Simple honest privacy for Costa Competition

In my usual daily trawl of interesting stuff I came across a competition from Costa Coffee in the UK to win a year’s free coffee and as anyone who knows me – free coffee has got to be a good thing.

The compo, it turns out, is actually just a draw, you know the sort of thing; enter your contact details, don’t win and yet still get bombarded with masses of junk marketing from all and sundry.

Well here’s the entry page and it quite clearly says Costa aren’t going to use your details for that, and the terms and conditions are equally simple, fair and honest.  A great nod to consumer privacy and not abusing it.

Simple privacy terms from Costa Coffee

A massive WELL DONE to Costa for breaking the norm and offering to play nicely. (needless to say yes I have entered)

Screencast of Models, Ownership and Privacy

Okay here is a screencast of my presentation from the recent BEUC Forum on Consumer Privacy.  It has taken longer than hoped to get up and running (call me a luddite – I’m just not a video person and so learning new tools has been a steep old learning curve).  BTW sorry for the slightly iffy sound quality (inc the slightly monotone narration), a super snotty cold is never going to help.

Proper thanks must go to the masses of wonderful people who make their photographs available under Creative Commons (especially those good enough to allow commercial use) without whom this just would have been a non-starter with stock art websites charging way beyond my means.  That and really I needed to hammer the CC license thing home – you’ll see why.

On the subject of Creative Commons, this screencast is available for you to take away, use & redistribute (yup even for commercial stuff) at will as long as it doesn’t get edited, attribution is given and all the licenses of embedded works respected (i.e. no nicking bits of other people’s stuff).

So to all those whose works I have used, here’s credit where it is due:

For anyone needing/wanting you can also download the presentation in 3GP format (approx 7mb) for your mobile/iPod here.

Someone ALWAYS Pays – A Business Truism

Irrespective of whether a company’s business model is based on direct sales or pyramid schemes, personal value or freemium at their very core all business models are united in the simple premise that; someone always pays. I’ve understood this, as I am sure anyone in business has, for many years.  No matter how altruistic one may feel the process of doing business costs money, and unless someone pays for those costs that business very rapidly is going out of business.

Shelly Palmer, MD of Advanced Media Ventures Group LLC articulated this simplicity brilliantly in his recent blog;

There are only three business models: I pay, you pay or someone else pays. That’s it.

I pay means that I (the publisher of the content) am willing to fund the creation, production and distribution of the content for my own purposes.

You pay means that you are willing to pay me for my content.

Someone else [They pay] pays means that a third party is willing to pay me so that you can consume my content.

Simply no matter what the business model being adopted someone always pays. This works well for me; I’m quite simplistic in my view on the world, breaking things down into basic building blocks.

When talking about those business practices that have impacted upon consumer privacy, for me, once one can accept that really all business models are much the same and that emerging models really can’t be to blame one can move on and start to look for those areas more culpable.

What are those areas?  Well I think that the payment mechanisms that underpin business models leave an audit trail of their impact but that’s another story.

“Models, Privacy & Ownership” summary of my BEUC Privacy presentation

So finally after much work the beast that is my BEUC Forum of Privacy 2009  is complete (and busy sending right now).  It is a 173 slide monster but provisional timings stick that at around 14minutes.

As a teaser here’s the summary I’ve posted to the BEUC:

“Models, Privacy & Ownership”

When given people trust businesses those businesses perform better. But for people to truly trust businesses and organisations they must have confidence in their privacy being safe-guarded.

Barney Craggs examines the effect emerging payment mechanisms has had on the volume of personal information being traded and highlights how by abandoning old set notions of ownership any organisation can foster trust and thrive which ever business model they pursue.

ReThinking Privacy and Trust (Futures-Diagnosis)

It’s rare that I directly quote/plug another blog post just for the sake of just that, but Norman Lewis has a take on privacy so close to my own and is just that much more eloquent that if you are at all interested in this field it’s worth 5 minutes of your attention.

So go have a read over at Norman’s blog Futures-Diagnosis.

Internet Eyes is the Worst Kind of Citizen Snooping

I’m angry and I don’t like being made angry – it clouds my thinking, renders me even more ranty, more random than usual.  The intellectual side of me says “step back, take a breath and wait for the dark cloud to move on before passing comment” but honestly this CAN NOT wait.

Everyone in the UK (and to some degree around the globe) knows that the UK is the most CCTV’d nation on the planet.  Something like 3.5 – 4 million cameras and the average UK citizen being captured 300 times A DAY!  Billions of pounds of public money, and countless amounts of private sector cash has gone into recording everyone’s every move.

Last year the Government, under the watchful eye of the woefully ill-informed Jacqui Smith, launched a number of “initiatives” calling on the public at large to snoop, spy and dob-in anyone they thought was acting suspicious.  The scheme was widely reported to be another move in the combat against terrorism but honestly I just can’t see how.

Then we had an even more bold move suggesting that another £400m should be spent on 24hr in-home surveillance of the 20,000 “problem” families around the country “to ensure that children attend school, go to bed and eat proper meals.”  No, seriously that is what the Children’s Secretary Ed Balls was/is thinking.

So it’s obvious that New Labour is really about control and that state sponsored snooping is deemed not only acceptable by the Government but also (and wrongly IMO) essential.

BUT…

In the Times today is reporting on a worrying move by a company called Internet Eyes to employ a citizen human-turk to scan the obscene volume of live CCTV feeds and report suspicious behaviour and crime.  What makes this even more troubling is that they are rewarding viewers with cash for reports AND opening making the whole surveillance into a game with leader boards.  WTF!

This is so very very wrong.

And yet I am so riled by this my thoughts are not yet clear enough to define exactly how it is so wrong.

Obviously allowing anyone on the internet to watch a private citizens movements over CCTV is a terrible invasion of privacy.  If I walk down a street I accept that other people in the locality can see me, I also accept (whilst dislike) that the CCTV operator can also see me.  But at least I had some form of redress should that video footage be misused, my privacy breached.

I had some degree of limited exposure, some sense of my self not being shown to all and sundry.

No longer will it be only a “trained” professional operator observing me 300 times a day but some idle blaggard at the other end of the country with nothing better do than fulfil a sad voyeuristic fetish in the hope of instant cash and props from the other game players.

Granted that Internet Eyes are not disclosing the location of the viewed camera feed but it seems that the ONLY privacy being afforded by the system is that of the viewer, the reporting, the snooper.

WHAT TO DO

I honestly don’t know. Yet.  Spread the word, tweet it, facebook it, tell your mates, anything.

Awareness of this vile scheme must be raised.  If negative public opinion is enough to scupper perfectly privacy compliant (and potentially very useful) schemes like the recent mobile directory then surely public pressure can show up Internet Eyes for what it is; a truly terrible step towards an Orwellian reality.

2009 BEUC Consumer Privacy and Online Marketing Forum – I’m Going…

… well more accurately I’ve been asked to attend and speak on behalf of “Every Single One of Us” (and myself & consumers of course) at the two and a half hour workshop on Alternative Business Models.  Details are over on the BEUC forum site but here’s an teaser for this session:

The B2C equation could be seen as wider than just offer and demand. Trust, including high privacy standards, may be a company’s most valuable asset. Today, some companies have developed alternative business models that allow a business to flourish while at the same time being consumer-friendly and setting a high level of consumer rights and privacy. Some European projects and business initiatives are also researching alternatives to existing business models that would ensure a higher protection of consumers’ data when surfing the Web or shopping online.

The workshop will look at existing alternative business models and identify potential developments.

As speakers we are being asked to consider the starter topics below, my question to the crowd has to be “any input, thoughts or angles?”

• What do you consider to be an alternative business model?
• What kind of alternative model should be developed/encouraged?
• Do you know of any such alternative models today?
• What incentives are required for alternative business models to develop?
• Who should promote alternative business models? Businesses? European Commission? Civil society organisations?
• Should privacy- and security-by-design be a feature of new business models?

In Marketing Privacy Legal Compliance is Never Enough

News hit the feeds today that, rather unsuprisingly, BT has dropped plans to run with the behavioural tracking company Phorm.   If any (marketing) company ever wanted proof positive where privacy is concerned that the will of the masses has greater authority than merely being legally compliant – this is it.

BT helped to develop Phorm and the system adheres to the UK DPA (if not the EU), consulted with the Home Office to ensure their position but screwed up by breaking the social norms in place by the community at large.

But BT did what any commercial entity would have done and ditched the system (irrespective of it’s worth or value) when it was apparent that their ability to retain Customers was severely hampered as trust had broken down.

In a world so acutely (albeit not always accurately) sensitised to security and privacy issues it never ceases to amaze me that companies believe that just because legally they can do something means they should.

GizaPage – Shame About the T&Cs

Launched today into public beta, GizaPage is hoping to reach the holy grail (in my view) of social network self management, the Social Quarterback – a single place where one can update each and every social network, manage contacts, profiles and all that goodness without having to jump from site to site. It’s a little like chi.mp but with some added, and rather useful functionality. You sign up, add the services you want to use (choose from about 40 or so including all the main SocNets), import contacts and you’re presented with a neat tabbed UI providing access to each service. Great, I’ve been banging on to people I know about having a decent Social Quarterback for a couple of years now and we’ll see if GizaPage can live up to the promise.

BUT

Concern #1 – Sign Up is a Lousy UX Sign up is yet another account creation form. Why no use of OpenID or even Facebook Connect? When will sites learn that having another account for managing sites is not the smart route?

Concern #2 – Onerous T&Cs You know that innocuous little “I accept the terms” check box we all just bypass to get at the goodies. Well, don’t just yet. A few months back Facebook tried to grant themselves a license to do what they wanted with anything you created within their walls. The crowd cried foul and Facebook recanted. Well GizaPage have done it as well. Just look at section 9 of the T&C’s. Lurking in there is subsection 9.3 reading as;

posting User Content to any part of the Website, including any third party service rendered “tabs”, you automatically grant, and you represent and warrant that you have the right to grant, to GizaPage an irrevocable, perpetual, non-exclusive, transferable, fully paid up, worldwide licence including the right to sublicence, to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose.

Aside from the simple fact that GizaPage is providing merely a conduit for this information to the site of one’s choice (granted a quick and useful conduit) their Privacy Statements make it quite clear they won’t be sharing this content with any one else.

This granting of a license is odd, when actually using GizaPage the creation of content is actually done on the original service site – displayed within a frame. Technically here you are NOT creating your content on GizaPage’s site (you do when editing permissions, over all profile pages and such), so anything you do say against Friendfeed should not fall under their license – in theory at least.

Concern #3 – A Right to Change Terms So why grant themselves a license? Seems harmless enough but also hiding in the T&C’s GizaPage grant themselves a right to change those terms at whim and without notification.

Can anyone else see a problem here?

I’m off for a play with the site BUT I will be careful what content I create for now, at least, until some clarification over these T&Cs is made.

Facebook, Data Ownership and the Like

Okay so after a few days of various bashings by the press, bloggers and assorted “informed” people Facebook have rolled back their T&C’s to the point of not seemingly claiming ownership over users data for ever and a day.

Whilst a great deal of noise was made about the whole issue it is interesting that very few commented on the probable thinking behind the change despite a post from Mark Zuckerberg doing a fairly decent job of trying to allay fears.

From what I have read the change to the FB T&C’s was in order to try to retain some of the integrity inherent in the relationship formed by creating data rather than claiming “all shiny things as theirs.”

Let me use a simile to try to explain…

If I shop at an online supermarket they necessarily collect data about me as well as the purchase in order to fulfil my order; meta-data about the relationship formed by the purchase.  It is jointly owned for the purposes of maintaining the relationship.

VRM/ESOOU thinking dictates (please do correct me if I am off track) that actually the information is solely the property of the user and therefore under my control.  However if I unilaterally remove all the information within my ownership (even the jointly owned content) then the relationship falls apart – you can’t have a single node relationship.

BUT my purchase, or more specifically the data surrounding what I bought, when and price is NOT my sole property.  They are  stock related information owned by the store vital to it’s operation – what is mine are the personal details identifying the purchaser as me.

So what I am trying to get to is that ownership of data isn’t as straight forward as “it’s mine” and more often than not it is “part is mine, part is yours and another bit is ours.”

Now from what I understand FB were trying to achieve a point where once information was placed into the system (the relationship was created – normally between two users) that if the originating owner wanted out of the relationship the T&C’s gave FB (and therefore the second party) a degree of integrity for that relationship.  In other words, whilst the relationship could be anonymised it could not be completely removed.

To my thinking this isn’t a bad place to be, the problem was that FB took a rather parental approach to the issue dictating through the T&C’s that they would in effect own the data taking the issue away from the user.

So in this case community pressure has “won” their cause having the terms revert to the old script but I can’t help but think there was indeed nothing malevolent about the move in the first place, just maybe poorly worded and poorly sold to the user base – so nothing new for Mr Z there then.