A Global Exchange For Personal Data

Can SWIFT, the global financial services provider, succeed in doing what Microsoft and other tech titans famously failed to achieve? It is exploring an initiative that could provoke a sea change on the Internet that is so significant and so widespread in scope that the digerati say it could mirror the shift from mainframes to the personal computer.

The Society for Worldwide Interbank Financial Telecommunications (SWIFT), a global organization that handles financial transactions such as wire transfers for more than 9,000 banks, is preparing an expansion into data banking – helping to secure all types of digital transactions. Such a move would allow banks and a whole chain of other actors to play a key role in securing and disseminating personal data, a service that Microsoft tried to introduce ten years ago and that other big tech companies, such as Intel, Sun, Oracle and AOL, attempted to develop through a group called The Liberty Alliance.

“This innovation will bring bank-grade identity, privacy and security to the global exchange of any digital asset between any parties,” says Kosta Peric, head of Innotribe, the innovation arm of  SWIFT.  SWIFT’s project, called the Digital Asset Grid, or DAG for short, “is one of the major innovation initiatives ahead,” he says.

Since 1973, SWIFT has provided a shared worldwide data processing and communication link for the world’s banks, using a common language for international financial transactions. It does not hold funds, manage accounts on behalf of customers, or store financial information on an ongoing basis. Its main function is to be a carrier of messages. But SWIFT is increasingly taking on the role of a catalyst to bring the financial community together to innovate and work collaboratively.

Drummond Reed, one of a number of Silicon Valley digital identity thought leaders recruited by SWIFT as advisors on this project, says the digital access grid has the potential to become “an eBay for the entire planet,” democratizing the value of user-generated data.

Data is becoming a new type of raw material that’s on par with capital and labor, according to a 2011 World Economic Forum report entitled “Personal Data: The Emergence of a New Asset Class.” A handful of the largest Internet companies, such as Google and Facebook, are reaping most of the profits from collecting, aggregating, analyzing and monetizing personal data. But consumers have no control over and little knowledge of what is being done with their data.

Hence the birth of a movement which seeks to put the control and dissemination of personal data back in the hands of the individual. (See interview with European Commission Vice-President Viviane Reding, page 5). Going forward, a person’s data would be equivalent to their money, says the WEF report. It would reside in an account where it would be controlled, traded and accounted for just as personal banking services operate today. The services would be interoperable so that the data could be exchanged with other institutions and individuals globally. Users could potentially start to leverage their data the same way money is leveraged for credit.

But, the WEF report specifies, “an essential requirement would be for the services to operate over a technical and legal infrastructure that is highly trusted.” That is where SWIFT comes in. It is a neutral organization and already operates a secure global network with an established legal framework, placing it in a pole position to help facilitate access to the kind of secure personal data services first envisioned a decade ago.

“SWIFT has a closed, old, but nonetheless highly reliable and secure network for interchange of money between the banks – the vision is that you could take that underlying infrastructure and make it more open and more interchangeable and make it work between any entity,” says Craig Burton, a founding member of networking giant Novell and advisor to SWIFT on digital identity. “This is so big and so significant in scope that to speculate on what it might look like would be premature.”

Peter Vander Auwera, the SWIFT innovation leader who is driving DAG, has gathered an impressive list of experts to help think through potential approaches. They include Burton; Silicon Valley seer Doc Searls, co-author of the ClueTrain Manifesto and instigator of the Vendor Relationship Management (VRM) Initiative at the Berkman Center for Internet & Society at Harvard University; Scott Davis, a partner at K & L Gates LLP law firm and a well-known authority on legal frameworks that safeguard personal data; veteran Silicon Valley technologist Mary Hodder; and Reed, an Internet entrepreneur in identity, personal data, and trust frameworks who most recently founded Connect.me, a service that allows people to use social networks to build their own personal trust networks.

Together, the team is helping SWIFT identity the technologies, legal framework and business models needed to underpin a global digital identity exchange.

The World Economic Forum, which is once again planning high-level meetings on the subject at its annual gathering in Davos January 25 to 29, is currently tackling the same issues and is preparing a new report on the topic. Among other things its report will look new applications in marketing, healthcare and financial services that will require a global system for the secure exchange of personal data.

Earlier efforts to create global systems have failed. “The number one reason that Microsoft’s Passport and Hailstorm were dead on arrival was not the technology — it was the business model. People could not accept Microsoft as the toll booth for the whole Internet,” says Connect.me’s Reed. Ditto for the Liberty Alliance. An oligarchy of commercial companies was not viewed as being more trustworthy than one controlled by a sole entity, he says.

“What the digital identity business lacks is a trusted exchange on the Internet,” says Reed.

But trust is not enough. There is a need for a business model that works for everyone and is transparent to everyone. Banks and other actors, such as telcos and social networks, could offer consumers secure storage lockers for their data. Banks could use the same rule sets to do the accounting, auditing, monitoring and enforcement of personal data accounts.

However, what’s envisioned goes far beyond that, involving not just banks and consumers but all sorts of merchants, government agencies and organizations.

Say a consumer wants to buy a car. Today she could only use the SWIFT network to send the payment.  But what if she decided to let it be known that she is prospecting to buy a car and SWIFT points at her on the digital asset grid.  Various dealers and insurance companies could pitch her in real time. All of the information needed to fill out the paperwork involved in the buying, insuring and registering of the car would already be stored digitally and released, in a secure fashion, to the relevant parties.  Authorization to share pertinent personal data with third-party warranty services and perhaps the federal transportation authority, in case the model purchased is ever recalled, could also be easily arranged.

Such services could be built using the type of VRM tools advocated by DAG advisory board member Searls. VRM tools aim to provide customers with independence from vendors and better way of engaging with them. The same tools could also support individuals' relationships with schools, churches, government entities and other kinds of organizations. 

A digital trust framework, a set of legal and technical rules by which members of a network agree to operate in order to achieve trust online, is also necessary if banks are going to expand their businesses from financial to personal data, says lawyer David, a member of the DAG advisory team.

David is the chief legal architect of The Respect Trust Framework, which is being billed as the first personal trust framework designed to give individuals control over the sharing of their personal data on the Internet, mobile phone networks, social networks and other online forums.

The framework will serve as the foundation for Connect.me, a social discovery network founded by DAG advisory committee member Reed that works across popular social networks such as Facebook, Twitter and LinkedIn. Connect.Me enables people to build their own personal trust networks by vouching for the people they respect most in context. Think of it as a peer-to-peer reputation system (see illustration on page 4).

“The genius of eBay was its invention of a quick, easy and cheap reputation status,” says Reed. “Connect.me is doing this but not in one silo.” Connect.me plans to make money by connecting companies to relevant customers. It will offer a cut of the “relationship fees” it collects to the consumers.

 Connect.me and other services connected to DAG will help spread the wealth around, says Reed, “democratizing the value of user-generated data for the whole Net” instead of for just a few Silicon Valley players.

DAG will also help transform the Web from a place where people go to visit sites to one that knows what we are doing and uses that information to help automate what we want to accomplish.

Such a transformation would not take long, says Reed. “Our contention is that if SWIFT is ready and the banks are willing, building the digital asset grid can be done as fast as you can build a Twitter,” he says.

SWIFT is taking a “garage start-up” approach to the project, with a dedicated team working in their own space, and expects to have a prototype working by March, says Vander Auwera, the SWIFT innovation leader spearheading DAG. But, he cautions, “this is not some little start-up. We are talking a worldwide infrastructure play that has to be predictable and resilient. I am not expecting it to go fully live for about five years.”