It doesn’t matter if you read this article on your cell phone or computer. It doesn’t matter if you use an Android or iPhone mobile phone, because Google and Apple and Facebook (or Meta) have the same business strategy. Apart from (of course) knowing your name, gender and how old you are, they know where you live, where you work, do you have children and how many, do you have a lover, how often do you travel, what is your political affiliation, your hobbies, what your interests are and what you would probably like to buy next. And who you are likely to vote for.
However, on the other hand, Google, Facebook, Instagram, TikTok… All are free. We can not say that we don’t get anything from them – we are connected with friends and their lives, we can see what someone is doing, all for free. We talked to Robert Ilijaš, the founder and CEO of Identyum, about the dominant phenomenon of the 21st century, social networks and where it all goes.
Robert, what do you think about social media? They know everything about each of us, but they are also free to us.
Don’t be fooled, nothing in life is free except maybe true love. Facebook is not free for you, nor is your Google email free. It’s just that you don’t pay them in money, but you pay them by losing your freedom. Most people think, “Well, it’s not that bad, I don’t feel that trapped.” But are you sure? Did you know that Facebook’s algorithms predict your behavior and aim to influence you exactly at the moment they calculate that they could change it for you? Well, you don’t think that all ads accidentally “guess” exactly what you intend to buy, even when it’s interesting to you! However, what if it’s not just ads? What if the news being served to you is trying to change your behavior? Have you ever wondered why we all argue so much on Facebook? Did you know that Facebook creates around you an “information bubble” only with the news that algorithms calculate that you will like? The foundation of a functional society is that each of us tries to understand the position and thoughts of others, our fellow citizens. In this way we get closer to each other and build constructive communities. Facebook, Google, Apple and others do just the opposite – they distance us from each other, lock us all in their “bubble”, isolate us and encourage us to argue and disagree. And all this in order to turn us into brainless consumers who click “buy”. The best thing you can do for yourself this year is to take 90 minutes and watch the documentary “The Social Dilemma”.
When we prepared for this conversation, you said, “It could be worse.” What did you mean?
Yes, it could be even worse. For example, what Facebook, Apple and Google do, could be done by the government. Imagine that the availability of public services (e.g. health services, public transport, education) and the price of commercial products depend on how much the computer algorithm has calculated that you are an “obedient citizen”. Do you pay your bills and loans on time, do you always drive according to traffic regulations, do you take care of your health, what kind of neighbor are you in the building? Imagine that the price of a plane ticket is more expensive because you had a party in your apartment last year and the neighbors complained that you were too loud. If you think that no normal person would agree to that, you are mistaken. Since 2014, the Chinese government has been working on a pilot project for just such a system, the “social assessment” system, which is now at a high stage of development. If you combine such a rating system with the fact that there are over 170 million video cameras installed in China that can recognize you and find you anywhere in China within 7 minutes, you know what you got. You have been given a techno-totalitarian system of obedient citizens who do not question the government.
So you think personal information is very important, as well as who has control over it?
In this increasingly digital world, your personal information can be either a source of your freedom or a tool to capture you. And you have already “sown” them all around, so today you do not decide what you will read and what you will buy (even though you imagine so), but others decide – computer algorithms, which someone arranges as he sees fit. How can a man be free if his decisions and attitudes are governed by a computer algorithm?
Sounds pretty depressing…
Yes, but it’s true. Whether you accept it or turn your head, is up to you. There is no better confirmation and warning that “something is wrong” than the fact that Tim Berners-Lee, the inventor and father of the Internet as we know it today, said that something is not right. He said that things had gone in the completely wrong direction and that we had handed over all our personal data to mega-corporations and thus lost our sovereignty. In addition, Berners-Lee warns us that we have to find a way to regain control over our personal data as citizens, and thus to regain lost freedom, all together.
How do you look at this? Is there any way out of the situation in which we now find ourselves as a society?
There is a way. In 2021, Berners-Lee introduced his idea of ”personal data pods” – cloud storage for personal data that are solely and exclusively under the control of the citizen to whom the data relates. By the way, at the time when he came up with the idea, we at Identyum have been working on more than 2 years for exactly that – a strongly protected space for storing personal data managed only and explicitly by citizens and no one else. It is a digital ID Wallet – a digital wallet for storing personal identity data.
How does the EU see everything that happens with personal data and the loss of freedom of citizens?
The EU also recognized that “something is wrong”. Whatever the EU is, it needs to be acknowledged that it has managed to recognize that things have gone in the wrong direction in the field of personal data. The EU also reacted. The now well-known GDPR Regulation was aimed at bringing order to the management of personal data. However, the GDPR is a general regulation and it only defines that citizens’ personal data should be protected, but it does not define how.
So, we know that as a society we are in trouble, but we are looking for an answer to the question of how to get out of it?
That’s right. The question is “how?” How to protect personal data and citizens’ privacy is a key question. At least in the EU. In the digital world, where we all know that everything can be copied with a simple copy/paste and no one can prevent it, there is a legitimate question of whether it is possible to protect citizens’ personal data. Once you have given or transferred information about yourself to someone, the only way to manage it is to be 100% sure that someone will delete it at your request.
Yes, but this is practically impossible. How can I be 100% sure that a company has deleted data about me?
That’s right. There is no way to know that unless you hire an entire team of computer forensics to check that company and all the servers, to see if they really deleted all the information about you. Therefore, in the long run, the only correct approach to the protection of your personal data is that they do not go beyond your control, or that you do not give them to anyone, i.e. that you do not transfer them to other systems. That was recognized by Berners-Lee, and we at Identyum and a couple of other players recognized that. The goal is to store personally identifiable information in something that is solely under your control – your “pod”, “ID Wallet” or whatever you call it.
Wait a minute. How can for example a webshop provide my services if it doesn’t know who I am? Where will they deliver the goods to me if he doesn’t know my address? That is impossible.
No one said the webshop won’t be able to read your address. The catch is that the webshop will always read that address from * your * Wallet ID and will not even need to store it on its system. And that you have to give him permission in advance so that he can read that address. From the IT aspect, on every webshop page and in every background process, where the webshop would otherwise read your address from its server, it will read it from your ID Wallet through the program interface, the so-called API. And that, I repeat, only with your explicit permission to do so.
Wouldn’t that be the same as it is now? What’s the difference?
The difference is huge because it means that the webshop has not stored your address anywhere. A hacker attack on a webshop has nothing to steal. This also means that you can revoke the webshop’s permission to read your address at any time. The address is of course just an example. We talk about first and last name, gender, date of birth, nationality, email, cell phone number and much other personal information that should only be yours and that you should be able to control.
OK, but what about the bank, for example? It is required by law to identify me to prevent money laundering.
In the highly-regulated financial industry, the challenge of managing the confidentiality and security of your personal information is even greater. It is technically possible for the bank to correctly identify you, without permanently storing your identity data. But they will need to change the laws. But even when we improve the laws, your identity information must be available in the case of a lawsuit (say, you didn’t repay a bank loan, or you cheated a webshop). In that case, you lose the right to full protection of personal data, because the court must be able to find out who you are if you have done something illegal. So, if it is a highly regulated industry (which must take care to prevent money laundering) or if it is a court request, that * one * information to the court or bank must be available without your permission, and that is the OIB. However, even in a scenario where a bank or court reads your OIB without your permission, you must be notified. All other data (name, address, gender,…) may remain protected and stored forever only and exclusively in your ID Wallet.
All this sounds like a very complex process of change and some possible future for society?
Well yeah, maybe we didn’t understand ourselves. I am talking about long-term trends in the next 10-15 years and the final outcome. The Internet is 30 years old, if it has gone in the wrong direction in the last 15 years, it will take just as much to fix it. Of course, if we as a society want to know this at all because such a change requires the coordination of the whole society at all levels. And maybe we will end up in a totalitarian society without any privacy, as obedient citizens without freedom of speech and headless customers without freedom of decision. Honestly, as things are going at the moment, I’m afraid it will be the latter.
Is everything so bad?
Of course not. There is always time to start changes and one should not look at everything pessimistically. In the first phase, say 5 years, it will be enough for us all to get used to the concept and the idea that as citizens we must be asked if everyone wants to access our personal data in our “pod”, “wallet” or whatever. Of course, let’s be realistic, in the beginning, companies will not be able to download and store this data on their servers, because everything else would require high and long-term investments in their infrastructure. But even that is a healthy start. I believe that it will take at least 10-15 years for society to change and for citizens in the digital world to regain their freedom. But you know how they say – the 1,000-mile journey begins with the first step.
How does Croatia stand in this?
Well… I hope that in the next 5 years we will at least make the children’s steps that Western Europe has taken a long time ago, for example how to learn to use electronic signatures and digital identity properly and to become widespread in Croatia. Those who are advanced and proactive can still try our Identyum ID Wallet today, to at least “feel” the first outlines of a healthy future in which they are asked if they allow access to their data, and to start electronically signing PDFs instead of printing.
Do you expect resistance?
We are a startup, a private company that created the first ID Wallet in the entire region. We are just at the beginning and we have a long way to go. But we deeply believe we are doing a good thing for the whole society. We will do our best to explain to everyone what we do, and how and why we do it. I guess we all know how to read with understanding. So who wants it, great, and who doesn’t, it doesn’t matter. However, we do not intend to waste energy on destructive people. We will leave them where they are. For them, techno-totalitarianism is a better option anyway.