|
|
|
|
|
| The balance between privacy, corporate, and government interests has always been precarious. This precarious balance has created an environment of fear – much of which is very justified, and some of which is not. The only antidote to this fear, both justified and unjustified, is a decentralized system that seeks to maximize information exposure, accuracy, and privacy protection at a self-regulating, technical level. Ubiquity must implement such a system. While Ubiquity can by no means strike the perfect balance by itself, it can provide the actors involved with the tools to do so in a secure, sustainable fashion. |
|
|
|
| There are three primary participants in the privacy feedback loop: users, services, and realms. |
|
>
|
Users (Consumers): Obviously, this system focuses on the safe collection and use of consumer personal data. Thus, a major player in the system is the user herself. |
|
>
|
Services (Businesses, Government): The entities actually collecting and using the user data provide services to those users being served. These entities are typically businesses offering information and products to users online or in person. However, this system would be entirely appropriate for managing new police surveillance technologies in a safe manner. |
|
>
|
Realms (Trade Groups, Regulators): The final component, providing critical oversight in a decentralized fashion, are the realms. Reach realm defines and enforces standards and privacy/usage policies through a system of active certification. Active certification is what gives realms the technological “teeth” to effectively enforce policy. |
|
|
|
Figure 1: Privacy Feedback Loop
|
|
|
| The privacy feedback loop is illustrated in Figure 1, and consists of the following interdependent components: |
|
>
|
User Privacy: Users’ concepts of privacy are just measures of confidence that data is being used correctly. “Correct” use is in the eye of the beholder, but in general is guaranteed through (1) allowing the user to view and edit all personal data collected, (2) putting the user in control of who can and cannot access the data, and (3) providing extensive auditing information to demonstrate correct use. These confidence-building measures are the result of increasing accountability of the industry as a whole, and allow for greater amounts of higher quality personal data to be collected. |
|
>
|
Personal Data: As user privacy increases, the amount and value of the data collected increases. Through the user’s ability to review and correct all data collected, as well as automatic corrections when existing accounts become linked together, the data itself is of a higher quality and therefore more valuable. Likewise, as users become confident that the data is correctly used, the more open they are to supplying deeper levels of personal data. As the amount and value of personal data collected increases, the revenues of the services using this data do as well. |
|
>
|
Service Revenue: Services use personal data in a variety of ways to reduce cost and generate revenue. Personalization features create “stickier” services, as well as drive additional product sales. Convenience features streamline the use of services, thereby reducing the time-to-purchase and “mental cost” of using the service. Immediate access to timely usage data allows fast marketing feedback to ensure, among many things, correct product positioning. All of these features rely upon and benefit from large amounts of accurate, detailed personal data. The value of these features and their effect upon the services’ bottom lines cause other services to join in the system in a viral manner, increasing the membership in the system as a whole. |
|
>
|
Membership: As increasing numbers of services take advantage of this ocean of personal information, the total membership of the system increases. Every new member service brings new users to the system, magnifying all of the system’s elements. One major beneficiary of this magnification is the realm, which increases in realm authority. |
|
>
|
Realm Authority: Realms serve as the representatives for each industry. Members look to realms to set the agenda for new standards features, and equitably resolve member conflicts. Users look to realms to define and enforce acceptable usage policies, as well as create a strong brand that users can look for and trust as they use the member services. Courts look to realms to uphold contractual obligations toward both members and users and regulate their industries in a fair manner. Realms are leaders, whose strength and power are directly determined by the number and devotion of their followers. These powers are used to force an acceptable level of accountability upon each realm’s respective industry. |
|
>
|
Accountability: The final link in this chain is accountability. Services that choose a particular realm’s data and standards are contractually obligated and technically required to adhere to the usage policies set by that realm. These policies generally define the acceptable level of usage, such as maintaining independent copies of data, selling data outside of the realm, linking data in certain ways, and so forth. Additionally, these policies require that the realm record usage of the data in such a fashion that the user can learn how the data is used, meet certain exposure requirements on the data collected from users, etc. Through increasing levels of accountability, users can gain a greater sense of privacy, thereby completing the cycle. |
|
|
|
|