Phone with social media icons - instagram, facebook, and twitter.

A Human Rights Approach to Personal Information Technology

By Adrian Gropper

As we inexorably digitize everyday life, for-profit “Big Tech” cannot be trusted to serve the individual or society.

Personal information must not be locked-in to a commercial tech “platform,” such as Facebook or a branded for-profit entity.

Personal information infrastructure must be treated the same way we treat infrastructure for clean water — as a fundamental human right. Two decades of privatized corporate control over personal information technology in the form of social networks and targeted advertising is evidence that market-based information services for social interaction and free speech can no longer be treated as a discretionary. Private interests are certainly welcome, but the foundational distribution system must be seen as a “commons” accessible to all for the good of all.

The foundational commons for personal information technology should not be sector-specific to health, education, and / or social networking. The three universal components of the personal information commons are:

  1. Identity and authentication (signing-in and signing documents)
  2. Requests for information (forms, searches, conversations)
  3. Stored results (labs, prescriptions, social contacts, transactions)

Existing trans-national platforms like Facebook, Twitter, YouTube (Google), and the AppStore (Apple, Google) essentially give away components 1 and 2 in order to obtain component 3. Component 3 is the only aspect they can monetize, and they are willing to compromise privacy and ethical considerations in order to maintain profitability.

Trustee® technology demonstrates a decentralized, community-based alternative to these existing platforms in the context of health and medicine. This open source demonstration is being created by volunteers and physician-advocates, including myself, in collaboration with Patient Privacy Rights Foundation.

To understand how this technology works and its value, consider the example of Alice.

Alice is 38 years old with young children and newly diagnosed with cancer. With state-of -the-art care, the survival rate is 70%. To beat dismal odds, Alice has decided to: find a community of patients with the same cancer, consider three or more opinions and pick a primary specialist, consider available clinical trials, make decisions about changes in therapy every few months, and private-pay for genomic tests and consultations which may not be covered by her insurance. Navigating these decisions cost-effectively, conveniently, and with peace-of-mind is all but impossible with the fragmented, privatized, and business-centered personal information technology of today.

Alice can’t be expected to make all of the decisions by herself and Alice’s consultants should not be subject to conflict of interest. By design and by default, Alice should have a choice of resources for every category of decision and her consultants should have cost-effective access to the personal information Alice chooses to share.

In a decentralized design, each of the three separate components should be as convenient as they are when combined by the existing platforms, without lock-in or lack of transparency.

  1. Identity and authentication (signing-in and signing documents)

Sign-in should be handled by the wallet Alice prefers. Her wallet might also support cryptocurrency for privacy as in Sign In With Ethereum. A wallet secured with a face or other biometric adds speed and security to the authentication step. This allows Alice to directly interact with the resources she needs without third-party (e.g., hospital or EHR vendor) intervention or surveillance.

  1. Requests for information (forms, searches, conversations)

Alice can delegate permission to access her personal information to the agent or consultant of her choice. The agent can be informal, such as a spouse or caregiver, or legally bound as a fiduciary, such as a doctor. Either way, the ability to freely choose one’s partner or licensed fiduciary is a core human right. This puts the choice in Alice’s hands as to whether to interact directly or to delegate. She may choose to invite a caregiver, medical professional, accountant or other independent expert without third-party involvement or surveillance.

  1. Stored results (labs, prescriptions, social contacts, transactions)

Storage of decisions and outcomes is also decentralized instead of being locked-in to the platform. In the Trustee decentralized alternative, the storage location is chosen by Alice independent of her wallet or her agent(s), if any. Thus her medical information resides at its source (lab, imaging center, physician’s prescription) or at a location that she chooses and controls, such as the Apple health record (which, to be clear, is not visible or accessible to Apple). The privacy benefit is immense as there is no surveillance platform collecting data to be monetized.

Decentralized solutions like Trustee are the cost-effective, convenient, and human rights-preserving option for personal information technology.

Trustee and other projects such as Bitcoin that disrupt deeply entrenched and politically powerful infrastructure, are difficult to fund. This is even more difficult when a project like Trustee seeks to shift from a market-based to a human rights or entitlement economic model. Difficulty in financing the decentralized future is an unfortunate side-effect of separating the personal information components that are bundled by existing platforms into three separate assorted componentsThe dominant platforms maintain their hegemony by lobbying regulators to influence the technical standards essential to decentralization in the direction that can support platform lock-in. For example, when faced with regulatory action, major platforms have promoted standards for personal “data portability,” from one platform to a competitor platform rather than suffer a breakup into separate business lines. While money also pours into novel platforms that appear to be decentralized, they nevertheless create the vendor lock-in essential to satisfying investors (e.g., NFTs). Cooperatives, such as credit unions or electric utilities, are 20th century examples of decentralized finance. More recently, Decentralized Autonomous Organizations (DAOs) are experimenting with public “smart [management] contracts” as financing alternatives to platform economics.

Decentralized cooperative finance enables more diverse and resilient alternatives to corporate or government control of our essential infrastructure.

In conclusion, human rights support the separation of one’s choice of authentication, authorization, and storage technology. This allows Alice to separately choose an identity to sign-in, an agent to process requests, and a storage location to preserve the outcome. This avoids vendor lock-in to corporate or government interests. Standards are essential to the separation, and regulation may be needed in cases where private interests drive standards and practices away from a human rights design. Many current technical initiatives are “false flag” operations under jargon such as Self Sovereign Identity or Web3. As we move to digital everything and the metaverse, whether these initiatives are privately or government financed, their design must be protective of Alice’s human rights… and ours.

Adrian Gropper

Adrian Gropper, MD, is the CTO of Patient Privacy Rights, a national organization representing 10.3 million patients and among the foremost open data advocates in the country.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.