Across Europe, a privacy row has been brewing over various efforts to use coronavirus contact tracing technology. Contact tracing is the cornerstone of the efforts to track the spread of COVID-19 in an attempt to prevent a second wave by quarantining those exposed to the infection. After all, it proved to be successful in China and South Korea.
However, the contact tracing efforts in China and South Korea are generally considered to breach user privacy to an extent that’s culturally and legally unacceptable across much of Europe. Nevertheless, it seems that many governments are now prepared to compromise on their citizen’s fundamental right to privacy.
Lack of alignment on the correct approach
One significant problem is that governments in Europe have been unable to agree on a single, unified approach. Privacy advocates had been pushing for an app that doesn’t store data centrally but on the individual’s device. However, governments, including those in France and the United Kingdom, have shunned this approach in favor of developing their own solutions.
In France, this has resulted in an app where data is collected and stored on government-run servers. In the U.K., where Brexit already means citizens have lost the protection of the European Union’s General Data Protection Regulation, the government has engaged a controversial artificial intelligence firm to help with track-and-trace efforts. Yet both the government and the firm itself are holding back from explaining why the AI contractor needs to process far-reaching data, including credit scores and utility bills.
A risk-filled strategy
The way that these governments are handling the track-and-trace requirements leaves a lot to be desired from both a security and privacy perspective.
Data held on centralized government or corporate servers is vulnerable to attack. If personal data of this scope and sensitivity gets into the public domain, it could be used for fraud or identity theft.
This isn’t a theoretical risk — data breaches happen all the time. One recent study estimated that nearly 80% of companies experienced a cloud data breach in the last 18 months alone, while EasyJet and Bank of America have both admitted to hacks over recent weeks. If governments are collecting far-reaching data on a national level, it will create a virtual honeypot for attackers.
Citizens are also being asked to take the risk that their data will be used for purposes beyond that which they originally consented. While a government can harvest data under the auspices of tracking and tracing the virus, it could potentially be put to use for any other purpose. It essentially amounts to a sacrifice of rights to data privacy and sovereignty. Particularly in the case of the U.K., intelligence agency Government Communications Headquarters, commonly known as GCHQ, was heavily implicated in the Edward Snowden revelations, meaning the nation’s citizens have grounds for concern.
Crypto isn’t immune
Many people are attracted to cryptocurrencies and blockchain technology because they hold fundamental beliefs that government surveillance, censorship and a lack of privacy are intrusions on our civil liberties. Blockchain offers the benefits of decentralized control, censorship resistance and privacy through pseudonymity.
But the fact is that the blockchain and crypto space remains far more centralized than we’d like to think.
Firstly, we have little choice but to enter the crypto space through centralized gateways — exchanges. Crypto exchanges have become every bit as enticing for hackers as centralized data servers. The latest to be hit was Canadian exchange Coinsquare. It has been revealed that attackers obtained 5,000 email addresses from the company’s database with the intent to use them for SIM-swapping.
Secondly, most blockchain DApps are using centralized cloud providers to manage their data storage. This is purely because blockchains such as Ethereum aren’t able to store data efficiently or at a cost that would be realistic for a DApp developer. So, while the decentralized security of blockchain applies to our digital assets, the data of any given DApp user is no more private than it is when they send it to a centralized company that uses Amazon Web Services to store data.
So far, there haven’t been any major hacks targeting DApp user data. However, it’s likely that this speaks more to the size of the DApp space than the fact that the vulnerabilities exist.
How decentralized databases help
Swarm computing involves harnessing the power of a distributed network. Data can be sharded, stored and replicated across the network, meaning it’s always accessible when needed. Using a model similar to Airbnb, developers would only need to pay for their storage, along with reads and writes to the database.
Such a model overcomes many of the drawbacks of centralized data collection and storage. The data is secure because decentralization removes the single point of weakness. It’s tamper-proof because each write action is verified by the network. It also offers users an assurance of privacy, and they can also determine how their data is used by offering or withdrawing their consent.
From the developer’s perspective, there are other benefits. They would pay less for the data than to a centralized provider like AWS because replication is an inherent part of a decentralized database, whereas AWS charges extra for it. This also means that decentralized data storage can be easily scaled up as a DApp grows.
Decentralized data storage offers the opportunity for blockchain DApps to become more truly decentralized by removing the dependency on centralized companies like AWS. But perhaps more importantly, they can help to overcome the issue of governments harvesting data at a time when citizens are already being asked to sacrifice so many other elements of their civil liberties in the name of preventing the virus’s spread.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.