Blockchain Technology and Privacy
We all enjoy drawing our curtains in the evening for a small bit of extra privacy in our living rooms or bedrooms, but do we all view privacy through the same lens when thinking about financial transactions, information storage, or how data is shared across the Internet? Do we ever wonder why there is no figurative curtain for Facebook? Do we question why there is no curtain to shield information from our banks about our week’s monetary incomings and outgoings?
Remember, there is no single definition of privacy. It is a concept that straddles domains, cultures, contexts, and industries. It has been discussed within philosophy, sociology, law, computer science, and a host of social sciences for many years. The fact remains that consensus has not been reached on exactly what privacy is. Privacy is viewed, by some, as a legal right; a right that agents should engage with, and one that must be protected by governments through legislation and regulatory bodies.
Economic theorists and practitioners view privacy as a commodity — explicitly related to the supply-and-demand-driven market for information. This view is especially pertinent in the 21st century, as data science and big data emerge as valuable sources of competitive advantage, and market value is built through insight extraction — a process where firms gather, store, analyze, and extract information from user-generated data. Privacy, in this context, relates to what is expected from users, customers, or firms when involved in location-based tracking, targeted ads, email scanning, Google search monitoring, and so on. Should user privacy be protected? If so, what is the cost? If not, what is the benefit? Who owns the data? Who should be able to monetize it, and who is responsible for protecting and/or securing it?
Privacy may also be understood solely as a cognitive concept — a state of being that an entity (living or not) is perceived to be, move through, or become. An example of this is the unambiguous “private property” declaration, which proposes a certain “existive” state on a piece of land, building, or object. A second cognate-based understanding is the perspective of “privacy as control,” which attests that privacy is a mechanism through which agents assert or remove control from a situation, artifact, or person. An example of this perspective is a walled garden that remains private as long as the entrance gate remains locked. The person who controls the key controls access — ultimately asserting governance on the persons wanting to enter or exit.
Understanding certain perspectives of privacy allows us to detail why it is important in the context of blockchain, distributed ledger, and smart contract technology. Thus, questioning the importance of privacy to anyone deploying the technology, using the technology, or regulating the technology, is important. How is a blockchain different than any database? How is it used differently than normal databases? What are the implications of deploying an immutable record of information in a distributed consensus network? How is the technology used in blockchains different from any other information or data storage technology? These are the questions firms should be asking as they attempt to understand the concept and its implications on an active, and evolving, basis.
At its heart, a blockchain is a data store. For the most part, access to this data storage is either open and transparent (i.e., permissionless blockchains) or controlled and monitored (i.e., permissioned blockchains). With permissioned blockchains, users must understand what levels of privacy they are agreeing, and adhering, to. They must understand what information is private or not private. They need to be made aware of what is being done with the information stored on the chain, who is accessing it, and for what purpose. Users may not be aware they are engaging in the market for privacy as a user, consumer, or customer — a source for valuable, marketable, and saleable information. They must be educated on the implications and accepted (or not) modes of interaction. They need to be explicitly made aware that information stored in the blockchain may be immutable,1 destined to remain stored and accessible for the rest of time.
Users must be made aware that those who control access to the data store hold responsibility to users — whether they are individuals whose data is stored and secured on a ledger, firms that hold information on their user base, or regulators and legislators monitoring or accessing data for legislative or regulatory purposes. If groups have different perspectives of what privacy is, or is not, there may be tensions with respect to how stakeholders access, use, hold, share, secure, analyze, or transmit data. Users may be unaware that their information is being used in certain ways or accessed by a host of external agents, or unaware that one entity (the owners and controllers of the blockchain) may have veto of what is, and what is not, kept private.
We have seen how data analysis and sharing can lead to high-profile investigations and potential libel cases, as in the recent Facebook/Cambridge Analytica data privacy breach. With the deployment of blockchain data stores, the potential for data breaches arguably increases as data is distributed across the globe and is designed by nature to be both accessible and transparent. Firms that store data using these technologies need to be cognizant of potential attack vectors and operational security requirements.
On the other hand, permissionless chains are usually open source, fully transparent, and accessible by anyone. Users must understand how to monitor, control, and engage with aspects of their own privacy. They need to ask whether they want, or even understand, that specific information may be linked directly to them and/or is traceable directly to them or to specific situations. Do users know how to protect certain aspects of their information as it is recorded to this immutable and traceable store of data? Do they know, or are they even aware, that any information stored on the blockchain may be used for any purpose, by any agent, as ledgers are open source and, by design, do not place rules, constraints, or regulations on those that wish to access them?
1Blockchains are viewed as immutable data stores. However, instances have occurred where immutability has been questioned, or where decisions have been made to alter the history of specific blockchains. For a more detailed discussion, see “Are Blockchains Actually Immutable?”
[For more from the author on this topic, see “Privacy, Blockchain, and Why the Industry Needs a Spanner.”]
Explore the opportunities, challenges, existing and projected applications, use cases, and the industry and business implications of blockchain technology. Visit the Cutter Bookstore and SAVE 20% with Coupon Code BCW20. Order now!