The Forgotten Man is not a Machine
J. Oliver Glasgow
This paper and the introduction to https://datastewardship.solutions (DSS), is from Data Privacy Journal, underwritten by the Privacy Co-op Media Staff, is re-issued here for free viewing with the author’s permission. Site of record can be found here: https://doi.org/10.52785/J3S9V3N7. While linking to this article is permitted, please do not distribute or copy without express written permission of author. Formal citations can be copied from https://www.academia.edu/78465877/The_Forgotten_Man_is_not_a_Machine, © 2022.
In 1937, FDR gave an impassioned speech about solving poverty, drawing from a Harvard research paper about the poor and the need for Person A to give money to Person B to help Person C, whom he called, “the forgotten man” in a series of follow-on fireside chats. But after 60 years of scholars just accepting the premise, a historian, Amity Shlaes, did just a smidge of research and found the original material that FDR cited actually called Person A the forgotten man as they provided all the funds and yet Person B got all the credit and ultimately the power.
Something like that just happened to you and your data rights, and I don’t want to let 60 years go by without pointing out a very simple fact.
You engage systems all day and night long, and you create data, and as its author, you own the rights to the information contained within that data. These are fundamental human rights, known by lawyers as rights equivalent to ownership. It doesn’t matter how many times a hard drive spins, or how hard a chip has to work. You are the author and owner of those rights.
However…
Just a handful of years ago, some rather clever humans developed crypto algorithms that work extremely hard, making hard drives spin extremely quickly and chips heat up to capacity, all in reaction to your actions… and these clever humans convinced everyone that the machines deserve all the credit.
They call it cryptocurrency, it’s been deemed by the courts as a commodity, and today 16% of the world’s economy is invested in it. What they are actually investing in is your personal industry as well as mine. Those drives and chips would be silenced if we stopped engaging the systems. Nothing legally has changed here. You and I still own the rights to our information contained within the data now represented in virtual coins, and ultimately it’s the rights to use that data for other purposes that solely provide the value here.
Before you flame me, please tell me of one single crypto coin that was not minted as the ultimate result of a human pushing a button somewhere in a story about one human engaging another in some activity. Just because the algorithms automate the services, doesn’t mean they happen in a void. And if they did, there would be no value, for there would be no information. Data + meaning = information.
And yet…
Just because the algorithms were remarkably clever, and the drives and chips worked incredibly hard, social and crypto-corporate leaders very slyly said, “You, Person A, are giving your industry to me (Person B) to help the forgotten person… er… in this case a machine… the forgotten machine. Yeah… that’s it”.
They will quickly try to convince everyone that, “it’s the way we’ve always thought of crypto. We need to value all that machine-time. That’s what makes crypto such a great investment!”
But that’s not truth — and they know it. Not at all. Don’t let them fool you any longer.
Crypto is valuable. That is true. But it’s because of your will and my will. It represents consent for our information to be used for “secondary purposes” and that’s the truth — no matter how big the lie, or the drives, or the chips.
Without realizing it, we find ourselves 16% behind a global financial curve where machine-time outweighs human rights, but just in the minds of the elite and the powerful. The technology is fine. It’s their perception that’s wonky.
How much would change for the very poorest of regions of the world if their data rights became an equal factor in the commoditization thereof, thus making their crypto representation a fully realized commodity currency?
What will you now do with this sudden realization that you are, once again, the forgotten man?
I’ll tell you what we did at the Privacy Co-op. For years, people have come to our services for help in opting-out of companies that exploit their data. Groups of people that don’t even know each other have used our tools to take charge against one corporation or another. In the modern vernacular, “we were DAO before DAO was cool.”
Distributed Autonomous Organization (DAO): a self-formed group of individuals with a common interest in a commoditized representation of some value with leverage, and that representation taking the form of an immutable tokenization of some sort in some distributed ledger technology and their proof of being a party thereof.
Recently, we started minting a Class A DAO NFT (that’s cryptocurrency), one for each of these DAO groups that organically form. We also mint a Class B NFT for that target corporation to license opt-ins of our members that haven’t opted-out.
This helped a lot of our members remember that they were forgotten. But it didn’t go far enough. They wanted something they could “put in their wallet”, as it were. This would help them, and the elite, remember that they were now unforgotten.
In each of these opt-out actions, you have to tell us how the target corporation knows you. You know… some distinctive of your identity like an email address, phone number, street address, and the like. In some cases, you might even prove you have some control over that distinctive, like responding to an email link or entering a PIN sent to a cell phone or street address. You know… like corporations have you do over and over. You do it all the time. You are creating value for those corporations, you own the rights to it, and they get rich, and sometimes the data is weaponized to hurt you.
Aren’t you sick of that? I know I am.
Our amazing development team asked a very sobering question: “Can we use existing crypto and distributed ledger technologies to create a relationship between each such distinctive and those Class A/B tokens, without sacrificing privacy, where we could keep private things private while immutably etching your demonstrated control of those distinctives in cryptocurrency as information rights and put that in your wallet?”
And as always, our team knocked the ball out of the park!
Consider the following diagram:
In this picture, you come to the Privacy Co-op, sign an agreement for us to be your Authorized Agent regarding your information rights, and as you opt-out of a certain company, we grant you fractional ownership in a Class A DAO NFT. We call this relationship Lambda in the diagram. We do this through a federated layer of legal services (DataStewardship.solutions) that is opening up to other Authorized Agencies for full transparency and trust, and leveraging an evolving public commons called the CNS — now in a W3C community group being prepared for ISO standardization.
There’s a lot of good to talk about in the CNS, but we’ll leave that for other documents. Suffice it to say that the Consent Name Service (CNS) is amazing tech that helps businesses better understand laws and your wishes in the moment when it comes to data use. We only mint and assign fractional ownership in Class A DAO NFT as a reflection of the CNS so companies can have a common, approachable resource for data use resolution in the millisecond, and equally relied-upon for larger tech like Big Data. We want your wishes to be easily understood by the machines — as your wishes are their value.
Everything to the right of the DSS in the chart represents immutable data that is discoverable in the public distributed ledger. You’ll notice that no personally identifiable information is there. Class numbers and serial numbers are handles into the minted NFT and their metadata, and any personal information of our members is securely and privately maintained. If the law requires it, such as in a class action lawsuit for your benefit and with your will, we may act as a fiduciary on behalf of our members, and per their agreement, to divulge or otherwise make available to the courts only the required facts. So, when it’s a benefit, the dots can be connected.
As the Class A/B NFT are maintained in an DSS treasury, and specific to an Authorized Agency, there’s no way for anyone to suss-out your personal info based on the fractional ownership of the Class A DAO NFT. In this way, we are leveraging all the power of distributed ledger technology (DLT) without outing you to the world.
During this process, you might have an occasion to validate some distinctive or other, and everything is in place for us to do the following…
Here, you take some special action to validate what? That you control that specific distinctive. This demonstrated control can be memorialized as a Class I NFT (iNFT).
There are certain elements necessary to utilize DLT, but we have taken extra care to keep the private things private while we make the necessary public things public.
Again, through updates to the CNS regarding this validation, we create a new relationship, Mu, with no external capability for businesses or individuals to connect it to any Lambda(s) without your expressed wishes and consent to do so.
Meta data that you might find helpful, and yet may contain private information about you, is addressed within private JSON. Pointers to that protected information are made available to public JSON via CID Hashes — a one-direction encryption approach regularly employed by the crypto-verse. What does all this technical mumbo-jumbo mean? Well, you end up with a minted iNFT representing your control over a particular distinctive — your information rights.
That means that the commodity behind this crypto is your information rights. Who cares about the machine-time anyway!
To represent the relationship between Lambda and Mu, we will publish a Consensus Record to a Topic in the DLT. So… if you are counting, you have an iNFT, a consensus record, and a Class A DAO NFT — with no publicly discernible relationships between them. But still…there’s all the legal nonrepudiation data available that you, or the courts, or both can prove what is needed to protect your rights and fight the bad guys — those who might exploit your data.
Further, and this is the really cool part… as other businesses and agencies onboard, and regardless of who your identity provider might be, you might in the near future be able to use iNFT tokens to verify your previous validations. It might make day-to-day life a little more hassle free as you no longer have to prove the same things over and over again.
For this reason, we have already started capturing various Levels of Assurance (LOA) measurements for the various validations as they happen, per NIST SP.800–63–3 standards, so that when people and businesses start relying on these artifacts to remove hassle from their lives, they will be able to understand the captured LOA at the time of validation.
Why would a business pay extra to build out validation flows when they can just utilize what’s already in the ledger? The less data they collect, the less risk there is to their business.
The yellow line in the diagram above represents an ability for your Authorized Agent, who has a fiduciary responsibility to you to understand these relationships, for them to subscribe to any changes made to that Consensus Record in the future. Soon, you’ll even be able to subscribe to these things as well. This means you will be able to see a history of requests made to the CNS via an anonymous immutable mechanism.
Imagine being notified when a specific company asked to use your data for some purpose! That would be remarkable — and it’s within reach.
At this point, you might look at that spanking new iNFT and say, “Hey, that’s mine! I want that in my wallet.” Consider the following…
With only the artifacts in the DLT, a user can log into any wallet that supports NFT (there are many), make an association to the specific class of iNFT, and then use Privacy Co-op services to withdraw it from the DSS treasury and have it put in their wallet through the use of smart contracts that prevent others from doing likewise.
With the combination of the public and private JSON, we can privately stream temporal versions of more detailed NFT tokens directly to a wallet authorized by the user. Sure, the user could take a screenshot if they wanted to, but there’s just no other way for malicious actors to put all the pieces together.
Well now, you can have a pretty picture of your iNFT in your personal wallet, and perhaps solely see even personal data about it through a temporal picture, and that’s only when and if you want to.
Hey, that’s nifty.
Now here comes the very best part for self-sovereign identity. This approach is truly distributed Web 3.0, and we are going to prove it.
Do you know the term Local Number Portability? It’s the system of standards by which phone companies make it possible for you to change service providers and keep your cell phone number. You know, like if you no longer like AT&T and want to go to T-Mobile, you don’t have to get AT&T’s permission first. You just go sign a contract with T-Mobile, and they pull your service and phone number over to their platform.
Now consider this…
You go to another Authorized Agency (I know… it’s fiction. You’d never want to leave the Co-op!). Without asking permission, you would go to another agency, and sign a contract with them. Everything you need is now in place.
But first, a word about “smart contracts”…
Have you ever been a high elf and needed to buy a ceremonial silver dagger from a dark elf that you didn’t exactly trust?
In games, there are trade windows. Let’s say you want to pay TimeyWimey five gold pieces for a silver dagger. But you’re afraid she will swap it out for a cheap copper dagger in the last moment. Meanwhile, she is afraid you will put in 5 gold and, at the last second, swap it out for 5 silver coins.
To fix this, gamers developed trade windows where you can only put things in and click confirm or cancel. You might put too much in (that’s a tip!), but you can’t take anything out. Both parties see what is in the trade window and both have to agree to the terms.
Smart contracts are a lot like that, but all the code is in the distributed ledger where it can’t be changed.
It can be transparent, meaning the code is open source, or it can be obfuscated. In our case, the smart contracts are open source. That means that the world can see how the trade window works and know there are no tricks involved, even by the contract writers. At the same time, this also supports not showing the world what goes into the smart contract from either side. That’s just for the two parties involved to see and understand.
The new Authorized Agent you have selected can put proof they have a contract with you in one side of the smart contract and you can put proof you have “a Mu iNFT in your wallet” in the other. The code to support all that is called the Smart Contract.
When you and your new Authorized Agent (AA) click agree, the contract publishes a Consensus record that the new AA is now representing the human behind that Consensus record for all the relevant Lamba relationships privately associated with that Mu relationship. Anyone that is subscribed to updates for that topic, like the Privacy Co-op was as your prior AA above during minting of the iNFT, will be notified of the change and they will stop representing your data rights with those companies.
Your new AA will then subscribe to the same Consensus record, and you will be free to change from them in the future if you so desire.
With these simple DLT ecosystem pieces in place, the multifaceted platform of trust can grow at scale, and that benefits all parties.
For businesses using the CNS, they can honor opt-outs while licensing opt-ins with assurance. This will greatly reduce their risk and liability with over 235 privacy regulations around the world. If you are a business, consider becoming an Affiliate of the Co-op for these and other benefits.
For Authorized Agencies, they can now focus on serving the needs of their members, providing new innovative services through reliable interfaces and agreements. If you are an Authorized Agency, consider joining the GCA3 (Global Consent Authorized Agency Association) monthly meetings to learn more about DSS.
And most importantly, for you — you can mint your own iNFTs that represent your control over distinctives of your identity, useful for contractual agreements pertaining to your information rights, and the subsequent enforcement of your data-use desires. We hope you become a member today!
We believe so much in this approach, that we built it, deployed it, and have started the GCA3 as a separate nonprofit to establish standards and transparency for all Authorized Agencies to participate.
Please join us.