I spent the day Tuesday at the Civic Media conference, put on annually by the MIT Center for Civic Media and the Knight Foundation.  In addition to being a gathering of a fabulous community of civic hackers and builders, it's also where Knight announces the winners of the NewsChallenge grant contest each year (here are this year's winners, in the category of "strengthening the internet") Closing out the conference was Joi Ito, head of the Media Lab (and also on the Knight board).  I always love listening to Joi speak, and reading his writing.  He is like the Yoda of open innovation.  The force is strong in him. In his remarks, he lays out his 9 principles for guiding the Media Lab into the future, which really double as 9 principles for open innovation. They are:

• Resilience over strength (I would actually change this to "resilience over rigidity")

• Pull over push

• Risk over safety

• Systems over objects

• Compasses over maps

• Practice over theory

• Disobedience over compliance

• Emergence over authority

• Learning over education

This video is the best example of how I try to think about the world, and how I try to work, as I can think of.  It's speaks to the USV investment thesis, to the ideas behind Regulation 2.0 (in particular resilience over strength and emergence over authority), and to the impacts that the web is having on every sector of the economy. Here's his talk -- it's 27 minutes worth watching, for a pure dose of Joi's philosophy of innovation and the internet:

Yesterday, the FCC met to vote on its notice of proposed rulemaking regarding the Open Internet.  As was generally expected, the commission voted, along partisan lines, to move forward with their plan for Open Internet rules — a plan that, as currently designed, would allow for fast lanes and slow lanes on the Internet.  (You can see the summary fact sheet here and the full notice here). There are really two issues: 1) Should we be striving for an open internet — more specifically, should we ensure that everyone has open accessto the internet, unrestricted by internet access providers; and 2) How do we achieve that On #1, I would encourage everyone to watch Chairman Wheeler’s remarks from yesterday’s meeting (embedded below). I was struck by how dead-solid he came out with a yes to that question.  He spoke emphatically of “One Internet” and of enumerated all the ways he would stand up to internet access discrimination. The issue is #2.  The FCC’s current plan is big trouble. But the win, incremental as it may be, is the rather dramatic shift in tone that the Commission has taken — specifically, explicitly considering reclassifying internet access providers as “common carriers”.   The pressure from internet activists, tech companies (both at the applications layer and the transit layer), and investors, has had an impact. After yesterdays FCC meeting, I joined a press call and gave the following statement:

Union Square Ventures is a venture capital firm that manages $1B in assets and invests in the applications layer of the internet — apps like Twitter, tumblr, Etsy, Foursquare, Kickstarter, SoundCloud, and many more. As investors in internet applications, we’ve seen firsthand how the level playing field for startups that has existed with the open internet has been critical to the explosion of innovation and investment over the past decade. And we also know how an environment controlled by gatekeepers with end-user monopolies can stifle investment and innovation. That’s why we joined over 100 other VCs and internet investors in communicating this to the FCC and Chairman Wheeler in a letter last week.  Collectively, we manage billions of dollars in investment capital and have invested in internet applications with hundreds of millions of users.  And every one of these services started as a tiny company with virtually no resources, and very little chance of succeeding, even before worrying about discrimination and blocking from Internet Access Providers. At today’s meeting, we were pleased to hear the passion with which the Chairman voiced his support for unfettered, open access to “one internet”.  It’s clear from his remarks that he believes in the value of, and the need for simple, enforceable rules that protect a wide-open marketplace for internet applications. Clearly, the debate over the next six months will focus on how best to achieve that goal. There is substantial concern that the FCC will not be able to practically achieve its open internet goals under its section 706 authority, which means that looking closely at an approach under Title II of the communications act is a logical next step. So, we look forward to engaging in that discussion, with the FCC, with the startups and other investors we work with on a daily basis, with carriers and with the public that is building more and more of their lives on top of the open internet every day.

So we will see where this goes.  Starting now, and through July 15, the doors are open at the FCC for lobbying and public comment. One thing you can do today is write a letter to the FCC, stating what the open internet means to you:www.dearfcc.org. The important thing is to keep up the pressure.

Over the weekend, FCC Chairman Tom Wheeler sent a response to the letter that over 100 VCs and angel investors submitted last week.  In the letter, we stressed the importance of an open internet as a foundation for the stunning levels of investment and innovation we’ve seen in the internet applications sector over the past decade.

You can read Chairman Wheeler’s response here (also embedded below).  It reiterates high level support for an open internet and states that all options, including Title II reclassification of internet access providers, are on the table.  The latter part is the key — with the FCC going on the record that a discussion Title II reclassification will be included in the upcoming Notice of Proposed Rulemaking (NPRM).

This letter, combined with the reports over the weekend that the FCC may be revising its approach to open internet policy, are, at the very least, a step in the right direction and an opening in the conversation.  But there is still a long way to go on this issue, and a lot of work to be done over this conversation continues over the next few months.  The next step is the publication of the NPRM at this Thursday’s Commission meeting.

For those who are just jumping into the conversation, here is some good background reading:

 * Tim Lee’s explanation of how payments for traffic on the internet work, and why what the ISPs are attempting to do disrupts the whole model

 * AT&T’s filing, arguing against open internet rules

 * Jon Brodkin’s (Ars Technica) coverage of the reaction to AT&T’s letter (Jon’s coverage of this issue is a great place to follow the goings on)

 * Barbara van Schewick’s breakdown of the issue, including concrete examples of threats & harms posed by a non-open internet.

And finally — a concrete action to take, if you haven’t already, is to sign the White House petition in support of an open internet.

Over the past few weeks, the future of the open internet has come into sharp focus, as the FCC’s 2010 open internet rules were struck down in court, and then plans for new rules from the FCC came into public view.  Amidst fears that the internet is f**ked, debate has raged about what this all means for internet users, entrepreneurs and investors. Today, we are joining a group of about fifty over 100 VCs and angel investors to voice our concern to the FCC as they consider how to proceed -- specifically, regarding the impact that we expect a retreat from open internet rules to have on internet innovation. It’s undeniably clear that the Internet has been an insanely fertile platform for innovation and investment over the past ten years.  It’s less well understood that during that time, internet access providers have operated under a de-facto state of open internet policy (dating from this 2005 FCC memo), even before the 2010 formalized open internet rules were announced. This open market environment has made it possible for tiny startups to build global platforms.  For example, it allowed Foursquare to get to 100,000 users on $25,000 dollars and Tumblr to reach millions before they hired their 10th employee.  They were able to compete on equal terms with the largest incumbents, and gain the love of users purely on the merits of their service. And we’ve seen how the shift in the mobile landscape from a carrier-controlled market to an app platform market, with the launch of the iPhone in 2007, has blown open the mobile market for innovation and investment.  We’ve also seen how, as mobile app platforms exert more control and restrict access to the market, the cycle of innovation slows. So today’s letter states our hope that the FCC will weigh all available options when considering how to maintain the most competitive, vibrant market possible for internet applications. You can read the letter here (also embedded below).  We pulled this together quickly over the past 24 hours, and weren’t able to directly reach as many VCs and other investors as we would have liked, so will gladly welcome additional signatories throughout the day today before we formally file this with the FCC tonight. Email nick [at] usv [dot] com if you’d like to join. This debate is just picking up, and it will be critical for everyone who cares about innovation on the internet to wrap their heads around this issue, and engage on it, as the FCC runs its rulemaking process through the summer and fall.  

Today I turn 35. 30 was certainly a milestone, but somehow 35 feels more solidly different than 30 did (or maybe I’m just 5 years in to being used to 30-level grownup-ness).   Closer to 50 than to 20.  Gives me shivers thinking about it that way. For a while now, it’s seemed that every coming year, with its associated challenges and opportunities, has been more interesting and more rewarding (though not necessarily easier) than the previous one.  I hope that continues. And as much as it feels weird to be entering middle-ish age, it is also solidly amazing to be spending time with my family as my kids become little people (they are 2.5 and 4.5 now), and to be continuing to explore new frontiers at work. It’s also odd to be entering an era where I can start to actually remember my parents at that same age.  Not quite yet — my dad was 41 and my mom 36 when I was born — but getting close.  There is something crazy about that. On this day that’s supposed to be about me, I will just say thank you to everyone who has helped me get this far, who has helped make life possible (mom and dad!), interesting, challenging :-), and fun.  Here’s to more.

The sole is starting to peel of from my snow boots, so I'm in the market for some shoe goo or Gorilla Glue.  I'd really like to get it today because the flapping sole is getting annoying. As I was thinking about this just now, I realized that I don't know how to shop anymore. In other words, I don't have the faintest idea how to buy shoe goo, today, in a real place.  I guess 10 years ago I might have googled for shoe stores or department stores, and then called them, but I can't possibly imagine doing that now. My (and I know I'm not alone) go-to now is to order on Amazon and forget about it for a day or two.  That is really easy and works for almost anything.  But it's not the same as getting it today.  And I'd really prefer to buy from a person in a place if I can. For example, I needed a watch battery for a garage door opener.  Rather than try to figure out where to buy that in the real world, I ordered it on amazon and waited.  That seems silly for such a tiny thing, that is actually available in lots of places. What i would really like is a shopping interface like amazon, but that just points me to local merchants.  Someone I can walk to on my way to the subway. You are probably saying: but google shopping already does this!  And you are right, sort of.  They do offer a "find in stock nearby" option -- but the problem is that it's only got big box stores and dedicated e-commerce sites.  My guess is that there is a bottle of Gorilla Glue closer to me than the nearest Home Depot. The folks at TalkTo are one group that's approaching this problem -- by surfacing answers to the"is this in stock" type questions via a phone-to-web interface, and publishing them online. It would be great if this, or something like it, works, and I can learn to shop locally again.

Today I signed up for TSA Pre-Check.  I gave the some (rather minor) details about my background and scanned my fingerprints.  In two weeks, I'll get a known traveler ID, and will then be able to skip the line and keep my jacket/shoes/belt on when traveling domestically. Convenience in exchange for surveillance.  It's a trade I'm gladly willing to make, in this case. This touches on a bigger question that's been on my mind recently, especially in regards to regulation 2.0, which is: are we trading total freedom for total surveillance? That's a provocative way of putting it, but to some extent that's at the heart of what's happening now, as we develop new systems for establishing & maintaining trust, both in the private sector (on platforms like ebay and airbnb) and in the public sector (regulations like business and driver licensing). I've put it like this before:

Another way of describing this is: 1.0: establish trust by passing an up-front test (i.e., licensing) 2.0: establishing trust by tracking and publishing your activities (i.e., surveillance) So, in the case of ebay, airbnb, etc the idea is: have at it, start transacting, with a relatively low barrier to entry; but everything you do will be tracked and analyzed, and used to build your reputation and trustworthiness in the long run.  Freedom to act & transact, in exchange for data-driven accountability. There are lots of reasons why this model is incredible and groundbreaking.  First off, it's scalable.  1.0 / licensing-based schemes require a ton of overhead, and can easily be overloaded at high capacity. 2.0 regulation is less expensive and completely scalable.  Secondly, it lowers the barrier to participation, making it easy to get started and experiment.  Whether you're selling baskets on etsy (that could one day become a huge business) or starting a blog (which one day could become the huffpo) this low barrier to entry is one of the key characteristics of web-enabled innovation.  So, we want to preserve and enhance both of those. BUT, there is a tension here, which is that innovation/creativity/experimentation means -- by definition -- stretching/breaking boundaries and acting outside of the status quo.  So while transparency on the one hand increases freedom (by being able to "just get started" in exchange for data), it can also stifle it, by snuffing out good ideas that are outside the norm, or by making it unsafe to challenge power. In the more mild cases, this can be seen as "weird" and in the more severe cases can be seen as "radical" and threatening to power.  So there is an inherent need to experiment outside of the sunlight of transparency. A friend recently made the point that we need to think about personal privacy differently than we do institutional privacy (govts, corporations) because of the institutional power that comes with mass data collection, and the potential for that power to be used to manipulate (on the corporate side) or persecute (on the government side) individuals. Yet at the same time this personal data holds the key to certain kinds of freedom (in the "just get started" kind of way), and also will play a huge role in solving epic societal problems (cancer). So, if your interest is in supporting experimentation & innovation (as mine is) how can we reconcile these two competing forces? (p.s., I am going to see how many posts in a row I can use that graphic in)

Happy New Year everyone. I love new years.  It always feels to good to turn the page and have a shot at a fresh new year. And new years in New England is always so so cold -- which I think really helps mark the beginning of the real part of winter and the turn of the year.  Even when it's warm right before new years, as it was this year, it always manages to get super freezing when the time comes. Which brings me to pond hockey. Today, we went to visit some friends who live near Lake Boon in Stow, Mass, which is about 45 minutes west of Boston.  Amazingly, because it was so warm and rainy last week, and then so cold this week, the lake got a natural Zamboni treatment -- so all 163 acres of it are not only frozen solid but also smooth as can be.  I spoke with a woman who had just finished up hockey with her family -- she grew up in the area and said that in her whole life she'd never seen the lake like that. It's was unbelievable, really -- launching from the town beach and skating as far as you felt like, around the edge of the lake or straight across it.  There were tons of people out on the lake -- a bunch of pick up hockey games (our friends counted 5 separate DIY rinks marked out around the lake), people just taking a nice tour, and even a guy riding a motorcycle back and forth across the middle (amazingly). I've written before about why casual & natural is so awesome, and today's experience totally confirmed my view on that.  Being able to skate around, wherever you like, however you like, passing around a puck and buzzing around the lake: unbelievably awesome.  So so much more awesome than skating at a skating rink -- which is also fun, but so much less fluid, with so many more rules, and so much more formality.  You'll notice in the picture that our friends brought their dog out onto the lake.  How awesome is that? I think about this idea of the casual / integrated version of a thing, vs. the formalized version of it.  I don't know why I feel so strongly about this, but I feel so much magic in doing things the casual way.  For example, riding your bike to pick up some groceries, vs organizing a bike ride.  Or skating to work along the Ottowa canals, vs going to a skating rink.  I just love the way fun activities like that feel when they are blended into your daily routine, rather than an event that has to be organized, or done at some special single-purpose facility. Anyway, it was a great way to start off the new year. I feel refreshed and energized and ready to skate off into 2014.  Here's to an excellent 2014 everyone.  

Last week, having been inspired by (of all things) this awesome and awful samsung gear commercial, i ordered a Pebble smartwatch. I can't remember the last time I wore a watch -- maybe it was 20 years ago in high school.  My standard line for the past 10 years has been "why do I need a watch when I have my phone?".  I've carried my watchlessness as a some kind of badge of honor since then, pledging my allegiance to the post-watch generation. But this is different, of course, as smart watches so much smart watches as wearable computers with a watch app.  There is almost no question tha wearable computers are going to be a big part of our future, so we might as well start experimenting with them. Here are my really brief first impressions, after having worn the watch for two days: Apps: the thing I'm most excited about with Pebble is that it's an app platform, with developers starting to experiment with features that are uniquely suited to a connected watch. But it's not yet clear to me what the "killer app" for this watch is.  The use case that seems most appealing to me is calendar integration -- specifically, prompting me with information about the when & where of the specific meeting I'm heading to.  I also like the idea of the vibrating alarm (though I don't really like sleeping with it on).  Email and SMS notifications are OK.  I can't wait for my first chance to check in with Foursquare from my watch. That said, the process of setting up the phone did (IMO) a really bad job pointing me to where all the apps are.  The "Get Watch Apps" button included in the Pebble app just links to a list of skins for the default time-telling feature.  I had to google to find the Pebble Apps app, a Play store directory of available pebble apps. So the initial experience was kind of disappointing -- I couldn't get the app to do much more than tell the time and receive text messages.  I was confused -- like "isn't this supposed to be able to do more?".  Just an issue with the onboarding process that should be relatively easy to fix. It turns out that there are a small handful (50 at the moment) of Pebble apps available Comfort: wearing a watch is cumbersome and annoying to begin with, and this watch is a bit bulky.  So right off the bat, it has made me feel a little bit uncomfortable. Also, and maybe this is just the way my arms and hands are put together, but I haven't found a really comfortable way to push the buttons yet.  I'm either reaching over the top of the watch awkwardly or reaching around the bottom of the watch awkwardly. UX: The basic UX of the watch is pretty simple -- a "back" button on the left side, and "up" "down" and "enter" buttons on the right.  You click through a series of side-by-side screens similarly to how you did on early ipods. You manage your settings using a paired phone app (in my case the Android one) Again, I feel like there is a lot of room for improvement in the way the app works -- especially the onboarding process, where there are some glitches (asking me to connect to my phone even though i'm already connected), and some missed opportunities (pointers to apps, as I mentioned above). There are a bunch of rough edges -- for example, when you load a new app onto the phone, the progress bar gets to the end but then nothing happens prompting you to do the next thing.  And try as I might, I can't configure my gmail to notify me with my Priority inbox emails rather than the firehose inbox (which, if I can't fix it, will result in me just turning email notifications off). Also, the connections between the pebble core app and all of pebble "apps" is confusing, as you bounce around between a variety of apps (the core pebble app, the pebble "loader" app which loads apps onto the phone, the Pebble app catalog app, each individual app, etc).  It's disjointed and confusing. All in all, none of these are deal breakers, and I'm sure are just the result of this being a really new platform.  I just hope that enough of the folks who got Pebbles as Christmas gifts aren't thrown by it, especially the less technical / geeky ones. So, in conclusion -- there's no question that there is a lot of potential here.  And I really like the Pebble story and approach, and the fact that they are an independent player.  So I am rooting for them, and I will keep wearing the watch, for at least the next few weeks, to see what other habits form or great use cases emerge.

"It is trust, more than money, that makes the world go round." -- Joseph Stiglitz, In No One We Trust

The week before last, I visited Yahoo! to give the keynote talk at their User First conference, which brought together big companies (Google, Facebook, etc), startups (big ones like USV portfolio company CloudFlare and lots of way smaller ones), academics, and digital rights advocates (such as Rebecca MacKinnon, whose recent book Consent of the Networked is an important read) to talk about the relevance of human/digital rights issues to the management of web applications. I was there to speak to the investor perspective -- why and how we think about the idea of "user first" as we make and manage investments in this space. First, I want to point out a few things that might not be obvious to folks who aren't regulars in conversations about digital rights, or human rights in the context of information & communication services.  First, there has been substantial work done (at the UN, among other places) to establish a set of norms at the intersection of business and human rights.  Here is the UN's guiding document on the subject. Second, in terms of digital rights, the majority of the conversation is about two issues: freedom of expression/censorship and privacy/surveillance.  And third, it's important to note that the conversation about digital rights isn't just about the state ensuring that platforms respect user rights, but it's equally about the platforms ensuring that the state does. The slides are also available on Speakerdeck, but don't make much sense without narration, so here is the annotated version:

As more and more of our activities, online and in the real world, are mediated by third parties (telecom, internet and application companies in particular), they become the stewards of our speech and our information. Increasingly, how much we trust them in that role will become a differentiating feature and a point of competition among platforms.

A little background on who I am: I work at Union Square Ventures -- we are investors in internet and mobile companies that build social applications.  I also have academic affiliations at the MIT Media Lab in the Center for Civic Media, which studies how people use media and technology to engage in civic issues, and at the Berkman Center for Internet & Society at Harvard Law School which studies tech & internet policy.  And my background is working in the "open government" space at organizations like OpenPlans and Code for America, with a focus on open data, open standards, and open source software.

So, to start out: a guiding idea is that the internet (as we know it today) is not just an open, amorphous mass of random peer-to-peer communications.  It's actually a collection of highly architected experiences:

Whether it's the governance structure of an open source project, the set of interactions that are possible on social platforms like Twitter and Tumblr, or the web-enabled real-world interactions that are a result of Craigslist, Airbnb, and Sidecar, much of the innovation and entrepreneurial activity in the web and mobile space has been about experimenting with architectures of collaboration. Web & mobile technologies are giving us the opportunity to experiment with how we organize ourselves, for work, for pleasure and for community.  And that in that experimentation, there are lots and lots of choices being made about the rules of engagement.  (for example, the slide above comes from an MIT study that looked at which kinds of social ties -- close, clustered ones, or farther, weaker ones -- were most effective in changing health behavior). At USV, we view this as part of a broader macro shift from bureaucratic hierarchies to networks, and that the networked model of organizing is fundamentally transformative across sectors and industries.

One big opportunities, as this shift occurs, it to reveal the abundance around us. I first heard this phrasing from Zipcar founder Robin Chase and it really stuck with me.  It's as if many of the things we've been searching for -- whether it's an answer to a question, an asthma inhaler in a time of emergency, a ride across town, someone to talk to, or a snowblower -- are actually right there, ambient in the air around us, but it's previously not been possible to see them or connect them. That is changing, and this change has the potential to help us solve problems that have previously been out of reach.  Which is good, because for as much progress we've made, there are still big problems out there to tackle:

For a (relatively) trivial one, this is what most California freeways look like every day.  In much of the world, our transportation systems are inefficient and broken.

...and this is what Shanghai looked like last week as a 500-mile wide smog cloud, with 20x the established limit for toxicity, rolled in for a visit.  We obviously don't have our shit together if things like this can happen.

...and we have tons to figure out when it comes to affordable and accessible health care (not the least of which is how to build an insurance marketplace website).

...and education is getting worse and worse (for younger grades) and more and more expensive (for college).  There's no question that the supply / demand balance is out of whack, and not taking into account the abundance that is around us.

So: these are all serious issues confronting global society (and the ones I mentioned here are just a small fraction of them at that). All of these issues can and should benefit from our newfound opportunity to re-architect our services, transactions, information flows, and relationships with one another, built around the idea that we can now surface connections, efficiencies, information, and opportunities that we simply couldn't before we were all connected.

But... in order to do that, the first thing we need to do is architect a system of trust -- one that nurtures community, ensures safety, and takes into account balances between various risks, opportunities, rights and responsibilities. Initially, that meant figuring out how to get "peers" in the network to trust each other -- the classic example being Ebay's buyer and seller ratings which pioneered the idea of peer-to-peer commerce. Before then, the idea of transacting (using real money!) with a stranger on the internet seemed preposterous. Recently, the conversation has shifted to building trust with the public, especially in the context of regulation, as peer-to-peer services intersect more and more with the real world (for example, Airbnb, Uber, and the peer-to-peer ride sharing companies and their associated regulatory challenges over the past three years). Now, a third dimension is emerging: trust with the platform. As more and more of our activities move onto web and mobile platforms, and these platforms take on increasing governance and stewardship roles, we need to trust that they are doing it in good faith and backed by fair policies.  That trust is essential to success.

In terms of network & community governance, platforms establish policies that take into account issues like privacy, enforcement of rules (both public laws and network-level policies), freedom of expression and the freedom to associate & organize, and transparency & access to data (both regarding the policies and activities of the platform, and re: the data you produce as a participant in the community).

When you think about it, you realize that these are very much the same issues that governments grapple with in developing public policy, and that web platforms actually look a lot like governments. Which makes sense, because both in the case of governments and web-enabled networks, the central task is to build an architecture around which other activity happens.  You build the roads and the other essential public infrastructure, and then you set the ground rules which enable the community and economy to function. Of course, there is a major difference: web networks are not governments, and are not bound by all the requirements & responsibilities of public institutions.  They are free to create their own rules of engagement, which you agree to when you decide to participate (or not) in that community. This is both a plus and a minus, when it comes to user rights -- the major plus being that web platforms are competitive with each other.  So that when there are substantive differences in the way platforms make and enforce rules, those differences can be the basis for user choice (e.g., it's easier to move from Facebook to Google than it is to move from the US to Canada).

I would like to put some extra emphasis on the issue of data, since it's growing so quickly and has been so much at the forefront of the public conversation over the past year.

We are generating -- and sharing -- more data than we ever have before. Everywhere we go, on the internet and in the real world, we are leaving a trail of breadcrumbs that can mined for lots of purposes.  For our own good (e.g., restaurant recommendations, personal health insights), for social purposes (crowdsourced traffic reports, donating data to cancer research), for commercial purposes (ad targeting & retargeting, financing free content), and for nefarious purposes (spying, identity theft). One distinguishing idea within all of this is the difference between data sharing that we opt into and data sharing that happens to us.  Certain web services (for example USV portfolio company Foursquare, highlighted above) make a business out of giving people a reason to share their data; getting them to buy into the idea that there's a trade going on here -- my data now for something of value (to me, to my friends, to the world) later.  It's proving true that lots of people will gladly make that trade, given an understanding of what's happening and what the benefits (and risks) are. Convincing someone to share their data with you (and with others on your platform) is an exercise in establishing trust. And my feeling is that the companies that best establish that trust, and best demonstrate that they can stand behind it, are going to be the ultimate winners.

I think about this a lot in the context of health.  There is so much to gain by sharing and collecting our health data. And If we don't get this right ("this" being the sensitive matter of handling personal data), we miss out on the opportunity to do really important things.

And there is no shortage of startups working to: a) help you extract this data (see 23andme), b) help you share this data (see Consent to Research and John Wilbanks' excellent TED talk on sharing our health data), and c) building tools on top of this data (see NYU Med Center's virtual microscope project). We are pushing the boundaries of what data people are willing to share, and testing the waters of who they're willing to share it with.

Which brings us back to the idea of competition, and why winning on trust is the future.

We are just just just scratching the surface of understanding whether and how to trust the applications we work with. EFF's Who Has Your Back report ranks major tech & communications firms on their user protection policies.  The aptly-titled Terms of Service; Didn't Read breaks down tech company Terms of Service and grades them using a crowdsourced process.  And, most effectively (for me at least), the Google Play store lists the data access requests for each new application you install ("you need my location, and you're a flashlight??"). You might be saying: "that's nice, but most people don't pay any attention to this stuff". That may be true now, but I expect it to change, as we deal with more and more sensitive data in more parts of our lives, and as more companies and institutions betray the trust they've established with their users.

There is no shortage of #fail here, but we can suffice for now with two recent examples:

Instagram's 2012 TOS update snafu caught users by surprise (who owns my photographs?), and this summer's NSA surveillance revelations have caused a major dent in US tech firms' credibility, both at home and especially abroad (not to mention what it's done to the credibility of the US gov't itself).

So... how can web and mobile companies win on trust? We're starting to see some early indications:

Notice the major spike in traffic for the privacy-oriented search engine, USV portfolio company, DuckDuckGo, around June of 2013, marked by [I] on the graph.

Some companies, like Tumblr, are experimenting with bringing more transparency to their policy document and terms of service.  Tumblr's TOS include "plain english" summaries, and all changes are tracked on Github.

And of course, lots of tech companies are beginning to publish transparency reports -- at the very least, starting to shine some light on the extent to which, and the manner in which, they comply with government-issued requests for user data.  Here are Google's, Yahoo's and Twitter's.

There are juicier stories of platforms going to bat for their users, most recently Twitter fighting the Manhattan DA in court to protect an Occupy protester's data (a fight they ultimately lost), and secure email provider Lavabit shutting down altogether rather than hand over user data to US authorities in the context of the Snowden investigation. And this will no doubt continue be a common theme, as web and mobile companies to more and more for more of us. And, I should note -- none of this is to say that web and mobile companies shouldn't comply with lawful data requests from government; they should, and they do.  But they also need to realize that it's not always clear-cut, that they have an opportunity (and in many cases a responsibility) to think about the user rights implications of their policies and their procedures when dealing with these kinds of situations.

Finally: this is a huge issue for startups. I recently heard security researcher Morgan Marquis-Boire remark that "any web startup with user traction has a chance of receiving a government data request approaching 1".  But that's not what startups are thinking about when they are shipping their first product and going after their first users.  They're worried about product market fit, not what community management policies they'll have, how they'll respond when law enforcement comes knocking, or how they'll manage their terms of service as they grow. But, assuming they do get traction and the users come, these questions of governance and trust will become central to their success. (side note: comments on this post are combined with this thread on usv.com, as an experiment)