Home / Blockchain / What companies do with your personal data and how Blockchain protects it

What companies do with your personal data and how Blockchain protects it

<div _ngcontent-c14 = "" innerhtml = "

Source: Getty Images

Shiru Caf & eacute; created a branch near Brown University with a unique pricing model: here, students receive "free" coffee in exchange for name, e-mail, phone numbers and more. Most students find it not at all worrying: "I am giving tons of organizations my data and I do not receive goods or services back," said Jacqueline Goldman, a Brown graduate student and Shiru client. "Shiru is transparent".

This trend is another sign that companies believe data iS the new oil. It is the fuel that drives the advertising, analysis and decision-making of many companies, not to mention that modern AI exists only thanks to the huge amount of data it has been trained on. Unfortunately, this precious resource has been free to collect for a long time. According to Jesse Leimgruber, & nbsp; cofounder of & nbsp;flowering, "In the United States alone, more than 10,000 companies are pooling and selling your personal data." As such, the importance of protecting, limiting and safeguarding this resource has been neglected. After all, the part that most data collectors are interested in is how they can use those data to maximize their profits – do not do it spend money and resources to keep it safe.

The need for structural changes

The European act of GDPR has been a step in the right direction, forcing companies to take greater responsibility for the data they collect, file and collect from. Companies that do not do it could face heavy penalties. Most of the cases are Facebook, which could be fined up to $ 1.63 billion for his recent violation.

This violation was not a negligence in data protection like the recent Cambridge Analytica scandal, but rather a delicate attack that exploited a bug in a recent Facebook update. It seems that whatever Facebook does, it is still hopeless to protect its users' data.

Of course, Facebook is not "just" – Google managed to steal the spotlight again Google+ violation. This violation went back to May of this year, but Google wanted to stay under control while Zuckerberg was testifying before the Senate, where he rightly observed that Facebook has grown beyond a platform developed by students in a dormitory. These companies have more active users in many countries and share a much greater responsibility in this interconnected world.

Perhaps the most severe (and most frequent) hacks are those aimed at the medical industry, where the critical information that can be used for blackmail is stolen almost regularly. These violations raise the question: instead of playing cat and mouse with hackers, is there a way to fundamentally address this problem?

The technical answer

The "problem" with computer data is that it is easily replicable, unlike paper documents. When it comes to paper money, blockchain has done a decent job in preventing this feature; cryptographically signing transactions, ensures that there is only one true "owner" and, by decentralizing and spreading data across multiple nodes, effectively fights single-point-of-failure syndrome. Even if hackers manipulate and overwrite the data, they still have to convince at least 51% of the network to accept the fake as a valid transaction.

While this works well for monetary transactions, it becomes catastrophic when applied to personal information. Blockchain could effectively protect the ownership rights of personal data, but it does not do well to protect them from being seen, especially because everyone will receive a copy of that data. For this reason, we have the concept of Self-Sovereign Identities, or SSI for short.

SSI Primer

SSI is based on the principle of cryptography, where public and private cryptographic keys are used to "sign" documents. Normally, these keys are generated by an & # 39; app on your device and are unique to you. To simplify how it works, this cryptographic concept is based on mathematical tricks. For each document, we can generate a "hash number" that is (almost) unique for every document in the world. This number of hashes is obtained by reading all (or parts) of a document and, considering the values ​​and the sequence of bytes, creates a unique number that represents that document.

Subsequently, the private key is used to "sign" that document, which means that a new number is generated based on the combination of the two. The good part is that this operation is unidirectional. It's like guessing the prime numbers; there's no formula for this – we just need to divide the number by half of the previous numbers to see if it's a prime number or not.

But there is a way for it to verify the number and this is via the public key. By comparing the final hash with the public key we can be sure that the person is the real owner of that document, since no one else in the world has access to that private key (this is why it is so disastrous to lose your keys private – millions have been lost in Bitcoin because of this error).

SSI takes this cryptographic concept and applies it to personal data: all data is stored on the user's device and only the parts that are needed will be shared with the outside world. This means that if the user is over 18, the date of birth should not be shared; the requesting party simply receives a yes / no response.

The role of Blockchain

While personally identifiable information is not shared in the ledger, coordination between the different parts requires orchestration, and this is where the blockchain comes into play. In the previous example, an & # 39; entity must verify the age of a user. For this reason, they turn to validators or Attestors. These entities were in contact with the individual and issued evidence, such as a driving license or a university degree or a birth certificate. When users submit their tests, the validators are queried and ask to validate these statements and offer the yes / no response above.

This format of data sharing is much safer. "When issuing unprocessed information to a lender or financial service, it is usually necessary to provide complete complete information (such as SSN, full name or address)" according to Leimgruber. "With Bloom you can share verification tests without sharing the raw information." Companies receive a minimal amount of data and even storage space is decentralized, which raises a heavy burden when it comes to compliance with GDPR.

The road ahead

Blockchain and SSI show a promising future to protect our personal data. Recently, & nbsp; BMW and American Express ME have worked with Bloom to improve their safety& nbsp; and simplify the loan experience. Facebook, on the other hand, decided to throw it off its platform and prevent Bloom's advertising campaigns. Ironically, this happened only a week after the recent violation of Facebook. While Facebook has long banned the cryptocurrencies from its platform, the move seems controversial given the history of Facebook violations and the fact that blockchain is not equivalent to cryptocurrency. Obviously, the company has its own blockchain division, but it remains to be seen whether this technology will eventually be used to protect billions of users on its platform.

">

Shiru Café has created a branch near Brown University with a unique pricing model: here, students receive "free" coffee in exchange for name, e-mail, phone numbers and more. Most students find it not at all worrying: "I am giving tons of organizations my data and I do not receive goods or services back," said Jacqueline Goldman, a Brown graduate student and Shiru client. "Shiru is transparent".

This trend is another sign that companies believe data iS the new oil. It is the fuel that drives the advertising, analysis and decision-making of many companies, not to mention that modern AI exists only thanks to the huge amount of data it has been trained on. Unfortunately, this precious resource has been free to collect for a long time. According to Jesse Leimgruber, co-founder of flowering, "In the United States alone, more than 10,000 companies are pooling and selling your personal data." As such, the importance of protecting, limiting and safeguarding this resource has been neglected. After all, the part that most data collectors are interested in is how they can use those data to maximize their profits – do not do it spend money and resources to keep it safe.

The need for structural changes

The European act of GDPR has been a step in the right direction, forcing companies to take greater responsibility for the data they collect, file and collect from. Companies that do not do it could face heavy penalties. Most of the cases are Facebook, which could be fined up to $ 1.63 billion for his recent violation.

This violation was not a negligence in data protection like the recent Cambridge Analytica scandal, but it was a delicate attack that exploited a bug in a recent Facebook update. It seems that whatever Facebook does, it is still hopeless to protect its users' data.

Of course, Facebook is not "just" – Google managed to steal the spotlight again Google+ violation. This violation went back to May of this year, but Google wanted to stay under control while Zuckerberg was testifying before the Senate, where he rightly observed that Facebook has grown beyond a platform developed by students in a dormitory. These companies have more active users in many countries and share a much greater responsibility in this interconnected world.

Perhaps the most severe (and most frequent) hacks are those aimed at the medical industry, where the critical information that can be used for blackmail is stolen almost regularly. These violations raise the question: instead of playing cat and mouse with hackers, is there a way to fundamentally address this problem?

The technical answer

The "problem" with computer data is that it is easily replicable, unlike paper documents. When it comes to paper money, blockchain has done a decent job in preventing this feature; cryptographically signing transactions, ensures that there is only one true "owner" and, by decentralizing and spreading data across multiple nodes, effectively fights single-point-of-failure syndrome. Even if hackers manipulate and overwrite the data, they still have to convince at least 51% of the network to accept the fake as a valid transaction.

While this works well for monetary transactions, it becomes catastrophic when applied to personal information. Blockchain could effectively protect the ownership rights of personal data, but it does not do well to protect them from being seen, especially because everyone will receive a copy of that data. For this reason, we have the concept of Self-Sovereign Identities, or SSI for short.

SSI Primer

SSI is based on the principle of cryptography, where public and private cryptographic keys are used to "sign" documents. Normally, these keys are generated by an & # 39; app on your device and are unique to you. To simplify how it works, this cryptographic concept is based on mathematical tricks. For each document, we can generate a "hash number" that is (almost) unique for every document in the world. This number of hashes is obtained by reading all (or parts) of a document and, considering the values ​​and the sequence of bytes, creates a unique number that represents that document.

Subsequently, the private key is used to "sign" that document, which means that a new number is generated based on the combination of the two. The good part is that this operation is unidirectional. It's like guessing the prime numbers; there's no formula for this – we just need to divide the number by half of the previous numbers to see if it's a prime number or not.

But there is a way for it to verify the number and this is via the public key. By comparing the final hash with the public key we can be sure that the person is the real owner of that document, since no one else in the world has access to that private key (this is why it is so disastrous to lose your keys private – millions have been lost in Bitcoin because of this error).

SSI takes this cryptographic concept and applies it to personal data: all data is stored on the user's device and only the parts that are needed will be shared with the outside world. This means that if the user is over 18, the date of birth should not be shared; the requesting party simply receives a yes / no response.

The role of Blockchain

While personally identifiable information is not shared in the ledger, coordination between the different parts requires orchestration, and this is where the blockchain comes into play. In the previous example, an & # 39; entity must verify the age of a user. For this reason, they turn to validators or Attestors. These entities were in contact with the individual and issued evidence, such as a driving license or a university degree or a birth certificate. When users submit their tests, the validators are queried and ask to validate these statements and offer the yes / no response above.

This format of data sharing is much safer. "When issuing unprocessed information to a lender or financial service, it is usually necessary to provide complete complete information (such as SSN, full name or address)" according to Leimgruber. "With Bloom you can share verification tests without sharing the raw information." Companies receive a minimal amount of data and even storage space is decentralized, which raises a heavy burden when it comes to compliance with GDPR.

The road ahead

Blockchain and SSI show a promising future to protect our personal data. Recently, BMW and American Express ME have collaborated with Bloom to improve their safety and simplify the loan experience. Facebook, on the other hand, decided to throw it off its platform and prevent Bloom's advertising campaigns. Ironically, this happened only a week after the recent violation of Facebook. While Facebook has long banned the cryptocurrencies from its platform, the move seems controversial given the history of Facebook violations and the fact that blockchain is not equivalent to cryptocurrency. Obviously, the company has its own blockchain division, but it remains to be seen whether this technology will eventually be used to protect billions of users on its platform.

Source link