A New Framework for Identity and Data Sharing


The future of society should be supported by an Internet of Trusted Data in order to enable both auditable provenance of identity and the credibility of data. in order to enhance economic viability of new technology solutions, policies and best practices.  Simultaneously, an Internet of Trusted Data must protect the privacy of people,  ensure public safety, economic and national security, and foster public, individual and business partnerships.  In order to accomplish these goals thought leaders in federal, state and local governments should join with academia and carrier-scale private industry to work toward an Internet of Trusted Data.

An Internet of Trusted Data includes:

  • Robust Digital Identity. Identity, whether personal or organizational, is the key that unlocks all other data and data sharing functions.   Digital Identity includes not only having unique and unforgeable credentials that work everywhere, but also the ability to access all the data linked to your identity and the ability to control the “persona” that you present in different situations.  These pseudonym identities, or personas, include the “work you”, the “health system you”, the “government you” and many other permutations specific to particular aspects of your individual relationship with another party.  Each of these pseudonym identities will have different data access associated with them, and be owned and controlled only by the core “biological you”.  To accomplish this there needs to be a global strategy for Identity and Access Management that genuinely enables trusted, auditable sharing relationships and functions without compromising personal anonymity or security.  This is technically straightforward: the basics were established by the NIST’s National Strategy for Trusted Identity in Cyberspace program and now are widely available from, for instance, mobile operators and similar regulated services.  

  • Distributed Internet Trust Authorities.  We have repeatedly seen that centralized system administration is the weakest link in cybersecurity, enabling both insiders and opponents to destroy our system security with a single exploit.   The most practical solution to this problem is to have authority distributed among many trusted actors, so that compromise of one or even a few authorities does not destroy the system security consensus.    This already standard practice for the highest security systems: no one single actor can launch nuclear missiles, for instance.   Now we need to implement this sort of consensus security widely.   Examples such as the blockchain that underlies most digital cryptocurrencies show that distributed ledgers can provide world-wide security even in very hostile environments.  Today there is a huge amount of investment by private companies to deploy software defined network technology which can transparently expose efficient, convenient versions of this consensus ledger technology, and the countries should set policies that take advantage of these new capabilities in collaboration with the private and education sectors, in such a way that digital identities can be originated by individuals and issued with verification from multiple access providers.

  • Distributed safe computation. Our critical systems will suffer increasing rates of damage and compromise unless we move decisively toward pervasive use of data minimization, more encryption and distributed computation.  Current firewall, event sharing, and attack detection approaches are simply not feasible as long-run solutions for cybersecurity, and we need to adopt an inherently more robust approach.   The “optimal” technology for such an inherently safe data ecosystem is currently being built and tested, for reference see MIT’s ENIGMA project.  Because of the importance of acting quickly, the EU data protection authorities are supporting a simplified, easy-to-deploy version called OPAL (Open Algorithms, which originated at MIT with French support) for pilot testing within certain countries.  The concept of OPAL is that instead of copying or sharing data, algorithms are sent to existing databases, executed behind existing firewalls, and only the encrypted results are shared.  This minimizes opportunities to attack databases or divert data for unapproved use, but places restrictions on the ability of an ecosystem to collaborate on data when it is in an encrypted state.  Note that OPAL may be combined with anonymization identifying elements in order to reduce risk, and in the long run will evolve toward a fully-encrypted, computation friendly model. Approaches such as homomorphic encryption and secure multiparty computation can enable encrypted data to be used in approved, auditable manner by parties that can’t decrypt it or read it.  In particular, the ability to permissibly ask questions of data in the form of “attributes” will be a key pattern to maintaining digital privacy while enabling innovation ecosystems. National governments should create a roadmap for progressing from the current situation, through transition technologies such as OPAL, to complete solutions such as MIT ENIGMA .  

  • Universal Access.  The advantages of secure digital infrastructure are diminished without universal access.  Governments can promote universal access by policies that provide for secure, citizen-controlled Personal Data Stores for all citizens in a manner analogous to current physical Post Office Boxes, and promote their use by making government benefits and interactions such as tax transfers and information inquiries conveniently available by mobile devices and web interfaces secured by the citizens’ digital identity.   Planning by the U.S. Post Office for such universal Personal Data Stores (Digital Mailboxes) has long been in place, and the secure digital identity infrastructure is already offered by mobile operators and other regulated services.

Professor Alex “Sandy” Pentland holds a triple appointment at the Massachusetts Institute of Technology in the Media Lab (SA+P), School of Engineering and School of Management. He also directs MIT’s Connection Science initiative, the Human Dynamics Laboratory and the MIT Media Lab Entrepreneurship Program, and has been a member of the Advisory Boards for Google, Nissan, Telefonica, Tencent, and a variety of start-up firms. For several years he co-led the World Economic Forum Big Data and Personal Data initiatives. He has pioneered the fields of wearable computing and computational social science, generating several successful startups and technology spinoffs. Sandy was recently named by the Secretary-General of the United Nations to the Independent Expert Advisory Group on the Data Revolution for Sustainable Development. Sandy has previously helped create and direct MIT’s Media Laboratory, the Media Lab Asia laboratories at the Indian Institutes of Technology, and Strong Hospital’s Center for Future Health. In 2012 Forbes named Sandy one of the “seven most powerful data scientists in the world”, along with the founders of Google and the CTO of the United States, and in 2013 he won the McKinsey Award from Harvard Business Review. Prof. Pentland’s books include Honest Signals and Social Physics. He was named to the National Academy of Engineering in 2014. Sandy holds a BGS from the University of Michigan and a Ph.D. from MIT.

Thomas Hardjono is the CTO of MIT Connection Science and Engineering. He leads technical projects and initiatives around identity, security and data privacy, and engages industry partners and sponsors on these fronts. Thomas is also the technical director for the Internet Trust Consortium under MIT Connection Science that implements open source software based on cutting edge research at MIT.  Prior to this, Thomas was the Director of the MIT Kerberos Consortium, developing the famous MIT Kerberos authentication software currently used by millions of users around the world.  He also was instrumental in the development of OpenID-Connect (OIDC.mit.edu) standing up the first OIDC service at a major university.  He has been active in the areas of security, applied cryptography and identity management for nearly two decades.  Over the years, Thomas has published three books and over sixty technical papers in journals and conferences.  He holds 19 patents in the areas of security and cryptography.  Thomas has a BSC in Computer Science with Honors from the University of Sydney, and a PhD in Computer Science from the University of New South Wales in Australia.

The Trust::Data Framework

David Shrier is a seasoned innovation catalyst with expertise in data/analytics, fintech, digital identity, cybersecurity, and collaborative innovation.  David is the founder & CEO of Distilled Analytics, a data/machine learning fintech derived from MIT research that is transforming financial services through behavioral analytics.  He holds a dual appointment as an Associate Fellow with the University of Oxford, Said Business School, and Lecturer & Futurist at the Massachusetts Institute of Technology, where he previously was Managing Director, Connection Science and New Ventures Officer, MIT Sloan.  David counsels the Government of Dubai on blockchain and digital identity; informs Millennium Advisors, a middle market credit liquidity provider, about financial technology trends; and is a member of the FinTech Industry Commitee for FINRA, the securities industry's self-regulatory body.  David also serves as Vice Chairman of cryptocurrency price prediction platform endor.coin; Chairman of Riff Learning; and advisor to blockchain-based commodities exchange Cleer.digital.  He specializes in helping established organizations to build new revenue, having developed $8.5 billion of growth opportunities with C-suite executives for Dun & Bradstreet, Wolters Kluwer, Ernst & Young, GE, The Walt Disney Company, AOL Verizon, and Starwood, as well as leading private equity and VC funds.  David teaches courses and workshops for MIT such as "Future Commerce", “Data Academy”, “Big Data and Social Analytics”, and “Future Health”. David Shrier was granted an Sc.B. from Brown University in Biology and Theatre. ​ David and Professor Alex Pentland have published books including Frontiers of Financial TechnologyTrust::Data, and New Solutions for Cybersecurity, and jointly edit the Connection Science imprint of MIT Press.

About the Editors


As the economy and society move from a world where interactions were physical and based on paper documents, toward a world that is primarily governed by digital data and digital transactions, our existing methods of managing identity and data security are proving inadequate.  Large-scale fraud, identity theft and data breaches are becoming common, and a large fraction of the population have only the most limited digital credentials.  Even so, our digital infrastructure is recognized as a strategic asset which must be resilient to threat.  If we can create an Internet of Trusted Data that provides safe, secure access for everyone, then huge societal benefits can be unlocked, including better health, greater financial inclusion, and a population that is more engaged with and better supported by its government.  MIT Professor Alex Pentland and his co-editors Thomas Hardjono and David Shrier, and some of the world's leading data scientists, describe a roadmap and platforms to implement this new paradigm.

Buy it now at Amazon.com or in our CreateSpace eStore.