Protecting the "right to oblivion" in the era of the blockchain


There was a lot of hype about blockchain in the last year. Although better known as the technology behind Bitcoin, the blockchain is starting to destroy other industries, from supply chains to energy trading.

One of the main strengths of the blockchain is that once the data is added to the chain, it can not be edited or removed. This makes the blockchain reliable.

But this same immutability makes blockchain problematic in a world where privacy laws require companies to erase their data from databases once their goals are met. This is known in some jurisdictions as the "right to oblivion".

We have designed a blockchain in which users can remove their data from the database without violating the blockchain consistency.

Currently there is a growing market of Internet of Things devices, from smart homes and driverless cars to voice assistants and smart energy meters. These devices continuously collect the digital biographies of our lives. Since these data are increasingly stored on blockchain, the tension between blockchain and the right to oblivion will only increase. Our tool could help.

How the blockchain works

Inside, blockchain is a database managed jointly by a distributed set of participants. Whenever new data is added to the database, all participants must agree to verify it. In this way, blockchain removes the need for a third party, such as a bank, to verify transactions.

The blockchain register is organized in blocks, where each block is connected to the previous block by cryptographic hash functions. These functions create a short code based on the contents of the previous block and it is not possible to guess this code without trying all the possible codes. Block chaining in this way ensures that the data stored in them can not be modified, since any modification made could break the consistency of the blockchain.

This makes the blockchain immutable. It also makes blockchain data easy to track and monitor, especially for large networks such as the Internet of Things. These features are very interesting for organizations that operate beyond the boundaries of the organization and in environments where participants may not trust one another.

Regulatory challenges

The recent General Data Protection Regulation (GDPR) of the European Union is a significant piece of legislation that runs counter to a digital economy supported by the blockchain.

The GDPR requires companies holding personal data to delete those data once the original purpose they needed is complete. This means that people must be able to remove their data from third-party databases after a certain period of time.

Blockchain – to be immutable – presents an obstacle to the exercise of this right.

Risks for privacy

Let's say you live in a smart home that uses sensor data to monitor your home security. You have a home insurance policy and, to receive lower premiums, allow your smoke alarm and security sensor data to be recorded on a blockchain.

Blockchain data can be consulted by the police, firefighters and the insurance company so that you can check for smoke alarms or security events. Once the insurance period is over, you should be able to remove your security data from the blockchain to improve your privacy.

If you left your blockchain data indefinitely, this would increase the risk that your data will be identified as yours and your activities are tracked by any entity with access to the blockchain.

A blockchain participant typically uses one or more public keys as an identity. Blockchain transactions are archived anonymously, as there is no direct link between the public keys and the identity of the actual participant. But an identity violation in any of the transactions, for example by linking the content of the transaction to other data known to the user, leads to all interactions of the user's devices, stored in blockchain, to be traced by all blockchain participants.

Data removal without interrupting the chain

So being able to remove data from the blockchain without "breaking the chain" would be beneficial to user privacy. It would also be useful to save storage space on servers that store blockchain logs.

But at the moment, removing data from a blockchain is not possible without breaking the consistency of the blockchain.

We have developed a solution that allows you to remove detailed transaction data from a blockchain database, without removing the verifiable trace that the transaction took place.

As described in our peer-reviewed publication this month, Memory Optimized Flexible Blockchain allows you to temporarily archive, summarize or completely remove transactions from the blockchain, while maintaining the consistency of the blockchain.

The residual trace of the data (its hash) on the blockchain can still be used in the future, in case disputes over what has happened arise. For example, if a homeowner wanted to verify that an intrusion occurred in their home based on a previous insurance policy, it could provide a private copy of the data with the associated hash associated with it. A & quot; legal authority could then compare the hash of the person's data with the hash that is still stored on the shared blockchain and then validate the authenticity of the person's claim.

This approach gives you full administrative control of your data stored in blockchain. It allows you to remove or summarize this data without sacrificing the ability to monitor data in the future.

Privacy recovery and control

It is important to note that our published approach can be performed on any existing blockchain solution and does not affect the consistency of the blockchain. Links between blocks through hash functions are retained, even if specific blocks are removed or summarized by the chain. In other words, the link of any blockchain entry remains, but the envelope containing some data can be removed.

In fact, as long as the removed content is stored privately outside the blockchain, the authenticity of the data can be independently verified at a later time by comparing it with the hash in the blockchain. In this way, you can regain control of all previously shared data and exercise your right to oblivion in the blockchain era.

Raja Jurdak, Head of Research Group, Distributed Sensing Systems @ Data61, CSIRO. Ali Dorri, doctoral student, UNSW. Salil S. Kanhere, associate professor, UNSW

This article was published for the first time of The Conversation.

[ad_2]Source link