“The Physicality Of Data And The Road To Personal Data Ownership” was originally published by Forbes, July 2, 2021. David Kruger is co-founder and VP of Strategy for Absio Corporation, and a co-inventor of Absio’s Software-defined Distributed Key Cryptography (SDKC).

This article is the first in a series on the physicality of data. I’ll follow up with additional installments of this series over the next several weeks, so check back to see those as they become available.

All of us tend to conflate the word “data” with the word “information.” Usually, that’s OK, but collapsing data on a computer and information into one thing rather than two separate things makes thinking accurately about data ownership difficult.

Here’s why: Information is perceived in our minds. Software digitizes human-usable information by encoding language, sound and imagery into binary patterns of ones and zeroes. It applies those patterns to physical things: transistors, electrical pulses, light or radio waves, magnetized particles and microscopic pits on a CD/DVD. These physical data objects are “quantum small,” but they’re as physical as a brick. Software can create and manage data objects because their physical properties are predictable and, most importantly, controllable. Why is that important? Because if we can’t physically control the use of our personal data, real data ownership is impossible.

Since your personal data on computers is physical, imagine for a moment that you could control it like you control your car. Cars, like most physical objects, have three domains of control: use, access and rules. You can use your car — make it go, steer it, make it stop and control access by locking it. Use and access controls are inherent because they are built in by the manufacturer. Rules are societal controls on the use of cars, such as stop signs, driver’s licenses, titles and rental agreements. Your car’s controllability is what enables you to possess it, and possession codified in law is ownership. Rules establish lawful and unlawful uses. Civil and criminal rules are enforced by the justice system.

Ownership comes in four flavors. The first is actual possession: you, using your car. The second, constructive possession, is governed by rules. You can grant conditional use of your car to another, but the grantee must obey your rules and societal rules, including how long, for what use, compensation owed for your car’s use and traffic laws. The third is criminal possession, the use of your car without permission. The fourth is transferrable possession: buying or selling cars.

The obvious question is, “If my personal data is physical and controllable, why can’t I control it like my car?”

Here’s some history: Human-usable information was first digitized in the early 1950s. That primitive software provided no built-in data controls and no analog of brakes or steering or locks. The only control applied was access to the software, not the data. Consequently, anyone who could access the software could reopen, read, modify, delete or copy data without limit. Since data was transmitted by making a copy and saving it to other computers, every copy was also limitlessly reusable. Such data was inherently uncontrollable simply because software applied no controls to it, and therein lies the problem.

Almost 70 years later, the vast majority of software still creates data with no built-in controls.

Two obvious questions arise:

1. Can software really make controllable data?
2. If software can make controllable data, why doesn’t it? 

The answer to the first question is easy: Data is physical, so of course it can. One example is controlling access to data with encryption. Encryption changes the physical structure of data to make it lockable. Analogs of brakes and steering and rules can also be added.

The answer to the second question is more complex. The first reason is that people don’t ask software providers to make data controllable because they don’t know it’s possible, much less desirable. Few people think of data on a computer as physical; they view computer-delivered information in their minds and physical data on computers as equivalent. That problem is readily solved in a few minutes using simple explanations and analogies. Did you distinguish information from physical data on a computer before reading this?

The second reason is more problematic. Our inability to own and control our personal data has resulted in the loss of any semblance of privacy when it comes to our online activities and, increasingly, the privacy of our real-world activities. Unfortunately, we are surrounded by and carry continuous surveillance devices wherever we go; we call them smartphones and smart devices.

In the past, privacy has been commonly understood as an individual’s ability to keep certain information to themselves or to share it selectively within trusted relationships: friends, family and professionals like doctors, lawyers and select business relationships. Reading someone’s diary or eavesdropping on private conversations have always been characterized as violations of privacy, as has been the improper disclosure of personal information by someone we trust. In that vein, digital privacy can be reasonably defined as an individual’s ability to control by whom, for what purpose and for how long their personal data can be used.

How has privacy been lost? Currently, some of the most powerful corporations in the world operate software platforms and sell software. Nearly universally, they force us to surrender our personal privacy as the cost of entry into their marketplaces of goods, services, knowledge and ideas.

How did they pull that off? By taking full advantage of:

1. The uncontrollability of data.
2. People not knowing that they can physically control, and therefore possess and own their personal data, if platforms or software providers enabled them to do so.
3. The constant prattling on by platforms and software providers about how deeply they care about privacy, an astounding feat of doublespeak.

People are increasingly distrustful of platforms and software providers that strip their users’ privacy rights, as well as continually watch them. This is evidenced by regulations like the EU’s General Data Protection Regulation and the California Consumer Privacy Act, not to mention “the rise of privacy tech.” Search that phrase, and you’ll find hundreds of startups and venture capital dollars flowing like water into the privacy tech space.

So, what is the road to data ownership? It’s free-market disruption of the old order: new (or repentant) platforms and software providers delivering search, social media and software that incorporates physically enforceable privacy and property rights into the data. 

Build it, and we will come. 

Follow David Kruger on LinkedIn. Check out his website. 

Here are all of David Kruger’s columns on cybersecurity to date — browse and enjoy:

The physicality of data and the road to personal data ownership. When data was first digitized in the 1950s, no controls were built in to protect it from unauthorized use or misuse. Confusion between information in our minds and physical data, as stored on computers, hampers efforts to control how our data is used.

The physicality of data and the road to cybersecurity With cyberattacks trending upward, remember that cyberattack potential is always greater than cyberdefense potential. Data objects can defend themselves with encryption, which makes them unusable if captured by cyberattackers. Sadly, little data today is encrypted

The physicality of data and the road to inherently safer computing The software industry today is precisely where the chemical industry was in 1978; hazard control is a mere afterthought.
Most software leaks like a sieve and doesn’t consistently keep strangers (cyberattackers) out. That’s not hyperbole; read the news. — David Kruger

and

Physicality of data: The road to inherently safer authentication. Even though the world is arguably far more at risk from uncontrolled data than from uncontrolled HHCs, there are no hordes of people demanding solutions — yet. Many people don’t realize that — unlike the chemical industry — software/hardware makers aren’t typically held accountable for harm caused by preventable hacks.

You may also wish to read: How can non-fungible tokens (NFTs) be made to work better? Bernard Fickser offers twelve steps to handling NFTs in a way that dispenses with cryptocurrency-based blockchains and works in ordinary online marketplaces like eBay. In Fickser’s view, NFTs can work if they avoid self-serving cryptocurrency blockchains like Ethereum and enable real-world legal transfers of ownership.