Kalypton CEO Lars Davies speaks to Policing Insight about the hype surrounding data protection and blockchain.
As Gartner observes, Blockchain is massively overhyped but that doesn’t mean it should be ignored: “Blockchain technologies are extremely hyped, evolving at different trajectories, but should not be ignored. They offer the potential for substantial change in technology development and delivery as well as in how the economy, business and society operates.” This claim is made in the analyst firm’s ‘Hype Cycle for Blockchain Technologies 2017’ report – published in July of this year.
Rick Muir, Director of the UK Police Foundation, recently spoke to Policing Insight about the buzz surrounding blockchain and other distributed ledger technologies (DLT). While attending the Blockchain Live conference in London, he found that they were being presented as a means of addressing the anxieties of consumers, businesses and public services over cyber‐security and online privacy. Yet, the hype surrounding blockchain and ‘DLT’ shows that many people have no understanding of the underlying technologies that make them work.
The premise of Muir’s article is that blockchain may benefit both policing and public services, and as an organisation it seems to be completely convinced that this claim is true. Liz Crowhurst, for example, wrote in July 2017 a whitepaper on ‘Reforming justice in the digital age’. The report was published in partnership with Canadian global information technology consulting, systems integration, outsourcing, and solutions company, CGI.
In the report Crowhurst writes: “While currently, there is a reliance on centralised and decentralised databases that require a large central administrator and are expensive to run, a relatively new innovation, in the form of Blockchain technologies, may have the potential to overhaul the way justice agencies store and share information. Blockchains are a form of distributed ledger technology (which is an innovative type of secure database) that can be replicated, shared and synchronised across multiple locations.”
In the next paragraph on page 12 of the report she continues: “Not only is it more secure than other ways of storing and sharing information (mainly because a breach would require multiple – rather than a single – point of failure within the network), but the fact that Blockchains can automatically reconcile updates means the reliance on lower‐skilled administrative workers is reduced. In addition, despite lower costs, it also offers much greater opportunity for the personalisation of services.
As Melanie Swan, Founder of the Institute for Blockchain Studies argues: “Governments could shift from being the forced one‐size‐fits‐all ‘greater good’ model at present to one that can be tailored to the needs of individuals. Imagine a world of governance services as individualised as Starbucks coffee orders.”
However, Blockchain and cryptocurrencies such as bitcoin emerged at a time of increased distrust in institutions around the financial crisis. With Blockchain and DLT, the problem is that we’ve stopped trusting institutions and now we’ve started to trust absolute strangers. At the same time, people have begun to place more trust in their networks. This is articulated by Rachael Botsman’s speech at the TED Summit. This made a favourable environment for the notion of shared trust and Blockchain was considered, until recently, the only way to achieve that.
No place in policing
While it’s true that governments around the world and even the European Union, as well as other institutions, are keen to explore Blockchain and DLT, there is the possibility that Blockchain has no use in policing or criminal justice. It also has its ironies. For example, the origins of the blockchain are quite shady – having emerged from the dark web where many miscreants lurk.
Blockchain has, in my view, no place in policing and criminal justice because it shares the data as well as a misunderstood concept of trust in that data. Sharing data is not always a problem, as long as that data that is shared does not breach privacy or confidentiality. Take, for example, e‐voting. We might be happy with election results for each constituency to be written to a Blockchain, to then be shared widely as it is inherently public data. But what about the way that each individual voted? Isn’t that inherently private?
With Blockchain there is a lack of privacy, and with the help of cookies users’ activities can be traced. This means that any anonymity that many Blockchain proponents claim about the technology, just isn’t there. Even if data on a Blockchain can be obfuscated for certain viewers, people can still gain useful information simply by monitoring the traffic to and from the Blockchain.
Even if researchers find a way to obscure the actual data, activity patterns can be revealing. For example, let us say that police force A knows that a certain part of the blockchain holds records pertaining to a deceased politician. Police force A can observe that forces B and C are looking at the same part of the blockchain. A journalist with sources at any of those police forces might gain similar knowledge.
Blockchain’s model of trust is often misunderstood. The ‘trust’ that blockchain can provide is not trust in the accuracy of a record, or indeed that a stored record is an accurate record of a transaction, fact, or whatever. Blockchain, instead, simply provides a level of trust that a record, once added to the blockchain, will not be revoked at a later data. It does not validate the accuracy of a record. This presents major problems when it comes to recording evidence.
Blockchain’s poorly understood trust model raises concerns about the preservation of digital evidence. In this case data protection only applies from the point that the data was captured which is some time after it was created. It therefore has the potential to fall foul of the hearsay rule. And, of course, the process by which this data can be shared is not easy or obvious as there is no chain of custody from the creation of the record to the creation of the block and until it is added to the blockchain. If a solution can be created to the sharing of digital evidence, then that solution can readily be applied to the sharing of non‐evidential data also.
The question also arises of what happens when the evidence is shown to be incorrect. This is not a theoretical question but one that is very real. Just because something has been presented as evidence does not mean that it is correct. If it is not correct then the record should be corrected or deleted. And what about information that should not have been recorded? Incorrect records can have a detrimental impact on the lives of the innocent, let alone those who have never been given the chance to prove their innocence or disprove an accusation, but who have ‘evidence’ recorded against their names.
I believe that the optimal solution to the issue of sharing evidential or non‐evidential data lies in a process that creates tamper evidence as the record in question is being created. This eliminates the hearsay issue comprehensively. It makes it possible to expunge the record should circumstances dictate as the record itself is not immutable. The data can be held privately and then shared by the owner of the data under well‐defined operating procedures. Its tamper evidence can be demonstrated by anyone who is subsequently given a copy of, or access to, that data.
The net result of this proposed architecture is:
- The ease of data sharing where required and under the control of the owner of that data or under warrant where appropriate,
- The gaining of the privacy of the data until that point,
- The ability to show and make available tamper to all viewers, where that tamper evidence was created contemporaneously with the record eliminating any temporal gap
This is crucial because even in the case of a permissioned blockchain, the issues of privacy and trust are not completely addressed. Would a police force want an arrest record or some digital evidence to be viewable by any other police force? In the case that one police force had a breach, every police force could suffer. This is because all police forces would have a full node containing records to all forces participating in an information sharing network. Therefore, the data belonging to all forces would be accessible given a breach at one participant.
Imagine that 20 banks operate in a market. All banks have the full blockchain for all transactions, when only the two parties to the transaction should have records of them by right. Sharing data more widely might aid competitors or enable illegal market fixing activities. In policing and criminal justice terms, a lack of security and privacy could lead to vital digital evidence failing in the wrong hands – jeopardising an investigation or a trial.
GDPR and data controls
So, would a police force want an arrest record or some digital evidence to be viewable by any other police force? The presumption must be that the police forces would not want that to happen automatically, and therefore the presumption should be that, that data is private to that force. Where there is value in sharing data on fraudsters who operate across geographic boundaries, this should be a conscious and informed decision to share rather than something that happens because the underlying technology requires it.
There is also the possibility that any police forces and any criminal justice organisations using Blockchain may not be able to achieve compliance to the forthcoming EU’s General Data Protection Regulations (GDPR). Here’s a summary of the key parts of the regulations, which illustrate why this may be case‐based on the limitations of Blockchain and other DLTs:
‘… Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable person. …’
‘… The explicit introduction of ‘pseudonymisation’ in this Regulation is not intended to preclude any other measures of data protection.’
‘… Every reasonable step should be taken to ensure that personal data which are inaccurate are rectified or deleted. …
Once data is written to blockchain, it is immutable. So, personal data cannot then be rectified or deleted. So, it can neither be removed nor altered. It is as if the data has been written to a WORM drive and it suffers the same problem. The data is there, perhaps to be observed by all, even if the person of interest has been acquitted with no case to answer and the records to be expunged.
Improper records on a blockchain can only be removed with drastic surgery to it. So, how will police forces and criminal justice organisations delete records once someone is found innocent, or once a conviction has been spent, or if those records should never have been kept in the first place? What about the incorrect records that led to false convictions that were later overturned? Muir is right to suggest that Blockchain technology should not be breathlessly as the solution to all our problems. For law enforcement, I’d say from my experience the Blockchain and other DLTs can often be more problematic than the hype will ever reveal.
The truth is that Blockchain’s security is often far from watertight. I would therefore advise police forces and criminal justice organisations to go beyond the hype to protect themselves from unintended consequences. You may just find that the inherent complexities and weakness of Blockchain and other DLTs just mean that the underlying technology is not right for you. However, my colleagues and I at Kalypton believe that there are some solutions to many of these issues.
Solving the issues
We believe that these problems lie in fundamental design problems with Blockchain and all DLT solutions that require all data to be shared as well as the trust in the data. Our approach has been to ensure that the data is kept private to the entity that owns it but that the trust is shared widely. This is achieved by separating the data from the audit trail pertaining to the data. We call this Distributed Trust in Private Ledgers as distinct from the Distributed Ledger Technology of Blockchain. However, our model of trust is different to that of blockchain and DLTs. The model takes its basis from the legal requirements to validate the contents of records and means that you can trust the contents of the records themselves, that they are as they were recorded. It means that you know that a record exists, that its chain of custody can be verified. It means that you can delete or amend the record as and when you need to do so, and that the deletion or amendment is captured and audited, together with the reason for that action.
The technology can be used in conjunction with DLT however. So, returning to the e‐voting use case, the electoral officer for each constituency might be the only person who has a record of each vote without knowing the real‐world identity of each voter. He simply has a unique reference number for each voter to ensure that there is no duplicate voting. This is private data, but the sum totals of votes cast for each candidate is public data that can be written to the Blockchain for immutability and widespread sharing.
In these days of fake news, the Blockchain can become the publication of record that everyone can rely on. Nothing more and nothing less. Unlike blockchain solutions, our Tereon platform delivers benefits without a requirement for a regulatory sandbox or legal changes. This allows organisations to achieve legal and regulatory compliance by enabling them to escape the Blockchain hype with the development of a deep understanding of what technology can deliver and really achieve.
Click here to read the full article on www.PolicingInsight.com