FIXING DATA PRIVACY

OPEN SOURCE PRIVACY SERVERS
https://inrupt.com/innovation-trust-data
https://zdnet.com/tim-berners-lee-solid-privacy-server-secure-your-data
Tim Berners-Lee new Solid privacy server can help secure your data
by Liam Tung  /  November 10, 2020

“If you’re not happy with tech giants owning and controlling your data and online habits, Sir Tim Berners-Lee‘s startup, Inrupt, could provide the answer. Berners-Lee, who’s credited with creating the web while working at CERN, has announced the first enterprise-ready version of Inrupt’s Enterprise Solid Server, an open-source program that aims to embody the World Wide Web Consortium’s (WC3) Ethical Web Principles.

Inrupt wants to steer the web in a new direction, away from its control by a few tech and social-media giants. The company proposes to do this via ‘pods’ – comparable to a personal USB stick for the web – which aren’t locked in to a single platform and give users the controls to access and use their data. Inrupt was launched by Berners-Lee and fellow co-founder and CEO John Bruce to back the Solid open-source project, which provides users with the controls to give them a choice about where their data is stored and how apps access that data.

The project’s goals are lofty but so was the web when Berners-Lee sketched out his ideas for it in 1989. “The web should empower an equitable, informed and interconnected society. It has been, and should continue to be, designed to enable communication and knowledge-sharing for everyone. In the 30 years since development of the web began, it has become clear that the web platform can often be used in ways that subvert that mission,” the Ethical Web Principles state. Bruce co-founded Resilient Systems, an incident-response platform that IBM acquired in 2016. Resilient integrated with IBM’s security information and event management (SIEM) system, QRadar. Inrupt has also attracted fellow Resilient co-founder, Bruce Schneier, a well-known encryption expert who is now Inrupt’s chief of security architecture.

Solid has a few high-profile early adopters, including the BBC, NatWest Bank, and the UK’s National Health Service (NHS) that help explain how Solid pods can be used to solve real problems, improve privacy for individuals and help with business transformation using the web in a different way. In the case of NHS, the problem Solid can solve is how to manage personal data stores. Currently, patients can’t easily access their complete personal health record and can’t control who has access to that data. Nor can they share their data with people who matter and have no way of adding data to that store from, say a smart watch. According to Berners-Lee, big tech and the way it’s used private data have not only led to problems for end users via massive data breaches but have also spurred legislators to create burdensome privacy regulations, such as Europe’s General Data Protection Regulation and the California Privacy Act.

“The web was always meant to be a platform for creativity, collaboration, and free invention – but that’s not what we are seeing today,” said Berners-Lee. He argues that business transformation is being hampered because the various parts of an individual’s life are being managed by different silos. “But the users and teams can’t get the insight from connecting that data. Meanwhile, that data is exploited by the silo in question, leading to increasing, very reasonable, public skepticism about how personal data is being misused. That in turn has led to increasingly complex data regulations,” he said. Regulations across the world that attempt to emulate GDPR could help Inrupt move from a fringe project to a more mainstream success.”

ENTERPRISE READY
https://theregister.com/2020/02/24/solid_nrupt_plans/
https://cnet.com/news/tim-berners-lee-startup-launches-privacy-focused-service-to-secure-your-data/
Inrupt wants you to control who can see your data
by Stephen Shankland / Nov. 9, 2020

“If you want to wrestle control of your personal data from companies, governments, hospitals and other organizations, a startup called Inrupt could be an ally. The company’s idea: store your personal information separately and share only what’s necessary with services only when you’re accessing them. Inrupt calls these data collections “pods,” and they can be accessed using the company’s open-source data storage technology called Solid. You could store fitness data, for example, then share it when your doctor’s Solid app requested access. Or you could store your photos in a pod, pay one Solid app provider to pick your best shots, then pay another to print them.

A big name behind Inrupt is Tim Berners-Lee, who invented the world wide web. Berners-Lee, who serves as chief technology officer, co-founded the company with Chief Executive John Bruce. Inrupt has been testing its service with the BBC, NatWest Bank and the National Health Service in the UK, and with the Flanders government in recent months. On Monday, the company made its Enterprise Solid Server, the infrastructure that supports the service, available to any interested customer. “The technologies we’re releasing today are a component of a much-needed course correction for the web,” Berners-Lee said in a statement. “Ultimately, this new foundation of trust and cooperation will lead to entirely new business models that actually benefit users as well.”

Widespread adoption of Inrupt — if it succeeds — could mark a turning point for the internet, prompting a move away from apps and services that harvest your data in order to serve personalized ads. The flip side is that many services that are now free to use, like web based email, could end up charging customers fees. Inrupt’s launch comes as privacy becomes a bigger concern in the tech industry, whose reputation has suffered with high-profile scandals like Facebook’s Cambridge Analytica affair. Legislation including Europe’s General Data Protection Regulation and the California Consumer Privacy Act could tilt the balance toward privacy — and Inrupt business success. Berners-Lee also is chairman of the World Wide Web Consortium standards group, but Inrupt CTO is his primary, full-time job, Bruce told CNET.

Challenges for Solid and Inrupt include attracting a critical mass of people, businesses and other organizations to embrace it; making it easy enough to use that its benefits outweigh the hassles; and ensuring it doesn’t become a new channel for abuse and hacks. To help address this last concern, Inrupt hired Bruce Schneier, a well-regarded computer security expert, as chief of security architecture. The Solid technology is based on web standards, so people can use it through a web browser. Inrupt investors include Glasswing VenturesHearst VenturesAkamai and Octopus Ventures.”

PERSONAL DATA OWNERSHIP
https://darkreading.com/data-privacy-gets-solid-upgrade-with-early-adopters
https://schneier.com/blog/archives/2020/02/inrupt_tim_bern
Inrupt, Tim Berners-Lee’s Solid, and Me
by Bruce Schneier / February 21, 2020

“For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety. And most recently, I have been writing and speaking about how technologists need to get involved with public policy. All of this is a long-winded way of saying that I have joined a company called Inrupt that is working to bring Tim Berners-Lee’s distributed data ownership model that is Solid into the mainstream. (I think of Inrupt basically as the Red Hat of Solid.) I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.

The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things — your computer, your phone, your IoT whatever — is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It’s yours. If you want your insurance company to have access to your fitness data, you grant it through your pod. If you want your friends to have access to your vacation photos, you grant it through your pod. If you want your thermostat to share data with your air conditioner, you give both of them access through your pod.

The ideal would be for this to be completely distributed. Everyone’s pod would be on a computer they own, running on their network. But that’s not how it’s likely to be in real life. Just as you can theoretically run your own email server but in reality you outsource it to Google or whoever, you are likely to outsource your pod to those same sets of companies. But maybe pods will come standard issue in home routers. Even if you do hand your pod over to some company, it’ll be like letting them host your domain name or manage your cell phone number. If you don’t like what they’re doing, you can always move your pod — just like you can take your cell phone number and move to a different carrier. This will give users a lot more power.

I believe this will fundamentally alter the balance of power in a world where everything is a computer, and everything is producing data about you. Either IoT companies are going to enter into individual data sharing agreements, or they’ll all use the same language and protocols. Solid has a very good chance of being that protocol. And security is critical to making all of this work. Just trying to grasp what sort of granular permissions are required, and how the authentication flows might work, is mind-altering. We’re stretching pretty much every Internet security protocol to its limits and beyond just setting this up.

Building a secure technical infrastructure is largely about policy, but there’s also a wave of technology that can shift things in one direction or the other. Solid is one of those technologies. It moves the Internet away from overly-centralized power of big corporations and governments and towards more rational distributions of power; greater liberty, better privacy, and more freedom for everyone. I’ve worked with Inrupt’s CEO, John Bruce, at both of my previous companies: Counterpane and Resilient. It’s a little weird working for a start-up that is not a security company. (While security is essential to making Solid work, the technology is fundamentally about the functionality.) It’s also a little surreal working on a project conceived and spearheaded by Tim Berners-Lee. But at this point, I feel that I should only work on things that matter to society. So here I am. Whatever happens next, it’s going to be a really fun ride.”