Skip to main content

How blockchain will end data breaches

(Image credit: Image Credit: Zapp2Photo / Shutterstock)

2017 was undoubtedly the year of the data breach — and 2018 may be following suit when it comes to personal data getting into the wrong hands.

Five of the 10 biggest data breaches ever to occur happened in 2017. In America, 65 per cent of the population was affected by a major data breach, including the estimated 145 million who were affected by the Equifax breach.

In the UK, it was reported in October that the same event had affected nearly 700,000 people, although it has recently been suggested that these figures have been underestimated. This goes to show that the problem of data security is a global one.

More recently, the Cambridge Analytica scandal, in which data from more than 50 million Facebook users’ accounts was mined for political ends, demonstrates yet again that personal data stored in a traditional, centralised manner is open to unscrupulous attack. The harvesting of personal data from Facebook brought this home to the social network’s users in a very real and personal way — and has many wondering exactly how safe their data is.

This is important because, while data security just sounds like a technology issue to some, it is really about individual privacy and personal control. Tim Berners-Lee, the founder of the World Wide Web, said last year that we’ve lost control of our personal data — and it’s difficult to argue otherwise.

We might be able to purchase the products we want from across the world with ease and share the details of our lives with loved ones as never before, but at what cost?

Data breaches affect us all

We’re handing over more and more personal data to companies that store this information in centralised databases, which serve as a magnet for hackers looking to hijack our identities and steal our money. Or in the case of the Cambridge Analytica case, this data was a magnet for unethical entities collecting and misusing personal data to try to influence the outcome of a major election.

For the businesses affected, the damage is significant in a very tangible way. Globally, the average cost of a data breach is $3.62 million. In 2016, credit card and identity fraud cost $16 billion in the US alone. In 2015, lost revenue due to false positives—genuine transactions misidentified as fraud—totalled $118 billion. And that’s not even factoring the reputational costs to businesses whose customer data has been hacked.

In Europe, the General Data Protection Regulation, which comes into force in May, will attempt to ensure that fewer breaches occur through the threat of massive financial punishments. These could total as much as €20 million, or 4 per cent of a company’s global annual turnover, whichever is greater.

The problem is that these financial punishments do not, of themselves, tackle the problem of centralised databases that can be attacked and accessed by sophisticated hackers. Which is why we must look to different technology for a solution.

Encryption is the starting point

Long before Berners-Lee created the World Wide Web, humans were encrypting information in order to keep it private. Early cryptography began in the 800s with the Arab conquests, while transposition ciphers began appearing in the West around 1450.

The first username/password combination method was deployed at MIT in 1961. In 1979, the Data Encryption Standard (DES) was developed. In 1997, 128-bit encryption came along in the form of the Advanced Encryption Standard (AES). But even public key encryption — which first reared its head in 1973 — was known in its first publicly available incarnation as PGP, or Pretty Good Privacy.

Fast forward to today, however, and the blockchain, by incorporating the best aspects of cryptography, allows for the creation of an immutable, decentralised ledger that could finally spell the end of data breaches.

Decentralisation, immutability and the blockchain

For decades, technologists and entrepreneurs have seen the value of decentralised systems. From early peer-to-peer projects like Napster and BitTorrent to Bitcoin today, we’ve seen the steady growth of protocols and applications built on a decentralised model, but sadly, most companies that are storing personal data — including Facebook — is behind the curve.

Today, blockchain technology represents the latest advance in distributing computational efforts across a network — and we’re at the very beginning of applying it effectively.

The blockchain also offers immutability — meaning once data is added to the blockchain, it cannot be altered. Immutability on the blockchain is powered by “proof of work” cryptographic processes that require huge amounts of computing power to add new information to the ledger, as well as an almost inconceivably high amount needed to “game” the network.

The decentralised nature of the ledger, with all records of transactions replicated on every computer node within the network, means that any hacker trying to attack a single node — in the way they could a centralised database — is thwarted by the continual processing and recording of data on the other nodes.

Immutability and decentralisation combine to create a network of trust where all consumers and merchants are treated equally. Best of all, only an individual has access to his or her information — a principle known as zero-knowledge storage.

Blockchain delivers the full range of weaponry required to tackle data breaches: zero-knowledge storage, encryption, privacy, security and trust. The possibilities for personal and financial data are immense.

Imagine, for example, an online world that didn’t require a separate username and password combination for every e-commerce account. Operating within this sort of secure environment, you would not only be more confident in the privacy and security of your data, but also more willing to transact online.

Harnessing the strength of the blockchain, it’s entirely possible that the data breaches we know today could become a thing of the past very soon. This would be a new digital era, where individuals could control their data and personal transactions would be truly private and secure — and where businesses would not have to deal with the expensive headache of storing and protecting sensitive consumer data. The blockchain could create a revolution for everyone involved in digital transactions.

Alastair Johnson, the founder & CEO of Nuggets
Image Credit: Zapp2Photo / Shutterstock

Alastair Johnson, the founder & CEO of Nuggets e-commerce payments and ID platform. It stores personal and payment data securely in the blockchain, never shared with anyone, not even Nuggets.