The University of South Australia (UniSA) has called for more work to be done on ensuring blockchain technology conforms to privacy rights and expectations.
The university said there are key privacy issues inherent to current blockchain platforms, with a paper from UniSA emerging technologies researcher Dr Kirsten Wahlstrom and Charles Sturt University’s Dr Anwaar Ulhaq and professor Oliver Burmeister saying the exact features that make blockchain such a secure technology also make it a privacy minefield.
This is due to blockchain using details of previous transactions, including participants’ identities and exchange values, to verify future transactions by embedding this information in the data chain, in addition to the viability of the system being dependent on the uneditable nature of each block.
Pointing to the “right to be forgotten” as present currently in laws such as Europe’s General Data Protection Regulation (GDPR), Wahlstrom said the inherent idea of blockchain clashes with such directive.
“The European Court of Justice ruled European citizens have the right to be forgotten, but once someone’s details are embedded in a blockchain, the system never forgets — yes, those details might be encrypted, but they are also part of an irreversible ledger, and one that’s on the cloud,” she said.
“As long as a blockchain is in existence, it clashes with the European ruling that people have the right to retract data.”
To counter this, Wahlstrom suggests greater efforts should be placed on developing variations of blockchain technology, to allow it to retain its virtues while also taking the privacy consideration seriously.
“For example, our research has looked at the Holochain platform, which uses a distributed hash table to break the blockchain up, and then the chain, instead of sitting on the cloud, sits where end users want it to sit,” Wahlstrom added.
See also: How blockchain will disrupt business (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)
“This allows individuals to verify data without disclosing all its details or permanently storing it in the cloud, but there are also still a lot of questions to answer about how this affects the long-term viability of the chain and how it obtains verifications.”
With the Australian government earlier this month releasing a code of practice for securing the Internet of Things (IoT) that is only voluntary, Wahlstrom also said considerations must be anticipated and addressed as an integral part of developing new technologies, rather than just treated as a secondary issue that can be tackled reactively and retrospectively.
“We know that technologies disrupt society, and too often they do that in ways that we’re not fully aware of when it is actually happening,” she said.
“We’re at a really delicate point with this because, increasingly, societies and economies are organised around data, and that has huge implications for privacy.
“The main problem is, we’re still struggling to understand what ‘privacy’ actually means in an online world — it’s not the same as data security and protection, it’s about how individuals control their whole online identity, and expectations around that change from person to person and situation to situation.”
She said the crucial first step is for the industry to develop a clear definition of what privacy actually is, and then agree to standards to ensure those requirements are met across the board.