Identity as Business Opportunity?

Doc Searls

Issue #104, December 2002

The carrier and content industries aren't buying the Net's end-to-end argument. Doc suggests using an open customer ID standard to win them over.

In 1997, David Isenberg wrote in “Rise of the Stupid Network”, a widely circulated internal document at AT&T (www.rageboy.com/stupidnet.html), “The Internet breaks the telephone company model by passing control to the end user. It does this by taking the underlying network details out of the picture.”

The document cost David his job at AT&T. But he was right. The Net's end-to-endedness supports countless new efficiencies that go without notice because they happen in the background. GE Global eXchange Services (gxs.com), for example, processes over a billion transactions worth over a trillion dollars a year—all over the Net.

GXS President and CEO Harvey Seegers told me that the Net evened the balance of power between supply and demand. In the past, GE was in command of its relationships with its customers, he said; but that ended with the Net. Now even giant companies like GE are finding they can't muscle their customers anymore, and they're liking it, because now they have much healthier relationships with them.

After Cluetrain (cluetrain.com) came out, we heard the same kind of thing from a lot of other big companies, including Wal-Mart, Johnson & Johnson, Prudential and Ericsson. But a conspicuous silence came from the companies that actually carry the Internet. Verizon, AT&T, Qwest, Time Warner Cable, Comcast, Cox and SBC all try to talk Internet, but they still seem to be dreaming about subscription valves on content spigots. This dream has been a nightmare ever since carriers began to build broadband services around the same power asymmetries established by consumer marketing. To them, the Net was all big-to-small and few-to-many, like television.

The big “content” companies from the entertainment industry shared those fantasies. Unfortunately, they did get the Net's founding clues—and hated them. The last thing they wanted to see was billions of dumb consumers turned into smart customers—or worse, smart suppliers.

But in the long run (and it might be very long), the Net will beat big-to-small. When that happens, the question for the carrier and content companies will be no different from what it was in 1995: How can I make money here?

Arguing about end-to-end isn't going to do the job with Congress, and it probably won't do the job with business, either. What we need is implementation. I suggest identity (ID). All kinds of business opportunities open up once identity protocols are ready to support business innovations based on them.

To gauge the importance of ID, consider the matter of your own identities—those representations of yourself in the business world. How many of them are granted to you by outside organizations? How many are mostly beyond your control? Is it close to 100% in both cases?

What new business possibilities would open if your suite of identity representations were under your own control? What if your identity operated in the networked world according to protocols that granted your end as much power as the ones that make and distribute products and the ones that process transactions?

What new businesses would be possible if your identity suite had its own open APIs to let you choose what to do with your personal information—your location, your destinations, your interests, your preferences for anything and everything? What types of existing businesses suddenly will find all kinds of productive new ways to relate to customers? It's easy to imagine countless new businesses—and a lot less unwanted advertising, PR, promotion, junk mail and other annoying guesswork about what you, the consumer, might want.

Making this happen is what PingID.com has been up to in the year since it was founded by Andre Durand, who also cofounded Jabber.com. Like Jabber, PingID has a .org counterpart (PingID.org) that handles open-source development. (Disclaimer: I am on the advisory boards of both Jabber.com and PingID.com.)

PingID.org is working on a peer-to-peer browser or thin (embedded) client-based public digital identity infrastructure. It makes heavy use of XML, SOAP, XML-RPC and other standards that Jabber also trafficks in. At the helm of PingID.org's efforts is Bryan Field-Elliot. I recently asked Bryan how it's going. Here's what he told me:

Looking back over the history of protocols and their implementations, I see two different routes we can take. One is the Gnutella route, where we trailblaze a new protocol that perfectly suits our vision of identity rollout. The other is the Apache route, where we do practical implementations of protocols that have already been developed. We're trying to balance both routes and see what happens.

Say that PingID.org trailblazes a new protocol putting ultimate privacy control in the hands of the user—priorities, which are secondary at best for Liberty and Passport. Can we realistically expect any traction in the real world given the momentum behind the other identity protocols? Or instead, should we follow up on protocols developed by, say, the Liberty Alliance? Right now those protocols are not especially friendly to the individual, but someday they might be. There's a better chance of that happening if we're in the conversation. This is the fine line we're walking: a balance between idealism and pragmatism.

The choice Bryan presents is about implementation. But motivation to implement only comes when people start imagining all the cool ways this stuff can be put to use. Here are eight that have come up for Andre Durand, solely through his conversations with businesses that have taken an interest in building out ID infrastructure: 1) identity service providers (basically identity hosting services); 2) identity verification/authentication services (certificate/signatory services); 3) identity guardian services (companies that protect/monitor the use of your identity information); 4) identity interoperability services (companies that help transport an identity in one system to an identity in another system); 5) identity reputation companies (companies that help you maintain and monitor your digital reputation to ensure it is clean and accurate); 6) identity networks (this is what PingID Network is building); 7) a branded, quality assured network that facilitates business-to-business and business-to-consumer identity interaction; and 8) identity registrars (companies that “issue identities”).

There are also existing business categories that can make extensive use of a public ID infrastructure: banks, cell-phone companies, credit-card companies, retailers and our original two: carriers and content providers.

With an end-empowering ID infrastructure in place, many new carrier services to customers suddenly become imaginable, because each customer is much more than a name, a number and an address. Their identities are not only far more rich and detailed, but their behavior is far more active and involves far more choice. Rather than threatening carriers, it gives them an API to which they can address far more granular and flexible services, including bandwidth as symmetrical or asymmetrical as the customer requires.

When preference-rich and fully empowered customers show up in the content marketplace, eager to develop relationships with the artists who make movies and recordings, all the DRM issues that hog conversational airtime today get exposed as desperate attempts by distributors to control “consumer” behavior.

A sufficiently end-empowering digital identity infrastructure will make consumers evolve into customers. When that happens, all arguments about controlling consumer behavior become moot, and the end-to-end argument finally wins, big time.

Doc Searls is senior editor of Linux Journal.