In Facebook CEO Mark Zuckerberg’s recent conversation with Harvard Law School's Jonathan Zittrain, the two briefly touched on a fascinating idea by Tim Berners-Lee, inventor of the World Wide Web, to build a protocol called Solid.
Solid would act as a kind of data locker that would allow web users complete control over their data and what websites, companies, and apps they shared it with. In a September 2018 Medium post, Berners-Lee explained:
It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time.
Solid would allow users constant access to the data they share as well as the ability to pick and choose what which apps can access certain information.
One of the many curiosities of Zuckerberg and Zittrain’s conversation – part of the former’s 2019 New Year’s resolution to “host a series of public discussions about the future of technology in society – was the way in which the CEO entirely missed the point of people’s real concerns over data privacy. While Zuckerberg concentrated on people’s complaints about ads that use their personal data and insisted that this is part of how Facebook provides a free service to customers, most people aren’t really worried that a marketing company knows what stores they like most. The real issue is that the data they collect about us has to be stored somewhere and can be either stolen or used for more nefarious purposes to deprive us of our privacy and our rights.
If Solid could find a way to keep data secure from hackers and ensure that no one would ever be forced to hand over their data, we’d would likely have a good start to a new era of keeping our data safe on the Internet.
This idea seems to be gaining more traction among researchers and an MIT-Harvard collaboration was just announced that would result in another new platform called Riverbed that “ensures that web services adhere to users’ preferences on how their data are stored and shared in the cloud.” The platform is described in a paper presented at the USENIX Networked Systems Design and Implementation conference.
Riverbed directly addresses the key issue in cloud computing, which is that the data (or “breadcrumbs”) we leave behind online when we search the web, sign up for subscriptions, use social media, make purchases, etc. is stored on remote data servers where the information is then combined and sold to advertisers who may gain far more insight into us than we could have ever realized or would ever want. There are also concerns about this data being stolen or eventually becoming open to employers, health insurance, companies, or other entities that can use it to deny us services.
Internet users don’t have the ability to control how their data is processed and shared, but Riverbed aims to give them that power. The program runs on a user’s device and serves as an intermediary between them and the cloud. That means that if you have set up restrictions about who can store what data, Riverbed will intercept any app trying to grab it.
Users create “policies” that allow them to mark which types of websites can receive specific pieces of data. These sets of rules are stored in isolated clusters and cluster contains data with the same rules (for example, data that can’t be shared under any circumstances, or data that can only be shared with a specific website). This prevents any confusion when it comes to sharing.
Such as system would certainly make it easier for developers to comply with new GDPR and other privacy laws that require users to give explicit consent for apps to access their data.
According to the paper’s’ first author Frank Wang, a recent graduate of MIT’s Department of Electrical Engineering and Computer Science’s Ph.D. program:
Users give a lot of data to web apps for services, but lose control of how the data is used or where it's going. We give users control to tell web apps, 'This is exactly how you can use my data.'
One potential downside of the technology (if it is implemented and works as designed) is the amount of computing power it would take for Riverbed to act as an intermediary without producing lag time during app use. While the developers have begun to address this problem using some novel techniques, it could still slow down service by about 10%. That’s still fast enough for real-world use, Wang says, but of course, in an era when we expect the coming of 5G to make everything faster, it could potentially leave some users feeling like it’s a burden to use.
While these programs are still under development, we appear to be on our way to controlling our own digital destinies when it comes to data sharing.
Of course, the next step is a good public education campaign about data privacy that clearly explains the importance of taking the time to use these new platforms thoughtfully in order to protect our valuable information from those who mean to misuse it.
