Text archives Help


Re: [projectvrm] On Datacoup's Patently Unfair T&Cs


Chronological Thread 
  • From: Info SS < >
  • To: Dan Blum < >
  • Cc: Sean Bohan < >, Renee Lloyd < >, Graham Reginald Hill < >, " " < >, " " < >, , Matthew Sutton < >
  • Subject: Re: [projectvrm] On Datacoup's Patently Unfair T&Cs
  • Date: Thu, 24 Jul 2014 17:44:59 +0100
+1. Dan, 

Many companies are rightly confused and not legally compliant in many places in the world, but this should not exclude them from getting better or participating in networks of trust.  For this they should get some measure of respect. 

As you rightly point out there needs to be a movement, but it can be iterative and develop at business speed over time along different levels. Like levels of identity assurance.   The current state of affairs is quite tragic, expensive, and confusing for everyone so this should not be that difficult of path forward. 

The tough part is that this comes down to much better transparency and a move towards enforcement.  For this to happen people to get behind something that is practically privacy by design.  Projects like that of CitizenMe TOS Antivirus need to get some uptake and we should all be able to help.  With such an approach orgs can start to make different T&C’s meaningful.  

Bottom line: Enforceability is a key point and it requires multi-community advocacy. Something perhaps that VRM is already leading on. 

- Mark



Hi Sean,
I agree with your sentiments that VRM has to be a big tent. It can be successful if it brings a broad spectrum of participants on board and gradually starts to create new norms online. As a "movement for VRM" or a "movement for privacy" we have to take to heart the "Positive Sum" principle from "Privacy By Design" which essentially prescribes win-win solutions. There will be many different kinds of win-win solutions for businesses, and many of the early ones may be less ideal than future ones that can be built on top of mature VRM infrastructure for individual agency in the future.

Raj Samani  (cc'ed) is with McAfee, the Cloud Security Alliance, MiiData in the UK and various other groups. He shared an interesting perspective for me when he and I met in London to talk about Respect Network. He said that we needed to have "tiered certification" of business members because inevitably as we expand some of the members are going to make mistakes (such as publishing problematic T&Cs) or even violating the Respect Trust Framework. If we don't want "trust" in the entire VRM ecosystem, or in Respect Network, to be devalued by the lowest common denominator, we need to evolve multiple denominators (or different sets of criteria) against which providers can be judged. In the Respect Reputation System, these criteria would be exposed as "reputation contexts." 

For example, a personal cloud service provider (CSP) that only wants to play by the lowest common denominator rules could expose a "level 1 privacy and security" reputation context. The reputation system would incentivize level 1 CSP to play by the level 1 rules, and customers with higher standards would look for other CSPs exposing level 2, 3 or higher reputation contexts.

This allows some minimum standards to be enforced, perhaps more than 90% of all businesses to participate, customers to know what to expect, and for the network to evolve higher and higher levels of trust over time.

Best regards,
Dan Blum
Dan


On Thu, Jul 24, 2014 at 11:22 AM, Sean Bohan < " target="_blank"> > wrote:
"Has the ProjectVRM Forum lost its moral compass? I hope not. "

No, it hasn't, and you are not it.

Your point about TOS and Privacy policies is well-taken and something a lot of us look at frequently. But there is a problem with your comment - that there needs to be some kind of fundamentalist litmus test for participation in this community and we need to police it by some standard of yours. 

VRM is a "big tent" with participants from across the spectrum of business and life. There are no bosses and there are, like 2 mods. We are here because we think there is something to this idea Doc has been working on for years, and as a community we need lots of voices (including yours) and more importantly, work. Since 2007 we have discussed the idea that VRM is a framework and set of principles, not a black-white determination. There will be "shades of VRM", and as a community we need to recognize that, accept it and be focused on helping participants (including very big organizations) to get better.

This list existed long before you got here, Graham. As a community we have called each other out numerous times, and will continue to do so. When we call out data brokers or politicians it's because those are learning moments for everyone, and they are usually TERRIBLE. Additionally, most of us have jobs and we are not all DataCoup users - we all don't fine-tooth-comb every TOS from every VRMish startup on the web. If you have that kind of time, good on ya.

There is no "VRM Good Housekeeping Seal" and there might never be.  

Matt has a startup. He is actually doing something. DataCoup might not be 100% VRM, and may have a crappy TOS, and that's ok. Everyone, including you Graham, has room for improvement. Let us work with him. Matt is here, he is engaging. We can learn from him and hopefully help him.

Hey DataCoup:
  • You might want to talk to legal about the arbitration clause and see if there is a better way - it limits your risk but screws the user 
  • You might want to look at putting together a TL:DR sidebar on your Privacy page and spelling out, (in bullets, written at a 8th grade reading level) what the policy actually says
  • You might want to look at your termination policy in the TOS and properly spell out what happens to the User's data on DataCoup if and when they terminate the relationship (see Doc's "I want a NUKE button for my data on any given service" comment from a couple years ago) and what regulatory requirements might prevent the ability to have a NUKE button (IRS reporting and retention policies, etc.).
- Sean
 



On Thu, Jul 24, 2014 at 8:09 AM, Renee Lloyd < " target="_blank"> > wrote:
"The large print givith, the small print takith away".  

Priceless and sadly so true.  I missed this thread and after reading through, I appreciate the points you've made Graham!   In CA arbitration clauses are deemed substantively unconscionable and are struck.   Claiming to be VRM 'end customer' friendly in message and posting TOS that exploit the End Customer is directly at odds with VRM.  In fact, they ought to post that first sentence above as a disclaimer on their site.  



Renee Lloyd
Sent from my iPhone

On Jul 24, 2014, at 4:30 AM, Graham Reginald Hill < " target="_blank"> > wrote:

Hi Steve
 
Thanks for your comment.
 
You are indeed right. The real world is usually far more grey than stark black or white. But that doesn't mean we should simply accept moral relativism with a shrug of the shoulders. As Michael Sandel points out in his excellent book on 'Justice', we usually know what's the right thing to do. Surely a startup extolling how it wants to treat customers 'fairly' on its front-page should not so blithely insert patently unfair caluses into the small-print of its T&Cs. I have worked with a number of lean startups and recognise the need to learn by doing. But I don't think this is an area where any learning is really required. It is obviously the wrong thing to do. The arbitration clauses are unfair and should be removed. Somethings really are black and white. 
 
As the old saying goes... “I do not want to drive across a bridge designed by an engineer who believed the numbers in structural stress models are relative truths.”
 
I hope you enjoy Tom Fishburn's cartoon about 'Terms of Use' http://tomfishburne.com/2012/12/terms-of-use.html as much as I did.
 
Best regards from Cologne, Graham 
 
PS. FYI. On clicking on Lockstep's T&Cs I am taken to a text box that says Legal Information but has no content. Is this intended?
 
 
 

 

I do count myself in the camp that distrusts digital companies' Ts&Cs as being monstrously one sided and opaque, but I can't let this bombast go through to the keeper:

 

"Either you treat customers fairly, or you don't. There is no half-way house."

 

Of course there is a half way house. And a one percent way house, and a sixty five percent way house, and a very nearly all the way house -- if only because customers' perceptions of reasonableness (and lawyers' definitions of what the reasonable person thinks) are changing all the time.  I repeat, I do agree that the infomopolies are not to be trusted; they do all they can to train users to be relaxed and comfortable and complacent about Ts&Cs. 

 

But we really need to tackle these issues with more nuance.  Nothing is absolute. Nothing should be said to be "broken" (for the same reason as nothing should ever be assumed to be 100% secure of safe or private. 

 

Cheers, 

 

Steve Wilson.

 

 

 

Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy. Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.

 

Hi Matt
 
Thanks for your email.
 
I am sorry but I do not buy your excuse for creating such ethically problematic and patently unfair T&Cs. It simply doesn't wash. Either you treat customers fairly, or you don't. There is no half-way house. Being a lean start-up is most certainly not an adequate excuse.
 
I have the ProjectVRM Forum to thank for making me so aware of the importance of reading T&Cs. They say so much more about a vendor's underlying approach to business than any amount of flash web pages or glossy marketing. I wonder how many of the other VRM vendors' T&Cs are full of similar one-sided clauses, weasel words and scant regard for customer ethics, as Datacoup's is.
 
More generally, I find it interesting how, on the few occasions that someone has pointed out a serious shortcoming in a VRM solution or its ethics, practically nobody has anything to say about it on the ProjectVRM Forum. Even Doc, who normally has a well-thought through opinion on most things VRM, passed on Datacoup's ethically problematic T&Cs. Yet if a marketer, data seller or politician says or does anything contentious about consumer data, the same ProjectVRM Forum is instantly up in arms. Somethink is not right. Has the ProjectVRM Forum lost its moral compass? I hope not. 

Best regards from Cologne, Graham
 
 
Gesendet: Mittwoch, 23. Juli 2014 um 15:44 Uhr
Von: "Matt Hogan" < " target="_blank"> >
An: "Graham Reginald Hill" < " target="_blank"> >
Cc: "ProjectVRM list" < " target="_blank"> >
Betreff: Re: Re: Re: [projectvrm] Tim Friedman's column
Graham,
What's shaking? 
If your point, as you stated in the follow-up email, was: 
"The point isn't so much that it is technically difficult for an average Joe to take charge of his own data, but that no average Joe can be bothered to do so."
then I don't think I missed it. I addressed it in the first two sentences of my email, which I'll paraphrase here: People won't take control until it's worth their while, which likely happens at a choke-point for a big ticket item. 
 
Regarding TOS, we don't have the legal budget (at the moment) to spend on our ideal TOS. In absence of that, we need to start with something broad-sweeping that mitigates our liability as a company, so we an stay alive until we can improve the next version of TOS, product and marketplace. We abhor contracts of adhesion, and are working toward a goal of transforming our TOS into something much more in line with what Doc espouses in The Intention Economy.
 
Building a co. is all about incrementalism. Utopia is not for this world. If you think you are going to open a box and find a panacea, you'll be opening boxes 'til you are blue in the face. 
 
As far as datacoup goes, I didn't offer it, to this email chain, as a solution to the ills of all consumer experiences. In fact I didn't make any mention of it at all... you did. If you'd like to chat about my platform, we can set up a call or side email to discuss at further length (current abilities, goals, future path, etc)... I'd be happy to do so. 
 
 
 
 
On Wed, Jul 23, 2014 at 3:34 AM, Graham Reginald Hill < > wrote:
Hi Matt
 
Thanks for your comment.
 
I think you rather missed the main point. The point isn't so much that it is technically difficult for an average Joe to take charge of his own data, but that no average Joe can be bothered to do so. It is primarily about the lack of interest, not just the lack of ability. As the research on the behavioural economics of privacy suggest, personal data managemnt is a very incomplete, messy and technical solution for a privacy job-to-be-done that practically no Joe is really all that bothered about. Today's post-recessionary Joe's are too busy trying to make ends meet and getting on with their busy lives to be bothered with something as irrelevant as data management. As Hume's Guillotine illustrates; 'ought' is not the same as 'is'.
 
You list a short range of data that can be dowloaded through, e.g. APIs. Yet your own company, Datcoup only allows users to download two of them, a range of ephemeral social data from the usual suspects and credit card data. Your service doesn't allow you to download data from 95% of the categories that make up the typical household expenditure, nor does it allow users to control how what little data that can be downloaded is used once it has been downloaded. And it doesn't stop any of the social media or credit card companies from using the data they already collected about you in any which way they want, nor from using the data against you, e.g. by offering you only higher-priced products (as this article on Sell Your Personal Data for $8 per month http://www.technologyreview.com/news/524621/sell-your-personal-data-for-8-a-month/ points out). 
 
Despite the claims to democratize personal data by establishing an open, fair marketplace for individuals to sell their personal data, the insistence in Datacoup's long and convoluted T&Cs on mandatory arbitration is anything but fair and democratic.  In fact I would go as far to say that it is morally and ethically unacceptable, as it denies one or both parties their fundamental rights to a fair trial by their peers, a foundation of justice (see Signing Away Your Rights http://prospect.org/article/signing-away-our-rights-0 for more details). Under no circumstances would I sign such an unfair contract in order to use Datacoup's services.
 
 
Gesendet: Dienstag, 22. Juli 2014 um 15:11 Uhr
Von: "Matt Hogan" < > Cc: "Doc Searls" < >, "ProjectVRM list" < >
Betreff: Re: Aw: Re: [projectvrm] Tim Friedman's column
It's time, capital and technical skill intensive for average Joe until it's not. Meaning, at the right choke point, be it for mortgage or other loan product, insurance product, or other big ticket item where the value gained from the vendor is enough to warrant someone to "take control" (aka aggregate and share), then people will do it in droves. 
As a technical matter, it's really not that difficult at all:
Financial data: api's 
Social data: oauth, api's
Quantified self data: oauth, api's
Search data: browser extension (as effortless as ad blocker)
Device data: native or even just mobile browser app
 
Did I miss any major data sources?
 
This all exists, and connecting these data sets in perpetuity takes less than a minute.
I think management of personal data by the individual is a lot closer than you are surmising. 
 
And why is it fanatical to want to harness the value of an "asset", ostensibly created by yourself (with help from platforms) that others are making billions from? Seems pretty reasonable to me.

Sent from my iPhone

On Jul 22, 2014, at 4:08 AM, "Graham Reginald Hill" < /" target="_blank"> > wrote:
 
Hi Doc
 
If you hate to make an ad hominem argument then don't make one.
 
I agree with you that there are many examples where privacy has been trampled upon. And of course, they are a source of much existential angst for the chattering classes. But there are very few examples where your average Joe had decided that enough is enough and that he needs to take charge of his data in future. Installing  an ad blocker is almost effortless. And it makes web pages load so much faster. Taking charge of your data is far from it. It requires, time, money and technical skills that the vast majority of Joes do not have. Even if they did, the market for data management tools is at the rapid development stage of market evolution, placing a huge additional integration burden on any Joe bold, or stupid enough to want to manage his own data. To be blunt, personal data management is currently something for fanatics. Moore and Schumpeter may change that, but probably not in the next few years.
 
The market for intermediaries has been well documented. Consumer Focus (http://www.consumerfutures.org.uk/files/2014/01/Next-Generation-Intermediaries.pdf) and Ctrl-Shift (http://www.consumerfutures.org.uk/files/2014/01/The-Rise-of-the-Consumer-Empowering-Intermediary-Ctrl-Shift.pdf) have both produced excellent reports recently describing how they have stepped-up to the plate to provide customers with, e.g. comparison sites and product aggregation for complicated financial services products. AirBnb and Uber whilst superficially similar are not quite the same, as the products they offer are much easier to understand. Both in complicated finanacial services and easier hotel listings, intermediaries provide a multi-sided market (MSM) platform that allows consumers to more easily find, compare and in some cases, buy services from sellers. But in reducing the customer's costs they may increase sellers' costs by a similar or greater amount (see http://www.hbs.edu/faculty/Publication%20Files/14-052_41d72e17-7ca8-4090-99eb-a7d24e8eaa0f.pdf and Section 1 of http://www.econ.cam.ac.uk/research/repec/cam/pdf/cwpe1361.pdf for more details. That is why most MSMs charge sellers to offer their services, at no cost to consumers. And why most brands are keen to get off intermediaries and go direct to consumers. For example, when I worked in the Netherlands insurance market a couple of years ago, one particular motor insurance aggregator had become so powerful that it distorted competition for the industry as a whole. Not only did insurers feel that they would be competitively disadvanteged if they didn't list on the aggregator, but also the aggregator was able to demand lower factory gate pricing than the insurers could offer on their own websites. There was little suggestion that consumers benefited from this centralisation of power in a single aggregator. It was a market failure every bit as large as the previous difficulty in consumers being able to easily compare like-for-like prices on insurer's' websites. Intermediaries are not the competitive panacea that many would like them to be. As the old saying goes, 'be careful what you ask for, you might get it'.
 
Best regards from Cologne, Graham
 
 
 
Responses inline below...
 
On Jul 21, 2014, at 6:10 AM, Graham Reginald Hill < > wrote:
 
Hi Brian
 
AirBnB is interesting. Chesky suggests that Millenials are different to the rest of us... but are they really?
 
I hate to make ad hominem argument, but that piece is by Amy Gallo, who also wrote the awful "How valuable are your customers?" <http://blogs.hbr.org/2014/07/how-valuable-are-your-customers/> — which excluded from value consideration a load of truly valuable (but not especially calculable) variables. 
 
She does cite research, though. I just can't help wondering how tendentious her argument might be. 
 
I also hear the voice of danah boyd in my third ear. As she puts it (literally), It's Complicated <http://www.goodreads.com/book/show/18342787-it-s-complicated>. 
 
The evidence suggests not. And that bodes poorly for the versions of MeCommerce that requires consumers to raise a finger when it comes to data and privacy.
 
Ends require means. Lack of means does not argue for absent ends. The appetite for privacy online is real and growing, especially as offenses to it pile up on all generations.
 
Here's the important fact: The Internet is a public space. By design. It's kind of like the physical world that way: "Here ya go, people. You're naked and living outdoors. What are you going to do about it?" (Hmm. Perhaps biting the forbidden fruit in Eden gave us an appetite for privacy, property, and other things to hassle each other about.)
 
Anyway, we've had thousands of years to create privacy technologies such as clothing and shelter. Frank Lloyd Wright said "The meaning of the word 'shelter' includes privacy." He also said architecture was the original art form.
 
We don't have either yet, except through centralized services. We've only been at the Internet we know now for eighteen years. We have a long way to go.
 
Digression... Last night, when our 17-year old son asked me what the big deal was with wanting private (non-intermediated) communications online, I said this: "Imagine if the conversation we are having now in the physical world first required signing in to some company's facility before we could have it."
 
The future looks much brighter for the versions that allow intermediaries to do it all for them.
 
Airbnb is an intermediary. So is Uber. Both are more lightweight than the traditional forms they supplement or replace. But they still intermediate. They lean toward what Brian the other day called "minimal viable centralization." I think that's a good way of putting it.
 
But do we really want self-serving intermediaries expropriating value by placing themselves between consumers and brands? The evidence from other industries, e.g. airline travel, book selling and general insurance, suggests not.
 
I'm not sure who you're calling self-serving intermediaries. Travel agents, book stores and insurance agents? I'm guessing, but I don't know. Just looking for clarification.
On Jul 21, 2014, at 1:43 AM, Brian Behlendorf < > wrote:
 
On Sun, 20 Jul 2014, Dan Miller wrote:
http://nyti.ms/1yI1ake
If I'm mistaken, many of us have been pretty dismissive of Tom in the past, myself included. But I think this column gets to the heart of how mainstream columnists can and do connect the dots between all of the headline grabbing surrounding the sharing economy and Big Data and the notion that each individual's personal info counts. 
 
The irony of course is that many of us won't use AirBnB thanks to heavy lifting they require in terms of validating our own IDs. Like uploading fotos etc.
 
Airbnb lost us as customers when they required us — loyal, frequent customers who liked the service a great deal — to "verify" our identities by logging in with Facebook or uploading a personal video. After I posted a critical (but constructive) blog post about it <http://blogs.law.harvard.edu/doc/2013/05/28/lets-help-airbnb-rebuild-the-bridge-it-just-burned/>, they reached out to tell us a bug was involved, and that they were fixing the system. But I don't know if they actually fixed it. From what I gather at <https://www.airbnb.com/trust>, a "Verified ID" still requires exposure through social networks, or ... not sure. And, looking at <https://www.airbnb.com/help/article/450>, I'm not interested in trying. Does anybody know if "verifying" one's ID still requires a video if one is not on Facebook or Twitter?
 
I think someone inclined to rent a room out wouldn't let that stop them, and as much as I care about my privacy I certainly understand the value/purpose to a validated identity in situations like this.  What worries me a bit more is:

 Chesky answered. “I think now, for the younger generation, ownership is
 viewed as a burden. Young people will only want to own what they want
 responsibility for. And a lot of people my age don’t want responsibility
 for a car and a house and to have a lot of stuff everywhere. What I want
 to own is my reputation, because in this hyperconnected world,
 reputation will give you access to all kinds of things now. ... Your
 reputation now is like having a giant key that will allow you to open
 more and more doors. [Young people] today don’t want to own those
 doors, but they will want the key that unlocks them” — in order to rent
 a spare room, teach a skill, drive people or be driven.

Are we truly at the point in society where no one ever loses their public reputation unfairly, where building a positive reputation is universally accessible and yet hard to game?  Are we no longer at risk of confidence games (short or long), where referrals can be minted from thin air, or achievements claimed without any risk of fraud?

These same "young people" also presumably don't want the burden of pensions, insurance, wills... but when cornered will fight for rent control, Medicare, Social Security, and regulations.

I'm reminded of the discussion here about the Uber drivers working 10 hour days at a net wage that only barely covers the gas and wear/tear on the car.
 
Is that really (or often) the case? I've only used Uber twice, but both times the drivers bragged on the service and told me they were making good money at it. I don't think they were being insincere. And the rides were a helluva log cheaper (in both cases going from airport to home) than taxis.
 
 Or this, echoed by a comment on the NYT article by "SJ" of Wash DC:
 
 I find the phenomenon of things like AirBnB to be more of a sign of
 economic desperation than any kind of growing interconnectedness. It
 also represents a disconnected population willing to give up their
 residences to complete strangers for purely financial reasons. In other
 words, as the world becomes more and more cutthroat people are becoming
 more and more willing to sell every aspect of their lives. What's next.

I do think there is an optimal state where the AirBNB hosts who truly do this for "more than financial reasons", and yet are able to do so profitably, are the vast majority; but as it expands in popularity if the focus is too much on inventory and scale, eventually it will go south, a la Ebay, and have difficulty recovering.  Maybe that's the great cycle of these kinds of things, from niche to novelty to winning to scale to decay.
 
I think that's the life cycle of all businesses — including successful ones. See Geoffrey West: <https://www.ted.com/talks/geoffrey_west_the_surprising_math_of_cities_and_corporations>
 
Hope AirBnB doesn't speed through that too quickly, or burn too many people along the way.

Brian
 
Well, we never used them again. Important fact: there are other choices for some locations, such as VRBO: <http://www.vrbo.com/>.
 
Doc
 
 
--
Matt Hogan
CEO/Co-Founder
DataCoup, Inc.
 
 



--
------------------------------------------------
Sean W. Bohan
------------------------------------------------
Mobile: 646-234-5693
Skype: seanbohan
Blog: www.seanbohan.com
Twitter: @seanbohan



Archive powered by MHonArc 2.6.19.