Blockchains Can Protect Privacy But Aren't Foolproof
Keeping enterprise data safe has never been more important. According to Identity Theft Resource Center's latest Data Breach Report, there were 1,862 data breaches in 2021. This surpasses the record 1,108 that occurred in 2020 and the previous record of 1,506 set in 2017.
Blockchain technologies have been floated as a potential way to keep data secure. Over the past three years, there has been ongoing discussion about what role blockchain can play in the workplace. Given that blockchain is a vehicle for sharing data securely, and that data drives both digital transformation and the digital workplace, its role in the workplace could be significant.
While the use of blockchain to protect data is not new, early technologies left a lot of be desired. Yet, the growing use of blockchain in business has led to significant improvements in protocols and Layer-2 solutions that are creating safer environments. But is it reliable as a data privacy solution?
The Blockchain Advantage
Omid Malekan, a professor at Columbia Business School and the author of "The Story of the Blockchain," said blockchain can protect companies' data, but the design is a bit more complicated than is generally perceived. The ability to use cryptography to protect user data and selectively share it with others is a technologically "solved" problem.
"Most of the internet already operates under this paradigm: A third party stores and shares the information, before authenticating it using their authority and reputation," he said.
The advantage of blockchain is that it can help users both store and authenticate their own data.
"Me having my own financial records and sharing it with a potential lender is not very useful if the lender cannot trust what that data entails — for all they know it was made it all up," said Malekan. "A blockchain could be used to create provenance for that data, so while it might be sharing my bank balance directly, the lender can verify that balance came from my bank."
Blockchain: Data Integrity Without Confidentiality
Despite the advantages, there are lingering issues holding back wider blockchain adoption. Lucidum Co-Founder and CEO Joel Fulton said the question to ask is, "What is the security value of anonymously etching something in stone that cannot be changed but is publicly viewable?"
In Fulton's view, blockchain appears to be a technology solution in search of a problem. Meaningful immutable data nearly always carries the equally important requirement that it be confidential. Blockchain satisfies the former and discards the latter, Fulton said. In fact, there is counterbalancing tension between the three core aspects of security: confidentiality, integrity and availability. Complete confidentiality eliminates availability. High availability through redundant stores harms integrity. So which one is the real valid data set?
Integrity appears to be the main advantage, according to Fulton. “Distributed ledgers promise integrity and answer the question, 'Are the data sets what they should be?'” he said.
Though practical implementations have not delivered on blockchain's proposed and theoretical advantages, people have advanced solutions such as the recording of property titles, financial transactions and even records of meeting minutes or codification of laws. These proposed solutions, despite not finding traction in the market, have something in common. They place immense importance on integrity — and little on confidentiality. Knowing your bank transactions are valid (have integrity) is valuable, but that value is compromised when confidentiality is lost. Though users of a chain may remain anonymous, the chain's content does not. Therein lies the problem with blockchain.
“Data protection requires balance from all three aspects of security,” Fulton said. “Blockchain's strength — integrity — also comes at the expense of the other two factors necessary to protect data. Until its limitations can be addressed and balance brought, enhancing integrity with confidentiality, it will remain a curiosity instead of a practical and effective data protection technology.”
Related Article: How Blockchain Is Progressing in the Workplace
Zero-Knowledge May Offer a Path Forward
Newer forms of cryptography like zero-knowledge (ZK) offer enhanced privacy and the ability to prove something is true without revealing too much. ZKtech is relatively new, but it is starting to be deployed for this purpose.
"Theoretically, this allows me to 'prove' to a lender that I have bank balances above a certain threshold without revealing the actual amount," Fulton said.
Blockchain technology enables protection against data manipulation and therefore increases data security. However, in many circumstances, this comes at the expense of privacy, as records are stored in a decentralized, transparent and immutable way, said Kieran Mesquita, chief scientist at RAILGUN.
3 Secrets to Accelerating Transformation to Improve CX + EX
Learn about force multipliers that will reduce technical debt and grow revenue while reducing costs
Why Knowledge Management Is Critical to Business Resiliency
How Organizations are Future-Proofing Business by Harnessing Company and Employee Knowledge
In other words, public blockchains are precisely that: public. This data lake is highly enticing to would-be voyeurs and on-chain analytics companies like Glassnode, Chainalysis and Nansen, which are constantly improving their ability to de-anonymize the pseudonymous transactions being collated by various blockchains. As analytics and AI applied to this pursuit get more and more sophisticated, the pseudonymity of blockchains is likely to degrade to a point where there’s no privacy at all.
“This doesn’t even consider the potential efforts and capabilities of professional electronic surveillance organizations that exist in more than a few nations, said Mesquita. "This presents a fundamental challenge for large-scale adoption by individuals, NGOs and even corporations."
Yet, it’s not all doom and gloom when it comes to privacy rights in blockchain. Even though interacting with decentralized financial applications in an anonymous way has proven difficult, Mesquita believes there is hope for the right to privacy. And some blockchain technology features can cater to privacy concerns. The addition of ZK systems to blockchain, for instance, is an important step forward.
“As communities of passionate and skilled privacy enthusiasts develop dApps and other anonymity systems, blockchain could be a true ultimate solution for data privacy and protection,” he said.
Related Article: How Blockchain Is Enabling Digital Transformation
Data Privacy Laws and Blockchain
As with any developing technology, blockchain evokes strong and at times conflicting opinions. The more development blockchain technologies undergo, the more apparent problems will become.
Networks Hardware Founder Andreas Grant said it will take time before blockchain becomes the answer to data privacy and protection problems. Although he believes that blockchain is the best way to give users complete control over their data, existing and emerging data protection laws rarely — if ever — acknowledge blockchain technology.
“Most countries are building data privacy laws by focusing on a centralized data processing system. This is the exact opposite of blockchain technology,” Grant said. “Moreover, anonymity is another issue where the data privacy laws are in direct contrast with blockchain.”
Data privacy laws such as GDPR require that when a transaction takes place, even if done anonymously, there needs to be a way to trace the identity of the person, if necessary. However, blockchain is designed to preserve privacy and respect the anonymity of the person behind it. This is where regulations like GDPR will not align with the goals of blockchain.
“If blockchains do decide to follow some of the regulations, the very idea of having a completely decentralized system may not see the light of the day,” said Grant.