Open versus closed information

I am privileged to work with many talented people, people who like thinking about what they are doing and why. As we began our circuitous route on to an internal blogosphere, two questions kept coming up.

One, should we start with an open approach to information and then close those bits and pieces that need closing….or should it be the other way around?

Two, should we enforce declaration of identity or should we allow anonymity?

I think that both these questions are critical in the context of a number of debates about information, particularly those that touch on digital rights, identity, security, privacy, confidentiality and the like.

I’d love to know what you think about these two questions, and am looking forward to comments that I can learn from.

In the meantime…. my gut feel is that DRM implementations that start with a “closed” approach to information are doomed to failure. I have always believed that knowledge management and information security are kindred spirits. You impute value to an information asset. You declare who can see it. You declare who can’t. You must start with a view that information is an asset that increases in value with reproduction and enrichment and evolution and adaptation. Start with free for all. Only restrict access when there is good and clear reason. And there will be good and clear reasons: confidentiality, privacy, regulation, commercial value, whatever. But it is easier and simpler to close bits when really necessary, in comparison with trying to open bits that default to closed.

I’d be interested in knowing other views on this, whether mad or wise.

I approach the second question almost as if it is the first question. Open is better than closed. There may be reasons for stimulating or encouraging anonymous behaviour, but I don’t find them easy to understand. [I am reminded of a 20s-30s book by Julius Henry Marx entitled “Beds”. Chapter One was headed Essay on the Advantages of Sleeping Alone. The page was blank. And in a footnote the Editor stated “The Author refrained from making any contribution to this chapter”. Or words to that effect…forgive me, it’s thirty years since I last read that book.

Looking forward to the wisdom and madness.

Blogs in organisations

Euan Semple commented on something I’d posted earlier, and it stimulated me to checking out his blog, something I had been remiss about for a while. My bad. I particularly liked the David Maister piece on blogging behind the firewall. You can check it out here. I’ve been a fan of Maister’s ever since Managing The Professional Services Firm. Thank you Euan.

Enterprise applications architecture

My son Isaac takes two minutes to critique a mobile phone. My daughter Orla holds a dozen IM sessions in parallel while doing her nails, her homework and listening to music. And the youngest, Hope, gets frustrated as only a seven-year-old can, when she can’t install the game she’s bought because of poorly designed parental control filters that should affect web browsing and not CD-ROM installing.

They are the future. In fact, the way consumerisation’s moving, they are the present. Mobility and wireless, virtualisation and service orientation, Moore, Metcalfe and Gilder, the opensource gang, Jerry Garcia and Arctic Monkeys, and Steve Jobs. They help define the environment.

Some time ago I started working on a four-pillar model for enterprise architecture, in the belief that everything we do will be classified into one of the following:

Syndication: We will subscribe to stuff yanked out of humongous content publishers and consume them via a syndication, alert and aggregation facility. RSS gone ballistic. SAP and Oracle Financials meet Wall Street Journal Europe and Reuters. All stored somewhere both within the firewall as well as without. Text and voice and video.

Search: We will do some ad-hoc yanking ourselves, getting used to a Google-meets-StumbleUpon world where collaborative filtering of role and context helps relevance go up, and there are simple yet powerful heuristic tools because we can tag things and vote on them for future reference. Again from storage within and without.

Fulfilment: There’ll be a bunch of things where we need to discover what’s out there by syndication, search and learning. Refine what we discover to a set of things we’re interested in. Check out captive and brokered and otherwise made-accessible inventory. Discover price and select item. Provide shipping instructions or logistical information. Identify our right and authority to exchange value. Exchange that value via card or account or wampum. Be fulfilled. Flights, hotels, stocks, consultants, books, music, food. All fulfilled.

Conversation: Another bunch of things gluing all this together. Voice. Video. E-mail (though it will decay into pretend-snail-mail and die, I hope). Blogs and wikis. IM. Texting. Whatever. Ways of discovering, co-creating and enriching the value in information. Information that you need to fulfil things you have to do.

None of this will work if the information we need to get pushed to us or get pulled down by us is hidden behind walled gardens. Walls made of weird DRM constructs like Region codes on DVDs. Walls that hold our information and make it harder for us to rip it and mash it and make something useful out of it.

And DRM is a cater-cousin of identity and authentication and permissioning. All blessed by the grand panjandrums of information security, or escapees from the Y2K-marries-Basle-II-and-then-leaves-her-for-Sarbanes-Oxley-while-no-one’s-watching zoo.

But there’s good stuff too. NAND RAM may make our boot-up times easier. Consumer boradband wireless may well be reality soon, and the 20-year threat of telephony becoming software is finally happening. Opensource keeps redrawing the lines for the desktop and for core productivity tools. Apple goes Intel. It’s a good time.

I want to be able to come in to work. Get instant karma at my desk, with whatever passes for a desktop and whatever passes for a connect. Don’t care. Identify myself with whichever two factors are in vogue that day, provided they leave my cells intact and my privacy unflustered.

Then I take a look at what’s come in via my aggregator. Roll with it while I StumbleUpon the web. Stimulated by what I see in the aggregator or the web, I start pulling things down from the great data warehouse in the sky, preparing to create value by fulfilling something or the other. And all the time I’m talking to people and sharing metaphorical coffee and and and.

It’s happening now. So I think it’s time to keep elaborating on the four pillars, have them shot down and rebuilt as many times as possible. Egoless.

So this is what I’ll do in this part of the blog.

Talking about pillars. Christopher Wren designed the Guildhall where I live. 17th century wonderful support-free curved roof. They had town planners then. “Your edifice won’t stand up, you need more pillars in the middle”. “Says who? I’m the architect here”. “Says we, and you don’t get to build your beautiful building unless you do what we say. Four more pillars please”.

Dejected, he built them. In the central area. Just as they asked.

Six inches short.

Customer information (continued): If we build it, will they come?

One of the questions that keeps popping up when people discuss “giving the customer’s information back to the customer” is:

Is the customer ready for this?

This is not a trivial point. The social and cultural aspects of such a move need to be thought out and prepared for, one of the reasons why this hasn’t happened as yet. So let’s take a look at what has been happening, but perhaps with a slightly sideways perspective.

One. We have started the process of giving the customer control of transaction execution. Any purchase/fulfilment on the web, even checking in for a flight. We have started the process of providing the customer transparency of the transaction’s status. Fedex. UPS. Amazon. eBay. Everyone’s got it. We have started the process of providing the customer transparency of information held about the customer, in terms of Freedom of Information or Data Protection or whatever. Now all we are talking about is transferring the responsibility of looking after the customer’s own relatively static information to the customer. How different is this from my being in control of my preferences for Amazon or eBay or the Wall Street Journal online. Establish who I am. Indicate what I am interested in, and not interested in. Go through some process of validating my financial status formally; an example would be getting “verified” status on PayPal. And bingo, there I am.

From a consumerisation perspective we have already taken step one of “giving the customer’s information back to the customer”. What consumer product/service providers have not yet done is step two, allowing the customer to share information about vendor A-related activity with vendor B. And this will happen. Despite the wholly predictable pushback from the product/service vendors, who lose a layer of lock-in as a result.
From an institutional perspective there is much to do, given where we are now. The vendor-lock-in argument is even more compelling here, with institutions largely unable to accept or sometimes even comprehend the implications of such a move, that of allowing the customer to share “your” activity information with a competitor. But it will happen. Only a matter of time.

Before we even go into the nature of the technology underpinning all this, in terms of identity formats and microformats, public and private keys, the nature of the encryption, the federated versus centralised models, how trust is conferred and authenticated, what kind of 1000lb gorillas are needed, the role of biometrics, the need for multifactor authentication processes, transaction guarantees and the process involved in guaranteeing, privacy protection, appropriateness of solutions for anti-money-laundering and identity theft protection and the economics of large scale provision of related infrastructure, we need to get the first question answered. Is the customer ready for this?

I can only speak for myself. Would I like to share my eBay activity with Christies or Bonhams or Sothebys? Would I like to share my British Airways activity with Lufthansa and United and Virgin? My hotel and car activity? My books and music activity? Yes yes yes.

I get to control my core “static” information. Who else knows this as well as I do? I get it verified by an independent arbiter, much like I need a birth certificate to get a passport. I choose whom I share what with.

I choose. I look after. I am the beneficiary.

That’s the key.

Then I can get all the downstream benefits of collaborative filtering and recommendations. Then my marketplaces get all the benefits of democratised reputation and rating and profiling and prediction.

A lot has to change. And will change. Provided the plan is: I choose. I look after. I am the beneficiary.

Customer information

I remember being at a conference some years ago, when I was asked “Of all the things that are being hyped right now, what do you dislike most?”I replied “Customer Relationship Management”, arguing that the models I saw were more about Customer Exploitation Management than about Relationship Management. You don’t seek to exploit people you have a relationship with.

A couple of years ago, in conversation with Doc Searls, we touched on similar themes. He recounted a tale of the time he spent in Africa, and how markets there worked on relationship first and transaction second, in terms of the way the conversations flow. Something along the lines of “How’s your uncle’s wisdom tooth doing?” “Did your son-in-law finally learn to drive?” “Did you hear about Nathaniel’s adventure?”

Doc posited that the relationship-then-only-when-called-for-transaction route was the way conversations should go, and that we had somehow lost our way in the West. Having spent half my life in India, this resonated with me.

The next day, I heard Dick Hardt do his Subterranean Homesick Blues bit with Identity. For those who haven’t seen it, it’s a must. You can find it here. And I walked away loving it. Yes, why can’t I share my Amazon buying profile with other booksellers? Why can’t I share my airline and hotel information more usefully across multiple providers? Isn’t it my information in the first place?

And rattling around in the back of my mind was some of the stuff in Malcolm Gladwell’s Tipping Point arguments. [Wow. I was wondering how best to describe the book and the arguments. Of course. Wikipedia, what else?]. There was a sense that connectors, mavens and salesmen demonstrated weak-interaction behaviour in terms of soft-hands non-exploitative relationships with their network of influence. Which worked so much better than the MLM and pyramid selling techniques we are all more used to.

I’m posting this for a very simple reason. Trying to gauge what people are doing about this, the need to give customer information back to the customer. Who’s doing it rather than just talking about it?

Identity and authentication and permissioning are critical to the buildout of 21st century enterprise applications.