Most prior efforts to enforce policies on data usage have focused on who can access data, rather than how that data is used. The latter is a hard problem, but by leveraging the isolation and attestation properties of enclaves in combination with binary transparency and strategic open sourcing of crucial components, it’s now possible to create software that is not only transparent about how it handles data, but provably so. Projects such as Google’s Project Oak and Arm’s Veracruz provide example implementations of this. These kinds of architectures have huge potential, but implied in the idea of meaningful transparency is an external ecosystem of inspection and governance that is at best in its infancy. What existing parts of the ecosystem should these architectures ‘connect’ with and how? What new roles, tools and organisations do we need to build? In this session we’ll give a high level overview of how these technologies work and the kinds of technical assurances they can provide, and invite participants to break out into groups to imagine with us what kind of additional technical tools (including those being built by the MyData community) and socio-technical systems (such as systems for auditing and accountability) should be created and/or fostered in order to ensure that the potential societal value of these technologies are realised.
Sarah de Haas, Google Research
Jack Hardinges, Open Data Institute
Calum Inverarity, Open Data Institute