2013-06-08

The Architecture of Consent - PRISM 1


I've watched the tweetsters, blabsters and blogsters debate privacy for the last several months.

The invective against government-sponsored intelligence gathering is colourful, but not very helpful. Meanwhile, their opponents see every wish for anonymity as a sign of tax evasion, money laundering, terrorism or pornography.

Both sides cite real or imagined constitutional constraints, wallowing in the kind of law that relies on 'Thou Shalt Not'. Tell someone “Don't think of blue!”, and they must think of blue in order to understand your command.  That's why legislated prohibition often produces the opposite result.

Odd thing though, neither side seems particularly competent in the other kind of law.  You don't go to jail for gaining altitude too quickly. The airplane simply stalls, crashes and you die. The laws of nature and mathematics.

That's why thousands of software engineers and data architects are quietly building new systems that will soon succeed where enforcement has failed, because "that's just the way it works"? They're called 'disruptive technologies', not because they upset the rest of us, but because they might make spies, regulators and most banks seem a little silly and beside the point eventually.

These disruptive technologies all have one fascinating thing in common. They store identity separately from service information. Ta-dah!

Wait a minute. Is that all there is to it?

Yep.   That's it.  Anonymous data.

The database with your name, birth date, address, finger prints and retinal scan won't include your eyeglasses prescription, your bank balance, your blood pressure readings, your parking tickets, your ethnicity, your religion or your shopping preferences. All that stuff will be kept in separate data tables that aren't linked to your identity, except when you authorize it. Or when a qualified judge orders it. Not because it's not allowed, but because that's just the way these databases will be built.

Spies, regulators, banks and business hackers will be thrilled. They won't have to break in to profile service data anymore.  The NSA and Homeland Security will have a ball.  They will be allowed to monitor traffic patterns to their heart's content.

They can track how many Muslims with high blood pressure, a university education and more than two pairs of bi-focals are boarding a flight from Amsterdam to Madrid after requesting a vegetarian meal.

But they won't be able to link that information to individual identities on their own any more.

Not because it won't be allowed, but because that's just the way these systems will be built. That's how they'll work.

Anonymized data bases will free national defenders to engage in much more powerful terrorist profiling than current legislation allows, all without inappropriately invading innocent individual identity. Those data tables just won't contain identity information.

When the profilers detect a threatening pattern in the service stream, they will request corresponding identity information,  only on reasonable grounds, in a process similar to getting a traditional search warrant.

These 'disruptive technologies' will have preemptive anonymity embedded at the very core of their architecture.  They will restore a bunch of democratic and civil protections that earlier information architectures could not.

Curious political operatives won't bother to hack Watergate offices or voter registration systems hoping to find out how you vote.  Neither will a terrorist or thief disguised as a pharmacist, nor a Walmart cashier, nor a bank teller be able to hack payment systems to learn where you live, or how much credit you have, or whether your home is unoccupied while you travel.

Disruptive technologies will embody a whole new architecture of individual privacy and consent at their very core, not because the Walmart clerk isn't allowed to pry into your affairs, but because they simply can't. They won't have access. It won't work that way any more.

Engineers call this astonishing, elegant, even beautiful structure, 'claims-based authentication'. It is almost ready. Several pioneering health care and health records systems are already using it, testing it in the most sensitive data area of all.

Epidemiologists will love the enhanced profiling ability and patients will relish their absolute control over who peeks at their personal records.
  
The only difficulty I foresee is that when claims-based authentication systems come to the world of finance, they might neutralize some of the distorted processes that have unfairly fattened Wall Street at the expense of Main Street. That might indeed upset certain people.

Oh, and by the way?  Bitcoin already appears to be 'claims-based-compliant'.

Next time I'll examine the role anonymity plays in consent and a third essay is in the works to explain how claims-based systems work between you, your doctor, your pharmacy and your bank account.


   continue to part 2 :

1 comment: