Wednesday, November 19, 2014

The best way to lose e-trust

All enterprises with Customers should take note, the emerging way to lose the e-trust of partners or clients, is to openly or surreptiously remove from them the control of their own data. The issue comes not only from using their data without their express wish, in a way that does or does not benefit them, but more importantly from removing their ability to control how it is collected and used. The usual Internet Giants have become masters of these malpractise, the best examples of which feel very spooky to those on the receiving end. However the media and thus the public are waking up to the issue. For a while there have been a few pathfinders who have been deliberately taking back control. (Usually by eschewing the free services on offer that gave organisations the ability to control their data, or by creating watermarked data.) Once such pathfinder, Janet Vertesi, Professor of Sociology, at Princeton University, recently realised that Google knew about her planned engagement to be married prior to any of her family or friends, and worse were acting upon that knowledge to make money for Google. Importantly, it is not just the Internet giants that can fall foul of our natural desire to retain control over our own information. 

Signs of this malpractise can be found in how your organisation; 
    - gains access to data and identifying the data's owners
    - enables the owner to control of current and future use of their data
    - uses the data in respect of those express wishes

The result of not appropriately managing the control owners have over their data can have a profound impact on your clients and partners e-trust in you and their future behaviours. These malpractices have been erroneously labelled the Privacy Problem, by regulators and politicians. Worse some EU politicians have gone down the path of legislating the "Right to be forgotten" In truth the problem is far simpler, it is a control problem, one that sociologists label as our natural desire and capacity for "agency".

How does your organisation stack up in the race to attain and maintain e-Trust in an increasingly Outside-In world?

Some Diagnostic Questions
Does your Company sell or acquire lists containing external data to or from outside organisations?
Warning most such lists will contain toxic data, are you clear on how you can filter out such toxic  data?
Eg A customer whose data was on such a list despite their express intent for it not to be used or re-used.
Personal example, I passed my contact details to a Jamie Oliver website having unchecked/checked all the do not share boxes. I gave an email address that uniquely identified the Jamie Oliver website. In less than a month the email address was being spammed. I no longer trust Jamie Oliver or his companies and no longer visit his restaurants.

Do you give your data owners direct control over their own data, and how you may use it?
Warning this is not a trivial activity. Do not answer this question lightly. Sadly the Digital Fabric is not yet in place to give a clear affirmative to this question. But that's another topic!

Do you gather the express wishes of data owners?
When you acquire others data do you only use it having established and stored the express wishes of the owner, as to how it may be used, now and in the future? 
Do you give the owner a simple means of changing these wishes? That is, can the owners view and change your entitlement to use their data? And I don't just mean their email address!

Do you give data owners the ability to classify their data?
By establishing from the data owner the regard in which they hold their data, you can decide more effectively how you wish to protect it and even if you want to store it.

Are you transparent with all your sharing controls/settings?
Warning: Hiding such controls deep in a system, or obfuscating them in anyway, can reduce e-Trust. 
Apple's latest iOS has a setting found at the end of this chain:
Settings/Privacy/Location Services(scroll to the bottom)/System Services/Frequent Locations
Not only is it placed deep within the iOS control panel, but when the facility was first enabled the user was not directly asked whether it should operate, and it is by default set to "Collect and store times and locations visited".

Do you comply with the express wishes you have collected?
eg LG Smart TV had a setting that ostensibly disabled the collection of personal information. The collection took place whether or not the box was checked.

Are you using the Identity of your Customers, or do you require them to use your identity for them?
Having a very effective Identity, Entitlement and Access Management system is key. NB This is not the traditional Access Control List or Active Directory approach. An Outside-In IdEA system needs to be architected as such. Would you trust a person who choses to give you a new name and refuses to use your own?

When contacting a Customer do you demand from them information that assures their identity or do you first give them information that assures yours?
Do you have a means of identifying and authenticating yourself to your partners & customers and then vice-versa?
Personal Example: I was phoned by an Insurance company, they demanded that I give them personal details to authenticate myself, and gave me no way of authenticating them. The banks also currently operate this practise, especially after they have discovered a fraudulent transaction. Potential Solution : Your Google Authenticator should currently be showing this pin for us...

Who in your Organisation owns ensuring that your customers are, and remain in control of their own data?
The answer to this question can give you a clue to your organisation digital agency maturity.

5* Office of Co-Creation
4* Office of Information Asset Management, Chief Data Officer
3* CISO or Compliance Manager
2* Privacy Officer **
1* Someone in IT
0* The Marketing Department 

**(Position of this role depends upon the mindset of the encumbent, too often they see their role as protecting their organisation from litigation, instigating practices such as the wholesale deletion of evidence of malpractice which they laughingly name the Retention Policy. Those Privacy officers who see their role as protecting the Privacy of the their Customers and even better giving their Customers control over their data could achieve 3* or 4*. Sadly too many fall into the lower position)

Your organisations e-Trust is founded upon your capacity to deliver agency to your customers. 

On the journey to Outside-In, your ability to deliver digital agency will be a key organisational capability, it needs developing, but be warned it is not a muscle that most enterprises are used to using, for it involves giving control to Customers, not wresting it from them.

However, by far the more important question is; How you can build on your capacity to give digital agency to your customers, by adding value to you and your customers? The answers to that question lie in the Clockwise Security topic, a discussion of how security can be used to create value, not just avoid risk, and in this direction lies Co-Creation.

Tuesday, November 11, 2014

Where is the party I could vote for?

The party would have a number of features... they would aim to:
Expand Social Mobility
Create a balance between taxation of wages & capital, that favours wages paid to workers that create real products and services. (For example bankers who are paid vast amounts of money simply for gambling with other people's money, or rich people who create more wealth simply from being wealthy would be heavily taxed, however tax on interest, would only apply on interest greater than the cost of inflation)
Make the U.K one of the best educated and healthiest countries in the world.
This would involve significant investment into our national education and health services.
Create a police force that targets cyber criminals, as well as traditional criminals, with the capacity to deal with civil unrest.
Create a modern army, without nuclear weapons, that has the capacity to deal with Terrorists and support global stability, as well as responding to global epidemics.
Give young people a sense of pride and self discipline, by ensuring that they spend at least a year supporting the poor and needy in other parts of the world, likely as part of a global civil defence force.
Eliminate bloated European, Central and Local Government bodies, 
Support the development of a global economy, and deal with global poverty.
Ensure investment in the core infrastructure services of Energy, Water, & Transport
Deal with the impending disaster of an aging population bulge.
Deal with corruption in all it's forms sexual, moral, financial, etc.

The above is not in order of importance.

Any party that best aligns to this list could have my vote.

The unfortunate thing is that for the moment I cannot find such a party.

Thoughts anyone?

Thursday, October 16, 2014

Apple do you really want to lose me for the sake of a charging cable?

In the past few months I have attempted to buy some new cables for our iPhones and iPads. We love them, but we love them better if they are charged.

Thus we want charging stations dotted around the home, and in the car. I have loads of Apple USB Chargers but you changed the cable end....

So I went to Amazon to buy some more cables.

All of them stated they worked with the required devices, and when they arrived they did! 
All plugged into Apple Chargers! I don't want to buy cheap chargers that would likely catch fire!

Then a nasty piece of software was downloaded from the Apple Bullying Corporate Department. First the software started to signal that the cables might not be reliable, then the software actually disabled charging when the perfectly functional cable was plugged in.

This is a despicable act that is not good for the planet nor my pocket, and neither is it good for my Apple Loyalty!

Your greed has started me to look elsewhere.

Seriously I am starting to actually consider shifting away from my decades of Apple fan-boy status. 
I was happily able to ignore the jibes of my technologically impaired friends.

I am not however willing to ignore your greed and negative impact on our planet.

Please stop pretending my charging cables are broken!
They are not! You are lying to me!

You just want me to buy your cables at up to 10 times the cost!!!

Friday, September 05, 2014

A Dissenting View?

I just re-learned the same lesson all over again, iPads do not give me control over my mistakes!
There is no undo when editing text on an iPad in most contexts. Déjà Undo!? Why would I have clicked cancel, seriously! Why? Dear iPad, You should have at least checked with me before deleting 2 hours of contemplation!

Thus this will be a lesser post, a shadow of its former self, there will be some who celebrate that it will thus be shorter, but sadly it will also miss some key nuances that I have neither the wit nor the energy to reproduce.

@Henry Story just posted the largely excellent BBC Horizon program on the dark web. It started off focussing on the important issue of being in control, but sadly for me weakened with a conclusion that focused on the "Online Privacy" meme.

Privacy is simply an outcome of choosing not to be transparent, in effect choosing to close the curtain to the internet. (Aside: Can there ever really be a curtain to the internet, or perhaps a better question is should there be?) Privacy is arguably a transient result of living in a global village that has not yet achieved the transparency that was the norm in earlier villages, in that bygone era before the internet.

I would have concluded with a piece that highlights the importance of the layers that give us the ability to be in control. Let's consider the problem using Maslows approach to the Heirarchy of needs. Assuming that we agree that having some degree of privacy is of value, to achieve that...
We need to have the choice of privacy or transparency... to achieve that...
The digital agents that act on our behalf should respond to our intent, in short we should have agency over our agents. achieve that...
We must be able exert control over said digital agents (which are invariably embodied on devices) achieve that...
We must be able to trust the devices that are a part of a developing set of digital fabrics achieve that...
We must be able to exert control over said digital fabrics, (some of which are not owned by us) achieve that...&
We must be able to trust the ecosystem that supports the digital fabrics, and that ecosystem must be able to identify us achieve these thing...
We must have the right to be in control of our digital environment, and our digital identities (persona)

In short we should have the right to have digital agency over the digital fabricswe interact with.

We have a long way to go to achieve this....

Today we are all poorly served by our politicians, who have become focused on the Privacy Meme

When what we really need is control...  ie having that Digital Agency over those Digital Fabrics.

On Privacy: we are fast approaching a time when the last thing the world needs is an excess of privacy. For there are some bad people in the world who thrive on fear and the ability to act often secretly against individuals that dare to stand up to them. There was a time in my life when I chose to publically stand up to a bully, with a large part of the school watching. I was soundly beaten for my action, but the act triggered others to do the same and the harsh light of transparency caused the bully to be controlled by the majority. It was a proud, as well as bruised time in my young life, which taught me that private timidity, ie keeping ones head down, was not always the right thing to do. There are those in the world who purport to be for example Christian, Russian or Muslim, but who are currently using fear and "privacy" to act against society. Often they cover their faces, to ensure their privacy, whether the Ukrainian sepperatists, or ISIL fighters, or the actors on the Dark Web, they are fighting against our collective right to self determination or agency.

Let us focus on arguing for Digital Rights that are far wider than Privacy Rights, which would give us the right to chose to act for the good of society, as well as ourselves. Then let's focus on ensuring that the digital fabrics of our society support these rights, to do this they will need to be designed from the outset to be secure and trustworthy!

Please, it is not all about Privacy, being in control or having digital agency is far more important.

Yes I am like a scratched record, but apparently I am not getting the message across!

Thursday, September 04, 2014

Who should control your digital fabric?

A new sort of fabric is coming, or for some has come, into being; a digital or cyber fabric. There are going to be a number of types of digital fabric. The term is starting to be used to describe a digitally connected environment, owned by a specific stakeholder, and incorporating their digital devices and all manner of "Things". The key question for these stakeholders is who will be in control of this fabric. The race is on to attain that control, directly out of the hands of the owning stakeholders, often without their knowledge, and frequently without their considered decision.

Many enterprises are starting to understand the need to develop digital strategies. The outcome of an effective digital strategy is being referred to as Digital Mastery. Digital Mastery will not be possible without effective control of a stakeholder's digital fabric.

Digital Fabric is being and will be implemented at many levels, in many spaces from cities to countries; From offices, and laboratories to factory floors. From shopping centres to distribution centres. From individuals to the homes of their extended family. Digital Fabrics will be overlapping and interconnected, but most importantly they should be secure and easily controllable.

The resulting fabric(s) will have many labels, for example the fabric covering the offices, laboratories and factories of a company will likely be called Industrial Fabric. The challenge for fabric owning stakeholders, whether organisations or individuals, will be to achieve the appropriate control over a specific fabric designed and composed to meet their needs.

There is a group of organisations that understand the importance of building, connecting, and controlling these different digital fabrics.

Country Fabric
Industrial Fabric
Transport Fabric
City Fabric
Consumer Fabric
Vehicle Fabric
Domestic or Home Fabric
Personal Fabric

Sadly for most organisations and individuals they have not experienced, nor do they understand the importance or value of a coherent well architected / designed digital fabric. Most are suffering from a patchwork approach to the development of their digital fabric. This is caused by component and device manufacturers or service providers bringing their own silo-based approach to the development of digital fabric.

An effective digital fabric can be said to be in place when all the relevant digital entities, and real entities which are connected to the fabric can achieve their desired outcomes securely, quickly, easily and at low transaction cost. Simply connecting your computers to a network, does not create a digital fabric.

Does your Digital Strategy specify the need to be in control of YOUR digital fabric?

Have you considered the importance and value of leaving your partners and customers in control of their digital fabrics?

How should these digital fabrics connect, you ask?

Well, that's where you have identified the need for an e-trust ecosystem.

And probably the most important thing you have realised is that you should be in control of all your things, both digital and real, that compose your digital fabric. Perhaps you have also started to think that all your real things should be represented by digital things. If so, you may be starting to understand the power and value of a digital fabric.

So start designing and building your digital fabric now! Perhaps more importantly should you help your customers implement theirs?

So, YOU can be in control of your Things, rather than others, and your customers can be in control of theirs.

As an aside I connected my Samsung TV to the internet again today, and despite my taking care to maintain control, Samsung again demonstrated that they think that it is their Thing, not mine. For despite skipping the software update step when I connected the TV to the web, just as I switched to viewing the TV, Samsung forced a software update on the device. Nor could I find a way to delete my Wifi password from the TV, once I had entered it. Worse they think that the idea of providing a "single-sign-on" service by capturing my facebook and email passwords is a secure one. Samsung are trying to force me onto "their" digital fabric. You may have spotted that Samsung are buying Smart Things for $200M, a move to extend their digital fabric into our homes? They are not the only one's who are aiming to own our digital fabrics, think Apple, Amazon, Google Microsoft et al

Finally what are the best types of fabrics, will they be open, or closed, perimeterised or deperimeterised, internal or external. Perhaps it is best you decide before you build yours!

Thursday, July 17, 2014

Scratching an itch... I want Reality in Layers...

Having just ordered my first App enabled Vehicle, a Mitsubishi Outlander PHEV, I am already struck by my frustration about what I cannot control. I downloaded the App months before the arrival of the vehicle. The vehicle I will potentially receive has apparently already been identified and is being shipped from Japan.

But sadly my potential vehicle does not yet know that I am it's potential customer.
I want to be able to be talking to and starting to interact with my Vehicle today.
I want to alter the way the car operates and behaves, why can't I start teaching it now!?

Actually if Mitsubishi had allowed me to create a virtual representation of my vehicle as soon as I had downloaded their App. I could be doing just that.

The key change is the need to create a digital representation of the vehicle that can be connected to the real vehicle when I get it.

Funnily enough that is exactly what I am discussing with the folks at Flexeye.

They understand this need and they are starting to build the tools and infrastructure that will allow just that.  In it's early form it is called the Eye Hub.

Tuesday, June 24, 2014

Respect Network is Launched

So yesterday at lunch, I asked Dan Blum, the Security guru associated with the Respect Network,  to be launched in the City of London that evening, "What exactly will the Respect Network respect?"

His response was, I thought at the time, a perfect one. He jumped my clumsy "We will respect your Privacy" trap with consummate ease and stated confidently; 
"We will respect your right to control your data."

A wide ranging discussion, that included the promise of pseudonymous personas ensued.

I planned straight away to sign up for =adrian.seccombe , my soon to be forever cloud name. As well as =adrius42 my gaming persona. It was only after hearing the detail at the launch that I heard the clever and nuanced twists.

Drummond Reed the founder of the Respect Network described to us the switch opportunity, we are allowing you to move from the current world of providers that grab your data to monetise it on their behalf, to a world where you can control the use of your data. He proudly stated; "We are laying tracks." He neglected to clearly articulate that the current providers delivered a usable service with engines and carriages, and indeed semi-useable, if not at all respectful, data control panels. Whereas the Respect Network has, as yet, little to show in this space.

I felt having been told that there was a bridge that could cross the great divide from Enterprise Centricity to Entity Centricity that I was tricked, after discovering it was only currently built half way across. Then I realised that unlike the tower bridge, next to the launch site at the City Hall, was that this as yet unfinished bridge will not accept mere individuals on foot. I could find no useable UI's. One must travel in carriages, the Apps?, and as yet there are none to speak of! The all important monetisation of my data, may also apparently blocked by the incessant promise of "We will never sell your data!" But what if we want you to, but as our broker? I wish the 5P's the principles of the Respect Network Framework "a promise of permission, protection, portability, and proof" included the commitment to allow Entities to Profit from their data!

The truth, as always is even more nuanced and actually contains large amounts of potential future promise. The most important discovery was the fact that "=" is just the beginning "*" and "+" are soon to follow! representing as they will the cloud names for devices and organisations.

The components of this graph based identity relationship and reputation ecosystem monetised on graph connections are:
1) A cloud name e.g.=adrian.seccombe purchased for life for just $25
I felt like I was being sold a non stick saucepan that would never-ever stick!

2) A registry to store them 
all run by a company that "we won't have heard of", but they make the whole internet work....honest!

3) CSPs Cloud Service Providers who will keep our data for ever more.... actually I'm not clear on the death clause, and how my off-spring will be able to curate my data when I am in the after life.
Nor was I that clear on what I can store, my home security camera takes a lot of pictures!

4) The App developers who will create beautiful apps to change the world. None of which smelled or looked like the Killer App that will kick start the Respect Network. They simply felt like a new means of creating wealth for the app providers.

The missing components from my point of view:
0) A ridiculously strong authentication mechanism
I could not establish a way to use one or both of my yubikeys
a) An Entitlement Engine
b) A Respectful Personal Digital Assistant (RPDA) that understood how to manage the wonders of a hybrid graph and rules based relationship and transactions network
c) A really cool and useable Connections and Rules control panel 
d) A transaction based monetisation model, that would really enable the Intention Economy
This where I get to truly extract value from my data, it's the transactions! Just like the credit card world that was the system that the respect network was modelled after!
e) A killer curation agent, that would manage data storing and more importantly data culling, I really don't need 10,000 pictures of my living room!
f)  the ability to respectfully identify things and associate them with me, or another entity of my choosing. Of course entities can be Apps & Things, as well as people and organisations. In the Jericho Forum Identity Commandments, after much dialogue we stated that in special cases, entities can also be Agents.
g) the way back machine, see the Sauron comment at the end of this blog.

It is arguable that those missing components are simply missing Apps, but I suspect that the "tracks" will need to be laid in such a way as to accept both Rule Based and Graph based carriages. Certainly the Respect Network "Control Panel" must be capable of exposing mere humans to their graph and rules, and allowing them to manipulate both.

This might be a semantic nicety but graph based connections without the added flexibility enabled by an Entitlement Engine, are likely to be of limited transactional value. Perhaps the Hybrid carriage may in fact be the most valuable of all. 

But where are all these Apps? Meeco the soon to be "Me Economy" App that appears to be targeted at professional females, is not yet in the UK Apple store, and the Social Safe is going to cost me long term money. Not sure if I keep access to my data when I stop subscribing?

And please don't get me started on the missing core identity component, nor the fact that at the base level, my cloud name is protected only be a password! The Jericho Forum Identity Commandments review blog is going to take longer and require me to better understand the inner workings of the respect network.

Like always I feel like I am living life 15 years behind my expectations.

I imagine a world where I can simply say to my RPDA (Respectful Personal Digital Assitant) on the way home;
"This Lunch time I met with =dan.blum of +respectnetworks, this evening I met =docs.searles he of intention economy fame! I also had the pleasure of meeting =andy.dale CTO of +respectnetworks,(Bloody hell... I wish the Apple spell checker knew not to capitalise =Andy.dale just like it knows not to capitalise @andy.dale.  Hint: Start negotiating with them now for = & +, * is already sorted)

In point of fact, I would simply say Dan Blum, as my RPDA (Respectful Personal Digital Assitant) would have already acquired my Cloud Name for him, (ooops that's not how it works)

Having said all that apart of course from the bracketed expletives, my RPDA would automagically tag the already captured events as being important to me. My RPDA had surmised that these events would be important and responded with "surmised", rather than the alternative "surprised" which would have indicated that the RPDA had not yet fully understood my interests.

Clearly this state of affairs does not yet exist, and I have to waste 15 minutes doing mundane curation activities for the day.

An Aside: I sat next to Sally Duckworth during the launch, and heard her exclaim "....but my name has already gone!?" it seems that in the Respect Network, it's first come first served, there apparently cannot be two Adrian Seccombe's in the world.... really?
Worse, I cannot have two cloud names, where are the personas I was promised?
(Apparently Persona's are a future feature...)

Why should I know Dan Blum's root cloud name, and for that matter why should he know mine?

The concept feels like it has a flaw (or two). Have we moved back to "One ring to Rule them all?"

Let's hope that Sauron doesn't get wind of this! At the very least let's be ready for him. I must have a Respect Network Time Machine. In order to be able to turn back time after my Cloud Graph gets trashed.

Having just paid my $25, I always knew I was going to, but I can't yet find the pig in this poke!
But then that was actually how I felt when I first bumped into this weird thing called the Internet.
I must be patient, for I am convinced that Entity Centricity is the future.
I truly hope that the Respect Network finishes building this bridge to the other side of the Centricity Canyon. I want to be over on the Entity Centric side NOW!

Sadly the Respect Network does not yet pass the Connie 2.0 test, for my Mum cannot yet hope to use it!