One of the chief advantages of blockchains is the anonymity they provide to their members. No one knows who you are, just as long as you agree to play nice and abide by the rules.
On the surface, this may seem like an ideal way to protect privacy. But a closer look under the hood reveals that blockchains can pose many significant threats to privacy – for both members and non-members alike.
Blockchains surged in popularity over the past decade precisely because they created a trustworthy environment for people to complete digital transactions, particularly those involving cybercurrencies. These days, however, the technology is used for a wide range of tokenized assets, including goods, services, land, and even terms and obligations within legal contracts.
Most blockchains use a plethora of tools to protect privacy, such as data encryption, consensus validation, cryptography, and the distributed architecture of the chain itself. This enables a wide range of applications, including secure messaging, storage immutability, ownership validation, and software and asset provenance. All of this has helped blockchain become a valuable addition to the enterprise business model and a key driver of the digital economy.
But while all of these measures are designed to prevent outsiders from accessing the data inside a blockchain, what about the insiders? Anyone with a valid key to a given chain can ostensibly see all the data it contains – provided there are no rules preventing this, which isn’t often the case. What happens when private information, such as tax IDs, healthcare records, or financial data, winds up on a blockchain? And to make matters worse, what happens when this information is placed into the chain not by the people it identifies and who do not have access to it but by a third party?
Privacy vs. Transparency
A recent post by international law firm AMLegals notes that while there are laws governing the use of personal information, these often run counter to the transparency advantages of blockchain. Transparency, after all, means being visible to all, even to members of the chain who are anonymous and whose intentions are largely unknown.
This can be particularly troublesome in public blockchains, which are open to everyone and can act as veritable clearinghouses for data of all kinds. And now that applications like smart contracts are automating the sharing and copying of data, enforcing a rules-based privacy regime becomes more difficult, especially when data crosses international boundaries.
Collection and Analysis
Blockchain is also emerging as an effective marketing tool, meaning it can be used to track not just personal records but purchases, page views, even login information.
Some of this data could be potentially life-altering should it fall into the wrong hands, and even seemingly innocuous pieces of information can be compiled and analyzed to make determinations about individuals that may or may not be true, such as whether they are financially stressed or have a serious medical condition.
And this data can be used to cross the line from simple marketing to exploitation or even coercion.
MIT professor Catherine Tucker of the Sloan School of Management says marketing strategies based on blockchain information can also pose risks to individuals due to the technology’s inherent immutability.
Records stored on blockchain remain there forever, which can leave false impressions regarding an individual’s current life circumstances. This can have minor consequences, such as someone looking for shoes last year may not need another pair this year, or severe ones, like someone committed a crime ten years ago and is therefore unworthy of credit today.
At the moment, blockchain has drawn the most interest from the private sector. But what happens if/when governments get onboard and, say, link blockchain to national identification programs? Brazil, in fact, is doing this right now using a private blockchain developed by a company called Serpro.
Ostensibly, the move is designed to streamline access to government records and services and to fight crime and even public corruption. At the same time, however, the country is developing its own central bank digital currencies (CBDC), which will likely exist on another blockchain.
Exactly how much data will flow into either of these chains is unclear, but one thing is certain: government authorities will find it much easier to discern what Brazilians are doing and how they are using their digital assets.
This is perhaps the conundrum with blockchain and privacy. Both government and private industry already have access to massive troves of data on virtually every citizen of the world. Blockchain merely makes it easier to access this information. And in many ways, blockchains are more secure than traditional storage architectures.
But they are also more open to those who have legitimate access, and it is not always easy to determine who has joined a chain for what purpose. In the end, the trust generated by the very nature of blockchains is not universal. It only exists between those who have access to the chain, not those who have personal data to protect.