"The Data Diva" Talks Privacy Podcast

The Data Diva E207 - Andrew Hopkins and Debbie Reynolds

Season 4 Episode 207

Send us a text

Debbie Reynolds, “The Data Diva” talks to Andrew Hopkins, President of PrivacyChain. We discuss the limitations of the current centralized data model and the potential advantages of a decentralized data model. We emphasize the importance of managing data at a granular level and embedding control and intelligence into data to ensure privacy and security. The conversation also explores the evolving role of metadata in AI systems, the challenges of data duplication, and the strategic approach to file management.

We discuss the multifaceted challenges and opportunities surrounding data management and privacy in the era of artificial intelligence. We address the difficulties of tracking and managing data without proper metadata, the implications of AI on privacy, and the business considerations of data ownership. We explore the potential for decentralization to enable fair data monetization for individuals and the need for granular control over data at a micro-level to enforce rights.

The conversation underscored the need for a shift in mindset towards data privacy and security and the potential benefits of enabling individuals to make informed choices about their data. We emphasize the importance of choice at every level of data usage, advocating for individuals and organizations to have control over their data. We also proposed a paradigm shift towards safeguarding content at a micro level and granting individual contributors greater control over their work in the publishing industry. Overall, Andrew highlighted the ongoing shift in thinking, the challenges associated with advocating for decentralized models in the face of existing trends and revenue models,  and his hope for Data Privacy in the future.

Support the show

[00:00] Debbie Reynolds: The personal views expressed by our podcast guests are their own and are not legal advice or official statements by their organizations. Hello. My name is Debbie Reynolds. They call me the data diva. This is the data diva talks privacy podcast, where we discuss data privacy issues with industry leaders around the world with information that businesses need to know. Now, I have a very special guest on the show. This is Andrew Hopkins. He is the president of privacy chain. Welcome.

[00:33] Andrew Hopkins: Good to be here. Thank you for inviting me on.

[00:36] Debbie Reynolds: Well, it's a pleasure to have you on the show. You and I have chatted on LinkedIn. We've actually had a call together, and it was wonderful to be able to talk with you and get your thoughts and ideas about privacy. And I thought it'd be great for people to kind of listen in on us having a discussion about privacy on the show.

[00:54] Andrew Hopkins: Yep. No, I'm. It's. It's a. It's a hot topic and one that I care about.

[00:59] Debbie Reynolds: Yeah. Well, why don't we start with your trajectory into privacy? I could tell from your accent you're not a native of Texas, but give. Give us an idea how you came to be the president of privacy chain.

[01:17] Andrew Hopkins: Yeah, well, let me get the accent out of the way first. I grew up in South Africa, spent time in London, and I've been living in Texas for longer than I care to admit. But my path to privacy and security was a little different when I was at Accenture, I became involved in the Internet of things business and spent several years crafting and developing solutions for clients that took advantage of distributed devices and mesh networks and all the things that make it possible. And the more I got into that industry and that type of thinking, it became apparent to me that the centralized data model that we live with today makes no sense. The longer we got into this business, we figured out that, or I became very passionate about a new way of thinking about data. We don't live in a centralized world. We live in a decentralized world. If you look around you, how many devices do you have in your office, in your home? And yet, we still. All we do is we take the data from all of these devices and we pile it into a data lake or a data warehouse, and we put it in a centralized data center somewhere in the cloud or perhaps on Prem. It makes absolutely no sense. When I left Accenture, I ran into two guys privacy chain who have built a distributed data management system. And the more that I have worked with them, the more I have become interested, passionate about the issues of security, control, privacy. And so I think the model is wrong. And I think what we're trying to do is change this and get people to think a little differently. And that's how I got here.

[03:10] Debbie Reynolds: That's wonderful. Well, let's talk a little bit about the decentralized, centralized thing a little bit more deeply part of this. You know, I have some experience also in the Internet of things and things like that. And I totally agree with you that we're thinking of it the wrong way in terms of centralizing as opposed to decentralizing models. But I think part of that centralization started when, you know, when people started putting data into digital systems. And that's how some of the big tech companies became so powerful, because what they were doing at that point, you know, before, like, we didn't have the power, we didn't have a device that they had the power or the technology to do things on their own. So we had to do things in a central manner. But the technology has evolved to some such a place where a iPhone in your pocket is as powerful as maybe a computer that they had in NASA 60 years ago. So I think the idea that computing has to be centralized is just a habit, a bad habit that we have, and it really is not taking advantage of all the power that can happen on these decentralized places. What are your thoughts?

[04:27] Andrew Hopkins: No, I completely agree. I think this is an old model, and I do agree there are use cases and there are situations where it makes sense to centralize data. I question whether that data needs to remain centralized, but that's a different conversation. But you're right, it's interesting. There's a stat out there that Apple ships more compute power and 1 hour of iPhone shipments than the average supercomputer has. The ability exists now to do processing in a distributed manner. The fact that we now have things like mesh networks and far better connectivity between devices means that we can do all this stuff where it needs to be done. I don't need, if I'm running an oil field or if I'm taking a walk on my phone to have all the data go essentially where it's processed and it comes back to me. None of it makes a whole lot of sense. I think the model is lazy. And if you overlay on that the issues of privacy and security, what we're doing is we're taking all this data and we're storing it as dumb data. And the concept of dumb data is really, really important because we're even stripping out the metadata and storing it separately from the data itself. Then we build all this infrastructure around it, trying to figure out what to do with it, how to organize it, how to reach it, how to tie it all together, how to secure it, how to control it. We don't live in that world anymore. What youve got is this highly expensive, very inefficient data infrastructure around centralized data, when frankly, I need the data and the decision making done here. Weve created this model where so many of the use cases have this artificial leap into the cloud and leap back out. Thats unnecessary and expensive and frankly inefficient. So theres a much, that's the thing about centralized, decentralized. And I think the other thing is, if you start throwing AI at this, you've got incredibly dirty data. There's no context. We don't know where it came from. There's no provenance, there's no lineage. So we basically put garbage in, garbage out on steroids. And the problem is that we have this massive data, and it's extraordinarily difficult using the centralized model to figure out what it is and what to do with it, where it came from, who's tampered with it. The decentralized model allows you to do a number of things. It allows you to take advantage of storage that exists today. If you think about true decentralized management, it is the ability to move data between devices, where a data center is a node as much as your iPhone is a node based upon where it needs to be, when it needs to be there, and what it's going to be used for, and really, really importantly, how long does it need to stay there. And so dynamically managing data across all of these devices adds a tremendous amount of efficiency to it. But it also allows you to do things at a much more granular level in terms of security and privacy. When we're trying to take a data center and secure it and figure out what privacy rules apply to this piece of data or that piece of data or this group of data, it's extraordinarily difficult to do when you're doing it from the outside in. And so we've got to think a little differently about it and start to embed some of that control and intelligence into the data itself. And this is where a new way of thinking comes in.

[07:59] Debbie Reynolds: Yeah, I agree with that. I think one thing I would love for you to talk about or want your thoughts on, and you touched on it a bit, which is one of the things that makes privacy challenging for companies, is deletion. So a lot of these companies, when you're explaining, putting data, stripping out the metadata, throwing it into a data warehouse, they didn't have a really good end of life data strategy, and part of that impacts privacy a lot. So in addition to trying to make sure you get the right data to the right places and not necessarily having to send it to some big bucket that comes back, also having the data managed in such a way that it can terminate itself or be deleted or be somehow anonymized so that it's not kept forever. So give me your thoughts on that.

[08:56] Andrew Hopkins: Yeah, and let me preface this by saying that everything I talk about from a technology standpoint can be done. And we'll come back to this a little bit later on. I expect the conversations and the challenges are less about technology and more about business and hype and willpower and where the money flows and how all that happens. But from a technology standpoint, if you think about what youve described, and lets just say that I was in California and I made the decision to go offline, how do you find my data? Its extraordinarily difficult to do when youre scattered across a central data warehouse from all these different sources. But youve got to prove to me as a company youve deleted it. Thats very, very difficult to do when you're thinking about it in the context of dumb data. And as you say, you've took the metadata out. How do I find it? If you're attaching the intelligence and, in fact, attaching metadata to the data itself, then it's easier to find. And so you're able to do things like find everything about Andrew Hopkins, irrespective of where it comes from, because it can be found through the exposed metadata. And obviously, I'm being highly simplified about how this is done, but that's what you can do. And you can essentially prove that you deleted it. But you can also do things like write rules within a distributed data management system. If you're coming at it from the bottom up, you can clone or delete data based upon usage. And so in the context of getting rid of data, if you, for whatever reason, create clones of a particular record for a particular use case at a particular time because everyone's using it at a point in time, you then have masses and masses of clones of the same record floating around in your data center and elsewhere. That's unnecessary. And so when that data becomes essentially worthless, you can write rules within the database or the data system that say delete. Contrary to that, you can write a rule that says keep one record or two records of everything, but you're able to manage the data at a much more granular level, both from the point of view of I need to delete this person from my database or my data, or I want to control the volume of data that I have across all of my storage and eliminate data I don't need anymore. So you can do it both ways if you approach it from the bottom up, and it doesn't matter where that data is stored. If I have data, if my personal data is sitting on the employee laptop and the data center or the server and the data center, it doesn't matter if you're approaching it from this direction, because I can still find it and delete it if that's what needs to be done.

[11:41] Debbie Reynolds: I think you hit a valid point, a really interesting point, and something I've been thinking about for a while. And that's the role of metadata. In the future, especially as we're dealing with data in AI systems, it's going to become vitally important to add more information, the metadata, so that we can track it. Like I'm seeing companies try to do things around lineage, like, say, authenticity of particular record, and they're adding particular types of metadata that can be read by different systems. So I think it's going to be very important. But what do you think?

[12:16] Andrew Hopkins: Couldn't agree with you more. I think it's refreshing to hear you say that because I think the general, despite what you and others are doing and talking about, the definition of privacy, is too narrow. To me, privacy goes way beyond data security. And by the way, that's a big problem we haven't solved yet, and we're losing that battle. It goes beyond the question of who's doing what with my data and for what purpose. And it does get into things like Providence and lineage. If I'm pushing data out onto the web, and that's part of what I do for a living, for example, it's not. But if it was, how do I know that people aren't putting fake data out? How do I ensure that the data people are reviewing that purports to come from me is in fact from me and whether I did it myself or whether I used an AI model. So even at the sort of my, again, I think at a very micro level on this stuff, even at the level of my data problems, and lineage is important. And again, the only way to do that, and my opinion is to do it at source. So you could take this podcast, and to me, content is just a piece of data, and there's a whole conversation about the creator world, which is a complete shambles as well. But this podcast is a piece of data and the metadata is attached to the podcast. Not only that, but the history is. So if you create it, you have somebody create the first version, you allow me to edit it. All of that can be captured and attached to the metadata with the podcast. So at a point in time when it becomes available to somebody else, if you so choose, you can make all that information available and visible because it's attached to the file itself. And so you're not separating the metadata and the history, and you're not trying to put it on a central blockchain and say, oh, that's what happens. But here's the file. Everything can be attached to the file. To my mind, that's the only way that you can really solve the problem of lineage and provenance, because you're absolutely right. What that also gives you is context. And so when coming back to the conversation about AI, if you're thinking about it, and get me started on some of the data sources for AI, but there's no context. So you get some really, really weird stuff and weird hallucinations and strange answers when you do things like train your AI models on data from Reddit. But adding context gives you that much more control over what data you're using, where it's come from, should you trust it, who's had access to it? And that's how you establish it. But my key point is you really have to do that at the data record level in order to make it scale.

[15:04] Debbie Reynolds: I agree. And I agree that it should be done at source. So then that data, that story doesn't get lost downstream wherever the data goes. I want your thoughts about duplicates. So data duplication is the bane of the existence in corporations. And I think a lot of junk data that companies have are duplicates. And part of the reason why. Part? Well, duplication is difficult in corporations for two reasons, I think. One is most tools aren't made to delete things. You know, they're made to remember things, not to forget them. But then also, you know, data gets duplicated in so many different systems. From a privacy perspective, if people are saying, hey, delete my data, that data may exist in multiple different places, so you can delete it from one or two places, but it's all these other places. But tell me just your thoughts about the challenge of duplication within organizations.

[16:07] Andrew Hopkins: Well, look, I work for a big consulting company, and email is the enabler of duplication because everything gets sent out by email and everybody has a copy and everybody does their own thing with it and you've lost complete control. So I come back to the micro level. So let's say that you are the owner of a piece of data and there is only one copy of that piece of data, but you decide that we need to create ten clones. And I use the word clones in order for people to be able to access it locally. So you send me a clone and you send somebody else a clone. But what you're actually doing is giving me access to the original record or a clone of the original record. There is only one record. When you think about it, in the way that we think about it, there's nothing. I'm sending you an entirely separate file which you can do what you want with. I'm sending you access. I'm giving you access to this particular file. And I may clone it in a way that the clones stay in sync. I'm not going to try and get into the technological piece of how this all works, but that's essentially what you can do. Although you may have ten clones, it's one file, because each of those clones is identical with the same metadata. When you search for. For Andrew Hopkins data, you find all of them because each one of them has some metadata exposed. And it doesn't matter where they are, because, again, this is a distributed data management system and we're managing data across all the devices that are in play. And like I was saying earlier, you can write rules that control the number of clones. I want a minimum of five of every record for backup reasons, or I want to clone whenever there's a request for that particular record from a different geographical location. Equally, you can write a record that says when you haven't been accessed for 24 hours, delete. But the key principle is, is that we're not creating uncontrolled copies of a record that get lost and uncontrolled. You're creating clones of the same record and keeping them in sync. And it's a decision by you as the owner as to how many different versions you want to keep. But also because we're tracking the metadata and changes, we have a history of everything that's happening to that particular record and all its clones. And so it's a different way of thinking about the problem of duplication, because you're essentially not creating uncontrolled copies that become lost in the system. You're creating clones of a record and you're keeping track of where they all are and you're keeping track of what everything happens to it and it comes back again to the point of this is a micro approach to data. It's not a macro. I'm trying to do everything from the outside in. I'm doing it from the bottom up.

[18:59] Debbie Reynolds: Yeah, it's not a brute force. Push everything down. It's like put the right things in the file to begin with and then the system, whatever system it is, can read this information whether it's big or small. Right?

[19:12] Andrew Hopkins: That's exactly right. I mean, and obviously what you can also do at this level is attach privacy and security and controls. And one of my favorite topics, ownership rights. So come back to the example of this podcast. You as the owner of this podcast, choose who can edit it and I can edit. You give it to me once and I can edit it between two and four in the morning and then I'm done. That's the control that you're going to attach when you're thinking about this from the micro level up. And then when you decide that perhaps you want to release a shortened version just for free as a teaser and someone to buy the full version. But what you're also doing is saying, all right, the teaser is free, it can be distributed, it can be copied, it can be downloaded, it can be shared, the purchase copy cannot. And now you've got control. You've got control over the individual file that you're selling and you as the data owner have control over it. And you're attaching the rights that you assign to me or to somebody who buys that podcast. These are the rights under which you are, you are buying this podcast and the rights are attached to the file delivered to the buyer. So the rights remain with that file irrespective of who's got it. And so what you were able to do there is attach the control and the privacy and the rights and enforce rights on the file itself.

[20:36] Debbie Reynolds: Well, I love that idea. It's brilliant, actually. I've been advocating for this for quite some time and I think that solves the problem. Part of the problem that I have seen is that data, when it's not like it's free floating and it's not in a system, it's hard to. Without metadata, it's hard to, it's impossible really to really track what it is, where it came from, different things like that. But with the metadata, different types of systems can be able to read it. What's your thoughts about how does artificial intelligence make privacy more challenging? I think sometimes people don't understand the connection there, but I want your thoughts.

[21:22] Andrew Hopkins: Well, I mean, it's the most basic level. It's simply that if all data is fair game right now and technologically with the existing systems, that's extraordinarily difficult to stop. And so now we have lawsuits, and now we have regulation, which regulation is a function of failed self regulation in my mind, but it's not terribly effective. And lawsuits are wonderful for lawyers, but not for many other people. So you've just got the issue that we've added a new level of, can I call it data greed, to the system, and therefore there's a lot more motivation to capture all the data about there that's at me, and use it for all these models. So I think there's that issue, and I think that manifests itself in a number of different ways, because depending on the model and the use case, real data can create fake data. And you've got these interesting situations that, again, are more micro level, where stuff is generated purporting to come from this organization or this individual. And it's absolutely wrong. And I think it's because the data is not being managed well enough or with the context enough to prevent that from happening. But I think foundationally, AI has brought to light a lot of, has really put a spotlight on things we've kind of not talked about a lot. And you've mentioned some of them, like provenance, lineage, but it certainly put a spotlight on ownership rights. It certainly put a spotlight on who should have access to my data. I, as a data owner, whether I'm an organization or an individual, should have better control over who has access to it, access to my data, whether that's an AI model or whether it's some other individual. And we don't, because the existing systems don't make it easy.

[23:28] Debbie Reynolds: Right. Well, it's profitable for these companies to be able to have it that way. I think that's another.

[23:33] Andrew Hopkins: All right, you went there. Okay, I had a conversation, because this little sidebar, which to me, content is data. So. And I, one of my passions is the music industry. I'm not a musician, can't hold a note, but I love music. And so I looked at what we could do to help give artists a better deal in the context of protecting the work that they generate. I mean, if you think about NAFTA and file sharing, it essentially, as a friend of mine put it somewhat ineloquently gutted the music industry. So digital piracy has been there ever since. So privacy chain can play a role in making that go away because we can protect the original content files. So I took this to a lobbyist group. I said, wouldn't you love to do this? And they laughed and they said, sounds great. Come back when you figured out how to tell YouTube to use it, because it's a money flow. It comes back to what I was saying earlier. Technologically, we can do things way better in terms of security, privacy, ownership, enforcement. But it's a business conversation. Let me give you one more example. If I go to a doctor and I get an x ray, who owns the x ray? It's not a question of technologically. Can I give it to the doctor or can I give it to the patient? Can I give it to the insurance company? It's a business decision that has to be made. And that's where the rub comes, because you're absolutely right. The insurance companies live on data. So do they own it? How do I keep it away from them? I can keep it away using systems like privacy chain and better security. But how does that change the overall business model that underpins healthcare? That's where the issue is going to lie. And so a lot of the conversations that I have are around the business elements of this rather than the technology.

[25:20] Debbie Reynolds: Yeah, I agree. I think just to be truthful about the motive, the motivation for, to move towards decentralization, which I absolutely love, by the way, but, you know, so many companies have made so much money from it. So in some way the argument has to be how do I make money? Or how does it stop me from losing money from this? But I think we're, I think we're turning the corner here because we see people who aren't comfortable with putting, trusting certain companies around data and they give them fake data. So it's like, yeah, you have data, but it's not the correct data or it's not the right data. Right. So I think if people feel like they can't really trust an organization, they're going to do their own sort of data poisoning or they're giving false details, which may not be, you know, the best value for the company. What do you think?

[26:17] Andrew Hopkins: I, it doesn't surprise me, but I think it's an unfortunate solution because data has value. Well, data generates value. I mean, data is a raw material, if you like, and the generation of value, if we can use data wisely and in the right way. And so the situations that you talk about, and I absolutely get it, is that we're not using it the right way and we're using it in ways that are, are disadvantageous to the creator or the owner of that data, whether that data is, like I say, a spreadsheet or a video or whatever it is, the solution in my mind is give the data owner the ability to control what is used by whom and for how much. Again, if you come down to the individual file level, you can do that. You can't do it today because it's all sitting in some, once it's out there, it's gone. But if I, and this is one of the things that I hope to see, is that as a data owner, whether I'm an individual, an organization, or a government, I have a choice as to what I do with my data and who can see what and what it can be used for. And if makes sense, I can be remunerated for the privileges using my data. But it's the ability to control that and allow me as a data owner to make those decisions and execute upon them. I think that's a better way to do it because adding fake data doesn't surprise me. It doesn't really help anybody. It's quite amusing, I suspect, in some ways, but it doesn't really help solve the overall problem, which is I want a choice as to what happens to my data, whether I'm an organization, individual or a government.

[28:06] Debbie Reynolds: So I want your thoughts about how decentralization can open up avenues for data monetization. Like if people wanted to monetize their data. So right now it's like, you know, you give your data to whatever company and they make a lot of money off of it and you make nothing from it, right? So I think some people say, well, if you're going to at least use my data, I want to be able to profit in some way from it. But tell me how decentralization can play into that monetization.

[28:38] Andrew Hopkins: So there's two things, and I'll give an example. There is what I call the micro file level approach to security and control. That helps. But the other key thing, which is the decentralized piece, is that we can apply that control and security and rights enforcement on any device anywhere. You just bring it back to the organization. For the moment, if I've got my central cloud storage and I've got sharepoint on my local servers, and I issue stuff onto my employee laptops, boom, it's gone. But when you think about a decentralized approach, I can control data on the laptop, I can control the data on the phone, and I can do it at a very micro level. So if I'm downloading content onto my phone and I and im playing a song on my phone and there happens to be no download, no copy rule attached to it. And a you owe me two cent for that play thats all enforceable on the phone. And so youre extending the control across all devices so you dont lose control of it. And then at the micro level, I was talking to a musician about this. So today, as a musician or any creator, anything I publish online is pretty much fair game. Even if it's recorded as an NFT on a blockchain. That's essentially like, I own the receipt, I don't own the artwork, and the artwork is still fair game, it still can be copied and all of that stuff. But if you can create a situation where any artist can create online content that is secured and controlled, think of a researcher as an example, or think of a podcast. But if the, if the content is secured and controlled with rights attached and enforced, then you can enforce the commercial rules because you can prevent it from being louder downloaded. If I bought you a podcast and emailed it to Joe down the street, he couldn't access it. And so you're establishing digital scarcity, which hasn't been done before. And digital scarcity means there's value in the content itself, and you can create, particularly across distributed devices, the ability to distribute content that is protected and controlled with rights and forced to monetization attached. There are any number of different ways that you can do that. But the whole idea of direct to fan revenue, which disappeared with streaming, comes back when you think about it in the context of a distributed bottoms up approach to data.

[31:09] Debbie Reynolds: I love this idea because you're handling data, you're handling this issue at a bit and bite level, as opposed to try to wait till something bad happens and then try to have a legal remedy. So I think that's what we definitely need.

[31:26] Andrew Hopkins: Yeah. And, you know, and it's, it's an interesting dynamic to be having this conversation, because it does, it does fly in the face of the current thinking and the current revenue model and the current investment flow. So it's been an interesting, fun ride over the past couple of years, taking this into the general population of people, making people aware of it. But in my mind, it is the only way to solve the problems that we started with. We've got a centralized model that doesn't make sense. It's creaking at the seams, and it's going to fail spectacularly. We have to think differently. But way back in, almost ten years ago, when I was working in Iot like this doesn't make sense. We have to go decentralized. And so it's interesting that things are happening around us that are making more and more people realize that we have to think differently. And certainly a lot of the work that you're doing is helping push that message out. And so I very much appreciate it and appreciate being here, but it's hard to change, it's hard to go against the tide. And so it takes an effort and it takes passion, and it takes people like you to get the message out. But this is the way to go. I have no doubt about it.

[32:50] Debbie Reynolds: I agree with you. One thing I want to talk to you about is a little bit outside of privacy, but something happening that I think will impact what you're talking about in terms of decentralized models and also being able to really control that data, that data lineage and that data story. And that is as a result of some of these lawsuits that are happening around these gen two AI models sucking up data, especially from these huge publishers. What a lot of these publishers are thinking of doing is putting a lot more of their stuff behind paywalls or, you know, trying to, trying to enforce things like robots, TST, which I think is like, I call it the fig leaf Internet, right? But the idea is that some of these larger publishers are trying to do what they can to try to shield their data from being sucked into these AI models. And I don't think putting things behind a paywall, I don't think that's the right solution. And obviously robots TXT doesn't work. It's like beware of dog, but there's no dog on your fence. That's kind of what it is. But being able to have it enforced on a technical digital file level, I think that will be game changing. What are your thoughts?

[34:16] Andrew Hopkins: Look, I agree. I mean, publishing is a really interesting one, but it goes, if you take a step back to the contributors, so the journalists, the photographers, the actual people contributing the content, and you start there. It gives them an opportunity to participate in this, and it gives them, either directly or through publishers or through whatever organizations sit in the middle, the ability to decide what they want to do with their data or their content or their work, and to attach those controls. And so I think it is a game changer. Paywalls, look, it's a perimeter defense. And the whole concept of perimeter defenses has been proven not to work, despite the fact we built an entire cybersecurity world around it. Dont get me started on that one. But again, the value is on the content. The values on the individual piece of work, the value to you is on the podcast. So we need to control and give you protection at the podcast level. At the individual podcast level. In my mind, and as a publisher, yes, it's an aggregation of different individuals work. And if that work is protected in the way I'm describing, then you don't have, you don't need a payable, you can make it available or you can make versions of it available, but every time it's used, you get money. And there's no macro, I'm going to pay 60 million to Reddit for five years of data. What about the users? This is a way to go behind with the publishing and down to the individual contributor level and say, you can share in this and we will protect you as a publisher because we will protect your content at this very micro level. And if it's used on picked up, we know it's going to be being used and we'll pay it. But equally, you can go direct from the contributor. And I've had, if I'm publishing photographs online and someone comes along and buys it, it's the same model. I haven't got a publisher in the way, I'm using somebody's, my website or something like that. But that's what you're enabling with this. And so putting up paywalls and other defenses and perimeters and getting people out at a macro level. You're right, you said it, it doesn't work.

[36:39] Debbie Reynolds: I always use the analogy. It's like a castle where you have the gates and the moat around the castle, and people are fighting to get into the castle, but the thread is in the castle already. So I think the perimeter doesn't work well.

[36:52] Andrew Hopkins: And part of the issue is that you have to let people in to legitimately use the data. And once you let people get through the perimeter, you're vulnerable. And once you're through the perimeter today there is all the gold sitting in a nice big heap in the middle of the castle. If you think about it from a distributed model, which room is it in? Which safe is the data? One of the fundamental things we've forgotten with the centralized model is way back before the time of the Internet and computers. If I wanted someone to stop something, stealing something, I hit it. We've forgotten that idea. Think about data stored over a distributed devices. Step one, where's the data? Step two, when you're doing things at the individual file level, which pieces of data on this device do I want? Oh, in step three, I have to unencrypt each of them separately. It's an entirely different way of thinking about cybersecurity that makes the perimeter that much less important. But it's a game changer. You've used the word game changer. It is, but it does make some people a little nervous about what this actually means in the context of how things are done today.

[38:07] Debbie Reynolds: I think we're going to be forced to make those changes because the computer is coming so much more complex, and it's becoming evident that what we're doing is definitely not working, and it's not working for a lot of different people. So. Yeah, but if it were to world according to you, Andrew, and we did everything you said, what would be your wish for privacy anywhere in the world, whether that be regulation, human behavior, or technology?

[38:36] Andrew Hopkins: So it comes back to choice to me, and it's choice at every level, and there's some nuances to choice. So if I'm generating content as an individual organization, I should have a choice as to how secure it is. Who can you see it, what can be done with this? And so on and so forth. Right? But on the other side of it, I have a choice to use a service online that demands my data for me to use it. That's choice doesn't mean it's wrong. As long as they don't abuse it, it doesn't mean it's right. It's a choice. And we don't have that choice today, I mean, in any meaningful way. And so anywhere in the world, there are people out there today that create content and take pictures and write stories that are highly dangerous, potentially dangerous to them personally and to their families. I want them to be able to do that securely, and I want them to be able to have the control over the content they're generating so that it's not open to bad people getting hold of it and so on. I mean, that's a pretty extreme example, but it's a choice. But I'm giving people the tools at every level to make their own informed choices as to what they do with their data. I think part of this will come out when different business models, a different perception of the value of data. And I know you talk a lot about that, but data is perhaps not value in itself, but it creates enormous value. And not just monetarily. The ability to share data in a safe, secure, controlled manner in healthcare, which we cannot do today, is foundationally, potentially really, really important in improving our healthcare and improving the quality of people's lives. But the fact that the data is siloed, and people are scared to share it, and it's stolen and it's this and that, and it's hacked and just means it's extraordinarily difficult to get the value data that we could. And so my hope and my wish is that we create an environment where we can derive the value of data that we can get from all of this data in a way that is effective, efficient, but gives the rewards to the people who own the data. So that was a very long winded way of saying it, but they come back to choice.

[40:58] Debbie Reynolds: I agree with that wholeheartedly. Well, thank you so much for being on the show. This is tremendous. I love the work that you're doing, and you're thinking in the right direction, so keep up the good work. Absolutely. This is the way of the future.

[41:12] Andrew Hopkins: I appreciate that. I appreciate the opportunity, and thank you for a really fun and enjoyable conversation. Debbie, I really enjoyed it.

[41:19] Debbie Reynolds: Oh, thank you so much. I'm sure we'll get a chance to chat in the future and possibly collaborate together.

[41:24] Andrew Hopkins: That'd be great. I'd love that. I think we think along the same lines much of this stuff, so I'd love to help move it forward.

[41:32] Debbie Reynolds: Excellent. Well, I'll talk to you soon. Thank you.

[41:34] Andrew Hopkins: Thanks, Debbie. Bye.