Privacy Chain Update

From IIW

Privacy Chain Update

Wednesday 9C

Convener(s): Wendell Baker

Notes-taker(s): Wendell Baker

Tags for the session - technology discussed/ideas considered:

IAB, PrivacyChain, Hyperledger Fabric

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

1.Notes provided by Wendell Baker:


2. Notes provided by Scott Mace:

Wendell Baker, Distinguished Architect, Targeting & Identity, Verizon Media

IAB PrivacyChain - IIW29 2019-10-02

Lessons, 2018-2019

Pilots, 2019 & 2020

IAB Blockchain Working Group

Gave talk at Data Responsibility Data, organized by the IAB. To explain advertising has a privacy problem. Laws and societal expectations and most importantly the browsers will change how tech underpinnings will work. PrivacyChain first talked about here last fall. IAB Blockchain WG, I took over that standard specification and stewarded it to where it is today.

I had 20 minutes, carefully scripted. A lot of things have been summarized here. Marketers are not too technical. I acknowledged those who had come before and started the project. Any time you get blockchain, it’s not entirely clear what it does.

Lessons learned, in the world this thing lives in, they do open source, but usually at spec level, more rarely in light Javascript. Rare to have this group develop actual running code and systems. I had to explain to that room how open source works.

History and participation.

2018-10 – First proof of concept. Acxiom, now broke into three pieces. One of the successors is LiveRamp. Joe Shai is here at the conference.

Time passes.

201901 – I assembled a group of others. Didomi, LiveRamp, Sabio Mobile, Viacom, Verizon Media.

We have one of these things at Verizon Media. It’s a consent manager. It’s interesting if you can get multiple companies to operate these things as a shared resources. Regulators are practicing. PrivacyChain would have a consent record, a logged chain of these things in the database.

More practically, what these consent manager do:

Who can consent, how are they named?

To whom (what) is consent given, how are they named?

For which operations is control granted, how are they named?

In reality you are giving consent to other machines. This thing is building a control channel so you can decide what these machines can do at you, for you.

Need a lexicon.

An IAB standard called DigiTrust. Controversial. Idea is how a principal in business names somebody else is actually an act of ownership. This is not amenable to business practices where you are buying and selling audiences. If we have different ways of naming that, better to work with someone else than with someone who will go to sell the same audience at a different price.

In terms of how the ad trade worries about identity, they’re quite happy with the cookie-syncing model. It aligns very well with commercial practice. Even though it has many technical problems. But these are businesses who want to control their business over time. How we name the who is quite political within the ad trade.

I can take this in the direction of DIDs and SSI. We think at Verizon that’s the way to go.

Q: DigiTrust is an ID created by the publishers?

It is an ID owned by the IAB. Can look it up on GitHub. Mild business terms for the trade to get involved in the consortium. It’s a universal ID.

Q: End user gets a unique ID?

Almost. Every browser. Naming of persons behind the browser is an even more controversial act. Large publishers like Yahoo lets them know who are. We prefer that. But 50% of our business, and 100% of others’ business, is as a third party. The new controversial thing here is how do we name persons or devices. DIDs and SSI require some explanation. New is not necessarily good in advertising where you want reach and known technology to work with.

Next two are names of companies and activities. Two public standards.

…see slide

Priniciples, vision and concept.

People consenting to machines. Has to be simple enough for machines to process it.

Persons control Machines as a consent statement (who, what, which)

PrivacyChain is a control channel in the modern media environment.

PrivacyChain is “always-on” and “everywhere available”

Has distributed operation “like infrastructure” “like a utility” “like DNS”

Has auditability.

The cable industry has standardized on this thing called TV Everywhere. You have to log into this thing and prove you pay a cable bill somewhere.

If you are out of town, you will have to give your cable address and cable bill number.

That’s the sense of everywhere.

More practical – The simplified MVP

A back office service.

Expect a few separate deployments “as a service”

The service offers Consent Management Platform (CMP) recordkeeping.

I’m using Hyperledger Fabric 1.4. Could swap out for other storage, even local storage.

Standard Hyperledger Fabric, sets up the transaction. A permissioned system. There’s a PKI system, all the connections are over TLS, connections can mutually authenticate.

Q: Is the data considered public?

Yes. Somewhat of a controversial point. Security in big numbers would keep bad actors from knowing who had consented to what.

The piece I added here was clarifying north and south side. Simple CRUD operations on your consent on one side. Consumers won’t go update their consent a lot. Not that intricate.

Q: What’s being verified on the blockchain?

Smart contract is a stored procedure. The chain code has 4 operations - get, set, history and revoke. At this level, there’s no smartness to the contract.

Four tracks of development. An open source project. A lot of this is finding and structuring ways other companies can come in and contribute but fits with the overall project. Hyperledger projects like Indy and Aries have a couple years’ track record and lots of funding. Here, individuals can come in and contribute various ways.

What we’ve uncovered in a year: databases break. Usually means an employee and a paycheck. We are formalizing what that looks like. May take the shape of a legal entity. Looks like a lot of work. So we are not rushing into that.

Everything is owned by some thing. Requires some sort of operating vehicle. Right now I’m making the technology worthy of being staffed.

Lessons learned, 2018-2019

Product requires constant evolution, from laws, business, technology, etc.

Engineering in the open source mode is not standards development

The distributed ledger technologies are very new

If infrastructure operations is hard, distributed operation is harder

A business model is an important component of product

While the society has a conversation of what is consent, at least we will have a reference implementation

Say showing a page costs so much. What percentage of revenue could this service acquire

Q: Price paid to CMP today?

No one knows.

I took the original proof of concept. This is not about privacy and blockchain. The brand name is wrong.

Going to leave PrivacyChain for a while, but one can imagine it will be rebranded.

On, look for state space, the southbound side speaking into hyperledger fabric and other related projects that speak to the northbound side. What we will be doing over the next year is assemble it into modern container delivery, and an operating implementation. Some with HL fabric and others with exotic databases to prove scalability. A range of back ends are envisioned.

Invitation to participate

IAB Blockchain WG is actively seeking participation around:

  • Product fit and function defines the future evolution of the specification
  • Consortium operators coordinate the business side; consortium operators hand the “on call” nature of the service
  • Software engineering for web-friendly north-facing APIs; software engineering for distributed ledger south-facing APIs
  • Database operations for the distributed ledger technologies

Reason why you wouldn’t ask for consent – such as digital media rights that trump all consumer rights

How receptive is the industry? There is a spectrum. There are people in the third-party business still exiting denial, moving on to bargaining. No one likes it when your business changes beneath you, and this is a really good change.

Different companies have different appetites about where they want to be on this. Some comprehend DIDs, some not.

Cookies are being changed in the next 200-300 days. Going away.

Go read, Apple announced what they will be denying. Mozilla blog post is a year older. Firefox already launched. Chrome has announced, a blog post there, third-party cookies will be different. The cookies will not appear.

My shop refactoring a lot of ways we do things. Including our “fake third parties” – HuffPo, AOL, etc.

Google third-party sets. A small number of first parties can announce they are friendly with each other. Size of that set, when it will be in Chrome is unspecified. Could be a solution, no commitment to it.

You can be a first-party cookie or a third-party cookie but they won’t mix.

At some point, ad tech can’t trust the browser anymore.

George Fletcher is talking about it now.