The past year has brought about a lot of hype about blockchain, according to a recent report.
Blockchain is very trustworthy because once data has been added to the chain; it cannot be changed nor removed. This is one of the key selling points of the tech.
On the one hand, this same immutability makes blockchain problematic where privacy laws require companies to delete data from databases upon serving its purpose.
Some jurisdictions call this as the “right to be forgotten”.
With the growing market of Internet of Things (IoT) devices, from smart homes and self-driving cars to voice assistants and smart energy meters, the tension between blockchain and the right to be forgotten will only increase.
This is because these devices continuously collect digital biographies of the people’s lives and store the data on blockchains.
A team of researchers from the Distributed Sensing Systems @ Data 61, CSIRO and the University of New South Wales have designed a blockchain tool in which users can remove their data from the database without violating the consistency.
Blockchain is a database jointly managed by a distributed set of participants.
All the participants must agree to verify every new data that is being added to the database thereby removing the need for a third party to verify transactions.
The blockchain ledger is organised into blocks, wherein a cryptographic hash function serves as the link of each block to the previous block.
These functions create a short code based on the content of the previous block. Chaining the blocks ensures that the data stored in them cannot be altered.
Any changes made would break the blockchain consistency, making it immutable. Moreover, it makes the data easier to trace and audit, especially for large networks.
These features are highly attractive for organisations operating across organisational boundaries, and in environments where participants may not fully trust each other.
The European Union’s recent General Data Protection Regulation (GDPR), however, is a significant piece of legislation that is at odds with a digital economy underpinned by blockchain.
The GDPR requires companies that hold people’s data to erase that data once the original purpose they needed it for is complete.
Blockchain, being unchangeable, presents an obstacle to exercising that right.
A blockchain participant typically uses one or more public keys as its identities. Because there is no direct link between the public keys and the real participant identity, the transactions in blockchain are stored anonymously.
However, problem occurs when there is a breach in the identity in any of the transactions. All the interactions of the user’s devices that are stored in blockchain may be tracked by all blockchain participants.
Thus, being able to remove data from the blockchain, without “breaking the chain”, would be beneficial for user privacy.
Moreover, it would also be beneficial for saving storage space on the servers that store the ledgers.
According to the report, removing data from a blockchain is not possible currently without breaking the consistency of blockchain.
The researchers have come up with a solution that makes it possible to remove detailed transaction data from a blockchain database, without removing the auditable trace that the transaction took place.
Memory Optimised Flexible Blockchain allows a user to temporarily store, summarise, or completely remove transactions from blockchain, while maintaining the blockchain’s consistency.
The remaining trace of the data, which is its hash, on the blockchain can still be used in the future, in case disputes over what happened arise.
This approach provides user with full administrative control of their blockchain-stored data. It allows the user to remove or summarise this data, without sacrificing the ability to audit the data in the future.
This new approach can run atop any existing blockchain solution and does not affect the blockchain consistency.
The links among blocks, through hash functions, are preserved even if specific blocks are removed or summarised from the chain.
In fact, as long as the removed content is stored privately outside of the blockchain, the authenticity of the data can be independently verified at a later time by comparing it against the hash in the blockchain.
In this way, one can reclaim control of any previously shared data and exercise the right to be forgotten in the age of blockchain.
More information on this can be found here.