Open Arms: a data portability approach

Caveat Lector: this is a rough draft of my thinking on what a Portability EULA/ToS should say/do/include. Please comment. In the EULA/ToS task force, we are exploring ways of explaining portability with simple analogies. - Phil

We’ve discussed Graceful Exit, the ability for people to control their departure from a site or service.

Open Arms starts at the beginning of your relationship with a service. Let’s summarize it, break it apart, and explain why this is a powerful way to do business.

Open Arms is a combination of policy and technology.

The policy says:

When you come to our site,
bring all of yourself.
We’ll help you put it to use
in our context.
We’ll make it easy to come.
We’ll keep it safe.
We’ll respect ownership as you see it.

What you add while you are here
will join your collection
and be portable in turn.

The elements.

All of yourself.

Bring your identity, your contacts, your history with your contacts, your photos and videos, your playlists, everything digital.

We’ll ignore what we cannot use.

Put it to use in our context.

Every site has a context.

• Things it does
• Purposes people share
• Community standards of behavior.

For example:

• Monster brings work and workers together.
• Flickr helps people manage what comes out of their cameras.
• YouTube is a community of video.
• QuickBooks helps you manage your business.
• Chemistry helps you find true love.
• Amazon and eBay bring buyers and sellers together.

We need your data. These sites could help you do more and do it smarter with more and fresher and truer information from you. Monster could create team job search features if it knew your social graph. Chemistry could be more accurate if it had your music and video playlists.

Our sites are verbs. We do things. The more data you bring, the richer the data, the fresher and more standardized the data, the more we can do, the more creative we can be.

Most people don’t try new sites because it’s hard to recreate data. Especially for every site you visit.

Easy.

So for Open Arms to work,  bringing your onlife to each site you join must be fast, simple, easy, and obvious. And correct.

Safe.

We will protect everything you share. We will protect it from damage, theft, natural disaster, financial ruin, legal physical threats, from legal threats, from Martian invasion. As best we can. And we’ll explain the threats we perceive and how we’re protecting you and your onlife from them.

Ownership as you see it.

“Ownership” is a tricky word: it means one thing to lawyers, something else to most people. Our online and mobile social experiences are a little ahead of the law. So all we can do is try to the right thing for you and for all of our guests.

We’ll respect that your stuff is only “mostly” yours and that you may not have permission to share them with strangers. You may not have permission from the subject of a photo, or their parents. You may have clipped a blog post to share under fair use, but not for general distribution. You may have a confidential email that could endanger lives if leaked.

We will assume everything you bring is private to you and that you will tell us what can be shared, with whom, and under what conditions.

We’ll make it easy for you to re-use your choices, so you don’t have to explain yourself everywhere you go.

Portable in turn

Reciprocity works. So we’re going to share with other sites the part of your onlife you spend with us, as you see fit. So you never feel we’re holding your data hostage.

What’s next?

So, we’ve “Open Arms” at the start of our relationship and “Graceful Exit” at the end. Next up “Ever Fresh” in between.

“Open Arms” written by Steve Perry and Jonathan Cain, Journey (1982)

Lying beside you, here in the dark
Feeling your heart beat with mind
Softly you whisper, you’re so sincere
How could our live be so blind
We sailed on together
We drifted apart
And here you are by my side

So now I come to you, with open arms
Nothing to hide, believe what I say
So here I am with open arms
Hoping you’ll see what your love means to me
Open arms

Living without you, living alone
This empty house seems so cold
Wanting to hold you, wanting you near
How much I wanted you home

But now that you’ve come back
Turned night into day
I need you to stay.

(chorus)

Facebook and Lumpy policy decisions

Rethinking your TOS/EULA is a pain in the neck. Nobody wants to divert attention, money or energy thinking about it. It seems like a serious distraction from making money and serving customers.

Looking at the 2009 Facebook policy hubbub, it’s a big deal. It sucks up attorney fees, management, press, even engineering into a big, risky, bothersome pile of unhappiness.

So a reasonable company wouldn’t volunteer for exercises like that. Maybe, at most, an annual review. It might look like this.

Lumpy.

Huge piles of politics.

What if you smoothed it out?

Would that reduce the icky parts of policy review and enhance the charming parts?

Because policy review has its charming parts.

• It lets you re-engage your customers on what matters to them.
• It helps you restate what you need from customers their language.
• It helps turn your policy from a just-click-through-it to a loyalty building selling opportunity. Maybe even a competitive advantage.

And a smoother, more continuous approach has its tasty bits too.

• Fewer surprises.
• More continuity, less forgetting of why.
• Less distraction, cost, effort.
• Smaller changes, more easily absorbed.

Smoothing might have parts like:

• An internal TOS/EULA lmailing list that any employee can join.
• Annual policy summit. A little bit of briefing. A few workshops. A lot of Open Space unconference.
• A public TOS/EULA listserve/bbs for policy advocates, concerned citizens and partners.
• Ongoing communications (blog posts? videos?) about the state of your policy thinking, inviting participation in that thinking.

Should DataPortability.org help companies engage in that conversation? To move from lumpy to smooth. To avoid the icky bits. To enjoy the tasty and charming parts of policy definition. We already are – join us!

Is Facebook’s Move to “Openness” Setting a de facto Standard?

Yesterday, Facebook took a further step in opening its network by introducing enhancements and new features to its developer APIs. Facebook’s new APIs make it easier for applications to update user statuses, links, and upload videos from outside of Facebook. This effort will likely generate a flurry of activity in the developer community as new applications are created and existing ones enhanced to take advantage of these new capabilities.

[Add to this the earlier announcement of Facebook’s support of OpenID and things are definitely starting to get interesting]

But beyond the power and convenience of integration and data portability from external sources, the real story lies just below the surface.  Facebook is striving to become the ultimate repository for all of your social-media information and this is another step along that path. Their platform is becoming a global data-store and their APIs are empowering developers and users with standardized methods of interaction.

On the one hand there is very little about this that is open.  Facebook controls the data, its access, and its availability. Facebook defines the integration, they determine the protocols, and the APIs, and even who can and cannot use any of this. This “openness” is all under the oversight, control, direction, and whim of the giant.

Yet, when you think about it, Facebook has made huge strides in extending its world beyond the looming walls of their garden. And, while I don’t think this was their original intent, they have nevertheless listened to their user base and observed the opportunity the market presents. 

Some may call it baby steps, others an attempt at world domination. But the winner today is the user (and yes, it’s pretty good for Facebook too!); and the benefits continue to evolve. Along the way, these initiatives will provide new and innovative methods for interaction with users and data that may lead to de facto standards for data portability. Will that actually happen?  That depends on Facebook’s “real” position on openness, the user’s tolerance and acceptance of that position, and the response from the other great giant seeking dominance in the global data-store market – Google.

– Steve Repetti
steve@radwebtech.com
www.radwebtech.com
Data Portability board member

Graceful Exit: Yahoo!’s flickr evicts Shéhérazade

Flickr deleted a popular photographer’s collection. Thomas Hawk reports this eviction from start to finish. Arbitrary justifications, no notice, no appeal, no ability to restore the photos, deletion of third-party intellectual property (thousands of comments). It seems the justification was without merit.

Does your city give landlords this much power?

Should you have the power to fight eviction?

Graceful Exit: facebook evicts Nakedjen

Excerpt from a tragic exit, a story of online eviction from Facebook, without notice, merit, or recourse: 

All was definitely not well.

Facebook obliterated Nakedjen.

Obliterated.  Deleted.  Made me disappear. 

And they did it without any warning or even a simple email telling me that I had done something wrong.

My email to them asking what I might have done to cause such a brutal outcome was just met with an automatic reply telling me that I must be in violation of the TOS and to read it carefully.

Which I did.  Every single word.  Carefully.  There is absolutely no term or stipulation that I even came close to violating other than that my name is Nakedjen.  However, as I mentioned, that is MY name.  And it has been my name on Facebook since day one.  The email that I used for the service is even nakedjen@nakedjen.com  Could I be more clear or obvious?  I don’t think so.

What I also learned, while reading each and every word carefully, is that my account on Facebook is at will and can be terminated by Facebook at any time for any reason they deem “reasonable.”  Basically, our accounts are being hosted for free on their servers.  So this actually does make sense.  If someone in their offices wakes up today and decides that the word Naked is pornographic or even just decides that my photo of Buddha wearing a ski cap is offensive, that person can just hit the delete button and bye bye Nakedjen.

In addition, all content that is published by me (or anyone else) including photos, blog posts, and videos becomes the property of Facebook.  You may own it, but so do they because they are now hosting it on their servers and they have claimed rights to it in their TOS.

Nakedjen’s full post challenges definitions of data “ownership”. She concludes:

This is a lesson in our digital rights and freedoms.  I know it may seem like a trivial thing.  A Facebook profile being deleted because I call myself Nakedjen.  However, if they can obliterate me (and my entire group of friends and family and all my files) just because I have Naked in my name, how long before they obliterate you because your name vaguely sounds Islamic?  Or Muslim?  Or even just American?

Think about it. 

Graceful Exit: The Power to Fight Eviction

Online Eviction

Jason Scott’s Protection From Online Eviction? and his follow up post make the argument that services like AOL, MySpace, flickr, or Skype should be treated like landlords.

The power landlords have over tenants is overwhelming, unless restricted by law. The argument: if they want to shut down a service, essentially evicting users, they should be required to give notice and keep things running for a year.

This would allow people to safely migrate their digital objects like photos and videos and blog posts, renew relationships with people in their contacts and agree on where to move, file change of address notices for their businesses, and otherwise minimize the logistical, economic, political, emotional, and familial havoc forcible ejection can create.

Death and Taxes

Should Terms of Service (TOS) defend a user from data loss? from identity nullification? from contact list deletion? from history erasure?

The closure of the Skypecasts service is the example from Skype history that comes to mind. Skype could have given more notice, preserved the site for archival purposes, turned off commenting and new sessions, allowed people to extract contact lists.

Might Skype have designed Skypecasts services with “graceful exit” in mind?

Everything dies. Plants, animals, families, civilizations. Even businesses and web sites.

It’s wise to acknowledge mortality and plan for service end-of-life. And it’s prudent to build societal safeguards outside of company-issued boilerplate.

From a company’s view, it’s like setting aside resources for taxes you know you must pay later. Or contingency funds in a project budget.

Maybe this is green service design. Designing web products for recycling and reuse.

It was time for Skypecasts 1.0 to die. What was the right way for Skype to retire the service? How could they have preserved user equity in data and the social capital created through use of the Skypecasts services?

What is the moral thing to do?

The question is broader than the one product.

It goes to the tension between consumer rights, enterprise service rights, and the health of our society. For example, if a province decides to demolish your building, you have many rights under law to contest that decision. In the US, many cities have laws about protecting historic landmark buildings.

In my case, as a user of Google mail, I have no power over Google. If they decide to cancel my account, delete my email or spam all my contacts, that’s within their power. They don’t need to give notice, or offer me a chance to back everything up. Nobody outside Google will hear my appeal or listen to my concerns.

Societies, civilization and economies have an interest in protecting and preserving the intellectual work of individuals. Even family photos, business blogs, and the most idiotic of forums have value. Value to their creators, value as history, value even as part of the creative commons.

Action.

So what can be done to redress this imbalance of power? I’ll suggest six things, by no means a complete or even feasible list.

First, intervene. ArchiveTeam.org is a rapid response team. They will respond to a pending shutdown by backing up as much as they can. They are a volunteer team but just starting. I can easily imagine this being a not-for-profit or a government agency.

Second, prevent. Promote exit strategies in project and product design. This is an education program for product managers. Knowledge about the issues, checklists for planning and conducting a graceful exit, forums for getting help, directories of certified Graceful Exit professionals.

Third, commit. Write model language for EULAs and TOSs. After a company implements preventive measures, give them the language for making promises legally. Plain language, lawyer approved. Even a badge to show at registration to give that safe, comfortable feeling.

Fourth, insure. Create a mutual insurance fund. Put money into a pool to pay for recovery and distribution of digital assets if you should shut down a service. Coverage is proportional to the number of clients and the size of their assets. Risk factors include the health and activity of your business, how well you’ve engineered preventive measures (discounts for readiness). Money may be paid to outfits like ArchiveTeam.org. Insurance spreads risk, but proper tweaking of rates can incent better behavior; fire insurance led to fire codes (prevention) and fire departments (remediation).

Fifth, advocate. The cause needs a forceful voice for consumers. When companies, large or small, threaten to willfully destroy their customer’s digital works, they should be educated, persuaded, and publically shamed as needed. I’m thinking some cross between Electronic Frontier Foundation and Consumers Union.

Sixth, enforce. Teeth, if you will. I want laws that enshrine cherished principles and adapt to changing times and fluid technologies. Injunctive relief is a powerful incentive to do the right thing. Class actions in the public interest might convince the reluctant to do the right thing.

P.S. Dave Winer was the first person to bring this to my attention as an issue, eight or nine years’ ago. His response was to create a specification to hold your structured data from his manila blogging services and features that let you backup your blog in one step.  Thanks, Dave.

P.P.S. While I’m on DPP.org’s steering group, these are my words and may, or may not, be the official view of The DataPortability Project.

Forget Open Standards

Forget Open Standards…

Well, sort of. To date, the DataPortability project has often referred to its vision as “Open Standards based Data Portability”.

The problem, though, is that people don’t get why Open Standards are so important. Some even think that we’re advocating open standards for the sake of open standards. In truth, Open Standards are just a means to an end. It’s time the community started to focus on the end, rather than the means.

The end is not “Open Standards based Data Portability”. Rather it’s what I’m starting to call ‘Peered Data Portability’.

Peered Data Portability differs dramatically from what we have today from Facebook Connect. Here are some diagrams to explain:

FB Connect Version of data portability - Hub n Spoke

The Future of Data Portability - Peered Nodes

Does the peered model look familiar? It should

The Internet is already a Peered environment

In the Hub and Spoke model, a single node controls the transaction and facilitates data sync between participating 3rd parties. This is efficient and always the quickest and most commercially viable way to get the job done (at least for the central node).

The problem, however, is that it has a central point of control, failure and commercialization. A monopoly, or market confusion, is inevitable. At the very least this model leads to reduced innovation along the connections.

Can you imagine if there was only one Web server? One FTP server? One Email server? Companies like Google would have certainly never been allowed to exist. They might have been sued by the Acme Web Server company early in their life much like Power.com is being sued by Facebook today.

The peered approach, is much more analogues to the web itself. It lets a thousand flowers bloom as equal participants in an open ecosystem. It allows and incentivises innovation at all the nodes. It also means that the solution is not a commercial product, but rather part of the fabric of the web itself, much like HTTP is.

Sure, Open Standards may facilitate interoperable peering, but that’s just a technicality along a much bigger journey. So while Open Standards are important, they are certainly not the point. Standards come and go (and some stick). The peered, web-like nature of the Internet will outlive us all.

It’s time to move the conversation up the intellectual stack.

I look forward to the continued emergence of Peered Data Portability.

Note: This is a follow up to my ‘Forget Facebook’ post last year. I don’t mean to pick on Facebook, but their first mover status provides a clear counter-point.

The “why” of Open Standards

There’s a great book that you need to read if this whole data portability world perplexes you, called Wikinomics: How Mass Collaboration Changes Everything by Don Tapscott and Anthony D. Williams. Suffice to say, it’s one of those Must Read books, but what I want to share is a story the boys wrote that clearly illustrates one of its central theses.

Hurricane Katrina ripped into the coastlines of Louisiana, Mississippi, and Alabama on Monday, August 29 2005 causing more human misery and economic damage than any storm on record…

…Yet, out of the chaos, and in the face of official ineptitude, came a powerful story of how an ad hoc team of volunteers from across the country came together to concoct an information management solution that far surpassed anything the local, state, and federal response teams had mustered. At the heart of the volunteer effort was a central repository of survivor information called Katrinalist. This impromptu Web site compiled survivor data from all over the web into a searchable format that made it easy to identify and locate friends and family members…

The story goes onto say all this valuable data to capture relevant information for each person (name, location, age) was collated into a central database and that the team behind this PeopleFinder project even created an open data spec called the PeopleFinder Interchange Format. The big challenge however, was being able to scrape information from a bulletin board which typically read “My father Joe was working in New Orleans and hadn’t evacuated. He was living in Jefferson Parish. We don’t know if he’s okay. Please call me or Mom in Houston. Lisa Brown, Houston, TX.”

What occurred was volunteer efforts to manually enter data into the database, of which thousands of people later did. But there could have been a dramatic difference if there was an agreed upon standard for collecting and sharing data. Imagine if Facebook decided to participate, to allow certain details to be linked to a central identity, which could then be linked to all the data collected by the relief agencies like the Red Cross. We would have interoperability of data, minimizing effort and creating time for potentially time critical information.

Having organisations storing their data in a certain format to export and access, is not killing their competitive advantage (I would argue it helps it). And if people understood the value of Open Standards, which heaven-forbid another disaster of this scale occurs, the power of the Internet can be unleashed to potentially save some lives.

Extended Landscape Diagram

Following on from the previous post, here is an extended diagram that shows a number of new elements.

data portability landscape - extended diagram

The new elements on this extended diagram are:

1. 3 unfilled boxes. Standardized EULA, Standardized User Experience, Standardized Business Logic. These are the 3 open opportunities/challenges for the community moving forward. Without these, standardized data portability will have a very hard time competing with Facebook Connect.
2. MySpace DataAvailability. This is a faded out blue color. While it attempts to use open standards, it is not yet completely in line with the industry best practices. It sits along the same level as the tools because it is an attempt to provide data portability without 3rd party assistance. Everything at this level could benefit from a standardization of the 3 unfilled boxes mentioned above (and shown above in the diagram).

For a full description of the rest of the diagram please see the previous post.

The data portability Landscape – An update

Given the recent intense activity around data portability (Announcements from Facebook, Google, Twitter, Yahoo etc) and the impending end of the year, I thought it opportune to summarize the data portability landscape from my personal perspective and the perspective of the DataPortability Project.

The data portability Landscape Diagram

2008 was called “The year of Data Portability”. In many ways, that prediction was very true.

Above is a diagram of the data portability ecosystem in so far as it relates to Google Friend Connect, Facebook Connect, the DataPortability Project and the Open Stack.

1. data portability (the general idea)

The idea of data portability, in general, has emerged to mean the ability to reuse data between services in some shape or form. It may be a one off implementation between two services, a proprietary universal login play or an open standards attempt at interoperability.

2. Participating Sites

Sites that participate in providing and/or receiving data. They do this with the authority and permission of their end users.

3. DataPortability (Specific Idea)

The specific notion of DataPortability as defined by the DataPortability project is as follows:

Vision
Data portability enables a borderless experience, where people can move easily between network services, reusing data they provide while controlling their privacy and respecting the privacy of others.

For the user
With data portability, you can bring your identity, friends, conversations, files and histories with you, without having to manually add them to each new service. Each of the services you use can draw on this information relevant to the context. As your experiences accumulate and you add or change data, this information will update on other sites and services if you permit it, without having to revisit others to re-enter it.

For the Service Provider
With cross-system data access, interoperability, and portability, people can bring their identities, friends, conversations, files, and histories with them to your service, cutting down on the need for form-filling which can drive people away. With minimal effort on the part of new customers, you can tailor services to suit them. When your customers browse networked services and accumulate experiences, this information can update on your service, if people permit it. Your relationship remains up-to-date and you can adapt your services in response, even when they don’t visit. With mutual control and mutual benefit, your relationships remain relevant, encouraging continued usage.

Data portability is a new approach, where it is easier to use and deliver services. This frictionless movement through the network of services fosters stronger relationships between people and services providers and helps build a healthy networked ecosystem.

Mission
To help people to use and protect the data they create on networked services, and to advocate for compliance with the values of DataPortability.

The most important notion in that entire section is ‘Interoperability’. I’ve highlighted it in red and made it bold. Interoperability means that irrespective of who is providing or receiving the data, it should be provided in such a way that is agreed upon by the community so that the implementation is consistent irrespective of parties participating in the transaction.

Sound unrealistic? The Web is already such a system. Any web browser can request a HTML document using HTTP. It does this over TCP/IP. It sometimes uses SSL.

FTP, IRC, Email, Newsgroups, WiFi – all follow a similar pattern. These protocols are owned are not owned by companies. If they were we would have a very different Internet today. Vendors, however, innovate on top of these technologies to create Browsers, FTP clients, IRC Clients, Email Clients, Laptops and so much more.

4. DataPortability Project

The DataPortability project is the project that turned the nascent standards conversation into a full fledged riot in January of 2008.

The project is responsible for defining ‘DataPortability’, advocating its adoption by developers, explaining its value to business executives, promoting its usage to end-users and providing context and commentary on  industry news as it unfolds.

The project does not create technology or software products. It evaluates the technology and products of others provides advice to the community about its compliance (or non compliance) to the core goal of interoperable data interchange.

In essence, The DataPortability Project is the ‘Spread FIrefox’ of the standards community.

5. Tools (Google Friend Connect, JanRain RPX, Others)

Perhaps where the most innovation potential exists is in the tools layer.

Current tools have made good faith efforts to provide DataPortability complaint services to site owners. Because the specific implementation guidelines are still emerging, there is still some way to go to ensure that all the tools provide a consistent programming interface.

Current tools also act to bridge the gap by turning non-compliant systems (e.g. Systems that don’t use Open Stack) into more standards compliant end-points.

It is hoped that all services begin to implement their own standards compliance to limit the need for tools to act as gatekeepers. Tools will still be necessary, however, to provide a plethora of value-added services. These services, however, should never break the interoperability promise of ‘DataPortability’.

6. The Open Stack

These are the core open standards based technologies that make Interoperable DataPortability possible. Some have been created by formal and official standards bodies, others by ad-hoc community efforts. Some are protected by the W3C, others by the Open Web Foundation. All, represent a piece of work that is freely available, generally agreed upon and open for use by all.

7. Facebook Connect

Facebook connect is a version of ‘data portability’ (Point 1). It allows an elegant and simple re-use of data between Facebook and other services. Rather than being based on the Open Stack (Point 6), it is based on Facebooks Proprietary Platform (Item 8 on the diagram).

The key point here, however, is that Facebook Connect is owned by Facebook. Rather than interoperable point to point ‘DataPortability’ as defined by the DataPortability project, it provides a hub and spoke model where the technology and the experience is owned by a private company.

So far Facebook Connect is the best implementation of data portability available in the wild. It offers a compelling business value (millions of ready and active users) and simple APIs.

The community, via the many pieces loosely joined detailed in point 1-6, must come together to create a cohesive value proposition of its own in order to compete with this proprietary model.

Compete we must, however. Facebook, like AOL and Microsoft Passport before it, must eventually participate in the Open Web. Because the web is, and always will be, bigger than any single company.

The Future

Closed platforms are like ice cubes in a glass of water. They will float for a while. They will change the temperature of the liquid beneath. Ultimately, however, the ice cube must eventually melt into the wider web.

Facebook’s success with Facebook Connect can and will further drive innovation in the community to develop an open alternative.

Facebook’s success will also drive large media companies, competitors (like Google, Microsoft and Yahoo, AOL, Myspace, countless major media properties and countless small startups) to create alternatives. At least some of those participants will recognize (if they have not already) that the most open among them will earn both the respect and the market share of the next phase. Moving from Facebook Connect’s ‘data portability’ to Interoperable DataPortability.

A web of Data.

That’s a landscape where we can continue to innovate on a level playing field.