Ownership is crucial if you are serious about leveraging on data and really creating the Information Society. I gave a presentation to a group of economists, academia professor and a few telcos (AT&T, DoCoMo, Telefonica). There was in that group a strong agreement on the concept of putting ownership ahead of privacy. If you really own your date (a full fledged ownership, granting you access, sharing and restriction privilege)then you can enforce privacy by restricting access to your data (or some of them).

It was noted that communication is being commoditised, information is commoditised but data are not.

There is potentially great advantage for both the individual and the society if data are owned. Regulators and Privacy advocates have to taken on board to make this shift happen.

DoCoMo is already sharing information on its clients neutralising it. Therefore this is perceived as a service clients are paying for and they make money from content and service providers as well since they can modulate information and service based on this information being shared. DoCoMo is not releasing the cell phone number but replaces it with an anonymous identity; it associates information based on the request of the service provider (who pays for it) such as if the customer is in an HSDP covered area, what are the characteristics of the terminal he is using in that particular transaction, whether he has a flat rate contract or not. Each of this information is paid by the provider and based on that it can deliver a better service.

It was noted that a telecom Operator may also have the visibility on a user ambient (kind of devices available at that particular time) and may intermediate the delivery of the service to exploit that environment at its best.

The technology to enforce ownership in all its aspects is available, according to MIT professor Alex Pentland who was part of the group. We need the organizational structure. It is unlikely that an existing organization has the credibility to take up the role of a trusted party. It looks more probable that banks, operators, government agencies join together into a per-profit organization where each one of the participating actor is basically putting its reputation at stake if anyone of the others are screwing up. It is this tension among participants that should provide the trust required.

After 9/11 we have seen an explosion of monitoring, through cameras in public places, electronic transactions are recorded (2/3 of transactions on the stock market are electronics). Most of our communications is based on data, and they are stored somewhere. Profiling is common and mostly beyond the control of the profiled party.

The young generation wants to be connected. They want to share and it looks like they do not care about privacy or have a different perception of what privacy means.

The explosion of information and technology for analysing and searching information has reach a point of no return. Privacy is violated at a very basic level. What we do is try to ensure privacy by protecting and restricting the use of our data. People need to be aware of their rights and on what can be the consequence of publishing private information on the Internet. Education, particularly of youngsters is crucial. New technology may help controlling one’s own profile. Regulation and law should enforce protection and take action against hackers violating private data. Privacy should be considered as a basic human right.

Security is a means to ensure protection of values, one of these being privacy. It has to be noted that values are not absolute but they change over time and have different grading by different people. There is no single action or law that may fit but it is through the concurrent applications of several provision that privacy can be ensured.

New technologies like biometrics, fingerprinting, RFID, wireless, watermarking are offering various levels of security but at the same time they can be instrumental in raising privacy concerns.

People now exist in multiple forms, being profiled by different companies, and it is getting difficult to pinpoint what privacy means.

Reaction time to any threat needs to be extremely short since all this happens at computer speed. Communication is global, regulations are local. These two needs to be bridged.

If we want to exploit and be part of the Information Society we need to reformulate the concept of Privacy. The presence concept of Privacy, imposed from above, is dead. It should be a personal choice.

This shift the focus on ownership and one of the fall-back of ownership is the possibility, by the owner, to stop access to data. The issue is one has to have the capability of knowing what is the use of one’s data by another company (or person).

The individual may trade privacy for benefits. The Society as a whole has not yet understood how to manage and regulate privacy. In the future there will be a reflux as people understand the implication of lack of Privacy and this will lead to a much more strict enforcement of Privacy. It will probably be a swinging back and forth between more enforcement and relaxed rules. This swinging is likely to be influenced by the benefit that individuals will get by relaxing the privacy and the danger following that. Major external situation may also impact the importance people associate to privacy, like the impact of 9/11.

It is not going to be a linear evolution, nor in the way of enforcing privacy as regulators are catching up nor in the line of having privacy fading away.

Humans are social creatures and as we walk through life and its various social environment we get exposed to different risk but we have to exchange information to be part of that social environment.

A future theory of authentication must face the question of what is authentic. In the cyber world there me be several version of me but who is the one really representing me? Should the concept of security and privacy extend to the cyber world?

Harmonization is required. There are different mechanisms of authentications today and there is need for converging onto one. Convergence should not be based on a specific technology but on the upper layer. If nothing is done there will be a few companies that will take the necessary steps and will enforce their solution.

The risk associated to private information that in most cases it may leak without the owner noticing. One solution to be pursued is self responsibility, another is enforcement by law and regulation. Another solution relies on technology.

I invite you to read this article:

http://www.technologyreview.com/web/22781/?nlid=2095

Here I provide an excerpt:

Social-networking sites lead a double life. On one hand, they encourage users to share as much personal information as possible, making it easy to post photos, videos, notes, and links. But at the same time, these sites have to safeguard that information and limit how it is shared between users and beyond their own walls. Users are often dismayed when their information reaches unintended recipients, such as bosses, relatives, or other companies.

This situation encourages social networks to bury the privacy settings that they build, according to research that will be presented later this month at the Eighth Workshop on the Economics of Information Security, in London, U.K. Social networks are under pressure from privacy-rights groups and activists to build in ways for users to control their information, the researchers say, but it’s also in their interest to keep those settings off users’ minds.

“To the social network, your value increases the more data you share on the site,” says Joseph Bonneau, one of two University of Cambridge researchers who worked on the project. More user data means better targeted advertising, and more of a feeling of community, he says. “Their goal is to create a very free-flowing environment where everybody is constantly sharing everything and seeing all this data on other people,” he says. “The best way to achieve that is to not bring up the concept of privacy.”

The issue is quite clear: as individuals we want to be part of a community but “community” is defined by the sharing of information and the more you share and the more you define the community. On the other hand once we share we no longer have control since we do not control the access to the community and in most cases we do not know who its members are (or when a new member is accepted).

The ideal would be to keep our data under our control and decide instance by instance to grant access to that particular person. That, of course, is not sufficient since once I grant access what happens to my information? That party can very well repost it somewhere else and my control is gone.
A similar dilemma is faced by the musical companies trying (and failing) to protect their musical assets.

A (technical/organizational) solution to this problem can be very important for the future of social networks and in general of our digital life.

Rent a car, in a way, may be facing a similar problem. THey want to share their car as much as possible, but at the same time they want to keep it under control. You may say that it is so much easier since you have to provide your driving licence to rent the car and you are held responsibile for what happens to the car. Well, it looks like there are loopholes in this process that are causing Rent-a-Car companies loss of money. Now they have started to embed a control box in the car to keep track of what is going on and it is likely they will be controlling who will be actually driving the car. If you cheat you are very likely to be paying a huge sum once you return the car.

Their approach revolves on the idea of ownership (it is their car…) and their right to share based on their rules and preferences.
Could we think of a similar approach for information? Will it be possible to reach a point where whatever I publish remains under my (computer) control so that, as an example, if I want to delete it, the deletion will occurr on any and all instances of the information, independently where it has been copied (as long as it is still part of the web in a digital form).

I think we need much more technology to be able to do that, we need to bring watermarking to the web and this may be what can move us from Web 2.0 (applications and services) to Web 3.0 (no more information, only applications and services).

We had  a meeting today with people from the department of Fine Arts and the University of Udine to discuss the possibility of creating an ecosystem based on the artistic assets available in Italian Museums.

Just imagine what can be done by transforming artistic masterpieces in bits, mashing ups on these virtual representation other information and open it up to third parties to create services.

One can, as an example, imagine a art lesson in a classroom where the teacher relates information present in the students’ book to the real masterpiece that can be accessed remotely from its museum home. The teacher adds information and mashes it up on the masterpiece. Students will have the opportunity of looking at this mash up back home, with their computer or with a dedicated IPTV channel. This latter may be useful to share information with grandparents that may not be familiar with computers. The student may play with the “virtual masterpiece” using services provided by third parties, change some colours and create his own interpretation of the masterpiece, share it in the classroom community, create a social network around that masterpiece.

The possibility, once you combine atoms and bits with mash ups are really limitless.

The crucial point is enabling the ecosystem, making sure that there is a first set of actors that release their assets in a (controllable) usable open way so that other parties may join the ecosystem.

The seed, as in any ecosystems, is crucial and along with it the aspects of trust, ownership.

Regulation is probably the main enabler, and hurdle, in the foreseen evolution. Regulation plays at a different level and in the various stages of the information acquisition, storage, usage, sharing.

In the acquisition phases regulation can force the various actors to make information available to the owner (the one who directly or indirectly generated it). Today there is the theoretical possibility of acquiring our information that is residing in some Company or Institution data base; in practice the only sure thing is that we can ask for its deletion (though it is almost impossible to be sure that it will be done).

In the storage phase, regulation can provide some limits to service offer and liability. However it is clearly in the usage and sharing that regulation can set up a trusted framework that can enable or delay business development.

Fact is, there is no marking on information and there is basically no control. Technology may provide answers to this and significant work is required starting from the assumption that personal information will be created more and more, and that we have to find ways for managing it.

The availability of massive quantity of information will lend itself to statistical analyses. It will provide a lot of raw material to study behaviour, markets, social relations.

Quantitative analyses and statistical approach will open up new ways to understand societies and results will benefit communities and individuals.

It is likely that new representation paradigms will be required to make out sense of these analyses.

Possibly, some new Application Programming Interfaces, standardised at a global level, would be required and instrumental in the diffusion of acquisition systems. Personal data bases (semantic based) will also be required, as well as a set of defined interfaces to access information, neutralise them, share them, tag them. Data encapsulation technologies are required to an extent never approached before.

Some authority shall be in place to take care of privacy and ownership issues and streamline effective usage of information. In a way we will see the same kind of issues that have been confronting us with the growth of information on the Internet, however the solutions (or lack of solutions) adopted so far may not respond to the need posed by these new Internet of digital shadows.

We are already seeing some of these issues emerging in Facebook, SecondLife, Blogs and Twitter. These are today’s shared repositories of personal information. We are already seeing a variety of applications exploiting these repositories, and already feeling the brunt in several occasions.

Whenever I talk about a Digital Life and the information generated, and used by ourselves and others, the Big Brother Ghost appears. Privacy concerns, rightly so, are at the forefront.

However, I also have the opportunity of travelling the world and I noticed quite different reactions to personal information sharing. Whilst in Europe the privacy concern is overwhelming, in the USA it gets twisted in biz and social considerations before emerging as a top priority for the individual. You can feel it as you step in the US when they take your finger prints (over and over, I still wonder why…) and photo, in security cameras following you as you move around the streets…. In China I still have to discover if there exists a Chinese word to express the concept of Privacy.

I can also see differences in different age groups. We, the old bunch, are very concerned, whilst the Digital Native have a completely different idea of privacy, it is more related to their social groups (that seldom have no boundaries) than to the person.

My daughter chats with her boyfriend in a public Facebook chat, even though privacy is just one click away. Apparently they choose to live their life within their community.

If you have doubts, look at IYouIt, SharedLife, LifeLog…

I have my ideas on the digital life and its related information: I am belonging to the old (but wild) bunch and therefore privacy is a priority. But so is the possibility of exploiting the Information Society and My Information.  I look at privacy more from the point of view of ownership. That is my information, I should be able to do what I want with it, and to let other see, use, exploit, or not, this information of mine.

Still, whenever I am saying this, the privacy concern in most my audience is pricked and I get negative reactions.

I was therefore surprised yesterday, as I presented these ideas to the European Commission group looking at the future of Internet, when there was a general agreement on this point of view.

The feeling was that exploitation of information shall be under personal control, but that this shall not lead to an “a priori” blockage of information exploitation. It was noted that in Europe we might decide to go for a very restrictive application of privacy, but in other areas of the world different approaches might lead to better service offers and as soon as that happens Europeans will start to buy into that. This is not just a matter of losing business and directing European wealth abroad. It is a matter of nullifying a restrictive European Policy.

It would seem to make much more sense to work for a European environment that can protect privacy but at the same time can stimulate service offering. Then we would attract people from other areas because they will see information leverage and privacy protection.

Are these two goals incompatible? I don’t think so, technology and smart regulation may work to make it feasible.

However, a change in perception is required and this may just be happening right now

Being a tourist is leveraging on a capital of personal and others’ experiences. Having them available can make tourism easier and more rewarding. Buying stuff is also benefiting to know exactly what I bought before. This can steer my buying and the customizing of services and products that I am acquiring. As flexibility in the offer increases, it is more and more relevant to be able to use our profile in the customisation of the offer. This profile will be extremely rich as more and more information is becoming available.

It is clear that I can leverage on this personal information because there are a lot of companies, out there, offering services to capture, analyse, structure, store and leverage on my information. Some of them are my trusted parties, others are just service Companies whom I disclose (part of) my data to get service from them. This “disclosure” part is a service by itself and is provided by one of my trusted parties.

I realise that a major business has developed because of these many digital shadows around. The complexity is similar, may be bigger, to the one of managing a gigantic warehouse, and on top of  that there is the empathy of remembrance, something that is unknown of to a warehouse. New enterprises that did not existed ten years ago are know acting as intermediary between personal information and services. It is like a new Internet of personal Information, and feelings, has sprout on the technologies that have made the Internet a ubiquitous framework for business and consumers alike. Many new technologies have appeared, some enabling this business, others exploiting it.

I have come to consider my data as a value that I can leverage on in terms of getting better services, and, sometimes, in terms of an asset I can release as a citizen or a participant in a community.

Privacy is very much a given in the sense that the amount of information that can be acquired has made me even more conscious of its value and on the potential danger, were this information fall into wrong hands. Protecting information, however, shall not annihilate it. I do not want undesired parties to access my information but I do not want to cut myself off from the benefit provided by having access to it.

Government Regulation shall evolve to guarantee both privacy and ownership of information. One should not cut on the other.

Government and Institutions are also very much interested in exploiting the digital shadows of their constituencies, since they can develop better plans, more to the point and timely, they can make better use of resources, they can provide better services.

These span from proactive traffic management (knowing where people are and will be moving enables dynamic forward looking traffic management), to health care (epidemic diffusion and control, right-sizing emergency centres and hospitals), from energy management to transportation. There is very little in today’s Society that cannot exploit the availability of information.

Internet is there both as a connectivity fabric, that I no longer perceive since it is ubiquitous and embedded/transparent, and as a suite of services provided by a variety of parties. Bandwidth is seldom an issue, since most information is floating nearby, in my cell phone, in my car, in my home media centre. This information is, most of the time, pushed in my vicinity based on my profile. This information creates a context, and communication is taking place in a contextualised way.

My digital shadow, therefore, plays an important role in my being connected and…understood.
It turns out that the sharing of (part of) my digital shadow makes work much more effective since my working experience can be shared and leveraged by my team mates. Similarly, my social network derives benefits from having access to (parts of) my digital shadow.

I also understand that there may be new ethical issues surfacing. And dangers. But dangers are something I am prepared to deal with, as I have in the past confronting with the various fraud brought forward by Internet. The ethical issues are more complex, ‘cause they are new. What happens to me if I lose part of my digital shadow? Will my digital shadow over live my physical body? What if, after a stroke that incapacitate me, I am confronted with someone who pretends, even just in bits, to be me?