This talk focuses on the problems of managing privacy on the Internet. It continues by presenting an alternative to how information is managed, a method that not only helps protect privacy on the Internet, it also provides a mechanism to define and control ownership of information. This naturally leads to a method to define the value of information. The presentation ends with a short analysis on the security implications of this new architecture.

1. Privacy & Ownership of data
Little Sister vs. Big Brother

2. Privacy

3. What is privacy?
A fundamental human right:
 The right to have confidential conversations.
 The ability to select with whom we communicate.
 Protection against unwarranted monitoring or
searches.

4. Does privacy extend to the IoT?
Who can communicate with devices around you,
and about what?
Do you want uninvited to know:
 When you’re home?
 If you’re in the shower?
 What places you visit?
 Your health status?
Or be able to:
 Control your vehicle?
 Turn off your pacemaker?

5. Does privacy extend to Social Networks?
Who can access your information?
Do you want uninvited to know:
 What you think?
 What you like?
 Who you know?
 What you’ve done?
 Spy on you?
Or be able to:
 Steal your ideas?
 Utilize your confidential information?

6. E.U. privacy legislation (GDPR)
Concerns any data:
 Directly related to individuals
 Indirectly related to individuals
 (any level of indirection)
 About any E.U. citizen (globally).
 Global citizens (systems in E.U.)
Based on consent & information.
 Severe fines:
 20 MEUR up to 4% of global turnover.

7. Ownership

8. Who owns the data?
Who is the owner of data?
 The person/entity generating (inventing) the data?
 The person/entity storing (controlling) the data?
 The person about whom the data relates to?
Is it important?

9. Legislation
Which law is applicable?
 Copyright?
 Trade secrets?
 Intellectual Property?
 Privacy?
Enforcing ownership through legal means
is difficult.

10. Ownership of things
How is normal ownership enforced?
 Protection behind lock & key.
 Access only to trusted parties.
 Monitoring.
 Demonstration of ownership.

11. Ownership of data
Why treat data differently?
Local storage (decentralization) allows:
 Protection behind lock & key.
 Limiting access to trusted parties.
 Monitoring access.
 Demonstrating ownership.
 Enforcing ownership of data.
Added benefit:
 Intrinsic value of data through access.

12. New paradigm – “WWW 3.0”
Privacy & Ownership concerns raise
awareness that existing architecture
paradigms (centralization in the cloud) not
suitable.
 Centralized storage has become a risk.
 Decentralized architecture better protect privacy
& ownership.
 Advances in standards and communication
technologies eliminate need for centralized
processing.

13. Security

14. Decentralization & security
Decentralization has security implications:
 More attack surfaces.
 But value of each node is small.
 Value/Effort ratio small.
 Easier to protect.
 Massive data breaches difficult.
 You don’t put all your eggs into the same basket.
 More resilient.
 End-to-end encryption.

15. Anonymization vs. Strong Identities
Anonymization:
 Protects whistle blower or dissident
(or criminal or terrorist)
 Makes security decisions difficult.
Strong identities (pseudonyms):
 Protect information owners.
 Allows selective responses.
Both protect privacy, in different ways.

16. Peter Waher
Founder of Little Sister®, a
standards based distributed
social network, based on the
principles of privacy &
information ownership, for
organizations, individuals and
machines. Peter also works on
standardization for the IoT and
the Smart City/Society. Author.
Smart City Architect. Internet
Philosopher.
peterwaher@hotmail.com
Twitter: PeterWaher
LinkedIn: http://waher.se/