Digital oblivion in the age of the Internet of Blockchains
The Blockchain technology, made famous by the pioneer of crypto currencies – the Bitcoin, has meanwhile found its way into the minds of the public.
Blockchain is a term that more or less conveys the promise of an improved and freer Internet. Activists in difficult political situations, for example, can circumvent economic sanctions and find ways to present their opinions against censorship attempts on the Internet. Companies hope to increase the security of their data, improve process performance such as supply chain management or make more efficient use of available resources. The potential of blockchain technology is therefore manifold.
But in addition to many euphoric thought leaders in this field, many critics also raise their voices with quite meaningful arguments. In addition to the theoretical possibilities of majority attacks and the theoretically possible existence of a kind of “universal key”, data protection is also a point of conflict again and again.
In particular, I would like to turn today to some thoughts on the subject of digital oblivion, especially since this concept is not compatible with the basic structure of the blockchain.
A blockchain is known to be a chain of blocks. Information is brought together in blocks, provided with a checksum and entered into the chain of already existing blocks with reference to the preceding checksum. Only the first block, the so-called Genesis block, of course has no reference to a previous checksum, since in fact no “previous” block exists.
This chain of blocks is continuously increasing in size. The NEO blockchain counts about three million blocks at this time, the Steem blockchain counts 27 million blocks at this time. In principle, there is no limit to the block height or the length of the chain.
Also in 10 years it will be possible to see the Steem block number 27,235,24 and determine which information it contains. Likewise, if you follow the previous checksum of the block, you will eventually arrive at the Genesis block.
If one now also realizes that these blocks exist on several distributed nodes, one quickly realizes that the deletion of information seems practically impossible.
This interests me in particular, since I live in Germany. As far as data protection is concerned, the so-called DSGVO – Basic Data Protection Regulation – became active in May 2018, which is intended to protect the digital data of Europeans in particular.
Part of the basic data protection regulation is Article 17 – the “right to be forgotten”. I have translated a large part of the article to give you a better insight into the regulation:
(1) The data subject shall have the right to obtain from the controller the erasure without delay of personal data relating to him or her and the controller shall be obliged to erase without delay personal data for any of the following reasons:
a) Personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject shall revoke the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there shall be no other legal basis for the processing.
c) The data subject shall object to the processing pursuant to Article 21(1) and there shall be no overriding legitimate reasons for the processing or the data subject shall submit the following pursuant to Article 21(2) object to the processing.
d) The personal data have been processed unlawfully.
e) The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
f) The personal data were collected in relation to information society services offered in accordance with Article 8(1).
(2) Where the controller has made the personal data public and is obliged to erase them in accordance with paragraph 1, he shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers processing the personal data that a data subject has requested them to erase all links to or copies or replications of those personal data.
You can find the german source here: https://dsgvo-gesetz.de/art-17-dsgvo/
In summary, it can be said that European users thus have a right to have any personal data deleted from them. As already mentioned above, in block-chain worlds this is relatively difficult, practically impossible. This creates a direct conflict that must be dealt with.
In the area of common crypto currencies this conflict is relatively simple to represent and even a solution is not far away. Each transaction is linked to a public key of the user. In the original form of the blockchain, this key is unchangeable and virtually linked to every transaction. In the long run, this enables a more comprehensive transaction profile to be established, which can provide information about the identity of a person.
The solution to this “simple” problem can be found in the so-called root key method. This root key would generate new keys for each transaction, which would then be linked to the respective transactions without a unique assignment taking place.
In principle, there are other approaches how to deal with this problem, but I would like to become a little more specific.
Some of you are already moving to social media platforms, which are realized via a blockchain. The prime example at the moment is the Steem-Chain. The Steem Blockchain is a blockchain specialized in content, which maps contents of social media on a blockchain. Anyone who has ever written an article on Steemit.com and has not freed it from any information within seven days has immovably immortalized himself on the blockchain. No matter what the content of the contribution was, this content will remain permanently – practically without any chance of processing or deletion. The decentralized storage and the absence of a super-user make this virtually impossible.
Now the question arises, of course, to what extent this is to be evaluated legally, but also morally. And to take this in advance: It will not be possible for me to evaluate this finally. I refer here to my statement:
Blockchain empowers people, but increased power also means increased responsibility.
A simple scenario is a fifteen year old boy who accidentally becomes aware of Steemit and starts to get actively involved on the platform. As many can certainly imagine, there is the possibility that the young person writes things that he may not want to see publicly linked to his person on the Internet in later life. But once he has left the corresponding footprints in the blockchain, they are permanent and any content can be directly linked to him throughout his life.
Many may think, yes, of course, but I only post what I want, what others associate with me. Only then is this filtering dependent on the perspective of the individual in question and the consciousness of what I want to see connected to me and what I don’t want to see connected to me. I maintain that this was rarely optimally pronounced in a teenager from his later point of view and that this consciousness changes very strongly.
In retrospect, this person no longer has the possibility to change the contents that are linked to his person. In principle, there is a danger that data will remain irrevocably on the Internet without blockchains. However, this is the basis of the blockchain, which is yet another conflict.
I would be interested to know how others judge this issue. My understanding of morality tells me that this person actually has a right to process this information afterwards. On the other hand, the topic must be dealt with more explicitly so that young people can develop an awareness of their own data.
However, I also find the idea of integrating digital oblivion into the actual technology exciting. What exactly this integration would look like, I won’t mention in this blog. There are different approaches which could represent solutions for digital oblivion. Basically, however, the discussion is still ongoing.