Can blockchain ensure data privacy? IBM certainly seems to think so. Earlier this month, according to a filing published by the US Patent and Trademark Office (USPTO) IBM has applied to patent a system that would use blockchain tech to tackle privacy and security concerns for drones.
According to the filing, blockchain offers “effective techniques for managing data” related to drones. While the patent only became public recently, it was filed as early as 2017, showing that for IBM blockchain presented a large number of possible enterprise uses including ensuring data privacy.
Blockchain Technology Safeguards Privacy
Blockchain’s use as a tool to protect privacy lies in the nature of the technology itself. Essentially, it is a decentralized technology that functions as a digital ledger, which publicly tracks, records and verifies the legitimacy of all transactions. Due to the nature of the technology, with no central location that stores private data, there is no single point of attack, greatly increasing the security of the system. This does not just apply to cryptocurrency transactions — companies are building off this technology, decentralizing data like encrypted messaging, tracking enterprise documents or easing the creation of legal contracts.
It also allows users to digitize assets in ways that have not been possible before. For the first time in history of the internet, it is possible to store assets in such a way that they cannot be copied or duplicated without permission, and that their source is always known if it needs to be known. They store immutable records and they are disseminated among every user, every one of whom has their own particular private cryptographic key.
Related Article: 7 Trends Driving Blockchain Forward
Blockchain Features That Protect You
Darryn Jones is vice president of business development for the Greater Phoenix Economic Council (GPEC). He pointed out that in the context of privacy, blockchain enterprise solutions provide three key benefits:
- The ledger of transactions distributed across a widespread network prevents a single point of failure for hacking or fraud. If a discrepancy occurs, the time-stamp mechanism reduces costs associated with auditing and stronger context for applying correction.
- Blockchain offers capabilities for an individual to have full autonomy over personal information, an important consideration for medical records, money and proof of identity. A central authority or service provider cannot tamper or abuse an individual's information without their knowledge.
- Depending on an applications intended use, the ability to operate directly with employees, clients, or customers prevents additional oversight or exposure to transactions and exchanges of value.
“The debate for enterprise solutions culminates between adopting a model similar to the Intranet vs. the Internet, permissioned access or full public transparency. The rate of disruption within a company or industry will stem from this component of openness as it redefines competitive advantage and the approach to the marketplace,” Jones said.
Related Article: Blockchain: 10 Questions To Ask Before Diving In
How Open Source Helps
A simple way of thinking about a blockchain is as a shared database, according to Omid Malekan, author of the recently published book "The Story of Blockchain." In open and permissionless chains (like Bitcoin) everyone shares the data. In more enterprise-oriented permissioned ledgers (like Hyperledger Fabric) only certain parties get access. Nevertheless, the shared nature creates a hyperfocus on privacy, in a way that does not exist with today's proprietary data owners.
Project Hyperledger was created by the Linux Foundation as an open source community project, which incubates and promotes a range of business blockchain technologies, including distributed ledger frameworks, smart contract engines, client libraries, graphical interfaces, utility libraries and sample applications.
If you look at the biggest breaches to date, such as the ones at Yahoo or Experian, they happened because hackers were able to penetrate the private databases of single corporations. “Since all the above projects are open source, you have an entire community of users weighing in on development at every stage. Any vulnerability is far more likely to be detected, as privacy is now being crowdsourced,” Malekan said.
Aaron Leibowitz is one of the founders of New York City-based Novo Protocol, a blockchain-based marketplace for verified business data that directly connects commercial data providers and data consumers on a global level. He pointed out that while there are a large number of public blockchains out on the marketplace, most enterprise blockchains in use right now are actually private distributed ledgers rather than public blockchains. This makes it impossible for unauthorized users to access any of the data in them. “[Private blockchain] in distinction are very important to your topic as the private ledgers aren't vulnerable to the transparency of public blockchains,” he said, and there are many ways to protect them.
One way is to store the data with only the data provider knowing the data using something called Zero Knowledge Proofs. Another avenue is to store only a hash of the data to the blockchain and store the only copy with the data provider — this allows them to prove that the data is the same as at the time it was hashed onto the blockchain by comparing hash returns. This is not a true answer as the data is not stored on the blockchain itself.
Beyond this, there are decentralized storage systems such as IPFS, Filecoin, and others. These allow for data to be held in such a way that — as opposed to Equifax where once the server was breached, the hacker had free reign on all data — a hacker would be forced to individually break into each unique wallet that stored data to access the relevant data. This significantly reduces the ability for the hackers to access all of the data and instead would only expose a small amount of data for the same level of work as would return a full dataset in a centralized storage manner. “In summary it is about how you store the data on the blockchain that determines its vulnerability and the security level ranges based on the structure,” Leibowitz said.
Protecting Health Data
Take the sensitive issue of storing health data. The potential of blockchain within healthcare is evident, Adnan Raja, vice president of marketing for Atlantic.Net, a web hosting solution that offers HIPAA-compliant, cloud, dedicated and managed hosting services. (HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.)
Take MedRec as an example. MedRec is a way of storing health records using fully decentralized access rights via an Ethereum blockchain thereby giving patients control over record distribution. According to the developers at MIT, MedRec uses the World Wide Web as a model.
This system enables the monitoring of user privileges related to access and manipulation of patient records (i.e., who has the authority to view and update them). The researchers designed the solution with both patients and doctors in mind so they could each easily access a complete, incorruptible log of their data and give access to information from all of a patient's providers.
Raja added that one of the cornerstones of HIPAA is to keep protected health information (PHI) secure and private. The law restricts the use and disclosure of healthcare information, requiring written authorization from patients for any exceptions. Blockchain can encrypt all sensitive data and separate it into segments that would be accessible to authorized parties at any time. “Blockchain currently provides one of the best tools we have to protect our data from hackers. The reason I say this is because the only way for a hacker to corrupt or destroy a blockchain is by destroying the data held on every single computer in the blockchain’s network,” David Ambrogio, a consultant at Pelicoin, Gulf South Bitcoin ATM network, concluded.
Of course, this means that bigger blockchain networks with more users are immensely harder to take down than smaller networks with fewer users, but either way, a hacker is going to have a very hard time damaging data protected with blockchain technology.