To the thread below I'm adding Luk's response to Daniel's post , and changing whole thing to plain text so the quote levels are a bit easier to see and manage (at least for me... I'm a plain text kinda guy).
This is important stuff, and it could be that none of our lexicons (in any language, but I don't know) are equal to the challenge. Just a thought up front.
The main point I want to make is that there are formal and informal ways our solutions need to work. Such is the case in the material world, but not yet in the technical one, in part because the technical world is to a high degree programmed, while the material world is not.
When we walk into a store in the material world, we don't need to force a contract on that store, nor does the store need to force one on us. This is because we are both independent of each other, and give each other space to play sensible roles in sensible ways that don't interfere with each other. We can occupy the same physical spaces without needing anything more than a few social protocols. For example, it is generally assumed that we will not be naked or causing a disturbance, and that store personnel will not disturb us with anything more than an occasional "May I help you?"
So, at the informal level, we have norms that have been established gradually over the history of civilization. Such is not the case online. At least not yet. Online we have lots of technical formalities unknown to users, but they have not yet created or supported the kinds of informal spaces we enjoy offline. And, in the absence of those, we get forms of bad behavior. As I said in the WSJ piece, no ordinary store in the offline world would have a guy follow you around with his hand in your pants (or your purse), just so the information gathered will give you better advertising.
But that's normative in the online world, for three reasons:
1) The calf-cow model of client-server, which we've had in e-commerce from the start. By that system they *have* to manage the whole relationship, if there is one.
2) The perceived necessity, within that system, for the vendor to gather as much data as possible, just to do business as effectively as possible with customers. This easily enlarges to "delivering" the ideal "personal experience" to the customer, who is, by design, a dependent of the vendor. That the same customer is separately a dependent of all the other vendors in the world is not the concern of any one vendor.
3) They can get away with it. So far. But, as Don and others have pointed out, there are powers in client-server powers that do reside on the client side (e.g. Do Not Track signaling). We can enlarge and add to those with VRM tools and fourth party services.
Back in 2003 I predicted (based on insights by my son Allen, who was studying the situation), a split between the static web and what he called the "Live Web." At that time the whole Web was static in the manner of offline real estate. You had sites with addresses at domains with locations that were constructed. Search engines crawled those sites and indexed them, every few days. They changed, but on the whole they were static in the manner of the aisles of a store. There were changes in the display of perishables and seasonal offerings, but the architecture of the store was a fixed thing. And everybody's view of the store was the same. Two people could talk on the phone about what goods they'd see in a particular department, viewed on a website.
Now the Live Web, in the commercial world, is supplanting the static one. By thoroughly "personalizing" your "experience" of the store, the website is less of a site and more of a house of mirrors that's different for everybody. The store is no longer a basically static place with a spread of offerings, arranged in a sensible order for everybody. It is a personalized promotional space that's constantly trying to sell you stuff. It's pushy in ways that are personal. Sometimes that works, but often it does not, because it's wildly presumptuous, making bad guesses more often than good ones. In any case, the advantages of the static store are lost, or risk being lost, based on how non-static and "personal" a store might be.
Back to trust and control.
There are times we need to be in control. That goes for ourselves and for the vendors we engage.
There are times we need to trust. I suggest that most of the trust we give is informal, rather than formal. And that the informal is the most challenging frontier, because opening it will require some formal work — but not *all* formal work. And it's hard to tell where one stops and the other begins. This is clearly the case with vendors, who have taken the formal (data collecting, personalization and all that) to an extreme, without any sense of how that screws up the informal (or even if the informal has value at all).
I think it's true on the VRM side as well. Since it's still early for us, it's good to pause and think about where we're going with our formal work, and what its consequences might be for the informal spaces we need to create.
Doc
On Jul 23, 2012, at 8:31 AM, Katherine Warman Kern wrote:
> Daniel, the idea that trust is about relinquishing control, with no obligation by contract or the transparency of audit – is granting an absolute power that (as the saying goes) corrupts absolutely.
>
> Why go down that inevitable path?
>
> Rise above and give customers the freedom to protect themselves. Operate transparently (so anyone can see who is doing what, without requiring an audit) and grant the customer the power to affect consequences instantly (i.e., push a button and withdraw data from an offensive company – putting the onus on the company to win the customer back).
>
> The thing I don’t understand, if browsers are so leaky that any business can “see” what users are doing, why isn’t just as easy for a business to make it possible for customers to “see” what others do with their data?
>
> K---
On Jul 23, 2012, at 6:55 AM, Luk Vervenne wrote:
> Hi Daniel,
>
> We basically don't disagree...it is just a slogan to make a point and a crude one to that end.
> Allow me to explain:
>
> The TAS3 claim solely is about Internet transactions involving personal data.
> There trust without (ability to) control generates anxiety.
>
> We simply tried to raise the bar on how personal data transactions over the Internet should have been engineered in the first place. (having 100% hinsight of course :-))
> This was never in the minds of the Cern scientists, and true to their 'raison d'être', big corporates and since 1994 Internet corporates have done little to progress end-user empowerment.
> The point being that 50 years of software in essence led to lots of organisational software, all while users got a data leaking browser.
> This unbalance has to end.
>
> In other, 'more diffuse' interactions, TAS3 still is of help, but is less effective and focused.
>
> More important is that I see Control and Trust not as being opposites.
> They actually complement each other.
> By having "basic", always-on end2end 'trust assurance' and accountability (over the contract on which parties pre-agree), new, and more refined levels of trust are possible.
>
> In that sense I feel the grocery and colleague examples below are somewhat incorrect.
> - Surely, if both the grocer or the colleague would be certain they will never be caught because they are not 'controlled', more 'funny stuff' would happen.
> It's the nature of man.
> It is the very fact of being 'controllable' that helps lay the foundation of trust.
> - The good side is that people indeed can work in trust and feel good about it.
> That's also nature of man.
> The problem is: how do you know?
> Mankind, since the caves, has chosen to lower risk by introducing control.
> So both work hand in hand.
>
> Bottom line:
> Control is a basic thing upon which trust can be build.
> The more natural control is perceived, the higher the value and levels of trust we have develop.
>
> In that sense, "the trust is good, control is better" got your attention, but in essence indeed is incorrect.
>
> Luk
>
>> From: "> [mailto: "> ] On Behalf Of Daniel Kaplan
>> Sent: Monday, July 23, 2012 5:08 AM
>> To: ProjectVRM list
>> Subject: Re: [projectvrm] real market mechanics
>>
>> 2012/7/21 Luk Vervenne < "> >
>> "Trust is good, control is better"
>>
>> Luk, much as I admire TAS3's work, I believe that statement is philosophically wrong, and I'm not just saying that in order to make an intellectual point.
>>
>> In many ways, trust is about relinquishing control. If I trust you, I will entrust you with something/some task that is valuable to me,I will free my hands and mind of it, and agree to take a risk (that you're in fact incompetent for the task, or that in fact you don't have my best interests in mind).
>>
>> If I do not agree to take a risk, to lose some control, I can ask you to sign a contract and audit whatever you do. That is not wrong, but that is not trust. It's (legal and technical) security. On my side, It's control. Security is something you want when you don't trust, or when you want to dispense with trust. In IT, for the last decade, "trust" has been equated with "security". I believe this is terribly misleading, and terribly wrong for business.
>>
>> There are many instances where it's best to go with security than with trust (think, negotiating an arms contract). BUT there are also many instances where the opposite is true. In fact, we use trust hundreds of times in our daily life: When we omit to check the change at the grocer's, when we believe that a colleague will perform the difficult task she just committed to perform, when we begin a mission on a phone call, before the contract is even drafted... In all those cases, control is not better than trust. In fact, control would destroy trust.
>>
>> Many of the best things in life (and commerce) are about losing control; And in many cases, it's in favor of someone we trust.
>>
>> So where am I headed Re:VRM? Here (more or less):
>>
>> VRM shouldn't just be an arms race between consumers and corporations, for the most powerful means of asserting one's wishes, of securing one's data, of checking what the opposite party says and does. In particular, we should take special care that a VRM world should not be a world where every interaction is encased in computer-readable legalese, proof-producing, audit-trail-leaving, etc.
>>
>> I do not know how that should translate technically. But a VRM world should allow more room for trust-based relationships without superformal security and audit attached, rather than less. People do amazing things among themselves based on trust: Wikipedia, eBay, Zipcar... At least in Europe, they do most of their day-to-day shopping in shops where talking about "proof in court" would just get you thrown out the door. Make all that secure and auditable, and you just lose it all: no more Wikipedia, no more surfing couches, no more mom-and-pop stores.
>>
>> We certainly need TAS3-type frameworks, but we need them to be part of the landscape, not the whole landscape. Which includes not saying that control is "better" than trust, when in fact it's just something else.
>>
>> How does VRM empower informal relationships as much as formal ones? How does it empower trust-based transactions and not just contract-based ones? Because the majority of real-life interactions are in fact based on trust (not security), I believe this is a real challenge for our community.
>>
>> I realize I'm not offering solutions here, just directions. But I promise we'll work on this issue. Trust me on this :-)
>>
>>
>> Daniel
>> (MesInfos project)
>>
>> ----------------------------------------------------------------------------------------
>> FING - association pour la Fondation Internet Nouvelle Génération
>> The Next-Generation Internet Foundation
>> Daniel Kaplan - "> - +33 6 8962 9968
>> http://www.fing.org / http://www.internetactu.net
>> Paris : nouvelle adresse - 8 passage brulon - 75012
>> Marseille : CMCI, 2 rue Henri Barbusse - 13001
>> ----------------------------------------------------------------------------------------
>>
>>
>>> Assuring ecosystem wide control of end2end trust for transactions is achievable.
>>> The issue indeed is what happens if a vendor misbehaves outside of the network?
>>>
>>> Here's how we did it in TAS3.eu:
>>> - since all transactions are turned automatically into encrypted auditable online contracts (stating what the vendor promised to (not) do), ....being caught means the ecosystem governance actualy has "proof in court".
>>> - being caught with for instance 'passing on data' in conflict to the contract, also means a moral blow for the vendor.
>>> - since the ecosystem has a vendor trust ranking list, any misbehavior becomes public, especialy when confirmed by the outcome of the (ecosystem trust) governance board or legal case, will be catastrofic.
>>>
>>> All in all the combination of (potential) legal action and public knowledge should keep vendors contractually in line in performing as they agreed upon.
>>> This is why governance of ecoystems - as a legal precaution - needs to be carefully crafted in several 'separation of concern' entities
>>> - overall ecosystem governance board
>>> - intake process of vendors
>>> - network trust operator (inlcuding audit data oversight & storage)
>>> - accountabilty committee
>>>
>>> L.
>>>
>>>
>>> On 21 Jul 2012, at 20:57, Crosbie Fitch < "> > wrote:
>>>
>>>>> From: Marc Lauritsen
>>>>> Magic is not an appropriate claim. But to the extent that individuals emit less data to vendors with whom they don't wish to transact, and respond less to manipulative signals, the market should eventually deliver better practices on both the personal data and spam fronts.
>>>>
>>>> Quite. People will veer toward those merchants who (appear to) treat them and their friends well. Merchants that can be shown to have breached customer confidence (without due cause) will lose custom. This is epiphenomenal - not brought about by special/magical measures.
|
|
---------------------------------------------------------------------------------------- FING - association pour la Fondation Internet Nouvelle Génération The Next-Generation Internet Foundation Daniel Kaplan - " target="_blank"> - +33 6 8962 9968 http://www.fing.org / http://www.internetactu.net Paris : nouvelle adresse - 8 passage brulon - 75012 Marseille : CMCI, 2 rue Henri Barbusse - 13001 ---------------------------------------------------------------------------------------- |
Archive powered by MHonArc 2.6.19.