[caption id="attachment_621" align="alignright" width="171"] Image credit: Flickr[/caption]

In a recent article published on the Huffington Post titled “The Impending Crisis of Data: Do We Need a Constitution of Information?”, Asia Institute Director Emanuel Pastreich points out the growing need for an international agreement regarding how data is collected, stored, used, and verified. While I have disagreements with the specific implementation he describes, the general proposition that a “Constitution of Information” be created is a valuable one.

Such a Constitution would bind not only State actors, but all signing organizations who are entrusted with other people's data, including (but not limited to) server farms, retailers, telecommunications and internet companies, healthcare providers, insurance companies, and cloud service providers. A Constitution of Information could be the beginning of a global post-national society where power is distributed horizontally among the protectors of data and the people who put their trust in those organizations.

What could perhaps be considered the first such Constitution of Information was made public in May 2011 at the Open Identity Exchange, and later won the Privacy Award at the 2011 European Identity Conference. Called the “Respect Trust Framework,” this document lays out five principles which govern how personal data will be handled by Respect Network Members who have agreed to the terms of the Framework:

Promise - Every Member promises to respect the right of every other Member to control the identity and personal data they share within the network and the communications they receive within the network.

Permission - As part of this promise, every Member agrees that all sharing of identity and personal data and sending of communications will be by permission, and to be honest and direct about the purpose(s) for which permission is sought.

Protection - As part of this promise, every Member agrees to provide reasonable protection for the privacy and security of identity and personal data shared with that Member.

Portability - As part of this promise, every Member agrees to ensure the portability of the identity and personal data shared with that Member.

Proof - As part of this promise, every Member agrees to share the reputation metadata necessary for the health of the network, including feedback about compliance with this trust framework, and to not engage in any practices intended to game or subvert the reputation system.

The full document is 35 pages long and describes exactly how Members will adhere to each of the five principles, and also describes how disputes will be resolved if a Member believes the Respect Trust Framework has been violated. From the Respect Trust Framework description:

“The Respect Trust Framework is designed to be self-reinforcing through use of a peer-to-peer reputation system called the Respect Reputation System, defined in the document. The Respect Reputation System includes both positive reputation, called Vouching, and negative reputation, called Complaints.”

Additionally, the Respect Trust Framework includes the option to amend the Framework given a 2/3 supermajority vote by “Trust Anchors,” individuals who have the highest level of social verification of their identity on the Connect.me reputation network.

The Respect Trust Framework will be serving as the foundation of the peer-to-peer personal cloud network that will be developing over the next few years. As more people trust personal cloud service providers with ever more sensitive data, it will be critical that this data be safeguarded in a manner similar to ways described in the Respect Trust Framework. The data Protection and Portability principles are extremely important as safeguards against abuse. Protection using strong encryption and authentication techniques which are easy to use but difficult to crack will prevent hackers from snooping on people's data for the purposes of identity fraud or surveillance in advance of a direct attack, while portability will allow for a personal cloud customer to move their data if they suspect abuse or simply prefer another cloud hosting option to their current choice.

The opt-in nature of the framework ensures that no one feels trapped, and will allow for further experimentation should some people find the Respect Trust Framework lacking, but don't feel like fighting an uphill battle to get the framework amended to fit their preferences. As other trust frameworks or Information Constitutions emerge, best practices and standards will emerge and be adopted by competing organizations, which could lead to federation so that communities which fall under different trust frameworks can interoperate and know that they have common vouching and dispute mechanisms. Eventually, these trust frameworks will allow for a truly global society to emerge. The diffusion of culture and commerce will not be limited to the confines of the walled gardens that exist in today's social networks and online retailers, but instead will be possible for the first time on a truly peer-to-peer basis, which will lead to the breaking down of barriers and privilege which have existed in one way or another for millennia.

A new information age is dawning, with the hard lessons of privacy in the cloud being learned as the internet matures and adapts to the social standards we're setting for how we share our data. Proposals for how companies and governments handle personal data will continue to be developed by concerned parties, and the collective efforts will likely result in more frameworks like the Respect Trust Framework, or perhaps a Constitution of Information more similar to what Mr. Pastreich described.

Ultimately, it is the market that will decide which approach is best as individuals accept or reject the promises to protect their data. Some will give that trust willingly, while others will choose to keep their personal data to themselves at all cost, either by self-hosting the data or keeping it offline completely. Freedom of choice is the foundational principle which will ensure individual autonomy as the global personal cloud trust network emerges and grows to include the billions of internet users around the world. All of these people need to be assured that the data they entrust to 3rd parties will be safe, and trust frameworks are a great first step towards earning that trust.

Want to learn more about Personal Clouds? John Light joined Adam B. Levine last month to discuss identity and privacy in a networked world

[soundcloud id='99818344']

Views: 1,277