The Gateway Standard (Update)

The Age of Private Data Assets

Earlier this year in March, Gateway proudly presented “The Gateway Standard''. Gateway’s protocol became  home to partners like LiFi, Piggylet, CyberConnect, GoldFinch, Commonwealth, and more. At the time of writing, the Gateway standard was being built and discussed internally. In less than 5 months our protocol and perspective evolved tremendously. A major reason for this update comes from the realization that the term “credential” is not enough.

What Gateway is building is more than just a platform that enables organizations, like those listed above, to recognize and engage with their community. Data is not just an attestation to your skills or your activity. The reality is, Gateway is forging the first private data solution that enables all users to take ownership over their activity, reputation, and accomplishments across the web. Our focus enables users to become owners, truly controlling their data and experiences across the web. Organizations are issuers, creating  a unique “asset” from complex datasets which they define and monetize as it is being consumed across the web. Moreover, we create a seamless environment for products and services to verify datasets. The Gateway Network is now built on private data assets (PDAs), the digital native way to own, share, and verify data across the web.

Before we dive deep into why we moved away from credentials and why we are doubling down on PDAs, let us reestablish (once again) the current problem state we are looking at.

Current Problem State

In a previous article we presented this example:

1. Olivia applies to a job at Google. 

2. Olivia needs to provide proof that she attended Harvard University - the university listed on her resume. Harvard takes the request, processes the information by checking it against their central database to verify the individual’s status as an Alumni and their transcript.

3. Harvard then ensures all information in the database is valid, and will generate a proof of the individual’s record with the University. 

4. Harvard will share this proof with Google.

NOTE: Since this proof is valid for Harvard only, Google must repeat this outreach process with every other “claim” on Olivia’s degree.

The process above shows some glaring issues in the way personal data is “issued” and verified. The most pertinent problem is centralization, where entities become gatekeepers to information. This makes  it very difficult to access important data ABOUT YOU without needing to go through multiple intermediaries. Such a process results in high fees and cumbersome timelines.

This centralization also leads to potential vulnerabilities like tampering and lack of transparency. In regards to tampering, privacy is becoming an utmost concern as regulation moves to protect individual’s rights on digital platforms as well as concerns around fraud/impersonation. Also, security is a necessity as technology penetrates every facet of our lives and requires significant improvement to ensure user data is not being leaked or misused by platforms. Lastly, transparency is on the top of everyone’s list as users entitled to know who has access to their information and their experiences. In summary, we must embrace…

Private Data Assets (PDAs)

Gateway is fully focused on delivering a solution that addresses the inefficiencies and issues that stem from current systems (like the one described above) via Private Data Assets (PDAs). PDAs are best defined as the formulation of raw data into encrypted, secure, portable, and publicly verifiable assets. The reason Gateway is focused on treating this data formation as an “asset” is because of the ownership, social value capture, and economic potential. 

Private Data Assets enable organizations to jump the hurdle of many of the efficiencies we have covered above and in the past. Let us start with a few.

1. Breaking Past Data Silos
   
   The industry is plagued with isolated data silos. Data is the definitive moat of web2, especially for consumer/social applications like Twitter or Instagram. This is why we have seen organizations like Twitter (X) reduce the threshold of information that can be accessed via their API while drastically increasing the price for consumption. Platforms greatly fear others from accessing their clients information and losing the opportunity to monetize. With Gateway, Twitter could issue their users “Activity PDA” which would capture a user’s activity during a time period. Twitter could dictate that the price to verify this data is $1. Now Bob, who owns an Activity PDA from Twitter, can choose to take this to Youtube or Lens. Those products would request Bob’s activity PDA and others, and once that verification is completed it would automatically charge verifiers. This ensures that the user data is still secure, allows for cross marketing between  platforms, and Twitter has a cash flow.
   
   In summary, PDAs guarantee a future of permissioned data sharing for data owners and monetization for PDA Issuers. 

2. Owning the Internet

   A new shift is occurring at the legal level where at least 25 states and Puerto Rico introduced or considered almost 140 consumer privacy bills in 2023, according to the National Conference of State Legislatures. Overseas, there’s the EU’s General Data Protection Regulation (GDPR). Notable initiatives in the States include the California Consumer Privacy Act, the Colorado Privacy Act protect consumers’ right to opt out of data tracking and selling, and the Texas Data Privacy and Security Act. It is clear our regulators are structuring the future of the web to be more inclusive and protective of individual’s sovereignty.
   
   Yes, disruptive technology spurred  the change, but sometimes the regulation actually winds up benefitting the “little guy” and pressing the solution forward. Our vision is to empower users to have more control of their data and give them the tools to share it with 3rd parties as they see fit (we will be discussing much of the how in a next article). Organizations no longer need to worry about keeping up with changing compliance, legal requirements, or building infrastructure to maintain complex data sets. User ownership also entails an opening for corporations to cut costs  and increase margins.
   
   This is why PDAs will have metadata stored in a decentralized manner via Arweave and encrypted using MPC (multi-party computation) technology and KMS encryption.

3. Standardization

   This is a term that is often thrown around with the emergence of disruptive technologies, however Gateway embodies it into its very protocol. Our goal is to allow issuers across the internet from social graph networks, to financial institutions, to consumer products to all create unique data models. Think of data-models as the PDA structure. This is the metadata being stored within the actual asset.  If organizations from the same industry hold similar information, creating a structured way to consume and issue said PDAs will only increase data interoperability and accountability. An example of this is how KYC, Credit Scores, and Proof of Funds are all objectively similar across banks. Yet because of compliance concerns we are unable to actively see KYC being permissioned and verified across financial institutions (instead opting to do it manually each time).

4. Public Verification

   At the core of the Private Data Asset thesis  is the ability for the actual issuances and activity on the network to be publicly verifiable. This entails that actual private information would not be accessible, but instead the “state” of the information can be verified. For example, Gateway would be creating an on-chain emission to show that a PDA was issued by JP Morgan using the “KYC Data Model”. This would not show who received the PDA nor the actual data. This combines the best encryption practices while leveraging the blockchain for its greatest strength as a public ledger. 

   In summary, this ensures a Tamper-Proof and fully secure experience for all stakeholders involved.

Why NFTs and Verified Credentials are not enough

Let us start with the elephant in the room. Why did Gateway abandon credentials? In all transparency, we did not. We only expanded upon them to create a framework that could be leveraged by builders, marketing teams, and partnership leads to drive a new standard. Note that all credentials are PDAs, but not all PDAs are credentials.

WHAT? Credentials are a limiting term. Most people when they hear this have their own understanding. One of our great partners, the CMO at LI.FI said it best, “the word credential is abused and misused and no one knows what exactly you are saying when it is said.” For some credentials might refer to the requirements/permission you need in order to access a subset of information.

Remember that scene from Captain America Winter Soldier, where Nick Fury returns from the dead and says “You need to keep both eyes open”. Natasha needed multiple alpha-level members to decrypt the permissions. Often, this is what people mean when they ask for credentials. Also, credentials is often associated with a qualification or achievement such as one’s academic degrees, their licenses, or AWS certifications.

PDAs truly encompass the world of private data. The internet is eating the physical world, leading to organizations focusing on security practices and scale for their digital infrastructure. PDAs are native to our digital world, they ensure the rights entitled to each citizen of the internet and create the proper checks and balances needed to prevent institutions from extorting the end-user.

As for NFTs, we have to accept reality. The hype for NFTs has also brought great disdain amongst current institutions. NFTs rose up as an opposite yet equal financial asset  to the standard ERC-20 token (fungible tokens). The acceptance of NFTs is due to its representation of ownership that can be authenticated publicly. Most notably one of one PFPs from a collection of 10,000 generated pieces of artwork. This includes projects like Bored Ape, Crypto Punks, Nouns, and many more. Each one of these projects is known for its financial value based on rarity and uniqueness. While NFTs are a great use case for financial assets which are limited, not replicable, and indivisible, they are not strong carriers of data.

Each NFT has unique meta-data and there are no set standards for what sort of information should be present from one project to another. Also NFTs are not practical for most concepts of private information. For example, we would not simply create a passport or social security card as an NFT. Though both are unique to you, they do not allow for data to be private and updating metadata is not feasible (unless we create new on-chain transactions and fail to notify all parties).

Data is constantly changing, we need a standard that reflects updates from expired data streams to newly added information, privacy, and functionality. This is what PDAs support.

The Gateway Network Update

With the inclusion of Private Data Assets (PDAs) as the foundation of a privacy preserving, sovereign, and verifiable data marketplace; let us now review some of the product updates and expectations in coming weeks

1. LI.FI Loyalty Pass

If you missed it the Gateway team was proud to be chosen by LI.FI to launch their Loyalty Pass. Driven by the PDA thesis, the goal is to allow the top users of LI FI to simply receive PDAs based on their on-chain activity and participation across the ecosystem. In due time this Loyalty Pass will lead to unique benefits with LI.FI and across its ecosystem. Read here for more information.

2. New Products Coming Soon (What to Expect)

   1. Gateway API 2.0 and Updated Documentation
      
      Gateway is currently refining its API to allow for programmatic issuance, management, and verification of PDAs. Our goal is to become the middleware which allows organizations to integrate the power of the Gateway PDA Network into any application seamlessly. The documentation is also being updated in real time to show the most recent changes to our roadmap, product offerings, how to build with us, and technical explanations.  

   2. Gateway LitePaper

      With many questions around Private Data Assets, this article will dive into how to build a Private Data Asset Network. What are our guiding principles? What are the main products and key technical implementations that will make this all possible?

   3. Gateway Dashboard

      A place for organizations, verifiers, and data-owners (users) to issue, share, and verify PDAs. Providing a seamless flow for engaging with your data and other actions.

   4. Gateway Explorer

      The Gateway Network explorer which will serve as an authentication layer, to prove all actions on the Gateway Network from issuances, to updates, to verifications/requests.