Blockchain privacy poisoning: What’s the end game?
It's often said that privacy poisoning is blockchain's Y2K. The sentiment can be variously interpreted.
- As immutable records, the information injected onto a blockchain can theoretically remain forever.
- Illegal content, sensitive data and other information might therefore pose theoretical existential risks for blockchains.
- The combination of sovereign self-identity, encryption and zero knowledge proofs can partially mitigate these risks.
Last year, there were a lot of reports on how links to child pornography were found in the bitcoin blockchain. The findings were based on a paper which explored the injection of arbitrary content (any extraneous and unnecessary information) on the bitcoin blockchain. The study suggested that there might be an argument as to why the bitcoin blockchain should technically be illegal.
More importantly, it was a headline jackpot for tabloids. They could now use the words "child pornography" and "bitcoin" in the same headline, while reporting that "experts say bitcoin is illegal."
Of course, bitcoin isn't a great medium for the storage of arbitrary content and anyone who wants to pry information out of the bitcoin blockchain has to actively look for and assemble it. Possession of the bitcoin blockchain isn't any more dangerous than possession of a modem.
But not all blockchains are so insulated, and there are many different kinds of dangerous content. The real danger comes from other types of data.
The most dangerous game
As the theory goes, it's possible to deliberately or incidentally inject certain types of data onto a blockchain in a way that will render it illegal or at least too risky for businesses to ever use it.
The initial study identified several different types of potentially hazardous arbitrary content that might fit the bill. In addition to "illegal and condemned content" like porn, it also noted the risks associated with storage of politically sensitive content, malware, copyright violations and privacy violations.
While media outlets are keen to jump onto porn as the riskiest type of data, the most immediate hazards probably come from privacy violations.
First, this is because, unlike illegal pornography, there's some actual money to be made from chasing down privacy violations, and money is more likely to motivate someone to take legal action than something like protecting people.
Second, it's because blockchains tend to be better at storing numbers and letters than anything else, which lends itself more to storing written information than images, videos and similar.
And third, it's because impending blockchain applications and new privacy-centric regulations such as GDPR (Europe's General Data Protection Regulation) are continuing to draw closer to what looks like an imminent collision.
Politically sensitive content on Ethereum
Crunch time is already coming in some ways. There are multiple instances of people posting politically sensitive content to the Ethereum blockchain, safely out of reach of censors after having their posts deleted from China's sanctioned and heavily-moderated social media platforms.
Ethereum is a more suitable choice than bitcoin because it allows for the cheaper and easier addition of more arbitrary data.
For example, this transaction contains an account of a student who was allegedly assaulted at Peking University and then coerced into silence by university and state officials. Every time she tried to speak out on state-sanctioned social media platforms, she was quickly silenced. So she used Ethereum as a publishing platform.
In its natural form it's just hex code but anyone can easily translate it with an online converter.
In response, China has introduced a set of regulations that essentially prohibit the use of immutable blockchains.
"If I wanted to write my name and cellphone number into a transaction on the bitcoin blockchain, I could do so," said David McNickel, in-house legal counsel at Brave New Coin. "Bitcoin and all its forks, Litecoin and all its forks. They all have this function in them."
So what would happen if, under GDPR regulations, McNickel then exercised his "right to be forgotten" and requested that a company which uses bitcoin stops keeping his personal information? No one's entirely sure.
Companies that accept crypto payments might need to start asking themselves this question.
"You know with GDPR there's this requirement that customers will be able to delete their data that's generated in an interaction with some kind of retailer, and so on" McNickel explains. "With a blockchain, you obviously can't do that. So that would just make them inherently incompatible.
"So if you're a retailer in the UK and you're accepting bitcoin for payment, you're going to have some details on the consumer. Even if you delete them from your personal database, there's still some information on the blockchain... At the moment, there’s not much businesses can do about it."
Beyond payments, this might be somewhat problematic for upcoming blockchain identity solutions, which specifically aim to put potentially sensitive elements of people's personal data on the blockchain.
What's the solution?
"Wait and see" has been working well so far, but McNickel doesn't expect it to last forever.
First, McNickel points out that the USA is showing signs of embracing privacy-protecting GDPR-like regulations, and the USA's changes are expected to get the ball rolling on the global rollout of privacy-centric regulatory shifts.
"Internationally, everyone's looking to the GDPR as a template, as it were, for how they're going to create their own rules. And really, what gets rolled out in Europe and the US [and] Canada will pretty much dominate how everyone else's legislation rolls out."
GDPR was implemented recently and the fines have already started coming. Most notably, Google was hit with a record 50 million euro fine just today (22 January 2019). Businesses that want to start using blockchain will need to have their house in order when handling people's information.
There's probably no real rush though. Regulators still have much bigger fish to fry than blockchain privacy violations, McNickel says, and it's still not clear what enforcement will actually look like.
"Who do you take action against?" he asks. "With the bitcoin blockchain, there's no central company or character behind it. They could take action against personal users, or nodes or mining rig owners, depending on where they are. The actual enforcement of any action against a blockchain is incredibly difficult."
There are broadly two ways a blockchain can go in response to this, he said, and radical decentralisation has been a promising tack to date. Real decentralisation has proven to be an effective defence against accusations of illegal securities sales and might similarly protect against legal action in other ways.
This will see blockchains go one of two ways, McNickel predicts.
"Either they're trying to comply and curry favour, or going completely the other way," he suggested.
In the end, blockchains will as blockchains do, and real compliance efforts will have to come from the businesses that want to leverage the technology.
The natural overlap between cryptocurrency and financial services, and the increasing drive towards thoroughly identifying every single crypto trader in line with AML/KYC obligations is a painful dichotomy, McNickel notes.
"Organisations in general have got to get away from this whole storage of customer data, but at the same time they really should be getting away from it. They're taking over police rolls in AML and KYC regulation, which really got ramped up this year."
And the risks are also apparent by now. For example, right now there is someone selling 100,000 people's exchange sign-up documents, including their selfies, ID document scans and proof of address. If you've gotten verified on Poloniex, Binance or Bittrex, your information might be among the trove that's for sale.
It's not just crypto. Businesses of all kinds are simultaneously being asked to know their customers in detail, and to have the documentation to prove that they know their customers, while simultaneously needing to protect those customers' privacy.
"There's this dichotomy where they're being asked to protect people's privacy on one hand, and know who everyone else is on another hand," McNickel said.
There's no shortage of data breaches, and there will be no shortage of fines levied in the near future. And in the end, privacy poisoning notwithstanding, this winding road leads back to blockchain.
More pros than cons
With the current pace of data breaches, there will be bigger fish to fry than blockchain privacy poisoning for quite a while. As much as the issue is looming over blockchain, it's nowhere near as impressive as the privacy challenges currently facing the users of legacy systems.
Centralised systems are still full of sensitive data, frequently compromised and much easier to levy penalties on than blockchains. In this respect, it's unlikely that privacy poisoning will result in any real action in the near future.
And while there are valid concerns around people's personal information ending up on the blockchain, there are also valid concerns around people's personal information ending up in the poorly-secured non-blockchain databases of a thousand companies. Even as things stand today, having one's personal data on the blockchain lets people know for sure that their data is in the wild. It's arguably a big step up from finding out that your credit card number and passport have been on the dark web for a full year.
In the long run, the combination of blockchain sovereign self-identity, encryption and zero knowledge proofs are a solution that eclipses the problem.
- Sovereign self-identity: The idea of personally holding and taking control of all of one's own data.
- Encryption: The thing that stops people from easily reading data.
- Zero knowledge proofs: A system for verifying the correctness of information without disclosing what the information is.
Opinion: In the end
The end result is that people will have a lot of personal data on the blockchain because that's a safe place to put it. Despite being out in public, the information itself doesn't have to be human-readable. This improved data security minimises the chances of having your personal data stolen and published online.
This will be a good solution for users, and it will be good for all the businesses who are sick of spending an endless fortune protecting user data, only to turn around and swallow a huge fine when it inevitably gets stolen anyway. Privacy poisoning notwithstanding, blockchain solutions and digital identity are able to protect personal data at the source.
But the question remains, what happens when privacy poisoning occurs? What happens when someone's sensitive information finds its way onto the blockchain permanently, self-sovereign identity notwithstanding?
What's the world going to do about the distressing material already burnt into the bitcoin blockchain? What would happen if, right now at this very moment, you immutably published highly sensitive and detailed information on a million people to a blockchain?
The most likely answer is, dissatisfyingly, nothing at all to all of the above. The bitcoin blockchain is riddled with people's names, credit card numbers and illicit material, just like the rest of the Internet. There won't be any grand moment of truth or blinding legal realisation. By the time privacy poisoning is more problematic than the data breaches in non-blockchain systems, it will be too late for anyone to do anything about it.
In this respect, it's quite apt that blockchain privacy poisoning is sometimes referred to as "blockchain's Y2K."
Going forward, it will be perfectly possible for businesses that want to use blockchains to comply with their legal obligations under GDPR and similar regulations when they do. Beyond that, society will just have to make things up as it goes.
Disclosure: At the time of writing, the author holds ETH.