Thus, security is handled by the PIMS
on behalf of end users better than it
would ever be, for instance, on general-purpose personal devices such as PCs.
˲ The users have only to select security/privacy options under the guidance of the PIMS. The PIMS then reduces privacy risks, for example by
monitoring accesses and access patterns, for all applications run within
the PIMS environment.
Also, in a properly designed PIMS,
each collection of user data is strongly
isolated from that of others. So, in case
security has been compromised, it has
been so for a single user. Pirates will
therefore be more attracted to other
systems with lots of data and many users to attack.
PIMS will not resolve the security
issues for protecting users’ data. However, by providing a single entry point
for specifying security/privacy rules,
and with the support of the PIMS carefully designed with security in mind,
we believe this model puts us in a better position to provide security as well
as privacy to users.
Another main issue for regular users is clearly the management of their
PIMS. This is where the cloud turns
out to be essential. With the cloud, it
is possible to have a company host the
system for the users. (The user is a paying customer of that company and a
contract protects the data privacy.)
PIMS Are Coming!
This may be observed from three different angles: society, technology, and
Society is ready to move. People
have had relatively little concern so far
about where their personal data goes,
but this is changing for a number of
˲ Clear-cut abuses of massive data
gathering by both governments (NSA
and its European counterparts) and
corporations (credit bureaus, health
corporations, and social networks
come to mind).
˲ An increasing awareness by individuals of the asymmetry between what
companies know about a person, and
what the person actually knows about
the companies (or even about herself):
in Europe as well as the U.S., consumer
surveys all indicate consumers are in-
creasingly worried, not just about the se-
can safely assume this is not what a
large portion of the population craves.
Is there another option? We believe
there is one: the personal information
management system (PIMS).
The Personal Information
To understand the notion of personal
information management system, we
must consider today’s context. Why do
users “entrust” their data to services
proposed by companies such as Google
or Facebook? Because they enjoy using
these services. Now, there are two facets to these services: they are supported
by software with useful features, and
they are executed on machines that
are not managed by the user. What if
we could separate these two facets? On
one hand, a particular user would select, for each service, the best software
developer or service provider that suits
his or her needs. On the other hand,
this user would choose a server where
all these applications would run. This
would therefore bring together, on a
personal server, all this user’s favorite
applications and all the user’s data that
is currently distributed, fragmented,
This is what a PIMS does. It may
look like utopia. As we will see, it is not.
The PIMS system consists of a user’s
server, running the services selected by
the user, storing and processing the
˲ The user pays for the server (
possibly owns it) so the server does what the
user wants it to do and nothing else.
˲ The user chooses the application
code to deploy on the server.
˲ The server software, as well as that
of the services, is possibly open source
(which allows for code verification on
behalf of the users of the service).
˲ The server resides in the cloud so it
can be reached from anywhere.
Many different settings are possible.
We do not need to specify a particular
one. The user may own the server, or
pay for a hosted server. The server may
be a physical or a virtual machine. It
may be physically located in the user’s
home (for example, a TV box) or not. It
may run on a single machine or be distributed among several machines.
The PIMS centralizes the user’s per-
sonal information. It is a digital home.
The PIMS is also able to exert control
over information that resides in exter-
nal services (for example, Facebook),
and that only gets replicated inside the
PIMS. These services’ business models
are based on our personal data, and
PIMS will not prevent them from work-
ing in this way, so long as their custom-
ers agree; however, they will need to
share their data with their users, who
may want to use the data with compet-
ing platforms, or for whatever makes
sense to them. PIMS do not prevent
data sharing, they prevent unilateral
data hoarding. The PIMS software pro-
vides the necessary support so the user
always has access to his or her informa-
tion and controls (to the extent this is
possible) how information is accessed
by the applications.
By centralizing access to an indi-
vidual’s information, the PIMS enables
very useful new services that combine
information from a wide variety of
sources—those same silos that were
prevented from collaborating together
in an organizations-centric world—un-
der the user’s control and to serve his
or her needs.
Is the PIMS a security risk? Of
course, one could answer it is dif-
ficult to be more risky than today’s
large, interconnected corporate data-
bases containing data about millions
of customers, but this is hardly a
comforting answer. A possible weak-
ness is that PIMS security seems to
rest on end users when individuals
have repeatedly proved to be either
disinclined or unable to apply even
the minimal effort toward securing
their systems. However:
˲ The PIMS is run by a professional
operator and/or on secure hardware.
People have had
concern so far about
where their personal
data goes, but this
is changing for
a number of reasons.