Frequent thinker, occasional writer, constant smart-arse

Category: DataPortability (Page 3 of 5)

So open it’s closed

The DataPortability Project has successfully promoted in 2008 the concept of “data portability”. However it’s become too successful – people make announcements now that claim to be “data portability” but are misleadingly not. Further, the term “Open” has become the new black. But really, when people say they are open – are they?

Status update on the DataPortability Project & context
The DataPortability Project now has developed a strong underlying transparent governance model to make decisions which embeds a process to achieve outcomes. We have also formulated our vision that forms the core DNA of the Project and allow us to align our efforts. Organisationally, we are currently working on a legal entity to protect our online community, and we are doing this whilst also ensuring we are working with others in the industry, such as the discussions we’ve had within the IDTBD proposal with Liberty Alliance, Identity Commons and others.

Our brand communications are nearly finalised (this time, legally vetted), and a refreshed website with a new blog has been rolled out. We’ve put out calls for positions and have already finalised our agreement with a new community manager. (Now open are positions for our analyst roles if you are interested.)

We have a Health Care task force that’s just started, looking to broaden our work into another sector of the economy. We also have an Service Provider Grid Task force finalising its work, which via an online interface and API, will allow people to query what various entities use in terms of open standards. We also have a task force that will provide sample EULA and TOS documents that encourage data portability, and further our vision.

The DataPortability vision states that people should be able to reuse their data. Traditionally in the past, people have said this means “physically” porting their data amongst web services. Whilst this applies in some cases, it is also about access as I recently argued .

So to synchronise our work on the EULA/ToS task force, I believe we need a technology equivalent, and which will give additional value to our Service Provider Grid. This is because Open Standards comply with our vision, and we need to ensure we only support efforts that we believe are worthy.

Hi, I’m open
Open Standards have been a core value that the DataPortability Project has advocated for since its founding, getting to the point where its even been confused as its core mission (it’s not). For us, they are an enabler Рand it has always been in our interest to see all of them work together.

Standards are important because they allow interoperability. For people to be able to access their data from multiple systems, we require systems to be able to easily communicate with each other. Likewise, for people to get value of any data they export from a system, they need to be able to import it – and this can only occur if the data is structured in a way that is compatible with another system.

We advocate “Open” because we want to minimise the costs of business for wanting to comply with our vision. However during 2008, the term "Open" Standards has been over-used, to the point of abuse.

An open standard is a standard that is publicly available and has various rights of use associated with it. But really, what’s open?
– its availability?
– the authority controlling the standard?
– the decision making process over the standard?

Liberty Alliance defines it as:

– The costs for the use of the standard are low.
– The standard has been published.
– The standard is adopted on the basis of an open decision-making procedure.
– The intellectual property rights to the standard are vested in a not-for-profit organisation, which operates a completely free access policy.
– There are no constraints on the re-use of the standard.

That I believe, perfectly encapsulates what I think an Open Standard should be. However as someone who spends his days applying international accounting standards to what companies report in their financials, I can assure you, simply flagging the criteria is only half the fun. Interpreting them is a whole debate in itself.

In my eye, most of these "open" efforts don’t fit that criteria. To illustrate, I am going to shame myself as I am a member of a workgroup that claims to be open: the APML workgroup. The group fails the open test because:
– it has a closed workgroup that makes the decisions, without a clearly defined decision making procedure
– it does not have a non-profit behind it, with the copyright owned by a company (although it’s made clear there is no intention to issue patents)
– it has no clear rights attached to it

So does that mean every standard group needs to create a legal entity for it to be open? Thankfully no – the Open Web Foundation (OWF) will solve this problem. Or does it? Whilst the decision making process is "open" (you can read the mailing list where the discussion occurs), what about the way it selects members? It’s dependent on being invited. That’s Open with a big But.

How about OpenID (which I am also a member of) – that poster child for "Open Standards". On the face of it, it fits the bill. But did you know OpenID contains other standards as part of it? As my friend and intellectual mentor Steve Greenberg said:

openid xrds greenberg

Now thankfully, XRDS fits the bill as a safe standard. Well kind of. It has links to another standard XRI, which it is alleged are subject to patent claims. Well sort of. Kinda. Oh God, let’s not get into a discussion about this again. But don’t give poor APML, the OWF or Open ID too much grief – I could indeed raise some nastier questions especially at other groups. However this isn’t about shaming – rather, it’s about raising questions.

The standards communities are fraught with politics, they are murky, and now they are creeping into the infrastructure of our online world. As a proponent for these "Open Standards", I think it’s time we start looking at them with a more critical eye. Yes, I recognise all these questions I’m raising are fixable, but that’s why I want to raise the point, because they are currently being swept under the carpet outside of the traditional authorities like the W3C.

It’s time some boundaries were set on what is effectively the brand of Open. It’s also time the term is defined, because quite frankly, its lost all meaning now. I’ve listed some criteria – but what we really need is some consensus on what ‘the’ criteria for Open should be.

You don’t nor need to own your data

One of the biggest questions the DataPortability project has grappled with (and where the entire industry is not at consensus), is a fairly basic question with some profound consequences: who owns your data. Well I think I have an answer to the question now, which I’ve now cross-validated across multiple domains. Given we live in the Information Age, this certainly matters in every respect.

So who owns “your data”? Not you. Or the other guy. Or the government, and the MicroGooHoo corporate monolith. Actually, no one does. And if they do, it doesn’t matter.

People like to conflate the concept of property ownership to that of data ownership. I mean it’s you right? You own your house so surely, you own your e-mail address, your name, your date of birth records, your identity. However when you go into the details, from a conceptual level, it doesn’t make sense.

Ownership of data
First of all, let’s define property ownership: “the ability to deny use of an asset by another entity”. The reason you can claim status to owning your house, is because you can deny someone else access to your property. Most of us have a fence to separate our property from the public space; others like the hillbillies sit in their rocking chair with a shot gun ready to fire. Either way, it’s well understood if someone else owns something, and if you trespass, the dogs will chase after you.

133377798_8c85d1f1a6_o

The characteristics of ownership can be described as follows:
1) You have legal title recognising in your legal jurisdiction that you own it.
2) You have the ability to enforce your right of ownership in your legal jurisdiction
3) You can get benefits from the property.

The third point is key. When people cry out loud “I own my data”, that’s essentially the reason (when you take out the Neanderthal emotionally-driven reasoning out of the equation). Where we get a little lost though, is when we define those benefits. It could be said, that you want to be able to control your data so that you can use it somewhere else, and so you can make sure someone else doesn’t use it in a way that causes you harm.

Whilst that might sound like ownership to you, that’s where the house of cards collapses. The reason being, unless you can prove the ability to deny use by another entity, you do not have ownership. It’s a trap, because data is not like a physical good which cannot be easily copied. It’s like a butterfly locked in a safe: the moment you open that safe up, you can say good bye. If data can only satisfy the ownership definition when you hide it from the world, that means when it’s public to the world, you no longer own it. And that sucks, because data by nature is used for public consumption. But what if you could get the same benefits of ownership – or rather, receive benefits of usage and regulate usage – without actually ‘owning’ it?

Property and data – same same, but different
Both property and data are assets. They create value for those who use them. But that’s where the similarity’s end.

Property gains value through scarcity. The more unique, the more valuable. Data on the other hand, gains value through reuse. The more derivative works off it, means the more information generated (as information is simply data connected with other data). The more information, the more knowledge, the more value created – working its way along the information value chain. If data is isolated, and not reused, it has little value. For example, if a company has a piece of data but is not allowed to ever use it – there is no value to it.

Data gains value through use, and additional value through reuse and derivative creations. If no one reads this blog, it’s a waste of space; if thousands of people read it, its value increases – as these ideas are decimated. To give one perspective on this, when people create their own posts reusing the data I’ve created, I generate value through them linking back to me. No linking, no value realised. Of course, I get a lot more value out of it beyond page rank juice, but hopefully you realise if you “steal” my content (with at least some acknowledgement to me the person), then you are actually doing me a favour.

Ignore the above!
Talking about all this ownership stuff doesn’t actually matter; it’s not ownership that we want. Let’s take a step back, and look at this from a broader, philosophical view.

Property ownership is based on the concept that you get value from holding something for an extended period of time. But in an age of rapid change, do you still get value from that? Let’s say, we lose the Holy War for people being able to ‘own’ their data. Facebook – you win – you now ‘own’ me. This is because it owns the data about me – my identity, it would appear, is under the control of Facebook – it now owns, that “I am in a relationship”. However, the Holy War might have been lost but I don’t care. Because Facebook owns crap – as six months ago, I was in a relationship. Now I’m single and haven’t updated my status. The value for Facebook, is not in owning me in a period of time: it’s in having access to me all the time – because one way they translate that data into value is advertising, and targeting ads is pointless if you have the wrong information to base your targetting on. Probably the only data that can be static in my profile, is birth-date and gender – but with some tampering and cosmetics, even those can be altered now!

468487548_06182b43d2_o

Think about this point raised by Luk Vervenne, in response to my above thoughts on the VRM mailing list, by considering employability. A lot of your personal information, is actually generated by interactions with third parties, such as the education institution you received your degree from. So do I own the fact that I have a Bachelor of Commerce from the University of Sydney? No I don’t, as that brand and the authenticity is that of the university. What I do have however, is access & usage rights to it. Last time I checked, I didn’t own the university, but if someone quizzes me on my academic record, there’s a hotline ready to confirm it – and once validated, I get the recognition that translates into a benefit for me.

Our economy is now transitioning from a goods-producing to a service-performing and experience-generating economy. It’s hard for us to imagine this new world, as our conceptual understanding of the world is built on the concept of selling, buying and otherwise trading goods that ultimately ends in us owning something. But this market era of the exchange of goods is making way for “networks” and the concept of owning property will diminish in importance, as our new world is will now place value on the access.

This is a broader shift. As a young man building his life, I cannot afford to buy a house in Sydney with its overinflated prices. But that’s fine – I am comfortable in renting – all I want is ‘access’ to the property, not the legal title to it which quite frankly would be a bad investment decision even aside from the current economic crisis. I did manage to buy myself a car, but I am cursing the fact that I wasted my money on that debt which could have gone to more productive means – instead, I could have just paid for access to public transport and taxis when I needed transport. In other words, we now have an economy where you do not need to own something to get the value: you just need access.

That’s not to say property ownership is a dead concept – rather, it’s become less important. When we consider history as well, the concept of the masses “owning” property was foreign anyway – there was a class system with the small but influential aristocracy that would own the land, with the serfs working on the land. “Ownership” really, is a new ‘established’ concept to our world – and it’s now ready to get out of vogue again. We’ve now reached a level of sophistication in our society where we no longer need the security of ownership to get the benefits in our life – and these property owners that we get our benefits from, may appear to yield power but they also have a lot of financial risk, government accountability and public scrutiny (unlike history’s aristocracy).

2516780900_fab76bf33e_o

Take a look at companies and how they outsource a lot of their functions (or even simplify their businesses’ value-activities). Every single client of mine – multi-million dollar businesses at that as well – pay rent. They don’t own the office space they are in, as for them to get the benefits, they instead simply need access which they get through rental. “Owning” the property is not part of the core value of the business. Whilst security is needed, because not having ownership can put you at the mercy of the landlord, this doesn’t mean you can’t contract protection like my clients do as part of the lease agreements.

To bring it back to the topic, access to your data is what matters – but it also needs to be carefully understood. For example, access to your health records might not be a good thing. Rather, you can control who has access to that data. Similarly, whilst no one might own your data, what you do have is the right to demand guidelines and principles like what we are trying to do at the DataPortability Project on how “your” data can be used. Certainly, the various governmental privacy and data protection legislation around the world does exactly that: it governs how companies can use personally identifiable data.

Incomplete thoughts, but I hope I’ve made you think. I know I’m still thinking.

Thoughts on privacy – possibly just a txt file away

The other week, a good friend of mine through my school and university days, dropped me a note. He asked me that now that he is transitioning from being a professional student to legal guru (he’s the type I’d expect would become a judge of the courts), that I pull down the website that hosts our experiment in digital media from university days. According to him, its become "a bit of an issue because I have two journal articles out, and its been brought to my attention that a search brings up writing of a very mixed tone/quality!".

In what seemed like a different lifetime for me, I ran a university Journalist’s Society and we experimented with media as a concept. One of our successful experiments, was a cheeky weekly digital newsletter, that held the student politicians in our community accountable. Often our commentary was hard-hitting, and for $4 web hosting bills a month and about 10 hours work each, we become a new power on campus influencing actions. It was fun, petty, and a big learning experience for everyone involved, including the poor bastards we massacred with accountability.

control panel

Privacy in the electronic age: is there an off button?

However this touches on all of us as we progress through life, what we thought was funny in a previous time, may now be awkward that we are all grown up. In this digitally enabled world, privacy has come to the forefront as an issue – and we are now suddenly seeing scary consequences of having all of our information available to anyone at anytime.

I’ve read countless articles about this, as I am sure you have. One story I remember is a guy who contributed to a marijuana discussion board in 2000, now struggles with jobs as that drug-taking past of his is the number one search engine result. The digital world, can really suck sometimes.

Why do we care?

This is unique and awkward, because it’s not someone defaming us. It’s not someone taking our speech out of context, and menacingly putting it a way that distorts our words. This is 100% us, stating what we think, with full understanding what the consequences of our actions were. We have no one but ourselves to blame.

nice arse

Time changes, even if the picture doesn’t: Partner seeing pictures of you – can be ok. Ex seeing pictures of you – likely not ok.

In the context of privacy, is it our right to determine who can see what about us, when we want them to? Is privacy about putting certain information in the "no one else but me" box or is it more dynamic then that – meaning, it varies according to the person consuming the information?

When I was younger, I would meet attractive girls quite a bit older than me, and as soon as I told them my age, they suddenly felt embarrassed. They either left thinking how could they let themselves be attracted to a younger man, treating me like I was suddenly inferior, or they showed a very visible reaction of distress! Actually, quite memorably when I was 20 I told a girl that I was on a date with that I was 22 – and she responded "thank God, because there is nothing more unattractive I find, than a guy that is younger than me". It turned out, fortunately, she had just turned 22. My theory about age just got a massive dose of validation.

Now me sharing this story is that certain information about ourselves can have adverse affects on us (in this case, my sex life!). I normally could not care less about my age, but with girls I would meet when I went out, I did care because it affected their perception of me. Despite nothing changing, the single bit of information about my age would totally change the interaction I had with a girl. Likewise, when we are interacting with people in our lives, the sudden knowledge of a bit of information could adversely affect their perception.

Bathroom close the hatch please

Some doors are best kept shut. Kinky for some; stinky for others

A friend of mine recently admitted to his girlfriend of six months that he’s used drugs before, which had her breakdown crying. This bit of information doesn’t change him in any way; but it shapes her perception about him, and the clash with her perception with the truth, creates an emotional reaction. Contrast this to these two party girls I met in Spain in my nine-months away, who found out I had never tried drugs before at the age of 21. I disappointed them, and in fact, one of them (initially) lost respect for me. These girls and my friends girlfriend, have two different value systems. And that piece of information, generates a completely differing perception – taking drugs can be seen as a "bad person" thing, or a "open minded" person, depending on who you talk to.

As humans, we care about what other people think. It influences our standing in society, our self-confidence, our ability to build rapport with other people. But the issue is, how can you control your image in an environment that is uncontrollable? What I tell one group of people for the sake of building rapport with them, I should also have the ability of ensuring that conversation is not repeated to others, who may not appreciate the information. If I have a fetish for women in red heels which I share with my friends, I should be able to prevent that information from being shared with my boss who loves wearing red heels and might feel a bit awkward the next time I look at her feet.

Any solutions?

Not really. We’re screwed.

Well, not quite. To bring it back to the e-mail exchange I had with my friend, I told him that the historian and technologist in me, couldn’t pull down a website for that reason. After all, there is nothing we should be ashamed about. And whilst he insisted, I made a proposal to him: what about if I could promise that no search engine would include those pages in their index, without having to pull the website down?

He responded with appreciation, as that was what the issue was. Not that he was ashamed of his prior writing, but that he didn’t want academics of today reading his leading edge thinking about the law, to come across his inflammatory criticism of some petty student politicians. He wanted to control his professional image, not erase history. So my solution of adding a robots.txt file was enough to get his desired sense of privacy, without fighting a battle with the uncontrollable.

Who knew, that privacy can be achieved with a text file that has two lines:

User-agent: *

Disallow: /

Those two lines are enough to control the search engines, from a beast that ruins our reputation, to a mechanism of enforcing our right to privacy. Open standards across the Internet, enabling us to determine how information is used, is what DataPortability can help us do achieve so we can control our world. The issue of privacy is not dead – we just need some creative applications, once we work out what exactly it is we think we are losing.

The DataPortability governance framework: a template

This is a post to give recognition to individuals who have contributed, in my eyes, an excellent step forward in our online world. It is with regards to the DataPortability governance task force, who have developed a governance model for the DataPortability Project. Six individuals contributed hours upon hours (I lost count after 30 on my own contribution as chair!) but before I profile these individuals, some context.

History of the DataPortability Project
The DataPortability Project was originally a workgroup. Chris Saad and Ashley Angell, with guys in the Faraday Media team like Paul Jones and Stephen Kelly, shared an idea with Daniela Barbosa, Ben Metcalfe, Marjoelin Hoekstra and myself. The concept of promoting open standards, whilst allowing people to own their personal data, to enable interoperability. After discussing it privately, we created a workgroup and invited some brilliant minds in the industry to explore this concept. Several ideas were explored, with the most prominent being a Web Relational File System. A bit like the entire world wide web being like your desktop computer, where you could control your data like you can with files at the drag of a button ie, you could copy your Facebook photos into your Flickr account.

Example of DataPortability by Chris Saad

Discussions on the workgroup were diverse, and often, on completely different themes – something that frustrated people. However within two short months, news broke out – and the existence of the workgroup dominated the news of the tech industry. A public list created for people not on the workgroup skyrocketed in subscribers (currently around 1240 people). A simple idea that we were still exploring what it meant, was now being flagged as one of the key trends for 2008.

Things literally exploded overnight – and we now had this massive, vocal, enthuasiastic community. So over the course of January 2008, the closed workgroup was deprecated in favour for specific “action groups”. Learning from our experience in the workgroup that different people had different interests (ie, the developers and the marketer’s had different areas of interest, which frustrated each other), separate groups were created. One group focused on evangelism of what we did; another on the policy aspects that is one big chunk of the problem. A third on the technical blueprints of putting together these different open standards into a cohesive whole. A fourth on supporting people who are trying to implement DataPortability; and finally a fifth called the “steering group” which would host representatives from companies, representatives from the other action groups, and from a big picture point of view determine the strategy of the Project.

A unique thing about this community however, was that few people actually knew each other. There were (and still are) people from San Francisco, Boston, Los Angeles, Washington DC, Washington State, Florida…and that’s just some of the places in the US! People in Dublin (Ireland), London & Bristol (UK), Den Haag (The Netherlands), Hong Kong (China), Adelaide, Sydney & Brisbane (Australia) as well as several cities in Germany being ones I can think of off the top of my head. All these people, communicating daily – would do so via e-mail and teleconferences. I often would joke that the sun would never set on the DataPortability Project, as you would have different “tribes” waking up throughout the day. I would wake up and find an avalanche of messages awaiting for me catch up on.

Something else was more remarkable however, if I may say so myself. As co-founders of the Project, we thought this was an amazing opportunity to explore a concept of a non-hierarchical, de-centralised decision making group. A global community where everyone is equal, working towards this goal that if successful, could fundamentally change the Internet and consequently the economy.

Needless to say, it failed. Not in in the “it’s all over” sense, but it was “blood frustrating”. How can you make even basic decisions, when there is a six hour time lag with the group of people you are collaborating with? What happens when there is a disagreement – who has the final say? There was also a clash of cultures, between the entrepreneurial types and those who work as contractors, who have a “let’s just do it” attitude which was at odds with the people with organisational experience that operate when there is “process”. The former is used to getting things done on the fly without having to consult people; but as the latter group would argue, things don’t work like that with a group of people. Without a formal process of how things work, the boat so to speak, will sink.

Submarine?

As were were realising these issues however, we also were given a remarkable opportunity: the kind folk at TechCrunch donated $6,625 to us . We also privately had other companies and people asking how could they contribute. But how are you meant to donate money to an online community? To do that, you need a bank account – but who controls the bank account? The right answer is a legal entity. But how can you create a legal entity, when you don’t have a formal decision making body?

And so the governance task force was created.

Starting in April under the approval of the Steering Action Group, the mandate was for the task force to:
1) Propose a lifecyle of an idea with it’s involvement with DataPortability, and ultimately it’s implementation.
2) Propose a working decision making framework to be used within the DataPortability Project.

This goal encapsulated the frustration we as a community has experienced of not effectively being able to get things done; as well as a formal process of how decisions were made. Relatively simple things, but criticial DNA for any organisation that when you get into the details, is actually a difficult subject. And although Robert’s Rules of Order are a standard in the world for protocol, this is by no means easily applied to the online world and is subject to academic research .

So we did a few conference calls (some documented here ; others not documented – with a period where we did daily ones for a week); we discussed via e-mail quite a bit; as well as a chat room (which is now closed off). The final output of our discussions lead to a proposal . All but four provisions were ratified, with a crucial one being the means of how the ‘new’ steering group was seeded, which followed with further discussions and votes, and which resulted in an electoral system being adopted. As of last Friday, the Steering group was seeded, and a few days ago, we held are first Steering teleconference in accordance with the governance framework.

We still have a lot of work to do, and so a revised governance task force has been created to build on the work to date, but that’s not why I am writing this. Instead, what I wish to do is give recognition to the five individuals who made a massive effort to perform what is a very difficult task.

The people
J. Trent Adams
J. Trent Adams
Trent is one of the hardest working people I have ever come across. He magically seems to be able to balance being in the senior management of the company he founded; a dedicated husband and father; as well as contributing to the demand of the DataPortability Project which quite frankly is demanding beyond hell. To call Trent’s involvement in the DataPortability Project as simply a “participant”, is a bit like saying Steve Jobs is just an “employee” of Apple. Trent may not be the CEO, but God damn, if you need to get things done Mr Adams is your man. A Native American, whose name means ‘peacemaker’, when you have a team of people collaborating on a goal, Trent is what oil is to a car.

Brady Brim De-Forest
Brady Brim-DeForest
Brady is an intelligent man with a lot of experience to share, and like Trent, is one of the pillars of the DataPortability community. He has played a major role in executing a lot of the internal deliverables of the DataPortability Project, and having now worked with them extensively twice, I find his contribution invaluable. I have come to admire Brady’s input because he draws on his natural creative sense and his analytical mind on the back of his diverse experience as a film director, entrepreneur, consultant and man of culture. I’ve seen him churn out work previously (with the DataPortability logo competition) and it’s an privilege to think we have individuals like that involved with DataPortabiliy.

Steve Greenberg
Steve Greenberg
I don’t know what to think of Steve – he is either one of the smartest people I have ever (not) met, or he’s just done so many things in life that he’s learnt the hard way. Either way, one thing I am sure of is that he is one of the wisest guys I know. His input, in between his passionate outbursts, are second to none. I don’t want to say too much because with a great mind can also come a great ego. But put it this way: if Steve says something like go read this book, within five minutes, I’ve already got Amazon confirming my order. It takes a lot for me to respect someone, and for Steve, I have all the time in the world for him.

Brett McDowell
Brett McDowell
Brett is the executive director of Liberty Alliance. At first, I though he was extremely useful because he has so much experience in dealing with issues like this. But as time went by, I actually realised he was valuable for something else. Back in my university days, I was sitting at the end of the table with my co-founder of the now-defunct Sydney University Journalists Society (a group with 200 volunteers). We threw a question to the table, which had people shouting back answers. Standard stuff. However the turning point for me, was when my co-founder leaned over and pointed out the girl who instead of throwing “new” ideas, instead built on the original idea we proposed. It is a sign of remarkable intelligence when someone can adapt (indeed I’ve written about this before ). Needless to say, that girl is someone subsequently that I came to realise is one of the smartest people I have ever met (no secret, her name is Natalie Zerial – and quite frankly, still is); and it was observing Brett’s responses, that I came to realise another brilliant mind was in my virtual presence. That’s the long way of me saying this guy is a brilliant thinker, not to mention some other hints that proved him as a forward thinking leader.

Mike Smith
Mike Smith
Mike is a random. He never contributed to DataPortability before, and he literally popped up out of the blue. And thank God he did! A fellow Australian, he was one of the most committed members of the task force, providing an invaluable perspective grounded in common sense. He is an IT consultant (the stinky, Lotus Notes/Domino kind) and was interested in learning about our governance model for an environmental group he wants to set up. In the process however, he made an invaluable contribution. He was able to synthesise the issues, ask the right questions, and put his hand up when work needed to be done.

Gentlemen – thank you. No one outside of the task force truly recognises the work and effort put in, but this is a small token of me thanking you.

The future
Steve Greenberg is now chairing a new governance task force to update, expand, and evolve the adopted governance framework. More importantly, as we as a group operate within this framework, we offer a living example of how a distributed online community doing some tough work, can now organise. With the hundreds of man hours invested into our governance framework, I hope we can help other communities by learning our lessons and adopting our structures. Our experience is not something you can replicate overnight, and culturally, it now puts us in good stead for a bright future – but for other groups that wish to evolve from being a community that in reality is run by a benevolent dictator, I hope we can help you with an alternative solution that works better.

What is data?

The leading voices in technology have exploded in discussion about data portability, data rights, and the future of web applications. As an active member in the DataPortability Policy group, here is my suggestion on how the debate needs to proceed: break it down. Michael Arrington seems pretty convinced you own all your data, but I don’t think that’s a fair thing to say – and at core is the reason he is clashing with Robert Scoble’s view. For things to proceed, I really think a deeper analysis of the issues need to be made.

1) Define the difference between data, information and knowledge. There’s a big difference.
2) Determine what things are. (is an e-mail address data or information?)
3) Recognise the difference between ownership, rights and their implications.
4) Determine what rights (if that’s what it is) the various entities have over data (users, web apps, etc).

This is a big area and has a lot of abstract concepts – break it down and debate it there.

Some of my own thoughts to give some context

1) Data is an object and information is generated when you create linkages between different types of data Рthe ‘relationships’. Knowledge is the application of information.

  • 2000 is data – a symbol with no meaning. Connect it with other data, like the noun "year", and you have information because 2008 now has meaning. Connect that information with other information, like "computer bug" and "HSBC and you now have an application of that information. That being, there was an issue with the Y2K bug that has something to the bank HSBC.

2) Define what things are

What’s an e-mail address, a phone number, a social graph, an image, a podcast…I’m not entirely sure. I wouldn’t be blogging this if I had all the answers. Once we agree on definitions, we can then start categorising them and applying a criteria.

3) Ownership:

Here is something Steve Greenberg explained to me

– Ownership is relevant when there is scarcity.
РOwnership is the ability to deny someone else’s use of the asset.
– So, if data is shared and publicly available, it is a practical impossibility for me to deny use
Рand if data is available in a form where I can’t control others’ use of it, I can not really claim to own it

Nitin Borwankar has a very different argument: you should have ownership based on property rights. He explained that to me here .

4) Rights over data

I personally think no one owns data (which is inspired by the definition of data being inherently meaningless); instead you own things further down the value chain when that data becomes something with value. You own your overall blog posts – but not the words.

But again, this goes back to what is data?

What is the DataPortability Project

When we created the DataPortability workgroup in November 2007, it was after discussion amongst a few of us to further explore an idea; a vision for the future of the social web. By working together, we thought we could make real change in the industry. What we didn’t realise, was how quickly and how big the attention generated by this workgroup was to be. A press release has been released that details the journey to date, which highlight’s some interesting tidbits. What I am going to write below, are how my own thoughts have evolved over the last few months, and what it is that I think DataPortability is.

1) Getting companies to adopt open, existing standards
RSS , OpenID , APML , oAuth , RDF , and the rest. These technologies exist, with of which have been around for many years. Everyone that understands what they are, know that they rock. If these standards are all so great – why hasn’t the entire technology industry adopted them yet? Now we just need awareness, education and in some cases pressure on the industry heavies to adopt them.

2) Create best practices of implementing these standards
When you are part of a community, you are in the know, and don’t realise how the outside world looks in. Let the standards communities focus their precious energies on creating and maintaining the technologies; and DataPortability can help provide resources for people to implement them. Is providing PHP4 support for oAuth really a priority? It isn’t for them – but by pooling the community with people that have diverse skillsets and are committed to the overall picture, it has a better chance of happening.

3) Synthesise these open standards to play nice with each other.
All these different communities working in isolation have been doing their own thing. An example is how Yadis-XRDS are working on service discovery and have a lacklustre catalogue. Do we just leave them to do their own thing? Does someone else in Bangalore create his own catalogue? (Which is highly likely given the under-exposure of this key aspect to groups needing it for the other standards, and the current state its in). Thanks to Kaliya for mentioning that the XRDS guys have been more then proficient in working with other groups – "how do you think their spec is part of the OpenID spec?". Julian Bond goes on to say: "Yadis-XRDS is only months old and XRDS-Simple is literally days old…Having trouble thinking of a community that is working in isolation. And that isn’t likely to be hugely offended if you suggested it. " So let me leave the examples here, and just say the DataPortability Project when defining technical and policy blueprints, can identify issues and from the bigger picture perspective focus attention on where it’s needed. By embracing the broader community, and focusing our attention on weaknesses, we can ensure no one is reinventing wheels .

4) Communicate all the good things the existing communities are doing, under the one brand, to the end user.
RSS is by far the most recognised open standard. Have you ever tried explaining RSS to someone who is outside of the tech industry? I have. Multiple times. It’s like I’ve just told them about the future with flying cars and settlements on Mars. I’ve done it in in the corporate world, to friends, family, girls I date, guys I weight train with and anyone else. Moving onto OpenID – does anyone apart from Scoble and the technorati who try all the webservices they can, really care? Most people use Facebook, Hotmail (the cutting edge are using Gmail) and that’s it. On your next trip to Europe ask a cultured French (wo)man if they know what OpenID is; why they need it; what they can do with it. Now try explaining RSS to the mix. And APML. And oAuth. Bonus if you can explain RDF to yourself.

Wouldn’t it be just easier if you explained what DataPortability is, and explained the benefits that can be achieved by using all these standards? Standards are invisible things that consumers shouldn’t need to care about; they just care about the benefits. Do consumers care about the standards behind Wi-Fi, as defined by Zero-conf – or do they care about clicking "enable wireless" on their laptop and them connecting to the Internet. If you are going around evangelising the technical standards, the only audience you will get are the corporates in IT departments, who couldn’t care less. The corporate IT guys respond to their customer/client facing guys, who in turn respond to consumers – and consumers couldn’t care less on how its done, but just what they can do. Have the consumer channel their demand, and it benefits the whole ecosystem.


The new DataPortability trustmark

It has been said the average consumer doesn’t care about DataPortability. Of course they don’t – we are still in the investigation phase of the Project ; which later on will evolve to the design phases and then evangelising phases. We know people would want RSS, oAuth, and the rest of the Alphabet soup – so lets use DataPortability as a brand that we can communicate this. Sales is about creating demand – lets coordinate our ‘selling’ to make it overwhelming – and make it easy for consumers to channel that want in a way they can relate to. You don’t say "oAuth"; you say "preventing password theft" to them instead.

5) Make the business case that a user should get open access to their data
Why should Facebook let other applications use the data it has on its servers? Why should google give up all this data they have about their users to a competitor? Why should a Fortune 500 adopt solutions that decentralise their control? Why should a user adopt RDF on their blog when they get no clear benefit from it? Is a self-trained PHP coder who can whack something together, going to be able to articulate that to the VC’s?

The tech industry has this obsession that nothing gets done unless the developers are on board. No surprises there – if we don’t have an engineer to build the bridge, we are going to have to keep jumping off the cliff hoping we make it to the other side. But at the same time, if you don’t have the people persuading the people that would fund this bridge; or the broader population about how important it is for them to have this bridge – that engineer can build what he wants but the end result is that no one will ever walk on it. Funny how web2.0 companies suck at the revenue model thing : overhype on the development innovation, with under-hype on the value-proposition to the ordinary consumer who funds their business .

Developers need to be on board because they hassle their bosses and sometimes that evangelising from within works; but imagine if we get the developers bosses bosses on board because some old bear on the board of directors wants DataPortability after his daughter explained it to him (the same person that also told him about Facebook and Youtube). I can assure you, as I’ve seen it first hand with the senior leadership at my own firm, this is exactly what is happening.

Intel is one of the best selling computer-chip companies in the world. Do you really think as a consumer I care about what chip my computers works on? Logically – no. But "Intel’s Inside" marketing campaign gave them a monopoly, because end consumers would ask "does it have intel inside?" and this pressure forced Intel’s customers (IBM and the rest) to actually use Intel. Steve Greenberg corrects me by saying "The Intel Inside campaign came a decade after Intel took over the world. It wasn’t what got them there. It was in response to Microsoft signaling that they liked AMD. Looked like AMD was going to take off… but then they didn’t". So my facts were slightly wrong, but the point still remains.
At the same time, it isn’t just political pressure but its also to educate. I genuinely believe opening up your data is a smart business strategy that will change the potential of web services.

You make people care by giving them an incentive to do it (business opportunities; customer political pressure; peer pressure as individuals and an industry which later evolve to industry norms). The semantic web communities, the VRM communities, the entire open standards communities – all have a common interest in doing this. DataPortability is culture change on an industry wide level, that will improve the entire ecosystem. Apparently innovation has died – I say it’s just beginning .

February 2008 DataPortability project report

The DataPortability project has now released its February 2008 report, with a massive thank you to Mary Trigiani and Daniela Barbosa, our Italian and Portuguese glamour ladies in the evangelism action group! The delay this month was due to Mary’s family getting hit by a tornado (!) which had her busy with other things, and the finalisation of our new wiki platform, with the new uri http://wiki.dataportability.org now live for the world to access.

Highlights include:

  • A new logo competition
  • A new collaboration platform
  • The announcement of the”investigation” phase of the DataPortability project
  • …and a lot more

Be sure to read the February 2008 report (and the January 2008 report if you missed it) to get the latest news about DataPortability, as we have commited to be open and transparent about what we are doing.

DataPortability is about user value, fool!

In a recent interview, VentureBeat asks Facebook creator and CEO Mark Zuckerberg the following:

VB: Facebook has recently joined DataPortability.org, a working group among web companies, that intends to develop common standards so users can access their data across sites. Is Facebook going to let users — and other companies — take Facebook data completely off Facebook?

MZ: I think that trend is worth watching.

It disappoints me to see that, because it seems like a quick journalists hit at a contentious issue. On the other hand, we have seen amazing news today which are examples of exactly the type of thing we should be expecting in a data portability enabled world: the Google contacts API which has been a thing we have highlighted for months now as an issue for data security and Google analytics allowing benchmarking which is a clear example of a company that understands by linking different types of data you generate more information and therefore value for the user. The DataPortability project is about trying to advocate new ways of thinking, and indeed, we don’t have to formally produce a product in as much maintain the agenda in the industry.

However the reason I write this is that it worries me a bit that we are throwing around the term “data portability” despite the fact the DataPortability Project has yet to formally define what that means. I can say this because as a member of the policy action group and the steering action group which are responsible for making this distinction, we have yet to formally decide.

Today, I offer an analysis of what the industry needs to be talking about, because the term is being thrown around like buggery. Whilst it may be weeks or months before we finalise this, it’s starting to bother me that people seem to think the concept means solving the rest of the world’s problems or to disrupt the status quo. It’s time for some focus!

Value creation
First of all, we need to determine why the hell we want data portability. DataPortability (note the distinction of the term with that of ‘data portability’ Рthe latter represents the philosophy whilst the former is the implementation of that philosophy by DataPortability.org) is not a new utopian ideal; it’s a new way of thinking about things that will generate value in the entire Information sector. So to genuinely want to create value for consumers and businesses alike, we need to apply thinking that we use in the rest of the business world.

A company should be centered on generating value for its customers. Whilst they may have obligations to generate returns for their shareholders, and may attempt different things to meet those obligations; they also have an obligation to generate shareholder value. To generate shareholder value, means to fund the growth of their business ultimately through increased customer utility which is the only long term way of doing so (taking out acquisitions and operational efficiency which are other ways companies generate more value but which are short term measures however). Therefore an analysis of what value DataPortability creates should be done with the customer in mind.

The economic value of a user having some sort of control over their data is that they can generate more value through their transactions within the Information economy. This means better insights (ie, greater interoperability allowing the connection of data to create more information), less redundancy (being able to use the same data), and more security (which includes better privacy which can compromise a consumers existence if not managed).

Secondly, what does it mean for a consumer to have data portability? Since we have realised that the purpose of such an exercise is to generate value, questions about data like “control”, “access” and “ownership” need to be reevaluated because on face value, the way they are applied may have either beneficial or detrimental effects for new business models. The international accounting standards state that you can legally “own” an asset but not necessarily receive the economics benefits associated with that asset. The concept of ownership to achieve benefit is something we really need to clarify, because quite frankly, ownership does not translate into economic benefit which is what we are at stake to achieve.

Privacy is a concept that has legal implications, and regardless of what we discuss with DataPortability, it still needs to be considered because business operates within the frameworks of law. Specifically, the human rights of an individual (who are consumers) need to be given greater priority than any other factor. So although we should be focused on how we can generate value, we also need to be mindful that certain types of data, like personally identifiable data, needs to be considered in adifferent light as there are social implications in addition to the economic aspects.

The use cases
The technical action group within the DataPortability project has been attempting to create a list of scenarios that constitute use cases for DataPortability enablement. This is crucial because to develop the blueprint, we also need to know what exactly the blueprint applies to.

I think it’s time however we recognise, that this isn’t merely a technical issue, but an industry issue. So now that we have begun the research phase of the DataPortability Project, I ask you and everyone else to join me as we discuss what exactly is the economic benefit that DataPortability creates. Rather than asking if Facebook is going to give up its users data to other applications, we need to be thinking on what is the end value that we strive to achieve by having DataPortability.

Portability in context, not location
When the media discuss DataPortability, please understand that a user simply being able to export their data is quite irrelevant to the discussion, as I have outlined in my previous posting. What truly matters is “access”. The ability for a user to command the economic benefits of their data, is the ability to determine who else can access their data. Companies need to be thinking that value creation comes from generating information – which is simply relationships between different data ‘objects’. If a user is to get the economic benefits of using their data from other repositories, companies simply need to allow the ability for a user to delegate permission for others to access that data. Such a thing does not compromise a company’s competitive advantage as they won’t necessarily have to delete data they have of a user; rather it requires them to try to to realise that holding in custody a users data or parts of it gives them a better advantage as hosting a users data gives them complete access, to try to come up with innovative new information products for the user.

So what’s my point? When discussing DataPortability, let’s focus on the value to the user. And the next time the top tech blogs confront the companies that are supporting the movement with a simplistic “when are you going to let users take their data completely off ” I am going to burn my bra in protest.

Disclosure: I’m a hetrosexual male that doesn’t cross-dress

Update: I didn’t mean to scapegoat Eric from VentureBeat who is a brilliant writer. However I used him to give an example of the language being used in the entire community which now needs to change. With the DP research phase now officially underway for the next few months, the questions we should be asking should be more open-ended as we at the DataPortability project have realised these issues are complex, and we need to get the entire community to come to a consensus. DataPortability is no longer just about exporting your social graph – it’s an entirely new approach to how we will be doing business on the net, and as such, requires us to fundamentally reexamine a lot more than we originally thought.

Can you answer my question?

We at the DataPortability project have kick started a research phase, because we’ve realised we need to spend more time consulting with the community working out issues which don’t quite have one answer.

As Chris Saad and myself are also experimenting with a new type of social organisation as we incubate the DataPortability project, which I call wikiocracy (Chris calls it participant democracy), I thought I might post these issues on my blog to keep in line with the decentralised ethos we are encouraging with DataPortability. This is something the entire world should be questioning,

So below are some thoughts I have had. They’ve changed a lot since I first thought about what a users data rights are, and no doubt, they will change again. But hopefully my thoughts can act as a catalyst for what people think data rights really are, and a focus on the issue at stake which I conclude as my question. I think the bill of rights for users on the social web is not quite adequate, and we need a more careful analysis of the issues.

It’s the data, stupid
Data is essentially an object. Standalone it’s useless – take for example the name “Elias”. In the absence of anything else, that piece of datum means nothing. However when you associate that name with my identity (ie, appending my surname Bizannes or linking it to my facebook profile), that suddenly becomes “information”. Data is an object and information is generated when you create linkages between different types of data – the ‘relationships’.

Take this data definition from DMReview which defines data (and information):

Items representing facts, text, graphics, bit-mapped images, sound, analog or digital live-video segments. Data is the raw material of a system supplied by data producers and is used by information consumers to create information.

Data is an object and information is a relationship between data – I’ve studied database theory at university to be authoritative on that! But since I didn’t do philosophy, then what is knowledge?

Knowledge can be considered as the distillation of information that has been collected, classified, organized, integrated, abstracted and value added
(source)

Relationships, facts, assumptions, heuristics and models derived through the formal and informal analysis or interpretation of data
(source)

So in other words, knowledge is the application of information to a scenario. Whilst I apologise if this appears that I am splitting hairs, I think clarifying what these terms are is fundamental to the implementation of DataPortability. Why this is relevant will be seen below, but now we need to move onto what does the second concept mean.

Portability
On first interpretation, portability means the ability to move something – exporting and importing. I think we shouldn’t take the ability to move data around as the sole definition of portability but it should also mean being able to port the context that data is used. After all, information and knowledge is based on the manipulation of data, and you don’t need to move data per se but merely change the context to do that. A vendor can add value to a consumer by building unique relationships between data and giving unique application to other scenarios – where the original data is stored is irrelevant as long as its accessible.

Portability to me means a person needs to have the ability to determine where their data is used. But to do that, they need control over that data – which means determining how it is used. Yet there is little point being able to determine how your data is used, if you can’t determine who can access your data. Therefore, the concept of portability invokes an understanding of what exactly control and accessibility means.

So to discuss portability, requires us to also understand what does data control and data accessibility really mean. You can’t “port” something unless you control it; and you can’t “control” something, if you can’t determine who can “access” it. As I state, as long as the data is accessible, the location of it can be on the moon for all I care: for the concept of portability by context to exist, we must ensure as a condition that the data is open to access.

Ownership
Now here is where it gets complicated: who owns what? Maybe the conversation should come to who owns the information and knowledge generated from that data. Data on its own, potentially doesn’t belong to anyone. My name “Elias” is shared by millions of other people in the world. Whilst I may own my identity, which my name is a representation of that, is it fair to say I own the name “Elias”? On the flip side, if a picture I took is considered data – I think it’s fair to say I “own” that piece of data.

Information on the other hand, requires a bit of work to create. Therefore, the generator of that information should get ownership. However when we start applying this concept to something like a social relationship, it gets a bit tricky. If I add a friend on Facebook, and they accept me, who “owns” that relationship? Effectively both of us – so we become join partners in ownership of that piece of information. If I was to add someone as a friend on MySpace, they don’t necessarily have to reciprocate – therefore it’s a one way relationship. Does that mean, I own that information?

This is when the concept of privacy comes in. If I am generating information about someone, am I entitled to it? If someone owns the underlying data I used to generate that information – then it would be fair to say, I am “licensing” usage of that data to generate information which de-facto is owned by them. But privacy as a concept and in the legislation of many countries doesn’t work like that. Privacy is even a right along side other basic rights like freedom of expression and religion in the constitution of Iraq (Article 17). So what’s privacy in the context of information that relates to someones identity?

Perhaps we should define privacy as the right to control information that represents an entity’s identity (being a person or legal body). Such as definition ties with defamation law for example, and the principle of privacy: you have control over what’s been said about you, as a fundamental human right. But yet again, I’ve just opened up a can of worms: what is “identity”? Maybe the Identity commons people can answer that? Would it be fair to say, that in the context of an “identity”, an entity like a person ‘owns’ that? So when it comes to information relating to someones identity, do we override it with this human right to privacy as to who owns that information, regardless of who generated that information?

This posting is a question, rather than an answer. When we say we want “data portability”, we need to be clear what exactly this means. Companies I believe are slightly afraid of DataPortability, because they think they will lose something, which is not true. Companies commercial interests are something I am very mindful when we have these discussions, and I will ensure with my involvement that DataPortability pioneers not some unrealistic ideal but a genuine move forward in business thinking. It needs to be clear what constitutes ownership and of what so we can design a blueprint that accounts for users’ data rights, without ruining the business models of companies that rely on our data.

Which brings me to my question – “who owns what”?

« Older posts Newer posts »