Category Archives: Data Management

Whose side is AI on?

Posted on by
Reply

At the risk of coming across as some sort of Luddite, recent commentary on Artificial Intelligence suggests that it is only natural to have concerns and misgivings about its rapid development and widespread deployment. Of course, at its heart, it’s just another technology at our disposal – but by its very definition, generative AI is not passive, and is likely to impact all areas of our life, whether we invite it in or not.

Over the next few weeks, I will be discussing some non-technical themes relating to AI – creativity and AI, legal implications of AI, and form over substance when it comes to AI itself.

To start with, these are a few of the questions that I have been mulling over:

– Is AI working for us, as a tool that we control and manage?  Or is AI working with us, in a partnership of equals? Or, more likely, is AI working against us, in the sense that it is happening to us, whether we like it or not, let alone whether we are actually aware of it?

– Is AI being wielded by a bunch of tech bros, who feed it with all their own prejudices, unconscious bias and cognitive limitations?

– Who decides what the Large Language Models (LLMs) that power AI are trained on?

– How does AI get permission to create derived content from our own Intellectual Property? Even if our content is on the web, being “publicly available” is not the same as “in the public domain”

– Who is responsible for what AI publishes, and are AI agents accountable for their actions? In the event of false, incorrect, misleading or inappropriate content created by AI, how do we get to clarify the record, or seek a right of reply?

– Why are AI tools adding increased caveats? (“This is not financial advice, this is not to be relied on in a court of law, this is only based on information available as at a certain point in time, this is not a recommendation, etc.”) And is this only going to increase, as in the recent example of changes to Google’s AI-generated search results? (But really, do we need to be told that eating rocks or adding glue to pizza are bad ideas?)

– From my own experience, tools like Chat GPT return “deliberate” factual errors. Why? Is it to keep us on our toes (“Gotcha!”)? Is it to use our responses (or lack thereof) to train the model to be more accurate? Is it to underline the caveat emptor principle (“What, you relied on Otter to write your college essay? What were you thinking?”). Or is it to counter plagiarism (“You could only have got that false information from our AI engine”). If you think the latter is far-fetched, I refer you to the notion of “trap streets” in maps and directories.

– Should AI tools contain better attribution (sources and acknowledgments) in their results? Should they disclose the list of “ingredients” used (like food labelling?) Should they provide verifiable citations for their references? (It’s an idea that is gaining some attention.)

– Finally, the increased use of cloud-based services and crowd-sourced content (not just in AI tools) means that there is the potential for overreach when it comes to end user licensing agreements by ChatGPT, Otter, Adobe Firefly, Gemini, Midjourney etc. Only recently, Adobe had to clarify latest changes to their service agreement, in response to some social media criticism.

Next week: AI and the Human Factor

Trust in Digital IDs

Posted on by
Reply

Or: “Whose identity is it anyway?”

Over the past few years, there have been a significant number of serious data breaches among among banks, utilities, telcos, insurers and public bodies. As a result, hackers are able to access the confidential data and financial records of millions of customers, leading to ransomware demands, wide dissemination of private information, identity theft, and multiple phishing attempts and similar scams.

What most of these hacks reveal is the vulnerability of centralised systems as well as the unnecessary storage of personal data – making these single points of failure a target for such exploits. Worse, the banks and others seem to think they “own” this personal data once they have obtained it, as evidenced by the way they (mis)manage it.

I fully understand the need for KYC/AML, and the requirement to verify customers under the 100 Points of Identification system. However, once I have been verified, why does each bank, telco and utility company need to keep copies or records of my personal data on their systems? Under a common 100 Points verification process, shouldn’t we have a more efficient and less vulnerable system? If I have been verified by one bank in Australia, why can’t I be automatically verified by every other bank in Australia (e.g., if I wanted to open an account with them), or indeed any other company using the same 100 Points system?

Which is where the concept of Self-Sovereign Identity comes into play. This approach should mean that with the 100 Points system, even if initially I need to submit evidence of my driver’s license, passport or birth certificate, once I have been verified by the network I can “retrieve” my personal data (revoke the access permission), or specify with each party on the network how long they can hold my personal data, and for what specific purpose.

This way, each party on the network does not need to retain a copy of the original documents. Instead, my profile is captured as a digital ID that confirms who I am, and confirms that I have been verified by the network; it does not require me to keep disclosing my personal data to each party on the network. (There are providers of Digital ID solutions, but because they are centralised, and unilateral, we end up with multiple and inconsistent Digital ID systems, which are just as vulnerable to the risk of a single point of failure…)

But of course, banks etc. insist that not only do they have to ask for 100 Points of ID each and every time I open an account, they are required to retain copies or digital versions of my personal data. Hence, we should not be surprised by the number of data hacks we keep experiencing.

The current approach to identity in banking, telcos and utilities is baffling. Just a few examples I can think of:

1. In trying to upgrade my current mobile phone plan with my existing provider, I had to re-submit personal information via a mobile app (and this is a telco that experienced a major hack last year, resulting in me having to apply for a new driver’s license). If I have already been verified, why the need to ask for my personal data again, and via a mobile app?

2. I’ve lived at my current address for more than 5 years. I still receive bank statements intended for the previous occupant. I have tried on numerous occasions to inform the bank that this person is no longer living here. I’ve used the standard “Return to Sender” method, and tried to contact the bank direct, but because I am not the named account addressee or authorised representative, they won’t talk to me. Fair enough. But, the addressee is actually a self-managed superannuation fund. Given the fallout from the Banking Royal Commission, and the additional layers of verification, supervision and audit that apply to such funds, I’m surprised that this issue has not been picked up the bank concerned. It’s very easy to look up the current registered address of an SMSF via the APRA website, if only the bank could be bothered to investigate why the statements keep getting returned.

3. I have been trying to remove the name of a former director as a signatory to a company bank account. The bank kept asking for various forms and “proof” that this signatory was no longer a director and no longer authorised to access the account. Even though I have done this (and had to pay for an accountant to sign a letter confirming the director has resigned their position), if the bank had bothered to look up the ASIC company register, they would see that this person was no longer a company officer. Meanwhile, the bank statements keep arriving addressed to the ex-director. Apparently, the bank’s own “systems” don’t talk to one another (a common refrain when trying to navigate legacy corporate behemoths).

In each of the above, the use of a Digital ID system would streamline the process for updating customer records, and reduce the risk of data vulnerabilities. But that requires effort on the part of the entities concerned – clearly, the current fines for data breaches and for misconduct in financial services are not enough.

Next week: AI vs IP  

 

Open Banking and the Consumer Data Right

Posted on by
Reply

While most of Australia has been preoccupied by things such as Covid-19 lock-downs, border closures, which contestant got eliminated from Big Brother/Masterchef, and which federal politician went to an NRL game (and depending on which State you live in), the ACCC has implemented the first phase of the Consumer Data Right regime (aka Open Banking).

The TLDR on this new regulation, which has been several years in the making, can be distilled as follows:

Banks can no longer deny customers the right to share their own customer data with third parties.

So, in essence, if I am a customer of Bank A, and I want to transfer my business to Bank B, I have the right to request Bank A to share relevant information about my account to Bank B – Bank A can no longer hold on to or refuse to share that information.

Why does this matter? Well, a major obstacle to competition, customer choice and product innovation has been the past refusal by banks to allow customers to share their own account information with third party providers – i.e., it has been an impediment to  customer switching (and therefore anti-competitive), and a barrier to entry for new market entrants (and therefore a drag on innovation).

Of course, there are some caveats. Data can only be shared with an accredited data recipient, as a means to protect banking security and preserve data privacy. And at first, the CDR will only apply to debit and credit cards, transaction accounts and deposit accounts. But personal loans and mortgages will follow in a few months. (And the CDR is due to be extended to utilities, telcos and insurance in coming years – going further than even the similar UK Open Banking scheme.)

Although I welcome this new provision, it still feels very limited in application and scope. Even one of the Four Pillar banks couldn’t really articulate what it will actually mean for consumers. They also revealed something of a self-serving and defensive tone in a recent opinion piece:

“Based on experience in other markets, initial take up by consumers is likely to be low due to limited awareness and broader sensitivities around data use.”

Despite our fondness for bank-bashing (and the revelations from the recent Royal Commission), Australians are generally seen as being reluctant to switch providers. Either because it’s too hard (something that the CDR is designed to address), or customers are lazy/complacent. In fact, recent evidence suggests existing customers of the big four banks are even more likely to recommend them.

For FinTechs and challenger brands, the costs of complying with some aspects of the CDR are seen as too onerous, and as such, act as another impediment to competition and innovation. Therefore, we will likely see a number of “trusted” intermediaries who will receive customer data on behalf of third party providers – which will no doubt incur other (hidden?) costs for the consumer.

Full competition will come when consumers can simply instruct their existing bank to plug their data into a product or price comparison service, to identify the best offers out there for similar products. (Better still, why not mandate incumbents to notify their existing customers when they have a better or cheaper product available? A number of times I have queried the rate on an existing product, only to be offered a better deal when I suggested I might take my business elsewhere.)

Recently, my bank unilaterally decided to change the brand of my credit card. Instead of showing initiative by offering to transfer my existing subscriptions and direct debits to the new card, the bank simply told me to notify vendors and service providers myself. If I didn’t request the change of card, why am I being put to the inconvenience of updating all my standing orders?

For real innovation, we need banks and other providers to maintain a unified and single view of customer (not a profile organised by individual products or accounts). Moreover, we need a fully self-sovereign digital ID solution, that truly puts the customer in charge and in control of their own data – by enabling customers to decide who, what, when, why and for how long they share data with third parties. For example, why do I still need 100 points of identity with Bank B if I’m already a client of Bank A?

Finally, rather than simply trying to make money from managing our financial assets, banks and others have an opportunity to ensure we are managing our financial data in a more efficient and customer-centric way.

Next week: Counting the cost of Covid19

 

 

 

30 years in publishing

Posted on by
Reply

It’s 30 years since I began my career in publishing. I have worked for two major global brands, a number of niche publishers, and now I work for a start-up. For all of this time, I have worked in non-fiction – mostly professional (law, tax, accounting), business and financial subjects. I began as an editor in London, became a commissioning editor, launched a publishing business in Hong Kong, managed a portfolio of financial information services for the capital markets in Asia Pacific, and currently lead the global business development efforts for a market data start-up in blockchain, crypto and digital assets. Even when I started back in 1989, industry commentators were predicting the end of print. And despite the best efforts of the internet and social media to decimate the traditional business models, we are still producing and consuming an ever-growing volume of content.

The importance of editing and proofreading still apply to publishing today…. Image sourced from Wikimedia Commons.

The first company I worked for was Sweet & Maxwell, a 200-year-old UK law publisher. In 1989, it had recently been acquired by The Thomson Corporation (now Thomson Reuters), a global media and information brand, and majority owned by the Thomson family of Canada. When I began as a legal editor with Sweet & Maxwell in London, Thomson still had newspaper and broadcasting interests (the family continues to own the Toronto Globe & Mail), a directory business (a rival to the Yellow Pages), a travel business (comprising an airline, a travel agent and a tour operator), and a portfolio of publishing brands that ranged from the arts to the sciences, from finance to medicine, from defence titles to reference works.

Thanks to Thomson, not only did I get incredible experience from working in the publishing industry, I also got to start a new business in Hong Kong (which is still in existence). This role took me to China for the first time in 1995, including a couple of private lunches at The Great Hall of The People in Beijing. The Hong Kong business expanded to include operations in Singapore and Malaysia – during which we survived the handover and the Asian currency crisis. I also spent quite a bit of time for Thomson in the USA, working on international sales and distribution, before joining one of their Australian businesses for a year.

Given the subscription nature of law, tax and accounting publishing, many of the printed titles came in the form of multi-volume loose-leaf encyclopedias, which required constant (and laborious) updating throughout the subscription year. In fact, as editors we had to forecast and estimate the average number of pages required to be added or updated each year. If we exceeded the page allowance, the production team would not be happy. And if the number of updates each year did not match the budgeted number we had promised subscribers, the finance team would not be happy. So, we had a plethora of weekly, monthly, bi-monthly, quarterly, semi-annual and annual deadlines and schedules to manage – even today, I recall the immense relief we experienced when we got the CRC (camera ready copy) for the next release back from the typesetters, on time, and on budget…

This blog owes its title to something that senior Thomson executives liked to proclaim: “Content is King!” We were still in the era of media magnates, when newspapers (with their display and classified advertising) had a license to print money – the “rivers of gold” as some called it. But as the internet and online search came to determine how readers discovered and consumed information, the catch cry became “Content in Context!”, as publishers needed to make sure they had the right material, at the right time, in the right place, for the right audience (and at the right price….).

Of course, over the 12 years I was at Thomson, technology completely changed the way we worked. When I first started, editors still did a lot of manual mark-up on hard copy, while other specialists were responsible for technical editing, layout, design, indexing, proofreading and tabling (creating footnotes and cross-references, and compiling lists of legal and academic citations). Most of the products were still in printed form, but this was a period of rapid transition to digital content – from dial-up databases to CD-ROM, from online to web formats. Word processing came into its own, as authors started to submit their manuscripts on floppy disk, and compositors leveraged SGML (Standard Generalized Markup Language) for typesetting and for rendering print books as digital documents. Hard to believe now, but CD-ROM editions of traditional text books and reference titles had to be exact visual replicas of the printed versions, so that in court, the judges and the lawyers could (literally) be on the same page if one party or other did not have the digital edition. Thankfully, some of the constraints disappeared as more content went online – reference works had to be readable in any web browser, while HTML enabled faster search, cross-referencing and indexing thanks to text tagging, Boolean logic, key words and embedded links.

The second global firm I worked for was Standard & Poor’s, part of the The McGraw-Hill Companies (now S&P Global). Similar to Thomson, when I started with McGraw-Hill, the McGraw family were major shareholders, and the group had extensive interests in broadcasting, magazines and education publishing, as well as financial services. But when I joined Standard & Poor’s in 2002, I was surprised that there were still print publications, and some in-house authors and editors continued to work with hard copy manuscripts and proofs (which they circulated to one another via their in/out trays and the internal mail system…). Thankfully, much of this time-consuming activity was streamlined in favour of more collaborative content development and management processes. And we migrated subscribers from print and CD-ROM to web and online (XML was then a key way of streaming financial data, especially for machine-to-machine transmission).

Working for Standard & Poor’s in a regional role, I was based in Melbourne but probably spent about 40% of my time overseas and interstate. My role involved product management and market development – but although I no longer edited content or reviewed proofs, I remained actively involved in product design, content development, user acceptance testing and client engagement. The latter was particularly interesting in Asia, especially China and Japan. Then the global financial crisis, and the role of credit rating agencies such as Standard & Poor’s, added an extra dimension to client discussions…

After a period as a freelance writer and editor, for the past few years I have been working for a startup news, research and market data provider, servicing the growing audience trading and investing in cryptocurrencies and digital assets. Most of the data is distributed via dedicated APIs, a website, desktop products and third party vendors. It may not sound like traditional publishing, but editorial values and production processes lie at the core of the business – quality digital content still needs a lot of work to capture, create and curate. And even though the internet gives the impression of reducing the price of online content to zero, there is still considerable value in standardizing, verifying and cataloguing all that data before it is served up to end users.

Next week: You said you wanted a revolution?