Hi, I'm Nick. Welcome to my internet brain. I'm a partner at Union Square Ventures where I invest in internet applications and infrastructure. I live outside of Boston with my wife and two kids, and spend a lot of time in NYC, SF, DC and Europe.
Continuing to look for glimmers of hope and positivity in the middle of this crisis, one area that is for sure glimmering is at-home creativity. I know from seeing the numbers from some of USV’s portfolio companies in the “creator” space that creative activity is way up. People are stuck at home, and they are writing, making music and getting busy in the kitchen.
Here is one example which just floored me. My daughter’s best friend is in the Boston Children’s Chorus and they just released this beautiful video performance:
Not only is this a fantastic and uplifting way to express creativity during a dark time, I would argue that this is better — more beautiful, with far greater reach — than a live performance, or certainly a traditional video of a live performance would have been.
So I am encouraged that not only are we seeing creativity blossom where it can, I think we’re going to see brand new forms of expression emerge from this crisis.
There is so much pain in the world right now — both economic and physical/emotional. This feels like one small bright spot to focus on this morning.
It’s an overwhelming time right now. Everyone in the world is focused on COVID-19, and to varying degrees, is changing the way they live.
From an economic perspective — beyond the obvious massive damage due to a halting of large swaths of the economy, which will need to be addressed with some form of government bailout — there will also be some amount of permanent restructuring.
Many people are experiencing, for the first time, how many activities — work, learning, healthcare, and socializing — can be done remotely and in new ways using digital tools. For sure, when the dust settles, we will largely go back to doing things how we’ve always done them, but I suspect that certain new behaviors will stick, and will result in longer-term behavioral and economic changes.
The most obvious one is business travel and remote work. Everyone who can is learning how to do this now — including companies/teams/individuals that may have resisted it mightily in the past. Moving forward, it’s going to be much harder to justify an in-person-only culture. Virtual conferences & meetings have drawbacks, for sure, but they also have advantages. I suspect that coming out of the crisis, many professionals will have a permanently higher bar for justifying work travel.
The next one is remote health. We now have the infrastructure, at scale, for communicating with doctors virtually, and collecting test samples at home. Laws limiting what doctors and patients can do together over voice and video will change. Nikhil Krishnan has a great piece exploring this in detail. This will stick.
Everyone with kids is scrambling to figure out how to keep them engaged, connected and learning. Every school is scrambling to implement a remote learning capability. Subscriptions at online learning platforms are through the roof. School will resume but remote learning will stick.
Finally, it also feels like we are rediscovering our social and entertainment lives. I have never been more active with friends and family — especially, for some reason, those who live at a distance — as much as recently. I have never done video chats with groups of friends and now that’s regular. My kids are connecting with their friends over FaceTime every day. Group and one-on-one chats are on fire. To a degree, this is because everyone’s at home with nothing to do. But I believe this will also stick.
What is most interesting to me is not the social changes, but the institutional ones. In the cases of work, learning and healthcare, we are talking about massive institutions that are learning new behaviors on-the-fly. This is a big deal — we’re probably seeing years-worth of change occurring over a matter of weeks. It’s astonishing, really.
And, as a result, a massive number of individuals are learning new moves, which will put pressure on the institutions not to roll everything back when this is all over. Not everything will stick, but I suspect a lot of it will.
Further, all kind of activity is moving to chat: iMessage, Signal, Slack, etc. The USV team Slack, which has been largely dormant for recent history, is fun and vibrant right now.
Everyone is at home, and a lot of people are connected to video. So it’s actually easy to reach people, and everyone is looking for social connection.
This feels like a watershed moment for remote / online / video. A lot of folks who haven’t tried it are trying it. For many use cases, this will become a new habit and an appropriate way to do more things going forward.
Of course, not everything will or should shift to online/video. But for many activities, it’s a totally fine way to do things, and can have other potential benefits, especially compared with long-distance travel for work (time away from home, carbon footprint, etc).
This is a terribly hard time, and it’s hard to even contemplate the economic consequences that will come from it. But it is also encouraging to see people learn new behaviors that could be really beneficial in the long run.
I think a lot about systems — for personal organization, for business automation, for urban information, for financial infrastructure, for the internet, etc. On a big macro level, I have always been fascinated by the way that many forces, people and ideas come together to make things. And on a micro level, what it takes to say, keep your finances in order, or keep your to-dos rational, etc.
One thing I have found to be true is that simple systems tend to work better. They are easier to understand, easier to maintain, and easier to work with. TCP/IP, Bitcoin, putting to-dos directly into your calendar. Less is more.
At the same time, complex systems are appealing — sexy, sophisticated, alluring. But can be hard to use and costly to maintain.
I find that it’s a constant struggle to remind oneself that simpler is usually better. A system is only as good as its implementation and execution. And the best systems can be used broadly over a long period of time.
I was reminded of this recently when reading Greg Kogan‘s post on how Simple Systems have Less Downtime. He goes into some detail on this subject, looking at examples as far apart from one another as a container ship that can be manned & maintainer by a tiny crew, and marketing automation scripts that can be maintained by a team over time. It’s great reminder.
I’m supposed to be in Europe this week to speak at a conference and attend another one, but I decided to stay home, to be safe. I am hearing all sorts of stories of events being called off and flights being canceled. It’s estimated that the airline industry’s 2020 revenues could go down by 40%, or over half a trillion dollars.
People are changing their behavior.
It is not easy to get people to change behavior. Typically it only happens when there is something really amazing or really awful stimulating it.
In this case, take the climate crisis. Clearly, transportation, including air travel, is a huge contributor to greenhouse gases. And while there is tangible progress particularly around EVs, there has not been large scale behavior change when it comes to transportation patterns, until now.
Of course, this may not last. Hopefully COVID-19 passes with time just like SARS and MERS and the Swine Flu did. And it’s likely that, by and large, we return to our previous patterns.
But it’s also possible that this episode causes some lasting change. Online video is amazingly good now, and is increasingly a viable substitute for certain kinds of in person meetings, or even an improvement, all things considered. For one thing, online/video meetings are much more accessible, meaning you can generally get a more interesting and diverse set of attendees than you can for IRL events. And, for less than the cost of a single plane ticket, you can outfit your desk with big huge monitors and a good camera (I just did this recently).
As such, it feels like one output of this situation will be a broader comfort with videoconferencing, and I think that’s a good thing. It’s certainly been good for the Zoom stock price.
But thinking more broadly, it just goes to show that change does not come cheap. And it often only comes by the force of something really powerful, either positive or negative.
Sometimes things can get overwhelming. Tasks can seem too big to even begin.
This, of course, is not true. Every journey begins with a single step, etc.
My wife recently pointed me to this great passage by Anne Lamott which puts it yet another way:
“Thirty years ago my older brother, who was ten years old at the time, was trying to get a report on birds written that he’d had three months to write. It was due the next day. We were out at our family cabin in Bolinas, and he was at the kitchen table close to tears, surrounded by binder paper and pencils and unopened books on birds, immobilized by the hugeness of the task ahead. Then my father sat down beside him, put his arm around my brother’s shoulder, and said, ‘Bird by bird, buddy. Just take it bird by bird.“
Last week I wrote about the inherent tension between data portability and privacy, and suggested that one solution would be an exportable “privacy context” that could travel with ported data. Such an approach, however, would require a notion of identity that is broader than a single account at a single company. Rather, it would require the linking of one or more “proprietary identities” (i.e., accounts at tech companies) with some type of “cryptographic identity” (private key) that really “belongs” to that person and represents them in a more holistic and permanent way.
This is not a new idea. Since at least 2017, both Keybase and Blockstack have enabled social media users to attest to a linkage between social accounts and a cryptographic identity. Here’s what it looks like on Keybase, and here’s what it looks like on Blockstack. Neither Keybase nor Blockstack are currently promoting this routine front & center, as it is admittedly a geeky thing that appealed (back in 2017) to identity explorers, but not to mainstream consumers.
But today, we are starting to see some new signs of life on this pattern, and I think we may be nearing some drivers that have the potential to bring it to mainstream scale. They are:
1/ Fun. It may be that some sort of social game figures out a way to bring crypto identities mainstream. For example, 2100 is a project that popped last fall, which let people issue tokens corresponding to their Twitter accounts. Interesting idea, though it seems to have lost some steam, at least for now. Another project that’s looking to connect crypto assets / identity to social identity is Roll, which lets anyone create “social money” connected to their social identity. You could imagine this taking off with social media influencers with large audiences, who are already super good at finding ways to commercialize their online presence.
2/ Privacy & Security. Speaking of Keybase, where they have focused more recently is secure, encrypted messaging, as a consumer use case building off of the core infrastructure. Related, are two separate projects called “Dmail” — dmail.io and dmail.online — the former lets you encrypt emails that you send across unsafe channels (like Gmail or any other email client) and the latter is a full system for sending private emails. One of the things you get with a cryptographic identity is the ability to encrypt and sign messages. It makes sense that this will be at the the center of a driving consumer use case. Privacy is more of a mainstream feature every day, and it can’t just be Apple that provides it.
3/ Compliance. Compliance is where this post began, thinking about coming regulations around data portability, interoperability and privacy, and where I’ll end it. While I don’t expect that we will get direct guidance towards cryptographic identity from regulators, it may be that cryptographic identity becomes clear as part of various compliance solutions.
For example, all payments systems need to comply with so-called Know-Your-Customer (KYC), Anti-Money-Laundering (AML) and sanctions rules, including the so-called Travel Rule which requires that both senders and receivers of funds verify identities. On the surface, cryptographic identities are digital bearer assets and would therefore seem to be at odds with formal identity systems. However, it may be that we come to use cryptographic identity components (e.g., blockchain accounts, digital signatures, or even non-fungible tokens) in creative ways to satisfy some of these requirements, vs. traditional methods employed by companies like Persona, Alloy and others today.
To tie it all together: In this week’s “On the Brink” podcast, Nic Carter and Matt Walsh from Castle Island Ventures talk with Balaji Srinivasan about social media handles as property, which potentially combines both the “fun” and “compliance” angles discussed here. It does feel like your online identity, whether it’s a bitcoin or a twitter handle, is a form of property and should be treated as such.
The main point I tried to make was that cultivating the development of blockchain and cryptonetworks is actually a critical strategy here. Regular readers will know that I don’t shut up about this, and I held to that on the panel. This point is painfully absent in most conversations about market power, competition and antitrust in the tech sector, and I will always try and insert that into the conversation.
To me, blockchains & crypto are the best “offense” when it comes to competition in the tech sector. Historically, breakthroughs in tech competition have included an offense component in addition to a defense component (note that the below only focuses on computing, not on telecom):
The “defense” side has typically included a break up (US vs. AT&T) or some kind of forced openness. Examples of forced openness include the Hush-a-phone and Carterfone decisions which forced openness upon AT&T. Several decades later were the (ongoing) battles over Net Neutrality with the ISPs. The discussion about data portability and interoperability brings the same questions to the applications / data layer.
Data portability & interoperability are important for two reasons: 1/ because they focus on a major source of market power in the tech sector, which is control of data (“break up the data, not the companies”), and 2/ because they represent a category of regulatory interventions that are just as easy for small companies to implement as large ones, unlike heavy approaches like GDPR that are easy for big companies to implement but hard on startups.
That said, when you dig into the issue of data portability, there are some hard problems to solve. I don’t believe they are insurmountable, but I also believe they haven’t been resolved as of yet.
For context, data portability is the idea that a user of a tech service (e.g., Google, Facebook, Twitter, etc) should be able to easily take their data with them and move it to a competing service, if they so choose. This is similar to how you can port your phone number from one carrier to another, or how in the UK you can port your banking data from one institution to another. Both of these examples required legislative intervention, with an eye towards increasing competition. Also, most privacy regimes (e.g., GDPR in Europe and CCPA in California) have some language around data portability.
Where it gets more complicated is when you start considering what data should be portable, and whose data.
For example, within tech companies there are generally three kinds of data: 1/ user-submitted data (e.g., photos, messages that you post), 2/ observed data (e.g., search history or location history), and 3/ inferred data (inferences that the platform makes about you based on #1 and #2 — e.g., Nick likes ice skating). Generally speaking, I believe that most type #1 and type #2 data should be portable, but most type #3 probably should not.
To add to the complication is the question of when “your” data also includes data from other people — for example, messages someone else sent me, photos where I was tagged, contact lists, etc. This was at the heart of the Cambridge Analytica scandal, where individual users exporting their own data to a third-party app actually exposed the data of many more people, unwittingly.
I’d like to focus here on the second category of complications — how to deal with data from other people, and privacy more generally, when thinking about portability. This is a real issue that deserves a real solution.
I don’t have a full answer, but I have a few ideas, which are the following:
First, expectations matter. When you send me an email, you are trusting me (the recipient) to protect that email, and not publish it, or upload it to another app that does sketchy things with it. You don’t really care (or even know) whether I read my email in Gmail or in Apple Mail, and you don’t generally think about those companies’ impact on your privacy expectations. Whereas, when you publish into a social web platform, you are trusting both the end recipient of your content, as well as the platform itself. As an example, if you send me messages on Snapchat, you expect that they will be private to me and will disappear after a certain amount of time. So if I “ported” those messages to some other app, where, say, they were all public and permanent, it would feel like a violation – both by me the recipient and by Snap the platform. Interoperability / portability would change that expectation, since the social platform would no longer have end-to-end control (more like email). User expectations would need to be reset, and new norms established. This would take work, and time.
Second, porting the “privacy context”: Given platform expectations described above, users have a sense of what privacy context they are publishing into. A tweet, a message to a private group, a direct message, a snap message, all have different privacy contexts, managed by the platform. Could this context be “ported” too? I could imagine a “privacy manifest” that ships alongside any ported data, like this:
"content": "e9db5cf8349b1166e96a742e198a0dd1", // hash of content
"author": "c6947e2f6fbffadce924f7edfc1b112d", // hash of author
"viewers": ["07dadd323e2bec8ee7b9bce9c8f7d732"], // hashes of recipients
"TTL": "10" // expiry time for content
In this model, we could have a flexible set of privacy rules that could even conceivably include specific users who could and could not see certain data, and for how long. This would likely require the development of some sort of federated or shared identity standards for recognizing users across platforms & networks. Note: this is a bit how selective disclosure works with “viewing keys” in Zcash. TrustLayers also works like this.
Third, liability transfer: Assuming the two above concepts, we would likely want a liability regime where the sending/porting company is released from liability and the receiving company/app assumes liability (all, of course, based on an initial authorization from a user). This seems particularly important, and is related to the idea of expectations and norms. If data is passed from Company A to Company B at the direction of User C, Company A is only going to feel comfortable with the transfer if they know they won’t be held liable for the actions of Company B. And this is only possible if Company B is held accountable for respecting the privacy context as expressed through the privacy manifest. This is somewhat similar to the concept of “data controller” and “data processor” in GDPR, but recognizing that a “handoff” at the direction of the user breaks the liability linkage.