Controlling our data

Doc Searls has always wanted to turn the so-called attention economy inside out. In response to this year's attention-themed ETech conference, he has neatly reframed the discussion. If attention is just another word for captured eyeballs, Doc says, then let's talk instead about the intentions of the people we also variously describe as consumers, buyers, and end-users.

In a pair of back-to-back sessions at ETech on Wednesday, and in related hallway conversations, I heard some encouraging news. Disclosure: everyone mentioned here is a friend. That includes Doc Searls, Robert "R0ml" Lefkowitz, chief architect with Root Markets, and Dick Hardt and John Merrells, who are CEO and CTO of Sxip Identity. Partly for that reason, and partly because the commercial implications aren't fully evident to me anyway, I'll focus here only on how the empowerment of individuals figures into the plans of each of these companies.

In the lingo of vendor sports, Root Markets is what the VCs are probably calling a pure attention play. Root's founder, Seth Goldstein, is also the force behind the Attention Trust, a non-profit that espouses the principle of data ownership -- specifically the attention data that's carried in our web clickstreams.

Root's idea is to scan your clickstream, harvest purchase history from it, and store it securely in its online vault. The first concrete benefit to you, Root says, will be your ability to visualize and better understand your own purchase patterns. Whether that's useful enough to justify entrusting your financial records to Root's vault is an open question, but let's set that aside for the moment.

A second benefit will be your ability to allow Root to correlate your data with that of a circle of trusted friends and associates. Here the benefit is more compelling. By sharing information about prices, members of the group could become better-informed buyers. The tradeoff, in this case, is the administrative effort required to set access controls on a per-friend, or even per-purchase, basis.

In either case there's another important, if more abstract, benefit: granular control of the data about you that Walmart et al. are currently free to romp around in. In the scenario R0ml envisions, Root would have to ask all its customers for permission to release data to Walmart. If we posit 20 million customer and 19 million refusals, that still leaves Walmart with a sample of a million -- sufficient for its purposes.

To enable this scenario, R0ml wants to organize the database in an unusual way. Logically it would be a flock of databases, one per customer, each with its own access control regime. A query would be a set of parallel requests to that flock. Root could not romp willy-nilly through the whole data set even if it wanted to. It could only dispatch an army of agents to negotiate, one by one, with each customer's partition.

Commodity clustering is what makes this feasible, but there's a kind of translucency at work here that makes it especially interesting. We've yet to see a great example of a database organized in such a way. It's an architecture that I hope will pan out and prove more broadly useful.

Sxip, meanwhile, is refactoring its lightweight identity protocol in a way that should help its empowering aspects emerge. Four qualities have distinguished Sxip's technology from the start: a lightweight infrastructure, a simple and web-friendly user experience, an aggressively granular approach to selective disclosure of personal attributes, and an extensible schema.

In its original incarnation, everything had to chain up to Sxip's root server, a requirement that was hard for me to swallow. In the new version that requirement is abolished, Sxip says. As another consequence of the refactoring of the protocol, the reliance on public key cryptography is reduced. What's more, Sxip hopes to move its protocol onto an IETF standards track.

The details, as is true of all identity protocols, are complex and subtle. But the user experience is straightforward and intuitive. At any participating member site, you provide the domain name of your designated home site. From then on, interactions that require the release of personal attributes are brokered between the member site and the home site by your browser. Your attributes are scattered around the web, as are reusable claims made by services about you, but you manage everything centrally on your home site.

Controlling our data is an idea whose time has come. In different ways, Root and Sxip are exploring how to build businesses around that idea. Whatever the outcomes, we are bound to learn important lessons.

Former URL: