LJ Archive

The Personal Cloud

T. Rob

Issue #234, October 2013

The Personal Cloud gives you access and control over your own data and lets you do more with it than your vendors can. Who wouldn't want that? The question is, how do we get there from here?


What do you say when someone asks “How much money do you make?”, or “How old are you?”, or “How much do you weigh?”, or “What is your address?” The quintessential response “that's personal” works because of an underlying assumption that we are within our rights to withhold that information and, more important, that privacy is the default and natural state of affairs. There is no government procedure on reaching the age of majority requiring you to check boxes on an interminably long list, enumerating all of the personal data attributes that you choose to keep private. As a sovereign person, they are all considered private. It is your choice whether to reveal your income, age, weight or any other piece of personal information. The ubiquity of the phrase “that's personal” speaks to a broadly shared understanding that we get to choose what information about ourselves we reveal and to whom we reveal it.


There is no industry-standard definition of the term “cloud”, but we should at least all be able to agree on a few attributes. Many of these are optional depending on who you talk to, but the one essential element of the cloud is abstraction. An observer sees the cloud as a single logical thing with which to interact and need not be concerned with the individual elements that make up the cloud.

In addition, a cloud will have one or more of the following elements:

  • Elasticity: computing resources can be allocated dynamically to match variable load.

  • Redundancy: the use of multiple physical servers increases the availability of the cloud service.

  • Resiliency: the cloud service can survive interruption or loss of some physical components without loss of function.

  • Runtime resolution: resource identities and addresses are resolved dynamically.

  • Ubiquity: some clouds are public while others are private. However they are scoped, a cloud service is expected to be accessible from all points within that scope.

By incorporating these elements, cloud architecture aims to deliver computing services that are as reliable and available as power or water. The ultimate expression of the cloud is that the computing infrastructure completely disappears except for the user interface.

Personal Cloud.

Imagine a cloud database filled with information about you and a vendor inquiring of that cloud “How much money do you make? How old are you? How much do you weigh? What is your address?” Whether the cloud is personal or not depends on who gets to decide the answers to these questions. It is not enough that the response back is “that's personal” if someone else can override your preferences and make the disclosure anyway. It is only a Personal Cloud if you have ultimate control over whether to disclose that information.

A Personal Cloud starts with the assumption that privacy is the default and natural state of affairs and then incorporates that design philosophy into a cloud computing architecture owned and operated by an individual.

Resist the temptation to read more into that statement than there is. For example, there is no requirement that a Personal Cloud must be self-hosted. Today there are commercial services for password management, storage, backups, VoIP, chat and more, all of which fit the definition of Personal Cloud. In all these cases, the custodians of the data have no access to it. Instead, they provide the framework in which the data owner sets policies that express the relationship between the data and any third parties authorized to access it. If it is a cloud architecture, respects the owner's privacy, and the owner is the ultimate authority over authorization decisions, it is a Personal Cloud.

Not a Buzzword

Much of the buzz about cloud computing is just that—buzz. But Personal Cloud is more. There is a parallel here with the way we purchase motive power. In San Francisco, halfway down the hill on Mason Street, there are giant motors transferring motive power to cables, which in turn run below the street to distribute that motive power along the cable car routes. When the cable car requires motive power, it gets it directly from the cable. Many years ago, factories worked the same way. Large motors distributed motive power to belts and pulleys that distributed it throughout the factory.

But that method didn't scale very well. There is no tap from your house to an underground cable that provides power for washers and dryers, refrigerators and so on. Nor is there a giant motor in the back yard and a system of pulleys and belts running from it to the house. Instead, we self-host hundreds of tiny motors, invisibly built in to disk drives, DVD players, appliances, clocks and almost everything capable of movement. The magic of this is that we don't think of these things as motors that wash clothes, tell time or spin digital media. The motors have receded into the background, and we rarely think about them at all, unless they break.

The same thing is happening now with computing. There is more computing capacity in the average modern phone than there was in the Lunar Lander. It's everywhere around you, and more is on the way. All of your devices that have an embedded motor soon will have embedded computing power, if they do not already. Things that currently have no motor or computing power—switches, outlets and bulbs, for example—soon will become smart. More important, all of these sensors, devices and computing platforms are increasingly interconnected and integrated with if-then-else rules engines that correlate events to generate complex behaviors in formerly dumb devices. Sensors, actuators and computing power are quietly but inexorably being woven into the fabric of your life.

Is it reasonable to assume that with all this computing power available to individuals that we will fail to apply it in commercial settings for our own benefit, in much the same way that our vendors have applied it on the supply side? The value proposition of E-Commerce, Supply Chain Management and Customer Relationship Management always applied to individual users. We never delivered it to that market because of cost, but that barrier continues to fall. These applications radically transformed commerce on a global scale when they were first built out by large enterprises. We have the opportunity to transform commerce again, with even greater impact, by building out business functionality on the consumer side. Or we could continue to focus on making better versions of Angry Birds and moving light switches from the wall to the phone.

Today's architecture, in which vendors have all the data and computing power, is a dying relic, left over from a world where computing was specialized and so expensive that only large businesses could afford it. It is the cable car wheelhouse or the big motor out back behind the factory. But in a world of cheap and abundant computing power, individuals are the natural points of integration for their own data. Now we have the choice to continue on with the legacy model or to move to a new model in which the individual's computing capacity improves the experience of both the individual and the vendor. Having all that computing power on the consumer side and not building out new business integration seems to me to be akin to ripping the motors out of all the disk drives, DVD players, clocks, refrigerators and other appliances, and equipping them with belts and pulleys. You could do it, but it doesn't scale and you won't like the experience.

Impersonal Clouds

Let's revisit that cloud database filled with information about you and a vendor inquiring of that cloud “How much money do you make? How old are you? What is your address?” If that cloud is owned by a credit bureau or data broker, the responses will be the actual values. There is no default assumption of privacy. You have no say in how much data about you these commercial entities hold, whether it is accurate or with whom they share it. The entire business model of data brokers is to provide answers for questions to which, if you had been asked in person, you would have responded by saying “that's personal”.

The impersonal cloud also hoards your data, preventing you from deriving any benefit from it. If you participate in a grocery loyalty program, somewhere out there is a database containing line-item records all your purchases. That's a rather intimate level of detail about you and your immediate household. If someone on the street asked you detailed questions about some of those line items, you undoubtedly would say “that's personal”. If that same person then offered to pay you a dollar for details of which personal hygiene products you use and how often you buy them, it would seem creepy. But that is exactly the kind of information we give out in exchange for a dollar off of a jug of milk.

I've been told that the average person has no use for grocery line-item data. If that is true (and I don't believe that it is), it's only because we do not yet have access to that data and, therefore, have not written applications to use it. We don't know now what we'll do with that data any more than we could have looked at HTTP in 1983 and predicted Web 2.0. What we do know now though is that all the data is held by vendors, and wherever it is that Personal Cloud can take us, we can't get there from here. Getting access to our own data is the first step. Personal Cloud is Cloud 2.0.

Strategies for Personal Cloud Development

Twenty years from now, we will know what the Personal Cloud equivalents of Google, Wikipedia, YouTube, Facebook and Instagram are, and they will seem obvious in hindsight. But if you want to get started in Personal Cloud today, where do you place your bets? Although the specific implementations have yet to be revealed—that's your job—we do know some general directions with a high degree of confidence. First and foremost among these is that the Personal Cloud wants to be invisible. Once the user sets up the connection and preferences, the fact that the apps are backed by a Personal Cloud should not normally be evident to the user. The exceptions exist mainly where the Personal Cloud provides enhanced functionality, such as prompting the user for permission to release information. Other than those exceptions, all the user should see is the exposed functionality.

Some additional Personal Cloud directions are listed below. The strategy for deriving these is to imagine a future state where privacy is baked into the architecture and where sharing is enabled by policy. This is the opposite of today's model where the architecture is built for sharing and privacy is provided by policy. Also, assume a future state where individuals have access to all the transaction data their vendors currently collect, and to the data from all their devices, and that all of this is accessible to the user in aggregate through their Personal Cloud.

Software — Extend Supply Chain management systems all the way to the consumer so that the merchant is the next-to-last rather than the last stop in the chain. The opportunity here is to create the API of Me and My Things and to assist large Enterprise to understand the value in integrating with it. Considerable momentum already exists in Vendor Relationship Management applications, the consumer counterpart to Customer Relationship Management. In short, re-imagine business software as owned and operated by and for the individual.

There are a number of initiatives and groups working to provide infrastructure and resources to further these concepts. The unsurprisingly named Privacy By Design framework “advances the view that the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must become an organization's default mode of operation”. The Personal Data Ecosystem Consortium's mission is to connect entrepreneurs and startups focused on user-centric personal data, advocate for individuals' rights to tools and access to their own data, and to help existing businesses dependent on the old personal data ecosystem transform to become profitable in the new one. The Respect Network extends the basic connectivity of the Internet with a community and context for trusted identity and interactions between people, businesses and devices. There is a growing collection of information, references and index of projects related specifically to Personal Cloud at Personal-Clouds.org. The folks at Kynetx have built and implemented CloudOS and an event network that are up and running today and built on the Personal Cloud philosophy. This is a non-inclusive list but will jump-start your investigation into Personal Clouds.

Data aggregation and integration — Much of the value of data lies in the ability to correlate and analyze across many datasets to find valuable relationships. For example, consumers can participate in cradle-to-cradle tracking of recyclable resources by integrating data from their purchasing, waste and recycle streams. Add Health data to the mix for insight into how dietary purchasing habits affect wellness. Integrate power and water consumption for a total household greenness rating. But, which vendor will collect and manage all this information for you?

Mint.com aggregates all your financial accounts into a single view but probably won't be adding your health records, power and grocery loyalty information any time soon, nor would you want it to. If Mint.com began asking for your health and grocery data, you probably would tell it “that's personal”. The Personal Cloud version of an aggregator operates more like FileThis.com. FileThis periodically fetches your bank statements, e-bills and purchase receipts, then loads them into a data store that you control. It never stores the information it collects on your behalf nor does it attempt to provide any analysis or presentation of that data. You supply the credentials and the storage, it supplies the integration.

Apart from a few early examples, this field is wide open. Every loyalty program, interactive heath service, government-hosted citizen database, social-media service, utility provider, identity provider, bookmark sync service, contact list or other service that holds your information is a candidate either to aggregate that data into a single view or pull it into the individual's Personal Cloud. If those services hope to remain competitive, they will recognize the value in empowering individuals to access their own data and begin to cooperate with integrators and publish APIs.

Hosted apps and plugins — hosting providers cannot process your data if they cannot see it. If you are to get any value out of the data you choose to keep private, you will need something that you control to correlate, analyze and visualize it. One approach, exemplified by OwnCloud, is a framework made up of database hosting, a plugin architecture and APIs. Out of the box, the system supplies cloud storage, calendaring, contact lists, music streaming and on-line photo galleries. But the real power is in the plugin architecture and APIs. For example, there is no personal health vault in the basic version of OwnCloud, but that easily could be added.

Alternatively, some Personal Cloud applications will run standalone. Consider the FileThis service mentioned previously. Among the other accounts to which it integrates, it can download your bank statements. But this requires you to give it your on-line banking credentials, which is a bit problematic. That issue would go away if you could run its application locally. The standalone app model provides all the benefits of the vendor's integration know-how without exposing your banking account credentials.

Retro-fit — There are a lot of “dumb” appliances out there with plenty of useful life in them. Similarly, there are very few existing houses wired for data or that have their own Personal Cloud servers. If we imagine a future world where all those devices are smart, how do we get from here to there? One way might be to take the Crutchfield approach and apply it to the Internet of Things.

Crutchfield built an unlikely business by betting that ordinary people could and would install high-end stereos into their own cars if they had access to tools and instructions. Crutchfield provided custom wiring harnesses that eliminated most of the complexity, access to tools and comprehensive instructions from an exhaustive database of vehicle makes and models. The bet paid off and it grew into a formidable player in the consumer audio business.

A similar model would work for Internet-enabling dumb devices. Assuming that you had the appropriate wiring harness, a Wi-Fi-enabled Arduino or Digispark could be dropped into a washer, dryer, refrigerator or other appliance in minutes. This could jump-start the Internet of Things and most of the research could be crowdsourced. There are business opportunities in performing the installations and in providing the code that sends and receives events from the devices and turns those into more complex behaviors. Of course, getting a data fabric into the home is a prerequisite, so the installation of home-automation servers, cabling, power-over-Ethernet and Wi-Fi access points also will be a growth opportunity.

Stupid Cloud Tricks

To seed your mind with ideas for Personal Cloud development, imagine a world in which the most mundane objects and surfaces are smart and in which you can program behaviors based on interactions of devices and events in your life. The cloud also has access to all your transaction and demographic data, location and preferences. Now combine these in the most far-fetched way that you can think of.

Here's an example. My smart house would have individually addressable path lighting throughout. My dog would have an NFC or Bluetooth beacon on his collar so that the house could know exactly where he is. I would then program a behavior causing the path lighting to follow him around the house. Once he got used to that, I would train him that following the path lighting cues would lead to a reward. The last step would be to create a phone app (I'll call it “Fetch”) that leads the dog from wherever he is in the house to wherever I am.

I admit this is a very stupid cloud trick. I criticized vendors for moving wall switches to phone apps, and I just did the same thing with the dog. The point is that if you own the data and your devices talk first to you instead of the vendor, you are not constrained by the vendor's choice of integrations and can invent weird and wonderful behaviors for your stuff. (But you have to admit that a phone app that remotely controls the dog is kinda cool.) So let's try something a bit more practical.

Your power company has a rate plan that lets it shut off your water heater and air conditioner when it or a neighboring utility has a peak load shortage. But why limit this to water heaters and air conditioners? When the home is filled with smart devices, it will be possible for lights, fans, battery chargers or any powered device to take part in discretionary load abatement. For example, on receiving an abatement request, an LED bulb (or the dashboard controlling that bulb) might respond with an offer to cut 10% of its current drain during the abatement period. Because the house knows whether anyone is home, the degree of abatement can vary automatically and accordingly. You don't have to honor the pledge and can turn the light back up, but the closer your house gets to its projected abatement, the larger the rebate you get.

With enough devices participating, discretionary load abatement will allow us to defer the need to build more power plants. But this considers only the first-tier effects. The system really gets interesting when social aspects are added. Your Personal Cloud knows how much load abatement you have provided, what your baseline usage is and the normal interior conditions in the house. Someone eventually will combine these into a competitive social app where individuals or groups can compete for energy-efficiency badges. How do you compare with your neighborhood? Your region? Households with similar demographics? Can your scout troop be the greenest in the pack?

What will your Stupid Cloud Tricks be? Feel free to dream some up and send them to info@linuxjournal.com. Or just wait a few years and create them for real.

Personal Cloud = Opportunity

These types of applications are not only possible but trivial when we all have access to our own data and are not dependent on vendors for the integrations. Personal Cloud detractors claim that individuals have shown no interest in having access to their own data. Until PRISM, many said we have no interest in privacy either. But this is not a question of whether Personal Clouds will exist or whether individuals need or want access to their own data. Technology seeps into every niche that will support it, and this is hardly a niche. When the value of Personal Cloud apps exceeds their cost, they will flourish. It really is that simple.

The market for Personal Clouds is a superset of that for mobile phones, game consoles, NAS devices, home-entertainment servers and home-automation servers because they are all potentially participants. That is a very large market, which with regard to Personal Cloud, is as yet untouched. Those who can make the value of Personal Cloud exceed the cost (as measured in currency, skill requirement and administrative overhead) can begin to carve out their own piece of that very large pie.

Would you like your piece of that pie now? For more information on Personal Clouds and the ecosystem growing up around them, please visit the Personal Data Ecosystem Consortium, Project VRM and the Respect Network.

T.Rob spent the last 20 years working on security, clustering, high availability and architecture of enterprise messaging. He intends to spend the next 20 applying these same technologies to benefit individuals through technologies, such as Personal Cloud and Internet of Things. He recently left IBM, where he was a product manager for the WebSphere messaging product family, to start IoPT Consulting with the mission of putting People first in the Internet of Things. He can be found at https://ioptcponsulting.com or https://t-rob.net. (Full disclosure: T.Rob is a member of the Respect Network and the Personal Data Ecosystem Consortium, but please don't hold that against them.)

LJ Archive