honestlyreal

…for all the fun of the fair

There’s a good chance you’ll see something today, if you haven’t already, about a pseudonymous online character for whom life seems to have taken a very recent and very awkward turn.

This character specialises in winding people up in extreme ways, in generating and thriving on outrage, in what we call (safely, for once) “trolling”.

“Hello people with some particular cause to be sensitive, hello public servant, hello anyone who may disagree with me – you’re a c**t, this is why, and I’m actually really on your side for saying it. Oh, and one day you’ll thank me that I stood up for those rights.” “Listen to me, notice me, tell all your friends how outraged you are and hope they join in…yada yada yada.”

I’m not linking to or referencing the specific details here, as I avoid doling out troll food – but he seems to have bitten off a big one this time. Repeated taunting and goading of a community who not only have some pretty good reasons behind their pride and sensitivity, but also a track record (first successful petition to be debated in Parliament, anyone?) of organising and supporting each other.

And support blends seamlessly into the formation of a mob, and from there, the path to actual, real-world, nastiness can spiral upwards rather quickly.

Thing is, our Defender of Freedom didn’t really do the tightest job of hiding his real identity. Pieces to camera in his natural voice behind a mask; social media accounts under his pseudonym showing real people with real names, in identifiable locations. Almost like he wanted to be outed eventually. Hmm.

And now that doxxing has happened. Personal information is out there. Whether it’s accurate or not is anybody’s guess. Whether the entire episode is some extraordinary situationist stunt to promote a brand of soap is still a possibility. (Ok, it’s not.)

Did he want to be unmasked? Was the online attention not enough any more? Did some sort of martyrdom – however you want to interpret that – represent a fitting culmination to a sustained period of effort?

OK, so what’s my point here?

It’s one of those cases that features a regular theme on this site: the gap between nice, clearly-marked, “how-the-world-should-be” and its messy reality.

My opinion is that you can’t slip a fag paper through the logical thought process that says one should have the freedom to cause the potential for offence. Any attempt to lock out that freedom will fail to work, and even if it did, would take more away from us than it gave us back. Potential is of course an important word here: the online media he uses are seen “by choice”, not forced into people’s homes…yeah, right. It doesn’t work like that, of course. Rubbernecking always trumps rationality.

Yes, we’ve built rules like banning public incitement to hatred, but they don’t adapt easily to media where my choice to subscribe (or my friends’) drive what I see. That word “public” again… but this is getting into more detail than I intend to in this post.

Back to the point: which is that this case made me think about how reactions, and change, really work. You know, in the normal world.

Where I grew up, when things were changing fast, like going through school, being a teenager, finding your feet in a new area – there was a contrast between the official boundaries intended to guide behaviour, and the “corrections” that would be applied by the environment. Bluntly: if you really pissed somebody off, you’d get thumped. And the rules? Irrelevant. At some point, with enough sustained “correcting” going on, there might be a shift in the official rules to keep us all sane, and we’d all lumber onwards.

The first bit of that process might be brutal, and horrible, of course. But it’s what happens. You can say what you like – be as offensive as you like – but it doesn’t mean there won’t be consequences. They might not be legal. Or a Good Thing. But you can’t just vanish them away. Do I condemn any violent action that might result from a case like this? Yes. Do I see that it might also be an inevitable component of something more wide-ranging? Yes to that too.

We need corrections. They’re part of making change: whether that’s to a price, a set of laws or to the behaviour of a society.

There are no smooth dials on society – or levers that leaders can pull to make big things happen as planned. (From Gove to Pickles to Duncan Smith the reality of this is now hitting hard, but that’s definitely another post.)

In today’s example I can’t help feeling there’s a certain irony in a professed free-market libertarian being prepared to test the market – and its possible application of a correction – in quite such an extreme and personal way.

I am very interested to see how this plays out. And we should take an interest, perhaps from a distance – without lobbing in a ton of troll food – on how it does play out. It matters. The seismic societal change here is one where everyone can create content and reach an audience (or be reached by it). Despite a lot of fury on the internetz, there’ve been remarkably few examples of that boiling over into actual, tangible, harm.

We’ve had outrages about Daily Mail articles, we’ve had anger about privilege and so much else, but something about this one feels very different. Hard people are involved here. For whom the jokey “I’ll do time…” phrase beloved of Private Eye’s spoof comments thread may well have a different resonance.

“It’s all fun and games until somebody loses an eye” as they say.

We’ll see, won’t we.

We’re almost twenty years on from the publication of one of the internet’s defining artworks. Turning from the screen of his desktop PC, one dog faces another, with the immortal line: “On the Internet, nobody knows you’re a dog.”

The Internet may have had a capital letter back then, but that underlying message hasn’t changed.

Remember Leo Traynor? The Irish blogger, political consultant and writer who was all over your screens in late September with his amazing story of tribulation and forgiveness.

You missed it? In brief: Leo started getting a whole bunch of online abuse – progressing to real-world threats, parcels of hate delivered to his house, and lots of really nasty stuff. The police weren’t interested, so he enlisted a friendly IT whizz to use vague (but legal) means to track down his assailant. Turned out to be the teenage son of someone he knew, so Leo sets up this Agatha Christie-style face-to-face dénouement, only to deliver a lovingly-crafted message of absolution to the weeping youth.

For this act, he was almost canonised by Giles Fraser, and the Guardian was not the only publication to amplify his message with scarcely a glance towards the issues of its authenticity.

Thing is, there were a few odd features to that original story. Three big ones, to my mind.

Firstly, Leo had a penchant for enabling his persecutor’s chosen channel of abuse – the Twitter Direct Message – by continuing to follow new, anonymous accounts that approached him. Wouldn’t you know it, he’d do that, they’d unleash a tide of venom, he’d block, and then he’d do it all over again. “Sometimes two or three times a day,” Leo writes.

Secondly, the inaction of the police in response to reports of serious anti-Semitism and death threats. Given that these were backed up with physical things he’d been sent in the post, this gets creakier as a storyline the more you think about it.

And thirdly, the unmasking – from online traces to the perpetrator’s precise house – was very strange. Yes, one can construct tenuously coherent theories involving the cross-referencing of IP addresses with social network information, Wi-Fi logs and other geolocation, perhaps aided by the geography of sparsely-populated areas. But it read strangely; as if the details had been massaged or redacted in some way.

None of these three things are by themselves impossible, or unexplainable. There’s a line of defence for Leo that says any subsequent weird behaviour on his part can be put down to a wish to protect the anonymity of the child of a friend.

But the conjunction of all these points in the same story – a story pressing all the classic emotional buttons of conflict, tragedy, mystery and resolution – certainly got my alarm bells ringing. And you know what? The story’s out there now. Massively so. And that brings with it other pressures for authenticity and verification that compete directly with that wish to protect anonymity, however laudably founded.

We’ve had the Syrian lesbian blogger. We’ve just had Dave on Wheels. That people with fantastic stories on the internet may turn out to be, quite literally, fantastic themselves should be no surprise to anyone.

A few skeptical voices were raised in Leo’s direction. From systematic interrogation, to more gentle questioning. And then there was this strange business of an eerily similar unmasking only a few weeks earlier, bringing with it a big-P political angle. (If you search, you’ll find another site which has much to say on Mr Traynor, but I am not linking to it for reasons which will be obvious if you explore the site more widely.)

Leo himself went quiet, protected his Twitter account, and blocked me and a few others. A little strange, given I’m pretty sure I’d not tweeted to him directly at any point. But some rallied round. Of course Leo exists! Everyone knows Leo! I’ve met him myself (a while back mind you), said others, in some instances with the simmering anger that naturally accompanies challenge.

Harder questions started being asked: Can the Gardaí confirm he actually reported the abuse to them? Can he be found in the Rathmines phone book? (Or any other directory, phone or otherwise, for that matter.) Given he claims to have a D.Phil, where’s his thesis? Why has no one come forward to offer any independently verifiable biographical detail which might categorically identify Leo as a real person?

Is this what identity really means then? The external verification of biographical details? Well, largely it does, as I’ve dwelled on previously.

But all we see are blanks. At every turn.

So, does Leo even exist?

There seems to be no available evidence. Not for someone going by that name, anyway.

Because for a man who’d apparently been so influential, there are no published articles, no records of speaking appearances, no “political consultancy” reports or client references. Nothing. Just a mostly-wiped blogging history, some social network profiles and contributions to comment threads here and there. Social vapour, really. But tangible footprint? Not so much.

But what does all that actually mean? Is an existence that’s only defined in social media terms any different from, well, from any other definition of a “real person”?

These are questions for the epistemologists and existentialists, of course. I’ve no axe to grind, nor a wish to somehow polarise the world into Leo-apologists and Leo-deniers. (Leo-pards vs Leo-tards?)

So why do I care? This could just be someone who does a bit of blogging under an assumed name. Possibly someone who has perhaps met a few people in real life for a coffee while in the guise of their online persona. For whom the definition of “political consultant” might be “someone who tweets at politicians”, and “writer” equating to “person who sits on the internet all day commenting on blogs”. The name could even be real, but that would suggest certain other embellishments had been made. (Still want to know about that D.Phil, Leo. And maybe more about that extensive education and all that travel. It’s extraordinary that one can get around so much but leave no traces online, isn’t it?)

That’s no big deal. Hardly unique. He wasn’t after money or malice, it would seem. A few minutes of fame as a storyteller that suddenly got wildly and magnificently out of hand, is my reading of it.

Well, it didn’t matter while it was just one man and his blog. But when the tale becomes part of the canon of internet legends, all the while omitting a tiny little detail like the author’s pseudonymity, then its other oddities are cast in a harsher, less forgiving light. If even the existence of the author can’t be verified, what else about the story can be?

Leo’s fable, with its quirks and flaws, has consequences: that people are going to believe misleading things about their privacy or findability. That they might be discouraged from reporting serious crime to an apparently indifferent police force. And that they’re being set an example of behaviour that may prolong their exposure to harm.

Real-world, real-impact consequences. That’s why I’m writing this.

A serious point: probing questioning towards those who write about abuse more often than not turns out to be a Very Bad Thing. Many of the commenters on that Skepchick post point this out. And they are right. But how many strange facets does a story have to have before it does become fair game for deeper investigation? True skeptics should be very careful to avoid placing certain topics beyond question, whatever the surrounding evidence.

Whatever the answer, I think this one has enough to cross that line.

Be a dog all you like. Be whoever you want to be online. But risk harming others through misleading them and you can expect to be called out on it. And if that’s “trolling”, I’m a Dutchman.

Well, I might be. You never know. Proost!

A quick post on identity, written after seeing Dave Birch’s marvellous TEDx talk on identity, but rooted in a Nasty Thought about identity assurance (proving things about you to be true) that’s been troubling me for a while.

To summarise current thinking on this (but do watch Dave’s talk): old identity approaches are hopelessly flawed because they try to recreate a clunky, record-based model of Who You Are: as a list, or a database, of lots of things about YOU: from name, address, date of birth, fingerprints (and whatever reference numbers anyone – typically but not necessarily the government – want to sling in there), etc. etc.

Enlightened identity thinking says: bugger that – most of the time it’s not important WHO you are, merely that you can prove a certain thing to be true for a certain purpose. So a baby-faced boozer only needs to demonstrate AGE>18. A council service user may need to show POSTCODE=BN****. This is sometimes called “authentication, not identification”, and there’s a whole marvellous book about this by Jim Harper which is basically a bible for sensible, non-Big-Brothery approaches to these issues.

Reassuringly, these principles are found within the current strategy of both the US and UK governments. Which is ace. And to be wholly applauded. (There is a lot more to these strategies than just the idea of authentication over identification, by the way, but that isn’t the focus of this post.)

No more will you have to haul out a document showing that you buy electricity in order to rent a DVD. No more does your passport have to be hijacked to confirm you can start a job. All the machinery used to hold and prove things about you can be turned upside down: instead, you control what you share with whomever you need to prove something to. Provided there is a “binding” of something about you (maybe your face, or your fingerprint) to the fact that needs to be asserted, then you get what you need without having to BE any particular person.

If that thing about binding sounds a bit spooky, look more closely at this scheme. It’s been used to verify drinking age in pubs. The important bit is that there’s no central database anywhere that a (future!) malicious government can use to attach other “facts” about you. Or that can be corrupted or lost or misused etc. etc. It simply links some data points from a fingerprint to the fact that needs to be proven (age), and serves that up neatly and securely when required. But read up for yourself how it works. It’s well thought of and has the blessing of some who really do make a habit of tearing strips off dodgy approaches to personal data and biometrics.

But this post isn’t about clever new ways of doing things differently, and better.

It’s about a problem that will still exist. It’s about something that underpins many rather trivial, low-value transactions and life events.

Sometimes it’s not enough just to satisfy a particular information need for a transaction, like verifying an address, for example. Well, it is when everything goes right. But not when things go wrong. Because if things go wrong, and you want to take action, you want to underpin the information you’ve got with something else: the ability to tie the transaction back to a particular individual. Yes, someone with a name, an address, and lots of other things that the police and criminal justice systems know you by. So how quickly will Dave’s “no names” approach actually stand up in practice, in any situation where some future recourse may occur?

Because the one recourse you ultimately have is to take action which might involve a fine, an endorsement, even ultimately imprisonment. And these are things you can’t do if you only know AGE>18 or DRIVING TEST PASSED 1985, LICENCE CLEAN. Many things you can do “as somebody else” – like paying for something – but you can’t be banged up as someone else. That’s the “underpinning” bit.

The car hire company really does need to know who you are. Perhaps not to satisfy insurance requirements, or some other aspect of the up-front transaction. But just in case you disappear… Even for something as low value as a DVD rental… And if you bump your car into someone else’s, swap details and get an odd feeling about your opposite number, are you going to be more or less likely to insist on police attendance if they pull out a decent-looking driving licence for you to note down, or scratch it out in pencil on a Post-it note? Even peer-to-peer we use underpinning as part of our understanding of trust.

Our old-fashioned “hard identifiers” are hugely important in backing things up in these cases of trust and liability. It’s that thing where it’s much more important that the system is designed for things that go wrong, rather than things that go right.

Realistically, what will actually change if we move towards an authentication culture? Will we still fall back on the same old props to do that critical underpinning of trust? It’s a hole that I perceive in these concepts of individual-controlled information.

I’d love to hear your thoughts.

 

A featureless airport departures hall.

Behind the check-in desk, a large warrior stands, strip-lighting lending a pale lilac wash to his magnificent plumed helmet.

Half-way along the queue is a rather dishevelled Tortoise, surrounded by heavy bags.

 

Achilles (for he’s back again): Oi, Tortoise!

Tortoise [po-faced and unresponsive]

Achilles: I said, OI TORTOISE. YES. YOU. BACK THERE. TORTOISE. TORTOISE NP150417!

Tortoise: WTF? How do you know my number? Thought that was just between me and the hatchery?

Achilles: See this print-out of your markings? [holds up said print-out] Got this off of Google; on CheloniansOfNote.com it was. That’s you, isn’t it? Blotch, blotch, stripe, worn patch, shape that looks a bit like David Willetts’ head? Yes? Got a few other bits of info here too, to help me recognise you and the better to meet your every need.

T: Um, so I see. But how dare you…

A: Hang on, my horny-carapaced friend. Shuffle up to the front here. Let’s have a quiet word about this. [Tortoise makes the painfully slow journey to the head of the queue, nudging his bags one by one with his nose.] This is what you wanted, see?

T: WHAT?

A: You told us. You did. Well, not you individually, Tortoise NP150…

T: STOP IT!

A: Ok, ok. Well, collectively, our customers said things like “Hey Trojan Air, time to wake up to the new world and start treating us like people. We’re not just lumps of flesh with wallets. We want you to throw away all that stiff, corporate formality. Get to know us. Empower yourselves. Adapt. Use a bit of bloody initiative. See us for who we are.” So we have.

T: Yeah, but you can’t just go gathering information like that about me, without my permission. It’s like me shell’s been invaded. Horrible. Oi moi!

A: Don’t go getting classical on me: these characterisations are only pixel-deep. Now, look over there, now, at the SleazyJet desk. See that queue? Hundreds of them. Hot and knackered, they are. And going nowhere for a couple of hours yet. Now, I know, and the SleazyStaff know, that there’s a nice little waiting room round the back. With just one very comfy seat in it. And air-con. They can’t tell everyone, it’d get rammed. But see that woman just there? With the huge bump? Could drop any minute. You think it’s ok for the staff to, you know, use their bloody EYES to spot her, and offer her that seat? Or are you going to go all “no, no, they must know nothing, they must treat us all-equal-and-anonymous like”?

T: Well, I suppose that’s a bit different.

A: So it’s ok to use my bloody EYES to infer stuff about my customers, so’s I can make their service better, but it has to stop when I use, what? A computer? A phone? A database?

T: Now you come to mention it…

A: Because isn’t that where mechanical process (oh so twentieth century) stops, and service begins? When we start inferring? When we use one of the very few gifts that mankind seems to be blessed with – pattern recognition – to judge that if someone is cross-legged and hopping from foot to foot, it might be politic to proactively remind them where the loo is? To check on our systems so that their seventeen letters of complaint that they keep getting woken for meals when they’d rather sleep haven’t been an utter waste of time? To infer, beyond this, that similar awakenings for important matters of Shop-In-The-Sky sales might also receive an unfavourable response even though they haven’t actually WRITTEN TO US ABOUT THIS NOR GIVEN US EXPLICIT PERMISSION TO EVEN GUESS IT MIGHT MATTER TO THEM?

T: Steady on, old boy.

A: Sorry. Emotive stuff, this. Which is why this post is written as a dialogue – less confrontational that way. Where were we? Oh yes – look over there! PoshAir have got one of their regulars arriving. He’s a FTSE-100 Chairman, he is. Yeah, I know. Miserable and anonymous, grey and crumpled, to you and me. But to him? The Grand Kahoona. The Large Cheese. He wants to be recognised. And look again: by the sort of chance that only occurs in allegorical blog posts, he happens to be featured on the cover of this month’s Kahoona magazine over there on that newsstand. Now, shall we ask their staff to shield their eyes so that there is no prospect of them contaminating their green-field minds with this inarguably public-domain factuality of who the fuck he is?

T: Yeah, but it’s invasive. He might not want to be recognised.

A: Isn’t that a matter for their judgement? They are, remember, humans. Providing a service. Let’s at least hope they have some basic lightness of touch. They do not have to march up and shout “Mr Cheese great to have you back it has been 34 days and 2 hours since you flew with us shame about the collapse of the zinc deal in Bolivia your usual gin and valium then?” A mere “Mr Cheese, good to see you again. Let us know if you need anything” isn’t invasive. Invasive is ferreting through information that’s not public. Invasive is phoning people up or emailing them out of the blue, forcibly taking their time away. This stuff here is just observation, inference and discretion.

T: Ah, but it’s where it could all lead, innit. That dossier on me that you’ve got behind the desk…

A: Dossier? Ooooh how very Le Carré! You got that out of that article, didn’t you? One of many using lurid language to play on everyone’s fears about “where it could all lead”.

T: Call it what you will. You are reprocessing data and creating databases and riding a chariot and horses through the provisions of the Data Protection Act (1998). And you know it.

A: I am, and that’s a very fair challenge. I am struggling to justify it – hey, hang on, pass me your phone for a minute.

T: No bloody chance. You know enough about me already.

A: I just wanted a quick peep at your contacts book.

T: That’s none of your business.

A: And yet you download all these apps to your phone and give them permission to access what must be hundreds, maybe even more, personal records and upload them to Morin Towers and gods knows where else, and remind me at what point did you register yourself with the Information Commissioner let alone do any of that “seeking consent” hoo-ha?

T: Yeah, well, that’s for organisations. I’m just Tortoise.

A: Tortoise With A Talent, Ltd, according to my, erm, “dossier”. You still think the boundary between individual and organisation is that clear, and in any case serves as any sort of robust moral framework for this sort of issue about data responsibility? You still content that the DPA (1998) is in any way fit for purpose for the world we now live in? A world of massive volunteered personal information? A world where even if you don’t put your own pics up somebody is going to tag your face and you will be able to do jack all about it and will just have to get over this unassailable fact?

T: I suppose. That’s all going to need clearing up when they refresh the Data Protection Act, innit?

A: Just. A. Bit. But in one final attempt to justify my creepy snooping, can I at least appeal to your libertarian side? It’s one thing to berate the state for acting like this, for gathering information and building megadatabases about individuals. Its civic hygiene may one day become suspect, its motivation potentially questionable, and it’s pretty hard to avoid. But this is a freaking airline. You don’t like what we do, if you think we’re creepy, then you’ll stop using us, and we’ll change the way we work to get you back again. Less of this Big Brother Watch angst; save that for those who really deserve it. Frankly Tortoise, there’s some cognitive dissonance going on here. I know (coz it says so in your dossier) that you hate all this state intervention stuff. You really want businesses to be able to do a good job with the very lightest hand of regulation ‘pon them. Now you’re making no sense with all this paranoid guff.

T: Ok, ok. The jig’s up. I guess what’s really going on is that a general, non-specific feeling of impending doom about personal data in the cloud (and in our hands/claws) is creating a toxic environment where any story that even touches on search, or social networks, or biometrics leads us to throw all common sense out of the window. I guess.

A&T: Oi moi! Ta’las! Tlê’môn!

A bold tweet’s been getting a bit of an airing this morning:

I agree with @chadnoble. We should all start taking photos of cyclists going through red lights. Let’s start a blog.

— Joshua Lachkovic (@JoshLachkovic) June 27, 2012

Shall we have a closer look at that one?

Firstly, I have some doubts about the practicality of actually getting the smoking-tyre photos needed to make this work. I presume the idea isn’t for fast-lensed SLR owners like me to camp out at the lights for a day, ready to get crisp face pics of the transgressors? Good luck using your BlackBerry camera for that.

And I presume it is faces that’s being sought here. I mean, otherwise you’d just be building a Tumblr of blurry lycra-clad arses. Which might be of some “specialist” interest–but not actually a whole lot of use.

Which means you need to be ready in waiting on the outgoing side of the junction. Having predicted that matey with the headphones and fixie is intent on diving over the red. OK…bear with me here.

So what use will all those faces be, then? For outraged anti-cyclist types to roar at the screen: “Naughty, naughty man! Is the advanced stop line not enough for you, you bounder?”

Or perhaps for some sort of vigilante action, especially in smaller towns where you might just see the same cyclist ever again? Stand by with your spoke-sticks, defenders of the peace.

Or for, oh wait–here we go, some kind of enforcement by the Authorities. Now that either means we get serious about facial recognition…or…we treat cyclists more like car drivers, and bring in a compulsory licensing-and-visible-identity-number scheme. Neither of which will be expensive, problematic or intrusive at all.

Hang on. What flavour of libertarian is this then?

One that prefers heavy-handed state surveillance and intervention over the free choice of the individual to exercise a decision (which will sometimes be flawed, but hey, that’s free choice) over the extent of their compliance with a system designed for much more dangerous vehicles capable of driving at far greater speeds?

Really?

I mean there couldn’t be another reason that someone would come up with a proposal to have a go at cyclists like this?

There must be one. I just can’t quite put my finger on it. No, it’s gone again. Damn. Nearly had it there.

I see, via the excellent Robert Brook mail-out (do please subscribe), that there’s another site out there trying to cut the biggest Gordian knot of all in the field of customer services. Of course customers want cheapness. Of course customers want quality. But the two are in tension against each other.

Unlike the cruder saynoto0870 about which I’ve written before, Get Human attempts a subtler combination of crowd-sourced wisdom not only on what channels prove to be the best for getting through to Customer Services, but also offering handy hints on how to navigate them more easily once you’re connected.

Sample: “dial 08xx… and keep pressing 0, ignoring all prompts, until you get to an operator.” Well, indeed. And it’s hardly a new discovery that banging away on the zero or the hash button can get you that elusive human voice.

But it’s still a hack. It’s still “defecting” in the vernacular of game theory – trying to find a way around the system rather than devising something that actually works, and doing it in a way that doesn’t involve subterfuge.

What’s missing – what’s always been missing – for me in all of this Customer First rhetoric is any real appreciation of why things are the way they are. It’s not all perverse behaviour on the part of organisations. Nor is it all blatant cost-cutting or profit-grabbing. It’s a trade-off.

“We put the customer first” is one of the most weaselly phrases imaginable, whether in public or private sector. It’s probably Shareholder (or Taxpayer) First, in reality. And is that so very wrong? What’s much worse is the masking of true intent behind these bizarre slogans.

The system may be optimised for a lower price. It may be optimised for speedy and free-flowing service. But it won’t be optimised for both.

When you have to indulge in odd behaviour in an attempt to change this optimisation (like that banging away at the 0 key) you know there’s some reality masking going on.

Here’s a little case study to make the point: Ever hired a car abroad? You go through a ton of online data entry to ensure your personal and driver details, and payment, are handed over as requested. In advance. All you have to do when you get to the airport desk is establish your identity and take your key – everything else has been done? Right?

Wrong.

Spend a few minutes listening to what’s going on in a queue like this. It’s fascinating. No transaction takes less than five minutes – many take at least ten. The queue always builds quickly. Always.

And what is going on? Well, transactions are being optimised for revenue, not speed.

Take the additional paper-filling that appears at this stage. It might be a “local police form”, or an additional statement of insurance liability. There’s absolutely nothing on these forms that hasn’t been already provided online (or could have been).

But the act of filling it in starts to work in other ways on the hapless victim. It’s a foreign country. See? Foreign form in front of you. Thoughts fly fast: they drive badly here – or do they? Shit. Best check. And what about the police? Mirrored shades, being pulled over on a dusty road, accused of goodness knows what. Gold teeth. Lip-smacking. Cash fines. Smelly cells. The images are set in train.

The swift passage from carousel to exit gate has been interrupted, and certainly not for your benefit.

And then the killer words come across the desk. A script that never fails to elicit a visceral response. “You agree you have taken the minimum insurance cover permissable. The excess will be a thousand euros. But you can wipe this out with a simple payment of just twenty a day…” And inevitably, beads of sweat now falling down, a judgement has to be made. Invariably on the side of cautiousness. The picture has been painted.

You had all this information back in your office a week ago. You made a rational judgement of the likelihood of you stacking the car, and made your choice. But now? Now it looks different. And the tapping and shuffling in the queue behind means you have to make a decision. Now. Tick. Tick. Tick.

Oh, and a good bit of time is often spent with customer saying “but I thought I’d already done all this…” Tick. Tick. Tick.

So. That’s what optimised for revenue looks like. Not customer comfort.

Let’s be honest, though. This is all fine. It is what it is: business.

The increase in revenue keeps the hire business afloat. Keeps it competitive in other ways. Allows for headline hire rates to be very low. Gets customers to the desk in the first place. And round it goes… Etc. etc. etc. Hardly the stuff of a management science PhD.

You just have to hack the bullshit process like this. For yourself. Every time.

Yawn.

My plea? Please just give me a signpost at the top of, well, any transaction really: “Give me convenience, or give me cheap.” At least let me decide what’s optimised.

Keep that separation right the way along the line: forms, queues, phone lines. Really. Because one day we’ll grow up about the psychology of customer service and wonder why we ever fell for games like this. Ever.

(I hope.)

——-

Postscript: Stefan C has pointed me in the direction of this neat little service, allowing you to buy your own excess reduction insurance. Nicely disruptive. More of these, please.

Picture this.

You’re walking down the street one day and a strange figure blocks your path. They’re clad head-to-foot in a black sheet. They’ve got some strange sort of voice scrambler strapped to their mouth beneath, and you hear this grating mechanical voice emerging.

It’s low, sinister, and very, very unnerving. You’re told that you’re worthless, stupid, wrong, and that all manner of terrible tortures will now befall you. There are slurs on your gender, your age, your politics, your sexuality.

At first, you’re shocked. Terrified and horrified.

Then you take stock. This creature…this shambling figure who dare not show their face nor reveal their true voice. This creature, who you now see is wearing a little badly-spelled badge so that their “distinctive” ranting can be identified wherever they choose to spew it out.

And you’re there, unmasked, identifiably, proudly, you. And you think of the feedback you get–good and bad–from those who do show their faces, and who use names which you can check out at least roughly in twenty seconds on Google or Facebook.

And you also think of those who are generally helpful and positive to you, but go under a pseudonym that can’t be easily checked back to an identifiable person.

And you put these in order of importance in your head. And you look again at the grating, shrouded, cowardly figure, and you laugh. They’re at the bottom. Actually, they and their opinions are completely worthless. The out-and-proud are at the top. And the pseudonymous somewhere in the middle.

You begin to laugh at the creature. Not viciously, not gloatingly. Just in mild amusement that anyone, ever could think that this creature mattered. Others join you. A warm buzz of gentle ridicule washes over the creature. It slopes away.

And you walk on.

Now. That’s a twee little tale if ever there was one. A piece of blogger whimsy, and not a little patronising with it. Of course it is. (I hope to God it doesn’t come over as a piece of “mansplaining” by the way. Because it’s not aimed at any group or individual in particular.)

It’s an observation not on “how we stop anonymity”–if you read my stuff on identity on this blog you’ll understand that I don’t believe that’s possible. Instead it’s a sketch of what type of framing it might take to assign anonymous, negative comments such a low value that everyone–from direct recipient to disinterested observer–just goes “oh, yeah, right, ok, anonymous blah, where’s the valuable stuff?”

Idealistic. Yes. I know. And I’ve skirted around a few obvious issues, above.

That the shock and pain of these comments can be so blithely overcome, if at all. And yes, I’ve had some myself, and not done a very good job of prioritising them as unimportant. (By any stretch of the imagination.)

I’ve ignored the physical reality of intimidation–of attacks moving from the space at the bottom of the blog to a text on your phone or a knock at your door. I’m making some big assumptions that the machinery of our society’s protection of the individual, plus a diminishing urge on the part of trolls to convert their keyboard bile into further threats in riskier channels, combine to mean that actually personal safety isn’t endangered that much. But it is sometimes. I know that.

But the key message of this illustration is to suggest that it isn’t just the personal reframing of a recipient of anonymous hate speech that takes us nearer to a solution–if that worked, we’ve have all done it a long time ago.

It’s that we might find the answer in the growth of a collective recognition–in our society and culture–that there is a pecking order of importance, with anonymous, negative right at the very bottom.

It’s obvious that there’s an asymmetry involved: for hate speech to be a problem the original author has to be identifiable to some degree, and the troll almost without exception anonymous. It would be wonderful if that asymmetry also became the foundation of a recognised hierarchy of weight-given-to-commentary. (No fancy technical mechanics here in the giving of points or +1s–I mean a completely, socially-pervasive, understood hierarchy).

And that would extend not just to an author’s reaction to their troll, but to it becoming completely normal for other commentators to perform the online equivalent of shrugging, smiling slightly, and stepping around the shambling, cloaked, figure. No quick fix, of course: but a cultural goal to aim for.

With thanks to Julia Hobsbawm who wrote about this tonight for making me think more about an issue that’s been bubbling away in my head for a while now. I saw other angles on the debate earlier today too, asking how technology might save us from the curse of the troll: a framing of the question, in my view, that will be very unlikely to lead to fruitful answers.

I guess my one-line summary is: the only viable solutions will come from a focus on how we all react, and not on how we police boundaries. Please let’s not get tangled up with more futile attempts at gatekeeping.

No technology contracts bigger than £100m.

Bye-bye proprietary software monopolies–hello Open alternatives.

An avalanche of government data to generate new business opportunities and pump billions into the economy.

Fast broadband for (almost) all.

Agility, everywhere–no more risk-averse, unchangeable systems–instead, a commitment to diversity and experimentation.

Reskilling in-house tech teams, reducing dependence on external suppliers with vested interests.

And after years of false dawns, services actually joined up around–and designed for–their users.

There’s not a lot not to like, really. Is there?

Just before the election we heard a torrent of such promises. Watching the gathered geeks and entrepreneurs around me at the launch of the Conservative Technology Manifesto last March I could see tongues virtually hanging out. We weren’t just being offered the keys to the sweetshop–Francis Maude and Jeremy Hunt were pretty much proposing ripping its doors off.

How much of these sweeties have actually been delivered post-election is a story for another day (ah, the shackles of that Coalition Agreement, I’m sure…).

But over recent weeks and months we’ve seen glimpses of another what’s-not-to-like initiative. And now it’s been launched.

Midata.

[Ok, try this link. I was making a dodgy CMS point with the first one, that Google (and BIS site search!) gave me...]

So here comes the grumpy blogger to get all picky with what on the face of it is a risk-free, consumer-enriching move willingly volunteered by industry, facilitated by government, to make real people’s lives easier at no cost. (Coz there’s loads of those.)

Well, not so much of the picky, really–just an interest in shining a light into some of the corners of this debate. Because corners and angles there most certainly are.

The first thing to get to grips with is that there seem to be two big agendas wrapped up together here.

Both can be connected to the words “me” and “data”. But they seem to be quite different in their nature and purpose. That’s always a recipe for confusion if not properly unpacked. So let’s see what we have.

Agenda 1: better information for consumers

We have a consumer empowerment angle here, clearly. “Giving people back their data” is billed as putting the customer back in control when forming or reviewing a relationship with a vendor. For some services, especially things like utilities and telecomms, the case is very tangibly made.

We generate a lot of data in consuming the service. Understanding our consumption patterns in detail would help us when making future choices about service provider, as we’d be able to match the terms that were on offer with what we actually needed.

So far so good.

This also extends to things like preference data: as we go about buying things (and even just looking at them) we generate a cloud of information about our preferences, choices, needs and their timing. This has a value–how much, nobody really knows, though there are some florid estimates–to marketeers, and could drive better deals and more targeted, less intrusive advertising.

Agenda 2: proving your identity online

The moment we started to move transactions away from being with someone you knew personally in your village, we increased the complexity of how you prove things: who you are, can you pay, entitlement-by-residence and so on. Online, it’s pretty horrible, and attempts at building something that’s simultaneously secure and usable by normal people have foundered.

(There is more elsewhere on this blog about these issues–otherwise this post would be very long.)

Suffice to say that the current approach (which actually looks pretty promising) is that of “federated identity assurance”. Not trying to create one massive database of people information against which things can be checked, but to use information sourced from a number of existing trusted relationships, in combination, to give sufficient assurance of identity.

Which means that both these agendas are the same, doesn’t it? They both involve consumers getting their hands on personal data that’s previously been locked up in companies.

Well, actually, I don’t think it does.

Why not?

A definition of “personal data” is harder to pin down than might seem initially apparent [more here]. Lots of things that don’t look that personal by themselves (points on a map, equipment serial numbers etc.) take on a whole new power when linked to an individual.

There’s the obvious “personal facts” stuff, of course: name, address, account number etc. which usually (but not always) identify an individual.

Then there’s operational data, made much of by midata: what we’ve used, what we’re interested in, what service choices we made etc.

Releasing structured chunks of this latter type could well meet Agenda 1′s objectives. And there are design choices to be made here which will have a big impact on risk and privacy.

Would it be sufficient to get a log of mobile calls by time band and number type, for example, rather than a detailed list of numbers actually called, and precisely when they were made? The former could well be enough to allow a better contract to be found: the latter would be a potential privacy nightmare, not just for the caller, but also whom they called, if it were mislaid.

My point being that meeting a consumer empowerment agenda requires the “giving back” of information with certain characteristics–i.e. tailored to fit the way that consumer services are packaged.

But the giving back of information to help confirm an identity relationship–Agenda 2–seems to me to be a very different beast.

Because I thought the whole concept of using a number of different identity providers was that you asked them to pass confirmations of trust around–not the actual personal data itself? So one might ask a bank to confirm electronically that some submitted data matched a record that they held, but that’s not the same as handing the requestor (or indeed the individual) chunks of personal data.

So I fear that in an attempt “not to go into too much detail” we’ve got a conflation of two separate, interesting, important issues under the midata flag.

One can always argue that “it’s the principle that counts–we should establish that first, then let the clever people get on with the solutions”. Well, yes. Ok.

We did that with electronic patient records, with Post Office smartcards, with national identity cards and registers… At some point we do need a public airing of the underlying principles in a greater level of detail than the initial press release. And before a major delivery programme has been commissioned, I’d suggest.

Other than this “issue overlap” there are a few other points that strike me about midata. There is this underlying sentiment that consumers have a right to “their data”. But what is it that actually makes a particular piece of data “theirs”?

Information about usage is a hybrid of personal facts (e.g. who is the account holder?) and operational information as a consequence of service use. How far does it extend? Basic consumption patterns? Probably yes. Detailed, time-stamped records of every purchase and all parties involved? Hmm. Maybe. Serial numbers and last maintenance dates of the precise routers and masts that were used to deliver a phone call? Well, now you’re being silly, Paul.

Yes, I am, of course. But I’m trying to illustrate that the translation of this “right to data” into reality involves more than just signing a memorandum of understanding. Update: there’s a more detailed post about “Whose data is it anyway?” here now.

And then there’s the cost angle. Even if we assume that the addition of a simple bit of code will suddenly enable service providers to spit out raw chunks of data onto the Internet (aka the “it can’t be that hard to get their systems to…” fallacy argument) the midata announcement is already talking about a greater degree of sophistication: particularly the bit about “access, retrieve and store their data securely”. Who’s going to pay for that?

And do we have robust evidence that there is interest and demand for this type of data release, other than from the vociferous lobbyists with their eyes on constructing a wealth of new “personal data store” opportunities?

It’s great to see entrepreneurial spirit flourishing, but how much is this about solving real consumer problems, and how much about playing yet more variations on the “consumer as product” theme–you tell us about your interests, and we’ll give you better deals (but only as a share of what we’re really making by selling that information to other vendors).

The argument that better information increases customer choice, and therefore power, is of course another “what’s-not-to-like”. But if you take a step back, and look at the implied problem that “people don’t know which is the best deal as they’re all so complicated and people don’t really know what they use anyway…”

…would you put your energy into releasing chunks of data to help make a better match with a complicated tariff, or would you have another look at the issue of tariffs in general, and simplify them? Yes, both represent some form of intervention, and I can see the political attractiveness of the former, as (especially under a voluntary scheme like midata) it plays down the regulatory role in favour of cheerful vendors all quite happy to be a lot more transparent with their/your operational information. But one wonders just how sustainable this level of voluntary cooperation would actually be in the longer term in highly competitive markets…

That’s a bit like imagining a set of doors with fantastically complicated locks, and giving people the right to have equally complicated keys cut–rather than pushing for simpler locks in the first place.

So, a lot of questions remain. Conceptually, midata isn’t something that could or should be objected to. And this post is not written to criticise, but to suggest a few areas that need more detail and analysis.

When we see press releases that let fly with cool talk of data, empowerment and choice we should be getting a lot more eager to ask the next level of questions. What does this really mean? How will it work in practice? And what might some of the broader economic, competitive, social and privacy implications be?

Until we do, we’ll be dazzled by press releases and then a bit disappointed when delivery swings into action. And it’s usually too late by then to do much about it.

For a long time, I’ve shied away from writing here about personal data. Or even thinking that deeply about it. The nature of identity, yes. The usefulnesss of data, yes. Personal data, no. Why?

Not because it isn’t fascinating, or important. Mainly because it’s so…damn…nebulous. And difficult. Time to get over that, I think. Very significant things are happening in this area, and we all need to raise our game in how we understand and engage with the concepts involved.

As I’ve surmised before, the only things that are really different in the Internet age are the ease with which information can be found, and the ease with which it can be stored.

Two things, really. That’s all.

The first embraces everything around indexing, cross-referencing, labelling, structure and searching. The latter takes us into the territory of copying (and of course copyright), archiving, and the general issue of persistence.

And when we look at personal data in that context, there is an immediacy–and potential toxicity–in what emerges.

We saw early rumblings of this long before the Internet, of course, when computers were first used for the mass processing of information about people. Things could be done with databases that simply weren’t possible with big paper ledgers.

We created Data Protection legislation which attempted to put reins on the ability to make free use of some types of information. Gathering stuff about people, from the basic facts of who and where, to how to contact them, who they were connected to, and what their tastes and preferences were. Pure gold, used in the right (or wrong) ways.

Data Protection set out some pretty sound, but general, principles. The overarching one being that the purpose to which data could be put should always be made clear to whoever provides it, at the time of providing. Lots of other stuff about processing, storage, where and how long, and so forth–but that issue of consent always seemed the most important, to me.

And we scratched about a bit to actually try and define what we meant by “personal data”. Some things were easy. Names. Addresses and phone numbers. They’re just obvious.

But what about our tastes? Our buying history? The movements of our mobile phone from cell to cell? A journey we took? As one takes informational side-steps away from the individual, the obviousness diminishes, but if you can make meaningful connections back to the person…

…and remember the first thing that the Internet really changes?

Being able to make those tenuous links between blocks of information into something really substantive.

And the second thing? That information and those links are now permanent. You can’t delete them, once they’re there.

All those things that databases couldn’t previously do, because they all conformed to different standards, and weren’t connected together? They can now. Things can be done via the Internet that simply weren’t possible with just the databases.

Bit by bit, it’s been possible to build up the most humongous repositories about people. Maybe entirely within the law, maybe in other ways as well. Maybe with explicit and informed consent all the way down the line. And maybe not.

Who’s to know? We find strange things going on with data that we provide in order to use one or other service–or even to exercise our democratic rights. Didn’t it ever strike you as slightly weird that the electoral roll could be sold on for commercial purposes? (Much more on the electoral roll in another post coming soon.Update: now here)

We have big companies that have built successful businesses just like this: perhaps using aggregated personal information for credit referencing, perhaps to sell to marketeers to give them a better understanding of demographics.

The genie is very much out of the bottle. Your rights to see the information that a particular company holds on you may exist, but you have to have a fair idea of which company to ask in the first place. Can you ever see the full picture of what others know about you?

Of course not.

And it’s unreasonable to suggest that we’ll ever be able to do that. Instances of data multiply more rapidly than does our capability to track them. (There must be a Law of Internet Entropy out there that says something like that. If not, I just invented one.)

(As an aside, a dear friend once uttered the memorable line “somewhere out there, there’s a database with your dick size on it”. That was in 1989.)

So what can we do?

Realistically, all that’s available to us are firebreaks and friction.

We can’t get that genie back in the bottle, but we can slow it down a bit, and find ways to mitigate the impacts.

Do we need an updated definition of personal data? It’s MUCH harder than it seems at first glance to create one. The best I can find at the moment in terms of an “official” position is here.

And it’s clumsier than you think. Essentially, it’s a list of ever-widening filters that assess whether a particular piece of information can be connected to a specific individual. Culminating in the rather wonderful catch-all of the final category:

8. Does the data impact or have the potential to impact on an individual, whether in a personal, family, business or professional capacity?

Yes The data is ‘personal data’ for the purposes of the DPA.
No The data is unlikely to be ‘personal data’.

Even though the data is not usually processed by the data controller to provide information about an individual, if there is a reasonable chance that the data will be processed for that purpose, the data will be personal data.

That’s pretty general, no? In fact, going by that, an awful lot of things are now personal data. I really like the emphasis it puts on the outcome of the data use, not attempting to over-define things like form and structure.

I’d go as far to say we should probably throw away that big long document, and just run with this definition:

Personal data is information that affects you when it’s used. Either directly, or through being linked to other information using technologies that exist now, or may exist in the future.

Broad enough? ;)

(So my beloved photos: they’re personal data. I take them with a camera that has a unique number, held in metadata in the picture file. That provides a way to link all the pictures it takes together, and then, through the various accounts I put them in online, back to me. Think how many other trails you leave…)

But again, all we really have are firebreaks, and friction. There’s a sort of reverse entropy at work. Unlike almost every other instance of entropy–where things get more chaotic over time (china plates get broken, they never put themselves back together again)–personal information is, relentlessly, only going to get more linked. More aggregated. More pervasive. More permanent.

(So, maybe I just invented The Law of Reverse Internet Entropy as well? Not bad going for one post…)

And if someone tells you that big blocks of personal data can be “de-anonymised”, be very sceptical indeed. (You can read some wise thoughts on the issues involved here and elsewhere on that blog.)

We can undertake some pretty noble fire-breaking: like ensuring the state doesn’t become the source of a global universal identifier for you. And we will certainly see more developments around multiple personas: compartments of your life associated with particular tasks, contexts, or connections. I think we’ll have to. (The concept of federated identity helps here, but that’s too much to go into for this post. Read more thoughts from the team working up these concepts for government.)

And we’ll adjust. Society has seen some pretty dramatic upheavals. Often associated with a new technology, or philosophy. If we adjust our societal norms faster than the upheaval, we don’t notice. If we’re slower to change, it’s painful. For a bit.

But we get through. We adapt. And we change. Always.

I know many people have managed to get up and running with Google+ fairly easily. The usual snags have been reported, of course, as users get used to the idiosyncrasies of the network, and as new etiquette and conventions emerge.

Today, it’s become clear that there are some deeper issues emerging, as Google enforces a “real names only” policy. Erm, good luck with that, in a hard identity sense, guys. Unless you’re going to try and peg people back to a state-issued identifier… (no, I’m not even going to go down that road of horror).

There’ve also been a few nasties creeping out of the woodwork as users realise some of the drawbacks of putting it all in the cloud. One wrong step with your service provider, and you’ll be writing a rant like this as thousands of hours of curation, not to mention thousands of irreplaceable and irretrievable content files, are briskly wiped out.

But for me, Google’s latest foray into social networking has pretty much been a non-experience. Although I was invited fairly early on, and signed up successfully for a few days, it all went belly-up pretty soon afterwards.

Why? Because of the cack-handed way in which Google identities work, that’s why. Here’s the detail.

Like most people, at some point I signed up for a Gmail account. I didn’t get a very nice address, as I wasn’t in there early enough, but it is a version of my name.

What I do have, and use instead, is a funky email address that I set up 10 years ago, and a couple of years ago moved over to Google Apps. (Bear with me.)

That email address is pretty much the way in which I’m identified for all services I use that are based on email address. In many ways it is my self-asserted identity on the Internet.

So it won’t surprise you to learn that when I came to create a Google profile, based on an email address, I used my “home” email identity.

So far so good, and for a couple of years everything worked smoothly. Google Apps did the things Google Apps did (email, calendar, contacts). And for the other Google services I used (Analytics, and probably not much more than that), I logged in with my Google profile. All was well. I had a slightly uncomfortable feeling that there may be trouble down the line though, with two identically-named identities that were logically separate.

And I was right.

A few days after I joined Google+ I got a friendly-but-firm email from Google. “We’re consolidating your accounts,” they told me. This dual use of the same email address can’t go on. Not optional. Indeed.

As I’d been invited to Google+ using the “profile version” of my email address, I feared the worst. And I was right. That was the account which was going to be stripped of my preferred email address. To be replaced by a “temporary address”–something horrible with a percentage sign in the middle of it. Great. The G+ connections dried up–nobody knows me as “the percentage sign email guy”–they know me as my ordinary, erm, email address. Bugger.

It got worse. To be able to get into G+ at all I didn’t just have to log in to Google using the temporary profile, I also had to log OUT of Apps (explicitly, even if I were already logged out of “normal” Google)–otherwise Google thought I was attempting to access G+ using a “business identity”. The horror!

The solution–according to Google–was to assign my Google profile an entirely new email address. Right. A new identity, for what could emerge as a pretty important service, should Google actually get their act together. An identity, and email address, that I didn’t need or use anywhere else. Not. Ideal.

So we have an impasse. I am hanging on, the temporary account unused and unloved, in the hope that Apps users will at some point be able to use their Apps email as a G+ identity. (It’s a rather faint hope, given the strategic direction that Google seem to be taking with identity.)

Why would I waste time now building up a social network where I, quite literally, don’t know who I am?

But it explains why I’m not part of this party, remain unconvinced of Google’s ability to handle the basics of social interaction, and am pursuing a wholesale review of my domains, addresses and identities for what now seems an inevitable clean break, sooner or later, with Google. Nice work, chaps.

Update, 25 July: a few morning-after-posting thoughts

Is there any real significance in all this? Surely this is just the moaning of yet another free-service user who didn’t read the Ts&Cs? Nothing paid, nothing to complain about.

Well, this is significant, because:

• Identity, and cross-platform identity, are hugely important in an ever-more-connected world. Mess with those and you mess with the core of user experience: user existence.
• Like it or not, it’s hard to see how a relationship with Google won’t form some part or other of everyone’s Internet activity at least over the next few years. This makes a Google profile (whatever neglect Google may have shown for it to date) disproportionately important.
• The attempt to enforce “realness” is weak. Google’s requests for reference to “government-issued ID” (redacted or not)–whether to “prove” age or identity–is a troubling step. It puts a little friction in the path of being anonymous, sure, but if you want to, you can be.

And these characteristics (inflexibility, heavy-handedness, dependence) are all indicators of things that we’ll need to worry much more about in the future.

PS

Google account administration functions really are up the spout. Here’s a good piece by Dan Harrison on Google administration in general, and another on Google Apps deficiencies in particular. I’ve said it before: if a profit-focused, cash-rich organisation like Google finds identity so difficult, do we really hold out much hope for government?

PPS

Google Wave also revealed some of these flaws. I actually thought, briefly at the time, that the whole Wave concept was actually a Trojan Horse to get people to sign up for a Google profile (or to take one more seriously if they already had). And what did they force me to have as my Wave ID, despite me already having a friendly Apps address, and a slightly less friendly Gmail address? Something like paulclarke0001@gmail.com (I actually forget how many zeroes.) Face hits palm.