Privacy Economy II

How to Proceed

The Privacy Economy I article explores how social platforms, online advertisers，e-tailers，and opinion influencers extract economic gain from the privacy of internet users, with little if any benefit to data owners. We propose a new method of enabling users to control their private profiling data while being anonymized to privacy predators. No doubt those predatory companies will make tremendous efforts to protect their turf from the rise of privacy rights.

We maintain as a first principle that privacy is personal property. As such, it cannot be taken or modified without explicit compensation in joint agreement. Selling or revealing anyone’s privacy without an explicit，agreed bargain must be a crime. Technology to support this Privacy Economy is now ready, even if laws and public opinion are lagging. The tide is turning, and it is time to get on the right side of history. In this case, the call to arms is purely defensive./p>

As proposed in Privacy Economy, anonymizing internet activity frees users from being tracked, spammed and targeted. The criteria that determine the presentation of offers and information must be solely in control of the user, not the extractors of behavioral data. Anonymity combined with a search and filter system driven by users makes the internet more useful, whether searching or shopping. Anonymity is broken only at the moment provider and receiver agrees. Once user’s needs are met, the anonymity door slams shut. The paradigm disrupts some of the largest business models in existence, to the benefit of common users. This shifts marketing from hated spam to a hot leads model.

A Plan to Secure Privacy

In a world of hackers and other surveillors, there is more to the privacy tech tool kit. Once a user does make a purchase, the vendor, financial institution, logistics company, and others will have access to the private information. Today's norm is that each of these might sell that data in some form for their own sole benefit. Even if they don’t，because there are no significant consequences to a leak of private data, there is no financial incentive to protect it effectively. Just think of the long list of companies that have lost tens or hundreds of millions of records without any significant penalty. We promote the following set of innovations whose adoption, or lack thereof, separate the good guys from the bad guys:

1. Isolation from the open internet.
2. Security of data at rest.
3. Security of data in motion.
4. Al in devices at the edge of the internet.
5. Where data flows show benefit, integrate to a blockchain.
6. Create certification programs for businesses who adhere to best practice in privacy protection.
7. Guarantee fair compensation by a neutral arbitrator to customers when something goes wrong.
8. Cyber-insurance programs with audits to hold certified companies accountable, while helping manage concomitant financial risks.
9. Legislate stringent privacy laws, fund investigators, and provide extensive education to the judiciary. Assure that companies who have not made adequate efforts are liable for civil action.

The first five need explaining:
1. As mentioned in the first article, internet users need isolation from the open internet so that activities can be anonymous. This involves the use of E2E and P2P secure channels using IPV6.
2. When private data is stored ("at rest"), it is often kept in one place, with minimal encryption. Best practices are quite different, where the data is first sharded, salted with irrelevant data, fragments are replicated, and kept in different peer nodes, such that no single target would have enough data to be useful to hackers. Key here is the use of advanced sharding techniques and double-blind distribution of data across federated networks so that it cannot be reconstructed by unauthorized actors.
3. "dat in motion" means using military-grade encryption from source to destination, without central control of keys. Here, the "end-to-end" strong encryption is key, because SSL or VPN's havw vulnerabilities to intrusion happening behind firewalls.
4. Al at these endpoints can be effective, with a limited range of expected activities allowing simple algorithms to be extremely powerful.
5. Adding to this, the use of a distributed blockchain means that checks for anomalies must be posted by a large number of nodes before data can be accessed or modified. None of this requires expensive new hardware -in greenfield cases it can cost less. The key issues is adoption of these best practices.

Given these technologies, points 6, 7, and 8 become straightforward to implement. Proper use of these technologies becomes the certification program. Insurers can audit the certified companies to verify compliance, and provide low cost insurance that passes the benefits of this security on to customers. Seeing that effective technology, education, and insurance solutions exist, legislators will not have to worry about privacy protection laws imposing undue burden.

Securing the Expanding Attack Surface

While large organizations are the largest source of privacy loss, the herd of trojan horses now are attacking "connected devices". There is no holistic certification system for devices in the home, office and for industrial uses. Many of these devices ship with identical default passwords. Privacy risks are obvious with audio-enabled video cams, but can be more serious in the case of security cameras, or when controllers of devices that can cause a fire are involved. The connected car or other vehicles have alsobeen repeatedly proven vulnerable to potentially life-threatening hacks.

Here again, the technologies outlined above provide answers. Connected devices should never be directly addressable from the internet, bat rather isolated with end-to-end encryption in a private network. The technologies for securing data in motion and at rest apply here as well. Personal devices need to include blockchains to further isolate risks. All of these steps must be required for privacy certified devices.