While writing this article I am sitting at lake Müritz parallel watching the sunset. Okay there are more urgent things to do, like processing a few datasets of customers we have received at STROMDAO the last days — I can’t, and no one else could.
The problem I am facing is a privacy concept we have created to protect all privacy aspects in a consensus system.
In general our data protection rules are
- Consensus is a public state
- Personal data is private
- Users do not have to care about privacy
- Communication between peers is private
- Communication (data) ends always in a public state (change)
Other market players implement other rules and have a big advantage at start. In order to sign up for an electricity tariff you get asked a lot of personal data. Your name, your birthday for credit checks, email, etc… etc… . In a modern IT world those datasets get stored in a cloud. You as the originator will now have read access & the party you sign up with has access. In general they could do everything with the data, where analytics or customer value calculations are the more harmless stuff. Personal data in a cloud could be copied, transferred, re-assembled and so on… As soon as personal data is out in the wild, it is not anymore in control of the originator.
Implementing our rules changed that. Personal data is seen as an asset that always belongs to the originator/owner. So if you sign up for an power tariff your browser will create a public-private RSA keypair for you. In parallel a public key from us is fetched. Blockchain technology and its addresses schema makes it possible to identify two parties stateless and get the right public key. In case of a new tariff you could always see which devices have the key in its asset.
Going on vacation I simply forgot to grant access to our “tariff key asset” to someone else or put it on my mobile. As new orders are coming in, we could only see meaningless bytes…
The main change for our business is, that we have to care much more about visibility of customer data as other market players. On the Upside we gain the benefit, that there is no central data lake that someone could control. Privacy is delegated by design to the final user and the final use case (like me processing new orders).
At STROMDAO we are using IPFS to store all data. As soon as personal data is gathered the user will encrypt it and create a digital asset which is stored in IPFS. This allows to access the bits and bytes from any computer on earth, but you need to have the right private key to get a meaning out of it.
So in theory everyone could access the encrypted data, but only some with the right keys could process the data.
As mentioned, all control is at the final user. Using IPFS means the final user is responsible to store and archive data as long as it is required for a task. If not there will be no copy of the data in the IPFS network that could be used to get to the decrypted dataset.
In case of our new customers we only see the IPFS Hash but without the key I could not do my job of validating and getting them connected to our power tariff. I will do that back home and change the customer status in the energy blockchain to “connected” which is the state change required if privacy rules get followed.
Blockchain Technology provides consensus. By the time the state of the user got changed, everyone using the energy Blockchain could relay on my validation without having to collect further personal data. This is an important game change as now small players could use “consensus as a service” instead of having to build a custom infrastructure.
Combining both strenghts of IPFS with the Energy Blockchain will give us a real decentralized platform to host micro services for the market.