Cryptography, PKI, Blockchain, Privacy & Trust

08.01.2019

Over the centuries we have needed trust and assurance in our transactions as well as reliance upon the validity of signatures to contractual documents. For hundreds of years, in the paper world, that trust has been supported by a long established framework of Notaries, legalisation under the Apostille and Consularisation at Embassies, for those countries where notarised and authenticated documents are to be relied upon.

The long established paper authentication process has obligated the notarial profession to be regulated and to be accountable. Notaries carry professional indemnity insurance, are subject to data protection laws and are trained to provide the reassurance around documentation and identity that the international community rely upon.

The use of cryptography, as a trust solution, gained acceptance in the 80’s and 90’s as the digital world expanded and participants required assurance when relying upon paperless transactions and digital signatures.

The paper world actions of witnessing and notarisation transitioned its way into the digital world in the form of two-factor authentication, and those principles were the basis for the development of PKI (Public Key Infrastructure) in the 90’s.

Blockchain is a technology that uses the same principles as PKI except that Blockchain validates transactions whereas PKI has more usually been used to authenticate signatures.

A Blockchain is a database in which data is stored and distributed to a large number of computers where each entry or transaction is visible to all users and whilst “Distributed Ledgers” technology is similar it is not identical to a Blockchain. Blockchains are defined by their properties of transparency, decentralisation, permanency and disintermediation, but without a central “trust” authority.

With the growth of the digital economy there has been a focus on PKI and Blockchain as authentication and trust solutions but governments and regulators are now focusing on the need to establish greater reliability and trust within these frameworks as well as better protection for personal information. In addition, whilst the digital trust technologies are essential for the digital economy, in the paper-based world, the process of notarisation and use of digital notarisation are under also review.

As yet there is no comprehensive standard for regulating trust and authentication in Blockchain and Distributed Ledgers and there is equally no standard in relation to the protection of the rights of individuals in relation to their personal data.

The French Data Protection Regulator, Commission Nationale de l’Informatique et des Libertés (CNIL), recently investigated the application of the EU General Data Protection Regulation to Blockchain reiterating that innovation and the protection of individuals fundamental rights are not conflicting goals. The research carried out by the CNIL has revealed that, “the person deciding to register data on the Blockchain is a controller” given that they determine the person data and means of data processing but the rights of data subjects are not easily exercisable particularly in relation to the right of erasure and the right to object to processing.

The European Parliament published a paper in October 2018 on the need to build trust in Distributed Ledger and Blockchain and called for, amongst other things, protection on personal data rights. The CNIL is working with its European counterparts to produce a strong and harmonised approach and it is hoped that the European Data Protection Board will issue guidance during 2019.