width=”562″ height=”315″ frameborder=”0″ allowfullscreen=”allowfullscreen”
“Who thinks privacy is easy?”
That’s the opening question from Bitcoin inventor Dr. Craig S. Wright in the third session of Bitcoin Masterclass Day 2 in London. This session looks at existing privacy infrastructure based around centralized digital notary certificates and how they could achieve much better security under a structure like Bitcoin’s.
All sessions from Day 2 can be viewed here, and complete sessions for both days of the Bitcoin Masterclass are on the CoinGeek YouTube channel. Future Bitcoin Masterclass events are planned for other cities.
Several audience members appear to believe privacy is easy, though Dr. Wright points out examples of issues that might arise in specific cases. As discussed in previous sessions, there are questions of who may have access to what information (about themselves or others), for what purpose, at what time, and how much other data is revealed by accessing that information. One example is getting a simple true/false answer to questions like “is this person old enough to be here?” or “is this person an employee of X company?” without revealing the actual date-of-birth, or employment history.
Why Bitcoin is better than Certificate Authorities
“X.509 sucks,” he says, referring to the SSL/TLS X.509 standard digital certificates used commonly on today’s internet to “secure” many websites. These certificates are issued by trusted Certificate Authorities (CA) who, in theory, follow strict rules on granting issued certificates. There are several types, including Client Authentication and Code Signing.
The problem with this model, as Dr. Wright mentioned several times in the past, is that the issuer may be compromised. This compromises every certificate that the CA has ever issued, which could run into hundreds or thousands of owners, leading to an extensive proliferation of security breaches before action is taken. He mentions again the case of DigiNotar, the infamous Dutch CA founded in 1998 that went bankrupt weeks after it was compromised in 2011. The compromise affected well-known names like Yahoo!, Mozilla, The Tor Project, and WordPress.
Bitcoin, the blockchain structure and tokenization of data allow for far more granular control over access to information than existing systems. Their processes also permit faster flagging of breaches and attempted attacks, alerting administrators to these events immediately and letting them take prompt action. Blockchain records also keep full, auditable logs of all events.
Can you delete information from a blockchain?
“Who can tell me what Section 7 of the (Bitcoin) white paper is about?” Dr. Wright asks. For the record, it’s the section on “reclaiming disk space” which, as he reminds everyone, also concerns the issue of “pruning the Merkle Tree” and whether records on a blockchain can be “deleted” to comply with data-removal legislations like EU’s General Data Protection Regulation (GDPR).
If we transfer something from a Bitcoin UTXO and move it to a new value, then miners can stop producing blocks that contain that information.
What sort of information might be marked for pruning in our identity hierarchy? Other people’s information, for one, and your own data if it’s obsolete, embarrassing, or not needed.
So can we create something like X.509, that’s better than X.509 and without some of its problems? How would it handle things like certificate revocation?
With Bitcoin and the blockchain, we can set up structures to create provable ownership of data, primary identity keys, and multiple “subkeys,” multi-sig access to data, even pseudonymous investments that remain legally compliant (as long as the appropriate authorities are aware of the real identity behind the pseudonym, no-one else needs to know).
We could structure the identity of a “pseudoperson” (as today’s companies are considered under the law) with full on-chain records of its (real-life) shareholders/option holders and officeholders and their levels of control. What information should we put in, and where should it go? Dr. Wright asks the audience.
With Bitcoin, data and legal structures can be transparent and open, while confidential and private information remains private or accessible only to appropriate parties. There’s food for thought at both the technical/coding level and policy level. If you’re interested in this topic and want to hear more, the Bitcoin Masterclass series is a great place to start.
Watch: The Blockchain Masterclass with Craig Wright: Confidentiality, Privacy, Anonymity, Party to…