2010-09-19 01:31:00 +0000
In my last post I discussed the bubbling up horrors of having our online identity controlled by faceless mega-corporations. But it didn’t really provide any useful direction. This is my attempt to fill that gap. Specifically, how should we go about sharing our thoughts and emotions online, without having to give up the ownership of our data to a centralised body? These are my thoughts.
I think there are four central tenants which any information sharing protocol should subscribe to.
- Ownership of data should belong to those the data is of.
- Authenticity of data should be ascribed by the owners of data.
- Durability of data should be as long as the owners please.
- Sharing of data should not circumvent the first three principles.
When a protocol for information sharing be developed that guarantees the above four rules, then we will have social networks without an ever present demon of profitability and balance sheets hovering over us.
But let me take a moment to explain what the above four rules would mean.
1. Ownership of Data
Your information is yours. This is where Diaspora are generally on target, despite any other failings. You should be able to post information to some location, somewhere in the world, and have complete control over that data. At no time should it be possible for someone (or something) else to claim rights to your data.
This flies in the face of the Facebook privacy agreement. Go read it if you haven’t yet. At least skim through it. The only place where they mention ownership of your data is the last paragraph of section 6, specifically that they reserve the right to sell your data to whom ever buys them.
The crazy thing is, we all don’t care. Or at least we have been conditioned to not care.
With the seemingly endless stream of platitudes coming from the mega-corporations murmuring that they will look after us, our information is safe, they will only use it to help us; it is no wonder that all of us don’t care. But go back and have a look at all of those “privacy policies”. None of them say they will look after your data. In fact ALL of them explicitly state that if they screw up and release all your data, that you waive them of any liability.
So Ownership of data is king. And the only way to ensure ownership is, well, have possession of it! There is a great old legal saying, harking back to the early 1700s that states “Possession is nine points of the law”. Over the centuries since this has become “Ownership is nine tenths of the law” and it is true!
So for you and me, the key would be for us is ownership data. Have control of our own micro information nodes that store, backup but most importantly, own our data.
Achieving this would be relatively simple, at least in the scale of the other three items in my proposal. We would all own a micro server which had our information crown jewels locked up some how. Each one of these little islands of personal information would then hand out tidbits of information to those that came, offering as much or as little as we wanted, while at the same time stamping each byte of data with it’s stamp of authenticity.
2. Authenticity of Data
The next key point would be the owner’s ability to say “Yes, this data about me is correct”. Maybe the second most important thing would be preventing any one else from saying “This bit of data about that person is authentic” without the owner agreeing.
Being able to authenticate that data belongs to you, grants you the ability to revoke that authentication, but why is this important?
I touched on it in my last post, the ability (and natural right) of a human to reinvent themselves, to start over, to become more than they ever were. Without the ability to say “That is what I did before, sure, but that is not me now. Now I am this.” then I am not quite sure what you or I are bothering to live for? As human beings we all have the intrinsic ability to start a new life, turn over a new leaf and spin up any number of clichés that allow us to change our demeanour.
But the current social networks don’t allow that. USA President Obama stated to a group of kids that they should be careful what you post on Facebook. And he couldn’t be more correct. Because once you post that, then Facebook are the ones who are stating that information is true about you. Not you.
Is it really fair to say that taking a video of someone being stupid at age 17, and then posting this on Youtube, should then define that person for the rest of their lives? No. Of course not. But you and I can see it. It is there. In video. So it MUST be TRUE!
Have you seen a hollywood movie lately? Avatar anyone? Can you seriously tell me that if I took a clip from Avatar and decreased the resolution to Internet standards, that you would be able to prove to me that it was not live footage of an actual planet? No. Of course you couldn’t. And that is the point.
If we are to live in a sane and free world, then you and I should be able to stamp information about ourselves as true. And other information not. Then the viewer of that information could then (at their discretion) validate that data with your server, getting a confirmation.
Now before you go off at me about the possible legal consequences of people covering up their crimes by “deauthenticating data”. Remember people, we are talking about social networks. If the police want to collect a file about your actions and prove that it was you who robbed the bank, then fine, they can do that and the whole beyond reasonable doubt thing.
But remember in the old days, if you really screwed up your life, you could get up and move town and START AGAIN. This is the whole point. You should be able to revoke information and start over. Information about yourself should only exist for as long as you allow it to.
3. Durability of Data.
Go do a google search of your name. Don’t do it as an ego trip, just do it to be shocked (like I was). You will find information about you posting to mailing lists that have stopped sending mail almost a decade ago. You will find all sorts of information that you never thought would be there. And maybe you find something that you don’t want to be there.
This data exists as long as Google feels like persisting it. Not a minute more. And more importantly, not a minute less.
Sure, you MIGHT be able to get hold of them and delete information from caches and data stores. But they have no legal obligation to do as you ask. And even if they wanted to, what profit is there in doing so? None. Without keeping information about you and your actions, they have nothing to offer any customer, period. Their whole business model is defined by who did what when and allowing you to find out about it.
Now, don’t get me wrong. Google has a place. It provides an incredible research tool for our generation. When I was at school you actually had to go to the library and lookup encyclopaedia if you wanted to see information about a famous discovery. Now you can just google it. It is incredible and provides us with unparalleled expansion of knowledge.
However, research data, and what you had for lunch, are two very opposite ends of the information super highway. An information sharing protocol should allow the owner of data to decide when data is no long deemed necessary to be kept, and so allow it to be destroyed. Not made “anonymous”. Not “archived”. Simply nuked.
If you want to keep some information around for the future generations, print it out and store it in a air tight safe. If you want to start a new life, format your information node, and start a new one.
Or, if you are happy with your life and what you are doing, keep it online, and share it with your friends.
4. Sharing of Data.
The last point is probably the hardest to get right. Ownership can be handled by having your own private server. Authenticity could be resolved with todays public/private key authentication. Durability can be handled with a combination of ownership and invalidating the authenticity of data. But sharing, now that is tough.
Because the problem presents itself, whom do you share data with? And why?
Does Facebook really need to know how old you are? I mean, sure, they need to know you are of legal age to prostitute your personal life to the Facebook gods, but do they need to know that in March I will be celebrating yet another year of being on the far wrong side of 30? No. Don’t think so.
What about iTunes? Asking your date of birth “For security reasons”… O.o
Being able to share your data would take concepts like OAuth to their logical conclusion. Instead of allowing Google et al to be our authentication “proxy”, we would delegate this to our information nodes, each allowing anyone to say “Hey Joe, this character is claiming to be you, is he?” and get a definitive “yes” or “no”.
The same information node could provide things like “Yes, my owner is over 18” or “You want his postal address? One sec, I’ll check.”
There is little to no need for Facebook, iTunes or many other companies to know where I personally live. They already have my credit card data, what more do they need? They might need my postal address to send me an invoice, sure. But anything else? Nope.
Providing a smart way to share data would provide us with the opportunity to be so granular with our information sharing that the existing corporate efforts would just be a proverbial bull in a china shop.
And it would scare the life out of them.
Imagine if you will, Facebook trying to drum up more business when it could not sell targeted ads, down to a suburb, for goods and services? Imagine google only being able to shoot gun advertise? Imagine the empowerment we would gain as a human collective, together, breaking free of the psycho targeted marketing campaigns that assault us daily?
Nice thoughts aren’t they?
So being able to share data in a controlled and defined manner is just as important as the other three combined.
So these are my thoughts and my views of a future social information sharing protocol. What do you think?
I hope I have delineated them sufficiently.
If you feel strongly about it, please spread the word. This sort of discussion needs more voices than mine. I intend to work on such a protocol, I have no idea how or where such work will take me, but I really think that personal information needs to be under the above four tenets; Ownership, Authentication, Durability and Sharing.