 Good evening everybody Who of you knows where all his data are? Which organizations have them? Nobody so do you like that? Who likes it? Come on Still nobody. Okay, great. Now multi-mo has Software that he believes will be able to solve this problem by putting all the data about you still in your own hand This is box person for the free software foundation Europe in the Netherlands. So please give him a very warm round of applause Well, thank you very much for the introduction. I'm really glad to be here and to be speaking to you about personal locker hoping that the slides work Who am I? No slides Yeah, don't have a feed. No. Anyway So who am I? I'm Maurice Freyser also called multi-mo. That's also my Twitter handle. So if you want to find me on on Twitter In the Netherlands, I'm spokesperson for the free software foundation Europe And I'm also the team coordinator of the Dutch free software foundation team I'm an electrical engineer by trade and Dits a study on innovation management and In my day job. I work on privacy open-source software and free software IT strategy and security and I'm one of the lucky guys that actually made work out of their their hobbies What are we gonna talk about today? Well, actually first I'm gonna Say something about the problem that I think is going on with our data Then we're gonna go into what I call personal locker technology and what that actually means and What kind of personal locker technology there there is? I'm gonna speak to you about the Kind of vision dream that I have and I want to check with you if that's something that also resonates with with you guys and Then we'll go into the current software and hardware that's actually already working on building that dream and Then we'll have a look into the into the future and I'm really hoping that Slides will work from now Because otherwise it'll be there we go nice Technology alright so In the introduction there were some questions asked like where is my data? I think a lot of you don't know where it is. It's somewhere in the Cloud, but yeah, the cloud is just other people's computers and do we like that situation? Do we like that? We don't know where our data is who has it and that you don't actually have control over it Then there are the companies that actually and other organizations that want to know as much about us as they can and They want a complete profile and all of them are trying to get that complete profile and some of them succeed half and some of them exceed just a quarter and They're not putting stuff together because that's actually kind of a competition and You know I get a e-refeeling about this that there are so many companies and organizations trying to figure out who you are what you do for all the reasons they they actually have and You know this was wasn't was not going to be a big problem if you actually had an opt-out if you could You know reduce The amount of services that you that you use but the fact of life is that that More and more services that you need on a daily basis are actually Delivered digitally and you need an identity for it and you actually have to Go online and be part of some sort of database or some sort of application So your data is going there and you don't really have a you don't really have a choice anymore And it's even gone so far that you also don't have control over The The way the data gets treated and this was one of the the most interesting things that happened Last last week that actually the privacy setting screen On Facebook is patented which is kind of ironic and funny So you don't even Actually have some sort of control over your privacy settings. So Really strange Many people have come to realize this I'm certainly not the first and certainly not the last to say something like okay We need to do something about these databases because these databases are growing and growing and growing and they're becoming honeypots for all sorts of crackers to Fetch the data especially for instance medical data because medical data is rich in personal Data like social security numbers and bank account numbers and all kinds of stuff and that makes Medical records really valuable for for crackers So there's a real rush on these huge databases that contain a lot of data about persons and They get hacked regularly And They just go out into the public so Personal locker technology This is actually reversing the model all these technologies are about Changing the way we are storing the data So instead of using a lot of databases where we are just one line in the database They are about giving the user control over their data and actually Making sure that You know the companies come to the user ask the user for their data ask the user for permission ask the user for access and And You know the processing will be done on a per user base and not on the real database And then the question arise and this is this is the thing that's the battle that's going on for the past Couple of years and it's a bit increasing Where do we? Where do we want to store the data in this vision because for control over your data? It's not really necessary to put the data in you know somewhere near you or In your phone or somewhere else because with all the technology we have You can also do that in a distributed way But maybe it feels nice to have that data nearby and actually knowing where it is So all these technologies are about Taking you know the the list that we have in a database and Actually turning it into this fold or locker Where your data about you is stored and then all the other companies or organizations or whoever wants access Medical people whatever they come to you and ask Your permission for that access Now all of this of course is is still not new but one of the the I think the breakthroughs that happened in the past year is Actually about the storage How do we store that data? You need an independent Organization or an independent place probably or preferably an independent technology To store that data because otherwise you you won't have trust in it If there's one Computer or one organization or one service that will offer it the space to keep your digital twin That feels eerie because you don't want to rely on that that single entity and even having multiple entities Then maybe you can lose half of your digital twin if one of those companies or organizations goes wrong so We need to distribute it Instead of You know the web today looks like this in it's kind of decentralized You have these big organizations that a lot of that are these these focus points in the network But we need to go all the way to the distributed part and we need that in In three levels actually So what are the requirements when we want to build this fold this this locker? And we want to have actual actual people use it There are a couple of things that are really important that in one of the things is compatibility Especially compatibility at the site where the organizations and and Companies are using This this technology They actually want to still have you know access to you to data about you because that's valuable to them So if we make it very easy For the companies and organizations To actually have that make it extremely transparent and almost the same as like storing data in a database Then probably adoption will be high And from the user perspective it needs to become really easy to actually Give permissions to other organizations or to share your data with somebody else and have trust in that It needs to be really really really really easy Also access to it and and finding it it it needs to be easy And I think the only way this is going to work if we're going to split up these three functions And we're going to split up identity We're going to separate it from Authorizations and we're going to separate it from storage My dream looks like it looks a bit like this. It's not completely this but imagine that you have you're in your in your home and For instance, you have a TV And you have your identity card for I don't know from your your your local government or your government your And you keep it At the TV screen and poof There's all your Personal data And you take it away, and it's gone. It's not on the device It's not on the little card But it's these three functions Working together to actually give the users that experience And you might think how how how is that is that is that possible? That the that the data is not on this device or in a database somewhere if we separate these three things identification authorization and storage we can build these kinds of applications now there are Two different views. Oh, there's three here They're actually two different views. So some people say it matters where the data is stored and some people say it does not matter Where the data is stored? So you see solutions right now? Where people say it doesn't matter that the data is Near you or distributed or in in some database of a company as long as there's access to it And it's categorized for instance with link data Or we can make sure that that the thing you want to do with the data is actually going Towards the data. So if you have a database somewhere running and you want to do something with that data Then instead of copying the data over to where you want to run The algorithm you're going to send the algorithm to where the data is that means the data is never going to leave that that place which might have laws or other stuff that guards the data But it stays in place and there's the whole thing about identities where you actually not Sharing your identity, but you're sharing attributes about you So for instance when you go to I don't know a liquor store and you have to identify yourself or I have to show your age Then normally you now show your identity card, but there's a lot of information on that if you can just show You know, you're digitally you're a tribute that you're Of drinking age Then that's then that's convenient. Then there is the whole Stream of thought that it does matter where the data is and I'm one of those guys. I think if you don't Know where your data is or make sure that it's independent We will always have this dependency on these different parties that make sure that you know, this is This stuff works if we can make sure that the data is in somewhere in a network layer on the internet Then that will guarantee that we have that access The first thing only promises us that will have access. I think the second one will make sure we will have access I'm just gonna go into a little bit about the link data part the pros and cons For instance, one of the things that you actually need with link data is ontologies, you know, it's it's structured data You need to know what's in the database and then The thing is you can actually query it because there are multiple different query languages for for going through link data But it's really hard to agree upon an ontology, you know agree up on the same language how we call stuff in the world A good thing is that usually Like I said link data plays nice with local loss because it's already, you know, if you were talking about medical data The medical data is stored somewhere and there are laws about who can store it and how it's stored And that's compatible with the whole link data vision because the the data will always be at that same spot however, I Don't know if you ever Did something with link data. It's it's actually pretty complicated to Make sure that you can query different systems which are across the network get the right responses Integrated show it do something with it. There are a lot of Tools and libraries for it, but actually it's you know, it's it's pretty complicated to actually build something useful with it especially if the ontologies don't line up and One of the big things is that it's that it's not distributed and you don't get as a as a ultimate user a Guarantee or control over how the data is used These things I just mentioned Those are the the the things about you know attributed identification and Why not just bring the analysis to? to where the data is I Think we are very lucky because we have been trying Distributed storage for a long time This is the history Kind of like with with the with the storage So that with the internet at some point we I call it just bundled encryption Then people thought up a maybe we can do something semantically with a semantic web link data and After that we were trying to get Distributed storage to work and there were a lot of promising things I Forgot the Torrent Stuff in here, and I think one of the most interesting things that happened in recent years is the concept of I don't know if you know the the freedom box that even Moglem talked about in 2011 in combination with the distributed solid storage technologies that we have Since last year actually So when we look at how this this this will work We're gonna have a system think about like a single-page web applications where You have microservices for these these functions. You have somewhere somebody takes care of identification You have somewhere Somebody takes care of authorization and somewhere you just have a storage place What if that storage place and all these other things are actually distributed? Well, these are the things that people are working on today and That are gonna go crazy within the next 20 years There's a lot of talk about the blockchain I don't think the blockchain will actually you know Solve every single problem there is But I really like the new storage the distributed storage applications Because with these distributed storage applications We can actually make sure that You know things like identity work with authorization and you can encrypt For instance data for specific users like when you want to share some medical data with your with your physician You will actually use encryption And encrypt this data for that guy And you will place it on this distributed storage network either it be IPFS or dot or bit dust and He will instantly be able to retrieve the data because we have all access to this distributed network And he will be the only one to actually Decode that and that's the that's the whole thing that will will will have to work on the next 20 years How do we make sure that we have an independent identification system that you can show who you are? But don't take it as far as to couple it with authorization there are a couple of projects that actually you know integrate these two things but I think it should Should be separate Because if you can make sure that the authorization checks if you are a legitimate if if if your identity is actually legitimate through some other service Then that's all the authorization needs to do the same with storage the storage doesn't need to Care about where the data is coming from or who it is from as long as it's it can check if it is actually allowed for this person to receive this data And it can use the same checks and balances and in the end I think about Something like this. Maybe we will I used to sprit me box here It's very nice and shiny. It actually does something completely different But maybe we'll have something like this in our home in a couple of years Which is actually one of those storage nodes and you'll be able to Be in the IPFS terminology to actually pin your data within this box So you'll be sure that there will always be one copy of your all the stuff that makes you you and you can share it from there But because it's IPFS or other distributed platform, it will be distributed across the whole network And that's one of the most most important things especially what if we can combine it together with Actually processing power Maybe I'm wrong. Maybe, you know, it does make more sense to Actually bring the compute to where the data is but what if that compute is actually at your home? I don't know if people know nerd lies, but that's a company that builds these kinds of Radiators which are actually not not radiators, but they are computers and they heat up your home So think about, you know a whole country full of These radiators you have a distributed Computer network in your country. It actually, you know all the computing power will heat up the homes But what if this is also one of those storage nodes? It has a capacity to hold data and then you actually can You know where your data is because it's you know, it's in your your thing that heats the heat your house And you can actually do the compute on it so if for instance you have a Brainscan made you can actually maybe look at your your radiator with With these augmented reality glasses and you can see how far the analysis of this Brainscan is It's running here so to Sum up a couple of the complete solutions that are you know out there being worked on You can actually divide the stuff into these three Areas you have the lockers For instance the me data dot-coop this is an organization that wants to be Offers this digital locker for people I think it's a very good initiative But I think they should adopt something like Distributed storage because now it's just centralized storage you store it there on their servers And they should really work on you know getting it getting it out of there Solutions org is actually working on this this distributed vision Then there is a store.io Which actually already has The storage part working, but they have combined it with identification. You actually need a An account with with store.io, but they actually use this distributed network and these this whole concept of nodes for Their solution. Oh, I've got a key which is actually also very important It actually has this concepts of of nodes, but it also already made this whole How do you call it? these legal entities so you can have different people Running different parts of that distributed network and actually make that legally make sense Link data there are two initiatives The first one is actually starting in the in the Netherlands is called health awry and it's actually about gathering all the research data from all the different universities and Opening that up so that other researchers can do a federated search through all the databases that There are very interesting, but still a I don't think it's gonna work because it's you know It's this federated idea and what's gonna happen somebody some researchers gonna research and he's gonna have his own data set and then He needs to sort it somewhere else But that data set is a copy partly of other data sets and how are you gonna do that? Then you have solid which is actually an idea of Tim Berners-Lee Also interesting to look at then code to the data. That's that idea. I told you about The PhD is the personal health train which actually does that for medical stuff where You know your algorithm is gonna go to the data Security-wise I still think there's a lot of work there because how you do you make sure that that thing you were running is actually nice code and not something horrible and then there are Decode with which is a Dutch initiative to do basically the same and open PD PDS also does something like that if you know some other Projects that are going on Please let me let me let me know after after the talk so to sum up actually this is Not a new idea. We like I showed you on the slide. We have been thinking about You know distributing storage for a long time, but I think the new thing is that we actually now have the possibility to really build these Distributed systems that are workable that actually work together with identification and authorization and actually makes life a lot easier I'm really exciting that I can work on this a bit and think about you know What it'll do for the next coming years But if this will take off and I think it you know will we'll have we'll have to figure out how these parts will work together But I think we'll get there and we'll come up with protocols to work between these things And I think it will be one of the most disruptive things there are if you want to Try out some of those things how that would work how that would look like You can go to orbit dot chat, which is actually one of the IP FS Applications it's a chat application and it works completely distributed. So it has the storage thing in there and I'm personally working on a project called the bet waiter, which is The translation would be the know it all but it's actually about Hospital hospital bets and in the Dutch language is actually a funny funny reference And the problem there you just to show how these three things can actually work together Imagine that you break your leg or something Something else you go to a hospital and then at some point the doctor will say hey You're better But you actually can't walk yet because you know there's a cost and it's It's it's it's not happening yet And you need some some support then what happens is that a nurse will actually be busy calling other Hospital or places where you can stay for a couple of days or to arrange some sort of help for you and that's a lot of work and what I've created with with a couple of other people is actually this single-page web application That runs an IPFS node Where the people that actually have the bets can place Can publish their bet and they actually encrypt it for the nurse that is looking for the bets Because you know they always get the same call from the same nurse So there is already a trust relation between them and they can now Arrange this really quickly because they know hey These are the bets from the the the nurseries that are that are available Anyway around so they can encrypt this data for each other place it on the network and because They already know You know the They already know where to look for that data You can see it in one in in one screen and the cool thing is that this whole web application is actually Running on the distributed storage itself But that's pretty pretty mind-boggling And then we are at the questions and comments Great talk. I wanted to ask when we do have this data in our home How are we actually going to protect it from? law enforcement because if we Store all our data. It's not stored by some company that's two countries away and their data center is inaccessible and All that kind of stuff But when it's when it's all available and they can just look through all the data They have of course it's encrypted and all that but you can't be forced to give your encryption keys and stuff like that How are we going to protect against that kind of? intrusion in our personal data Well, the thing is that Because it's encrypted and it's not actually It's on the distributed network. So it's not something that they can actually, you know, take away But yeah, it's a it's a problem that you can be forced to turn over your your encryption keys and I don't think we we really have a solution for that at all because in the end with any Encryption technology we're going to use you're going to have some sort of Private key Management problem and that's I've I've not seen a great if anybody knows a great solution how to solve, you know, you are our Personal key management then I would really like to know because that's one of the main things even in in, you know, this whole constellation that I just show you about separating the concerns you can solve a lot with multi-party encryption, but It's not good enough. We actually need a really good good solution for that problem. Yeah, you're right Any other questions? Oh, come on. There must be some sort of comment. Must have made a mistake somewhere All right, then I want to thank you for being here And please give our speaker a very warm round of applause