With this in mind are Facebook moving the personal data ecosystem further forward in one step than the more open (source/web) minded folks of the Personal Data Store movement can hope to do in a decade? Is the real anger in the fact that …
How much data do you think a bank captures about you? A digital trail is left by each and every interaction with an institution e.g. payment over a branch counter, phone call to check the status of a mortgage application or a cash withdrawal from an ATM but just how much? There’s the obvious things such as transaction records (I took £10 out of the ATM which debited my account) but banks actually capture much, much more information about your activity (where the ATM was located, which organisation owned the ATM, whether you got your PIN right first time etc.). A phone call generates even more information ‘This call may be recorded for training purposes’ is a familiar start to calls with most service organisations but what is recorded? More importantly, what is done with all this data?
The vast majority of the captured data is used by the organisation. Fed into huge CRM systems to track your relationship, into data warehouses for all manner of analytic purposes such as calculating your propensity to buy the hot new product, fuel for anti fraud systems looking for strange patterns of behaviour. This data is very valuable to an organisation. This data is also very valuable to an individual. How many organisations feed back the value of this data to their customers? How many feed back the behaviours this data is showing? How many feed back the changes you could make if you did things slightly differently? I think that data is very thin on the ground…
Here are a few examples of the value of feedback. From one of my favourite forms of transport, trains. Take a look at this tube information display from London Underground. Notice anything missing?
Let’s see what it looks like with the missing piece added.
How does that piece of extra feedback change the whole context of the display? Before it just displayed the ‘what’. The ‘when’ adds so much more value.
Another train based scenario. You are sat on a stationary train admiring a beautiful hedgerow your mind wonders to why have you stopped? When will we be moving again? And what is the impact on the time I will arrive at my destination. Think how many times the train guard has given you all those bits of information during one of their oh so eloquent Tannoy announcements. Ever had to ask a guard for a bit more information?
Final feedback lesson from trains. Timeliness. On the more modern trains in the East Midlands fleet that operate between Sheffield and London the seat reservations are displayed on small digital screens above the seat. At busy times (it seems) the reservation notices are not enabled when you first get on the train. Only once the train is 10 minutes out of the station do they get switched on causing a nightmare domino effect as people move seats, other people end up standing and generally the atmosphere on the train plummets to levels below the normal disdain laden malaise to outright annoyance. Provide the feedback on time and the problem would be avoided.
So what about an example from banking. Here is a line showing charges are due to be applied to an account.
Personal Financial Management Tools such as Mint, Strands etc. Have been showing users more about their money for several years now. Pretty graphs showing your spending in a more usable way than a list of transactions. Allowing customers to see if they made a change to the amount of coffee they buy they could save an extra £x a year which could be used to pay off their mortgage x years earlier. Banks in the UK seem to be finally catching on. Lloyds recently launched their Money Manager platform. Rumours suggest Barclays will do something similar at some point this year.
Natwest have been sending out an annual statement. A paper based PFM if you like that shows your annual expenditure highlighting where you spent the most money e.g. Tesco. To me these things feels very much like stage one. This is what you spend. This is where you spend it. This is what will happen if you change this behaviour. The quicker stage one becomes the normal functionality level for all banks the better. What interests me is what comes next. Feedback on your financial behaviour is only one element of a banking relationship and while it may be the most important, what insights can be gleaned from all the other forms of interaction?
The telephone call. So much information related to the act of dialing a beloved call center. Where you dialed from, the menu options you chose, did you correctly enter your security details, the length of time spent in a queue, the length of time on a call, the number of times you were passed around departments, what those departments were, who you spoke to, call reference numbers, the actions of what you actually called up to do, the entries on the various systems those actions incurred…oh and of course the audio of your call that was recorded for training purposes. All that information is captured. Next to none of it is fed back. You get the call length on your phone bill and if the actions were transactional ones i.e. move some money, you will see that in your online banking. But what is the value of feedback from the rest?
Relaying the menu options you chose might make the route easier next time you call, who you actually spoke with and your call reference number at hand online instead of scribbled on the back of an envelope, the time it took you to complete your transaction or the number of times you have called to try to get something resolved, call information could be linked to transactions/complaints and show you the trail of activity and if you do not remember what the operator said you can even listen back to your call to jog your memory.
Another area where I feel banks are poor is around security, or rather feedback to customers about security. Let me explain. Today I have no record of who and when someone logged onto my internet banking or accessed my account via telephone banking or wondered into a branch and tried to do something, even if it is me doing the accessing. Now hopefully strangers attempting to access my accounts does not occur too often but this data is most certainly captured by a bank and if something strange is noticed let me know (and not just by suspending my accounts). Why not play it back? Show logon/call/visit times, show IP/Mac Address of the device used to access (in fact why don’t banks certify devices you might use to access Internet banking? home laptop, work laptop, my mobile etc.). Modern browsers can send location data as well. Why not ask if users would like this information saved and shown to them in their logon activity records? Any suspicious logons (or attempts) could be highlighted to the customer as well as being flagged internally. Yes this might scare some people and generate calls but it should also act as a reassuring log to check. Data already captured, fed back to people for their benefit. Feedback.
As well as logon activity why not show a record of my actions undertaken online. Clicked on this advert, transferred this money, canceled a standing order, called the mortgage helpline, placed a complaint. Show me what my relationship with your organisation looks like. Which leads onto how my relationship with your organisation is perceived. The above data is captured, stored in huge data warehouses and is fed into analytic engines to work out things about you based on your activity. Calculations are undertaken and you may get fed into a marketing campaign based on not only your demographics but your interactions with the bank. Scores may be calculated on your behaviours and applied to your profile showing what your actions mean today and what they may mean for the future. If you make a decision about me why not feed that back to me. Show me how you worked it out and why. Honesty is the best policy isn’t it?
Applying for a product. The sales process of some banking products is less than straight forward. The mortgage is an especially complex process and one that is distinctly lacking in feedback, especially online feedback. Moving house is stressful. The complexity in arranging the mortgage adds to that. The amount of chasing that needs to be done between solicitor and bank. Chasing up to find out where the mortgage process is up to. Who or what is holding it up? When will my money be available. Today a lot of that information can only be gleaned by telephone calls or face to face meetings. Let us switch tangents wildly and consider Dominos Pizzas. Today I can order a pizza of my choice, personalised to the nth degree, I can see who is making it, I can see when it goes in the oven and I can see when it is ready for collection or where the delivery boy is in relation to my house. I can track a £15 pizza to this extent, all via my mobile, but I can’t track a £250,000 mortgage to anything like this level. The milestones/progress of this application must be captured but is not fed back. Something is wrong here.
Ever since I first set eyes on Friendfeed about 3/4 years ago it was obvious to me that banking relationships are very much like activity streams. Today the activity feedback is almost entirely transactional, one way broadcast i.e. marketing messages and customer service issues. This needs to change. So much more happens and is captured but it is not fed back. It would seem our enlightened government also agrees.
A recent publication called Better Choices, Better Deals, sets out ‘To put consumers in charge so that they are better able to get the best deals for themselves individually and collectively as well as looking at ways to empower the most vulnerable who may not otherwise benefit from these exciting developments.‘ On of the key themes of this piece is ‘A shift away from a world in which certain businesses tightly control the information they hold about consumers, towards one in which individuals, acting alone or in groups, can use their data or feedback for their own or mutual benefit.’ It will be interesting to see where this goes.
We are also seeing tighter regulation on what kind of tracking companies can take online. The new EU tracking cookie directives are making companies think about how they track what customers do online. Why not ask permission and show them what you are doing and why? The recent Apple location tracking furor shows what happens when companies are sneaky/negligent but look at how many people then went and visualised the data Apple captured. If they had asked and fed back would their have been an in issue and would it just have been another case of Apple doing something cool?
This stance also aligns with the work by Doc Searls on Vendor Relationship Management (VRM), Which aims to make customer data available to the people who create and allow them to take it where ever they want and to use how ever they want.
Is this just some Utopian pipe dream? Or do we need to see a shift in the way data is fed back to people? What implications have I avoided/glossed over? What compliance/legal issues have I willfully disregarded? What customer needs have I failed to take into account? Please give feedback.
I recently attended the Internet Identity Workshop. An event organised by members of the Identity Commons, which bring together decentralised identity evangelists hence their creation of these sessions in a number of locations around the world. My knowledge of this subject is limited at best but I am very interested in learning more because I agree wholeheartedly with the principles and desires of this group. It is worth noting I was a little apprehensive about attending this conference due to my previously mentioned lack of knowledge, which lead to a bit of late night revision prior to attendance.
The day began with me trying to find my way to the venue (Macmillan Hall in the University of London) from my hotel (the Radisson Grafton). Even though it was only a mile from the hotel and I was equipped with a GPS enabled iPhone it still took a lot of wandering around the University College of London (the college bit makes a big difference as it is the wrong location) before I found where I as meant to be. Once I finally found the University of London and Macmillan Hall I registered, gathered my credentials and headed in to the venue. The room for the event was marble clad with high ceilings. The room was dotted with carpeted panels to try and dampen sound reflections (they failed). The chairs were laid out in two concentric circles. I shuffled in, grabbed a drink, found a seat in the outer ring and opened my laptop. It is also worth noting I am awful at networking. I find it very difficult for some reason, to wander up to strangers, at an event that you have both paid money to attend so clearly have common ground to talk about, and introduce myself. Also the early arrivals at the conference were all middle aged males who looked like they spent a lot of time in front of computers. I realised I needn’t have worried about fitting in.
Things finally kicked off at 9.30 with organisers and facilitators for the day, Kaliya Hamlin (also known aptly as Identity Woman) and Heidi Nobantu Saul. Kaliya explained the reasons behind this meeting of minds (essentially make online identity better) and the format of the day, unconference. Heidi ran through the logistics of the day including the rules and expectations of the day e.g. If you are not learning or contributing feel free to fly between sessions like a butterfly and if someone mentions a TLA (three letter acronym) or something you don’t understand pause and ask them to explain.
There was then a series of intros where everyone in the room stood up and said a few sentences about themselves (always nerve wracking). Then came the session creation. A4 paper, coloured pens and anyone who wanted to create a session got writing. Upon completion we had 31 sessions covering all manner of ID related geekiness. Tech protocols/concepts such as WebID & DNSSSEC, privacy levels, tiered ID providers, European equivalents to NSTIC and finally ending up with digital death. Session slots were chosen, similar topics were merged and my own personal agenda became pretty evident.
Session 1 – Mydex Personal Datastore Announcement. One of the recurring themes of the day was around personal data stores. These are, in the words of Mydex.
‘Personal Data Stores are designed to restore to individuals control over the management and sharing of their personal data online.’
A key piece in the move to Vendor Relationship Management (VRM), Personal Datastores (PDS) provide a framework for users to store, manage and utilise their data rather than the multitude of companies that do so today. Mydex announced their pilot PDS. They have signed up a number of relying parties including councils (Croydon and Brent were mentioned), the DWP, Yougov etc. For a much richer description then why not listen to William Heath from Mydex tell you more about it. Very interesting looking service and I managed to have a few chats with the creators of it and they happened to mention that they had interest from a few banks. I wonder if Sheffield Council will be interested?
Session 2 – WEBID & DNSSEC. Thankfully two of the five sessions for this time slot got merged into one. Even more thankfully they were the ones I wanted to attend (in hindsight I may have been wrong). First up was Henry Story to talk about WebID (formerly known as the less snappy FOAF & SSL). Henry whizzed through a set of slides, that at normal pace I might have understood a bit more clearly. The basic principles (I think) behind WEBID are the concept of you have a specific URI for your ID which can be checked as part of the logon to services. The logon process is dealt with during the actual web page request using existing protocols HTTP and TLS. The other element involves the authorising site to request a WEBID certificate from the user. This very manual step in the demo kind of killed things for me and until we have active agents in browsers it will be unusable for most users. I really can see the potential in this tech (discoverability, federated nature of the ID) and I really liked the mention of using this built into crypto USB sticks for physical device logons. But work is required to make idiots like me understand and therefore use it.
I had struggled a bit with the first half of the session the second half just killed me. DNSSEC is, according to the idle mans research source ‘It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.’ I can see how this could help with some of the request steps of WEBID. Unfortunately the topic was presented with no slides or pretty pictures and such a complex and dry subject left me reaching for my laptop to see what else was going on.
Lunch = Chicken Massaman curry and a chat with some nice people from Vodafone R&D project, One Social Web. More on that in Session 4…
Session 3 – Project Nori Demonstration. Project Nori is an open source, open standards compliant personal data store. This gives users the ability to create their own datastores on their own servers. This hands control of your data back to you….assuming you are smart enough to set up your own datastore. Markus Sabadello, one of the creators of Nori, gave two demos of the technology. The first showing its potential as a datastore and how you would interact with services online. He used the example of ordering a Pizza. No need to fill out your address details when ordering online you click a button it goes to your PDS and returns the requested fields. I asked if this should be two way i.e. should I store my order history with the company on my PDS. In future when I interact with them I can show them what I have bought in the past and they could market to me accordingly (free garlic bread for you as you eat here every week). The current implementation does not deal with two way data passing but will do in the future. This conversation thread lead to a long discussion on data schemas required to store all the potential data (Mmm Pizza Data Schema) which it was widely agreed would require some standard schemas to be created.
The second demo showed Nori operating as a node in a federated social network. The example showed how it could be set up to send, receive and store messages as part of a Status.net (open source microblogging platform) federated install. Very cool geeky stuff. You can see both demos in action on the Project Nori site
Session 4 – One Social Web & W3C Social Web Proposal. Another 2 for 1 session comprising a demo of the Vodafone One Social Web (OSW) project and a discussion around the W3C proposals for the federated social web. The One Social Web project is looking to build a truly federated social network built on open standards (XMPP, Activitystreams, vCard etc.) and aiming to destroy the walled gardens of existing social networks. Daniel Applequist demonstrated the system by sending messages between multiple users who have their own OSW instances but on completely different servers. The demo while impressive to a geek like me also showed some of the flaws in this decentralised method in that one of the users Daniel tried to talk with could not receive a message because his server was down. Having said that, if it was a centralised system then had the one server been down no one could use the system. What all this means is that if you have friends on one social network they are no different to friends on another social network. You can talk to them in the same way, share things with them in the same way. The analogy given was the telephone lets you call anyone. Facebook users can’t share a tagged photo with Myspace users. The code is available now on Github if you care to run up your own instance of OSW.
‘…the Social Web should allow people to create networks of relationships across the entire Web, while giving people the ability to control their own privacy and data.’
Harry Halpin (the editor of the report and spit double of Jason Lee, see photo below) made a passionate plea for these open and federated technologies to shape the way existing social networks operate. As well as the report they have also created the first Social Web Acid Test (SWAT0). The test has just six seemingly simple steps:
1. With his phone, Dave takes a photo of Tantek and uploads it using a service
2. Dave tags the photo with Tantek
3. Tantek gets a notification on another service that he’s been tagged in a photo
4. Evan, who is subscribed to Dave, sees the photo on yet another service
5. Evan comments on the photo
6. David and Tantek receive notifications that Evan has commented on the photo
By about step 3 or 4 you would kill any of the main social services in play today. Elements of the technologies mentioned in the report are in play for some social networks e.g. Facebook utilise Activitystreams but true interoperability is a long way off. The purpose of the report is to try and get the W3C to standardise these building blocks in the same way that they have with things like Cascading Style Sheets (CSS). Harry mentioned that previous attempts by the W3C to build standards for this had been poor e.g. POWDER but he hoped protocols that had been built by others could prove more successful. For anyone interested in the future of the social web I highly recommend reading the report.
Session 5 – Personal Data Ecosystem. The last session of the day and it was back to a topic I knew little about before today, Personal DataStores, but by the end of it I knew a little bit more. Lead by conference organiser, Kaliya, it was more discussion based than the previous sessions I had attended which were more presentation based. The discussion revolved around the concept of the PDS and whether they can become a viable and well used device coupled with sustainable business models. Kaliya picked on me first asking how could banks use this type of technology? My personal opinion is that while banks will certainly be a major contributor to these data stores in the future today the regulatory issues around holding and transferring banking data would make early involvement very complex. David Alexander of Mydex explained some of the business models and benefits they are using to sell their system. Primarily the transfer of data storage and retrieval costs to the customer (or 3rd party data store handler) represented major savings costs for organisations. For banks I am pretty sure they would never be able to simply hand over all data to their customers and not store any for themselves so the savings would not be there. But I can certainly see lots of uses from a customer point of view.
I think the only way these datastores will take off is if major retailers such as Amazon get behind them. They must deliver new value to the users and they must present a more usable experience that what exists today i.e. remove incessant registration form filling. Please read Kaliya’s thoughts on Personal Data Stores and also keep an eye on the Personal Data Ecosystem site for more developments in this interesting space.
In conclusion, the day really exceeded my expectations, my initial trepidation at being completely out of my depth was misplaced as it turns out I know just enough about this subject to wing it. It was also not an issue because everyone there was very friendly and always willing to explain in more detail anything that was not clear. Only downside would be the room, as the marble walls (even with tasteful carpeted panels) and high ceilings meant that it was very noisy and sometimes difficult to follow conversations in your own session. I enjoyed the day and learnt a hell of a lot that I will have to spend quite some time trying to shuffle round in my head into something I can take forward. You could say I need a personal Internet identity workshop knowledge data store….Identity based humour is clearly the future.