Trust, authenticity and transparency in the online world.

Why definitions matter.

A few minutes a day, I indulge in a Tweet treat where I scan my relatively small network (I only follow about 75 people) to see what’s going on. In barely five minutes I can get a clear snapshot of the topics both broad and specific to my work.

Yesterday (March 7), during my mid-day Twitter snack, I catch this tweet from Klout’s PhilipHotchkiss -“@Scobleizer unleashes on Steve Cheney in strong defense that FB Comments promotes authenticity http://scoble.it/fkicaJ

Kinda of provocative since I’ve never heard Robert Scoble (well respected tech blogger) “unleashing” on anyone. He will disagree with folks – but “unleash!”  Well that’s another kettle of fish so I checked it out. The more I read, the more I wanted to respond thoughtfully – not just scream and shout.

The “unleashing” it seems was prompted by a blog posting from Steve Cheney  entitled; How Facebook is Killing Your Authenticity. It provocatively opens: “Facebook’s sheer scale is pushing it in a new direction, one that encroaches on your authenticity.” He explains that since more and more sites are using Facebook’s commenting platform it is likely to blunt people’s authenticity because they will naturally censor themselves given the broad audience. “The problem with tying internet-wide identity to a broadcast network like Facebook is that people don’t want one normalized identity, either in real life, or virtually.”

So far – I was agreeing with Mr Cheney.

But then he states: “A uniform identity defies us.” And this is where I must jump off the bandwagon because that’s just not the case. In the real world, we have one identity with all the attributes in there which we naturally adjust to the situation. Some attributes we apply to our legal ID, other attributes for social situations and so on. One identity – just different expressions of it.

The trouble is, in fact, we have few technologies to achieve this layered equivalent in the binary, digital world where we can only have one identity. It’s not that Facebook is bad for looking to be the singular identity but it is a mismatch between how we want to live and what technology can let us do – especially given Facebook’s reach.

IMHO Cheney confuses “authenticity” (as in a “real and unbiased POV”) with a verified identity which is an entirely a different point.

Scoble then disagreed utterly with Cheney with his opening salvo: “Steve Cheney has never written something that so pissed me off than the blog he wrote today stating that Techcrunch’s switch to Facebook comments has killed authenticity.” Tough words indeed (hence Hotchkiss’ “unleashing” reference).

He goes on to explain that today “authenticity” means being identifiable and having the courage to go public with your opinions – no matter the cost. I found myself agreeing with Scoble here especially when he highlighted the idea that the medium and the message are merging in the social/ digital space. He explains quite correctly that the exact same message can be uttered by two different people which makes all the difference as to its “authenticity.” This is very true and a point many marketers continue to miss.

But despite the fact that, generally speaking, I agree with Scoble’s mandate to have the courage to be “authentic,” IMHO he seems to argue the wrong point. “Being truly anonymous and untrackable on the Web is very difficult.” is one reason why he argues everyone should be authentic.  Also true but that argument speaks to the notion of transparency not authenticity which was Cheney’s point.  Scoble’s heartfelt lengthy explanation about how people should be “authentic” by using their real name is really important but frankly not really about authenticity.  You can be “authentic” and still not be transparent.

Then, as read ALL the comments and the cross comments, I could see this general confusion around terms like trust, authenticity, transparency. Everyone seemed to toss these terms around as though they were synonyms – they are not. And with so much unleashing going on largely because everyone was cross talking – there little possibility of understanding.

So, let’s try and nail down some basic, common definitions of key terms (these definitions are grounded in my years spent in security software at AT&T, Bell Labs, Lucent, Computer Associates and Comodo. You may quibble with my terms – so feel free to suggest alternatives):

Transparency – Typically, this is used to describe a lack of “cloaking” where we hide behind a fake persona. When we let people see our identity, we say our identity is “transparent.” The rub here though is that there is no “standard” identity that we can use to simultaneously enable transparency, allow us to adapt our identity to the situation and do it safely while balancing desire/ need for privacy. Just ask Facebook. This is easy to say –but hard to achieve technologically.

One approach is around creating a “transparency layer” where a single signon (SSO) platform could apply. Lots of people are in this space actually (FB notwithstanding) but I would argue that Twitter has emerged as the most effective version of SSO today. I can control (sorta) what Twitter has about me and thus manage what percolates out there about me. Not ideal by a long shot but the other contenders are still quite early in their development (e.g. Diaspora).

Authenticity – Ah this is a tar pit of interpretation, a mucky business altogether. It usually means that a person can be vetted or an opinion is real and unbiased. Well, that is certainly riddled with subjective interpretation further complicated by time and context. Within this bucket, we encounter challenges of author disclosures, planted “customer” feedback and the trolls who are hired by competitors to disrupt user forums.

The technologies to address this are diverse and fragmented and include encryption, digital authentication, e.g. digital signatures, SSL security and  two factor authentication typically used in banking security. Common to this “authenticity layer” is that it would be activated when interactions “on the edge” have a high transactional or information risk factor. Given its relative high infrastructure cost, these technologies are reserved for relatively high requirements authentication requirements as would be needed in ecommerce.

Trust – This is the hardest to achieve in the online world because many of the cues we instinctively use in the real world are gone. If we see a store in a mall versus a stand on the side of the road – it utterly shapes how much we are willing to risk in the transaction. That’s what makes trust so hard to duplicate in the online world since the online world is very “flat” – just a bunch of pixels on a screen – little context or other reference points we normally use.

Here is where we can create a “Trust layer” to fill the context void – a middleware layer (Cloud based or not) that delivers trust indicators – digital identity management, content verification, real time feedback and social connectivity vetting at the precise moment of need. This is a sophisticated level of interaction that has a way to go before we can create this type of online trust.

At this point, you may be tempted to dismiss this whole post as a semantic exercise. But that would be a mistake because with proper framing of the problem – we can begin to see solutions.  We also can see how our gaps are impacting how all this connectivity technology is evolving today.

So what’s the real prize here beyond the English lesson?

For me the end goal is something I call The Trust Web.  Trust is the foundation of any productive civilization and this concept must apply meaningfully in our digital world too. Today we do not approach this topic systematically nor do we consider carefully how can we confer trust – in all its rich meanings and nuances – to the digital world, in some measure, because we do not frame the questions clearly (this whole unleashing makes my point).

If there is any “unleashing” to be done – let’s unleash the technologists to crack the code on transparency, trust and authenticity.  How do we coordinate all the fragmented pieces of the trust puzzle being worked on by many companies … from content verification technologies to rich, semantic based technology to deliver more trusted content. From intelligent agents who will scour the internet for verified, trusted ecommerce sites to new approaches to digital identities.

I wish it were as simple as throwing a single powerhouse company to push a single solution through. I almost wish I could wave a magic wand and Facebook could drive this question forward. But that is daydreaming especially since TBH Facebook has not yet demonstrated the business maturity to go down this road. In fact, most moves lately have been antithetical toward helping shape a Trust Web.

I’ll end by hoping I’ve made one clear point – language matters, definitions matter because without clarify we can’t imagine another vision.

And then we have to hear a lot of unleashing without a lot of traction.

Judy Shapiro

Author’s disclosure: I have been tracking Facebook’s evolution from communications platform to an uber social hub in Ad Age for just over a year now. My latest article in Ad Age “Has Facebook Jumped the Shark?” is the basis for an upcoming panel discussion at SXSWi.


Advertisements

“Privacy schmivacy”.

The history of privacy is full of public disclosure.

My Grandmother’s notion of privacy was quite different than my own. And my teenage daughter’s notion of privacy is, correspondingly, different than my version. So while the concept of privacy changes over time, within the public imagination, we all seem to cling to some gauzy, vague notion of privacy to mean we have control over what information should be kept private and how our information is distributed over the web.

This universally romantic notion gets universal support from government agencies, the media, websites, trade organizations – just about everyone.  Corporations world over struggle mightily with new, complex questions about how to assure privacy. And privacy advocacy groups vigorously defend this principle because they see privacy as the thin line in the sand that protects us against autocratic [fill in “evil” corporate or government name here] control.

So while you see a lot of lip service paid to privacy, there seems to be little concrete progress on how to execute privacy in today’s fluid information flow environment. Worse, I think all the privacy rhetoric has perhaps, imprudently, raised consumers’ privacy expectation to a level that is possibly not even achievable today.

It seems, therefore, that a recalibration of the notion of privacy is in order that strips away dogmatic devotion in favor of a real world, practical approach that can get the job done.

To gain insight about what a practical approach might look like, let’s go back a few thousands years and see how privacy has evolved. The first thing we notice when we look at this subject is that today’s concept of privacy as a universal right was simply not operative for most of civilized history (if you didn’t guess already, my early training was in history). One’s identity was assumed to be “public” and fully transparent because “people” were considered the “public assets” of the prevailing rulers. In virtually every society since ancient times, there was a rigid code for conduct and dress that clearly identified everyone by class and depending on variations of this code, by village or clan or family. Nor was privacy operative in “private spaces” since communal living was the norm.

Our modern idea of privacy really did not fully emerge until the middle of the 20th century. The massive expansion of the middle class post World War II “democratized“ lots of things like dress codes so identity became more cloaked (pun intended). The middle class could “pass off” as anyone and with that, the first modern sensibility of “privacy” was born. This budding notion of privacy was then buoyed by the new affluence of the middle class who started living in bigger homes which increased our appetite for privacy because it became a mark of success. Finally, during the paranoia of the Cold War when the government had aggressive wiretapping programs and the McCarthy black lists, our current notion of privacy hardened into the near sacred status enjoyed in our popular imagination.

This brings us back to today. Our understanding of privacy seems misaligned to the realities of today’s Internetworked world. This is why we have a confusing, ambiguous and inconsistent set of processes across the digital landscape. There are, for instance, verification companies selling web site seals to reassure visitors that the site has a privacy policy. Unfortunately for the site visitor, this privacy “trust” seal makes no judgment about whether the site has a “good” privacy policy since there are no real standards for a “good” policy. Then you have a confusing set of privacy practices and standards driven by trade organizations like the IAB, governments and even digital marketing vendors who all have different “best practices”.

Looking at it from an end user’s perspective, the view gets even more confused, (unless of course you have an advanced degree in electrical engineering plus about 10 years of hard core programming). Cookies are handy for end users but they are quite “invasive”, despite assurances from cookie crumb collectors that they only collect information, not individual user data. Or would end users consider a remarketing campaign as crossing the “privacy” line? And don’t get me started on how email privacy standards are violated shamelessly.

Now to add to the confusion, the rise of social networks raises new issues; should we assume the profiles we post in our social networks are private or public? Who should control where my profile is displayed? It’s not hard to understand why Sun Microsystems CEO Scott McNealy is famous for having said; “You Have Zero Privacy Anyway. Get Over It”.

I do see where he is coming from, but that is rather a draconian approach that undermines the value privacy does have in all societies – digital or otherwise. I would rather advocate we need to update our notion of privacy and build standards and processes with an updated vision of the concept. What I am proposing here are a few starter “how to’s” that can begin to pull us out of the quagmire we seemed to be stuck in.

First, for those of us who operate social networks, communities or websites, let’s start to apply a consistent “default public” set of business rules to reflect the general consensus that social network participation is acceptance of a public digital life. Similar to your phone listing in the phone book – you are “defaulted in” unless you opted out. That begins to shift the basic model that allows people to take full advantage of their digital social lives by helping them manage efficiently their public information. Be sure to recognize that the inevitable demographic differences in privacy requirements between groups means you will need to provide all users granular controls to keep everyone happy.

Second, it would be useful to create an industry-wide, standardized hierarchy of information sets which would have specific privacy practices appropriate to the risk factor. For instance, typical “low risk” information gathered by social networks can be handled one way whereas “high risk” information could be driven by a different set of processes. This data architecture and practices can be standardized across networks.

Third, the industry, I mean here social networks, corporations and media, need to better support the W3C’s noble work in this area. I was at a conference on Semantic technologies recently and I heard a fairly desperate appeal to help support continuing the work in this vital area.

Fourth, we need to create clear remediation processes should someone’s privacy be digitally violated. This is a place for the government to step in with clear remediation mandates similar to guidelines it mandated to companies in the case of data breaches.

Fifth, let’s accelerate development of new, Internet powered ad platforms that are consumer driven. A “pull” ad model solves many of the privacy problems that behavioral marketing programs fall prey to because it resolves the irreconcilable tension between marketers wanting to learn everything about prospects and consumers’ resistance to be so overtly “manipulated”. The Internet is incredibly well suited to this model. (A word to the IAB folks – this is a great initiative for you guys.)

Now a word of encouragement to those of us who have a fond, unabashed attachment to our privacy. First, it may be comforting to know that the fact that we ever had privacy as we know it (dare I say knew it), may have been a brief blip in history that we were lucky enough to experience. Second, I won’t tell you to get over it – but I will tell you to reverse your thinking about privacy. Shift your thinking from privacy concerns and onto how to manage what is public about you anyway.

Everything old is new again.

PS – I think the new Google Dashboard is a very positive step forward. See my YouTube video explaining why. http://www.youtube.com/watch?v=MXEiOlD7Y0I

 

Judy Shapiro

http://twiitter.com/judyshapiro

%d bloggers like this: