Union Square Ventures Has Started Working On The Climate Crisis
Union Square Ventures announced in a blog post (below) this
morning that they are now making investments to “fight the climate crisis”
(“and earn returns for our limited partners”).
But it gets better. They have published their entire research slide deck on the
subject that they have used internally to make their case to themselves. It
talks about the major themes, trends, numbers and opportunities that they see!
So as an entrepreneur in the space, you know exactly what they are thinking
– good, bad, ugly, warts and all.
Of course, you will look at the deck and nod in some places and think they
missed the point completely in others. Which is the point! Everybody learns –
as an entrepeneur, from these very smart people who have already done some work for
you (I know from first-hand experience). And they will learn from you when you pitch to
them and disagree with them, and nobody wastes much time on reiterating what
all agree on already. I’m also fully expecting that they will update their
slides as they learn, and acknowledge major influences on their thinking as
they go, such as in their blogs.
I wish more people practiced this. On the climate and on any other subject.
Not just in VC.
Comments and questions on the JLINC protocol for Information Sharing Agreements
My friends Victor and Jim at JLINC have published
a set of technical documents that show how to implement
“Information Sharing Agreements” – contractual agreements between two parties,
where one party receives information, such as personal information, from the other
party and commits to only use the received data in accordance with the agreement.
This is basically a respectful, empowering form of today’s widespread, one-sided
“I must consent to anything” click-through agreement every website forces us to
sign. It’s respectful because:
- it is negotiated, rather than unilaterally imposed as it is the default on the internet
- the existence of the agreement, and which parties it binds, can be cryptographically
proven by both parties;
- there’s a full audit log on both sides, and so it would be difficult to “wiggle out of”
- it can’t be unilaterally changed after the fact, only terminated.
So as I read through the documents, I had some questions, and as usual, I blog them :-)
in random sequence. I will add answers to this post as I find out about them.
Q: Why is a separate DID method required? I don’t
quite understand what is unique about JLINC DIDs that are forms of DIDs can’t do, too.
Q: To create a JLINC DID, I need to post something to which URL? The spec says
but doesn’t identify a hostname. Can it be any? Or is that intended to be a centralized
service, perhaps run by JLINC, the company?
Q: How do the identifiers that the two parties use for the JLINC protocol relate to
identifiers they may use for other types of interaction, e.g. some other protocols
within in the decentralized / self-sovereign identity universe? Is a given user supposed
to have a variety of them for different purposes?
Q: Why is a ledger and its associated ledger provider required? (Actually, maybe it is
optional. But the spec says “may submit it to a Ledger of their choice to establish
non-repudiation”, so that implies the ledger is required for that purpose.)
Q: There is already a
previousId in each exchange. Wouldn’t that be sufficient for
non-repudiation if the two parties keep their own records?
Q: There is also the role of an “audit provider”. How is it different from a “ledger provider”?
And if it is, why do we need both?
Q: Are, by virtue of the ledger, the Information Sharing Agreements themselves, essentially
public or at least leaked to an uninvolved third party? Can I use JLINC to privately agree
on an Information Sharing Agreement without telling others about it? If so, what
functionality do I lose?
Q: When an AgreementURI is used to merely point to the legal text that defines the agreement,
rather than incorporating it into the exchanged JSON, would it make sense to also at least
include a hash of the agreement text? That way, a party cannot so easily wiggle out of
the agreement by causing the hoster of the agreement text to make modifications, or
claim to have agreed to a different version of the agreement.
Q: There’s a field
descendedFrom in various examples, which isn’t documented and is
always the text string
null. What might that be for?
Q: How would a
permissionEvent work in practice? Wouldn’t that require the underlying
legal text to change? Is there a description somewhere?
Q: Could one use JLINC to govern data that’s much longer, or much more complex, than
the typical small set of name-value pairs used for user registration data on consumer
websites? Can I use it, say, for the first chapter of my Great American Novel I am
sending to a publisher, permitting them to only read it themselves but not publish it
yet, or to send my MRIs to a new doctor?
Q: In a successful relationship between a Me and a B, to use the Me2B Alliance’s
terminology, it appears that the “data kimono” is gradually opened by the Me to the B.
For example, the Me may first visit a website without an account, then register (and provide
their name and e-mail address) and a month later, buy something (which requires a shipping
address and a credit card number, but only until the purchase is delivered and the data
can be deleted again). In the JLINC world, does this require a different Information
Sharing Agreement on each step? (particularly for the deletion after shipment?)
Want to buy an aged Twitter account?
From a spam e-mail:
Aged Twitter 2009 to 2015 Accounts For Sale - check new thread for new prices
The accounts are empty or with less than 50 followers.
2008 - 10$ Per Account
2009 - 9$ Per Account
2010 - 8$ Per Account
2011 - 7$ Per Account
2012 - 6$ Per Account
2013 - 5$ Per Account
2014 - 4$ Per Account
2015 - 3$ Per Account
Assuming those accounts actually exist, I can think of some political maneuverers
who would likely be interested. I’m a bit surprised at the prices.
Downloading all your data and new security risks
I’ve been playing around with the new data download features major on-line providers
like Twitter, Facebook or Google have been forced to provide to us Californians
since January 1, 2020, under the
California Consumer Privacy Act.
It’s amazing what kinds of data they have. For example, from the Facebook download
I learned that dozens of car dealerships all over the country (like, say, in Texas, where
I definitely have never gone car shopping) have my name and address. How – I have no idea.
But speak about putting all your eggs in one basket. In Google’s case, a single ZIP file
contains all your e-mail over a decade or more, your pictures, your private messages, your
location history – everything you ever used any Google product for, and many things you
never thought Google recorded about you.
If this one file fell into the hands of somebody nefarious, you’d probably be in
serious trouble – from possible financial fraud to blackmail on multiple levels,
in particular in less-liberal countries, of which there are unfortunately more and more.
The trouble would likely be much bigger than if somebody “merely” logged into your account:
because all the info is there in one place, you don’t have to look for it, you can
write scripts against it and immediately analyze it.
As Andrew Carnegie, and then Mark Twain, said:
“And Then Watch That Basket!”. The trouble is … do we? I mean … before I started
jotting down this post, I don’t recall having seen a single discussion of this threat
anywhere, and I usually pay attention to this kind of thing.
It’s hard to secure that kind of access. To be sure, I’m all in favor of me and you
being able to know every last bit of what big companies record about us, and get that
data and use it somewhere else. But that power sure comes with a lot of potential dangers.
I fully expect a wave of “GDPR” and “CCPA attacks” to occur, all focused on getting your
full archive from major service providers and “monetizing” this in various ways, plus
enabling whatever any secret police in some jurisdiction – and I use the word
“juris diction” loosely here – can come up with.
What’s the alternative? Well, those service providers not having all that data about me
in the first place! Instead, they should only be “borrowing” it from me; well, the parts
they need for something I agree to for as long as they actually need it. Then, no bulk
upload or download is necessary, and we don’t have this high-risk security problem in
the first place.
Can you trust FaceBook? Who paid $40m for overstating their numbers by up to 900%?
Sometimes we think it’s all overstated and a matter of opinion. Surely they can’t be
so untrustworthy, otherwise they wouldn’t have a business?
Well, this article
with link to the settlement describes what Facebook calls an “error” in calculating how
much time viewers spent watching certain videos on Facebook. As a result of which, I’m
told, all sorts of media outlets moved their videos from YouTube to Facebook, and then
promptly imploded because the numbers of views was much lower than expected.
Between 150% and 900%. The error, of course, was in the “up” direction.
How would you fix the climate? MIT has a simulator.
Is outlawing plastic straws enough to fix the climate? Probably not.
What about turning all cars electric? Investing in nuclear? A global hard
stop on burning coal? That might be better, but is it good enough?
Everybody has ideas, and because almost none of us, myself included,
really understand spaceship earth, we do not and cannot know just what
impact our amateur proposals would actually have in the real world.
Fortunately, MIT created a simulator where you and me can try out various
policy proposals, such as some that I just mentioned.
It’s sobering, and I’ll leave it at that. Try yourself.
Go to the simulator.
Personal Data Organization Landscape
Personal data is becoming a thing in 2020. Not just startups, but also not-for-profit
organiations have been popping up everywhere … by some count, there are now
literally hundreds (!) that are involved in it somehow. It’s hard not to get lost.
To order my own thoughts, and for the purposes of some
organizations that I’m involved
in, I’ve been working on a 2x2 or 3x3-style matrix diagram that similar to what many
startups are using to position themselves with potential investors.
Here is my currently best draft. Would love your feedback and ideas!
The first question is: if we can only pick two axes by which to classify organizations,
which are the most important ones? I’ve picked:
- whether organizations are for-profit, or help building the commons. This is obviously
a big difference. I’m also distinguishing between organizations working broadly across
the space, or focused on a particular aspect of it.
- who is the primary customer of the organization? As personal data touches both
individuals and businesses (or Me’s and B’s as we call it in Me2BA), organizations
might focus on either, or both, and that has many practical differences just like
B2B and B2C businesses are different. For this diagram, “customers” mean the entities
that provide money to the organization, through membership fees, or who buy the product
or services. (They may also have benefits for the other side, but that’s probably
common for most of them so it’s not shown here.)
Now, let’s put some example organizations into the diagram and see how they fit.
- MyData has both business and individual members. It is a very
broad umbrella organization, and so I am putting it stretching from B to Me, with a
somewhat fuzzy border between general and specific focus. (One could have specific
tendrils going out and up in the diagram, like the recent MyData Operators group.)
- The Sovrin Foundation, which runs the epynomous digital
identity network, has only businesses as its members, so I put them on the left.
It is focused on something much more specific than, say, MyData, and so it goes
further up in the diagram.
- Customer Commons is an advocacy organization for
(non-business) customers. It has a specific focus in mission and only focuses on
consumers, thus it is in the middle on the right.
- The Me2B Alliance strives to improve the relationship
between businesses and individuals, and – once its membership structure is fully
defined – will have both business and individual members, so I put it in the middle.
Does this make sense?
Hello, World of 2020
Exactly 10 years ago, in January 2010, I started a new blog. In my
I said I wanted to explore:
What’s the next decade going to be like in technology?
So I started to publish at upon2020.com.
But that stated reason wasn’t the entire reason. At the time, I was quite uneasy
about the state of technology. Uncomfortable where it seemed to be going. And where the
world at large was going — a world 18 years after the
end of history,
supposedly. I could imagine so much potential for good things to happen, but somehow
everybody’s motivations seemed to be focused on other objectives. Doing good for the
many didn’t seem to factor into it much, all public declarations about not being evil,
putting people back to work with a short dose of zero interest rates, connecting all
the world’s people and the like notwithstanding.
I didn’t feel I could comprehensibly articulate my unease, so I didn’t talk about that.
But setting up upon2020.com was a sign of bewilderment on my part. I was hoping that by writing
about what was happening in the decade to 2020, I could make sense of it and be less bewildered.
Now, it’s 2020, and the good news is that my bewilderment has passed. (So it is time to retire
the upon2020.com blog, and I will do that shortly.)
Unfortunately, the bewilderment from 10 years ago has given way to a clarity that
shows many things I’d rather not see. Where do I start? Let’s just pick three:
The political system is broken. In the US, in the UK, in many other places. Regardless of
where you stand politically, when did you last time feel it is getting better, fairly and
sustainably? Bipartisanship for the good of everybody will re-emerge just as soon as …?
It’s hard to even imagine. The same is happening on an international level. This means our
ability to decisively act is declining just as we have unprecedented global problems.
Not a good combination.
Technology is in a bad place. Just take the term “Silicon Valley”. It used to stand for
amazing new inventions that are good for everybody. That would change the world into something
much more awesome, one Comdex at a time. Now it means the unaccountable monopolies of a
handful of trillion-dollar-class companies that screw you and me and most other people on the
planet every day, 24 hours a day, in public and in our most private lives, by surveilling us,
doing things behind our back we don’t know and wouldn’t approve, by extracting much of the
economic surplus leaving an economic wasteland in many places, throwing terms of service
at us that are abusive, and so forth. Opinion surveys now have mainstream majorities for
opinions such as
“risks of new technology outweigh the benefits”. What happened? How do we undo that? Can we?
And the climate/environment. This past year, finally, the knowledge that the planet is in
bad shape has arrived in mainstream discussion everywhere. However, much of the discussion
so far is either in the earlier stages of grief (denial, bargaining), or fatally incompetent
in the understanding of exponential functions, a.k.a positive feedback loops. There will
be a second stage of reckoning when that becomes apparent. Just how do you eat if most
insects are gone, for example?
(Yes, there are positive trends, too. But the
suicide statistics tell us
where the balance is to be found.)
So Hello World in 2020, all my unease in 2010 did not prepare me for you.
So what now?
Personally, I believe this is an All Hands On Deck
situation. We have dug a hole, and need to stop what we’ve been doing, back up, and focus
on getting ourselves out. We have overshot,
and need to reverse back to what’s sustainable. We need to get out of our complacency, reject
what is clearly not leading us into a desirable future, and work like hell to put stuff in
place that will.
I think of it as a Reboot: just like what you do when your computer acts up and you’ve had
it because you actually need to get stuff done.
So this what I want to do with this blog: write about stuff that we need to stop doing,
and in particular, what we can do instead. Much will be from a technology point of view,
because I’m a geek after all. But almost all the problems we have are an inertwringled
mess of technological, economic, social/political, and now environmental challenges,
and cannot be addressed effectively piece-meal. First rule of engineering: understand
the whole system; you will need to eventually, anyway, otherwise you can’t get anything
to work reliably. So it won’t be just tech.
Fortunately, many answers are actually known, just very unevenly distributed. I am
hoping I can help surface them, and collaborate with many people to grow them, and
nurture them, and make them the normal, good, fair, sustainable thing that everybody
does instead. And focus on how we get ourselves reb00ted!
So Hello, World in 2020, let’s go!