Meeting with an advisor last week, I was challenged to identify the key facets of my dissertation, and why I believe them to be relevant. My overarching interest is the governance of data, with a particular focus on decentralized governance of data generated by the Internet of Things — connected sensors. I believe that the emergence of this network of connected devices, along with the real-time information they capture about the world and the state of the networks we have set up within it (both physical and informational networks), offer an unprecedented opportunity to both find efficiency (commercial incentive) and identify actors behaving maliciously, or simply unaware of the negative social and environmental impacts of their actions (moral incentive). However, data → information → knowledge → informed action is a long and difficult chain to link together. I am interested in how we might link it to realize these gains lying latent.
Of course, this is an enormous challenge, and extends beyond the scope of what is possible in a single masters dissertation. My advisor’s suggestion was to identify key steps to understanding such a system, and choose the highest impact (or most interesting) one to focus on for these next few months. The first one is technical: what is possible, and how? At the moment I’ve been diving down the rabbit hold of understanding the decentralized public key infrastructure, a concept put forward by Allen et al in 2015 addressed many of the problems inherent in the centralized trust systems the internet relies on today (certificate authorities, DNS registrars etc.). This is challenging some of my assumptions about the nature of authority, and how we can trust others in an environment where we might not know who they are, and where there are so many that it is infeasible to know them all. It seems as though a sort of Copernican revolution is imminent, in which we realize the ground we are standing on re: trusted authority may not be the absolute ground, but simply a local one … I’m also digging into Elinor Olstrom’s work on governing common resource pools (as well as Allen’s extensions of these ideas), and trying to understand how the informational commons differs from the physical one. For example, use of a physical resource diminishes the availability of that resource to another; in the informational space, this is not necessarily true. This is becoming my core interest: governing the informational commons in the context of decentralization.
Coming back to the technical mechanism, questions that need answering include: Is a secure decentralized data management system possible? How can devices share data in the context of decentralization? Can privacy be respected (device identity / ownership) if the public key infrastructure is implemented on a public blockchain? Can the system ensure the security of the information handled—i.e. end-to-end encryption? How will data producers and requestors authenticate themselves? Can all of this work in the IoT context, which is to say, on devices that are resource-constrained? How might the system scale?
I have not yet filled in the details here, but my approach will be to explore how access control to connected sensor data can be managed. Each of the aspects here address one or more of the requirements or challenges implicit in an informational governance system lacking a centralized authority.
Self-sovereign identities, including machine autonomy — i.e. private keys unique and private to the edge device. This relies on trusted hardware technology, which enables devices to sign transactions — vote / submit data to DAOs, and hold funds etc, and decrypt data only accessible to it.
Proxy re-encryption technology, to enable secure data distribution to many requesetors given resource limitations of edge devices (i.e. one that cannot re-encrypt data for each validated requestor). Possibly homomorphic cryptography for highly sensitive data.
Adherence to standardized data protocols, enabling interoperability of data captured by devices manufactured and managed by different firms / entities. This is crucial to unlocking the value of the data being captured, but questions remain around incentivizing participants to adhere to such a protocol, and to share their data.
Compliance with existing legal structures and regimes. Ricardian contracts (smart / legal contract pairs) offer the chance to create durable bindings between the legal and software systems, though the complexity of governing physical-informational entities, especially transnational ones like ships or shipping containers, is absolutely enormous. Legions of lawyers with technical competency to understand the computing concepts requisite to understanding the nuance of blockchain / distributed ledgers will be required to design compliant systems. And I’m realizing more and more the simultaneous difficulty and importance of crafting new international policy that optimizes between innovation and safety as we construct these informational infrastructures, AND that can adapt as technology inevitably evolves : adaptive governance (as discussed by Dietz, Olstrom and Stern, 2003).
Other questions remain, especially around incentivizing data creators to participate in such a network, understanding conditions for access and that each entity requesting access will be subject to different conditions, delegating access rights, scalability, and so on. The effort is worthwhile, though, if it might help us coordinate in building situational awareness, thereby enabling us to act as better stewards of the planet.
