Imagine a world where rather than being exploited for the value you generate and being stripped of the ownership of your digital identity, you are able to monetise your data without compromising on privacy or data ownership. In this world, you will be able to grant firms, governments, or any interested parties access to compute on your data in exchange for something of value — a product, a service, or even direct payment. These parties would never be able to see the data they are computing over and thus you retain full ownership over your digital identity.
The case for change
At first glance, the image I painted above may seem like an infeasible utopia from the mind of a libertarian anarchist determined to reclaim ownership of our data from the oppressive corporations exploiting us for their own gain. But my approach is the polar opposite to this. I am of the belief that in order to instil sustainable change, the most powerful tool at our disposal is the alignment of incentives. What if I told you that this ‘utopia’ is actually beneficial to everyone involved. For the people generating the data. For the firms. For the governments. For all of humanity.
To understand why this is the case, let’s take a step back and look at the current data landscape as three tiers of events:
- Data breaches happen when firms hold data.
- Cybersecurity costs are incurred by these firms in order to minimise the risk of a data breach.
- Regulation and compliance requirements are put in place by governments to ensure firms are held accountable for protecting the data of the governed people.
The current data landscape is riddled with flaws — data breaches, compliance breaches, firms misusing data, and the general growing dissatisfaction with the exploitation of our digital selves. Current approaches to dealing with these flaws are merely putting band-aids on them. There are entire businesses built around bandaging up the third and second tiers. Yet cybersecurity and compliance are becoming increasingly complex and expensive to manage. The question becomes how do firms increase data security whilst decreasing complexity and still staying compliant. The answer is deceptively simple.
A foundational fiction
Notice that all this complexity and all these problems arise from a single source — the requirement of firms needing to hold and see data that we generate, in order to deliver us value. Everything suddenly becomes a lot easier, simpler, and crucially cheaper when firms no longer ever see any of our sensitive data. The question then becomes, how can firms make use of our data if they can’t see it? I’ve called this the foundational fiction because we have convinced ourselves that this is a foundational requirement of utilizing data and generating value. Enter the magic of cryptography. There are numerous talented teams working in this field and we take one particular approach that we have concluded to be optimal for our ultimate vision. OMNIA Protocol will enable data generators to sell or grant firms access to their most sensitive data without compromising on privacy. This is achieved by leveraging some key properties of blockchain and commercialising the latest in Zero Knowledge (ZKPs) cryptography. Briefly, ZKPs allow anyone to prove with absolute certainty that they ran some known function correctly on some piece of data without revealing anything about the data. Firms can be certain that the correct product or service was delivered to the correct customer without needing to know anything more. So what does this mean in terms of the three tiers of events I outlined earlier?
- Firms are no longer liable for sensitive data breaches because they don’t hold or see any sensitive data.
- Being compliant becomes a lot easier when you never hold or see any sensitive data.
Cutting the foundational event out leads to the collapse of the two dependent events and a drastically simplified approach to extracting value from data. With this simplicity comes significant cost reductions and the prospect of a new age of privacy-preserving applications delivering immense value to all stakeholders. I refer readers to my ‘Fair-trade data’ piece for more on this.
The current data landscape is one which exploits data generators and offers value in exchange for the sacrifice of our privacy. Coincidently, privacy-preserving technology is actually the solution to a lot of the problems that parties utilising data in some form face. This puts us in a unique position where all stakeholders benefit from privacy being the default data practice. Everyone’s incentives are aligned yet the general ignorance around the capabilities of the latest technology leaves us in the dark about this entirely new way to approach how data is utilised. It’s time we stop putting band-aids on the problems and deal with the foundational problem.