01 Mar Blockchain Storage Offers Security, but Leaves Data Transpa…
In November 2019, security firm Risk Based Security called last year the “worst year on record” for breaches, with almost 8 billion records affected. Third-party control over personal data makes privacy something that is no longer a given.
The advent of blockchain technology seems to have heralded a new era in data security. However, as the technology has become more common on the internet, questions have arisen concerning its ability to securely store data. The reason lies in complete transparency that may not be good for confidentiality, as recently claimed by blockchain analytics firm Chainalysis.
Once upon a privacy
As people’s lives become increasingly digitized, the issues of data protection and privacy become paramount. Any action made online is a speck of gold dust for some companies. Data is gleaned and compiled into databases to be sold or auctioned off to the highest bidder by browsers and social media giants. Johnny Ryan, chief policy and industry relations officer of Brave browser, said in an interview with Cointelegraph on Feb. 21:
“RTB [Real-time-bidding, an auction for online ads] is the biggest data breach in the world. Personal data are being broadcasted to thousands of companies.”
Ryan’s words resounded with the growing number of data breaches, highlighting the fact that most modern business models are based on the collection and sales of users’ personal data, as browsers like Chrome and social networks like Facebook sell the data to those who pay for it.
Facebook and multimedia design platform Canva are among the most eminent data breachers, with data of 540 million and 139 million users affected in 2019, respectively. Top entrepreneurs and billionaires have also been affected, for example, Jeff Bezos, the CEO of Amazon, was hacked in 2018 while using WhatsApp.
Because it’s centralized
Statistics show that centralized companies leak user information more often than one may think. Data security is often disregarded for the sake of convenience, as companies resort to third-party resources like Dropbox and Google Docs, the security of which has been regularly questioned.
Most data collected by third-party companies is in centralized databases characterized by a domino effect single point failure capability. Even worse, data breaches either go unnoticed or are not divulged.
The simplest way to check is by entering an email on the website Have I Been Pwned, which provides statistics on how many times a user’s personally identifiable information has been found online. The total number of breached accounts has reached almost 9.5 billion according to the site’s statistics.
Is blockchain the user privacy panacea?
Blockchain is generally considered to be confidentiality-oriented and, therefore, can become an ideal solution for the problems that arise with traditional storage systems. For example, private blockchains can provide strictly enforced access to data based on permissions.
There are many solutions offered, such as homomorphic encryption, which allows computations to be carried out with encrypted data without preliminary decryption. This method was initially used on MIT’s Enigma network, which divides data into pieces, encrypts it, and randomly distributes it over the network in little portions. None of the network nodes can read this data, but users can decrypt it.
Security and privacy are thus preserved, and only users with matching decryption keys and proper credentials are granted access. Cryptographic techniques such as zero-knowledge proofs and zk-SNARKs already use homomorphic encryption — and Zcash (ZEC) is one example that applies such techniques.
The quintessence of blockchain technology is that it negates the need for third-parties, thus ensuring a higher degree of safety. The introduction of features like decentralized identity control prophesies a significant reduction in identity theft.
For instance, in May 2019, Microsoft announced its intention to use distributed registry technology to create a decentralized identification system called Decentralized ID, or DID, based on the Microsoft Authenticator application. Developers believe that blockchain technology is perfect for storing personal information since it eliminates the need to give consent to use private data. As a result, users’ identities will not be duplicated and distributed among different service providers like social media companies or online stores.
Similarly, SDS, the internet technology division of Samsung, has recently integrated QEDIT’s zero-knowledge proof in its enterprise-oriented Nexledger blockchain. The SDS team believes that the integration will allow it to provide parties employing corporate blockchains to record and validate transactions on a shared ledger without disclosing confidential data.
The principle of storing personal information to protect user data was introduced by Jeff Pulver, the American who pioneered VoIP. The Pulver Order was passed by the Federal Communications Commission on Feb. 12, 2004, and made it possible for people to freely use communication apps like WhatsApp.
In 2018, Pulver offered to use a blockchain-enabled communication network based on new authentication layers and decentralized solutions. The new solution, called Debrief, is said to be the most secure business communication network available for peer-to-peer audio and video calling, messaging and decentralized file storage. The technology aims not to expose users’ confidential information unlike services such as Facebook or Zoom.
The secret lies in a decentralized storage system and secure blockchain authentication protocol that are impervious to hackers. Pulver claims that Debrief’s data encryption algorithms do not allow the data to be edited or tampered with once it is placed on the network.
Each recipient on the network receives the same piece of information as it is entered in real-time. Therefore, for a hacker to tamper with or edit the information on one recipient’s computer, the other computers on the network would have to validate the change, which they would never do. Pulver explained at the time that: “By refraining from centralized control, we will be removing the weak link from the equation — the third-parties.”
MedRec, a project launched by MIT, pursues a similar goal but in the health care industry. The project uses blockchain technology to enable the secure…