10E/ Exclusive Self-Ownership
Convener: Paul Trevithick
Notes-taker(s): Markus Sabadello
Tags for the session - technology discussed/ideas considered:
Personal Data, Self-Ownership
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
What if all your personal data lives on a device you own?
There is data about you but not owned by you. Fragments and shards of your digital self. From a technical point of view you own it, but you may not "really" own it.
Data is bought and sold, we are subservient, there is power distortion.
New idea: Data sits in your hands, it's yours, we don't allow copies of it! Can be enforced through technical and legal mechanisms.
The Internet is pretty fast, why can't each one of us be a data server, and we turn "clients" and "servers" around. Whatever someone wants to know about us, they have to request it from us via an API. But they can't persist it, i.e. no data storage is allowed.
All interaction happens via the users. Only I am allowed to have my data.
This is not a new idea, I’ve been thinking about this for several IIWs.
Thought experiment: What happens if you get rid of the copies?
Comment: There are 2 ways of getting rid of copies:
1. Wherever data is created, you move it to somewhere else (e.g. Solid pod), and then you ask those who created it to delete it.
2. You put an agent in the middle that is controlled by your mobile phone.
I've seen a lot of failed projects in this space, I have become skeptical about pretty much everything, I have doubts about human nature. I've been studying the founding of the USA… The founding fathers had a deep understanding of human nature.
Only by linking control+possession is this going to work and scale.
Comment: Are you precluding a 4th party who handles data and interaction on my behalf?
Comment: Much value of data comes from aggregation, correlation, etc. How does that fit in?
Question: In some cases the question is, who owns the data? E.g. when you interact with Amazon.
Interaction contexts: During an interaction with an app, data can be held in memory by the app, but has to be persisted only in your agent.
1st, 2nd and 3rd party data:
We talk about "Issuer" and "Verifier", but in ESO these are examples of "apps". You present data from "app A" (acting as Issuer) [writing to your agent] to "app B" (acting as Verifier) [reading from your agent].
Most of the data you will have in your agent will be data asserted by others, and not editable! You are storing digitally signed assertions about yourself that other people signed. You bear them and present them, but you don't get to author them.
Second-party data examples: Electronic health records, personality trait on a social media site. A manager's private evaluation of your job performance.
Who owns second-party data?
Discussion about ownership of derived, inferred data.
The part of second-party data that they own is not identifiable. Such second-party data owned by someone else should be allowed, since they invest in it.
Partial identity is what's getting aggregated.
Question about shared data. E.g. shared email communication needs to be included in the model.
Customer Commons is working on "Intentron" and VRM
I'm only talking about relationships between me and an app. Relationships with society and government may be different.
Other features of ESO:
Apps could pay you for your data.
Support for data intermediaries.
Advertising without tracking
Paper about ESO: https://medium.com/meefound/exclusive-self-ownership-9917cb6bdd8c