July 24, 2008

Social Media Standards - Privacy & TOS- Initial Thoughts

I just realized that I should make public the quick listing on the Social Media Standards Privacy & Initial Thoughts that I've been floating around since May. ( corrected: I thought it was June, just checked some emails and its been floating since Mid May )

( The formatting on this may be off. It is a ReST document being shown in Markdown )

======================================================================================================

The Problem

TOS and privacy policies are insane.

Startups and Agencies spend tens of thousands of dollars codifying custom policies.
User's don't know what they're clicking on ; dense legal text often has consumer unfriendly content hidden behind unintelligible legal banter.

Confusion

If a user knew what 1/10 of the things in their agreements meant, they'd never sign.
Networks are often in the dark about what their own policies allow and prohibit

Pointlessness

Different companies have different policies, based on what they think they need to do with data as they please.
Tons of highly specific legal contracts that are expensive to write, and tough to manage.

The Solution

Social Media Standards

inspired by Creative Commons, Trust-E, IAB
simple, easy to use, consumer & corporate friendly legal policies

Dual Model for Flexibility

Layer 1 - A La Carte (Discouraged)

AKA 'The Stripe' or 'The Rainbow'
Iconic and simple to understand options across a range of privacy concerns
Sites create their own 'stack' out of the options, and can graphically display the contract to users, which leads back to simple-to-understand text on the Social Media Standards site

Layer 2 - Iconic (Encouraged)

Icons created and marketed for ~6 common-use stacks

Enforcement

Two contracts exist through this system

The website and the user.
The website and Social Media Standards. By displaying / using the Iconic, Layer, and textual contracts provided by Social Media Standards, the website enters a contract with the Social Media Standards group. Misuse of the contracts renders the website liable for breech of contract with the Social Media Standards group in addition to users.

Actual License or Guarantee ?

Continuing debate

Should the usage of icons constitute an actual usage of the license, or a guarantee to meet the qualifications for the icon/license.

Actual Usage

Simpler to manage, though most corporations will need additional terms of service to handle their needs, Displaying the SMS icons means using the corresponding SMS contract verbatim.

Guarantee

Harder to manage, but allows users to view long EULAs as with an iconic 'cliff notes'. This allows corporations more freedom in customizing their uses. Displaying the SMS icons means guaranteeing the corporate contract meets the qualifications / compatibility of the SMS contract.

Content vs Activity

Content and Activity have been separated

Content

Content is entering in text or saying "I am friends with 'PersonA@Email.com'".

Activity

Activity is the button/relation that says "uid2 is friends with uid3 on this system". ie: click-to-define friendships, favoriting, music tracking.

Summary

The rationale is that owning a 'friendslist' and an 'addressbook' are two entirely different things.

In spirit: If you are entering in the addressbook, it is your content. If you are favoriting someone, or incorporating a link to their content, it wasn't yours to begin with - its just an action, no data is uploaded.

In practice: Most of kinds of data we're talking about aren't copyrightable. They're just collections of data. Some of them are curated lists that would fall under copyrightable information, but others are just raw data.

Goals

Clear Licensing & Implementation

Flickr's use of CC is a shining example of clear and simple licensing.

Fairness to Users

MySpace is a great example of privacy fairness: Closing an account kills postings / history. Facebook claims too much ownership over entered data.

Fairness to Community

Replies are meaningless on bulletin boards, or sites like Twitter if the original posting disappears. Data ownership/licensing/use must take that into account.

Fairness to Company

In order to have standards adopted, we need companies to join in. If policies are too lax, no one will embrace them.

The Spec

Working

Terms of Service : Data Portability

Access-Content

The site guarantees a full portability API - All information entered can be exported.
The site guarantees a limited API - Most information entered can be exported.
The site makes no guarantee of an API
Automated connections are not allowed.

Access-Activity

Same options as Access-Content

Privacy Policy

Personal Information

Site can / not use for anything internal
Site can / not rent to third parties (without explicit approval)
Site can / not sell to third parties(without explicit approval)
Site does not collect or utilize information

Aggregate/Anonymous Information

Site can / not use for anything internal
Site can / not rent to third parties (without explicit approval)
Site can / not sell to third parties (without explicit approval)
Site does not collect or utilize information

Content Rights - Ownership & Licensing

The content I enter is...

copyright by me, and released under a specific CC license [A,B,C]
copyright by me, may be revoked from the network at any time
copyright me, the network has an irrevocable license to use it as I originally intended (this is compatible with also having a CC license)
copyright me, the network has an irrevocable license to use it however they see fit
has the copyright / ownsership assiged to the network on-network

The activity I enter / the network moderates is...

the network makes a promise to make ALL of this information freely available to the user
the network makes a promise to make SOME of this information freely available to the user
the network makes no promise to make any of this information freely available to the user

Content Rights - Ownership & Licensing In practice ( examples of above )

When I stop using this service

the service must destroy my content
the service may continue to publish my content unless I explicitly ask them to destroy it
the service has a irrevocable right to continue publishing my content

Content Rights - Portability, Distribution & Sharing

My content can be viewable / made portable

to no one ie: privately published
to anyone requesting it with an auth mechanism that limits/expands their scope as I see fit
to anyone requesting it

Third Party APIs may access/index my content

at their leisure
if I explicitly allow
unless I explicitly block
under no conditions

Recommended Configurations

Gazelle

A sample of the the selected Privacy and TOS points designed to be flexible for both users and networks

Access-Content

Most information entered can be exported

Access-Activity

Most information entered can be exported

Personal Information

Site can use for anything internal
Site can not rent to third parties
Site can not sell to third parties

Aggregate/Anonymous

Site can use for anything internal
Site can rent to third parties
Site can sell to third parties

Content Rights - Ownership & Licensing

The content I enter is:
copyright me, the network has an irrevocable license to use it as I originally intended

The activity I enter is...

the network makes a promise to make SOME of this information freely available to the user

When I stop using this service

the service has a irrevocable right to continue publishing my content

My content can be viewable / made portable

to anyone requesting it with an auth mechanism that limits/expands their scope as I see fit

Third Party APIs may access/index my content

if I explicitly allow

Posted by Jonathan at 4:19 PM | Comments (0)

July 19, 2008

Request for Business Plans

Rick Webb over @ The Barbarian Group just posted a company blog about "Request for Business Plans" -- a growing trend where some management team comes together and tries to get a firm to build their business concept for them:

Today’s rant: RFPs that are secretly RPBs, or Request For Business Plan. Seriously. I can’t begin to tell you how many RFPs I’ve gotten that basically are asking us to start their business for them. They want to build the next Facebook or Flickr, and want to pay us something like $50,000 to build it for them. I am at a complete loss how anyone could really think this is reasonable.

Evil RBPs

Well Rick, welcome to Web Two-Point-One-Two-Five-Four-Nine, also known as "Two-point-D'Oh!". At least these firms have had the common sense to try and get The Barbarians on board.

As you know, I've been busy the past few months leveraging FindMeOn's technology and resources with a few NYC area startups while we deal with 'those' patent/trademark issues. By some stroke of fortune, one of these companies is working with TBG -- which has kept me personally excited about the project (though it is odd to be working with old friends).

A slew of those RFBPs have been hitting my inbox and calendars as well, and I've been *amazed* at how ballsy and often grossly incompetent some of the teams are. Everyone has these great big ideas and great big eyes , but no one has any clue how to pull it off.

My most favorite recent meetings:

- Company A dropped 500k on development through PS firms to be "the next Facebook", but didn't have any in house tech or marketing or bizdev - everything was contract. They wanted my team to audit + manage tech and create a monetization strategy using our profile analytics and segmentation strategies. We didn't think they could last 3 months and declined; they lasted four before going bankrupt.

- Company B wanted to partner with FindMeOn to build a hybrid mobile/web social network for a 110Million user cellphone carrier: they would handle the front-end clients, we would handle the platform and revenue model. After a string of meetings and auditing their software, we realized they didn't have any capabilities to handle the project and were trying to get us to spec out the deal and their business plan. It was still a good opportunity, so I offered to put the deal together for them at-cost - never heard from them again.

- Company C wanted to do a hybrid in-store/mobile/web customer retention and marketing program - and got a 800k quote from a professional services firm that they wanted to bring down. We trimmed it down to 350k, they countered "What can we do for 40-80k?" They also mandated owning all the IP and everything be done as SaaS so they don't have to maintain. No one in the company seemed to have technology, mobile, or marketing experience -- or the common sense that their total budgets were likely the fixed costs on the hosting itself.

On the inverse of RFBPs you have teams with a defined and well-thought-out business plan that just happens to be the worst possible idea. One of these groups came my way with a plan that seemed pretty solid, and raised a good seed from various sources. They knew exactly where they wanted to go, and how they wanted to get there -- except they didn't have the know-how to make it happen.

The result was a strategy was fine - but wrong for the market. While their team is full of proven leaders and visionaries, no one had a good tech or advertising background, nor did they know how to appease the VC circuit for common-questions or due-diligence. Instead of selling their existing strengths, their plan was more about leveraging the expected hottness of an unrealized product -- which seriously undervalued their key market differentiators and revenue potential, and had no safeguards for when someone else offers the same exact product.

I had to convince them not hire us to do what they wanted -- I couldn't take their money and sleep at night. Thankfully, they listened. Not only is their new approach closing in on huge round but, just as I predicted, everyone-and-their-mother is now offering the same kitcshy tech they wanted to spend their budget on. Had they stuck to the original plan, they'd be out of business unable to adapt or compete -- instead they're now poised and ready to dominate a new industry that they concepted.

This got kind of longer than I meant it to, so three quick bullet points:
1. The average amount of seed capital needed to get a v1 startup beta up to VC fundable standards: 250-750k. The average online campaign (- advertising ) spend by brands: 250-750k

2. Exactly which startups successfully exited by farming out their Business Plan and entire technology to interactive agencies or Professional Services firms? I can think of one, and it wasn't a good exit.

3. Everyone is pushing towards WhiteLabel offerings. I recently sat down with one of the top-3 providers who said these words of wisdom "Our system delivers beyond belief if you have an existing brand, a solid social media strategy, and want to farm out some heavy lifting. If you're looking at us or our competitors to be a turnkey solution for your entire web strategy, you seriously need to rethink your business plan."

Posted by Jonathan at 1:15 PM | Comments (0)