{"id":12186,"date":"2018-10-31T13:31:55","date_gmt":"2018-10-31T09:31:55","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/blockchain-and-privacy\/12186\/"},"modified":"2019-11-15T15:22:45","modified_gmt":"2019-11-15T11:22:45","slug":"blockchain-and-privacy","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/blockchain-and-privacy\/12186\/","title":{"rendered":"Is blockchain compatible with privacy?"},"content":{"rendered":"<p>Coming up on the tenth anniversary of <a target=\"_blank\" href=\"https:\/\/www.bitcoin.com\/bitcoin.pdf\" rel=\"noopener noreferrer nofollow\">Satoshi Nakamoto\u2019s paper<\/a>, do we really need yet another take on Bitcoin? Well, I think so. Today, I am going to focus on an aspect of this technology that needs more discussion \u2014 privacy.<\/p>\n<p>The bedrock of blockchain \u2014 that every transaction is added into the history and written in \u201cblocks\u201d \u2014 has already backfired on more than one cybercriminal. The tremendous success of investigators in tracking down the perpetrators is a direct result of the history of their transactions being forever (as much as this adjective can be applied to the matter) inscribed in the chain of blocks. That, by the way, raises an important question: Why aren\u2019t financial regulators embracing the cryptocurrencies already?<\/p>\n<p>Of course, clarity is not always what we want. Consider privacy. This basic human right has been enshrined in the laws of many countries. In Europe, for example, the General Data Protection Regulation (GDPR) states that every person has a right to recall their consent at any time and permanently retrieve or delete any personal information they had previously agreed to share. How does that square with blockchain\u2019s permanent record?<\/p>\n<p>Here\u2019s an example: Recently, I heard about a blockchain startup called MedRec. It enables medical practitioners to access patient data from different local storage systems. Of course, patient consent is required \u2014 but what happens if they change their minds?<\/p>\n<p>To be fair, the demonstrated proof of concept didn\u2019t keep the patient data on the blockchain itself \u2014 instead, the blocks contained information about the patient\u2013provider relationship. But citizens of the EU are supposed to be able to revoke permission to use even that information \u2014 and, unless it\u2019s stored on a privately held blockchain, they can\u2019t. It\u2019s worth noting that if the healthcare industry embraces the idea, then medical records will be kept in the public blockchain, because <a target=\"_blank\" href=\"https:\/\/www.ft.com\/content\/6f138722-47d4-11e8-8c77-ff51caedcde6\" rel=\"noopener noreferrer nofollow\">interoperability<\/a> is a key issue for adoption.<\/p>\n<p>Another example comes from the education sector. The University of Nicosia was the first educational institution to accept bitcoins as payment for their online courses. They went even further \u2014 they <a target=\"_blank\" href=\"https:\/\/digitalcurrency.unic.ac.cy\/free-introductory-mooc\/self-verifiable-certificates-on-the-bitcoin-blockchain\/academic-certificates-on-the-blockchain\/\" rel=\"noopener noreferrer nofollow\">put the certificates of completion into the blockchain as well<\/a>.<\/p>\n<p>The intention is clear \u2014 that way, everyone who has specific info (namely, the hash) provided by owner of the certificate could check that they had indeed successfully completed the course. By design, this ledger contains only the hash, which is hard to reverse if you\u2019re not an intended recipient, which means it has roughly the same level of pseudonimity as the bitcoin itself. As I stressed above, that has already proven to be useful in tracking down criminals.<\/p>\n<p>Of course, the information that someone completed online courses may not be considered personal. I\u2019m not going to argue that point here, only note that definitions of private and nonprivate information may evolve with time, but whatever\u2019s on the blockchain is going to stay there.<\/p>\n<p>Some startups go even further, pitching extra services for HR. They focus mainly on the idea of providing hiring managers with candidate information verified by a distributed ledger. This information, including entirely personal tidbits such as a person\u2019s experience, previous jobs, and accomplishments, will be impossible to clear if people choose to retract their consent. Luckily, it seems that such startups have dropped off the radar. However, I would not be surprised if similar ideas resurfaced somewhere, somehow.<\/p>\n<p>To conclude, I\u2019d like to recall how we got here. Our understanding of which information is personal and which is not, has evolved along with the IT industry itself. Today we have a legal definition of \u201cpersonally identifiable information,\u201d which is a good start. But I believe that when applying blockchain to solving business problems, we should never forget about privacy as a basic human right.<\/p>\n<p>If my data is on lots of different computers, how can it still be private? And if neither I, nor anyone else in particular, has direct control over all of those computers, what do I need to do to remove this data? Blockchain is great for lots of things, but not for everything. In the end, unremovable personal data is the opposite of privacy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Blockchain was designed to reliably store data forever. Unfortunately, such design conflicts with modern privacy legislation trends.<\/p>\n","protected":false},"author":2454,"featured_media":12187,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1225,1226],"tags":[374,1308,1312,43],"class_list":{"0":"post-12186","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-technology","9":"tag-bitcoin","10":"tag-blockchain","11":"tag-gdpr","12":"tag-privacy"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/blockchain-and-privacy\/12186\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/blockchain-and-privacy\/14557\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/blockchain-and-privacy\/16488\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/blockchain-and-privacy\/14702\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/blockchain-and-privacy\/13601\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/blockchain-and-privacy\/17260\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/blockchain-and-privacy\/16521\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/blockchain-and-privacy\/21601\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/blockchain-and-privacy\/5407\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/blockchain-and-privacy\/24427\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/blockchain-and-privacy\/11123\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/blockchain-and-privacy\/10008\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/blockchain-and-privacy\/18026\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/blockchain-and-privacy\/9970\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/blockchain-and-privacy\/21919\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/blockchain-and-privacy\/17560\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/blockchain-and-privacy\/21437\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/blockchain-and-privacy\/21437\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/privacy\/","name":"privacy"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2454"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=12186"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12186\/revisions"}],"predecessor-version":[{"id":14577,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12186\/revisions\/14577"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/12187"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=12186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=12186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=12186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}