Let's go bust some silos

The Internet Identity Workshop starts tomorrow (Monday, December 4) and runs for the next two days, at the Computer History Museum in Mountain View, CA. Every time we have one of these, progress happens. It's a remarkable thing to watch, and to participate in.

But the challenges remain very high. To illustrate how high, I'll start with a conversation I had one year ago, when we were driving back from a Thanksgiving visit to relatives who live 250 miles away.

With the kid asleep in the back seat of the car, my wife asked me to fill her in on a subject that had preoccupied me over the last several years, yet had remained opaque to her. "Tell me about this whole identity thing", she said.

So I did. I told her about the need many of us saw for identity services that were centered on individuals rather than organizations, about the need to equip individuals with instruments of independence, about changing markets from collections of customer traps to free and open environments where customers and vendors could converse and relate from positions of equal power and autonomy. And so on.

She listened patiently as I ran down the various ideas and offerings forwarded by members of the Identity Gang and others who shared the same concerns. Then she said, "I hear all this as More Identity. I don't want more identity. I want less. When I'm online, I want to be anonymous. I don't want anybody to know who I am until I have a good reason to tell them."

In other words, she wants anonymity to be the default, rather than the exception. A decade of experience in the online world gave her no more reason to trust the Powers That Wannabe than she trusts the Powers That Already Be.

In all these respects her position was in agreement with David Weinberger's, which he detailed awhile back in Anonymity as the default, and why digital ID should be a solution, not a platform. Here's how he summed it up:

The basic problem is, in my opinion, that the digital ID crew is approaching this as a platform issue. Most places on the Web have solved the identity problem sufficiently for them to operate. Some ask for the three digits on the back of your credit card. Some only sign you up if you confirm an email. Some only let you on if you can convince an operator you know the name of your first pet and the senior year season record of your high school's football team. Sites come up with solutions as needed.

Good. Local solutions to local problems are less likely to change norms and defaults. But the push is on for an identity management platform. It's one solution — federated, to be sure — that solves all identity problems at once. If you want to change a social default, build a platform. That's not why they're building it, but that will (I'm afraid) be the effect. It's not enough that anonymity be possible or permitted by the platform. The default isn't about what's permitted but about what's the norm. If the default changes to being naked at the beach, saying, "Well, you can cover up if you want to," doesn't hide the fact that wearing a bathing suit now feels way different. Yes, there's something wrong - and distracting - about the particulars of this analogy. But I think the overall point is right: We're talking about defaults, not affordances.

There are serious problems caused by weaknesses in current identity solutions. Identity theft is nothing to sneer at, for example. But are we sure we want to institute a curfew instead of installing better locks?

Well, if there's one thing that the Identity Gang (a user-oriented subset of the Digital ID crew) has agreed upon, it's that there will never be one identity platform. In fact, all of the proposed (and in some cases working) user-centric identity approaches are to what David calls local problems. (Though the scope of some may be less local than others.) Microsoft's Card Space uses a card metaphor (like the cards you carry in your wallet, only virtual and more secure — they're called InfoCards) to handle the online handshakes that currently require login and password entry. More importantly, it provides a way "to put the release of identity information under the direct control of computer users", says Kim Cameron, Microsoft's chief architect on the Identity case (see Independent Identity, in the September 2005 issue of Linux Journal), and the author of the Seven Laws of Identity. The first of those says "Technical identity systems must only reveal information identifying a user with the user's consent". Seems to me this respects a user's wish to remain anonymous if they wish. But does it support anonymity as a default? Not sure.

Cardspace's compatible open source implementations, being worked out by the OSIS (Open Source Identity System) crowd, will do the same. And it's far from the only open source user-centric identity effort.

i-Names is an XRI/XDI-based way to own, manage and present your identity. (I first wrote about i-Names in this Linux Journal article. Higgins is an open source trust framework for solutions like CardSpace and OpenID, which was created by Brad Fitzpatrick for LiveJournal as a simple solution to the single-sign-on problem. (The OpenID URL-based approach has a history that also goes back to LID and Yadis, as described here.) WhoBar is a Sxip's new browser tool that lets users login to a site using a choice of OpenID, InfoCards or Higgins. None of these is a "platform" in the sense that it serves as a foundation for a silo. In fact, Kim's 5th law of identity says "A universal identity system (or "metasystem") must channel and enable the inter-working of multiple identity technologies run by multiple identity providers". In other words, it's not one system, or one platform. Kim explains, "One reason there will never be a single, centralized monolithic system (the opposite of a metasystem) is because the characteristics that would make any system ideal in one context will disqualify it in another".

So there is agreement within the Identity Gang that there will be many ways for individuals to control and assert their identities in the world.

Yet nontechnical people reading the last few paragraphs are unlikely to be reassured. Same goes for some technical people as well. (Including, perhaps, Dr. Weinberger). For them, defaulted anonymity, in spite of its inconveniences, is still preferable to any "system" that sacrifices it.

The extreme user (not use) case is my cousin. He loves to take photographs and share them with people. He does this mostly by email. Last summer I asked him why he doesn't use Flickr or some other photo site. "I don't use any site that requires a password", he said. Why? "They're a pain in the ass", he said, adding "I don't need a password when I walk into a store, or drive from one place to another. Why do I need one online?"

In a numerical sense, his position is hardly extreme. The login/password convention is not any Old Hat for techies, but the defaulted norm. But that doesn't mean they aren't at least half-ridiculous in the offline world that will always be a lot larger than the online one. I say half-ridiculous because it's in the offline world that we use cards and PIN numbers to "log in", identify ourselves and do business (usually just to get money) from cash machines.

The offline world may be bigger than the online world, but the two will eventually overlap to a degree that the distinction becomes academic. That will happen when we relate to businesses, and to each other, with technologies that are more personal than computers. The most obvious of these are cards and cell phones.

Today both cards and cell phones are silo'd technologies. They may be "ours" in the sense that they have our names on them or use phone numbers that reach us alone. But they are issued by organizations that are not interested in relating to us by any terms other than their own. They do not start with us. Rather they end with us. They subordinate us to a system in which we are reduced to source of cash. That source is not a human being. It is a small cluster of variables known only to CRM (Customer Relationship Management) and accounting databases. We can only populate those databases. We cannot inform or relate to companies outside those databases, which are as hardened as bank vaults. Which means we don't really relate. There is nothing a company can learn from us other than what they let us tell them. When they get curious, they survey us as a population. Even when they have feedback mechanisms ("Click here to provide feedback!"), it's not to allow deeper, richer or more rewarding relationships with customers. It's just to make their silos work better.

Even if they want to, vendors can't break their own silos, any more than any company could build an Internet. They build silo'd customer relationship systems for the same reason they used to build silo'd networks: because there is nothing yet outside that system to obsolete it by providing something everybody will adopt because it works better for everybody and not just for one party.

Markets are human places. In their natural state they value independence and choice. Do our new user-centric identity technologies provide real independence and choice — including the choice to remain anonymous, at our discretion? Do they give us ways of expressing our intentions in the marketplace? Do they provide new mechanisms for genuinely relating to vendors (or anybody else)? Or do they just give us new and more secure key-rings for entering vendor silos?

And do they allow us to remain anonymous, if that's what we want? That's the test of whether or not they support real autonomous, independent and choice-ful market relationships.

Oddly, the context for anonymity is relationship. We must have choice about our relationships in marketplace as well as in other social settings. In a truly free marketplace, we should be able to choose whether our relationships are temporary or enduring, thick or thin with information, and private on mutually agreeable terms. Anonymity is not a use case but a use condition. If we don't support it, we'll continue to support the persistent Industrial Age notion that a "free" market is your-choice-of-silo.

So our real job here is busting up the silo system.

I will know the silo system has been replaced by a free market when the car rental marketplace is filled with agencies that would be glad to hear that I want to rent a 4-wheel drive vehicle in Denver for the third week in January; and that I need it to seat six, have a roof rack, have an AUX input in its dashboard sound system; and that I happen to be a member of the Budget FastBreak, Hertz One and Avis Wizard clubs — without my revealing any more than that.

I will know the silo system has been replace by a free market when vendors realize that they can learn far more, sell far more, and improve their offerings far more, if they actually relate to their customers, rather than lock them in CRM silos that remain instruments of global indifference to what customers might actually want.

This pie is still in the sky. No CRM system on Earth is interested in hearing such a request, or in appreciating customers' desires to remain anonymous until they are ready to reveal personal information on a need-to-know basis, or in welcoming relationships that are any deeper than a "loyalty program" that is nothing more than a trap. It's not their fault. All CRMs grew up in a lopsided industrial world where the whole relationship burden fell on vendors rather than customers. We need to provide something on the customer side that will bear at least half the relationship weight.

That something would be VRM — Vendor Relationship Management. This is something more, and different, than an way of managing one's identities. VRM should equip the customer to actually relate to vendors, and not just to buy stuff from them. In order to do that, a high degree of control on the customer's side is required.

How do we do that? What form does it take? Is it code that lives in a card? Can it be operated by cell phone? Will it require a broker of some kind? Where do we start? These and many other questions are now on the floor at ProjectVRM , a new research and development effort by the Berkman Center for Internet and Society.

Help in launching ProjectVRM (and the thinking behind it) has come from colleagues such as Mary Rundle, who is working on anonymity, and John Clippinger, who first volunteered the Berkman Center as an informal "clubhouse" for the Identity Gang. Some will come from developers like former Berkman Fellow Dave Winer, who has been thinking about this issue, and whose track record at Making Things Happen is legendary. Same goes for Jeremie Miller (father of Jabber and XMPP). Also Joe Andrieu (whose focus is complex search) and Christopher Carfi, a CRM guru whose blog is The Social Customer Manifesto.

Many others also deserve mention (and I insult them by not listing them here), but none more than Steve Gillmor. To Steve, user-in-charge is a market fact, not a Web 2.0 buzzphrase. Steve has long seen that customers are not only the source of all revenue for every business (which will inevitably put customers in a commanding position), but that gestures are what will weave networked markets together at their atomic levels. We may not have our periodic table of gestures yet, but we can count on it coming.

All of this and much more will be on the table at IIW. We'll be taking notes and putting them up at the ProjectVRM wiki. I'll also be reporting here at Linux Journal and IT Garage.

Look forward to busting silos with you.

Tags: , , , , .

______________________

Doc Searls is Senior Editor of Linux Journal

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

2 of the 98% have logged on...plus one

Hillary O. Us's picture

i agree with doc's wife. i give my identity when and where i feel the need to...there are those who treasure their anonymous status...

Busting silos

Marketing Internetowy's picture

Looking forward to busting silos with you.

!?

Angela's picture

I also didn't understand the post. Is your work legal in the US?

!?

Sasa's picture

I didn't understand this article. You talking about small group of programmers who help owners to break in their own silos?

guy here

linux hello's picture

I have been an Identity Gang for 1 year now, I agree, So our real job here is busting up the silo system.

Not how people act

Anonymous's picture

Yes, the wife's desire for anonymity is a rather widespread desire. But people often act far different than how they claim to act. How many choose not to use a discount card from the grocery? People look at you funny when you don't. They let you 'use' theirs to get the discount.

In this I see the same thing our (U.S.) founding fathers recognized: we are only too willing to give up anything of importance (anonymity, freedom, etc.) for convenience. Is it any wonder that we get CRM from companies only too willing to take advantage. That's not a system; that's how people behave. How do you change that?

Think about the fundamental reason there is even a discussion about default settings. It's because we _know_ users can't make the right decision. While PGP and better yet, GPG are great, and as easy to use as can be expected given the complexity, few people use it. And fewer still use it properly. (Yes, those of you who know the Linux command line, I know you know it. It's the other 98% of the world I'm concerned about.)

Identity is different in that not only is it complex, users want both of two mutually exclusive things: anonymity and convenience. They're mutually exclusive because of the complexity created when another party is willing to offer value in exchange for the identity.

One wants price, the other wants data (a situation similar to the Russians who, during the cold war, sought victory without war while the U.S. sought peace without victory). Both parties are willing to sell precisely what the other wants - at a price the other considers cheap. A new 'identity structure' may give us a finer grained control over our own choice, but it can not control the other party and that's the root of the problem.

A 15 year old I know has recognized that how one asks a question influences the answer - he did an award winning science project on it. How about if we ask a more realistic question such as "If you could chose, would you give up your anonymity to get X?" Then we'll learn something.

But it will probably be quite close to what we'd learn from looking at user behavior under the existing system. Companies don't give away any more discount than they have to. That's a market value on identity. Of course, there's also the cost to using one more system that must be overcome so the price for giving up anonymity is even less than the value of the discount. Companies are obviously willing to pay the price. And they have no shortage of takers.

But indeed, today you do have a choice in giving out your personal information. But the other party has a choice too. Their choice is "if you don't give us the data, we're not giving you the goods." And what do people choose? A new system will let a few people who really love the idea protect their identities from a supermarket. But while I care about protection from my supermarket, what I really care about is government.

And the government can simply use the power of law to force the issue. (Of course it's all for the public good - you have nothing to worry about. Trust me.) This does not require a new system but a discussion of policy. It requires informed voting to support that policy. Sadly, the days of unrestricted travel is over not because it's not a good idea but because people want to trade freedom for perceived security. And that's the problem.

Anonymity in authn/authz'd web transactions

Eve M.'s picture

Hi Doc-- I blogged on much the same subject just yesterday in Identity planets, moons, and comets -- making the point that anonymity/pseudonymity must be treated as first-class use cases, even if you sometimes decide to relax those restrictions and share your unique identifier with web applications for the benefits you get thereby. Lots of technologies coming out in recent times focus on easier ways to allow users to release information about themselves based on the needs of the web app that's asking. We need to ensure that there's a user-centric (you should forgive the expression!) throttle on this, whether it's policy-based or at the "point of sale".

For those attending IIW, I'll be discussing this in my "SAML, Liberty, and Federation" introductory session on Monday afternoon. And I very much hope people will join in on some planned sessions to discuss busting open OpenID and SAML/Liberty Alliance silos...

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix