Cambridge Analytica: Using blockchain to prevent data breaches

The old adage stands: if you’re not paying for it, you are the product.

By now, we’ve all heard the news of the Cambridge Analytica under-the-radar data mining efforts, resulting in the harvesting of over 50 million Facebook users’ accounts. This is exactly the sort of abuse of social media many have feared all along.

For a growing number of people, it’s the use of personal information for microtargeting by political campaigns that breaks the camel’s back on this issue.  It’s an especially dramatic reminder that – despite Facebook claiming otherwise – users are not in full control of their data. And critically, it’s only the latest in a long series of such reminders. This is not a one-off issue, it’s a systemic one. The Equifax breach is still an open wound, and in the past year we’ve seen hacks affect major services such as DailyMotion, Instagram and Yahoo.

We have to reconsider how we manage data. Increasingly, blockchain technology is dominating the discussions around securing sensitive information, without having to rely on a third-party.

The key problem is trust. Centralised custodians are entrusted with too much valuable data, making them tempting targets for malicious attacks. Until the recent introduction of GDPR, there has been little pressure on businesses to keep user information safe. Sanctions for poor practice are long overdue. But they don’t solve the problem. What we need to do is switch to a decentralised system in which users hold and control their own data – not companies.

Levelling the playing field

Blockchain (or decentralised ledger) technology answers the question, who should we trust? The answer: no one. Every node on a blockchain network possesses an up-to-date copy of the database and validates authentic interactions between parties.

This essentially cuts out the third party that would traditionally oversee such transfer of information. Participants remain in complete control of their data. They can choose to keep it encrypted on their end indefinitely, reveal it selectively to parties they wish to deal with, or monetise its usage.

Blockchain-based architecture is also a painkiller for the headaches that come with preparing for GDPR. The concerns around data storage vanish when there’s no data to store.

It also levels the playing field for users. Traditionally, only businesses have benefited from consumers’ data. Even advertising titans like Unilever have recently begun to question the transparency and ethics of industry.

Online payment is a particular example of an industry sorely in need of a blockchain revamp. Anyone using e-commerce in its current form is  sitting on a ticking time-bomb.

That’s because every time you make a digital purchase, you’re handing over a bundle of valuable information, like their name, address, email, and card details. This highly sensitive information ends up scattered across the internet in dozens of data silos, just waiting to be compromised. And if just one record is breached – by accident, malfunction or malicious attack –  it can be sold or leveraged for fraudulent purposes. If one record is compromised, they’re all compromised.

Compare this with a distributed ledger, where such data is encrypted (and the hash stored on every node). Any attacker wishing to siphon the information would need to control the majority of the nodes. As well as being incredibly difficult technically, this would be an immensely costly venture.

It’s time to think about how we leverage blockchain technology to push for a more decentralised infrastructure. As legislators crack down on data storage, society is beginning to understand who should be the ultimate custodian of an individual’s information: the individual themselves.

Interested in hearing leading global brands discuss subjects like this in person? Find out more at the Blockchain Expo World Series, Global, Europe and North America.