By Gilbert Wong
The tale of the Facebook Cambridge Analytica data scandal has all the ingredients of a Hollywood potboiler: dirty politics, faceless consultants for hire and plots to sway the outcome of the election of an American president and the vote for Britain to leave the European Union.
Even scarier, it was true. At the heart of the scandal was the harvesting of the personal data of up to 87 million Facebook users with no consent through an app. That data was used to build individual psychological profiles that in turn informed ‘micro targeted’ political advertising on behalf of the Ted Cruz and Donald Trump presidential election campaigns and the Brexit leave campaign in Britain in 2016.
The difference between the Facebook Cambridge Analytica scandal and you and your data is scale, geography and good fortune. As our online lives become increasingly paramount, so have the risks we face as we hand over personal information in return for digital goods and services.
Nobody wants their personal data in the wrong hands. For the businesses who face constant hacking assaults, from hotels, banks and airlines to governments, it is hard to think of any of these organisations, holding everything from personal finances to tax information and health records, that are not kept awake at night at the prospect of large scale data and privacy breaches. A single breach can destroy reputation and public trust in a single news cycle.
When well-resourced corporations, government agencies and tech giants are hacked, Joe and Joan Citizen rightly feel relatively powerless in a game that is clearly stacked. Could an innovation with the whiff of the illicit about it end up being the solution?
Alex Sims, an associate professor in the University’s Business faculty and a research fellow at the University College London UCL Centre for Blockchain Technologies says we should be preparing for a fundamental shift in how we manage information.
By training she is a commercial lawyer and intellectual property expert but since 2016 her focus has been on exploring the implications of blockchain, a technology she regards as influential to society as the printing press.
Somewhat unexpectedly for a lawyer, she has an abiding frustration with the legal system. “Laws do not stop wrongdoing. If they did we would have no crimes, no victims. Laws deal with the aftermath of a law being broken and even then they are selectively enforced.
“Even if someone does end up before a court years later that rarely puts the victim back to their pre-breach state, and especially not if they have been physically harmed or worse killed. The only winners are the lawyers.”
It’s the same with mass data breaches. Once the horse has bolted, the individuals who have lost their personal information are left to reassemble their online data and shore up digital defences.
Identity and data theft aside, the sheer hassle of proving identity and right of access to services from banking to healthcare and tax information easily turns into an administrative nightmare. “To access services we are often required to not only give our name, but also our address, proof of address, birthdate and so on. Most of this information is not required and it raises the risk for identity theft.”
Sims says, “Your personal information is being held by tens if not hundreds of different organisations. If just one of these is compromised all that information has gone. We know it happens all the time. I just think it’s become something we forget and that’s really bad. It happens so often we’re used to it.”
Despite the best efforts to meet the requirements of privacy legislation, the central problem remains. “You don’t control your data, the people and organisations who hold it control your data.” For Sims, how to make it harder for people to break the law online and how as individuals we could control our own data are bound together.
The two problems sit at the forefront of how Big Data and Big Tech are changing society and they need a dramatic shift to resolve. In 2016, she was working with an Australian colleague on a research proposal about mobile payments when she heard two podcasts on blockchain and smart contracts.
“My head exploded as I realised that this would change everything.” The research proposal was quickly changed to look at cryptocurrencies, including Bitcoin. Though Bitcoin, the first use of blockchain, has been with us for some time it is not recognised as legal tender. It has long been saddled with more than a whiff of the wrong side of the law.
This is not helped by how conceptually hard it is to grasp: a digital currency without a central bank behind it or a single administrator. Almost all new technology is viewed with suspicion before it becomes mainstream, she says, “People don’t realise that the drivers of early cars were mocked mercilessly by horse owners. Where are all the horses now?”
Delve a little deeper and you come across the mysterious person or group known as Satoshi Nakamoto who developed the software to enable Bitcoin and released it to the world in 2009. The traditional banking system and governments who need to regulate financial systems ignored cryptocurrencies at first, then laughed at them. But now they view them as a potential threat to stability, particularly stablecoins (cryptocurrencies that are pegged to, for example, the US dollar or Euro or backed by assets such as gold).
Indeed, central banks around the world now realise the potential of cryptocurrencies and are working to release their own central bank issued cryptocurrencies. China is trialling digital yuan. Even Facebook is working on its cryptocurrency, Libra.
Sims acknowledges the image problem but attributes that to poor public understanding. She feels it might help to focus on blockchain, the technology that enables the cryptocurrency. Blockchain is gaining commercial legitimacy and is already being used to manage supply chains and create smart trade contracts. Blockchain is just one type of distributed ledger technology (DLT) but has become the generic term for DLT.
What’s more because it is open source the technology has rocketed ahead. “Bitcoin’s blockchain is an early form of the technology. It’s a bit like a Model T Ford, and now we’re up to Lamborghinis. A lot of what we still refer to as blockchain are nothing like Bitcoin’s blockchain of a decade ago.”
Whatever the latest model, the concept remains the same. Blockchain is an online ledger with multiple copies and no central source. Any changes are updated in real time. “Blockchain creates a set of information that anyone can see and add to, but cannot retrospectively alter. It’s like a Google document that has no issues with version control and because it updates in real time every change can be seen.”
Blockchain creates “the perfect audit trail”, and says Sims, changes the game for the management of information. A well-functioning blockchain is also pretty much bullet proof to hacking and data breaches as Bitcoin’s 10-year experience demonstrates. Sims says, “Blockchain represents the ability to empower users to decide which data they are willing to share, and with whom.”
This is a fundamental change. Take personal medical information. As individuals we already own our medical record, but we can’t control who has access to it and we have considerable problems even accessing it ourselves. Using blockchain, an individual could not only hold their medical records, but also decide who can access it, depending on their need to know.
Balance of power
While a ledger usually refers to a record of a set of transactions, in essence the transactions can be any collection of information. The information does not necessarily need to be stored on the ledger, instead a pointer to that information, which is held “off chain”, is placed on the blockchain. This is important as personal information should not be held “on chain” where anyone can see it.
Sims says, “In today’s marketplace, data is value. Every single search we perform on Google, every item we buy online, every time we use our valued customer ID at the grocery store—all of this information is being tracked because it is worth something to someone.
“With the Internet of Things, we are headed to a world where we’ll be sharing in a network of billions of connected devices and if we go with what we do now, we will be providing exponentially more information about ourselves to anyone willing to collect it. This is where I believe blockchain holds the most personal privacy protection potential.”
The integrity of information and knowing that there is no gap in that information nor lag in when that information can be accessed, is a way to make business far less risky, through smart contracts. Smart contracts using blockchain can make trade deals seem as easy as an online supermarket shop.
“A smart contract is a self-executing computer programme. That sounds very boring but what it means is we can stop wrongdoing in the first place,” she says.
Take a New Zealand company sending a container of fresh lamb in a refrigerated container to China. Using blockchain, the seller and buyer would agree a contract, price, quality, time for delivery, even temperature in the container.
Payment would be held within the contract as cryptocurrency that would be released automatically only if the contract terms were met. The terms would be independently verified by technology, everything from tracking, to the temperature record and the origins of the lamb could be confirmed and transparent for both parties.
It would mean the end of waiting for payment or having to pursue payment. If there was a mishap, the insurer would have an immediate record of what had happened and the exporter would reasonably expect recompense with no need for extensive paperwork and verification. It would, she says, prevent fraud, end protracted trade disputes, and reduce the pains of the paperwork and administration traditionally associated with trade.
“Here’s the thing: There’s tremendous potential for personal privacy and data protection with blockchain. I’m a believer”, she says. Many corporations, including Coca-Cola, already use smart contracts.
But the big idea of passing control of information to the individuals who it belongs to will take time, says Sims. “We are in the very early stages of the type of coordination we’d need to see from governments, business, people and regulatory bodies to make this a reality. Think of digital identity as the missing part of the Internet”.
The New Zealand Department of Internal Affairs is working with industry on developing a Digital Identity Trust Framework in New Zealand. She says blockchain will likely be a part of that.
Sims likens our current understanding of blockchain technology to the first years of the Internet. “People found it difficult to understand the Internet at first and blockchain is conceptually much harder for people to grasp.”
Moreover, she says,“ While the Internet has changed many facets of our lives, fundamentally the same institutions hold and exercise power as before, blockchain can shift that balance of power.”
As a general purpose technology Sims says blockchain will prompt a paradigm shift. The blockchain revolution is inevitable, ready or not.
This article was originally published as part of The Challenge series and was republished with permission.
The Challenge is a continuing series from the University of Auckland about how researchers are helping to tackle some of the world’s biggest challenges.
Alex Sims is an Associate Professor in Commercial Law at the University of Auckland. She is an expert in blockchain and cryptocurrency.