Written By Shannon Appelcline
The problem begins two hundred years and at least two technological revolutions before the blockchain. Because grazing lands were held in common, individuals had no incentive to use those fields appropriately. Farmers allowed their animals to overgraze, eventually ruining the land because each individual sought to maximize their own benefit.
This is the Tragedy of the Commons, as first detailed by William Forster Lloyd in 1833. The Tragedy describes the problem of using an openly accessible resource, where any individual can benefit from using the resource but the costs of that use are borne by the entire group. The selfish and destructive usage that naturally results is the Tragedy of the Commons.
“The vast innovations and expansions of the modern age have now brought the Tragedy to new fields.”
Most classic examples of the Tragedy of the Commons are ecologically based, focused on topics like overgrazing, overfishing, and overpopulation. However, the vast innovations and expansions of the modern age have now brought the Tragedy to new fields. Much of our society now operates on interconnected computer technologies that are full of common resources. It flows through shared fiber and routers; it operates on shared software; and is transmits and uses data that has been shared, whether we intend it or not. The Tragedy of the Commons tells us that all of these openly accessible resources are likely to be abused to the point of destruction; the whole internet might be one problem away from a complete breakdown.
The Heartbleed bug of 2014 offers one of the clearest examples to date of how the Tragedy of the Commons impacts our shared online commons. Heartbleed was a critical security bug accidentally introduced into OpenSSL, the open-source software used to secure most communications on the internet, as part of a “heartbeat” extension released in 2012. Though the heartbeat code was reviewed when it was incorporated into OpenSSL, the process was much less rigorous than the extensive security reviews that had been required of SSL implementations in its earliest days. That’s because in the 2010s, OpenSSL was being maintained by just a single full-time developer and a small group of volunteers. Thus, a problem like Heartbleed, where a mistake compromised half-a-million certs and uncountable “secure” connections, was almost inevitable. The entire internet was using the shared resource of the OpenSSL code, but no was one supporting it properly: this is the definition of the Tragedy of the Commons.
Open source software is just one of the twenty-first century’s tragic commons. Many of the shared resources that comprise the internet have already proven vulnerable. Asymmetric DSL lines can get clogged by uploads, while entire neighborhoods see their internet slow down every Saturday and Sunday night. Forums created for communities can be destroyed by spammers trying to make a buck.
And then there’s a digital resource that many people don’t think about: data.
The Data Commons & Digital Property
Most internet users don’t realize that their data is quickly becoming a commons too. Unfortunately, when we upload data to the internet we usually forfeit our exclusive ownership. Obviously, when we write blogs, post images, or tweet messages, they might get copied of reused by others. Some of this replication is supported by the law, some by terms of service, and some not at all, but it happens nonetheless.
“Most internet users don’t even realize that their data is quickly becoming a commons too.”
However, the data joining this new commons goes far beyond the material that we explicitly post. Exercise trackers record where we are; internet searches reveal our interests; and voice assistants do both. Using this data, aggregators can create models of who we are, what we want, and what we might do — without our permission, and beyond our control.
Our health information is becoming part of the data commons too. That includes our DNA information, which is some of the most intimate and personally identifiable data out there. Despite that, people are now sending their DNA off to companies and uploading it to publicly searchable websites. These genomic data commons have already led to uses beyond the dreams of submitters, such as when the Sacramento County Sheriff’s department searched the GEDMatch database for the identity of the Golden State Killer — a burglar and serial killer who terrorized California in the 1970s. They were able to match records of 10 to 20 distant relatives and eventually built a family tree that revealed the killer. Obviously, tracking down a serial killer is a societal good, but it shows how data placed in a commons can be used for far different purposes than was intended.
In other words, the classic Tragedy of the Commons applies to this data commons. Our data gets used and reused, diminishing its value while the commons get abused, likely leading to their ultimate destruction. There’s no transparency, and we have no control.
This Tragedy of the Commons is just one example of a negative externality, where we as individuals are impacted by transactions between other people. The lack of concern for the data commons also generates other externalities, such as the loss of privacy and the possibility of financial losses when our data is breached — and huge data breaches impacting millions of people have been happening regularly, with some of the largest occurring at Equifax, Marriott, and Target. This adds insult to injury; even once your data has become valueless, you can still be harmed by malicious actors stealing and selling your personal data.
So how do we solve the tragedy of the data commons? How do we take back our control of our data? We can do so by reaching back to classic property law, newly updated for the digital age, which permits us to register our data as digital property. Doing so allows us to prove that we’re the owners of that data. We can prove whether specific uses were licensed (or not!), and we can demand that our data be returned to us if it’s being used in some unlawful way.
Even better, the Coase Theorem tells us that registering property can also help to resolve other externalities as long as all parties are able to freely negotiate. If our data is registered as digital property, then we will have recourse when a company loses our data to a breach, because they will have done us definable harm. Not only can we take back what is ours, but we can enforce better use of the commons itself.
Property rights are crucial to our modern society, and the example of the data commons shows us why: they allow us to exert property rights when our data is used, sold, compiled, or even lost without our permission.
The Data Commons & The Blockchain
Turning data into registered digital property solves the basic tragedy of the data commons, but it creates a new problem as well, because that data has to be recorded somewhere by someone. This suggests the need for a centralized authority, but that goes against one of the core advantages of the internet: the openness that led to most of its innovative growth.
“When you add regulation, you typically have to add centralized management as well.”
As it happens, centralization is an almost inevitable byproduct of any traditional solution to the Tragedy of the Commons. When Lloyd originally wrote about the Tragedy, he stated that it largely resulted from lack of regulation, and when you add regulation, you typically have to add centralized management as well. So how do we regulate property rights in the data commons without turning to a centralized authority?
The answer is one of the newest technologies of the last ten years: the blockchain.
The blockchain originated with Bitcoin, but is now the heart of a variety of use cases from smart contracts to decentralized identities to name services. A blockchain is essentially a permanent, distributed ledger. In other words, it’s a big database that everyone can write to, but that no one can erase. From the viewpoint of the Tragedy of the Commons, the crucial innovation of the blockchain is that it’s built upon consensus rules. The way in which data is added to the blockchain is defined by clear rules that everyone knows. These rules can be changed, but that takes consensus too.
The blockchain thus offers a solution to the tragedy of the data commons while still maintaining the innovative open nature of the internet. Its consensus rules are regulations, but they’re regulations that are executed by the distributed network itself, rather than a central entity.
Obviously, blockchains can’t solve every Tragedy of the Commons, but they are a solution for things that can be put on a blockchain, including those smart contracts, those decentralized identities, those name services, and more generally … all of our data.
The Data Commons & Bitmark
This discussion isn’t just theoretical. The use of a blockchain to record digital property rights is the heart of the Bitmark Property System: it’s already managing numerous sorts of data, from health information to music royalties. There were many reasons to adopt this particular solution and foiling the Tragedy of the Commons is definitely one.
However, Bitmark’s work on digital property rights is just the first step in solving the tragedy of the data commons. To reach its fullest success requires buy-in from companies, governments, and individuals. Fortunately, the tides have been shifting in recent years: a variety of groups are now looking at self-sovereign solutions of this type, where control is granted to people, not companies, governments, or organizations.
The EU’s 2018 GDPR has gone the furthest in giving people control over their data. It empowers people in Europe to know how their personally identifiable data is being used and gives them the power to retrieve it if necessary. The GDPR defines personally identifiable data more as a human right than a property right, but it’s a clear step in the same direction: once we’ve recognized peoples’ personally identifiable data as their own, recognizing their registered data is an obvious next step, and one that Bitmark is ready for.
We’ll see plenty of other Tragedies of the Commons on the internet as the online world continues to mature, and it seems likely that the blockchain will be a good solution for many of them.
How might blockchains, or the approach of consensus rules, apply to other shared resources like open software, shared bandwidth, and community forums? That’s exactly the sort of question we should be asking to ensure the future of the internet.
Armerding, Taylor (2018). “The 18 Biggest Data Breaches of the 21st Century”. CSO Online. Retrieved from https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html.
Davidow, Bill (2012). “The Tragedy of the Internet Commons”. The Atlantic. Retrieved from https://www.theatlantic.com/technology/archive/2012/05/the-tragedy-of-the-internet-commons/257290/.
Hsiang-Yun L. (2019). “Coase Theorem in the World of Data Breaches”. Human Rights at the Digital Age. Retrieved from https://techandrights.tech.blog/2019/02/22/coase-theorem-in-the-world-of-data-breaches/.
Lloyd, William Forster (1833). Two Lectures on the Checks to Population. Retrieved from https://en.wikisource.org/wiki/Two_Lectures_on_the_Checks_to_Population.
Synopsys (2017). “The Heartbleed Bug”. Retrieved from http://heartbleed.com/.
Zhang, Sarah (2018). “How a Genealogy Website Led to the Alleged Golden State Killer”. The Atlantic. Retrieved from https://www.theatlantic.com/science/archive/2018/04/golden-state-killer-east-area-rapist-dna-genealogy/559070/.