Posted on: Monday 8th of September 2014
The vulnerabilities of storing our personal data on centralised servers has been brought to light following the unwarranted publication of hundreds of images last week. With many suspecting Apple’s iCloud as the source, something which the company denies, it further raises concerns about how our personal data is stored and used by organisations.
So what can we do it about it? Distrust and concern over the control of our personal data is driving the growth of the market for Personal Information Management Services including Personal Data Management Services that help individuals gather, store, manage, use and share their own data under their own control. An example of this is QoID, giving consumers direct control over their information and enabling them to verify their identities. We spoke to CEO Fred Fisher about QoID and its role in the growing personal information economy.
What’s the big benefit your service is designed to offer?
We are not providing a service, but more of a proposal and initial implementation for an architecture that supports full ownership of data, including our digital footprint. We are taking the next step beyond services that have control of your data and identity, whether they work for you or in their own interests. The Internet is moving away from centralized and past federated architectures to a mesh network where peers connect directly to each other and information is controlled at the source.
We allow direct consumer control of their information and the ability to verify claims with third parties without requiring a single identity. In the vast majority of identity use cases, tying to the real-world person is unnecessary. For example, when I buy a gallon of milk or a car, the only thing the seller needs to know is that they will get paid. On the other hand, the seller of the milk will have much different requirements for assurances of payment than the car seller. In the mesh model, any situation where verification is needed, the claimant and the relying party only need to agree upon the source(s) of verification. In the vast majority of cases, verification by a common connection may be enough. A claimant can offer multiple verifications for any given claim and relying party may accept multiple sources of verification.
What inspired/motivated your business?
Like most of the businesses in the PIE (personal information economy), we realized that high quality information must be controlled and curated at the source.
Control includes who has access to the information, so that it is not used in ways undesired by the owner. Where value is offered for access, the owner can decide adequacy and control scope. Control includes removing access as easily as granting it. Control must include metadata: who I have connections with, when are we communicating, how often, how much, and where I am and where my information is located.
Curation at the source means that the owner or creator of the information keeps the information accurate and current and there is only one copy that others must have permission to access. Most importantly, curation should be graceful and not an additional task, but integrated with normal activities. For example, if you move, you should not have to notify dozens of people and businesses. Nor should you have to go to different services to change different types of information. For example, managing civic, financial, personal, or family information online today means multiple logins, different user interfaces, and duplicate data.
What is the business model? How do you/will you earn your keep?
We are using an incubator business model. We will get revenue from licensing and investing in businesses that leverage the mesh architecture. The mesh market includes the PIE, but is much larger and includes social, research, medical, government, and many more.
Where would you like to be in 3-5 years time?
We would like to see the core technologies turned over to a not-for-profit, but self-supporting standards and governance organization. We will be investing in and spinning off new companies that leverage this new market. We will have multiple partnerships with other companies that benefit from this architecture including those in the PIE.
What obstacles will you need to overcome to get there?
Besides the obvious apathy of consumers for letting their information be used without restriction and businesses benefiting from this apathy, there is one additional hurdle we are facing: The myth of one true identity.
The single online identity is limiting because it does not compose: One can easily argue that for every circumstance where identity is needed we can agree upon the attributes of that identity. The single identity idea breaks down when you realize that the attributes in one circumstance do not translate to all others. For example, the information about me that I need to buy a gallon of milk is different than buying a car, which is different than needed to vote, or get medical treatment.
The single identity conversation always takes on this pattern – I show an exception, you show how easy it is to add something to handle that exception. What is not apparent is that in the year or so it would take to identify all exceptions, you have created a very complex (and easy to break and leak) identity system. On the other hand, the mesh identity system remains very simple: two parties agree upon one or more third parties that provide only the information needed for the relying party to act upon a claim. Mesh identity composes across business domains, national boundaries, information sensitivity, and risk levels.
Have there been any recent developments in your business/market?
There are several trends that affirm we are on the right track including an explosion of secure communication and peer-to-peer applications. The privacy focused Snapchat turned down an offer of US$3bn. Silent Circle, an encrypted peer to peer communication platform, recently raised US$30m.
What was your key learning from our Personal Information Economy 2014 event?
While there is some overlap between offerings, there is a great opportunity for integration. Most PIE companies could thrive in a mesh architecture.
Have you got any more general thoughts or views about the personal information economy you would like to share?
I applaud all those companies and individuals participating in the PIE. Whether you agree that a mesh network with the consumer as the point of integration is the best architecture or not, we are all working to empower the individual.