What if Privacy went Open-Source.
Not so long ago the title of this article would have sounded crazy. “Why would anyone make their private data freely available?” I hear you ask. The answer is that while we might have not consciously decided to do so, our private data is already out there for everyone to read:
- Governments have, since long, access to our private communications, be it voice, text, or information transferred over the internet. Lawful interception as it is called, is about obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. However in some cases - like the recent PRISM / NSA scandal - our data lands to the hands of officials in foreign countries. Officials we have not legitimated with our vote.
- Since the beginning of the internet and the inception of the “free internet” mythology, our private data is gathered, analyzed, and sold by search engines, online shops, social networks, payment services providers, etc. Every account you ever created online works that way. Our data is used to target us with advertising, recommending and even predicting what we do next. You guessed it: If you use something for free, you are the product for sale.
- Our private data is gathered and sold even when we have not created an account. Even if you do not have a fidelity card at a supermarket, your data is still gathered, analyzed and used to create a profile of yourself and your buying habits. The reason: you paid with a credit card. In some countries, like the UK, every time you vote, the electoral roll is updated. The information therein can then be purchased subsequently by principally anyone, giving them access to your name, address, etc. and making it easy for them to cross-reference other information sources to figure out your phone number, etc.
Let me now address the main point i.e. what if all of our private data would be made open-source? Simplistically, think of a database accessible by everyone, which would allow anyone to ask questions and receive answers about everybody else. This is not theoretical: in Sweden tax offices have public terminals available where, providing you have a person's details, you can look up a person's income. This is part of Sweden's open information ethos (and helps prevent tax evasion).
So the step to democratising privacy data is not that big after all. The key question remains to be answered: What if privacy went open-source? Here are some initial thoughts:
- The advertising business model would have to be reinvented as owning user information would become worthless overnight. Advertisers would not need to make deals with search engines, social networks, etc. to learn about us. As a result, some of the most-used, advertising-funded services today would collapse. Costs would still be there to operate that database, but those are minuscule in comparison to today and, as in Sweden's case, could be managed by the government for the people.
- Security as we know it today could not rely anymore on such data as postcode, date of birth, etc. (currently used by banks to authenticate customers). Instead, it would have to rely on uniqueness. Think iris recognition: everyone would know you have blues eyes, but it is the uniqueness of your iris structure that proves it is you. This means that instead of entering passwords, the log in of the future could comprise a user performing a function that uniquely proves his identity. Fraud would become more difficult as performing a function at login time requires the person to be online, whereas hacking a password database does not.
- With privacy data fully democratized and accessible to everyone, it will become far more important who acquires the information first. This is by the way a model that already exists today: news companies and stock markets already operate on the principle of knowing first to achieve competitive advantage, as in the internet era we live in, all news and market data are rapidly accessible to everyone. Reporting on a story after someone else did, is not news after all.
As a result a new privacy business model could immerse, as you and I might decide to charge for answering specific questions, or maintaining and keeping our information up-to-date. This is not futuristic thinking: some companies employ a pre-cursor reward model already today.
- We can consciously decide if and when to use our privacy to pay for a service, and actively de-register from all accounts of services we do not use, asking for our data to be permanently deleted.
- We can consciously decide to focus on what make us unique and accept that everything else is freely available. The open-source model has proven to be resilient against abuse, and it is therefore the model the author recommends as the basis for such a scenario.