Privacy

My response, two years ago to the NSTIC (National Strategy for Trusted Identities in Cyberspace) Program Office issued Notice of Inquiry about how to govern an Identity Ecosystem included a couple of models that could be used to help a community of companies & organizations in an ecosystem co-create a shared picture. A shared co-created picture is an important community asset to develop early on because it becomes the basis for a real conversation about critical issues that need to be addressed to have a successful governance emerge.
The Privacy Committee within NSTIC has a Proactive Privacy Sub-Committee and before I went on my trip around the world (literally) a month ago.  I was on one of the calls and described Value Network Mapping and was invited to share more about the model/method and how it might be used.
Value Network Maps are a tool that can help us because both the creation of the map and its subsequent use by the companies, organizations, people and governments that are participating strengthens the network.   This is important because we are dealing with a complex problem with a complex range of players. In the map below we are in the top left quadrant – we NEED strong networks to solve the problems we are tasked with solving.  If we don’t have them we will end up with Chaos OR we will have a hierarchical solution imposed to drive things towards the complicated and simple but …given the inherent nature of the problem we will NOT fully solve the problem and fall off the “cliff” on the edge between simplicity and into chaos.
(In this diagram based on the cynefin framework developed by David Snowden architect of children’s birthday parties using complexity theory and the success of Apolo 13 )

 
So – what is a Value Network Map?
It models technical & business networks by figuring the roles in any given system and then understanding the value that flow between different roles.  Value flows include payment for the delivery of goods or services (these are tangible deliverables) but also intangible deliverables such as increased level of confidence because information was shared between parties (but was not contractually obligated and no payment was made).
Drawing from Verna’s book/site that lays out how to do it. There are four steps to a value network map.
1. Define the scope and boundaries, context, and purpose.
2. Determine the roles and participants, and who needs to be involved in the mapping.
3. Identify the transactions and deliverables, defining both tangibles and intangibles.
4. Validate it is complete by sequencing the transactions.
 
I’ve worked on several value network mapping projects.
I worked with the Journalism that Matters to document he old and new journalism ecosystem.I have lead several community Value Network Mapping efforts.


This projects highlights how the method can be used to talk about a present/past state about how things happen “now”. How do people today or 20 years ago share verified attributes with business and government entities one does business with?  If we understand the roles that exist in a paper based version/world How do those roles change in a future enable with technology and how do the value flows change and what new roles are created/needed?
A value networm map can be used to map the flow of rights and duties between different roles in an ecosystem can also be considered along with the flow of monetary and other value.
Two years ago I went with Verna Allee (the innovator of the method) to  the Cloud Identity Summit  to work on a map for my organization the Personal Data Ecosystem Consortium focused on the “present state” map to explain what currently happens when someone visits a website and clicks on an add to go buy something and then is asked to provide identity attributes.
We took this FCC submitted map that has the individual at the center and data flows to the businesses, government and organizations they do business with and is sold on to Data Brokers and then Data Users buy it to inform how they deal with the individual all without their awareness or consent.

 
We added in a wrinkle to this flow and asked what happens when an individual has to prove something (an attribute) about themselves to make a purchase.
Our hope was to do this and then work on a future state map with a Personal Cloud provider playing  a key role  to enable new value flow’s that empower the  Individual with their data and enabling similar transactions.
This is best viewed in PDF so if you click on the link to the document it will download.
Creating this map was an interactive process involving involved two dozen industry professionals that we met with in small groups.  It involved using large chart paper paper and post-it notes and lines on the map.   We came into the process with some of the roles articulated, some new roles were added as we began mapping with the community.
An example to give you a sense of what it looks like when you do it in real life is this map that shows how trust frameworks & the government’s reduction of risk in the credit card system.

This was a small piece of the original map for the Personal Data Ecosystem (it did not end up getting included in the PDF version).  The roles are the orange flowers and the green arrows are tangible value flows and the blue arrows are intangible value flows.
So how could the Proactive Privacy Sub-Committee use this method?
At an IIW11 one of the practitioners of value network mapping came to share the method and we broke up into smal groups to map different little parts of an identity ecosystem. We had a template like this picking four different roles and then beginning to map.

The exercise is written about here on Verna’s website.
Scott David was a community member there and really saw how it was a tool to understand what was happening in systems AND to have a conversation about the flow of rights and responsibilities flow.
The method is best done face to face in small groups.  It helps if the groups are diverse representing a range of different perspectives.  A starting point is a use-case a story that can be mapped – what are the roles in that story and then walking through the different transactions.
So how do we “do” it. Well a starting point is for those interested in helping lead it to identify themselves in the context of the pro-active privacy committee.  We should work together  to figure out how we lead the community using this process to figure out the privacy implications and see where the money flows for different proposed solutions.
We can try to do a session at the upcoming July or October plenary.
We could also organize to do some meetings at:

• conferences in the next few months were we can identify 5-10 interested IDESG members to participate in mapping an ecosystem chunk for an hour or two.
• in cities around the country where we identify 5-10 folks who want to spend an hour or two mapping an ecosystem chunk.

It would be great if we decide to do this that the Secretariat lead by Kay in her role as Executive Director of the IDESG can support us in organizing this (That is why we are paying htem 2.5 million buck s to help us  do the work of  organizing in a meaningful way.
I am friends with Verna Allee and can ask her for advice on this however I think the kind of help/advice we need to really use this method and do it WELL would behove us to actually use NSTIC IDESG moneys to hire Verna to engage with us in a serious way. When I wrote my NSTIC NOI I did so thinking that their would finally be monies available to pay people to do community conference building work like this.  Perhaps it is not to late to do so.