‘TRUST API’

Trust from KnowNow - A new service enabling users to stay in control of their data in realtime all the time.

Cognicity Challenge• Cognicity Challenge at

Canary Wharf - Jan - Apr ‘15

• KnowNow Cohort 1 Finalists

• we created ‘Eat Sleep Play Go’

• Resulted in TRUST API - a Privacy Data Throttle

kn-i app

- TRUST gives the user direct control over how their data is used.

- TRUST dashboard will show other apps transaction history through TRUST.

- TRUST also shows how an app provider will use your personal data.

How does it work? Well, when you land in a place your can either Eat, Sleep, Play, Go. kn-i marries what is there to what you want as kn-i has a special relationship with each user. Which is due to the unique Trust function that allows kn-i to only uses the information you give permission for. This means kn-i can give you what you want when you want it. Push the slider to the right kn-i has a rich set of criteria and a perfect answer. Push to the left, it knows nothing about you other than you want some information.

But this is not all, the kn-i app is also a new economic opportunity. The kn-i platform and app is open. The aim here is to encourage other developers to also write services for a place so that it can really come alive. This creates a sustainable information marketplace for Canary Wharf. An example KnowNow has created to show off both this open marketplace and also allow Canary Wharf to be a differentiator is a new Augmented Reality service for the London Docklands Museum.

Take a Demo: http://knapp.mybluemix.net/#/tab/home To see TRUST in action. Click on Demo above. Go to the menu bar (top left 3 horizontal bars).

Trust works in conjunction with Preferences. See how when you push the slider to right or left the amount of data you have or give changes. = Privacy Data Throttle In Action

Why “Consent”?● Empowerment

− Fundamentally, consent is not “message and click” but “understand and choose”

− 'Consent', broadly, is about informed citizens making choices

● Regulation − New EU regulations, GDPR,

increase the role of consent in data protection

Fundamentally, TRUST is a consent mechanism. It is about giving users a choice about how (and whether) their data is collected and processed.Consent is often criticised as “annoying users” or being a good idea in theory, but unworkable in practice.

So – Why build a consent platform?Broadly, consent is the process of being open and transparent – in a way that's understandable to users – and then giving them a choice. We can't deny that many existing consent mechanisms – privacy policies or the dreaded “cookie boxes” - are ineffective (or worse), but consent in a broader sense is the only way to put users at the centre of their digital world.

Less philosophically, consent is the mechanism that EU data protection policy – in particular the new data protection regulations – is coming to rely on. Consent is what we have to work with, and we all have an interest in making sure that it works in the interests of consumers (protecting their privacy) and businesses (reassuring users, and unlocking data that suspicious or distrustful consumers simply won't share)

Consent as Interaction● Consent is an interaction

problem ● Goal: Propose something to

user, so that they understand it and its implications, then give them a choice

● Today: “Notice and Consent” (privacy policies, cookie notices)

● Future: Negotiation, agents, “just-in-time” decisions, implicit consent

Consent is, foremost, an interaction problem. It necessarily involves two (or more) parties, reaching a common understanding and then choosing to continue.

Today, consent is commonly sought through privacy policies, terms and conditions or “cookie boxes”. We all know these are broken, and give consent only in the most meaningless legal sense.

In the future, though, we might see consent decisions being automated by personal agents, made at a more granular level, “just-in-time” (“you've just taken your first photograph, may we access it?”) and involving aspects of negotiation, where a user can choose what to agree to, not just whether or not to agree at all.

Consent as Interaction (2)● Challenges

– 1) Relevance: How do we know what part of processing or collection users will care about?

– 2) Intelligibility: How do we make a proposition understandable, so that relevance is clear?

– 3) Attention: Getting a user's attention is bothersome for the user. Leads to habituation.

There are currently some challenges around consent interactions. At the moment, its often hard for users to understand the relevance of a particular proposition (“What have cookies got to do with me?”) or even to understand what's being proposed (“What is a cookie, anyway?”). User attention is also a challenge. Gaining attention for decisions that are irrelevant or unintelligible quickly leads to “decision fatigue”, where users stop thinking and blindly click “I accept”. Gaining attention for any purpose is bothersome to the user – User attention needs to be rationed, and needs to be worthwhile.Tackling these challenges will require, by the whole industry, a large degree of innovation. The consent mechanisms we use in five years time will not be the same as today, nor the same as the one's we're using in ten years time.

TRUST is interaction-agnostic, we expect different services to use different forms of interaction and, over-time, different types of interaction be introduced or deprecated – Some services might be best suited to a slider, others might offer to accept monetary payment in lieu of advertising, or integrate with the consent agent on a user's smartphone instead of asking the user directly.

TRUST API ArchitectureElement Source Data Point

User Reference User Db

Privacy rating Trust setting (slider)

Trust Categorisation Score

Questionnaire captures and gives each user a nominal score.

Preferences slider rating based on the slider position - 1,2,3,4 reflecting the level of access an app has on a user.

Categories From questionnaire - series of 4 digit numbers.

Location Phone and/or Network

Trust DB - Stores Users credentials & preferences

Element Data Source

user ID User email

Access Token OAuth 2.0 token ID (device)

social media profile users social media (API integration)

User DB - generates TRUST Token

Trust Token from User DB

TRUST API Call handler

TRUST API Call

Trust profile on TRUST DB

Users App sets TRUST in App/Device

TRUST API Token for App installed

User Device

KnowNow Cloud

Container

API Architecture Breakdown

Each user sits in their own container

User Catalog of where their data is stored

User logon Credentials (email)

inbound request

with user Trust

setting applied

3rd party app

FB

TwitterGoogle

LinkedIn

Depending on the user Trust setting - certain information is returned

Each user has their own dashboard ‘MY TRUST’

data & token for that request returned to requesting app

Outbound Token applied for that session

My TRUST app

API

Consent Artefact

Party IDs Date/Time Data Inventory Processing Description

Expiry Provenance [ History ]

● Persistent record of an interaction ● For both parties ● For technical and regulatory purposes ● As part of the trust mechanism

Consent Artefact

What really matters, from a business perspective, is the result of the consent interaction.

In the abstract: Was that interaction good enough to give us reasonable assurance that the consumer understood the choice we gave them?

In a pragmatic sense: Did we fulfil the regulatory requirements around consent, and if we're challenged can we prove it?

A consent artefact – some record of a consent interaction – provides a means to do this. It acts as a record of a consent interaction and encapsulates the important aspects of that interaction as an audit tool for business and regulators, a reflective tool for consumers who want a record of what they've agreed to, and, in TRUST, a token that can be used to gain access to data via the API itself.

Consent Artefact (2)

● Party IDs − Who asked, who consented?

● Date/Time − When was this artefact created?

● Data Inventory − What data (or data sources) does the consent cover?

● Processing Description − What's the purpose of data processing, and what will

happen?

The consent artefact encapsualtes, at least:

Party Ids – The parties who reached the agreement. Typically a user and a service provider. Ideally, this includes a way for each party to reach the other. In a closed system like TRUST, that's probably via a User ID?

The Date/Time that the agreement was reached, for audit and reference purposes.

Data Inventory – A list of the data items that the user has granted access to. Not something that the law usually requires, but necessary from a technical point of view in order to do access control in the API.

Processing description – A representation of what processing purposes have been consented to. Purpose features heavily in data protection regulation, and is important to users when making decisions. Processing data to deliver better suggestions is different to processing data to calculate an insurance premium. Users might want only one, even if the actual data being used is the same.

Consent Artefact (3)

● Expiry − Is there a time limit on this consent?

– (Potentially re-consent at that time)

● Provenance − What type of interaction was used to generate this

consent? − Interactions are potentially modular, some may be found

inadequate later on

● History − Does this artefact extend, or replace, previous artefacts?

Expiry – Consent might expire in anything from a few hours (when I leave a connected high street) to a few years (when I finish a degree). At that point, it might be discarded, or one party might invite the other to renew the consent.

Provenance – Given that the state of the art in consent interactions will change, and we'll probably realise that some interactions just didn't reach the regulatory requirements, we'll need to know how a particular consent artefact was generated. Did the user tick a box, did their agent do it for them, was there any negotiation involved? Ideally, provenance will be rich enough t allow an interaction to be recreated.

History – In some instances, a consent artefact might refer to other artefacts that precede it. Perhaps as a result of a renewal, a renegotiation, or even a revocation by one of the parties.

My Trust Dashboard

MY TRUST

Profile & Settings & Preferences

Who has used my data

How much have I gained ?

What benefits has the service provider obtained from my data?

Today This week Month

Citizen Focus Next Steps

TRUST API as a project in the the EU Smart Cities - Citizen Focus - Priority 2 - “Citizen Centric Approach to Data” • Options on how the cluster can help:

– Interested developers or app’s that mandate use of a privacy data throttle.

– Legislation – Funding – IoT Lab exposure - hook up our Test API to the IoT

lab. – PRIPARE introduction if appropriate - http://

pripareproject.eu

TRUST API - Next Steps

• Early Market Testing this Winter – Assistance from Uni of Southampton – Part of the UK Digital Catapults Trust & Framework

Initiative • Start the quest to secure ISO accreditation & apply

PMRM to use cases. • Secure commercial sponsorship to take TRUST API to

market. • Feedback on Citizen Focus activities • Target - Beta launch of developer kit and test TRUST

API service Winter 2015/16.

Trust Api & Standards

• Strong correlation with a Citizen Focus Objective…. – “ Consciousness of privacy and rights | Build trust for citizens

right from the start.” • Easy to understand user experience. Clear language and clear

usability/control • TRUST API uses open standards and is itself an open architecture

– PRPM - Privacy By Design methodology from Oasis – Audit-able and open service. – Exposing TRUST to the Meaningful Consent Project (led by WSI at

University of Southampton) - http://blog.meaningfulconsent.org

• TRUST API has been put forward as a test use case within the Citizen Focus work stream

Trust Api & Privacy & Data Network Correlation

• Trust API is an innovation that meets a number of requirements.

– Response to future EU legislation on giving user ultimate control of their data.

– Address concerns over tracking of how your data is used by 3rd parties

– Independent, standards based API – TRUST does not hold any user data acts as a directory/

catalog and a gateway. – Dashboard app (which could be surfaced via 3rd parties).

• TRUST API is putting empowerment of personal data and consent back with citizens.

The Team● Richard Gomer • Richard is a researcher at the

University of Southampton, where he works on value-centric technology design, in particular online privacy and consent. He is currently part of the “Meaningful Consent in the Digital Economy” project, which is studying the challenges of opportunities of consent as a means to empower digital citizens, and devising new technological and policy mechanisms to realise its potential.

• r.gomer@soton.ac.uk @richardgomer

www.kn-i.com

@knownowinfo

/knownowinfo

+knownowinfo

chris.cooper@kn-i.com 07967 275 469 @mobilitycooper

KnowNow Information are smart city IT innovators, based in Portsmouth, UK. Established in November 2013 by Chris Cooper and David Patterson (both ex-IBM).

KnowNow won the ODI/STFC Big Data prize in 2014 and have a proven new Flood Event Model based on open data. KnowNow were finalists in the 1st Cognicity Challenge in Q1 2015.

Take a Demo: http://knapp.mybluemix.net/#/tab/home To see TRUST in action. Click on Demo above. Go to the menu bar (top left 3 horizontal bars).

Trust works in conjunction with Preferences. See how when you push the slider to right or left the amount of data you have or give changes. = Privacy Data Throttle In Action

Follow @knownowinfo