Privacy and Identity in a Subscription-based World

Unlike others before it, the trend was obvious from afar. We then found ourselves riding it comfortably. 

Most of us started with intellectual property. Licensed copies of music records, movies, or games became entertainment services.

Then came physical, consumable goods. Why keep adding that product to a shopping cart if you *know* that you will run out of it again within a week or a month? (Harry’s razors kicked that one off for me). 

Depending on where you live, transportation services may have preceded the latter. Why own a car, a motorbike, or a scooter if you can simply subscribe to a fleet of zero-emissions vehicles that save us all parking space while reducing traffic congestion? 

Along came digital versions of physical subscriptions: newspapers and magazines, already periodical by nature. 

Our bank statements did not show major changes, as most of our regular expenses already looked like subscriptions. An ongoing supply or maintenance is the nature of utilities (power, internet, mobile phone lines), insurance, school charges, professional associations, and even certain regular food deliveries. 

The entire mobile app economy is built on a subscription model. I am writing this on the Ulysses app (subject to monthly or yearly charges), some of my conference calls run on Zoom (ditto), I keep my guitar and piano tabs on Ultimate Guitar, do my sketches on Paper, and use a password-management tool.  

And, of course, much more is coming. Foreseeability of any sort will turn products into services. 

This is good news for the environment, too. But not so much for our privacy. 

Keeping the good stuff

Can we ever again enjoy the anonymity of buying a pair of sunglasses or running shoes when these inevitably become a yearly subscription? 

Assuming that such a thing has become impossible, Can we at least aspire to pseudonymity? And, in this spirit, Who is the custodian of our identity across all those services?

Apple would certainly like to be there for us. I have already argued that we should decline their kind offer. 

Password-management tools, though still necessary, are not the answer either. 

Banks will surely extend their arms, too, which would make a lot of sense, although it could result in switching risks to a brand new, single point of failure.

Of all options currently on the table, however, self-sovereign identity is probably the most appealing. Unfortunately, however, it will take most of our suppliers a few years to adopt Hyperledger Indy or other similar technologies.

In the meantime, we probably need an escrow or third party service that respects interoperability and open standards. This could be as simple as an “identity broker”, or as complex as a “personal AI” (as in “Machine Learning-powered assistant that automates all sorts of tasks on our behalf”).

What to expect? 

Quite simply, an identity broker could easily mitigate the most obvious privacy risks of a subscription-based world:

• Enforce a privacy budget: apps and services will only collect or access the most strictly necessary data points, for as long as they are required
• Guarantee the adequate handling of personal data, as well as the exercise of individual rights through self-service tools or intermediated requests
• Avoid subsequent data transfers
• Facilitate the use of multiple identities while maintaining convenience, through user masking techniques (something entirely out of reach for banks, and inconceivable for the likes of Apple).

Ideally, this identity module will be combined with personal preferences (Zero Party Data) and an individual’s pool of existing subscriptions to help her keep track of changes and available alternatives, mostly in conjunction with personal procurement services of some sort.

In other words, a future in which even more expenditures become recurrent will force us to streamline the key pillars of identity (“my profile”), personal data (“my preferences”, “my learnings”), and vendor management (“my choices”, “my matches”). 

(Photo by Dil on Unsplash)