Let's go bust some silos

by Doc Searls

The Internet Identity Workshop starts tomorrow (Monday, December 4) and runs for the next two days, at the Computer History Museum in Mountain View, CA. Every time we have one of these, progress happens. It's a remarkable thing to watch, and to participate in.

But the challenges remain very high. To illustrate how high, I'll start with a conversation I had one year ago, when we were driving back from a Thanksgiving visit to relatives who live 250 miles away.

With the kid asleep in the back seat of the car, my wife asked me to fill her in on a subject that had preoccupied me over the last several years, yet had remained opaque to her. "Tell me about this whole identity thing", she said.

So I did. I told her about the need many of us saw for identity services that were centered on individuals rather than organizations, about the need to equip individuals with instruments of independence, about changing markets from collections of customer traps to free and open environments where customers and vendors could converse and relate from positions of equal power and autonomy. And so on.

She listened patiently as I ran down the various ideas and offerings forwarded by members of the Identity Gang and others who shared the same concerns. Then she said, "I hear all this as More Identity. I don't want more identity. I want less. When I'm online, I want to be anonymous. I don't want anybody to know who I am until I have a good reason to tell them."

In other words, she wants anonymity to be the default, rather than the exception. A decade of experience in the online world gave her no more reason to trust the Powers That Wannabe than she trusts the Powers That Already Be.

In all these respects her position was in agreement with David Weinberger's, which he detailed awhile back in Anonymity as the default, and why digital ID should be a solution, not a platform. Here's how he summed it up:

The basic problem is, in my opinion, that the digital ID crew is approaching this as a platform issue. Most places on the Web have solved the identity problem sufficiently for them to operate. Some ask for the three digits on the back of your credit card. Some only sign you up if you confirm an email. Some only let you on if you can convince an operator you know the name of your first pet and the senior year season record of your high school's football team. Sites come up with solutions as needed.

Good. Local solutions to local problems are less likely to change norms and defaults. But the push is on for an identity management platform. It's one solution — federated, to be sure — that solves all identity problems at once. If you want to change a social default, build a platform. That's not why they're building it, but that will (I'm afraid) be the effect. It's not enough that anonymity be possible or permitted by the platform. The default isn't about what's permitted but about what's the norm. If the default changes to being naked at the beach, saying, "Well, you can cover up if you want to," doesn't hide the fact that wearing a bathing suit now feels way different. Yes, there's something wrong - and distracting - about the particulars of this analogy. But I think the overall point is right: We're talking about defaults, not affordances.

There are serious problems caused by weaknesses in current identity solutions. Identity theft is nothing to sneer at, for example. But are we sure we want to institute a curfew instead of installing better locks?

Well, if there's one thing that the Identity Gang (a user-oriented subset of the Digital ID crew) has agreed upon, it's that there will never be one identity platform. In fact, all of the proposed (and in some cases working) user-centric identity approaches are to what David calls local problems. (Though the scope of some may be less local than others.) Microsoft's Card Space uses a card metaphor (like the cards you carry in your wallet, only virtual and more secure — they're called InfoCards) to handle the online handshakes that currently require login and password entry. More importantly, it provides a way "to put the release of identity information under the direct control of computer users", says Kim Cameron, Microsoft's chief architect on the Identity case (see Independent Identity, in the September 2005 issue of Linux Journal), and the author of the Seven Laws of Identity. The first of those says "Technical identity systems must only reveal information identifying a user with the user's consent". Seems to me this respects a user's wish to remain anonymous if they wish. But does it support anonymity as a default? Not sure.

Cardspace's compatible open source implementations, being worked out by the OSIS (Open Source Identity System) crowd, will do the same. And it's far from the only open source user-centric identity effort.

i-Names is an XRI/XDI-based way to own, manage and present your identity. (I first wrote about i-Names in this Linux Journal article. Higgins is an open source trust framework for solutions like CardSpace and OpenID, which was created by Brad Fitzpatrick for LiveJournal as a simple solution to the single-sign-on problem. (The OpenID URL-based approach has a history that also goes back to LID and Yadis, as described here.) WhoBar is a Sxip's new browser tool that lets users login to a site using a choice of OpenID, InfoCards or Higgins. None of these is a "platform" in the sense that it serves as a foundation for a silo. In fact, Kim's 5th law of identity says "A universal identity system (or "metasystem") must channel and enable the inter-working of multiple identity technologies run by multiple identity providers". In other words, it's not one system, or one platform. Kim explains, "One reason there will never be a single, centralized monolithic system (the opposite of a metasystem) is because the characteristics that would make any system ideal in one context will disqualify it in another".

So there is agreement within the Identity Gang that there will be many ways for individuals to control and assert their identities in the world.

Yet nontechnical people reading the last few paragraphs are unlikely to be reassured. Same goes for some technical people as well. (Including, perhaps, Dr. Weinberger). For them, defaulted anonymity, in spite of its inconveniences, is still preferable to any "system" that sacrifices it.

The extreme user (not use) case is my cousin. He loves to take photographs and share them with people. He does this mostly by email. Last summer I asked him why he doesn't use Flickr or some other photo site. "I don't use any site that requires a password", he said. Why? "They're a pain in the ass", he said, adding "I don't need a password when I walk into a store, or drive from one place to another. Why do I need one online?"

In a numerical sense, his position is hardly extreme. The login/password convention is not any Old Hat for techies, but the defaulted norm. But that doesn't mean they aren't at least half-ridiculous in the offline world that will always be a lot larger than the online one. I say half-ridiculous because it's in the offline world that we use cards and PIN numbers to "log in", identify ourselves and do business (usually just to get money) from cash machines.

The offline world may be bigger than the online world, but the two will eventually overlap to a degree that the distinction becomes academic. That will happen when we relate to businesses, and to each other, with technologies that are more personal than computers. The most obvious of these are cards and cell phones.

Today both cards and cell phones are silo'd technologies. They may be "ours" in the sense that they have our names on them or use phone numbers that reach us alone. But they are issued by organizations that are not interested in relating to us by any terms other than their own. They do not start with us. Rather they end with us. They subordinate us to a system in which we are reduced to source of cash. That source is not a human being. It is a small cluster of variables known only to CRM (Customer Relationship Management) and accounting databases. We can only populate those databases. We cannot inform or relate to companies outside those databases, which are as hardened as bank vaults. Which means we don't really relate. There is nothing a company can learn from us other than what they let us tell them. When they get curious, they survey us as a population. Even when they have feedback mechanisms ("Click here to provide feedback!"), it's not to allow deeper, richer or more rewarding relationships with customers. It's just to make their silos work better.

Even if they want to, vendors can't break their own silos, any more than any company could build an Internet. They build silo'd customer relationship systems for the same reason they used to build silo'd networks: because there is nothing yet outside that system to obsolete it by providing something everybody will adopt because it works better for everybody and not just for one party.

Markets are human places. In their natural state they value independence and choice. Do our new user-centric identity technologies provide real independence and choice — including the choice to remain anonymous, at our discretion? Do they give us ways of expressing our intentions in the marketplace? Do they provide new mechanisms for genuinely relating to vendors (or anybody else)? Or do they just give us new and more secure key-rings for entering vendor silos?

And do they allow us to remain anonymous, if that's what we want? That's the test of whether or not they support real autonomous, independent and choice-ful market relationships.

Oddly, the context for anonymity is relationship. We must have choice about our relationships in marketplace as well as in other social settings. In a truly free marketplace, we should be able to choose whether our relationships are temporary or enduring, thick or thin with information, and private on mutually agreeable terms. Anonymity is not a use case but a use condition. If we don't support it, we'll continue to support the persistent Industrial Age notion that a "free" market is your-choice-of-silo.

So our real job here is busting up the silo system.

I will know the silo system has been replaced by a free market when the car rental marketplace is filled with agencies that would be glad to hear that I want to rent a 4-wheel drive vehicle in Denver for the third week in January; and that I need it to seat six, have a roof rack, have an AUX input in its dashboard sound system; and that I happen to be a member of the Budget FastBreak, Hertz One and Avis Wizard clubs — without my revealing any more than that.

I will know the silo system has been replace by a free market when vendors realize that they can learn far more, sell far more, and improve their offerings far more, if they actually relate to their customers, rather than lock them in CRM silos that remain instruments of global indifference to what customers might actually want.

This pie is still in the sky. No CRM system on Earth is interested in hearing such a request, or in appreciating customers' desires to remain anonymous until they are ready to reveal personal information on a need-to-know basis, or in welcoming relationships that are any deeper than a "loyalty program" that is nothing more than a trap. It's not their fault. All CRMs grew up in a lopsided industrial world where the whole relationship burden fell on vendors rather than customers. We need to provide something on the customer side that will bear at least half the relationship weight.

That something would be VRM — Vendor Relationship Management. This is something more, and different, than an way of managing one's identities. VRM should equip the customer to actually relate to vendors, and not just to buy stuff from them. In order to do that, a high degree of control on the customer's side is required.

How do we do that? What form does it take? Is it code that lives in a card? Can it be operated by cell phone? Will it require a broker of some kind? Where do we start? These and many other questions are now on the floor at ProjectVRM , a new research and development effort by the Berkman Center for Internet and Society.

Help in launching ProjectVRM (and the thinking behind it) has come from colleagues such as Mary Rundle, who is working on anonymity, and John Clippinger, who first volunteered the Berkman Center as an informal "clubhouse" for the Identity Gang. Some will come from developers like former Berkman Fellow Dave Winer, who has been thinking about this issue, and whose track record at Making Things Happen is legendary. Same goes for Jeremie Miller (father of Jabber and XMPP). Also Joe Andrieu (whose focus is complex search) and Christopher Carfi, a CRM guru whose blog is The Social Customer Manifesto.

Many others also deserve mention (and I insult them by not listing them here), but none more than Steve Gillmor. To Steve, user-in-charge is a market fact, not a Web 2.0 buzzphrase. Steve has long seen that customers are not only the source of all revenue for every business (which will inevitably put customers in a commanding position), but that gestures are what will weave networked markets together at their atomic levels. We may not have our periodic table of gestures yet, but we can count on it coming.

All of this and much more will be on the table at IIW. We'll be taking notes and putting them up at the ProjectVRM wiki. I'll also be reporting here at Linux Journal and IT Garage.

Look forward to busting silos with you.

Tags: , , , , .

Load Disqus comments