Blockchain is often mentioned as a silver bullet solution for issues that have existed for years or even decades. It is generated by a lack of understanding of the technology. Here’s what we keep hearing, and why the claims are false.
1. “Blockchain is a database.”
A ledger is not the same as a database. A database is designed for fast access, a ledger for security and immutability. Both have significant advantages and disadvantages.
Fun fact: blockchain nodes have their internal databases to hold the copy of the blockchain data indexed for better access (and that index is as hackable as any other).
2. “Blockchain connects entities that before have not been able to communicate with each other.”
Blockchain does not solve the connectivity issue. Blockchain networks need physical and network infrastructure (which the internet provides) to piggyback on (at least for now). Blockchain creates links/permissions between different parties (institutions) involved in a specific transaction. Just because the data is on the same blockchain network that both parties are a part of, it does not mean the data is automatically transferred between these two parties. It also does not mean that the data in question is interoperable.
3. “All data on the blockchain is encrypted.”
Blockchain tech is based on encryption, but assuming data on the ledger is therefore automatically encrypted, or that the privacy of that data is somehow protected, is false.
4. “Blockchain prevents corruption and loss of data.”
We do not need blockchain to safeguard data against loss or corruption. Digital signatures and backups within different jurisdictions solve that.
5. “Blockchain will solve interoperability.”
A lack of data interoperability derives from a lack of common data standards, not from inadequacies of databases. Healthcare IT vendors love proprietary data standards as they provide vendor lock-in. Consequently, data is locked in data silos with little hope for unlocking the secondary value of that data to improve patient care or for research purposes.
6. “By putting data on the blockchain, data is automatically secure.”
Data security is a variety of measures that prevent:
• Data getting lost, destroyed, tampered with, corrupted,
• Unauthorised access to data.
Storing data on the blockchain only solves the issue of data tampering because once it’s stored on the blockchain, it cannot be readily changed.
This does not mean we need to store data directly on the blockchain to ensure immutability. We can use hashing algorithms to produce digital fingerprints of data and store the hashes of the data on the blockchain and achieve the same results.
7. “Storing encrypted data on the blockchain is the solution to data privacy on the blockchain.“
Storing encrypted data on the ledger is ill-conceived. Blockchain is “eternal” while encryption is not. Every decade or two, encryption algorithms need to be upgraded because the mathematical problems that take forever to compute on current computers (and therefore provide protection against attacks) become solvable.
Also, encryption algorithms contain bugs and vulnerabilities just like any piece of software code. When they are discovered, they sometimes allow the attacker to decrypt the messages even without knowing the private keys. That’s why encryption algorithms need to constantly be upgraded and the data that was encrypted using these algorithms needs to be re-encrypted with the newer version. Because the data on the blockchain cannot be changed, it cannot be re-encrypted with newer encryption algorithms, thereby being forever exposed to inadequacies of the encryption algorithm it was originally encrypted with.
(Read more about how encryption software can fail in this great blog post.)
8. “Medical records should be put on the blockchain.”
See points 1–7.
9. “Permissioned private blockchains offer better security than public ones.”
Blockchain only really works as a public ledger. A permissioned private blockchain is just a database with slightly modified data structure. At any point, transactions behind closed doors can be changed without the public or 3rd party ability to verify its authenticity. For more in-depth explanation, see the post Public vs. Permissioned (Private) Blockchains.