Customer data: Goldmine or Quicksand?
Whilst Google profitably accumulates ever more data on their users, telcos sit and do nothing with the customer data and digital identity assets they have. Meanwhile, new technology throws open the race to monetise the relationship with the customer.
In our preview of 2008 we suggested that operators should be paying a lot more attention to digital identity, specifically the emerging OpenID standard. This is an issue that fundamentally relates to business models and structural change, and is far too important to be treated as a technology issue. (We're doing an in-depth exploration and sizing of the telco as a platform provider in our forthcoming report "The 2-sided telecoms market opportunity".)
Before we have a (very) brief primer on the technology and it's implications, why is this important? Digital identity sounds so abstract and technocratic. Surely you just sit this one out, and let your CTO manage it all? Or just outsource the IT nightmare and go back to thinking up new price plans and segmentation strategies?
From freephone numbers to free phone numbers
It doesn't work that way. The Internet unpicks business models, and reassembles the fragments into new value chains. If you're reading Telco 2.0, chances are business models are a problem you're concerned about. If you want to understand the value of the identity business, look outside telecoms to music. The media moguls failed to understand the unbundling of the A&R, promotion, and distribution into services like last.fm, MySpace, and iTunes. The rights, medium and content were previously tightly integrated into a shiny disc. MP3 swept that all away. They thought the disc had the value, but it's just a distribution mechanism. It was the (distinctly abstract) rights that mattered. All they had to do was sell the rights to the user for a fixed fee! Get out of the distribution business, offer all-you-can-eat music for $10/month, by any means you choose to get hold of it, and get the rights societies to fairly divide the spoils. Then sue the cheaters, as nobody will have any sympathy.
Likewise, chunks of the telephony and messaging business model will be unbundled and recycled. At the core of this process are SIM cards, phone numbers, and the directory servers that link them all together. The value isn't in the phone call or switches or trnasmissions equipment. That's just a distribution mechanism for human conversations, and if talk is cheap, ones and zeros representing talk are even cheaper. The value is in the permission to contact the user, being a gateway to that user, and knowing the relationships the user has. Owning the directory positions you to re-intermediate all kinds of other business processes and create value.
Operators have more and better identity assets than they think
We see operators as having unique identity data in three areas:
- The physical devices the user has.
- The numbers, addresses, handles or user names or aliases the user has.
- The customer's personal data, such as name and address.
These are the gateway to four further categories:
- The user's context, such as location.
- The digital artifacts the user accumulates, such as pictures and messages.
- The interactions the user has with inanimate objects, such as 2D barcodes, or web browsing history.
- The relationships the user has, with people and institutions.
These assets are critical to enabling the telco to remain as value-adding part of the digital supply chain. Without action by operators, the process will be one-way, with Web players invading the functions of operators, and nothing happening in reverse. This is not a desirable outcome for either side, as network operators have deep wells of customer data that ought to be part of an online platform business, and that Web players will find costly (or impossible) to replicate. Furthermore, it is part of a fight-back strategy that picks on one of the weak points of the Web 2.0 players: if anyone is closed, it's them. In contrast, the phone system may be vertically integrated, but it's as open as they come.
So we've covered off why this is important. Now let's take a quick look at what the technology does, and how it relates to the future network operator business model.
OpenID: What is it?
For once, the technology is the easy bit. Normally you register for a web site or service, get given an identifier (username or phone number) and some security credentials like password and favourite pet name are exchanged. Technologies like OpenID just decouple the parts, so that the service that issues your identity and authenticates you can be different from the one that relies on that capability.
The site that issues the ID is the provider, the one that relies on it is the consumer.
There is a minor change to the user experience, in that the user needs to instead register the identity they want to use as a URL, not a username. To make it concete, say I'm a Vodafone customer, and Vodafone offers OpenIDs for all its users. My mobile number is +4477771230123, and my OpenID is then http://openid.vodafone.com/4477771230123. I can go login to an OpenID site like Google's Blogger using that as my user ID, and I'll be redirected to a Vodafone web page to enter my password, and then sent back to Google's service, with some cryptographic magic in the background to make it all secure.
This is different from earlier incarnations of universal or federated identity. Microsoft's passport service tried to be a universal identity service, but no amount of business development effort was going to make every website and user dependent on Microsoft to work.
Another model was from the Liberty Alliance, which would let you log in at one site, and then carry on to other sites and services without having to re-authenticate using a different username. However, outside of the enterprise it turned out to be technology chasing a problem that wasn't there. The user still wasn't in control -- the bizdev folk were. And who says a customer of Hertz trusts Hilton?
So we're now into the "third generation" of public digital identity solutions, which is traditionally when a technology starts to mature and become dangerous. OpenID is very close indeed to solving some important problems.
Why should I care?
It's very simple. As a provider of OpenID services, you're in a position to broker introductions and promote revenue-generating capabilities of your telco platform. OpenID is an extensible technology. So when the user authenticates themselves, and gets passed back to a merchant, you're in a position to add in some extra data. Specifically, you pass the entry point to a directory of web services you as a telco offer.
The list of possibilities is huge, from address verification to credit checks to location based services to age verification to payments and onwards. Furthermore, you can also be the broker to enable the website to interact with third parties such as the user's bank. Subject to some non-trivial issues around privacy, contract and support, your imagination is the limit. Like the concierge of a hotel, you're in a powerpul position to broker all kinds of business relationships and interactions. You've established yourself as the hub of a digital ecosystem. One where the operator has a natural advantage, since every paid-for form of network access comes with an online identity of some sort, if only for a self-service portal.
All this could be done manually, of course, without OpenID. We're just taking the friction out of the process of discovering relationships and services. Can you imaging how the Web would look if every link required you to manually convert a domain name to an IP address? Well, that's the kind of world we live in when it comes to identity. The seams are very visible. Why are all these websites asking me for personal data my ISP already has?
A few operators like Orange are experimenting with OpenID. Google and Yahoo are becoming OpenID providers. It's dead cheap and easy to become an OpenID provider.
Becoming a consumer of OpenID logins is a little more involved, since you need to educate the customers about the possibility, as well as customer care. It also does involve some non-negligible risk. What if the OpenID provider the user chooses goes out of business? What about phishing attacks that try to scam the user into revealing this password? What if the OpenID provider is temporarily down?
All these are addressable concerns. There are also some rival ideas and technologies, as well as complementary ones. It doesn't really matter which ones win. OpenID isn't inevitable, particularly when the operator community hasn't twigged the possibilities it offers and created the commercial incentives for all websites to accept your phone number in some form as an identifier. Yet something very similar is bound to occur, because the status quo of a zillion user IDs and logins, and lots of friction, is going to be something that gets competed away.
In all cases, the first rule of business success applies: you've got to turn up to the game if you're going to stand a chance of winning. Google will be there. So will Microsoft. Will you?
[Ed - how to do this will be a major part of the debate at the 4th Telco 2.0 Exec Brainstorm in Aprlil - see detailed agenda just up on site].