IOTA’s David Sønstebø on Monetizing Data, User Privacy, and 2018 Priorities
David Sønstebø, Co-Founder of IOTA
Coin Central’s Bennett Garner recently had the chance to interview David Sønstebø, one of the co-founders of IOTA, to talk about how IOTA is implementing its Tangle in the real world. As part of the conversation, they also discussed monetizing data, protecting user privacy, and IOTA’s priorities for 2018.
If you’re interested in learning more about IOTA, check out our beginner’s guide here.
The long interview went in-depth on how and why IOTA is impacting the IoT landscape. They also talked about the challenges facing IoT (and IOTA) over the years ahead. Without further ado, let’s get to David…
BG: Thanks for speaking with Coin Central today, David.
DS: Thanks for having me.
BG: You recently announced a partnership with the city of Taipei to implement citizen ID cards on IOTA. How did the Taipei partnership come about? What’s the backstory?
DS: The origins of this story go back to us getting in touch with a group of developers from Taiwan. One of them, Jim Huang, is a guru of sorts in Taiwan for Java development. He connected us with a group he co-founded known as BiiLabs, a Taiwanese startup that focuses on distributed ledger technology and specifically IOTA.
After some discussion back and forth, we sent one of our core developers, Lewis Freiberg, up from Australia to Taiwan. While he was there he met with a lot of the development community. He also met with the Ministry of IT in Taipei.
From there, the ball got rolling. Some of the universities got involved and got excited about using IOTA for securing data and automated payments.
Of course, Taiwan, being known as the capital of semiconductors, it makes sense that Taipei would want to be among the leading smart cities. That led to dialogue with the city government, and that’s essentially the origin story of this partnership.
BG: I’m sure this is an early stage project, but can you share more information about what you’ll be actually implementing in Taipei?
DS: Sure. First, I wouldn’t call this a pilot project or a proof of concept. This is legitimate, and it’s intended to become production ready. Of course, we’re starting out with a minimum viable prototype and an iterative approach, but the goal is to establish IOTA as the de facto standard for Taipei City.
All the details of the TangleID implementation are still up in the air. The idea, however, is to use distributed ledger for immutable identity. This would be ID cards for people, but we’re also interested in identity of things. We’re focusing on creating an identity of things layer on IOTA for basically all the devices in the world, eventually.
Every single device has a unique identifier. It has the ability to do autonomous attestations and that requires an identity protocol which is notoriously hard to create. Those are the kind of things we want to explore here for citizens, but also for the devices themselves. Autonomous vehicles, they need to have their own identity and their own attributes. Answers to questions like how much it costs to ride with this autonomous vehicle from location to location, how long will it take for the trip, and other fleet management operations.
BG: One of the applications you’ve mentioned previously is the prevention of voter fraud. Can you tell us more about that and any other applications you see?
DS: If you presume that every single citizen has its own identity with this TangleID protocol, they are tied together on the distributed ledger which is, of course, immutable. You have that data integrity ensured. Then you can issue a vote and there’s no way for anyone to hack in and alter that vote in a database and change it to something else. That is the strength of the distributed ledger when it comes to election infrastructure.
This is what I’m envisioning, and it depends a lot on what the city of Taipei is thinking as well. They have to consider how active their voting will be if their citizens vote on different issues.
The beauty is the fact that IOTA doesn’t have any fees or transactions and it doesn’t have a scalability limitation, which means you can have millions of people vote very easily. Imagine a scenario in the future where a city has smart infrastructure and people can vote on things as broad as how traffic should be operating today. It could be a seamless process that seems like a futuristic idea right now but could be a reality in as short as three years.
BG: Identity of things is a major frontier of blockchain and distributed ledger technology. What challenges have you faced as you’ve tried to implement IDoT on IOTA?
DS: We have been tinkering around with identity on the blockchain and identity on distributed ledgers since 2014. We’ve made different prototypes and proof of concepts since then.
In 2015, identity on the blockchain became the hottest topic. Everyone was trying to do it, but no one succeeded. There were several different initiatives, like uPort. We then co-founded together with a lot of big companies to create the Decentralized Identity Foundation which was another effort to create a decentralized identity, but they don’t seem to be taking the IoT aspect seriously, in my opinion. Everyone is still struggling with the human aspect which is very important, of course.
If you think about the realm, there are more connected devices then there are connected people. These devices will make their own decisions and have their own unique attributes.
Things like lifetime expectancy, how much computational power they have and if it can let others use that power when it’s not using it. How much storage does it have, how much bandwidth does it require? All of these things are necessary and that requires an identity protocol.
It’s also about security because nothing is scarier than the thought of the internet of things not being properly secured. A hacker would be able to mess with traffic and cause accidents, taint the water supply, and many other scary scenarios. This is another instance that we need an identity protocol so that we can index the devices and we can quarantine devices that are not acting according to their natural properties. I see identity of things as the most important thing for IoT to work but also for it to be secure.
BG: The partnership with Taipei City isn’t your first project in Taipei. Tell us more about the Airbox project and the lessons you’re learning as you integrate IOTA into the real world.
DS: It all goes back to the fact that IOTA doesn’t have transaction fees. You can use it as a data transmission protocol to get the data integrity for free and it speeds up and strengthens the security of the network.
When it comes to cities, one of the main obstacles today is pollution. In large cities, pollution kills more people than cigarettes. That gives you the scope of how large the problem is. Having sensors that would pick up a wide range of different pollutants is a good way to keep track of a city’s pollution level.
If you used a regular database, it’s possible that a hacker could get in and tamper with the data. With IOTA, you couldn’t do that. As soon as the data is put on the ledger, it’s permanent. You can’t delete it, you can’t alter it. There’s no way for anyone to exploit it or lie about it.
What we’re learning is that this data that is being collected can also be sold. You might be aware of the IOTA data marketplace project that we have. You can learn so much from each deployment and then you can take that data and sell it to other cities, so they can replicate what you’ve done and save a lot of time in their progression of the same project.
BG: McKinsey estimates that 99% of data is going unused. How does IOTA’s data marketplace solve the challenge of democratizing access to data while still monetizing that data?
DS: The data marketplace has been an idea that we’ve had since 2014. Back then, we were still using regular blockchains, so it was impossible to do because of transaction fees and limitations. In 2015, we started talking with different corporates about this idea. The idea itself wasn’t that novel as there’s been a lot of people contemplating data marketplaces for some time. We were the first to actually use a distributed ledger to do it with major participants.
The entire idea is that today, all of these different corporations and municipalities are sitting on more data than we have comprehension for and it’s not being acted upon. It might be acted upon once or twice by an individual, but then it’s forgotten even though it’s still a very valuable resource. That’s the unique thing about data. It’s an infinitely usable resource. It’s unlike any other resource that is used and then degrades in value.
The problem is that these entities know the data they are sitting on is valuable, but they have no way of trading it, especially in real time. If they were to trade it in real time, they would end up with transaction fee issues again. You also need a distributed ledger to secure the data because otherwise, you’d have no idea if the data you’ve received has been changed in the transfer from the origin to the destination.
Those are two things that the IOTA protocol resolves. Being that there are no transaction fees, we can enable an individual to buy sensor data for a fraction of a penny per byte of data in real time in what is known as a payment stream. We believe this is the key to unlock these “data silos” and have all of that unused data flow into what is called a “data lake” where all the data is compiled into a shared pool that everyone can access.
We’re seeing a lot of interest from different participants that we’re doing this with. We are going to announce more later on because we’re being approached every day by different corporates who get the idea of accessing and sharing monetized data and want to be part of exploring it further.
I had a quote, “Data wants to be free, but not for free.” The thinking behind that is that data has an innate nature that it wants to spread. We’ve seen this all throughout history with people writing down their knowledge and sharing it, while others copy it down and spread it themselves. Of course, data also synergizes with other data and you find correlations and you can extra further information from that.
Even though it wants to spread, it doesn’t necessarily want to spread for free. You still need to pay for the hardware to get the data, like the sensors that monitor pollution. Someone has to create them and deploy them and operate them which all cost money. Therefore, these companies are not willing to let the data flow for free. That’s what the IOTA protocol resolves by enabling them to sell data from each individual sensor in real time at a very granular level.
When we use big data today, we’re taking a huge amount of data, in this case, a month’s worth of data. We put it through different machine learning algorithms that analyze it and output the information to be applied as knowledge. In that scenario, you have to wait a whole month in order to get that data set before you can start working on it.
What IOTA does uniquely is since we don’t have the scalability limitation or transaction fees, we can enable real-time information streams. You don’t need to wait for a certain amount of time to pass to collect your data and calculate the payment owed. It’s just a pure stream of data and a pure stream of payment for that data. That is the vision that sparked the marketplace and we’re seeing a lot of interest from those already participating and new entities as well.
BG: In the era of user data and smart devices, user privacy is a big concern as companies learn more personal information about us. The European Union recently released a General Data Protection Regulation governing the way companies can hold data as well. How does IOTA approach privacy?
DS: When it comes to data privacy, it goes back to what I said in the beginning. If IoT’s not secured, then we have a mess on our hands with all they have access to. You do not want the scenario where some hacker can change the settings on your medical devices. In the worst-case scenario, a situation like that can end up with fatalities.
At the same time, you have to keep in mind that the data needs to be private. You don’t want the data to flow completely freely. The cost you pay to access that data keeps it selectively private. You have to agree to pay for the data and the people that have the data have to agree to sell it to you.
Our philosophy is when it comes to personal or corporate data, access management becomes key. We have this module on top of IOTA which is called masked authenticated messaging. You can think of it like a radio that has to have the right frequency. Even though there are constant radio waves being carried throughout the world, you have to have the right frequency in order to listen in. You need the exact private key in order to get access to the data stream. We want to give users complete control over their own data.
We have a workgroup, currently name pending, where this is one of our biggest focuses.
In terms of privacy, healthcare and medical data would be one of the places you don’t want everyone to have access to. We have spent a lot of time on this topic with collaborators around the world, including official medical and research entities. We’re actively working on how to combine the identity problem, the access management problem, and then finally, the monetization issue.
If I have wearables and I want to sell this data, I should be able to as a lot of this data is valuable. If you have a million people in a medical situation and you have the data from them, that can lead to new revelations in how diseases develop. The data is valuable, but it is pivotal that people have control over it.
That’s what the GDPR (the new European Union regulations) is all about. There are a lot of consequences with enforcing personal owned data. You have the ability to decide to delete your data which could run into future issues with insurance claims that depend on past data.
There are still a lot of issues to solve and that is why IOTA Foundation is taking a proactive stance. We want to be part of the discussion and assisting as well as we can from a technological point of view, but also from a leadership point of view. We don’t want to just be passive, we want to be out there in the real world.
BG: You’ve mentioned in the past that IOTA would like to be involved in the conversation of making new regulations. What types of privacy regulations would you like to see?
DS: At IOTA, we welcome regulation in the sense that we believe this space is currently completely out of control. We welcome the regulation, but policymakers don’t know enough about distributed ledger technology to make the regulations. That’s why it’s so important for IOTA to position ourselves where our voice is being heard and we have influence over the policymakers so that the regulation fits with the technology and what it’s possible to do with it.
When it comes to data privacy in general, I’m a bit ambivalent. On one side, you want to protect private data at all costs. You want as much privacy to exist as possible. On the other hand, there is so much value in sharing this data.
My perspective is that I want it to be that I can sell my own data, that I can decide to open my own data. For the average person thinking about someone else knowing their search history, they would be extremely upset, yet they’ll just go back to searching. Giving the choice to someone to release their own data voluntarily is a bare minimum requirement.
I also want people to contemplate the fact that most likely, your data isn’t that interesting, but it could be very valuable when aggregated with other data. There will be patterns that could lead to new medicines or treatments, or even new ways of saving money. You could learn so much about humanity as a whole.
The way to regulate it is to not be too strict but to be very strict on those that have a monopoly on data today, like Google and other online conglomerates. They would have to give the data back to their customers and choose to buy it from them directly if the customer opts in. You could make the argument that Facebook is doing that when you sign up. If you read the terms and conditions, it says in there that you give away the rights to all of the data that you generate from your account. I would much rather have a scenario where I am paying a tiny fee per minute of Facebook use, but keep my own data and have it available to sell back to them if I want to. People just opt in, they don’t think about what happens on the websites they use.
We’ve seen this in the American election, we’ve seen it with Brexit. Ad revenue controls the website and the ads people see come from algorithms of their data. If I’m a Bernie Sanders supporter, I will see Bernie Sanders material. The rest will be filtered out.
That is one of the problems with the way data is being handled today. It’s controlled by one entity that just wants as much money as possible. I do believe that if we gave data back to the individual, it would help change the landscape which is absolutely imperative in an age where most people get their news and information from Facebook rather from any fact-checking sources.
In terms of regulations, I would love to see more regulations on the validity of data. Today, I can post whatever I want online without having to link you to my sources. GDPR is a bit different, but the next phase is more about having to prove what you’re saying by backing it up with factual data instead of creating an echo chamber for yourself.
BG: In the past, IOTA has mentioned partnerships to develop IoT hardware that’s compatible with trinary. Has that development shown progress? More broadly, do you expect most IoT devices in the future will implement trinary?
DS: People get confused about the dependency on trinary. IoT devices that don’t have trinary can still use IOTA. We’ve demonstrated this with the ARM processors, those that you find in Raspberry PI’s and most of your IoT devices today. They have no issues with IOTA.
The reason trinary is used is that it’s the most efficient way to handling hashing. For battery-powered devices, out in the field, efficiency is paramount. This component will be completely open for everyone to use and you can implement it in FBGAs or create your own ASIC with it.
I don’t think trinary will take over from binary in IoT in general. I think there will always be binary systems out there because they’re the prevalent force today. When it comes to extreme energy scares or deficient devices that require optimum energy consumption, then I do believe trinary will take over as well as for certain use cases like machine learning where ternary weights are more efficient than binary weights. It’s not like we want to change computation forever, that’s the not the goal. It’s very use-case and domain specific.
The component that confuses everyone is the trinary component is something that you can include on a binary chip. The rest of the chip can be a regular ARM Cortex processor and you just add a tiny component that you can’t even see with the human eye. It doesn’t add any costs to the process of creating the chip. The idea is simply that when these devices start to accommodate for the software of distributed ledgers, then you can see the reality where each device can do thousands of transactions a second on the ledger itself.
The trinary and binary debate is actually a red herring. If you were to do the same thing with binary, you would still need to create a new component that was dedicated to hashing binary. We’re not proposing anything new, we’re just stating that the hardware should take the distributed ledger into account. It doesn’t matter if it’s binary or trinary, you can use any radix you want.
At the end of the day, we’re pushing just to accept that the distributed ledgers provide services like data integrity and payments, and to make an application specific integrated circuit on the processor that takes care of that specific part. It would help the IoT devices out on the field from consuming a lot of energy. Hardware always adapts to software. We see it in our cell phones and user interfaces as they get more sophisticated, the system underneath has to get more sophisticated. It has to accommodate the growth with integrated GPU and all of the processes that are necessary. That has always been the case, so it should not be a surprise to anyone that hardware evolves in conjunction with software.
BG: What are your priorities for IOTA in 2018?
DS: In 2018, we have two primary goals.
The first is to get the IOTA Foundation, which is a non-profit in Germany, completely structured. When you go from a small operation to a big operation, we have over 60 people on board. We need more structure and more procedures. We need more tools to bring everyone to the same page, to be more efficient and to maximize their capabilities.
That is a strong focus because we plan to hire an additional 50-100 people over the next year. That means that we’re a large organization and we deal with most of our staff remotely. We want the best people in the world, meaning that we have to accept that the best person to create a compiler lives in Alaska and the best person for the integrated circuit lives in Taiwan.
We need to be able to have those people collaborate even when they’re not here. The structure around the foundation also includes legal, compliance, accounting, the boring processes that need to be taken care of. We’re already building on that to create the first mature foundation in the distributed ledger space. It’s more like LINUX than it is a crypto project.
The second thing would be the technology itself. To evolve it from the stage that it is now to a production and standardization ready protocol that is being used globally. That is why we’re doing these projects with well-known corporations and municipalities to drive that motion and push our developers and our own ideas further. When you are dealing with the real world, the requirements come with it. You can’t just use an experimental, bare-bones prototype. You have to deliver on these real, large-scale systems. That puts good pressure and motivation on the team.
I can also mention the three graphical user-interface (GUI) wallets that are coming that are very simple to use and are modern and elegant.
We are also in contact with all of the large exchanges and are developing a module on top of IOTA which is called “Hub” which takes care of all the input/output management for the exchanges. The biggest obstacle for IOTA to list on an exchange is simply the fact that it is so unique that it requires the developers of the exchanges to implement it manually. We’re working on that so that you can use the exchanges in a “plug-and-play” fashion.
The final thing I’ll say, in 2018, is ecosystem development. At the end of the day, it doesn’t matter how fantastic the foundation, or the technology is, you need the developers and the ecosystem. This is open-source, you need to win those people over. The people that really push it.
We have this ecosystem fund that’s worth tens of millions of dollars for everyone to propose a project and get a grant. We are doing everything we can to make it as easy as possible for developers to enter the ecosystem. At the end of the day, that’s why LINUX is popular. They managed to win over the development community back in the day. That gave rise to everything from Android to backends of exchanges, etc.
BG: What’s the average day like working at IOTA? And what do you do when you’re not working? Just trying to get a sense for the people behind IOTA, and what their lives are like.
DS: As a founder, I wake up in the morning and check my phone to go through all the emails and Slack channels if there are any pressing communications. I take a shower while still glued to my phone. Then the day really begins as I go through the office and start working on the most immediate tasks, which are usually more emails to make sure we’re not missing any communications from outside sources. They’re management-type processes. As I said before, we have a very distributed team, so most of our communication with the team happens through Slack and video chats.
In terms of the day of a core developer, their day is similar in that they get up in the morning and are instantly working on their mobile devices. At this current stage, we’re still in the phase of growing and getting the processes in place. Everyone is working at a 200% level. Most people tend to start early in the morning and work through the night. It’s a regular day for core developers in IOTA.
There’s also a lot of traveling which is a hassle as well. You have to organize the travel which is a tiring process.
It’s fun to work on IOTA because we’re seeing the progress and that’s what makes it fun. The actual day to day steps are very laborious in the sense that it’s a lot of stress and things to do. You always feel like you have this huge backlog when in reality, you actually do. It’s not just a feeling. That’s why we’re hiring so many new people.
It’s fun though, and we have a very good atmosphere within the IOTA Foundation. Everyone is friends and there are no internal politics or drama like you see in a lot of these other crypto projects. I would say it’s a fun place but it’s also a very demanding place in the sense that we have a lot to do and we always feel like we don’t have a lot of time to do it. We always want to be at the bleeding edge.
As for what I do for fun, I think in the last three years, I haven’t had a single day off. If my nieces are visiting, then, of course, I’ll make time for them. We built some snowmen together earlier this winter. That is fun, but I don’t have a routine or hobby. The only hobby I have is listening to music while I’m working. That’s probably the closest I come to a hobby.
I do exercise; I’ve picked up that again. I’ve had to just for my own mental sanity. I used to exercise a lot before, but because of the job, it took away all my time. That really takes a toll on your brain. You get fatigued a lot easier and lose your mental clarity. I wouldn’t call exercise fun, but it’s something recreational at least. I used to a lot of strength exercise before, but I realized that’s pointless because it decreases your efficiency. Every time you move your muscle, it’s more explosive so it uses a lot more energy. I currently lift weights, but I do more cardio and high-intensity workouts.
BG: Any upcoming releases or partnerships you want to tease? Anything about “Q,” perhaps? I know the community would be interested…
DS: In IOTA, we don’t like to tease too much. We’ve teased with “Q” because it’s a fun, internal thing in the community. What I can say is that there is a lot coming up in terms of partnerships, in terms of alliances, in terms of new modules, and of course, the exchanges that people are waiting for and the GUI wallets. All of this is coming and a lot of it will start quite soon, but I can’t go into any specifics.
BG: I want to be respectful of your time, so I’ll wrap up here. Anything else you’d like to tell our readers?
DS: I welcome everyone to test out IOTA for themselves. There’s been a lot of misinformation being spread about IOTA, so everyone that is interested in technology or crypto, in general, should test it themselves. Join the community and see how helpful and friendly the people are. If you’re having problems, there will always be someone there to help you. Just join the community and you’ll have some fun and learn a lot of new things. There are also tens of millions of dollars waiting for you if you’re interested in creating a project. That’s the message I want to bring to people. Get involved.
A big thanks to David for sitting down with us and giving such a detailed interview!
Over the coming year, look to see more IOTA projects deployed in the real world at scale. As David mentioned, this will stress test IOTA as a platform and put new types of pressure on the IOTA team. It’s an exciting time to follow along with IOTA’s journey.