Blockchain technology is continually acquiring use cases in many sectors of the global economy. However, analysts believe that although the transparency associated with the technology helps enhance various processes, it also appears to compromise data privacy and sometimes security.
A partner at the digital forensics and investigations group of Grant Thornton, Vijay Rathour, while speaking about data security and blockchain technology compared blockchain to bank vaults that are made of glass:
“They’re very secure. They’re one-way vaults — i.e., you can put precious things in them but not take it out. The world can see the contents.”
Nevertheless, Rathour said that all of these qualities do not prevent bank vaults from holding stolen assets or blood money. Therefore, the effectiveness of the vaults does not mean that whatever is inside them is also good. Instead, it means that the vaults are just impenetrable to store anything irrespective of its origin. Rathour explained:
“Is it [data stored on blockchain] suitably anonymized? Would I want my passport visible to the world in a glass bank vault for the world to see? No. But I would probably enjoy the benefits of an encrypted version of my passport being held on the ‘cloud’ securely in this blockchain.”
Blockchain is concurrently ‘good and bad’
Blockchain technology has many in-built benefits that are known to make it an ideal match when it comes to the issues of privacy. Moreover, it offers useful data protection features that enable it to comply with the General Data Protection Regulation (GDPR). However, other aspects make this technology inapplicable.
Even though immutability is excellent for data privacy, several hiccups exist. First, immutability comes severely into conflict with information storage laws. Secondly, any errors or inaccuracies that are input on a blockchain can never be corrected. In that context, the chairman of the Cybersecurity Platform of the Austrian Government, Thomas Stubbings, said:
“Indeed, the key feature of a blockchain is protecting the integrity of data by rendering it immutable. However, exactly that feature can become a problem if the data is not required, wanted or correct anymore. It is virtually impossible to remove it. This creates a new sort of privacy problem.”
The co-founder and chief strategy officer of Chainalysis, Jonathan Levin, recently said that full transparency is not entirely beneficial since blockchain technology can also be used to track individuals and link a lot of personal information to them. Levin explained that the two extremes of full anonymity and complete transparency are sometimes bad.
Complete anonymity, on the one hand, opens the door to illicit activity while, on the other hand, full transparency means that there is no privacy at all.
An expert in compliance and an attachment instructor at the New York University School of Professional Services, Teemu Alexander Puutio, explained that there are multiple ways through which data can leak from the cryptographically secured ledgers. He said that Bitcoin is pseudonymous, which makes its users vulnerable to tracking and identification.
For instance, 95% accuracy of identification and theoretically easy methods of observation were attained through network traffic analysis. Puutio also said:
“Bayesian probabilistic analysis has allowed researchers to identify thousands of accounts in a few months. These worries are further compounded by the fact that data stored on blockchains are typically immutable and fully public — at least to the verifier network.”
Also, just a small segment of blockchain platforms can deliver high levels of data security, according to a survey published in January 2019. Blockchain’s inability to selectively delete information may act as a double-edged sword.
Its negative aspect relates to the fact that a 51% majority of the nodes are necessary for data editing to take place. Hence, it greatly complicates the use of Article 17 of the GDRP provisions that give the ‘right to be forgotten.’
One analyst also said that there is a new threat known as ‘blockchain poisoning’ that inserts personally identifiable information that cannot be erased, eventually rendering blockchains incompliant with the GDPR. In the worst-case scenario, the blockchain becomes unusable. This challenge is entirely new, and even the European Union experts are yet to know how to deal with it because nobody owns public blockchains.
Such challenges may hamper the evolvement of a growing blockchain technology space. Eventually, data consistency appears to be the major barrier that must be fully overcome for blockchain technology to become an ideal solution from the GDRP point of view.