Thought leaders in the privacy arena, including Microsoft’s Craig Mundie and Sandy Pentland in his book Social Physics have been arguing for some time that regulations around data privacy are inadequate and have the wrong focus. The explosive growth of data being collected (either actively by consent or passively via sensors and the Internet of Things) makes it almost impossible to legislate collection and retention requirements. Even when collection is consensual, the 300 pages of legalese that typically comes with an end user license agreement may simply confuse the consumer as to what they are consenting to. 

The focus, they argue, should not be on collection and retention but on how personal data is used, with a framework so that consumers can control under what circumstances usage is acceptable, no matter how it is collected. 

Richards and his co-author Jonathan King go one step further in their paper “Big Data Ethics”. Here they argue that even legislation will not be sufficient to handle the big data revolution.

 “More fundamentally, law alone is not enough to enshrine big data ethics in our societies. Law has limits when things are moving quickly. Legal change is often slow and in our time of rapid technological change we are all aware that our legal rules are lagging behind our technologies. Laws we impose may cause unintended consequences of their own and unduly burden the big data revolution still in its infancy” There may inevitably be a gap between active legal rules and the cutting edge technologies which are shaping our societies and ourselves”

- Big Data Ethics, Neil Richards and Jonathan King

At Guardtime we agree; being the inventors of one of those “cutting-edge technologies” that is probably not surprising.  We argue that on open-systems like the Internet the only solution to enforcing rules (whether based on legislation or ethical frameworks) is to provide a means for verification via distributed consensus.

Distributed Consensus

Two examples of distributed consensus are Bitcoin and KSI. Bitcoin provides a public “ledger” for the integrity of transactions and KSI provides a public “calendar” for the integrity of data, systems and processes.  

Mundie, in his paper proposes a solution based on meta-data tracking and (not surprisingly) Microsoft’s DRM (Digital Rights Management) system.  

But DRM (like the underlying PKI it is based on) is designed for closed systems with centralized “trusted” authorities that simply cannot scale or have a chance of being accepted in an open-community like the Internet. It's the difference between something being true because a) a majority of participants in the system agree, or b) an administrator in Redmond says so.

Applying KSI to Legal and Ethical Frameworks

You might think that Spam and Privacy abuses don’t have much in common but they both can be considered as breaches of system integrity. 

If we define system integrity as “the condition of a system wherein its mandated operational and technical parameters are within the prescribed limits” then they are the same – system integrity breaches as defined by prescribed limits, whether codified in laws, ethical frameworks or service level agreements. 

KSI in this context provides a means for public verification of activity without revealing the activity itself. In other words your activity can remain private but in the event of a dispute it is possible to verify what happened independently from every actor in the system. By implementing Guardtime’s KSI technology into the very fabric of Internet everything that happens (every digital event) can be verified by everyone. Truth is no longer based on trust but based on mathematics and widely witnessed verifiability.


We are extremely optimistic about the future of big data and its impact on society. Codification of the rules of the road can work, such as Big Data Ethics frameworks as proposed by Richards and King or country-specific legislation around usage of personal information. 

The challenge however is enforcing the rules and we argue that on open-system like the Internet it is impossible to enforce good behavior. It is possible however to provide the means for public verification for what happened when and hold abusers accountable for their actions.

To quote Victor Hugo:

Nothing is as powerful as an idea whose time has come”. 

For KSI, that time is now.