Personal Revelations at the Future of Consumer Protection

Over the last few days I have been priviliged to attend and participate (even moderate) in a series of discussions on potential future directions for Consumer Protection.  Hosted jointly by the Reseach Center for Information Law at University of St.Gallen and The Berkman Center for Internet & Society at Harvard University it was a gathering of 22 of the best minds across related areas of research and industry – and me.

“To maintain confidence, to maintain trust we need to secure independence by focussing on a proper dependence” – Lessig

Are NDAs a sign of trust or mistrust? My thoughts.

Over at 100Open there is an interesting post on the use of Non-Disclosure Agreements (NDAs) and whether they are a tool of trust or mistrust.  I won’t regurgitate the post here but essentially it is posing that being asked to sign an NDA may actually be a sign of trust.  My initial thoughts are that if one views trust as a single state thing (trusted or mistrusted) then sure maybe life would be better if we all viewed NDAs as a sign of being trusted, but…

Trust isn’t singular, it’s more a scale with context.

I may trust someone wholly with my bank card and details, whilst someone else just the card itself.

Contracts in all their guises (and I’d love to be proven otherwise) assume a default position of mistrust, otherwise why put it in a contract?  NDA’s may stick a stake in the ground at the point on the scale where you have become trusted enough but I still find it hard to view them as little more than;

i) validation that one was mistrusted, and

ii) that whilst trusted enough to view/hear/learn something it is only under the proviso that there is legal recourse.

In an ideal world things would be so much simpler if we assumed a default position of trusting others. I think it was Anthony Seldon that once said “to be trustworthy one must first be trusted.”

Of course we don’t live in an ideal world (

What Will Happen to East Kent?

Two days ago Pfizer announced the closure of their enormous R&D plant in Sandwich, Kent.  Some 2,400 people will lose their jobs and despite plans being discussed for area rejuvenation by the UK Business Secretary, Vince Cable, personally I can see this as nothing less than devastating for the area.  For anyone that knows the area the plant dominates what is a pretty depressed area.  It is enormous, landscaped and all very corporate.  All around is run down, derelict and rather past it’s best.

In fact much of the Eastern coast of Kent is, from an industry point of view, rather lacking.  Sure Saga have their offices just outside Folkestone but that’s about it as far as really big employers go, and whilst there are some very chic spots (Sandgate, Broadstairs and such) an awful lot of the once vibrant tourist industry has wilted.

One only has to spend a few hours on a weekend milling around any of the more fashionable seafronts to see that there are plenty of affluent families in the area, but I can’t help but think a lot of the apparent wealth must lay with those employed by Pfizer.  What will happen to those people when the plant closes?  I don’t know of any other major pharmaceutical research opportunities in the area.  Where will all those highly skilled, highly paid people go?  I can’t see them hanging around.

And of course that has a huge knock on the the local economy.  With no yummy-mummies in their X5s and Volvos (just go have a look) a number of the often packed coffee shops, boutiques, beauticians and such which have sprung up will surely find themselves bereft of custom.  Whilst this may not seem like an intolerable loss, history shows that without that disposable income everything and everyone suffers.  Things like house prices and investment stagnates.  Both vertical and horizontal industry falls apart.  The wider service industry goes into decline.  You get the picture…. it isn’t pretty.

Which would be a real shame.  East Kent was once a jewel in the UK’s tourist industry and after massive decline has seen something of a resurgence over recent years.  Recessions and “economic climates” aside the whole of East Kent, not just Sandwich, needs help and a lot of it.

On the upside I did get sent a job advert this morning so maybe there are opportunities, saying that I would probably give this one a wide berth.

So Mozy Expire My Account AND Debit My Bank

Day 2 with no backups and oh dear.  Today strangely as I expected Mozy confirmed that something is very wrong with the change over to the new billing by still hitting me up for my unlimited subscription whilst leaving it in an "expired" state.

Mozy Changes the Rules AND Still Gets it Wrong

As I’m sure many of you know, first thing this morning Mozy, the popular and rather natty online backup service, changed their paid offering. Significantly.

UPDATE: I actually clicked through on the “renew” link and it appears that Mozy have decided that whilst the new plans come into effect in March they are trying to force me down the route of “upgrading” now for immediate effect.  Not happy.  Unfortunately, and I’m pretty sure they know this, the cost of moving online backup suppliers is high and can take several days so for myself and many others it means signing up to their new terms whilst hunting for alternatives.

Is there value to be added to location data?

Last night I was involved in a brief Twitter conversation with the inimitable Tony Fish, author of “My Digital Footprint” about mobile operators adding value to location data.  Personally I don’t see any (intrinsic) value in location data, that horse bolted years back (totally disrupting Alcatel et al’s monopoly at the switch level for location data).  The value in location data come from what you do with the data.  Anyway…

Tony’s thinking raised the question over placing delay on location data as a privacy guard.  His blog post on the subject is over here.  I have taken the liberty of posting my response here and on his blog.

Hey Tony

I can totally see where you are coming from but a couple of points if I may;

The notion of applying a “false” location to things is of course technically feasible but to be caught deliberately falsifying one’s location would probably do one’s reputation more harm than any good it might achieve.  Far better to merely omit the location data in the first place than try to put people of the scent as it were.

I don’t want the operator to take control of my location.  Firstly if one lives in a low signal area or indeed a highly built up and populated (read cell overloaded) area then the operator’s true understanding of one’s location is actually pretty coarse.  Sure they could get all clever and pull timing data from each cell and trilaterate back at a central point BUT as you have already stated the API is silly expensive – it’s already been disrupted by the handset itself.

Secondly, and you’ve eluded to the privacy enhancing nature of such a service, even with a user-pays service provided by an operator I would have little faith that my location data would not be aggregated and mined for their own purposes.  Far better to leave the collection, aggregation and control with the user methinks.

So how would I approach this? Well…

Certainly the handset is the right place to gather the location information. Assisted GPS (aGPS) utilising any number of beacons from cell towers to wi-fi nodes to locate the phone is easily the most reliable method of getting an accurate location.  It’s what you do with it next that counts.

If one looks at the Fire Eagle service from Yahoo! (one of the first true identity information brokerage services IMO)  it allows one to post and update an accurate location from any number of applications.  Then the user is able to decide to which location gobbling services that location is shared and more importantly to which degree of accuracy is exposed.  In fact Google Latitude does this fine:coarse sharing but to a far lesser degree.

From a single metre accurate location update to Fire Eagle it would be possible to see one location service getting your locale (as opposed to location) being at a City level when another service gets it down to the street.

That then brings me on to the notion of time-shifting or delayed location.  It would be entirely possible to build a service that sits as a layer on top of Fire Eagle (with permissions for fine grained access probably) and allows one to add delay (or even decay) to the outgoing location sharing.

However to me it would seem a feature so valuable (not in monetary terms but in usability) that it would be far better baked straight in to Fire Eagle.

I’m certain this conversation has been had before however it seems to have sunk back into the murky waters of location based services as they all vie for superiority and control of the user’s data.  To that end I tip my hat and thank you for bringing it up again.

#Twitclan Get Playtime Thanks to @MyKindofPhone

A wee while back I posted details of a compo being run by My Kind of Phone (Microsoft Windows Phone) I’d entered a group of friends (the #twitclan) for; it was a simple enough word of mouth marketing exercise which with some effort (mainly from David Carrington who just so happened to be moving into his new house on the day of the prize so couldn’t attend) we won.

The prize was a rather awesome daytrip to London for our motley crew for their first ever meet up and a day spent…. well basically trying to beat the hell out of each other (in the gaming sense).   For me this was particularly great as one member of the #twitclan crew (Matt Jones) I had been chatting with online for years but never met.

Anyway.  The designated day arrived (July 31st) and 11 disparate / desperate souls trudged to the Hospital Club in London’s Covent Garden where Phil & Seamus greeted us with a private cinema, an Xbox, a table straining under the weight of geeks elixir (coffee) and muffins a plenty.

I’ll admit to not being the first in, so found a few of our clan busily shooting each other in a round of 4-up Modern Warfare 2 but rather quickly everyone arrived and got stuck in.

The rest of the morning was spent glued to the gorgeous screen trying to knock of plenty of multi-player co-op games that we could.  From memory we played Modern Warfare 2, FIFA 2010 and Split/Second pre lunch.

Talking of lunch it was an almost perfect (there was an optional salad) gamers meal of silly-fat burgers, fries and beer just in time for a movie.

Our choice was simple – Zombieland, and timed to throw up the first decent zombie chomp seen right when those burgers got bitten in to.  Nice.

Post lunch/movie it was more of the same.  James Whatley had brought along his long lost youth in the shape of Street Fighter 4 (I think) and proceeded to demonstrate just why he is known as being a demon texter – those fingers move too damn fast for someone of his age.  Not wanting to brag but I did kick his butt when it got to my turn, and the reason for not wanting to brag…. I had no idea what I was doing.  None.  Literally I was hitting any button, hanging on and hoping for the best, a tactic to which it appears there is little defense.  Good fun but it didn’t take long for the group to revert to our mainstay, MW2.

When 6 pm finally came around and the cinema had to be handed back for “proper things like movies” friendships had been renewed, strengthen and plenty of male back slapping performed.  Clan photos were taken (although suspiciously few have appeared online for me to post) and rather delightfully Phil presented me with a shiny new toy in the form of the top end Windows Mobile 6.5 phone – the HTC HD2 which as anyone so inclined knows is a tidy piece of kit sporting a massive 4.3 inch WVGA screen and all that goodness one expects from a serious smartphone.

Unfortunately we lost a couple of members straight after but needless to say pubs and bars were patronised and despite best efforts we failed dismaly to cause Matt & Paul to miss their train North options.  A blinding day of fun which will make all those online only evening sessions just that little more special.

Thanks to everyone who voted for us to win, Microsoft for stumping up a great prize day, Phil & Seamus for organising the whole thing and most of all to the #twitclan for rocking up and being good mates.

Roll Call – (the only photo I could find and not a smiley one):

Back row – Richard Hyndman, Terence Eden, Craig Franks, Nick Butler

Front row – James Whatley, Matt Jones, Abul Hussain, Kip Hakes, Paul Smyth, Barney Craggs (me) & Chris Westall

A need for multiple social graphs?

A couple of weeks back Chris Dixon, co-founder of Hunch.com, wrote a widely regarded piece on social graphs; moreover the need for multiple social graphs for differing contexts.

I’d marked the article for comment but just haven’t had time (and still don’t) to really do a response justice so here are a few preliminary thoughts.

Graphs have been around an awfully long time, like hundreds of years but their use in computer science really was a child of the 80s & 90s.  Their current framing is in the social context, a map of all the relationships one has within a social network for example.

However as Chris points out this is limiting.

The thing is ALL my “social” relationships across all contexts, sites, online and offline are my social graph.  So my Twitter followers/following may indeed represent the portion of my social graph that is interests however that context spreads across any number of other properties.

And this is where I think Chris’ thinking butts heads with my own – but only slightly..

Chris talks about “the rising importance of other types of graphs” and gives examples of graphs for Taste, Financial Trust, Endorsement, Local(e).

To me these are all the same graph.  It’s just they represent differing (social) relationship types.  If each were to be represented on separate graphs then the power of graphs in general would be lost – at least without serious jumps forward in semantic technology that is.

What do I mean?  Well, take me for example;

My relationships to my family take on many types (father, husband, son, brother) but they also occur in other contexts such as “financially who do I trust” or “who am I local to.”

To break these into separate graphs would mask the true picture of me.  It would be an administrative nightmare for me to maintain relationships this complex across all and every property in a way meaningful to others.

Far better in my head is an overarching graph that contains all my relationships (this does not mean centralisation of everything as distributed graphs are fine) marked up appropriately with context.

That’s all I have time to write now but this does need more thought.

Hell – The Right Approach to a Data Breach

There are any number of approaches to data breaches in business today.  Whilst regulation is ever trying to get to the point where notification of breach is mandatory there are still plenty of businesses out there who will go to all sorts of lengths to sweep things under the carpet rather than own up.

Not so Hell – a truly rocking pizza company in New Zealand.  Certainly no stranger to controversy – some of their marketing campaigns have been widely criticised, Hell seems to be taking the bull-by-the-horns and going all out to keep people happy.

Today I received an email from them…

Dear Valued Hell Customer,

We have been approached by a party claiming to be in possession of
customer details from the previous Hell website which is no longer in
operation.  The samples that we received included details of four customers
from 2006, including phone numbers and email addresses and order
information. We can confirm that credit card data was not at risk as this
is held independently on a secure banking website.

Whilst we are still investigating the matter, we can confirm that the
information was obtained without our knowledge and we have approached the
New Zealand Police with a view to lodging a formal complaint.  Hell
recognises the importance of protecting customer information and additional
security measures were implemented earlier this year when our new website
was rolled out (again, we reiterate that this is not an issue affecting the
new website). As a further security measure your may wish to consider
changing your passwords on other sites if they were the same as the old
Hell Pizza website.

We apologise for the incident and any inconvenience that this may have
caused.

Sincerely,
Stu McMullin – Director Hell Pizza

We acknowledge that some of you have asked to be removed from the database
and we have only included you for the purposes of this notification.

No mucking about, no bull just a straight forward there might be a problem, we know, the police know so go do this just to be safe.

This IS the right approach to notification in my opinion.

I’m not totally up to date on NZ privacy law (a couple of years out of date), so it could well be that by now notification is mandatory.  Even if it is, props to Hell for getting it out there.

FYI: Hell pizza really is very very good.  Think PIzza Express with attitude.  Even better you can get them in the Hell Pizza UK – well London with branches in Fulham, Shepherds Bush and Clapham.