In Zuck we trust?

Facebook recently posted several new openings for blockchain roles and recently acquired ChainSpace. Facebook-owned WhatsApp is developing an integrated cryptocurrency. Facebook is having trouble policing its platform and user data off-platform. Facebook has been facing increased regulatory pressure. These events can coalesce into a strategy that strengthens Facebook’s user data permissions and advertising revenue model while reducing regulatory risk.

Regulatory Risk

Business Model: All for the Data

Facebook’s business model leverages massive swaths of user data to sell online ads. This large-scale data collection is possible through their huge network effects. In 2018, Facebook reported that the average revenue per user (ARPU) in North America alone was around $27.11 per quarter (~$9/month) across 242 million users. Unsurprisingly, the ARPU is dominated by advertising sales.

Often asked about a subscription, that would require offsetting the revenue per user in order to be economically viable. A recent survey found that only about ~30% of users would be willing to pay the monthly amount required to remove ads and the gap between what people say in a survey vs actually taking out their wallets is often quite large.

The formula is simple yet terrifically sophisticated to execute:

To maximize engagement, they built a slot machine for the human brain. The longer you are in the walled garden and the more activity you produce, the better you can be targeted. Facebook has a history of farming data, releasing products as auto opt-in, trading away user’s data (not selling) and apologizing. For a detailed history check out the article by WIRED.

Large companies such as Facebook are well-heeled to comply with GDPR while having little impact on their user engagement and therefore data collection activities. This is compounded by the fact that consumers have demonstrated little concern for data privacy breaches, even when they are directly affected.

If you want more in-depth information on the business model I highly recommend a great article by Len Sherman.

Lost Trust and Control

I believe that data is becoming a form of labor and raw materials. A single user in a vacuum doesn’t have much value and advertisers want to be able to target users at scale. Facebook and other platforms are indeed giving access to something of value, and most people don’t actually care about their privacy, or even worse, don’t understand what they are giving up. Users, I would argue, should be allowed to control how and if their data leaves the platform where it was created.

As that data is combined and refined across platforms the potency goes up. The metaphor of data as new oil is so powerful for that reason. Not only are technology companies prospecting for new data sources, but they are also looking to apply context and meaning in order to refine that data. Ben Thompson talks about this in detail comparing these companies less as networks and more so as marketplaces.

Facebook may never be able to deliver proper data management without completely scrapping the ad-based model that has taken them this far. When changes to an algorithm powered by our data have an effect on millions of companies and billions of users that could help or harm, the question begins to surface on how you should best wield immense power.

Facebook didn’t sell our data, it gave it away in exchange for data it didn’t have. This has allowed Facebook to become the de-facto data broker for the internet and get closer to a complete digital profile of all its users. As I have been writing this, it is serendipitous that the New York Times released a not surprising article on Facebook’s continued data management woes. It is an excellent read if you want a high-level overview but it should also not be surprising as these partnerships are not new. They have been announced publicly and on stage by countless CEOs including that of Netflix, Spotify, and Apple as far back as 2011.

At the time no one cared or raised any concerns. Investors were just happy that Facebook was experiencing explosive growth. If Facebook had been directly selling our data, everyone would have been outraged and it would have been seen as repugnant that they would profit off of us outside of their platform. Instead of a direct transaction, they were indirectly doing the same thing by selling higher value ads.

But how closely was Facebook monitoring its data partners?

Considering how much difficulty Facebook has had at managing its own data, this is compounded on the belief that all the partners are able to manage it as well, in other countries. If your data ended up on Yandex’s servers, how did we plan on stopping that data from ending up in the Kremlin’s office? If you believe that one company lending data is the only one at fault then we have other issues to discuss.

To make matters worse, no one involved is taking responsibility, claiming to either not be aware of the scope of data made available to them and not using it or, stating they had used the data appropriately while refusing to disclose the details of the partnership.

Data is stolen by hackers and resold on the dark web; data is held for ransom by malicious entities, and people pay to retrieve it; data is legally gathered, bought, sold and traded to be used for targeted advertising, political analysis, healthcare (public and private), science and research, and law enforcement organizations.

Instagram hearts and minds: A moral hazard

That’s not a good outcome for a company trying to lift itself out of a cycle of bad PR. Ultimately, Facebook has only itself to blame. The hunger for data and personal information with a lack of transparency is continuing to draw the ire of regulators. Even last December the D.C. attorney general filed a lawsuit against Facebook for their mismanagement of user data.

Companies that it views as a threat would be bought, cloned or cut off from access. This is exactly what happened when Twitter purchased Vine in 2013.

“Unless anyone raises objections, we will shut down their friends API access today,” Justin Osofsky, a Facebook executive, said in an email at the time. Mr. Zuckerberg responded: “Yup, go for it.”

Facebook and the rest of silicon valley have monopolies on various facets of our lives. Google and Facebook across their properties touch almost every single internet user on a recurring basis. Being able to stifle competition on a large enough scale risks being seen as running afoul of competition law.

Trustbusters attempting to break up the company into smaller segments will destroy what makes Facebook the most valuable. Network effects. There is also a high likelihood that one of the Facebabies will eventually cannibalize their siblings as network effects set in again. Price controls and profit caps will not be effective on a platform that is already free for users and would come at the high price of lost innovation.

The economist talks about how user data is the currency through which users pay for those free services. An argument is that regulators could require companies to share this anonymized bulk data with competitors for a fee. This would turn data from something Facebook and others hoard, to suppress competition, into something users share, to foster innovation. My rebuttal, however, goes back to an earlier point. As this data is passed around and refined with context, the value continues increasing. We allowed Facebook to have our data, not necessarily their partners. We will power your ecosystem, not your friends.

So what can they do in order to reduce their regulatory risk?

User Trust and Data Control

Assumptions

The rising threat of regulation, something that most of tech has desperately wanted to avoid for years is the largest concern. Facebook has already publicly stated that they are willing to sacrifice profits in the short term to avoid legal intervention.

Data breaches and platform abuse are going to continue popping up. WhatsApp is recently the newest property accused of abuse regarding child pornography and fake news causing violence.

Facebook will ultimately be responsible for how users interact on their properties and need to police itself. Their platform is allowing pockets of users to find commonalities with others and share those beliefs at record speeds. For better and worse.

Blockchain is something 99% of the world will not care about. Just like the internet is a series of tubes connecting things, Blockchain will be an abstract concept that makes things work.

Zuckerberg is not inherently malicious. I believe he truly wants to connect the world and to allow new communities to flourish that were never before possible. This comes from the parallel seen with Bill Gates — brilliant, driven, and fighting to make a global empire at all costs. After leaving Microsoft, he viewed philanthropy as a responsibility for those with wealth. After you have taken care of yourself and your family, society is next.

Recent hires and acquisitions in the blockchain space moving towards an internal currency are most likely a continued push towards deeper data aggregation considering the value of user’s financial data. According to a bunch of different sources, full personal data is worth somewhere between $250-$3000 per year.

Facebook Blockchain

Let us go back to the concept of a data broker. What if Facebook were to offer portability and interoperability of our data? Facebook and Google already allow you to download all of your data and GDPR allows you to request that data be deleted. The problem is, once I take my data with me, I cannot do much with it.

What if, we allow Facebook to continue to track user’s data while using their free services but, give the user rights to control access to that data from third parties. This is the fundamental shift. I propose that Facebook could and should create an open protocol for exchanging user data. They already have the users, scale, money, and influence to make this happen versus a startup with no users or adoption trying to battle the titans and government.

The user, in turn, can share that additional data with another service or not, but new data created on other platforms would be tracked and maintained by that native platform as well. So my shopping habits are stored and used by Amazon but, I get the access keys that control sharing. This concept can already be handled using public/private key pairs, sans blockchain. I would anchor my public key with the various parties that are on the protocol that I engage with and could verify with my private key as needed. The issue for most users is, it needs to be as simple as modern 2FA (two-factor authentication) apps like Authy. The UI has to be great, not just functional. I should be able to scan in say, a QR code for my public key and sign data requests with my private key by scanning a QR code or entering a one-time passcode (TOTA for 2FA).

This would commoditize the value of user data which is currently proprietary. Market forces would price this out at scale. As a user was traveling the world wide web, there would need to be a way to allow a third party to see that I have a blob of Facebook data. While it is stored on Facebook’s database and is fully encrypted, there would be an identifier and cryptographic signature to prove authenticity that identifies that blob of data as coming from Facebook. There is an inherent value/trust to their brand.

The value could be tied to the time of data creation + quantity + category of data shared, similar to websites asking permission to cookie users. There could be a pop-up request for your data with a pricing value attached to it that could be deposited to your wallet upon completion.

Who says it has to be cash value and not something else? Maybe a free Prime membership or discounted other goods? According to CIRP, Prime members spend an average of $1300 vs $700 for non-members. Still sounds like a sweet deal for Amazon. Amazon already knows your purchasing history but could further personalize that data with your social graph. So if Facebook has the data, can they provide additional value to existing networks in the form of personal connections? Can I ride with an Uber driver I know in my network personally? Can I watch a show on Netflix at the same time as my friends to chat during it? When I am looking to make a purchase, can I try to get my friends’ opinions?

After a request, there would be a series of validations that would be made to the other platform’s data. The issuer of that data would verify the request by requiring authorization from the user. Identity management projects Sovrin and Microsoft, among others, are already working on these types of solutions using blockchain from the lens purely of identity.

From Sovrin’s whitepaper

Wired discusses why this is so valuable in the future:

The basic premise: Personal data could be verified once by a third-party, like the government agency, and then retained securely by an individual. Rather than sending your Social Security number to a company or service, for example, the Social Security Administration could put an unalterable stamp of approval on the blockchain that can be verified on request. A user could provide proof that they’re a real person without ever revealing the Social Security number itself.

This would be analogous to using blockchain as a public notary service. Some data from other platforms would be more valuable than others depending on your business needs. There could be a mechanism to show categorical data types available (social [facebook], search [google], purchasing [amazon], consumption [netflix]) then, that company can buy the relevant data and pay for it accordingly. This would allow granularity of control for the user with a value attached to it.

This would provide additional value to Facebook for the pools of user data that they already have. Since Facebook is providing such a great service and willing to clean this data for itself and reuse, there could be a revenue sharing agreement. Any compensation received for a user’s Facebook data could include a kicker that is passed back to Facebook for maintaining and securing that data. Facebook is already sharing our data in return for more data, the paradigm shift is effecting control of that transfer.

Knowing that users are lazy and already do not consider app permissions, there would need to be strict controls on explaining why that data is needed and how it will be used. Currently, app store installs do this in a marginal way. It would also need to have time limits on the data as well. Meaning, the access can be revoked (although it could be copied) and verifiably destroyed (similar to GDPR requests). Data retains some long tail value but also has a decay curve over time depending on the specific type. Data about buying toilet paper 10 years ago is not as valuable as if I did in the past 30 days (retargeting).

This would also recuse the service of how others are using the data. If I, the individual, share the data to someone who manages it irresponsibly, then they would be reprimanded by the network. There could be a system of checks by the users on the network and the ability for me to request that data be removed. While imperfect, it allows the responsibility to fall into the hands of the individual user.

How it would work

Storing data at scale on the blockchain is impractical at the moment. IPFS and other storage initiatives have a few points against them:

It isn’t ready for prime time with enterprise needs Enterprise just started trusting the cloud recently, they are going to need more time to trust the blockchain Most enterprises are not willing to put their secret sauce in the public domain, even encrypted (see #2)

To get around this, the data will be stored on the company’s servers as it is now. Following GDPR policy, it would be illegal if a company is ever caught not fulfilling the request of a user to have their data removed. The disincentive to cheat is watching a percentage of your global revenue get fined away by regulators. That combined with the ability for users to pack up and leave the platform creates a strong incentive for the platforms to act in a way to build trust with their users.

While we mostly trust large companies like Facebook and Amazon to transact honestly, we might not trust arbitrary actors on the internet to do the same. For these cases, an escrow service could enter, along with our use-case for smart contracts on a blockchain.

In this scenario, a party commits something of value to a contract in exchange for a user’s data. The request to the data store is initiated and the access is granted, conditional to the payment being released. The contract could handle the revenue split to the data issuer and the user.

There is an immediate issue of metadata leaking. As I sell my data, those transactions will be logged on the public ledger. So even if the Facebook data is encrypted with a simple <ID: Facebook> tag, someone monitoring the public ledger would be able to see a history of what company data was sold by individuals. Over time this can be used to build a profile of the user.

In order to accomplish this, there would need to be a form of secure multi-party computation combined with a sort of private value transfer (ZCash, Monero, Aztec, or Enigma). Essentially secure/private smart contract computations for data escrow. Some of the pieces for this technology exist and some do not. Encrypted user data, funds from the third party and the user’s consent in the form of a cryptographic signature would be required as inputs for these transactions. Once each of the inputs has been given the escrow releases, this would cause the user to receive their funds and the requester to receive a decrypted copy of the user’s data. Someone more technologically minded is hopefully putting these things together!

At the end of the day the data providers like Facebook can still do whatever they’d like with your data because they own it. This system, however, provides a means for them to be explicit about data sales and relinquish control to users as a way to protect their reputation.

Trust and Reputation: A Revenue Story

Imagine the social currency that would come with Facebook taking a real stand on user privacy and data while still allowing their business to thrive? Even though users in masse don’t seem to care about these issues, it would do a world of good for regulators to see self-enforcement. Users gain trust in knowing that they can punish a platform by revoking access to data. By taking the first stab at an open protocol, it would generate massive long-term value for shareholders. Losing a fight with regulators is uncomfortable but survivable. Microsoft did it. Taking the lead allows you to get in front of the issues.

From the economist:

While it would hit your share price, it could offer long-term advantages. The way in which it opens you up to competition reinforces your centrality to the ecosystem — and that ecosystem may, as a result, grow faster. The interoperability forced on Microsoft at the turn of the century, which allowed rivals to make their products more compatible with Windows, had that sort of accelerating effect — and Microsoft has hardly gone away. It is worth more than three times as much now as it was then.

There is also the issue with monitoring data on their own platform. Going back to identity on platform, we don’t want to police users or impact free speech. Bots, however, are a different case.

Facebook’s biggest internal threat is confirmation bias. Creating search bubbles and echo chambers around the things on which we most agree. While this isn’t inherently bad, we are bombarded with so much data and news it has become impossible to determine what is grounded in fact anymore. Especially when many of these individual accounts very well could be bots. If you are to view Facebook as a media platform then it might do them justice to blend similar stories together from various news sources. As they already aggregate swaths of data, they could create an incentive (paid in Facebook stars of course) to bring dissenting views together in order to gamify fact-checking each other. Use a system of oracle providers such as Snopes, PolitiFact, and Facecheck as external validators for news stories that are being shared. While there is still the difficulty of allowing differing opinions, at least what is being touted as facts can be checked.

From the Conversation regarding Twitter and showcasing these issues:

These bots are able to construct filter bubbles around vulnerable users, feeding them false claims and misinformation. First, they can attract the attention of human users who support a particular candidate by tweeting that candidate’s hashtags or by mentioning and retweeting the person. Then the bots can amplify false claims smearing opponents by retweeting articles from low-credibility sources that match certain keywords. This activity also makes the algorithm highlight for other users false stories that are being shared widely.

Since this data sharing protocol can become an identity layer of sorts, Facebook can monitor the interactions these users have across networks. This would make identifying bots much easier.

Users that do not have a data repository spread across ecosystems, even if they are not willing to sell data, have a higher potential be a bot. If these users have a pattern of sharing certain news types from lower quality media outlets it would help further police its own platform increasing the trustability. This would allow fines to be imposed on a company for bad acting and could have identifiers tied to the individual user’s data. In the case of regulatory action, the fine levied could be passed directly to users impacted. Users would show their trust by using or not using a platform and trust can be a long tail attribute to the platform.

With this protocol you can begin to build out new products that focus on different user experiences which have always been the core of your offerings. Optimizing for user collisions. Instead of simply aggregating for the sole purpose of data collection, there can be another goal of maximizing engagement and the user experience instead. Possibly beginning to offer differentiated and more meaningful sub-communities. Building a stronger personal relationship instead of optimizing for content that will simply have the most reactions, often times forcing a more polarizing viewpoint amongst users all while continuing to collect data and build trust across the industry.

What if this could be abstracted away in order to create a platform where you can buy the opportunity to talk to people? Political candidates could buy time with people that align to them OR could buy time to refute things that are being said to them. A transparency initiative for Facebook led by Facebook. Focus groups, political motives, matching to go see a movie together similar to matching for video games and a bunch of new collective experiences where the user has a modicum of control.

This idea could even lead to a dashboard by a service provider built on top of the protocol, showing a personalized list of available jobs: from watching advertising (the computer’s camera collects facial reactions), to translating a text into a rare language, to exploring a virtual building to see how easy it is to navigate. The dashboard might also list past earnings, show ratings and suggest new skills. All of these become new potential revenue streams for Facebook.

Wrapping it up

The last point is making sure users are getting a fair price. We are often lazy and don’t have the inclination to keep track of all our data, privacy or have the proper bargaining power. I believe with a public protocol as I have described, this could open the door for digital data unions for those who do not want to manage things on an individual basis. These organizations serve as gatekeepers of people’s data. For a fee of course.

From the economist:

Like their predecessors, Unions will negotiate rates, monitor members’ data work and ensure the quality of their digital output, for instance by keeping reputation scores. Unions could funnel specialist data work to their members and even organize strikes, for instance by blocking access to exert influence on a company employing its members’ data. Similarly, data unions could be conduits channeling members’ data contributions, all while tracking them and billing firms that benefit from them.

I think it was important to take a holistic view of Facebook and their operations and think about what they could do. I think there is a lot of merit to them trying to recover from the bad press that has been plaguing them for the past year. This model could be applied to any company that has achieved scale and network effects with a close relationship to the end user. It is almost an inevitability that these companies are going to collide and/or become regulated. Competition destroys profits and regulation can be painful if you don’t get in front of it.

I don’t think Zuckerberg is malicious but his actions could be considered reckless. Facebook has so much power and control over our day to day lives and it becomes easy to lose sight of the forest through the trees.

***

Nothing in this article should be taken as legal or investment advice.