Back when I was doing road-shows to raise money for the start-up that didn’t happen, several of the venture capitalists we met with said things like, “right now, we’re investing in blockchain.” As far as I am concerned, they could just have easily said “quantum.”
Over here, it seems to be “tactical” is another cool word to add to anything, to make it sound better than it is. Do you want a tactical quantum blockchain, as used by special forces operators?
Briefly: blockchain is an open ledger. That’s it. It’s an open ledger that is maintained with successive checksums to make alteration obvious to anyone who cares to check. When those VCs were saying they were investing in blockchain, they were saying that they were investing in tamper-resistant data – hey, that is a good idea, but it gets filed under “duh.”
I first encountered the idea of blockchain back in the early cypherpunks days, when someone came up with the clever hack of publishing successive hashes of a file in the classified section of a newspaper – that way it would be impossible to wind back the clock and change the sums without them contradicting the published sums in the newspaper. That was around 1992 or 1993; I forget. When I was consulting for Taser back in 2009, I suggested that they use that technique to deflect any questions about the integrity of body-cam data; it’s a pretty obvious application of a very clever idea.
Rawstory has a story: [rawstory]
Now new blockchain-based marketplaces could give individuals control over access to their encrypted DNA data, and the ability to sell it to research companies for their own profit.
The ‘Google Of Personalised Health Care’
Consumer DNA testing saw unprecedented public demand in 2017. By one estimate, 10 million genetic tests were conducted on individuals by companies such as AncestryDNA.
People using these services may not realise that the real money for some of these companies could lie in the sale of genetic data to third parties for medical research. A 23andMe board member reportedly explained this in 2013:
The long game here is not to make money selling kits… Once you have the data, [the company] does actually become the Google of personalised health care.
Ask Henrietta Lacks! [wikipedia] The usage of patient (and customer!) data is a gray area – or, more precisely, it has been caused to be a gray area – if you use 23andme or have your blood drawn, or that lump in your neck removed: do you still own it? It’s your genome, right? The short form is: no. This stuff is all being taken care of using contract law, and is being regulated in favor of and for corporate interests. We will never have the option of owning our own genomic data, not if it’s worth something.
The premise appears to be that people will have their DNA sequenced, then upload it to secure servers with mumble mumble blockchain magic and mumble somehow their data will be protected. But doesn’t that presuppose that whoever is doing the sequencing doesn’t keep a copy? That’s exactly what happened when Johns Hopkins Hospital’s doctors kept a copy of Henrietta Lacks’ cancer cells – and started selling them. It makes no sense to assume that I’m going to ship a swab of my epithelial cells to some lab that will sequence my DNA and securely transmit me a copy of my DNA (without keeping a copy!) and that I’m going to then care enough to store it somewhere, only to – years later – transmit it to… what, exactly? I can’t give it to my doctor to read in their computer (without keeping a copy!) or stick it on a cloud server (where the FBI can’t subpoena it?) etc.
But, hey: blockchain!
At the same time, genomic data can reveal highly personal information about us (and our relatives), especially when paired with our very private health data. There are competing interests between individuals, corporations, and the research community.
How Could Blockchain-Based DNA Marketplaces Address These Issues?
Marketplaces for buying and selling DNA data would be established by the creation of dedicated cryptocurrency “tokens”
People will be able to sell their (encrypted) genomic data to researchers for tokens, which they can cash out or use to buy services, such as disease risk reports.
All of that presupposes that your sharing your data means they won’t copy it and re-share it. Which, they are already doing. So this whole thing depends on “first, we must get them to stop ripping off our data.” Which depends on “first, we must get the courts to agree that it is our data.” That’s a problem of approximately the same magnitude, I’d say, as keeping Equifax from not selling (or leaking!) your data to marketing firms. Which is a problem of the same magnitude of getting an unfriendly dragon to give you its gold-hoard without a fight. Because, for them, it’s a fight to the death.
But once that’s all done: blockchain!
Information security practitioners know that once you give someone else your data, you’ve got questions of trust that you need to answer; also questions of trust delegation: do you trust Apple to hold your txt messages? What about whoever keeps Apple’s backups? At a certain point I can say with some confidence that if you want to be the only person with a copy of your genome, you’ll have to sequence it yourself and be very careful whose processor chips are in the sequencing-machine you buy.
This is another case of blockchain – a solution – looking for a problem.
h/t to Caine, who pointed me toward this story.
My old friend Dan Geer once defined “privacy” in the digital age as “having control over the time and rate at which your information is disclosed.” It’s an interesting definition because Geer didn’t consider revoking access as possible; it’s typical of Dan’s subtle approach to security – he hides everything you need to know right there in the definition.
I’ll try to do a post one of these days regarding my old-school security practitioner’s view of bitcoin. Hint: it’s ugly.
David Chaum was doing interesting stuff (of course!) with blind signatures and digests back in the 80s: [chaum]
Original bitcoin paper announcement in cipherpunks [cp]