Blockchain can be essential to address privacy, but it's important for blockchains to interact with each other for the technology to have a significant impact
Although it has been discussed many times before in this column, one cannot ever over-emphasise the need of using technology to counter concerns of privacy and security. A few months ago, when meeting people at cafes was still possible, I met an entrepreneur who was experimenting with blockchain to create a decentralised identity management programme called Earth.ID. Shiv Aggarwal, CEO of Earth.ID was clear that blockchain could be the solution to ensure privacy and data privacy. His product, he explained, did this by creating a trust mechanism, allowing people to share only parts of user data and create an additional layer of security. Earth.ID is a decentralised wallet, which verifies user information stored on mobile phone and then encodes it with hashes for blockchain. If a vendor desires access to confirm identity, the service asks the user to share access. Once the identity is confirmed, user’s trust score gets updated. Aggarwal at the time was trying to rope in more Indian players to agree to this system.
What is so different about Earth.ID from the Digital Locker, which the Indian government runs. While the Digital Locker works in a similar manner, where the user must agree to grant access to organisations for know-your-customer verification, unlike Earth.ID, data is stored on the server, and the security protocols are not so stringent. Plus, the system of trust score on Earth.ID establishes a further method of verification.
While the technology may catch on as people try to cut down on physical interactions, paper IDs may become passe-this is already happening at airports across the world-the real test will be to incorporate such systems for contact tracing. Many governments and private initiatives have launched their apps relying on Bluetooth or GPS or both to help contain the spread of the virus. These apps are being made as secure as possible, but criticism from privacy advocates stems from issues related to data sharing and user tracking.
Aarogya Setu-India’s initiative in the field-is struggling with a similar problem. Although the government has assured that information will be shared on a central database, and in no way, it can access user data without permissions, trust is a problem. This trust deficit can be overcome using blockchain or distributed ledger technology. The data, even though, stored on a mobile phone, can be hashed and user permission can be made mandatory for accessing such database.
Imagine, having a locker in the bank. Now, even though the bank has one key to the vault until you decide to use your key, the bank cannot withdraw contents from the locker. Your key, in this case, is permission to access location data. While the government can extract parts of digital identifier attached to the Bluetooth device and trace other devices that have come in contact, it shall need permission to access location information. Once you give access, you can decide how long you wish to provide access for, and, then decide to revoke permissions.
While the system may work, for now, it needs more innovation. At present, blockchains can’t interact with each other. Once blockchains can interact, data can be transferred from one domain to another anonymously. Not only with this enhance security. Once a blockchain comes under attack, it can transfer resources to another DLT; it can also mean different government departments can interact with each other. This bridge will help make technology more pervasive.
Another issue in this regard which requires more research is how to build an AI, which can differentiate between personal data and anonymised data. For instance, mobility trends. If the government can somehow understand mobility, it will help them address a lot of common public issues. Smart cities can become smarter. But without anonymisation, this is both dangerous and violative of privacy. An AI, which can distinguish between what can be shared with its masters and what cannot, can help solve problems of trust. A Facebook, in this case, will know how many people in a certain demographic like Jazz, but not know who they are. Meanwhile, it can still carry out targeted advertisements. This anonymisation requires much deliberation.
Until then, the best we can do is share information and keep questioning the government and big businesses to adopt better security standards.