Start your day with intelligence. Get The OODA Daily Pulse.

Home > Analysis > Signals from Mainstream Information Outlets on Digital Self-Sovereignty, Digital Rights and Digital Identity

We continue our research on  Digital Self-Sovereignty, Digital Rights, and Digital Identity, which is an area of research concerned with the security of personal data, transactional or otherwise, and the individual’s right to ownership of their personal data.

In the last few months, a signal-to-noise ratio has emerged on this topic, where previously there was none (short of a few thought leaders and think tanks dedicated to the topic).  What are some of the faulty assumptions, interesting insights, and irrational exuberance which have taken hold in the “framing and naming” of this nascent topic?

Or, as OODA CEO Matt Devost frames our research on the topic:  “It is an early exploration of how property rights and ownership will work in digital economies and the metaverse with a layer of irrational enthusiasm, speculative gambling, and desire to be part of a community applied on top in the current iteration.  There is something real here that has yet to be fully realized and a lot of abstraction distraction today.”

Let’s sort out the hype, the good ideas, and the just plain ridiculous as a function of our research on the topic.

The Sick, Refreshing Honesty of Web3

By Ian Bogost at the Atlantic

Tagline: The Internet Is Just Investment Banking Now:  The internet has always financialized our lives. Web3 just makes that explicit.

Forget the hype around all things crypto. Set aside, for a moment, whether it makes sense to spend a fortune on an ape picture. Those matters are distractions. Let’s call things what they are: NFTs (Non-fungible Tokens represent a first step in the securitization of digital assets. They turn digital data into speculative financial instruments. That shift has enormous implications because computers are in everything, and that makes anything a digital asset—your bank records, your Fitbit data, rings of your smart doorbell, sentiment analysis of your work email, you name it.

First, the internet made it easy for people to conduct their lives online.   Then it made it possible to monetize the attention generated by that online life. Now the digital exhaust of all that life online is poised to become an asset class for speculative investment, like stocks and commodities, and mortgages.

NFTs might burn out, the crypto-collectible equivalent of Beanie Babies. But the more likely scenario is weirder and scarier: a securities market for digital data. Financiers, who previously turned everything, whether loans or hurricanes or payroll data, into bets, will likely go to town on all this fodder. But ordinary people may also become fledgling financiers of their—or others’—computer records. It is, in a way, the most honest turn of the internet epoch. From the start, online businesses have presented themselves as making culture, even as they really aimed to build financial value.  Now, at last, the wealth seeking is printed on the tin.

Today, some technologists have included NFTs in their vision for a third age of the internet: Web3. It’s a hopeful moniker, a name-it-and-claim-it theology for the brave new world of crypto-driven applications—the securitized internet.

Let’s revisit Web1 and Web2 from a similar financial perspective. The first online age was that of marketization. The web got its start as a noncommercial, distributed publishing system that researchers, nerds, and hobbyists could use to communicate with one another. Then, in the mid-1990s, companies learned to move their businesses, and the brick-and-mortar world of retail, online. They built a marketplace that would sell the same products and services in a new way, or else they speculated on the potential to do so. We got Amazon and eBay and Craigslist—and also Pets.com and HomeGrocer and the dot-com crash. But these Web 2.0 companies, as they became known, generally gave away their services for free. So how could they make money?

By amassing data on the real and inferred behaviors of millions, then billions, of users, Web2 companies developed a foundation for selling ads, or charging modest fees, against people’s attention and engagement. Now the web was ‘monetized.’ And the act of monetizing, once an esoteric aim of straight-laced bankers, became an everyday activity—and a natural goal for regular “creators” like, well, you and me.

…Web3, the nascent third age of the internet, represents a turn away from Web2’s goody-goody idealism and back toward Wall Street’s brazen greed. Sure, some hints of the old content-expression-oriented web have stuck around; some NFT creators have found a way to make some good money from their art, even if the gold rush might not last. But overall, the tech founders who are building crypto platforms and tools, like the users who are buying and trading blockchain assets, are trying to produce wealth via rapidly appreciating speculative value.

The Era of Borderless Data Is Ending

David McCabe and 

Tagline:  Nations are accelerating efforts to control data produced within their perimeters, disrupting the flow of what has become a kind of digital currency.

Every time we send an email, tap an Instagram ad or swipe our credit cards, we create a piece of digital data.

The information pings around the world at the speed of a click, becoming a kind of borderless currency that underpins the digital economy. Largely unregulated, the flow of bits and bytes helped fuel the rise of transnational megacompanies like Google and Amazon and reshaped global communications, commerce, entertainment, and media.

Now the era of open borders for data is ending.

France, Austria, South Africa, and more than 50 other countries are accelerating efforts to control the digital information produced by their citizens, government agencies and corporations. Driven by security and privacy concerns, as well as economic interests and authoritarian and nationalistic urges, governments are increasingly setting rules and standards about how data can and cannot move around the globe. The goal is to gain “digital sovereignty.”

Consider that:

  • In Washington, the Biden administration is circulating an early draft of an executive order meant to stop rivals like China from gaining access to American data.

  • In the European Union, judges and policymakers are pushing efforts to guard information generated within the 27-nation bloc, including tougher online privacy requirements and rules for artificial intelligence.

  • In India, lawmakers are moving to pass a law that would limit what data could leave the nation of almost 1.4 billion people.

  • The number of laws, regulations, and government policies that require digital information to be stored in a specific country more than doubled to 144 from 2017 to 2021, according to the Information Technology and Innovation Foundation.

While countries like China have long cordoned off their digital ecosystems, the imposition of more national rules on information flows is a fundamental shift in the democratic world and alters how the internet has operated since it became widely commercialized in the 1990s.

The repercussions for business operations, privacy, and how law enforcement and intelligence agencies investigate crimes and run surveillance programs are far-reaching. Microsoft, Amazon, and Google are offering new services to let companies store records and information within a certain territory. And the movement of data has become part of geopolitical negotiations, including a new pact for sharing information across the Atlantic that was agreed to in principle in March.

The repercussions for business operations, privacy, and how law enforcement and intelligence agencies investigate crimes and run surveillance programs are far-reaching. Microsoft, Amazon, and Google are offering new services to let companies store records and information within a certain territory. And the movement of data has become part of geopolitical negotiations, including a new pact for sharing information across the Atlantic that was agreed to in principle in March.

That’s a shift from today. Most files were initially stored locally on personal computers and company mainframes. But as internet speeds increased and telecommunications infrastructure advanced over the past two decades, cloud computing services allowed someone in Germany to store photos on a Google server in California, or a business in Italy to run a website off Amazon Web Services operated from Seattle.

In Kenya, draft rules require that information from payments systems and health services be primarily stored inside the country, according to the Information Technology and Innovation Foundation. Kazakhstan has said personal data must be kept on a server within its borders.

In the European Union, the personal data of Europeans must meet the requirements of an online privacy law, the General Data Protection Regulation, which took effect in 2018. Another draft law, the Data Act, would apply new limits on what corporate information could be made available to intelligence services and other authorities outside the bloc, even with a court order.

In a joint statement in December, Gina Raimondo, the U.S. secretary of commerce, and Nadine Dorries, Britain’s top digital minister, said they hoped to counteract “the negative trends that risk closing off international data flows.” The Commerce Department also announced last month that it was joining with several Asian nations and Canada to keep digital information flowing between countries.

As new rules have been introduced, the tech industry has raised alarms. Groups representing Amazon, Apple, Google, Microsoft, and Meta argued the online economy was fueled by the free flow of data. If tech companies were required to store it all locally, they could not offer the same products and services around the world, they said.

Last year, the French government scrapped a deal with Microsoft to handle health-related data after the authorities were criticized for awarding the contract to an American firm. Officials pledged to work with local firms instead.

Companies have adjusted. Microsoft said it was taking steps so customers could more easily keep data within certain geographical areas. Amazon Web Services, the largest cloud computing service, said it let customers control where in Europe data was stored.

In France, Spain, and Germany, Google Cloud has signed deals in the last year with local tech and telecom providers so customers can guarantee that a local company oversees their data while they use Google’s products.

“We want to meet them where they are,” said Ksenia Duxfield-Karyakina, who leads Google Cloud’s public policy operations in Europe.

Liam Maxwell, director of government transformation at Amazon Web Services, said in a statement that the company would adapt to European regulations but that customers should be able to buy cloud computing services based on their needs, “not limited by where the technology provider is headquartered.”

“We had a time where data was not regulated at all and people did whatever they wanted,” Mr. Schrems said. “Now gradually we see that everyone tries to regulate it but regulate it differently. That’s a global issue.”

Dozens of Brokers Are Selling Pregnancy Data Post-Roe

By Shoshana Wodinsky and Kyle Barr for Gizmodo

Tagline:  Gizmodo identified 32 brokers selling data on 2.9 billion profiles of U.S. residents pegged as “actively pregnant” or “shopping for maternity products.”

A Gizmodo investigation into some of the nation’s biggest data brokers found more than two dozen promoting access to datasets containing digital information on millions of pregnant and potentially pregnant people across the country. At least one of those companies also offered a large catalogue of people who were using the same sorts of birth control that’s being targeted by more restrictive states right now.

In total, Gizmodo identified 32 different brokers across the U.S. selling access to the unique mobile IDs from some 2.9 billion profiles of people pegged as “actively pregnant” or “shopping for maternity products.” Also on the market: data on 478 million customer profiles labeled “interested in pregnancy” or “intending to become pregnant.” You can see the full list of companies for yourself here.

In all cases, these datasets were sold on what’s known as a “CPM” or “cost per mille” basis—which essentially means that whoever buys them only pays for the number of end-users that are reached with a given ad. Depending on who was offering up a dataset, the price per user ranged from 49 cents per user reached to a whopping $2.25.

The datasets offer information on some 3.4 billion people in total, though how many unique individuals those data cover is unclear, as the datasets obviously overlap. Multiple brokers are likely hawking the same information, as half the world does not live in the United States, and half the world is not pregnant. Their sources do differ, however. Some brokers were gleaning this information directly from pregnant people who had agreed to have their data shared through these channels when they signed up for coupon sites or downloaded a given app. In other cases, these companies were doing exactly what Target had done all those years before: instead of collecting data from end-users that were explicitly saying they were pregnant, the brokers instead modeled a core base of potentially pregnant users with internal data analysis.

Gizmodo was able to find each of these datasets up for sale through Liveramp, a company that, in part, functions as a clearinghouse and distribution hub for countless data brokers’ wares. Liveramp did not put any restrictions on buying two-thirds of the databases Gizmodo found. As for the minority that did come with purchasing conditions—one dataset containing a collective 2,030,000 iOS and Android users who were “interested in pregnancy,” for example, required authorization from Liveramp before purchasing. The same went for another dataset of 5,400,000 iOS users that were labeled “expectant” mothers, and another dataset of 17,000,000 iOS users that one broker had labeled as “likely to have a baby in the next year.”

Ultimately though, these minor hurdles can be bypassed by just cutting Liveramp out of the equation entirely and going directly to the smaller broker selling that data instead. This approach is “a zillion times easier,” said a product manager working for one popular data broker, who spoke on the condition of anonymity.

Pregnancy data is poised to be a huge boon for law enforcement in the post-Roe era. If you’re a cop, the product manager said, it’s as easy as “filling out [a broker’s] ‘contact us’ form and ask how much it costs. Maybe they say ‘ACAB, pound sand!’ But more likely, they’ll say ‘Put another zero after it, and see if we say yes.’”

“This is purely speculative, but there’s clearly precedent in this industry for selling to law enforcement,” he went on. “And if you don’t do it, someone else probably will.”

Gravy Analytics was also a name that showed up in Gizmodo’s search for companies brokering maternity data. The company boasted access to about four million iOS and Android devices from people that had recently shopped for maternity clothing, based on “100% deterministic location data, collected via [software development kits] embedded in mobile applications.” Meanwhile, Gizmodo also found another location data broker, Cuebiq, offering access to the devices of 11 million Android owners that recently visited maternity “destinations.”

In an email statement, Cuebiq claimed that the maternity destination tag was for stores selling kid’s apparel or toys. The company further said the data set doesn’t include “sensitive data” related to healthcare, and they have a policy to not have a commercial relationship with federal or local law enforcement, or “anti-abortion activists.”

“After the overturn of Roe v. Wade last month, we also formalized a policy to legally challenge any warrant or subpoena related to reproductive healthcare cases in states that outlawed abortion,” the company said.

A spokesperson for Gravy Analytics said their data is based on foot traffic in maternity stores, further claiming they don’t share data with law enforcement while also pointing to a recent blog post from their chief privacy officer about their company’s efforts to “protect” user health data post-Roe.

In both cases, it’s almost impossible to know which apps each company is sourcing this location data from. Instead of maintaining a direct relationship with people’s apps, most of these outfits source their data from other brokers, which source their data from other brokers, which source their data from… You get the idea.

Some companies have claimed that this data included in the data sets is from aggregated sources without including any personal identifiable information, or “PII” in industry-speak. Still, it’s relatively trivial for anybody with the right know-how to tie that information back to individual online users.

It’s also worth remembering that the 32 brokers that Gizmodo’s investigation turned up are unlikely to be the last players trafficking in data related to people’s pregnancies or birth control options. After all, all available estimates show that the market for pregnancy care products is only going to keep spiking—and the same can be said about the market for contraceptives. When any of those products need to be marketed, there’s going to be a lot of money involved for whoever coughs up data on that target market.

“Data brokers talk a good game about ‘consumer interest’ and ‘legitimate business reasons,’ Sherman said. “But at the end of the day, they’re transacting in highly sensitive information about people who usually don’t even know they’re being surveilled. And it’s all so they can make a profit.”

Tech Companies Are Relinquishing Some Control of Online Ads to Users

By Katie Deighton at the Wall Street Journal

Tagline:  Letting users request to see fewer ads from categories such as alcohol and gambling also helps marketers waste fewer ad dollars, marketing executives say.

Consumers have a new ask: They want more control over the type of advertisements they are shown online. More technology companies are preparing to give it to them.

ByteDance Ltd.’s TikTok and the company behind YourAdChoices—the clickable icon that gives users information about why they are being shown certain ads—are planning to follow Meta Platforms Inc., Alphabet Inc.’s Google and others in introducing settings that let users opt out of ads from certain categories.

The moves attempt to address a power disparity between marketing companies and consumers online. Marketers, major digital platforms and advertising technology companies have for years had the ability to precisely target individuals based on their algorithmically-assumed interests—but consumers, for the most part, haven’t been given the tools to ask them to stop.

That has frustrated web users, especially those who have personal reasons for not wanting to see certain ads, such as people who experienced a miscarriage and don’t want to see campaigns for baby clothes, people recovering from eating disorders who don’t want to see pitches for diets, and teetotalers who don’t want to see alcohol ads.

“Why have billions of dollars’ worth of infrastructure in place for targeted advertising, if you can’t do something as simple as say, ‘Please don’t target me with this?’” said Ethan Zuckerman, an associate professor of public policy at the University of Massachusetts Amherst.

Prof. Zuckerman has been avoiding bourbon and all reminders of it since he quit drinking in 2017. He grew frustrated when ads for the liquor last year started popping up in the “trending topics” section of his Twitter feed and he couldn’t turn them off—despite the internet’s ability to target advertising more precisely than any medium before it.

To address that paradox, some platforms are preparing to hand users more control.

TikTok in June began letting users filter their feeds to keep out videos tagged with specific words and hashtags, and the company over the next few months plans to test expanding this filter to ads as well. It hopes the change will help ensure that advertisers’ content is served to an audience that will be comfortable with and interested in their pitches, a TikTok spokeswoman said.

Letting consumers indicate their interests and sensitivities also benefits platforms and publishers: They can tell advertisers they are at lesser risk of wasting money going after the wrong kind of consumer, said Ana Milicevic, principal and co-founder at Sparrow Advisers, a management consulting firm specializing in ad-tech.

“It’s in their interest to show that they’re working to improve the ecosystem,” she said. “I don’t think this is a consumer feature, I think it’s aimed at advertisers.”

But not all platforms are providing consumer ad controls yet.

Spotify, for example, doesn’t offer a toggle for customers to opt-out of certain marketing categories on its ad-supported product. A spokeswoman for the company said it gives users the ability to report ads, “but in the future, that could also include giving users greater control over the specific ads they see and hear across the app.”

For Prof. Zuckerman, the public policy professor, the one platform he wishes would give him controls to switch off alcohol advertising is Twitter. He uses an ad blocker on his browser so he doesn’t see many ads in general around the internet, but ads placed in Twitter’s “promoted trend spotlight” appear immune to its powers, he said.

“Not only am I never going to buy the product, but [alcohol advertisers are] actually causing me a certain amount of harm,” he said. “This is just an utter failure of the value proposition of internet advertising.”

A spokeswoman for Twitter said the company isn’t working on a way to let users opt out of certain advertiser categories.

What Next?

The launching point in our research is the development of platforms that put the individual’s ownership of data, and personal digital sovereignty at the center of the design process moving forward, not commodified highly personal datasets, speculative investment institutions, or the digital sovereignty of the nation-state.

This “literature review” of these recent articles, as a social scientist researcher would call it, is discouraging in that the journalists (in a very unselfconscious way) framed their coverage of ‘digital sovereignty’ relative to the creation of institutional value or at the policy level between governments.  They had no instinct to balance their coverage with an analysis of the “origin story” of the phrase digital sovereignty in particular, which has been used to mean personal digital sovereignty, digital rights, and digital identity.  This co-opting of the term muddies the waters of the debate moving forward.

Our fundamental strategic insight is that “personal data ownership” will be the crucial design element of a future systems architecture (supported by an investment ecosystem for innovation) which would move towards solving issues like misinformation through realigning bad incentive systems designed into current social media platforms and the potential for cryptocurrency regulation (that starts with the individual ownership and the individual’s relationship to their financial ‘dataset’), amongst other future use cases.

Yes, this includes the broad promise of web3, but you will see in our approach to the research that we are specifically, technically concerned with the design of value creation mechanisms for personal data  – and the role of blockchain, digital autonomous corporations, and smart contracts to enable this innovation in and transition to a world of digital self-sovereignty, digital rights, and digital identity – again, all premised on the individual’s rights to ownership of their personal data. Only then can the institutional and nation-state “stack” of the architecture be built properly.

This research topic will be discussed (when we gather as the OODA Community in October at OODAcon 2022 – The Future of Exponential Innovation & Disruption) in the context of the panel  Disruptive Futures: Digital Self Sovereignty, Blockchain, and AI, which is a Fireside chat with Futurist and Author Karl Schroeder:  

The panel description:  “You are big data. Every day the technology you own, use, and otherwise interact with (often unintentionally) collects rich data about every element of your daily life. This session provides a quick overview of how this data is collected, stored, and mined but then shifts direction to look at what technologies might empower users to better collect, access, and authorize the use of their own data through blockchain, digital autonomous corporations, and smart contracts.”

Further Resources

The OODA Loop 2022 Research Primer on Digital Self-Sovereignty, Digital Rights and Digital Identity:  A chronological primer on the evolution of the digital sovereignty idea and framing of the concept from early OODAcast conversations, the OODA Almanac 2022, and external research resources which have assisted us in further forming a working hypothesis for our research.

OODAcon 2022

To register for OODAcon, go to: OODAcon 2022 – The Future of Exponential Innovation & Disruption

Stay Informed

It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Strategies, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, and Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.

Tagged: Blockchain
Daniel Pereira

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.