I spent some time talking to Wes Kussmaul, CEO of The Village Group, about intellectual property and identity management. It's an area of business that is becoming increasingly important, and thus there is a lot of talk as to how best to secure and monitor access to collaboration systems.

We talked around a really interesting dilemma when it comes to securing intellectual property. How do you decide who is allowed inside the clubhouse? You not only have to decide which friends you're going to trust, but also which of their friends are allowed to tag along. Not easy, is it? When your clubhouse is your "circle of trust," it's more serious than just letting friends in. You have more at stake.

So, the key to controlling the flow of information (intellectual property) and to managing who gets access to what is enrollment. Your screening process must be controlled. You wouldn't give the keys to your office to just anyone, and the same goes with whom you choose to hire and to work with. These days, you don't just have employees. You have suppliers, contractors, advisors and more. Each of these people you work with need to be screened in the same way you do your employees. You don't want to invite your competitor into your clubhouse by mistake. Remember that not everyone who says they are "Fred from banking" will be telling the truth. You need to know, with some certainty, if Fred is being honest.

Wes points to three key ways to design an enrollment process that will reliably help me establish Fred's identity. The first two, auditing the enrollment systems of everyone in the circle of trust, and second channel verification (such as a phone call), are basic barriers from low-level threats. The third, however, poses much more potential - with much more debate. Universal ID.

Universal ID is a system that would establish Fred's ID, no matter where he was in the world. One such example of this is a PKI - Public Key Infrastructure. With the PKI, you can be assured that Fred is who he says he is. And, when it comes to managing intellectual property, you can see who has control over information. Whatever Fred had control of will be watermarked with a digital time/date-stamped signature. So, unless you have an enrollment issue of hiring people who are seriously out to steal your information, you can be reasonable assured that the PKI can manage the flow of information and restrict its access within your bounded space.

Continue reading "Managing identity and intellectual property"

I picked up a reference to a great idea by Stephen Downes over on Master New Media that I wanted to share. It's called mIDm

mIDm, pronounced "my dee me," is a little great idea to simplify online navigation and security - small idea, big results. It's the Mac factor - you make things more simple, and suddenly the results are huge. Simple is often more powerful.

mIDm is a self-identification network that supports single sign-on so that once you sign on, you never have to log in to other sites. Anywhere. And the key is that you sign on at your own website. It's kind of like the idea of asking your computer to remember your passwords or checking the "remember me" boxes on sign in sites - except, you retain control here. And there's no need to remember 20 different passwords, either.

You control your identity, your security, your privacy. It's not stored in some central database. You store it. You control your information - letting you change it whenever you please. And it's just as effective. You as still declaring that you are you and that your information is correct. And you can declare the level of security you use at the universal layer.

Billions of words have been written about user identity on the web. Numerous solutions have been proposed: to name a few, Passport, Liberty Alliance, LID, SxIP, PKI, CoSign and more...but no identity management solution has taken hold in any large measure on the World Wide Web...the vast majority of people, on the vast majority of websites, identity continues to be managed via a simple login with a username and a password...

What this does, in effect, is to establish a regime where a person's own declaration is the primary source of their identity, their own identity server; they do not need to depend on a proxy (such as a university registration, employment in a corporation, subscription to an internet service provider, or whatever)...

what mIDm is not is an authentication service. That is, websites have to take the user's word that they are who they say they are. But what it does do is to provide any user who wants it with a unique identity.

You can start reading more from Stephen Downes here.

Over at Blogspotting, the new Businessweek blog on blogging, Heather Green explores an insight from Mena Trott: "over time, people will get more control over who sees their blogs. They will be able to make different parts of their blog private, so that they're open only to certain people. This is already happening to some extent at LiveJournal, the service that Six Apart bought in January." The full socializing of social media waits for the full integration of the buddy list: being able to specifically label each blog entry with the specific circle (or circles) of buddies you want to be able to see it, up to and including the whole world. [Note: technologies like Traction Software already provide these sorts of access control -- it just hasn't shown up in Moveable Type or Typepad yet.]

I don't agree with Tom Coates that Trackback is dead. His argument is that trackbacks have been driven to extinction by the spammers, but blacklist and moderation tools solve that problem, really. And the near-term possibility of an instant messaging-style digital identity system (a la Six Apart's TypeKey) that would support a blogosphere-wide gated community of verified users should fill us with hope, not dread.

I have used literally thousands of communications tools over the past 20 years, and although there has been an increase in commmunication speed and media, we have yet to see the "nerdvana" of tools that I have dreamed about for so long.

I have long championed other media as inherently being better than email, such as instant messaging, so, as you can imagine, the tool I am dreaming out incorporates the basic metaphor of IM: the buddy list. But it goes beyond IM, as I will show you.

How can I so baldly state that other media are better than email, in such an absolute way? Simple. Email is designed as a lowest-common denominator communications system, where everyone is treated equally. All emails, more or less, are the same (leaving aside issues of rich text v HTML and so on, which is not the thrust of my argument), which is stupid. The reality is that my relationships with people -- whether I know them or not, how well I know them, and how involved we are at any given time in regular communication -- is foremost in my mind when involved in communications, and as a result, the various artifacts of communication should be treated differently based on the context for their existence.

Basically, email is pretty good at communicating with people when you don't know them well, or people you don't know at all. All you need is their email address and your emails will be treated pretty much like anybody else's. But as a result, email doesn't really do very much to help with the highest valued communication: communicating with the known. That's where the paradigm of buddies, and the gated communities of instant messaging networks excel.

But even technologies that I think are more useful in remaining in close contact with your circles of friends and colleagues don't necessarily work together very well, if at all. So I am forced to read and write emails in one tool (yes, I do email, despite my dislike for the medium), IMs in another (actually, two IM clients), and read blogs in yeat another. Coordinating appointments and to-dos that involve others is managed in yet another app. And an address book app is used as the repository of some of the information about people (like email address, IM handles, and phone numbers), while their blogs RSS feeds are stored elsewhere.

So, I decided to mockup an example of what a good unified client might offer someone like me, so I could sit in one tool all day long, choosing the appropriate communication, collaboration, or coordination channel based on the context.

Continue reading "Nerdvana: A Better Tool For Communication (I Can Dream, Can't I?)"

Howard Rheingold went into some really interesting commentary over on TheFeature about cameraphones as social software.

Rheingold hypothesizes that the cameraphone will come to exist as something completely different from both phone and camera, something more akin to visual storytelling. As with all photography, it is ultimately about point of view in snapping up what you see. With cameraphones, you are more likely to snap the unexpected moments and to have more freedom for use: for oneself, to share physically, or to send electronically. With the ability to snap and share, so to speak, we have a heightened "visual awareness" that accompanies our social relations.

And although these devices transmit images through the Internet, they are also turning out, rather unexpectedly, to be face-to-face media. It looks like this newly ubiquitous device could be more about flows of moments than stocks of images, more about sharing presence than transporting messages, and ultimately, more about personal narrative than factual communication.

Rheingold talks about cameraphones as the new way to establish social presence with those who may be geographically distant. I think this says a lot about the similarity between sending images (MMS) and sending text (SMS) - people tend to talk about how they use the technology as a supplementary way to keep in touch. I think the word "multisensory" is really key - sending images and sending text will never replace phone, or even email, but they add a new dimension to the way people connect through time and space.

Rheingold points to research done by Okabe showing that more people share cameraphone images than upload them to their computers. The images act as a part of the "shared awareness" both virtual and in person. Not only do people email their images, they also use them as illustrative tools in face-to-face meetings.

As Richard Smith points out, the ability to use your cameraphone as a "personal storytelling media" is really dependent on how good your phone is. If you can't store the pictures, are restricted by light conditions or poor resolution, you are less likely to be capable or inclined to use your phone to capture the frames of your everyday life.

Do you think you use your cameraphone differently than you do your camera?

I started a thread on SocialTwister that's gotten some good feedback and commentary. I thought it appropriate to share it here as well.

SocialTwister.com

[from "The Coming of the Database Economy - Hold Onto Your Opinions"]

In the future, the question will largely shift from "Should I archive this information" to "Should I query this information". When everything is moved to the point that it is searchable, getting "new" information from a system is more a function of programming than brute force. Whoever has the biggest, fastest algorithm wins.

So where's the long-term value then? Fortunately for us, these things always repeat themselves. As one force fades to the background a new one emerges. In my eyes, that new force is opinion, which I'd wrap in a Reputation bow. When there are millions upon millions of points of data to consider, knowing which the best is becomes far more important.

Consider that for a moment. What drives the value of Amazon, for example? In the beginning, it was simply enough to have the database of books since no one else had it. What pushes me back to Amazon, more often than not, however, is not the database (I assume everyone has it now). I am drawn in by things like the User Reviews and Ratings, not to mention, the Recommended Reading lists and other hooks like that. Given too many choices, I often find myself polling constantly for external benchmarks to evaluate with. Despite the best efforts of the AI community, I still have little faith that I would outsource my opinions to a server farm or that I would trust the wisdom of a crowd of robots in personal matters.

Interesting themes in a press release from the president of Overstock.com, who has built a social networking reputation system into the company's online service:

Patrick Byrne

[from 'It's Up' - Overstock.com Launches Auctions Powered by Social Networking press release]

The liquidation industry is one not normally known for its high-minded ethics: from our start in late 1999 we set out to distinguish ourselves by a fanatic devotion to fair dealing. I believe our liquidation business survived the dot-com crash largely due to our reputation among people selling to and buying from us. Even when we had no money to advertise, word-of-mouth convinced people to try our site, and the way we treated them kept them coming back.

Coincidentally, this has been the missing piece in e-commerce: in the deafening cacophony of e-commerce, whom can people trust? Most people would say, above all others, they trust the opinions of friends, family, and perhaps even a few co-workers. They rely upon social networks to help make connections and guide decisions. We do this in business as well, making deals based on relationships forged through our own experience and the experience of those we already trust.

We sought a way to integrate the trust inherent in these networks into e-commerce. To achieve this, we have integrated into our auction tab a system that allows for social and business networking unlike any that has ever connected businesses and consumers on-line. It may evolve into a massive, intelligent marketing organism, or into a system of personal introductions, or in some direction we have not foreseen. One thing we do anticipate, however, is that these "reputation networks" will work particularly well for on-line auctions, where buyers, sellers, enthusiasts and experts are traditionally anonymous -- and opinions are often biased (as evident in the declining value of ratings and the increasing tendency for retaliatory and spiteful ratings).

The emergence of purposeful network-based solutions like Overstock.com's follows a prediction I made earlier this year, when I said that standalone social networking solutions feel like an empty office building with people wandering around in them, and they will fail unless they turn to doing something tangible and vertically focused, like MySpace is doing with the music business (note the recent announcement that R.E.M. would be releasing their new album there, before more conventional distribution). There's a lot of bumping into people but very little work being done.

We should anticipate that all successful online emporia of the not-too-distant future -- wheather travel sites, shoes stores, or music services -- will be instrumented with full-up social networking underpinnings. Out entire online experience will be "socialized" in this way, and the race is on to see who will provide the social networking network that will underlie this new world order.

Google is truly a force that the majority of web users encounter in one form or another on a daily basis. It's dominance in the marketplace and constant push to innovate its technologies has been a comfort in many ways for many years.

Lately, however, I can't help but escape this hollowing feeling that the giant has become too enamored with itself and engulfed us in the process. Over the last couple of years, and especially in the last few months, Google has added a number of tools to its arsenal, purportedly because we, the users, needed/asked for them. What tools am I talking about? Consider:

• Name Search - This is really not a tool so much as a consequence of their database. Enter your name, or the name of anyone that you want to investigate, and a quick and dirty list of online breadcrumbs is at your fingertips.

• Phonebook Search - This service allows anyone to enter in a combination of name, phone number, or address and get back the Street Address and Phone Number associated (#)

• Credit Card Number / Social Security Search - The newest member of the gang is actually a hack, but a serious one. By searching for credit card numbers or social security numbers, Google will show you the sites stupid enough to list that information. (#)

So what's the big deal, you might be asking. These things have been around for some time. I think the evil side of things is two-fold. On one front we have a collapse of our anonymity/privacy. As I mentioned before (see "The Many Faces of Our Digital Identity"), I've observed several different forms of Digital Identity. One method for examining those different identities is to consider the role of anonymity in them. For example, our Public Identities are the least secure in our minds as it is the information we announce to the world. On the other hand, our Protected Identities are guarded secrets that we selectively reveal. I made mention of Residual Identity as well. This was the Google-effect at work. The problem with the hooks Google provides is that it blurs the lines between our identities and personal spaces.

The other evil front has yet to surface, but lets play conspiracy theorist just once. The launch of services like Orkut which serve to map and model our relationships and interests coupled with localized searching and localized advertising (a la GMail) provides some interesting opportunities for bad things to happen. Realistically, I don't think Google would intentionally do this, but it doesn't mean that "bad things" can't happen. Already, the tools are in place for someone to re-assemble a great deal of information on anyone or any group of people.

Unfortunately for all of us, there's not much that can be done just yet. When GMail was announced we say all kinds of legal action spur out of it from privacy advocates and lawmakers. For now, we can only rely on Google's good senses and wait for the IPO to be over so this hiding-behind-the-quiet-period non-sense ends.

Since the beginning of this blog, I've often tackled the issue of Digital Identity. In short, I've most often griped about the methods in which various systems and services have not only requested it, but also what they ask for.

In the past, I've tried to apply some of my experience developing databases to provide insight into why these services are almost forced to marginilize our identity, not to mention our humanity, to accomplish their goals. Without boiling us down to empircal data that can ne normalized, categorized, and indexed, searching and archiving are daunting tasks, to say the least.

Yesterday, two interesting nuggets appeared to me that got me thinking about something that I overlooked. First there was an article, then there was an e-mail from David Teten of Online Business Networks with a simple question: "Why don't you have an About Me page? What prompted that decision?"

There's a short answer to that question, which I'll send along to David shortly, however that's not the answer I am giving here. Instead, I was prompted to consider the changes in our behavior that occur as a result of having these new digital identies. Specifically, I realized that I could see many different identies in action already (Public, Protected, Projected, Disposable, and Residual).

Continue reading "The Many Faces of Our Digital Identity"

A few days ago, Yahoo! released an updated version of its Messenger product. Generally speaking, I do not use Yahoo! IM, or any specific IM client as I prefer to work with tools like Trillian so the announcement slid past me. Yesterday, an old friend and fellow developer IMed me to rave about the many changes to the new messenger and to bless their virtues. Naturally, I was intrigued so I installed it and set up an account to test it with.

After installing the app and using it for an hour or so, I've discovered many very interesting features worthy of mention. There are many new and features added to the mix, however it the most compelling cluster in the Digital Identity and Privacy domains.

Continue reading "The New Yahoo! (Messenger that is)"

A new competitor to Plaxo (and the other "contact unmanagement" vendors) has come on the scene: Midentity.

I was prepared to like Midentity. Screen shots (like the one to the right) showed a rich client experience, and the walk through demo at the website painted a Plaxo-ish picture of not having to update your contact information manually anymore. Esther Dyson is promoting it, so I swallowed and took the plunge.

[from The Web Belongs To Us by Abaigail Townsend]

During the original dot-com boom, Esther Dyson was the first lady of the internet. Unlike many of her contemporaries, the technology sage, who has made her name over the past decade as a trend-spotter, never went away. Her latest idea is that the web is no longer the domain of corporations: it's set to become all about you and me.

"We're all narcissists," she asserts. "If you go to anybody's house, there are pictures all around the place. It's the human element. The web's going to become a place for individuals."

Ms Dyson is talking at the launch of Midentity, a "personal digital identity" specialist that wants to cash in on this new dawn. The internet is no longer new or hi-tech. It's just there - in people's offices, in their homes and in their lives - as unimpressive as the phone.

But the actual experience of Midentity is not so much narcissistic as it is user-centric.

Midentity is in fact very easy to download and get running. Importing my contacts from Outlook also proved to be a snap, and as advertised, Midentity runs as a client on your desktop. It is easy to search for contacts, and to organized them into groups (as I did with Hylton and Britton (see the screenshot)). [Note to Microsoft folks: Please add groups to Outlook contact management.]

I presume that the updating features work as described.

Given the fact that I have an implicit network of Midentity users, I don't know why they decided not to provide presence and instant messaging as a core feature. I thought in fact that the "txt" icon represented text messaging, but it seems that it is intended only for sending text messages to cell phones. Very odd. And for this service you have to purchase credits (like phone tokens). Is this some UK-oriented service that I don't get? Are these credits cheaper than doing this some other way, there? The dialog box wants to charge my credit card in pounds, so there may be an explanation of a sort in there somewhare, but I don't get it.

Why would I use this? I have instant messaging services galore to IM people, which include passing messages to cell phones, and all which serve up presence information. While I might like to have contact management capabilities linked with my already installed buddy lists from AOL, Yahoo, and MSN, why would I go down this path?

This may be more of a feature request to the IM services rather than a first take on Midentity, per se. This functionality should be offered by MSN, Yahoo, and AOL as part of the unending war between the services.

I have a hard time understanding why I would use Midentity, aside from exploiting the features that directly overlap with Plaxo et al for contact management. And Plaxo operates within Outlook, relatively unobtrusively.

So Midentity's rich client seems like an awfully heavy footprint for features that could be integrated into Outlook. Without instant messaging and presence, the Midentity client is just a tease of this that might have been.

[Update 1:14pm -- An additional feature just presented itself. The client announces email as it arrives by popping up a small alert near the Windows toolbar, including name and subject. Cool.]

According to Credit Cards Magazine, there has been a big uptake in the use of credit cards in Eastern Europe, and to seom extent that has been led by the use of SMS text messaging to counter rampant credit card identity theft:"The biggest obstacle that credit card marketers had to overcome in Hungary was fear of fraud. But consumer concerns about the safety of their cards has led to an important security innovation made possible by the explosive growth of mobile phones in Hungary.

Each time a card is used, the cardholder immediately receives a text message on his cell phone confirming the transaction and advising him of his balance. Initially developed in Hungary, the messaging system is widely used in Poland, the Czech Republic and Slovakia. It is now being introduced to countries in Western Europe."I wish they would set this up here.

[pointer from Gizmodo]

Recent research on the Internet as political information source, shows what I consider a sad state of affairs:

"Even among Internet users, TV reigns supreme. Some 76 percent of all Internet users still say they get most of their news from TV. And the Internet even trails newspapers among Internet users (37 percent to 20 percent). Among Internet users, 20 percent say the Internet is the place they have been getting most of their news and 17 percent say radio is the place they have gotten most of their news.

Internet users rely on big media companies for their news, rather than exclusively Internet-based news operations. Some 41 percent of Internet users get political news regularly or sometimes from portals like AOL; 38 percent get political news sometimes or regularly from the Web sites of major news organizations such as CNN and the New York Times; 10 percent get political news from online news magazine and opinion sites such as Slate.com.

Internet users are more information hungry, as a rule, than non-Internet users. They are more likely to consult all kinds of media for information. Thus, Internet users who get political news are more likely than non-Internet users to get political information from cable news networks, their daily papers, talk radio, political talk shows, National Public Radio, print newsmagazines, C-Span, and comedy shows."

Interesting piece at P2PNet.net by Annalee Newitz that points out that social networking sites are fairly lax in their security provisions, which makes it possible for your identity to be compromised. An interesting argument is made, suggesting that the reason behind identity spoofing is perhaps the value of a digital reputation, rather than something directly fungible, like your credit card number.

"What makes these attacks novel in the context of a social discovery site isn't how they are deployed, but why. What does an attacker have to gain by spoofing the identity of a member of Tribe or LinkedIn? What kinds of damage can be done by hacking into a LiveJournal account? The answer has to do with the public's growing dependence on social reputation systems. As we come closer to quantifying reputation, the identities we use in online communities begin to have real-world value. A top-ranked member of a network like eBay might be able to sell more items than her peers. A high-karma user on a site devoted to legal issues could have a tremendous influence over public policy. According to social networks analyst Clay Shirky, identity spoofing is possibly the greatest threat to social discovery networks. "When your reputation is valuable, it becomes worth exploiting. It makes a stolen identity a more valuable commodity.""

In a strange twist, a guy sells his Friendster network on eBay for $4. This is not exactly what I meant when I recently wrote about the fungibility of online digital reputation.