An innocent enough conversation thread discussing issues around privacy as part of the IDESG effort has thrown into stark relief some difficult questions about core terminology being used.
In line with common convention, the ubiquitous “user” appeared in many diagrams. But what is a “user”? I think only the illegal drugs trade and the technology industry use this term to describe their primary stakeholders. I continue to argue that as a term it is meaningless in its generality and ultimately unhelpful. It is important to unbundle the blanket term and understand the concepts that we are trying to convey which are numerous.
My starting point is radical: don’t use the term at all, with only one exception in the context of “user experience” where we are explicitly talking about the “flesh and blood human being at the interface with a digital system”. Even in this context, we are talking about a human being playing a very particular role, as a (device) user. In this limited sense, formal modeling approaches, such as the UML, employ the term correctly. It would be a mistake however to extrapolate a two-dimensional “User”, employed as a convenient and accurate part of a system model, to reflect the entire human being.
Rather, we must unbundle “user” and say clearly what we mean: customer, client, citizen, business owner, identity fraudster, etc. The SOA Reference Architecture Foundation spent considerable effort in trying to get this right and explicitly unbundles these various roles and definitions (and even on its latest review, we caught a few stray unintentional uses of the wrong terms). The result, we think, will help encourage “ecosystem” views rather than narrower, IT-focused, systems-only views of the world.
In the rush for simplicity and easy to understand models, we tend instead to munge ideas together. In most circumstances it is not a problem: when you are working and talking with peers in the same industry or specialization, for example. However, in complex environments – particularly one like IDESG that brings together stakeholders as diverse as the ACLU, the American Chambers of Commerce, the Digital Advertisers Association, privacy advocacy groups, online retailers and technology giants – you cannot afford to make assumptions that “your” commonly accepted concepts and terms are shared by everyone else.
Hence the need to understand the multiple roles that a given human will be playing in identity ecosystems: for example, “Person” is a term of art to include both “natural and legal persons” (the former, a human; the latter a corporate entity who acts or can act as a person – an important distinction in online transactions) and terms such as consumer, provider, citizen, etc. reflect roles played by any Person.
By the same token, one could say that a “User” is the role played by a natural (i.e. ‘human’ not corporate) Person when interacting with a digital system: “User” is thus carefully and clearly defined in a specific and meaningful way but not extrapolated to make on significance beyond that scope.
In such a conceptual model, “Consumer” can be understood as the right term in particular circumstances: the “individual-in-a-role-as-consumer” vis-à-vis a “Provider” (another role played by a Person, natural or legal) in some form or another – for example as a party to a social or legal contract.
My major concern with “User” as a blanket term is that it immediately and instinctively entails systems-focussed thinking and ignores entirely the relationships and behaviour of individuals outside and independently of technology. It is because we munge together “User” and “Person” that the “human-as-user” is the most common vector of attack on systems and will continue to be so until we recognise that our behaviour as rational humans is conditioned and circumscribed by a system-centric “User” concept, which is more often than not a problem of poor user experience/interface design and not an inherent problem with the human. “Human error” or “Stupid user” have become euphemisms for sloppy design, poor conceptual modelling and bad execution. The IDESG is not just about IT. It is about educating, shaping perceptions of online interactions and encouraging at atmosphere of trust among humans, not just machines. It is at the interface between human and system (and everything related to “User Experience”) that is key to a successful trust framework.
Put more simply: don’t go for a simplistic reductio ad absurdam but do go for simplicity through clarity: call a person a “Person”, an organisation an “Organisation”, a customer a “Customer”, etc. and be clear how the concepts, together with the terms used to label them, relate to each other.