Leaving too much data in the hands of profit-seeking commercial entities is proving dangerous for democracy and society. Can blockchains help?
In March 2018 media giant Facebook became the epicentre of a scandal surrounding the misuse of individuals’ data.
According to whistleblowers, data mining experts such as UK-based Cambridge Analytica exploited Facebook users’ and their friends’ social media profiles, using lax access to users’ data granted by Facebook itself.
In turn, Cambridge Analytica and its affiliates worked on behalf of their clients—political parties and their donors—to target social media users with advertisements, apparently helping to influence the outcome of elections in the US, UK and other countries. The vast majority of voters remained blithely unaware of how they were being manipulated.
In the UK, another allegation was that the donors purchasing political influence by such means had used a series of shell companies to evade campaign financing limits.
“There’s a much wider story that I think needs to be told about how people can protect themselves and their own data.”
For many observers, the Facebook scandal proves that the concentration of data at large technology companies is a trend that has reached its limits.
“The centralisation of data is no longer the way our world should work,” said Brittany Kaiser, former director of business development for Cambridge Analytica and one of the whistleblowers, in an interview with the Guardian.
“There’s a much wider story that I think needs to be told about how people can protect themselves and their own data.”
“Corporations like Google, Facebook, Amazon, all of these large companies, are making tens or hundreds of billions of dollars off of monetising people’s data,” Kaiser says.
“I’ve been telling companies and governments for years that data is probably your most valuable asset. Individuals should be able to monetise their own data—that’s their own human value—not to be exploited.”
According to Bernard Lunn, CEO of think tank Daily FinTech, there has been a sea change in how most individuals perceive online privacy.
“For years, anybody who talked about privacy was dismissed as a nut and the refrain was that if you wanted privacy you must be doing something illegal,” Lunn wrote in March.
“But three recent events—the Equifax breach, the Facebook/Cambridge Analytica breach and the the legislation in Europe around the General Data Protection Regulation (GDPR) indicate some change happening,” said Lunn.
Consumer credit agency Equifax disclosed in September it had suffered a theft of digital identity details covering 143 million US citizens. The European Union’s GPDR comes into force in May 2018 and threatens non-compliant firms processing the data of EU residents with fines of up to 4 percent of global turnover.
However, cautions Lunn, the social media platforms still have significant resources and technical weapons to deploy in defence of the status quo.
“The money to be made by owning our data is so massive that the companies that control that data can hire the best tech brains to make the services totally addictive,” he says.
For its part, Facebook has claimed it was misled by commercial partners like Cambridge Analytica.
“The entire company is outraged we were deceived. We are committed to vigorously enforcing our policies to protect people’s information and will take whatever steps are required to see that this happens,” Facebook said in a statement released on 20 March.
According to one academic specialising in public policy regarding the internet and information, we should draw a much clearer ownership link between the data held online and those responsible for generating it.
Even a former director of UK spy agency GCHQ has spoken in favour of more democratised access to data.
“We don’t allow people to sell their organs, even if they are their own organs. Likewise, there is some information that constitutes an individual; this should be protected as we protect their identity,” said Luciano Floridi, professor of ethics at Oxford University.
“Future generations will look back and ask us what did you do when you had a chance of doing the right thing? Why you didn’t think in terms of setting up the right framework for the development of artificial intelligence, digital tools, innovation, automation and so on?” Floridi said.
Even a former director of UK spy agency GCHQ has spoken in favour of more democratised access to data.
“They [the tech companies] are obsessively secretive,” Robert Hannigan wrote in an opinion piece for the Financial Times.
“The most ill-judged aspect of their painful progress towards blocking extremist content has been refusing to explain how they make decisions. This comes across as contempt for democracy, compounding their recent problems.”
“Governments should champion the availability of open data, freely available. That is the best hope for ensuring that the benefits of a data-enabled economy are more quickly and evenly spread.”
At first glance, the distributed ledger technology behind cryptocurrencies seems one way forward for those seeking to displace technology companies from their centralised control of data.
Even some of the major incumbents in the tech business appear to agree.
“Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity,” said Alex Simons, director of program management at Microsoft’s identity division, in a February blog.
“This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.”
“To support a vast world of users, organizations, and devices, the underlying technology must be capable of scale and performance on par with traditional systems. Some public blockchains (bitcoin, ethereum, litecoin, to name a select few) provide a solid foundation for rooting decentralised identifiers, recording decentralised public key operations, and anchoring attestations,” said Simons.
“The transparency of public blockchains creates tensions with privacy principles.”
Others disagree that public blockchains are a useful basis for a decentralised system of identity.
“The transparency of public blockchains creates tensions with privacy principles. The original bitcoin architecture exposes every single blockchain entry to the world,” wrote Steve Olshansky of the Internet Society and Steve Wilson of Lockstep Consulting in a paper published in March.
Olshansky and Wilson argue that the transaction-based nature of many cryptocurrency blockchains is another reason why they are unsuitable for identity management.
“When these types of blockchain are re-purposed for applications like identity and access management, additional privacy controls become necessary, such as separately encrypting transaction payloads before they are slotted into or referenced from blockchain entries, or wrapping extra access control layers around the native blockchain algorithm to restrict who can read from (or write to) the ledger. Fundamentally, identity is not as transactional as currency,” the authors wrote.
Ian Grigg, a computer scientist and financial cryptographer, argues that the legal and cultural legacy of those brought up in Western traditions may also make it hard to achieve a decentralised identity record.
“It’s possible but it’s hard to achieve a decentralised system of identity,” Grigg told New Money Review.
“There are many assumptions to unravel and Western thinking may be inadequate because of its heavy focus on individuals and corporations. These aim to put the identity square peg into a round hole for the benefit of the corporations and the state.”
Grigg argued in a white paper published in 2017 that identity should be seen as an “edge protocol”. In other words, rather than viewing identity as something applying to the nodes in a network (individual entities), identity is better defined as the connections (called “edges” in network analysis) between those nodes.
“We’re too focused on the identity thing being the one person whereas actually, identity is a shared social context, inside us all, over each of us,” Grigg said.
“We will have multiple identities and we will be defined by our social network and reputation.”
So rather than thinking of our future digital identity as a single record on a single decentralised database, we may need to expand our thinking to view our identities as plural: in other words, as records of our participation in many networks.
And many of these identity networks will involve money in one form or another, says author and digital financial specialist Dave Birch. Birch published a book in 2014 entitled “Identity is the new Money.”
“We will have multiple identities, use multiple community currencies (some of which may be related to virtual communities, some physical, some corporate and perhaps some even cryptographic), through services provided by different entities, and we will be defined by our social network and reputation,” predicts Birch.
