RSS

API Privacy News

These are the news items I've curated in my monitoring of the API space that have some relevance to the API definition conversation and I wanted to include in my research. I'm using all of these links to better understand how the space is testing their APIs, going beyond just monitoring and understand the details of each request and response.

Open Data And API Efforts Rendered Useless When Privacy Is Ignored

On the second anniversary of the Open Government Partnership (OGP), where we are celebrating a "global effort to encourage transparent, effective, and accountable governance", and that:

OGP has grown to 60 countries that have made more than 1000 commitments to improve the governance of more than two billion people around the globe. OGP is now a global community of government reformers, civil society leaders, and business innovators working together to develop and implement ambitious open government reforms and advance good governance.

That is some pretty significant platform growth! While reading this I'm reminded of how any amount of perceived growth and value delivered via an "open data or API platform" can be immediately muted by the omission of very fundamental building blocks like privacy.

Let's review the building blocks of the Open Government Alliance:

  • Expand Open Data - Open Data fuels innovation that grows the economy and advances government transparency and accountability. Government data has been used by journalists to uncover variations in hospital billings, by citizens to learn more about the social services provided by charities in their communities, and by entrepreneurs building new software tools to help farmers plan and manage their crops. Building upon the successful implementation of open data commitments in the first U.S. National Action Plan, the new Plan will include commitments to make government data more accessible and useful for the public, such as reforming how Federal agencies manage government data as a strategic asset, launching a new version of Data.gov, and expanding agriculture and nutrition data to help farmers and communities.
  • Modernize the Freedom of Information Act (FOIA) - The FOIA encourages accountability through transparency and represents a profound national commitment to open government principles. Improving FOIA administration is one of the most effective ways to make the U.S. Government more open and accountable. Today, the United States announced a series of commitments to further modernize FOIA processes, including launching a consolidated online FOIA service to improve customers’ experience and making training resources available to FOIA professionals and other Federal employees.
  • Increase Fiscal Transparency - The Administration will further increase the transparency of where Federal tax dollars are spent by making federal spending data more easily available on USASpending.gov; facilitating the publication of currently unavailable procurement contract information; and enabling Americans to more easily identify who is receiving tax dollars, where those entities or individuals are located, and how much they receive.
  • Increase Corporate Transparency - Preventing criminal organizations from concealing the true ownership and control of businesses they operate is a critical element in safeguarding U.S. and international financial markets, addressing tax avoidance, and combatting corruption in the United States and abroad. Today we committed to take further steps to enhance transparency of legal entities formed in the United States.
  • Advance Citizen Engagement and Empowerment - OGP was founded on the principle that an active and robust civil society is critical to open and accountable governance. In the next year, the Administration will intensify its efforts to roll back and prevent new restrictions on civil society around the world in partnership with other governments, multilateral institutions, the philanthropy community, the private sector, and civil society. This effort will focus on improving the legal and regulatory framework for civil society, promoting best practices for government-civil society collaboration, and conceiving of new and innovative ways to support civil society globally.
  • More Effectively Manage Public Resources - Two years ago, the Administration committed to ensuring that American taxpayers receive every dollar due for the extraction of the nation’s natural resources by committing to join the Extractive Industries Transparency Initiative (EITI). We continue to work toward achieving full EITI compliance in 2016. Additionally, the U.S. Government will disclose revenues on geothermal and renewable energy and discuss future disclosure of timber revenues.

How can you argue with that? Its very sensible set of open government platform building blocks right? However, when you look at the bigger picture you realize there is a significant building block, that us in the tech sector have realized is essential to a healthy platform ecosystem missing:

  • Citizen Data Privacy - Ensuring that government respects the online privacy of each and every U.S. citizen, preventing unwanted harvesting of private data or meta data that exists in cloud environments, computer and mobile devices as well as transported across telecommunications infrastructure locally or abroad. When privacy is compromised in the name of law enforcement or national security, the laws, rules and procedures around these accepted situations are made publicly accessible.

It is great that our government is committed to expanding open data, increasing transparency and efficiently engaging citizens, and sensibly manage public resources. However if our government wants to act as an open platform, just like any private sector platform, they must respect user privacy.

Without ensuring privacy for users, it doesn't matter how forward thinking your open data, information and API strategy is. Privacy and security are essential building blocks any private or public sector entity looking to build an open platform.

Nice work around the Open Government Partnership, but without addressing the privacy of citizens it is rendered pretty useless.


Access, Interoperability, Privacy and Security Of Technology Will Set The Stage For The Future of Education

In 2010 when I started API Evangelist I saw the technological potential of APIs, but while the rest of the online space was focused on what APis could do for developers, I was focused on what APIs could do for the average person. APIs don't just open up access for developers, they open up access for end-users, introducing interoperability, data portability and ultimately tools that give them control over their own data, content and other valuable resources.

This realization has been central to my mission at API Evangelist, which is about educating the masses about APIs. What is an API? Why are APIs important? I strongly feel that APIs empower end-users to make better decisions about which platforms they use, which applications they adopt, and gives them more ownership, control and agency in their own worlds. When you help an individual understand they can host their own Wordpress blog and migrate from the cloud hosted version of Wordpress, or migrate their blog from Blogger to Wordpress via APIs, you are giving the gift of web literacy.

Leading technology platforms like Amazon, Google, eBay and Flickr have long realized the potential of opening up APIs and empowering end-users. Since then, thousands of platform providers have also realized that opening up APIs enables developers and end-users to innovate around their platform and services, and that there is much more opportunity for growth, expansion and revenue when end-users are API literate. Users are much more likely to adopt a platform and deeply integrate it into their personal or business lives, if they are able to connect it with their other cloud services, taking control and optimizing their information and work flow.

Helping business owners, developers and end-users understand the potential that APIs introduce is essential to the future of education, and will be the heart of a healthy and thriving economy. There is a key piece of technology that reflects this new paradign and is currently operating and thriving across the web, called oAuth. This open authentication (oAuth) standard provides the ability for platforms to open up access to content and data that enables developers to build web and mobile applications, but in a way that gives the control to end-users, who are ulimately the owners of a platforms content and data, and are the target of the applications that developers are building.

oAuth has introduced a new online dance, that is widely known as three-legged authentication, and is being used across common platforms from Google to Facebook, allowing end-users, developers and platforms to interact in a way that makes the Internet go round. If any of these three legs are out of balance and security or privacy is compromised, or one of the players is not educated and exploitation occurs, the cycle quickly breaks down. This delicate balance encourages all three legs to be educated, empowered and in control over their role in this critical supply chain of the Internet.

Online platforms, and the web and mobile applications that are built on them, are playing an ever increasing role in every aspect of our personal, professional and public lives, from turning in class assignments in high school to paying our taxes as adults. APIs and oAuth are being used as the pipes and gatekeepers for everything from photos and location data to our vital healthcare records. These online platforms will play a central role in our education from infancy to retirement, and being educated, aware and literate in how these platforms operate is essential to it all working--for everyone involved.

The future of education depends on all online platforms providing access, interoperability and data portability, while also fully respecting end-users privacy and security and investing in their education about these features and the opportunities they open up. Education will continue to exist within traditional institutions, but will persist throughout our lives in this new online environment. It is imperative that every citizen possesses a certain level of web literacy to be able to learn, grow and evolve as a human being in this increasingly digital society.

I will be speaking at OpenVA, Virginia’s First Annual Open and Digital Learning Resources Conference on this topic and continue to work this message into my overall API Evangelist message. The link between APIs, the access they provide, and education is critical. It is something that I feel provides just as many opportunity for exploitation as it does for benefiting end-users, developers and platforms--requiring a great deal of transparency and scrutiny.

Lots to think about, and discuss.  I look forward to seeing you at University of Mary Washington for OpenVA.


API Monetization In The Internet of Things @ Nordic APIs

I have a panel this week at Nordic APIs called Business Models in an Internet of Things, with Ellen Sundh (@ellensundh) of Coda Collective, David Henricson Briggs of Playback Energy, Bradford Stephens of Ping Identity and Ronnie Mitra(@mitraman/a>) of Layer 7 Technologies. My current abstract for the panel is:

As we just begin getting a hold on monetization strategies and business models for APIs delivering data and resources for mobile development. How will we begin to understand how to apply what we have learned for the Internet of Things across our homes, vehicles, sensors and other Internet enabled objects that are being integrating with our lives.

In preparation for the event I am working through my thoughts around potential monetization strategies and business models that will emerge in this fascinating adn scary new world where everything can be connected to the Internet---creating an Internet of Things (IoT).

Where Is The Value In The IoT?
When it comes to monetizing APIs of any type, there first has to be value. When it comes IoT where is the value for end-users? Is it the device themselves, is it the ecosystem of applications built around a device or will it be about the insight derived from the data exhaust generated from these Internet connected devices?

Evolving From What We Know
After almost 10 years of operating web APIs, we are getting a handle on some of the best approaches to monetization and building business models in this new API economy. How much of this existing knowledge will transfer directly to the IoT? Freemium, tiered plans, paid API access and advertising--which of these existing models will work, and which won't.

Another existing model to borrow from when it comes to IoT is the telco space. The world of cellphone and smart phones are the seeds of IoT and one of the biggest drivers of the API economy. How will existing telco business models be applied to the world of IoT? Device subsidies, contracts, data plans, message volumes are all possible things that could be borrowed from the existing telco world, but we have to ask ourselves, what will work and what won't?

Will Developers Carry the Burden?
When it comes to API access, developers often pay for access and the privilege of building applications on top of API driven platforms. Will this be the case in the IoT? Will the monetization of IoT platforms involve charging developers for API usage, number of users and features? Is this a primary channel for IoT device makers to make money off their products? In the beginning this may not be the case, with providers needing to incentivize developers to build apps and crunch data, but it is likely that eventually developers will have to carry at least some of the burden.

Micro-Payment Opportunities
The payment industry is booming in the API Economy, but micro-payments are still getting their footing, doing better in some areas than others. Certain areas of IoT may lend itself to applying micro-payment approaches to monetization. When you pass through toll booths or parking, there are clear opportunities for micro-payments to engage with Internet connected automobiles. Beyond the obvious, think of the opportunities for traffic prioritization--do you want intelligence on where you should drive to avoid traffic or possibly pay per mile to be in a preferred lane? Another area is in entertainment, in generating revenue from delivering music, audiobooks and other entertainment to drivers or passengers in IoT vehicles and public transportation.

Will IoT Be All About The Data
As we sit at the beginning of the era of big data, driven from mobile, social and the cloud, what will big data look like in the IoT era. Will the money be all about the data exhaust that comes from a world of Internet connected device, not just at the individual device and the insight delivered to users, but at the aggregate level and understand parking patterns for entire cities or the electricity consumption for a region.

Security Will Be Of High Value In IoT
We are already beginning to see the importance of security in the IoT world, with missteps by Tesla and camera maker TRENDnet. Will security around IoT be a monetization opportunity in itself? Device manufacturers will be focused on doing what they do best, and often times will overlook security, leaving open huge opportunities for companies to step up and deliver b2b and b2c security options and layers for IoT. How much will we value security? Will we pay extra to ensure the devices in our lives are truly secure?

I Will Pay For My Privacy In An IoT World
When all devices in my life are connected to the Internet, but also the world around me is filled with cameras, sensors and tracking mechanisms, how will privacy change? Will we have the opportunity to buy privacy in an IoT world? Will the wealthy be able to pay for the privilege of being lost in a sea of devices, not showing up on cameras, passed by when sensors are logging data? Privacy may not be a right in an IoT world it by be purely something you get if you can afford it. Will companies establish IoT business models and drive monetization through privacy layers and opportunities?

A IoT Las Vegas for Venture Capital
With IoT centered around costly physical devices, and potentially large platforms and networks, will anything in the IoT space be able to be bootstrapped like the web 2.0 and mobile space was? Or will all IoT companies require venture capital? At first glance IoT looks like a huge opportunity for VC firms, allowing them to specialize for the win, or gamble on the space like they would in Las Vegas.

Will We Plan For Monetization Early On In IoT?
When it comes to IoT, it is easy to focus on the monetization the physical device, either leaving money on the table with new an innovative ways of generating revenue, or possibly having monetization strategies that are behind the scenes and not obvious to users--something that could be damaging to security, privacy and overall trust in the IoT space.

We learned a lot from mistakes made in early social, cloud and mobile API monetization. We need to make sure and have open conversation around healthy IoT business models and monetization strategies. Generating revenue from IoT needs to be a 3-legged endeavor that includes not just IoT platform providers, but sensibly includes ecosystem developers as well as end-users.

The world of IoT is just getting going, but is picking up momentum very quickly. We are seeing IoT devices enter our homes, cars, clothing, bodies and will become ubiquitous in the world around us, embedded in signs, doorways, roadways, products in rural and metropolitan areas. It is clear there is huge opportunities to make money in this new Internet connected world, but let's make sure and have open conversations about how this can be done in sensible ways to make sure the IoT space grows in a healthy and vibrat way.


Balancing Commercial, Non-Commercial, Privacy and Ownership In The World of APIs

I just spent 30 minutes on the phone with an important group in the European Union called OPENi, which is aiming to be an open-source, web-based, framework for integrating applications with cloud-based services via APIs. Straight from the organization's mouth:

OPENi aims at inspiring innovation in the European mobile applications industry, by radically improving the interoperability of cloud-based services and trust in personal cloud storage through the development of a consumer-centric, open source mobile cloud applications platform.

I will be providing feedback and guidance as a member of the group's user advisory board. While on the call today, there was a mention of concerns around being seen as the usual, heavy handed EU entity that is too focused on user privacy and ownership, which could prevent the group from being well received, but also ignore the economic opportunities APIs and interoperability afford businesses, developers and end users.

This is a reminder for me of how EU tech companies, and the countries where they reside, are often perceived around the globe and here in the US. But also stands in stark contrast to the illness I see from the Silicon Valley, and U.S side of the discussion. In a world where everything is about economic opportunity, and the data in these API pipes are the new oil, aka the new resource, that is meant to be extracted, with little or no concern for privacy and ownership of the end-users.

In 2014, there is a huge opportunity for all of us to meet in the middle, acknowledging that there is great economic opportunity around APIs, cloud services, interoperability and the data that flows between platforms. But there is even greater economic opportunity if we acknowledge and respect the privacy, ownership of users of the web, mobile and Internet of Things we develop in the cloud.

I would also add a 3rd dimension to this discussion. That there is also a massive non-commercial opportunity for APIs, interoperability and cloud services. When it comes to more efficient government, healthcare, education, journalism, media and other aspects of our society, if we can better educate end-users, developers and platform owners while also improve technological approaches by honing concepts like hypermedia, licensing and ownership models defined on top of oAuth--everyone in the game will benefit.

There is a lot at stake right now. It isn't black or white, but many, may shades of gray. It is not all about privacy and ownership, or all about making money. APIs enable interoperability, data portability, transparency and openness that can really benefit society as well as open up opportunities for economic growth for everyone involved.

Even after 3 years doing this, I still get very hopeful for the potential of APIs on the global landscape. I predict 2014 will be a critical year.


Managing API Terms of Service, Privacy, and Branding with Github

The legal building blocks of an API can be just as critical as the technical and business building blocks. It makes sense to version and communicate your API terms of use (TOS) , privacy policy and branding guidelines alongside your code.

Since Github will allow document types other than code, such as markdown and PDF, it can make sense to use Github for managing the legal side of your API.

Using Github for the legal aspects of API operation will provide a level of transparency developers will appreciate, allowing them to download and store for their own records while being able to see the difference between each version, in a format that makes sense to them.

Just as with all other areas of an API, Github will allow you to completely manage the evolution of your API terms, privacy and branding in a way that is in sync with all the other technical and business building blocks of your API.

Consider using Github for API legal building block management.


If you think there is a link I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.