GDPR and blockchain a match made in heaven?
Amsterdam, 10th of April 2018 – “Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather”. With this famous paragraph, John Perry Barlow (R.I.P.) starts his renowned Declaration of Independence of Cyberspace in 1996.
Barlow expected that the internet “would create a civilisation of the mind, more humane and fair than the world your governments have made before”. Little did he know.
The internet as we know it nowadays is not always as civilised as we’d want it to be. And that’s a huge understatement. Andrew Keens book The Internet Is Not the Answer joins a number of recent books by critics who are also trying to wake us from the nightmare into which we have been sleepwalking. Far from being the “answer” to society’s problems, Keen argues, the internet is at the root of many of them.
Multinationals like Google, FaceBook, WhatsApp, Telco’s and even our own governments violate peoples rights on a massive scale. Personal data is being unlawfully collected and processed, misused, shared, sold, sent over country borders, profiled, etc, etc. The internet clearly is missing a secure layer where peoples identities are securely safeguarded.
The upcoming General Data Protection Regulation, new European privacy law that will be enforced May 25th has the Universal Declaration of Human rights, article 12, as its first predecessor. It will enforce legislation that protects data subjects information in many more ways then before. It will also fundamentally change the way organisations process Identity.
In comes the blockchain, trust and self sovereign identity!
A blockchain is a distributed ledger. A distributed ledger can be described as a ledger of any transactions or contracts maintained in decentralised form across different locations and people, eliminating the need of a central authority to keep a check against manipulation. All the information on it is securely and accurately stored using cryptography and can be accessed using keys and cryptographic signatures. Once the information is stored, it becomes an immutable database and is governed by the rules of the network. While centralised ledgers are prone to cyber-attack, distributed ledgers are inherently harder to attack because all the distributed copies need to be attacked simultaneously for an attack to be successful. Further, these records are resistant to malicious changes by a single party.
Now weighing the first blockchain application, Bitcoin, on a privacy scale it won’t make you happy. It’s primary purpose was to act as cryptocurrency. As first mover it has many flaws in the overall architecture. Crypto forensic companies like Cainanalysis have emerged and have a day job tracking and tracing BTC token flows since all is publicly visible on the chain. Pseudonimization is the maximum Privacy level on this disruptive blockchain. Next to that it is slow, doesn’t scale, expensive and environmentally polluting. Nevertheless it kicked off the renaissance of money.
The second round of blockchain innovation came with coloured coins, smart tokens and smart contracts. Ethereum is the most well known blockchain in this league followed by many others. Now developers are allowed to build programs (such as the Distributed Autonomous Organisation) and API’s on the blockchain protocol to facilitate, execute or enforce the performance of an agreement set in computer code. The smart contract code is immutable meaning that once it is deployed it cannot be changed. This is good for trust but not good when bugged!
But why do we even need a block? On the bitcoin network, many transactions are mined into blocks and the transaction sequence is maintained by the prehashes between blocks. What if you combine blocks and transactions together? Make every transaction directly involved in maintaining the sequences. After the transaction is placed, you can skip the process of mining. This makes it blockless and more efficient. Come in Directed Acylic Graph (DAG). Well known examples of DAG protocol chains are NXT, Hashgraph and IOTA that claims to be fast enough to support the internet of things. They all claim to provide global (and private) cloud solutions without servers.
Wanna read more? Stay tuned for part 2!
by Dimitri van Zantvliet Rozemeijer