Saturday, December 21, 2013

In Defence of the word Persona

There is currently an argument occurring in the basement of the internet, far away from the ears and eyes of the users of the internet, it is discouraging the use of the word Persona. There are some very good historic reasons for this position. It is indeed important to ensure that there is a very good reason to create new words or new meanings for old words.  Change should always be very well justified.

My position is that we need a word that describes the result of a user / entity compartmentalizing components of their identity. The result is an identity but it is not the full or complete identity of the entity in question; it is a partial identity selected for many reasons including context, risk mitigation, privacy, reputation management, and indeed avoiding boring a circle of friends who have absolutely no interest in my composting exploits..

The word I would use is indeed Persona. I would make clear that the word normally describes the result of an entity having agency over their identity. The number of persona(s)/(e) (or whatever the plural of persona is) and their scope would most often be in the control of the entity. There are however examples of persona that are not fully in the control of the entity, examples such as the Doctor persona, in the UK the BMA has a degree of control over such a persona. Convicted criminals rightly have less control over their Convicted Criminal Persona, and Prisoner Persona than they might wish for, with convicted paedophiles having even less control.

Agency over a persona is an important consideration, I read recently the term "owned audience" in the context of a marketeers view of web-site users. As an audience member I resent the idea of being owned. Sadly Marketeers tend to use the word Persona as something that they can apply to an entity, rather than a view of their identity that the entity chooses to use. This Forbes article from March exemplifies this unfortunate perspective.  Getting the appropriate balance of the control over persona will be an important shift in the future. Many device manufacturers see us as commodities that they own, rather than individuals with rights over our "TV Viewer Persona" for example, they are creating devices that can assume control over the attributes of our Viewer Persona. Both Samsung and LG have demonstrated this approach, with LG going as far as creating a control that it actually ignored, and worse collecting Filenames from connected network devices.

So here's to the word Persona, and a growing understanding of the personal nature and value of a persona, and the importance of having agency over our Personae, where appropriate. In the Intention Economy this perspective will be key!

Tuesday, December 10, 2013

On the wisdom of young wizards!

Let it be known that not all young Wizards are as wise as Harry Potter. In addition, even Harry made a few faux-pas as he struggled to come to grips with his newly discovered powers. The trouble with IT professionals, though sometimes that last word has a hollow ring to it, is they don't fully comprehend that they are still young wizards, and worse they seem to have managed to persuade a gullible set out "business people" that they are highly proficient. I listened to Radio 4 this morning hearing non IT professionals defend the "impairment" of £40 million, based on the fact that it is quite normal, in the IT industry, for vast amounts of useless code to be written, and then "written-off", or as Glenda Jackson so eloquently translated for us... "So, does impairment mean poured down the drain?"

The fault lies in the assumption that if someone can put two Lego bricks together then the next question can be asked "Why can't they build a full size working model of the space shuttle?". The answer is quite simple they are not quire ready for that Spell yet, for they have yet to master a myriad of spells which would make the building of anything that uses more than 50 bricks quite beyond their reach. Excuse the mixed metaphors but as anyone who has tried to build the moving staircases of Hogwarts out of Lego knows, it's not quite as easy as you might think!

Sadly, most wizard schools, only teach the young wizards how to connect a few bricks together! 

Sunday, October 27, 2013

On Magical User Interfaces

I had the pleasure of meeting Josh Blake last week on the LEF Study Tour, those that know him, will know that my mind is now filled with the wonders of Natural User Interfaces or NUIs

Natural... Hmmm .... of Nature
So they must at least appear Natural... which would mean that they would appear to be unsupported by technology.

I reach to Clarke's Third Law:
    Any sufficiently advanced technology is indistinguishable from magic.

So actually we are really after building MUIs!

Over the week we started exploring the various dimensions of NUIs
On the plane home I extended our list and mapped some of the relationships. I so needed Josh's patient thinking support
(Josh: I really did appreciate your gentle patience as you lowered me into this new space.... but I still have problems with your definition of NUI :-) )

So here in no particular order ( he says lying through his teeth)  are my latest dimensions:
Agency (OK so you knew I'd put that one first! For it's surely the "raison d'être" of any interface!)
Affordability (ie Affordance - look it up it does't relate to monetary cost, it's more like learning cost)
Efficacy = Affordability / Effort ?
Efficiency = Utility / Effort ?
Manageability, describes the ease of adding new things that can be controlled
Utility, Outcome Value

Magic was added after the experience of sitting at the back of the room at Microsoft watching Josh drive his presentation by apparently effortlessly interacting with, who he later revealed as, "Preso", it certainly appeared to be Magic.

I have all the bits in my lounge (apart from the magic linking software) that would allow me to gain the attention of my imagined Home Agent "Auto" , point at a light switch and indicate what I want to do with it... Switch On, Dim, Swich Off, Wait why would I point at the switch? I would of course point at the light, that would be more natural right... ? But last night as I was practicing interacting with the imagined "Auto"... I pointed at the switch. I wonder why....  I suppose I am not yet conditioned to interact with MUIs

For those interested in developing the software, I have
an X Box and Kinect
my light switch is X10 enabled
A Mac Mini running Home automation software Indigo, 
Indigo Touch on my iphone and iPad

So the real magic will be to make it a mundane exercise to connect Kinect & Indigo
I tried explaining this to the folks who develop such standards and APIs and failed badly!
Such things should be able to, when I ask them to engage in the exercise, discover all the things that they can interact with and associate with them.

Until all the Things are that smart, I need an API Agent, who I have called Api , that helps me connect all my Things together...   now that would be Magic!
(Aside I hope the FIDO Alliance keeps focussed on Things!)

Josh I have developed My hand commands for Auto
Double Silent Finger Click = Attention Auto
Point  = Select Thing I want to interact with
Palm up and still = STOP!
( Attention followed by Stop = STOP ALL a sort of emergency Stop Command)
Palm Down drop hand  = Lower
Palm Up raise hand = Raise
Imaginary Knob Grip Twist Left = Turn Down
Imaginary Knob Grip Twist Right = Turn Up
Finger to my Lips = Go into Silent Mode Auto
Palm forwards and forward movement = Close
Palm face inwards an backwards movement = Open
On and Off are a lot harder to imagine as natural commands the closest I have come is
On start with finger and thumb open then touching the two
Off start with finger and thumb touching then opening the two
Though I can also imagine touching finger and thumb as the command for both
A set of Hidden Commands acts as Duress Commands which mean
don't do this or call for help, or emergency erase sensitive info
Actually all the commands should be able to be personalized 

I want Auto and Api now!

I do know that Smart Things will take a little longer

magic and Interfaces have been explored before.... darn again I wasn't original
Some other reading on the subject

Side note: The exclusionists in Wikipedia have gained ascendancy and they eradicate terms like Magical User Interfaces as they consider them proto-neologisms and refuse to use Wikipedia to be used to track the birth of knowledge. I find it hateful, but then I would as I am an inclusionist! So don't bother to look for the term in Wikipedia yet, as you will only find the Amiga software!

Sunday, October 13, 2013

Anti-Clockwise versus Clockwise

The aha! came as I was contemplating a question posed to me in the Gherkin where I was presenting the concept of Outside-In Security and the importance of "Clockwise" security, my off the cuff response created a tension in me that was like grain of sand in an oyster. I only wish I could remember the name of the person who posed the question and the question itself, in order to give them appropriate acknowledgement.

So to refresh..
"Outside-In" is an LEF (Leading Edge Forum) concept, recognised by the researchers at LEF headed up by David Moschella. It holds that the power of technology is starting to move the most effective location of value creation from Inside the "Enterprise silo" to Outside the enterprise silo. Simply put in the future, more value will be created Outside-In, than Inside-Out. It is basically a different view of an Information Security concept that I have been involved in the development of through the Jericho Forum; that of De-Perimeterisation, which describes the impact of technology on the perimeters of organisations.  I will come back to the "different view" later, but let's identify the common factor in these concepts. It is the "Internet"

There are a number of parallel changes created by the most positive impact that the internet brings, which is that of removing the friction in the sharing of knowledge. There may be many who at this point would start listing all the negative implications, including the impact on previously successful business models. But I want to focus on the positive aspects of free flowing information and knowledge, and the implications on the approaches used to ensure the maximal creation of value.

Companies that are aware of the value of connecting customers and producers in this new era have already moved to take a position of power in this new nexus of power. Those in control of the flow of data will be the ultimate winners, is it not best that we work to maintain the right balance of personal, corporate, or governmental control over the flow of data?

The mechanisms or approaches for doing this are embodied in these things called IT Systems.

They are developed by often well meaning systems to achieve the desired and specified requirements or outcomes. [[As an aside I had once a very confusing interaction by an academic teaching the next generation of our computer graduates their craft. He stated categorically that Information Asset Management more broadly, and Information Security specifically, were simply requirements that need to be specified in the original design of the system by the procurer of the system. Simply put he stated that computer programmers had no right or obligation to build compliant, safe or secure systems. If a component was not specified it should not be built. Simples!

I tried to remind him that early cowboy architects had designed buildings that did not stay up in the winds normally expected in the area in which the building would be built. If professional architects design buildings that will meet these unspecified expectations, why should IT Professionals not also take on these responsibilities, he was adamant if the customer did not specify it, it should not be added.

In the absence of Systems Development Regulations, similar to Building Regulations, I believe that we should be developing Computer Professionals who understand the importance of Information Asset Management, and who build Systems that meet the Users specified requirements as well as those that may have been unspecified but enable the IT System to run in a compliant, safe and secure fashion. In retrospect I perhaps was guilty of imposing a different view without integrating it with the normal perspective. I do hold to my belief however that the un-named academic IS guilty of churning out computer cowboys rather than IT professionals.]]

There are two types of activities involved in the development of safe and secure systems. The development activities aimed at meeting the base need(s),  and those that create a compliant, safe and secure system.
The first is the basic System Outcome Specification process.
It is normally done in a clockwise manner starting from the need, and not taking into account compliance, safety or security requirements, then returning to test and implement.
One might call this a Clockwise Systems Delivery Process.

The second is the specification of the Compliance, Safety, and Security aspects.
This is normally started at the point when the System is about to be implemented, and is by necessity completed in a rapid Anti-Clockwise manner. (Invariably not focussing on the initial need or required outcome, but the threats observable to the proposed system.)  I call this Anti-Clockwise Information Asset Management. Whereas the more effective approach below is called Clockwise Information Asset Management.

The aha! basically states that at the point when a new need or outcome is identified, that both these activities, should be initiated in a Clockwise manner starting from the Need and operated in parallel to define and implement a complete set of system requirements, including the required controls..

Once the system is implemented the loop is applied starting from Threat and operated in an Anti-Clockwise manner to operate the system. However whenever a change is required the Clockwise approach of the two parallel requirements systems should be re applied.

It can thus be noted that rather than thinking Anti-clockwise versus Clockwise Information Asset Management we should be thinking when should the two approaches be applied.

In short the Information Asset Management Lifecycle should be appropriately integrated with the Systems Development, Testing & Implementation and Operations.

Sometimes stating the obvious takes ages to occur! I wonder when we will see Compliance, Safety and Security processes effectively built into Systems Delivery Processes? I hesitate to ask my academic friend, as I already know what he will say...  "When the Customers ask for it!"

Hmmmm??? We might be waiting a while.

When it comes to different views, I am reminded of two blind men trying to identify an elephant, one holding it's trunk the other one of its legs. Having never seen an elephant neither were capable of describing the whole elephant, from their two different perspectives. Sometimes it is important let go of one perspective and gain another to "see" the big picture. Sadly I have spent much of my career holding onto one perspective.; Inside-Out. When Outside-In holds so much more learning and value creation opportunities. Neither of the Blind Men ever did ask each other for their perspective, nor the perpective of sighted observers.

MyPhone knows me, manages my soup, and acts as my Agent.

The device I really want has three key features over and above the standard Smart Phone stuff.

1st It knows MyIdentiy!
I'd go as far as saying it knows me a mile off, but I don't want to be without it that long! It uses multiple sensors to keep track of it's owners identity and status. It will know when I catching cold before I do.

2nd It stores and manages MySoup!
Which means it comes equipped with a fully extensible and semantically enabled Personal Data store that can readily have its content extended.

3rd It is MyAgent!
It acts on my behalf and not solely in the interest of those that built it!
It will advise me when I am in danger, it will encourage me to be healthier.

And best of all it can interact under my control with other MyPhones! for the betterment of humanity.

Hmm building the Rules that allow these devices to operate and achieve the above will not be trivai.

As a very bright person observed we should build the rules one asset at a time!

Which should we start with?

“Wie Lemminge” or It's the I in IT not the T that is key!

It all started in a taxi, with Simon Wardley, Alex Mayall and Warren Burns. The dialogue was brisque and for a change did not range into the weirder aspects of smelling bicycle seats, it was focussed on Why SAP?

The posit was "One of the primary drivers of SAP growth is the value of an SAP Implementation on the CV of CIOs". Cynical perhaps, but as we shared war stories we started to agree that it was a key element.

Alex recently emailed this paragraph:
It (the taxi dialogue)... triggered a recollection. Back in the mid-90s I met Dr Böndel, a German academic, who had written a controversial article in the German business magazine Wirtschaftswoche with the banner headline: “Wie Lemminge”. In the article he was despairing of the fact that firms in the German-speaking countries were opting for SAP solutions with all the due consideration of lemmings heading for the edge of the cliff. In terms of the storm this created, it was the German equivalent of Nick Carr’s notorious HRB piece “IT doesn’t matter”. Some local politicians in Baden-Württemberg, where SAP is based, even said that his article was tantamount to treason, as it undermined one of Germany’s recent industrial success stories. I found a reference to this in a short, well-researched and well-written history of SAP written in 2008 by Timo Leimbach: page 12). I can vouch for the accuracy of this history, as it chimes very closely with my own experience of SAP’s early days. Having said that, Leimbach is dismissive of Böndel’s arguments, but I’m not so sure. Unfortunately, I can’t locate the original Wirtschaftswoche article as that publication’s archive only goes back to 2000.

I am now hungry to read the "Why Lemmings" article… sadly the WayBackMachine could not help either, it stops in 1998, though I did track down the reference:

Böndel, B., SAP - Wie Lemminge, in: Wirtschaftswoche 49 (1995) 12, S. 108-118 but could get no further.
Aside: We are living at the end of the "black hole" in archival terms, Posit: Paper archival started to drop off in the Mid 80's as the amount of paper produced with these fangled things called computers
started to become un-manageable from an archival perspective, digital archival did not start seriously until the "Tenties" What the heck should I call this decade? Maybe an early signal of our blindness to the importance of Information as an asset?

When one takes a balloon flight high above the IT Historical Landscape, it is littered with examples of poor attempts at trying to make IT less costly and not more valuable.
This is basically because the folks that manage IT were focussed more on the T than the I, and ultimately driven by those that manage the asset class called "Dosh", "Wonga", "Mula", or "Dough".

Some examples:-
ERP = replacing as many systems as possible with one (Finance Driven)
Outsourcing = Reducing Capital Assets and Human Resource Assets (due to the cost of the pink things)
Don't get me wrong I love the profit motive, but I heard along time ago, from Michael Hammer, he of re-engineering fame, that there are two ways to affect profit, reduce cost or increase turnover, He argued very coherently that the top line strategy is the only approach with legs. Taking it out costs is the strategy of asset strippers, those whose goal is their own wealth not the creation of value.

Posit: We do not yet see Information Assets as the essential asset for creating value.

I believe the examples above stem from this observation. I heard that our antipodean friends are on the right track with this … in that there is an expectation to include Information Assets in company reports. Though I can't now find any evidence of this Australian shift.

Traditional Western view of asset classes:

In the future we will be looking back on this period where we were apparently blind to the importance and value creating properties of the information asset.
Google, Amazon and Facebook are three organisations that understand that having agency over the information assets of individuals has tangible value. 

Yet there have long been signs that bits can be consolidated to create data, data can be organised to give information, and the information can be analysed to extract knowledge.
The question is when will we get "wise" and see data, information and knowledge as the life-blood of future organisations, actually the ONLY Asset that really matters!

After all Wonga is simply an Information Asset Sub-Class that simply signals who owes whom!

One day we will get that Information Asset Management is way more important than we currently recognise, till that day should I keep quiet, or keep banging the gong?

I fear I may start looking and sounding like the weird guy with the bill-board in Guildford High Street telling us all that end of the world is nigh!! Hmmm! Maybe he's right and has access to the information that really matters! ;-)

There is however hope as the Marketing Department of many organisations are starting to get that IT can connect them directly to their customers, literally bringing the Client into their Organisation. Another example of Outside-In that Leading Edge Forum is so effectively signalling. Corporate IT Budgets are starting to look small in comparison with the Marketing IT Spend.
Should I be afraid or happy?

The danger or importance of putting the kin in things!

There are two ways of thinking about the kin in things.

The first the more dangerous of the two is only more dangerous if we do do it first!

If we put the kin in things, so that they become smart or thinking things, (OK so it was not a good pun!) before we put the kin in things so that they become "kith and kin" things, or things that know where their allegiances lie, then we should always be thinking: "On whose behalf is this thing thinking?"

In truth that is also true of a thing that can't think.

We should always be asking is this thing for me or against me? Is it a friend or foe?

As usual in this fast changing world of "Cyber Space" of which the internet is only a foundational part it comes down to Trust, what we might call e-Trust!

Trust, as we know, is founded on knowing a lot about the thing we want to trust, trusting the entity that commended the thing, and be very cognisant of the context in which we wish to use or operate the thing. This context can be embodied in the Rules of Entitlement a set of two way rules that helps us and the thing attain the correct degree of confidence in each other. [Why would a smart car start, without protest, if it knows that you are, over the legal limit,  not insured to drive, do not hold a valid driving license or road fund license, or do not have enough fuel to complete your intended journey.]

The sub components of all this are :

  • Identity Part 1; literally the ID of the Entity (or Thing)
  • Identity Part 2; attributes that support decisions about the Entity
  • Authentication (of Identity Part 1 & 2)
  • Rules of Entitlement  <<< Magic Lies here
  • Services relating to the provision and corroboration of the above
  • Finally controls that allow the management of 
    • effective degree of transparency and translucency of the thing
    • the availability of the thing
    • the integrity of the thing
    • and finally and perhaps most important given where we started exploring, is the Agency State of the Thing or  the capaciyt to "Know who controls it"
Me-thinks that putting the kin in things in the right order will be key to mankind "Attaining the right balance of Cyber Agency"(Future Blog), between the relevant five parties Persons, Things Governments, Enterprises, or Gaia

At present we are mass producing things that have no simple or standard capacity to identify themselves with others. Let's work quickly to first put the "kith and kin" in things.
We will need "Thing Kin Ecosystem"

I spoke of the problem to Michael Barrett of FIDO, he restated with the fervour of someone who fully understands the dangers of scope creep that FIDO is "JUST doing Authentication".  I truly commend him as without the Authentication component a Thing Kin Ecosystem will simply NOT be possible. But Authentication of what is still slightly unclear to me, happily I have another shot at finding out in two weeks.

I sat next to a VP of ARM the other day and posed this opportunity to him, I did a poor job hence this blog.

Wonder if this better gets the points across?  Comments?

Thursday, October 10, 2013

The Agency Balancing Act Part 2

Today Thursday 10th of October in a Times Leader column, David Arronovitch's spoke of an agency problem that may yet impact us all. he questioned whether the Guardian journalist Glenn Greenwald and his Brasilian boyfriend were indeed the best people to make decisions about who should be knowing what of the Edward Snowden leaked material. This after the Guardian Editor Alan Rusbridger had stated publically that there are some things that should, in the publics interest, not be known.

What rules should have been in place?  Who should have control?

I spent most of my life hearing about Double Agents and Triple Agents, so I recognize that developing rules that would manage this agency problem will be very difficult, if not intractable; for it is the ultimate agency problem "Right minded to whom?"

The obvious rule, to me, is that no single human agent ever needs the simultaneous right to transfer thousands or millions of files outside the control of a trust ecosystem.

Finally, I suspect that the most important rules of all are the transparency and oversight rules. In the past we have relied on journalists to instantiate these unwritten rules, and be our guardians, current discussions about newspaper oversight have shown the difficulty of appointing guardians.

After all, this is not a new problem...

Quis custodiet ipsos custodes? (Who will watch the watchers?)

With due deference to Plato it seems to me that we have allowed our political and educational systems to degenerate and we are creating more politicians and guardians of brass and iron, than of silver or gold. I reminded being taken to room in the centre of our government in which there sat a throne, the Queens robing room.  Merlin, the Earl of Errol pointed up towards the ceiling at a series of different frescoes that reminded him of his role in Parliament. According to the Houses of Parliament website the:
"... paintings by William Dyce in the room depict the chivalric virtues of hospitality, generosity, mercy, religion and courtesy, as represented through scenes from the legend of King Arthur and his court. Two other frescoes, illustrating fidelity and courage were originally intended but were never carried out."
We sorely need those other two uncompleted frescoes of Fidelity and Courage! Having politicians with the courage to be faithfull to the chivalric virtues of the frescoes would be of great benefit to our society. Many of our governments recent decisions seem devoid of any of them!

This at a time when our control over our lives can so readily and invisibly be taken from our grasp.

I think that we have first to recognize and name the problem of societal imbalance exacerbated by the internet, I call it the "Cyber Agency Problem"  Worse there are too many mechanisms for invisibly losing control to innumerate. (I am not worried, as much, about mechanisms that create loss of control which is immediately evident.)

At this time in our history, perhaps more than ever, we truly need our Politicians and Guardians to be fashioned from Gold. We need them to be right minded, in order to protect those amongst us who are right minded, from those driven purely by greed and self interest.

Perhaps for those who have read the short story "Farewell to the Guardian"( , there maybe a different element to better fashion guardians from....

This evening I am on a panel at the Science Museum exploring this very issue...

Agency a definition:

Given Agency is defined by sociologists as the 
"capacity of individuals to act independently and to make their own free choices."

Our innate desire for human agency is the driving force that differentiates us from animals, the desire to be in control of the facts, to be in control of our environments, to be in control of technology, to be in control of our lives and loves.

Cyber Agency is thus the capacity to be in control of our cyber or Internet selves.

Wednesday, September 11, 2013

Apple.... that was bleh!

OK so I still want a finger print reading iPhone but that was signalled ages ago!!

And even if you HAD announced the watch, which I'm still waiting for, it would have been bleh like.

Mostly because you have lost your capacity to surprise and delight.

So here are the things you can do to delight me...

Give me full control of my things
Help me know when I am losing control
Help me build my Personal Data Store and give me control over it
Share with me the value that others can get from accessing parts of my personal data store
Make it easy for me to connect new data sources to my Personal Data Store
How can I capture the data from my Weather Station and my Photovoltaic Array?

OK so I am disgruntled, as I used to look forwards to your announcements, this time I didn't even bother to watch. I just checked the news to see if I was right. I was.


Monday, September 09, 2013

Thinking about Things...

I suspect we need to define a set of Commandments for Things, before we and they get out of hand. Asimov started us of lower down Maslows Hierarchy, but  there are som many more things I would like to know if I were a thing. Wait a minute I am a Thing. OK so I mean the gadgety Things per the Internet of Things.

From a Things perspective should it be Uniquely Identified, should it know it's owner, should it be somehow immutably associated with it's owner? There are so many things to think about as Things start to emulate Thinking. Should things know what they do, and how to measure what they do? Can thinking things be owned? Do things have rights? Is owning a thing some sort of digital slavery, we can very quickly get into rather esoteric worlds, but if we stay firmly on Terra Firma, what do I want from the things associated with me. Assuming the Four Laws of Robotics apply

  1) I want to be able to uniquely identify my Things
  2) I want my things to be able to recognise me
  3) I want fealty and loyalty from my Things, these two cover a myriad of sub commandments.
  4) I want my Things to declare when they cannot be trusted
  5) I want my Things to

  • know what they do
  • know how to measure what they do
  • know how well they are doing it
  6) I want my Things to take on the burden of managing my Things
  7) I want my Things to anticipate my needs
  8) I want my Things to be able to collaborate with my other Things to better meet my needs
  9) I want my Things to be able to collaborate with my community's Things to better meet our needs
10) I want all Things to join together for the benefit of Humanity, ..... or do I?

This harder than I thought it would be, so I sat and thought about my current challenge
My Aercus Weather Station is still not reporting our local weather to the Wunderground. Which Thing Commandments apply to this situation?
1) Yep (well nearly as the Weather Station doesn't know its Identity, my Raspberry Pi and the Wunderground does know it as IGUILDFO2 !)
2) Nope, though the Connecting Thing, the Raspberry-Pi sort of does User Name Pi Password Raspberry. Ok so it doesn't! Must change the Default User ID and Password  See 6)
3) Nope; No Fealty and No Loyalty yet identified
4) Nope, Not a chance yet.... I really did think at one stage this week that someone had taken over the keyboard of the Raspberry Pi
5) a) Sort of Yep b) sort of Yep, c) Absolutely Nope
6) Nope, not at all, as can be seen by the fact that the Weather Station is not yet connected to the Internet
7) Nope, in my dreams
8) Nope, only if I do all the connecting , and I am still failing to get that done.
9) & 10) are currently both pipe dreams....

So the Weather Station Things is not yet really following the CoTs

Friday, September 06, 2013

Unification: yes... Convergence: yes... but...

Converge on me..., Unify my control.

Don't converge on you, or unify your control.

Consumersation of Agency is about putting the end customer back in control.

Those that get that will win back the trust of their customers.

Back in days of your the concept of service was clear, the entity providing the service was the "servant" to the recipient. Agency was NOT in the hands of the service provider. IT & the Internet in it's early stages has allowed the distortion of the concept of service. Often delivered by Service Providers, a term that in itself signals the self importance of the providers, they clearly didn't like servant!

The signs of rebalancing are clear, those service providers that think that they can remain in control of their "users", are likely to quickly find that the Millenials think differently. Earlier generations did not have the skills to wrest back control, the Millenials do! Think about it "Users" that most horrendous of epithets that was the most powerful signal of the distortion of the "Service" model, is also found in the word of Illegal drugs. Millenials do not think of themselves as Users, they see themselves as being in control, the agents of their own destiny. 

Make sure you own companies Consumer Agency Strategy is clear, you can start with how your Customers chose to identify themselves to you.... Do you still force them to use your ID and password?

Thursday, August 29, 2013

The Agency Balancing Act... Part 1

Having read this New York Times posted a while back I thought "I want one!"
OK so I want one, but probably more important I want control of the Personal Data Store that it will fill up with, as the device I want will be capable of gathering a lot of data about me, the wearer. 

While I am at it, I also want the ability to point Apps at my data, all my current Apps have their own data, more often than not, in the control of the App publisher, "What's up with that?".

For those that remember an earlier mobile device and its special approach to storing data, I dream of us getting back to the Newton Soup. The soup though, will be MY soup, not Apple's soup or Googles soup.
(Sadly if you really did follow the evolution of the Newton all of the App developers back then kept their soup in their own soup bowls... Doh!)

My soup will be chunky and very valuable, to me and others, as all of the chunks will have descriptors (meta data)... which means I need a way of looking after my soup, so my Chunks will also have Rules that will manage who has access to which chunks and how much they have to pay for it. My Soup will have Agency and be pretty Smart at it!

I don't want the hassle of having to manage all that on a day to day basis, so I want an Entitlement Agent, in fact I want lots of different sorts of agents over which I have dominion! But that's another post.

And so should you! You should be standing shouting from the rooftops.

We want Cyber Agency, and we want it Now!

Before it is too late...

By the way if you are an Enterprise you should be shouting 
"They want Cyber Agency and they want it Now!"
The folks who win will be the ones that OWN your Customers data, and if it is not your Customers, where do you think that puts you, Oh dear!, that will mean that you will be a customer too!
We all know that Disintermediation sucks, especially if you are the one being disintermediated! 
(Now Mr or Mrs Enterprise person into your bat cave and ask yourself what's the chances of us being able to persuade all our customers to let us own their data? Be honest with yourself!)

Best put your Customers in control then!

So Cyber Agency is the new balancing act:

 - give them their data before they can sensibly and easily maintain control of it and someone else will snarf it!
 - keep it for too long and they will move their custom elsewhere, to someone who does give them control.


Life's hard!

Wednesday, July 31, 2013

Changing face of Security in an increasingly Collaboration oriented world

While I agree the title is a handfull, there is much behind this topic. It recognises that Deperimeterisation is more than just an IT Security phenomena, and much more about the increasing business need for collaboration, both with other partners and also with customers. Innovation is increasingly externally powered. Organisations that try and survive inside their silo, peeking out to sell their shiny new product or service will find that the world has changed significantly, since they last peeked!

This new business frame requires a complete RETHINK of Information Security, moving to incorporate the enablement and assurance of Positive Value, by replacing security tools designed solely to protect / control / stop / monitor ; with a new breed of tools designed to ensure, promote, enable, and prove.  Imagine SMART DATA that not only did not allow the inappropriate entity from accessing it, but actively seeked out an appropriate entity, and reported when it had found one.

In short, the discipline of Information Security will take off its peaked cap, put down its STOP sign , and actively engage in understanding and ensuring that Business Goals and Business Rules are met.

From Security = Bolt On Braking Device

To Security = Built In Hybrid Motor that acts as both Engine and Brake!

Perhaps we will need to change our functions name to Information Asset Management?
Which by identifying the Opportunities and Risks associated with information assets under an enterprises control, can maximise the value of said Assets, reduce the potential for threats or losses, while ensuring real time compliance. The toolset will be completely different!

Like moving from the old world of Photography which required the creation of a "Negative" in order to then create the final Image (Which always involved loss of Quality!)
To the modern world which involves sensors directly capturing the positive image.

When InfoSec teams change their primary goal from one that involves disabling inappropriate access to one that ensures appropriate access, the outcomes will undoubtedly be more positive.

Perhaps the harder question is: How do we get the Infosec tool creators to re-tool! They like selling using Fear, Uncertainty and Doubt! It is so much easier for them. Worse, building security in will be very hard, especially as the first question is: WHAT ARE THE BUSINESS RULES?

In most organisations they are Implicit, Assumed, or worse in the heads of just a few folks who think that keeping them to themselves gives them power! But that is a whole other post.

Tuesday, April 16, 2013

Agency and the Internet of Things / Everything (IoT or IoE.. You choose!)

As the word Agency starts to gain credence and regain it's original meaning, the state of being in control, we are starting to understand it's importance. Sentient entities have the capacity to have agency. I gave my Smart TV (made dumb) another chance the other day, the first thing it did after I gave it a glimpse of the Internet was to delete two of it's Apps. I had not made this request, clearly Samsung thinks the device is theirs and not mine, I have no means of controlling how it uses it's Smarts, thus it was disconnected again. At the same time Apple are making a veiled attempt to give me control over my iPhone. They have introduced a means of controlling Advertising on the device. "Your challenge should you accept it, is to find the control... this tape will self destruct in 10 seconds" OK, clearly the mission isn't actually impossible, but give yourself 1000 points if you opened settings and went straight to the "About" section.

Agency is something we should work hard to retain, for when it is lost, it will be very difficult to regain. Put at its most basic; Freedom is a result of having Agency. Many of the worlds constitutions aim to keep their citizens safely in control of their lives. (That word "safely" has many implications)

As the number of Things in our worlds gain the ability to behave in an apparently sentient manner we should be very wary of who is actually in control of those Things.

A recent experience in our conservatory got me into hot water, the conservatory lights are controlled by X10 switches. My wife started complaining that the lights had started to have "a mind of their own" (a very agency laden phrase!) After two weeks I tracked down the issue to a subtly hidden infra-red detector that had previously been programmed to switch on the lights if movement had been detected. No names, but I had shown the controlling device to another member of my family, who presumably thought it would be fun to hide the detector in the lounge, facing in such a way that the conservatory lights would be triggered at seemingly random intervals.

In an old episode of StarTrek: The Next Generation, based solely on the concept of Agency. "Data" was triggered by his creator to return home, and he used his Cyber Hacking skills to take over the Starship Enterprise, over-riding any number of security controls to take on the Identity of the Captain and add his own security layer that locked the Captain from taking control of his own vessel. Data's creator had even gone to the lengths of locking "Data" out of his own memories of the event.

Agency will become a very important aspect of the Internet of Things or Everything depending which hype laden article you read, and thus Identity and Entitlement services will be crucial. Sadly just as with all things related to Safety and Security they are generally added after the fact, rather than built in.

If I had my druthers (an 1870's American term for Agency, being a contraction of "would-rathers") I would ensure that everything I owned was in my control, and as the things become harder to control I would have an Agent acting on my part to help me deliver the control required.

Any one remember having to manipulate the choke on the carburettor? My guess is that few of the Nintendo generation will have experienced the joys of flooding a petrol engine, especially not under the withering look of a father, who being ever so competent at all things mechanical, could manipulate the choke in his sleep.

The interfaces involved in controlling complex machinery reduce to fewer and simpler. Designing natural interface, or controls that offer Affordance, another key aspect of Agency, is not as simple as it looks.

Services in the Internet of Everything world must offer Agency to the right folks at the right time with the right degree of Affordance. (Not the affordability that pertains to the cost of the service... look it up!) After all you don't want to be like Jean-Luc having to separate the saucer section while travelling at warp speed in order to regain some semblance of control.

So all you folks designing Everything that will connect to the Internet, design Agency in, and be very careful about assuming that your clients don't want any of it....

Perhaps more importantly to all folks designing Agents here is my list in order of importance of the Agents that I want

Software Update Agent: Allows for the automated update or deletion of software under my control, not the control of Samsung or Apple.
Security Agents (I suspect there will be more than one) My use of the OpenDNS service best exemplifies this service, good luck trying to access pornography from my household!. I have four buttons to press to select how aggressive the filtering is, note to self don't use the highest level again, as it stops key folks in the household accessing Social Media! Bad Idea!
Identity Agents
Agency Agent (This one makes my head hurt but think of it as the Butler that manages all the other Servants to ensure a smoothly run life!)
Entitlement Agents: Manage my Entitlements, both those bestowed on me as well as those I bestow on others.
Contract Agents: Arguably a join of Identity and Entitlement agents. Would manage all the contracts that cost me or gain me wealth.
Energy Agent : Would manage the energy hungry devices in my world to consume at cheaper rates, or lower levels.
Home Automation Agents: We've touched on these...
Garden Agents: Water my greenhouse when it needs it, I am fed up of withering or waterlogged seedlings!

Agents, are in my mind like Fire and Forget weapons, rather than the Fire, Ready, Aim wire guided missiles that still need the continued involvement of their operator.

Monday, February 25, 2013

Tyre Frustration: Where do I put the data?

The Prius needed an MOT, apparently according to the newly published data, tyres and brakes cause the most MOT failures in my particular model of Prius. Hurrah to the DVLA for finally releasing the data. But that's another Blog "The value of joining public and personal data"

So anyway I checked the tyres, and lo I found damage to a sidewall a possible MoT fail. I then spent an inordinate amount of time researching the tyres I should put on the Prius. There is now a whole section in "mybrain" devoted to the data gathering effort. Thanks to the EU we have new data on Fuel Efficiency, Braking and Noise created by tyres, sadly they have not furnished us with the the missing Rate of Wear data. (I suspect the industry fought hard to keep that from us, or perhaps it is inversely proportional to the Fuel Efficiency impact and governments are keeping the data from us) No matter how hard I looked I could'nt find the data. Frustration growing... Data should be easier to get than this I should be able to just ask my agent. What are the tyres that will give me, great braking, the best fuel efficiency to wear ratio, and who is the cheapest supplier?

I eventually found the tyre I've gone for a set of Falken ZE914s C/B/70dB from, they have now been fitted. I also had the car serviced they found two of the wiper blades split, (note to self check the wiper blades before the next service) They gave me a piece of paper with lots of very useful data printed on it relating to the safety of the Prius, including 12 point depth check of the tires. Try as I might I could not find an A/A/70 !!

But all that is the build up. I now have a lot of potentially linked data most of which is embedded in the text above, that will be useful to me later and some of which I would be very happy to make public. But where the heck do I put it all...

If I don't store it all now how will I be able to ask my personal agent...

"How long did those first Falkens last?"
"How many miles did the last set of tyres do?

The answer is clearly that I won't be able to....

So I want a personal data store, and I want it now!!!!

Otherwise it's going to take a while longer for my personal agent to be useful to me, just asked SIRI he didn't have a clue. But then what should I have expect from a cyber butler whose only focus is pleasing it's real employer: Apple, and who clearly doesn't have access to my personal data.

Regulators skating to where the puck never was!

In ice skating the trick is apparently to skate to where the puck will be, I suspect the same is true of developing regulations. Naturally, though a regulator wants to reduce the impact of the last pain point that cost them votes. So we should not be surprised by the fact that not only are they not skating to where the puck will be, they rarely skate to where the puck is!

This is especially true in the fast moving world of the internet. We might think about the controls needed in the future being about where the puck will be. The need for agency, as where the puck is at present, and the desire to solve Privacy issue as where the puck was, while the "Right to be Forgotten!?" as some confusion on the part of an as yet unidentified individual, for the puck was never there!

I fear the regulators are putting far too much energy and focus into Privacy and not enough on Agency or the Capacity to Control our environment. Primacy, Transparency, and Privacy all result from having Agency, which means in the sociological sense; the ability to control one's environment, which in turn relies on having access to usable controls.

All Entities should be concerned about maintaining their Agency, whether they are Governments, Enterprises or Individuals

I wonder whether in the race to secure the internet, we are not rushing headlong towards a world where we ALL lose Agency, apart of course from those that manage to grab it. I see this next phase as the great Cyber Agency Land Grab.

Google, Amazon, Facebook and perhaps to a lesser extent Paypal, all understand this.

Hopefully our regulators will make the switch in time....

An example: Facebook, having become masters of moving the curtains to the their side of our windows,  have now quietly moved the ability to protect one's Identity out of our control to a less easy to find, and impossible to control location, ie on our friends Facebook page! Worse they have set the default to "expose" or as I say to my students "Promiscuous Mode". With the upcoming Facebook Graph Search, understanding and applying the controls we do have, will be even more important.

The outcome is that we as individuals have lost control of how we expose our identities, the responsibility or agency was moved to our friends and the control is not placed in the obvious Privacy enhancing location.  Agency Fail = Loss of Privacy

There are many more examples; Enterprises of the future will find that they have been disintermediated, and that the internet storefronts of the future will be owned by a small number of powerful corporations. We may achieve cyber security, but at what cost?

If I were in control of an Enterprises' Information Technology Strategy, I would be looking hard to find solutions that allowed an Outside-In approach to Identity, that kept the my enterprise in control of it's assets, and my customers in control of theirs. Easier said than done! I would also be encouraging the regulators to look to solutions that enabled growth of the economy and stop them making regulations that encouraged citizens to believe that they ever could be forgotten, let alone have the "Right to be Forgotten!"

Tuesday, January 29, 2013

Is the Identity Iceberg Toppling?

Posit 1: The future includes a time when entities own their own Identity.
Posit 2: In that future the focus on Privacy expands to the more important concept of Agency

River's regularly change course, without the landscape fundamentally changing. However, the landscape on the Identity Iceberg given it does topple would change dramatically. The challenge seems to be that intellectually even some of the identity 2.0 protagonists are looking at the opportunity apparently assuming that the landscape is not going to radically change. Perhaps they believe that the forces at work aiming to strengthen and maintain the new status quo. This would result in the Amazons, Googles and the Facebooks (AGFs) succeeding in owning our personal data. While it is clear that individual enterprises should give up now on the idea that they can each own our individual identities, for they are rapidly being marginalised by the AGFs, with Linked-In, and more recently Salesforce making a late attempt to join the Entity Identity grab. Linked-In and Salesforce entry into the space further counter the forces that could topple the Iceberg. Unless of course any of these switch to becoming a true Identity Service provider with the Individual and their devices as their main users, and enterprises as the Payors.

I first realised the possibilities behind a dramatic shift in the Identity landscape, when sitting behind a one way mirror listening to a diabetologist responding to questions about Identity on the Internet with the immortal phrase: "I need another Identity from a pharmaceutical company, like I need a hole in the head!" In the pharma sector this tension was resolved with DocCheck, an organisation that had pharma companies pay to know that a doctor was actually a doctor. This need was triggered by a German Law that required pharma companies to ensure that only doctors could access their medical websites. This is an Identity Service model that took a step towards the future world by giving doctors the opportunity of controlling an Identity that would be trusted (and paid for) by multiple pharmaceutical companies. Thus DocCheck started extending the monetisation of Attribute claims, from the "You will get paid" claim, which was already in place with Credit Cards.

Even the UK Governments innovative Midata program is seemingly just looking at giving individuals "access" to their data which has been collected by others. 

There are clearly folks looking at things from an entity centric perspective. At present I am not betting either way, though I am clear which way I do want it to go. I want to benefit from the value in my information / attributes either from services I value, but occasionally from a monetary sense.

The most important aspect I want from this world is that desire to be in control of how my information / attributes are used, in short I want to have Agency. (Actually I want Agents that will do that for me... but that's another blog....)
Agency defined as "the capacity, condition, or state of acting or of exerting power."

Given that there is a tectonic shift in play, enterprises have a number of options.
1) Try and maintain the status quo (which would be like trying to super glue the San Andreas fault)
2) Give up and let the new Identity players take control of their clients Identities and Attributes 
3) Be part of a movement that ensures individuals have Cyber Agency, help create a Cyber Trust Ecosystem that will enable individuals organisations access to their Identities and Attributes

Readers who also engage with my LEF persona will know that Consumerisation has been a interest of mine for years. Indeed Doug and I created the original topic on Wikipedia.  Chris Weisinger of CSC identified that this shift towards Cyber Agency, involves Consumerisation.  I had previously toyed with the concept of Identity being consumerized, but he spotted that actually we are talking about the "Consumerisation of Power". A Blog topic in itself that also alludes to Doc Searles Intention Economy

I will be coming back to tighten up this Blog but I want to put it out there...
Apologies for the weak grammar and poor structure and flow.

Some relevant Links

Monday, January 28, 2013

"An Englishman's Data is his Chattel"


"An Englishman's Data is his Chattel" :- We seem to have forgotten this important point, which is often mistaken for a lesser statement about homes and castles!

I believe that it is down to the lawmakers of England to reinstate this key right, not just for us Brits, but the whole world. In fact we need an addition to the UN Declaration of Human Rights. A declaration of Digital Rights.

e-Trust can only come from a base of clear data ownership, "big data" is confounding this key legal concept. There are whole businesses being founded on the idea that acquiring my data, using it and selling it on without my express permission is legitimate.

Yesterday I received an email offering me 1.6 Million email addresses for $450
I was affronted as they were clearly likely to be selling one of my email addresses gained by theft or fraud. The particular email it was sent to was one of my many ghost email addresses "twitterdeck @" one that I never use and only gave out to one supplier. Late last year ALL my ghost emails where "acquired/stolen" from somewhere in one go. I could only assume my ISP 1and1, either sold them onto someone, or they were stolen from the 1and1 servers. I never did discover which.

My data is My Data!  Whether it is my current weight measured by my wifi weighing machine, the amount of wine in my house, or my home address. We need to stop the theft and misuse of personal data before the great british public gets used to the idea that they do NOT own their own data.

I feel very strongly that we have allowed whole business models to be formed on the premise that Personal Data Theft and Misuse is OK. It is NOT OK!

Who, but the Brits can get this back under control? (Actually the Brits alone can't but at least we can start a movement!!)

Finally as a reminder, it is not about Privacy, it is about AGENCY!

Agency, or being in control, is what gives rise to the privacy outcome not the other way round.

The good news is that those that have "acquired" our data by fair means or foul are starting to understand that there is a growing demand for cyber agency. Take a look at the data controls in the latest Apple IO6. The growing power of the screams that occur each time Facebook opens our metaphorical privacy curtains also shows that the public is starting to get the need to be in control.

I wrote this Blog a while ago and felt it was missing something, now having read +Michael Koster's post  on User Agency and IoT, I finally realised what it was.... the importance of both Affordance and the "Things" and the sheer impossibility of accomplishing control in this new world without a great deal of help from Content Curation Agents as well Thing Management Agents that operate on our behalf.

I need mine now, before it is too late!!! And no I do not mean Application by Application I mean an integrated Content Curation Agent that will fight "Data Entropy" while extracting the maximum value from our data, and set of Thing Agents, likely to operate in a heirarchy under the Content Curation Agent.  See earlier post....