Private protections via public ledgers

Blockchains like Ethereum are public ledgers: they store pieces of data on a shared system that anyone can access, and nobody can delete. One of the things this enables is a new ‘identity layer’ for the Internet, giving users control of their personal data.

This would change the dynamics of digital interactions, likely altering the currently popular model of collecting and monetizing vast amounts of consumer data — the practice that led to regulations like GDPR. This new dynamic is now possible because decentralized technologies can let us build a decentralized consensus around who somebody is, rather than relying on centrally built and managed silos like Facebook or governments.

There’s an irony to using a public ledger to enable and protect private data. If personal data were put on Ethereum, that data would be permanently public for all to see and use. That is, of course, not what we’re doing at uPort. As detailed in our approach to privacy-preserving identity, this new system relies on a public ledger but minimizes what data is actually put there.

All that needs to be stored on-chain is decentralized identifier (DID), which is just a random string of characters. It’s currently not explicit whether these addresses will be classified as personal information under GDPR. Some precedent and the treatment of IP addresses suggests it may, at least in some cases. However, the DID itself tells nothing about the user: it is simply a random public address that a user claims control of through a private key in order to interact with others via a decentralized identity.

The personal data associated with a DID is controlled privately by the user. This data can be stored on private servers and encrypted so nobody but the user has access, can be pseudonymous so even when the user shares it doesn’t tie to their identity, and can be deleted anytime the user chooses. The only thing public is coded ‘pointers’ between the users DID and servers where the information is stored.

Multiple DIDs are used so that even pseudonymous identities can’t be correlated. In uPort’s system, a user can have a separate identity for each relationship or account, so observers of the public ledgers can’t even build or correlate a significant picture of an pseudonymous identity — only fragments are publicly visible, with no ties between them.

This combination does require thoughtful design to help users, who act as their own data controller. Personal data does not need to be stored publicly — but it certainly can be. Many products, proposals, and open source projects would enable users write personal data to a blockchain if they chose to, and once this is done it cannot be undone. While we cannot control what’s possible in a world of open-source software, we can help developers and users make good decisions. GDPR does not really anticipate situations in which the user is their own controller, and their own legal obligations to themselves.

Done right, users never have to disclose their personal data publicly and get all the benefits of an immutable, user-controlled transaction history. As one example of the flaws of today’s system: 21% of credit reports have erroneous data in them. Immutable transaction records would enable proof of origination to prevent this (and the billions of dollars spent each year on identity resolution, with companies trading user data back and forth), while not requiring that users ever disclose their personal data.

This system isn’t just more secure, it can be more private and far more powerful. Not just for users, but for businesses too: it will make it possible for companies to deliver the same or richer user experience without the risk & cost of holding customer data.