180 likes | 341 Views
Privacy on the Wireless Web (mCommerce is getting personal). Marc Le Maitre – Nextel Communications 12/6/2000. Taxonomy of Commerce. eCommerce Performing commercial transactions on the Internet Wireless eCommerce Performing the same commercial transactions on the Internet over wireless
E N D
Privacy on the Wireless Web (mCommerce is getting personal) Marc Le Maitre – Nextel Communications 12/6/2000
Taxonomy of Commerce • eCommerce • Performing commercial transactions on the Internet • Wireless eCommerce • Performing the same commercial transactions on the Internet over wireless • mCommerce • Performing commercial transactions on the Internet over wireless using real-time context-sensitive, personalized information such as location, state and intent • State defines the customer’s availability
Why Must mCommerceGet Personal? • Data deals with transmission of bytes • Information is the presentation of data • Knowledge addresses the relationship of information in context of other information • Wisdom is the prediction of knowledge and is learned or “mined” Wisdom Increasing value and Increasing need for privacy Prediction Knowledge Context Information Presentation Data
The Privacy Challenge • The privacy challenge is not primarily a technology issue, not primarily a governance issue but a business issue • Passing too little control to the user will result in low take up users because of trust issues • Passing too much control to the user will result in low take up by business because of inadequate marketing opportunities
Privacy Is Not a Pointbut a Continuum Tell these people on these terms Advertise it to everyone Don’t tell anyone Give it to anybody, but give me a good deal Never reveal information about me If I request as service or authorize access I’ll pay you to advertise my information
What Does Privacy Meanto Businesses? • It is fundamental to gaining the customer’s trust and building valuable relationships • It will require a re-think in their existing CRM and marketing practices • Access to personal information is increasingly under the control of the customer • The good news is; If businesses address privacy concerns in the right way they will accelerate the delivery of value added services not hold them back
What Businesses Must Do to Exceed the Customer’s Privacy Requirements • Start building a privacy framework now • Consumers are already educated to the threat • Before you are required to do so by law • Ensure that the framework • places the customer in complete control of how their privacy is managed and is… • open • controllable • extensible and flexible • enforceable
The Way Privacy PoliciesWork Today 1 User browses to site requiring information or service 2 Site provides hypertext link to a human readable privacy policy 3 User has to manually read the policy in its entirety Human readable privacy policies are not effective. Very few users (less than 0.05% according to a recent survey) actually read the policy and therefore cannot realistically be considered to have given their informed consent to its terms PC Browser or WAP gateway Service provider’s web site 2 1 Phone
The Way P3P Policies Will Work P3P requires that the client device be fitted with a dedicated plug-in module to interpret the site’s machine-readable privacy policy. Once personalized, this plug-in module is only available on the device in which it is installed and cannot be moved to other devices, that is to say a user’s privacy preferences do not follow them 1 User browses to site requiring information or service 2 Site serves the client with its privacy policy 3 Client passes site privacy policy to a P3P plug-in which matches the sites policy with the preferences of the user. 4 If site’s policy does not violate user’s preferences the site is displayed as normal. If the site’s policy violates the user’s preferences the user is alerted by the plug-in and can choose their next action P3P plug-in module containing user’s privacy preferences 3 4 PC Browser or WAP gateway Service provider’s web site 2 1 Phone
What is Missing From P3P? • Negotiation when privacy terms are at variance • Signed copies of agreed privacy contract • Storage of the resulting contract in the user’s control • Support for bi-directional requests for information • Support for multi device access (i.e. PC, PDA, Phone) • Dispute resolution
Anatomy of the desired Privacy Framework 1 User selects a service requiring information 2 Site re-directs client to their agent because personal information is required 3 Client instructs agent to establish contact with service provider’s agent 4 Client's agent asks for details of information requested and the SP’s privacy contract 5 SP’s agent responds 6 Client’s agent supplies the information or negotiates variance to contract (can request client intervention if needed) 7 SP’s agent passes information to web site 8 Web site acknowledges receipt 9 SP’s agent returns receipt together with signed privacy ‘s contract to client agent where it is stored 10 & 11 Client's agent redirects client to the web site for service fulfillment Client’s agent Containing User-information and privacy Contract defaults Service Provider’s agent Containing business forms and privacy contract defaults 4 5 External databases or directories linked to client agent 6 9 3 10 8 7 PC Browser or WAP gateway Service provider’s web site 11 2 1 Phone
Recognizing the Current Business Model • The current business model for wireless eCommerce is based on the following….. • The merchant/portal/ service provider will pay slotting fees to gain access to a wireless carrier’s customers • This only succeed whilst there is a wireless “walled garden” • The wireless carrier can secure a share of the revenue from the eCommerce transaction as a finder’s or broker’s fee • This is lucrative whilst there is a sufficient margin to be shared or mCommerce is not a commodity service
Meeting the Business Plan For mCommerce • The business desires a relationship with a wireless carrier’s customers • The carrier hosts the customer’s agent under the customer’s control • The carrier allows businesses to extend links to the customer’s agent • Charges service providers a relationship fee for links to the customer’s agent • Linking (relationship) fees can be adjusted based on value of the information being shared between customer and business • Both customer and business can break the link at any time if the relationship becomes unprofitable or undesirable
The solution we are investigating • eXtensible Naming Service • Open source, open standard via XNSORG • Agent to Agent architecture • Auto/evoked transfer of data between agents • Privacy rules transferred with every data exchange • Linking and synchronization of exchanged data • Addressing scheme to allow agent discovery
How we see this Meeting our Privacy Challenge • Privacy of information under the customer’s control deprives the business • They currently have access and ownership of customer data with very few rules • Having moved that data into the customer’s control we can then provides mechanisms for the business to access it under rules dictated by the customer • In doing so, we creates links (synchronized) between customer and businesses • Provides businesses with a powerful customer retention tool and us a method of monitizing the relationship
Conclusions • Without adequate privacy, services requiring increasingly personal information will not succeed • Customers will become aware of the threat • Businesses must deploy a privacy framework before delivering context-sensitive value added services in order to avoid a user-revolt • Existing P3P privacy protocol does not sufficiently meet the needs expressed by our customers • We are investigating XNS as a the solution whereby we host the customer’s “agent” and develop profitable relationships by monitizing links between our customers and external businesses