If you haven’t already, you might considering reviewing the current proposed ICANN changes to Whois and consider sending in your comments. Mine follow.

In short, the proposed changes are more than morally questionable, they undermine the core infrastructure that keeps the Internet working.

(Many thanks to Doc Searls for pointing me to this issue.)

Dear ICANN,

I am writing to oppose the proposed changes to WhoIs.

ICANN has always been a technically driven overseer of the DNS and IP infrastructure, shrewdly navigating sometimes contentious waters with reliable continuation of Internet services as its guiding priniciple. If an action might (or would) reduce the stability of core Internet services such as DNS or the services relying on DNS, such as email and the World Wide Web, then that action was rejected until such stability could be assured.  This principle is the reason ICANN deserves its quasi-independent regulator status; decisions made contrary to this interest negate ICANN’s moral authority to administer Internet resources on behalf of the general welfare.

For example, by strictly focusing on this guiding principle, ICANN has managed to isolate the legal issues of trademark disputes from imprudent termination or transfer of domain control. Similarly, ICANN maintains rigorous policies and procedures that all domain registrars must follow at the termination of a registrant’s contract, specifically designed to assure that the current domain owner has every reasonable opportunity to assert their control and maintain a working domain that links to their Internet service.

The move to a limited-disclosure official point of contact is a move in the right direction, but a closer reading of the proposed recommendation suggests it is flawed in its details. The point of WhoIs is to allow for resolution of service quality issues, that is, to allow for a reliable continuation of services. The current recommendation instead creates a route for undesired intervention by interested parties, which can only reduce the quality of services.

Allowing access to unpublished information on the minimal criteria of “reasonable evidence of actionable harm” does nothing to ensure the future stability of Internet services and instead acts as a starting point for several players–whether private or public entities–to begin processes which would seek to interfere with such services. Enabling litigants or law enforcement further means to pursue the registrants in no way increases the stability of the services offered by the registrant and most likely increases the likelihood that such services be–rightly or wrongly–moderated or even terminated. In short, the clear and obvious natural result of the recommendation would be to decrease the stability of Internet services.

Not all services of course, just those that afford intervention because of “reasonable evidence of actionable harm.” However, the judgment of evidence is neither ICANN’s purpose nor its expertise. Most jurisdictions in the world provide appropriate mechanisms for judging evidence against the public welfare. In the United States, that means the courts. Should a private or public entity seek the unpublished information for any registrant, the appropriate route for discovery–assuming the point of contact refuses–is to demonstrate a legally justifiable reason to a judge and thereby secure a subpoena. This process both assures suitable access to otherwise private information /and/ provides appropriate protections against unwarranted searches and seizures. It would be a complete abandonment of its moral authority and a wild assumption of unwarranted power should ICANN seek to enable itself, or its registars, to act in judgment on evidence of the need for disclosure in the public welfare.

Finally, the potential hope that this system will ultimately make it easier to root out the bad guys fails in the situation where it is most required: the truly bad actors can easily bypass the presentation of their information in the database using any number of shell games, private corporations, and attorneys. By providing streamlined access to unpublished information, ICANN will not be assisting in the prosecution of justice against the worst terrorist and criminals, because such bad actors will avail themselves of one or more of the available workarounds. Instead, ICANN will be assisting public and private entities in the harassment and persecution of domain owners whose interests or activities have become a target of attention, all without suitable due process for those actors to prove in the appropriate venue that such owners should be revealed.

We already see this disparity today, with registrars charging a premium for “anonymous” registrations, which demands additional fees for those who want to protect their identity and personal property from would-be attackers. Clearly, those entities who are sophisticated criminals already avail themselves of these services. Therefore we can reasonably

assume that the bulk of the information in Whois is not the world’s most dangerous terrorists, but rather everyday folks… and in the case of criminals, those small time operators who don’t have the wherewithal to protect their identity through one or more layers of anonymous services.  While the idea of a limited-disclosure official point of contact seems to help with this problem, recommendation 2 proactively provides a loophole for the most tenacious and well-funded attackers to pursue their actions against domain name owners. In the end, this can only destablize those services which come under attack. It will not improve the services for anyone.

Ultimately, it is beyond the purpose and capability of ICANN and its registrars to make judgment on such cases and even more importantly, it is beyond your moral authority to support a scheme of offensive intervention against existing Internet services.  Your role is to act steadfastly in protecting the technical infrastructure underlying the functioning Internet. Anything contrary to that can only be considered an abandonment of your very reason to exist.

As such, I implore you in the strongest possible terms to reject the recommended changes and to retain your fundamental focus on assuring the reliable operation of the infrastructure underlying the Internet.

Sent by email October 25, 2007

Slashdot brings us this article highlighting yet another picture-perfect case for the VRM Personal Datastore:

Technical Writing Geek writes with the news that the retail industry is getting mighty fed up over credit card company policies requiring them to store payment data. The National Retail Federation (NRF) has gone to bat for store owners, asking the credit industry to change their policies. The frustration stems from payment card industry (PCI) standards and new security measures going into place across the retail experience. Retailers are now trying to point out that many of the elements of the standard would not be a requirement if they didn’t have to store so much payment data.

“Even if the NRF’s demands were immediately met, it would take several years before retailers could purge their systems and applications of credit card data, he said. Over the years, retailers have collected and stored credit card data in myriad systems and places — including relatively old legacy environments — and they are just now realizing the data can be a challenge, he said. Purging it can be a bigger headache because the data is often inextricably linked to and used by a variety of customer and marketing applications; simply removing it could cause huge disruptions.”

This is another excellent example where the Personal Datastores of the Vendor Relationship Management initiative would profoundly simplify integration challenges. The current situation has each retailer acting as an unwitting data silo, storing sensitive information just waiting for hackers to bust it open. The PCI standards try to address this problem by hardening the silos, making the myriad of retailer data systems a sort of armored field of honeypots–and making the retailers liable for breaches. Understandably, retailers are a bit frustrated by the additional demands. However, if the data stores were completely distributed based on the user, rather than the retailer, we could not only remove the liability from the retailer, we could turn the field of honeypots (each with data on potentially hundreds or thousands of users) into endless fields of pollen-bearing flowers, each with just the data for a single individual.

Ultimately, each Personal Datastore–indeed any data store–is a potential target for hackers. However, PDs turn the retailer’s problems upside down in two ways. First, to the extent that PDs are distributed down to individuals’ own computers, the potential identity theft is reduced from a sweet haul of data for potentially tens of thousands (or more) individuals stored at a single retailer down to a single, isolated identity at one individual’s computer. That is, the honey is disaggregated back into the pollen, making it much less attractive to potential hackers… a much lower payoff for the same hard work.

Second, generally speaking, retailers aren’t well-equipped to handle secure IT issues. That’s not their business, even if a few do it well. That means most retailers are much better off placing the security risk in the hands of a service provider who is a specialist in maintaining a secure data store. That’s precisely what they are asking the credit card industry to let them do, even if they aren’t quite thinking of it that way. By moving the at-risk information into Personal Datastores run by companies whose entire business is in protecting and maintaining those Datastores, the risk can be managed by trained professionals whose sole goal in life is protecting that data. This would seem much better than leaving it in the hands of retailers whose business focus is, appropriately, on innovative ways make money selling products to customers.

Reintegrating with the user as the focal point would turn this problem inside out and give retailers, credit card companies, and credit card users a more robust, reliable, and secure solution with less risk and reduced liabilities. I’m not sure who the right entities are to build out this solution, but I’m betting that XRI/XDI, Higgins, and VRM are all enablers.

Doc Searls points me to this accent test.

Tells me I’ve got no accent. Hmph.

Microsoft launched its Personal Health Record initiative yesterday, according to the New York Times:

The company’s consumer health offering includes a personal health record, as well as Internet search tailored for health queries, under the name Microsoft HealthVault (www.healthvault.com).

The personal information, Microsoft said, will be stored in a secure, encrypted database. Its privacy controls, the company said, are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously, Microsoft said, and will not be linked to any personal information in a HealthVault personal health record.

This is definitely a step in the right direction, using Personal Datastores for managing health records, with fine grained access rights management so users can set privileges for multiple health vendors. It’s a classic VRM use case, undoubtedly implemented with full HIPAA compliance.

For those willing to trust Microsoft, their privacy assurances seem reasonable (full policy):

1. The Microsoft HealthVault record you create is controlled by you.
2. You decide what goes into your HealthVault record.
3. You decide who can see and use your information on a case-by-case basis.
4. We do not use your health information for commercial purposes unless we ask and you clearly tell us we may.

Unfortunately, it doesn’t look like Microsoft is promoting any open standards (no surprise there), nor allowing users a way to download what is stored in their health record. Does that mean if we want that data out, we can only go through a Microsoft-approved medical partner? If so, does that mean that Microsoft actually owns the data… and not the patient? If so, that’s disturbing.

The full text of the Health Vault privacy statement makes this sound like a feature, using full FUD mode to scare users into thinking Microsoft control is a good thing:

To help provide better protection of your information, the information transfer from your computer to the Service is one way; the Service does not transfer your Health Record information back to your computer.

So, minor points for Microsoft. Kudos for showing the way to a smarter way for managing Personal Health Records and shame on them for not doing it in a way that is completely transparent and open for all users.

I’ve sent the folks at Health Vault an email asking about export and ownership. I’ll let you know what I hear back, if anything.

Steven Gary Blank’s The Four Steps to the Epiphany

Review

I’ve read a lot of startup books and been involved in several efforts of varying success. Blank’s book is the first how-to-guide that provides clear, unequivocal directions for taking a brilliant product idea and turning it into to a successful, thriving company.

Fans of Geoffrey Moore’s Crossing the Chasm will appreciate the additional depth of Blank’s honest and rigorous approach to finding the right product-market fit. Moore’s bowling alley idea is powerful, but Blank takes that concept and tells you precisely how you should go about discovering the right initial market for your product and then how to reliably grow into that market. His horror stories are insightful and balanced by constructive success stories, with some of the most illuminating juxtaposed within the same market, such as Webvan’s brutal failure and Tesco’s wild success in the online grocery business.

The book has some challenges when it gets to the details about positioning and branding, but those are areas many people have problems with… and a sore spot for me with even some of the more widely quoted yet insufficient books out there. Fortunately, Blank isn’t wrong in those areas, so much as just fails to make the most of the classics of Riese & Trout’s Positioning: The Battle for Your Mind, 20th Anniversary Edition and Aaker’s Building Strong Brands as they apply to the startup. [I also recommend Holt’s How Brands Become Icons: The Principles of Cultural Branding for those looking for brilliant insights in building effective brands.]

My other small nitpick is that the book has surprisingly low production values, with numerous typos and printed on a seemingly depression era yellow paper. Perhaps Blank is simply following his own advice, minimizing upfront costs while he discovers the right product-market fit. I hope so, because at least that shows consistent reasoning.

Despite its failings, this book’s strength building both a conceptual and practical framework for guiding product development in innovation-driven companies makes it a must read for anyone leading entrepreneurial product innovation.