Data Privacy Gets Solid Upgrade With Early AdoptersData Privacy Gets Solid Upgrade With Early Adopters
The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Lee, which gives users more control of their data.
November 9, 2020
Solid, a technology aimed at redesigning the way users' data on the Web is accessed and giving users more control of their privacy, passed another hurdle on Nov. 9 when four organizations announced pilot projects with startup infrastructure provider Inrupt.
Designed by Tim Berners-Lee — the inventor of the World Wide Web — and Massachusetts Institute of Technology, Solid is an open standard that gives users the ability to share their data with websites and companies while retaining control of who can access the information. Based on encryption and granular access controls, Solid allows users to grant or revoke access at any time to the information stored in its data structures, known as personal online data storage or pods.
On Monday, the United Kingdom's British Broadcasting Corporation (BBC), the National Health Service, and UK-based financial house NatWest, as well as the Belgium's regional government of Flanders, all announced pilot projects in conjunction with Inrupt, the company said. Berners-Lee and John Bruce, a veteran of the cybersecurity industry and CEO of the firm, founded Inrupt in 2018.
"Until now, we haven't had much to say to people, except watch this space," Bruce says. We now have "an enterprise-grade version of what the open source community has been working on."
The Solid project aims to turns the diaspora of data spread out among proprietary Internet services into a more reliable and reusable — but still distributed — semantic web of linked data controlled by users. An application that needs access to a user's address will be able to access their pod — given prior permission — at any time. For the user, the pod represents their authoritative source of data: If the user's address changes, for example, that person only has to change the data in one place.
For companies, Solid promises to reduce their risk of violating privacy regulations because of breaches that steal sensitive user data by minimizing the data that is in their custody and, thus, part of their responsibility. Companies get the most recent data, and with less worry about leaking the data, but only for as long as the user allows them access, says Bruce Schneier, noted encryption expert and chief security architect for Inrupt.
"The basic idea is that your data is in your pod, under your control," he says. "If you want to do something, for example, that mirrors the data from your fridge with the data from your Fitbit, both of those datasets are both under your control, not under the control of the refrigerator manufacturer and of Fitbit."
While giving up data may be a hard to sell to data-centric companies like Facebook — whom Schneier and others have called out for treating people like products and not customers — competitors to Facebook may embrace the technology to gain users, he says.
Berners-Lee has called out the current ecosystem of the Web for allowing deliberate malicious actions, creating perverse incentives that sacrifice its value to the user, and for giving rise to unintended consequences. To partly fix the problem, he worked with MIT to create a distributed data system that included user-controlled access policies. The Solid project took off in 2015, when a $1 million donation from Mastercard funded the research effort at MIT.
The specification for Solid is open, and a version of the project is hosted on GitHub. Solid uses "vocabularies" — definitions of data that can be standardized so that applications know how to access specific types of data relevant to the application. The developer website describes a number of vocabularies for talking about specific types of data, from social interactions to licenses, and from online meetings to events.
"One of the core ideas behind solid is to make data independent from applications, so that one can be in control of his/her own data and share it with the apps of his/her choice," according to the Solid developer site. "For this to be possible, the same piece of data must be understood consistently from one app to another."
The promise of the Solid specification can be seen in the pilots announced on Nov. 9. The UK National Health Service will use Solid pods as a user-accessible medical record that can be a central location doctors, in-home nurses, and caretakers to keep details about medical treatment. The BBC intends to create a content-recommendation engine that could allow third parties to access user data, with the user's permission; NatWest will create an app that allows users to cache important data, such as address or current employer, which will allow customers to create a single authoritative source of information about themselves that they control.
The government of Flanders, the northern part of Belgium, aims to go big with its adoption. The government will give every citizen a pod — or Citizen Profile — using Solid to use as a home for their personal data. The profile will be the authoritative source of up-to-date information on the user.
Inrupt is creating enterprise versions of the server and infrastructure needed for companies to create their own Solid applications.
"I tend to think of this as the Red Hat model," Inrupt's Schneier says. "There is a public standard, and we have a commercial implementation. There is a public server, and then there is the enterprise-grade server and infrastructure that we are creating."
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023