3PHealth Blog

Choice Means Respect

Wednesday, March 28th, 2012

I was reading this When Did Service Become the Customer’s Obligation? blog at Competitive Advantage Marketing it really struck a cord with me. While Dr. Coleman is talking about a different kind of “choice” than our enterprise browser provides, it does address a common theme.  This quote from her blog really sums things up,

“Our messages are meaningless if the customer contacts don’t leave the customer feeling respected and valued. Where there is choice, the customer won’t tolerate feeling as if it is his job to service the company. We need to remember that customers see the products and services we provide in their own context, not ours.”

As business people, we should be asking what we can do to make our customers lives or businesses better in exchange for buying our products and services.  We should adapt to them – not make them adapt to us.  When you give your customers choice; when you look at your customers’ needs in the context of their life, their business models, their resources – then doing the right thing becomes much simpler.

---

Is building an Identity Ecosystem a “Wicked Problem”?

Tuesday, March 27th, 2012

 

 

First what is a wicked problem? (link)

It’s used to “describe a problem that is difficult or impossible to solve because of incomplete, contradictory, and changing requirements that are often difficult to recognize. Moreover, because of complex interdependencies, the effort to solve one aspect of a wicked problem may reveal or create other problems.”

So when you start talking about an Identity Ecosystem you can see why it appears on the surface to be a “Wicked Problem”. Can you imagine all the stakeholders sitting around a table arguing for their own agenda’s, their own way of supporting Me and my Identity. Alignment on the issues is not the first thing that comes to mind.

And yet one wonders if there is a “simple solution” to the problem. Well I think there is. However first we must dig a little further.

What is Identity?

Wikipedia has a good description – link

The sociological notion of identity, by contrast, has to do with a person’s self-conception, social presentation, and more generally, the aspects of a person that make them unique, or qualitatively different from others (e.g. cultural identity, gender identity, national Identity, online identity and processes of identity formation.

So is identity defined by the individual or the social/geographic context that the individual finds themselves in? Well it’s both. So how do we align these two items?

Well if you think about it a single word comes to mind – Context.

Identity is context about Me. And as per the definition what you need is a Context Manager that collates all of my “Me” data. That would be defined as data about Me, my geo-location, and what device I’m using to connect with.

So if you’re going to solve the Identity Ecosystem problem you have to start with a context manager. Think of it as a secure database that follows me around from device to device. The database adapts in real time to my social/geo context. It’s completely under my control, it’s secure and it can talk to other databases that I might add to increase my “Context”.

So far so good. Now comes the hard part – data portability. And the only reason this is difficult is because we’re not looking at a common protocol (communications format). The stakeholders all want to keep their existing protocols (formats) and therein lies the problem.

But that was then – and now we have the HTTP protocol – literally one protocol that binds billions of devices and people on the planet. So “If” the stakeholders were to adapt their systems to communicate via HTTP would that solve the problem. And the answer is “Yes”.Think of it in these terms – One Ring Binds them all

• One Interface – the Browser
• One Platform – the Internet
• Multiple data sets – the Context

So all you need now is a way to transmit my real time context (Identity) over HTTP securely. And that’s pretty straightforward – simply add the encrypted data to the request that goes to the web server. From there the data can be shared with any backend system.

So in my opinion building an Identity Ecosystem is NOT “Wicked Problem”, as long as the stakeholders can agree on a common protocol that joins everyone. And there’s plenty of good reasons to support HTTP (like billions of reasons)

The key to solving this wicked problem is real time “Context”, that is under my control, and a common communications protocol. Oh yes, one more thing – don’t forget to give the user a “Choice” in not only what they share but to whom they share it with.

---

FTC issues new Privacy Framework – It all boils down to 3 things

Monday, March 26th, 2012

Privacy Report

 

And what are those 3 things?

1. Privacy By Design: Build in Privacy at every stage of product development
2. Simplified Choice for Businesses and Consumers: Give consumers the ability to make decisions about their data at a relevant time and context, including through a Do Not Track mechanism, while reducing the burden on businesses of providing unnecessary choices
3. Greater Transparency: Make information collection and use practices transparent

Summary:

• From the first line of code to the shipping product think about the Privacy of your customers/users
• Give users a Choice – integrate context, and make it easier for businesses to provide the relevant content
• Transparency – let the user/consumer really know how you’re using his data

There’s no going back now. The Privacy genie is out of the bottle so to speak. Next comes legislation to enforce these recommendations. What will be fascinating is to see how the EU reacts.

 

 

---

The Third Party Privacy Problem

Monday, March 26th, 2012

 

 

In my last post How your privacy leaks out on the Internet I discussed the third party problem. It’s really a difficult problem to solve – especially when you’re not sure who the 3rd parties are. In this example above lets assume for arguments sake that the content provider is ONLY using those companies shown as icons above, as 3rd party advertisers. There are still issues to deal with – but it’s bracketed.

The next situation is more complex. What if there are other 3rd parties on that Web page, or one of the above icons refers to yet another party who in return shares your information. That’s really a tough problem to solve.

Interesting enough there’s a post about this problem up on the Public Do Not Track Mailing list – the title is “tracking-ISSUE-129: Site-specific Exceptions a) Blanket Exceptions (mysite, any-third party) [refining ISSUE-111] [Tracking Preference Expression (DNT)]

Quite a mouthful for sure… however this is a really important topic so lets dig in. Here’s the scenario/use case

SCENARIO/use case:

• User visits a site with DNT;1; by default, third parties fall under the constraints for third parties
• Site needs certain (maybe unknown) list of its third parties to function properly
• Site asks user to provide a site-specific exception to allow all (aka “*”) used third parties to be exempted from the constraints for third parties

So let’s break it down:

• You’re using your standard browser and have set the preference so that you are not to be tracked – as far as you’re concerned that’s it.

Now we switch to the content providers site. They’ve been operating for years and have integrated calls to send data to 3rd parties. Without those calls either their Web site doesn’t work or they don’t get paid. So what happens now? They get a request from a browser that indicates that the user does not want to be tracked – however the Web site cannot return a response to them without tracking them.

So they need an “exemption” – they have to message the user that in order to see this Web site they have to be tracked and need them to agree to it. Well basically there’s only ONE way to solve this problem – you have to send down a page with some JavaScript in it which pops up a dialog box with this request in. The user then has to agree – but now comes the next thorny issue – how long do they agree for? And exactly what are they agreeing to? Does the content provider have to list all the third parties (some of which are unknown to them). What data are you exactly sharing with these unknown 3rd parties. Are those cookies going to remain on my device for others to see and use?

In a previous blog post: Me – The intersection of Privacy, Security and Identity on the Web – Part II I used the following graphic to illustrate the issues with DNT.

 

 

The issue we’re discussing in this post “Site-specific Exceptions a) Blanket Exceptions (mysite, any-third party)” hits right in the “Innovation” category.

In an attempt to make Privacy binary (0,1, Null) we’ve made it very easy for a user to send his Privacy status. What we haven’t done is make it easy for the content providers to comply. Think about the above issue for a moment. Think of it in man hours, lines of code, regression testing, and most importantly “expectation setting”.

There’s simply a ton of work to do to make this right. The user has a very clear expectation – anything that changes that expectation must be transparently and unambiguously conveyed to the user. This is NOT trivial – because you have to get it right immediately, and it must be right all the time. DNT is not cost effective for sites that have “unknown 3rd parties who they share data with.

Of course fixing that will affect your revenue numbers.

 

 

---

How your privacy leaks out on the Internet

Monday, March 26th, 2012

 

 

Sometimes all you need is a simple picture. I went to the Huffington Post and picked an article at random. At the bottom of the article was the above graphic – simply click on your favorite social network to share you data.

It all seems so innocuous – but it’s not, and here’s why.

Social networks have an incredible amount of data on your – because you filled out a profile on yourself. Now when you visit somewhere else on the Web there has to be a way to connect that profile data with what your reading and finding interesting. Almost like “search”.

So the second I click on either the Tweet icon above or maybe the Facebook icon you’ve just tied your entire profile to that article. That tells advertisers a lot. Why because Facebook et al share that data with advertisers and in return pay a referrer fee to the Huffington Post. It’s called Advertising Financial Engineering – and it works because you inadvertently just allowed everyone to know your profile.

So here’s where things get interesting. The new Do Not Track Standard (work in progress) is trying to figure out how to stop this. It’s the “first party vs. 3rd party issue”. The Huffington Post is the first party, Twitter, FaceBook et al are the 3rd party. The core issue is what happens to the status when I click on one of those “like buttons”. Can they still use my data?

My guess is “Yes”. Because if not then Facebook’s, Twitters, Pinterest etc revenue models start collapsing – the big winners will the the content aggregation houses that don’t depended that much on being a 3rd Party. And they would be Google, Microsoft, Yahoo, AOL.

Welcome to the Privacy jungle – it feels like we’re completely naked and that’s because we are.

 

 

---

Search

Email Subscription

Email Subscription

Subscribe

Categories

Categories Select Category #Choice  (49) #mobile  (87) #privacy  (30) #webperf  (62) #wpo  (28) APM  (2) BYOD  (6) Care Delivery  (7) Choice  (25) connected health  (4) Context  (30) digital health  (13) e-health  (7) Enterprise Mobility  (9) EUE  (4) Health IT  (5) healthcare delivery  (8) Hospitals  (3) Identity  (7) Patient Engagment  (12) Performance  (42) Personalization  (23) Privacy  (81) Quality of Experience  (16) Telemedicine  (2) Uncategorized  (30) User Experience  (26) Virtual Care  (3) WCO  (2) Web Standards  (1) What: Device Information  (9) Where: Location Information  (9) Who: User Information  (7)