| Identities and identification | It is estimated that 1.1 billion people live without an officially recognized identity.27As a result, they are unable to participate in commerce, financial markets and have no access to services such as healthcare. An accurate and accessible identity system allows for inclusion and participation in global trade.
A Blockchain system could leverage digital ID systems which have appropriate authentication mechanisms. By combining decentralized Blockchain principles with identity verification and cryptography, a digital signature can be created and assigned to every online transaction affecting an asset. This has several potential benefits for consumers, businesses and regulators alike.
First, creating an identity on a Blockchain over who has their personal information and how they access it. Blockchain identity management platforms could also simplify procedures associated with burdensome, costly and time-consuming KYC obligations as well as better complying with data collection and privacy regulations. For businesses, this could lead to stronger regulatory compliance, lower costs, reduced fraud28, and a more seamless experience for clients. Similarly, for regulators, a Blockchain based process could allow for prompt auditing and increased efficiency in compliance control, monitoring and quality. Taken holistically, improved means of verifying and managing digital identities and personal information based on Blockchain technology could increase transaction efficiency and further facilitate trade. |
| Authentication Forms | •ID/password;
•Something I know (questions, grid cards, images, knowledge bases, etc);
•Biometric methods (typically, fingerprints or IRIS scans); •Devices (for example, a one-time pin sent to amobile number); •Third-party verification (which could include digital certificates or social network-based access) |
| blockchain and authentication | Public and many private/permissioned Blockchain systems have nodes in many countries and can be accessed from anywhere, therefore, while users may be subject to recognized governmental or intergovernmental authorities, the same is not the case for the Blockchain system itself. As a result, an intergovernmental framework may be needed for the cross-border acceptance by authorities (for example courts) of Blockchain data. Such a framework could, for example, define required levels of authentication, reliability and accountability in cases where credentials (i.e. means of authentication) may be compromised. |
| Data integrity | While Blockchain-based distributed ledgers provide transaction immutability, there is also almost no way to remove inaccurate data if it was erroneously entered in the first place. For this reason, it is important to put logic into Blockchain-based applications and smart contracts which allows for new transactions to be entered that will, in effect, erase the impact of previous inaccurate entries (even though the inaccurate entries remain –just like in a paper-based ledger accounting system). In other words, this would not change the data (which would require a fork in the Blockchain as explained in section II), rather it is a “reversing entry” as would be made in an accounting ledger. |
| Cyberattacks | While in theory Blockchains are vulnerable to cyberattacks including Sybil 51per cent attacks and distributed denial of service, the combination of decentralized database architecture, cryptography and the principles of immutability and consensus make Blockchain-based distributed ledgers relatively resilient to cyber-attacks (see section 2for further explanations). The types of attacks that a Blockchain is susceptible to depend upon a range of characteristics. For example, Blockchains with fewer nodes are at a greater risk for 51per cent attacks, while permission less Blockchains may be more at risk of identity theft than permissioned Blockchains where access is more restricted. Another vulnerability that will probably arise in the future is the development of quantum-speed computers, and their possible use for hacking, given the extensive reliance of Blockchains on cryptographic techniques. |
| Privacy and confidentiality of information | Confidentiality refers to the protection of data so that it is disclosed only to authorized parties and is protected from access by unauthorized third parties37. Privacy refers to a person's right to control access to his or her personal information. Digital innovations, including Blockchain technology, may have the potential to protect the rights of citizens to privacy and confidentiality. In many cases, confidentiality and privacy are enforced by legislation (e.g. EU or national data protection legislation), regulation (client confidentiality) or contract (commercial confidentiality). As such, it is critical to understand how Blockchain technology impacts these protected rights. |
| How Blockchain can do privacy | The design of any digital platform for trade facilitation using Blockchain technology must be done so as to store and transmit data in a way that safeguards the right of individuals to confidentiality and privacy. To achieve this, it may be necessary for developers to only record hashes of personal data on the Blockchain(or perhaps even only a hash of the data’s location/address) and to not store any private data on the Blockchain. Instead, private data can be stored off-chain and only exchanged as needed and in peer-to-peer communications. |
| The following rules should be considered when designing Blockchain systems that need to safeguard privacy and confidentiality: | •Transacting parties cannot be identified by an unauthorized third party from the information stored on the Blockchain(including metadata)40, unless the party(ies) to be identified has/have chosen to reveal that information;
•Other transaction details are not visible to unauthorized third parties and to the open public unless one of the transacting parties has elected to disclose that information;
•Transaction details cannot be collated, analysed or matched with off-Blockchain41meta data to reveal any information about the transacting parties or the details of the transaction. |
| Risks regarding privacy | Blockchains do not inherently respect privacy and confidentiality. Indeed, the two largest Blockchain systems, Bitcoin and Ethereum, are public (permissionless), open, transparent, and pseudonymous. They are open in the sense that there are no restrictions on participation,and they are transparent because all transactions and all transaction information is visible to anyone on the Blockchain. In addition, on the Ethereum Blockchain the code and execution of smart contracts is also visible. In both Blockchains, transacting parties are pseudonymous and identified by public keys generated using mathematically derived algorithms (known as Bitcoin addresses or Ethereum accounts). This provides only a very limited amount of confidentiality, because it is possible toconnect the identity of an individual with their public key. Because transactions made on Blockchainare fully traceable, once a person’s identity has been linked to their public key it is possible to infer and monitor an individual’s spending patterns (such as where they spend, how much they spend, and how often), their wealth and income, and with whom they undertake transactions. It is also important to remember that the data written to the Blockchain is immutable and irreversible, meaning it is permanently accessible andvisible. As such, incursions on one’s privacy or confidentiality cannot be reversed or corrected at a later time. |
