EP3 Privacy Networks : simplebooklet.com

Why It matters Private Data Sharing Data and the information that is derived from its attributes are the lifeblood of our successes and failures as individuals businesses organizations and governments making better protection a top priority for all In today s connected world data flow is more than a central theme of the global economy it is a source of wellbeing and public value Leveraging data leads us to better health treatments better opportunities for students across their educational journey more organized cities higher understanding of our society and greater economic growth and social development As organizations continue to retain as much information as possible data is now the new raw material of business an economic input almost on a par with capital and labour1 Just in the United States the data economy contributes more than 1 trillion to the country s economy per year2 This is a trend that continues growing at the same pace as the conflict between the value of data and individual privacy and security Data potential is enormous but to unleash those benefits it is necessary to reshape protections Security breaches and attacks chip away at our trust in the accuracy of the data that we use the people who can access it and the devices that send it Today individuals are at the mercy of enterprises to protect their privacy while political and commercial purposes lay behind entities that find in data related technologies the perfect instrument to capitalize people s information and influence individuals behaviours and decisions The legal landscape is also insufficient and difficult to navigate Companies need to comply with increasingly growing wide range of strict security and privacy rules that come from multiple and unfamiliar jurisdictions This fragmented regulatory framework varies fundamentally creates obstacles to guaranteeing privacy across the world and imposes heavy burdens on businesses For this reason and despite the benefits of accessing and aggregating data information is at risk disjointed and stove piped on different architectures leaving organizations and individuals unable to benefit from new ideas research technologies and best practices that accompany privacy preserving data flows People and organizations disagree on what is required to verify individuals their roles and the requirements to share sensitive information as they continue relying on all or nothing policies for information sharing A scenario where everybody loses Leveraging data leads us to better health treatments better opportunities for students more organized cities higher understanding of our society and greater economic growth and social development Building trust and confidence in the online world is a fundamental challenge to ensure that the opportunities emerging from the flow of information can be fully leveraged allowing individuals organizations and technologies to protect information without affecting the possibility to analyze link and use the data needed to create growth and value 4

Page 5

The internet was designed to keep communication lines open The Internet is a design philosophy and an architecture expressed in a set of protocols 3 This design was to ensure resilient communication networks even during natural or manmade disasters It was never designed to be private It began as a government funded project to build decentralized communication networks The design has brilliantly scaled and enabled rapid growth and global expansion It was not until the late 1980s that the web was commercialized The internet has evolved substantially fueled by new innovations and business models based on commercial interests and financial returns on investments Now commercial and government platforms dominate infrastructures services and applications and consolidate their power controlling choices and online experiences through a data driven model focused on users segmentation and online advertising As more and more people go online data about them makes it easier for web companies to target ads improving the likeliness of purchasing products and services or remaining longer on a web platform The more industries know about our individual hopes fears and desires the better they are able to serve content and ads that people find interesting or relevant turning highly sensitive personal data into cashflow Our society is producing data at a pace that is unprecedented in human history Just in the last two years 90 of all data was created and there are 2 5 quintillion bytes of data generated each day4 A rate that continues accelerating given the new users connected devices and technologies In addition others create data about ourselves at the same unprecedented pace Banks schools public agencies smart objects traffic monitoring systems doctors pharmacies and insurance companies among many others are also creating data about us when we commute to work go to school get a medical treatment or even when we sleep This data tells and commercializes our life story as individuals and communities It identifies the important people in our lives with whom we communicate the people we call or text our school records and even our chances to succeed in life Under this model individuals remain unaware of how and for what purposes their personal data is sold collected stored and used or whether they have the right to demand changes erase personal data or prevent further data collection and use 5

Page 6

Internet initial design philosophy prioritizes open communications This has proven year after year that we are unable to keep information safe and secure 2017 was the worst year recorded in history for data breaches 5 These attacks undermine not only online trust but also the institutions and political processes that rule our society6 From hacking networks to steal personal information to security breaches and attacks that impact democratic processes the scope of cyber attacks is steadily growing These breaches chip away at our trust in the accuracy of the data that we use the people who can access it and the devices that send it Today the highest risks to privacy and security are at the ends of the network the places where people access and authorize data use For the first time since 2007 human mistakes caused more data loss than malicious intrusions into networks compromising 5 4 billion records7 Humans even those with cyber savvy skills and competencies are at the mercy of the security systems on the technology they use The constant connectivity and the user linked data sharing model also creates greater risks for information to be abused and compromised Children adolescents and new web users are at the center of these risks8 as technologies are continuously employed in online scams child exploitation cyberbullying sexual harassment and peer agressions that often target the least tech savvy DATA Breaches chip away at our trust in the accuracy of the data that we use the people who can access it and the devices that send it These challenges increase exponentially in a society that is being shaped by the internet of things IoT Individuals are surrounded by a broad range of connectable devices such as smartphones or home hubs through which they constantly leave a digital trail and share not only more information about themselves but also more sensitive information These devices create multiple connection points for hackers to gain entry into IoT ecosystems access customer information and even penetrate manufacturers back end systems The monetary costs of the attacks are also enormous In 2017 the global cost of ransomware attacks exceed 5 billion And according to recent studies these attacks as a whole are projected to cost the world more than 6 trillion by the end 2021 9 Despite the rapidly evolving security risks and staggering costs stakeholders are unable to identify the risks and put into practice the adequate mechanisms needed to prevent attacks Insufficient attention to security undermines trust in the internet and increases vulnerabilities Safeguarding the information and privacy of individuals is the obligation of any person organization or technology accessing personal information regardless of the source The status quo no longer works 6

Page 7

Given the amount of data collected and the lack of individual control privacy and security privacy regulations are becoming more complex and comprehensive Failing to protect sensitive data can lead to regulatory investigations sanctions and lawsuits In our modern interconnected global economy being compliant with one jurisdiction is not sufficient Companies need to comply with an increasingly growing wide range of strict security and privacy rules that come from multiple and unfamiliar jurisdictions and accommodate different rights and multiple standards This fragmented regulatory landscape creates obstacles to guaranteeing privacy across the world and imposes heavy burdens on businesses that affect their chance to grow and compete 7

Page 8

Despite the significant benefits that arise from the ability to share information people and organizations are unable to unleash its true potential People cannot find access and use their own information while service providers continue missing out on powerful competitive tools Policies proprietary and legacy systems have formed an array of barriers that impede the free flow of data Information is commonly disjointed and stove piped on different architectures leaving organizations and individuals unable to benefit not just from new ideas research technologies and best practices that accompany quality privacy ensured data flows but also the day to day goods and services that rely on data Current policies allow all or nothing information sharing Today we lack a universally accepted process to allow for only partial sharing This all or nothing flow of attributes data and information drives our world and generates significant privacy and security challenges that must be addressed For example when we check the box to agree using connected devices and applications we give our permission to all of the data uses listed on the company s privacy notice We cannot agree to some of the terms and not others Legitimate concerns over privacy and confidentiality affect data flow as a source of wellbeing Now perhaps more than ever before consumer anxiety about privacy is intensified when people realize that they do not know which organizations have their data what is known about them and how they are using or misusingtheir own information Moreover the traditional enterprise centric system and its own mechanisms for enforcing security policies have failed to keep information safe and interconnected Companies control the access to data and survey user activity to reliably implement security policies Yet despite these actions they are still unable to protect information and worse unwilling to provide or enforce meaningful individual control Widespread all or nothing data sharing as a driver of wellbeing is not sustainable without trust and transparency People and organizations disagree on what is required to verify individuals their roles and the requirements to share sensitive information As a consequence of the latter individuals and organizations are kept from linking and sharing the data needed to advance research innovation and wellbeing 8

Page 9

Data driven decision making systems increasingly impact our lives Data used in machine learning and AI are established by the devices and networks that we use combined with the networks and devices used by others who process information about us or for us These personal identifiers are duplicated and used by many types of organizations including governments financial institutions and schools 10 The provides use case frameworks to foster ethical data governance standards and accreditations needed for data models that protect privacy comply with privacy laws and improve our ability to personalize 9

Page 10

Human skills alone cannot protect individuals privacy and security Safe digital environments require new privacy paradigms11 combined with critical digital skills and competencies It is vital to establish new systems to turn data flows into successes and ensure the internet serves as a driver for innovation scientific research economic growth and social development How we manage the internet and the deployment of IoT AI blockchain and other distributed ledger technologies will determine whether our society is able to move toward an internet that benefits all people around the world The main goal is not just to respond to the biggest privacy threats but enable people to benefit from the enormous opportunities connected to the flow of data without sacrificing their privacy and security This is a great challenge that requires improving current data paradigms and embracing innovation as the only path to satisfy the demand for trusted data flow At the end the power of the web resides on users willingness to trust it The new EP3 Privacy Networks respond to this challenge and automate and enforce privacy frameworks These networks enable attribute level data sharing enhanced security and decision intelligence For the first time comprehensive real time data will be available to determine how to create healthy sustainable communities while also respecting the security and privacy of individuals 10

Page 11

Page 12

We build trusted networks based on collaborative efforts to protect information and improve the ability to analyze link and use the data needed to help individuals to thrive The Foundation works to The EP3 Foundation builds and certifies trust models the rules and standards required for individuals and organizations to send and receive data EP3 Trust Models are expressed in web protocols the rules that automate privacy ensures data security and improves personalization They bind hash and commit usage rules to your data at the smallest attribute level Each attribute is digitally signed by its established global and regional issuing trust authority and then cryptographically bound together Automating privacy protocols exponentially reduces and eliminates identity theft fraud and cybersecurity breaches Trust Criteria or the rules and Trust Credentials which certify that the rules have been meet are the issued by trust authorities allowing diverse resources published by disparate organizations to be interoperable easily shared and trusted across the ecosystem The EP3 Foundation has developed Accreditation and Certification Programs that verify the Criteria and Credentials These in turn enable interoperable digital exchange based on privacy security identity verification and authentication These programs also provide thirdparty credibility via their ability to grant accreditation for stakeholders to achieve a trusted environment where privacy and security requirements are maintained Find access link and safely share data at the attribute level protecting sensitive information Automate data governance and comply with policies licensing privacy and cybersecurity requirements Control policies for privacy security and personalization Compute comprehensive pseudonymized obfuscated crypto hashed distributed and partitioned data In addition the EP3 Foundation serves policy leaders looking for solutions to protect their communities from privacy and security risks We provide leadership outreach education and PR campaigns to help policy leaders social norm or confirm community expectations for new data governance practices To that end the EP3 Foundation a founding member of the Trusted Network Accreditation Program TNAP addresses the requirements to provide third party accreditation for healthcare stakeholders data registers Lab providers payers vendors and suppliers The EP3 Foundation convenes global national and regional policy authorities to set the rules and governance for new credentials and certifications that establish vendor neutral privacy networks 12

Page 13

We collaborate with stakeholders and trust authorities to set the rules and governance to develop new credentials and accreditations that establish vendor neutral networks The critical difference with our networks over previous data paradigms resolves around our current concept of the word share Currently when data and the information it brings is shared it is usually copied Anyone with access may also create some type of copy that is then hosted in new locations with all of the associated risks that go with sensitive information being used accessed or stored Instead of allowing others to copy the information EP3 Foundation networks enable authorization networks to access the same data in the protected software defined perimeter Trusted Data Attributes 13

Page 14

EP3 Privacy Networks are based on forward thinking innovations that together with the neutral governance of the EP3 Foundation create Privacy Networks to allow organizations and individuals to pool anonymize share and analyze sensitive data while complying with privacy and security regulations Network participants take comprehensive sensitive information and transform it into pseudonymized obfuscated data known as These trust blocks are then partitioned and distributed across multiple privacy networks managed with keys Within the software defined perimeter Trust Blocks receive a variety of aggregates analytic outputs and resources from additional privacy networks The EP3 Privacy Networks cryptographically bind different trust criteria trust credentials and different resources to the attribute level Trust Blocks These trust blocks differ from old data packets in that they automate enforcement and verify identities across multiple participating networks giving people for the first time the control over what data is shared with whom and the ability to withdraw that permission or delete it across the entire network The Trust blocks also exponentially reduce the risk of a breach because the information inside the block is now fully opaque Even if someone unauthorized were to access the trust blocks no data breach notifications are required because no information was disclosed This reduces your risk of creating honey pots or target rich environments 14

Page 15

For the first time comprehensive real time data is available to determine how to create healthy sustainable communities while also respecting the rights and privacy of individuals Access to quality data enables decision intelligence making evidence based decisions but not at the expense of individual privacy Data about an individual can be viewed but not linked back to them and is shared only by specific permission and use It also enables collaborative innovation in any industry that requires coordination and relies upon privacy sensitive proprietary or regulated data Protect individuals and their data from malicious and criminals use Exponentially reduce waste fraud and abuse including identity theft Ensure patient safety in a way that also protects their privacy Patient permissions both enabled enforced Enable global population and public health with quality data from multiple sources included cross national boards Improve child safety by ensuring their identity is separated from their unique device identifiers and brower fingerprints Improve internet trust and protect our internet infrastructure from denial of service attacks and ransomware Bring new value to personal information providing additional financial incentives to new emerging communities Provide a safe harbor for companies complying with dynamic global privacy privacy and processing requirements especially in managing data from children youth and education 15

Page 16

Unifying and leveraging data so what people are experiencing is valuable and personalized cannot continue to be sacrificed This is especially true in the healthcare area where personalized medicine opens a bright future of opportunities that lead to better care for patients and ultimately benefit low income communities with high burdens of disease EP3 Foundation enables health information interoperability by partnering with the leading health and cybersecurity authorities to establish the accreditations for health systems using our data protocols 12 In healthcare we have decision intelligence for personalized networks based on an individual s location lifestyle and genome These improves transparency and accountability across the entire ecosystem It also provides public and population healthcare providers the ability to detect intervene and conduct privacy preserving surveillance Doctors and providers of care can better coordinate comprehensive integrated care For example the healthcare ecosystem pooled data resources managed at the attributes level includes insurers providers of care hospital systems and payees With comprehensive health data we can discover new models that improve treatment and recovery outcomes All done meeting the strict privacy protections for patients 16

Page 17

Educational technology systems collect an enormous amount of data to improve learning outcomes and resource efficiencies However the diverse systems where the data is stored the exponential number of devices tools vendors and individuals accessing the data and the lack of unified standards regarding the protection of students data present both privacy and security concerns The most common cybersecurity incidents or attacks in U S schools include phishing unauthorized entry or disclosures ransomware denial of service and other cybersecurity incidents resulting in school disruptions and unauthorized disclosures We partner with leading child safety experts and student privacy advocates to create the privacy and security accreditations that enable educational institutions to provide better security for sensitive student and educator information and decrease the security issues EP3 Education Networks empower students parents and educators with easy access to their privacy protected information Data can be analyzed and personalized This resolves educational problems informs academic practices refines learning approaches and reaches educational goals without revealing personal or sensitive information Our networks connect education systems to give students and teachers the information needed to support learning and personal growth By supporting privacy preserving access and analysis of comprehensive records of students online learning activities and other data it is possible to provide effective personalization adaptive learning and superior teaching methods with more accurate assessment and personalized feedback on student progress achievement and knowledge gaps all with the enhanced security needed for data that will be attached to a person for their lifetime from educational records to teaching certifications Students and teachers benefit from data analysis as it guides their paths to a better education and secure access to technology enhanced tools The research and education community benefit from access to large pools of data that can be used to advance our knowledge of teaching and learning 17

Page 18

Organizations in the entertainment business are also targets for cybercrime consumer demands and regulatory pressures It is important for these companies to have in place all the necessary mechanisms to protect the confidential information of individuals and affiliated parties without affecting the access to their content services and revenues Personalized Entertainment Networks encourage creativity and reward the people who create and share their work online while protecting the identity and rights of consumers and content creators and reducing unauthorized use These networks also enable privacy preserving advertising networks For the first time Advertising Networks will be able to empower consumers allow precision anonymous advertising frictionless e commerce and expanded markets for personalized messaging using highly sensitive regulated and proprietary data 18

Page 19

The implementation of EP3 Privacy Networks allow Decision intelligence that identifies and enforces data safety policies Trust that our data can be protected Enforcement of national and international laws for our personal privacy domains The means to better protect information Data governance that is automated and complies with policies licensing privacy and cybersecurity requirements Pseudonymized obfuscated crypto hashed and partitioned data to protect personal information while leaving it computable and Decision intelligence for personalized networks based on an individual s location lifestyle and genome Everyone can leverage Privacy Networks that use Trust Blocks with current data systems to PROTECT VERIFY LINK SHARE ENFORCE privacy and confidentiality identity roles across many networks privacy protected data at granular levels information only when allowed policies automatically 19

Page 20

To address privacy and security organizations and governments alike must secure information ensure confidentiality and protect privacy while also giving individuals the capacity to access and aggregate the information they are authorized to use It is time for the organizations to take greater responsibility on how they protect users data and how they can proactively stop harmful practices affecting people s privacy Privacy compliance is more than just a legal requirement it is also an ethical obligation that imposes real business costs to those not taking it seriously Start today Participate in networks certified for privacy security and regulatory compliance The foundation has demonstration and pilot initiatives building networks to be accredited from legacy trust authorities Email us at info ep3foundation org 20

Page 21

A software defined network which can obfuscate crypto hash tokenize encrypt randomize and or partition any data provenance process definitions and trust criteria transforming them into meaningless gibberish which is simultaneously invulnerable to breach yet still capable of supporting computation or policy enforcement An extensible information model and software defined network for representing and classifying disparate trust criteria trust policies trust credentials resource descriptions and resource provenance Elements within the UTM are represented via combinations of metadata documents and software services and stored in a distributed ledger Webshield Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand usually with confusing and ambiguous language The obfuscation might be either unintentional or intentional although intent usually is connoted and is accomplished with circumlocution talking around the subject the use of jargon technical language of a profession and the use of an argot ingroup language of limited communicative value to outsiders Wikipedia Trust Criteria are verifiable claims of requirements for regulatory compliance payment licensing terms identity assurance cybersecurity privacy semantic interoperability authorized purpose of use authorized recipients trusted provenance endorsements ratings etc Trust Credentials are verifiable claims metadata and documents from known Trust Authorities describing each resource s APIs and data model semantics and provenance audit history supporting documentation certifications assessments endorsements ratings classifications characteristics etc 21

Page 22

1 Future Agenda The increasing value of Data Available at https www futureagenda org insight the increasing value of data 2 World Bank national accounts data https data worldbank org indicator NY GDP MKTP CD end 2016 start 1960 view chart year_hi gh_desc true 3 Vint Cerf The Internet IP Addresses and DNS Available at https www youtube com watch v 5o8CwafCxnU 4 Bernard Marr How Much Data Do We Create Every Day The Mind Blowing Stats Everyone Should Read Available at https www forbes com sites bernardmarr 2018 05 21 how much data do we create every day th e mind blowing stats everyone should read 76b8866060ba 5 Daniel Solove Data Security Is Worsening 2017 Was the Worst Year Yet 2018 https teachprivacy com data security is worsening 2017 was the worst year yet Accessed 6 Nov 2018 6 Internet Society 2017 Internet Society Global Internet Report Paths to Our Digital Future 2017 7 Riskbase Security Data Breach QuickView Report 2017 2017 8 Hancock P rez and Elliott 2018 We will keep Children Safe Online Government Europa pp 1 8 Available at http edition pagesuite professional co uk html5 reader production default aspx pubname edi d 44b47261 83cf 4fae 8214 42d2bf163a04 9 SIA Data Privacy and Security Trends for 2018 Available at https www securityindustry org wp content uploads 2018 01 SIA_DATA_PRIVACY_WHITEPAPER _WEB pdf 10 This graphic is based on the Hancock Privacy Framework Hancock 2018 Hancock Privacy Framework Information Created by Individual Users Available at https midd me tbBm 11 Hancock Elliott and P rez 2018 How to implement new privacy preserving data paradigms Government Europa Quarterly Issue 27 pp 36 39 Available at http edition pagesuite professional co uk html5 reader production default aspx pubname edi d 7122fbff 5a4c 4dcb 873f bee2ee4b1cd7 pnum 36 12 Hancock 2019 How to overcome 40 years of obstacles the road to accessible health information interoperability Health Europa Quarterly Issue 8 p 98 Available at http edition pagesuite professional co uk html5 reader production default aspx pnum 98 edid 5ffe2a2a df10 462e a709 5910f039b796 isshared true 22

Page 23

Page 24

Page 25

Page 26

Page 27

Data and the information that is derived from itsattributes are the lifeblood of our successes andfailures as individuals, businesses, organizations andgovernments; making better protection a top priorityfor all. In today's connected world, data flow is morethan a central theme of the global economy, it is asource of wellbeing and public value.Leveraging data leads us to better health treatments,better opportunities for students across theireducational journey, more organized cities, higherunderstanding of our society, and greater economicgrowth and social development.As organizations continue to retain as muchinformation as possible, data is now the new rawmaterial of business, an economic input almost on apar with capital and labour1. Just in the United States,the data economy contributes more than $1 trillion tothe country’s economy per year2. This is a trend thatcontinues growing at the same pace as the conflictbetween the value of data and individual privacy andsecurity.Data potential is enormous, but to unleash thosebenefits, it is necessary to reshape data protections.Security breaches and attacks chip away at our trust inthe accuracy of the data that we use, the people whocan access it, and the devices that send it.Today, individuals are at the mercy of enterprises toprotect their privacy while political and commercialpurposes lay behind entities that find in data-relatedtechnologies the perfect instrument to capitalizepeople’s information and influence individuals’behaviours and decisions.The legal landscape is also insufficient and difficult tonavigate. Companies need to comply withincreasingly growing, wide range of strict security andprivacy rules that come from multiple andunfamiliar jurisdictions. This fragmentedregulatory framework varies fundamentally,creates obstacles to guaranteeing privacy acrossthe world, and imposes heavy burdens onbusinesses.For this reason and despite the benefits ofaccessing and aggregating data, information is atrisk, disjointed, and stove piped on differentarchitectures leaving organizations andindividuals unable to benefit from new ideas,research, technologies, and best practices thataccompany privacy-preserving data flows.People and organizations disagree on what isrequired to verify individuals, their roles, and therequirements to share sensitive information asthey continue relying on “all or nothing” policies forinformation sharing. A scenario where everybodyloses.Leveraging data leads us to better healthtreatments, better opportunities forstudents , more organized cities, higherunderstanding of our society, andgreater economic growth and socialdevelopment.Building trust and confidence in the online world isa fundamental challenge to ensure that theopportunities emerging from the flow ofinformation can be fully leveraged allowingindividuals, organizations and technologies toprotect information without affecting thepossibility to analyze, link, and use the data neededto create growth and value.Why It matters: Private Data Sharing4

Page 28

The Internet is a design philosophy and an architecture expressed in a set of protocols.3 This design was to ensure resilient communication networks, even during natural or manmade disasters. It was never designed to be private. It began as a government-funded project to build decentralized-communication networks. The design has brilliantly scaled and enabled rapid growth and global expansion.It was not until the late 1980s that the web was commercialized. The internet has evolved substantially, fueled by new innovations and business models based on commercial interests and financial returns on investments. Now, commercial and government platforms dominate infrastructures, services, and applications and consolidate their power controlling choices and online experiences through a data-driven model focused on users’ segmentation and online advertising.As more and more people go online, data about them makes it easier for web companies to target ads improving the likeliness of purchasing products and services or remaining longer on a web platform. The more industries know about our individual hopes, fears, and desires, the better they are able to serve content and ads that people find interesting or relevant, turning highly sensitive personal dataThe internet was designed to keep communication lines openinto cashflow.Our society is producing data at a pace that is unprecedented in human history. Just in the last two years, 90% of all data was created, and there are 2.5 quintillion bytes of data generated each day4. A rate that continues accelerating given the new users, connected devices and technologies. In addition, others create data about ourselves at the same unprecedented pace. Banks, schools, public agencies, smart objects, traffic monitoring systems, doctors, pharmacies and insurance companies, among many others, are also creating data about us, when we commute to work, go to school, get a medical treatment or even when we sleep.This data tells and commercializes our life story as individuals and communities. It identifies the important people in our lives; with whom we communicate, the people we call or text, our school records and even our chances to succeed in life. Under this model, individuals remain unaware of how - and for what purposes- their personal data is sold, collected, stored, and used; or whether they have the right to demand changes, erase personal data or prevent further data collection and use.5

Page 29

Internet initial design philosophy prioritizes open communications. This has proven year after year that we are unable to keep information safe and secure. 2017 was the worst year recorded in history for data breaches.5 These attacks undermine not only online trust, but also the institutions and political processes that rule our society6.From hacking networks to steal personal information, to security breaches, and attacks that impact democratic processes, the scope of cyber attacks is steadily growing. These breaches chip away at our trust in the accuracy of the data that we use, the people who can access it, and the devices that send it.Today, the highest risks to privacy and security are at the ends of the network, the places where people access and authorize data use. For the first time since 2007, human mistakes caused more data loss than malicious intrusions into networks, compromising 5.4 billion records7. Humans, even those with cyber savvy skills and competencies are at the mercy of the security systems on the technology they use.The constant connectivity and the user linked-data sharing model also creates greater risks for information to be abused and compromised. Children, adolescents and new web users are at the center of these risks8. as technologies are continuously employed in online scams, child exploitation, cyberbullying, sexual harassment and peer agressions that often target the least tech savvy.[DATA] Breaches chip away at our trust in the accuracy of the data that we use, the people who can access it, and the devices that send it.These challenges increase exponentially in a society that is being shaped by the internet of things (IoT). Individuals are surrounded by a broad range of connectable devices, such as smartphones or home hubs, through which they constantly leave a digital trail and share not only more information about themselves but also more sensitive information. These devices create multiple connection points for hackers to gain entry into IoT ecosystems, access customer information, and even penetrate manufacturers’ back-end systems.The monetary costs of the attacks are also enormous. In 2017, the global cost of ransomware attacks exceed $5 billion. And, according to recent studies , these attacks as a whole, are projected to cost the world more than $6 trillion by the end 2021 9.Despite the rapidly evolving security risks and staggering costs, stakeholders are unable to identify the risks and put into practice the adequate mechanisms needed to prevent attacks. Insufficient attention to security undermines trust in the internet and increases vulnerabilities. Safeguarding the information and privacy of individuals is the obligation of any person, organization, or technology accessing personal information, regardless of the source. The status quo no longer works.c.6

Page 30

Given the amount of data collected and the lack of individual control, privacy and security; privacy regulations are becoming more complex and comprehensive. Failing to protect sensitive data can lead to regulatory investigations, sanctions and lawsuits.In our modern, interconnected global economy, being compliant with one jurisdiction is not sufficient. Companies need to comply with an increasingly growing, wide range of strict security and privacy rules that come from multiple and unfamiliar jurisdictions and accommodate different rights and multiple standards.This fragmented regulatory landscape creates obstacles to guaranteeing privacy across the world and imposes heavy burdens on businesses that affect their chance to grow and compete.7

Page 31

Despite the significant benefits that arise from the ability to share information people and organizations are unable to unleash its true potential. People cannot find, access, and use their own information; while service providers continue missing out on powerful competitive tools.Policies, proprietary, and legacy systems have formed an array of barriers that impede the free flow of data. Information is commonly disjointed and stove piped on different architectures leaving organizations and individuals unable to benefit not just from new ideas, research, technologies, and best practices that accompany quality, privacy ensured data flows but also the day to day goods and services that rely on data.Current policies allow “all or nothing” information sharing. Today, we lack a universally accepted process to allow for only partial sharing. This “all or nothing” flow of attributes, data and information drives our world and generates significant privacy and security challenges that must be addressed. For example, when we “check-the-box- to agree” using connected devices and applications we give our permission to all of the data uses listed on the company's privacy notice. We cannot agree to some of the terms and not others.Legitimate concerns over privacy and confidentiality affect data flow as a source of wellbeing.Now, perhaps more than ever before, consumer anxiety about privacy is intensified when people realize that they do not know which organizations have their data, what is known about them, and how they are using - or misusing- their own information.Moreover, the traditional enterprise-centric system and its own mechanisms for enforcing security policies have failed to keep information safe and interconnected. Companies control the access to data and survey user activity to reliably implement security policies. Yet despite these actions, they are still unable to protect information and worse, unwilling to provide or enforce meaningful individual control.Widespread “all or nothing” data sharing as a driver of wellbeing is not sustainable without trust and transparency. People and organizations disagree on what is required to verify individuals, their roles, and the requirements to share sensitive information. As a consequence of the latter, individuals and organizations are kept from linking and sharing the data needed to advance research, innovation, and wellbeing.8

Page 32

Data-driven decision-making systems increasingly impact our lives. Data used in machine learning and AI are established by the devices and networks that we use combined with the networks and devices used by others who process information about us or for us. These personal identifiers are duplicated and used by many types of organizations including governments, financial institutions, and schools.The 10 provides use-case frameworks to foster ethical data governance, standards and accreditations needed for data models that protect privacy, comply with privacy laws, and improve our ability to personalize.9

Page 33

connected to the flow of data, without sacrificing their privacy and security. This is a great challenge that requires improving current data paradigms and embracing innovation as the only path to satisfy the demand for trusted data flow. At the end, the power of the web resides on users’ willingness to trust it.The new EP3 Privacy Networks respond to this challenge and automate and enforce privacy frameworks. These networks enable attribute-level data sharing, enhanced security and decision intelligence. For the first time comprehensive real-time data will be available to determine how to create healthy, sustainable communities while also respecting the security and privacy of individuals.Human skills alone, cannot protect individuals’ privacy and security. Safe digital environments require new privacy paradigms11 combined with critical digital skills and competencies.It is vital to establish new systems to turn data flows into successes and ensure the internet serves as a driver for innovation, scientific research, economic growth and social development. How we manage the internet and the deployment of IoT, AI, blockchain and other distributed ledger technologies will determine whether our society is able to move toward an internet that benefits all people around the world.The main goal is not just to respond to the biggest privacy threats, but enable people to benefit from the enormous opportunities10

Page 34

Page 35

The EP3 Foundation builds and certifies trust models, the rules and standards required for individuals and organizations to send and receive data. EP3 “Trust Models” are expressed in web protocols, the rules that automate privacy, ensures data security and improves personalization. They bind, hash, and commit usage rules to your data at the smallest attribute-level. Each attribute is digitally signed by its established global and regional issuing trust authority, and then cryptographically bound together. Automating privacy protocols exponentially reduces and eliminates identity theft, fraud, and cybersecurity breaches.● Find, access, link, and safely share data at the attribute-level protecting sensitive information.● Automate data governance and comply with policies, licensing, privacy and cybersecurity requirements.● Control policies for privacy, security, and personalization.● Compute comprehensive, pseudonymized, obfuscated, crypto-hashed, distributed and partitioned data.We build trusted networks based on collaborative efforts to protect information and improve the ability to analyze, link and use the data needed to help individuals to thrive. The Foundation works to: The EP3 Foundation convenes global, national, and regional policy authorities to set the rules and governance for new credentials and certifications that establish vendor-neutral, privacy networks.Trust Criteria, or the rules, and Trust Credentials, which certify that the rules have been meet are the issued by trust authorities allowing diverse resources published by disparate organizations to be interoperable, easily shared and trusted across the ecosystem.The EP3 Foundation has developed Accreditation and Certification Programs that verify the Criteria and Credentials. These in turn enable interoperable digital exchange based on privacy, security, identity verification, and authentication. These programs also provide third- party credibility via their ability to grant accreditation for stakeholders to achieve a trusted environment where privacy and security requirements are maintained.In addition, the EP3 Foundation serves policy leaders looking for solutions to protect their communities from privacy and security risks. We provide leadership outreach, education, and PR campaigns to help policy leaders social norm or confirm community expectations for new data governance practices.To that end, the EP3 Foundation, a founding member of the Trusted Network Accreditation Program (TNAP), addresses the requirements to provide third-party accreditation for healthcare stakeholders, data registers, Lab, providers, payers, vendors, and suppliers.12

Page 36

We collaborate with stakeholders, and trust authorities to set the rules and governance to develop new credentials and accreditations that establish vendor-neutral networks. The critical difference with our networks over previous data paradigms resolves around our current concept of the word “share.” Currently, when data and the information it brings is “shared” it is usually copied. Anyone with access may also create some type of copy that is then hosted in new locations with all of the associated risks that go with sensitive information being used, accessed, or stored. Instead of allowing others to copy the information, EP3 Foundation networks enable authorization networks to access the same data in the protected, software defined perimeter.Trusted Data Attributes13

Page 37

EP3 Privacy Networks are based on forward-thinking innovations that together with the neutral governance of the EP3 Foundation, create Privacy Networks to allow organizations and individuals to pool, anonymize, share, and analyze sensitive data while complying with privacy and security regulations. Network participants take comprehensive, sensitive information and transform it into pseudonymized, obfuscated data, known as . These trust blocks are then partitioned and distributed across multiple privacy networks managed with keys. Within the software defined perimeter, Trust Blocks receive a variety of aggregates, analytic outputs, and resources from additional privacy networks. The EP3 Privacy Networks cryptographically bind different trust criteria, trust credentials and different resources to the attribute-level Trust Blocks. These trust blocks differ from old data packets in that they automate enforcement and verify identities across multiple, participating networks giving people, for the first time, the control over what data is shared, with whom, and the ability to withdraw that permission or delete it across the entire network. The Trust blocks also exponentially reduce the risk of a breach because the information inside the block is now fully opaque. Even if someone unauthorized were to access the trust blocks, no data breach notifications are required because no information was disclosed. This reduces your risk of creating “honey pots,” or target rich environments. 14

Page 38

For the first time, comprehensive real-time data is available to determine how to create healthy, sustainable communities while also respecting the rights and privacy of individuals.○ Protect individuals and their data from malicious and criminals use.○ Exponentially reduce waste, fraud, and abuse including identity theft.○ Ensure patient safety in a way that also protects their privacy.○ Patient permissions both enabled enforced.○ Enable global population and public health with quality data from multiple sources included cross national boards.○ Improve child safety by ensuring their identity is separated from their unique device identifiers and brower fingerprints.○ Improve internet trust and protect our internet infrastructure from denial-of-service attacks and ransomware.○ Bring new value to personal information providing additional financial incentives to new, emerging communities.○ Provide a safe harbor for companies complying with dynamic, global privacy privacy and processing requirements, especially in managing data from children, youth, and education.Access to quality data enables decision intelligence, making evidence-based decisions but not at the expense of individual privacy. Data about an individual can be viewed but not linked back to them and is shared only by specific permission and use. It also enables collaborative innovation in any industry that requires coordination and relies upon privacy- sensitive, proprietary or regulated data.15

Page 39

Unifying and leveraging data – so what people are experiencing is valuable and personalized cannot continue to be sacrificed. This is especially true in the healthcare area where personalized medicine opens a bright future of opportunities that lead to better care for patients and ultimately benefit low-income communities with high burdens of disease.EP3 Foundation enables health information interoperability by partnering with the leading health and cybersecurity authorities to establish the accreditations for health systems using our data protocols.12In healthcare, we have decision intelligence for personalized networks based on an individual’s location, lifestyle and genome. These improves transparency and accountability across the entire ecosystem. It also provides public and population healthcare providers the ability to detect, intervene and conduct privacy-preserving surveillance. Doctors and providers of care can better coordinate comprehensive, integrated care. For example, the healthcare ecosystem pooled data resources, managed at the attributes level includes: insurers, providers of care, hospital systems, and payees. With comprehensive health data we can discover new models that improve treatment and recovery outcomes. All done, meeting the strict privacy protections for patients.16

Page 40

Educational technology systems collect an enormous amount of data to improve learning outcomes and resource efficiencies. However, the diverse systems where the data is stored, the exponential number of devices, tools, vendors and individuals accessing the data, and the lack of unified standards regarding the protection of students’ data present both privacy and security concerns. The most common cybersecurity incidents or attacks in U.S. schools include phishing, unauthorized entry or disclosures, ransomware; denial-of-service, and other cybersecurity incidents resulting in school disruptions and unauthorized disclosures.We partner with leading child safety experts and student privacy advocates to create the privacy and security accreditations that enable educational institutions to provide better security for sensitive student and educator information and decrease the security issues.EP3 Education Networks empower students, parents, and educators with easy access to their privacy protected information. Data can be analyzed and personalized. This resolves educational problems, informs academic practices, refines learning approaches, and reaches educational goals, without revealing personal or sensitive information.Our networks connect education systems to give students and teachers the information needed to support learning and personal growth. By supporting privacy-preserving access and analysis of comprehensive records of students, online learning activities and other data, it is possible to provide effective personalization, adaptive learning and superior teaching methods, with more accurate assessment and personalized feedback on student progress, achievement and knowledge gaps, all with the enhanced security needed for data that will be attached to a person for their lifetime- from educational records to teaching certifications.Students and teachers benefit from data analysis as it guides their paths to a better education and secure access to technology-enhanced tools. The research and education community benefit from access to large pools of data that can be used to advance our knowledge of teaching and learning.17

Page 41

Organizations in the entertainment business are also targets for cybercrime, consumer demands, and regulatory pressures. It is important for these companies to have in place all the necessary mechanisms to protect the confidential information of individuals and affiliated parties, without affecting the access to their content, services , and revenues.Personalized Entertainment Networks encourage creativity and reward the people who create and share their work online, while protecting the identity and rights of consumers and content creators, and reducing unauthorized use.These networks also enable privacy-preserving advertising networks. For the first time Advertising Networks will be able to empower consumers, allow precision anonymous advertising, frictionless e-commerce and expanded markets for personalized messaging using highly sensitive, regulated, and proprietary data.18

Page 42

The implementation of EP3 Privacy Networks allow:● Decision intelligence that identifies and enforces data safety policies;● Trust that our data can be protected;● Enforcement of national and international laws for our personal privacy domains;● The means to better protect information;● Data governance that is automated and complies with policies, licensing, privacy and cybersecurity requirements;● Pseudonymized, obfuscated, crypto-hashed, and partitioned data to protect personal information while leaving it computable; and● Decision intelligence for personalized networks based on an individual's location, lifestyle and genome.Everyone can leverage Privacy Networks that use Trust Blocks with current data systems to:19PROTECTprivacy and confidentialityVERIFYidentity & roles across many networksLINKprivacy-protected data at granular levelsSHAREinformation only when allowedENFORCEpolicies automatically

Page 43

To address privacy and security, organizations and governments alike must secure information, ensure confidentiality and protect privacy, while also giving individuals the capacity to access and aggregate the information they are authorized to use. It is time for the organizations to take greater responsibility on how they protect users’ data and how they can proactively stop harmful practices affecting people’s privacy. Privacy compliance is more than just a legal requirement, it is also an ethical obligation that imposes real business costs to those not taking it seriously.Start today! Participate in networks certified for privacy, security, and regulatory compliance. The foundation has demonstration and pilot initiatives building networks to be accredited from legacy trust authorities. Email us at info@ep3foundation.org.20

Page 44

A software defined network which can obfuscate (crypto-hash, tokenize, encrypt, randomize and/or partition) any data, provenance, process definitions and trust criteria, transforming them into meaningless gibberish which is simultaneously invulnerable to breach, yet still capable of supporting computation or policy enforcement.: An extensible information model and software defined network for representing and classifying disparate trust criteria, trust policies, trust credentials, resource descriptions and resource provenance. Elements within the UTM are represented via combinations of metadata, documents and software services, and stored in a distributed ledger. (Webshield): Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional(although intent usually is connoted), and is accomplished with circumlocution (talking around the subject), the use of jargon (technical language of a profession), and the use of an argot (ingroup language) of limited communicative value to outsiders. (Wikipedia) Trust Criteria are verifiable claims of requirements for: regulatory compliance, payment & licensing terms, identity assurance, cybersecurity & privacy, semantic interoperability, authorized purpose of use, authorized recipients, trusted provenance, endorsements & ratings, etc.: Trust Credentials are verifiable claims (metadata and documents) from known Trust Authorities describing each resource’s: APIs and data model, semantics and provenance, audit history, supporting documentation, certifications & assessments, endorsements & ratings, classifications & characteristics, etc.21

Page 45

1. Future Agenda, The increasing value of Data. Available at https://www.futureagenda.org/insight/the-increasing- value-of-data2. World Bank national accounts data: https://data.worldbank.org/indicator/NY.GDP.MKTP.CD?end=2016&start=1960&view=chart&year_high_desc=true3. Vint Cerf, The Internet IP Addresses and DNS. Available at: https://www.youtube.com/watch?v=5o8CwafCxnU4. Bernard Marr, How Much Data Do We Create Every Day? The Mind-Blowing Stats Everyone Should Read, Available at: https://www.forbes.com/sites/bernardmarr/2018/05/21/how-much-data-do-we-create-every-day-the- mind-blowing-stats-everyone-should-read/#76b8866060ba.5. Daniel Solove, Data Security Is Worsening: 2017 Was the Worst Year Yet (2018) https://teachprivacy.com/data- security-is-worsening-2017-was-the-worst-year-yet/. Accessed 6 Nov. 2018.6. Internet Society, 2017 Internet Society Global Internet Report: Paths to Our Digital Future. (2017). 7. Riskbase Security, Data Breach QuickView Report, 2017 (2017)8. Hancock, Pérez, and Elliott (2018) We will keep Children Safe Online? Government Europa, pp. 1-8. Available at: http://edition.pagesuite-professional.co.uk/html5/reader/production/default.aspx?pubname=&edid=44b47261-83cf-4fae-8214-42d2bf163a04 9. SIA, Data Privacy and Security Trends for 2018, Available at https://www.securityindustry.org/wp-content/uploads/2018/01/SIA_DATA_PRIVACY_WHITEPAPER_WEB.pdf10. This graphic is based on the Hancock Privacy Framework. Hancock (2018) Hancock Privacy Framework: Information Created by Individual Users. Available at: https://midd.me/tbBm11. Hancock, Elliott, and Pérez (2018) How to implement new privacy-preserving data paradigms. Government Europa Quarterly, Issue 27, pp. 36-39. Available at http://edition.pagesuite-professional.co.uk/html5/reader/production/default.aspx?pubname=&edid=7122fbff-5a4c-4dcb-873f-bee2ee4b1cd7&pnum=36 12. Hancock (2019) How to overcome 40 years of obstacles: the road to accessible health information interoperability. Health Europa Quarterly, Issue 8, p. 98. Available at: http://edition.pagesuite-professional.co.uk/html5/reader/production/default.aspx?pnum=98&edid=5ffe2a2a-df10-462e-a709-5910f039b796&isshared=true22

EP3 Privacy Networks

Page 1

Page 2

Page 3

Page 4