Product Challenge of the Week: Saving RIMM

A few days ago, I was at an i-banking presentation on the technology industry.  There was a bit of the usual debate – is AAPL over/under valued, how will GOOG monetize mobile, is NFLX going to rule TV, etc.  One thing there was no debate about – RIM is the walking dead.  (Nokia got an honorable mention).  The best prospects proffered was selling off the assets or being acquired for a balance sheet and customer list after some painful downsizing.  Pretty bleak.

Which is the perfect scenario for a favorite product manager exercise – in 20 minutes or less come up with a product road map to turn around RIM.  No fire sales or government auctions allowed.  Let’s start with a mini-SWOT:

Strengths – BB is still one of the best mobile phones in the smart phone category.  It’s battery life beats the pants off all the competitors.  Call quality and speak phone are hard to beat.  Corporate security people love it.  BBM is a great backup for e-mail/network outages.  Their install base is awesome, even if it shrinking.  It’s the best e-mail device on the market in regards to MS Exchange.  On a company level, RIM’s got a lot of tech talent, especially in wireless design.

Weaknesses – Consumers hate their devices.  Mainly b/c their apps suck.  Their desktop software is even worse.  The OS is very non-intuitive, especially compared to Android and iOS.   As a company, consumer product design is not a strength.  This maybe a lack of  talent, or guessing here, organizationally the consumer talent beholden to some other group.

Opportunities – Well, this is the tricky part.  First and foremost, it’s their install base.  The issue is that the “prosumers” are moving away from BB to other platforms, not the other way around.  This needs to be reversed – devise a strategy where this prosumer install base is advocating RIM products.  Then there’s the wireless spectrum they have.  Obviously secure communications products are currently a strong point, but this could be expanded for unique product offerings.

Threats – Obviously Apple and Android.  They have better UI’s, much better apps and consumer features.  The security features (which consumers don’t give a damn about) are being developed for other platforms by software vendors.  MS Exchange integrations, while they are still behind, are slowly catching up.  Hardware vendors like HTC and Samsung are rapidly evolving handsets at a much faster rate than RIM.

Given this, what would the best product course be to save RIM?

1. Remember who we are.  We are not a consumer electronics company.  We are not a consumer software company.  We are a fantastic wireless communication and messaging company.
2. Focus BB OS on running “utility” mobile devices – i.e. corporate phone/messaging/e-mail.  Good, fast, reliable and cheap.  Not feature rich.  Be unbeatable here.  No expensive re-designs.
3. Re-org consumer unit to be a true consumer unit.  Unshackle or recruit talent.  All new software starts with this group.
4. Make iOS and Android our friends.  Build the best corporate secure messaging software possible for these platforms.  Prosumers will love you as they only need one device now.
5. Goes without saying, Android BB.  Bundle your secure messaging platform on it.
6. Spin out hardware group to get other vendors to produce #5…say Nokia and save them too.
7. BB Cloud.  Corporate docs are all over dropbox, box.net, slideshare and a bunch of other places because users want mobile and sharable services that their IT groups are too slow to deploy.  If this could bundle into the BB install and provide this with security and auditing it would be a godsend to corp infosec.
8. Let’s think about this wireless network.  Is there a way to offer services to app developers?  Come up with some wireless dev tools that no one else can offer ISVs?
9. I’m sure there’s a universal messaging idea in here somewhere, but I’m hitting the time limit.
10. Global Address book.  Consumers have multiple account, devices, social, etc.  There is no good solution to managing and keeping these separate.  Given Exchange integrations, RIM might have a shot at doing this.

Well, that’s my very-uninformed, 20 minute plan to save RIM.  Don’t know how or fit it’s possible, but it’s better than “dead for sure”.

5 Books to understand how the Internet works

A couple of weeks ago, I found myself giving an impromptu, and woefully inadequate, explanation of CIDR and hex in a product meeting.  Since I spend nearly all my time doing “business things” now, it struck me as remarkable how often it is still necessary to dive into the basic technical details of IP to solve routine business problems.  Looking at my bookshelf,  I wondered if one could pick 5 books to provide a solid understanding of the Internet’s workings.

With the goal of providing a tech savvy professional a decent grasp of  90% of Internet tech conversation one might encounter, it was tough narrowing it down to the “essentials”.  But here are 5 books that would get one close to that goal :

DNS and Bind – The navigation system of the WWW, where everything starts.

Building Internet Firewalls – This classic is Internet security 101.  Aside from security, there’s lots of good info on the various protocols that are used on the web.

HTTP Definitive Guide  (or the standard)- It doesn’t seem like a day goes by without a question that involves HTTP, especially how web browsers communicate with websites and cookie handling.

Cisco Internet Routing Architectures – This is *the book* for how data gets from one place to another on IP networks.  It was required reading at UUnet.

Sendmail – E-mail is still one of the killer apps on the web.  Understanding it brings together a bunch of concepts.

Obviously a lot is left out.  The tough omissions were HTML and web servers, but I figure that if one grasped the concepts in these 5, those are relatively easy to get.

So, what’d I miss?  Guess I’ll pay attention and see how I did…or start picking out 5 books on mobile.

The Great EU Cookie Crumble…not really

May 25th is a big day for online media.  It’s the day that some predict will be “the Rapture” for all the 3rd party data companies in the EU.  The doomsayers believe that on the 25th, the first laws will be passed which will require all 3rd party cookies to be opt-in.  Well, I hate to disappoint them, but that’s not what’s about to happen.  And like most things involving public policy, it’s a lot more complicated.

Much of the press and opinion pieces have made what’s happen in the EU more murkier and confusing than it already is.  In oversimplified terms, the EU process works like this: once the EU Parliament passes a directive, the each member countries must pass laws which address the Directive items within a certain time.  The May 25th deadline corresponds to the 2009 update to the ePrivacy Directive.  For those playing at home, I’ve included a helpful timeline that outlines the important policy and legislative developments.

So, what is about to happen?  A couple of months ago the IAPP brought ~2500 privacy experts and regulators from EU and the US together for a global privacy summit.   Listening to both EU and US privacy regulators, it is clear that the EU wants to be the leader in online privacy and is aggressively pushing the May 25th deadline.  However, it is clear that there is no consensus as to what the best policy is – so much so that the EU privacy directors are encouraging countries to “cut-and-paste” the Directives update into their own laws.  For 3rd party cookies, this means directly using the Recital 66 language, which as you can see below, is pretty general and non-explicit.

A couple of countries are going to pass laws that go further, but early indications are that they will go forward cautiously.  The UK recently based their law, but as this government “advice” piece demonstrates, it doesn’t look they are too sure of what exactly should happen.

The next question is, after cut-and-paste, what actual regulations are going to be passed?  The main focus is on how to unambiguously obtain user consent for 3^rd party data collection.  The European Data Protection Supervisor Peter Hustinx remarked that the default ‘opt-in’ of web browsers is not a good indicator of consent and consequently not within the Article 66 guidelines. He and others also mentioned that having user’s opt-in to every 3rd party service is just not practical.  Consequently, there is a lot of focus on other solutions – several EU personnel mentioned that ‘privacy set up wizards’ for the web browsers would be a very interesting option.

While this might seem a bit haphazard, the good news is that the EU regulators are really trying to understand the issues and find a solution that works for consumers and service providers.  There is a universal feeling that the Internet is by and large a good thing for consumers as it is.  It does need to mature and provide better privacy protections, but no one wants to break the current system.  For the US, the EU developments provide our policy makers a chance to see how certain policies play out in the “real world” as we consider our own options.

The EU Cookie Timeline

For the cookie debate, there are 5 main developments at the EU level that are relevant:

1995 – EU Data Protection Directive (officially Directive 95/46/EC) was formed to govern the processing and movement of personal data across the EU.  This is a comprehensive privacy policy framework that governs all sorts of areas from telcom, banking, etc.  (Cookies are not addressed yet – remember the Internet was still a novelty).

1996 – To help member countries form actual laws around the Data Protection Directive, Article 29 Working Party is formed.  Composed of privacy experts from each member country, it more or less acts as a legal and policy consultant.

2002 – ePrivacy Directive (officially Directive 2002/58) is an update to the DPD which addresses electronic privacy issues, including specific language on Internet technologies such as cookies.  Section 5(3) outlines the need for individual notice and choice in data collection.

2009 – The ePrivacy Directive is updated with more granular requirements.  The significant part is Recital 66, which specifically mentions 3^rd party data collection and the need for individual consent (the actual language below[1]).  The deadline of May 25, 2011 for each country to have laws which address the issues including in the Directive is set.

2010 – The Article 29 working group offers infamous ‘opt-in’ opinion when interpreting Article 66.  Section 4.1.2 is the sticky part, where they express the opinion that current ‘opt-out’ mechanisms are not sufficient for collecting individual users’ consent.

Great resource for more EU privacy information: http://ec.europa.eu/justice/policies/privacy/index_en.htm

---

[1] This is the actual language of Recital 66

(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.