The word “hack” is very ambiguous in the blockchain context. Hacking blockchain means “someone is trying to control more than 51% of the total computing power of the whole blockchain network.” The hacker is trying to read and reverse the transactions hidden in the blockchain network. However, the nature of blockchain makes this type of hacking difficult. Blockchains are theoretically tamperproof because “they use a cryptographic fingerprint unique to each block in the blockchain and they use a ‘consensus protocol’ – i.e., every computer in the network agrees on a shared history of transactions.” Nonetheless, hackers have tried and succeeded in tampering with blockchains because of problems resulting outside of their structure.
Blockchain also raises another “hacking-type” issue. Most people think of a data breach in terms of exposing private information to the public. However, that doesn’t make sense in the context of blockchain. Hacking blockchain is not the same as hacking Amazon because a blockchain is already public. A blockchain has transactions posted to a “public database” for review by anyone, which makes it more secure since everyone must agree before a change is made. This lack of privacy is considered to be one of its benefits but is also a big concern for privacy reasons.
How can we maximize the advantages of blockchain while protecting it from hackers and enabling privacy?
Blockchains are subject to rules established by the individual blockchain network as well as third-party rules. A blockchain’s own governance rules (i.e., governance by the infrastructure) are created by the community and encoded into the technology platform. They include decision-making procedures and technical rules.
The blockchain is also affected indirectly by third-party rules, which exist and operate outside of the blockchain infrastructure (i.e., governance of the infrastructure). These rules are not automatically executed but require a third-party authority for enforcement or oversight. Laws are one example of third-party rules affecting the blockchain. For instance, GDPR gives individuals the right to be forgotten, which can conflict with the blockchain’s internal governance rules, which don’t allow for such changes.
Security and encryption are also examples of governance of the infrastructure. They are outside the blockchain structure because they are applied differently by different developers. Encryption and similar rules make it possible for people to connect to the blockchain network, but also potentially makes the blockchain vulnerable if the encryption levels are poor.
The use of blockchain will be limited if parties can’t protect privacy. There are 3 primary ways to address the problem:
- Allow anonymity. We can utilize applications that allow for the authentication of transactions without the sender or receiver providing any personal information.
- Exclude sensitive transactions from the blockchain. This limits some of the usefulness of the blockchain but may be necessary until better solutions are developed.
- Use encryption. Through the use of public and private keys blockchains can be encrypted. The public key is a users’ address on the blockchain. The private key is a password that gives access to your transactions. The problem with public/private keys is that if you lose the private decryption key, you may not be able to retrieve certain information. One way to deal with that is to safeguard your private key by printing it out (a “paper wallet”).
Protecting blockchains from “hacking” necessarily involves both layers of governance, but it also revolves around encryption technology. Technologists must look at the blockchains protocols for weaknesses and then deploy the most effective tools to encrypt data.
For an overview of blockchain, read Blockchain Impacts More Than Cryptocurrency: Are You Ready?
CDS’ team of experts can help you plan for the future of eDiscovery today. Contact us to schedule an eDiscovery assessment.