Privacy on the Wireless Web Privacy on the Wireless Web

(mCommerce is getting (mCommerce is getting personal)personal)

Marc Le Maitre – Nextel Marc Le Maitre – Nextel CommunicationsCommunications

12/6/200012/6/2000

Taxonomy of CommerceTaxonomy of Commerce

eCommerceeCommerce– Performing commercial transactions on the InternetPerforming commercial transactions on the Internet

Wireless eCommerceWireless eCommerce– Performing the same commercial transactions on the Performing the same commercial transactions on the

Internet over wirelessInternet over wireless mCommercemCommerce

– Performing commercial transactions on the Internet Performing commercial transactions on the Internet over wireless using real-time context-sensitive, over wireless using real-time context-sensitive, personalized information such as location, state and personalized information such as location, state and intentintent

State defines the customer’s availabilityState defines the customer’s availability

Why Must mCommerceWhy Must mCommerceGet Personal?Get Personal?

Data deals with Data deals with transmission of bytestransmission of bytes

Information is the Information is the presentation of datapresentation of data

Knowledge addresses Knowledge addresses the relationship of the relationship of information in context information in context of other informationof other information

Wisdom is the Wisdom is the prediction of prediction of knowledge and is knowledge and is learned or “mined”learned or “mined”

Presentation

Context

Prediction

Data

Information

Knowledge

Wisdom

Increasing value and Increasing need for privacy

The Privacy ChallengeThe Privacy Challenge

The privacy challenge is not primarily The privacy challenge is not primarily a technology issue, not primarily a a technology issue, not primarily a governance issue but a business governance issue but a business issueissue– Passing too little control to the user will Passing too little control to the user will

result in low take up users because of result in low take up users because of trust issuestrust issues

– Passing too much control to the user will Passing too much control to the user will result in low take up by business because result in low take up by business because of inadequate marketing opportunitiesof inadequate marketing opportunities

Privacy Is Not a PointPrivacy Is Not a Pointbut a Continuumbut a Continuum

Don’t tell anyone Tell these people on

these terms

Advertise it to everyone

Never reveal

information about

me

If I request as service

or authorize

access

Give it to anybody, but give

me a good deal

I’ll pay you to advertise my information

What Does Privacy MeanWhat Does Privacy Meanto Businesses?to Businesses?

It is fundamental to gaining the customer’s It is fundamental to gaining the customer’s trust and building valuable relationshipstrust and building valuable relationships

It will require a re-think in their existing CRM It will require a re-think in their existing CRM and marketing practicesand marketing practices– Access to personal information is increasingly Access to personal information is increasingly

under the control of the customerunder the control of the customer The good news is; If businesses address The good news is; If businesses address

privacy concerns in the right way they will privacy concerns in the right way they will accelerate the delivery of value added accelerate the delivery of value added services not hold them backservices not hold them back

What Businesses Must Do to What Businesses Must Do to Exceed the Customer’s Privacy Exceed the Customer’s Privacy

RequirementsRequirements

Start building a privacy framework nowStart building a privacy framework now– Consumers are already educated to the threatConsumers are already educated to the threat– Before you are required to do so by lawBefore you are required to do so by law

Ensure that the frameworkEnsure that the framework– places the customer in complete control of how places the customer in complete control of how

their privacy is managed and is…their privacy is managed and is…– openopen– controllablecontrollable– extensible and flexibleextensible and flexible– enforceableenforceable

Building a Privacy Building a Privacy FrameworkFramework

The Way Privacy PoliciesThe Way Privacy PoliciesWork TodayWork Today

PC Browseror

WAPgateway

Serviceprovider’sweb site

Phone

12

1 User browses to site 1 User browses to site requiring information or requiring information or serviceservice

2 Site provides hypertext 2 Site provides hypertext link to a human link to a human readable privacy policyreadable privacy policy

3 User has to manually 3 User has to manually read the policy in its read the policy in its entiretyentirety

Human readable privacy policies are not effective. Human readable privacy policies are not effective. Very few users (less than 0.05% according to a Very few users (less than 0.05% according to a recent survey) actually read the policy and recent survey) actually read the policy and therefore cannot realistically be considered to therefore cannot realistically be considered to have given their informed consent to its termshave given their informed consent to its terms

The Way P3P Policies Will WorkThe Way P3P Policies Will Work

PC Browseror

WAPgateway

Serviceprovider’sweb site

Phone

12

3

P3Pplug-in module

containing user’sprivacy preferences

1 User browses to site 1 User browses to site requiring information or requiring information or serviceservice

2 Site serves the client with 2 Site serves the client with its privacy policyits privacy policy

3 Client passes site privacy 3 Client passes site privacy policy to a P3P plug-in policy to a P3P plug-in which matches the sites which matches the sites policy with the policy with the preferences of the user.preferences of the user.

44 If site’s policy does not If site’s policy does not violate user’s preferences violate user’s preferences the site is displayed as the site is displayed as normal. If the site’s policy normal. If the site’s policy violates the user’s violates the user’s preferences the user is preferences the user is alerted by the plug-in and alerted by the plug-in and can choose their next can choose their next actionaction

4

P3P requires that the client device be fitted with a P3P requires that the client device be fitted with a dedicated plug-in module to interpret the site’s machine-dedicated plug-in module to interpret the site’s machine-readable privacy policy. Once personalized, this plug-in readable privacy policy. Once personalized, this plug-in module is only available on the device in which it is module is only available on the device in which it is installed and cannot be moved to other devices, that is to installed and cannot be moved to other devices, that is to say a user’s privacy preferences do not follow themsay a user’s privacy preferences do not follow them

What is Missing From P3P?What is Missing From P3P?

Negotiation when privacy terms are at varianceNegotiation when privacy terms are at variance Signed copies of agreed privacy contractSigned copies of agreed privacy contract Storage of the resulting contract in the user’s Storage of the resulting contract in the user’s

controlcontrol Support for bi-directional requests for Support for bi-directional requests for

informationinformation Support for multi device access (i.e. PC, PDA, Support for multi device access (i.e. PC, PDA,

Phone)Phone) Dispute resolutionDispute resolution

Anatomy of the Anatomy of the desired Privacy desired Privacy

FrameworkFramework1 User selects a service 1 User selects a service

requiring informationrequiring information2 Site re-directs client to 2 Site re-directs client to

their agent because their agent because personal information is personal information is requiredrequired

3 Client instructs agent to 3 Client instructs agent to establish contact with establish contact with service provider’s agentservice provider’s agent

4 Client's agent asks for 4 Client's agent asks for details of information details of information requested and the SP’s requested and the SP’s privacy contractprivacy contract

5 SP’s agent responds5 SP’s agent responds6 Client’s agent supplies the 6 Client’s agent supplies the

information or negotiates information or negotiates variance to contract (can variance to contract (can request client intervention request client intervention if needed)if needed)

7 SP’s agent passes 7 SP’s agent passes information to web siteinformation to web site

8 Web site acknowledges 8 Web site acknowledges receiptreceipt

9 SP’s agent returns receipt 9 SP’s agent returns receipt together with signed together with signed privacy ‘s contract to privacy ‘s contract to client agent where it is client agent where it is storedstored

10 & 11 Client's agent 10 & 11 Client's agent redirects client to the web redirects client to the web site for service fulfillmentsite for service fulfillment

PC Browseror

WAPgateway

Client’sagent

ContainingUser-information

and privacyContractdefaults

Serviceprovider’sweb site

ServiceProvider’s

agentContaining

business formsand privacy

contract defaults

Phone12

11

9654

3 8 710

External databases or directories linked to client agent

Examining the Impact of Examining the Impact of Privacy on the Business Privacy on the Business

ModelModel

Recognizing the Current Recognizing the Current Business ModelBusiness Model

The current business model for wireless The current business model for wireless eCommerce is based on the following…..eCommerce is based on the following…..– The merchant/portal/ service provider will pay slotting The merchant/portal/ service provider will pay slotting

fees to gain access to a wireless carrier’s customersfees to gain access to a wireless carrier’s customers This only succeed whilst there is a wireless “walled garden”This only succeed whilst there is a wireless “walled garden”

– The wireless carrier can secure a share of the revenue The wireless carrier can secure a share of the revenue from the eCommerce transaction as a finder’s or from the eCommerce transaction as a finder’s or broker’s feebroker’s fee

This is lucrative whilst there is a sufficient margin to be shared This is lucrative whilst there is a sufficient margin to be shared or mCommerce is not a commodity serviceor mCommerce is not a commodity service

Meeting the Business Plan Meeting the Business Plan For mCommerceFor mCommerce

The business desires a relationship with a wireless The business desires a relationship with a wireless carrier’s customerscarrier’s customers

The carrier hosts the customer’s agent under the The carrier hosts the customer’s agent under the customer’s controlcustomer’s control

The carrier allows businesses to extend links to the The carrier allows businesses to extend links to the customer’s agentcustomer’s agent– Charges service providers a relationship fee for links to the Charges service providers a relationship fee for links to the

customer’s agentcustomer’s agent– Linking (relationship) fees can be adjusted based on value Linking (relationship) fees can be adjusted based on value

of the information being shared between customer and of the information being shared between customer and businessbusiness

– Both customer and business can break the link at any time Both customer and business can break the link at any time if the relationship becomes unprofitable or undesirableif the relationship becomes unprofitable or undesirable

The solution we are The solution we are investigatinginvestigating

eXtensible Naming ServiceeXtensible Naming Service– Open source, open standard via XNSORGOpen source, open standard via XNSORG

Agent to Agent architectureAgent to Agent architecture– Auto/evoked transfer of data between agentsAuto/evoked transfer of data between agents– Privacy rules transferred with every data Privacy rules transferred with every data

exchangeexchange– Linking and synchronization of exchanged Linking and synchronization of exchanged

datadata– Addressing scheme to allow agent discoveryAddressing scheme to allow agent discovery

How we see this Meeting our How we see this Meeting our Privacy ChallengePrivacy Challenge

Privacy of information under the customer’s control Privacy of information under the customer’s control deprives the businessdeprives the business– They currently have access and ownership of customer They currently have access and ownership of customer

data with very few rulesdata with very few rules Having moved that data into the customer’s control Having moved that data into the customer’s control

we can then provides mechanisms for the business we can then provides mechanisms for the business to access it under rules dictated by the customerto access it under rules dictated by the customer

In doing so, we creates links (synchronized) In doing so, we creates links (synchronized) between customer and businessesbetween customer and businesses– Provides businesses with a powerful customer retention Provides businesses with a powerful customer retention

tool and us a method of monitizing the relationshiptool and us a method of monitizing the relationship

ConclusionsConclusions

Without adequate privacy, services requiring Without adequate privacy, services requiring increasingly personal information will not succeedincreasingly personal information will not succeed– Customers will become aware of the threatCustomers will become aware of the threat

Businesses must deploy a privacy framework before Businesses must deploy a privacy framework before delivering context-sensitive value added services in delivering context-sensitive value added services in order to avoid a user-revoltorder to avoid a user-revolt

Existing P3P privacy protocol does not sufficiently Existing P3P privacy protocol does not sufficiently meet the needs expressed by our customersmeet the needs expressed by our customers

We are investigating XNS as a the solution whereby we We are investigating XNS as a the solution whereby we host the customer’s “agent” and develop profitable host the customer’s “agent” and develop profitable relationships by monitizing links between our relationships by monitizing links between our customers and external businessescustomers and external businesses