Gathering information to perform health or social research is a complex endeavour. Users are wary of sharing medical and, more generally, personal data. Furthermore, as they grow more conscious about privacy concerns (which is socially desirable) and of the value of their own sensitive data, obtaining information even for research purposes will become increasingly harder. On the other hand, as automatic data analysis and inference tools and techniques become more and more e ective, the potential value of having greater amounts of data available increases. In this paper, we present a scenario that encompasses recent technologies to create a personal data market in which users are spurred to gather and record personal information in a secure way, maintaining ownership through cryptography. The main incentives come from the fact that research actors acknowledge user data value by purchasing it: when a research actor needs users personal information, he makes a bid, to which users respond providing the information required. We explore the possibility of using a set of technologies, such as smart contracts and trusted computing, to guarantee both the information buyer about the data quality and authenticity, and the seller that the contract will be honored, even in the total absence of reciprocal trust (the parties could be unknown to each other, or even completely anonymous).
In the next future, people will have increasing opportunities of gathering information about
themselves, recording everything coming from their wearable sensors, or from sensors in the
environment that surrounds them. This is producing a sort of personal omniscient diary. For
one extreme, but not so ctional take, check the Black Mirror episode "The entire history of
your life", in which a chip interfacing directly with the nervous system is used to record all the
visual perception of the person in which it's implanted. One can think of the same pervasive
recording, only generalized and extended to accelerometric sensors, heartbeat sensors, etc. Some
remarkable examples of wearable sensors can be found in [
Currently, samples to be used for correlation purposes are mainly gathered in one of the two following ways: 1. People are asked to participate in a research, are observed, and are asked the permission to use the observation gathered. 2. Anonymized data are used.
For example, Fitabase o ers researchers a platform in which data gathered from patients
using tbit (a popular tracking personal device) is collected and can be analyzed. As of now,
482 researches have been carried out using Fitabase. The service works this way: patients
are given a tbit device (if they don't have one already), and instructions on how to connect
it to the platform. They are then asked to provide other information needed for the study
(does Fitabase collect those information?). The platform then collects everything, and o ers
the researchers tools to automatically represent and analyze the data. The more datasets
regarding a patient can be accessed, the better it is of course to investigate correlation among
factors and variables. Recently, many approaches have been explored to enable selective and
secure sharing of medical records using blockchain technology. In short, blockchains [
In Estonia [
In this paper, as depicted in Figure 1, we propose a perspective scenario in which users have market incentives to gather as much information as possible, keeping ownership (not only legal) of it, and selectively disclosing it to research entities, in change of some bene ts (e.g., money). In particular, we give an overview of a possible approach for implementing a personal data marketplace based on the blockchain technology and analyse the current status of the related technologies, while we leave the de nition of a complete proposal for future work. 2
The rst element considered is data gathering and storage. Currently, data produced by sensors, whether personal, wearable, environmental or whatever, are transmitted by the hardware and stored locally on the device, on personal storage (e.g. pc hard disk), or sent in the cloud (eg: google maps). For instance, Fitbit bu ers data locally, and requires syncing with a cloud warehouse when the bu er is full. The syncing exploits user's smartphone or pc as a gateway. Even though the communication with the PC/phone via bluetooth is encrypted, data on the server seems to be not. This means that the user doesn't have exclusive access to the data. In our scenario, all the information from the devices (and applications) is encrypted with a key that is known only by the user. Ideally, the information is encrypted since its gathering, on the device hardware, and then stored, on personal storage devices, or in the cloud. This only
requires standard cryptography. Possibly, the information can be notarized on a blockchain for timestamp and/or subsequent veri cation of ownership. Every user then securely records all of her life this way. Now let's imagine that a research entity wants to investigate the correlation between "amount" of running and blood pressure trends in users. What they need is to have, for as many users as possible: 1. info from a tracker such as tbit. 2. blood pressure measurements, at a sampling rate above a certain threshold (say once a week).
Currently, such a research entity would ask users to enroll in a platform such as Fitabase, and to provide blood pressure information. Users, on the other hand, have no incentive whatsoever in doing so, other than the ethical urge to help in a research. Moreover, they could be reluctant to give away sensitive information such as complete records of their position, or detailed heart rate recordings.
Now an alternative way, core in the perspective we're imagining, would be for the research institution to buy the data from users. Moreover, since they probably don't need all the track details, and the users aren't willing to disclose them completely, they could ask for a subset, or a function of the complete information (such as, for instance, the average heart rate over periods of 10 minutes, devoid of localization information). The possibility to monetize this information would of course create an incentive for users to record more and more information. This in turn creates a problem: how can the research institute be sure that the user didn't provide fake information (for instance, that he generated fake tracks or blood pressure measurements?). The answer could be a technology that is called zero knowledge proofs. Zero knowledge proof is a set of techniques that allow to generate a mathematically convincing proof, with arbitrary con dence, of facts such as: this set of values a1, a2, ... has been obtained by decrypting this data D, and then averaging windows of 200 values. Crucially, the proof doesn't need to reveal the key! In this way, the researcher could be sure about one feature of the data (namely, that they are the average of a set D, owned by the user).
But how it is possible to trust that data D has been indeed gathered by a Fitbit during user's exercise, and not generated synthetically? This could be guaranteed with the set of techniques of the so called "trusted computing". The tracker could be equipped with a trusted processor, that would in turn guarantee that a certain data set D was generated by a trusted tracker, with a given software, by signing it with a key embedded in its hardware. Combining zero knowledge proof and trusted computing, a user could provide a proof that a set of data is indeed the average of his heart beat, as measured by a trusted device.
Next problem to consider is how the user can guarantee that his blood pressure readings are "real". To this aim, pharmacies could provide a service in which they read pressure and produce a (digitally) signed certi cate of the reading. The certi cate would contain the reading, the time, and a proof of the user identity. He will then be able to attach it to the tracker data, again in a certi able manner.
The nal issue regards how the user can be sure that he will be paid, once he provides his certi ed data. This doubt can have varying importance, according to the credibility and reputation of the research institution. One desirable feature (since everyone would gain from that) would be to minimize reputation requirements for the data buyers. This can be achieved by using smart contracts : the research entity deploys a smart contract that guarantees, upon execution, that whenever data with some certi ed feratures (that it was generated by a trusted tracker by averaging values, that the pressure readings are certi ed and belong to the same user, etc) will be provided, the owner of the data will be paid a certain amount of (digital) money.
This mechanism could create a data market where: 1. users will be encouraged, through actual economic incentives, to record everything about their lives, and to retain ownership of the gathered data; 2. the amount of potentially valuable data will increase in size and pervasiveness; 3. research institutions will be able to obtain required certi ed data by paying them to users. 3
In this section we analyze the state of the mentioned technologies and their availability, both technically (e.g., are they computationally feasible?) and "commercially" (is there an o the shelf implementation that can be used right now?). 3.1
Zero knowledge proofs are mathematical/logical tools that allow to provide evidence of the
truth of a statement, without giving any other information. To make an example, suppose
that Bob knows the solution to a complex sudoku puzzle. Through zero knowledge proofs, it is
possible for Bob to convince Alice that he indeed knows a solution, without revealing anything
about it. Moreover, Alice won't be able to "highjack" the proof and convince anyone else that
she knows a solution. Zero knowledge proofs were rst introduced, as a theoretical possibility,
by Micali et al. [
(Embedded) Trusted computing
The term trusted computing includes a set of technologies that aim at making it possible to
guarantee that a digital system is behaving in expected ways. The technology is being de ned
and proposed by the Trusted Computing Group, an association comprising AMD,
HewlettPackard, IBM, Intel and Microsoft. The technology is articulated into several key concepts:
Endorsement key, Secure input and output, Memory curtaining / protected execution, Sealed
storage, Remote attestation, Trusted Third Party (TTP) [
Endorsement Key is the private component of a public/private couple key that is generated at the time of device production, and that is embedded into the hardware (and nowhere else), while the public part is (guess!) made public. In this way, it is possible to produce commands that only the device can decipher and, most relevant for the problem at hand, it is possible for the device to sign data in a way that cannot be faked (i.e., it is not possible to run a program that fakes a running session on a PC, since it could not sign it). If this was embedded in the sensors, they would be able to generate provably original data series.
Memory curtaining refers to protection mechanisms that make parts of the memory inaccessible from the outside, and even to part of the running software. In particular, encryption keys shouldn't be readable even by the operating system. In our scenario, this would mean not being able to extract the private key and then forging fake tracking data.
Remote attestation refers to the fact that the device can produce a certi cate of the particular hardware and software it is currently running. In our scenario, this would prevent malicious users to substitute the software/ rmware of the device, with the aim for instance of making it generate fake data instead of gathering it from the sensors.
All these technologies are currently implemented and shipped on almost all PC
computational platforms (Intel, AMD), and are also available on some mobile/embedded hardware
platform, such as ARM processors [
Smart contracts are protocols that aim at automating enforcement of agreements among
parties. The most remarkable thing about smart contracts is that they are programs, and that
their execution doesn't require any trusted intermediary, but is guaranteed by a decentralized
system, such as a blockchain. They were rst introduced by Nick Szabo, who de ned them `a
computerized transaction protocol that executes the terms of a contract ' [
In this paper we proposed a scenario in which users are encouraged to gather, store, and conserve ownership of personal data, due to incentives coming from a market in which they can valorize them by selling selectively (and securely) disclosed information to actors that can exploit them with research aims. We showed how it could be possible, using technology that is either consolidated or under heavy development, to build reciprocal guarantees between sellers and buyers of information (such as data genuinity and integrity, contract execution) without any a priori trust requirements (in an extreme situation, both users and information buyers could remain anonymous).
The mechanism proposed could potentially have a deep impact on the design of clinical and social research, both quantitatively (much more information could be available) and qualitatively (users would retain full ownership of their data, and could valorize it monetarily. Almost all of the technologies are in a developmental stage that would allow to implement the features considered. The only critical ones are non interactive zero knowledge proofs, since e orts to reduce the computational burden needed to forge proofs are the focus of intense current research. Future planned work concerns the theoretical analysis and simulation of the potential market, and the implementation of a full-stack prototype.