Start your day with intelligence. Get The OODA Daily Pulse.

Background

We are emerging from a tracking phase on a research topic of high priority here at OODA Loop:  Digital Self-Sovereignty, Digital Rights, and Digital Identity, which is an area of research concerned with the security of personal data, transactional or otherwise, and the individual’s right to ownership of their personal data.

Our fundamental strategic insight is that “personal data ownership” will be the crucial design element of a future systems architecture (supported by an investment ecosystem for innovation) which would move towards solving issues like misinformation through realigning bad incentive systems designed into current social media platforms and the potential for cryptocurrency regulation (that starts with the individual ownership and the individual’s relationship to their financial ‘dataset’), amongst other future use cases.

Yes, this includes the broad promise of web3, but you will see in our approach to the research that we are specifically, technically concerned with the design of value creation mechanisms for personal data  – and the role of blockchain, digital autonomous corporations, and smart contracts to enable this innovation in and transition to a world of digital self-sovereignty, digital rights, and digital identity – again, all premised on the individual’s rights to ownership of their personal data.

For example, as a sampling of the ‘level’ of strategic insight we are trying to achieve through this research:  in a recent internal discussion, we found it interesting that the recent SCOTUS Dobb’s decision (while seemingly primarily about women’s reproductive rights) is also, at its core, a very broad personal privacy setback – 50 years of legal precedent on personal privacy, writ large, overturned overnight.  As a result, the SCOTUS decision and issues surrounding it may become the ‘key market driver” for innovation in the security of personal data, transactional or otherwise, and the individual’s right to ownership of their personal data.

Personal privacy has become the killer app, SCOTUS the accelerant of a market-driven exploration of solutions.  So, the stakes seem higher in the last few months, as highly private data may now be subjected to subpoena power.  What are the implications of this legal environment? And what further activity (entrepreneurial, technology development, social activism, etc.) are we seeing that maps to issues of personal privacy, personal data autonomy, and technological innovation?

A case study we will explore in a standalone post is the work of Ibis Reproductive Health and a “smartphone app that offers a new model of health information and tracking technology. The app’s production was spurred by formative research which showed that currently available apps do not meet the complete needs of their users.” (1) A formative analysis has revealed that these smartphone apps (which track the menstrual cycle, also known as “period apps”) “don’t have to abide by HIPAA, meaning your reproductive and sexual health data could be vulnerable.”

Based on the OODA communities core competency in cybersecurity, we are always looking for a “weaponization of everything” pattern in any research related to personal privacy and data.  Sure enough, as Wired Magazine recently reported, Fertility and Period Apps Can Be Weaponized in a Post-Roe World, “as these apps collect sensitive data that could be subpoenaed by law enforcement or sold by data brokers, putting women seeking abortions at risk.”  Again, we have applied the innovation economy term of “key market driver” to all of this formative activity spurred on by the SCOTUS Dobb’s decision –  and we think it is appropriate.

Following is a chronological primer on the evolution of the digital sovereignty idea and further framing of the concept from early OODAcast conversations, the OODA Almanac 2022 and external research resources which have assisted us in further forming a working hypothesis for our research. At the very least we will be surfacing our research as posts on the subject when appropriate.  We are also exploring the potential for another final deliverable content format on the topic.

And, of course, we will have an important in-person touchpoint on the topic as the OODA Community in October at OODAcon 2022 – The Future of Exponential Innovation & Disruption  – with a Fireside chat with Futurist and Author Karl Schroeder entitled Disruptive Futures: Digital Self Sovereignty, Blockchain, and AI.  The OODAcon Agenda describes the fireside chat in the following manner:

“You are big data. Every day the technology you own, use, and otherwise interact with (often unintentionally) collects rich data about every element of your daily life. This session provides a quick overview of how this data is collected, stored, and mined but then shifts direction to look at what technologies might empower users to better collect, access, and authorize the use of their own data through blockchain, digital autonomous corporations, and smart contracts.”

The Devost/Robb OODA conversations on Digital Sovereignty, Identity, and Trust

The minds between OODA CEO Matt Devost and John Robb in an October 2021 OODAcast conversation is the OODA Loop-internal “origins story” of our research on this topic.  Matt and John had clearly been formulating personal  “systems thinking” on the topic (which Matt first laid out for the OODA Loop membership in his March 2018 post The New Red Atlas is You, which built on his early thinking in a March 2013 post entitled “I am Big Data and so are you“).

It is fascinating to hear Matt and John validate each other’s conceptual thinking and evolve the framework together in this conversation, with a real market-driven, solutions-based perspective on the problem.  Robb is a former Air Force pilot who has worked successfully in a variety of domains, including the special operations community, as an industry analyst, successful start-up founder and national security expert.

Following are some core principles as discussed by Devost and Robb:

Devost: The FDA released a list of AI and machine learning-enabled medical devices. And it’s a lot longer than I thought it would be. The use of that data in medical technology is definitely accelerating. But we do seem to have lost track with regards to how we enable that data. Some of your thinking that I have been a huge proponent of is trying to find models for digital self-sovereignty, getting more control over how our data is tracked, and how that data is used. That seems like an incredibly difficult challenge, and we can’t even convince some of these platforms to give us time-based timelines. You know, they won’t let us just scroll sequentially based on when something was posted. They want to feed us what the algorithm wants us to see. So, do you think that we can develop any sort of model for digital self-sovereignty, that will help define how our data is collected and used and give us a little bit more control over it over the next 10 or 20 years?

Robb:  In terms of the sovereignty issue. I see it as kind of one of those fundamental switches, and if we can get it right, everything else gets better, faster – and we get wealthier and we get happier.  I’ve been likening it to feudalism, the feudal relationship we had in the 1500’s hundreds that were broken up by the printing press and through the reformation. Up until that time, everyone was pretty much a farmer, but you were farming land owned by Lord, by the aristocracy and only the aristocracy was allowed to own land. I see privacy within that context as, you know, the Lord could only beat you on Sundays, right? That kind of thing. It’s just a lessening of the damage. But it was only at the point where – and I think the U. S. colonization accelerated this – people had these individual plots of land, their own farms, free from any kind of external control or ownership and were allowed to have private property, we’re able to build wealth at an individual level or family level, that things just changed.

And we saw the middle-class and we saw broad markets for all the products and services that we enjoy today and electricity and the telephone and all the other appliances. So how do we do that in this data space? And if data becomes that value creation over time, the way to do that is through data ownership.

I was testifying in front of the Senate in front of the [Subcommittee on Competition Policy, Antitrust, and Consumer Rights], the big data group trying to regulate Facebook and Google.  I was sitting during the testimony and they had a major data broker there. And, you know, they’re familiar with taking and buying data from all these different providers and selling it to marketing companies. Well, where is the consumer group? Where is the one that represents my interest?

If I have money to invest, I have banks and brokers I can go to a financial advisor and they have a fiduciary duty and lots of regulation in terms of how they do their job, but they’re looking after my interests. They’re trying to make me money for the most part and trying to better my life. I would want something similar for my data. I want to take it out in real-time. And I want to put it into a repository, kind of a data bank, from all these different sources, that then is then made available to people who are building AIs for XYZ.  It unlocks the potential of the data because the data only has a certain number of uses within Facebook and within Google. They only have a certain vision for where things are gonna go, but if you open it up to all these different players, you can see things develop. New products and services come out of this stuff that we could only imagine.

Devost: I think you’ve tied into a lot of things that have been a focus for me as well but introduce some new concepts. I like this idea of the data plot and the analogy with feudalism for certain, and then having a data fiduciary, I mean, that’s important as well, right? they’re required to look after your best interest from a data perspective. And identity I think is also central as well. I’ve been playing around with that and a piece of it.  If we start thinking through new models of cyber security and we are trying to protect some of these critical infrastructures, say banking, for example, maybe you are unable to route to a bank’s application unless your identity is registered as a customer of theirs, the same way that you provide your driver’s license, right? It kind of reworks how networks and routing and all of that are supposed to work. But I think those are the new models that we’re going to need in order to really advance cyber security and deal with some of these problems that we’ve been dealing with from a cyber-crime, cyber espionage, cyber conflict perspective. So, fascinating.

Robb: Once you have an identity, you kind of trust that it’s being used in your best interest. And I don’t have any problem with it being a thousand-factor identity check, right? It’s looking at every single service and everything I’m looking at, touching, including the standard kind of facial and thumbprint or whatever else you want to add to it. But then you build AIs to tie it all together and make it hard to guess which things would trigger it because you don’t know what the data model is behind the scenes, you could make it so it’s very tough to crack an identity. But you’ve got to get people to trust it: accessing all this information from your GPS data on your phone to the patterns of use, all the different pictures and things that would indicate who you are and it is safe to access.

Devost: Deriving value has been a huge thematic for me. I want to derive value from my own data. You know, I just feel like there’s so much information that’s collected on me that I could use for my own benefit individually, and we just don’t have access to the data, and you don’t have access to the tools. So that becomes difficult. But hopefully, we’ll be successful with some of these initiatives, but obviously with a lot of friction because the current economic model doesn’t support that. So, there’s a lot of disruption that needs to take place.

Robb: Yeah. I think we can get it ported out. I mean, it’s just standard-setting and getting the political backing to say: “this is the standard.” And giving people who know how the systems work six months to come up with a standard for the API that gets stuff out and how it should be stored. And then having companies set up as data brokers who will store that and different business models, some will resell, some will just store it. But you won’t get the kind of privacy control features for telling Facebook and telling Google and telling everybody else what you want to share and what you don’t want to share. Those things won’t be built in an intelligible way unless you have that kind of centralization or where you have a data broker doing that for you, because these guys at Facebook and [other social media platforms] will make it hard to access and hard to find. And the tools will be limited.

OODA Almanac 2022

OODA CEO Matt Devost framed our “current thinking” in January 2022  in the OODA Almanac (the annual forecasting of themes that the OODA Network thought would be emergent in 2022) by including “Non-sovereignty” as a trend in the 2022 Almanac:

Non-sovereignty issues resonate within the American political divide which we provocatively called the Second American Civil War in last year’s Almanac. These issues have only become more inflamed over the past year with tensions over vaccine mandates, infrastructure spending, and hearings on the events of January 6, 2021.  During one of the OODA Network Expert meetings, it was proposed that non-sovereignty is a general trend and worth noting in the Almanac.  Non-sovereignty covers several separate threads, including:

  • Individuals and communities develop greater affinities for corporations instead of governments. This was highlighted early in the Covid pandemic as large tech companies quickly moved to work from home, created grants for local businesses, and implemented employee bonus programs.

The cryptocurrency and blockchain communities identify digital self-sovereignty as a major thematic goal within many of their programs (whether it is decentralized finance or creating Digital Autonomous Organizations (DAOs).  For example, the Ethereum Name Service created a DOA to govern the management of the namespace for  .ETH domains and a DOA raised tens of millions of dollars for a failed attempt to buy a copy of the U.S. Constitution.

The Sovereign Individual: Mastering the Transition to the Information Age, a book written over 20 years ago, has seen a resurgence in popularity and currently ranks #1 and #2 on several Amazon bestseller topical lists. As this community looks to go where they are treated best, some are renouncing U.S. citizenship and moving overseas while others are establishing footholds in states like Florida and Texas.

What Next?   Evaluating External Research Projects and Resources

Microsoft Cloud for Sovereignty: The most flexible and comprehensive solution for digital sovereignty:  “Microsoft Cloud for Sovereignty, a new solution that will enable public sector customers to build and digitally transform workloads in the Microsoft Cloud while meeting their compliance, security, and policy requirements. Today, public sector customers can harness the full power of Microsoft Cloud, including broad platform capabilities, resiliency, agility, and security. With the addition of Microsoft Cloud for Sovereignty, they will have greater control over their data and increased transparency to the operational and governance processes of the cloud.”

This blog posting is pretty confident that the company’s “digital sovereignty, cloud-based platform” is ready for primetime commercialization.  We are healthily cynical: we will be looking under the hood, and will get back to you with an assessment of this commercial platform.   Our primary research question is around value creation for the individual and data ownership.  We are looking for the long view here:  Does Microsoft “get it”?  Or is this a corporate data management platform marketed under the digital sovereignty branding moniker?

The Future of AI and Blockchain-based Data Accessibility, Exchanges and Marketplaces:  The crypto marketplace continues to fly through some serious turbulence.  OODA CEO Matt Devost recently noted, in response to the recent charges by the Securities and Exchange Commission (SEC) in a ‘massive’ crypto Ponzi scheme:  “It is all about creative destruction. It is good to wash the fraud and opportunists out of the system. The foundation of the technology is solid, so now it is time to build actual disruptive solutions that solve real-world problems.”  If you take the long view, blockchain holds real promise for countless disruptive platforms across a wide range of industries.  The automotive and mobility subsectors have provided a recent case study that is a window into the promise of blockchain technologies. The Ocean Protocol should be on your radar – and the Acentrik platform is worth a closer look.

Self-Sovereign Identity | Blockchain Research Institute:  In this research, one of the leading experts and thought leaders in the digital identity space brings his latest thinking to enterprise innovators. He explains the value of the relationship view of identity, the nature of authentic digital relationships, the trust bases of identity systems, and the architecture of the identity metasystem, including decentralized identifier communication and the self-sovereign Internet. He then explores how to operationalize digital relationships and the potential of generative identities (e.g., verifiable credentials) and credential exchange. He concludes with a deep dive into self-sovereign identities in production: the UK National Health Service staff passport, Bonifii’s MemberPass for credit unions, the International Air Transport Association Travel Pass, and others. The project is a must-read for enterprise leaders looking to understand their opportunities in identity platforms and applications.”

Blockchain-enabled Digital Sovereignty: Patients will be Able to Sell Healthcare Data via Blockchain-based Exchange:  While cryptocurrency and blockchain technologies are not official exponential technologies, they are exponential-adjacent.  Why? As we shared in our recent post “By Design, The Quantum List Companies are Strategically Structured for Exponential Speed and Scale” a driver fueling exponential technologies is information:  Once any domain, discipline, technology, or industry becomes information-enabled and powered by information flows, its price/performance begins doubling approximately annually.”

Emergent blockchain business applications in a variety of industry verticals are leveraging these information flows into business ecosystems, platforms, and Software as a Service (SaaS) offerings. In blockchain and crypto, exchanges have become a standard information-enabled architecture that utilizes information flows as well. We recently took a look at a plan to build a SaaS-based marketplace where patient information is structured for sale to researchers by way of a blockchain exchange.

OODA Loop – PIPL, DSL, CSL – China Forges a Legal Path to Cyber Sovereignty:  OODA Loop regular contributor offers a perspective on China’s “Personal Information Protection Law” (PIPL) which went into effect on November 1, 2021,  The PIPL protects the personal privacy of Chinese citizens, and perhaps more importantly, mandates that both Chinese and foreign companies that conduct business in China to comply to the rules set forth in the new legislation.

The Digital Identity in Times of Crisis — Research Sprint at the Berkman Klein Center (BKC):  The BKC is a community of practice that we will continue tracking as they develop the final outputs from this research sprint:  

“The Fall 2022 BKC Research Sprint hosted with metaLAB (at) Harvard and Edgelands Institute will focus on the ethical, human rights, and societal impacts of digital identity in times of crisis.  The last three years have included calamities on such a catastrophic scale –a pandemic, war, rising fascism, and climate-driven crises– that the need for safety, security, and communication is greater than ever before. These calamities are likely to continue and, in the maelstrom of crisis, decision-makers, even those with the best intentions, will make choices rapidly within a limited set of options and under conflicting pressures. Some decision-makers may not consider sufficiently the privacy and security of people’s digital identity. Others may be less concerned with the broader social good, using access to others’ digital identity to serve themselves. 

In the current context, digital identity is the ability for people to prove who they are and, in turn, for societechnical systems to identify them. Digital identity can enable participation: allowing people to receive social benefits from state and civic organizations, to engage in economic opportunities such as work and training programs, and to vote. Yet digital identity can also be used to control, exclude, and target people: to remove social benefits and to limit people’s rights and access to resources.

The goal of the Research Sprint is to produce a series of artifacts demonstrating 1.) how digital identity is best used by policy-makers and communities in times of crisis, 2.) how to protect from harms from either well-intended plans gone awry or the misuse of power, and 3.) how to envision a future in which people’s digital identities are respected and supported. 

We will explore multiple dimensions of digital identity through readings, discussions, and hands-on project work. Participants will work in small groups to create one of three types of outputs: visualizations that inform how people’s digital identity is captured or used, speculative fictions that envision better engagements with digital identity in the future, and policy recommendations for the design of sociotechnical systems that respond nimbly to crisis while treating people’s digital identities with respect and responsibility.” (2)

These two syllabi from previous BKC Research Sprints have also been very influential on our ongoing research efforts:

International Digital Self-Determination Network:   Data is changing how we live and engage with and within our societies and our economies. As our digital footprints grow, how do we re-imagine ourselves in the digital world? How can we be supported to determine ourselves in our data-driven spaces?  In the context of data access and protection, emerging debates about autonomy and communal responsibility highlights a pressing imperative to re-imagine “the self” in digital spaces.

The Berkman Klein Center is a founding partner in the International Digital Self-Determination Network, a collaboration that is defining the concept of digital self-determination and working to ensure that people everywhere are legally, socially, and technically empowered to participate in the digitally connected world.  The other founding partners of the network are Directorate of International Law, Swiss Federal Department of Foreign Affairs; the Centre for Artificial Intelligence and Data Governance at Singapore Management University; the Global Tech Policy Practice at the TUM School of Social Sciences and Technology; and The GovLab at New York University.  Each network member has developed a use case on digital self-determination in a different sector, from finance to migration to tourism.  We are taking a look at this invaluable research.

My Body, My Data | The Electronic Frontier Foundation’s EFFector 34.4:  The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. EFF’s mission is to ensure that technology supports freedom, justice, and innovation for all people of the world.  EFFEctor 34.4 is their newsletter dedicated to a response to the recent SCOTUS Dobb’s decision.  

De-Identification – Future of Privacy Forum (FPF):  This FPF framing of the core research questions is differentiated by its alternative design thinking about the ‘flow’ of identity and data:  “One key method for ensuring privacy while processing large amounts of data is de-identification. De-identified data refers to data through which a link to a particular individual cannot be established. This often involves “scrubbing” the identifiable elements of personal data, making it “safe” in privacy terms while attempting to retain its commercial and scientific value. In the era of big data, the debate over the definition of personal information, de-identification, and re-identification has never been more important.

Privacy regimes often rely on data being considered Personal in order to require the application of privacy rights and protections. Data that is anonymous is considered free of privacy risk and available for public use. Yet much data that is collected and used exists somewhere on a spectrum between these stages. FPF’s De-ID Project has examined practical frameworks for applying privacy restrictions to data based on the nature of data that is collected, the risks of de-identification, and the additional legal and administrative protections that may be applied.”

Matt Devost on the Future of Value Creation through Personal Data

The New Red Atlas is You

I am Big Data and so are You

The OODAcast Thematic Posts

John Robb on the Early Internet, Frameworks to Drive Decision Making, Network Tribalism and Emerging Threats (1 of 2)

John Robb on Hyper-networked Tribes, Digital Sovereignty, Digital Identity, Digital Rights and “The Long Night” (2 of 2)

The OODAcast conversation

Digital Self Sovereignty and Avoiding the Long Night with John Robb

OODAcon 2022

To register for OODAcon, go to: OODAcon 2022 – The Future of Exponential Innovation & Disruption

Stay Informed

It should go without saying that tracking threats are critical to informing your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Strategies, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, and Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.

Daniel Pereira

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.