The Strategic Advantages of Data Ownership Enabled by Blockchain

Data-as-property was the main thesis for two prior writings. This article extends that approach and takes the position that 1) new technology has already manifested a data provenance architecture premised upon asset ownership, 2) the entirety of intangible property — not just patents, copyrights, and trademarks — can therefore acquire property ownership rights, and 3) institutionalizing a data-as-property model would substantially improve cybersecurity because of enforcement efficiencies.

A Quick Review

To first recap the data-as-property approach, my first piece explained:

This writing questions whether framing the virtual world’s rights and duties redress system in a traditional privacy ontology was error…

Viewing data through the lens of privacy brings inherent limitations as determining the reaches and limits of privacy has been an ongoing societal debate for hundreds of years. [However] privacy is “intangible”. By contrast, data is definable. Data is a thing — albeit a less tangible thing than a touchable item, it is no less real. It is something that is bought and sold every day all across the world. Like other items of value, billions of dollars a year are spent to protect it from theft. If data has a value, in and unto itself, it should logically follow that its loss through … recklessness should be enough to justify compensation. … Accordingly, why doesn’t the law consider a loss of one’s data as a loss of one’s property?!

The first writing expanded upon the property theory to assert that all of one’s digital identity, not just notions of privacy, can be encompassed under property law protections. Moreover, ownership of one’s data is a matter of self-sovereignty. The term Digital Identity Sovereignty™ was introduced in the article to capture the full breadth of the data-as-property concept.

The second writing explored protections afforded to identity in the physical world.

How far can the data-privacy-as-property philosophical and legal argument go? Can protections in the law around humanity and bio-science extend to biometrics and data science? Does digital identity ownership through a property lens hold up compared to other relevant bodies of law? …

[Based on case law arising from biological research disputes, we see that] human body parts, which are indelibly linked with one’s identity, have indeed been viewed and treated within a property right[s] framework.

By considering the extreme situation concerning ownership disputes of body parts, the writing makes the case that treating data under a property law construct is far less contentious.

How Blockchain Fundamentally Provisions Property Attributes to Data

The prior analysis of data-as-property, which was articulated conceptually, has actually manifested in a technology architecture where data provenance is designed into the system. Blockchain technology has launched crypto assets into the global marketplace. From cryptocurrency to nonfungible tokens, new asset classes have come into existence. Innovations in the blockchain ecosystem have led to such novel creations as virtual plats of land for sale, the trading of digital currency, and a growing list of virtual environments and original works. Indeed, in a surreal way, virtual has become real, as the Internet continues to amaze and alter reality. Yet, in a fundamental way, data-as-property is incontestable under property law when the data form represents a virtual plat of land.

According to the World Intellectual Property Organization (WIPO): “Anything that can be digitized can be turned into an NFT.” (See https://www.wipo.int/wipo_magazine/en/2021/04/article_0007.html )… Interestingly, “[NFT buyers] are simply buying the metadata associated with the work; not the work itself.” Hence, intangible property, like a social media influencer’s brand, can be tokenized and bought and sold as an asset.

The ability to tokenize “anything that can be digitized”, including rights holders’ ability to transfer rights, translates into a system where data rights are embedded in the structure. Smart contracts, self-executing agreements written on the blockchain system, also assure clarity of ownership terms. Additionally, the distributed ledger, which lies at the heart of the blockchain system, provides transactional integrity for the transfer of assets. The immutability of digital assets minted on the blockchain — aka non-fungible tokens — provide a unique and trusted way to permanently restore ownership over data. All told, digitization, smart contracts, and the distributed ledger establish a system whereby data is irrefutably a property asset.

Accordingly, Digital Identity Sovereignty™ under a blockchain system points toward a mechanism to digitize one’s identity — to wit, the universal assertion of ownership over one’s online presence and the ability to commoditize one’s self as a digital asset. The blockchain technology itself establishes this new way to view privacy and digital identity as an asset class.[1]

Asset Digitization Includes All of Intangible Property

Intellectual property is subsumed within the broader concept of intangible property. While patent, copyright, and trademark protections have been codified under traditional intellectual property law, broader intangible property rights have not been protected by statute. Because they are less tangible, less definable, and more ethereal, intangible property like goodwill, brand recognition, customer lists, proprietary information, reputation, and the like, have not been institutionally protected in the law. However, blockchain now enables a rights holder to digitize these assets into a token.

Again, “Anything that can be digitized can be turned into [a token]”. And, once tokenized, backed by smart contract, and licensed and transacted using the distributed ledger, that is a data-as-property transaction. In other words, the full range of intangible property can become an asset owned and protected under property law, including the full extent of one’s digital identity.

One illustrative use case would be the highly publicized claim of global football superstar Zlatan Ibrahimovic. His argument is that the creation of game system avatars, sold commercially without his consent or payment of fair compensation, represents the knockoff of his Name Image Likeness (NIL) rights. Similarly, in the summer of 2021, the US Supreme Court decision in NATIONAL COLLEGIATE ATHLETIC ASSN. v. ALSTON, opens the floodgates to NIL commercialization for college athletes. However, these athletes must first protect their NIL rights via the blockchain.

Moreover, creating an asset class around intangible property also creates corporate opportunities. Digital identity is a broader idea than privacy; it extends onto the full scope of intangible property rights. Businesses possess a wide variety of intangible assets. When stolen or compromised, substantial harm can ensue. As the next section posits, Digital Identity Sovereignty™ should also be part of a cybersecurity strategy.

Enforcement: A Cybersecurity Strategy Derived from Digital Identity Sovereignty™

One reason cyberattacks have become so destabilizing[2] is that businesses and individuals merely shore up defenses. Enforcement for the redress of harms is deficient. The attackers do not fear legal accountability, and accordingly seek to circumvent the defenses. The market has yet to correct the defect by which attackers lack any disincentive from defrauding their victims. Moreover, regulating data protection has not proven to be particularly effective, and as my first article revealed (quoting Professor Chao, University of Denver Sturm College of Law):

[T]he thorniest obstacle is that privacy harms are often not considered cognizable injuries under many common legal theories. Tort, contract, and constitutional standing doctrine all demand some form of concrete injury, but privacy injuries are often too intangible or risk-based to qualify.

Conversely, tokenization of an asset enables it to be valued. Secondly, any misappropriation of that asset affords the owner greater remedy options than a privacy-based legal construct. Using the criminal law, a wide range of inchoate crimes might avail the victim of ways to direct pressure on the ecosystem of parties that unintentionally facilitate cybercrime. Since cybercrime occurs through an ecosystem of interconnected systems, an inchoate crimes redress system may improve the current enforcement environment. Additionally, many social media platforms honor takedown requests for copyright, trademark and even hate speech content. For example, the HONR Network, established after the Sandy Hook shooting, used a variety of approaches (including the US Digital Millennium Copyright Act) to takedown images of shooting victims which had copyright protection. These are just a quick sampling of ways that a property-based legal construct would transform the cyberattack-favoring ecosystem.

Pursuing legal redress arising from data harms, in all their forms, would become more efficient under a data-as-property system. Blockchain technology makes this approach possible, although enhancements to the law around this approach would be needed to enable enforcement at scale. Moreover, widespread adoption of this approach would likely lead to a reduction in cybercrime, as Internet service providers would become accountable for handling stolen property (or facilitating its illegal transfer), and so the criminal use of Internet infrastructure would be deterred. Moreover, efficient enforcement of property rights would create incentives for the market to enable redress of ownership infringements.

Final Thoughts

Digital Identity Sovereignty™ — the notion that entities, both corporates and individuals, own all facets of their data — starts with recognition that all data is property. All data includes personal data, as well as the full scope of intangible property. Under this approach, there is an incentive to pursue mechanisms to own one’s data. The blockchain facilitates broad data ownership opportunities. WIPO put it succinctly:

Anything that can be digitized can be turned into an NFT.

About Me. I came up with the Digital Identity idea after years of practicing cyberlaw in the US Army and later in private practice. Along with tangents in public-private partnerships, evidentiary uses of cyber intelligence, and now crypto ventures, and after growing alarmed about the cyberattack landscape, it seems to me that Digital Identity Sovereignty™ may represent a counter-mechanism, using market forces, to better protect data, empower the data owner, and disrupt the cyberattacker advantage. The notion that it could represent a new, disruptive market force is especially appealing. See my LinkedIn profile here: https://www.linkedin.com/in/doug-depeppe-esq-7939b113/

[1] Notably, the movement known as Self-Sovereign Identity (SSI) within the blockchain community offers advocacy around a similar notion. However, SSI is principally an access control and identity management concept, whereas Digital Identity Sovereignty™ promotes OWNERSHIP over the entirety of one’s digital identity.

[2] The Russian attack on Ukraine, including cyberattacks, has led many experts to express concern about spillover damage, as zero-day malware gets loose into the wilds of the darknet. The conflict has also spawned scores of vigilante hacking groups. The global instability caused by widescale and unconstrained cyberattacks underscores the need for deterrence. More efficient enforcement mechanisms help deter future attacks.

[3] Deterrence would not just come from fear of legal accountability among the hackers, the ecosystem of interconnected systems through which attacks are launched would also act to reduce liability exposures.