Privacy vs. Technology: Is blockchain the solution?

Have you noticed the increased clash between technology and privacy?

In March, there was the FBI vs. Apple debacle where the FBI wanted to unlock the iPhone from the man responsible for shootings in California, and Apple said no. This went on for a few weeks until eventually the FBI announced they hired hackers who successfully unlocked the phone for them (http://www.wired.co.uk/article/apple-fbi-unlock-iphone-5c-court-order-dropped)

In May, a Brazilian judge ordered all mobile phone operators in the country to block Whatsapp for 72 hours (https://www.theguardian.com/technology/2016/may/02/brazil-whatsapp-block-72-hours). The gist is that the judge was trying to get Facebook (who owns Whatsapp) to hand over the chat history of a specific user as part of an investigation. Facebook said they don’t have access to that data since conversations are encrypted. The judge’s ruling generated widespread protests in the country (like there aren’t enough of those there already) but in the end Whatsapp was only blocked for 24 hours and a high court judge eventually overruled the blocking decision and Whatsapp could be used again.

Why are Apple, Facebook and other tech companies taking data protection so seriously?

The case for privacy

This topic first came into my radar when I got involved with Bitcoin. In the Bitcoin world, privacy is a big deal and discussions about privacy in the forums are frequent. As you probably know, using Bitcoin people can send any amount of money from one to another instantaneously without paying fees. Crucially, the money is sent from one Bitcoin address to another (think of a Bitcoin address as being like an e-mail address) and anyone can create an address for free and without identifying themselves. This means that the transactions are essentially private (however anyone can see the actual transaction including the amount sent, the source and destination Bitcoin addresses. The point is that no one knows who actually sent and who actually received the money).

So in the Bitcoins forums, you basically had some people vehemently defending that privacy in Bitcoin is paramount and that this is the killer feature of Bitcoin. But for an even larger number of people, privacy was irrelevant as they didn’t feel they had anything to hide.

At first I thought the privacy defenders must obviously be doing something illegal if they are so concerned about keeping their identify private. Given projects such as the infamous Silk Road, it wouldn’t surprise me. Surely some users were probably like that. But then, I went to meet a friend that lives in Berlin and he told me how Hitler used previously collated lists of Jews to persecute them. When the lists were compiled several years earlier, most Jews happily gave away all their personal details, thinking they have nothing to hide and not imagining the terror that would follow. “You normally only realize how important privacy is, after you lost it“, my friend said.

I can see now plenty of examples of why privacy is important in Bitcoin. There have been many cases of Bitcoin theft and if hackers know you have a lot of Bitcoin then you are a good target. There are also other situations where privacy proved important, for example Russia criminalized the use of Bitcoin and while I believe this is a temporary situation and teething problems of an emerging technology, if you happen to be Russian and a technology enthusiast, you probably don’t want to make it very public that you own Bitcoins.

Everyone that read George Orwell’s 1984 knows well the dangers of having an all-too-powerful state that can from one day to the next, decide to use information for the wrong purposes. It’s not an accident that the USA constitution, in its fourth amendment makes it clear that the government should not remove individual’s privacy.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported
So when people argue that it’s okay for the government to have access to all personal information, I half agree because after all I have nothing to hide but then I remember the story of my friend from Berlin.

Obama has a good point

President Obama gave an interview during SWSX where he discussed these issues. It’s pretty good and worth 10 mins of your time:

His central argument is that we need to allow some way of authorities to get access to our devices, just as it happens with a search warrant. I believe he is right, unfortunately there are bad and mentally sick people in the world and I don’t want to live in a society where these guys have a powerful and impenetrable tool where they can hide money, information, pictures and etc.

What I would argue though is that what makes people nervous about Government having access to phones is that it happens in secrecy. Think about it, in the case of a search warrant, the police shows up in your house, wake you up, your neighbors can see it so it’s pretty clear and transparent what is going on. Furthermore, there is only so many houses that the police can visit at the same time, so this gives some degree of confidence that this power will not be overused.

So what’s the solution?

Where we got so far is that a) we need to allow authorities to access private information when there is probable cause but b) when such access happens it needs to be transparent, authorized and punctual (i.e. not allow the government to access all iPhones in the country at the same time).

Granting access to all smartphones and other devices needs to be equivalent to letting the FBI access a houses with a search warrant. Could technology solve this problem?

Here’s one possible solution that I believe deserves careful consideration: The Estonian government has an interesting project with healthcare data, where they are using blockchain technologies (the same one that powers Bitcoin) to secure the healthcare information of its population. In Estonia’s case, the technology is used to record every time the health data of an individual is accessed, altered or deleted (http://www.coindesk.com/blockchain-startup-aims-to-secure-1-million-estonian-health-records/).

How about we use this technology to have a record of each access to someone’s private data in their mobile phone? A public record that cannot be tampered with and can even serve as the official authorization for access?

It could work like this: every smartphone is already encrypted. The decryption key could be stored in a blockchain (for example NXT’s data storage system) whereby only the person that has the blockchain password/key can see the smartphone’s decryption key. Every time someone accesses the blockchain to see the phone’s decryption key, a public record is made. This way the public can check how many times authorities claimed access to private information in phones, and the owner of the phone being investigated could see that his phone has been accessed, just like you do if your house is searched.