Blockchains, personal data and the challenge of governance

Theo Bass
Thursday 22nd June 2017

This post offers some thoughts on the opportunities and challenges of blockchain technology, with particular reference to the DECODE project. DECODE is a pan-European effort to research and pilot new approaches to how people manage their personal data. Here I’ll describe what a blockchain is, why blockchains are relevant to personal data management, and what difficulties might arise as the technology becomes implemented more widely.

Blockchain 101

Put simply, blockchain is a way of getting a diverse set of untrusted actors to agree on a single record of events. Its first implementation was in the digital currency bitcoin, a peer-to-peer method of exchanging digital money that removes reliance on a trusted intermediary like a payment processor or a bank.

The bitcoin blockchain is a publicly accessible ledger of every digital transaction that has ever happened across the network, so when person A tries to pay person B, the data can be inspected by anyone, to either prove or disprove that person B has those bitcoins.

All these transactions, including individual senders and receivers, appear on the blockchain as ever growing list of alphanumeric gobbledygook - lines of text known as cryptographic ‘hashes’. With this, the blockchain cleverly balances a radical approach to transparency with user pseudonymity: anyone can check the record to verify that their money has arrived at the intended recipient’s wallet, but the record provides just enough anonymity that people can use bitcoin without being easily identified (and ransomeware hackers are willing to be paid in it).

All of this gets really interesting when you consider that no single entity owns or controls the maintenance of these digital records. Thousands of computers across the network process and store the transaction data. Because of this, it’s very difficult for anyone to erase, censor, or tamper with the data without everyone else in the network finding out.

In short, bitcoin is an attempt to achieve a decentralised network, a system of exchange with no single locus of authority. This means that all responsibility over the ownership of bitcoin is left to individual users. No customer service, no regulatory oversight - whoever holds bitcoin is the sole bearer of all ownership and responsibility over that asset.

The question everyone’s asking is what else could this be useful for besides digital currency?

Blockchain is tipped to transform a whole range of sectors, though here I want to raise one specific example, namely digital identity and personal data management.

A new anchor for digital identity?

There are a number of dominant internet platforms (Google, Facebook, Amazon, etc.) that hoard, analyse and sell information about their users in the name of a more personalised and efficient service. This has become a problem.

Consumers feel they are losing control over how their data is used and reused on the web. 500 million adblocker downloads is a symptom of a market which isn’t working well for people. As Irene Ng mentions in a recent guest blog on the Nesta website, the secondary data market is thriving (online advertising is a major player), as companies benefit from the opacity and lack of transparency about where profit is made from personal data.

It’s said that blockchain’s key characteristics could provide a foundational protocol for a fairer digital identity system on the web. Beyond its application as digital currency, blockchain could provide a new set of technical standards for transparency, openness, and user consent, on top of which a whole new generation of services might be built.

While the aim is ambitious, a handful of projects are rising to the challenge.

Blockstack is creating a global system of digital IDs, which are written into the bitcoin blockchain. Nobody can touch them other than the owner of that ID. Blockstack are building a new generation of applications on top of this infrastructure which promises to provide “a new decentralized internet where users own their data and apps run locally”.

Sovrin attempts to provide users with “self-sovereign identity”. The argument is that “centralized” systems for storing personal data make it a “treasure chest for attackers”. Sovrin argues that users should more easily be able to have “ownership” over their data, and the exchange of data should be made possible through a decentralised, tamper-proof ledger of transactions between users.

Our own DECODE project is piloting a set of collaboratively owned, local sharing economy platforms in Barcelona and Amsterdam. The blockchain aims to provide a public record of entitlements over where people’s data is stored, who can access it and for what purpose (with some additional help from new techniques in zero-knowledge cryptography to preserve people’s privacy).

There’s no doubt this is an exciting field of innovation. But the debate is characterised by a lot of hype. The following sections therefore discuss some of the challenges thrown up when we start thinking about implementations beyond bitcoin.

Blockchains and the challenge of governance

As mentioned above, bitcoin is a “bearer asset”. This is a necessary feature of decentralisation -- all users maintain sole ownership over the digital money they hold on the network. If users get hacked (digital wallets sometimes do), or if a password gets lost, the money is irretrievable.

While the example of losing a password might seem trivial, it highlights some difficult questions for proponents of blockchain’s wider uses. What happens if there’s a dispute over an online transaction, but no intermediary to settle it? What happens if someone's digital assets or their digital identitiy is breached and sensitive data falls into the wrong hands? It might be necessary to assign responsibility to a governing actor to help resolve the issue, but of course this would require the introduction of a trusted middleman.

Bitcoin doesn’t try to answer these questions; its anonymous creators deliberately tried to avoid implementing a clear model of governance over the network, probably because they knew that bitcoin would be used by people as a method for subverting the law. Bitcoin still sees a lot of use in gray economies, including for the sale of drugs and gambling.

But if blockchains are set to enter the mainstream, providing for businesses, governments and nonprofits, then they won't be able to function irrespective of the law. They will need to find use-cases that can operate alongside legal frameworks and jurisdictional boundaries. They will need to demonstrate regulatory compliance, create systems of rules and provide accountability when things go awry. This cannot just be solved through increasingly sophisticated coding.

All of this raises a potential paradox recently elaborated in a post by Vili Lehdonvirta of the Oxford Internet Institute: is it possible to successfully govern blockchains without undermining their entire purpose?

Far more than a technical fix

In response to this conundrum, blockchain advocates might argue that the technology in fact comes hand in hand with innovative new models of social organisation.

Some say, for instance, that blockchains might be an appropriate technology to inspire a new generation of cooperative or commons-based digital platforms, where all the users are stakeholders with equal democratic influence over how the technology is used.

There is a further trend towards shared governance models. Blockchain innovators are forming consortiums, like Sovrin, the Interplanetary Database and R3, which help to earn users’ trust by spreading the ownership and management of the technology across multiple actors.

A further example, more tangentially related to digital identity, is the Mediachain project which aims to create a globally shared database of intellectual property for music. A number of previous attempts to create a centralised solution have failed due to the political friction associated with one actor storing and managing all of the information in one place. Instead, the blockchain aims to help enforce a collaborative agreement between the different stakeholders to share control over the process of record-keeping.

The issue here is that fostering these kinds of cooperative relationships in practice is difficult and often messy. It’s far more than a technical challenge, but a social, political and legal one too. It will also require new business models, where new sources of value can be found in companies collaborating and opening up their internal processes across organisational boundaries.

This should come as a dose of reality to a blockchain debate dominated by an assumption that all the world’s complex problems can be written away by software alone.

If blockchain advocates only work towards purely technical solutions and ignore real-world challenges of trying to implement decentralisation, then we’ll only ever see flawed implementations of the technology. This is already happening in the form of centrally administered, proprietary or ‘half-baked’ blockchains, which don’t offer much more value than traditional databases.

Finally…

Over the coming months DECODE will publish a number of research outputs scoping the literature of new economic models, governance models, and technologies for decentralisation and privacy in the personal data economy. Keep up to date on our website. You can also follow the project on Twitter @decodeproject, or find me @theo_bass.

Thanks to Tom Symons, John Davies and Katja Bego for useful discussions and comments.