Thursday, June 29, 2006

June 2006 Early Indications: Inversions

1) "I'll be at 362-9296 for a while; then I'll be at 648-0024 for
about fifteen minutes; then I'll be at 752-0420; and then I'll be
home, at 621-4598."
-Dick Christie in Woody Allen's "Play It Again Sam"

In the early 1970s, Dick Christie's character portrayed a hard-
charging, super-connected deal-maker. Seeing the movie now,
hisconnection of location to telephone numbers feels quaint. Not so
long ago, you could tell, within a few blocks, where somebody was
based on their area code and three digits of the "exchange," or
central office. Now, with cellular number portability, voice over IP,
and mobile telephony more generally, a phone number has gone from
being an indication of location to an indication of identity as the number
follows the person.

2) Wal-Mart announced a new program late last year called "Remix," in
which one objective is to separate fast-moving inventory from slower
sellers in the supply chain. The long-term rollout won't be completed
until 2007, and involves other facets including store re-design. The
inversion plays out as follows: typical inventory organization is
performed on the basis of what something is, of what properties it
inherently possesses. The new model organizes inventory by how fast
people purchase it, which is a characteristic external to the item.

3) Mechanical diagnosis traditionally resided in the fingers, eyes,
ears, and brain of a mechanic or technician. Attempts to organize
craft knowledge, whether from detectives or repair personnel, into
knowledge bases have typically been disappointing. From small
beginnings in large turbines, automotive, and elsewhere, however,
there's a trend toward putting diagnosis into the machinery itself.
Military technologists, for example, have laid out a future-state
vision of "swaptronics," which would mean components could identify
themselves when the odds of failure exceed a given parameter. In an
increasing number of instances, including computer hardware, the locus
of diagnosis is in the midst of a migration from the external observer
to the device itself.

Taken together, these three transitions point to some emerging issues
of digital identity. Cell phone numbers, e-mail addresses, and
instant messaging names all follow the person, in contrast to landline
numbers, physical addresses, and database information. Changing how
who I am relates to where I am, and to the parties that know where I am -- in addition to being an extension of a landline phone, the cell phone is
also a beacon -- will in turn change notions of identity.

Wal-Mart's use of velocity as an organizing principle follows other
examples of "what it is" being subsumed by "what it does," based on
easily analyzed historic data: frequent flier and buyer databases are
other examples. In contrast, actuarial data is based less on behavior
(smoking being the major exception) and more on macro-level patterns:
ethnicity, parental cause of death. As risk factors are identified
and quantified, it would seem likely that insurers and other risk
markets will more frequently charge based on what their clients do.
In states that do not require motorcycle riders to wear helmets, for
example, the cost of increased numbers of injuries is borne broadly.
If the risk premium is calibrated to an individual's helmet decision,
by contrast, economic incentives may motivate safer behavior if the rider chooses not to pay the realistic cost of going helmetless.

The migration in the locus of diagnosis parallels a much larger
transition as data evolves from paper to bits. As information moves,
it allows different things to be done with it. Standardized ways of
naming things for example, begin to give life to the notion of
information as a utility. Maps are an excellent example. The mere
task of obtaining and storing paper maps for any given area formerly
required special facilities and expertise. Visiting the map room of a
great research library is a rare treat, but prohibitively costly at
scale. With maps being easily standardized and quantified through the
efforts of Navteq and other companies, anyone with a browser can see
down to the block or house level for many locations around the world.
The same technology taking diagnosis from the mechanic into the car is
moving navigation from maps to vehicles.

This build-up of shared resources in turn has implications for
identity. When information was scarce -- think of pre-Gutenberg for
example -- books and learning (the ability to use the books) conferred
great power. As recently as the mid-20th century, there were still
debates in England, the U.S., and possibly elsewhere over what body of
knowledge an educated man "obviously" would command. In just a few
decades women outnumbered men in American college enrollment, the
specialization and mass of scholarship exploded, and information
became not just plentiful but overly plentiful. Compared to those
Reformation-era monks, today's smart (learned?) person may have
internalized relatively little but have access to many pieces and
kinds of information: how much one knows and how much one can find or
manipulate are related but distinct questions.

These related questions of "who," "where," and "what is happening" are
being both asked and answered differently than they were only a few
years ago. Based on the uses of mobile broadband in places like
Korea, the answers in the U.S. ten years from now will be different
yet again. Many questions raised by this series of inversions are
related to education, but also concern data rights and
responsibilities.

U.S.-based collectors of personal information -- whether banks,
hospitals, governments, or communications companies -- currently can
and usually do treat information about a person as the institution's
property. AT&T recently changed its privacy policy to say that it can
track what a customer watches on its broadband and television
services, and use that information as it sees fit. Recall that there
was a leak of Robert Bork's video rentals to the press at the time of
his confirmation hearings, and subsequent legislation made such
disclosures illegal. Legislation is again lagging behavior, as the
often alarming disclosures of data privacy mistakes accumulate.
Before the laptop was located, the White House requested a
supplemental appropriation of $160 million to fund the Veterans
Administration's response to the theft of private data from a single
PC: that covers a year of free credit monitoring for 26.5 million
veterans. A call center set up in response to the error was costing
$200,000 a day to operate as of mid-June.

That single example points to a myriad of other privacy and security
questions that haven't been widely raised yet, given that such a crime
would have been impossible 20 years ago and extremely difficult even a
few years ago. Merely having to report such breaches has only
recently been required, and then only in certain states. At base, we are in
the midst of redefining such ancient notions as privacy, property
rights, and risk, all of which relate intimately to identity. For all
of the possibilities of the digital era -- getting lost less often,
fixing machines before they break, being reachable at any time -- the
nightmare scenarios also proliferate.

At the minimum, we need to develop more widely shared technical,
managerial, social, and legal languages for discussing some basic
questions:

-Where is the data collected and stored relative to the person or
thing to which it relates? How are disputes over accuracy identified
and resolved?

-What are the analytical possibilities of that data?

-How are the benefits of those analytics apportioned to the people
whose behavior might be under analysis, or otherwise have a claim to
ownership (however that term is defined) as well as to the parties
doing and/or purchasing the analysis?

-What are legitimate uses of personal data? How, if at all, is
consent granted for certain of these? What controls insure that
proper safeguards are in place and followed? What constitutes abuse
of personal data? What recourse exists for various affected parties?

Recent Congressional debates have brought some of these issues to the
forefront, but insofar as the intricate details of any proposed
legislation will have major implications, much remains to be seen as
to whether the U.S. has actually made headway on the problem. As hard
as that task will be, the global nature of data networks implies that
even broader questions of jurisdiction will also need to be addressed.