Blockchain technology is transforming the way we do business by  allowing consumers to cut out the middleman in numerous vital services,  reducing costs and boosting efficiency. In this way it has the potential  to reduce poverty throughout the developing world. 

But is it secure? More specifically, can blockchain-based  technologies simultaneously offer trust and privacy to ensure private  and tamper-free records? 

This issue should concern those development institutions,  businesses and governments exploring blockchain for more efficient  delivery of aid, money remittances, smart contracts, health services and  more. Likewise, social entrepreneurs must ask the same question as they  pursue the potential for cheaper international payments, clearer  property rights and broader access to finance. 

https://www.youtube.com/watch?time_continue=35&v=T64rdJXAZt8

 

Blockchain is perhaps best understood as a decentralized ledger  that can diminish costs by removing intermediaries such as banks and  effectively decentralizing trust. The technology appends entries to the  ledger which are validated by the wider user-community rather than by a  central authority. 

Each block represents a transactional record and the chain links  them. The distributed computer network confirms the record and lists the  blocks of transactions sequentially - hence the blockchain. 

Importantly, nothing of value is on the blockchain, just as with  printed money or a bank’s database, and the controversial cryptocurrency  bitcoin is simply an application of blockchain. 

So, is the block really immutable? The answer is no. 

Perfect immutability does not exist; blockchain, like any other  network, is technically prone to modification. But because the  computers, or nodes, on a blockchain network are distributed, the  mathematical puzzle and computing power required to make changes makes  modification nearly impossible. To alter a chain, one would need to take  control of more than 51% of computers in the same distributed ledger  and alter all of the transactional records within a very short space of  time — within 10 minutes for Bitcoin. To date, this has never happened. 

 What about security and privacy ?

 Although it may be difficult to achieve simultaneous security and  privacy in a conventional information system, blockchain can do so by  enabling confidentiality through “public key infrastructure” that  protects against malicious attempts to alter data, and by maintaining  the size of a ledger. The larger and more distributed the network, the  more secure it is believed to be. 

Other perceived concerns about blockchain include limited  scalability, insufficient data privacy and a lack of harmonized industry  standards.  

For example, even with privacy-enhancing technologies such as  encryption and identity management, blockchain transactions can be seen  throughout network nodes. These produce metadata and statistical  analysis can reveal information even from encrypted data, allowing for  pattern recognition. 

Data privacy is a particularly thorny issue in the European Union (EU), where the General Data Protection Regulation  (GDPR) which takes effect in May imposes stricter conditions for  consent and data retention, requiring businesses to protect the personal  data and privacy of citizens for transactions in the EU. It also  disallows personal data from leaving the EU, giving citizens “full and  ultimate control over all their data”. 

 This is a problem for both public blockchains, which do not control who  hosts a node, and private blockchains (also called permissioned  blockchains) as data cannot be deleted here. The new regulation also  recognizes the “right to be forgotten”, which conflicts with the  “immutability of transactions” on blockchain. 

 Scalability

 Vitalik Buterin, co-founder of Ethereum, another blockchain system  like Bitcoin and Hyperledger, has noted that there is indeed a “scalability trilemma” in which only two of three properties — decentralization, security or scalability — can be attained. 

In distributed ledger protocols, every node stores and processes  all transactions and maintains a copy of the entire “state” of account  balances, contracts, storage, and so on. Running a full node allows  users to have privacy and security but it is cumbersome as the number of  transactions is constantly increasing, making scalability difficult. 

If developers increase the size of a block in order to accommodate  more transactions, the volume of data that needs to be stored also  grows. Thus, as each node reaches capacity, only a few large companies  will have the resources to run them, putting decentralization and  scalability at odds. Developers are looking for ways around the  trilemma. 

It is worth noting that private blockchains do not face such  scalability problems and can handle significantly more transactions per  second. 

 Privacy

 To get around data privacy issues, a blockchain operator may store  personal data and the reference to this data off-chain with a “hash” of  the information – a one-way transformation of data to an unreadable  piece of information. 

Storing data off-chain means that personal data needs to be held by  the individuals themselves or in a more traditional database.  Know-your-customer documents, such as a scanned driver’s licence or  passport, can be stored off-chain using traditional technology, such as a  standalone database and application systems. 

But storing data off-chain reduces transparency and immutability  and increases the risk of lost or stolen personal information as it is  spread across other networks. 

An emerging solution is “self-sovereign identity”, a digital  concept allowing an individual to control personal information and have  better control over with whom they share it. As blockchains become  components of businesses, institutions and systems, it will be important  to interpret laws and application designs to maximize synergy and  balance regulation, innovation, competition and data privacy. 

Notably, the privacy of blockchain depends on users. If encrypted,  and keys are held securely, it is not an issue. In many ways,  blockchains are more secure than a centralized system. 

 Blockchain's potential is clear

 Two major Australian banks have successfully used blockchain for  bank guarantees relating to commercial property leasing of a shopping  centre operator. The digitized guarantee created a single information  source with lower fraud potential and greater efficiency. 

Blockchain’s “irreversible” and encrypted data blocks can also help  to fight cybercrime, as a hacker’s attempts to change data will be  flagged immediately. As applications of blockchain for cybersecurity  emerge, companies and governments are signing up. 

US defence contractor Lockheed Martin announced last year  that it is integrating blockchain into systems engineering, supply-chain risk management and software development. 

Meanwhile, several Indian states are exploring blockchain-based  systems to improve information efficiency and enhance cybersecurity. In  2017, Andhra Pradesh signed up Swiss cybersecurity company WISeKey  International to ensure citizens’ information stored in databases  remains secure with blockchain. 

Recently, Irish company AID:Tech became the first organization in the world todeliver international aid to refugees transparently using blockchain . 

 In short, blockchain technology can be robust, secure, trustworthy,  and private. Ultimately, security is ensured by solid architecture,  secure design practices and effective workflow policies. 

So, do the potential benefits of blockchain outweigh the risks? In short, yes, as long as it has been executed properly. 

Any system has vulnerabilities. In today’s technology-driven  financial sector, supervisory and regulatory frameworks need to enable  innovation while ensuring stability, consumer protection and  competition. 

This means that new digital products and services must be designed  and developed with regulatory, cybersecurity and data-privacy compliance  integrated from the outset.