The third part of a series of articles on the advantages and challenges of the usage of blockchain technology for collecting and sharing information, without violating users’ privacy.
Some entrepreneurs have been trying to increase data privacy by combining encryption and blockchain technology. There are projects like Oasis Labs and Enigma that focus entirely on preserving users’ privacy. Meanwhile, others have been focusing on preventing data retention by companies. Thus, there is no way to guarantee that personal data is deleted in a company’s data system. Blockchain technology’s reliable consensus ensures that people’s data is used correctly.
Protection against software and hardware attacks
Companies like Oasis Labs, which designed the Ekiden system, run smart contracts outside the blockchain within a Trusted Execution Environment, or TEE, node to enable the same security as if it were on the chain.
The isolated secure area of the main processor allows code and data to be protected entirely against software and hardware attacks.
No one, not even the miners, can see the code being executed. These solutions seem complicated but provide privacy beyond the transactional level.
Projects like these are likely to be advantageous for finance, business and health services where contracts often involve sensitive personal information.
Control of personal data by consumers themselves
In the Enigma Project, researchers at the Massachusetts Institute of Technology have developed a protocol that is on top of existing blockchains. Enigma is also committed to “secret contracts,” as opposed to existing “smart contracts” with nodes in the blockchain capable of calculating data without ever “seeing” them.
A simplified version of what can be accomplished by Enigma can be explained by the example of André and Maria Luíza. They have been trying to find out who has more money in their bank account without revealing the real number. It seems like a simple task, but the technological implications to achieve it are vast. Researchers believe that this will allow users to control their data.
Privacy in the exchange of health information between patients and service providers
The MedRec project has also been launched at MIT and seeks to implement a privacy solution for the health care sector. MedRec positions itself as “a network, not a service,” allowing the safe and seamless exchange of health information between patients and the service provider.
In it, patients can maintain full control of their information and grant access to their records to providers — not the other way around — as is the case today. Health care professionals can join the network and make patient data available on-demand, with the patient’s permission.
MIT researchers have already led several pilots with other research partners and have been working on other improvements. MedRec-like solutions can reduce the number and costs of health data breaches, which are still prevalent in the industry, and drive the development of new HIPAA-compliant electronic health record solutions.
Preventing theft of personal data and guaranteeing privacy when goods are delivered via drones
The Silicon Valley startup Chronicle is developing and supporting the evolution of an ecosystem to increase the security of IoT products. The Internet of Things — e.g., cell phones, vehicles, drones, etc. — network security could be improved via blockchain technology.
The solution included cryptographic microchips that give delivery drones a unique identity on the blockchain. IoT applications use that unique identity to give (or deny) the drone reliable access to secure locations, such as a home or warehouse. The drone’s encrypted chip communicates with a chip reader at an access point connected to the loT, such as a window or door. The chip reader checks the cryptographic signature of the chip and verifies its identity on the blockchain. Once the permission is confirmed, the window/door opens, and the delivery can be completed. The family wallet can pay for the drone right on delivery — like paying for a pizza, but automated.
In a similar vein, technology giant IBM won a new patent at the end of last year for a system based on blockchain technology. It will address privacy and security issues for drones.
The described solution can be used to manage confidential data exchanges, such as those related to the drone’s location, manufacturer, model, flight behavior, the proximity of the vehicle to restricted or prohibited flight zones, and additional information needed for smooth operations.
The patent points out that the solution would be used for “prevention of personal data theft via drones” with an IoT Altimeter that is triggered on take-off, tracking the altitude of the packet and sending the data to a blockchain platform.
Ensuring privacy when sharing medical information during the COVID-19 pandemic
As the vast majority of the population now has smartphones, tracking digital contacts seems highly rational as a way to map the coronavirus’ contagion. How many people are already immune and are able to provide data for a better risk assessment? But how do you develop tracking applications developed for the COVID-19 pandemic securely?
Blockchain technology is a promising solution to privacy-protection issues during the fight against the coronavirus. Its architecture is capable of preserving personal information and private data in health care applications.
Nine Estonian companies — Bytelogics, Cybernetica, Fujitsu Estonia, Guardtime, Icefire, Iglu, Mobi Lab, Mooncascade and Velvet — and several government institutions are currently developing a decentralized contact tracking blockchain application that preserves privacy.
Within this system and designed to fully adhere to recent European Data Protection Board recommendations, no entity may store all tracking data and use it for any purpose other than contact tracking.
When asked about the development, Priit Tohver, an adviser for innovation in digital services at the Ministry of Social Affairs, confirmed:
“We should not create a tool that allows the collection of large-scale data on the population, but a tool that, according to the principle of data minimization, should only be used to reduce the spread of the virus. These types of applications should not become a general data collection tool for any government.”
He added that “while collecting more extensive data sets may be useful for epidemiological modeling, it is highly unlikely that it will ever achieve the kind of public acceptance and acceptance in our country that a decentralized approach to privacy preservation could make.” The Estonian blockchain application should be based on the DP-3T protocol developed by leading privacy experts.
The contact tracking system, which will be compatible with iOS and Android devices, will allow individuals to actively opt in if they wish to participate and contribute to this solution. The application itself is based on radios integrated into a given device and transmits an anonymous short-range Bluetooth ID.
The application analyzes which IDs the individual has been in contact with in the past 14 days. Only if a certain distance and time limit between two devices are registered will a match be considered confirmed.
Privacy protected by returning identity data to citizens
The new digital environment we live in involves more technologies and people — thus, more personal data — and raises the most important question about our identities. However, we are still learning what “identity in a digital world” means:
“Digital identity is the total sum of all the attributes that exist about us in the digital world, a constantly growing and evolving collection of data points.”
According to the World Economic Forum, an excellent digital identity should put the power of privacy back in users’ hands. It should also be inclusive, useful and secure for all, as well as interoperable, user-centered and decentralized.
What does the decentralization of identity management mean?
The decentralization of identity management empowers people, returning control over their own identity and privacy. It is more secure than relying on centralized identity providers in the form of authorization services, passwords or keys management systems.
Large companies such as McKinsey, Microsoft, IBM and Accenture have already discussed decentralized models in terms of potential digital identification systems. Many privacy and data protection issues cannot be solved via blockchain technology with the universal deployment of decentralized identity management. Now, everything revolves around this, as can be seen in areas such as IoT, online voting, investments and supply chain management, among others.
However, for this to work, we need to set standards to establish an interoperable way to access these identities.
The ability to conduct transactions in a way that protects information is of fundamental importance in creating a world that respects digital privacy, which has recently been elevated to the category of fundamental principle for a decentralized future by the World Economic Forum.
When it comes to privacy, there is no silver bullet, but several methods and mechanisms ensure its protection according to specific cases of use.
Although this article does not exhaust all prisms on the subject, I hope it will be useful to companies and consumers, instigating the search for the protection of privacy via blockchain solutions.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Tatiana Revoredo is a founding member at Oxford Blockchain Foundation and a strategist in blockchain from Saïd Business School, University of Oxford. Additionally, she is an expert in blockchain business applications from MIT and the CSO of theglobalstg.com. Tatiana has been invited by the European Parliament to the Intercontinental Blockchain Conference and invited by the Brazilian Parliament to the Public Hearing on Bill 2303/2015. She is the author of two books — Blockchain: Tudo O Que Você Precisa Saber and Cryptocurrencies in the International Scenario: What Is the Position of Central Banks, Governments and Authorities About Cryptocurrencies?