Part 1/2: Can Blockchain Protect Your Personal Data?

By Nick Roquefort-Villeneuve, Global Marketing Director – Amalto Technologies

Amalto-Blockchain-Data-Privacy

[This is part one of a two-part reflection on the topic of Blockchain Technology and Data Protection.]

Facebook shatters your right to identity privacy by selling your information in all impunity to whoever is ready to put the almighty Dollar on the table. As a result, as early as this morning you’re likely to get bombarded with ads for antidepressants, if last night you reacted to a post about the Houston Rockets loss in game two of the NBA playoffs against the Utah Jazz with the sad emoticon… Or maybe are you drowning in fake news, since you’ve clicked on the thumbs up like button at the bottom of a photo showing white supremacists marching in the streets of Charlottesville holding Tiki torches, thinking, “Wow! Those luaus are so cool! Man, do I miss Hawaii…”

Naturally, I will spare you the Equifax, Target, Delta Airlines, Xbox, Arby’s, Verifone, Saks Fifth Avenue, UNC Health Care, Chipotle, Gmail, DocuSign, Kmart, Blue Cross Blue Shield, Verizon, SEC (not the Crimson Tide vs. Gators one), Deloitte, Whole Foods, Yahoo, Hyatt Hotels, Forever 21, Uber and Ebay, among so many others data breaches that happened in the last fifteen months. Your private information? Gone! The commonality among all those companies? They store your private data in the cloud, a centralized system, therefore highly prone to hacking.

Quite a lot of hope has been placed on Blockchain in the recent months, simply because Internet users are tired of being abused for mercantilist reasons, from which they’re getting absolutely no financial reward or compensation whatsoever. Alright, so can Blockchain protect your identity and prevent your personal information from being shared against your will?

The Management of Your Personal Data Today

How is your identity managed on a centralized system like Facebook or Amazon today? Well, it depends on where you want to log in. Facebook asks you for a valid email address or verified mobile phone number and a password. Other websites require a log-in ID that’s different from an email address, like an alphanumerical handle such as “tombrady1971,” in case you want to affirm your devotion to the New England Patriots and were born in 1971. Mobile apps like Amex and Chase allow you to log in via thumbprint. Basically, the way you must identify depends on the requirements of the websites or applications you want to access, and not the other way around. It’s a one-way street: You must comply with what they need. Naturally, prior to being able to access those outlets as a user, you must have initially filled out a detailed form asking for your name, address, and many other attributes that pertain to your personal life. Moreover, as a user you’re not in control of your identification and/or personal information. Look at shared identifiers that allow several websites to leverage and store the information pertaining to your identity entered somewhere else? You know, those sites that suggest you create an account or log in using your Facebook or Google handle and password. And, to top it all, successive hacks have systematically compromised centralized systems where (potentially) your personal information is stored. This ecosystem isn’t safe. How about when you register for online banking or apply for a credit card online, and you’re required to type your social security number? Yes, this is where both identity theft and your worst nightmare can begin. Just ask the victims of the Equifax hack…

Back to Facebook, which even an exorcism wouldn’t succeed in changing. I too can picture Mark’s head spin way more out of control than it already does… As I stated earlier, Facebook collects the personal information you have no other choice but to share with the social medium if you want to create a profile. Yes, all those *required information fields. Once your profile’s up and running, Facebook starts storing all the information that pertains to your behavior throughout the platform and keeps it. An example? Remember this highly compromising photo of you taken during your bachelor party in Cancun that your best man was so quick to post on his profile page? He’d tagged you on it, but fortunately you weren’t in the best of conditions to understand how to acknowledge such a thoughtful attention... The photo received dozens of likes and inappropriate comments, mainly from your good old frat brothers who hadn’t been able to attend the festivities. Last Sunday, you and your lovely spouse woke up together, she placed her head on your chest, you grabbed your phone, checked your Facebook profile, and… froze. From time to time, Facebook posts on its users’ news feed page a “flashback.” This is a video that displays a series of photos and posts that received the most comments and likes. And here is the compromising Cancun shot right before your eyes. A couple days before the wedding, you had asked your buddy to erase it, which he did. But it’s still there to haunt you. Facebook keeps all the posted information that pertains to you. And Facebook sells it to announcers. You have no say whatsoever about it. You have actually no control at all over the personal information Facebook has accumulated about you. Facebook is the sole entity to benefit financially from your life, and systematically at your expense.

Companies like Facebook and Google can monetize your private data to their benefit, simply because, in this area, the United States lack in regulation. Facebook and Google do not behave similarly in Europe. Why is that? The answer is called The General Data Protection Regulation (GDPR), a regulation about to become enforceable (on May 25) inside the European Union. It ensures data protection and privacy for all individuals within the EU. It also forbids the export of personal data outside the EU. The GDPR is a regulation, not a directive, so it does not require national governments to pass any enabling legislation; it’s directly binding and applicable. Why don’t we Americans get the same form of protection from our representatives?

“What an excellent day for lobbying an exorcism.”

A Blockchain Alternative: Self-Sovereign ID

There is a Blockchain-based identification system that exists, and it’s called a “self-sovereign ID.” By definition, it’s a “form of identification that’s unalterable and almost completely secure.” Yes, I’m sure you can put two plus two together, when you read in the blog of a tech company the adverb “almost” immediately followed by the adjective “secure.” More about Blockchain and hacking here.

How can Blockchain kick the hornets’ nest? In a nutshell, thanks to a self-sovereign ID, you’d stop relying on third party identity providers like Facebook or Google to store and share your personal data. The idea behind a self-sovereign ID is that you’d have your digital identity data at your fingertips, ready to be shared at your discretion, not at anyone else’s discretion anymore. What does “at your discretion” truly infer? Well, it signifies that you’d be in control of when you want to share your ID and what attribute(s) of your ID you’d want to share. For example, let’s imagine you’re taking a date to the Beyoncé concert (yes, she’s touring in the Fall). An usher walks you guys to your seats (you’re in the front row, center stage; whatever it takes, right?), and given that tonight is the night, you ask your date what she wants to drink. Champagne, it is! You get up and walk to an overpriced concession stand. You order two glasses of sparkling wine (how petty!) and the employee asks for your ID. Now, more seriously, why would you have to show, if not hand over for a few seconds, your driver’s license to a stranger? This employee just wants to make sure you’re not underage. That’s all s/he needs to confirm. Why should s/he be given the ability to see your first name and last name as well as your address, when the only element of interest is your year of birth?

This analogy applied to a Blockchain network would look like this: The information related to your identification would be your sole property and confirmed by “verifiers.” Verifiers are third-party entities that validate your ID, like the DMV. Verifiers would therefore prevent anyone from entering false information in the network. Each time you’d transact or log into an application on a Blockchain network, only the personal information that’s required to execute the transaction or grant you access would be utilized. Thus, you’d have full control over your own data. It would be solely used for access you instigate. Remember, a Blockchain network works as a peer-to-peer network, which de facto eliminates intermediaries. Thus, there is no centralized system that would store your data. Your personal information would be used to access an application at a given moment and that’s it. Your personal information would be required again the next time you need to access this same application.

How about selling your personal information to an announcer? Why not, right? Well, in the context of a Blockchain, you’d engage with a commercial entity in a peer-to-peer mode and, via the execution of a smart contract, sell part of or all your information in exchange for tokens. Thus, you’d be 100 percent in control of your private information and what you intend to do with it. You could sell it without the intervention of an intermediary. In other words, you’d stop being a (Facebook or Google) sucker.

To Conclude…

The very essence of Blockchain gives the power back to individuals by providing them with full control over what they want to do with their personal information. Moreover, the validity of this data is protected by the fact that a Blockchain network offers transparence, since the same information is stored inside all the nodes of the network, so no one (including yourself) can actually alter of delete your information without someone else noticing it.

[Next week, Part 2/2 of this 2-blog series: “How Blockchain Protects Your Transactions Data?”
Teaser: Last night, I dreamed of the Indirection Oracle. Like Ulysses returning to Ithaca, I tried not to listen to her prophetic predictions, fearing she wanted to lure my ship on to the rocks of this centralized computing system called the cloud.]