JP Rangaswami Thinks About The Social Enterprise

JP Rangaswami recently joined Salesforce as Chief Scientist after holding the same position at BT. He just published a powerful rationale for the vision of The Social Enterprise that Salesforce CEO Marc Benioff evangelized at the recently concluded Dreamforce conference (with 45,000 attendees, now the world’s largest enterprise tech conference).

Key quotes from JP’s post:


I think Marc Benioff’s vision for the Social Enterprise is about more than just enterprise software, it is about changing the way customers deal with companies. Transforming it. Irrevocably.


The Social Enterprise, as Burberry CEO Angela Ahrendts stated during the conference, is not optional. “You have to do this. You have to be social. Otherwise I don’t know what your business model is in five years”.


The Social Enterprise vision is about rebuilding markets the way customers would build them in the first place.

In short, the center of The Social Enterprise is…The Social Customer. Which is what Doc Searls and many other supporters of VRM (Vendor Relationship Management) have been saying for the last 5 years.

And enabling The Social Customer is the essence of what Connect.Me is about. “I, the Social Customer, want to be connected to whom I want, when I want, how I want. Give me that opportunity and I’ll take responsiblity for my Social Customer reputation.”

(Speaking of The Social Customer, another blog we highly recommend is Chris Carfi’s The Social Customer Manifesto. Read it and you’ll see why Chris is one of our key advisors.)

Help Us Help You – Vote for Connect.Me and the Respect Trust Framework

UPDATE Monday 2011-08-22: The voting period is now over – thanks to everyone who voted.

UPDATE Friday 2011-08-19: We just posted our What is Connect.Me video for Sibos. If you like it, please vote before midnight Pacific Time on Sunday.

Short form of this post: We’ve entered the Innotribe $100K Startup Challenge at Sibos. A vote for Connect.Me is a vote for the Respect Trust Framework.

Click here to vote now – just look for the Connect.Me logo.


The rest of the story: After the Respect Trust Framework won the Privacy Award at the European Identity Conference in May even though Connect.Me had not launched yet (we’re just beginning our private beta this month), it turned some heads in the industry. We began receiving inquiries about this innovative new approach to privacy and trust online.

One of them was from SWIFT, the Belgian cooperative that operates the international banking interchange network for over 9000 banks and financial institutions – the network the banks themselves use to exchange money. The innovation division of SWIFT, Innotribe, invited Connect.Me’s Drummond Reed and trust framework counsel Scott David to speak at Sibos, the annual conference SWIFT puts on for the worldwide banking industry, this year in Toronto Sept 19-22.


Two weeks ago Innotribe invited Connect.Me to participate in the first-ever Innotribe $100K Startup Challenge at Sibos. Over 90 companies have submitted applications to have the opportunity to be one of 10 companies selected to present to financial industry executives, VCs, and press at Sibos. Each company must address the question, “How can your innovation bring value to SWIFT, its member institutions and/or their customers?”

Connect.Me’s answer is simple: if the SWIFT trusted exchange network moves from a closed to an open model, where it becomes available to any size and type of business as well as to individuals (something the Innotribe digital identity team is now studying very closely), then it is a perfect match for Connect.Me social vouching and the Respect Trust Framework.

The banking network meets the personal network. A match made in heaven.

Today is the first day of voting, which is open to the public. Although Connect.Me is still in the very first phase of our private beta, the foundation upon which we are building is the rock-solid commitment to the ethical use of personal data that we made in May with the launch of the Respect Trust Framework.

So we’d like to ask for your vote. And if you feel strongly that the future of the Internet should be based on the five core principles of the Respect Trust Framework – a promise of permission, protection, portability, and proof – please ask your friends and colleagues to vote too.

Thank you.

Real Names Are Not Real Trust


(Note: see the end of this post for ongoing updates.)

The following is a true story. None of the names have been changed to protect the innocent.

Connect.Me is a founding member of the Startup Circle of the Personal Data Ecosystem Consortium (PDEC) – a group of companies working to create new products and services based on the ethical use of personal data online.

One of the key tenets of the personal data ecosystem is user-centric identity – that people should be able to choose the digital identity credentials they wish to use in any particular context, as long as those identity credentials support the accountability requirements of that context.

The founder and Executive Director of PDEC is Kaliya, who prefers not to use her last name, and in fact has become widely known throughout the user-centric digital identity industry by her professional moniker and blog name, Identitywoman. (In fact many people in the industry do not know her by any other name.)

Google’s now infamous Real Names Policy, which requires Google+ users to use “the name they are known by in real life”, resulted in Kaliya’s Google+ account being suspended two weeks ago.

On Thursday Google revised the policy to stop immediately suspending users and rather give them four days to “revise their Google profile to comply with the policy” before they are suspended.

In other words, no change to the policy, just how quickly Google will enforce it.

What does it say about the viability of this policy when the Executive Director of the Personal Data Ecosystem Consortium, an icon in the landscape of Internet identity and trust, who was honored in 2006 with the Digital Identity World Award, is suspended by Google for not conforming to its Real Names policy?

This is especially galling because several of the key members of the Google+ design team, including +Chris Messina and +Joseph Smarr, are longtime members of the user-centric digital identity community that has been meeting every six months at the Internet Identity Workshop hosted by Kaliya, Phil Windley, and Doc Searls since 2005.

So far Google has stood unflinchingly behind the policy despite the growing storm of controversy lead by sites such as My.NameIs.Me — leading many observers to wonder whether, despite the wonderful innovations in Google+ (like Circles), Google still “doesn’t get social”.

One of the best critiques of why Google is cutting off its own nose to spite its face with its Real Names Policy is from Mike Elgan, writing for Computerworld:

Why Google’s policy is incompatible with Google+

Google’s policy can’t work. For example, what about any person with a personal brand that happens to be a pseudonym?

Under Google’s policy, Dr. Phil, Lady Gaga, Snoop Dogg and Ralph Lauren would be forced to use Google+ as Phillip McGraw, Stefani Germanotta, Calvin Broadus and Ralph Lifshitz.

Or is the plan to allow the rich and famous to use pseudonyms but not battered women, persecuted minorities, political dissidents and others using fake names out of self defense?

Google, do you really want to be on the wrong side of that argument?

Like many others of us, Mike is especially puzzled that Google is taking this stance because, as he goes on to say:

The solution is easy and obvious

The solution to the real names problem couldn’t be easier or more obvious. Go ahead and require a real name. But simply make the user name field like other fields in the profile — let users hide it, as long as they’ve put something in the “Nickname” field.

The combination of a hidden real name and an exposed nickname lets Google have it both ways: Users can use pseudonyms, but Google itself can know who the person is (for consistency across Google accounts, and also for commerce).

Google could even add two more controls that would make the change more consistent with Google’s objectives. First, allow people to hide their real name only if their account is associated with a cell phone number. (Google already allows Gmail addresses and Google accounts to be associated with phones for identification.) This would prevent people from signing up for one account after another, then abusing Google+ policies under serial pseudonyms.

Second, come up with some subtle signal — an icon, for example — that tells everyone that a pseudonym is a pseudonym.

While Mike’s analysis is fundamentally correct – the solution lies in a policy that allows pseudonymity with accountability – the devil is in the details, and supporting pseudonymity with accountability in a way that adequately protects the rights of all parties is a much harder problem than it looks. Joseph Smarr admits this in an interview with Alex Howard at O’Reilly quoted by Kaliya in her blog.

In fact the problem is so hard that Connect.Me developed the Respect Trust Framework to provide the foundation for a trust network capable of doing this at Internet scale. And enough people already agree with us that it won the Privacy Award at the European Identity Conference in May even before we launched our first services based on it. (Connect.Me’s Drummond Reed and Connect.Me counsel Scott David, legal architect of the Respect Trust Framework, will be speaking about it September 20 at Sibos, the annual conference of the worldwide banking industry.)

Which is why Connect.Me will not require real names for Connect.Me accounts, starting with the Connect.Me private beta this month. The Respect Trust Framework provides a means for socially verifying the online trustworthiness of an individual without requiring the person’s online identity to a “real name”.

We invite our friends at Google to take a close look at the Respect Trust Framework and talk to us about how we can solve this problem together.

It’s not just that it matters to us, or to Kaliya, or to Google, but that it matters to hundreds of thousands of individuals whose need to use a pseudonym online may actually be a matter of life and death.


2011-08-15: See this scathing analysis of the Identitywoman fiasco from Kim Cameron, former Chief Identity Architect of MIcrosoft.

2011-08-20: Kevin Marks has an excellent post on Google Plus must stop this Identity Theatre.

2011-08-20: See this open letter from +Robert Scoble to +Vik Gundotra about why the Google real names policy must be fixed.


Connect.Me in August


While much of the Northern Hemisphere goes on vacation this month, the Connect.Me team is working hard on finishing touches as we get ready for the next phase of our private beta. During August, we’ll be releasing new batches of invitations starting in a couple of weeks.

Invitations will be sent out with priority going towards…

Keep an eye out for your invitation via email and Twitter. And stay tuned to @respectconnect

To everyone who tagged people on, thank you. Your participation has significantly contributed to seeding Connect.Me’s contextual reputation system.

We have a long way to go to achieve our big vision of a more trustworthy social web. However, we’re thrilled to invite more people onto the platform this month and even more excited about what’s in the pipeline.


User Managed Access (UMA)


The big idea behind UMA is that users should have a simple, standard way to control access to their online data or resources (files, photos, calendar, contacts, etc.) that doesn’t depend on a single service provider (e.g., a large social network). Rather there should be a user-managed access protocol that works interoperably across different service providers, much the same way Web servers or email servers work interoperably across a user’s choice of different service providers.

Today the Kantara Initiative User Managed Access Working Group announced the first draft recommendation for UMA had been contributed it to the IETF for consideration.

UMA builds on top of the IETF OAuth 2.0 effort, already nearing completion at IETF, and adds the critical pieces needed for a user to set up and configure an online Authorization Manager (AM). An AM is a service that acts on behalf of a user to control access to the user’s resources stored anywhere on the Web, similar to the way a bank help you control access to your money no matter which account it may be stored in. For example, Newcastle University in the UK already has an implementation of UMA that lets a Facebook user control access by their Facebook friends to a set of online files and photos that are not stored on Facebook.

Why does Connect.Me have to do with UMA? Connect.Me believes in user-controlled access to any personal data or resource that has value, including a user’s own personal network of contacts and relationships, whether with other people, communities, or businesses. UMA is a tool for providing that control, and we applaud this milestone for the Kantara UMA Working Group and its chair, Eve Maler.


Vendor Relationship Management (VRM)


The big idea behind VRM is that while companies have Customer Relationship Management (CRM) systems to consolidate and manage all the information they have about a customer — improving life for both the company and the customer — the customer doesn’t have the equivalent capability on their side of the relationship. Give customers such a system — called a PDS (personal data store or personal data service), let them to link it to the CRM systems of their choice, and suddenly you have a vibrant new ecosystem of “empowered customers”.

Doc Searls, the father of VRM, believes this is the cutting edge of the next economy, one that will do as much to drive new markets and forms of value over the next few decades as the Web has done over the last few. Doc’s lead ProjectVRM at the Harvard Berkman Institute since 2006 and his book about VRM is due from Harvard Business Press next January.

But VRM is more than an academic project, it is real market development coming from a growing list of companies. Doc details a number of them in this recent ProjectVRM blog post.

What does Connect.Me have to do with VRM? We’re building the trust fabric for a PDS network. A network for individuals to connect their PDS — to each other, to social networks, to communities, to websites, to CRM systems, to whomever and whatever they want to be able to safely connect and share with.

Stay tuned – July is when we start turning it on. In the meantime, if this subject intrigues you, read our white paper, The Personal Network.

Tim O’Reilly’s Progressive Stance on Privacy


Last Thursday Tim O’Reilly posted a contrarian view on the privacy flap regarding Facebook’s new facebook recognition feature to auto-suggest tags for photos. As Tim put it:

Face recognition is here to stay. My question is whether to pretend that it doesn’t exist, and leave its use to government agencies, repressive regimes, marketing data mining firms, insurance companies, and other monolithic entities, or whether to come to grips with it as a society by making it commonplace and useful, figuring out the downsides, and regulating those downsides.

Tim makes it clear that this is just an example of the overall stance he advocates with regard to cutting “the Gordian Knot on this thorny privacy problem”:

This is part of my general thinking about privacy. We need to move away from a Maginot-line like approach where we try to put up walls to keep information from leaking out, and instead assume that most things that used to be private are now knowable via various forms of data mining. Once we do that, we start to engage in a question of what uses are permitted, and what uses are not.

He even suggests a specific metaphor for thinking about privacy this way:

Overall, I think our privacy regimes need to move to a model similar to that applied to insider trading. It’s not possession of secret information that is criminalized; it is misuse of that information to take advantage of the ignorance of others.

Tim’s insider trading analogy illustrates why the heart of privacy is actually trust: company insiders have access to insider information precisely because they are the ones entrusted with this information to run the company. So the criminal act is not possessing the information; it is when the insider violates that trust by using that information for personal gain instead of for the company’s best interest.

Companies that aggregate and sell personal data without the knowledge or consent of the individual it describes are doing the same thing: violating the person’s trust by using this data for the company’s gain instead of for the person’s best interest.

That, in a nutshell, is the purpose of the Respect Trust Framework that Connect.Me announced last month (and which received the Privacy Award at the European Identity Conference). It lets us move beyond site-specific privacy policies, which are all-but-impossible for individuals to comprehend, to a simpler and more general set of social expectations about control of personal data. These expectations, captured by the five core principles of the Respect Trust Framework, make it in every company’s best interest to follow “the golden rule of data”, i.e., treat a customer’s data the same way they would want their own data to be treated.

Connect.Me agrees with Tim’s fundamental point: “Let’s stop trying to chase the personal data horse back into the barn — that’s impossible. Instead let’s start building fences governing where the horse can and can’t go.” The Respect Trust Framework stakes out those fences.