PERSONAL PROFILES TO PROTECT PRIVACY, SMART CONTRACTS & LOYAL AI

March 29, 2018

G. Wark

Summary

 

This proposal recommends protecting personal privacy by entrenching the concept of a registered, protected personal profile into our legal and ethical system. It then discusses using smart contract to protect those profiles, while facilitating trade, transactions and social interactions. Finally, it suggests a new paradigm of ‘loyal AI’ in which each individual can use their own personal AI tools to manage their profile data and help maintain person power in a technology dominated world.

 

Values, principles and themes

 

Two important values are the need to protect each individual’s private data and the need to ensure each individual retains personal power in society through the ownership of ‘loyal’ AI. The main principles at stake are:

  1. Personal data must be treated as private property, owned by the individual, controlled by the individual, protected by all.

  2. Individuals will need ‘loyal' AI tools. Tools that work at their private behest and beckoning, for their personal benefit.

  3. Democracy will depend on individuals retaining power over their personal information and accessing trustworthy AI tools as a counterbalance to the demands of technology that works for the benefit of all others.

 

Introduction

 

It is said that AI, neuro-marketing and ubiquitous connectivity will bring abundance for all. Even so, we need to protect the average person from the erosion of their personal power over their own lives and their influence in society.

 

Businesses and other institutions use our information to their advantage. Neuro-marketing and AI predictive technology make it easier for others to gain influence over our cognitive biases, habits and unconscious behaviours faster than we are aware. We are outpaced and overwhelmed by technology and the demands it makes on us. People cannot even keep up with all the accounts, passwords and Terms of Service contracts that they sign.

 

The challenges are grossly understated here, but they are increasing exponentially. We need to help individuals transact with businesses and institutions on an equal footing. We need to individuals to own technology designed for their benefit alone: technology that helps them stay in step with the ever-increasing demands imposed on them by others, helps protect them, and helps them interact with society. They need privately owned technology that counterbalances the demands on them by technology that is designed for the benefit of others.

 

The solution envisaged here starts with a plan to make each individual's data their protected private property. Currently, the norm is to cede our personal information and data to others. Even with government regulations, we have little real control over our information. To ensure people are able to interact with society, business and other institutions on an equal footing, we envision a system of contract-based data access that is designed to ensure that individuals control their personal data.

 

Finally, besides the societal contract system that helps manage interactions, individuals will need their own private AI and automation tools to help them pursue their own aims and interests and keep pace with the flood of demands. These tools must be loyal to the individual. That is, a loyal AI agent must only serve the needs of the individual who owns it: apart from being pro-social, it must not be predisposed to act in service of anyone but its owner. For example, a loyal AI-agent must not adulterate its loyalty to its owner through overt or covert association with a business, such as an online store.

 

This proposal first suggests protecting personal privacy by entrenching the concept of a registered, protected personal profile into our legal and ethical system. Secondly, it recommends implementing smart-contract technology, potentially supported by a system of encryption, blockchain, virtual currency, AI or other tools, to allow citizens to protect and share the contents of their profiles on their own terms, even monetizing it, if they choose. They will get the benefits that sharing data brings while ensuring their data remains their own. Thirdly, it suggests a new paradigm in which individuals own loyal AI agents to help them keep up with the flood of demand for interactions involving that data. Naturally, these AI agents will serve many purposes besides. The most important thing is that they must only work in the service of their owner.

 

Recommendation 1: Establish registered, personal profiles as a means for people to share their personal information

 

These profiles would be online data structures that are the private property of the individual. They would exist out of reach of businesses and other entities. When the data is made accessible to others it will be done using the smart contract system discussed below in such as way as to ensure that data is only shared in controlled ways, to the owner’s advantage. Examples of personal information that a profile might include:

  • Identity: Name, social insurance (social security) number

  • Addresses: physical, email, internet, phone number

  • Personal characteristics: age, gender identity, sexual orientation, physical description

  • Personal history and associations: education, work, criminal record, family, religious affiliation

  • Financial information: earnings, tax records, property, credit information, financial holdings, purchase history

  • Recreational interests and preferences: hobbies, interests, online activities, political views, product preferences

  • Personally created intellectual property: works of art, images, literature, patented or copyrighted items, analysis

  • Medical or biometric information: medical conditions, genetic information, blood type, blood and serum test results, fingerprints, DNA, heart or brain activity, blood pressure, tension, polygraph data, images of self

 

Recommendation 2: Use smart-contract technology to manage interactions involving personal profile data.

 

The smart contract system would be a public infrastructure that manages interactions with personal profiles and other data. Smart contracts are programs that perform online transactions that participating parties agree on, but which neither can unfairly control. The topic is too large for this paper. Hopefully this link will help: https://en.wikipedia.org/wiki/Smart_contract

 

The smart contract infrastructure would form the backbone of an ecosystem that supports all manner of social and commercial interactions. The social contract system and its security mechanisms could take advantage of numerous supporting technologies, such as: blockchain, virtual currency, AI, distributed storage, distributed processing and homomorphic encryption. AI algorithms would likely be in great demand to help process data and would consist both of publicly owned code managed by citizens for citizens and privately owned code, perhaps made available for a price. All algorithms and processing software would be constrained by appropriate security protocols as alluded to below.

 

First and foremost, the smart contract infrastructure would be expected to enforce a number of principles and protocols that ensure that individuals retain control of their personal profile data as they interact with people, businesses and institutions. The topmost principle would be that every contract run on the system must protect the profile owner's data for the owner.

 

Additional principles would need to be defined and the means to enforce them decided with the help of public consultation. Principals would managed be through a combination of technical protocols and legal means. Here are a few example principles and protocols that might be used to manage and protect profiles:

  • Profiles protect personal information: An individual’s personal data stored in their profiles is their private property.

  • Would-be consumers of that data may only get access through a system of smart contracts that ensure protection.

  • Individuals control the use of their profile information: The profile owner alone has general right to review, use, create, modify, destroy, loan, lease, sell and demand that users relinquish information registered in their profile.

  • Individuals have a duty to protect their data: Profile information would normally be behind a curtain of legal protection. An individual who does not make a reasonable effort to protect their data could lose that protection.

  • Servants have controlled access: Standard contracts would apply in cases where society’s authorized servants must access a citizen’s personal data. Servants would include, among others, tax agents, postal agents, police, and medical personnel. The contract system would impose reasonable constraints on access. They would only be permitted to access the information in the degree and for the time that is necessary to carry out their duty.

  • Minimally invasive access: Private institutions, businesses, employers, government and other users of a citizen’s data must employ the least invasive feasible protocols for the handling of personal data. Possible protocols include:

  • Blind access: Information can be acted upon without the actor directly seeing the information itself.

  • Don’t take it home: Data may be processed away from the consumer’s servers, so its use can be monitored.

  • Catch and release: The data consumer may only use data for only as long as required.

  • Partial obfuscation: Information that might make it possible to trace the results back to the individual might be scrambled or obfuscated in some way that would not negatively affect the usefulness of the data.

  • Exceptional scenarios:

    • Some data categories, such as an individual’s DNA sequence, may not be given away, bought or sold.

    • Some data categories, such as identity, must be truthful and may need to be certified as valid.

    • Some categories of data (such as criminal records) must be preserved as long as legal protocol requires.

 

Recommendation 3: Ensure citizens are equipped with loyal personal AI agents, attuned to the owner’s interests

 

This recommendation assumes as its model that AI automation and technology will continue to develop human-like characteristics. We consciously use terms like ‘loyal' and ‘agent' that conjure images of AI tools as autonomous entities having advanced general intelligence and human-like qualities. It is not necessary that AI technology be human-like or have highly generalized intelligence. In the near future at least, much of the AI software serving individuals may be a collection of disparate software algorithms. Still, the notion of AI loyalty presented here remains an important concept that emphasizes the need for individuals to have access to advanced software tools that they can fully trust to work at their own behest and behalf. While these tools must act in pro-social and ethical ways, they must not undermine their trustworthiness by operating either covertly or overtly in the service of any other party, such as a retailer or other business.

 

In order to keep up with the increasing demands of technology, citizens of all economic levels will need guaranteed access to their own personal AI technology—that is, technology that belongs to each individual citizen and works on that citizen's own behest and behalf. The purposes they might serve could be unlimited: a personal assistant; a personal genie, perhaps. Most importantly, such personal agents will be necessary for democracy itself, if citizens are to have a hope of keeping pace with the demands of an increasingly technology-dominated future. For one thing, these agents will likely be needed to act on the individual’s behalf, helping to manage and protect that person’s private profile data. For that reason, and many others, they must be trustworthy beyond reproach.

 

An important use for these loyal personal AI agents would be to help its owner to keep pace with the growing influx of requests to share information. The AI agent could assist with reviewing the terms of each agreement to ensure it meets its owner’s requirements. A likely eventuality is that the AI agent will be needed to act as its owner’s proxy, making autonomous decisions as to how such requests should be handled. To do this, the loyal agent would need to be well-attuned to the interests, needs, desires and attitudes of its owner. The notion of what constitutes ‘well-attuned’ would vary with the level of technology available. An unsophisticated program might be configured by manually setting preference parameters. A more sophistication AI agent might autonomously model its owner's thought processes based on analysis of brain activity readings and detailed observation of its owner’s behaviour, in other words: by using its owner’s private data.

 

The question of what constitutes a truly loyal AI agent will likely be an important one—an issue we would need to tackle soon. It may involve trying to certify our AI agents for loyalty, or may assign importance to the pedigree. Pedigree and lineage might be issues if the AI software begins to self-rewrite in order to produce generations of improvements, or gets new capabilities by acquiring algorithms from many sources. With time, it may be very hard to analyze the rapidly changing source code.

 

We will end by underscoring the point that AI loyalty is of paramount importance. It goes to the heart of our hopes and fears about the future of humanity in the face of AI. We need to know whether or not we can successfully design AI to be in any sense loyal to its masters. We can only know by trying—and for the benefit of society, loyal personal AI is a good place to start.

© 2017 Montreal Declaration for a Responsible Development of AI

Université de Montréal

Follow us!

  • Grey Twitter Icon
  • Grey Flickr Icon