Welcome Engadget & TechCrunch Readers
This primer describes a privacy enhancement that is transparent to users, yet allows Google and other online services to provably shield personal data from prying eyes—even from themselves. The data is meaningful for only a clearly defined purpose and without trackback or correlation to individual users.
It is not yet built into major online services. But as it crosses development and test milestones, it is attracting attention and community scrutiny.
Takeaway #1: Blind Signaling and Response encrypts and anonymizes personal data while supporting a marketing backchannel (what Google marketing partners pay for).
Takeaway #2: I am an inventor. I seek to build a career in Privacy technology centered around the development and roll out of Blind Signaling and Response. If you influence companies that gather personal user data, contact me today. Your organization, its clients, and your users will benefit. Your advertising revenue model will be preserved.
In the article directly beneath this one, I claimed that Google can protect individual user data and privacy without detriment to their revenue model. In fact, it would be a great stride in the user perception of trust and a commitment to privacy. I also claimed that Google could modify their services in such a way that would prevent any leak of personal information, even if compelled to turn over data by totalitarian governments around the world.
That posting has become popular. Readers have asked me to peel back the cover and I have even been approached by Google. (Perhaps it will lead to an affiliation. I admire Google, and would love to work with the company).
The magic behind my claims is a method of collecting and storing data that prevents anyone but the intended party from making sense of what is stored. It’s not based on just data encryption, but rather a clever outgrowth of encryption technology that I call blind signaling and response.
Before we can understand Blind Signaling and Response, it helps to understand classic signaling.
When someone has a need, he can search for a solution. When an individual is aware of their needs and problems, that’s typically the first step in marrying a problem to a solution. But in a marketing model, a solution (sometimes, one that a user might not even realize he would desire) reaches out to individuals.
Of course the problem with unsolicited marketing is that the solution being hawked may be directed at recipients who have no matching needs. Good marketing is a result of careful targeting. The message is sent or advertised only to a perfect audience, filled with Individuals who are glad that the marketer found them. Poor marketing blasts messages at inappropriate lists or posts advertisements in the wrong venue. For the marketer (or Spam email sender), it is a waste of resources and sometimes a crime. For the recipient of untargeted ads and emails, it is a source of irritation and an involuntary waste of resources, especially of the recipient’s attention.
Consider a hypothetical example of a signal and its response:
Pixar animators consume enormous computing resources creating each minute of animation. Pixar founder, John Lasseter, has many CGI tools at his disposal, most of them designed at Pixar. As John plans a budget for Pixar’s next big film, suppose that he learns of a radical new animation theory called
Liquid Flow-Motion. It streamlines the most complex and costly processes. His team has yet to build or find a practical application that benefits animators, but John is determined to search everywhere.
Method #1: A consumer in need searches & signals
Despite a lack of public news on the nascent technique, John is convinced that there must be some workable code in a private lab, a university, or even at a competitor. And so, he creates a web page and uses SEO techniques to attract attention.
The web page is a
signal. It broadcasts to the world (and hopefully to relevant parties) that Pixar is receptive to contact from anyone engaged in Liquid Flow-Motion research. With Google’s phenomenal search engine and the internet’s reach, this method of signaling may work, but a successful match involves a bit of luck. Individuals engaged in the new art may not be searching for outsiders. In fact, they may not be aware that their early stage of development would be useful to anyone.
Method #2: Google helps marketers target relevant consumers
Let’s discuss how Google facilitates market-driven signaling and a relevant marketing response today and let us also determine the best avenue for improvement...
At various times in the past few weeks, John had Googled the phrase “Liquid Flow-Motion” and some of the antecedents that the technology builds upon. John also signed up for a conference in which there was a lecture unit on the topic (the lecture was not too useful. It was given by his own employee and covered familiar ground). He also mentioned the technology in a few emails.
Google’s profile for John made connections between his browser, his email and his searches. It may even have factored in location data from John’s Android phone. In Czechoslovakia, a grad student studying Flow-Motion has created the first useful tool. Although he doesn’t know anything about Google Ad Words, the university owns 75% of the rights to his research. They incorporate key words from research projects and buy up the Google Ad Words “Liquid Flow-Motion”.
Almost immediately, John Lasseter notices very relevant advertising on the web pages that he visits. During his next visit to eBay, he notices a home page photo of a product that embodies the technique. The product was created in Israel for a very different application. Yet it is very relevant to Pixar’s next film. John reaches out to both companies–or more precisely, they reached out in response to his signal, without even knowing to whom they were replying.
Neat, eh? What is wrong with this model?
For many users, the gradual revelation that an abundance of very personal or sensitive data is being amassed by Google and the fact that it is being marketed to unknown parties is troubling. Part of the problem is perception. In the case described above and most other cases in which the Google is arbiter, the result is almost always to the user’s advantage. But this fact, alone, doesn’t change the perception.
But consider Google’s process from input to output: the collection of user data from a vast array of free user services and the resulting routing of ads from marketing partners. What if data collection, storage and manipulation could be tweaked so that all personal data–including the participation of any user–were completely anonymized? Sounds crazy, right? If the data is anonymized, it’s not useful.
Wrong.
Method #3: Incorporate blind signaling & response into AdWords
— and across the board
A signaling and response system can be constructed on
blind credentials. The science is an offshoot of public key cryptography and is the basis of digital cash (at least, the anonymous form). It enables a buyer to satisfy a
standard of evidence (the value of their digital cash) and also demonstrate that a fee has been paid, all without identifying the buyer or even the bank that guarantees cash value. The science of blind credentials is the brainchild of David Chaum, cryptographer and founder of DigiCash, a Dutch venture that made it possible to guaranty financial transactions without any party (including the bank) knowing any of the other parties.
The takeaway from DigiCash and the pioneering work of David Chaum is that information can be precisely targeted–even with a back channel–without storing or transmitting any data that aids in identifying the source or target. (Disclosure: I designed the back channel mechanism, which is not a design requirement of Chaum’s DigiCash implementation. As of June 2012, I am working toward a patent). Even more interesting is that the information that facilitates replying to a signal can be structured in a way that is useless to both outsiders and even to the database owner (in this case, Google).
The benefits aren’t restricted to Internet search providers. Choose the boogeyman: The government, your employer, someone taking a survey, your grandmother. In each case, the interloper can (if they wish) provably demonstrate to that meaningful use of private data is restricted-by-design to a stated purpose.
It’s reasonable to assume that privacy doesn’t exist in the Internet age. After all, unlike a meeting at your dining table, the path from whisper to ear passes through a public network. Although encryption and IP re-routing ensure privacy for P2P conversations, it seems implausible to maintain privacy in everyday searches, navigation, and online email services, especially when services are provided at no cost to the user. Individuals voluntarily disgorge personal information in exchange for services, especially, if the goal is to keep the service provider incented to offer the service. For this reason, winning converts to Blind Signaling and Response requires a thoughtful presentation.
Suppose that you travel to another country and walk into a bar. You are not a criminal, nor a particularly famous or newsworthy person. You ask another patron if he knows where to find a good Cuban cigar. When you return to your country, your interest in cigars will probably remain private and so will the fact that you met with this particular individual or even walked into that bar.
Gradually, the internet is facilitating at a distance the privileges and empowerment that we take for granted in a personal meeting. With end-to-end encryption, it has already become possible to conduct a private conversation at a distance. With a TOR proxy and swarm routing, it is also possible to keep the identities of the parties private. But today, Google holds an incredible corpus of data that reveals much of what you buy, think, and fantasize about. To many, it seems that this is part of the Faustian bargain:
- If you want the benefits of Google services, you must surrender personal data
- Even if you don’t want to be the target of marketing,* it’s the price that you pay for using the Google service (Search, Gmail, Drive, Navigate, Translate, Picasa, etc).
Of course, Google stores and act on the data that it gathers from your web habits. But both statements above are false!
a) If Google incorporates Blind signaling technology into its services, you will get all the benefits of each Google service without anyone discovering a useful piece of personal data. Moreover, Google will still benefit your use of their services just as they do now.
b) Surrendering personal data in a way that does not anonymize particulates it is not
“the price that you pay for Google services”. First, Google is paid by the marketer and not individual end users. But more importantly, the marketers can still get the full advantage of sending you relevant, targeted messages while Google protects your privacy en toto!
They can take steps to make the data useless to any other party and for any other purpose. Google and their marketing partners will continue to benefit exactly as they do now.
Article in process...
* This is also a matter of perception. You really do want targeted messaging. Even if you hate spam and, like me, prefer to search for a solution instead of have marketers push a solution to you. In a future article, I will demonstrate that every individual is pleased by relevant messaging, even if it is unsolicited, commercial or sent in bulk.
NY & HI senate: Lacking historical perspective[/caption]
A government dB of everyone’s web surfing... Now, Isn’t that just special?![/caption]