Open Source Architecture for Data & Digital Rights
Converting centralized monopoly platforms into decentralized protocols and standards
Part 3 of 3 — Smart Data & Digital Rule of Law Series:
- Part 1: Creating Digital Rule of Law
- Part 2: Smart Data — A Brief Timeline of Intelligent Technology
- Part 3: Open Source Architecture for Smart Data and Digital Rights
This is the third part in a three part series about data and digital civil rights. We’re focusing on how humanity can personalize the technology around us by tailoring the uses of our data, even after it’s been shared. This requires creating a standard that attaches and enforces contracts to our increasingly mobile data. Recent advancements in cryptographic techniques like Smart Contracts, Zero-Knowledge Proofs, and Secure Multi-Party Computation finally provide workable solutions to this problem.
Join the Smart Data Ecosystem and help create Digital Rule of Law to preserve all human rights.
Data Freedom Foundation is Born
Between 2005 and 2012, I worked as head of product management and later technology at an award-winning digital consultancy and creative agency. We custom-built the first-generation mar-tech and ad-tech platforms. We also contemplated the many risks.
Between 1997 and 2011, various academic institutions, in collaboration with World Wide Web Consortium (W3C) and Internet Engineering Task Force (IETF), worked collaboratively through many interrelated efforts to create control architectures for our shared data. Their efforts could have standardized control over the uses of our data and dramatically altered the trajectory of the global data landscape. By 2011, all of their efforts ended. Our previous blog post, History of Programmable Data Control & Automation, covers this topic in more detail.
Our reliance on regulations alone was always going to fail. Without technology standards to automate regulatory rights, the challenge is too big. Technology evolves too quickly. Reactive manual regulatory compliance can’t keep up. While regulatory rights are essential, automated technology standards that protect our regulatory rights are equally essential.
Man has only those rights he can defend — Thomas Paine, The Rights of Man 
Our team has continued working on this problem for the last decade. We picked up where the Internet standards bodies left off, and we’ve discovered a simple and elegant solution. We saw a growing opportunity to use new decentralized protocols, smart contracts, zero-knowledge proofs, and secure multiparty computation to propose a new open-source standard to solve this growing existential human problem.
Consent and the Human Experience
We started by looking at consent as a human experience in a holistic manner. We concluded:
- Any technology standard requires all humans to tailor the connections all technology has to our world and our minds.
- Consent must be a defendable, explicit, informed, eternal and unlimited right to control the uses of our accumulated data. Our first blog post Creating Digital Rule of Law, covers this topic in more detail.
The more we understood these goals, the more we embraced a Radical Idea. The idea is that data moves. That data in motion gives technology utility. That data brings technology to life, just like cycles of water and air give life on earth.
To achieve our goals, we require control of data as it flows through and is acted upon by remote systems. Put another way; we need to stop trading data unprotected. It needs a wrapper and a lock. We have wallets, purses, backpacks, bags, drawers, shelves, baskets, rooms, homes, offices, borders, doors, and locks for a reason.
An Architecture for Data & Digital Rights
We decided we needed two core distributed technologies, and we propose them as standards:
- Centralized Control: Master Data Controller aggregates all our data and controls its current and future uses from one convenient location.
- Distributed Enforcement: Programmatic Data Control & Automation secures our data with keys and access rules we control. We can alter all our data and approved uses via informed consent, as it flows through and is acted upon by external technologies.
Central Control of Master Data
We consistently and repeatedly see the theme of centralized control paired with distributed enforcement across network devices, storage devices, servers, data centers, and application code. Organizations can set and automatically enforce storage, compute, server, and application code policy constraints. They can change these constraints across all distributed systems by changing a single policy statement from a central location.
We imagine an unlimited number of Master Data Controllers; each focused on the data transactions and data contracting needs of their respective communities, groups, or ecosystems. Master Data Controllers are where people, organizations, and groups establish a “home” for their individual or group data. They also control the uses of that data by others.
The Solid Protocol proposes a decentralized standard for establishing centralized control of our data within a distributed architecture.
The Solid Protocol is the mid-course adjustment for the Web by its inventor, Sir Tim Berners-Lee. It realizes Tim’s original vision for the Web as a medium for the secure, decentralized exchange of public and private data. [2 Solid Project]
A Solid Server hosts one or more Solid Pods. Pods are where you store your data:
- Each Pod is fully controlled by the Pod owner (i.e., you).
- Each Pod’s data and access rules are fully distinct from those of other Pods.
You can get a Pod from a Pod Provider, or you may choose to self-host your Pod.
You can have multiple Pods. They can be hosted by the same Pod Provider or by different Providers or be self-hosted or any combination thereof. The number of Pods you have and which Solid Server or Servers you use are effectively transparent to the applications and services you use. In the Solid ecosystem, data is linked through your Identity and not through the specifics of your Pod. [2 Solid Project]
The Master Data Controller for Organizations provides one location to control all organizational Master Data, and by extension, all downstream data flow. It does this by managing all organizational data policies, external regulations that apply to internal data, licenses from external data providers, and user-provided personalization preferences. It encodes these data agreements into Smart Data Contracts and automates their enforcement inside and outside the organization.
The Master Data Controller for People provides one location to control the uses of all your personal data, and by extension, all downstream data flow. It does this by managing your application, site, and device personalization settings, accessibility preferences, as well as marketing and privacy preferences. It encodes these data agreements into Smart Data Contracts and automates their enforcement everywhere your data flows and grows.
Data Containers are open-source transferable data files containing a single person’s data and media like images, video, audio, key/pair value store, and relational value store.
Each Data Container is read-only and given a unique identifier ensuring trustable data transactions with improved data quality and trust. Changes to master data sources automatically version and update all cached Data Containers similar to how images are cached at the network edge for optimal performance.
Data Containers are created, transferred, versioned, deactivated for noncompliance, reactivated for compliance, eventually ended revoking all data access, and finally flagged for deletion.
Bring Your Own Encryption (BYOE)
As we contemplated the uses of Data Containers in real-world scenarios, intrinsic and undeniable privacy became the most interesting property. We quickly realized data owners could, would, and should encrypt their data with keys they control before placing their data inside their containers for distribution. We now consider this behavior of using one’s encryption unavoidable. It’s very difficult to stop. It’s potentially impossible to stop. Even if we, or others controlling the technology, wanted to prevent this behavior. It’s an unavoidable privacy-preserving property of Data Containers.
Imagine sending an encrypted message to a friend via regular mail — the old way with paper, envelope, and stamp. Now imagine the delivery person knocking on your door with your envelope opened to tell you they cannot deliver your message in its encrypted state. Not good. Any trusted intermediary, who attempted to limit the uses of BYOE, would quickly destroy their credibility and trust.
The intrinsic and unavoidable privacy preservation of Data Containers continues to fascinate our team.
Smart Data Contracts
- Temporal: When can I collect and use data about you?
- Location: Where can I collect and use data about you?
- Duration: How long can I store your data?
- Aggregation: How may I aggregate data about you?
- Identity: What persona are you when I interact with you?
Zero-Knowledge Proofs allow a party to ask questions about data without revealing the data itself. Zero-Knowledge Proofs enable the following additional automation:
- Functional: How can I collect and use data about you?
- Proxy Entity: With whom can I share information about you?
- Proxy Purpose: Under what conditions can I share your data?
Taken together, we start to see a standard for automating GDPR, CCPA, CPRA, and other regulations. Imagine fully automating the right to be forgotten or the right to data portability? Imagine automating internal data policies as data flows inside and outside an organization?
Zero Knowledge Proofs
Over the last decade, Zero-Knowledge Proof technology has matured significantly. It enables others to question our data without revealing the actual data. A simple example involves verifying a person’s age and income requirements for a loan without knowing that person’s actual age or income. It allows others to ask our data questions and receive a trusted answer without revealing the actual data. It’s very similar to how humans normally converse by asking and answering questions. But unlike humans, Zero-Knowledge Proofs can be trusted to provide an accurate answer.
One can construct a multiparty Zero-Knowledge Proof for situations where many people or organizations need to interact with a shared data pool. A simple example would be banks sharing data for fraud and compliance purposes without divulging the identities of specific bank customers. A multiparty Zero Knowledge Proof is called Secure Multiparty Computation.
Both Secure Multiparty Computation and Zero-Knowledge Proofs are cryptographic techniques with a growing industry of practitioners rapidly advancing these technologies.
Edge Data Controllers
The Edge Data Controller gates and controls all access to Data Containers while automatically enforcing Smart Data Contract terms. Edge Data Controllers are like database executables interacting with Data Containers like database files. They are like data body-guard or intelligent agents scanning and assessing their environment. Data Containers are inaccessible without the cooperation of an Edge Data Controller providing secure key distribution and gating all data interactions per the terms of the attached Smart Data Contract defining the terms of the by Zero-Knowledge Proofs.
Edge Data Controllers follow the familiar (CRUD) Create, Read, Update, Delete data lifecycle for all Data Containers. Edge Data Controller APIs in coordination with Master Data Controller APIs enable the Data Container lifecycle. Master Data Fabrics track the data container lifecycle, logging and auditing all replicas, aggregates, physical locations, data lineage, and contract lineage transfers.
Programmers can think of Data Containers as Programmable Data Objects or modular software components that hold our data and our data usage rules. These rules allow and disallow data interactions. Programmable Data Objects are a kind of Intelligent Composable Application with more agile, modular, and adaptable data architectures. They also enable automated preferences based on personalization at scale.
Call to Arms
Taken together, our architecture and proposed standard enable unprecedented data self-awareness. It creates a new era of data agility, distributed and dynamic data architectures, distributed data automation, intelligent and automated personalization, trustable data security, and provenance everywhere data flows and grows.
Our proposal facilitates an Economy of Ideas that John Perry Barlow described back in 1994. Over 25 years later, his early seminal work on the properties and economies of information continues to guide us. His thinking also continues to caution us.
Many overlapping technology changes are in motion making it increasingly difficult to predict our future. As creators and users of technology, we play an important role. The choices we make have dramatic implications for both ourselves and future generations. Our choices are slowly altering what it means to be human. We must deliberately design technology to serve and elevate the human condition.
We’re just beginning to figure this stuff out
We think we’re on the right track. We think we have roughly the right architecture. There’s still a lot to figure out!
Think these ideas are cool? Want to build an architecture for digital rights? Help create a future where humanity controls the technology around us to ensure technology is used to elevate the human mind and human condition!
It’s damn fun being fearless, creating Digital Rule of Law out of a lawless wilderness, doing work that matters, creating new paradigms for human self-expression, creating a human-centered Economy of Ideas enforced by Digital Rule of Law protecting and preserving our Data and Digital Civil Rights.
Want to help?
- Join the Smart Data Ecosystem and help create Digital Rule of Law to preserve all human rights.
- Follow Data Freedom Foundation and Accesr on social media and follow me on Medium. Data Freedom Foundation is on LinkedIn, Twitter, Facebook and YouTube. Accesr is on LinkedIn, Twitter, Facebook and YouTube.
- Contact us to get involved — we have many open roles and stock options for early supporters.
Part 1 of 3 — Smart Data & Digital Rule of Law Series
Alan Rodriguez is an accomplished digital leader and patent author with a passion for innovation, strategy and emergent digital business models. He’s available to tailor an IP and digital strategy for a few select organizations.
- Thomas Paine, The Rights of Man https://www.bl.uk/collection-items/rights-of-man-by-thomas-paine#
- Texas Review of Law and Politics, Modern Lessons fro Original Steps Towards the American Bill of Rights https://www.txs.uscourts.gov/sites/txs/files/2014_Modern%20Lessons%20From%20Original%20Steps%20Towards%20the%20American%20Bill%20of%20Rights.pdf
- The Solid Project https://solidproject.org/about