Privacy-preserving computation on blockchains could prevent breaches
In the 19th century, the barons of American industries rose to prominence by leveraging their hold on tangible resources like oil and steel. Today, corporate titans seek to attain even greater heights of wealth by gathering consumer data. But now, like then, the benefits of accumulating such resources come paired with a significant business risk: spillage.
Like oil spills, data leaks — regardless of whether they occur accidentally or as a result of hacker interference — can cause companies and consumers significant financial, legal and political harm. Consider the fallout at Facebook earlier this year. In April, the phone numbers, full names, email addresses and locations of 533 million users were shared to a hacking forum, prompting an outcry from consumers and governments alike.
Facebook is far from alone in its security woes. In 2020 alone, there were 1,001 reported data breaches and more than 155 million people were adversely affected by data exposures. These leaks are an expensive and time-consuming problem for businesses. One 2020 report from IBM found that the average cost of a breach topped $8.64 million and typically took 280 days to resolve, though those metrics vary by industry.
Despite the expense and PR woes, many businesses would argue that the benefits data provides are worth the risk of multi-million dollar exposure. Research has demonstrated that big data empowers businesses to make better strategic decisions, reduce costs, improve operational processes and gain a better understanding of their customers — all of which facilitate higher profits.
Blockchain is the savior
Avoiding security risks by not using data simply isn’t an option. So, the question is: How can companies make the most of the competitive advantage data provides without putting themselves at undue risk of financial, legal and PR disaster?
The answer lies with privacy-preserving computation on the blockchain.
This solution might seem counterintuitive at first. After all, blockchain transactions reach consensus in public and are designed to be transparent and publicly accessible — two characteristics that run counter to companies’ data security goals. It’s the blockchain paradox: Users can either share data to achieve new insights that benefit society as a whole or isolate data into protected silos that safeguard individual privacy.
In recent years, the emergence of privacy-preserving computation has presented a third option. With verifiable computation, findings can be audited publicly to prove correctness outside of the main blockchain network, thereby eliminating the exposure risks posed by transparency. Moreover, by integrating privacy-preserving computation as a layer-two solution and outsourcing the work to external nodes, this security measure can be applied without adding an undue burden or cost to a company’s primary blockchain network.
In practice, integrating this security measure means that companies can have their cake and eat it too. By incorporating blockchain into data management strategy, businesses can drastically lower the risk of breach and its associated fallout.
While there is limited research to uphold the value of layer-two, privacy-preserving computation specifically, preliminary literature on blockchain-based security indicates the technology’s potential as a privacy measure. In 2020, one review published in Sustainability found:
“The integration of [blockchain technology] in the industry can ensure data confidentiality and integrity, and should be enforced to preserve data availability and privacy.”
However, companies that adopt privacy-preserving computation and other blockchain-based security measures don’t just benefit from improved security, they also have a transformative opportunity to bolster interoperability within industries that have historically been hamstrung by the threat of data insecurity.
Healthcare as an example
In the sector, data-sharing between providers, health networks and third-party researchers is crucial. However, patient privacy regulations have made information transmission difficult. Notably, many healthcare providers were stuck using outdated fax machines for years because their advanced electronic systems weren’t interoperable enough to securely transmit patient information.
These silos had a chilling effect on healthcare innovation. As a team of German scientists noted in a 2019 paper in Nature Partner Journals of Digital Medicine:
“Hidden in isolated databases, incompatible systems and proprietary software, [healthcare data is] difficult to exchange, analyze and interpret. This slows down medical progress, as technologies that rely on this data — artificial intelligence, big data or mobile applications — cannot be used to their full potential.”
The potential the team refers to is significant. In recent years, AI researchers have used patient data to develop remarkably accurate algorithms to support doctors during the diagnostic process. Last year, for example, researchers trained a neural network to identify 26 of the most common skin conditions by connecting it with over 16,000 teledermatology cases. That algorithm was ultimately found to be as accurate as trained dermatologists. As one reviewer recapped the project:
“Although this tool is not yet approved for clinical use, deep-learning-based diagnostics and clinical decision support tools are gaining acceptance in many medical specialties and are poised to change how we experience medicine.”
Poised, in theory, but in practice, data (in)security stands as a roadblock to progress. Building the teledermatology tool required researchers to tap into a massive data trove. However, sharing even small sets of sensitive patient data is a privacy nightmare.
Consider the backlash that occurred last year when Google partnered with Ascension, a major hospital chain, to launch “Project Nightingale” — a tool designed to search for patient information. The news triggered an immediate and overwhelming backlash as critics lambasted the pair for sharing confidential patient records. Google and Ascension pushed back on the criticism, arguing that their data-sharing adhered to federal data privacy rules. But, as one Stanford University professor shared in an interview with the Wall Street Journal:
“Some consider the federal law outdated, saying the law’s protections haven’t kept pace with the technology sector’s growing demand for patient data.”
The point made here is a nuanced one. The problem isn’t that companies aren’t adhering to privacy regulations, it’s that the public doesn’t have faith in those security measures. If health companies genuinely want to maximize innovation by boldly leveraging data, they need to stop hedging to the letter of the law and start addressing consumer fears head-on.
Imagine if healthcare providers had access to data security measures that utilized layer-two verifiable computation to securely share patient data without putting the consumer — or their organization, for that matter — at risk. The security and assurance the technology provided would completely change the proverbial game. It would empower innovation, forestall malicious threats and lower the risk of data spillage.
The mistake made too often by corporate leaders is to assume that the benefits blockchain provides are limited to finance. However, the security blockchain provides could prompt a mass-scale perspective shift on what’s possible in data-sharing. Privacy-preserving computation allows for the removal of fear. It empowers companies to imagine what they could achieve if they could leverage their data to the fullest extent without fear of malignant interference.
This isn’t to say that there wouldn’t be barriers to implementing blockchain-based security measures as a norm — there certainly would be. The first has already been mentioned: Executives need to understand the value blockchain holds outside of its stereotyped role in finance. Then, developers would need to create industry-specific products based on the secure computation of layer-two features. Lastly, these products would need to be widely adopted to allow for data-sharing across companies.
Even one of these steps could take years to complete. But extended timeline or no, the fact is that this vision for a data-enabled, blockchain-secured future is a possibility. Privacy-preserving computation is a real solution to the data-spillage problems industry leaders have been struggling to solve for years. We could see transformative innovation occur across all industries — if only corporate leaders take advantage of the boost blockchain provides.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Felix Xu is a co-founder and CEO of ARPA. Felix graduated with Finance and Information Systems degrees from New York University. For the past six years, Felix has been working on venture capital investment in fintech, big data and AI startups. Most recently, Felix led blockchain sector research and early-stage investment at Fosun Group, one of the largest conglomerates in China.