Originally published at: https://awallet.io/blockchain-violates-the-right-to-be-forgotten/
A while ago in an office discussion, I was asked the question whether or not the immutability associated with Blockchain is a threat to privacy since immutability means that the data is there for eternity — not forgotten. The answer is yes, whatever you may want to be forgotten can’t be when it’s on the Blockchain. That’s why people put wedding vows there — they can’t be forgotten. If Blockchain is run by a legal entity it may be punishable on privacy violation. Bitcoin provides many of kinds of trusts but not confidentiality. It is common to take Bitcoin’s trusted-third-party guarantee and mistakenly use it to mean confidential-third-party, after all, in layman’s language both are like “secure” and “trust”. Trust is an umbrella word that has too many concepts in it. I wrote another article earlier breaking these down. Blockchain fans will point out that most Blockchains are anonymous. But being anonymous and having the right-to-be-forgotten are not the same thing. Anonymous simply means that the records are not attached to a name. “Right to be forgotten” is based on a privacy model called “confidentiality”, which assumes a confidant who knows your secret, an invisible third person a passive sentence: “Right to be forgotten, by whom?” Privacy on the Blockchain is not necessarily modeled under the confidentiality assumption. Or rather, there may not be a “whom”.
- Privacy can mean “don’t tell”; while
- confidentiality means “do tell, but don’t let him tell again”. In the Blockchain universe, the former has been done with cryptography, like zkSNARK being used in ZCash. The latter has been done by engineering, like in R3’s Corda. In the former case, if you drop your private keys, it will be as good as forgotten, since no one else had your secret at the outset, there will also be no one to ask to forget. In the second case, history can be forgotten with a re-issuing process which relies on a trusted 3rd party (usually a bank) to take your securities and issue it again to the new you. It is apparent that the former privacy model is better because it doesn’t require confidentiality. Or, the best way to keep a secret is not to tell it at all. But that route has it’s limitations too.