Building for fundamental Data Ownership, Privacy and Security

Posted by

In the time of COVID-19 many are calling for the need to trade some level of liberty for increased security. With over 212,000 killed and 50,000 of those Americans this is a crisis vastly exceeding September 11th of 2001. We all know that the United States radically reformed the balance between security and liberty even for so low a casualty count as 2,977.

These balances seem imminently worth considering. But it is crucial that they are done transparently and in the open. The lesson we must learn from history is that western national governments in their efforts to please a public demanding an appearance of both liberty and security are happy to arrange for security theater while in fact severely undermining real security.

When treasure troves of data silent monitoring of every digital move were aggregated by surveillance capitalists like Google, like the ISPs, like the wireless carriers many governments were happy to allow them to retain those data lakes. With the minor cost of gaining access to them, often without even the completely secret and rubber stamp of a Foreign Intelligence Surveillance Act (FISA) court ruling.

Because these surveillance capitalists built their businesses from the perspective that the data on their customers, on their users was the property of the corporations, governments were happy to agree. Thus they were seeking access to bits of “third party” data, not the data of the citizen thy were surveiling. A neat trick that allowed for massive dossiers to be compiled on all citizens of all nations. Ready for the exploitation by intrusive advertisers or snooping by governments.

Encryption offers an alternative, when an owner secures their data with their own private key, they must consent to allow others to see it or the data is indecipherable. A challenge appears with who will own the key. It can be difficult for end users to control their own keys and fully control their data and third parties like Apple choose to abstract that process, and end up in occasional legal battles when governments insist on accessing the data. In some cases the third party does have a copy of the key (like for iCloud backups). In some cases they dont (like Apple for on-device media or Signal with their encrypted messages.)

Encryption really needs to be accompanied with a philosophical shift. That the data is the property of the person that created it, not the company that stores it. It was always our data. Then, tools can be built in such a way that the encryption is strong, controlled by the data owner and easy to implement for the business or government requesting access to the data to do the needed work.

This could mean for COVID-19 relevant data governments or health departments could send requests to data owners for access to their data. They could even condition normal walking around on providing access to that data. This may sound like a situation approaching dystopia but it is open, honest, and respects the data ownership of individuals. It avoids the seductive and dark world of hidden constant surveillance.

This same combination of philosophical shift combined with the capability of user controlled encryption offers a real opportunity to small and medium businesses to likewise be transparent with their customers and users. To provide them a method to share needed data while still guaranteeing ownership privacy and security to the creator of that data.

This is the future we believe in, a Data Revolution, and we are building tools to make it real at ROWND.