So I was particularly interested to see the following three separate items appear in my blogreader today.
|Identity Theft and Brand Damage ||Silicon.com via Emergent Chaos ||A UK charity had its donor list stolen by a hacking gang, which then proceeded to beg funds from the same donors. ||this is being described as a security breach |
|Software as a Service ||Cindy Cohn via Tecosystems ||"If information about you is stored on your own computer, it's generally not available to others unless they are able to hack your machine or serve legal process on you. In contrast, if information about you is stored on Google's computers, the law generally treats it as Google's, not yours."||this is being described as a privacy issue |
|Platforms and Stacks ||Jon Battelle via Simon Bisson ||Alexa (part of Amazon) is exposing its index for commercial reuse, via a series of web services. ||this is being described as a ground-breaking innovation |
I proceeded to put two and two and two together and make fifteen. What if Charity X had used a Google-like CRM service to maintain its donor list? What if Charity Y had performed some specialized webservice-enabled search on the data, and happened to retrieve a list that was (by a remarkable coincidence) identical to Charity X's donor list? Whose trust is betrayed in this scenario, and by whom?
There are undoubtedly new business risks that emerge whenever we make a significant change in platform. (That's not to say we shouldn't change, merely that we need to do it with our eyes open. As Stephen O'Grady puts it, "the point here is not to be alarmist, but rather to build awareness".) The new technologies of interaction carry the potential of new forms of sociotechnical intimacy, which may take a little getting used to.
Most importantly, sociotechnical shifts like these may cause us to rethink whether we really own the data (or knowledge) we thought we owned. If an email platform can use email content to target advertising, if a communication platform can analyse message traffic to identify friendship clusters, what else is fair game?
Ultimately this comes down to an important strategic choice. Do we want intimate relationships with intelligent service providers, who can interpret (and customize) both content and context to provide deeper service value? Or do we want arms-length relationships with service providers that don't know us from Adam? Where does the platform stop and the true service begin?
Technorati Tags: asymmetry risk security service-oriented SOA trust