Data Sovereignty Movement

They were wearing [mostly] black. After 10 minutes in the room I asked myself “is this the new left?”

I was pretty sure they wouldn’t agree with that term, but they were talking about dignity, privacy, human rights, sovereignty, poverty, democracy, security, marginalised communities, accessibility.

The password for the wifi was “itstartshere”.

I liked them. They had a lot more skills and a lot less ideology that the Old Left.

It was a conference in Berlin called “Privacy for Everyone”, organized by Least Authority and Dekrypt Capital (an investment fund focused on privacy-related enterprises).

I had taken it upon myself to become educated about blockchain, but I learned so much more.


One of the strongest concerns of the conference was user data. This could mean anything, so I’m going to distinguish between “lifestyle data” and “digital assets”.

In electronic interactions we share extensive lifestyle data about ourselves. Most corporations are now built around profiting from that data, rather than profiting from the services they provide to us. Google and Facebook don’t even charge for those services, and have become so integral to users’ daily lives (and monopolistic) that the lifestyle data they have collected is quite comprehensive (they also have control over our digital assets, more on that later). The consensus at the conference was that alternatives to these two is an urgent and daunting project, not only because of the need to produce a competitive market offering, but also because of the need for an alternative business model that could fund the development (coding) costs of such attractive services. So far, very few companies have tried to assert market differentiation by offering customers privacy (one example is Deutsch Telekom).

Many consumers are helpless about lifestyle data collection by companies. (The data consent forms we routinely “agree” to in order to use services would require 30days/year to read.) And data collection is now integrated into more and more technologies, such as voice-contral systems (Amazon’s Alexa and Apple’s Siri), “smart homes”, “smart watches”, and “smart fridges”. The most obvious use of this data is for advertising, which is  the main business model at the moment (80% of Google’s revenue is from advertising). Other threats are the sharing of lifestyle data (nutrition, exercise, alcohol/nicotine/drug use) with health insurance companies and employers.  A new threat is the use of Artificial Intelligence systems to “repersonalize” data which has been anonymized. (This affects every kind of research data.)

Another level of concern is future criminalization of actions which are now legal. There was not much talk at the conference about data errors and data interpretation, such as criminal data being associated with the wrong person or being misinterpreted, leading to false listings on no-fly lists, etc.

A final concern is data security. Any company which collects data, must protect that data from theft. This is a major vulnerability, and the conference speakers seemed to believe that it is in this arena that the current system will start to break, increasing consumer awareness and resistance and opening market possibilities for “disruptive” (paradigm shifts in a product/service which allow for new companies to enter a monopolised market) alternatives to Facebook and Google.

There were three kinds of defences proposed at the conference. The first is being more careful about what you share, and be selective about which aps and devices you use. Even store-patronage aps are sucking up all kinds of data from your phone. (An example was the Dunkin Donuts loyalty program.) A second defence is encryption of messaging and your internet service.

A third defence is rights and law, such as the European General Data Protection Regulation (GDPR) which comes into effect shortly. This law applies not only to European companies, but any company providing services in the EU. There is already a legal principle of “data minimisation”, and companies are responsible not only for liability in the case of data breaches (the sanctions are now serious), but for failure to be able to prove data security. The problem, according to a panel of three lawyers, is that “there is no other area of the law where there is such a massive gap between legal theory and reality.” Very few companies comply with this law. (An example of a well known and noncompliant company is MailChimp.) Implementation of the GDPR will depend on lawsuits (in Europe there is no such thing as a class-action lawsuit) and market actions in the category of LegalTech. An example of a LegalTech market solution to enforcement is the company FlightRight, which has developed a simple solution for consumers to claim their right to compensation (under an EU Directive) if any flight is more than 2 hours late.

Of course privacy is also used by elites to hide undemocratic processes, to sequester profits from taxation, and to conceal illegal actions. Transparency is also important in social situations requiring accountability.

A panel of educators talked about their exhaustion with the common response on privacy issues “I have nothing to hide”. In addition to the above threats, they emphasized that privacy has a social dimension as part of citizenship. Collectively we need whistleblowers and their work becomes impossible without privacy. They also emphasised that what we think of as dignity often depends on privacy.

One of the speakers said “privacy is like literacy”. Governments have a role to play in protecting citizens’ rights to privacy, but citizens also have work to do in being responsible for their privacy.


According to cryptocurrency advocates, consumers must be willing to take more responsibility in the systems on which they depend. These means not trusting your assets to third parties. The technologies which make this possible are called “trustless systems”, in which users retain maximum sovereignty.

Today’s privacy activists are working to develop encryption systems that can be applied to different uses. Some of these are Tor (not to be confused with torrents) and Mixnet.

With cryptocurrency, there is no intermediary bank. If you lose your password, or don’t understand the system, your money is gone. On the other hand, you don’t pay transaction fees, and you have the option to participate in the production, maintenance, and governance of the currency. (How this work varies with each of the hundreds of available currencies.)

But your money isn’t the only thing you can retain sovereignty over. You can also take responsibility for encrypting your communications. For short messages (alternatives to Facebook’s Whatsap): Telegram, Signal, and Briar (the latter has the old fashioned feature that to connect you have to meet at least once in person or connect through a friend who has met both of you in person.)  For email there are lots of encryption solutions. One discussed at the conference is Katzenpost (but there are more accessible solutions).

At the moment we entrust not only our lifestyle data, but our digital assets (documents, photos, videos … ) to the companies from whom we purchase software for editing and sharing (Pinterest, YouTube, GoogleDocs…) Brian Warner proposed that the proprietary management of our assets gives companies an unfair stronghold over us (“user lock=in”) but this approach also has two big downsides for the service companies: First it raises the costs. Instead of focusing their development efforts on the services they provide, they have to put incredible resources into storage systems. Second, our data is becoming a toxic liability.

The alternative he proposes is user sovereignty over digital assets. Users would pay for encrypted cloud storage service, and then give (and revoke) access to this material to software providers on an item (or folder, or type) basis. This would ensure that we can easily change from one software or sharing provider to another when we become unhappy with their services or ethics. For example, instead of storing photos and videos within Instagram, we would give Instagram access to our encrypted cloud storage system. If  a better photo sharing service comes along, or Instagram takes away our favourite feature we could easily revoke access and switch to another service provider.

Brian also hinted at a piece of this that I think is most crucial: Our database of “contacts”. At the moment we allow Twitter, Facebook, Apple, Google, and Hubspot access to our contacts database and we do not even have a real usable database.

I worry about my friends who run their entire businesses on Facebook, relying on them for identity/branding/access (instead of having their own website), with their archive of marketing/content, and their entire customer/relationship database.


Certainly there was a lot of interest at the conference in Blockchain.

Blockchain is an encryption technology based on cutting edge academic math. (“Trust math, not politicians.”) It’s best thought of as an operating system. An example of a company providing such a operating system is Etherium.

One aspect of Blockchain is its permanence. For this reason, artists are interested in writing texts into the blockchain. (Storing an image in this manner would be very expensive, but koans and haiku are affordable.)  Interestingly, due to the expense, blockchain is one part of the internet that is immune to porn.

One of the most popular applications of the blockchain is the creation of cryptocurrencies. The current challenges with cryptocurrencies are scalability, privacy, and generalised programmability (application to more uses). Zaki Manian has prioritised scalability, working with the cryptocurrency ZCash and Etherium. He explained “in 2016 we didn’t think we would need to scale, there wasn’t enough interest. In 2017 millions of people become interested, and fortunately now we have enough investment to 3x the academic funding and do the development work to solve scale.” Next on his list is privacy. “So far cryptocurrency hasn’t delivered any privacy to consumers. We turn every detail over to the IRS.” Fortune 500 companies are very interested in cryptocurrency and are investing in research with Blockchain at Berkeley, represented at the conference by Howard Wu who explained “they aren’t going past proof-of-concept until they get privacy.”

The common presumption about the purpose of this privacy is to avoid taxation. I asked Zaki about this. “There are much, much cheaper and easier ways to avoid taxation than blockchain.” He explained that corporations need privacy not to avoid taxation but to protect standard business operations that are part of their competitive advantage (these are operations that they are not required by law to disclose).

For citizens the challenges of cryptocurrency are usability. Brian explained to me a triangle which gets at the difficulties we face in taking responsibility for any kind of login. Of the following three variables, we can only have two at once: globally unique, secure, and human memorable…

A challenge for designers is how much responsibility consumers really want, how much self-education in how many different basic life technologies users are willing to do,  and how much they will be willing to pay for an intermediary who actually provides customer service. Facebook and Google do not provide customer service beyond password reset. Paypal refused to provide customer service for their first years. Apple and many other companies now charge a fee for assistance. One proposal at the conference was to replace Facebook’s business model with an annual fee for service.

In truth cryptocurrency is not “trustless” from the consumer’s point of view because we are trusting a whole lot of processes and agents (the cryptocurrency designers, the exchange, the wallet software) which we don’t control or understand.) The SaaS (Software as a Service) business model often offers users different levels of service and support at increasing price, sometimes with a free plan (funded by advertising). Popular examples are Spotify and MailPoet. I didn’t hear anyone mentioning a SaaS model for cryptocurrency. Is this ideological? To use this technology you must be self-educated?

A Social Movement for Sovereign Data and Money

I was interested in how humanitarianism in the context of the internet requires some new concepts: permanence, monetisation (to reward content creators for their work, another promise of with cryptocurrency via micro transactions), reverse commodification (in which users get paid for their lifestyle data, e.g. DataWallet).

How to participate: educate yourself and others, put privacy first in design, support alternatives by being an early adopter, and help alternatives grow as an evangelist (promoter).