Monthly Archives: May 2023

App Overload

Posted on by
Reply

Following a recent upgrade to Apple’s iOS software, I found myself forced into some serious housekeeping on my iPad. I hadn’t realised how many dormant apps I had accumulated over the years, so I took the opportunity to do some culling.

First, there were apps that could no longer be accessed from the app store. These are programs that have been removed by their developers, or are no longer available from the Australian app store (yes, even in this digital day and age, geo-blocking still exists). I estimate that these accounted for about 20-30% of the total apps I have ever downloaded.

Second, apps that are not supported by the current version of iOS, because they have not yet been updated by their developers. (Luckily, I keep an older version of iOS on a separate iPad, which can allow me to retrieve some of these apps via some digital archeology.) These represented another 15-25% of my apps (a variable number, given that some of them may get upgraded).

Third, apps that I seldom or never use. Thankfully, the iPad Storage settings provide the “Last Used” date, but don’t enable users to rank by chronological use (or by frequency of usage; the “Search” function within Storage only lists apps alphabetically). Perhaps Apple can refine the Storage Management to help users better manage over-looked/under-used apps? Anyway, these forgotten or neglected apps accounted for another 25-30%.

In total, I estimate that up to 75% of my iPad apps were redundant, through disuse, obsolescence or inaccessibility. Research shows that 25% of apps we download are only used once, so unless these are free products, it feels like a large chunk of the US$900+ bn in app purchases could be going to waste…

Next week: Apple, iOS, and the need for third-party innovation

 

 

Customer Experience vs Process Design

Posted on by
Reply

Why is customer experience so poor when it comes to process design? Regardless of the product or service, it can be so frustrating when having to deal with on-boarding, product upgrades, billing, payment, account updates and customer service. Banks, telcos, utilities and government services are particularly bad, but I am seeing more and more examples in on-line market places and payment solutions.

Often, it feels like the process design is built entirely according to the providers’ internal operating structures, and not around the customer. The classic example is when customers have to talk to separate sales, product, technical support and finance teams – and none of them talk to each other, and none of them know the full customer or product journey end to end.

Even when you do manage to talk to human beings on the phone, rather than a chat bot, as a customer you have to repeat yourself at every stage in the conversation, and you can end up having to train front line staff on how their products actually work or what the process should be to upgrade a service, pay a bill or trouble-shoot a technical problem.

You get the impression that many customer-facing team members never use their own services, or haven’t been given sufficient training or information to handle customer enquiries, and don’t have adequate authority to resolve customer problems.

On many occasions, I get the customer experience equivalent of “computer says ‘no’…” when it appears impossible to navigate a particular problem. The usual refrain is the “system” means things can only be done a certain way, regardless of the inconvenience to the customer, or the lack of thought that has gone into the “process”.

As I always remind these companies, a “process” is only as good as the people who design, build and operate it – and in blaming the “system” for a particular failing or inadequacy they are in effect criticising their own organisations and their own colleagues.

Next week: App Overload

 

 

AI vs IP

Posted on by
Reply

Can Artificial Intelligence software claim copyright in any work that was created using their algorithms?

The short answer is “no”, since only humans can establish copyright in original creative works. Copyright can be assigned to a company or trust, or it can be created under various forms of creative commons, but there still needs to be a human author behind the copyright material. While copyright may lapse over time, it then becomes part of the public domain.

However, the extent to which a human author can claim copyright in a work that has been created with the help of AI is now being challenged. A recent case in the USA has determined that the author of a graphic novel, which included images created using Midjouney, cannot claim copyright in those images. While it was accepted that the author devised the text and other prompts that the software used as the generative inputs, the output images themselves could not be the subject of copyright protection – meaning they are either in the public domain, or they fall under some category of creative commons? This case also indicates that, in the USA at least, failing to declare the use of AI tools in a work when applying for copyright registration may result in a rejected application.

Does this decision mean that the people who write AI programmes could claim copyright in works created using their software? Probably not – as this would imply that Microsoft could establish copyright in every novel written using Word, especially its grammar and spelling tools.

On the other hand, programmers and software developers who use copyright material to train their models may need to obtain relevant permission from the copyright holders (as would anyone using the AI tools and who uses copyright content as prompts), unless they could claim exemptions under “fair dealing” or “fair use” provisions.

We’re still early in the lengthy process whereby copyright and other intellectual property laws are tested and re-calibrated in the wake of AI. Maybe the outcomes of future copyright cases will depend on whether you are Ed Sheeran or Robin Thicke….

Next week: Customer Experience vs Process Design

 

Trust in Digital IDs

Posted on by
Reply

Or: “Whose identity is it anyway?”

Over the past few years, there have been a significant number of serious data breaches among among banks, utilities, telcos, insurers and public bodies. As a result, hackers are able to access the confidential data and financial records of millions of customers, leading to ransomware demands, wide dissemination of private information, identity theft, and multiple phishing attempts and similar scams.

What most of these hacks reveal is the vulnerability of centralised systems as well as the unnecessary storage of personal data – making these single points of failure a target for such exploits. Worse, the banks and others seem to think they “own” this personal data once they have obtained it, as evidenced by the way they (mis)manage it.

I fully understand the need for KYC/AML, and the requirement to verify customers under the 100 Points of Identification system. However, once I have been verified, why does each bank, telco and utility company need to keep copies or records of my personal data on their systems? Under a common 100 Points verification process, shouldn’t we have a more efficient and less vulnerable system? If I have been verified by one bank in Australia, why can’t I be automatically verified by every other bank in Australia (e.g., if I wanted to open an account with them), or indeed any other company using the same 100 Points system?

Which is where the concept of Self-Sovereign Identity comes into play. This approach should mean that with the 100 Points system, even if initially I need to submit evidence of my driver’s license, passport or birth certificate, once I have been verified by the network I can “retrieve” my personal data (revoke the access permission), or specify with each party on the network how long they can hold my personal data, and for what specific purpose.

This way, each party on the network does not need to retain a copy of the original documents. Instead, my profile is captured as a digital ID that confirms who I am, and confirms that I have been verified by the network; it does not require me to keep disclosing my personal data to each party on the network. (There are providers of Digital ID solutions, but because they are centralised, and unilateral, we end up with multiple and inconsistent Digital ID systems, which are just as vulnerable to the risk of a single point of failure…)

But of course, banks etc. insist that not only do they have to ask for 100 Points of ID each and every time I open an account, they are required to retain copies or digital versions of my personal data. Hence, we should not be surprised by the number of data hacks we keep experiencing.

The current approach to identity in banking, telcos and utilities is baffling. Just a few examples I can think of:

1. In trying to upgrade my current mobile phone plan with my existing provider, I had to re-submit personal information via a mobile app (and this is a telco that experienced a major hack last year, resulting in me having to apply for a new driver’s license). If I have already been verified, why the need to ask for my personal data again, and via a mobile app?

2. I’ve lived at my current address for more than 5 years. I still receive bank statements intended for the previous occupant. I have tried on numerous occasions to inform the bank that this person is no longer living here. I’ve used the standard “Return to Sender” method, and tried to contact the bank direct, but because I am not the named account addressee or authorised representative, they won’t talk to me. Fair enough. But, the addressee is actually a self-managed superannuation fund. Given the fallout from the Banking Royal Commission, and the additional layers of verification, supervision and audit that apply to such funds, I’m surprised that this issue has not been picked up the bank concerned. It’s very easy to look up the current registered address of an SMSF via the APRA website, if only the bank could be bothered to investigate why the statements keep getting returned.

3. I have been trying to remove the name of a former director as a signatory to a company bank account. The bank kept asking for various forms and “proof” that this signatory was no longer a director and no longer authorised to access the account. Even though I have done this (and had to pay for an accountant to sign a letter confirming the director has resigned their position), if the bank had bothered to look up the ASIC company register, they would see that this person was no longer a company officer. Meanwhile, the bank statements keep arriving addressed to the ex-director. Apparently, the bank’s own “systems” don’t talk to one another (a common refrain when trying to navigate legacy corporate behemoths).

In each of the above, the use of a Digital ID system would streamline the process for updating customer records, and reduce the risk of data vulnerabilities. But that requires effort on the part of the entities concerned – clearly, the current fines for data breaches and for misconduct in financial services are not enough.

Next week: AI vs IP