37Signals looked at their data and will shut down their OpenID service. Good on you for treating OpenID‘s usability issues seriously and for designing a smooth transition path. You gave it a shot for three years and it didn’t work out.
I’d love to have the 37Signals team come to the place OpenID was born: the Internet Identity Workshop. This is a teachable moment. Bring your observations and your customers’ pain so the next generations of digital identity serve you better. Two events are coming up: IIW #12 is May 3-5 in Mountain View but you might want to come to Identity Collaboration Day February 14th in San Francisco before RSA.
Mathew Ingram shared two ways companies should respond to privacy issues. 
-
Make settings visible and easy to use. Facebook has made a series of changes to its privacy settings over the past year, but one of the risks is that the more complex and difficult to find the settings become, the less likely people are to go in and change them.
-
Allow users to opt in. Facebook takes a substantial amount of criticism because it chooses to automatically opt users in to new settings and features. The giant social network can get away with this thanks to its sheer size, but smaller companies and services run the risk of alienating their users.
That is so 2005. “Opt in” and “easy to use” are condescending now that users demand more control, transparency, flexibility, and portability.
I know Ingram could go a lot deeper. For starters:
Resolve that customers own their data.
Say it publicly. Repeat often. Reinforce your commitment through policy, procedure, design, operations, and governance. This includes user ability to bring their data from other services to yours, to move and remove their data from your service, to keep the authoritative form of key data elements outside of your service.
Add “List the privacy implications” to your checklists.
Check in new code? Change a web page? Adjust pricing? Whatever your business practice, ask about the privacy and data portability implications. Embed that question in your routines at every stage of your product life cycle.
Federate your customer data policies.
You are not the only custodian of your customers’ data. You put customer data in the hands of other companies all the time. And they, in turn, put it in the hands of yet other companies that you’ll never meet. Your privacy and portability policies may fit your market, but are your suppliers aligned? Can they make the same commitments on your behalf? Are they committing to protect customer data as much as you are? Are they keeping your customers’ data in jurisdictions that protect your rights and your customers’ rights? You need to hold summits, or at least conference calls, to make sure your ecosystem share core values and practices.
Trust but verify.
Set up surveillance so your teams are the first to discover privacy breaches. Audit your own systems regularly. Set up Red Teams to test your ability to protect customer data. Test your partners.
Plan for leaks.
It’s going to happen. Practice your response and put your checklist together now. You and your team won’t have time to think deeply or well under fire.
Back laws and public efforts to give customers equity in their data.
The law protects your ownership of a paper clip more than they do your Facebook profile. Support the invention and evolution of property, identity, privacy, and creative rights and laws that make sense for the rest of the 21st century.
Call me at +1-510-343-5664, Skype me, follow @SkypeJournal and @evanwolf. Visit our Skype Journal private technologist roundtable, one of the longest running public Skype chats.
Skype’s long term identity will not be the new phone company. Skype is in the business of helping people manage their relationships.
Dear Skype,
Please:
- Join the Personal Data Ecosystem, a new umbrella organization and Identity Commons project, and participate in the Internet Identity Workshop (IIW)and Vendor Relationship Management (VRM) communities to advance person-centered identity and personal data concepts and technologies.
- Experiment with helping your customers visualize and act on their non-Skype social updates in the Skype context. New contextual conversation triggers from outside of Skype should foster better relationships and more, longer, better conversations.
- Expand SkypeWeb‘s presence service to also return mood messages where privacy settings permit.
- Start talks with Ping.fm, Comcast Plaxo and others who can help you pipe Skype’s updates through the social web.
- Test the effect of bringing workplace updates (from Yammer, SAP Friend Optimizer, Microsoft SharePoint, for example) into Skype on chat, conferencing and other calling behavior.
There’s an emerging role for Personal Data Stores (some people call it a personal data locker or data bank) that finds your information, collects it, and makes it easier for you to manage your relationships with the sites/services/apps/orgs that use or have custody of your data.
The Money Metaphor
One analog for the Personal Data Store is the bank where you store your money and keep it safe. They help you:
- get your money from other places
- put it to work passively with as they loan it out on your behalf and pay you interest
- pay others with your money through transfers, credit cards, EFTs, checking
- understand and manage your money’s states, flows, and allocations with metadata, reports, analysis and alerts
- comply with tax and other government authorities.
Continuing the bank analogy, vendors like Skype may take some of your money and hold it for you but that doesn’t make them a bank. Their core business isn’t helping you with your money. They just need to be responsible with your money and their own bank should work well with all of their customers’ banks.
The money metaphor for personal data works pretty well. People need institutions to act on our behalf, to be beholden to us for the security and utility of our personal information assets.
Back to Skype. 2008′s 28 “What Skype Means To Me” posts showed Skype bringing families closer together and helping people work remotely were more important than Skype’s disruption of the telecom industry. Skype’s true purpose, its long term identity, will not be the new phone company.
Skype at its core is in the business of helping me manage my relationships. Relationships are the accumulation of conversations and other things we do with each other. Those conversations and our social graph are awash in data. Yesterday I asked Skype to bring more of that data from other places into the Skype user experience.
There are two roles Skype-The-Company would play in this. The first is Social Peripheral Vision Provider. An SPPV provides a view into what is going on in the world through the lens of your interests and the people you know. You see this in desktop apps like TweetDeck and Seesmic Desktop and mobile apps like those from twitter, facebook, and foursquare. Consider this a role between social surveillance and social sousveillance.
The second role is as a Personal Data Store, helping Skype users control, manage, and employ their own profiles, updates, and the records of their conversations. None of the major internet or financial institutions does this well or at a broad consumer or business level. Google provides a measure of identity consolidation through the Google Profile. Google Health and Microsoft HealthVault are substantial health PD projects.
Skype should be a PDS for your online data. Skype should help you:
- get your data from other places
- put it to work for you through de-personalized aggregation
- “Sign in with Skype”, authenticating my identity to other services
- field anonymized requests for contact (“someone at IBM would like to speak with someone like you at Skype Journal”)
- share your data with other services on request (“LinkedIn is checking for your latest contact information”)
- facet how you present yourself so your Warcraft avatar is different from your LinkedIn profile photo
- contextualize your social graph’s activity (“these seven work contacts are in this meeting”, “your Tallinn contacts are leaving the office for the night”, “you haven’t checked in with your usual Monday morning people”)
- withdraw from other services, removing my data thoroughly
Skype could be the fourth party in Vendor Relations Management where its billion users (just a few more years) contract their data to companies that use it. As Joe Andrieu explains in his VRM and Personal Data Stores post:
Here are a few rights that users might want to be able to secure for their data, as well as some privileges they could provide to vendors:
- Reciprocity – That vendors who access a particular type of data also agree to reciprocally provide updates to that data. For example, I might let Amazon access my media history records if they agree to update it with my past and future media purchases at Amazon.
- Non-propagation – No further distribution of the data beyond the specific services authorized. No reselling to third-parties. No re-use by other divisions.
- Non-persistence – No retention of the data beyond the session of the current transaction. For example, an emergency room physician can access my personal medical history while I’m under his or her care, but he or she can’t store that data on any internal systems.
- Anonymous Persistence – Data can be retained, but only if it is suitably anonymized and disassociated from the individual user.
- Editable Persistence – Data may be retained by the vendor, but it must be editable and deletable by the user.
- Anonymized Analytic Rights – Vendor has the right to query the PD at a later point for business or operational analysis, as long as that analysis ensures anonymity after the fact.
Doc Searls added to the Cluetrain Manifesto‘s “Markets are Conversations” premise a tenth chapter: “Markets are Relationships.” eBay’s instincts were good when they bought Skype, a conversation enabler, to make eBay’s markets better. Skype’s cloud infrastructure could bring great power to their user’s side of business relationships and rich, trusted customer data to the vendors’ side. This could easily be the line of business that outpaces SkypeOut as a Skype’s top income source.
The best place in the world of identity to be next week is Washington, DC, for IIW–East. I want to talk with people about (a) the future of personal data property laws and (b) data portability in the public sector. 
I go to unconferences like IIW for the identity-focused brainpower. We’ll have the architects behind projects like OpenID, OAuth, Open Social, Portable Contacts, Activity Streams, Information Cards, XRD, XRI, XDI, SAML, DiSo, The Pamela Project, Higgins Project, CardSpace, Shibboleth. Industry groups like the Identity Commons, Liberty Alliance, OASIS ID Trust and the ITU-T Focus Group on IdM send thought leaders.
Two more IIW events follow this year: IIW-Europe, October 11 in London, and IIW #11 in Mountain View, California, November 9-11. They continue our community’s conversation that leads to builds better person-centered digital identity systems.
So far I see early-bird signups from Yahoo!, AOL, Microsoft, Oracle, Nokia, Alcatel-Lucent, Johns Hopkins University, Gartner, Cisco, Orange, AARP, the State of Connecticut and federal agencies. What a great mix.
There’s a race to be the keeper of your online identity by many of the largest Internet companies (Microsoft, Google, Yahoo!, Twitter), by financial institutions like banks and credit card, by government agencies (IIW was co-founded by Utah’s ex-CIO), and by those who provide your Internet (mobile, cable, and telephone companies). Skype is in a pretty good position to compete if it choose to.
|
7 years and 2 days since Skype Journal launched as a stand-alone blog.
|
|
Join the Skype 6.X Text Chat Room