Kaliya Hamlin has been concerned about the developing ecosystem of personal data and its potential for abuse since the early 2000s when she first participated in the Planetwork community, which organised the ecology conference.
She is now known internationally as “Identity Woman” – a tribute to her work and influence in the field and an exemplar in the battle to define and keep one’s own self-defined identity online.
An identity owned by a corporation, she says, makes you “a feudal subject” to its terms and conditions, which often include the right to eavesdrop on your conversations and reuse and resell the information for purposes such as targeted advertising. They even give the corporation the right to terminate your identity for a perceived infraction.
The Personal Data Ecosystem Consortium, of which she is executive director, is working towards a “user-centric” network where users own their personal data and can negotiate terms for its use.
“In the physical world we went through a bunch of revolutions which gave us rights in our physical bodies. If other people terminate or injure us there are serious consequences,” she says. PDEC and its supporters are working for similar protection in the online world.
We pledge allegiance to service providers – like serfs paying tribute to lords in the form of personal data - and expect them to provide us with security in return, says the renowned security technologist.
It’s been done before. Email, initially in the hands of companies such as AoL and Compuserve, was opened through universal protocols such as SMTP, she points out. PDEC seeks a similar opening of social media. “We should be able to social-network from our own domain names across to other people’s domain names as independent autonomous people and we shouldn’t have to make a deal with a company in the middle.”
But don’t people freely enter into a bargain, ceding some of their privacy in return for services that enable them to keep in touch with friends and colleagues? Who will pay to keep those services running if we “liberate” ourselves from the corporations?
It’s a fallacious assumption that you need one giant piece of software Hamlin says. “We didn’t need a giant piece of software to make email go. We needed some basic tools and a network.”
PDEC members work to provide pieces of such a federated open-standards model.
One typical New Zealand member of PDEC is myInfoSafe, conceived by Ross Hughson, former CIO of Inland Revenue. An individual retains their personal information in a piece of cloud storage that they control. They can open access to this information voluntarily and selectively to organisations – a government agency, a website that the person wants to access or a finance company seeking particulars to support a request for a loan.
It’s not just a cloud space like DropBox to store files, Hughson says; the data has a structure, and other parties can access exactly the data they’re looking for, as long as the owner gives permission.
“Companies like Ross’s that have built personal clouds are talking about how they might have common APIs to access the data,” Hamlin says. “Other companies are looking at services that would connect personal clouds and provide people with markets to sell their data if they wanted to. There’s a company in our consortium called DataBanker, which has chosen to concentrate on that part.”
Others are working on apps in the cloud which the user controls completely.
“I can have a little piece of the cloud that I own and I could start storing my data in what’s been called a data bank. When I store my money in a bank, the bank has a responsibility to me; it’s my money, not the bank’s money, and when I take my money out and walk across the street to a different bank, my money is still useful.
“We have officially 40 members that are part of the Personal Data Ecosystem. We’ll have about 50 of them by the time I get to New Zealand.”
Is serious work being done on standards to allow the various members’ software to connect and interoperate? “On the last day of the IIW [the Internet Identity Workshop, held in May in San Francisco] an enthusiastic developer community “defined about six different projects”, Hamlin says. “One of these was really to get interoperability working; they’re going to have several interop events over the [Northern] summer and the next time we get together, in October, we’ll have three, potentially six databanks connecting and interoperating with each other.”
The kind of privacy standards devised and respected by governments and the debate surrounding them focuses too much on blocking undesirable intrusion rather than the positive virtues of giving people control, Hamlin says. The negative view and the environment it has led to came out of the 1970s and 80s,when “they never assumed that an individual would have a computer in their pocket or a piece of the cloud that they could push their own information to,” she says. Neither was it foreseen that the entities that source information from us wouldn’t need to maintain it themselves, she adds.
It’s time for a fresh viewpoint on the privacy question, she says, and PDEC is working towards that.
Stephen Bell (@stevebwriter)is a reporter for CIO.
Follow CIO on
Download CIO for your tablet here.
Click here to subscribe to CIO.
Sign up to receive free CIO newsletters.
Send news tips to email@example.com
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.