Davi Ottenheimer

Tell us about your journey to your present role at Inrupt. How did you first become interested in digital ethics work?

My interest in digital ethics goes back to at least sometime in the early 1980s. The 414s seemed to me a foreshadowing of where the world was headed, at least in terms of society defining shades of lawful and unlawful data access. Their story felt very normal, not at all exceptional, because at that time it was similar to what I was experiencing in school and it was on the cover of big publications like Newsweek.

My family also exposed me very early to authorization concepts in both digital and analog tech. I basically grew up seeing computers as a natural nextstep like a tractor replacing the ox; no one really would want to be without one. That gave me a fluid understanding of ethics across a wide technology spectrum. For example as a child in very ruralKansas we had only a shared “party line” for telephone; my parents would of course tell me it was wrong to listen to our neighbors' calls. I was fascinated by it all and by the time I was in college studying philosophy I was running my own copper from taps on building wires to connect dorm rooms, shifting underutilized resources to community service by taking over computer labs and all kinds of typical mischief. At the same time I was playfully exploring, I also ended up helping investigate or clean up some clever abuses of the lines by others (e.g. toll fraud, illegal reselling).

More to the point, in college I always tried to turn in digital versions of assignments including a hypercard stack(precursor to websites) on ethics of linguistic regulation of Internet hate speech. That felt more exceptional, substantially entering digital ethics, because my teachers sometimes bristled at being handed a floppy instead of the usual paper. I was deep in a world at this time many professors had access to yet had barely seen. I still figured at that point since I could dive into it anyone could and soon would. It was around 1990 that I excitedly showed a political science professor a 30 second video clip that I had spent 12 hours downloading and reconstituting. I had been studying information warfare and told him dissemination and manipulation was entering a whole new domain with Internet video... he told me “just do your damn homework” (some typical assignment on Middle East peace options) and walked away shaking his head. I felt at that moment I wasn’t giving up or going back, digital ethics had become my thing.

After college I applied to do political research at LSE and they countered with an offer in the history course. I accepted and explored far more historic cases of ethics in intervention (information warfare by Orde Wingate, and power dynamics in taking over large scale systems while not really owning them -- 1940 British invasion of Ethiopia). My history advisor was truly amazing. He encouraged me to go professional with technology work and even told me it wouldn’t be a bad idea to pursue as a career.

It was great advice and I went straight into working for a DEC reseller in California pushing decentralization with PCsand TCP/IP. Getting paid to take hardware and software completely apart to fix it was like heaven for me. From those first phases of interest we can fast forward through twenty-five years of hands-on security within many industries around the world of all sizes and shapes. My journey has always been about convincing people from field to board-level that unsafe technology alters power dynamics, and that we protect liberties by bringing safety principles into engineering as well as policy.

A few years ago a very small database company reached out for help fixing their widely publicized product security flaws.Literally millions of people were being harmed, and they told me they weren’t finding people willing or able to help. I Agreed to jump into it on the condition they let me drive end-to-end encryption at the field-level into their product as a feature, while I also cleaned up management practices. It was after we released that end-to-end field-level encryption feature, and after I guided them through IPO and massive growth to a much safer and more proper course including external oversight, that Bruce Schneier strongly suggested I consider the new Inrupt mission to bring Solid to life.

I was thrilled to be given the opportunity to join such an important and challenging role.

Inrupt is advancing the development of Solid, an open source platform designed to remake the web. What’s wrong with the web that we have today?

Solid presents a powerful yet very simple concept to remake the web: your data lives in a pod controlled by you. Any data generated by you or your things (e.g. watch, TV, car, computer, phone, thermometer, thermostat) goes to your pod. You then control access at a meaningful level, where consent has real power. I call it the need for an off button and a reset button for big data. Don’t want your data used anymore by who knows who? You have that choice. Want to be the authoritative source of data about you? Also your choice. If your doctor wants to look at your fitness tracker data, you grant that. When a family wants to share moments in photos, they grant that. Want your machines to talk with each other, not the manufacturer, and only at certain times? Up to you, through your pod controls.

We expect this to evolve with completely distributed models, although sounding idealistic, because they are necessary and thus not out of the question. At the same time, efficiencies of scale and basic economics tell us many people will have pod service providers instead of going with homegrown or localized varieties. As a long-time self-repair and build-your-own-kernel linux advocate I see no conflict innovating towards both off-grid piece-meal installations, as well as abstract and monolithic cloud services. You win because you have a lot more flexibility in a world where you seamlessly can flow between different worlds of control that suit you. 

Sir Tim Berners-Lee calls the Solid project of decentralization being pro-human, as opposed to what he calls the current anti-human web platforms. For me perhaps the best way to explain the current problem with the web might be aggressive centralization, which historians used to say about the neo-absolutist surveillance state of 1850s Austria. I find it useful to reference history events to explain socio-economics that we see today with Google.

The web was invented to bring freedom, to end our digital selves being locked away, yet it has led to state sanctioned collection methods with vastly expanded proprietary control over almost our entire lives.

How did these problems with the web come about?

That’s a great question. There has been massive pressure for data centralization from so many camps that have failed, it's almost a wonder at all that some succeeded in cornering the web. I’d like to think the problems are the exception (e.g. like nationalization of the telephone under President Woodrow Wilson, or invasive inspection and destruction of U.S. mail under President Andrew Jackson) and we’re course-correcting to get back on track.

Cable television and AOL dial-up services both, believe it or not, were considered threats at some point to the success of decentralized web. Microsoft too, although it obviously found itself in US government regulatory trouble when it aggressively tried to center the web around its browser and operating system. Some might point to RFC2109 but I find socio-economics to be more important than this technical specification that helped build statefulness. Perhaps the real turning point that set back decentralization came soon after the web was being panned as just a fad that would never rebound after the dot-com disaster. We witnessed in a time of crisis the giant transfer from small businesses to conglomerates, which might feel familiar to economists looking at today’s pandemic.

The optimism of the hugely diverse commercialization efforts by startups, which in a large part led to the crash, generated a kind of popular herd momentum that was picked up by the few dominant remaining technology firms. They In fact roared out of the dot-com crash with far more influence, far more human connectivity, and the market awarded a kind of fast monopolistic growth as it escaped financial downturn. The web’s standardization and ease of use, once transformation to it was popular, made it a perfect vehicle for massive-scale growth.

The next market crash, from the mortgage crisis, then served as another accelerator on the trend for centralization coupled with more powerful devices becoming less expensive and default connected to the standards-based web. The Technology sector became seen as a stable financial engine and attracted business innovators who believed user generated content had the best potential value and they set out to build systems that flipped the web on its head; would keep users connected by making it difficult to exit.

What’s notable about this history is the financial conditions and technological shifts that may never again materialize in quite the same way. That’s why I see dangerous centralization as a form of regression, an error that requires applied humanitarian correction. It’s like firing a Chief Information Security Officer who steals, or countering the rise of extremist anti-science cults that typically form in response to recent scientific breakthroughs. I don’t believe in an inherent centralization need, or natural monopoly, in this context. In fact I see the opposite. Had there not been the stress effects that led to over-centralization as a form of wealth preservation (arguably an incorrect response fueled by other unfortunate market conditions) the web could have continued to evolve in the more naturally pro-human model.

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.