Persona & Private Data
- by Samuel Santos
- 9 posts
-
Who has your personal data and what is being done with it? Click investigates Facebook's data sharing practices.
Subscribe HERE http://bit.ly/1uNQEWR-
- 1
Francisco Gimeno - BC Analyst BBC Click is one of those programs which inform in a way which leaves you open to research and ask yourself more questions. It dares you to inquire while predicting what is going to happen in the tech world. Data is a hot issue now and will be for a long time. Data is the new gold, and who controls it is the new rich kid on the block. What can we do to control our own personal data, and how can we change the economy of data usage?- 10 1 vote
- Reply
-
-
Hard Fork has yet to confirm for how long the tweet remained on G Suite’s feed, but it was no less than 11 minutes (as you can notie on the screenshot. (Update 19:52 UTC, November 13: Ernst Mulders, who provided the screenshot above, told Hard Fork the tweet disappeared a couple of minutes after he took the screengrab.)
Google has yet to address the mishap with an official statement. (We’ve reached out for comment and will update this piece accordingly if we hear back.) Earlier today, US retail giant Target failed victim to the same malicious tactic.
Indeed, the company confirmed a tweet linking to a malicious Bitcoin giveaway remained on its feed for approximately half an hour.
The G Suite incident took place moments after Twitter told Hard Fork it is working on curbing the series cryptocurrency-related breaches on its platform.
With this development, the Big G joins the long list of victims, which now includes numerous retail giants, politicians, and government accounts.- By Admin
- 0 comments
- 3 likes
- Like
- Share
-
Last week, the Security Token Academy held its second annual STO focused event in Manhattan.
This year, attendance at the Security Token Industry Launch event increased dramatically as more financial services players are viewing securities on blockchain as a likely path for the future of investments.
Simultaneously, crypto startups don’t want to be left out of the regulated path for issuing securities on blockchain.
While most people in attendance are of the belief that blockchain can streamline the back office operations of securities issuance, while making it easier to securitize assets, many questions remain regarding ICOs and secondary transactions.
Digital assets may benefit from a more automated process that reduces intrinsic sector bottlenecks. Technology can take a T + 2 trade to T + a few minutes. Regulation and compliance can be cooked into smart contracts.
For certain asset classes, such as real estate, some advocates envision a far greater universe of what can be securitized, and eventually traded on a digital marketplace, regardless of jurisdiction.
While still very early days, visionaries predict a very different landscape in the future of the financial services.Below are just a few of the comments made by the various speakers during the STO event.
“When we started Circle five and a half years ago we were very excited about cryptocurrencies. We became immediately convinced this would become the foundation as to how the global financial system works.”
“Seedinvest has built a very nice business helping hundreds of businesses to raise capital over the internet … [We are] kind of a made for each other, security tokens and crowdfunding…”“We see it being a very, very complimentary match to the roader set of things we are doing.
We are on the cusp of new forms of capital formation” [commenting on SeedInvest acquisition]“… a lot of hype and a lot of excitement. It is very justified. The impact is far far greater than any of us anticipate.”
Jeremy Allaire – CEO and founder of Circle
“If you are talking about high frequency trading there is not a blockchain in the world that can handle that…”
Boris Reznikov – Director of Partnerships, Interstellar“Hedera Hashgraph is not a blockchain topographically. We are really a performant distributed technology … being fast, fair, and secure.”Rachel Lam – Market Lead, Financial Services, Hedera Hashgraph
“The crypto people are still skeptical of the security token people.”“We went from 100% of people not knowing what it is to 99% of people not knowing what it is.”
Carlos Domingo – CEO and co-founder, Securitize
“People come to our platform because we have a reputation of getting quality deals that have been vetted.”
Ryan Feit – CEO and co-founder, SeedInvest
“We look at smart contracts as the ultimate structured product. On Monday night we closed on Aspen Digital. Ten days from now you will see us launch a very large fund interest.”“Regulation first, technology second. That wins the day.”
Vince Molinari – CEO and co-founder, Templum
“We are blessed with an extraordinary piece of legislation [the JOBS Act of 2012]. People should read it … It’s masked by this whole crypto world that has raised billions. Crypto is going to move towards that legislation.”“We need to decentralize the SEC.”
Howard Marks – CEO and co-founder, StartEngine
“Everything you described can be programmed into smart contracts. Programability amplifies regulation to where it becomes a smart contract.”
Michael Ovid – co-founder, AirSwap
“I think a lot of jurisdictions outside the US see this as an opportunity to catch up to the US … Things move more slowly here because there is already an established capital services market.”“We will haver some exciting news to share shortly. ETOs [STOs] will begin in Q4 of this year.”“This is a major, major revolution that will take years to play out…”
Alex Molé – Investor Relations Manager, Neufund
“What we are trying to do with Neufund, as well as others, is to build upon regulatory structures. Malta is the first country that has regulations … structure which can go to market. You have regulatory structures that are trying to catch up.”
Cliff Pace – Head of the Fintech Accelerator Program, Malta Stock Exchange
“For those that entered into the ICO [initial coin offering] space and did these offerings that are not really compliant it will be interesting to see how these convert into the market place.”
Yoel Goldfeder – CEO, VStock Transfer
” … if you are looking to monetize a single asset … it is proven to be very challenging in the public marketplace … tokenization of real estate can provide a way to monetize in a way in private markets that you could not in public markets.”
Jason Myers – Partner, Clifford Chance
“I think you would be surprised at some of the names that are looking to do things here.” [speaking about real estate and tokenization]
Brad Greiwe – co-founder and Managing Partner, Fifth Wall“Why no active STO [security token offering] exchanges? It will take some time …”Troy Paredes, founder, Paredes Strategies and former SEC Commissioner
- By Admin
- 0 comments
- 2 likes
- Like
- Share
-
Blockchain needs security, the same as any other kind of technology. In this article, Sarah Rothrie explores a brief history of cryptography, how it applies to blockchain, and why hashing is necessary for the integrity of the chain.
This article was originally published on CoinCentral.
Distributed computing, mechanism design, and cryptography algorithms form the holy trinity of blockchain technology. Distributed computing utilizes a decentralized network of computers and existed before blockchains in the form of torrenting networks.
However, torrenting sites had no means of governing the behavior of participants, which is where mechanism design enters into blockchain. It provides the incentive for network participants to work for the good of the network.
Cryptography is what serves as security for protecting those incentives. The seminal Bitcoin white paper explained how these three scientific principles could play together to form a secure, peer-to-peer exchange of value that would eliminate the need for a third party in financial transactions.
While each of these principles is deserving of its own explainer, this article will focus on cryptography and how encryption algorithms serve blockchains.SEE ALSO: The ultimate guide to Blockchain programming for new developers
A brief history of cryptography
Cryptography in some form has been around since the time of ancient Egypt. Before the age of computing, it meant using a simple cryptography algorithm called a cipher to transmit messages. One of the most often-cited is the Caesar cipher, used by Julius Caesar to communicate with his generals in the Roman Empire.
The Caesar cipher substituted each letter of the message by the letter that comes three places after it in the alphabet, so A becomes D, B becomes E and so forth. As long as the system used in generating the ciphertext remains secret, the message could also remain private.
Later on, in the 16th century, Vigenere introduced the concept of an encryption key to cryptography algorithms, which could decrypt coded messages. Using the Vigenere cipher, the message text was transcribed into a single keyword that is repeated until it matches the character length of the original message. This keyword then generates the ciphertext using a table.
The critical development here is that security of messages transmitted using a Vigener cipher depended on the secrecy of the key, not the system itself.SEE ALSO: Sensitive data on public blockchain? Here’s how to do it safely
20th century developments
The problem with these kinds of codes is that they are easily breakable by analyzing letter frequency. The Germans used the Enigma Machine extensively during World War 2 because it was able to generate ciphertexts that could not be broken by analyzing letter frequency.The machine used a system of multiple rotors to generate the ciphertext.
So the letter “e” in the original message would correspond to a range of different letters in the cipher text. The key was the initial setting of the rotors.
Although the Germans thought that the code was unbreakable, Enigma was cracked by the Polish as early as 1932. Cryptographers working for the British military in Bletchley Park, including the now-legendary Alan Turing himself, later found a way to figure out the daily keys used by the Germans.The dawn of computing
Post-war, demands for encryption in the business and commercial space increased as a means of protecting corporate secrets. During the 1970’s, IBM developed the Data Encryption Standard (DES) cryptography algorithm.
However, it used a small encryption key. As the age of computing dawned, it became easy to brute-force DES, and hence there was a demand for an update.
The Advanced Encryption Standard adopted in 2000.Although many people may not be conscious of it, encryption is now part of daily life. Email and text messaging, passwords, and SSL layers on websites all involve the use of encryption. It also forms the backbone of cryptocurrency.
There are many different types of cryptography algorithms covering various use cases, lots of them already obsolete. However, the use of cryptography in blockchain comprises digital signatures and hashing.SEE ALSO: How is blockchain technology revamping cybersecurity?
Digital signatures
Cryptocurrency payments require a digital signature, in the form of a private key. When someone enters their private key against a payment transaction, this encrypts the transaction. When the payment reaches its destination, the recipient can decrypt the transaction using the public key of the sender.
This is known as asymmetric cryptography, as it depends on a pair of keys linked together by cryptography.
It is more secure than symmetric cryptography, where both sender and recipient use the same key. In this case, the key itself must also be transmitted along with the payment, which means an additional layer of security would be needed to protect the key.Hashing
Blockchains are also dependent on hashing. Hashing is a cryptographic method of converting any kind of data into a string of characters. As well as providing security through encryption, hashing creates a more efficient store of data, as the hash is of a fixed size.Characteristics of hashing cryptography algorithms
A cryptographic hashing algorithm must fulfill specific criteria to be effective:- The same input must always generate the same output. Regardless of how many times you put the data through the hashing algorithm, it must consistently produce the same hash with identical characters in the string.
- The input cannot be deduced or calculated using the output. There should be no way to reverse the hashing process to see the original data set.
- Any change in the input must produce an entirely different output. Even changing the case of one character in a data set should create a hash that is significantly different.
- The hash should be of a fixed number of characters, regardless the size or type of data used as an input.
- Creating the hash should be a fast process that doesn’t make heavy use of computing power.
How a hash algorithm generates a hash. Image Credit: Wikimedia CommonsSEE ALSO: “Blockchain puts a whole new spin on the DevOps process”
How does hashing work?
Blockchains hash each transaction before bundling them together into blocks. Hash pointers link each block to its predecessor, by holding a hash of the data in the previous block. Because each block links to its predecessor, data in the blockchain is immutable.
The hashing function means that a change in any transaction will produce an entirely different hash, which will alter the hashes of all subsequent blocks. To propagate a change across the blockchain, 51% of the network would have to agree to it. Hence, the term “51% attack”.
Different blockchains use different cryptography algorithms. The Bitcoin blockchain uses the SHA256 algorithm, which produces a 32-byte hash. Dogecoin and Litecoin both use Scrypt, which is one of the faster and lighter cryptography algorithms.
Cryptography is a complex and detailed science, that reaches way beyond the scope of just blockchain. There is plenty of further reading available on cryptography, especially for the more scientifically or mathematically inclined, it is a fascinating subject with much to explore.- By Admin
- 0 comments
- 4 likes
- Like
- Share
-
More than a week after Bitcoin Core released a client update that addressed a denial-of-service vulnerability and consensus bug in its software, most nodes are still running old software. That’s a problem.
Over a week ago, someone found a bug in Bitcoin Core software – a denial-of-service vulnerability affecting versions 0.14.0 to 0.16.2. Several Bitcoin Core developers took a look and saw that there was an additional problem in 0.15.0 and above: a consensusbug that could have allowed inflation.
They quickly and quietly patched the bug and released 0.16.3 on September 18. Problem solved, right?Not quite. For the vulnerabilities to stop being, well, vulnerable, nodes running the software need to upgrade. And not nearly enough are. To be clear, this isn't like ignoring the app update on your phone that features some aesthetic fixes.
Cornell professor Emin Gün Sirer told Motherboard that a malicious actor could have used the vulnerability to crash the Bitcoin network with just $80,000.Exact numbers are hard to come by – that's one of the things about a decentralized network no one is in charge of (although it's likely preferable to a centralized one in which you just have to take their word for it).
In a tweet on September 23, Cøbra, the anonymous co-owner of Bitcoin.org, claimed that over 80 percent of the bitcoin network was still running vulnerable software:
Twitter Ads info and privacy
Cøbra@CobraBitcoin
Bad move that the alert system was removed from Bitcoin Core. Currently 80%+ of the network is running vulnerable software, but there's no way to reach them and tell them to update, we can only pray they check Reddit, Twitter, http://Bitcoin.org or Bitcointalk, etc.
4:54 PM - Sep 23, 2018
Further down the comment thread (read on, I dare you), there's some speculation that Cobra's numbers are off. Which is true, but only kind of.To clarify, according to Coin Dance, as of today, 49 percent of all nodes were protected from the inflation vulnerability.
But there are a couple of reasons for this. First, Coin Dance's numbers don't include non-listening nodes, which constitute much of the network. Second, the inflation vulnerability wasn't the only problem with the implementation software.
Moreover, not all of the "protected nodes" listed on Coin Dance are due to updates: Many are running software from pre-0.15.0 (released in September of last year) and pre-0.14.0 (released in March 2017) and some are using nodes outside of Bitcoin Core.
(Unlike Ethereum, which has two major clients – Geth and Parity – the Bitcoin network is dominated by Bitcoin Core, but there are a handful of smaller nodes, including Bitcoin Knots and btcsuite.)Look closer at the numbers, though, and you'll see that Coin Dance has not classified 0.14.x nodes as vulnerable, even though Bitcoin Core specifically says 0.14.x is vulnerable.
Conversely, Bitcoin Core developer Luke Dashjr, who keeps his own numbers (which take into account any node in use within the last month), sees the overwhelming majority of nodes as vulnerable, including any Bitcoin Core implementation before 0.16.3, though not necessarily to the inflation bug.
He explains the reason for the different statistics: "0.14.x is not vulnerable to the inflation issue, but will crash if it is attempted. 0.13 is vulnerable to unrelated exploits."So, why aren't people updating?Dashjr told ETHNews that gradual adoption is standard:"The current upgrade trend looks more or less like what one would normally expect to see when there is a new release (although bit faster). In ordinary circumstances, this would be reasonably healthy, but since there is a serious publicly disclosed vulnerability, it leaves the network open to attack in this case."
The fact is that disclosure may not have gotten to all the relevant parties. Apparently, not everyone reads coin journals, subreddits, or crypto Twitter. As evidence, Cøbra's Sunday tweet quickly turned into a discussion over the use of an announcement mailing list for just such an occasion, which some people are supposedly subscribed to but not receiving emails from.
It's a phone tree, but instead of trying to get ahold of Suzie and Darryl about the baked sale, they're trying to reach multiple actors in a $111 billion market…and their phones have been turned off.Still, what are these nodes that haven't updated? Sirer opined in a tweet yesterday that they were "economically worthless nodes."
Twitter Ads info and privacy
Emin Gün Sirer✔@el33th4xor
The percentage of the network not upgraded after a major patch corresponds to economically worthless nodes. If they did or affected something useful, someone would have bothered to upgrade them.
Chris Pacia@ChrisPacia80% wow. I remember when Core henchmen went out and criticized BCH for having something like 15% of nodes not upgrade after the hardfork. https://twitter.com/CobraBitcoin/status/1043891342919839744 …8:50 PM - Sep 24, 2018
How much chaff is there amongst the Bitcoin wheat? When asked how many nodes would need to update to version 0.16.3 to comfortably put the vulnerability in the rearview mirror, Dashjr conjectured that enough nodes have updated when they constitute 85 percent of the economic activity. And he's hoping the network isn't as centralized as Sirer suggests it is:"If 5% of nodes (~4000 nodes) make up 85% of economic activity, Bitcoin is in a REALLY bad place generally."
JEFF BENSON
Jeff Benson is Managing Editor of ETHNews. He's worked as a writer and editor everywhere from Sudan to Reno. He holds a bachelor's in politics from Willamette University and a master's in nationalism studies from University of Edinburgh. When he's not in the newsroom, he trots the globe and writes about it. He holds a bit of value in ETH.
ETHNews is committed to its Editorial Policy- By Admin
- 0 comments
- 2 likes
- Like
- Share
-
A research which studied user data leaks from cryptocurrency exchanges has revealed that Americans are the main targets for cryptocurrency hacks.The study was conducted by Group-IB, a Russian based computer forensics and information security firm, who revealed their findings in a report titled “2018 Cryptocurrency Exchanges-User Accounts Leaks Analysis.
”The firm revealed that in 2017, the number of “compromised login data” increased by 369 percent in comparison to 2016, while in January 2018 alone, there were 212 leaks of login data, which represented an increase of 689 percent to the monthly average experienced in 2017.
The report credits the excitement about cryptocurrencies as a significant factor in the increase of incidents “against the monthly average of 2017.” According to the study, the three major countries that are targeted the most by hackers are the United States, Russia, and China. It also revealed that one in every three victims were Americans.Cryptocurrency Exchanges
The report says cryptocurrency exchanges have suffered series of hacks due to the sophistication of the tools used. Hackers have now “adapted patterns of attack” used on banks on digital asset platform, which makes them quite vulnerable.
According to the researchers, crypto exchanges have suffered cyber attacks that have resulted in financial losses totaling $80 million through “account leaks” on exchanges. Group-IB says it has identified “at least 50 active botnets” responsible for the leaks and it says the hackers infrastructure spreads across the globe, with the majority based in the United States and the Netherlands.
It names popular malicious software such as Pony Formgrabber—a malware that works by retrieving authorization and login credentials.According to Group-IB, the compromised accounts used in their study featured users of popular exchanges such as Bithumb and CEX.io.Crypto Interest Related to Increase in Hacks
There is a direct relationship between the growing interest of cryptocurrencies and the number of crypto hacks, claims the experts at Group-IB. Towards the tail end of 2017, the second most popular topic in Global news was ‘Bitcoin’ and the search query ‘How to buy bitcoin’ made it into the TOP-3 most searched query in Google.
The Experts of Group-IB believes the sudden interest in bitcoin contributed to the increase in compromised accounts from December 2017 to January 2018. While exchanges such as Binance were struggling to keep up with registration, the focus shifted away to customer onboarding, as information security was neglected.
The report cited the lack of two-factor authentication (2FA) options on the platforms and the use of basic passwords as reasons why the hacks were possible. Director of Special Projects at Group-IB Ruslan Yusufov, however, believes the industry needs to learn from its mistakes and do more to protect itself.
“Increased fraudulent activity and attention of hacker groups to crypto industry, additional functional of malicious software related to cryptocurrencies, as well as the significant amounts of already stolen funds, signals that the industry is not ready to defend itself and protect its users,” Yusufov noted.Recommendations for Safety
Group-IB recommends the use of separate passwords for different exchanges and enabling the 2FA option. The company also warns against using public Wi-Fi for carrying out exchange transactions. Cryptocurrency exchanges, on the other hand, are advised to make 2FA mandatory for users, conduct regular security audits and create more awareness internally concerning personnel security.
Follow us on Telegram or subscribe to our newsletter here.- By Admin
- 2 comments
- 4 likes
- Like
- Share
-
Francisco Gimeno - BC Analyst Hackers and scammers will continue getting their profits from all kind of people in the crypto system while on the one hand individuals don't take seriously their safety procedures, while on the other hand the steps needed for transactions and operating with cryptos seem complicated. We expect (hope) the future mass crypto adoption will lead to more user friendly and safer interface and security measures which will fight hacking. What do you think?
-
Regulation: France issues a warning to citizens against using unauthorised crypt... (moneycontrol.com)
Presently, France is creating a legal framework for initial coin offerings, which is expected to be finalised next year.
Moneycontrol News@moneycontrolcom
The world of cryptocurrency is inviting various views and this time, a new warning has been issued by France’s financial markets regulator, The Autorité des Marchés Financiers (AMF). It has cautioned its citizens against various business entities operating crypto trading business without the government’s consent.
On Monday, the notice against four unauthorised platforms offering cryptocurrency investments was issued along with a warning. According to a report by Bitcoin News, the four websites blacklisted in the domains offering crypto investments without authorisation:- https://www.bitoraxe.com/
- https://connect-coin.fr/
- https://www.solutioncrypto.com/
- https://www.solution-crypto.com/
Presently, France is creating a legal framework for initial coin offerings (ICOs), which is expected to be finalised next year.
Clamping down on bitcoin derivatives was started by the agency in February. The tax rate on crypto capital gains was slashed in the country from 45% to 19% in April.
The AMF being an independent public authority, is responsible for ensuring that savings invested in financial products are secured. Law no. 2016-1691 on transparency states that – No investment offer can be directly marketed in France without a registration number or seeking prior consent from the AMF.Previously, the AMF had published a list of 15 websites offering crypto investments without authorisation.
Three lists of unauthorised websites are maintained by the regulator – one for Forex products, one for binary options, and one for other goods including diamonds, wines, and cryptocurrencies.
The agency started keeping track of blacklisted sites in July last year and began including crypto sites in December.
https://www.moneycontrol.com/news/business/cryptocurrency/france-issues-a-warning-to-citizens-agains...
-
Francisco Gimeno - BC Analyst France announced no so long ago a Blockchain revolution. Ordering and regulating the ecosystem is a need to start it. European blockchain and crypto start ups are looking very carefully to France to work together with the French administration as much as possible.
-
This article by George Bollenbacher first appeared on Tabb Forum.
Bollenbacher is a consultant specializing in implementation of derivatives and banking reform. He spent twenty years as a bond trader, and ten years in the technology business.
For the last fifteen years he has assisted many banks, asset managers, and custodians in implementing process and technology changes. He is the author of The Professional’s Guide to the US Government Securities Market and The New Business of Banking.
The introduction of the General Data Protection Regulation in Europe raises some critical questions about Distributed Ledger Technology. At the top of the list: Does GDPR really apply to DLT, and is it even enforceable?
There has certainly been a sufficiency of discussion about blockchain and cryptocurrencies over the past several years, covering things such as investment safety and whether they are actually currencies.
But the introduction of the General Data Protection Regulation in Europe has introduced some unanswered questions about the foundation technology for all this, Distributed Ledger Technology.
The DLT Approach to Data
There is no shortage of definitions of how DLT works, but we can use this one:
“Distributed ledger technology (DLT) is a digital system for recording the transaction of assets in which the transactions and their details are recorded in multiple places at the same time.
Unlike traditional databases, distributed ledgers have no central data store or administration functionality. In a distributed ledger, each node processes and verifies every item, thereby generating a record of each item and creating a consensus on each item's veracity.
A distributed ledger can be used to record static data, such as a registry, and dynamic data, i.e., transactions.”
According to the UK Government Chief Scientific Adviser:
“[D]istributed ledgers are inherently harder to attack because instead of a single database, there are multiple shared copies of the same database, so a cyber-attack would have to attack all the copies simultaneously to be successful. ...
But this is not to say that distributed ledgers are invulnerable to cyber-attack, because in principle anyone who can find a way to ‘legitimately’ modify one copy will modify all copies of the ledger. So ensuring the security of distributed ledgers is an important task and part of the general challenge of ensuring the security of the digital infrastructure on which modern societies now depend.
”This is indicative of most of the discussion of the vulnerabilities of DLT, in that it focuses on the technology’s resistance to altering a data record. Because there are many copies of a single record, all presumably protected by encryption and keys, the general conclusion is that it is very hard to modify all the records at once.
What is not so clear is what happens if one or more of the records is out of sync with other records of the same transaction.In that case, is there some foolproof way to determine which record(s) prevail, and which are assumed to be false?
Or do we face the situation where, since we don’t have agreement between all the nodes, we freeze the record until we can resolve the disparity? Think about that event in a highly volatile market, for example. And we have already seen multiple instances of nefarious behavior in the cryptocurrency space, so we should already be aware of the possibility of hacking DLT data.
The GDPR Approach to Data
The GDPR views this data as something of an asset, which appears to be owned by some person, either natural or institutional. Although the rule itself never mentions data ownership, the obligations owed to data subjects by controllers and processors (C/Ps) are exactly the same as if the subjects owned the data.
The subjects can instruct the C/Ps what to do with the data (within boundaries) and the C/Ps have the same obligations of care and protection as if the data had monetary value. Given that each record of a transaction must contain data components identifying the parties, it appears clear that any DLT records of transactions done by EU natural persons are subject to the GDPR.
Since the nature of DLT is to have multiple (perhaps hundreds) of records of every transaction, there will, by that logic, be up to hundreds of copies of personal data regulated by GDPR.But what does GDPR say that is applicable to DLT data? A lot, as it turns out.
To begin with, Article 5 requires that the data be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
”GDPR differentiates between the responsibilities of data controllers and processors. It says in Article 4 that a controller “determines the purposes and means of the processing of personal data,” while a processor “processes personal data on behalf of the controller.”
So, one of the GDPR questions regarding DLT is: Which of the nodes would be construed to be a controller, and which would be processors? Since GDPR says that the controller is responsible to the data subject for the actions of the processor, presumably whoever introduces the transaction into the DLT is the controller – and is responsible to the data subject for the processors.Then, Article 14 requires:Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information:
(a) the identity and the contact details of the controller and, where applicable, of the controller's representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
(d) the categories of personal data concerned;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation. (emphasis added)
Of course, the GDPR has multiple opt-outs, such as:
Paragraphs 1 to 4 shall not apply where and insofar as:
the provision of such information proves impossible or would involve a disproportionate effort.
For DLT, is each node that is not a controller deemed to be acting as the controller’s representative? Assuming that each node does not receive the personal data from the subject, do these requirements apply to every instance of the data? What constitutes disproportionate effort?In addition, Article 34 says, “When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
” This refers to a breach at any processor and must be reported by the controller. In other words, for every piece of data in the DLT subject to GDPR, one node will be designated as the controller; all other nodes will be processors.
Thus, we presume that the processors owe certain levels of safety and reporting to the controller, and the controller owes that level of safety and reporting to the subject.
Questions to Be Answered
Obviously, there are several larger questions that need to be answered at the intersection of DLT and GDPR.
Does GDPR really apply to DLT? On its face, the answer seems obviously yes. Nothing in the GDPR language exempts any particular kind of data or processing structure. But the structure of DLT appears to make the GDPR requirements fiendishly difficult to implement. In all likelihood, ESMA and/or the EC will have to issue a specific finding about this question.
If GDPR doesn’t apply to DLT, what protections do DLT data subjects have against breaches? The whole purpose of GDPR was to afford data subjects specific protections against loss or misuse of their personal data. If GDPR is deemed not applicable to DLT, does that mean that some entity’s unilateral decision to adopt DLT in a particular business case means that its customers have de facto given up GDPR protection without knowing it?
If GDPR does apply, which nodes are construed to be controllers, and which are processors? Is it as simple as who originated the transaction? How would the processor nodes know which node is the controller for each transaction? What is the mechanism for communication of: 1) controller identity, where data has been passed from one node to another, and 2) breach notification? Can the data subject hold the controller legally responsible for the actions of a processor node in the DLT?
Does this mean that, in some cases, GDPR is essentially unenforceable? If the data structure of DLT means that portions of GDPR are unenforceable, or perhaps inapplicable, we may have a situation where natural persons have some data protection in one area and much less in another. If so, will service vendors have to inform data subjects that GDPR applies in this situation, but not in that one? If DLT becomes the structure of choice throughout the financial markets, will GDPR simply fade away?
Regulators have a reputation, perhaps well-earned, of effectively preventing the last problem they faced, but not necessarily the next one.
DLT, at least as it is manifested in the financial markets, appears to have its own set of unknowns, and whether regulation will, at some point, have to address those, it is even now pretty clear that GDPR isn’t structured to do that.
Discover more insightful research and analysis articles on BNC here: https://bravenewcoin.com/news/gdpr-and-dlt-whose-data-is-it/-
Francisco Gimeno - BC Analyst GDRP European regulation is very good protecting personal data, but has not considered in its inception the new DLT technologies and its application, which raise some legal questions for the present time. Any Blockchain start up must be careful to comply as much as possible with the GDRP while working in European space.
-
-
Blockchains may be secure by design, but researchers continue to show that the same is not true for the thousands of motley cryptocurrencies based on the technology.
Husam Abboud, a cryptocurrency researcher at FECAP University in Brazil, has demonstrated that it would take as little as $1.5 million to execute a network attack on Ethereum Classic (ETC) — with a market cap of over $2 billion — and still be in profit. If you have $55 million, you could even bankrupt the currency, making off with $1 billion in profit.
The proof-of-work blockchains that use the same algorithms as larger blockchains (such as ETC, which uses the same algorithm as ETH) are particularly vulnerable to attacks, as there are no barriers to entry in terms of capital costs.
The researcher notes that any miner who contributes as little as 2.5 percent of Ethereum Nethash can simply switch to mining Ethereum Classic and control more than 51 percent of hashing power of Ethereum Classic network.
The attack won’t cost the miner much either; the amount required to execute execute what’s called a ‘51 percent attack‘ on ETC for a day would be more or less the same as what you’d earning mining ETH for one day with 2.5 percent Nethash, i.e. about 525 ETH ($318,000).
Instead of relying on the classical model for calculating the cost for 51 percent attacks, Abboud relies on the Rindex v2.0 model. He notes that, the classical model includes the costs of acquiring mining equipment and electricity. These don’t have to be accounted for separately in the case of PoW blockchains.
The Rindex model instead focuses on the cost of hashpower leasing.
The researcher calculated the costs of executing a 51 percent on BitcoinCash to be 250 BTC/day ($2 million), and on Bitcoin Gold to be as little as 26 BTC ($200,000) per day, using the same method. The attacks can keep going till the developers for the cryptocurrency deploy a fix, or the price drops so low that it becomes unprofitable to keep the attack going.
Abboud notes that Bitcoin’s creator designed the consensus protocol with the assumption that miners won’t perform such attacks because they would result in a lower market price for the cryptocurrency, making it unprofitable for them; but, nine years later, this doesn’t seem to be true anymore.
“We have major exchanges with a lot of liquidity which allow you to short-sell with a trading margin from 2.2 to up to 100 times,” Abboud notes of the outdated assumption. “It’s just becoming easier everyday and the market is more liquid for opportunities where you can benefit from price decline,” he said.
There have been rising concerns over the security of proof-of-work cryptocurrencies, with at least five attacks in the last two months involving Verge, Electroneum, Bitcoin Gold, and Monacoin.Bitcoin developers Jameson Lopp and Peter Todd earlier noted that it is the lazy cloning of larger blockchains that is leading these cryptocurrencies to be attacked in this manner.As per experts, multiple solutions exist to solve the problem of 51 percent attacks with these currencies.
These include sharing the security of existing PoW chains, upgrading to proof-of-stake protocol, increasing the number of required confirmations, or upgrading the hashing algorithm.
Surely, cryptocurrencies worth billions of dollars can afford to invest a little in the security of their network.
Discover even more from TNW Hard Fork here: https://thenextweb.com/hardfork/2018/05/25/you-could-profitably-exploit-a-2-billion-cryptocurrency-w...-
Francisco Gimeno - BC Analyst What will happen if you can hack a cryptocurrency? That currency would fail and eventually fall to zero, while the hacker could get a huge profit. Blockchain is safe, but those who every day launch new cryptocurrencies need to understand that even if the technology is sound, its use and application can always have problems. Some months ago the idea of hacking a crypto network was impossible. Not now.
-