Original article published on Hub of All Things.
It’s commonly stated that individuals: a) don’t know what their personal data is worth, and b) give it up in exchange for “free” services, which then are powered economically by the value of the large amount of user data in terms of targeted advertising, marketing recommendations, analytics, and so forth. This is the famous two-sided market. In a similar way, the Internet of Things (IoT) has largely evolved a collection of services that often appear to be free, but in fact make this same trade-off. Hence, smart metering for utilities empowers the electricity-generating and grid companies to optimise their price/performance better, just as Tesco’s Clubcard allows the supermarket group to optimise its range and quality of goods.
What is currently somewhat different in the IoT world from the cloud world is that each of the services in the different IoT sectors is separate and exists in a silo. Hence, you cannot (easily) connect information between your smart meter, your home security management, your environmental control, your home and in-car entertainment systems, your fitness and wellbeing monitoring and control, and your social media (email, messaging, diaries, etc).
Where all websites on the Internet are connected and possibly linked, and all e-mail systems (whether web mail or traditional) are in principle inter-working, the IoT world is not. In fact, an IoT is a collection of many disjointed networks of things, using the Internet to transfer sensor and actuator data to and from each IoT service sector’s cloud service, and offering, typically, only a remote web API to the user.
Does this sound familiar? It is actually pretty much like Facebook and Google Search, which are essentially monopolies in each of their respective sectors of social networks, and of search engines. Hence IoT is not so different at one level.
At another level however, it IS different, because no one is able to offer third-party integration of IoT services in the current structure. In other word, no one can become the Google Search+Analytics of Things. If someone could however, it might prove to be problematic in terms of risks to end-users.
Enter the HAT – the Hub of All Things.
At the top level, the HAT offers a privacy-preserving Data Exchange (currently dubbed HATDeX), which works like many other exchanges; it’s a marketplace, like a currency exchange, for HAT data.
At the next level down are the actual HATs, of which there can be many. These are places where we unpick the silos and collect together all the data for a user or a set of users. A user’s data is stored in a personal cloud, possibly one personal cloud per person (i.e. 10 billion clouds worldwide, potentially) ideally, but can also be stored in a HAT, and certainly is mirrored (a copy kept) in the HAT.
Strong Privacy Guarantees
There can be privacy issues in dealing with personal data, and the HAT contracts to obey a collection of service rules that include strong privacy guarantees. We expect the HAT has no incentive to cheat because:
- The user can switch HATs as there may be millions of HAT providers (at least 100s per country – by analogy, there are 300 ISPs in the UK and changing ISP is trivial).
- The HATDeX contracts with all the HATs – if a given HAT breaks the rules, then the HATDeX can evict them.
- The HAT provider is remunerated by the user and may be paid for additional services by the HATDeX as well – they already make money, so greed is counter-productive.
- The HATs are certified – they can choose different technologies to implement privacy and other service policy rules, as innovation happens in that space (e.g. differential privacy might be replaced by zero-knowledge computations, which might get updated to use homomorphic encryption, as advances are made). Standards allow interworking between IoT silos, open IoT platforms and HATs and between HATs and the HATDeX.
The key to this is that the HAT project defines interfaces, APIs and schemas, as well as rights and obligations in terms of contracts, not detailed mechanism, so that developers can improve various aspects of the systems over time, without changing the relationships between stakeholders.
Of course, there could be data leakage. However, by distributing users over many HATs, which may be quite heterogenous in terms of hardware, software, location/jurisdiction, etc, the risk of massive data leakage is massively reduced. The incentive alignment design also means that the mission creep that is sometimes called “honest but curious” is not present, and the certification makes sure to reduce accidental or deliberate back doors.
This won’t prevent every problem. In particular, in a very large-scale data collection system like this, different HATs might not easily be able to detect someone carrying out queries across them to do re-linking. However, it isn’t clear why someone (outside of law enforcement) would do this, since they can do commercial cases for re-linking subject to rules through the HATDeX anyhow, and running arbitrage on an optimal market is (allegedly), a seriously losing proposition.
The Future of Cloud
New cloud technology is coming onstream that decreases the footprint of a VM (Virtual Machine) by about two orders of magnitude, allowing clouds to run on very small devices (home hubs, set-top boxes, as in the User Centric Networking (UCN, see http://usercentricnetworking.eu/) project) or even a phone or in very large numbers in traditional data centres, or both.
Cloud data can be mirrored for high availability between home, mobile, and data centre, also covering device theft or disaster recovery (similar to the Estonian Digital Governmentapproach). The cost of running a cloud at this scale is cents – rather than dollars – per month. Who pays depends on the service model the user picks. It might cost a little eyeball time, or a little less privacy, or it might be bundled in a particular IoT sector’s price; if the user chooses to be part of a HAT that sells data (in a privacy-preserving way) on the HATDeX, then the resource payments are covered by profit.
The HAT project is forging a new social contract for users and business in the context of the IoT. By respecting privacy and the ownership of personal data, we can see new ways to create markets from new services which have hitherto been blocked by the walled gardens of Cloud Services in the Internet today. Instead, open innovation can be enabled by careful definition of the relationships between stakeholders in this brave new cyber-physical world.
For more on how the tech of the HAT works, read the HAT Tech Briefing Paper which is currently open for consultation.
About the author:
Jon Crowcroft
Jon Crowcroft FRS is Marconi Professor of Communications Systems at the Cambridge Computer Laboratory, University of Cambridge. He has worked in the area of Internet support for multimedia communications for over 30 years.