The Cambridge Analytica scandal poses some serious questions about the integrity of democracies in the information age. From Trump to Brexit, the dirty tricks apparently offered by CA’s top executives should cause concern everywhere that elections happen. But the episode is also worrying because of its specific focus: data. We create reams of data every day – every time we open a browser window and every time we make a contactless payment. We do this without thinking. The Cambridge Analytica news demonstrates the power that this data can have when we lose control of it.
Facebook isn’t the only huge data company to have suffered a major breach in recent years. In September it was revealed that 143 million Americans and 44 million Britons had sensitive information stolen from Equifax, the credit rating firm, including home addresses and social security numbers. The kicker in this case was that many of those affected had no idea the company was holding that information in the first place – such is the staggering growth of data creation and collection, and the lack of controls enjoyed by consumers over who gets to keep it.
Clearly, it’s time for a radical rethink about the data we are producing and the processes governing its collection and maintenance. The EU has already gone some way to addressing these questions through the introduction of General Data Protection Regulation, a set of new rules dictating how businesses can handle personal information. But, despite their significant impact on collection practices in even the smallest businesses around Europe, these regulations still fall light years short of the comprehensive change in mindset needed to safeguard our privacy – and, potentially, the integrity of future elections.
Proliferation is the major risk for our personal data. Think about the number of times you’ve entered your address, your bank card security number, and your mother’s maiden name into a website. You wouldn’t dream of giving away that sort of information in a brick and mortar store, and yet we do it unthinkingly online. So how do we regain control of this sea of information?
Blockchain technology is one of the potential solutions to this vast proliferation. Blockchains are distributed ledger systems – that is, information is stored not in a single, centralised database, but in a potentially infinite number of places. Blockchains store immutable records and they are distributed among every user, each of whom has their own private cryptographic key. This presents an opportunity. Rather than yielding our most sensitive information to every shop or platform we interact with online, we could instead store it in a decentralised ledger, free from a single point of failure. Connect that technology to existing payment systems and platforms, and combine it with biometric security features on our smartphones or tablets and we could then enjoy significantly more control over what information we share with whom – and say goodbye to passwords at the same time.
But there’s a major problem with the application of blockchain technology in this way: privacy. If our data is stored everywhere, how can it be private? This is being tackled by researchers at MIT through their Enigma project, which is a protocol that sits on top of existing blockchains. Enigma promises “secret contracts”, as opposed to existing “smart contracts”, with nodes on the blockchain able to compute data without ever “seeing” it. The researchers say this will allow users to maintain control over personal data, particularly through preventing its monetisation or analysis by platforms. They also claim that it could unlock a new system of lending, in which prospective borrowers can establish their trustworthiness without having to give individual lenders access to their specific personal data.
Blockchain techniques are already being adopted at local and national levels. Estonia, which has emerged as one of the most forward-thinking, digital-first economies, has gradually moved all of its citizen data onto a distributed ledger system. Illinois is testing a number of blockchain-based systems, including a birth registry. And Singapore is considering moving towards a blockchain system to allow citizens to interact seamlessly with government services. There is significant work being done to shift the focus of blockchain technology away from pure currency speculation towards real world applications – especially around privacy and storage.
Cambridge Analytica, Facebook, and Equifax have demonstrated without doubt that our management of data is broken. Blockchain could help us fix it.
• Josh Hall is a writer and editor based between London and Berlin.