Taking Control of Your Data: HTTP with Accountability (“HTTPA”)


In the world of Big Data there is increasing concern about privacy. But the conventional wisdom, even among many “experts”, is that privacy is a relic of the past. The thinking goes: “Companies and organizations can make a best effort at securing private information but in the Internet Age a person’s data trail, once it is in external hands, is no longer subject to control.” As Cory Doctorow points out in “The Curious Case of Internet Privacy”, we have all been led to accept the Faustian bargain that being on the Internet means trading privacy for services.

Does it really have to be this way?

Tim Berners-Lee, the inventor of the World-Wide Web, and his team of researchers at MIT are taking this issue head-on by paving the way for a new protocol called “HTTPA”. HTTPA stands for “HTTP with Accountability”.

The basic idea is that each item of private data would be tagged with a “uniform resource identifier” (URI) specifying conditions of use of that data: “Here you go. I am giving this information about me, but I am also telling you how you can use it.” As the data winds itself through the bowels of various databases the URI also provides the basis for constructing an audit trail:

“When the data owner requests an audit, the servers work through the chain of derivations, identifying all the people who have accessed the data, and what they’ve done with it.”

If it can be made to work, HTTPA will be ground breaking technology in support of privacy. Berners-Lee team see the new protocol as being voluntary:

“It would be up to software developers to adhere to its specifications when designing their systems. But HTTPA compliance could become a selling point for companies offering services that handle private data.”

Where and how will these audit trails be stored? Doesn’t that open up a major point of vulnerability if there is a central database that records everything I do?  The technology behind HTTPA is intriguing. Its security uses distributed hash tables, which is at the heart of peer-to-peer networks such as BitCoin. This means in part that there is no central or “national” record of my activities and all transactions would be secured with high-grade cryptography.

Of course, the devil is in the details. If HTTPA can be made to work, we can finally begin to unwind ourselves from the seemingly inherently Internet Faustian bargain. As Cory Doctorow has noted, letting users control their data does not have to destroy business or slow down analytics. Progressive companies will seize the duty to secure privacy as an opportunity to create value:

“Right now, the users and the analytics people are in a shooting war, but only the analytics people are armed. There’s a business opportunity for a company that wants to supply arms to the rebels instead of the empire.”


Share this post:

Recent Posts

Leave a Comment