This also applies to professional communication and collaboration platforms. Worldwide, 300 billion e-mails are sent every day, and it is often unclear who is behind them. This makes it all the more important to ensure the verified origin of an email, which can be easily verified by any mail client or server. Messaging, ticketing or groupware are also predestined areas of application for authentic communication. Trust is a wonderful virtue, but in digital communication channels it can quickly become a boomerang.

For the majority of people on the Internet, their digital provenance is likely even more important than their most important paper documents. But they keep their provenance in a gated community, in a house they don’t have the keys to, with no control over the security guards. It is nearly impossible to share critical information in an authentic way with anyone outside that gated community. And because of this, all these gated communities are a lot like Hotel California—that is, by design.

Let them eat cake?

Data sovereignty is one of the biggest challenges that humankind is facing. Europe especially has historically been very concerned about this—but has yet to deliver sustainable answers. Amid the technical community, so-called “self-hosting”—owning your servers and using open-source technology to set up your own services—has been promoted as the solution for decades. While this may be possible for people with sufficient technical background and skills to follow, to the majority, the suggestion is akin to Marie Antoinette telling her starving population to eat cake. 

While companies of a certain size could opt to follow this approach at least for critical functions, very few of them do. This is because data sovereignty—like security—is considered a cost center and primarily driven by compliance. Many of these laws were put in place because the majority of business managers do not understand enough about technology to be considered literate. But while technical illiteracy might be considered a blocker for upper management, it doesn’t have to be.

Far too many corporate boards lack a single member with a technical background. Instead, the cost points for compliance, namely data sovereignty and security, are delegated to the CFO. Data sovereignty requires a number of decisions about when a business can safely rely on external economies of scale, and when a company must be careful to maintain its competitive edge moving forward. These decisions are strategic in nature, and the answers will be specific to most businesses. Delegating such decisions to someone illiterate on the subject leaves many organizations with a strategic blind spot.

Defining digital provenance

For most companies it makes no commercial or strategic sense to keep everything in-house. Data sovereignty is a complex topic, with a wide range of options starting from setting up your own hardware fabrication and building your own data centers, a path that some large tech companies have opted for and that otherwise only nation-states should be considering, all the way to just signing up for the whole product line on one of the hyperscale clouds. There are always tradeoffs to be considered. For example, one could choose a secure collaboration solution but run it on a hyperscale cloud that provides platform or infrastructure as-a-service (P/IaaS).

The Swiss Academy of Engineering Sciences defines data sovereignty as
 “the right and the ability of individuals or organizations to control and to use autonomously the data they produced or collected or that concern them.”

Data sovereignty is never absolute. Any of the choices above will leave you with a different data sovereignty score. But whatever the score of your data sovereignty, there is always a separate score for your digital provenance. If we follow the definition above, data provenance should be understood as the right and the ability of individuals or organizations to prove the existence, custody, veracity and origin of data they produced or collected or that concern them.