Identity & Privacy: Real-world challenges and blockchain use-cases
This is the 2nd article of our series that presents challenges and blockchain use-cases as potential solutions. The article is part of our weekly series, of which we are excited to hear your feedback or insights in the comments below!
The big question many people ask: What problem does blockchain solve?
Have you ever tried explaining blockchain to someone else? It is a great way to test your own knowledge — because being able to explain something really shows your understanding. We thought listing some challenges and blockchain applications/use-cases, could help you notice the bigger picture. Without a real challenge there is no justification for a solution, but at most a short-term hype. Whether blockchain cases are the only solutions is questionable — but at least they are interesting to look at! Time will show which challenges blockchain can sustainably solve.
So let’s dive into the second challenge for this week’s article:
Challenge 2: Identity & Data: “If the software is free — then you are the product”
Think about all those times you entered your email address, bank card, or private details online. You would most certainly not give away such information in physical shops, and still we do so online. Online, so many parties are collecting and leveraging information about you. You do not benefit from that (or at least not directly).
With more than 60 billion messages sent daily on WhatsApp & Facebook messenger, combined with 269 billion emails sent on a daily basis. — These centralized platforms can become targets for hackers and others pursuing to harvest our data. Both of them have continuously endangered users’ rights to privacy. (Lee, S.) If you think about it, all the major social media platforms make their money using our data. You might ask: How? Well, their biggest revenue stream comes from selling advertisements. What do advertisers want? They want to target us as closely as possible — which is facilitated by social media platforms that analyze our data and sell to advertisers the possibility to target us directly.
Recently, we have been confronted with “privacy scandals”. Just to mention the Facebook data breaches that demonstrate the dangers of leaking personal, sensitive data online. Facebook isn’t the only huge data company enduring breaches in recent years. In September 2017, it was uncovered that around 143 million Americans and 44 million Britons had their information (home addresses and social security numbers) stolen from Equifax (a credit rating firm). The irony of this is, that those affected did not even know the company was holding this information.
A recent issue becoming more popular is the ads-coinciding-with-conversations-mystery. Many seem to have a story about their smartphone listening to them. In order for smartphones to actually pay attention a trigger needs to happen, for example Hey Siri or Okay Google. Without triggers, there is no recording, just general metrics being sent to service providers. However, when it comes to apps like Facebook, no one really knows what the triggers are. In fact, there could be thousands. Yet, companies like Facebook are profoundly denying listening to our conversations. (Nichols, S.)
It seems apparent that we need a radical change in the way data is produced, collected and maintained. Although the EU is already trying to address privacy issues with the introduction of the GDPR (General Data Protection Regulation), a set of rules dictating how businesses can handle personal information, these regulations still fall short when trying to comprehensively safeguard our privacy — and, potentially, the integrity of future elections. (Hall, J.)
So the question we need to ask ourselves is: how do we regain control and ownership of our own data?
The blockchain technology can help people to control, permission, authorize and sell your own data, putting users back into control of their internet experience. A blockchain is a distributed ledger system that allows information to be stored not in a single, centralised database, but in a potentially infinite number of computers. Information is therefore stored by all members of a society, and updates are conducted in regular intervals whereby being linked (chained) to previous existing information. This makes the records immutable and tamper-proof. Instead of giving our information to the centralized platforms/shops, we can store them on a decentralised ledger, that’s free from a single point of failure.
Cryptography, which makes up the blockchain technology, leverages public and private keys to secure information alongside the publicly available database. Once encrypted, you need the private key to unlock the information making it possible for all the encrypted data to be taken and still be completely useless to a thief. (Rao, A.) Although cryptography can be difficult to understand, the core concept is that we trust in “math”, instead of people.
Now you might think: If our data is stored everywhere, how can it be truly private?
This is currently being tackled by researchers around the world.
The idea of differential privacy can allow tech companies to collect and share aggregate information about user habits, while maintaining the privacy of individual users. (Zhu, T.) Some entrepreneurs are attempting to increase data privacy by combining cryptography and blockchain. Projects such as Origo, Oasis, and Mainframe focus completely on preserving user privacy. Baron Gong from Origo stated: “In Origo Network, a lot of the applications we use will not be touching your data. We are touching a computational proof of your data. The blockchain does not store your data.” (Lee, S.)
Even with the GDPR designed to prevent data holding by companies, there is no way to guarantee personal data is truly deleted in a company’s data system. Blockchain’s trustless consensus enables people to be certain that data is used properly. Oasis Labs designed the Ekiden system, carrying out off-chain smart contracts within a trusted execution environment (TEE) node to allow for the same security as if it was on-chain. The isolated secure area of the main processor enables code and data to be absolutely protected against software as well as hardware attacks. No one, not even the miner, can view the code being run. These solutions sound complex, but they provide privacy beyond the transactional level. Projects like these could likely be of advantage to finance, enterprise, and healthcare, where contracts often involve sensitive personal information. (Lee, S.)
Another example of a project is Enigma, where researchers at MIT develop a protocol that sits on top of existing blockchains. Enigma is also committed to “secret contracts”, as opposed to existing “smart contracts”, with nodes on the blockchain able to compute data without ever “seeing” it. A simplified version of what can be accomplished by Enigma can be explained by the example of Alice and Bob. Alice and Bob, are trying to figure out who has more money in their bank account without revealing the actual number. It sounds like a simple task, but the implications of technologically achieving it are vast. The researchers believe that this will make it possible for users to control their personal data, without other platforms monetising or analysing their information.
Self-sovereign identity: What’s all this about?
According to Beyer, S., blockchain technology is an ideal use-case for identity solutions. Decentralizing identity management empowers people by returning control over their own identity. Further, it is more secure than relying on centralized identity providers, in the form of authorization services, password or key management systems.
A report from McKinsey about Digital ID, discusses decentralized models in terms of potential digital ID systems. Blockchain “and other technologies” would help establish and manage identities, and on collective user demand. Even though the technology is in early stages of development, the structural benefits can include: strong user control over data, decentralized data storage and an absence of any central authority that could misuse or manipulate the system. (McKinsey Global Institute) Even though Solid, launched by Tim Berners- Lee in September 2018, is not a direct example of digital identity, it still provides a model of how to radically change the way Web applications work today, resulting in true data ownership as well as improved privacy.
Why is identity management so special? It is an enabler for nearly every other use case on blockchain. Blockchain in healthcare, in the Internet of Things, online voting, investment, supply chain management, or food tracking — all revolve around identity management. For voting or health care it is imperative to check the identity and eligibility.
According to Beyer, S. we can solve any of these applications if we universally solve identity management. However, for this to really work we need to set standards, in order to settle on an interoperable way of accessing these identities.
One example of a project tackling this is uport. This blockchain identity start-up has come up with their proposal, ERC-1056 Lightweight Identity. This standard proposal complies with the W3C Verifiable Claims Working Group’s proposal for Decentralized Identifiers — which in turn widens the standardization effort beyond the Ethereum ecosystem. (Beyer, S.)
Identity solutions should also be privacy-preserving. Since identifying yourself should not require you to give up privacy. Find out more on:
So, imagine a new reality, where we could have significantly more control over what information we share with whom and seamless processes in place for important aspects of our lives, such as healthcare or voting.
As Joseph Lubin (CEO of Consensys) says: “In my opinion, the next version of the Web will enable a better identity construct so that companies like Facebook and Google won’t be able to build business models that will be exploitative of our personal information and communications. We’ll be in much greater control of these aspects of our lives. If anyone monetizes those things, we, as individuals, should be able to do that.” (Coleman, L.)
As you can see, blockchain is a promising technology, however, businesses looking to implement this should find out whether the data being used is subject to any privacy laws. As public blockchains have an immutable data structure (meaning that data cannot be easily modified or deleted), the privacy rights granted to individuals to invoke the “right to be forgotten” could be difficult to permit. This raises concerns, as entries in a public blockchain might not be able to comply with privacy laws. (Omale, G.) Read more about the dilemma of storing data and compromising chain integrity:
What are your thoughts? Comment below!
Don’t forget to check out our previous articles:
The unbanked and blockchain use cases: https://medium.com/@chainworkhub/real-world-challenges-and-blockchain-use-cases-2b83682440b2
The sharing economy and blockchain use cases: https://medium.com/@chainworkhub/the-sharing-economy-real-world-challenges-and-blockchain-use-cases-24e44a58832
Stay tuned and follow us on all our social channels for new updates!
- LinkedIn: https://www.linkedin.com/company/chainworkhub/
- Facebook: https://www.facebook.com/chainworkAG/
- Instagram: https://www.instagram.com/chainworkhub/
- Telegram: https://t.me/chainworkhub
- Twitter: https://twitter.com/Chainworkhub
- Medium: https://medium.com/@chainworkhub
- Youtube: https://www.youtube.com/channel/UCDC9VdBcWvcfNIha16TmyRA
Tapscott, D. How blockchain is changing money and business. Accessed on: 18.01.19. Available at: https://www.ted.com/talks/don_tapscott_how_the_blockchain_is_changing_money_and_business
Hall, J. How Blockchain could help us take back control of our privacy. Accessed on 18.01.19. Available at: https://www.theguardian.com/commentisfree/2018/mar/21/blockchain-privacy-data-protection-cambridge-analytica
Quant the catalyst trader. Enigma Protocol: The First Solution to Privacy on Blockchain. Accessed on: 19.01.19. Available at: https://email@example.com/enigma-protocol-the-first-solution-to-privacy-on-blockchain-1c65cfa67bd9
Buterin, V. Privacy on the Blockchain. Accessed on: 23.01.19. Available at: https://blog.ethereum.org/2016/01/15/privacy-on-the-blockchain/
Lee, S. Privacy Revolution: How Blockchain Is Reshaping Our Economy. Accessed on: 23.01.19. Available at: https://www.forbes.com/sites/shermanlee/2018/07/31/privacy-revolution-how-blockchain-is-reshaping-our-economy/#1ece83291086
Nichols, S. Your Phone Is Listening and it’s Not Paranoia. Accessed on 22.01.19. Available at: https://www.vice.com/en_au/article/wjbzzy/your-phone-is-listening-and-its-not-paranoia
Zhu, T. Explainer: what is differential privacy and how can it protect your data? Accessed on: 20.01.19. Available at: http://theconversation.com/explainer-what-is-differential-privacy-and-how-can-it-protect-your-data-90686
Beyer, S. Self-Sovereign Identity: Blockchain’s Real Killer Application? Accessed on 22.01.19. Available at: https://blocktelegraph.io/self-sovereign-identity-blockchains-real-killer-application/
Coleman, L. How Joseph Lubin’s Power Moves Will Further Stir The Blockchain Controversy Pot. Accessed on 22.01.19. Available at: https://www.forbes.com/sites/laurencoleman/2018/10/23/how-joseph-lubins-power-moves-will-further-stir-the-blockchain-controversy-pot/#44958b0018b6
Omale, G. Gartner Predicts for the Future of Privacy 2019. Accessed on: 23.01.19. Available at: https://www.gartner.com/smarterwithgartner/gartner-predicts-2019-for-the-future-of-privacy/
McKinsey Global Institute. Digital identification: A key to inclusive growth. Accessed on: 28.01.19. Available at: https://www.mckinsey.com/~/media/McKinsey/Featured%20Insights/Innovation/The%20value%20of%20digital%20ID%20for%20the%20global%20economy%20and%20society/Digital-ID-a-key-to-inclusive-growth-January%202019.ashx
Rao, A. How to Secure your Personal Data using blockchain? Accessed on: 28.01.19. Available at: https://medium.com/coinmonks/guarantee-your-patients-privacy-today-securing-sensitive-data-with-blockchain-fcb179f1302c
This article is not intended to be a source or advice of investment, financial, technical, tax, or legal. All of this content is for informational purposes only.