Data Portability – the need for DRM

So Robert Scoble got his Facebook account disabled for running a script that scrapped his account for names, email address and birthdays and load the data into his Plaxo account – so that he could match Facebook names with names in Plaxo’s database. On the surface this is no different from Facebook’s own importer – which lets you enter your email address and password for, for example, your GMail account – so that your contact details can be loaded into Facebook (which BTW is a very bad idea).

Facebook GMail upload

It’s worth remembering that what we’re talking about here is basic contact information – the script didn’t try to grab any information from Scoble’s Social Graph – no friends of friends data, not people’s interests, nothing like that – nor did Plaxo sign up those users to its Social Networking application Pulse. Despite that the general feeling out there is that Plaxo are evil and neither Plaxo nor Robert had the right to run the script. I suspect that this is mainly because the early version of Plaxo made it very easy to email everyone in your address book with a request to join Plaxo, this was a bit rubbish and got Plaxo a bad name for spamming folk. Quite right too although its worth noting that this hasn’t been a problem since they rewrote it last year.

But if you step away from people’s prior poor experience with Plaxo what they and Scoble tried to do was no different from what Facebook does. The difference is one of reputation. All Plaxo are trying to give their users are tools to get data into their database. This is harder with Facebook because it’s a walled garden and walled gardens, as the name suggests, makes too tough to get data out. The pertinent question then is who owns the data – is it Facebook, Robert Scoble or each ‘friend’?

I know that, as far as I’m concerned, it’s not Facebook. You should be able to move your data between systems. The DataPortability folk have got the right philosophy:

As users, our identity, photos, videos and other forms of personal data should be discoverable by, and shared between our chosen tools or vendors. We need a DHCP for Identity. A distributed File System for data. The technologies already exist, we simply need a complete reference design to put the pieces together.

Unfortunately as the Scoble-Facebook story illustrates access to our online identity is often effectively controlled by others. Robert Scoble has access to 5,000 people’s contact details plus a good chunk of their social graph via Facebook. So while Facebook is wrong to lock your data away behind a walled garden, Scoble or anyone else might do the wrong thing if they export the social graph and profile information of their contacts (not that he did in this instance).

What we also need, in addition to data portability, are privacy controls. As Jason Kottke puts it:

[what’s needed is]…Facebook inside-out, so that instead of custom applications running on a platform in a walled garden, applications run on the internet, out in the open, and people can tie their social network into it if they want, with privacy controls, access levels, and alter-egos galore.

Or as Robert Scoble suggests a DRM for your personal data:

COMPLETELY OPEN: You’re allowed to take anything on my profile page and import it, use it, copy it, print it, import it.

EMAIL ONLY: You can only take my name, and email address to other systems.

EMAIL PLUS CORE PERSONAL INFO: In addition to email address and name you can also take my birthday and phone number to other systems.

CUSTOM: You choose which fields can be exported or used on other systems.

NAPKIN ONLY: You can use anything you want, but no automated systems, you’ve gotta manually copy everything over by hand.

PUBLIC ONLY: Only data that I put on my public profile can be used elsewhere.

FAN ONLY: I only wanted to see your social network and behaviors here, I don’t want to give you access to mine.

Clearly what I’m suggesting (and I assume so is Scoble) is a rights management system which would be respected by the various social networking applications, not a solution that would encrypt your data into a binary file that required your approval to unpackage. In other words a system that would give you control over your data and allow you to decide how it was shared with others who may or may not be using the same social networking application as you.

Google and the evils of DRM

Last Wednesday Google shut down their commercial video service which let you buy or rent copyrighted videos. Unfortunately Google used a digital rights management (DRM) scheme that required Google to authorize, via the internet, the use of a video every time it was viewed – but since the service shut down this authorization can no longer take place leaving all videos purchased or rented unusable.

In other words closing the commercial part of Google Video has render thousands and thousands of purchases useless, unwatchable. And by way of compensation users only received a credit note which they can spend at any store that uses Google Checkout.


Ken Fisher at Ars Technica argues that the Library of Congress will now “have no choice but to consider the matter when they return to their triennial review and may granted exceptions to the anti-circumvention clause of the DMCA“. In any case it seems to me that if a heavy weight like Google has left their customers with a broken, worthless product because they pulled out of the market this presents a strong argument against DRM, since it leaves you, the customer, at the mercy of the retailer for access to your property.


Google have improved their refund policy: giving people a full cash refund in addition to the Google Checkout credit, plus letting people watch their video for another six months.

An improvement yes, but a solution no. It still doesn’t solve the problem that DRM is inherently anti-consumer – when a supplier decides to withdraw support, or goes out of business the video’s on your hard drive stop working. Google have demonstrated this wonderfully.