Post on 26-Jul-2015
transcript
Privacy for the Interconnected World™
Trusted Advertising
Stop Privacy “Bleeding”
and
Increase Engagement
November 2014
© 2014 Anonos Inc. All Rights Reserved.
The contents of this document are protected by domestic and international copyright and patent laws. The inventions reflected in this document are subject to protection under U.S. Patent Applications No. 13/764,773; 61/675,815;
61/832,087; 61/899,096; 61/938,631; 61/941,242; 61/944,565; 61/945,821; 61/948,575; 61/969,194; 61/974,442; 61/988,373; 61/ 992,441; 61/994,076; 61/994,715; 61/994,721; 62/001,127; 14/298,723; 62/015,431; 62/019,987; 62/037,703; 62/043,238;
62/045,321; 62/051,270; 62/055,669; 62/059,882; 62/080,077; 14/529,960; 14/530,304; 14/530,339 and International PCT Patent Applications No. PCT US13/52159 and PCT/US14/63520. Anonos, Privacy for the Interconnected World, Trusted Advertising,
Dynamic Anonymity, Circles of Trust, CoT, Dynamic De-‐Identifier, and DDID are trademarks of Anonos Inc.
2
anonos.com
Table of Contents
Page 1. Executive Summary 3 2. Trust is Critical to Maximizing Digital Value on a Global Basis 4
3. Trust – The New Currency 5
A Negative Consumer Reaction to Increased Intrusiveness 5 B Consumer Demand for More Personalized Engagement 6
4. Limitations of Traditional Static Anonymity Overcome with Dynamic Anonymity 7
5. A New Paradigm for the Trust Economy -‐ Trusted Advertising 7 6. How Trusted Advertising Works with Anonos Dynamic Anonymity / Circles of Trust (CoT) 9 A Dynamic De-‐Identifiers (DDIDs) 9 B Obscuring Observational Data 10 C User-‐Controlled 3rd Party Engagement 13 D Anonos-‐Enabled Circles of Trust (CoT) 14
Appendix A – Anonos Circle of Trust (CoT) i Appendix B – Background on Anonos C-‐Founders vii
3
anonos.com
1. Executive Summary
Former New York City Mayor Michael Bloomberg highlighted tensions between digital business, privacy and politics with a recent observation that:
Google and Facebook and Twitter, they want to collect data on everything you do, everybody you sleep with, every place you eat and what you ordered at the venue, and then they’re going to sell it for their own personal profit...and we’re complaining about the NSA?1
In the US, technology firms like Apple, Google, Facebook and Twitter are often admired as innovators and job creators. Elsewhere in the world, these same firms are sometimes portrayed as representing “Digital American Imperialism”2 – disrespecting the rights of other nation’s citizens. Even in the US, concerns over privacy take their toll. According to studies, in 2013 approximately 60% of Facebook users took a break of several weeks or more, 50% of users considered quitting the site and 20% of users actually stopped using the site – citing privacy concerns as the biggest reason; 64% of Twitter users and 65% of Google+ users accounted for more than one billion unused accounts on a monthly basis – how many of these accounts were unused due to privacy concerns?3
How does Anonos uniquely stop “privacy bleeding”? We enable platform and application providers to establish greater trust without diminishing value of user data. Without requiring a whole lot from users, Anonos fosters greater trust that enables cross-‐device, geo-‐specific, real-‐time, targeted advertising that:
• Leverages dramatic increased availability of interconnected devices;
• Responds to consumer demand for selective controls enabling increased engagement with trusted merchants while protecting personal information from misuse;
• Maximizes anticipated 1000X improvements in voice, data and video capabilities of 5G over 4G networks making it possible to interconnect with billions of devices and sensors;
• Supports ongoing viability of the safe harbor agreement between the US and Europe (which
1 http://nypost.com/2014/11/11/bloomberg-‐says-‐dodd-‐frank-‐regulations-‐are-‐stupid-‐laws/ 2 http://www.usatoday.com/story/money/business/2014/10/02/apple-‐facebook-‐google-‐too-‐big-‐in-‐europe/16445385/; http://www.forbes.com/sites/davealtavilla/2014/07/11/the-‐snowden-‐effect-‐continues-‐as-‐china-‐claims-‐apples-‐iphone-‐a-‐threat-‐to-‐national-‐security/ 3 http://www.huffingtonpost.com/2013/09/20/quitting-‐facebook_n_3962473.html; http://www.pewinternet.org/2013/02/05/coming-‐and-‐going-‐on-‐facebook/; http://www.businessinsider.com/twitter-‐total-‐registered-‐users-‐v-‐monthly-‐active-‐users-‐2013-‐11; https://econsultancy.com/blog/64319-‐google-‐just-‐35-‐of-‐users-‐are-‐active#i.1vzy36h5kmdsas
4
anonos.com
enables US companies to process Europeans’ data) by upholding privacy rules;
• Improves relations between US technology companies and the rest of the world in the post-‐Snowden era; and
• Overcomes privacy challenges to unlock digital economic growth.
See Section 6 below for more information on how this is accomplished.
The October 2014 Anonos White Paper on Dynamic Data Obscurity (the “Dynamic Data Obscurity White Paper”) 4, explains how Anonos Dynamic Anonymity helps balance competing interests of business, privacy and politics by dynamically obscuring and storing information in Anonos-‐enabled Circles of Trust (“CoTs”) for use in accordance with permissions established by individuals to whom the information relates (“Data Subjects”). This document builds upon the Dynamic Data Obscurity White Paper to explain how Trusted Advertising leverages Anonos Dynamic Anonymity and CoTs to improve upon current digital advertising practices by protecting privacy, increasing consumer engagement and enhancing the value and accuracy of personal data.
2. Trust is Critical to Maximizing Digital Value on a Global Basis
Statements by Andrus Ansip, newly appointed European Commission Vice-‐President for the Digital Single Market, emphasize the importance of trust in overcoming conflicts between maximizing digital value and preserving privacy. In his first blog post since taking the senior European Commission digital position on November 1st 2014, Ansip highlighted “It's about making Europe digital to the widest and deepest extent so that we benefit from the advantages and efficiencies – and that means people as well as business.”5 In his confirmation hearings, he emphasized his mission to “restore Europe’s place as a global leader in the digital economy, creating hundreds of thousands of new jobs….” would require protecting “everyone’s privacy. Data protection will be an important cornerstone of the Digital Internal Market. The citizen’s must have trust in this project.”6
Similarly, in 2013, Facebook’s Chief Privacy Officer, Erin Egan, encapsulated the need to balance digital value with consumer privacy in achieving economic objectives when she called on industry representatives to sit down with privacy advocates “to both honor the expectations consumers have when they use online services and to promote the innovation that has fueled the growth of the Internet into an engine of job creation and a provider of invaluable services.”7 According to Ansip and other European officials, however, the US may not be doing enough to protect the privacy and trust of
4 http://www.anonos.com/anonos-‐dynamic-‐data-‐obscurity/ 5 http://ec.europa.eu/commission/2014-‐2019/ansip/blog/first-‐impressions_en 6 http://www.euractiv.com/sections/innovation-‐enterprise/ansip-‐threatens-‐suspend-‐safe-‐harbour-‐data-‐agreement-‐us-‐308962 7 http://www.bloomberg.com/news/2012-‐02-‐23/obama-‐looks-‐to-‐web-‐industry-‐for-‐online-‐consumer-‐privacy-‐standard.html
5
anonos.com
European citizens -‐ a majority of the European Parliament voted in May 2014 to suspend the safe harbor agreement.8 And in the United States, a November 2014 Pew Research Internet Project reported that: 91% of adults in the survey “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies; 80% of those who use social networking sites say they are concerned about third parties like advertisers or businesses accessing the data they share on these sites; and 64% believe the government should do more to regulate advertisers, compared with 34% who think the government should not get more involved.9
3. Trust – The New Currency
There’s a new currency elbowing its way into commerce: Trust. Author Brian Solis is credited with predicting in 2009, “The next stage in the evolution of new media is the trust economy.”10 A recent article in The Guardian noted “There is a direct link between how much people trust sites and the degree of personal information they disclose to them.11
A Forbes article entitled Your Business, Stripped Bare: How To Win In The New Trust Economy reports that “Smart businesses are increasingly realizing that winning today involves letting go of old ways of selling themselves.”12
Anonos-‐enabled Circles of Trust (“CoTs”) enable partners to “let go of old ways of selling themselves” and concentrate on providing trusted uses of data – as opposed to private uses of data – that overcome negative consumer reaction to increased intrusiveness and satisfy consumer demand for more personalized engagement.
3.A Negative Consumer Reaction to Increased Intrusiveness
The increasing volume, velocity and variety (the ‘3Vs’) of big data elevate the likelihood that consumers will be identified by their online and offline behaviors. This can and should generate anxiety and serious privacy concerns among consumers, potentially leading to state, federal, and international privacy laws being invoked to protect their privacy.
Technology developments like the Internet of Things (“IoT”) – in which virtually every product, locale, personal item, mobile device and object would have a unique IP address, making it remotely /
8 See Footnote 6, supra. 9 http://www.pewinternet.org/2014/11/12/public-‐privacy-‐perceptions/ 10 http://www.socialmediatoday.com/content/evolution-‐new-‐trust-‐economy 11 http://www.theguardian.com/media-‐network/media-‐network-‐blog/2014/nov/10/online-‐privacy-‐digital-‐trust-‐psychology 12 http://www.forbes.com/sites/robasghar/2014/09/17/your-‐business-‐stripped-‐bare-‐how-‐to-‐win-‐in-‐the-‐new-‐trust-‐economy/
6
anonos.com
wirelessly accessible and capable of providing observational data about users – will exacerbate the situation exponentially. The IoT will dramatically increase the ability to track, aggregate, profile and analyze data elements and behaviors that, while they may not directly identify consumers, could easily combine with other data gathering and profiling methods to create a situation that consumers find invasive and “creepy.” When you stop in at Chipotle after the gym, do you want to get a coupon on your smart phone for the salad instead of the burrito because the network serving the ad knows you skipped half of your workout?
Private browsing and similar attempts at anonymity provide greater privacy but at the cost of the loss of personalized offerings and the potential loss of accountability. With these approaches, the value of information is largely destroyed and the consumer is left to start afresh with each engagement. There is no middle ground. Either you’re invisible or you’re naked.
3.B Consumer Demand for More Personalized Engagement
As noted in the Fast Company article below, despite privacy concerns consumers are eager to provide even more accurate and compelling data to merchants whom they trust. Imagine a future where merchants who earn high levels of trust receive valuable and accurate personal information from consumers while merchants who fail the “trust test” get nothing.
Younger consumers are the most effective at using online privacy settings to control who sees their data. Ian Miller, a doctoral candidate studying the psychology of online sharing at the University of Toronto, says in Fast Company:
…Teens’ understanding of privacy is very real and concrete...They know exactly why they need to restrict their privacy settings because they don’t want this one friend to see this one thing. With this knowledge and skill comes some degree of power… teenagers are quick to learn how to use privacy settings to their best advantage... for teens and even millennials, sharing data with companies is now going deeper than a simple exchange of value. Young people are not just acquiescing to give their data to companies, they are actively sharing their content with brands they like.13
Consistent with the above observations, a McKinsey & Company article entitled Views From The Front Lines Of The Data-‐Analytics Revolution reported that data-‐analytics leaders are:
…unanimous in their view that placing more control of information in the hands of consumers, along with building their trust, is the right path forward. 14
13 http://www.fastcompany.com/3037962/then-‐and-‐now/the-‐truth-‐about-‐teenagers-‐the-‐internet-‐and-‐privacy 14 http://www.mckinsey.com/insights/business_technology/views_from_the_front_lines_of_the_data_analytics_revolution
7
anonos.com
If companies want to maximize revenues in the Trust Economy:
• Consumers need to be provided with trusted controls that prevent companies from misusing personal information; and
• Companies in the business of data analytics and usage must facilitate engagement between consumers and trusted merchants.
4. Limitations of Traditional Static Anonymity Overcome with Dynamic Anonymity
Static anonymity arose to enable information to be introduced into commerce without violating privacy rights of individuals. Unfortunately, these approaches to anonymity have proven no match for re-‐identification capabilities resulting from increased volumes, velocity and variety (the ‘3Vs’) of big data. Additional information on the shortcomings of static anonymity is available in the Anonos October 31, 2014 letter to international regulators on enabling big data value and privacy (the “International Regulator Letter”).15 Anonos Dynamic Anonymity overcomes limitations of traditional static anonymity opening up the door to disprove the axiom that “You can have privacy or you can have value – but you cannot have both.” This enables information to be used in different ways by multiple parties in a controlled environment that facilitates unlocking and maximizing the value of data thereby maximizing the value of commerce, research, analysis and other processes while simultaneously significantly improving the quality and performance of data privacy processes.
5. A New Paradigm for the Trust Economy -‐ Trusted Advertising One of the most important types of intermediary companies are those that facilitate online and mobile advertising. Digital advertising works one way today: personal behavioral data is collected from consumers, profiles are built and ads are served based on what ad serving companies believe consumers are interested in. It’s an ecosystem in which the value of personal information is high, but where companies that collect additional personal data risk being filed in the “creepy” category. However, Anonos builds a “bridge” between advertising—the primary source of revenue for many companies—and trust. Anonos Trusted Advertising improves upon digital advertising techniques by protecting privacy, increasing consumer engagement and enhancing value and accuracy of personal data.
Anonos Dynamic Anonymity is based on the principle that static anonymity is an illusion and that use of static identifiers is fundamentally flawed. The Anonos system dynamically segments and applies re-‐assignable de-‐identifiers to data stream elements to minimize the risk of information being
15 http://www.anonos.com/anonos-‐enabling-‐bigdata/
8
anonos.com
unintentionally shared, while allowing only trusted parties (“Trusted Parties”) to re-‐stitch the data stream elements into useful information. This enables use of data only in accordance with permissions established by, or on behalf of, consumers. With Anonos Dynamic Anonymity / CoTs, advertisers are not limited by profiles and behavior models currently used to guess at the interests of consumers. With enhanced privacy from the CoT, consumers can tell companies what they are most interested in without the risk of being “stalked” online. Advertising becomes more relevant, more targeted and, most importantly, more trusted, enabling the consumer and the advertiser to develop a deeper relationship. With Trusted Advertising:
• Consumers do not have to change their behavior in a way that may be disadvantageous to merchants, advertisers, marketers or to themselves;
• The desire, particularly among younger consumers, to provide more information to trusted merchants can be facilitated; and
• Undesired actions by state, federal and international legislators and regulators can be avoided.
Tomas Chamorro-‐Premuzic, a professor of business psychology at University College London, noted in The Guardian:
Right now, our digital self is not just managed and sold by others – such as our credit card company, our mobile company, our bank, our government – it is also highly fragmented…brokers of our online footprint have a schizophrenic view of our digital self…There is surely another layer to be discovered, and in this deeper layer sits the answer to who it is that is using a device, who is searching, who is buying. In short, if companies can truly help consumers understand themselves better and make better decisions, they will have a clear incentive to be observed.16
Anonos Trusted Advertising enables a holistic approach to digital advertising that protects privacy, increases consumer engagement and enhances the value and accuracy of personal data for the benefit of both consumers and merchants.
16 http://www.theguardian.com/media-‐network/media-‐network-‐blog/2014/nov/10/online-‐privacy-‐digital-‐trust-‐psychology
9
anonos.com
6. How Trusted Advertising Works with Anonos Dynamic Anonymity / Circles of Trust (CoT) Key elements that establish Anonos Trusted Advertising as a Privacy Enhancing Technology (PET) are:
• Dynamic De-‐Identifiers (DDIDs) – temporally-‐bounded pseudonyms which both refer to and obscure the value of (i) primary keys used internally within a CoT to identify a Data Subject, (ii) the value of an attribute of that Data Subject, and/or (iii) the kind or type of data being associated with the Data Subject.
• Obscuring Observational Data – using DDIDs to obscure observational data captured externally to the CoT.
• User-‐Controlled 3rd Party Engagement – using DDIDs to obscure observational as well as other data distributed to third parties outside the CoT.
• Anonos-‐Enabled CoTs – storing DDID / obscuring key association information and facilitating interactions between and among Data Subjects, Trusted Parties / third-‐party participants in a privacy-‐respectful environment.
6.A Dynamic De-‐Identifiers (DDIDs) DDIDs protect data because there is no discernable, inherent, or computable relationship between their content and the cleartext values to which they refer. The association between a given DDID and its cleartext value is not exposed outside the CoT without authorization. Unlike static identifiers, an obscured value or key need not have the same associated DDID when used in a different context, for a different purpose, or at a different time. DDIDs can be generated within a CoT or external identifiers can be used as DDIDs. Dynamic Anonymity uses dynamically changing and re-‐assignable keys outside of CoTs -‐ each comprised of (i) a DDID and (ii) the time period / purpose for which the DDID is associated with a given Data Subject. This association is not made available outside of the CoT (without authorization of a Data Subject) and is not reconstructable, since connections between a Data Subject and data pertaining to a Data Subject contain no recoverable information leading back to the Data Subject – the connections are severed and not inherently computable.
10
anonos.com
6.B Obscuring Observational Data In applications where a static identifier is typically associated with observational data enabling third parties to track and profile a Data Subject, Anonos Dynamic Anonymity interposes DDIDs that may change over time (triggered by a lapse of time, change in purpose, temporary cessation in activity, or change in virtual or physical location) limiting the ability to track, profile or otherwise associate data with the Data Subject. Information pertaining to the association between a DDID and applicable Data Subject is securely stored and known only within applicable CoTs.
Example – Search Engine The Dynamic Data Obscurity White Paper17 provides an example of obscuring observational data between a consumer and a search engine by leveraging the natural response of a search engine to create a new cookie / digital footprint tracker for each Data Subject perceived to be interacting with the search engine for the first time. Clearing history, cache, cookie / digital footprint tracker, and associated data will cause the search engine to generate a new cookie / digital footprint tracker for the Data Subject which can be used as a DDID. An Anonos-‐enabled CoT can store information pertaining to associations of different cookie / digital footprint tracker DDIDs to the Data Subject, and optionally also store a list of queries and selected links. Example – Internet of Things Observational data can be obscured by leveraging privacy APIs that define Anonos-‐enabled inputs, outputs and operations (including, but not limited to generation, use and tracking of DDIDs to dynamically obscure data) that reside on, or operate in connection with, IoT devices / sensors used or accessed by Data Subjects. The same system that obscures observational data with respect to IOT devices and sensors can also be used to provide personalized information and targeted advertising services across devices and/or platforms as requested by a Data Subject. Obscuring the identity of a Data Subject using multiple devices / platforms provides privacy; the same information can be selectively permissioned by the Data Subject to enable cross-‐device / platform personalized services in a privacy-‐respectful manner. Other approaches to cross-‐device / platform targeting – i.e., the ability to serve targeted advertising to the same consumer across multiple digital devices and platforms – pose technology challenges because cookies and mobile IDs allow advertisers to track and serve targeted advertising to uniquely identifiable users but only on a single device or even on a specific app where the ID or cookie is available. Therefore, a single consumer using multiple devices / platforms or accessing multiple sensors
17 See Footnote 4, supra.
11
anonos.com
may be viewed as multiple "users" thereby frustrating attempts to serve coordinated targeted advertising to the consumer.
Given projected growth in numbers of interconnected devices and one thousand-‐fold improvements in voice, data and video capabilities of 5G over 4G networks18 making it possible to interconnect with billions of devices and sensors globally, the economic potential of cross-‐device / platform advertising is significant. But, as highlighted in the Gigaom research report Why Cross-‐Device Ad Targeting Is So Promising -‐ And So Challenging -‐ For Mobile:
[No solution] is a panacea for advertisers looking to crack the mobile code, because none can give marketers a 360-‐degree view of a market fragmented by multiple competing operating systems, carriers, social networks and other components. No vast network of publisher log-‐in data exists, so advertisers still can view only slices of the overall impact of their cross-‐device ad campaigns, so measuring ROI will remain a big challenge for the foreseeable future.19
18 http://www.huawei.com/5gwhitepaper/ 19 http://research.gigaom.com/2014/06/why-‐cross-‐device-‐ad-‐targeting-‐is-‐so-‐promising-‐in-‐mobile/
12
anonos.com
With Trusted Advertising, since a Data Subject serves as the common nexus between all devices, platforms and sensors that pertain to them, personalized information and targeted advertising services can be coordinated across the devices, platforms and sensors versus a siloed approach.
Anonos Trusted Advertising facilitates bi-‐directional online and offline information exchange. While most efforts focus on using offline behavior data, particularly purchase data, to better target online ads, Trusted Advertising can facilitate bi-‐directional information exchange. For example, when a Data Subject walks into a brick-‐and-‐mortar store there can be a kiosk or other mechanism whereby the Data Subject uses a smartphone or other device to deliver DDIDs representing information they are willing to share with the store. The store can then send information to the device on where to find what the Data Subject is looking for together with any special offers – all while maintaining anonymity for the Data Subject until they decide to make a purchase.
Anonos Trusted Advertising can provide the ‘deeper layer’ noted in The Guardian: 20
[That deeper] layer to be discovered [in which] sits the answer to who it is that is using a device, who is searching, who is buying… [the deeper layer] can truly help consumers understand themselves better and make better decisions [so] they will have a clear incentive to be observed.”
20 See Footnote 16, supra.
13
anonos.com
6.C User-‐Controlled 3rd Party Engagement User-‐controlled third party engagement unlocks digital economic growth by enabling Data Subjects to have flexible levels of privacy and anonymity according to privacy policies established by, or on behalf of, the Data Subjects.
Ads can be served based on interests of individual Data Subjects or groups of Data Subjects – in either case, the “last mile”21 of delivering targeted ads to Data Subjects is handled by a Trusted Party to ensure that no identifying information about Data Subjects is revealed outside the CoT unless or except as specifically authorized by the Data Subjects. This “last mile” delivery of ads to one or more devices by a Trusted Party can occur in numerous ways, including via an allocated browser banner, pop-‐up notice, text message, or other means specified by a Data Subject. In this manner, targeted advertising and associated transaction fulfillment occurs across multiple digital devices / platforms. This enables respect for individual privacy without compromising existing business models and creates opportunities for new revenue streams.
Data Subjects can also create highly qualified leads by generating indications of interest or “IOIs”22 representing desires to purchase and/or receive information about specific products or services. For the same reasons noted above, the “last mile” of delivering responses to IOIs to Data Subjects is handled by a Trusted Party.
Data Subjects may enjoy personalized transactions while retaining the ability to remain anonymous until such time as they decide not to remain anonymous, at which time only that information needed to consummate a desired transaction would be shared.23
For those merchants with whom a Data Subject has a strong relationship of trust, the Data Subject can have a “Trust” button that provides the trusted merchant with access to select DDID / obscuring key association information to share desired detailed cleartext information with the merchant. In contrast to Facebook "Likes” that may be made generally available to third parties,24 information made
21 The term “last mile” is used in the telecommunications, cable television and Internet industries to refer to the final leg of delivering communications to a retail customer. See http://en.wikipedia.org/wiki/Last_mile 22 The term “Indication of Interest” or “IOI” is a financial securities underwriting expression generally referring to the expression of a conditional, non-‐binding interest in making a purchase. See http://www.investopedia.com/terms/i/ioi.asp 23 If total anonymity is requested by a Data Subject, a transaction can be consummated between a third party and an Anonos-‐enabled CoT or Trusted Party for a desired product or service, with a follow-‐up transaction occurring between the Data Subject and the Anonos-‐enabled CoT to transfer the product or service to the Data Subject, including potential transaction financing arranged by the Anonos-‐enabled CoT or Trusted Party. The CoT may provide an authenticated data structure that permits validation and verification of the integrity of transaction-‐related information through methodologies such as cyclic redundancy checks (“CRCs”), message authentication codes, digital watermarking, linking-‐based time-‐stamping or analogous methodologies. 24 http://www.usatoday.com/story/news/nation/2013/03/11/facebook-‐likes-‐predictions-‐privacy/1975777/
14
anonos.com
available to a trusted merchant via a “Trust” button would be made available only to that trusted merchant in accordance with specific instructions from the Data Subject.
6.D Anonos-‐Enabled Circle of Trust (CoT)
Anonos-‐enabled CoTs retain relationship information between and among obscured data elements and Data Subjects to permit ‘re-‐stitching’ of information according to privacy policies established by, and/or on behalf of, Data Subjects. Queries that rely upon un-‐obscured data can also be securely run against data stores to provide aggregate results. Personally identifiable information is only produced temporarily, within a CoT managed by the Trusted Party subject to privacy policies established by the Data Subject — such as when the DDIDs are resolved. Such operations are transient and leave no lasting trace other than the intended query result, and could also be confined to certain dedicated servers for increased security. The use of DDIDs in the context of Anonos-‐enabled COTs avoids potential shortcomings of normal data analytics that could generate discriminatory or even identifiable results. Additionally, if allowed by the Trusted Party and with the data owner’s consent, offers to modify or grant specific and limited permissions may be presented to, and accepted by, Data Subjects. Anonos-‐enabled CoTs improve upon existing frameworks by using privacy level rules to prevent inappropriate use of observational data, which is obscured and only analyzed, whether from inside or outside a CoT, in a manner consistent with each Data Subject’s specified privacy levels.
Appendix A provides additional information on CoTs, including new commercial “data fusion”25 business / revenue models and CoT capabilities to send coupons to qualified prospects. This selective targeting of coupons can help avoid negative publicity like that associated with the 2012 The New York Times article entitled How Companies Learn Your Secrets26 involving a teenage girl whose pregnancy was revealed by sending pregnancy-‐related product coupons to her family home. Worldwide public reaction to this story ranged from a scathing law review article on tensions between potential benefits of big data and resulting privacy harms27 to demands for new laws and regulations.28
25 The May 2014 U.S. President’s Council of Advisors on Science and Technology (PCAST) report entitled Big Data and Privacy: A Technological Perspective Data states that “data fusion occurs when data from different sources are brought into contact and new facts emerge.” See http://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-‐_may_2014.pdf 26 http://www.nytimes.com/2012/02/19/magazine/shopping-‐habits.html 27 See Crawford, Kate and Schultz, Jason, Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms, available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2325784 28 See article entitled Why Big Data Has Made Your Privacy a Thing of the Past, available at http://www.theguardian.com/technology/2013/oct/06/big-‐data-‐predictive-‐analytics-‐privacy
Appendices
2
anonos.com
Appendix A
An Anonos-‐enabled Circle of Trust (“CoT”) is composed of one or more Trusted Parties, each of which may offer one or more independent data storage facilities, as well as secure means (via Anonos Dynamic Anonymity or Privacy Enhancing Technology (“PET”)-‐enabled means of obfuscation and/or encryption) to segment and transmit sensitive data to these data stores. Alternatively, Anonos-‐compliant application developers could choose to only store the Data Subject-‐to-‐ DDID associations within the CoT, and instead to use Anonos Dynamic Anonymity-‐defined procedures to obscure, encrypt, and/or segment data (or utilize Anonos-‐enabled toolkits for such procedures); allowing applications to safely store generated or collected information in their own facilities, without loss of context or business value.
The figure above illustrates an Anonos-‐enabled CoT from a Trusted Party perspective. Note first that the Data Subject is included on the diagram at the bottom left. Diagrams of most current data use systems do not include Data Subjects since participation by Data Subjects generally takes the form of a binary decision whether to agree to “take-‐it-‐or-‐leave-‐it” online terms and conditions using the traditional “notice and consent” model.29 After that initial point, the Data Subject typically loses all
29 Take-‐it-‐or-‐leave-‐it “notice and consent” online terms and conditions are acknowledged as a “market failure” in the May 2014 President’s Council of Advisors on Science and Technology report entitled Big Data and Privacy: A Technological Perspective (the “PCAST Report”) available at http://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-‐_may_2014.pdf
i
3
anonos.com
power to affect what happens to their data since "they are the product, not the customer."30 It is well acknowledged that this is a broken model for the digital age and provides few effective limitations on current or future use of data.31
Anonos-‐enabled CoTs leverage Dynamic Anonymity to empower a Data Subject to whom data pertains (a “Subject User”) to select from pre-‐set policies (similar to, but also easily more granular than, selecting a low, medium or high level of protection when installing anti-‐virus software) that translate into discrete dynamic permissions. Alternatively, a Subject User may select a “Custom” option to specify more detailed dynamic parameters (similar to selecting custom installation options when installing application software). Privacy Policy Rules relate to allowable operations such as what data can be used by whom, for what purpose, what time period, etc. Rules may also specify desired anonymization levels such as when / where / how to use DDIDs for dynamic obscuring (as more fully described herein) in the context of providing anonymity for the identity and/or activities of a Data Subject, when to use other PETs in connection with DDIDs, when to provide identifying information to facilitate transactions, etc. When data is input by someone other than the Data Subject to whom data pertains (a “Third Party User”), the Third Party User establishes Request Rules that enable data use / access in compliance with established corporate, legislative and/or regulatory data use / privacy requirements. “Permitted Data” in the figure above represents data available for sharing with parties external to the CoT that satisfies Privacy Policy Rules established by Subject Users and/or Request Rules established by Third Party Users. It should be noted that there may be more than one Trusted Party working cooperatively in connection with a single Anonos-‐enabled CoT and that Data Subjects may be participants in any number of Circles of Trust. Circles of Trust can be implemented by means of a centralized or federated model for increased security. Arrows in the above figure represent data movement; data inputs and outputs will contain different information.
The figure below represents the concept of an Anonos-‐enabled Circle of Trust (CoT) from a Data Subject perspective.
30 Bruce Schneier, security expert and author, said in a 2010 speech at the RSA Europe security conference in London, "Don't make the mistake of thinking you're Facebook's customer, you're not – you're the product….Its customers are the advertisers." See http://www.information-‐age.com/technology/security/1290603/facebook-‐is-‐%22deliberately-‐killing-‐privacy%22-‐says-‐schneier 31 Limitations of current data privacy / security arrangements were highlighted in an October 2014 New York Times article in which Bruce Schneier stated “Security is out of your control….The only thing you can do is agitate for laws about regulating third-‐party use of your data and how they store it, use it and collect it.” See http://www.nytimes.com/2014/10/04/your-‐money/jpmorgan-‐chase-‐hack-‐ways-‐to-‐protect-‐yourself.html?emc=edit_th_20141004&nl=todaysheadlines&nlid=33726949 &_r=0
ii
4
anonos.com
Anonos-‐enabled CoTs can enable new commercial “data fusion” business / revenue models without violating privacy rights of Data Subjects via federated, anonymized queries, either among different Trusted Parties within a CoT, different data stores within the same Trusted Party, or between Trusted Parties and application developers whose data stores reside outside the CoT.
Consider for example the challenge of where to locate a high-‐end, sports boutique targeting athletes between 15 and 18 years old who play high school sports. The Anonos system improves upon existing techniques by allowing the target query to span multiple data stores and dividing it up such that each participant does not know what purpose it serves, so there is no risk of divulging personally identifying information or violating personal privacy rights.
In this scenario, the query for the number of athletes who are 15 – 18 years old who play high school sports within a set of (sufficiently large) geographic areas is presented to numerous Trusted Parties within the Anonos CoT. This aggregate query is then broken down into several steps, such as:
1. Find athletes between 15 – 18 years of age in some broad geographic area.
2. Select only those who play high school sports.
3. Select only those whose privacy policies allow this level of analysis.
4. “Join” those results to the home addresses of those athletes.
5. Aggregate these results by neighborhood, revealing only counts of athletes.
The actions needed to satisfy this query could span completely different data stores, in different organizations – nonetheless protected and facilitated by the CoT.
iii
5
anonos.com
For Example:
1. The prospective boutique owners send a query to a Trusted Party, asking to find individuals who are between 15 – 18 years old who play high school sports.
2. The Trusted Party contacts education-‐related data stores to find individuals who are between 15 – 18 years old who play high school sports.
3. The education-‐related data stores (which store information by DDIDs rather than by identifiable keys) find matching records.
4. Matching DDIDs are then transmitted back to the Trusted Party.
5. The Trusted Party then resolves these DDIDs to unveil identified individuals.
6. The Trusted Party filters that list by those whose privacy policies allow this particular kind of query.
7. The CoT then uses a database of their addresses to aggregate counts (or incidence frequency, if the query is incomplete) by neighborhood, producing the desired result.
iv
6
anonos.com
In this scenario, companies operating education-‐related databases do not need to know (or divulge) the identity, location, or other potentially identifiable information of the athletes whose data they possess. The records they possess are keyed by DDID, and also potentially obscured, so that no personally identifiable information is generated when performing the specified query, nor when transmitting results. Note that the party posing the query does not have access to this information. Their only interaction with the CoT consists of posing a question and receiving a high-‐level, aggregated, non-‐personally identifiable result. Note that not having access to this information in no way affects the quality, accuracy or precision of the end result. Anonos thus eliminates personally identifiable information that contributes nothing to the end result and that only serves to weaken privacy without any attendant benefit to any other party. By filtering out irrelevant data, the analysis of which would otherwise consume time and resources, this process actually increases the utility and value of the information received.
Example: Offering a Coupon
A shoe manufacturer wishes to send a coupon for a new line of shoes to people who have recently performed web searches related to the sport of running within a certain city. In exchange for offering discounts on the shoes, the manufacturer wishes to receive qualified consumers’ email and/or home addresses, and to send those who redeem the coupon a survey to assess their satisfaction with the new shoe. Such an interaction might look like this:
v
7
anonos.com
Explanation:
1. The manufacturer, outside the CoT, purchases a list of matching DDIDs from a search engine.
2. The DDIDs are submitted to one or more Trusted Parties, accompanied by an offer letter and a policy modification allowing access (upon acceptance) to Data Subjects’ email and/or home addresses.
3. Each Trusted Party then forwards the offer letter to the Data Subjects matching those DDIDs (provided they have opted-‐in to receiving such an offer).
4. If a Data Subject recipient accepts the offer, the recipient’s policy is updated with (perhaps temporally-‐limited) permission for exposing their home and/or e-‐mail addresses to the shoe company.
5. The shoe manufacturer, now part of the CoT, but only with respect to this specific offer and only in the most limited sense, then receives a list of e-‐mail and home addresses of those who wish to receive the coupons. Note that this list is necessarily highly targeted and accurate and therefore of maximum value to the shoe manufacturer. This is precisely how the Anonos CoT, by increasing privacy, also increases value. The shoe manufacturer may be assured that all mailings done this way will be sent to those with substantial interest in the manufacturers’ offer.
vi
8
anonos.com
Appendix B Background on Anonos Co-‐Founders
Co-‐founders Gary LaFever and Ted Myerson – successful business partners and entrepreneurs for over 10 years – believe innovative applications of technology, like Anonos, can facilitate market changes that address the needs of disparate stakeholder groups – including individuals, commercial and not-‐for-‐profit organizations, countries and regulators. Gary LaFever -‐ Gary is a solutions-‐oriented futurist with both a computer science and legal background. His combination of technical and legal expertise enables him to approach issues from both perspectives.
• Prior to Anonos, Gary was co-‐founder at FTEN, a company that revolutionized global financial securities markets by enabling real-‐time risk management by aggregating together seemingly unassociated data elements to reflect real-‐time, consolidated financial positions. NASDAQ OMX acquired FTEN following the May 6th “Flash Crash,” when the Dow Jones industrial average briefly plunged nearly 1,000 points erasing $1 trillion from the U.S. financial securities markets. This enables NASDAQ OMX to provide technology tools to global exchanges for managing systemic risk in financial securities markets.
• While a NASDAQ OMX executive, Gary co-‐founded FinQloud, the financial industry big data initiative between Amazon Web Services (AWS) and NASDAQ OMX. FinQloud was the recipient of the Wall Street Letter WSL 2014 Institutional Trading Awards as the Best Cloud Solution.
• Gary is a former partner at the major international law firm of Hogan Lovells, where he specialized in helping emerging technology companies achieve strategic and financial goals in the context of applicable laws, policies, rules and regulations.
• Gary began his professional career at Accenture -‐ the multinational management consulting, technology services, and outsourcing company, following receipt of his undergraduate degree in computer science.
Ted Myerson -‐ An inventor and visionary with the insight to “see what other people don’t see,” Ted has a proven record of converting inspiration and innovation into highly profitable businesses.
• Prior to co-‐founding Anonos, Ted was the founder and CEO of FTEN, a groundbreaking company developing innovative market risk management solutions driving new levels of market integrity.
vii
9
anonos.com
• The landmark SEC Market Access Rule 15(c)3-‐5, sometimes referred to as The FTEN Rule, requiring real-‐time, cross-‐market-‐risk management to improve market integrity was made possible by FTEN technology.
• At FTEN, Ted spearheaded numerous innovations and achievements that led to FTEN’s nomination for the 2009 National Medal of Technology and Innovation (NMTI), the United States’ highest honor for technological achievement bestowed by the President on America's leading innovators; recognition as an Inc. 500 'Top 50' fastest growing company / fastest growing software company two years in a row; and being named a Crain’s New York Business “Best Place to Work” in 2010.
• Under Ted’s leadership, NASDAQ OMX acquired FTEN in 2010. After the sale, Ted was named Global Head of Access Services at NASDAQ OMX where he managed a division overseeing 16% of total revenue, roughly $250 million in 2012, and 12% of corporate profit.
• Ted was named as a 2010 New York Enterprise Business Report “Game Changer.”
Patents Awarded to Gary LaFever / Ted Myerson
2014
• US 8,788,396 -‐ Big Data Cloud Computing System
• US 8,738,479 -‐ Big Data Categorization System
2013
• US 8,489,496 – Data Aggregation / Re-‐identification System
• US 8,433,641 -‐ Time Sensitive Big Data Analysis System
2011
• US 8,010,442 -‐ Cross-‐Market Big Data Management System
2010
• US 7,778,915 -‐ Real-‐Time Data Transparency / Risk Management System
viii
For more information, please contact INFO@ANONOS.com