No, You Can’t Rely On The Government To Keep Your Data Safe
Neither can you rely on any centralized system
Let’s not kid ourselves, data breaches are boring.
So boring in fact, that news of government systems being breached can be expected every few months. In 2020, there were 1001 data breaches in the United States alone. Paired with the rapid digitalization of our society it should come as no surprise that more breaches are being reported. More services are done online than ever before, and the pandemic just sped up this process even more.
The thought of your data being sold on the dark web is no longer a mere thought, it may be your reality. In 2019, data related to 92 million Brazilian citizens are reported to be on sale on the dark web. The Indonesian government is currently in the midst of investigating the possibility of a severe data breach of around 270 million Indonesian citizens. In context, there are around 272 million citizens currently residing in Indonesia, and even though there is a possibility of the numbers not being accurate it highlights a very important issue, centralization breeds a lack of trust.
Even the best of systems cannot be fully trusted, centralized systems will always have a risk of being breached. The more data a system has the better rewards for the potential hacker. If that is the case, wouldn’t it be better to have decentralized systems instead?
Privacy and Decentralization
Decentralized applications (dApps) are systems that run on a peer-to-peer network of computers instead of being hosted in a single cluster of servers. dApps run in a more “democratized” way because there is no single authority looming over the community.
The point of making an application decentralized is to remove the entity connecting the entire system, thus creating the complete opposite of a centralized system. Decentralized systems are also more secure in a way because of the heavy use of encryption.
Decentralized Cryptography
If you have ever made a dApp, you might be familiar with the term public key and private key. In a dApp, these are the keys to communicate between users, pun intended. Because the app is decentralized, everyone has access to the data, and to send data to specific users we can use the public key to encrypt data and the private key to decrypt data.
To better understand the concept, you only need this image:
A user will be assigned a single public key and a private key. As the name implies the public key will be available for other users while the private key is kept secret. The sender of data or message, in this case, will need to encrypt their message with the receiver's public key. The data will then be encrypted and can only be decrypted by the user’s private key.
The data can be stored anywhere and without the private key, it is almost impossible to decipher. “But what if the hacker guesses my private key?”, you ask? Well, to answer that question — yes, it is possible. But it would probably take a few million years, well hackers better get started then.
Anyways, out of all the documents floating around in the dApp database, what makes you so sure the hacker will be able to know which data is yours?
Data Anonymity
This brings us to another point, data anonymity. In a dApp, your name or other personal data would not be necessary. All the data can be mapped to your public key serving as a de-facto ID for all incoming data.
Also, because your data is already encrypted, in the first place. It becomes similar to the chicken and the egg problem, the hacker would need to brute force (a fancy word for guess) each possible private key combination to even start to have a clue on what’s going on — from a data perspective.
Furthermore, because your public key can be a de-facto ID, you wouldn’t need to attach personal data in the first place. Obviously, because the public key would be how you would interact with users in the first place. “But, in the end, can’t these concepts be used in a centralized application as well?”.
Of course, it can! But, anonymity and data encryption doesn’t work well with the concept of centralization, to begin with. dApps is a “democratized” way to run a system, but centralized apps are the opposite because there are entities that would want to be the single authority on the platform. Picture Facebook, Apple, and Google platforms.
In a dApp, no entity can retrieve your data without your permission. You are in full control of your own data.
Data Sovereignty
dApps are becoming more popular, and the recent actions taken by the big tech platforms are not making it less attractive. The reality of being able to speak your mind in the digital world without censorship getting dim. Having “free” platforms aggregate your data to be sold to the highest bidder also isn’t that attractive to many people.
Who would’ve guessed?
Who would thought that people would need privacy? But the world is catching up now. More and more people are becoming aware of the single most important right they have, their sovereignty.
Microsoft seems to be getting the right idea, Nadela’s company is currently developing and offering decentralized identity services. “Own your digital identity” is their motto, well that’s how it should be. Microsoft also quoted a report from Forrester, “Decentralized digital identity (DDID) is not just a technology buzzword: It promises a complete restructuring of the currently centralized physical and digital identity ecosystem into a decentralized and democratized architecture”.
Here in DeBio Network, we will also implement DDID. Currently, we plan to use the KILT Protocol. KILT is a protocol for creating, attesting, and verifying identities with the original goal of creating a decentralized, data sovereign to solve the problem of trust on the internet. Users first need to create a claim, this claim would be then sent to a trusted attester. An attester is an entity that will be responsible for certifying the user's claim.
After the attester approves, it will then save the claim as a hash on the KILT blockchain. The hash cannot be transformed back to the user claim, thus making the effort of hacking the blockchain futile. When the user receives the certificate from the attester the user can now use their claim on applications that use KILT. Albeit, the apps must trust the corresponding attester. These applications will be the verifiers of the user claims.
The entire verification process does not need to go through the attester at all thus, the user activity will not be known by the attester, enabling data sovereignty for the privacy-conscious, a perfect identity solution for the DeBio Network.
Being Privacy Conscious
As the title entails, the government cannot keep your data safe. Other than the problem of centralization, there are times when the user’s brought upon misfortune upon themselves.
Arguably, the most effective cyber attacks are done from the client side. According to an article by Whoa Network, the top 5 reasons for data breaches are involved from the client-side. The cause of this being most users not being cyber-literate. No matter how secure or decentralized the app is, it will not protect you from human error.
So in the end, the government can’t actually protect you because you must take responsibility for yourselves. A good thing to note is, according to this article by the Strait Times, more users are aware of cybersecurity concerns in recent years. Even though cyberattacks are getting worse, more are taking conservative steps toward their own cybersecurity.
So the conclusion? Centralized apps have the risk of leaving your data in the hands of corporations. You are not in control of your data, nor can the security be guaranteed. Decentralization is a solution to this problem because it implements cryptography, anonymity, and data sovereignty.
Also, it wouldn’t hurt to learn more about cybersecurity and how you can keep a secure desktop environment.
About DeBio Network
DeBio Network is an anonymous-first, decentralized platform for medical and bioinformatics data.
We are building a decentralized platform for your personal medical needs, starting with genetics. Our concept allows synergy between labs of all scales while guaranteeing user anonymity and sovereignty at every step of the genomic data science workflow — from sample collection, data storage, to report generation.
We here at DeBio fully understand the concern for user anonymity. Some people might say that our DNA is the most private thing we have, and we take that very seriously. Anonymity-first genetic testing should be the number one focus for all companies.