Archive for March, 2010

Next week, SWIFT Innotribe will be hosting the European eID Interoperability Conference 2010.

It’s a great agenda with presentations by European experts on eID, and also some of the smartest SWIFT folks on identity. For example, we’ll have Jacques Hagelstein, our Chief Architect, and we’ll also run an Innotribe Lab on day-2. Check out and download the PDF agenda here.

Hosting this sort of events is an interesting win-win model, where we at SWIFT can share our great meeting and auditorium facilities and at the same time dove-tail with important topics that are relevant in our industry.

Acting like this beyond our traditional boundaries nicely fits The Medici Effect that i described in my previous post, although i am not sure we at SWIFT apply this principle always with full consciousness and intent. It does not matter, the key thing is that it just happens, and i feel confident that on this intersection of worlds some new ideas will emerge naturally.

Thinking through how we deal with company and personal identities in an on-line world, and being able to deliver this on a world-wide, predictable, resilient and secure way is one of the key value propositions of SWIFT in the financial services eco-system. SWIFT has the advantage – it’s a deliberate choice – that we are a community based venture, and a lot of services we offer adhere to standards and rulebooks that have been subscribed to by our membership. Even then, delivering this is not a sinecure.

But in this post, i’d like to take you on a journey beyond SWIFT’s ecosystem and edges, and look at what is happening in terms of identity and privacy outside our safe community walls.

My first contacts with privacy related matters date back to my Microsoft period, where I was quite involved in the Belgian eID project.


Microsoft saw Belgium as a good test ground to see what happens when a country rolls-out in a mandatory way 8 million electronic identity cards to its citizens, what applications get developed, and what needed to be done at the level of Windows, Office, MSN Chat, etc to support an identity card issued by a third party, in this case a government. At that time, I experienced the Belgian Privacy Commission more as a pain in the neck, limiting us in doing ‘”real cool things” with on-line identity. But they surely planted in my head the first seeds of some “culture” of privacy. It’s only now that i start to fully appreciate the importance of privacy, and the role of Privacy commissions and alike.

Now the Belgian eID cards are rolled out, we even look at a second and third generation, but the number of applications that are really leveraging the eID on a day-to-day basis are disappointingly low.

Already when the first eID cards got rolled out, it appeared to me that the card was already a dated old-fashioned way of dealing with identities. It does not make a difference whether we talk here about a smart-card, a USB token, or whatever other hardware device.

The point i am trying to make is that

the model of an identity “card”

does not match anymore

the online realities of today

The “card” is an artifact of the physical world, and we try – in vain – to squeeze all sort of on-line concepts into an off-line model.

The next occasion where I felt something was wrong with our model, was when i saw the demo of Intelius Date Checker. See also my post on “privacy is dead” for more details on this application. I was shocked that nobody in the audience made any reflection on the huge privacy issues at stake here. It must have been American culture ?

Then a couple of months ago, there was the famous debate launched by Mark Zuckerberg of Facebook, where he basically suggested to change the paradigm with 180°: in stead of considering "private” as the default setting of personal data and letting the user decide what data he releases to whom, he suggested “public” as the default setting, forcing to “un-public” data the user did not want to make public and keep private. See also ReadWriteWeb coverage here. Unfortunately for Zuckerberg, there was around the same period an article about a Facebook employee revealing how much privacy data they have access to by for example super-admin passwords and alike.

And even ex-colleague Paul Shetler took the pain to scream out his frustration on why public as a default really does not make sense.

It all makes me feel very uncomfortable how much i have to believe from Mark Zucherberg or Eric Schmidt when they are behaving like the white-knights of privacy.

It looks to me that

privacy is out-of-control


and that they would like to officialise the dead of privacy by declaring “public” as the new norm. It looks to me as privacy has become


too complex to fix it


Via Facebook, Google Buzz, Twitter, etc, etc, there is already too much data out there. Fixing this taking into account regional and country laws and regulations must be a real nightmare for the Facebooks and alike.

It’s an interesting debate what should be the default: privacy or publicy. And Stowe Boyd rightly adds the dimension of “sociality”. Because you release some info about yourself consciously (when participating on social media, your really want people to know about yourself and your preferences) or passively (by accepting blindly the privacy notices on Facebook and alike. Some related info on sociality here.

This aspect of passive privacy is really well explained by David Birch. He recently wrote a whitepaper: “who do you want to be today ?” and “Kissing Phones”. Check-out here. And just a couple of weeks ago, David wrote this fantastic post about Moving to Privacy 3.0

And the big boys are feeling the pressure. A couple of years ago the audience at the Gartner IT Symposium in Cannes was still having fun with “The Great Google Hack” scenario. This session was part of an “Unconventional Thinking” set of sessions with following disclaimer from Gartner: “This research doesn’t have the full Gartner seal of approval (we call them Mavericks internally).” Today this is not just a scenario but getting very real. I am just picking one of the thousands of articles that have been written on the Google China hack described as the privacy breach of the year.

Let’s throw in some additional dimensions, so that you as novice reader on this subject really start feeling the pain.

  • What have you browsed ? Interesting reflections by Microsoft’s Chief Architect Identity on “browser fingerprints”. Btw, Kim is confirmed speaker at the eID Interoperability Conference next week.
  • Where have you been, and how your iPhone becomes a spy-phone here and here
  • What have you bought recently ? How you can let a service like Blippy stream your purchases online.
  • Who have you slept with ? Given some’s willingness to post all their data online, and the rising casual nature of some behavior, this isn’t so far out of reach to be completely ridiculous.
  • Add to this things like Facesence MIT, about mind-reading
  • Bodyscanners about being “sniffed-out” by chemical noses.
  • Did you take your pil and when. In essence about “body-surfing” and RFID like tracking inside your body.
  • Please rob me, in essence about real-time location tracking

Some suggested solutions for all this go into the direction of




Trusted entities that are the safe-harbor for keeping these personal data. Or even distributed models of “gatekeepers” certification.


The recent announcement at the March 2010 RSA Conference of the Open Identity Exchange (OIX) goes in this direction. Please note that this initiative is backed by industry leaders Google, PayPal,Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton.

However, I don’t think it will work, and i am not alone, although from a different perspective (see below on PETs). I think it won’t work, because in the open online world, it will not be acceptable that somebody or some company sits in the middle of all this identity hocus-pocus, and controls our world. The internet has just become way too distributed to accept this sort of models. Maybe this works in a closed community (vertical or other) where users subscribe to a common set of standards and rules), but not on the open internet.

One possible route are PETs (privacy enhancing technologies).  For example, Stephan Engberg, one of the speakers at the European Commission’s December 2009 workshop talks about security (and privacy) “in context” and seems to be a big advocate of PETs. Check-out an interesting debate here.

The word “context” is very important here.

To come back to the beginning of this blog post, i believe we have to change the old eID model to a model where we acknowledge that the personal data are highly distributed on the net today and are dealt with “in context”.

Personal data sits everywhere, and you really can start imagining “data weavers” or “identity weavers” that combine these individual sets of personal data into new sets of relevant information, based on the context of usage.

The concept of data-weavers was already introduced in my guest blog “Digital Identity Weavers” by Gary Thompson from CLOUD, Inc.


I repeat myself by saying that this CLOUD vision goes way beyond the web of pages, goes way beyond the early thinking on Semantic Web. It is in essence proposing an identity architecture for the Internet. Because the internet is broken. It was never designed with identity in mind.

Its about user control of personal data.

It’s about context awareness.

It’s about who i am, how i am, and

what i do and intend to do in an on-line world.

But we all have problems in imagining how such standard and supporting system might work.

How it would look like ?


And then suddenly last night the pieces seemed to fall together. What if we start thinking about this in a way similar to “Information Right Management” (probably called something else today), something that Microsoft built as a feature in Microsoft Office, and basically put the user in control of what somebody could do with his documents. Mind you, this is about “USAGE” rights, not access-rights.

In Microsoft Office this was visualized by the “do not pass” sign.

By clicking on that icon, you – as the user – can control whether somebody can cut-and-paste from your document, whether they can print it, forward it, etc.

We need a standard that makes it possible to control/manage the usage-rights of the different pieces of our personal data that are distributed over the internet. And then we need to let play the competition on how this standard gets implemented in our day-to-day tools. Maybe by a clickable icon, maybe something else. Would be great to let Heads of User Experiences have a go at this.

But maybe it is too late. Maybe there is already so much data out there, that there is no way to 1) find where they are and 2) give back the control to the user/owner of the data. The breach already happened.

To conclude, get inspired by this NYT article “Redrawing the Route to Online Privacy”

So if the current model is broken, how can it be fixed? There are two broad answers: rules and tools.

“Getting this balance right is critical to the future of the Web, to foster innovation and economic growth,” Mr. Weitzner said.

Whatever the future of regulation, better digital tools are needed. Enhancing online privacy is a daunting research challenge that involves not only computing, but also human behavior and perception. So researchers nationwide are tackling the issue in new ways.

At Carnegie Mellon University, a group is working on what it calls “privacy nudges.” This approach taps computer science techniques like machine learning, natural language processing and text analysis, as well as disciplines like behavioral economics.

How would all this be relevant for our financial services industry ? One example would be to apply semantic web technologies to Corporate Actions. For folks at SWIFT it’s pretty obvious that we can apply our semantic knowledge to the data in the “messages” that are exchanged between parties of Corporate Actions.

What seems less obvious is to apply the same semantic tagging techniques to the personal data and attributes of the persons who participate in a Corporate Action transaction.

In essence this is about applying the CLOUD concepts. It’s about setting new standards and rules in this space. And are standards not one of the cornerstones of SWIFT.

It would be great to build an innovation prototype to educate our community on the power of semantic web.

I call this the “Identity Rights System 3.0”

UPDATE: apparently the subject is red-hot at SXSW in Austin this week. Check out Danah Boyd at SXSW “Privacy is not dead”

Read Full Post »


The Medicis were a banking family in Florence who funded creators from a wide range of disciplines. Thanks to this family and a few others like it, sculptors, scientists, poets, philosophers, financiers, painters, and architects converged upon the city of Florence. There they found each other, learned from one another, and broke down barriers between disciplines and cultures.

Together they forged a new world based on new ideas—what became known as the Renaissance. As a result, the city became the epicenter of a creative explosion, one of the most innovative eras in history. The effects of the Medici family can be felt even to this day.

These introductory words come from a book “The Medici Effect: What Elephants and Epidemics Can Teach Us About Innovation: What You Can Learn from Elephants and Epidemics” by Frans Johansson (Author).

The book is not that new (it dates from 2006), but it is very relevant to today’s innovation challenges. You can find the book on Amazon.com via the links above, but there is also a free PDF summary here and a Google Book edition here. And obviously, there is the website www.themedicieffect.com .

There was also a 2004 book The Medici Effect: Breakthrough Insights at the Intersection of Ideas, Concepts, and Cultures

The core of these books is about two types of ideas:

  • Directional ideas
  • Intersectional ideas

Directional innovation improves a product in fairly predictable steps, along a well-defined dimension. Examples of directional innovation are all around us because they represent the majority of all innovations. This is what we call incremental improvements (Innovation is in my opinion a bit on the optimistic, even window-dressing side).

The goal is to evolve an established idea by using refinements and adjustments. The rewards for doing so are reasonably predictable and attained relatively quickly. People and organizations do this all the time through increasing level of expertise and specialization. It is absolutely necessary if one does not wish to squander the value of an idea. Even an intersectional idea will, once it has become established, develop and evolve along a specific direction.

Intersectional innovations, on the other hand, change the world in leaps along new directions. This is what Guy Kawasaki calls “jumping the curve”. These ideas are game changers. I am preparing a whitepaper on how NIBC (Nano, Info, Bio, Cogno)) technologies are major game changers.

Although intersectional innovations are radical, they can work in both large and small ways. They can involve the design of a large department store or the topic of a novella; they can include a special-effects technique or the product development for a multinational corporation.

In summary, intersectional innovations share the following characteristics:

  • They are surprising and fascinating.
  • They take leaps in new directions.
  • They open up entirely new fields.
  • They provide a space for a person, team, or company to call its own.
  • They generate followers, which means the creators can become leaders.
  • They provide a source of directional innovation for years or decades to come.
  • They can affect the world in unprecedented ways.

The Medici Effect is about bringing together people of different fields of expertise and

let the magic of

cross-fertilization of ideas



What sort of people do we need to invite ? In essence, we are looking for people who succeeded at

breaking down

their associative barriers


because they did one or more of the following things:

  • Exposed themselves to a range of cultures
  • Learned differently
  • Reversed their assumptions
  • Took on multiple perspectives

The explosion of concept combinations at the Intersection can offer a myriad of uniquely combined, extraordinary ideas.


I have a dream


That we can turn Innotribe.com into a Medici Effect: the place where different disciplines find each other, and through that intersection come up with intersectional innovations.


I have a dream


That we can turn the SWIFT Campus into a hosting environment, where we facilitate those intersections to happen.


I have a dream


That i can blend my personal interest of creating a Think Tank on Long Term Future with my professional endeavors at SWIFT.


I have a dream


That together we can write The Readiness Manifesto. The strategies and focus areas to prepare the Net.Generation – the 20-25 years old of today – to stand up as our leaders in 20 years from now in 2030.

But NIBC technologies are not the holy grail. There was a fantastic quote in one of Fred Destin’s latest blogs on Venture Capital 2.1:

The fundamentals of the business have changed.  Technology is a quasi-commodity, the spread of ideas is instantaneous, competition is global, in other words the market is more efficient.

“Technology is a quasi-commodity”


Wow ! So what will be your differentiator ?

I believe it will be in the HOW of delivering products and services. And i can’t help re-quoting Umair Hague in his Good to Great Manifesto and my related post some days ago. Umair Hague proposes a number of new corporate principles:

  • First how, then who: “Do our people have the capacity to judge right and wrong, no matter how great they are?”
  • The Yoda/Hedgehog concept: “companies should only do what they can be great at, what makes tons of money, and what they’re passionate about.”
  • Ethical accelerators: “”transparency, openness, rules, and accountability. Most companies have not a single one of these”
  • A culture of meaning: “Production and consumption are meaningful when they actually yield durable, tangible benefits to people, communities, and society”
  • Confront reality:” Banks, for instance, confronted the “brutal fact” that selling toxic financial instruments was great for their bottom line. But they never confronted the simple reality that a classic asset bubble in housing was failing to do good.”

So, the question is not only “What will be the technical readiness kit that we will need to provide ?”.

The question really is:

What will be the value kit

that will have to underpin

this highly technological environment ?


As i mentioned in a previous post, I have accepted an opinion article/essay on technical readiness for The Fifth Conference. See also my posting “No more collateral damage”.

Below an extract of my initial input for this essay:

We must carefully analyze and think-through on how all this will influence the way we will and want to live and work in the future. What sort of life-quality we aim for? What the socio-economic impact of all this may be? How we want education to be organized? Where we still can and want to influence? How are we going to deal with the Technical and Value Readiness of our region to be competitive in this new era ? To lead the change, and not only be mediocre followers?

I believe it’s time for action. I believe The Fifth Conference and its natural network of inspiring leaders bears deep in itself the embryo for a sort of “think-tank/foundation” on long term future. A movement and an energy that prepares our Net-Generation for the next 20 years. To focus on our technical and value readiness. A place where “smart people” can meet. Where experts from different technological domains share their insights for 2030. Cross-fertilizing each other’s disciplines. With “savants” from different contexts & worldviews that can act as our “eyes” and offer a perspective on how we will live, work in 2030.

Or will we find ourselves in 2030 like this medieval knight trying to get his cup of coffee in the local deli ?



No, in 2030 we want our children to be in a position to lead and not be the “behaving” followers in some old-European country that is by-passed by countries and regions that work at the speed of light, that have higher education standards, higher ethical standards, in other words who have found the “how-differentiator”.

My desire is to create

a movement

a tribe

a Medici Effect


where the dream can come true.

Who feels connected ? Who would like to join this tribe ?

Let me know via the comments of the blog, or contacting me directly. Please also let me know where the model flaws. What you would add to it ? Do you believe i am on to something or just living an illusion ? Let me know.

Read Full Post »

%d bloggers like this: