Monday, April 02, 2018

Blockchain and the Edge of Obfuscation - Privacy

According to Wikipedia,
a blockchain is a decentralized, distributed and public digital ledger that is used to record transactions across many computers so that the record cannot be altered retroactively without the alteration of all subsequent blocks and the collusion of the network. (Wikipedia, retrieved 31 March 2018)

Some people are concerned that the essential architecture of blockchain conflicts with the requirements of privacy, especially as represented by the EU General Data Protection Regulation (GDPR), which comes into force on 25th May 2018. In particular, it is not obvious how an immutable blockchain can cope with the requirement to allow data subjects to amend and erase personal data.


Optimists have suggested a number of compromises.

Firstly, the data may be divided between the Blockchain and another data store, known as the Offchain. If the personal data isn't actually held on the blockchain, then it's easier to amend and delete.

Secondly, the underlying meaning of the information can be "completely obfuscated". Researchers at MIT are inventing a 21st century Enigma machine, which will store "secret contracts" instead of the normal "smart contracts".

    Historical note: In the English-speaking world, Alan Turing is often credited with cracking the original Enigma machine, but it was Polish mathematicians who cracked it first.

Thirdly, there may be some wriggle-room in how the word "erasure" is interpreted. Irish entrepreneur Shane Brett thinks that this term may be transposed differently in different EU member states. (This sounds like a recipe for bureaucratic confusion.) It has been suggested that personal data could be "blacklisted" rather than actually deleted.

Finally, as reported by David Meyer, blockchain experts can just argue that GDPR is "already out of date" and hope regulators won't be too "stubborn" to "adjust" the regulation.


But the problem with these compromises is that once you dilute the pure blockchain concept, some of the supposed benefits of blockchain evaporate, and it just becomes another (resource-hungry) data store. Perhaps it is blockchain that is "already out of date".



Vitalik Buterin, Privacy on the Blockchain (Ethereum Blog, 15 January 2016)

Michèle Finck, Blockchains and the GDPR (Oxford Business Law Blog, 13 February 2018)

Josh Hall, How Blockchain could help us take back control of our privacy (The Guardian, 21 March 2018)

David Meyer, Blockchain is on a collision course with EU privacy law (IAPP, 27 February 2018) via The Next Web

Dean Steinbeck, How New EU Privacy Laws Will Impact Blockchain (Coin Telegraph, 30 March 2018)

Wikipedia: Blockchain, Enigma machine


No comments: