Cyber fraud is on the rise, and public concern over the safety of data is one of the biggest factors holding back the tide of digital and cloud-based finance technology. One team of researchers may have a solution.
Led by Hamed Haddadi of Queen Mary University of London, a team spanning QMUL and Cambridge University have developed a model for a “personal, networked service” which collates personal data and then acts as its gatekeeper.
Called the Databox, the idea is that individuals use a personal online portal to collect together their financial statements as well as search, payment and other personal data from all their devices and then stores this in a single, heavily protected location, which could also be replicated in an external drive if preferred. They then choose which companies have access to which data.
Rather than replacing existing payment methods such as PayPal, the system “fits right in”, simply adding an extra safety wall between the data and the recipient, explains researcher Anil Madhavapeddy.
Because online companies and organisations request access to the relevant information, the Databox owner will just have to choose whether to allow their request, rather than re-entering this data manually, which Madhavapeddy says will speed up online payments and other interactions. “We anticipate that it will actually get more people to buy online,” he says.
To protect the person’s data, the Databox uses a carefully designed custom operating system based on the Nymote infrastructure, which, says Madhavapeddy, creates the illusion of running from multiple systems, preventing a hacker from simply breaking in and stealing a life’s worth of data. Wheareas earlier attempts at data vaulting effectively meant choosing one company to trust with your most prized information instead of scattering this between many (the “if you give us all your data, we’ll look after it” approach, as Madhavapeddy puts it), the idea of the Databox is that, once the person has set up their portal, they own and control everything. The creators have no access, and no claim over the data itself.
If successful, the system would take the pressure off third parties to collect and safely store the information they need, and would give far greater control to internet users, who often have no idea where their information goes after entry, and whether it could find its ways into the hands of unscrupulous marketers or even criminals.
In fact, says Madhavapedddy, the Databox includes a self-tracking function that allows people to view themselves as Google or other internet giants see them.
This, he explains, gives them a clearer idea of what kind of data has already been harvested by the internet’s “nefarious mechanisms” and take steps to adapt or protect themselves better if necessary.
“We’re never going to get rid of tracking entirely,” says Madhavapeddy. “But at the moment we’re in this weird place where Google knows more about me than I do!”
It’s not just that data-driven internet companies and government institutions have the ability to keep tabs on internet users’ activities and potentially invade their privacy. They also have the power to use their findings based on our data, given away cheaply, for hugely profitable commercial ends. This imbalance has to shift, say the Databox team.
“We are in the middle of a ‘personal data gold rush’ driven by the dominance of advertising as the primary source of revenue for most online companies,” wrote the researchers in a paper published last week.
“Internet services, advertisers, and even governments are all casting a wide net to accumulate personal data about individuals. This accumulation is generally occurring with minimal consideration of us, the individuals at the heart of this process.”
Part of the problem, they say, is that free tools and services on the internet typically come with an invisible price tag – data. The tacit attitude is that, if you’re not paying for a product, you are the product, giving marketers and other organisations a free pass to use customer information in ways that can make them deeply uncomfortable. In the long run, knowing that your behaviours and purchases are being continually tracked for someone else’s benefit could turn many people off digital and mobile payment methods altogether.
To prevent this “asymmetric power relationship”, says the team, “there is a need for a technical platform enabling people to engage with the collection, management and consumption of personal data; and that this platform should itself be personal, under the direct control of the individual whose data it holds.” Namely, the Databox.
Or, as Madhavapeddy says, since the always-on lifestyle is here to stay, we need systems that allow us to “retain control and stay social.”
In the long run, this isn’t just good news for internet users, it’s also good news for industries that rely on digitally shared and stored data in order to function, and to innovate. Improved trust and security are likely to lead to more enthusiastic adoption of new, streamlined, internet-based financial and payment technologies that can create huge cost savings for institutions.
But, while the benefits to customers and finance entrepreneurs are clear, such a move is unlikely to be encouraged by internet advertising and data collection agencies. Although tracking is here to stay and collecting data for marketing and advertising is inevitable, systems like this one transform the process from a free-for-all into a more equal negotiation. If systems such as the Databox are to become a reality, the push will have to come from consumers. If we want to keep our data safe, we’ll have to take back the keys to the goldmine.
