Provenance Pleas

by Anthony D. DiBiase 2019-05-01

The skinny on this essay – freedom and provenance for algorithms & data (aka PAD) require privacy.

online business model tentacles ads

3rd party tween you & i

baits us to click thru memes fads

controls behavior sells my

identifiers identity

location health credit

stop this we must discredit

our infrastructure edit

and share humanity

We limit this discussion to online privacy – digital networks & servers where algorithm-driven tides of data ebb & flow. In this abundance of algorithms & data (some preciously yours dear reader), we must vigilantly enforce privacy laws & regulations, especially on how algorithms & data are used (in addition to respecting fellow citizens); one must have privacy (one of my core values[1]), to be free. The first part of this essay introduces the concepts & status of online privacy, then discusses provenance for algorithms & data (aka PAD). The essay’s second part explores ways to use PAD as a basis to regain our online privacy. Please share your thoughts in the comments section below.

Intro & orientation

Having a third party laser-focused on profits & advertising (& other motives we have no control over) between the first and second parties, say you & I, destroys any notion of security or privacy online.

“Online privacy” means control of two types of access : (1) traditional security that protects one from adversaries, and (2) a level of privacy that allows one party to grant access to another trusted party. We have become so conditioned to accept heavy online surveillance [via “free” apps on mobile devices for the sake of capitalism] in our everyday that we fail to value our individual privacy, and to shame those spying prying corporations into finding a legitimate business model.[2]

Though nearly all of us are dependent on open source software, a vanishingly small proportion of businesses understands its interdependencies & properly applies updates, particularly those for security (e.g. thanks Equifax for compromising my identity when you failed to apply security patches). Black hats easily exploit human interaction – corporations’ denial of malicious compromises has progressed to population-scale denial of citizens denying they are being “trolled” online. Libertarians and capitalists (unintentionally or not) have created profit-seeking infrastructure unable to provide adequate security for citizens. The more access corporations have to the data from individuals, the easier it is for their algorithms to “shape” our lives – do you know the sources for the media you consume each day?

Mobile devices play a critical role with the ability to provide your location, digital credentials, calendar & more – in real time. We value privacy relative to the culture we live in – e.g. Western Europe enforced GDPR before the USA because they value privacy more. US capitalism prefers to continue to exploit our lives (sans privacy) for short term profit. We need a reference – an end goal; PAD is proposed as precisely that goal (and encourage each reader to dig deeper).

Provenance attributes content to its creator permanently and provides a record of consumers who access it (paid for or free).

We must see thru & above the fear tactics from marketing departments of private companies that “protect” you online (e.g. your identity, passwords, etc.). Without secure infrastructure, products & services claiming to protect you border on delusion & deception.

Among other challenges, the accelerating pace of changes, updates & patches (and similar effects) required to sustain security for most of the software we have used online is exorbitantly expensive (e.g. end-of-lifing most of the OS software from enterprise corporations).[3] New technology like the Internet of Things (aka IoT) will further accentuate the needs for agile processes to secure software, tools & apps for online users. The foibles & leapfrogging in the cartoon “Spy vs Spy” reminds us of the need to constantly update & improve any systems aiming to provide security & privacy, especially for the long term.

For any computing system connected to the internet to be considered “secure” – and I use this term loosely – strict control must be asserted over its policies, rules & human interactions. Algorithms & data must adhere to these policies. Online privacy requires these controls to attain minimum levels of security.

When we agree to enforce similar sets of security policies across connected systems, most importantly those that distribute knowledge and preserve provenance to sources that create algorithms & data, we establish an infrastructure identity. Extraordinarily, corporations do just the opposite to their users by centralizing information, hiding sources of data & algorithms, and commonly placing the burden of risk for their own mistakes on users in lengthy, legaleses – aka EULAs. Just when we’ll change this wretched corporate tide is in your hands dear reader.

meaning notes for poem below:

algos = algorithms

cryptocosm = coined by George Gilder in his book “Life After Google”

anti-fragile = coined by Nassim Taleb in his book “Anti-Fragile”

MVP = minimum viable product

FAMGA = Facebook Apple Microsoft Google Amazon

tis I in facets degrees

online chaos flat light

whither privacy my

stolen id keyless sold

lax security try

to patch human fold

usurp black hat expanse

for algos `n data

value provenance

to global create a

cryptocosm anti-fragile

freedom’s civic respect

MVPs so agile

to surpass org’ protect

from shameful FAMGA might

our privacy pleas(e)


Reputation is everything online. Our systems must be capable of securely protecting each person’s identity to allow us to maintain & control reputations. We must also know what data & algorithms influence a person’s identity – a level of transparency & provenance not available in today’s systems. Commercially available hardware & open-source code can be used to alter a video stream in near real-time.[4] Transparency and control of the algorithms embedded in networks must be part of the design of secure infrastructure for our future.

How do we control data privacy & security in an increasingly complex world where “big data” (aka your digital access & assets including passwords, credit cards, email, banking & other digital credentials)? For starters, converge privacy & security (thankfully already underway ). This is not a limitation of technology, rather the will to architect & build infrastructure to support it.

In the digital realm of shared algorithms & data, fundamental value lies in content provenance (NOT data itself as an AI can synthesize data). The digital & network infrastructures humans evolve must securely manage data provenance.

Yes you need algorithms, code, tech, but privacy proper is far more than product code cranked out by corporate employees (e.g. one’s buying power with cash requires a stable US currency – thank you Federal Reserve Bank & many government agencies securing our national currency!).

What happens when weakly implemented privacy, security & [y]our data converge on today’s poorly architected “internet of corporate things” (aka databases)? Corporations like Equifax have NOT got you covered nor will free markets care for individual citizens; WE must take action as individual citizens. We need to re-architect the internet[5]. Indeed, we require security and privacy to converge – this time on a secure, resilient (even anti-fragile) infrastructure – one designed to distribute intelligence, minimize human errors / vulnerabilities, and track data provenance (e.g. provide each citizen the right to control their data).[6]

Who will have the courage to disrupt today’s policy paralysis and online profiteer “flat light” chaos – to stem FAMGA’s often deliberately opaque, criminal, capitalist greed? [7]

Surely, you wouldn’t be trading your privacy for a cozy capitalist-controlled soul bubble – or would you? 23andMe just showed what happens to your [sampled] genome when from such acedia you agree to an EULA stripping you of your rights.[8]

Regaining our privacy

Not only are we relinquishing our rights & privacy online, we are losing our sense & value for the common good (e.g. Silas Dogood aka Ben Franklin, Ralph Nader & MANY others who lived civic-minded values).[9] So many patriots have given their lives for our freedom; the threat of 21st century Americans giving in so easily to recent corporate influence is grotesquely ironic. Do we really want our legacy to describe us for what we are today – blind apathetics – when such great potential exists for online freedom & provenance? What price are you willing to pay to shift control [of your data] from FAMGA to you? Do you have the grit & guts to stand up for your freedom?

We must balance the power of digital automation with human agency. Think of the power of Youtube without a single, central, controlling private owner.[10] What if benevolence went viral with all our creativity & authenticity permanently traceable to each creator? A thing of beauty. Indeed resplendent, and NOT free. When, of their own accord, a plurality of citizens change their behavior to pay for services online, they will enable new forms of privacy.

Ledgers are a key tool used by our largest asset exchanges to control their largely automated businesses. Using an online ledger-based system to transparently transact with personal information & assets also makes sense – PAD’s time has come. PAD also requires policies to be enforced on systems (e.g. data & network centers, servers, mobile devices) humans process data with.

Ultimately, the impetus for privacy & security must come from citizens & acted on at local, state & national levels. New policies for PAD will require organization and funding at multiple levels of business & government. Again, tech plays the role of amplifying & helping enforce regulations & policies formed around human values. Hardware companies & public groups have already introduced products for real-time security, and there surely will be many & varied new products on this theme. Products like SGX from Intel are already being used in the design of large cohort data sharing services in health care.[11] The voice of large numbers of citizens willing to act will be amplified by evolving tech (admittedly in its infancy) from digital contract & currency infrastructure pioneers like Casa & GoTenna.[12]

Consider the latest Silicon Valley unicorns and the relatively small teams required to code the automation delivered in today’s cloud services companies (e.g. Amazon, Google, Microsoft). As business further automates for efficiency & speed, fewer and fewer humans will be required to start, maintain & grow a business.[13] Within the next few years, under the aegis of FAMGA & their kin pounding their “AI/ML/DL” mantra[14] into the media & code into open source (make no mistake – we are their guinea pigs & paying subscribers for cloud [& other] services), automated decisions (aka “suggestions” from recommender systems) will not only pervade our culture, they could destroy it – unless … unless you care enough to regain control of your life by shutting down the surveillance state – opting out of all those “free” apps & services – and eliminating the government backdoors. Just as “the cloud” entered its hype cycle over a decade ago, AI’s current wave is now in full stride on the mission to control our behavior.

Do you think critically about the content you consume each day?[15] Simply realizing what’s going down here should scare the hell out of us, but you be the judge. In our new awareness, let the dialog & product development begin on just how we regain our privacy!

    1., : 40th International Conference of Data Protection and Privacy Commissioners – Jaron Lanier | : How we need to remake the internet | Jaron Lanier
    1. Deepfakes and the technology behind it – BBC Click –, Face2Face: Real-time Face Capture and Reenactment of RGB Videos (CVPR 2016 Oral) –, DeepFakes Explained –
    1., specifically