The creator of Bitcoin, Dr. Craig Wright, recently gave a lecture on the topic of privacy in relation to blockchain and Bitcoin as part of his ongoing Bitcoin Masterclasses series. Following up on the first session’s discussion of secrecy, this one delved deeper into the related topics of privacy, confidentiality, and anonymity.
Dr. Wright tells us that the United States enacted the UN privacy principles into federal law in 1992. This means they are law regardless of whether or not they are written into the United States Constitution. Like Europe, the United Kingdom adopted these protections in 1998 through the Human Rights Act.
The who, the why, the how, and the what of privacy are what he emphasizes. Individuals’ capabilities, motivations, timing, etc., must be taken into consideration. In the case of medical records, which Dr. Wright uses as an illustration, a physician may be granted access to your information, but it would be a breach of your privacy if your doctor were to copy and distribute your medical data online (say, because you are famous). Some of your medical history can be shared with the doctor, but not all.
First, Dr. Wright explains why privacy exists and how it’s distinct from other concepts. Information access permissions should be tightly coupled to one’s function or purpose inside an organization. He continues, “We need to limit what individuals are doing,” and goes on to discuss how access controls, cryptography controls, alarms, and other measures might be implemented to achieve this goal.
To be fair, as Dr. Wright puts it, we need to consider the situation from all angles. To compensate for the cost of providing the service, a company may be allowed reasonable data consumption. Dr. Wright has a well-documented aversion to Silicon Valley tech giants like Google (NASDAQ: GOOGL), Facebook (NASDAQ: META), and others, and he thinks it’s wrong that users can’t pay for the service directly instead of exchanging their data for it.
Fairness, he says, requires that the parties be able to come to an agreement on the scope of their respective rights and responsibilities. Dr. Wright argues that “privacy does contain lawfulness,” unlike anonymity. He makes an excellent point by saying that “you have no right to privacy if you’re plotting the overthrow of the government.”
Given that the vast majority of countries do not follow common law, how would lawfulness function on a worldwide scale? Dr. Wright argues we’ll have to keep tabs on where things are happening and who’s doing them, and governments will have to take some action.
Internet service providers (ISPs) have some say over the system and can install controls like preventing access to illegal content. Also, firms can prepare criminal cases for governments to take over through civil litigation.
Dr. Wright emphasises that lawfulness is one of the fundamental differentiators between privacy and anonymity, and that the concept of lawfulness will always depend on the society you’re in. For accountability in the event of wrongdoing, it is essential, first and foremost, that identities be linked to actions.
When things are made public and responsible parties are identified, we have achieved transparency.
Disclosing one’s true identity is a prerequisite for several forms of communication. Dr. Wright uses coffee houses as an example of public forums for the open discussion of political ideas that contributed to the development of Western civilization. You can only be yourself in a coffee shop, unlike the anonymous nature of Twitter, and your words will always be associated with you. It’s not hard to figure out who’s saying what and where they’re from.
Data Storage Limitations Dr. Wright discusses that the European Union (EU) has data storage limits, including the right to be forgotten, how long a firm can keep information on you, etc.
“Now we have this thing called a blockchain, and it can make it hard to get rid of data,” he explains. How can we be sure that it’s completely vanished? For this reason, pruning is necessary. Dr. Wright urges us to take a step back and consider the broader picture: when Bitcoin reaches tens of billions of transactions per second, we’ll be talking about petabytes of data stored annually. In that setting, users won’t be operating nodes on their personal computers but rather using SPV and company-specific data. He explains, “If you’re Amazon, you want data linked to Amazon.”
Because there is no clear time frame for how long data must be kept, records retention policies pose a challenge for distributed ledgers like Ethereum.The copyright documentation, for instance, may be required to be retained for up to 95 years. With Ethereum developers constantly updating the protocol, how will this be possible? There is no way that this could happen.
Minimizing data storage needs is important because, as Dr. Lawrence Wright mentions when discussing petabytes of information, people won’t want to store it all in the future. The same holds true for data; some may not be useful to a specific business. For instance, a database tracking property ownership in the United Kingdom would have little use for car registration data if it also included New Zealand.
A user can still use SPV and Merkle proofs to demonstrate that their record is genuine even if the data host removes it. Records will be irrefutably verifiable because of the ability to connect transactions to the information included in block headers (which take up only 80 bytes each).