In November 2019, security firm Risk Based Security described last year as the “worst year ever recorded” for violations, with nearly 8 billion records affected. Third party control over personal data makes confidentiality something that is no longer data.
The advent of blockchain technology seems to have heralded a new era in data security. However, as technology has become more common on the Internet, questions have arisen regarding its ability to store data securely. The reason is full transparency which may not be good for privacy, as blockchain analytics company Chainalysis recently said.
Once upon a time there was privacy
As people’s lives become more and more digital, issues of data protection and privacy are becoming paramount. Any action taken online is a speck of gold dust for some companies. Data is gleaned and compiled into databases to be sold or auctioned off to the highest bidder by browsers and social media giants. Johnny Ryan, policy and industry relations officer for Brave Browser, said in an interview with Cointelegraph on February 21:
“RTB [Real-time-bidding, an auction for online ads] is the biggest data breach in the world. Personal data is disseminated to thousands of companies. “
Ryan’s words echoed with the increasing number of data breaches, highlighting the fact that most modern business models are based on the collection and sale of users’ personal data because browsers like Chrome and social networks like Facebook sell the data to those who pay for it. .
Facebook and multimedia design platform Canva are among the most prominent data breachers, with 540 million and 139 million users affected in 2019, respectively. Top entrepreneurs and billionaires were also hit, for example, Jeff Bezos , the CEO of Amazon, was hacked in 2018 while using WhatsApp.
Because it is centralized
Statistics show that centralized companies disclose user information more often than we think. Data security is often overlooked for convenience, as companies rely on third-party resources like Dropbox and Google Docs, whose security has been regularly questioned.
Most of the data collected by third-party companies is stored in centralized databases characterized by a failure capacity at a point with a domino effect. Worse yet, data breaches go unnoticed or go undisclosed.
The easiest way to verify is to enter an email on the Have I Been Pwned website, which provides statistics on the number of times a user’s personal information has been found online. The total number of hacked accounts has reached nearly 9.5 billion according to site statistics.
Is blockchain the panacea for user privacy?
Blockchain is generally considered to be focused on privacy and, therefore, can become an ideal solution for problems that arise with traditional storage systems. For example, private blockchains can provide strictly enforced access to data based on permissions.
Many solutions are proposed, such as homomorphic encryption, which makes it possible to perform calculations with encrypted data without prior decryption. This method was initially used on the MIT’s Enigma network, which divides data into pieces, encrypts it and distributes it randomly over the network in small portions. None of the nodes on the network can read this data, but users can decrypt it.
Security and confidentiality are thus preserved and only users with decryption keys and appropriate identification information are authorized to access them. Cryptographic techniques such as zero knowledge proofs and zk-SNARK already use homomorphic encryption – and Zcash (ZEC) is an example that applies such techniques.
The quintessence of blockchain technology is that it negates the need for third parties, thereby ensuring a higher level of security. The introduction of features such as decentralized identity control provides a significant reduction in identity theft.
For example, in May 2019, Microsoft announced its intention to use distributed registry technology to create a decentralized identification system called Decentralized ID, or DID, based on the Microsoft Authenticator application. Developers believe blockchain technology is perfect for storing personal information because it eliminates the need to give consent to use private data. Therefore, user identities will not be duplicated and distributed among different service providers such as social media companies or online stores.
Likewise, SDS, Samsung’s Internet technology division, recently incorporated the evidence of non-knowledge of QEDIT into its enterprise-oriented Nexledger blockchain. The SDS team believes that the integration will allow it to provide parties using corporate blockchains to record and validate transactions on a shared ledger without disclosing confidential data.
The principle of storing personal information to protect user data was introduced by Jeff Pulver, the American who launched VoIP. The Pulver Order was adopted by the Federal Communications Commission on February 12, 2004 and allowed people to freely use communication applications like WhatsApp.
In 2018, Pulver proposed to use a blockchain-compatible communication network based on new authentication layers and decentralized solutions. The new solution, called Debrief, would be the most secure corporate communications network available for peer-to-peer audio and video calls, messaging, and decentralized file storage. The technology aims not to disclose confidential user information unlike services such as Facebook or Zoom.
The secret lies in a decentralized storage system and a secure blockchain authentication protocol that are impervious to hackers. Pulver states that Debrief’s data encryption algorithms do not allow modification or falsification of data once it is placed on the network.
Each recipient of the network receives the same information as that entered in real time. Therefore, for an attacker to be able to alter or modify information on a recipient’s computer, other computers on the network would need to commit the change, which they would never do. Pulver explained at the time that: “By refraining from centralized control, we will remove the weak link in the equation – third parties.”
MedRec, a project launched by MIT, pursues a similar objective but in the healthcare sector. The project uses blockchain technology to enable the secure exchange of health care information between patients and service providers. As a result, patients can retain full control of their personal data and grant access to service providers rather than the other way around.
MedRec has already performed a series of pilot tests with research partners and is currently working on refining the system. Using MedRec can reduce health care data breaches and help develop new electronic health record solutions that comply with the Portability and Health Insurance Liability Law.
General Motors also supports blockchain technology. In 2018, the company filed a patent on autonomous cars which store data in a distributed register and can share it with other vehicles and entities connected to the system, ensuring road safety and compliance with multiple industry regulations transports.
Data privacy doesn’t agree with blockchain
Speaking to Cointelegraph on blockchain technology and data security, Vijay Rathour, a partner in Grant Thornton’s digital investigation and investigation group, compared the technology to glass bank vaults: “They are very secure. These are one-way chests – that is, you can put valuables in them but not take them out. The content can be seen by the world. “
However, according to Rathour, even after recognizing all of these qualities, bank safes can be used to hold blood money or stolen property. Simply put, the efficiency of the vaults does not mean that what is there is also good. Rathour explained further:
“Is [data stored on blockchain] suitably anonymized? Would I like my passport to be visible to the world in a glass bank vault so that the world could see it? No. But I would probably appreciate the benefits of an encrypted version of my passport kept securely in the “cloud” in this blockchain. ”
Blockchain has many inherent advantages that make it a perfect match for privacy, and it offers useful data protection features that allow it to comply with general data protection regulations. Meanwhile, there are other aspects that make it inapplicable.
While immutability is good for data confidentiality, there are two stumbling blocks: first, immutability conflicts with laws about storing information. Second, errors or inaccuracies on a blockchain cannot be corrected. In a conversation with Cointelegraph, Thomas Stubbings, president of the Austrian government’s cybersecurity platform, suggested:
“Indeed, the main characteristic of a blockchain is to protect the integrity of data by making it immutable. However, exactly this functionality can become a problem if the data is no longer needed, wanted or correct. It is practically impossible to remove it. This creates a new type of privacy problem. ”
Jonathan Levin, co-founder and chief strategy officer of crypto-analytics company Chainalysis, recently said that full transparency is not a boon either, as blockchain technology can be used to track and associate people personal information. Levin told Cointelegraph:
“The two extremes of total anonymity and total transparency are bad. Complete anonymity opens the door to illegal activities … On the other hand, total transparency means that there is no confidentiality. “
Teemu Alexander Puutio, compliance expert and assistant instructor at the New York University School of Professional Services, told Cointelegraph that there are several ways to leak data from cryptographically secure registers. He reiterated that Bitcoin (BTC) is a pseudonym, and, thus, its users can be found and identified, adding:
“For example, network traffic analysis has recently been used to achieve 95% identification accuracy and theoretically simple observation methods and Bayesian probabilistic analysis have enabled researchers to identify thousands of accounts in some months. These concerns are further compounded by the fact that data stored on blockchains is generally immutable and entirely public – at least for the network of verifiers. “
Puutio also referred to a survey released in January 2019 which found that only a small portion of blockchain platforms are able to achieve high levels of data security.
One of the basic features of the blockchain – the inability to selectively delete information – can be a double-edged sword. One of its negative aspects is that a majority of 51% of the nodes is necessary to edit the data, which greatly complicates the implementation of the provisions of article 17 of the GDRP, which gives the “right to oblivion. ”
Stubbings told Cointelegraph that there is a new threat called “blockchain poisoning”, which takes advantage of making blockchains non-GDPR compliant by inserting personally identifiable information that can never be deleted. He said:
“This can lead to the worst case in a blockchain that becomes unusable … The problem is quite new and even EU privacy experts do not know how to deal with it, especially since no one has blockchains public, it is only a certain number of nodes. So who is responsible? Person? Anyone who has a knot? This is a delicate problem, and it could hinder the evolution – if not very promising – of blockchain as a precious security tool. “
In the end, data consistency turns out to be the main obstacle to overcome for blockchain technology to become a viable solution from the perspective of the GDPR.
Blockchain technology is good, but …
The world is always centralized and data can be lost under the control of a handful of operators. Governments are tightening regulations, but they are not enough to guarantee the safety and security of user data. Summarizing the role of blockchain technology in data security, Rathour told Cointelegraph:
“Blockchains are good, but there is still art and science to putting and keeping and keeping the data they contain. Just like databases, cloud computers and many other mechanical options available to those responsible for keeping our data. “
Although a critical mass of users demanding decentralized data storage would make blockchain technology the de facto storage medium, the immutability factor does not allow it to comply with the requirements of the GDPR. Blockchain technology has a long way to go before it becomes the all-in-one data storage solution. Total immutability and transparency are two sides of the same coin, and the coin always rotates.
Ultimately, “the development of lightweight cryptographic algorithms, along with other practical methods of security and privacy, will be a key technology for the future development of the blockchain and its applications,” as the authors suggest. Security and Privacy on Blockchain Investigation.
