview with President Ahmadinejad of Iran:

We have the same desire, to be together for the cause of world peace. But we have to ó see what the impediments are. Is it Iranian forces that have occupied countries neighboring the United States, or is it American forces that are occupying countries neighboring Iran? If Mr. Bush is saying that he can (unintelligible) the distance between the Iranian nation and the Iranian government, he is wrong. I am a normal person. A very average, regular person in Iran. The nation decided that I become the head of the state. The nation and the government are one and single. (my emph) And together, we share everything. But we too like to rise at a point where we can pursue the cause of world peace. But we have to remove the barrier. That's where the question lies.

Nation and government should not be "one and single." If this has really happened in Iran it's probably because the actions of the US (along with Britain) have created a climate of fear in which it is natural for people to draw together and compromise their many voices for the one voice that they think will help them face their fear.

This one voice of fear is much easier to demonize, if that's your game, than the many voices of people who are unafraid of having their way of life destroyed.

Of course it's ironic that the people of the US have been made so afraid of the terrorists under their bed that even now the dissenting voices seem so mute as to be almost inaudible. The state likes people to speak with one voice. It makes them easy to control.

20/09/2006 23:32 by Matt Mower | Permalink | comments:
More about:

I can't hear you! Lalalalalalalalalalalalalalalalalalalalalalala!

Dave Winer points to a podcast of an MSNBC interview with Professor Jonathan Turley. Turley appears to be an expert in criminal and public interest law expert both academically and as a practioner. His remarks concerns his disquiet about the ongoing efforts by the Bush administration to redefine torture which he surmised were attempts to provide cover for acts already sanctioned:

If we make any effort at all to try to redefine it [the Geneva convention], or to tweak it, or to amplify it the world will see that as our effort to try to lawyer the Geneva convention, to try to create some type of loophole or excuse for our conduct.


The administration for years has conspicuously attempted to get things like waterboarding approved as non-torture. Waterboarding is defined as torture around the world. There is a strong suspicion that we have indeed been engaged in torture. Remember, some of these people [those held in secret CIA prisons outside the US] were captured when the WhiteHouse had signed a memo that defined non-torture as anything short of organ failure. They believed that as long as they didn't cause organ failure or death they were not engaged in torture.


If we're ready to embrace immoral means; If that's how we're going to fight this war then we have lost and no-one will come to our aid. We will be alone. And that's what happens when you become, in the view of many, an enemy to the rule of law.

I often wonder how those people in the US that support the administration can believe the line about "taking democracy to the middle east" (even at the point of a cluster bomb) in the face of overwhelming evidence of a range of actions which are either criminal, or on the brink of criminal. I mean, should your government be chiselling around the edges in terms of running secret prisons, mass illegal wiretapping operations, and torture?

My suspicion is that the discomfort they feel if they have to take responsibility* for allowing this to happen triggers a big dose of cognitive dissonance which allows them to distance themselves and reject the torture evidence as false. Maybe they even believe it's all fabricated because "a good Christian man like President Bush wouldn't do that."

I suspect there is also a groupthink effect due to the extreme polarization of American politics. This reflexive "You're with us or you're against us" mentality doesn't leave much room to hold contradictory views or think independently.

The end results seems to be a collective shriek of "I can't hear you! Lalalalalalalalalalalalalalalalalalalalalalala!"

This is why I worry that even if there is clear evidence that Bush authorised illegal acts of torture that he will get away with it. It's not like he's screwing around with his campaign workers.

  • I am also drawn to wonder how much culpability I should feel for the actions of the British government either directly, or indirectly in supporting the US? I have publically opposed - from day 1 - everything that has been done militarily in my name. I've called publically for Bush and Blair to at least answer to a war crimes tribunal. I've written many letters to both my MP's and I campaign for a Libertarian approach to government. Beyond this all I can think of is taking to the streets with a pitch-fork. It may yet come to that.
20/09/2006 23:16 by Matt Mower | Permalink | comments:

Getting with the integration program

One of the things PAOGA has been committed to from the very beginning is to be open. A core principle is that our members data does not belong to us, we hold it on their behalf as a convenience for them, and we hold it no longer than they wish and will not stop them taking it elsewhere. Personally I'd rather not have a business than go back on that.

As we're rolling out PAOGAperson we're trying to ensure that our practice follows our preaching. For example we don't bury our unsubscribe button and we're trying to come up with ways of enabling a download of all of your information stored in PAOGAperson to be useful. (For reference the challenge is not coming up with a solution for today but a solution that will scale: When this thing takes off we can imagine someone wanting to take years worth of data, covering a broad spectrum of their life contexts, with them. How do you make that work? We don't know... yet).

Another area in which we want to be open is login. Back when we started building the underlying platform things like CardSpace were mostly talk and a few heath robinson demo's. But CardSpace has become real, i-Broker has become real, Liberty has become real - real enough to think that integration is now something to be done rather to be agreed with.

As Product Manager it's my call whether this happens sooner rather than later and I'm thinking sooner. Today I did my first CardSpace login using Safari to Kim Cameron's identityblog. I'm still not quite sure what happened but I know something happened and I'm diving in and reading the goods on CardSpace.

I'm also thinking about i-Broker from 2idi. Victor Grey of 2idi was the first to respond to my post about about EULA's for personal information and our friends at Information Answers are hot on the i-Broker platform so I have signed up for my own i-Name. I'll be replacing my email address on this blog with a link to that in the near future.

I'm not quite sure where this leads. We have tried to be driven by what we think are in the best interests of members who sign up. At some point single sign-on is clearly that but is it a priority?

20/09/2006 15:36 by Matt Mower | Permalink | comments:

Does it make you feel safer?

Via Doc I read about Mary Hodders recent experiences at the hands of the TSA:

So I go back to Agent Derreck of TSA. Agent Derreck says he won't take a complaint. He says I can make one at (so much for people without computers). I ask for his name and the agent's name at the metal detector, and he covers his shirt. But I can see that it says "Agent Derreck" before his hand is fast enough to cover his name tag, in brass. He says, "I won't give you my name or hers." And walks off, with his hand over his right breast.

Meanwhile, I'm stuck without a driver's license, but more importantly, I think TSA GAVE it to some other passenger.

And the kicker. When I arrived back in CA, I realize that I still have a small tube of toothpaste in my laptop bag (I carry a tube plus a brush to work) and forgot about it. It went with me through two screenings by the TSA in Oakland and Seattle, and two more, Oakland and JFK.

So let's recap:

  • The TSA didn't pick up the bullshit items they are supposedly looking for
  • The TSA did manage to give Mary's drivers license to someone else (or lose it completely)
  • The TSA hold themselves totally unaccountable for their actions

Another win for big government, clearly money well spent.

Keep voting those neocons Amerika, you know it makes sense.

19/09/2006 17:19 by Matt Mower | Permalink | comments:

Squib: one year on

I notice that it was this day last year that the camels back got broken over Radio Userland instability.

A year later I am pretty happy with the decision I made to write my own blogging tool. It's far from perfect but it is usable and it satisfied all my criteria. I really haven't had the time to spend on it that I would have liked so development has been pretty slow beyond basic functionality.

Going forward I want to use it as a platform to keep experimenting with the medium especially in the area of tagging. I still think there's lots of interesting things to do there. Squib is also a good way for me to keep track of Rails which is something of a moving target. Having to keep Squib up to date is a good motivator.

19/09/2006 14:36 by Matt Mower | Permalink | comments:
More about:

Who'd have thought the Pope could make sense?

I often find that I don't quite see eye-to-eye with Jeff Jarvis but his recent piece about the Pope's remarks, their context, and their consequence seems spot on to me.

I think it's ironic that the Pope then goes on to try to expand the definition of reason beyond that accepted in the West because he wants to portray religion as reasonable.

We will succeed in doing so only if reason and faith come together in a new way, if we overcome the self-imposed limitation of reason to the empirically verifiable, and if we once more disclose its vast horizons. In this sense theology rightly belongs in the university and within the wide-ranging dialogue of sciences, not merely as a historical discipline and one of the human sciences, but precisely as theology, as inquiry into the rationality of faith.

And he seems to be arguing that there - under a larger umbrella of reason - there is a meeting point for the religions to meet. I would say that defines optimism in our age.

So the Pope's point was not to attack Islamic jihad but to use that as an illustration of fundamental differences. Still, he did attack violence in the name of religion. And I believe he should have stood by that firmly, for that is the discussion we must have. But instead, he wimped. And I believe that Islamic leaders should be standing firmly in the same spot, condemning violence - political violence, let's be honest - in the name of their religion. But instead, they whine.

Where the hell are the moral leaders for our age?

I'm not quite sure how one 'overcomes the self-imposed limitation of reason to the empirically verifiable'. Is religion metaphysics? Perhaps I should have been paying better attention to Mr. Bateman recently (Chris?)

But if I understand the broad sweep of his remarks I guess I agree with the Pope. Tie religion more closely to reason (since, apparently, not to act in accordance with reason is contrary to Godís nature) and, with that in hand, through dialogue find a common ground.

Hrmm.. I don't find myself agreeing with the Pope very often either. I think I'm feeling a little faint, perhaps I'll go have a sit down.

19/09/2006 11:50 by Matt Mower | Permalink | comments:
More about:

Slot into an opportunity

Julien Couvreur responded to my last posting about Data Slots:

Matt, could you make a list of data that you would like to start storing in data slots? Are we talking about just emails addresses, bookmarks, address, SSN and some preferences? Or are we talking about larger content such as media lists, media content, attention data, and such?

I take a pretty broad view on what constitutes "identity" so, for example, I consider the details of a book I purchased for myself as part of my identity. I think that what I bought, how much I paid for it, where I bought it, how I got to that product, and so on constitute an aspect of my life identity. Books I buy for other people do not. So far as I am aware only I truly know which books I buy at Amazon are for me, and which are for someone else.

From that it follows that I think we should be dealing with a broad spectrum of data from emails addresses and bookmarks, through attention data, parking records, purchasing history, and on to medical data (e.g. the notes from my doctors visits), skill information, payroll information, banking information, credit data, local government, etc...

The only thing I don't think I'm talking about from Julien's list is media content. I'm not sure why, it just feels different to me.

Also you bring up that "it is unlikely that we can get API's harmonized". Doesn't the same problem appear with dataslots as well? The shape and semantics of the data needs to be agreed on the same way that the signature and semantics of APIs need to be agreed on.

I don't think the problem is the same because API's are not as flexible as data.

Once an API is used it tends to set like concrete. To remain flexible an API has to restrict itself to do a very narrow range of tasks, I think XML-RPC is an excellent example of such an API. S3 similarly, it deals with a narrow task and does it... well I don't know how well, but apparently well enough.

However, when you consider the kinds of things we might want to do -- not only today but in the future -- with respect to all this data were are talking about, I can't conceive of how API's are going to be useful, comprehensive, integrated, and yet flexible in the face of change.

I base this opinion on my observation of the way API's come about, how hard it is to birth them (even in narrow contexts like blogging), and the challenges of integrating even simple API's. Just look at the mess in the instant messenging world.

Are there any counter examples? Of business API's that are useful, comprehensive, integrate well with competitors, and have remained flexible in the face of change?

Data, on the other hand, is inherently malleable. As long as it comes in some comprehensible form (I guess I am talking about XML & XML Schema) then, once you have it, you can knead it into whatever shape you want.

To go back to my previous example:

Amazon might provide an API that uses my Amazon purchase history to recommend books I might want to buy. It will have some functions the developers thought were a good idea, but will be missing others they didn't. In short it will be Amazon's interpretation of a good service for (a) Amazon, and (b) me.

Let's say Barnes & Noble online also provide such an API. Their API will be different because of the different choices they made both in the design of the API, the underlying differences in how implemented their service, and their different priorities about their business.

So how do I get a recommendation based upon my purchase history at Amazon, and B&N, purchases at Borders, and the books I bought from a second hand shop last week? The short answer is that I don't. I have two (three, four, ... however many booksellers there are) API's and nowhere to put data they don't want to deal with.

However if Amazon fed my purchase history data back into my slot then I can allow a new service to take that data along with data from my B&N slot and data from any other slot that makes sense to that service and harmonize them to feed to their recommendamajig engine and get the benefit. Maybe that engine comes from Amazon, maybe from B&N, maybe from AllConsuming, maybe from someone new.

If Amazon or B&N change the format of the data they put in their slots it's a small-scale problem. If they're not pulling a Microsoft then a service just has to deal with the changes to that schema, the whole engine didn't just break. If I have data from another service it can be massaged to look like Amazon data and fed to a compatible engine which doesn't really care where it came from.

By putting the data in slots I take control over how it is to be used and interpreted and, in doing so, we create opportunities for new services and new service providers.

19/09/2006 10:35 by Matt Mower | Permalink | comments:
More about:

Anything to make the web more unsafe

Thus spake Don Park:

I hereby propose that all anchor tags marked with rel='nofollow unsafe' are links which may take non-idempotent actions (i.e. delete) when followed. The intention is to give tools like Google Web Accelerator enough hints for them to steer clear of such links.

Remaking HTML or Google Web Accelerator aside it sounds like a sensible compromise to me.

18/09/2006 20:11 by Matt Mower | Permalink | comments:

Pro tools don't make you a pro

Paolo wrote something today that I have been thinking about lately:

It's true that you must be a good photographer to take good pictures, but it's also true that today anybody can take pretty decent pictures with any modern digital camera, while just a few years ago this simply wasn't the case. Digital technology improves qulity. The same is true with graphic design, video, music, cinema and many other crafts. From this POV the fact that an average user thinks that better tools provide better quality is natural, because it is true that for him the current tools are providing a better quality than what he was getting with the previous generation of tools

I don't really think very visually which makes a great many tasks that I would like to do well into difficult challenges. I am always on the lookout for a tool that aims to improve this or that but, quite often, they don't seem to get me very far.

For example: The switch from Visio to OmniGraffle gave me an immediate boost in the quality of my diagrams. But the boost is less about me and more about the fact that OmniGraffle naturally produces better looking output.

In a sense it's become a little frustrating. I sometimes feel even more helpless using a "pro" tool because it becomes inescapable that I'm the limitation, not the tool.

18/09/2006 12:17 by Matt Mower | Permalink | comments:
More about:

Tread lightly

Dave Winer writes:

Gotta love President Bush. He says the Geneva Convention is too vague. He says a lot of Americans are confused, because it's complicated. It's not actually that complicated. We take care of the other country's soldiers, our enemy, because we want them to take care of our soldiers.

If I were an American soldier I think that I would be worried about a man with such a questionable military record as Bush redefining a fundamental doctrine about how prisoners of war are treated.

17/09/2006 00:11 by Matt Mower | Permalink | comments:
More about:

Press for Truth

Haven't seen too many people talking about the 9/11 Press for Truth movie. I watched it on Google Video and found it compelling viewing. It's woven around the stories of 5 grieving relatives who are unsatisifed with the lack of answers they were getting and a guy who wouldn't let it go. In the process I learned quite a lot of new things about 9/11.

If Bush and his administration come out in a bad light they do so by their own hands: By the things they say, and the things they don't. By the questions they dodge. By the lies they told which seem so stark when presented next to the evidence that they really were lies. There is no paranoia here, no conspiracy theory. Just a lof of unanswered questions and unsatisfactory responses which lead to more questions.

Highly recommended.

15/09/2006 20:47 by Matt Mower | Permalink | comments:
More about:

Translucence and selective disclosure

Translucence is the property by which a material allows light, but not detailed images, to pass through it. In the same way that a translucent material allows you to see regions of light and shade, a translucent identity allows you to see patterns of identity but not details.

Jon Udell has been talking about this recently and came back to it in a follow post about the politics of data control. I'm interested because translucence is a fundamental principle in the PAOGA approach to identity.

For example Jon, talking about how a company asked for his social security number to do a credit check, says:

At this point, of course, it becomes clear that Prosper shouldnít need to store my encrypted number in its database. It should only need to sign a request to the bureaus for a credit check. The request should then bounce to me, acquire my encrypted Social Security number along with permission for one-time use, and hop along to the bureaus. This protocol wonít work synchronously, but it doesnít have to. If asynchronous message flow gives me the control I want, thatíll be just fine.

Itís time for a public conversation about the uses and limits of translucency. Is it really necessary to retain my Social Security number, or my search history, in order to provide a service? If not, what does it cost the provider of a service -- and cost the user, for that matter -- to achieve the benefit of translucency? Is this kind of opt-out a right that users of services should expect to enjoy for free, or is it a new kind of value-added service that provider can sell?

What Jon is describing is, more or less, the PAOGA architecture. We currently have a semi-translucent (semi because of a resource based constraint that will be addressed soon) database where individuals store their data encrypted with their own unique key. A service provider no longer needs to store this data but can request it from the individual. Taking Jon's example Prosper would not ask for the SSN but would tell the credit reference agency where to request it from and provide suffcient context that the user could tie the request from the agency for their SSN to the request to prosper so that they know to allow it (or change their minds and deny it).

There are implications to this model as Jon suggests. Two of the most critical are:

  • Businesses coming around to the mindset that they don't own the individuals data and should be holding as little of it as possible.
  • Businesses having flexible, asynchronous, processes that can deal with data-fetch and out-of-band permission requests.

Neither are insignificant. In particular many companies work from a tacit belief that they own the individuals data that they hold and that it's their privilege to exploit it to their maximum advantage. We would suggest that this is short-term thinking though. In the long term building a life-time, trusting, relationship with individuals will deliver more value overall.

Selective disclosure goes hand-in-hand with the principle of translucence and is about the degree to which those patterns of light and dark can be resolved into meaningful shapes and details. PAOGA takes the view that:

  • the individual should always have the option to remain anonymous.
  • the individual should know to whom they disclose information about themselves.
  • the individual should have the option about what information about themselves they wish to release.
  • the individual should decide the uses to which their information can be put.
  • the individual should have full-recall (i.e. an audit trail) of what has happened with respect to their information.

Implying the following consequences:

  • an individual who chooses to remain anonymous or refuse to reveal all requested information might not be able to complete certain transactions.
  • an individual who receives a request from another anonymous individual has a problem.
  • there are no guarantees about fair use once information is released.

Just to cover that last point again: Once information is released there is nothing that can be done to police how it's used. This is where the individuals responsibility lies: ensuring that they trust the receiving party sufficiently before they release information to them. This is not a software problem.

I've covered the principle of anonymity before but to precis: I am asking for quotes (e.g. to renew my car insurance) from a range of vendors. To give me a basic quote all that any of them need to know about me is general information about the type of vehicle I own, the type of driver I am, and the risk factors of my location. My actual identity (name, address, email, telephone, etc...) need only be revealed to the company I choose, ultimately, to give my business to.

From the perspective of all of these companies I remain a translucent identity until I choose to make it otherwise. If I decide not to reveal myself to any company then I'm not going to get insurance. But that's not the point. The point is that my details have not been revealed to the potentially dozens of companies that didn't get my business. Those details can't then be re-used for other purposes or sold for any reason.

Jon Udell quotes Tim Sloane as saying:

As a consumer this is indeed exactly the type of service I would like to have. It provides me privacy for the personal data (the key) that I send to the (direct) service provider and allows me to acknowledge that I want that key to be used to release my personal data by the secondary service that stores that data (the vault). [Quoting Tim Sloane]

In all such cases, it come down to the same protocol suggested in this week's column: you attach a one-time permission to the protected data. Can the permittee misuse that permission? Sure. It's only a question of whether, on the whole, the benefit of translucency outweighs the costs. It might or might not, I don't know and I doubt anyone does, but what worries me is that we're not seriously trying to find out.

Our experience so far is that business doesn't want to think about this problem. Consider the following:

  • Getting accurate information about an individual is very hard, you tend to end up with a bad photofit picture
  • Data rots surprisingly quickly leading at risk of making erroneous inferences from a bad dataset
  • Holding data is very expensive (how much did your last CRM system cost?)
  • Abusing/Losing data can damage brands that are expensive to build

Yet this is exactly what every business is doing today. Furiously building CRM databases and trying to mine the hell out of them.

The alternative seems so simple:

  • Ask the individual nicely for the information you need
  • Let the individual keep the data up to date themsleves
  • Hold as little information yourself as possible
  • Play fair with what individuals tell you


  • Build a life-time relationship with each individual

The problem is finding any business willing to take a step forward and say "We trust the individual and we think the individual will trust us." What does that tell you about the state of the business world?

PAOGA is attempting to address this problem by bootstrapping consumer interest in taking control of their information. If we can build a big enough community of people who would like the world to work this way we think that services will spring up that want to take advantage and begin to build the momentum that will, ultimately, change how business works forever.

Once you have control why would you ever go back to being a prisoner of vested business interests?

There is also a reluctance to share control. The credit agencies you mention are all in business to service financial institutions, not consumers. Most efforts to provide consumers even rudimentary control over the data that has been collected about them has been refused. In fact, these credit agencies have already rejected the idea that a consumer should be able to confirm if their personal credit rating should be released. The only exception credit agencies have made is when the consumer indicates they believe they are the victim of identity theft -- that is, after the data has been spilled.

Okay this is a biggie, probably the Berlin wall of identity management. But the Berlin wall came down and so to will this problem.

The credit reference agencies are the most entrenched of anti-consumer interests so it's hardly surprising they are resisting any move to the individual being in control. But if you think about it much of the problem of identity fraud can be traced directly to these agencies and their anti-consumer practices.

For example: If I am the gatekeeper of each credit reference check on my identity then I could, myself, tie each incoming request with some transaction I am involved with. Requests coming in out of the blue can be (a) refused and (b) followed up.

Taking a step further; If the information to be held has to go through me then I am well placed to ensure that it is accurate. I don't want information about someone elses misdemeanors sitting in my file. To be sure this does change the game. What happens when I actually am a bad debt? Should I be able to refuse to accept details about loans I failed to repay? Of course not and I'm not trying to suggest that there aren't still problems to solve.

But we've seen the alternative. We're living it. And we're the ones who suffer. Why aren't we more angry about that?

Translucent identity with selective disclosure is possible right now. We have the technology to do it and while there are still problems none of them are insurmountable. If you're interested please get in touch!

13/09/2006 11:05 by Matt Mower | Permalink | comments:

Another DataWarrior joins the fray

Jason DaPonte (i'm guessing on the spelling of the surname) is another DataWarrior who took up his infosword to do battle with the titan that is LloydsTSB. Which reminds me...

13/09/2006 10:17 by Matt Mower | Permalink | comments:
More about:

Making PAOGAperson practical #1

So last week I wrote a lot of stuff about the PAOGA vision of a wider sense of identity management and what it might do in the future. But we're launching PAOGAperson today so why might you use it when there's nobody clamouring for you to share your identity with them?

You might sign up simply to support the vision of empowered individuals making decisions about how their data is used and who it is shared with. If we can get enough people together who believe in that we can change the world. But on a more pragmatic note we think there are things we can do today.

The first scenarios is the secure storage of valuable, life-asset, or (as Jon Udell calls them) bootstrapping documents. This is things like birth certificate, driving license, passport (and maybe valuable visas), but might also include deeds to property, insurance certificates, reciepts and so on. In Jon's podcast with Phil Windley he talks about how they struggled to find the hardcopy bootstrapping information they needed to establish his daughters identity. This is a problem we can solve right now.

PAOGAperson includes a simple document store that helps you to track this type of document both as a set of metadata, an arbitrary number of scanned images (e.g. card and paper driving license, both sides), a pointer to the location of the physical document, and (where appropriate) an expiry date.

For example lets say you have annual travel insurance. You get a certificate and a bunch of info from your insurer. So you scan the certificate and create a new document in PAOGAperson with the policy number, notes about how to make contact with the insurance company, upload the scanned images, add an expiry alert, and record that you put the originals in a ziplock bag under the stairs.

Now when you're abroad if you need access to the information you can go online and get the details of your policy. Print out the certificate should it be required and so on. When your insurance is getting close to expiry you'll get a notification (you might think all insurance companies would let you know as a matter of course, one of our directors found out otherwise) and if you really need the original certificate the location should be available.

Other examples might be storing childrens vaccination certificates, information about their school (passwords for picking up the kids, headmaster phone number and so on).

We're not trying to compete with document management solutions but aiming to give people a secure store for "life" documents that, whilst you might not want them often, you know you want them held safely for those occasions when you do (e.g. the house burns down).

Our CEO, Graham describes it this way:

I'd like to know that if I was washed up on a beach one day I could walk into any web-cafe and get a copy of my passport (and other identifying information) to take to the embassy to help establish who I am faster. Or, if I miss a flight and unexpectedly have to hire a car that I can get a print out of both sides of my driving license. The DVLA can do this but they're only open 9-5 on weekdays.

In the future we'll be introducing ways to selectively share some of this information by letting you attach certain documents (or document metadata) to persona's. We're also looking at the sharing context around children and elderly relatives. For example giving parents the ability to upload childrens birth certificate, vaccinations certificates, etc... and both have access.

12/09/2006 17:44 by Matt Mower | Permalink | comments:
More about:

What's in a slot?

A quick follow-up to respond to some of the comments on my recent post about Dataslots as a replacement for Web2.0 style API's.

A quick precis is that instead of a service providing an API to manipulate my data (for example eBay might provide an API to list the auctions I have bid on) the service should pass the data (in some agreed format) back into my eBay slot so that it's under my control. I can then make this (along with other appropriate data) available to whatever services I want.

Julien Couvreur asks:

Doesn't this end up being just an API as well?

And of course he's right. There will have to be a bidirectional slot-API to allow the data to be manipulated. But this kind of misses the point. I'm not arguing against API's per-se, I'm arguing against a hegemony of service specific API's to manipulate data that may have other uses. Since it is unlikely that we can get API's harmonized (just look at the problems with API's for implementing weblog access; Does Blogger implement the MetaWeblogAPI even today?) we need another way.

But like I say we will still want API's and services to process this information and with the enhanced data at our disposal we will expect them to do more for us. The key point is that we will be the gatekeepers of this functionality. A service will not be able to arbitrarily limit the value of the data by constraining the API.

I do like the idea of a personal data store, although I tend to think of it in a distributed fashion instead of centralized.

I would disagree on this point. I will argue that most people don't want their information scattered over 1,000 distributed databases (or 100 or 25) but really want it consolidated into one convenient place. The more distributed it is the harder it is to keep track of, to keep it up to date, and the harder it becomes to protect. Whereas having my information in my own personal silo gives me convenience, oversight, and (hopefully) unified access controls for when I want to share it.

In short I want distributed services, but centralized information.

Marco over at Clipperz likes slots so much he's building a company around the idea. Clipperz has a different approach to PAOGA and it will be interesting to see how it develops. I recommend you go take a look at what they're doing.

Terry Donaghe also gets it:

I think the Dataslot idea should be standardized and all organizations that have data about me should share it with me if I chose to want to access it. I'm not sure that I personally would do anything with it, but I can see programs (like the personal agents we all want) that could access and manipulate this sort of stuff.

Absolutely. The heart of the Dataslot concept is that by getting control over my information I enable a range of new opportunities. If you're a high net worth individual you might have a concierge service that learn your needs and help sort out your life but most of us aren't willing to fork over several hundred pounds a month for this kind of thing. If our information was given back to us then low-cost personal agents could learn about us, our needs, and our preferences and help make life smoother and more convenient.

Terry also raises a good point:

Of course, the big problem seems to be one of security. I'd guess marketers and identity fraud folks would LOVE access to all of this information.

Security is a problem. The bigger the honey pot the larger the swarm of bee's. From a PAOGA perspective we have invested a lot of effort in building a platform that delivers security. For example each individuals information is held in our database encrypted with their own personal keys. With the caveat that security is a journey not a destination, we think we're in pretty good shape in this respect.

Where we will be focusing our efforts is on the permission question. How do you make it convenient and (as far as possible) fool-proof for individuals to decide who gets to see subsets of their information? I don't have even a remotely good answer to this question yet but we're working on it because it's a very important question.

But, getting back to the point, YES marketers and other folks want this information. There's really nothing wrong with that if we give informed consent for them to have it. If you want a particular product or service and you trust the supplier it's rarely a problem. Where the system goes wrong is that for so long we have been abused by people we don't trust representing products and services we don't want.

This is why it's so important to give control back to the individual. Once individuals trust they are in charge enterprise can go about mending the fences that it has spent so long trampling over. The end result will be a better deal for everyone (at least for everyone who plays fair).

And this brings me to another point that I shall probably address in a future post but trail here: Enterprises are slowly waking up to the fact that those very expensive CRM databases they are building (and, at great cost, maintaining) are really a huge liability. All that data sloshing around is rotting faster than they can replace it and the bad press when it gets lost, stolen, and exploited can damage that brand you spent so much to acquire.

The answer is to give as much of the data as possible back to the customer (best place for it anyway) and ask for permission to access it. The Dataslot is a great way of getting started because you can begin to give the data back to the customer and let them help you keep it up to date. As the architecture and processes evolve you can just turn off the bits of CRM you no longer need. There are other offshoots here but I'll save those for future posts.

So, in summary, control for the individual, the possibility of more effective services, enabling of personal agents, a more ethical and less risky approach to CRM. Sounds to me like Dataslots have a lot going for them.

But I could still be crazy... you decide!

07/09/2006 17:19 by Matt Mower | Permalink | comments:

Argue your way around this

The worst twist in American democracy is that the voters have learned to pass the stupendous costs of the welfare state on to the next generation. It’s bad enough when some voters force other voters to support them. But the American voter has learned to force nonvoters to bear his expenses, by deferring payment to the next generation.

The next time you pass a playground, look at all those little nonvoters, oblivious of what awaits them, and ask yourself if it‚Äôs really honest to teach them that they will someday enjoy self-government. In what sense are they governing themselves, if, before they even enter the voting booth for the first time, they are already saddled with huge debts they had no part in incurring and will have no way of escaping? Is that what our ancestors meant by self-government ‚ÄĒ or is it more akin to what they called ‚Äúinvoluntary servitude‚ÄĚ?

Joseph Sobran

Same argument for debts incurred to fight foreign wars.

07/09/2006 16:08 by Matt Mower | Permalink | comments:
More about:

A lesson of days

The last few days have been a salutary lesson that it's a mistake to place ones happiness at the mercy of what other people do.

06/09/2006 22:01 by Matt Mower | Permalink | comments:
More about:

The Birds & Bees

Sweet. Almost two years ago I fell in love with a piece of music used in a Gordon's Gin advert used a while back on one of their adverts. By hook or by crook I learned it was The Birds and the Bees by Patrick Dawes and Eugene Bezodis. At the time though it was only available on vinyl so I passed.

Somewhat behind the times I learned a couple of days ago that I could get it on CD for £2.99. 2 years later, I love it even more than I did when I first heard it. Also by the magic of Youtube I can see the video as well as Patrick and Eugene at home.

I'll probably download their ablum Postcard from Summerisle which is available for download in both AAC and MP3 formats (DRM free! My kind of music).

06/09/2006 15:27 by Matt Mower | Permalink | comments:
More about:

Dataslots not API's?

Okay so a problem I've been mulling for a few months now goes to the heart of a sort of evolution of the internet which is the prevalence of Web2.0 API's. It seems everyone is racing to build API's for this and that.

Where API's make clear sense to me is stateless lookup services. Google Maps for example, I can totally see why I want the ability to get maps for locations and directions between them. No problem there. But where API's make less sense to me is when things get personal.

For example I don't want Amazon to give me an API to lookup information about my book purchasing history with them. Or the Four Seasons to give me an API to update my room preferences. Or anything which is really about me.

The way I look at it API's are functional. The vendor says "These are the things I bless you to do." But those things may be considerably less than what is possible if I have access to the data. Data is king!

Right now of course the point is moot since most people don't have anywhere sensible to put this stuff. But what if you did? What if you had your own, secure, personal information store where this and all the other sundry information about you could live happily? (Of course I am thinking about PAOGA but Clipperz are interesting too, and then there's Amazon S3)

What data-mashups might be possible then?

I've been callilng this idea Dataslots as an alternative to API's. A Dataslot then is a named, opaque, store where an organisation can put a sanitized version of the information belonging to me and keep it up to date. I may have many such slots (and accumulate more and more over time).

Services are then enabled by aggregating information from one or more of my slots (and combining with other services via API's where appropriate).

The result is services which are personal, not functional.

Am I crazy?

04/09/2006 17:50 by Matt Mower | Permalink | comments:

SRM is about building value

In a recent Linux Journal piece called Turning the world I-side out Doc Searls wraps out a problem with which PAOGA is intimately familiar: CRM is all about the vendor:

All the identities in our wallets and purses, from social security numbers to credit card numbers to library and museum memberships, are given to us by organizations. More importantly, they represent "customer relationship management" (CRM) systems that at best respect a tiny fraction of who we are and what we might bring to a "relationship". What CRM systems call a "relationship" is so confined, so minimal, so impoverished and so incomplete that it insults the word.

The key to understanding our long term mission with PAOGAperson is seeing how far beyond these identities we can go. I hinted at this with the "identity is not just for christmas" piece last week.

To recap with an example I have used before: I see my Amazon purchasing history as part of my lifetime identity. It has value to me, especially if I can combine it with my Barnes & Noble purchasing history, DVD's I rent, eBay auctions I bid on (won & lost) and so on. As this information accumulates and interwingles it may become very valuable. (A quick note that we also acknowledge there is going to be classes of information you want to keep separate: We probably don't want our preferences for BDSM equipment and erotic films used for selecting a night out when Mother comes to town!)

At the moment all this information that I am co-creating lives independent lives, beyond my reach, on the many different service I use (and have used in the past but use no longer) and even on services I haven't used!

The best I can hope is that, through the magic of CRM maybe they improve their purchasing suggestions to me. But in reality this is unlikely and most CRM delivers little value to either party because it is inconsistently applied and using data which is out-of-date. This problem is compounded by the hostility I feel towards companies that hold my data prisoner.

It seems to me that, in this respect, CRM plays out much like the Napster argument. I know my data has value because companies are buying and selling it for one reason or another. But they're not buying it from me so I don't get the value of the information, someone else does. That's wrong.

As well as being wrong it's very inefficient because I am willing to tell companies that are prepared to invest in our relationship much more than they can find out about me from Equifax or Experian.

Doc again:

On the latest Gillmor Gang, Mike Vizard called it "VRM", for Vendor Relationship Management. Whatever we call it, we need to equip it on our side: the customer side, the citizen side, the member side. "Vendor" may not be a broad enough label to include government agencies, public radio stations, museums and the other noncommercial organizations we relate with, but it applies to the place to where we need the most help ‚ÄĒ in the marketplace.

VRM needs to do more than contain the virtual equivalent of credit and membership cards. It needs to contain (or hook into) our transaction histories, our reputations, our preferences, our intentions. A few months ago in Linux Journal I wrote about "The Intention Economy" that will grow from equipping sellers to meet customer demand after customer minds are made up and they're ready to buy ‚ÄĒ a territory still sorely lacking in existence.

At PAOGA we call it Supplier Relationship Management (SRM) but it amounts to the same thing. This isn't user centric, it's the user in control, the user at the centre of their relationship with their trusted suppliers.

I think Doc really nails it when he says:

No matter how "user centric" systems may get on the vendor's side, we need a system, or set of systems, on the individual's side, that is at least as powerful ‚ÄĒ that supports and enables the full measure of independence, freedom and liberty. And as long as we lack that system, we will only have partial solutions to a larger problem, and partial steps toward the last stage of the personal computing revolution.

The answer is inside-out. It's going from the individual out to the marketplace. Individuals needs to be in charge of their independence, their freedom, their liberty, their assets, their choices, their relationships. They will drive market growth in businesses that appreciate how much more can come from independent customers than from dependent ones.

This is one of the reasons I am so passionate about what PAOGA is doing (whether it's us who succeeds here or not -- although I hope it is us!) We're trying to change the world in a way that will be of benefit to everyone. Even those people in companies who may be thinking this isn't for them.

Why do I think that? Because we're all someone elses customer. Even the Chief Executive of British Telecom buys books from Amazon, groceries at Tesco, electricity from... well I don't know but someone, and so on.

We're all the customer in one context or another so let's make the system work for us!

04/09/2006 16:45 by Matt Mower | Permalink | comments:

The EULA cuts both ways

Commenting about my post on individuals having their own EULA Eric Norman raises the following point:

Fascinating idea. I have a cynical comment, though. It's not a prediction; it's just a comment. For lots of businesses, it probably won't work unless you, as well as the license, speak a language the business understands. That means you have to be willing to say, "I'm sorry; I won't purchase your product".

I absolutely agree.

  • Information being shared must be comprehensible (usable) by the consuming party. This is a problem that is being worked on from many angles I think.

  • The consuming party has to understand (and accept) the terms of the license around the information.

The latter is probably the new problem here and the potential sticking point. This was one of the reasons why I was keen to explore the use of Creative Commons licenses since these are already (to some extent) legitimized and well known.

Whether we use CC licenses or not (probably not if Bob Wyman is right) the problem is not insoluable. Businesses can come together over a solution if they see a benefit. We just have to be persuasive about that benefit.

I'd like to re-emphasize that the key point behind the EULA idea is to give control back to the individual. If I decide to put such a restrictive license of my data that no business is prepared to agree to it is my choice and the consequences are my choice also.

For the most part though I don't think we will reach extremes. Which brings us back to the benefits, about which more later...

04/09/2006 10:53 by Matt Mower | Permalink | comments:

If not Creative Commons then what?

In a comment Bob Wyman (of "NewNotes" fame) points out that the Creative Commons license, whether it has any applicability to identity or not, probably isn't going to do what we are looking for.

This is because you seem to want to be able to have the ability to restrict some uses of your "identity." The problem is that Creat! ive Commons licenses can only be used to grant or expand usage rights which are otherwise restricted. CC licenses can't be used to restrict rights. Folk often make the mistake of thinking that a CC "non-commercial use" license actually prohibits commercial use. It doesn't.

What such a license does is explicitly state that it is silent on the subject of commercial use and thus leaves in place whatever restrictions might have existed without the CC license. The rights you do not wish to extend must already be limited by some law, contract, etc. other than the CC license. A CC license cannot be used to create a restriction.

Remember, Creative Commons is all about getting more things into the "commons." It is NOT about restricting use or pulling things out of the commons that might otherwise be in it.

This is always the problem when you try and bend something to a new & different purpose; It may be a really bad fit.

This leaves me wondering what approach we should take. I want to follow the path laid out by Phil Windley's Identity Rights Agreement since that seems to be an appropriate jumping off point. But I think we need counsel from wiser (legally trained?) heads about how to proceed.

It's thing like this that make me wish we had the resources to be at DIDW and the Identity Open Space. I'm happy to push this in our products, but I don't want to design it when so many other people are better place to do so.

01/09/2006 17:39 by Matt Mower | Permalink | comments:

An identity is not just for christmas

You may be wondering why businesses that have grown fat & happy on the assumption that they own your data (and can do what they like with it) are suddenly going to convert to a world where you control your data and they have to ask you nicely.

Short answer... they're not.

As a company we spent 2 years learning that lesson. When we tried to suggest to them that their huge vault of customer information was a liability rather than an asset they didn't want to hear it. Unfortunately since the government appear to have no interest in enforcing the DPA and since the Information Commissioner (for all his rhetoric) has no bite there is really nothing we as a company can do to persuade them.

But you can, and you, and you, and you...

Together we can tell businesses that the future really will be better for them by teaching them about the value of our lifetime identity and why it's something they don't want to be shut out from by not respecting our rights and, to some extent, our wishes.

By way of an example here is anecdote:

Back in 2000 my beloved Motorola V3 phone developed a faulty screen and was duly repaired under warranty. But the repair wasn't done properly and the handset developed another fault but for reasons I won't go into it took me many months to work out just why my phone was randomly calling other people.

When I tried to speak to Motorola I exhausted all the support options and ended up facing a blank wall. No I couldn't speak to anyone else. No they wouldn't do anything. Goodbye.

I did a little spadework and came up with the address of the Motorola UK HQ and the CEO's office. I sent a polite letter informing them that if they didn't make good on the repair I would never purchase another Motorola product in my life and would repeat my story to anyone who would listen.

Net result: The following day the PA of the CEO called to ask where I would like my new phone delivered.

I put my request for my phone to be repaired in the context of my life-time value as formerly happy Motorola customer who was about to become a life-time enemy of Motorola. The support people could have patted themselves on the back that they'd saved the company the cost of the repair. The CEO (or more likely his PA who was a very smart sounding lady) could probably do the math and see how much they stood to lose.

We should see our identity in this sense. If identity services catch on you are going to be using them the rest of your life, building up more and more valuable pots of data.

For example Amazon have my purchasing history. I am happy for them to have it but why don't I have it as well? Why can't I benefit from the value in that. If I could, if my Amazon purchasing history became part of my identity then other people could (with my informed consent) help me mine the value of that information.

There will come a time when the value of that information will be so great that it will be the oxygen that business breaths. And we know what happens to people whose oxygen supply gets cut off.

01/09/2006 17:20 by Matt Mower | Permalink | comments:
More about:

EULA, IRA, there is nothing new under the Sun

I posted to the Identity Workshop list today hoping to stimulate some conversation around the personal-EULA ideas PAOGA is working on and have already had some interesting responses.

Victor Grey of 2idi pointed me at a post by Phil Windley where he talks about an Identity Rights Agreement:

IRA’s should come in a limited set of configurations, like CC. This makes it easy for people to choose and become familiar with what they mean. So, they might be:

  • Post publicly (broadcast)
  • Share with anyone, but can‚Äôt broadcast
  • Share with self and partners with which you have a legal agreement to honor this agreement
  • Keep to self
  • Stored encrypted
  • Use for this purpose and destroy

I really like Phil's cases and they closely model what we have been considering. Closely enough that, although I don't remember this post, I'm inclined to believe I have seen it and that it helped put me on this path.

Neil Macehitter pointed me at Jerry Fishenden's proposal that the government should use:

a CC-style model in making clear to citizens what will be done with the information that they are being asked to provide? Instead of lots of complex small print about ‚Äėterms and conditions‚Äô, why not adopt a highly-visual "Data Protection Agreement", modelled on CC, that sets out very clearly the citizen‚Äôs rights and the owning department‚Äôs rights?

Absolutely. Jerry goes a step further:

Equally, given the confusion we have seen within and between government agencies about what rights they have to citizen data in their possession, whom they are authorised to share them with, etc., why not also use a similar model within government? If I was still a public sector employee, how much easier life would be if I could very quickly understand what rights I have to make available citizen data in my possession and the basis on which I might share it with others. This is not just a matter of operational efficiency - as we have seen, such questions on data-sharing can be a matter of life and death.

I would argue that business could benefit from the same clarity. Right now, ruled by fear, businesses are likely to shy away from opportunities that - if they had a clear relationship with the customer - they might be able to persue.

We're heading for a world in which the individual lives at the centre of their relationships with suppliers, organisations, and - ultimately - government. Once we are in control we will want to assert our rights and the rights of others.

01/09/2006 16:57 by Matt Mower | Permalink | comments:

Amen to that brother

Jon Husband bids Tony Blair a swift farewell:

I don't really know, and I don't have a lot of knowledge and expertise in the area. I'm just tired of us swallowing all the propaganda we get force-fed by our Western "leaders" all the time ... them pretending they, and us, are enlightened paragons of virtue.

He does not speak for the entire population of the planet, and to presume to do so is arrogance of the highest order. That's the point, in my hopefully sincerely humble opinion.

Blair certainly doesn't speak for me. I utterly reject him and his toadying government and no matter that he will be replaced by some other servant of mammon I cannot but applaud Jon's sentiment.

What a wanker ... the UK would do well to rid itself of him very soon.

Amen to that brother!

01/09/2006 15:52 by Matt Mower | Permalink | comments:
More about:

Fair use in identity

I notice that Phil Becker was talking about the idea of Identity Fair Use back in 2002.

One of the most easily seen cases of identity "fair use" is in business. If a company honestly wishes to provide superior customer service, and provide the products its customers really want, it must learn about those customers as to their wants and needs. For example, if a product that a company sells has a problem (after many of them have been sold) and the company wishes to replace all of those products it sold with one that is "better" because it doesn't have the problem, they must have a database that indicates who bought the product and how they can be contacted to replace it. If they do, then the company can proactively contact those who bought the defective widget, and send them a replacement. This is clearly good for the customer, and by building their relationship with their customers as "a company that takes care of customers", it is also good for the company.

The problem is, that this database is digital identity data -- data that may be deemed to be owned by the customer and not the company. Thus the keeping of such records in a database may be said in the strictest sense to be a violation of the customer's privacy rights. This might be able to be circumvented by having customers explicitly "opt-in" to such a database, but then what is the company's liability if the defective widget is so bad that it might kill a customer? If the company has been explicitly prohibited from ever finding that customer, will its liability be reduced? I suspect not.

I'm not sure about this liability aspect. For example I have an Apple Powerbook with a battery which is being replaced because it might catch fire. But I didn't get an email from Apple about this even though I registered my email address with them when I bought it (and many times subsequently).

But the issue about having my email address is that if we're in a relationship where I am a customer of yours I will allow you to have access to (appropriate) contact details. If our relationship changes such that I no longer wish you to be able to contact me for marketing purposes then I amend our license agreement such that you can only contact me to notify me of product recalls.

Shrinkwrap software licenses always contain clauses that allow the vendor to change the terms at their discretion. I see no reason why my personal-EULA shouldn't have a similar term. As a business that I no longer wish to deal with you'll get a notification about a change in our license terms for my information which you can either accept or reject. If you reject it then I should have no redress with you about product recalls later on (and our audit trails will support that).

Identity fair use is an important concept to recognize. Using the analogy of fair use in copyright law may be a helpful way to view it, and illuminating as well. But however we do it, identity fair use is a concept that we must identify and discuss as digital identity rolls out. Because if we do not have a vigorous conversation about the concept of identity fair use, we will see many unintended consequences as we attempt to codify privacy rules into law.

We're beginning to roll out now and, as I have said before, our principle is about giving the user convenience with control. I see this ability to assert ones rights over ones information as a key part of having that control.

01/09/2006 13:00 by Matt Mower | Permalink | comments:
More about:

Making personal EULA's work

Christian Hauck (who I met a long time ago at one of David Gurteen's early events) raises some interesting points in respect of my last post about EULA's for our information:

EULA contracts, in a way, are like patents: they are not useful if they can't be enforced at reasonable cost and effort. So in a way you enter legal terrain, which differs very much by country.

I think the utility flows two ways. By clarifying the rights given to the end user you can make it easier for them to do (or decide not to do) certain things in a simple way. If I've seen that you give me the right to use your personal information for commercial purposes then I'm in the clear. Well almost in the clear, I need proof which is another good point that you raise.

On the other hand if I deny rights to use information for some purpose then at least it's clearly understood. If a company chooses to go ahead and use the data for that purpose anyway then I have tools with may help me to gain redress. We've got some more tricks along this line but I'll keep that powder dry for now.

Just make sure to have a good (legally water-tight) system to track the versions.

One of the things which PAOGAperson does is maintain an audit trail of all activity on each persons account. The audit trail is individually encrypted (so, for example, we can't read it without permission) and is designed, so my CTO tells me, with the aim of eventually supporting CFR part 11 standards.

So, for example, we can imagine a situation in which a PAOGAbusiness requests some information from a PAOGAperson and accepts that persons EULA. The individuals audit trail tracks the data that was released, who it was released to, when it was released, the license terms under which it was accepted, and so on. The business has an audit trail tracking the license accepted, the data received, and so on.

Our first versions of the PAOGAperson interface don't achieve anything like this level of sophistication but the underlying platform (which we have invested several years of development in) does because we started in a B2B context where this kind of thing is very important.

On the subject of enforcement we're not looking to get into that business. Our aim is to be a fair broker who represents the best interests of individuals and best opportunity for business. What we will do is enable those who want control (and responsibility) to take it and give all parties better tools to manage their interactions.

A business that abuses your trust is going to get cut off from your information flow. We contend that obtaining information direct from the source (you) is ultimately superior to gathering it from 3rd parties so cutting a business off has impact on them because it puts them at a disadvantage with respect to competitors you trust. Further we think that, over time, you will share more and deeper information with the businesses that you trust building a closer relationship that will deliver more lifetime value than they could obtain by exploiting you.

In the end we think the advantages will so outweigh the disadvantages that business will see it's in their interests to comply with your wishes. They don't believe this today, but if enough people agree with us, they will believe it soon.

At that point business will have changed forever.

01/09/2006 11:45 by Matt Mower | Permalink | comments: