Skip to content

Privacy as a Commercial Asset

Lets start by making a fundamental statement of belief – The current state of the Internet with regards to the commercialisation of our data and every online interaction, especially including sensor-based data collation as defined mostly by the IoT and smartphones, will not abate until we find a commercial model for making delivery of privacy a commercial asset.

Arguably this is precisely what Tim Cook is doing at Apple as he starts to play the privacy card strategically.  He fundamentally points to an age old truism that without privacy we cannot have freedom. However Apple makes money by selling consumer goods.  So for him privacy is a competitive differential against Google, who’s whole business model for almost everything it does is to collect and sell our data, to profile us with ever increasing accuracy and sell that data indirectly for ever increasing software value delivery. Apple still collects as much data as they can, asking for the implicit trust of its users that they will keep it secure. So are they any better than Google?

As any half competent technologist will tell you, it’s impossible to secure all that data online, especially if that data exists for what is likely to be a whole lifetime.  It can, and almost certainly will, leak out.  The recent spate of highly publicised hacks like Ashley Madison is just the tip of a huge iceberg of security breaches that the technorati have known about for a long time. Even Apple’s iCloud was hacked although whether that was a failing of their systems or user error is hard to confirm, but either way the data was breached.

So building on the strategic play of Apple, while mitigating the security concern, becomes something any company could potentially leverage.  As consumers come to understand the potential cost of allowing their data to be obtained and used by any online commercial entity for any purpose, they will desire to claw back control, as they suffer consequences of data loss they’ll move from desire to need.  But studies show consumers don’t change their behaviour much even after a consequence is visited upon them…why?  because there is no choice, except through a deep understanding of the tech and how to employ personal protection tools, a barrier too high for 90%+ of consumers…yet another disempowerment issue.

Control is the key enabler of privacy, control based on an understanding of what data is held by whom and for what purpose is the essence of a privacy platform.  These are empowerment issues.  Today the commercial entity is empowered through our data to be in control.  We have to trust them, we have no choice.  But what if we could chose to trust an entity because they seek to empower us as consumers?  That’s a different thought process.

Offering competitive choice is the essence of Krowdthink’s Trust pyramid. in a future blog we’ll discuss how to make revenue from this trust model.  We say now – it’s not a replacement for existing models, the Internet as it is will exist for years to come, but we can re-invent existing products with a Trust based alternative and monetise them in subtly different ways.  We can also tap into market sectors previously unaccessible due to consumer trust/privacy concerns.

Facebook, Social Networks and the Need for RIPA Authorisations

This is an excellent summary of the connection between the Data Protection Act and RIPA (Regulatory Investigative Powers Act).
Note that I, and many like me believe RIPA should be repealed as a piece of legislation that fundamentally undermines our human rights. However at least there are some positive elements that can be taken out as seen here. A lot is to do with interpretation and emphasis which this article highlights.

Blog Now

canstockphoto12584745Increasingly local authorities are turning to the online world, especially social media, when conducting investigations. There is some confusion as to whether the viewing of suspects’ Facebook accounts and other social networks requires an authorisation under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA). In his latest annual report the Chief Surveillance Commissioner states (paragraph 5.42):

“Perhaps more than ever, public authorities now make use of the wide availability of details about individuals, groups or locations that are provided on social networking sites and a myriad of other means of open communication between people using the Internet and their mobile communication devices. I repeat my view that just because this material is out in the open, does not render it fair game. The Surveillance Commissioners have provided guidance that certain activities will require authorisation under RIPA or RIP(S)A and this includes repetitive viewing of what are…

View original post 1,108 more words

The Connection between Trust and Privacy in Social Networking

At Krowdthink we have spent a long time trying to determine the answer to this question.  The answer is that no-one should really trust any online service completely because no-one can guarantee security of your data.  However that does not undermine the value in building a company and product that aspires to being trusted.  Trust is the missing component in our online engagements today – especially in social networking.  Is our social network persona who we are in real life?  Of course not – in the same way who I present myself as down the pub having a beer differs to whom I present myself as at work.  But social networks in particular are building profiles of us that go deeper than what we present and are capable of determining our psyche over time, really determining who we are – empowering the commercial entity behind the social network with valuable insights to sell on – usually via advertising – except as soon as we click an advert we have confirmed that we meet that profile.  That’s scary….especially as we don’t know who received that insight about us nor how they plan to use it.  Lets not also forget those profiling us cannot guarantee the security of the data being held on us either. There is good reason why a hacked Facebook account sells for between 3 and 6 times more than a hacked bank account.

So what’s the role of privacy in achieving a potentially trustworthy (note not trusted) social network?  To answer that you have to get into how privacy is managed in our daily lives, online or offline.  It is ultimately about control.  Control of what information I share with whom, when and where. Its an understanding that those with whom I share information can in turn be trusted and to what extent – and its also about knowing I can visit a recourse (tell them off, dismiss them as a friend etc) upon someone who violates those implicit bounds of trust that were given when information was shared, with both parties knowing this and consequence for both then motivation is in place to ensure appropriate use of information shared.  In social networking terms – the right to delete is that power of recourse, or in other words a mean to remedy when data shared is used inappropriately by the social network service provider (data = profit for the social network business models du jour), or that I wish to change that information posted because it no longer reflects who I am.

But there are other issues – the issue of meta-data is the main one – when engaging online I leave clues as to who I am that have little to do with the content I post.  When I connect, with whom, how often, who else is involved in the conversation etc etc.  All this provides insights if its recorded, insights we are somewhat unaware are being collected.  So a trustworthy social network would minimise this information.  In fact in general data minimisation is the only defence against the hacker – store the least data needed to deliver the service to the end user. Make other social networks more interesting targets. Basically make the security walls high and the value of whats on the other side as low as possible.

In taking our social network into locations, we push the boundaries of what people will entrust to the social network service provider.  In places the digital connection is more real – and because of that more private than the virtual cloud world most social networks live in.  It is thus incumbent on any localised social networking service provider to balance the equation of trust though greater efforts to be worthy of that trust.

There is more to this trust model though – see our Trust Pyramid here . For more insight listen to the Privacy Piracy Interview with myself on KUCI radio ( 20th April 8am PDT (USA), 4pm BST (UK) and 5pm CET (Europe).  KUCI will also make the interview available as a podcast after the event.

The Dirty Little Secret of Event Apps

No one uses them.

Ok not quite true. But no-one has cracked the code of regularly getting more than 50% of event attendees to download and populate their apps for use over just one day. Doesn’t that statement itself not highlight the issue though? Really, do we think attendees or delegates will do that? Clearly a whole events industry does – there are literally hundreds of event app companies.

Here was our insight. These event app companies were targeting the event organisers as their customers. No wonder we don’t end up with something attendees are delighted with. You cannot serve two masters with an app – an app has to be simple and deliver immediate utility.

So what’s the common ground between what an attendee wants at an event and what an event organiser wants? In simple terms any event is successful if it achieves two things for its attendees:

1. Great content – whether that’s awesome conference speakers or a perfect set of high profile competing exhibitors.

2. Great Networking – Attendees want to meet other attendees with shared interests or representatives of companies that can solve their issues.

Maybe an app can signpost the great content. But unless you have a very large event such active signposting is limited in value in an app. A website does that perfectly well – just make your website mobile friendly. (We can talk iBeacons etc another time).

However, no matter the size of the event, attendees always expect to find other people who add value in attending the event. Its why even at the smallest event we have name badges with our company name and sometimes a printed list of names and companies at the event. For me, I learned early – networking at events was THE reason for attending…I can get great content online so easily. You cannot beat the face to face meeting for validating the early start and the long day out.

Now this is the sort of thing an app can do – it can make the event networking a breeze. So how should it do that?

Well first and foremost – lets deal with the very first issue we raised – it should be one app for any event or location, so that I, as an attendee, only have to learn one app. This also means that as I invest in content in the app it goes with me to the next event and the next. So it should contain a means to document my interests and share them with those around me. It should enable a event/location based discussion forum – no more Twitter hash tagging for which I have no way of knowing whose tweets are from people here now that I can network with, and whose are from some commentator half way round the world. If they have something to say about whats happening right here right now, then it might be the spark that makes me want to network with them…to meet them. This also means I need a private way to message them, to initiate personal contact.

But of all these things, perhaps its discovery thats most important – the ability to discover who is here right now, what they are currently interested in and why I may want to meet them.

This is the Krowd – one app, any event – Discovery, event/location forum, personalisation of content to present who I am, and private one to one messaging. A tool to do one job – enable networking and introduce professionals to each other.

Even better when the app sets new standards for privacy and security. No location tracking, no profiling, no intrusion into my privacy at all. It puts the attendee in control because its a product for them. But the event organiser benefits because his/her attendees have a great networking experience, they all engage in the mobile app, again and again, event after event, bringing more and more personal value to event after event. Even better – its free. And no admin setup – we use clever co-location software to auto-discover who is on your event Wi-Fi (so the Wi-Fi access becomes the event organisers management tool), so no need to register for the event in order to network – just turn up and login to the Wi-Fi. Exhibitors and conference speakers can prepare event specific profile updates to ensure attendees gain immediate value too. And those exhibitors and speakers take that investment to the next event and the next – promoting where they have been before. And if they make connections at one event – they’ll get flagged when those same people are at the next.

An event app for attendees that makes your events amazing.

Why pseudonymity is important for the Krowd

When we are in a crowd, most people around us are strangers, in effect they are anonymous to us in terms of their name and who they are.  Yet we already know things about them, simple things like the fact that they are co-located with us, and because we are in the same place, perhaps we have similar interests (the band we are watching, or perhaps we work for the same business).  When we see them across a crowded room we may know their sex, physical description, maybe their ethnicity and, from their clothes, maybe even a bit about their background.

The Krowd seeks to duplicate this sort of anonymity in a crowd, but in a digital and mobile phone context.  So you can expose a part of your profile consistent with the place you are in (your business profile, sports profile etc) and in effect create a digital perspective of who you are in a crowd. While in large crowds this enables digital introductions whilst preserving your anonymity.  It enables you to use the phone in your pocket to look around you and potentially find more people of like mind, similar interests or goals, rather than just those that through happenstance you meet because you stood close by.

This is why we believe in pseudonymity – the use of a false name to provide anonymity.

You can of course use your real name as a Krowd handle, but we advise against it.  We’d also advise having a unique Krowd handle, in other words don’t use your Twitter handle unless you really want others to have the potential to link information about you.  Remember in the Krowd we seek to give you the privacy and control of your data that the vast majority of other apps and social networks seek to collate in order to profile you.

Delete should mean Delete!

The reasonably tech savvy amongst us have learnt that on our PC delete does not mean delete, it means the file is in the trash and is not deleted until the trash is emptied.  However the really tech savvy know that even then the data is not deleted. Instead the pointer to the file data is removed and so that data looks like its deleted.  The computer then marks the file area on the disk as unused, and eventually it may get overwritten and thus destroyed and thus really deleted.  This is why tools like undelete can recover files you thought you had lost – especially if you undelete soon after you deleted them and emptied the trash.

But the world has moved on – now most of our data is in the cloud.  In theory we’d expect that delete in the cloud works the same as delete on a PC.  WRONG.  It seems that our legal friends allow delete to be used an app function when in fact it does not delete the data at all, not even like on a PC.  Instead, in many cloud systems, all delete means is that the data is no longer visible to you or the other people it was previously visible to.  In fact the data is often a very active part of the cloud system; its in use by the app or service provider still, often so they can use it for analytics, marketing or other money making services.  In short, once the data is shared it effectively belongs to the person you shared it with.  Only those savvy enough to read and understand the legal documents can usually discover this.

So why is this?  The key is ‘ownership’ – while the legal guys often use terms that imply you own data, or even copyright in some cases, what you may not know is that you have also signed up an agreement that states the company whose service you use has an irrevocable agreement with you to use all that data – forever.  What they don’t say in clear terms, which kind of shows their dishonesty – is that you can NEVER delete the data you shared, explicitly or implicitly (the meta-data about how and when you used their service).

This is why we at Krowdthink are striving to give our users true effective ownership of all their data in our social network.


Why the Right to Delete is so important Online

We all instinctively know that when we connect to websites and use online apps that some data is being collected about us.  Sometimes we explicitly know what that data is from forms we filled in, but in reality it’s what we do online that tells the most interesting tale of who we are.

What we spend time reading, what we skip past, what we click on, what we respond to – all this information adds to a profile about us and it can be extremely detailed – see this 60 Minutes TV story: The Data Brokers: Selling your personal information – 

Most people think that this information is just used to target adverts, so what’s the problem?  Unfortunately they are wrong, as the 60 Minutes documentary highlights, in the US in particular, huge corporates collect more and more data about your online activities and analyse it to create a view on who you are, your interests, habits, who your friends are etc, they then sell this data on to anyone willing to pay, which includes insurance companies for example, who want to know more and more about how much of a risk you are.  The trouble is, this profile collation is unregulated, cannot be tracked and you cannot review it for accuracy.  So a bit like a gossip who gets a bit of a story wrong because they only hear one side of the story, these data brokers don’t really know how accurate their profile of you is.  It only takes one inaccurate bit of data to end up costing you dearly.

Now of course this business will eventually be regulated….but as 60 Minutes highlights, governments love this Big Data too.  They are a customer as much as commercial entities, and as such it’s very empowering for them, so they are not exactly highly motivated to give you the consumer the right to control this data.

Even if you take care about reading privacy policies on websites and apps (I do), you’ll find that the business model du jour is build it, collate as much user profiles as possible then decide what the business model for making money is later on. In short you do not know how the data you share will be used when you engage with a company – and by the time they decide, you are committed.  Even if you make a choice to stop using that service or use a more privacy conscious  competitor service, the business still owns all the data they collated about you and can sell it on, usually years worth, by which time you may feel it’s too late, you are hooked in so you may as well continue.  This is the pernicious culture the business model of the internet today cultivates.

So what to do?  In our opinion at Krowdthink, the most empowering thing that can be delivered to consumers is the right to delete.  Specifically you should have the right to delete any specific piece of information about you, or indeed all the information collated by a business or service.  This requires transparency of what information is held by a business or service.  Its your data so why can’t you see it?  Except of course it isn’t your data – the legal structures of companies like Facebook make it clear, every bit of data you share with them, every interaction, is owned by them to use commercially. This is why at Krowdthink we are creating an innovative legal structure to  guarantee that your data belongs to you.  As soon as you make that step in your business process, the right to delete follows as a natural consequence.

If we can set an example in social networks about how data can be used to deliver a service and still empower the end user with complete control, we can reverse the  data collection and ownership culture of Big Data businesses. Empowering consumers with the right to delete is the only way we can reverse the current pernicious Internet business culture that so disempowers us as consumers and users.

The EU has been seeking to add the right to delete to the Data Protection act, it’s being strongly fought by Google, Facebook and others because it undermines the core of their business.  We suspect if the right to delete is ever legislated it’ll be so watered down as to be meaningless.  But this does not stop innovative companies delivering this empowering capability to end users.  It’s Krowdthink’s mission and when we launch the Krowd you’ll see it in action.  It’s time to take back control of our data online!