Today is the first day of my month-long fellowship at the STUDIO for Creative Inquiry, in the College of Fine Art at Carnegie Mellon University.

I am here at the invitation of Golan Levin, director of the studio and, back in the day, a former colleague at Interval Research. The fellowship is funded by the National Endowment for the Arts.

Golan told me I could do anything I wanted, and so I invited Robin Gianattassio-Malle to come work with me on inventing a better way to help people learn and think about the consequences — both risks and benefits — of innovations in science and technology. We want to go beyond the usual binary, “fawning or damning” approach that dominates media coverage today, to actually informing people about these incredibly complicated issues.

I’m really excited about this project. It’s the first time in a long time I am going to have the opportunity to roll up my sleeves and do what I do best: to help people understand complexity in a way that is engaging, helpful and accurate. We are going to have to confront some tough design issues, but between us we have an amazing network to draw from.

Robin and I will be working at the STUDIO with two other fellows — Kyle McDonald and Jacob Tonsky — both of whom are wicked smart and from whom we expect to learn a lot.

We will be building a prototype over the next few weeks, and I will be posting updates about our progress. Yeehaw!

The word “trust” appears 32 times in the press release announcing the official launch of the Open Identity Exchange (OIX). Normally, I’d be enthusiastic about such dense coverage of a critical topic, but in this case I question the group’s understanding of the term.

A Governance Template, Not a Trust Framework

OIX is a kind of standards body where techies from various industries come together to prescribe satisfactory methods for identification, so that these IDs can be used across websites. From the OIX site, the process is as follows:

… policymakers representing a trust community (e.g., government, industry association, professional society) start by developing a trust framework specification. This document defines the identity proofing, security, and privacy policies that must be followed by identity service providers to reach a specified level of assurance (LOA). In some cases it will also specify the data protection policies that must be followed by both identity service providers and relying parties to reach a specified level of protection (LOP).

Lastly, the trust framework defines the qualifications necessary to be an assessor for the trust framework—a person or a company who has the professional experience necessary to assess whether an identity service provider or relying party is in compliance with the policies specified for a certain LOA or LOP.

Next the policymakers contract with a trust framework provider (TFP) to operate a certification program for the trust framework. A TFP who operates by the OITF model performs the following functions:

1. Publishes the trust framework so it is publicly accessible.
2. Accepts listings from assessors who meet the qualifications specified in the trust framework.
3. Accept listings from identity service providers (and in some cases relying parties) who are successfully certified by a qualified assessor.
4. Publish updates to the trust framework as it is revised, and periodically renew certifications of participants as required by the trust framework.

Lastly, the OITF model includes roles for auditors and dispute resolution service providers to assist in ongoing assessment of trust framework participants and resolution of any disputes that may arise.

(Side Note OIX: also don’t abuse the word “lastly.”)

Apparently OIX just hosts the party and provides the napkins (for sketching), but little else. Defining the standards is up to the policy makers and certifying compliance is up to a Trust Framework Provider (TFP)—whatever that is.

Identification isn’t Trust

I suppose that, if successful, OIX will improve the way digital IDs are used. That’s not altogether a bad thing, but it’s also not trust.

By analogy, imagine that, in order to improve the effectiveness of TSA screeners, the government sets a policy requiring travelers to present both a driver license and passport at the airport. Does it follow that everyone inside the secure area of the airport will trust each other? If the TSA screener clears someone, does that mean the screener trusts the traveler? Or that the screener trusts the ID? Do the IDs foster any kind of trust at all?

If there’s one thing I’d like to get through to techies who work these protocols, it’s this: identification isn’t trust. Please find another word to describe what you’re doing.

Imagine a friend invites you to a dinner party. This year, the invitation goes, the party will be catered so you’ll need to pay $40 per guest. Maybe you’re not too excited about the catering idea, but you figure you want to support your friend, so you decide to attend and bring your spouse. At the party, the general consensus is that it’s fun to see everyone, but the catered food wasn’t nearly as good as the traditional potluck approach. Later, word’s passed around that your friend decided to do some cost-cutting on the catering, which explained the below-average food. Then news breaks that because of these cost-cutting measures, your friend actually turned a nice profit on the party and was able to buy her kid a new Nintendo DSi (apparently the kid got mad while playing with the old one and threw it against a wall).

Would you feel happy for your friend? Or would you feel used? After all, your friend took the initiative; she took the risk (after all, what if someone got sick and decided to sue her?); she organized the event; she provided the venue. In short, your friend was the entrepreneur; she “owned” the party. And if that’s not to your liking, what’s stopping you from throwing a party of your own?

But you may still experience a sense of betrayal that comes from feeling obliged to attend an event for friendship’s sake—an event that ostensibly was just a party but turned out to be a fundraiser for your friend’s spoiled kid. In addition, your attendance at the party mandated the attendance of your spouse, prompted you to buy a new dress, and encouraged your mutual friends to attend as well. So you also unwittingly marketed this fundraiser for an over-privileged kid. And of course, since the food was sub-par, you feel taken by your own friend.

Stone Soup 2.0

This modern retelling of the Stone Soup fable is a commentary on capitalistic society, one in which the Pot & Stone owners walk away with most of the soup. Or more literally, American capitalism is a system that distributes the greatest rewards to owners of infrastructure. In this economic arrangement, business owners have much greater control over the value created by the business than do the contributors. This reward structure is said to encourage private enterprise and competition, which eventually will produce the greatest good for the largest number of people.

But the Law of Relational Symmetry tells us that the party in control of the relationship will exploit the other participants. In today’s businesses, owners control the most important aspects of the relationship, such as the ability to set compensation, benefits, and terms of employment. Contributors usually have to sign away their rights to any intellectual property they create to their employer. And often, contributors sign non-compete agreements that restrict their movements after refusing to work under unfavorable terms. With no ability to hold property (intellectual property in this case) and an acute need for income and healthcare, workers in today’s society need jobs the way Victorian women needed husbands.

So while capitalism is undoubtedly the best system practiced on a massive scale for producing wealth, it is nonetheless a system of exploitation and produces less than optimal results for all parties.

Continue reading »

Anyone who read Frank Partnoy’s book F.I.A.S.C.O will immediately appreciate the context of this story: The NYT reported today how Wall St. banks Goldman Sachs and JP Morgan assisted the Greek government in hiding hundreds of billions of dollars in debt, while collecting over $300 million in fees for themselves. According to the Times:

Wall Street tactics akin to the ones that fostered subprime mortgages in America have worsened the financial crisis shaking Greece and undermining the euro by enabling European governments to hide their mounting debts.

As worries over Greece rattle world markets, records and interviews show that with Wall Street’s help, the nation engaged in a decade-long effort to skirt European debt limits. One deal created by Goldman Sachs helped obscure billions in debt from the budget overseers in Brussels….

In 2001, just after Greece was admitted to Europe’s monetary union, Goldman helped the government quietly borrow billions, people familiar with the transaction said. That deal, hidden from public view because it was treated as a currency trade rather than a loan, helped Athens to meet Europe’s deficit rules while continuing to spend beyond its means.

As the Times article later calls out, the rest of Europe is livid. Countries like Germany are likely going to have to flit the bill for this—just as they were nearly finished paying for reunification with East Germany. An article in Der Spiegel (link refers to the English version) discusses bluntly Goldman’s role in the shenanigans. According to the Spiegel article:

In the Greek case the US bankers devised a special kind of swap with fictional exchange rates. That enabled Greece to receive a far higher sum than the actual euro market value of 10 billion dollars or yen. In that way Goldman Sachs secretly arranged additional credit of up to $1 billion for the Greeks.

This credit disguised as a swap didn’t show up in the Greek debt statistics. Eurostat’s reporting rules don’t comprehensively record transactions involving financial derivatives…. Goldman Sachs charged a hefty commission for the deal and sold the swaps on to a Greek bank in 2005.

In an interview between a Spiegel reporter and HSBC chairman Steven Green, the tension is palpable. The interviewer begins with the question “Mr. Green, when was the last time you were ashamed to be a banker?” The interviewer goes on to ask, “You are not just the group chairman of Britain’s HSBC, the world’s largest private bank. In your free time, you also serve as a lay preacher in the Anglican Church. Have you ever prayed: ‘Please God, rescue capitalism’?”

As the Spiegel interview bears out, yelling at the bankers is a cathartic (a nice Greek word) but fruitless exercise. Like Iago in Shakespeare’s Othello, bankers respond with complete dispassion when discussing the suffering they’ve enabled and insist on the legality of the trades and their innocence in these matters. Back to the Times article:

Wall Street did not create Europe’s debt problem. But bankers enabled Greece and others to borrow beyond their means, in deals that were perfectly legal. Few rules govern how nations can borrow the money they need for expenses like the military and health care. The market for sovereign debt — the Wall Street term for loans to governments — is as unfettered as it is vast….

In Greece, the financial wizardry went even further. In what amounted to a garage sale on a national scale, Greek officials essentially mortgaged the country’s airports and highways to raise much-needed money.

Does trust depend on a society’s ability to create a law for every possible act of treachery? Could Moses have brought down the 10,000 commandments from the mountain? Maybe over-the-counter derivatives trades are legal by some literalist interpretation of securities law. But clearly the people who wield the power of such financial instruments pose greater risks to society than Jihadists. In my view, these kinds of over-the-counter trades ought to be illegal and subject to the worst kinds of penalties on the books.

This week, I started a new job as Sr. Manager at Accenture. I’ll be working in Accenture’s Security Consulting Practice, focusing on Identity and Access Management. So my new role is basically a continuation of my career for the last dozen years, but at Accenture it’s also an opportunity to get involved in some of the most challenging and culturally relevant identity projects of our time.

Governments continue to develop identity systems, commercial sites increasingly add social networking features, and new cloud services strain existing modes of online trust. I’m looking forward to a very interesting year!

The NYT ran an article today discussing how humans may be wired for trust. In a recent study of small children, scientists discovered that traditional views of human nature as hopelessly egocentric and fiercely competitive don’t portray the full picture. From the article:

“We’re preprogrammed to reach out,” Dr. de Waal writes. “Empathy is an automated response over which we have limited control.” The only people emotionally immune to another’s situation, he notes, are psychopaths.

Dr. Michael Tomasello, one of the researchers cited in the NYT article, explains that “we are both selfish and altruistic at the same time.” Some of the altruism in humans comes from what Tomasello describes as “shared intentionality.” Again from the article:

The shared intentionality lies at the basis of human society, Dr. Tomasello argues. From it flow ideas of norms, of punishing those who violate the norms and of shame and guilt for punishing oneself. Shared intentionality evolved very early in the human lineage, he believes, and its probable purpose was for cooperation in gathering food. Anthropologists report that when men cooperate in hunting, they can take down large game, which single hunters generally cannot do.

I’m sure this view of human nature feels intuitive to most people, but Western traditions haven’t given these ideas much play. Perhaps the current economic crisis will inspire policy makers and economists to re-evaluate the philosophical underpinnings of capitalism.

But narrowing the topic to the field I work in (digital identity and internet security), I wonder 2 things: How can we provide for shared intentionality on the Internet? And how do we also imbue applications and other non-human actors on the Internet with similar instincts?

Comments welcome!

Elinor Ostrom is the first woman in history to win the Nobel Prize for economics. In my opinion, this is the news of the year. Ostrom’s work strikes at the heart of the human condition, and her conclusions challenge the way we think about governance, trust, and financial systems. She’s also a gifted writer.

The NYT cited Robert Shiller’s comment on the award:

“It is part of the merging of the social sciences,” Robert Shiller, an economist at Yale, said of Monday’s awards. “Economics has been too isolated and these awards today are a sign of the greater enlightenment going around. We were too stuck on efficient markets and it was derailing our thinking” ….

The committee, in effect, said that [current economic] theory was too simplistic and ignored the unstated relationships and behaviors that develop among companies that are competitors but find ways to resolve common problems. “Both scholars have greatly enhanced our understanding of non-market institutions” other than government, the committee said.

“Basically there is a common understanding that develops even among competitors when they are dealing with each other,” Mr. Shiller said, adding “when people make business contact, even competitors, they can’t anticipate everything, so an element of trust comes in” ….

In its announcement, the committee said Ms. Ostrom “has challenged the conventional wisdom that common property is poorly managed and should be either regulated by central authorities or privatized. Based on numerous studies of user-managed fish stocks, pastures, woods, lakes, and groundwater basins, Ostrom concludes that the outcomes are, more often than not, better than predicted by standard theories.”

As some of you may know, Ostrom’s work is the inspiration behind this blog (for example, see my comment at the end of this post) and my work on the Limited Liability Persona at Burton Group (for example, see the references to Ostrom in this report). So I find it remarkable and reassuring that her work is now being recognized on a global scale.

So, once a gain: Congratulations, Elinor!

The New York Times recently ran a piece called “How Did Economists Get it So Wrong?” The article is a brisk stroll through the intellectual heritage of economic theory in an effort to point out its developmental flaws. Here’s a snippet from the Times article that I think sums it up pretty well:

Yet [most economists] accepted the notion that investors and consumers are rational and that markets generally get it right.

Of course, there were exceptions to these trends: a few economists challenged the assumption of rational behavior, questioned the belief that financial markets can be trusted and pointed to the long history of financial crises that had devastating economic consequences. But they were swimming against the tide, unable to make much headway against a pervasive and, in retrospect, foolish complacency.

Profound. And there are lots of overtones in these few sentences supporting important themes on this blog. (For example, the Times article reads like a case study of my post on “The Absurdity of Certainty.” And as I pointed out in a recent post, the notion of an autonomous rational mind is a convenient contrivance, not an objective reality.)

The article first takes aim at “the notion that investors and consumers are rational” actors. Any economic theory that presumes human rationality may describe the economic activity of Utopia, but certainly not of the society we live in.

The author also asserts that trusting financial market simply as a matter of its past performance is foolish complacency. Spot on! Flashy displays of wealth more likely signal wanton exploitation than honest dealings.

So the short of it is: you can’t trust economists or the market machinery they build.

Joseph Stiglitz recently published an article in Vanity Fair that discusses many of the themes of this blog (for example, see: Let’s Not Confuse Free Markets With Freedom, America on the Couch, and 2008: The Year the Free Market Died.) A Nobel-laureate economist, Stiglitz provides historical context in making his case that free-market capitalism isn’t inevitable for the unwashed masses. According to Stiglitz, American capitalism sustained a mortal blow in its bid to become the “kind of economic system [that] is likely to deliver the greatest benefit to the most people.” He then offers this chilling dose of reality:

In America, calling someone a socialist may be nothing more than a cheap shot. In much of the world, however, the battle between capitalism and socialism—or at least something that many Americans would label as socialism—still rages. While there may be no winners in the current economic crisis, there are losers, and among the big losers is support for American-style capitalism. This has consequences we’ll be living with for a long time to come….

For a while, it seemed that the defeat of Communism meant the sure victory of capitalism, particularly in its American form. Francis Fukuyama went as far as to proclaim “the end of history,” defining democratic market capitalism as the final stage of social development, and declaring that all humanity was now heading in this direction. In truth, historians will mark the 20 years since 1989 as the short period of American triumphalism. With the collapse of great banks and financial houses, and the ensuing economic turmoil and chaotic attempts at rescue, that period is over. So, too, is the debate over “market fundamentalism,” the notion that unfettered markets, all by themselves, can ensure economic prosperity and growth. Today only the deluded would argue that markets are self-correcting or that we can rely on the self-interested behavior of market participants to guarantee that everything works honestly and properly.

Well put! Unfortunately, Stiglitz stops short of suggesting a viable alternative to  American free-market capitalism. Nevertheless, his analysis is welcome, as it reminds us of important problems a global neo-capitalist agenda must resolve.

My friends at Ping Identity announced last week a solution for enabling single sign-on (SSO) to a broad set of Google apps, taking advantage of Google’s new OpenID services. Ping’s product, PingConnect, actually uses a combination of standards, including SAML, OpenID, and OAuth to connect to other SaaS solutions, such as Salesforce.com. For a lot of people, there’s starting to be enough value here to justifiy getting and actually using an OpenID.

There’s some discussion among individuals close to various standards around how companies like Google and Ping Identity are interfering with the purity of these protocols. In my opinion, it’s great to see some of these standards being put to use in a pragmatic and productive way. (Granted, there’s a control play for the internet “identity hub” going on here, but I’ll have to take up in a follow-on post.)

My only advice to Ping is to henceforth refrain from using the word “Universal” — as in, “Universal Login for SaaS.”