Getting Privacy Right in Blockchain

 

Authored by Jenn Behrens, Partner, EVP Privacy

There is growing intrigue around the applicability of blockchain solutions across markets and segments. Blockchain solutions are designed to inherently emphasize trust while increasing efficiency in the cryptographic hashing of information throughout a distributed Merkel tree model.

One of the goals of blockchain solutions is to enable users to develop an immutable identity transaction history including confidential verified identity information that could be used for identity transactions. Resultantly, the blockchain would act as an authoritative source of identity attributes that service providers could use for attribute verification.

While there are a lot of very interesting technological and market implications for expanding the use of blockchain from the financial industry to other highly regulated industries such as health care, one of the more exciting aspects of this work is the risk (or mitigation) to privacy of the data and information that is flowing throughout the blockchain. We very much consider that the disciplines of privacy and user experience, in regards to traditional identity management, are intertwined around the concept of trust as both require such from the user to be considered successful. We hold true this relationship for blockchain solutions, as well.

Interestingly, one of the more elusive yet paramount principles of privacy is starting to rise as a particularly relevant privacy strategy in blockchain: pseudonymity. Pseudonymity, in identity management, refers to the linkage of an identity to a persona or entity. The pseudonymity conundrum has persisted throughout the identity management space. There is wide acceptance of the need and requirement of pseudonymity availability however, not a particularly deep understanding of how to scale implementation in a privacy-enhancing manner that is copasetic with highly-regulated industry requirements around such issues as non-repudiation.

Blockchain presents us with the opportunity to explore this beguiling facet of privacy. Ideally, the end-user determines an identity or persona (aka, the user’s pseudonym) to use throughout the blockchain transactions while simultaneously, the goal of non-repudiation is met. However, this can offset the application to authentication requirements in highly regulated industries. Can an identity persona be used in blockchain to deliver on the privacy principal of pseudonymity at the same time as satisfying the latest strong authentication and biometric technologies throughout the transaction process, thereby preserving the goal of non-repudiation?

We are excited to explore these new spaces and nuances within the privacy and identity management worlds. Kimble & Associates has worked on articulating the pseudonymity facet of privacy through our leadership roles on the Identity Ecosystem Steering Group (IDESG) Board and Privacy Coordination Committee. We are accelerating the evaluation of pseudonymity and related privacy principles of minimalism and selective disclosure through blockchain structures through our privacy assessment services with a new Department of Homeland Security Small Business Innovation Research (SBIR) grant. Recently, we spoke at the United Nations participating in the ID2020 Summit about how blockchain, privacy and public private partnerships can help address the identity conundrum in developing countries. The interplay of privacy, user-centricity, non-repudiation and pseudonymity is now upon us; industry’s intrigue over the scalability and market-differentiation is mounting. Kimble & Associates is poised to take that stand on analysis of the pseudonymity enigma and help you deliver on the solution.

Share This Post:
Facebook
Twitter
Pinterest
LinkedIn
Start Here

Send us a message

Please take a moment to submit your information. A member of our consulting team will be in touch shortly.