Ascription is an Anathema to any Enthusiasm

My favorite criminal business models involve large firms that subcontract or franchise work to small actors work which would get them into trouble. They usually hand the work over to small actors who lack the assets to be be effectively punished for the bad acts. But here’s an example of a criminal business model where they firm doesn’t even bother to intermediate the bad acts.

In San Francisco … “Last year, United Parcel Service paid $673,334 in fines for 11,788 tickets — an average of one ticket every 45 minutes throughout the year.“

The traffic rules are a means society uses to keep things civil and moving smoothly. UPS has figured out that it can make it’s internal operations move more smoothly by making the rest of society run less smoothly. If you made the parking fines progressive, so that legal entities like UPS who abuse the system are progressively fined and escalating amount, then UPS would just restructure their urban delivery operations so the operators where a flurry of smaller operators. That’s what Herbalife does so it can strap butt ugly signs up all over town.

So next time you spend a few minutes stuck in traffic behind double parked UPS truck you can think of the this puzzle: of how is civil order is maintained when commerce trains it’s people to make these trade-offs to it’s advantage.

“McMillan Electric Co. contributed $74,375 toward the total. The family-owned San Francisco firm, which does most of its business downtown, received 1,497 tickets over the year. “It’s a business decision,” company president Pat McMillan said. “Is it cheaper to pay the ticket, or is it cheaper to pay the guys working for me to spend time looking for a legal parking space?”

McMillan pays his workers about $80 an hour and said risking a parking ticket often wins out. ‘I don’t like it, but we’ve got a job to do, and we have to get our guys in there to work.’”

Who’s the jerk, the driver, the firm, or the the boss?

(Nod to Faisal)

There is some deeply disturbing data about the decay of human social networks (pdf).
Meanwhile bees, a social insect appear to be in big touble too; something really bad is happening to the bee populations, Colony Collapse Disorder (Wikipedia).

“It is very frightening. We don’t know the cause. … The bees are quite strong. … A week later the colony has dwindled to nothing. … It’s a mystery. … We don’t know where they are going. … Fifty to ninety percent of the colonies. …” - U of Penn (podcast)

They (pdf) are very early in the process of puzzling out what’s going on, mostly just guessing at this point: mites, fungus, contamination, stress, a combination - who knows?

I wish I thought similar resources were being brought to bear on the breakdown in human social networks.

Here’s a principle that I think the internet identity community needs to come to grips with.  Sites are going to talk about users behind their backs.  They are going to exchange information about users without the users explicit permission.  While strictly speaking the users permission for these exchanges may have been acquired the user will not fully comprehend that the he gave permission.

In any case I think it is dangerously nieve to attempt to design systems that take as their primary goal minimizing the amount of information about users that flows between the sites.  Not because it wouldn’t be wonderful to minimize those flows but because those flows take place already and they are not about to stop.

For example all the advertising networks (i.e. double click, google, etc) collect tremendous amounts of information about users.  Should we presume they don’t sell that information back to sites in one form or another?  The catalog, financial, medical, and insurance industries all pool customer data in ways that are analagous to what the advertising networks are doing.  Should we presume they don’t traffic in that information?
These pools of customer data are the elephant in room.  Some of them are held by consortium, like the health records, while the newer ones are held by single firms.  What Google knows about me, oh lord!  The majority of participants in the internet identity dialog appear to be ignoring that it is the legal responsibility of the owners of this data to milk the maximum value out of them.

So here’s a thought.  Maybe we shouldn’t be struggling quite so hard to minimize data flows.  Maybe we should be struggling to make the data flows more transparent.  If it’s necessary to accept that then it has consequences.

Any standard that is going to be widely adopted by sites must provide sufficient value to pay for the cost of adoption.  Today if a site wishes to know more about it’s users it can do that by paying for that information from the current operators of an existing data pool.  Any standard that hopes to displace these dominate players in the internet identity market will have to provide good value for reasonable adoption cost.  Designs the emphasis user privacy over other attributes are unlikely to strike the right balance to get the network effect to happen of both user adoption and site adoption.

I’m not sure I entirely like where this line of thinking is going; but I do know where it came from.

In my web logs most incoming visitor’s browsers politely tell me who reffered them to me.  I got to wondering if I ought to be thanking those nice sites that sent me these nice visitors.  Which lead to realizing that I have what the autistic b-school types call “a relationship” with those other sites.  Let’s call these other sites my partners.  When one of these visitors gets referred to me why can’t I discuss him with my partners?  Why is there no protocol for that?  Me: “Yo, partner, who is this dude?”  Partner: “Him? Don’t know much about him, but he’s got an account here; and it says his private information broker is .”

Of course that conversation appears pretty privacy invading.  So sites that want to do that are forced to go through a gossip broker.  I.e. their advertising network.  Which only leads to extremely strong network effects for one advertising network to dominate the others; because they accumulate a better model of these visitors.

Pretending that these data pooling gossip brokers are not part of the ecology isn’t working to their advantage.

I suspect we all know, but I just what to be sure it’s on the record, that Long Tail ideas suffer from the Base Rate Fallacy.

Which is to say that stocking more products in your store, more books on the library shelf, more details in your server logs, or keeping more of your options open does not automatically lead to a better experience. Unless of course you enjoy searching, sorting, organizing, or hording.

Nothing legitimizes a standard like usage.   What makes Microsoft Window’s a standard is those billions of transistors all over the planet are chewing way on it’s code.  What makes Google search a standard is that all those of searches are taking place.
In that sense of legitimate OpenID continues to struggle.  While usage remains the final arbiter there are other ways to achieve a bit-o-legitimacy.  Getting the blessing of the king is always good.  You can get a law passed; that worked for making curb cuts standard but it didn’t work for lowering the speed limit to 55mph.  You can get a large standards body to promulgate your standard.  That one is surprisingly ineffective. You can solicit players with large market share to give you the nod.

Each of those three (civil authorities, professionals authorities, market leaders) is legitimate because some legitimate process gave them their king like nature. Their blessings are market signals.  Other players in the market use them to manage the risks of adoption.  Interpretation of these signals is up for negotiation.  Consider a few of the big standards bodies - for example ANSI, EMCA IEEE, IETF, OASIS, W3, WS - each one has very different governance model.  That model affects the meaning of their blessing.

In the standards battle over internet indentity the Project Liberty folks ended up tainted by the way their governance, and hence their legitimacy, was weighted toward the account holders rather than the users.   I was involved in Liberty, and the governance was weighted toward account holders; the design emphasis wasn’t but that’s not my point today.

Microsoft and AOL’s recent signals of support for OpenID signal one thing.  That OpenID is good for them.  That does not mean good for you.  OpenID is very good for very large existing account holders, because those players are the most likely to hand out the vile globally unique identifiers around which the OpenID design based.

I tend to think that OpenID is going to capture a very large market share.  These signals of support reinforce that.   Not so much because they actually signal a change in that most important source of legitimacy, i.e. usage, but because they illustrate that at least one side (i.e. account holding institution) are starting to see that the design is good for them.  The other side (i.e. account holders) remain on the sidelines.

The question of what makes this standard’s bandwagon legitimate should remain open for negotiation.  The OpenID bandwagon looks to me like it’s in great shape.  That users haven’t climbed on board remains a challenge, but not an intractable one.  I continue to see this bandwagon as pretty illegitimate from a governance point of view.  Claiming to speak for users is damn sight easier to say than do.