Fixing the Web is a bold aim for any venture, after three decades of citizens handing their personal data to corporations, and getting little in return except tracking and advertising – plus permission to use a cloud platform, of course. On many of those platforms (and in many a walled garden), the public are a multinational’s main product, as privileged data about us is syphoned to hundreds of invisible partners, in most cases without our knowledge or informed consent.
In some sectors, like US insurance and healthcare, some people are being forced to give up even more of their data to use essential services: insurance companies that oblige people to own and use a fitness tracker, for example. We have become so used to invasive behaviour like this that we now see consent panels and checkboxes as an irritant – as many are designed to be, so we click ‘Agree’.
In short, we’ve all been trained to minimize friction so we can play in a seamless, on-demand world. And with metaverses perhaps incoming (though Meta’s seems like the most expensive but worst-designed video game imaginable), that trend is likely to continue.
So, how can power over user data be handed back to citizens after three decades of the data goldrush? A number of companies are jostling for presence in this sphere. Among them is Sir Tim Berners-Lee’s Inrupt venture, which has been the subject of previous diginomica reports. As I noted in both, if only Sir Tim had thought of his Solid Pod concept 30 years ago, before unleashing the Web on the world. Isn’t it now far too late to change our online behaviours?
Another player in this space is Janeiro Digital, an Inrupt and UK NHS partner, which has been focused on fixing the Web since 2017. The Boston, MA-based company has been in business for 12 years, but saw the need for a platform to support interoperable data and services halfway into its story.
Today, its XFORM (pronounced ‘transform’) offering is an enterprise-grade platform to help businesses “harness the power of Web 3.0”. The aim is to enable decentralized data stores – including Inrupt’s Solid Pods – to be deployed at scale, supporting the user’s data privacy, sovereignty, and active, informed control. In this way, it is an American fellow traveller on the journey envisaged by Sir Tim, towards users setting the Ts & Cs for their personal data’s use.
For co-founder, President, and CEO Jonathan Bingham, this “bridges the gap” between the Web as it stands today and Web 3.0, which will have a greater prevalence of decentralized services, data, and applications, peer-to-peer systems, blockchain and DLT offerings, plus tokenized assets – a very different universe in many ways. Under Web 3.0, effectively, we are all clients and all servers, all of the time.
For the first eight years, we were a services business doing digital transformation. Then one of our old board members came into our office and said, ‘I've got a project I think you’ll want to work on. Can you help us take this project called Solid [from SirTimBL’s Inrupt] and create an enterprise version for a commercial organization?’
When you hear that you have the opportunity to work alongside Web founder Sir Tim Berners-Lee – well, of course we said absolutely. So, we spent the first year working with them on the first version of the Enterprise Server. And along the way, we really got into the standards side of things, became a co-editor of the Solid standard and worked on interoperability. In a sense all this became the foundation for our work with XFORM.
As co-founder and CTO Justin Bingham explains:
When we talk about a vision for personal data stores, we are envisioning a world where instead of data being siloed with all of the applications and services at the top, it's in your virtual data store and the applications and services interoperate over it. So, it's in your control. You give them whatever slice of that information you want, and then insist that the applications or services justify it. You can give them access to a lot more information, or you can take it away.
Our vision is of a world that looks like this, but there are real practical issues. That’s because we're decoupling the applications from the data, and taking these legacy silos and moving the data into, essentially, a little database that's in your control instead of theirs. That changes some well-established architectures, which means we need new ones to make it all work.
First, the applications have to work with the same data, even if it’s different applications developed by different organizations with no knowledge of each other. So, they have to have a shared understanding of what the data is. They have to know how to discover where the data they need is. And they can't break or corrupt it, because that's going to break other applications.
“This whole thing would fall down really quickly if you had a bunch of apps trying to use the same data and they're just writing over each other and breaking things. Nothing would work. So, you have to solve that.
So, you're really solving machine-to-machine interoperability. And then you're saying to people, ‘Hey, you're going to manage your data’. But for people to effectively manage it, they have to understand what it is. So, you can't use opaque data types. You have to describe things based on what they actually are.
If I said to someone, ‘Can I have access to Folder X7AB32?’, they would have no idea what I was talking about. But if I said, ‘Can I have access to your medical prescriptions?’ they’d know exactly what I was talking about. I wouldn't need to be technical at all.
In short, when you represent data and types in a way that people can understand, they can then make smart choices. And when you talk about consent, you want your decision to be based on what the data is, not where it is, and not some obscure representation of it.
Understand your choices
But what about the cybersecurity angle? Attacks have increased since COVID-19, especially on the software supply chain. How can users be persuaded that their data is secure in Pods or in any other virtual store in a decentralized world?
Justin Bingam says:
One, the most secure thing you can do for people who want to make good choices is make sure they understand exactly what choices they're making. So, when they understand what the data is, that's really, really important.
Number two is in the flow. An application has no knowledge of what data does or doesn’t exist. But they can say ‘If you want to use me, then this is the kind of data that I need access to. There's always risk, but we find that this approach and this model are pretty effective.
CEO Jonathan Bingham adds:
It will continue to be about trust. These are the early stages of this market, right? We've been talking about this now for just a few years. But what we're seeing both in our own direct relationships, and also via our partners like the Big Four, is that the market opportunity for decentralizing applications is one of the most important things to their client base. It helps meet a lot of regulations, but it also helps with the scalability issues that Web 2.0 has with siloed data.
We had a different take on that to Sir Tim early on. We think the best way to get adoption of this type of technology is to have it supported by the enterprise. So, with large organizations – whether it's insurance, whether it's entire countries, or whether it's financial services, businesses, healthcare – the best way to do this is to make it so the user almost doesn't know that they're using a Pod.
If you go to the NHS app, which is your portal, all of a sudden there's a new screen that says, ‘Clinical trial application: we'd like some access to your data. Would you like to provide it, and match your health record with a clinical trial?’ You can click yes or no; it just has to be seamless.
If you give the applications and services that you use the ability to easily use and interoperate with more of your information, then they can do more with it. They can do better things. The problem with silos is that they're built with walls so they can't get to the other stuff. But when you have a world in which those walls don't exist, but instead there's just one big wall around your stuff, then you – and only you – can decide what they can have.
As ever, a fascinating and promising area – one that may reward and incentivise users rather than have predatory multinationals running their prey to ground and tearing them apart for clicks and giggles.