Trust in VRM

I recently read the market RIOT Manifesto, which gives background about an interesting initiative to get back transaction data into the hands of individuals (us). This is really interesting, as there are many things that one can do about such transaction data.

I would love to have access to my supermarket bills in an Excel sheet. This would definitely allow me to better know what items cost me the most, or how I can save some money. I could also use that data to provide information back to my supermarket (like, “That item disappeared, I really liked it”, or “That brand is great, give me more”); I am sure that they would love that. Of course, I could provide the exact same information to their competitors (they won’t like that). I could also consolidate the information from all vendors and give it back to all vendors (now, they may like that). Basically, VRM could be good for businesses as well.

We could even go further than that, by using that data to claim coupons or more, i.e., to initiate new transactions (like, “I bought 8 packs of your cereal, and I want to claim the free sample of your candy bar”). Of course, such a use is a bit more complicated, because the transaction data needs to be somehow trusted.

The manifesto also contains a part that explains how we move from a large number of relationships to a smaller number of relationships, and an even small number of transactions. We can very easily see how this applies well on relationships between humans; however, it does not really apply to commercial relationship between a vendor and a customer. The manifesto provides a clue about achieving that:

Companies need to adjust their behaviour and the flow and exchange of data between vendors and customers needs more level and balanced. The defining characteristic of such relationships is that both parties are comfortable with it, and mutually benefit from it.

One obvious part of the deal is here that vendors need to change their behavior, and act with customers in a way that makes them comfortable. In a security jargon, we would rather use the word trust: once trust is established, the comfort is there. This is easy to achieve on the B2C Web, because the receiving party is a human being, whose trust depends on more or less tangible items. However, there is also an opposite direction: vendors must be comfortable with their customers.

In that opposite direction, the vendor is often represented by some computer, especially on the Web. Computers are very different from humans, in that they don’t establish trust in the same way. They usually require a formal authentication, they verify the origin of the data, etc.

That kind of trust will be required if we get into models where the data that we get back and consolidate from different vendors can be used as the basis for a new transaction, possibly with a new vendor. In such a case, the vendor would need to verify the information in order to be “comfortable” with it.

More generally, our personal information, and in particular our voluntarily provided information, can be much more valuable if it can be trusted. In a basic example, claiming that I am 18 is an interesting way to filter minors, but backing up this claim with an id and a proof of authentication is even stronger. If I can apply similar treatment to all my personal information, then this information will be trusted (by remote computers, by strangers, etc.), making it far more valuable.

Can we work out something that achieves this with our typical “trust device”, i.e., a mobile phone and a few smart cards? We can at least try, just like people are working in marketRIOT’s MINT project to identify and recommend formats to represent data. Comment or contact me if you know of such projects, or if you are interested to start something.

No Comments

Leave a Reply

Your email is never shared.Required fields are marked *