Using blockchain technology to protect ourselves against data breaches & hacks, part 1
In my first blog post, I promised to write about ‘Blockchain & Banking’ in this second installment. However, the recent Facebook data breach of over 50 million users was too big of a security scandal to ignore. And now retail giants Saks Fifth Avenue and Lord & Taylor are reporting data breaches.
By the time this blog is published, there will likely be another data hack. And so, even though the applications in today’s post have changed, blockchain remains a central character. Had it been in play at Facebook or Saks, these breaches could have been avoided.
That’s high praise for a leading edge technology, but blockchain is robust and therefore easy to praise. It is also misunderstood. And so I am here to educate. Without further ado, let’s begin today’s lesson.
What are the relevant features of blockchain technology that could protect us against recent data breaches and hacks?
— It is decentralized — as of today, our data is centrally stored, maintained by social media channels, plus Internet and retail giants who act as a central authority. In a blockchain, the database is managed by its network, which operates on a peer-to-peer basis, and not any one central authority.
— The ledger of immutable transactions — all the transactions and subsequent edits are also stored as transactions. However, these transactions are spread across the network to many nodes such that every node has a complete history of the transactions, hence preventing a single point of failure.
— Cryptographic — a decentralized blockchain is hack-proof. No centralized version of this information exists for a hacker to corrupt.
— Durability and robustness — blockchain technology is like the Internet in that it has built-in robustness. By storing blocks of information that are across its network, the blockchain cannot be controlled by any single entity and has no single point of failure.
— Transparent and incorruptible — the blockchain network lives in a state of consensus, one that automatically checks in with itself at frequent intervals which varies according to network configuration. It is a self-auditing ecosystem. It cannot be corrupted by altering any unit of information on the blockchain.
— Fault-Tolerant — and finally, it offers fault tolerance, i.e., there would be NO single point of failure, unlike existing central servers which have a single point of failure like these infamous data breach culprits.
Now, let’s discuss how these features of blockchain can be leveraged to not only protect us from the next data breach, but also to create more opportunities for everyone. This includes the data owners and the businesses in a shared/decentralized economy.
We would start by creating digital signatures, which give consumers control over their data and private information. These are not the digital signatures you are used to, however, where you drag and drop and image. Rather, this is more about the process of getting access to and actually having a digital signature that the consumer owns and which houses key data about that consumer.
In a decentralized blockchain model, personal data usage, storage and dissemination rights would at all times reside with the person who the data belongs to, making the creator and the possessor of data the only true owner which can be achieved with the help of digital signatures. It will also help create transparency (optional when data is sensitive or confidential for that we can have private and permission-based blockchain) and accurate audit trail regarding data transfer and tracking respectively.
Next we need to gain greater control over over who has access to our data. At present in this heavily centralized economy, the central authorities and companies are selling our data without our permission to advertisers. With a decentralized blockchain, we would have greater control over which parties can be involved in the data management and protection/usage, which include consumers, social media giants, retail companies, Internet companies, the federal government and any other regulatory authorities.
With a decentralized blockchain, we would also be able to exercise our privacy rights just like we do with HIPAA, for example, by having the freedom to decide whether:
— My personal data will be targeted by ad buyers and be available to be displayed by demographics, interests, political affiliations, etc., based search results?
— I provide permission to appear in search results, and whether or not there should there be an automatic expiration date on the consent granted
— I decide to participate in a rewards or loyalty program, and if I do, I should be able to dictate the terms of my data usage, storage, sharing and dissemination rights
In a decentralized blockchain economy, gaining access to user data will become difficult. By rewarding users for sharing their data (for example via tokenization) it will encourage consumers to share additional useful attributes about themselves, which would provide these centralized behemoths with richer and valuable data they so desperately seek. That data, however, should be volunteered rather than stolen.
Blockchain technology, even though it is very promising, is still in its infancy. It has yet to be tried and tested, just like locomotives, automobiles, electricity, the telephone, air-travel, and the Internet were also once brand new and untested. However, those innovations are all an integral part of our lives now. And so are data breaches. However, once each of the blockchain pieces mentioned above is put into place, the data owner will be given security and protection of his/her data to such a degree that it will become impossible to breach except by human error (i.e., revealing your private key/password). We will have then set a new precedent and blockchain will be ubiquitous.
I hope you found this post informative. Stay tuned for part 2…