Personagraph Privacy White paper


Published on

With millions of consumers flocking to iOS, Android®, and Windows® devices, the mobile phone revolution has officially given way to the smartphone revolution. This revolution has created an unprecedented opportunity for marketers to harness the true potential of the mobile platform. The Personagraph platform provides marketers a way to engage with consumers based on consumer behavior graphs without the need for consumers to reveal their personal information.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Personagraph Privacy White paper

  1. 1. © 2013 Personagraph Corporation. All rights reserved. 1an Intertrust CompanyPrivacy at a CrossroadsPhone: 1-800-393-2272 / Inquiries:
  2. 2. © 2013 Personagraph Corporation. All rights reserved. 2Privacy at a Crossroads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2The Problem: Technology outpaces social norms on privacy . . . . . . . . . . . . . 2A Surprising Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2The Personagraph™ Personal Agent: A trusted intermediary . . . . . . . . . . . . . 2A trusted intermediary who secures personal privacy . . . . . . . . . . . . . . . . . . .3Curating the Personagraph: the subtleties of privacy . . . . . . . . . . . . . . . . . . . 3The PA is discrete, careful, and obedient . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4The PA is the key to efficient consumer commerce on the web . . . . . . . . . . 4Combining the efficiency of the Internet with Privacy . . . . . . . . . . . . . . . . . . . 4Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4ContentsWith Mobile Computing and the “Internet of Things” becoming a reality, we areentering a new phase of hyper connectivity as our consumer devices and homeappliances constantly track activities, locations, and events in our physical anddigital lives. In this paper, we examine issues related to privacy and control of theincreasingly detailed intimate information that marketers collect. Specifically, weconsider the question of whether we need to sacrifice our privacy and give upcontrol of our digital identity to others in order to take full advantage of all theservices the Internet has to offer. We introduce Personagraph™, a new personalprivacy platform that protects our personal information while letting us benefitfrom intelligent devices and associated Internet services, putting us in control ofthe content, accuracy, and distribution of that information. We discuss how thistechnology can enhance these services and make personal information even moreuseful without needing to share that personal information with anyone.Abstract
  3. 3. © 2013 Personagraph Corporation. All rights reserved. 3The age where ubiquitous “smart” objects automatically capture personalinformation is upon us. Devices that we carry or wear on our bodies such as mobilephones, book readers, and exercise monitors, appliances in our homes such asthermostats, bathroom scales, refrigerators, and light bulbs, and the vehicles wedrive will contain sensors that collect information about our environment and us.Moreover, this is often without our knowledge. Already, many of us interact withdozens of networked sensors every day, and soon we will be constantly envelopedby thousands of them. Typically, these sensors are directly or indirectly connectedto the Public Internet. Intelligent services then dynamically react to events in ourdaily lives and influence us and others in social and environmental contexts, Aswe enter this new phase of Internet hyper connectivity and these devices invadeour physical and digital spaces, tracking our daily activities, locations, and evenour moods, a permanent database of highly detailed digital footprints is built abouteach of us. This can often be helpful, but it can also be disturbing, and at timespotentially harmful and unfairly discriminatory. This information is becoming part ofour digital identity, and that digital identity is converging with our physical identityand becoming even more important.In this paper, we focus on three questions: 1. Who controls the flow of information from our personal devices to the public Internet? 2. How can technology be used to put individual people back into control and reverse the current trend of privacy destruction? 3. How can all stakeholders (individual people, marketers, service providers, and content providers) benefit from a new approach to personal information protection?In the physical world, societies across diverse cultures have evolved sophisticatedpractices over time to protect their privacy. Protective structures and traditions aremissing in the digital world where technology is moving faster than social practices.Privacy is being declared dead1without giving much thought to the far-reachingimplications of a world where individuals have no control over how others viewthem and treat them. Marketers have confused people’s desire to take advantage ofsocial connectivity through the Internet with a desire to expose every aspect of theirbeing to the world. We posit that consumers do appreciate privacy and it is not toolate to erect a secured identity that protects a consumer’s privacy allowing him/herto take advantage of innovative services.Introduction
  4. 4. © 2013 Personagraph Corporation. All rights reserved. 4Technology outpaces social norms on privacyAs we traverse the web and carry on our business, we appreciate it wheninformation is presented to us in a personalized and uncluttered way. It is alsovaluable when that information intelligently anticipates our needs and is presentedat the right time, in the right place, and in the right context for us to act on, Whatis not constructive is when the information collected on us is completely outsideour control where we don’t know who is tracking us, what information they havecollected, what they are doing with it, and how they are packaging, archiving, andreproducing it. When we give up our privacy, we give up our control over how othersuse that information to influence us and to influence others’ perception of us.For some time now, “trackers” have been silently collecting information aboutus through our web browsing. This has happened outside our control. Thesetrackers brag that they know more about each of us than anyone, including ourmothers.2Things are about to get much worse as more web activity moves tomobile applications and more everyday objects and services we use, becomeconnected to the web. When these smart objects and applications get the capacityto permanently remember almost everything about us, and relate what other peopleand institutions believe about us, our loss of privacy has greater consequencesthan ever. Moreover, those consequences are more profound than imagined bythose who say we should just get over it.1The eagerness to destroy traditions thatneed to be strengthened is not necessarily motivated by a conscious movementto get rid of privacy or to change our culture. Instead, it is motivated by a desire toprovide us with personalized products and services we may find helpful, but mostlyto aggressively sell us stuff. However, we are being presented with a false choice:Privacy versus a richer, more useful Internet.The ProblemLeading technology CEOs have made public statements that in order to takeadvantage of new technologies that offer free information, services, and instantgratification, we have to give up our privacy. But, suppose we do not provideour information to anyone and we completely disable third-party tracking, wouldwe then have to necessarily forego the advantages of web-based technology?The answer is: No! In fact, we have found ways whereby individuals can extractsubstantial value from their personal information without sharing any of that infowith anyone. It is not necessary for individuals to reveal their intimate informationfor retailers, content and service providers to effectively use private personalinformation to ensure relevant and personalized information about their productsand services.Another surprising finding is that we can construct a much more efficient systemfor personal recommendations, personal merchandising, and targeted advertisingwhen we keep personal information safe, protected, and governed by the individualconsumers whose personal information it is. This innovation in efficiency is a resultof arranging the flow of information and controlling it in a manner similar to howthe Internet itself works, as we explain below. This understanding is applied to thetrusted intermediary technology that Personagraph Corporation has developed.A SurprisingDiscovery1. Readwrite, Facebook’s Zuckerberg says the Age of Privacy is over, January 9, 20102. WSJ series, “What They Know”
  5. 5. © 2013 Personagraph Corporation. All rights reserved. 5A trusted intermediaryThe Personagraph™ Personal Agent (PA) is a distributed software componentthat works for an individual consumer and is controlled by her. It is a distributedcomponent because it consists of software that runs on various devices that aconsumer owns and on secure Personagraph servers. The PA system architectureallows it to be associated with an email address or with a non-personally identifiablepseudonym.The PA collects digital footprints but does not share them with anyone. The PAconnects with the Personagraph™ Platform to match attributes derived from thefootprint to find relevant content, advertisements, and merchandise withoutrevealing any information to third parties. The following section explains thesubtleties of personal privacy and demonstrates how the PA functions as a trustedintermediary.A trusted intermediary who secures personal privacyA trusted intermediary is an agent that stakeholders rely upon to perform certainactions that benefit them. A Personagraph PA has three classes of stakeholders:1. The individual consumer whose information the PA protects2. Marketers who want to inform consumers about their products and services3. Content providers who provide content that is paid for by advertisersA PA computes a sophisticated personal profile of a consumer’s interests anddemographics. A consumer can choose to curate and/or enhance his/her personalprofile. The PA matches ads, merchandise, and content based on a consumer’sinterests as reflected in his/her Personagraph.Example: A PA can run a real-time auction for ad slots in a TV program based onwhether the content providers wants to increase engagement, revenue or both.The Personagraph platform satisfies all stakeholders’ requirements as follows:• Protects consumer information and any attributes derived from it• Never reveals consumer information to any other stakeholder• Represents a consumer’s preferences and provides an interface to curate interest inferencesAdvertisers, merchandisers, and other recommenders can trust the Personal Agentto do the following:• Match their objective to inferences based on a consumer’s profile• Leverage a partner’s monetization goals in relevant contexts (auctions, ad relevance, deals, personalized content, etc.)ThePersonagraph™Personal Agent
  6. 6. © 2013 Personagraph Corporation. All rights reserved. 6The Personagraph platform presents aggregated consumer context and inferencesto partners to measure engagement and interaction. The PA anonymizes aconsumer’s information and eliminates any personally identifiable information, whichmight tie an individual’s interaction to his/her identity. For example, a consumer maychoose to watch a free movie from a service provider in exchange for viewing highlytargeted video ads filled by leveraging his/her Personagraph profile. The contentprovider generates revenue by leveraging their revenue sharing relationship withthe advertiser. In addition, the micro transaction might even generate a revenueslice for the consumer, device manufacturer, as well as the movie distributor. The PAis the intermediary that the actors trust to manage this transaction.Curating the Personagraph: the subtleties of privacyProtecting consumer privacy is the core function of the PA. This includes giving aconsumer the ability to control who leverages what personal information, and howit is used. The PA uses user information to infer interests and demographics, whichcan be leveraged by advertisers to target consumers. However, consumers mightnot want all their information to be used as fair game for targeted advertising. Forexample, if a consumer is an active stock investor and does not want any marketertargeting her with investment-related opportunities, she can choose to mark theinvestment interest as an interest she is not willing to share with partners.This ability to curate the Personagraph is crucial to the promise of privacy. The PAprovides an easy-to-use interface to curate (add, edit, delete, confirm) inferences.Partners can choose to leverage interests a consumer declares, or interests that areinferred. For example: A consumer might have declared an interest to hike on theweekends, but the personal agent might have not seen any corroborating events toconfirm that interest, an outdoors specialty merchandiser could choose to ignore theconsumer declared interest in favor of targeting people whose PA has inferred thatthe individual likes hiking.The PA is discrete, careful, and obedientGiven permission, a consumer’s PA collects information across location, in-appusage, clicks, and transaction from their device. Over time and with the rightpermission, the PA builds a rich profile resembling a person’s real and digital life.The PA manages personal privacy by:• Discarding information not required for making additional inferences (i.e., historical location)• Does not retain information or inferences about which a person may feel uncomfortable for any reason (a person can delete their profile)• Stores all information in highly secure but personally controlled environments• Does not send a person’s information to othersOn request, the PA will delete a consumer’s Personagraph: raw information andevery inference derived from it. A consumer can create a new profile from scratch,and the PA will not leverage any information it learnt from a prior profile. The PAacts as a discrete agent on behalf of its consumer. It anonymously searches forinformation for the consumer, without revealing whose behalf it is doing so.
  7. 7. © 2013 Personagraph Corporation. All rights reserved. 7In order to ensure that consumer information is not accidentally shared or divulgedas a result of malicious attacks on the Personagraph infrastructure, we employ datasecurity methods and processes that meet the highest commercial standards andare reviewed by highly experienced security experts. Additionally, Personagraph’ssystems are periodically audited to ensure compliance with privacy and securitypolicies. Personagraph’s privacy policies are also available at for consumers and privacy experts to examine.The PA is the key to efficient consumer commerce on the webEven with sophisticated tools that organizations use to track consumer activitiesin web browsers, advertising on the web is much less efficient than it could be.Today, there is a little personalization as trackers collect consumer clicks on PCbrowsers; however, there is a lot of intrusion with relatively little benefit. Therecommendations that sites offer are endless reminders of products that consumersshopped for, and either already purchased elsewhere, or decided not to buy. Inaddition, consumers use multiple devices to browse and shop, a growing numberof which are mobile devices that don’t allow cookies. In contrast, a consumer’s PAis available on all his/her devices and constantly looks for items of interest to thatindividual. It understands how and when to alert the consumer, and how to presentthe information in the proper context on their current device. In contrast trackersextract personal information, control its use, and give consumers no access to thatinformation. It is time for a whole new approach that helps out everyone: consumers,advertisers, service providers, and content providers.Personagraph’s PA approach is more efficient because it works well with othertechnologies that make the web more efficient. The PA can be used by servicesand applications to find advertising that is most appropriate to a consumer intheir current context (time, place, device, and content or activity being used).Efficiency is derived from this arrangement of millions of PAs, each operating frommultiple devices, independently providing personalized services. PAs can cachepersonalized and contextualized ads for use on many devices, not just the devicewhere a cookie is stored.Another aspect of the efficiency of this system is the diversity and decentralizationof methods for determining relevance and for personalizing ads andrecommendations. Personagraph publishes SDKs and APIs on its website to fosterbuilding of a platform which allows third parties to plug in their recommendationand matching methodologies to rank a consumer preferences in the PA. Thesealgorithms can be used for auctions as well as for non-competitive relevanceranking, and effectively makes each PA learn and become smarter over time.Personagraph further enables a partner to publish and refer to standardizedtaxonomies for interests and personal attributes along with ontologies for productsand services. In this way, consumers and partners can make each PA smarter.
  8. 8. © 2013 Personagraph Corporation. All rights reserved. 8Combining the efficiency of the Internet with PrivacyThe Internet is efficient because its architecture allows optimal allocation ofcommunication bandwidth and computational resources. Information can be pulled,selectively pushed, and broadcast. On the Internet, information sinks can selectivelypull from information sources, and the architecture supports means for identifyingspecific sources, narrowing the communication bandwidth needed: information ispre-filtered at the source but the filter control is at the destination. Personagraph’sarchitecture provides support for resource and information identification andoptimally points a consumer’s attention towards relevant information usinginformation discrimination and bidding techniques. A satisfied consumer is one whois notified by accurate information when it is relevant and contextual.Personagraph’s rich knowledge and interest graphs, and its massively distributed,intelligent methods for inferring contextually relevant information in a personallyprotected and controlled manner can provide people with exceptionallypersonalized and timely services. These innovations are not yet widely deployedyet, but given their potential, they have a good chance to replace the current,less efficient methods that violate consumers’ rights to privacy control over theirinformation.The excuse that the Internet cannot support privacy if it is going to efficientlysupport commercial consumer activity is not valid. We are at a crossroads wherewe can begin to introduce protocols and protective structures for consumer activitythat are much more efficient even as they protect privacy. We believe that now isthe time to make the change, as we hook up a vast, all-encompassing network ofhuman activity sensors to the Internet. The social implications are clear. The humanrace can either evolve into a predominantly passive network of human-nodes withinterfaces that react to stimuli controlled by powerful special interests, or we canarrange for individuals to maintain real control over their digital identities and allowthem to actively protect the images projected by their online presence.Conclusion