| Actually TAS3 has this solved for Internet transactions. In every step in which the transaction touches the TAS3 access & control points (every website or web services in the ecosystem has them), audit (summary) data is generated, which flows to the users' trust dashboard. As such you see who got what data (or why not).
L. On 23 Jul 2012, at 14:31, Katherine Warman Kern <
">
> wrote: Daniel, the idea that trust is about relinquishing control, with no obligation by contract or the transparency of audit – is granting an absolute power that (as the saying goes) corrupts absolutely. Why go down that inevitable path? Rise above and give customers the freedom to protect themselves. Operate transparently (so anyone can see who is doing what, without requiring an audit) and grant the customer the power to affect consequences instantly (i.e., push a button and withdraw data from an offensive company – putting the onus on the company to win the customer back). The thing I don’t understand, if browsers are so leaky that any business can “see” what users are doing, why isn’t just as easy for a business to make it possible for customers to “see” what others do with their data? K--- "Trust is good, control is better"
Luk, much as I admire TAS3's work, I believe that statement is philosophically wrong, and I'm not just saying that in order to make an intellectual point. In many ways, trust is about relinquishing control. If I trust you, I will entrust you with something/some task that is valuable to me,I will free my hands and mind of it, and agree to take a risk (that you're in fact incompetent for the task, or that in fact you don't have my best interests in mind). If I do not agree to take a risk, to lose some control, I can ask you to sign a contract and audit whatever you do. That is not wrong,but that is not trust. It's (legal and technical) security. On my side, It's control. Security is something you want when you don't trust, or when you want to dispense with trust. In IT, for the last decade, "trust" has been equated with "security". I believe this is terribly misleading, and terribly wrong for business. There are many instances where it's best to go with security than with trust (think, negotiating an arms contract). BUT there are also many instances where the opposite is true. In fact, we use trust hundreds of times in our daily life: When we omit to check the change at the grocer's, when we believe that a colleague will perform the difficult task she just committed to perform, when we begin a mission on a phone call, before the contract is even drafted... In all those cases, control is not better than trust. In fact, control would destroy trust. Many of the best things in life (and commerce) are about losing control; And in many cases, it's in favor of someone we trust. So where am I headed Re:VRM? Here (more or less): VRM shouldn't just be an arms race between consumers and corporations, for the most powerful means of asserting one's wishes, of securing one's data, of checking what the opposite party says and does. In particular, we should take special care that a VRM world should not be a world where every interaction is encased in computer-readable legalese, proof-producing, audit-trail-leaving, etc. I do not know how that should translate technically. But a VRM world should allow more room for trust-based relationships without superformal security and audit attached, rather than less. People do amazing things among themselves based on trust: Wikipedia, eBay, Zipcar... At least in Europe, they do most of their day-to-day shopping in shops where talking about "proof in court" would just get you thrown out the door. Make all that secure and auditable, and you just lose it all: no more Wikipedia, no more surfing couches, no more mom-and-pop stores. We certainly need TAS3-type frameworks, but we need them to be part of the landscape, not the whole landscape. Which includes not saying that control is "better" than trust, when in fact it's just something else. How does VRM empower informal relationships as much as formal ones? How does it empower trust-based transactions and not just contract-based ones? Because the majority of real-life interactions are in fact based on trust (not security), I believe this is a real challenge for our community. I realize I'm not offering solutions here, just directions. But I promise we'll work on this issue. Trust me on this :-) Assuring ecosystem wide control of end2end trust for transactions is achievable.
The issue indeed is what happens if a vendor misbehaves outside of the network?
Here's how we did it in TAS3.eu:
- since all transactions are turned automatically into encrypted auditable online contracts (stating what the vendor promised to (not) do), ....being caught means the ecosystem governance actualy has "proof in court".
- being caught with for instance 'passing on data' in conflict to the contract, also means a moral blow for the vendor.
- since the ecosystem has a vendor trust ranking list, any misbehavior becomes public, especialy when confirmed by the outcome of the (ecosystem trust) governance board or legal case, will be catastrofic.
All in all the combination of (potential) legal action and public knowledge should keep vendors contractually in line in performing as they agreed upon.
This is why governance of ecoystems - as a legal precaution - needs to be carefully crafted in several 'separation of concern' entities
- overall ecosystem governance board
- intake process of vendors
- network trust operator (inlcuding audit data oversight & storage)
- accountabilty committee
L.
On 21 Jul 2012, at 20:57, Crosbie Fitch <
" style="color: purple; text-decoration: underline; ">
> wrote:
>> From: Marc Lauritsen
>> Magic is not an appropriate claim. But to the extent that
>> individuals
>> emit less data to vendors with whom they don't wish to transact, and
>> respond less to manipulative signals, the market should eventually
>> deliver better practices on both the personal data and spam fronts.
>
> Quite. People will veer toward those merchants who (appear to) treat them
> and their friends well. Merchants that can be shown to have breached
> customer confidence (without due cause) will lose custom. This is
> epiphenomenal - not brought about by special/magical measures.
--
|