Blockchain, Data Privacy, and Your Security

Blog Post Breakthrough Results

NBC’s Herb Weisbaum reported that, in 2016 alone, more than 4 billion data records were stolen. Moreover, Jorge Rey, the Director of Information Security and Compliance at Kaufman Rossin, reported that between January and November 2016 there were more than 4,000 ransomware attacks each day, a 300 percent increase over 2015. 

We are all attached to a second identity: the one we’ve created while using the Internet. For example, every time you use smart technology, you are surrendering more personal information about yourself. Our digital identity grows more sophisticated each year as the amount of data collected increases. What’s more, with the Internet and smart technology being applied to more and more activities that were once conducted manually, the ways in which data is being collected has grown exponentially. 

Centralized ledgers and login credentials often prove to have vulnerabilities. Despite investments in cybersecurity, digital accounts protected by weak usernames or passwords still get hacked. According to the Bureau of Justice Statistics, 17.6 million U.S. residents experienced identity theft in 2014. In the first half of 2017 alone, nearly 2 billion records were lost or stolen worldwide.  

Now, some good news: transactions that take place on a blockchain are secured through transparency, smart contracts, and complex math/advanced software that is extremely difficult for hackers to manipulate. Blockchain technology’s tamper-proof reputation is due to the fact that the system operates on a “consensus protocol” and that each block has a unique cryptographic fingerprint. Another aspect of blockchain technology that provides security is that each block acts as a link. This means that each block also contains the previous block’s unique fingerprint. Therefore, in order to hack one block, you have to hack each that came before and after it.   

However, blockchain technology’s ability to keep records in existence can also serve as a weakness. Under the GDPR, European citizens are granted the right to erasure. Any European citizen can request any company to erase all data stored about him/her. Any company using blockchain technology to store data would run into issues attempting to completely erase one record. Another security concern was brought to light by a study done by researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg in November of 2014. In their paper called “Deanonymisation of Clients in Bitcoin P2P Network,” Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov found that anyone with a few computers and €1500/$1756 a month could uncover the IP Addresses behind each transaction.  

Nevertheless, there are companies that have found how to use blockchain to their advantage when it comes to security. One example of a company using blockchain technology to provide security is Guardtime. Founded in 2007 by Estonian cryptographer, Ahto Buldas, Guardtime is a data security startup that, by 2016, secured all of Estonia’s one million health records with its technology. They’ve accomplished this by using blockchains to create a Keyless Signature Infrastructure (KSI), which acts as a replacement for the Public Key Infrastructure (PKI).  

With blockchain technology, the individual can hold personal information in a secure, decentralized ledger. Additionally, with this technology, it would be extremely difficult to tamper with that information. Storing personal information with this technology would give the individual more power when deciding how and when his/her data is used for services.

 

Co-authored, edited and prepared with Ashlyn Vogelsang.

Discussion