How Blockchain Could Secure Elections

Elections are under threat from malicious actors that can infiltrate voting machines, alter voter registration databases, coordinate disinformation …

Elections are under threat from malicious actors that can infiltrate voting machines, alter voter registration databases, coordinate disinformation campaigns, and more. Blockchain technology could help.

In early 2017, US Secretary of Homeland Security Jeh Johnson designated elections as part of the nation’s critical infrastructure.

This means elections are eligible to receive prioritized cybersecurity assistance and other federal protections from the Department of Homeland Security, alongside nuclear reactors, federal transportation systems, and more.

Election security is especially important as midterm elections approach.

It’s “too late to protect the 2018 elections.” — Alex Stamos, former Chief Security Officer at Facebook

US intelligence officials warn that Russia and other hostile governments could interfere in the US congressional midterms on November 6th.

This summer, Facebook announced it was investigating malicious activity on its social platform, similar to the election meddling seen during the 2016 presidential election.

While November 6th is likely too soon to effectively secure every aspect of midterms election, there is still time to more effectively protect systems ahead of the 2020 presidential election.

Election security involves the protection of election processes and critical voting infrastructure from cyber attacks. Elements in need of protection include: registration databases, voting machines, other systems to manage the election, and systems that report & display results.

Some election security methods rely on time-consuming manual processes. This year, France and the Netherlands counted election ballots by hand to prevent hackers from interfering with results.

But now, blockchain is being touted as a new way to make elections more secure. Some states are already adopting the technology: West Virginia will make mobile blockchain voting available to overseas voters for the November midterm election.

Below, we detail the vulnerabilities in today’s elections, and the viability of blockchain technology to secure the future of voting.

TABLE OF CONTENTS

Election security vulnerabilities

Identifying vulnerabilities in election hardware and processes is vital to preventing future attacks.

For election cybersecurity, the focus is often on hacking voting machines. However, vulnerable machines are only one part of a complex, interconnected system with multiple weak points for bad actors to exploit.

Securing elections requires securing the entire process.

The five most vulnerable parts of the electoral process, outlined by Ben Buchanan and Michael Sulmeyer of Harvard’s Belfer Center Cybersecurity Project, are:

  1. Information warfare
  2. Electronic voter registration databases
  3. Voting machinery and tabulation systems
  4. Election reporting systems
  5. Post-election audits

Below, we detail a voter’s journey through the election process and highlight security vulnerabilities (in orange) along the way.

state of election security vulnerabilities

Here’s a more detailed breakdown of these potential election vulnerabilities.

PRE-ELECTION

Fake news & information warfare

fake news information warfare Before an election, the media voters consume helps shape their political opinions. But due to targeted disinformation campaigns, voters can have trouble determining fact-based sources to accurately inform their vote.

Digital deceptions distributed in the pre-election stages have a profound effect on election outcomes. Computational propaganda, digitally doctored photos and videos, weaponized social media, and more all can derail the democratic process.

In the run up to US midterm elections, experts are saying that homegrown disinformation operations in the US are starting to look like the foreign influence playbook deployed by Russia leading up to the 2016 election. Facebook has reportedly identified 559 pages and 251 accounts run by Americans designed to amplify misleading content and manufacture false consensus online.

Meanwhile, foreign influence operations are not going away. In August, Facebook announced it had identified and eliminated a new Russian network aimed at influencing Americans before the midterms.

For more on the effects of disinformation and digital deceptions, check out the CB Insights deep dive on the future of information warfare.

Hacked voter registration databases

hacked voter registration databasesAttacks on voter registration databases can also threaten people’s ability to vote.

Removing sections of voters likely to support one candidate could effectively swing a close election.

If a person’s identity has been removed from the voter registration database, they can’t check in at polls. An attack that deletes an entire state’s registration database could delay or even stop an election from taking place altogether.

According to indictments released by Special Counsel Robert Mueller, Russian intelligence officers successfully breached voter registration databases during the 2016 US presidential election. The indictments do not say whether Russia’s meddling had an effect on the election’s outcome.

The indictments echo a US Senate Intelligence Committee finding, which stated that Russia was in a position to, at a minimum, alter or delete voter registration data for a small number of states.

A cyber attack on voter registration databases is also in part an attack on privacy.

These databases often contain personally identifiable information (PII) such as names, addresses, phone numbers, and more. Hackers can exploit PII by selling it online in illicit dark web markets and use it to target potential voters with disinformation and propaganda.

DURING AN ELECTION

Hacked voting hardware

hacked voting hardwareVotes and election results can be tampered with by hackers that exploit vulnerabilities in voting machinery and tabulation systems.

From a cybersecurity perspective, every part of the election process that involves some type of electronic device or software (especially if connected to the internet) is vulnerable to hacking.

However, security experts agree that internet-connected voting machines, tabulation systems, and their networks are particularly vulnerable.

This year, for the first time, DEF CON (one of the world’s largest hacker conferences) featured a voting machine village (Voting Village) that let hackers hunt and exploit cyber vulnerabilities in election infrastructure — including voting machines, voter registration databases, and election office networks.

According to event organizers:

“By the end of the conference, every piece of equipment in the Voting Village was effectively breached in some manner. Participants with little prior knowledge and only limited tools and resources were quite capable of undermining the confidentiality, integrity, and availability of these systems.”

One of the biggest worries when it comes to hacked voting machines is that these devices are subject to class breaks — security vulnerabilities that break not just one system, but an entire class of systems.

For example, stealing data through a software vulnerability at one company is a breach, but finding a common software vulnerability that exposes hundreds or thousands of companies at once is a class break.

Vulnerable supply chains create openings for large-scale election security class breaks.

Hackers at DEF CON reported multiple cases of voting machines with parts manufactured outside of the US (including hardware developed in China), highlighting the possibility of foreign entities exploiting vulnerable election supply chains.

A vulnerability in the election infrastructure supply chain means that hackers only have to find one point of entry to disrupt an entire make or model of voting machine.

A small number of election technology vendors and support contractors service the software systems used by many local governments.

Three companies dominate the American election industry: Dominion, Hart InterCivic, and, the largest, Election Systems and Software (ES&S). Ninety-two percent of US voters that voted in the last ten years did so on a machine made by one of these three companies.

Attackers targeting one or some of these companies could spread malware on election equipment across thousands of jurisdictions at once, affecting millions of voters.

POST-ELECTION

Compromised election reporting systems

compromised reporting systemsManipulated reporting systems could announce inaccurate voting results.

Researchers at Harvard’s Belfer Center predict that if automated data streams are used to inform news organizations of an election’s outcome, attackers could manipulate those data streams to try to trick the news into announcing the wrong winner.

Hackers could also take over an official social media account and disseminate false results directly.

We could also soon see the creation of spoofed videos of officials announcing bogus election winners. Highly realistic fake videos could be created using generative adversarial networks (GAN) — a type of AI used to carry out unsupervised machine learning. In a GAN, opposed neural networks work together to fabricate increasingly realistic audio, image, and video content.

Post-election audit

inaccurate election auditDismay over an election can prompt calls for a post-election audit — comparing digital results to paper ballots.

However, post-election audits are vulnerable to inaccuracy without proper voting machinery in place.

Experts agree that reliable post-election audits are only possible with a paper trail. This means that voting machines that only record votes electronically (often via touchscreen) are not suitable for ensuring election integrity.

The safest voting machines use optical scan paper ballot systems. In these systems, voters mark their votes by filling in an oval on a paper ballot. Then the paper ballot is scanned by a machine at the polling place and digitized for electronic tabulation.

Today, there is no national mandate requiring paper ballot systems in the United States. States such as Georgia, New Jersey, Nevada, and others do not have a paper trail to follow post-election.

A new bill called the Protecting American Votes and Elections Act proposes that all state and local elections must ensure voter-verified paper ballots can be audited.

The bill also wants all federal elections to be subject to post-election audits.

The most reliable and cost-effective post-election audits are known as risk-limiting audits. Essentially, these test only the number of ballots needed to mathematically determine the accuracy of election outcomes.

Risk-limiting audits rely on hand-calculating the margin of victory to proportionally determine the number of ballots that need to be audited. Risk-limiting audits are new and adoption is not standard across election jurisdictions.

Currently, only 28 states require audits following elections.

Could blockchain technology be the solution?

blockchain technology solutionsBlockchain’s fundamental characteristics — transparency, immutability, and accountability — underscore the technology’s potential for securing elections.

While blockchain’s proponents argue that the technology could increase voter participation and improve security, some cybersecurity and election experts say blockchain makes election processes overly complicated and no more secure than other internet-connected election systems.

Despite this lack of consensus, several pilot projects around the world are starting to lay the foundations for blockchain-based voting.

Below, we highlight the technology behind a theoretically secure blockchain-based election.

To understand more about blockchain technology, check out the CB Insights primer: What Is Blockchain Technology?

Here’s how blockchain technology could affect the voting process.

PRE-ELECTION

Cryptographic media verification

cryptographic media verificationCryptographic techniques that underpin the technology behind blockchain can also help ensure that digital content comes from a trusted, accountable source.

Essentially, voters would only consume media that is stamped with a unique cryptographic identifier, which — when cross-referenced with immutable records on a blockchain — can prove beyond a doubt where the media originated. Media without an identifier would be considered less trustworthy.

In this case, instituting a blockchain system for media verification would likely have to be undertaken at the media level, in coordination with the government and non-governmental institutions.

Mobile apps for blockchain voting

mobile apps blockchain votingSkeptics note that any kind of voting over the internet is insecure, and that mobile adds layers of complexity that further erode security and transparency.

Proponents of mobile voting claim that making elections accessible via mobile devices can help increase voter participation — and that blockchain is the missing link in securing mobile internet voting.

West Virginia will make mobile blockchain voting available to overseas voters from all 55 counties for the November midterm election.

The program was funded with an initial $150K grant from venture capitalist and former Uber adviser Bradley Tusk. Tusk wants to increase voter participation, especially among active military personnel overseas.

After participating in West Virginia’s pilot program, First Lieutenant Scott Warner said,

“In the same amount of time that I could’ve pulled up and watched a YouTube video, I actually got to go perform my civic duty.”

First Lt. Warner is considered one of the first voters in US history to record his ballot via blockchain in a federal election. Election officials had to copy Warner’s vote by hand onto a paper ballot and scan it into a machine for it to count.

For the pilot, West Virginia used Boston-based blockchain voting startup Voatz.

The Voatz app uses facial recognition software to confirm voters’ identities, compliant with West Virginia’s laws. Votes are stored on the blockchain, inside what Voatz calls a “digital lockbox” in the cloud. The digital lockbox is essentially a secure cloud database that is made extra-tamper-proof via blockchain’s immutable ledger technology. On primary day, county clerks unlock and collect the votes for tabulation.

Other startups developing blockchains for elections include: Votem, Follow My Vote, Votebox, and XO.1.

Notably, mobile internet elections could allow for a longer window for voting at digital polls. For example, Estonia’s internet voting infrastructure allows voters to log on and vote as many times as they want during the pre-election period. Since each new vote cancels the last, a voter always has the option of changing their vote until the deadline.

DURING AN ELECTION

Digital identity and blockchain voting

digital identity verificationBlockchain could help centralize the management of voter identities.

Blockchain elections require an assortment of identity data — such as government-issued IDs and biometric data collected during online registration — to match a voter with his or her digital identity in a government voter registration database. Increasingly, biometrics like iris and face data are being used to prove identity in conjunction with voting on blockchain.

The government or party organizing an election can designate a consortium of universities, nongovernmental organizations, and others whose consensus authenticates identity and determines which voters can vote. The concept is what’s known as a permissioned ledger.

Blockchain purists say relying on a consortium runs counter to blockchain’s fundamental idea — namely decentralization. Having voter identities dispensed and revoked by central authorities puts voters back at the mercy of a few administrators who get to decide which votes count.

On permissioned ledgers Josh Benaloh, a senior cryptographer at Microsoft said,

“Blockchains are a very interesting and useful technology for distributed consensus where there is no central authority. But elections just don’t fit that model.”

Essentially, blockchain evangelists still have to contend with a number of technical issues that, if left unsolved, will limit the potential of the technology for transforming elections.

Blockchains could theoretically work well for securely storing votes in an immutable distributed ledger. However, beyond the secure database use-case, most blockchain election providers require additional layers of technology for effectively validating voters’ identity, keeping ballots secret, and letting voters track and verify votes.

POST-ELECTION

Post-election audits on the blockchain

post-election secure auditWith a public blockchain, each voter would be allowed to audit each ballot to confirm that reported vote totals are accurate, without revealing the identity or vote choice of each voter.

Today, the blockchain voting startups Votem and Voatz offer systems that enable voters to verify their own votes.

Voters cast ballots and receive QR codes tied to their vote. By scanning the QR code with another device, voters can reassure themselves that their vote was properly recorded. The system does not let voters know with certainty that their vote was part of the final election result, but no form of voting currently in use offers that level of assurance.

Opponents of blockchain voting claim that oversight and audits can be achieved more simply by other means, namely, risk-limiting audits designed to limit the amount of resources needed to prove an election’s integrity.

What’s next?

blockchain secure elections The gold standard for an election is one that is end-to-end (E2E) verifiable.

E2E verifiable elections have three primary components:

  1. Voters are assured that their choices are properly recorded.
  2. All voters can verify that their vote was counted in the official results.
  3. The public can verify that the results of the election are accurate.

In the future, we could see security experts and election officials converge to develop election infrastructure and processes that reflect the need for an E2E verifiable election.

Experimenting with blockchain could be an important stepping stone toward the E2E verifiable goal.

At the same time, bedrock cybersecurity measures such as data security, network and endpoint monitoring, penetration testing, and more will continue to play a critical role in election security for the foreseeable future.

Related Posts:

  • No Related Posts

Opinion Protecting the ‘right to be forgotten’ in the age of blockchain

The blockchain ledger is organised into blocks, where each block is linked to the previous block through cryptographic hash functions. These functions …

There’s been a lot of hype about blockchain over the past year. Although best known as the technology that underpins Bitcoin, blockchain is starting to disrupt other industries, from supply chains to energy trading.

One of the key selling points of blockchain is that once data is added to the chain, it can’t be changed or removed. This makes blockchain trustworthy.

But this same immutability makes blockchain problematic in a world where privacy laws require companies to delete your data from databases once it has served its purpose. This is known in some jurisdictions as the “right to be forgotten”.

We have designed a blockchain in which users can remove their data from the database without violating blockchain’s consistency.

There is currently a growing market of Internet of Things devices, from smart homes and self-driving cars to voice assistants and smart energy meters. These devices continuously collect digital biographies of our lives. As this data is increasingly being stored on blockchains, the tension between blockchain and the right to be forgotten will only increase. Our tool could help.

How blockchain works

At its core, blockchain is a database that is jointly managed by a distributed set of participants. Whenever new data is added to the database, all the participants must agree to verify it. In this way, blockchain removes the need for a third-party, such as a bank, to verify transactions.

The blockchain ledger is organised into blocks, where each block is linked to the previous block through cryptographic hash functions. These functions create a short code based on the content of the previous block, and it is not possible to guess this code without trying all possible codes. Chaining the blocks in this manner ensures that the data stored in them cannot be altered, as any changes made would break the blockchain consistency.

This makes blockchains immutable. It also makes blockchain data easy to trace and audit, particularly for large networks like the Internet of Things. These features are highly attractive for organisations operating across organisational boundaries, and in environments where participants may not fully trust each other.

Regulatory challenges

The European Union’s recent General Data Protection Regulation (GDPR) is a significant piece of legislation that is at odds with a digital economy underpinned by blockchain.

The GDPR requires companies that hold people’s data to erase that data once the original purpose they needed it for is complete. That means that people must be able to remove their data from third party databases after a certain period of time.

Blockchain – being unchangeable – presents an obstacle to exercising that right.

Risks to privacy

Let’s say you live in smart home that uses sensor data to monitor your home security. You have a home insurance policy and, in order to receive lower premiums, you allow your smoke alarm and security sensor data to be recorded on a blockchain.

The blockchain data can be accessed by the police, the fire department and the insurance company so they can audit any smoke alarm or security events. Once your insurance period has ended, you should be able to remove your security data from the blockchain to enhance your privacy.

If you left your data on the blockchain indefinitely, that would increase the risk of your data being identified as yours, and your activities being tracked by any entity with access to the blockchain.

A blockchain participant typically uses one or more public keys as its identities. The transactions in blockchain are stored anonymously, as there is no direct link between the public keys and the real participant identity. But a breach in identity in any of the transactions, for instance by linking the transaction content to other known data about the user, leads to all interactions of the users’s devices, stored in blockchain, to be tracked by all blockchain participants.

Removing data without breaking the chain

So being able to the remove data from the blockchain without “breaking the chain” would be beneficial for user privacy. It would also be beneficial to save storage space on the servers that store blockchain ledgers.

But currently, removing data from a blockchain is not possible without breaking the blockchain’s consistency.

We have come up with a solution that makes it possible to remove your detailed transaction data from a blockchain database, without removing the auditable trace that the transaction took place.

As described in our peer-reviewed publication this month, Memory Optimised Flexible Blockchain allows you to temporarily store, summarise, or completely remove your transactions from blockchain, while maintaining the blockchain’s consistency.

The remaining trace of the data (its hash) on the blockchain can still be used in the future, in case disputes over what happened arise. For instance, if a home owner wanted to verify that a break-in took place at their house under a previous insurance policy, they could provide a private copy of the data with its associated hash. A legal authority could then compare the hash of the person’s data with the hash that is still stored on the shared blockchain and thereby validate the authenticity of the person’s claim.

This approach provides you with full administrative control of your blockchain-stored data. It makes it possible for you to remove or summarise this data, without sacrificing the ability to audit the data in the future.

Reclaiming privacy and control

It is important to note that our published approach can run atop any existing blockchain solution, and does not affect the blockchain consistency. The links among blocks through hash functions are preserved, even as specific blocks are removed or summarised from the chain. In other words, the link of any blockchain entry remains, but the bag containing some data can be cut loose.

In fact, as long as the removed content is stored privately outside of the blockchain, the data’s authenticity can be independently verified at a later time by comparing it against the hash in the blockchain. In this way, you can reclaim control of any previously shared data and exercise your right to be forgotten in the age of blockchain.

The Conversation

Raja Jurdak, Research Group Leader, Distributed Sensing Systems @ Data61, CSIRO; Ali Dorri, PhD student, UNSW, and Salil S. Kanhere, Associate professor, UNSW

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Related Posts:

  • No Related Posts

Beyond Bitcoin: Can Blockchain Transform Your Portfolio?

… promising, among other things, risk reduction for investors in the sometimes unpredictable, hypersensitive, and volatile virtual currency market.

With cryptocurrencies à la Bitcoin trending as the newest hot investing commodity, cybersecurity becoming an ever-increasing priority, and asset growth the ultimate goal, it’s not difficult to see why blockchain is turning heads in the financial and banking spaces, making an indelible impression everywhere including healthcare, voting polls, travel, gaming, art, and design.

Blockchain seeks to revolutionize the way we invest and transact, promising, among other things, risk reduction for investors in the sometimes unpredictable, hypersensitive, and volatile virtual currency market.

As is the case with every emergent technology, optimism or skepticism in blockchain’s increasingly critical role in the investing arena may boil down to the pros and cons. Newsmax spoke with several experts in the field to weigh in on some of blockchain’s fundamental benefits and drawbacks.

“What blockchains really are for is grabbing a database, a platform; an Uber, a YouTube, a user interface,” says Shidan Gouran, president and CEO of Global Blockchain Technologies Corp., an investment company that provides investors access to a mixture of stability and growth assets in the blockchain space.

Bitcoin/blockchain-driven tech, according to Gouran, then takes transactional information generated from said platforms and converts it into data, similar to comments in a ledger — essentially another form of information storage. When money changes hands between two parties, the transaction is then recorded to a peer-to-peer computer network, where it and other transactions are encoded and combined to form a block. This block is added to and stored in a string of other blocks that form a chain, marking completion of the transaction.


On the transactional level, it’s this inherent DNA that points to one advantage — namely, that with a distributed network in place, the chain is virtually unbreakable, with no single point of vulnerability, and as such, imparts added user safety.

“One of the greatest benefits of the blockchain storage is that it multiplies information and, thus, makes it almost impossible to disappear. Almost — because there is always some way to hack the system,” says Sergey Uzhegov, deputy CEO of Tugush Blockchain Capital. “In the case of the blockchain technology, the possibility of losing or manipulating information is very low.”

Another security layer that lends credence to blockchain is its anonymity. “One of the key benefits of Bitcoin is that no one will be able to question you about the source of the funds utilized to procure bitcoins,” says Abhishek Shankar, CEO of Majime. According to Shankhar, anonymity doesn’t mean less transparency; since record of each cryptocurrency transaction remains in its respective blockchain, it becomes easy to confirm the number of bitcoins owned by a particular user, plus a summary of all transactions.

Blockchain’s relative lack of a centralized authority is another possible advantage. Traditional transaction verifications involve intermediaries; not so with blockchain-driven actions. “There is no middleman or a person in control who looks after the day-to-day transactions of Bitcoin,” says Shankhar. “Transactions are carried out directly through the network.”

“Having a decentralized blockchain/ledger to implement smart contracts will revolutionize certain industries by taking out the need for having a third party authenticate and verify,” says blockchain adviser Henry Rouquairol. “Rather than having a third party verify a transaction, the whole process will be trustless, so you do not require anyone to be trustworthy.”

Of course, some positives may also translate into negatives at the same time.

“Cryptocurrencies and blockchain are still quite new and nascent in development,” says Cynthia Huang, COO at Altcoin Fantasy. “There’s a huge opportunity and potential to get in early on a project that will end up being massively successful. This could be compared to purchasing Amazon stock in 1997; had people purchased a large amount of its stock that early on, they’d never need to worry about money again today.”

But by the same token, Huang notes, “There’s a lot of volatility, and there are also a lot of scams in the crypto and blockchain world. You really have to do your due diligence to ensure you understand how to identify a good project from a bad one.”

Gouran of Global Blockchain and Gene Massey, CEO of MediaShares.com, both agree that scalability issues within the blockchain paradigm have been known to produce transaction lag times — not something that people want in this day and age of lightning-fast mobile banking and peer-to-peer sharing.

“The single biggest problem with blockchain that I can see at the moment is the speed of transactions,” says Massey. “When Visa can do at least 10,000 transactions per second, and each blockchain transaction takes several minutes, how can they ever compete? Cryptocurrencies are still in their infancy and they may evolve over time, but their best advantage now is to force traditional companies to make major changes to be competitive.”

Despite the trepidation about crypto’s current abilities, tech leaders interviewed for this article were positive about blockchain’s future. For one, they cite its efficient design, carrying potential for streamlining transaction times and processes.

“Blockchain can potentially overhaul trade finance,” says Ron Shi, head of trading and analysis from Virtuse Exchange. “Verifying finance documents can be time-consuming and risky. Very often, banks have to take on the risk of a trade and audit through stacks of documents to verify the authenticity of the trades.”

Shi believes these efficiencies may enable blockchain tech to create new industry opportunities. “Not only does the technology drive efficiency and reduce cost,” he says, “the blockchain ecosystem also provides a brand-new way for institutions to generate revenue streams.”

Those revenue streams may also end up reaching far and wide, notes Gouran. With blockchain tech, “Any asset can be ‘tokenized,’ making rights to commodities such as precious metals and oil tradeable on a blockchain network, as opposed to less efficient traditional exchange platforms,” he says.

It remains to be seen if crypto and blockchain will require a governing agency for oversight. “The regulatory landscape around cryptocurrency is in constant flux, and it varies greatly between countries,” says Lucas Tesler, COO of Bit Buddy. “It’s still unclear how cryptocurrencies will be treated in the eyes of the government down the line.”

Gouran, however, believes that we’ll see at least one or more cryptocurrency or exchange backed by a government entity within a year, to add a layer of legitimacy to the concept.

What about the next five years, 10 years, and beyond? Alexander Tkachenko, founder and CEO of VNX, sees great things on the horizon for blockchain.

“Over the next five to 10 years, the markets will see a step-by-step evolution that will eventually completely change how the markets operate,” he says. “As blockchain matures as a technology and more infrastructure is created, mass adoption will follow, driving massive gains in terms of efficiency, access, and security. The markets will become a lot more transparent and the regulators will have [many] instruments to enforce compliance, which in turn will reduce the amount of bad actors and prevent malicious behavior. This will fuel more interest and readiness to participate from both institutional and main street investors, which will ultimately completely transform the face of financial markets,” Tkachenko said.

“I absolutely think that in the next four years, [crypto will] be part of the mainstream,” says Gouran. He predicts cryptocurrencies will be commonly accepted at retail points of sale, that most people will own multiple types of cryptocurrencies themselves, and finally, that it may do away with the need for a centralized banking system.

“It can touch the world in many places, and in a good way,” Gouran adds. “It is the way of the future, in that people will use it and create many currencies. It’s actually possible, through technology, to have many, many currencies representing many, many networks. You can still have the benefit of a centralized system to trade easily and make many different currencies. Computers make you able to do that.”

Related Posts:

  • No Related Posts

Protecting the ‘right to be forgotten’ in the age of blockchain

There’s been a lot of hype about blockchain over the past year. Although best known as the technology that underpins Bitcoin, blockchain is starting to …

There’s been a lot of hype about blockchain over the past year. Although best known as the technology that underpins Bitcoin, blockchain is starting to disrupt other industries, from supply chains to energy trading.

One of the key selling points of blockchain is that once data is added to the chain, it can’t be changed or removed. This makes blockchain trustworthy.

But this same immutability makes blockchain problematic in a world where privacy laws require companies to delete your data from databases once it has served its purpose. This is known in some jurisdictions as the “right to be forgotten”.

We have designed a blockchain in which users can remove their data from the database without violating blockchain’s consistency.


Read more: Blockchain is useful for a lot more than just Bitcoin


There is currently a growing market of Internet of Things devices, from smart homes and self-driving cars to voice assistants and smart energy meters. These devices continuously collect digital biographies of our lives. As this data is increasingly being stored on blockchains, the tension between blockchain and the right to be forgotten will only increase. Our tool could help.

How blockchain works

At its core, blockchain is a database that is jointly managed by a distributed set of participants. Whenever new data is added to the database, all the participants must agree to verify it. In this way, blockchain removes the need for a third-party, such as a bank, to verify transactions.

The blockchain ledger is organised into blocks, where each block is linked to the previous block through cryptographic hash functions. These functions create a short code based on the content of the previous block, and it is not possible to guess this code without trying all possible codes. Chaining the blocks in this manner ensures that the data stored in them cannot be altered, as any changes made would break the blockchain consistency.

This makes blockchains immutable. It also makes blockchain data easy to trace and audit, particularly for large networks like the Internet of Things. These features are highly attractive for organisations operating across organisational boundaries, and in environments where participants may not fully trust each other.

Regulatory challenges

The European Union’s recent General Data Protection Regulation (GDPR) is a significant piece of legislation that is at odds with a digital economy underpinned by blockchain.

The GDPR requires companies that hold people’s data to erase that data once the original purpose they needed it for is complete. That means that people must be able to remove their data from third party databases after a certain period of time.

Blockchain – being unchangeable – presents an obstacle to exercising that right.


Read more: What Wikipedia can teach us about blockchain technology


Risks to privacy

Let’s say you live in smart home that uses sensor data to monitor your home security. You have a home insurance policy and, in order to receive lower premiums, you allow your smoke alarm and security sensor data to be recorded on a blockchain.

The blockchain data can be accessed by the police, the fire department and the insurance company so they can audit any smoke alarm or security events. Once your insurance period has ended, you should be able to remove your security data from the blockchain to enhance your privacy.

If you left your data on the blockchain indefinitely, that would increase the risk of your data being identified as yours, and your activities being tracked by any entity with access to the blockchain.

A blockchain participant typically uses one or more public keys as its identities. The transactions in blockchain are stored anonymously, as there is no direct link between the public keys and the real participant identity. But a breach in identity in any of the transactions, for instance by linking the transaction content to other known data about the user, leads to all interactions of the users’s devices, stored in blockchain, to be tracked by all blockchain participants.

Removing data without breaking the chain

So being able to the remove data from the blockchain without “breaking the chain” would be beneficial for user privacy. It would also be beneficial to save storage space on the servers that store blockchain ledgers.

But currently, removing data from a blockchain is not possible without breaking the blockchain’s consistency.

We have come up with a solution that makes it possible to remove your detailed transaction data from a blockchain database, without removing the auditable trace that the transaction took place.

As described in our peer-reviewed publication this month, Memory Optimised Flexible Blockchain allows you to temporarily store, summarise, or completely remove your transactions from blockchain, while maintaining the blockchain’s consistency.

The remaining trace of the data (its hash) on the blockchain can still be used in the future, in case disputes over what happened arise. For instance, if a home owner wanted to verify that a break-in took place at their house under a previous insurance policy, they could provide a private copy of the data with its associated hash. A legal authority could then compare the hash of the person’s data with the hash that is still stored on the shared blockchain and thereby validate the authenticity of the person’s claim.

This approach provides you with full administrative control of your blockchain-stored data. It makes it possible for you to remove or summarise this data, without sacrificing the ability to audit the data in the future.


Read more: Using blockchain to secure the ‘internet of things’


Reclaiming privacy and control

It is important to note that our published approach can run atop any existing blockchain solution, and does not affect the blockchain consistency. The links among blocks through hash functions are preserved, even as specific blocks are removed or summarised from the chain. In other words, the link of any blockchain entry remains, but the bag containing some data can be cut loose.

In fact, as long as the removed content is stored privately outside of the blockchain, the data’s authenticity can be independently verified at a later time by comparing it against the hash in the blockchain. In this way, you can reclaim control of any previously shared data and exercise your right to be forgotten in the age of blockchain.

Related Posts:

  • No Related Posts

Opinion: How blockchain technology can reduce risks and lower costs after disasters

The transparency and security of blockchain, or distributed ledger technology, can increase trust and lower costs for a variety of programs and projects …
A Syrian woman in Jordan’s Azraq refugee camp uses iris scan technology to redeem WFP-provided food assistance using a blockchain-based system. Photo by: WFP / Mohammad Batah

Among the many disruptions created by blockchain technology, the most profound may come in the way aid is delivered to people whose lives are upended by wars, famines, and natural disasters.

The influx of aid following a disaster shows the power of human generosity. Sadly, corrupt officials and middlemen often see it as an opportunity to enrich themselves at the expense of the displaced. The Center for Global Development estimated last year that about 5 percent of global aid, or $8 billion, is lost to theft and corruption each year. Measured against disaster victims’ relatively modest needs, it is a staggering sum.

Blockchain-based distribution systems won’t eliminate corruption, but their ability to confirm identity and execute secure digital transactions can ensure that a larger proportion of aid will reach its intended recipients.

Blockchain technology promises to change the way we store information, confirm transactions, exchange money, and protect our identities. The transparency and security of blockchain, or distributed ledger technology, can increase trust and lower costs for a variety of programs and projects. This is particularly true in countries with a weak or underdeveloped legacy of telecommunications and financial infrastructure.

I saw firsthand how this idealistic promise could become reality in July, when I visited World Vision International’s Nepal Innovation Lab in Kathmandu.

World Vision created the lab after the 2015 7.8-magnitude earthquake that killed nearly 9,000 people in Nepal, injured more than 22,000, and destroyed hundreds of thousands of homes.

In the aftermath, the lab explored the use of blockchain to distribute money to those in need when roads become impassable and banking systems go offline.

The result is Sikka, a system that distributes digital credits to beneficiaries through an Ethereum-based blockchain. The credits can be exchanged for cash or goods at participating merchants, financial cooperatives, or relief centers. Sikka’s digital credits are distributed through SMS text messages managed on a restricted blockchain. Aid recipients text credits to merchants to make purchases. Because blockchain transactions are transparent, aid agencies can see when credits are spent and arrange payments for participating merchants.

Aid agencies and NGOs are testing blockchain technology as cash transfers become a mainstay of global philanthropy and development. Blockchain systems eliminate the need to take cash into volatile areas and they reduce losses caused by card theft. And by eliminating intermediaries, blockchain systems substantially reduce administrative costs.

Get development’s most important headlines in your inbox every day.
Thanks for subscribing!

To test their idea, Sikka’s creators created a permissioned blockchain — one that is open only to approved participants — to pay 73 workers hired to repair an earthquake-damaged irrigation canal. Digital credits redeemable for cash without charge at a local financial cooperative were sent to their phones by text. And project managers tracked distribution in real time via the blockchain.

Sikka credits aren’t a cryptocurrency. Once the cooperative verified the amount to be redeemed through the blockchain, the credits ceased to exist. That way, the number of credits outstanding always matched the amount of money left in the aid agency’s account. Sikka’s creators estimate that the system lowered the cost of administering payments by 78 percent by reducing staff time, transportation costs, and fees normally charged by intermediaries such as banks. Moreover, the blockchain virtually eliminated the risk of losses to corruption.

There are other pilots that validate blockchain’s value. Building Blocks, for example, is a system operated by the United Nations’ World Food Programme that distributes credits to refugees living in a camp near Jordan’s border with Syria. Instead of mobile phones, shoppers transfer their digital credits via an iris scan.

This is one of two basic lessons to take from the Sikka experience in Nepal: We are past the proof-of-concept phase. Blockchain can be successfully deployed to reduce overhead costs and risks associated with cash transfer programs, particularly in countries with poor physical and financial infrastructure. Aid organizations and local governments should work to tailor blockchain systems to meet their specific needs and then deploy them on a larger scale.

The second lesson is this: Aid agencies and NGOs should empower local young people with relevant expertise to develop technology-driven solutions to the problems facing their countries.

Their ingenuity — and their deep-rooted concern to improve their own societies — can lead to better ways of doing good.

You have 2 free articles left

Log in or sign-up to unlock all of the free news on Devex.

Related Posts: