Sandor Voordes describes a future where your data is completely private
At SXSW, Big data and AI have taken centre-stage, when five years ago these topics were not a part of the mainstream conversation. The attention they get can, at times, be too much as even supposed off-topic sessions seem to circle back to AI eventually. As such, Designing For the Next 30 Years of the Web by Justin Bingham and John Bruce presented a whole new way of storing data and therefore breaking the current privacy paradigm.
Decentralising the Web
Data is the fuel to everything the web has to offer today. In fact, it has always been that way, ever since the internet was created. Data is the core of the internet as it’s the exchange of information between both ends. However, as the internet evolved, the way data is exchanged has shifted significantly from the intentions of its creator, Berners-Lee, who had envisioned an internet where information exchange did not include the transfer of the actual data to the requesting party. Instead, he believed data would only exist with its owner and the internet would consist of links to it for reading and writing purposes. That’s why Berners-Lee started the Solid project, which re-introduces his original idea of a decentralised approach to the internet. Personal data is kept by the individual user and not stored centrally with each service supplier. Build on the company Inrupt, he introduces a more peer-to-peer internet with Personal Online Data Stores (Pods) for everyone. You can already get yours today.
Pods and GDPR
The Solid network is fully conceptualised around these Pods that contain all the data of one person, whether it be your bank-account or latest social posts. In this case, the data referring to you is fully owned by you, while otherwise, this data resides with your bank and the social platform itself. This is the kind of data which GDPR aims to protect.
Many digital agencies had to analyse their clients’ platforms and data storage strategies to ensure they now complied with the GDPR regulations. The new regulations lead to unexpected challenges in registering consent or providing ways to anonymise data at the owners' request. This resulted not only in a multitude of procedures but has led businesses to questions storing data at all. An outcome that may well have been the intent of the GDPR in the first place.
So, with Pods, your personal data is only stored in one place, your own Pod, and does not exist anywhere else. All services that rely on part of this data, therefore, need to connect to it to read or update it. An intriguing solution that leverages all the GDPR complexities since consent is no longer administered by the service but by the data owner of the Pod. And similarly, revoking access to the data is just as easy to accomplish. Solid might, therefore, be a possible answer to the growing need for privacy regulations within the internet.
One Single Integration
With Solid and Pods, all services, from your favourite taxi company to your insurance company, would communicate through one API with your personal data. Each having separate read and write access to different parts of that data whilst reading and writing simultaneously. To cater to this, Inrupt started working with Janeiro Digital to create an open standard that all applications can work with. The beauty of this is that applications only need to learn one standard and only need to integrate with the Pod to provide a data-driven service. Integrations between different services are no longer required.
Imagine writing an application that could combine and show posts from different social networks, one would have to retrieve data from each of them. Instead, if each of these social networks would store their posts in the Pod, this new application could simply be granted access to all posts by its owner, reducing the number of integrations to a single one. Furthermore, if this new application wants to combine posts with other personal data, it could easily grab that information from your Pod. Want to create the new Facebook? No problem. All the historical data is available in your Pod. No need to migrate.
Big data and AI
Although SOLID is known by many as an acronym for development principles it got a whole new meaning here at SXSW: Social linked data. Using one centralised integration system, as described above, makes perfect sense. However, it also raises the question: how would this fit within the world of big data, machine learning and AI? All these concepts rely heavily on centralised storage, and Pods are anything but that. Especially when Pods are hosted all over the world, with no guarantees on network availability.
So, if data cannot be accumulated and needs to be fetched and interpreted over millions of Pods, how would it be possible to perform any machine learning without a significant performance penalty? And even if the data could be replicated and combined with more data, wouldn’t this then contradict the whole idea of Solid in the first place? And even if that is feasible, though temporarily, wouldn’t people reject data access for the means of data mining and only allow access for the primary purpose of that service?
The big players
The above questions apply mostly to the big players, the companies that service a huge chunk of the current centralised internet. These companies rely hugely on possessing our data. The majority of their turnover, which drives their shareholders, is based on the data they collect from us. Data that they will never willingly give up for the purpose of the greater good. Because, as long as these companies interpret privacy as a crucial element of their business, they will not embrace initiatives like Solid, where data owners can decide who and how their data is used. Of course, there is nothing wrong with data or the AI around it. In fact, it has given us a way more personalised internet. But if companies cannot convince their consumers that data is used primarily with the customers' best interest in mind, people will not consent to it. Thus for most companies, the centralised approach is simply more convenient.
On the other hand, John Bruce, co-founder and CEO of Inrupt, and Justin Bingham, CTO at Janeiro Digital also explained how Pods can introduce new benefits to companies and customers by having instant access to more data. One example is the combination of wearable data with that of an insurance policy, where the step-counter of your smartwatch could instigate a lower premium. Of course, this is an interesting view, but somewhat oversimplified, since it’s likely that this would require the user to also consent to other data, including that of purchased food for instance, which could then be used to eventually increase the premium. All in all, it is quite likely that companies will use the Pods to trade consents between data, where certain services will only be made available if another consent is given as well. You are to decide if the benefit is worth the trade-off. But how fragile will this freedom of choice be when it comes to basic services like healthcare?
The beauty of Solid lies with its simplicity which showcases that it’s not compatible with current, complex website structures and their profit model of collecting data. The internet has become extremely vast and consists of many established platforms. Trying to change that will take an enormous amount of time, development efforts and mostly goodwill. Having a completely new approach, that disqualifies all existing applications out there, can only succeed if it can grow to a similar size or bigger. Still, the Solid project is young, and hopefully, it will gain a lot of traction. Since the start of Inrupt, it has in fact already seen a lot of attention, so the potential is there. Who knows, maybe thirty years from now, we will live in a Pod-driven world, frantically worried about someone stealing our identity by grabbing our Pod. From that perspective, identity theft will be just a Pod away.