Upload
garry
View
27
Download
1
Embed Size (px)
DESCRIPTION
Privacy on the Wireless Web (mCommerce is getting personal). Marc Le Maitre – Nextel Communications 12/6/2000. Taxonomy of Commerce. eCommerce Performing commercial transactions on the Internet Wireless eCommerce Performing the same commercial transactions on the Internet over wireless - PowerPoint PPT Presentation
Citation preview
Privacy on the Wireless Web Privacy on the Wireless Web
(mCommerce is getting (mCommerce is getting personal)personal)
Marc Le Maitre – Nextel Marc Le Maitre – Nextel CommunicationsCommunications
12/6/200012/6/2000
Taxonomy of CommerceTaxonomy of Commerce
eCommerceeCommerce– Performing commercial transactions on the InternetPerforming commercial transactions on the Internet
Wireless eCommerceWireless eCommerce– Performing the same commercial transactions on the Performing the same commercial transactions on the
Internet over wirelessInternet over wireless mCommercemCommerce
– Performing commercial transactions on the Internet Performing commercial transactions on the Internet over wireless using real-time context-sensitive, over wireless using real-time context-sensitive, personalized information such as location, state and personalized information such as location, state and intentintent
State defines the customer’s availabilityState defines the customer’s availability
Why Must mCommerceWhy Must mCommerceGet Personal?Get Personal?
Data deals with Data deals with transmission of bytestransmission of bytes
Information is the Information is the presentation of datapresentation of data
Knowledge addresses Knowledge addresses the relationship of the relationship of information in context information in context of other informationof other information
Wisdom is the Wisdom is the prediction of prediction of knowledge and is knowledge and is learned or “mined”learned or “mined”
Presentation
Context
Prediction
Data
Information
Knowledge
Wisdom
Increasing value and Increasing need for privacy
The Privacy ChallengeThe Privacy Challenge
The privacy challenge is not primarily The privacy challenge is not primarily a technology issue, not primarily a a technology issue, not primarily a governance issue but a business governance issue but a business issueissue– Passing too little control to the user will Passing too little control to the user will
result in low take up users because of result in low take up users because of trust issuestrust issues
– Passing too much control to the user will Passing too much control to the user will result in low take up by business because result in low take up by business because of inadequate marketing opportunitiesof inadequate marketing opportunities
Privacy Is Not a PointPrivacy Is Not a Pointbut a Continuumbut a Continuum
Don’t tell anyone Tell these people on
these terms
Advertise it to everyone
Never reveal
information about
me
If I request as service
or authorize
access
Give it to anybody, but give
me a good deal
I’ll pay you to advertise my information
What Does Privacy MeanWhat Does Privacy Meanto Businesses?to Businesses?
It is fundamental to gaining the customer’s It is fundamental to gaining the customer’s trust and building valuable relationshipstrust and building valuable relationships
It will require a re-think in their existing CRM It will require a re-think in their existing CRM and marketing practicesand marketing practices– Access to personal information is increasingly Access to personal information is increasingly
under the control of the customerunder the control of the customer The good news is; If businesses address The good news is; If businesses address
privacy concerns in the right way they will privacy concerns in the right way they will accelerate the delivery of value added accelerate the delivery of value added services not hold them backservices not hold them back
What Businesses Must Do to What Businesses Must Do to Exceed the Customer’s Privacy Exceed the Customer’s Privacy
RequirementsRequirements
Start building a privacy framework nowStart building a privacy framework now– Consumers are already educated to the threatConsumers are already educated to the threat– Before you are required to do so by lawBefore you are required to do so by law
Ensure that the frameworkEnsure that the framework– places the customer in complete control of how places the customer in complete control of how
their privacy is managed and is…their privacy is managed and is…– openopen– controllablecontrollable– extensible and flexibleextensible and flexible– enforceableenforceable
Building a Privacy Building a Privacy FrameworkFramework
The Way Privacy PoliciesThe Way Privacy PoliciesWork TodayWork Today
PC Browseror
WAPgateway
Serviceprovider’sweb site
Phone
12
1 User browses to site 1 User browses to site requiring information or requiring information or serviceservice
2 Site provides hypertext 2 Site provides hypertext link to a human link to a human readable privacy policyreadable privacy policy
3 User has to manually 3 User has to manually read the policy in its read the policy in its entiretyentirety
Human readable privacy policies are not effective. Human readable privacy policies are not effective. Very few users (less than 0.05% according to a Very few users (less than 0.05% according to a recent survey) actually read the policy and recent survey) actually read the policy and therefore cannot realistically be considered to therefore cannot realistically be considered to have given their informed consent to its termshave given their informed consent to its terms
The Way P3P Policies Will WorkThe Way P3P Policies Will Work
PC Browseror
WAPgateway
Serviceprovider’sweb site
Phone
12
3
P3Pplug-in module
containing user’sprivacy preferences
1 User browses to site 1 User browses to site requiring information or requiring information or serviceservice
2 Site serves the client with 2 Site serves the client with its privacy policyits privacy policy
3 Client passes site privacy 3 Client passes site privacy policy to a P3P plug-in policy to a P3P plug-in which matches the sites which matches the sites policy with the policy with the preferences of the user.preferences of the user.
44 If site’s policy does not If site’s policy does not violate user’s preferences violate user’s preferences the site is displayed as the site is displayed as normal. If the site’s policy normal. If the site’s policy violates the user’s violates the user’s preferences the user is preferences the user is alerted by the plug-in and alerted by the plug-in and can choose their next can choose their next actionaction
4
P3P requires that the client device be fitted with a P3P requires that the client device be fitted with a dedicated plug-in module to interpret the site’s machine-dedicated plug-in module to interpret the site’s machine-readable privacy policy. Once personalized, this plug-in readable privacy policy. Once personalized, this plug-in module is only available on the device in which it is module is only available on the device in which it is installed and cannot be moved to other devices, that is to installed and cannot be moved to other devices, that is to say a user’s privacy preferences do not follow themsay a user’s privacy preferences do not follow them
What is Missing From P3P?What is Missing From P3P?
Negotiation when privacy terms are at varianceNegotiation when privacy terms are at variance Signed copies of agreed privacy contractSigned copies of agreed privacy contract Storage of the resulting contract in the user’s Storage of the resulting contract in the user’s
controlcontrol Support for bi-directional requests for Support for bi-directional requests for
informationinformation Support for multi device access (i.e. PC, PDA, Support for multi device access (i.e. PC, PDA,
Phone)Phone) Dispute resolutionDispute resolution
Anatomy of the Anatomy of the desired Privacy desired Privacy
FrameworkFramework1 User selects a service 1 User selects a service
requiring informationrequiring information2 Site re-directs client to 2 Site re-directs client to
their agent because their agent because personal information is personal information is requiredrequired
3 Client instructs agent to 3 Client instructs agent to establish contact with establish contact with service provider’s agentservice provider’s agent
4 Client's agent asks for 4 Client's agent asks for details of information details of information requested and the SP’s requested and the SP’s privacy contractprivacy contract
5 SP’s agent responds5 SP’s agent responds6 Client’s agent supplies the 6 Client’s agent supplies the
information or negotiates information or negotiates variance to contract (can variance to contract (can request client intervention request client intervention if needed)if needed)
7 SP’s agent passes 7 SP’s agent passes information to web siteinformation to web site
8 Web site acknowledges 8 Web site acknowledges receiptreceipt
9 SP’s agent returns receipt 9 SP’s agent returns receipt together with signed together with signed privacy ‘s contract to privacy ‘s contract to client agent where it is client agent where it is storedstored
10 & 11 Client's agent 10 & 11 Client's agent redirects client to the web redirects client to the web site for service fulfillmentsite for service fulfillment
PC Browseror
WAPgateway
Client’sagent
ContainingUser-information
and privacyContractdefaults
Serviceprovider’sweb site
ServiceProvider’s
agentContaining
business formsand privacy
contract defaults
Phone12
11
9654
3 8 710
External databases or directories linked to client agent
Examining the Impact of Examining the Impact of Privacy on the Business Privacy on the Business
ModelModel
Recognizing the Current Recognizing the Current Business ModelBusiness Model
The current business model for wireless The current business model for wireless eCommerce is based on the following…..eCommerce is based on the following…..– The merchant/portal/ service provider will pay slotting The merchant/portal/ service provider will pay slotting
fees to gain access to a wireless carrier’s customersfees to gain access to a wireless carrier’s customers This only succeed whilst there is a wireless “walled garden”This only succeed whilst there is a wireless “walled garden”
– The wireless carrier can secure a share of the revenue The wireless carrier can secure a share of the revenue from the eCommerce transaction as a finder’s or from the eCommerce transaction as a finder’s or broker’s feebroker’s fee
This is lucrative whilst there is a sufficient margin to be shared This is lucrative whilst there is a sufficient margin to be shared or mCommerce is not a commodity serviceor mCommerce is not a commodity service
Meeting the Business Plan Meeting the Business Plan For mCommerceFor mCommerce
The business desires a relationship with a wireless The business desires a relationship with a wireless carrier’s customerscarrier’s customers
The carrier hosts the customer’s agent under the The carrier hosts the customer’s agent under the customer’s controlcustomer’s control
The carrier allows businesses to extend links to the The carrier allows businesses to extend links to the customer’s agentcustomer’s agent– Charges service providers a relationship fee for links to the Charges service providers a relationship fee for links to the
customer’s agentcustomer’s agent– Linking (relationship) fees can be adjusted based on value Linking (relationship) fees can be adjusted based on value
of the information being shared between customer and of the information being shared between customer and businessbusiness
– Both customer and business can break the link at any time Both customer and business can break the link at any time if the relationship becomes unprofitable or undesirableif the relationship becomes unprofitable or undesirable
The solution we are The solution we are investigatinginvestigating
eXtensible Naming ServiceeXtensible Naming Service– Open source, open standard via XNSORGOpen source, open standard via XNSORG
Agent to Agent architectureAgent to Agent architecture– Auto/evoked transfer of data between agentsAuto/evoked transfer of data between agents– Privacy rules transferred with every data Privacy rules transferred with every data
exchangeexchange– Linking and synchronization of exchanged Linking and synchronization of exchanged
datadata– Addressing scheme to allow agent discoveryAddressing scheme to allow agent discovery
How we see this Meeting our How we see this Meeting our Privacy ChallengePrivacy Challenge
Privacy of information under the customer’s control Privacy of information under the customer’s control deprives the businessdeprives the business– They currently have access and ownership of customer They currently have access and ownership of customer
data with very few rulesdata with very few rules Having moved that data into the customer’s control Having moved that data into the customer’s control
we can then provides mechanisms for the business we can then provides mechanisms for the business to access it under rules dictated by the customerto access it under rules dictated by the customer
In doing so, we creates links (synchronized) In doing so, we creates links (synchronized) between customer and businessesbetween customer and businesses– Provides businesses with a powerful customer retention Provides businesses with a powerful customer retention
tool and us a method of monitizing the relationshiptool and us a method of monitizing the relationship
ConclusionsConclusions
Without adequate privacy, services requiring Without adequate privacy, services requiring increasingly personal information will not succeedincreasingly personal information will not succeed– Customers will become aware of the threatCustomers will become aware of the threat
Businesses must deploy a privacy framework before Businesses must deploy a privacy framework before delivering context-sensitive value added services in delivering context-sensitive value added services in order to avoid a user-revoltorder to avoid a user-revolt
Existing P3P privacy protocol does not sufficiently Existing P3P privacy protocol does not sufficiently meet the needs expressed by our customersmeet the needs expressed by our customers
We are investigating XNS as a the solution whereby we We are investigating XNS as a the solution whereby we host the customer’s “agent” and develop profitable host the customer’s “agent” and develop profitable relationships by monitizing links between our relationships by monitizing links between our customers and external businessescustomers and external businesses