[Dave Birch] I enjoyed the presentation that Christophe Langlois (Visible Banking) gave to the Financial Services Club in London and particularly the enjoyed the question and answer session afterwards. Christophe was talking about banks’ use of social media and was comparing and contrasting some different approaches that explored further in his new book “Customer Experiences without Borders” (which I won a signed copy of at the event, hurrah!). During the question and answer session, I made the point about the mismatch in the use of social media.
I don’t want to be friends with my bank—after all, I’m a typical consumer so I hate banks—but I do want to be friends with my bank account. Why can’t Barclays let me friend my current account so I can see its status updates like “Premium card fee £10.00”, “Direct Debit British Gas £37.85” and “Counter Credit £5.00” and so forth?
[From Friends and relations]
This is a point that I amplified in Retail Banker Interactive, finishing up with plea.
So a plea to my account, card and service providers: I don’t want to be friends with you, because you are corporations and not mates, but I do want to be friends with my stuff: my money, my cards, my phone. How hard can it be?
A discussion about this continued over drinks, and I am indebted to David Harris from salesforce.com for bringing a fascinating example to my attention. Apparently, Toyota are going to have a system whereby you can be friends with your car, which is a great idea.
For example, if an EV or PHV is running low on battery power, Toyota Friend would notify the driver to re-charge in the form of a “tweet”-like alert. In addition, while Toyota Friend will be a private social network, customers can choose to extend their communication to family, friends, and others through public social networks such as Twitter and Facebook.
So your friends could be friends with your car too. You might wonder why anyone would want to do this, but consider this: my sister has borrowed my wife’s car for a couple of days while she goes looking for another car, so it would be great if my sister could be friends with my wife’s car (and it would make sense for me to be friends with my wife’s car and vice versa) for a time.
What I’m not sure about is if I would want these connections to be in my hilariously-entitled “real name” or via a network like Facebook. I’m not paranoid, but I don’t want to be bombarded with crap all the time because Facebook has noticed that one of my brake pads is wearing a little thin and has sold this information to a hundred different brake pad companies around the world. And I’m sure it will only be a matter of time before some guy tracks down and murders his ex-girlfriend because she forget he was friends with her car so knows where she is.
There’s a layer of infrastructure missing here and I hope that the Cabinet Office’s Identity Assurance Programme that we were discussing yesterday is going to take this into account. They’ve finally got a budget so I hope that some of the input from the Working Groups can now be acted on.
Cabinet Office minister Francis Maude has earmarked £10m for implementation of the government’s Identity Assurance (IDA) programme,
So what has being friends with my bank account got to do with the Cabinet Office? We need an identity infrastructure for things as well as for people. I need to delegate permission to access my wife’s car to my sister just as I need to give permission for my sister to be friends with my wife’s car for a while. Right now, there’s precious little security around people, but even less around things, largely because the “internet of things” wasn’t designed with security in mind.
Typically, the person who designs the embedded software system for a car or a power grid system or a generating system are engineers who learn programming maybe as part of their engineering course, but they are not trained computer scientists or computer engineers. The point is that someone whose primary job is understanding control theory is not someone who knows anything about software vulnerabilities.
If this sounds esoteric, it isn’t. It’s a real issue that should be taken seriously as input to the deployment of devices right now. Here’s a straightforward example from Rob Bratby.
The deployment of smart meters is one of the most significant deployments of what is often described as ‘the internet of things’, but its linkage to subscriber accounts and individual homes, and the increasing prevalence of data ‘mash-ups’ (cross-referencing of multiple databases) will require these issues to be thought about in a more sophisticated and nuanced way.
So I should be able to make friends with my electricity meter and under some circumstances I might need to be friends with my father’s electricity meter but I don’t want burglars and ne’erdowells to be friends with it. It seems to me that we already sort of know how to do this sort of thing: we understand public / private key pairs, tamper-resistant stores for private keys, certificates, selective disclosure and everything else. But we’re going to end up using Facebook Connect, because it’s all too complicated for the marketing people to understand and we haven’t yet found a way of explaining it to them.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers