Friday, September 4. 2015
I have written a fairly detailed analysis of the impact of Transaction Costs on New Ways of Working on the Agile Elaphant blog, its a response to Esko KIlpi's essay that is part of the O'Reilly WTF project.
I never know whether to reproduce the full text on both blogs, but usually don't - the full essay is thus over there, but here is the expurgated version. In essence, KIlpi's contention is that technology is dropping transaction costs outside the Firm faster than within it (There is a more detailed explanation of Ronald Coase's Transaction Cost dynamics of Firms in the other post), and thus the structure will shift from Firms as intermediaries between customers & suppliers to other economic entities. Kilpi argues:
What really matters now is the reverse side of the Coasean argumentation. If the (transaction) costs of exchanging value in the society at large go down drastically as is happening today, the form and logic of economic entities necessarily need to change! Coase’s insight turned around is the number one driver of change today! The traditional firm is the more expensive alternative almost by default.
I have some caveats with this line of reasoning, however:
Firstly, ”If” – as in “If the (transaction) costs of exchanging value in the society at large go down drastically”. This “If” has a rider, which is there will only be a shift "Also If" the transaction costs of Firms do not reduce, i.e. are not equally affected by these same technologies. If those In-Firm transaction costs also go down, using the same sorts of technology, then there will not be a great shift to "exchanging values in the society at large".
Secondly, what are these replacement economic entities going to look like when the firm sheds transcations? Who will operate and own them? Will they be bedded in the "society at large" or not? There is an implication in Kilpi's work that these are not intermediary structures, and the overall WTF essay assumes they will be set in some new style of (implied more egalitarian) network, as many of the Sharing Economy proponents believe.
However, if you look at the example given in the essay as a harbinger of the new – Uber – this is clearly not really the case. Uber is clearly just another Firm. As to value exchange, it remains a centrally placed intermediary. All links lead to and from Uber. All transactions (logistical and financial) are routed through Uber's servers, within its own network. If this is a network economy, it is a highly centralised and closed network, with all nodes owned and run by Uber. All that "society at large" is doing is supplying or ordering a taxi ride and paying for it at the edge of the network, as it did before, just that now its ordering by App transactions rather than 'phone or hail ones.
In this case one "traditional" Firm, the original Taxi Company (or in fact many Taxi Companies), have just been replaced with another, newer, one - Uber. A new Firm has used new technology to reduce the transaction costs in a well worn existing business model (order taxi - route taxi - pay taxi) and is now using good old fashioned In-Firm competitive advantage to take market share from existing Firms with higher transaction costs. Uber only needs a “very different kind of management” insofar as it is managing more machines, less people in its workflow. It's network is a good old heirarchical network, just more automated.
Same web, different spider.
In summary, my view of the piece is that it risks falling into the Panglossian pattern of assuming that any change will deliver the best of all worlds possible, ie the replacement to The Firm will be a better thing. But it's far from clear that Uber at al are "better things", as a large proportion of their cost savings come not from the technology driven transaction cost reductions from ICT, but the labour and regulatory savings they use by arbitraging current laws and regulations.
And this has been true overall in "Innovationary Business Models" for many a decade. The big driver of outsourcing and offshoring was lower regulatory and labour costs, especially in developing countries, and not the transaction cost reduction from adoption of ICT on every desk and cheap global telephony. What has really changed in UberFirms is who the employees nominally work for, their working conditions, and which regulations the UberFirms believe they can avoid.
However, there is already starting to be pushback from existing competitors, regulators and employment institutions to ensure a more equal playing field. This is why, as these efforts are starting to level the field, some of the Uber-alles plays have already had to shut up shop. Uber's own model is under attack and it is having to shift more of its resources into lobbying, undercutting competitors and public pressure to keep the arbitrage gap open (....long enough to IPO at Unicorn valuations ).
In short, its not quite clear how sustainable the UberFirm model really is. Most do not have the database Google has, the warehouses Amazon has, or the music rights Apple has. They have a temporary advantage via regulatory arbitrage, but that will go, sooner rather than later, I think. They have freelance taxi drivers (or name your UberClone service supplier type here) and customers, but both of these are free agents and as faithful as the next service drop needed. They have a matching algorithm and an App, and can take credit card payments, but this is not rocket science to build.
I was having a useful Twitter discussion with fellow London blogger & VC Nic Brisbourne about current players competing by adopting some of the same technologies/working practices He made the good point about scale, i.e. - taking Taxis for an example again - how big do you have to be before you can implement Uber technology and counter them. Nic's other argument is that a large player gets a network effect in attracting customers
Its hard to tell, but the predictions I would make for taxis are:
- There is a declining benefit curve - ie at some point, far smaller than a Global Uber, you can offer a similar service at a competitive price.
- I'd wager a "London Cab App" would be useful enough and big enough for 14m Londoners, thats a big enough market in a cloud driven world where nearly everyone has a smartphone. Sure some Global Warriors would want a Global TaxiCo, but most people on the planet would run with one from their city nearly all of the time. Question of course is will anyone build a London Cab App service.
- Over time, as technology develops, it will get easier to offer services at even smaller scale so even more local cab co's can offer similar services.
In short, its not impossible that today's Taxi firms will still be tomorrow's.....I'd also bet that this set of observations is largely applicable to most of the prospective UberFirms
Lastly, I can't see any scenario where the Work -The Future is dominated by a rosy world of societally value additive sharing networks, and that talk of the extinction of Firms is somewhat premature.
Thursday, September 3. 2015
This is a lovely piece in Vanity Fair about whether there is an emerging Silicon Valley Bubble or not. They report on Andreessen Horowitz' Scott Kupor's recent talk:
It always is....or at least the reasons why "it's different" are different every time anyway The piece continues:
.....and charts highlighting the decrease in tech I.P.O.’s, the metric that eventually pierced the froth in March of 2000. Back then, a company went public almost every single day; now it was down to about once per week. This time around, he noted, the money was flowing backward. Rather than entering a company’s coffers in the public markets, it was making its way to start-ups in late-stage investments. There was little, he suggested, to worry about.
At this point may I raise the Mandy Rice Davies riposte....
We first saw early bubble signs in 2010, the hardest thing is to work out "when" it will pop. I'm a great believer in 7 year cycles from genesis to nemesis because its a mystical number with a great pedigree, every 7 years the Queen of Faerie pays a tithe to Hell, and besides its the 4th prime number and I like 4 as well:)
Maybe a better strategy than trusting amateur numerology is to try and avoid the fallout - the article quotes Marc Cuban, who points out:
“The biggest of all losers will be anyone who has borrowed money to invest in private companies,” he told me. “You were stupid. You blew it. You lost. That simple.”
Chances are though, that the biggest losers will be the "other people" when those investors that use "other people's money" invest, too late in the cycle, without really understanding the game.
Thursday, August 27. 2015
No sooner to we pontificate on MumsNet et al on Monday, than they hit the headlines again with a second DDoS attack within a week, brought the system down on Monday night - Times:
Mumsnet has been hit by a second wave of cyberattacks after a hoax campaign this month led armed police to the home of its founder.
From an information security point of view it's an "interesting" problem - the truth is that people with IT skills can create quite a sophisticated digital attack these days at fairly low cost and effort. The big players spend a lot of money on their defences, but how does a "midcap" digital enterprise protect itself without spending all its money on sophisticated technology and an army of skiled techies?
From what has been written so far there seem to be three main areas to look at:
(The Swat attacks are reprehensible, but they are not specifically due to system hacking per se - that has a separate risk profile, ie the amount of personal data that is publically available and triangulatable - see a talk we gave on that over here)
Surviving DDoS attacks is non trivial, but it is the simplest problem to solve, as it is purely technical - in essence one needs a hybrid architecture of a scalable cloud based infrastructure to be able to deal with the volumes, and an on site system that keeps the lights on and is watching for the probe hacks that will often come under the cover of the DDoS.
Data theft attacks are more subtle, and hackers often use the confusion created by a DDoS. If a company is hacked, it is highly likely that links will be redirected to false sites in order to phish for more data. This data often comes in droves after a DDoS attack as people try to log in to re-establish contact while there is still systemic confusion. The "worst case" attack is that an internal system has been subverted, typically a careless (or occasionally malicious) employee is the problem. This is exacerbated by modern "bring your own device" policies. In these cases they key is to ramp up secure procedures and discipline, and unfortunately also impacts users.
But ultimately, the cost of maintaining continual high security is, well, high, and no system is 100% secure against determined attack - it is also necessary to try to neutralise both the reasons for being attacked, and/or the attackers. It would appear that it's some posters on MumsNet who say things that these activists don't like, and thus the activists are mounting these attacks. The problem with activists (of all stripes) is that they probably won't go away anytime soon. As yet its not clear where they are coming from, but it is even harder to manage this process if attacks are coming from other countries.
We think this will be an emerging trend, the use of (fairly low cost & effort) cyber-attacks to stop people one doesn't agree with having their say (or in the case of Ashley Madison, doing things one disagrees with) as it plays to an increasing tendency towards online polarisation and intolerance. Unfortunately the "systemic" endgame solutions will be some time away - which doesn't help the companies being attacked early up. MumsNet has some tough decisions to make on content vs discontents.
Monday, August 24. 2015
We have been reflecting on the data breaches at Mumsnet and Ashley Madison as well as the user revolt over Spotify’s attempt at a data land grab. We are still at the start of the information age and users are still learning the value and power of personal data. We believe that there are some lessons to learn here.
Lesson 1 - nothing is secure! We should know this by now! Even the NSA is not secure, as Edward Snowden helpfully demonstrated. Once you have given your information to a third party you have lost control of it, so take care about who you trust and what you tell them. For example, does my cable company need to know my real date of birth? Invent an “Internet Birthday” and only tell banks and governments your real DOB (banks so your credit check works and governments as they get grumpy when citizens don’t co-operate!)
Ashley Madison were bordering on the insane to claim (as reported by the Independent) that their servers where “kind of untouchable”. The only untouchable server is turned off, buried and disconnected!
Even after the data breach, the Ashley Madison website has pictures of padlocks and assurances of discretion. However, if you think that the value of the information to the user and compare it to the funds available to Ashley Madison to keep it secure, it doesn’t add up. The fact that a user’s email is “on the list” has potentially life changing consequences. At least, it will risk their relationship and family. Some people might say that they deserve that, although for the purposes of this post, we are not making moral judgements and just considering the relative value of information in different contexts. However, most people would be concerned about those users who have listed gay preferences and are therefore exposed to physical danger in the countries where they live (as reported in the same Independent article.)
Of course, if you live in the wrong country, there are all sorts of lists that might get you into danger. Political activism in repressive countries is one of the things that the TOR Router was invented for, although it’s better known in the mainstream media for facilitating unsavoury transactions on the “dark web”. Data security is not the same as anonymity and in the case of paid-for services, anonymity is only an option if you can pay by Bitcoin.
Lesson 2 - users should consider how damaging a piece of information would be if revealed. This is really a variation on lesson 1, but with an emphasis on risk management. Because we mediate an increasing proportion of our lives via the Internet, there is more and more information that could potentially be taken out of context. This might be a youthful indiscretion posted on social media and picked up by a potential employer. It may be photos intended only for your partner. It may be that you are on a list of activists or a site like Ashley Madison. Most people would not want any of these things shared, but users can be naively trusting. You need to ask if the protection of said information will be given the same priority as you would give it and given the persistent nature of digital information, for how long?
The Mumsnet Data Breach provides an interesting contrast. Although users may have been inconvenienced by the breach, there is nothing on Mumsnet that anyone would be ashamed to own up to, or at least is not in (semi) public view already. From the reports, the only valuable information that seems to have been revealed from Mumsnet are personal details such as user email / password combinations and some postcodes. As Mumsnet have reset all their passwords, this only becomes a problem for users that use the same password for many sites. Unfortunately a depressing number of people do this and are vulnerable to breaches and phishing.
Lesson 3 – use a different password for each site. If you can’t remember that many passwords, append your password with some letters from the site name e.g. “passwordMU” (by the way “password” should not be used as a password!) This approach will stop automatic bots from reusing your password on other sites. Alternatively, use the browser function to store passwords. I would recommend Firefox as it allows you to share passwords across several systems using a “zero knowledge” protocol, meaning that their servers can never know your passwords (even if hacked.)
I haven’t talked about banking or financial websites and apps so far. From a user’s point of view (at least for the time being) the risk is more about inconvenience that loss of funds. The banks are still bearing the loss of data breaches to keep consumer confident in on-line banking. To be fair to the banks, there are also improving on-line security with two factor authentication as standard for most on-line banking systems.
Lesson 4 - Email addresses are not secure identifiers. As email addresses are public, it’s quite easy to “borrow” email addresses. Spammers do this all the time as real email addresses stand more chance of traversing spam filters, especially if they are previously known to the intended recipient. There are reports that some of the email addresses on the Ashley Madison list were not put there by their legitimate owners. Of course, they would say that wouldn’t they! However, I am inclined to be sympathetic to such claims as Ashley Madison did not require emails to be verified and their “freemium” model is likely to attract “spam” profiles. These may be to initiate “Nigerian” scams, build botnets, etc.
Lesson 5 - This is well made by Paul Mason in the Guardian and is about the value of aggregated data. The examples of passwords and specific data points (“this user is an adulterer”) are easy to see. What is less obvious is how seemly innocuous data (location, buying patterns, etc) can by combined to make predictions about users and gather intelligence. On one level this is just creepy. For example, predicting women are pregnant before they know themselves. However, given what we know about the power of loyalty cards, it is more than likely that harvesting such rich data will give huge insight into our behaviour and intensions, conscious and unconscious.
We are moving towards a world of “total information awareness” - in fact, the name of a post-9/11 spying programme but nicely descriptive. Although recent events have highlighted the risks, there could be many positive sides. For example, your doctor could call you to say that you might be ill, rather than the other way around. However, we should go into this brave new world with our eyes open.
Thursday, August 20. 2015
Grauniad reports that Google now has to cut links ti stories talking about the right to be forgotten:
I wonder if Google will be ordered to to remove links to our story about '‘right to be forgotten’ removal stories own ' removal stories'. Ah, the curse of recursiveness....
But this is the EU law - so of course, by using a Google browser from another country or Google.com this will not happen, as it does not apply (Yet - the EU is trying to make Google implement Right to be Forgotten across all its assets).
Or just access another browser without assets operant in the UK that needs not follow the law - DuckDuckGo, for example.
Quack Est Demonstratum...
Wednesday, August 19. 2015
Comparison of Byzantine and Osmanli Leadership Social Networks
I've been looking at research around what can be discerned about organisations and their effectiveness due to various organisation structures, and this paper, Calculating Byzantium, by Johannes Preiser-Kapeller
of the Institute for Byzantine Studies, Austrian Academy of Sciences came up. Compared to much of the worthy stuff and (frankly) dross I've been reading, it was fascinating, just the sort of thing Broadstuff readers may enjoy. The other useful thing about networks of the past is that you know what happened next, so thay are, to some extent, predictive.
It has a section looking at the social networks of the Byzantine Emperor and the Osman Turk statelet (one day to be the Ottoman Turks) who were eventually to overrun Byzantium (there are also some other interesting sections about calculating ancient social networks, fits nicely into Jared Diamond & Robin Dunbar's work).
The two commanders' network diagrams are shown in the picture above, and what is clear is the Turkish command system is smaller and - looking at the stats (see below) has many advantages. The paper notes that:
It's easy to jump into the assumption that the Turks are far more integrated, clearly far more information can be moved fast, and thus the Turkish system is more flexible, more responsive, more effective, and the inevitable Fall of Byzantium is merely a matter of time (took c 100 years from this period to get parity, mind you, and another 100 to finally take Byzantium out - a lesson that big old dinosaurs are still no pushover for fast moving startups).
But there are a few caveats:
Firstly, Byzantium at this time was a bigger, far more complex state than Osman's Turkish statelet so needed more people to run it and - very unusually - was running with 2 Emperors (older one + nephew) and broke into a ruinous civil war in 1328 (half way through this map's timespan) so the network would be massively bi-modal, with 2 opposing camps, by definition.
Secondly, the Byzantine system had been relatively stable for 800 years (just how they managed that that would really be worth studying) so its not a slam dunk that Osman's system was "better", Byzantium had seen the likes of Osman (and far worse) come and go many times over the centuries. Arguably he got lucky, being around just at the time the Empire was busy tearing itself apart (and Andronikus II was by all acounts one of the crappest Emperors they ever had) and other challengers - the Venetians, Bulgarians and various Latins - were also attacking it at the same time.
Thirdly, as the paper notes, in Osman's network "the potential flows of power and resources are more centralised in the hand of the ruler". This works if the leader is able, and can keep on top of the decision flow. Not so good a system if the leader is not so able, and/or the system becomes more complex.
If there was a modern lesson for the "flexible structured, small and nimble giant killer startup school" its that its not enough to be just that to succed, your large and ossified dinosaur opponent also needs to be in total disarray internally, and probably beset on a number of other fronts simultaneously. That the Ottoman state system started to look more and more like the Byzantine as it grew is a salutary lesson.
Or, to rephrase, that the [Insert your favourite Unicorn] system started to look more and more like the [insert your most hated Corporate Dinosaur] as it grew is a salutary lesson.
Thursday, August 13. 2015
It would appear Facebook's Messenger service not only knows your location, but packages it in the data stream when polled. The fate of the prospective Facebook Intern, Aran Khanna who found this out and built an App on the back of it, however, is more interesting - Boston.com:
The app also showed the locations, which were accurate to within three feet, in a group chat with people he barely knew. That meant complete strangers could hypothetically see that he had messaged them from a Starbucks around the corner, while he could see that they had messaged from their dorms.
And, in classic Facebook one step back, two steps forward mode, after Shooting the Messenger (App Maker) they then...
...released a Messenger app update trumpeted as follows in a news release: “With this update, you have full control over when and how you share your location information.”
The lesson, should you wish to learn it - again - is that Facebook's view on your privacy is to exploit it until caught at it, and even then to try everything to keep it ongoing.
The other lesson, of course, is that Social Media SNAFUs must always be blamed on the Intern
Wednesday, August 12. 2015
The Online Trust Alliance — a group made up of such staunch civil liberties and privacy advocates as Target Stores (?), Microsoft and home security firm ADT — on Tuesday released a draft of its IoT Trust Framework (PDF), which offers voluntary best practices in security, privacy and what OTA calls "sustainability" (read "lifecycle management") for home automation, and wearable health/fitness technologies.
More about it here, in summary:
The OTA guidelines set a high bar for IoT device makers. On the security front, the framework calls on manufacturers to employ end-to-end encryption, including device connections to mobile devices and applications and wireless communications to the cloud or other devices. Device makers should include features that force the retirement of default passwords after their first use and to configure multiple user roles with separate passwords for administrative and end-user access.
About time. Of course, it means tearing up some of the favoured #IoT business models du jure, so will probably be seen more in the breach than the observance, but it's a start.
Sadly, the one thing we have learned about the Consumer from countless loyalty schemes and social media systems is that they largely don't understand the importance of privacy and will sell their data for a pittance.
Tuesday, August 11. 2015
Google has become Alphabet - Grauniad:
The tech company announced on Monday that it would rebrand itself as Alphabet – a new holding company whose largest wholly owned subsidiary will be Google.
It's being spun by the more breathless pundits as Being Different, being Google-ley, and there to guarantee innovation. Clearly spinning out the non core businesses into small "start up" units outside the main engine helps ensure they don't get squashed by the main business, but making it structurally visible to the market is the last thing you want to do to "fostsr innovation" - it gives your shareholders visibility of how much of their fmoney you are blowing on moonshots" Thus this move is probably more a prosaically conventional old school thing, as the Grauniad notes:
The tech giant has come under pressure as its founders have used the enormous success of its search engine to fuel riskier bets on autonomous cars, smart household devices, internet-delivering balloons and cutting edge medical research. The major restructuring will ostensibly give investors greater insight into how the money is being spent.
It will be interesting to see how transparent it will be.
PS Interesting that Android is still within Google, there is very little similarity in those businesses
Friday, July 31. 2015
Uber is now valued at $50 bn - WSJ:
Uber Technologies Inc. has closed a new round of funding valuing the five-year-old ride-hailing company at close to $51 billion, according to people familiar with the matter, equaling Facebook Inc.’s record for a private venture-backed startup.
This is...extraordinary, for a business that essentially bases all its economic value on arbitraging a section of the labour market, essentially the newly emergent (and thus poorly regulated) zero-hours-contract, dead end contract job market, or whatever the equivalent is in whichever country you look at. History tells us this will inevitably be regulated at some point in OECD countries.
Plus, all public service markets (like taxis, hotels etc) were eventually regulated to protect providers (eg drivers) and customers (eg passengers) after the inevitable high profile abuses, this one will be too at some point. (The recent scalping of Uber customers in London during the Tube strikes didn't help their cause)
But also what also fascinates me is the view is that it is a sustainable high margin business among many people who really should know better, i.e. those handing over the money at these values, with all that implies. The dream is that efficient algorithms match supply to demand and the customer pays the value added surplus. That is fine in startup scale, when most customers are time starved salarimen with brass in pocket, buts its not a mass market proposition. The cost of running a taxi is little different no matter who is running it (unless you want people to skimp on all those regulated issues like maintained cars, drivers licences etc...), so when it tries to scale to this valuation it is going to have to offer rides to teh kless cash-flush hoi polloi. So unless Uber is being run as a not for profit (and the $50 bn valuation rather belies that) then the bulk of the money taken out of the business model will be from the drivers' wages. And when that is dis-allowed (see - skimping, abuses, etc above) , where are the margins and who takes the hit?.
I guess its more that the backers are betting on Uber being able to
Do you believe this will lead to higher or lower standards in the industry? Do you believe that there will be public pressure to regulate this part of the taxi industry? Do you believe it will come sooner, or later?
Answers on a share application form for the impending IPO.....
BTW - there is an implication for all those building the "Uber for X", they maybe better think carefully about their business model (or their IPO date), as it will probably have the same (low) returns that the other regulated players they are trying to disrupt have, unless there is some other cost pool in that X value chain they can take surplus from other than arbitraging unregulated labour. (Hint - one doesn't get Unicorn values if one takes it from one's own cut...)
*Definition of IPO post Facebook - to sell unicorn-poo for a lot of dollars to those people who believe in unicorns
(Page 1 of 278, totaling 2777 entries) » next page
More Broad Stuff
Poll of the Week
Will Augmented reality just be a flash in the pan?
Creative Commons Licence
Original content in this work is licensed under a Creative Commons License