SIDEBARS
Creating Open Algorithms to Ensure Privacy?
MIT Connection Science officer Thomas Hardjono authored the 2016 W3C Position Paper “On Privacy–Preserving Identity Within Future Blockchain Systems.” He emailed me his thoughts on creating open algorithms to ensure privacy. “One of the major challenges today has to do with an interesting dilemma with regards to data-driven decision making for individuals, organizations and communities. On one hand, individuals, organizations and communities need ‘access to data (information)’ in order to perform computations as part of decision-making. The promise is that better insights can be obtained by combining data from different domains in interesting and innovative ways. On the other hand, however, there is considerable risk to privacy when ‘data is shared’ across entities. As such, one imperative next step is to develop the paradigm of ‘open algorithms’: (i) It is the algorithm that is moved to the data location (and computed there); (ii) data must never be exported (leave) its repository; (iii) algorithms must be vetted for fairness and PII-leakage; (iv) data should be encrypted at all times (during computation and during storage). The last principle (data encrypted at all times) means that new cryptographic techniques are needed which allows data to remain encrypted (and even ‘sharded’ into parts across distributed locations) so that it increases protection against cybersecurity attacks.”
Whither Privacy?
Walid Al-Saqaf is a senior lecturer at Södertörn University in Stockholm, where he specializes in the use of the internet and media technology for journalism, access to information, freedom of expression, and public good. He also serves as a member of the Internet Society board of trustees. He sees blockchain as a new type of challenge for industries, governments, and individuals. He told me, “One characteristic of the blockchain is immutability. So if users opt to put their private information on the blockchain, they cannot simply remove them because blockchains are not meant to be centrally controlled. In other words, there is no ‘blockchain manager’ who can oblige to requests to delete personal information. So I don’t personally see a way for blockchains to be GDPR-compliant. That being said,” he added, “I also cannot see how someone could sue a blockchain that is not controlled by anyone! This is an interesting area to study in-depth and to me, it actually may expose the knowledge gap that exists among bureaucrats (in this case in the EU GDPR regulators) and disruptive technologies where such regulations are impossible to implement.”
The View From Europe
I consulted Nicola Fabiano, Italian lawyer and frequent commentator on European implementations of blockchain, to ask about the European view of blockchain’s effect on privacy. He said, “In Europe, people are working on blockchain standardization, and I think that data breaches will decrease. Obviously, it depends on the blockchain category (public blockchain, private blockchain, combined blockchain). I think that in the private and combined blockchains it is an adequate level of protection.” He sees the main issues as being related to the public blockchain, but hopes that a technical standard could mitigate the risks. “The ‘data protection by design and by default’ principles or ‘privacy by design’ method [is] an excellent …model to protect personal data.”
