Tech Crunch is suing Facebook (But it is an April Fools Joke)

Mike Arrington outlines the details of the suite against FaceBook for $25 million in Statutory Damages

He has his own brand:

I am a very important person. Forbes recently named me No. 2 on their list of web celebrities, for example, and Business Week says I’m one of the 25 most influential people on the web.

His image is being used to endorse things:

that allow advertisers to post ads using my picture and name to endorse their products without my explicit permission. I’ve received literally dozens of emails from readers asking me if I’m associated with Blockbuster’s Movie Clique application, or the new Jackass movie (no to both).

The Law they are suing under:

The key factor in determining whether a use is permitted or not in California (where I live) is Civil Code Section 3344, which was first enacted in 1971. California is perhaps more aggressive than any other state in protecting publicity rights because of the number of people engaged in the entertainment business. The law allows for recuperation of damages, attorney’s fees and injunctive relief, as well as unspecified punitive damages and statutory damages of $750/incident in the event a person’s “name, voice, signature, photograph, or likeness” is used “in any manner on or in products, merchandise, or goods, or for purposes of advertising or selling, or soliciting purchases of products, merchandise, goods or services, without such person’s prior consent.” There are additional common law remedies available to us as well.

They didn’t want to do this but…

I am sad that this had to blow up to the point where we are publicly suing Facebook over the matter. We’ll be filing the lawsuit tomorrow along with a related civil case for assault and battery and infliction of emotional distress. In a round of negotiations over the lawsuit with Facebook led by Chief Privacy Officer Chris Kelly, things got out of hand. When our team of lawyers offered to settle for a mere $50 million, Kelly told me Facebook would “bury you and bury your crappy blog” if we filed the suit. He then threw his steaming hot triple soy latte espresso at me, which caused extensive second degree burns over the top half of my body. Later on, he also unfriended me.

This lawsuit could be a major step forward for having clearer End User Licence Agreements along with establishing norms of use for people’s personal data on sites.

Identity Commons Explainitory Diagram

I worked on this diagram of Identity Commons for a few hours last night. I hope it does a good job of getting across our loose distributed yet connected nature. Please let me know if you have ideas to improve it.

Someone already mentioned that “standards” is perhaps a challenging word – maybe it should be changed to “protocols”. Lets be clear IC is NOT a standards body never intended to be – goal help connect efforts together in a loose non-controling way that facilitates collaboration.

The Creepy Data

So Auren Hoffman e-mailed me regarding a blog post he just did about men and women and social networking. This subsequently pointed to his ‘research data’ which he does not disclose the way it was acquired.

There are three names for this company (more details can be seen in this post). One of them UpScoop gets users to enter their user-name and passwords for all their social networks – then “upscoops” the contact information of their friends and ‘scrapes’ all data it can see by logging in as those users. It then creates a database keyed to e-mail addresses for those users. This is an “opt-out” system – everyone is in it until they opt out – basically the ‘credit rating’ like system for social networks.

Then what happens is campaigns and social movement sites are approached by Trust Fuse to run the e-mail addresses they gather from supporters or those who want more information against their giant data base of e-mail addresses and it returns information about the person – their ‘real name’ their ‘age’ their ‘profession’ or what other information they are collecting (they make a point of NOT collecting sexual orientation information – this makes me feel soooo much safer about this ‘opt-out’ system).

I have had a conversation with leaders of a major social movement building organization and they have been approached by RapLeaf/UpScoop/TrustFuse to pay to run their e-mail addresses through their API.

I don’t think this model is respectful of human dignity in the online world.

I hope that Auren and people from his company can make it to both the Data Sharing Workshop and Summit & the Internet Identity Workshop.

On OpenID Progress: Part of a Bigger Challenge of Identity on the Web

TechCrunch just did a post about OpenID asked if it was being exploited by the large internet players that are participating in the community and adopting it.


I recall the first Internet Identity Workshop when the small crowd of ‘light weight’ ‘open’ ‘distributed’ SSO efforts came together and started their conversation about how they shared goals and very similar technology ideas – it was just the little guys.

Some context for those of you who don’t know this event was and continues to be co-convened and produced by myself, Doc Searls and Phil Windley - we are having our 6th stand alone workshop May 12-14 we also have also done 4 co-produced Identity Open Space events with Digital Identity World and Liberty Alliance near events that have had. This series of events that have no pre-set agenda in the past 2.5 years have been instrumental in moving the whole range of technologies forward because it creates “opportunities for both innovators and competitors, for the big guy and the small fry to come together in a safe and balanced space.” The Data Sharing Workshop and 2nd Summit – being done in collaboration with the more recently emergent DataPortability.org are building on both
* the track record of the IIW in bringing together high level people in a range of companies trying to tackle the difficult problems that need to be solved to make the vision a reality and
* the technology (standards and code) that are being brought forward via the I
dentity Commons community.

They agreed to Yadis a common service discovery method that would help their slightly different approaches work behind the scenes and then decided that Yadis as not such a good brand name and that is should be folded in and called OpenID.

These little guys had big hopes that OpenID would get adoption by large companies. It has been truly amazing to watch over the past two years as this collaboration that was cultivated by a community conversation has continued over the course of the Internet Identity Workshops – we are having our 6th one this May.

This space has been a neutral haven for all to express their views opinions and interest in different technological approaches. The Data Sharing Workshop and Summit build on this successful tradition and stack of technologies – it is the space where those inspired by the vision of data portability can get down into the details and make it real. Back to the TechCruch post:

The problem, though, is that the Big Four Internet companies that I mentioned above have made big press announcements about their support for OpenID, but haven’t done enough to actually implement it.

I agree with this statement AND there is some deeper issues that have yet to be addressed by the protocol itself to enable large sites to ‘trust’ (in the technical sense that the protocol flow will do what is says and can not be attacked) it. OpenID can be attacked from all sides (blackHat paper PDF outlining them). Bob Blakley from the Burton Group articulates the issues well here. David Recordon responded to a long critique of Stefan’s about the protocol. I think there is the potential to solve these issues but just ‘targeting’ the big players without addressing the real technical and social issues that are inhibiting large scale adoption is not fair.

Chris Mesina puts forward an in depth post articulating a shitlist, hitlist and wishlist around OpenID along with an update.

Great list highlighting things but it does not get to the heart of what in-the-end are the issues both technological and social that could limit adoption as ‘the’ solution to all that is needed for a people empowering identity layer of the web.

I look at all the progress happening in the Identity Commons community (here is our previous quarter’s reports) and have hope that solutions will emerge to address these challenges an “identity meta system” to work

* making it safe for users by making phishing really easy to prevent (this is where the card selector tools come in – CardSpace (MSFT) and the Higgins Open Source Card Selector (IBM, Parity, Novell-Bandit Project) Pamela Project relying party code)

* supporting selective and progressive disclosure (is done in a user friendly/repeatable way with cards)

* finding equitable legal frameworks and agreements for personal information sharing (Identity Rights Agreements Group is working on this and a gathering is being organized for this summer to address their development – many hundreds of thousands of legal work is needed to make this real)

* supporting automatic syncing and updating of information (this is where XRI/XDI and the Higgins Framework comes in)

* having third parties that mediate between end-users, their information and the market. (Yet to emerge businesses with new trust and business models – Project VRM is working on some of this).

OpenID is one part of a cluster of solutions – it will not solve these problems by itself (no matter how strong ‘they community’ or ‘the grassroots pressure’ because it is not sophisticated enough a protocol to do so. Those serious about really having these challenges address are invited to participate in the community and those who want to report on progress around an identity layer of the web need to look beyond ‘just OpenID’ and explore other proposed and emerging solutions that will together create an identity layer for web.

One great place to do this is at the upcoming OSIS (Open Source Identity Systems) Interop Event happening at RSA.
If you are reading this – you are interested but it is all making your head spin we have a Newbies 4 Newbies group that you can join and get peer-to-peer support from others engaging with this material (all or parts of it) for the first time.

Interopping times 2 at RSA

OSIS Interoperability Demonstrations
TUESDAY April 8th 11:00 AM – 6:00 PM
Moscone South, Mezzanine Level Purple Room 220

To be able to see this you need to get an expo pass. See below on how to get one.

OSIS User centric identity network interoperability between identity providers, card selectors, browsers and websites demonstrates how users can ‘click-in’ to sites via self-issued and managed information cards, or i-cards. Open ID, Higgins Identity Framework, Microsoft CardSpace, SAML, WSTrust, Kerberos and X.509 components interoperate within an identity layer from open-source parts.

I am really excited about this 3rd Interop – for one it is ALL Day not just an evening – I also heard they are going to have comfy chairs. To be able to see this you need to get an expo pass – one way to get it is to attend the other Interop Event.

This one is also exciting – put on by the Concordia project at RSA on Monday April 7th from 9am-12:30pm.

Registration is free of charge, and you must register for the workshop in order to attend the Concordia event, whether you’re an interop demo participant or not! Register for the workshop on the RSA registration site. Use the registration code 148CON. This will also give you a free expo pass that you can use to attend the tradeshow portion of the Conference Tuesday through Friday.

I will be attending both and I encourage everyone interested in the topic and tracking the evolving state of the technology to do so.