Subscribe To DTI's Blog via

Threat Model Part 3 - Access, Content, and Spoofing

Part three of a series on service-to-service user-data portability architectures and how we can do threat modeling against the generic architecture. While exploring access control, harmful content and spoofing, many details turn out to be use-case dependent and the threat model must be considered again when we implement specific solutions. Hopefully this is a useful map of the threat territory.

Ready for speakers!

As I sit here in the lovely National Union Building in DC, the folks around me are finishing preparation for our summit. Speakers are beginning to arrive. The podium is ready! We just have a few last minute links to share, including a livestream link — maybe you can join us online?

Building a more portable future for text-based social

At DTI, we’re starting to dig into portability solutions for something we’ve been calling “text-based social media” – think Mastodon, Threads, Bluesky, and the-service-formerly-known-as-Twitter. In a social space, the problems are both technical and social problems, and the solutions must be as well.

Data portability serves multiple goals

Competition is a compelling narrative to support data portability policy, and with the implementation of Europe’s Digital Markets Act taking headlines, it’s often front of mind. It’s important to remember that competition is not the only lens...

Law isn’t code. The vote is just the beginning.

In the data portability world, foundational laws like the EU’s General Data Protection Regulation and California’s privacy laws provide users with the right to request their data from businesses, and the Digital Markets Act in Europe imposes additional portability duties on designated gatekeepers. But tech policy doesn’t stop being relevant when laws are adopted; to the contrary, that’s when the real work begins.

Data Transfer Initiative Welcomes Expanded Team & Launches Newsletter

It is hard for me to believe that it has only been a few short months since the launch of the Data Transfer Initiative. Since I started, I’ve traveled to DC and Brussels, spoken on panels and government workshops (check out my slides from the European Commission’s “The DMA and data related obligations” workshop here), published a policy one-pager and written new articles on data portability, and met with policymakers, civil society organizations, and industry stakeholders. And I’ve done it all as DTI’s sole full-time employee.

It's hard to measure the value of data (transfers).

Data’s fundamental characteristics, including its non-rivalrous nature and its ability to capture key learnings about the past and present – and even, as we see clearly through today’s explosion of large language models, predict the future – allow for an incredible range of valuable use cases, including through the combination of data across sources and across users. But some of the most valuable data is personal data, in which people have privacy rights and (in many countries) robust legal protections.

Data Transfer Initiative Launch

Since its founding in 2018, I’ve watched DTP with interest and enthusiasm [...] I’m pleased to announce the creation of the Data Transfer Initiative (DTI), a new non-profit organization that will house DTP and support the work that DTP started, with DTP remaining an open source project as part of DTI.