In the wake of high-profile privacy debacles, data privacy has become a much larger concern for the average person around the world. You probably know people (or maybe are one yourself) who have left a social media service in recent months due to privacy concerns. What currently has me more worried though is the possibility that the incessant tracking we’re all familiar with in the online world will spill over into physical spaces via connected devices. If that happens, we’ll end up in the kind of dystopian omni-marketing or even surveillance state society that none of us want, and, unlike the online world, we can’t turn the physical world off. This is not a far-fetched possibility given that every smartphone and every modern electronic device from computers to cars to televisions now features a built-in communications protocol that is almost always on: Bluetooth.
Imagine sitting in a waiting room where a bot in the thermostat senses you and decides to raise the temperature of the room by a few degrees, causing your blood sugar levels to drop ever so slightly (yes, the bot knows who you are and how your body will react). Conveniently, an advertisement shows up on your mobile device marketing a chocolate bar, which just happens to be available in a vending machine nearby. You buy one. The advertiser makes money and the bot makes money, then gradually resets the room temperature to a comfortable 72F. You eat the chocolate bar and somehow feel great, and all is well again. The best fantastical depiction of such dystopian future that I have seen is a short called “HYPER-REALITY” by the artist Keiichi Masuda, yet actual reality can be more subtle and insidious.
This is not the world I want, yet I do want the frictionless conveniences offered by technology — on my terms. One way we could achieve this is by equipping people with a privacy-driven identity signal they can use to interact with the world around them. Instead of non-consensually tracking people, as is the norm online today, businesses and buildings could install devices that allow them to detect identity signals of people who have opted-in, and when they do, offer to use the data that person explicitly provided via their signal to serve them. For example, such a signal could be used by a person to unlock a car, authenticate into their computer while at the office, or make a purchase from the above-mentioned vending machine — if they chose to.
Ideally, here is what such a system would look like:
- Identity signals would be owned by individual people, not companies. People need to own and control their own data. If online data schemes had been set up this way from the beginning, we wouldn’t have many of the privacy issues that exist today. Online, we are gradually turning things around with privacy-protecting services and authentication schemes. In the physical world, we have the chance to do it right by creating a new dynamic from scratch.
- Identity signals would be emitted from a personal device (smartphone or wearable), something we are already carrying around in our bag or pocket, or on our person. These signals would be ubiquitous enough to be read and understood by most devices. This exists today in the form of Bluetooth Low Energy, which is available in 90 percent of new devices. A powerful, continuous, low-energy signal is important because it enables frictionless experiences we desire, such as walking up to a door and having it unlock in front of you.
- People opt-in to having their signal sensed. Companies and organizations would install sensors (or use devices that came with embedded sensors), but those sensors would not be able to decode the identity of the signal owner without their explicit permission. This means that the company would need to provide a service that is of value in order for the person to agree to enable sensing of their signal. This could be per use, or one time — for instance, giving permission for your employer to read your signal so you can access your office. This permission should be revocable by the signal owner at any time.
- Companies reading the signal (so they can provide services) should not be allowed to sell any data they collect. This is key; the data being shared via identity signals must only be used to offer a service to the person being sensed. Technical measures can be implemented to make correlation of such data from multiple entities difficult. Preventing the trade in user data would also mean that companies could collect and store less of it, decreasing the impact of security breaches.
Solving for privacy and security is hard, and equally hard is finding a business model that supports it. We can get companies to agree that privacy is important, but if we don’t find ways to add value in sustainable ways, we eventually end up where we are today, compromising on peoples’ privacy. With privacy-respecting implementations, identity signals can empower people with control over their identity and data while allowing companies to leverage it to offer differentiated services to their customers. Many of today’s businesses have proven that we’ll pay for the convenience of frictionless experiences, but we don’t have to sacrifice our privacy in exchange.
Forward-looking companies like WeWork and Dropbox are already equipping employees with identity signals for a basic but important interaction — getting access to their buildings. Soon, I expect to see B2C applications for identity signals: cars, public transportation, membership services, retail and more. Doing this right requires an approach that empowers people and stands the test of time.