Blockchain Security
The distributed nature of the blockchain, the irreversibility of transactions, and the extensive use of encryption make it a conceptually safe system. The implementation of platforms and applications sometimes leads to vulnerabilities, which are related to the creation of computer code, the establishment of communication protocols, or the simplicity of the validation and consensus procedures of the blocks.
The blockchain is a recent and complex technology. Despite extensive code design and review, vulnerabilities cannot be excluded as a result of programming errors. Once these have been identified, they are especially difficult to patch without affecting the service due to the distributed architecture and the immutability of the block chain. The diversity of programming languages and protocols, or the lack of technical standards, highlights vulnerabilities. This fragmentation slows down the maturity curve of this technology, reduces the chances of detecting errors and implementing controls over the code, and disperses the experience of developers, who are under constant pressure to shorten delivery times.
Likewise, the integration of blockchain platforms with the information systems that support the business processes of the company or the interoperability between different blockchain platforms is still very incipient, which limits efficiency and increases cybersecurity risks. It can take years to reach a degree of maturity and technical consensus that facilitates the convergence of security standards and interoperability between platforms. Therefore, developers and companies must inevitably incorporate security by design methodologies from the early stages of development, with the participation of information systems and cybersecurity departments.
The Design of Privacy
The blockchain raises new and complex questions regarding the protection of privacy rights in the use of personal data and in particular in the application of the GDPR when the transactions manage personal data or the information of the blocks makes reference to personal data of the participants.
Characteristics such as the decentralization of data processing and storage make it difficult to interpret the Regulation. National regulatory authorities and European institutions promote regulatory analysis and issue guidelines and reports that are mandatory reference for developers. In this area, mention should be made of the contribution of the EU Blockchain Observatory and Forum.
It is important to note that the GDPR does not evaluate a technology in terms of privacy, but the way in which different use cases and applications use it. Therefore, it is unavoidable to start any design of a blockchain platform or application by carrying out an exhaustive analysis of the impacts on privacy, evaluating the convenience of adopting more appropriate alternative solutions to blockchain or the necessity and proportionality of the design options that have been chosen. For example, the convenience of using a public blockchain will have to be evaluated, since authorized and private ones pose less regulatory difficulties (for example, in blockchains public, any user can trace the transactions from origin to destination or download the record book, which makes it difficult to exercise the right to be forgotten or to rectify). The usage of smart contracts, which may lead to the leakage of personal data, is equally delicate.
A blockchain it may contain two categories of personal data: those that allow the identification of the issuer and receiver of the transaction through public keys and the information included in the transaction related to third parties. Based on this distinction, the GDPR analysis methodology is applicable (identification of the data controller, rights and safeguards, risk management, etc.). the implications of multiple participants choosing to process transactions jointly with the derived obligations, to the anonymization of personal data and the exercise of rights such as rectification, erasure, right to be forgotten, and objection to processing. In general, the regulatory tensions over the GDPR that capitalize on the debate between authorities and developers centre on. Likewise, the design must pay special attention to the obligations derived from subcontracting or to the rules of governance in the international transfer of data, in particular between public blockchains.
In this sense, the EU Blockchain Observatory and Forum indicates four general application guidelines for developers:
- Start the design at a high level avoiding that the blockchainbecomes an innovative solution in search of a problem: what is the value contribution of the solution for the user? Is a blockchain platform really necessary? How to manage the data?
- Avoid storing personal data on the blockchain; use obfuscation, encryption and aggregation techniques to anonymize this data.
- Keep personal data out of blocks whenever possible or use permissioned or private blockchain; analyze the transfer of personal data when connecting private to public
- Offer total transparency to users about data processing.
Conclusion
The blockchain is one of the most disruptive, complex and incipient information technologies, whose rapid growth is transversal to all sectors of activity in the public and private spheres. Beyond cryptocurrencies, it has enormous potential as a paradigm for the decentralization and empowerment of individuals and legal entities, along with many regulatory, jurisdictional, and technological challenges such as scalability, interoperability, or environmental impact.
The blockchain development is a theoretically extremely secure technology that, upon implementation, is subject to flaws and weaknesses common to all information systems in addition to those unique to this technology. Added to this are the security, interoperability and technological challenges derived from its progressive maturity, complexity, lack of standardization and diversity of protocols, to which the demands of a vibrant competitive environment are superimposed.
0
