I came up with an idea for taking control of your personal information. I called it Project Shhh. A lot of thought went into that title.

Objective: Reduce the amount of personal information that is automatically collected via purchases, social media, banking, health records, birth records, marriage records, and military service.

Deliverables: A service to create audited smart contracts by which personal information is hashed and can be shared via an information wallet and recorded on a personal blockchain.

Scope: The smart contracts allow the information owner to provide their personal information with another entity via their personal blockchain. Each bit of personal information would be hashed and have public and private keys and each transaction would be recorded on the blockchain. The information owner can also monetize their personal information via smart contract requiring payment by the requestor. This would disincentivize the bulk collection/ request of personal data. The use of zero knowledge proofs would provide verification of the data while preventing the need for actual transfer of information. The wallet will have options for two and three factor authentication depending on the hardware platform.

Development would focus on the following areas for each phase:

Phase 1: PII (SSAN, DOB, etc)

Phase 2: birth, health, death, military records

Phase 3: social media, purchases, banking

Testing phases correspond to development phases with 60 days for Phases 1 and 2 and 90 days for Phase 3. Again these estimates occur AFTER the development phases.

Initial delivery estimates are: Phase 1: 9 months from start, Phase 2: 13 months from start and Phase 3: two years from start.

Risk Assessment:

  • Threat: Unwillingness of information requestors to cooperate
  • Likelihood of occurrence (H=3, M=2, L=1): High (3)
  • Mitigation Strategy: Gain cooperation of organizations who regularly seek personal information and develop a trusted partner identification hash
  • Mitigation Assessment (Full ÷3, Partial ÷2 or None ÷1): Partial
  • Risk (H, M, L): Med-High
  • Threat: Current US Laws/ Policies/ Regulations prevent acceptance
  • Likelihood of occurrence (H=3, M=2, L=1): High (3)
  • Mitigation Strategy: Gain cooperation of organizations who regularly seek personal information and develop a trusted partner identification hash and petition Congress to modify US laws, policies and regulations
  • Mitigation Assessment (Full ÷3, Partial ÷2 or None ÷1): None
  • Risk (H, M, L): High

Constraints:

Access to developers who can code smart contracts and zero knowledge proofs.

External Dependencies:

Development can occur without the coordination with outside organizations. Adoption, however, will require significant changesfor the project to be successful.

Communications Strategy:

A mix of white paper (business and technical), web site, videos, infographics distributed across various platforms.

Anyone interested in working on a project like this should contact Jason Buster.

 

Leave a Reply