Privacy and blockchain
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
A blockchain is a shared database that records transactions between two parties in an immutable ledger.[1] Blockchain documents and confirms pseudonymous ownership of all transactions in a verifiable and sustainable way.[2] After a transaction is validated and cryptographically verified by other participants or nodes in the network, it is made into a "block" on the blockchain.[1] A block contains information about the time the transaction occurred, previous transactions, and details about the transaction.[1] Once recorded as a block, transactions are ordered chronologically and cannot be altered.[1] This technology rose to popularity after the creation of Bitcoin, the first application of blockchain technology, which has since catalyzed other cryptocurrencies and applications.[3]
Due to its nature of decentralization, transactions and data are not verified and owned by one single entity as they are in centralized data base systems. Rather, the validity of transactions is confirmed by the form of majority-rule in which nodes or computers that have access to the network, if the network comes to a consensus of the new transaction then it is added.[4] Blockchain technology secures and authenticates transactions and data through cryptography.[5] With the rise and widespread adoption of technology, data breaches have become frequent.[6] User information and data are often stored, mishandled, and misused, causing a threat to personal privacy.[5] Advocates argue for the widespread adoption of blockchain technology because of its ability to increase user privacy, data protection, and data ownership.[5]
Blockchain and Privacy Protection
Private and public keys
A key aspect of privacy in blockchains is the use of
Senders and receivers of past transactions are represented and signified by their addresses;[7] users' identities are not revealed.[7] Public addresses do not reveal personal information or identification;[7] rather, they act as pseudonymous identities.[7] It is suggested by Joshi, Archana (2018)[7] that users do not use a public address more than once;[7] this tactic avoids the possibility of a malicious user tracing a particular address' past transactions in an attempt to reveal information.[7] Private keys are used to protect user identity and security through digital signatures.[7] Private keys are used to access funds and personal wallets on the blockchain;[7] they add a layer of identity authentication.[7] When individuals wish to send money to other users, they must provide a digital signature that is produced when provided with the private key.[7] This process protects against theft of funds.[7]
Peer-to-peer network
Blockchain technology arose from the creation of Bitcoin.[8] In 2008, the creator or creators who go by the alias Satoshi Nakamoto released a paper describing the technology behind blockchains.[8] In his paper, he explained a decentralized network that was characterized by peer-to-peer transactions involving cryptocurrencies or electronic money.[8] In typical transactions carried out today[when?], users put trust into central authorities to hold their data securely and execute transactions.[5]
In large corporations, a large amount of users' personal data is stored on single devices, posing a security risk if an authority's system is hacked, lost, or mishandled.[5] Blockchain technology aims to remove this reliance on a central authority.[8] To achieve this, blockchain functions in a way where nodes or devices in a blockchain network can confirm the validity of a transaction rather than a third party.[8] In this system, transactions between users (such as sending and receiving cryptocurrency) are broadcast to every node in the network.[8] Before the transaction is recorded as a block on the blockchain, nodes must ensure a transaction is valid.[8] Nodes must check past transactions of the spender to ensure he/she did not double spend or spend more funds than they own.[8]
After nodes confirm a block is valid, consensus protocols such as
Cryptographic Methods for Privacy Using Blockchains
Zero-knowledge proofs
A
Ring signatures
Another method of obfuscating the flow of transactions on the public blockchain are Ring signatures, a method used by Monero.
Mixing
Cryptocurrency tumblers can also be used as a method to increase privacy even in a pseudoanonymous cryptocurrency. Additionally, instead of using mixers as an add-on service, the mixing of public addresses can be built-in as a method in the blockchain system, as in Dash.
The popular mixing service Tornado Cash was sanctioned by the US Department of Treasury in early August 2022, who accused it of laundering $455 million in stolen cryptocurrency by the Lazarus Group. The sanctions made it illegal for US citizens, residents and companies to use the service.[11]
Comparison of Blockchain Privacy Systems
Private blockchains
Private blockchains (or permissioned blockchains) are different from
Hybrid blockchains
Use Cases for Privacy Protection
Financial transactions
After
Health care records
In recent years,[
As blockchain technology expanded and developed in recent years[
Legal
The notarization of legal documents protects the privacy of individuals.[8] Currently[when?], documents must be verified through a third party or a notary.[8] Notarization fees can be high.[8] Transferring documents takes time and can lead to lost or mishandled information.[8] Many[who?] are pressing for the adoption of blockchain technology for the storage legal documents.[8] Documents cannot be tampered with and can be easily accessed by those who are granted permission to access them.[8] Information is protected from theft and mishandling.[14] Another possible use of blockchain technology is the execution of legal contracts using smart contracts,[14] in which nodes automatically execute terms of a contract.[14] By using smart contracts, people[who?] will no longer rely on a third party to manage contracts, allowing an increase in privacy of personal information.[14]
Shipping and logistics
Businesses and individuals may purchase goods which need to be shipped from the seller to the buyer. Shipment of goods is normally accompanied by shipping documents like a bill of lading. Smart bill of lading relies on blockchain technology and buyers do not need to spend more on the issue of these documents. Also with the blockchain technology, goods can be tracked anytime, and the data is updated regularly ensuring real time management of shipments. The buyer and only the party given the shipping contract can view the real time data related to the shipment increasing the privacy of the process.[15]
Legality of Blockchain and Privacy
GDPR
With the April 2016 adoption of the
IRS
Because cryptocurrency prices fluctuate, many[who?] treat the purchase of cryptocurrencies as an investment. By purchasing these coins, buyers hope to later sell them at a higher price. Internal Revenue Service (IRS) are currently[when?]facing struggles because many bitcoin holders do not include revenue from cryptocurrencies in their income reports, especially those who engage in many microtransactions.[17] In response to these concerns, IRS issued a notice that people must apply general tax principles to cryptocurrency and treat the purchase of it as an investment or stock.[17] IRS has enacted that if people fail to report their income from cryptocurrency, they could be subject to civil penalties and fines.[17] In attempts to enforce these rules and avoid potential tax fraud, IRS has called on Coinbase to report users who have sent or received more than $US20,000 worth of cryptocurrency in a year.[17] The nature of blockchain technology makes enforcement difficult.[17] Because blockchains are decentralized, entities cannot keep track of purchases and activity of a user.[17] Pseudonymous addresses make it difficult to link identities with users, being a perfect outlet for people to launder money.[17]
Blockchain Alliance
Because virtual currencies and the blockchain's protection of identity has proved to be a hub for criminal purchases and activity,
Fair information practices
Blockchain has been acknowledged as a way to solve fair information practices, a set of principles relating to privacy practices and concerns for users.[5] Blockchain transactions allow users to control their data through private and public keys, allowing them to own it.[5] Third-party intermediaries are not allowed to misuse and obtain data.[5] If personal data are stored on the blockchain, owners of such data can control when and how a third party can access it. In blockchains, ledgers automatically include an audit trail that ensures transactions are accurate.[5]
Concerns Regarding Blockchain Privacy
Transparency
Although blockchain technology enables users to control their own data without necessarily relying on third parties, certain characteristics may infringe on user privacy.[19] Public blockchains are decentralized and allow any node to access transactions, events and actions of users.[19] Block explorers can be used to trace the financial history of a wallet address, which can be combined with OSINT research to develop profiles of criminal actors or potential scamming victims.[20]
Decentralization
Due to blockchain's decentralized nature, a central authority is not checking for malicious users and attacks.[19] Users might be able to hack the system anonymously and escape.[19] Because public blockchains are not controlled by a third party, a false transaction enacted by a hacker who has a user's private key cannot be stopped.[18] Because blockchain ledgers are shared and immutable, it is impossible to reverse a malicious transaction.[18]
Private keys
Private keys provide a way to prove ownership and control of cryptocurrency.[18] If one has access to another's private key, one can access and spend these funds.[18] Because private keys are crucial to accessing and protecting assets on the blockchain, users must store them safely.[18] Storing the private key on a computer, flashdrive or telephone can pose potential security risks if the device is stolen or hacked.[18] If such a device is lost, the user no longer have access to the cryptocurrency.[18] Storing it on physical media, such as a piece of paper, also leaves the private key vulnerable to loss, theft or damage.[18]
Cases of Privacy Failure
MtGox
In 2014, MtGox was the world's largest Bitcoin exchange at the time; it was located in Tokyo, Japan.[21] The exchange suffered the largest blockchain hack of all time.[21] During 2014, MtGox held an enormous portion of the Bitcoin market, accounting for more than half of the cryptocurrency at the time.[21] Throughout February, hackers infiltrated the exchange, stealing $US450 million in Bitcoin.[21] Many in the blockchain community were shocked because blockchain technology is often associated with security. This was the first major hack to occur in the space.[18] Although analysts tracked the public address of the robbers by looking at the public record of transactions, the perpetrators were not identified.[18] This is a result of the pseudonymity of blockchain transactions.[18]
DAO Hack
While blockchain technology is anticipated to solve privacy issues such as data breaching, tampering, and other threats, it is not immune to malicious attacks. In 2016, the
Coinbase
Coinbase, the world's largest cryptocurrency exchange that allows users to store, buy, and sell cryptocurrency, has faced multiple hacks since its founding in 2012.[18] Users have reported that due to its log-in process that uses personal telephone numbers and email addresses, hackers have targeted the numbers and emails of well-known individuals and CEOS in the blockchain space.[18] Hackers then used the email addresses to change the users' verification numbers, consequently stealing thousands of dollars worth of cryptocurrency from Coinbase user wallets.[18]
By North Korea
In January 2022 a report by blockchain analysis company Chainalysis found that state-backed North Korean hackers had stolen nearly $400 million in cryptocurrency in 2021. A UN panel also stated that North Korea has used stolen crypto funds to fund its missile programs despite international sanctions.[22][23]
Privacy vs. Auditing in Blockchains
The introduction of "private" or "anonymous" cryptocurrencies such as
References
- ^ a b c d e f "BlockChain Technology: Beyond Bitcoin" (PDF).
- ISSN 0017-8012. Retrieved 2022-04-27.
- S2CID 27665746.
- S2CID 212620853.
- ^ .
- ^ .
- ^ .
- ^ a b c d e f g h i j k l m n o p q r s t u v w x Crosby, Michael; et al. (2016). "Blockchain Technology: Beyond Bitcoin" (PDF). Applied Innovation Review (2): 6–19.
- ^ a b c d Guegan, Dominique (2017). "Public Blockchain versus Private blockhain". Documents de Travail du Centre d'Économie de la Sorbonne.
- ^ S2CID 52931003.
- ^ Faife, Corin (2022-08-08). "US Treasury bans Tornado Cash mixer for role in crypto money laundering". The Verge. Retrieved 2022-08-16.
- ^ Are blockchains compatible with data privacy law?
- S2CID 211041743.
- ^ a b c d e f g h i Suzuki, Bryce; Taylor, T.; Marchant, G. (2018). "Blockchain: How It Will Change Your Legal Practice". The Computer and Internet Lawyer. 35 (7): 5–9.
- ^ "Crucial Factors for Implementing Warehouse Management System - SIPMM Publications". publication.sipmm.edu.sg. 2021-12-19. Retrieved 2022-10-26.
- ^ .
- ^ a b c d e f g Heroux, Mark (October 2018). "Cryptocurrency: Compliance challenges and IRS enforcement". Tax Adviser.
- ^ a b c d e f g h i j k l m n o p Wieczner, Jen (2017). "The 21St-Century Bank Robbery". Fortune. 176 (3): 34–41.
- ^ a b c d Primavera De Filippi (2018). "The Interplay between Decentralization and Privacy: The Case of Blockchain Technologies". Journal of Peer Production (9).
- ^ "Follow the Bitcoin With Python, BlockExplorer and Webhose.io". bellingcat. 2017-09-15. Retrieved 2022-08-16.
- ^ S2CID 3628110.
- ^ "North Korea hackers stole $400m of cryptocurrency in 2021, report says". BBC News. 2022-01-14. Retrieved 2022-02-04.
- ^ "North Korea stole a record $400 million in cryptocurrency last year, researchers say". NBC News. Retrieved 2022-02-04.
- ^ "Bittrex to Delist 'Privacy Coins' Monero, Dash and Zcash".
- .