If you’ve ever been the victim of a financial scam, you know exactly how terrible it feels. When someone steals your hard-earned money, it feels like a personal violation. Financial regulation is intended to protect us, but it has its limitations, especially in a world where innovation is moving at such a rapid pace. The existing financial system has too many blind spots which allow scammers to get away with their unethical practices and be difficult to track down and prosecute.
Blockchain can lead to a significant decrease in the opportunity for fraud worldwide if there is mass adoption of good practices. The blockchain is much more than just bitcoin and is changing the entire way innovators are thinking about the web. It will not be long before we move away from the existing web 2.0 infrastructure to the dynamic world of decentralized web 3.0. The issue is, even if the web is decentralized, humans are still answerable to centralized governments in the countries they live in.
The same aspects that make blockchain useful can also fall foul of financial regulations. This is particularly an emotive subject at the moment with the privacy scandals that have happened at big social media companies. Let’s explore this interplay.
Why blockchain can prevent scams
There are two key features that make blockchain able to offer greater protection against fraud than traditional finance.
The way the technology works is by keeping a ledger that hosts every transaction that has occurred on the blockchain. This information is stored on every node meaning that it’s impossible for someone to corrupt it as, by consensus, it will be easy to spot which node has been altered it can be reverted. By its very nature, the blockchain is immutable, which means it cannot be rewritten because of this.
To prevent fraud, this is a game-changing feature. There’s no way to hide any dodgy dealings or two pretend something is worth more than it actually is. Any potential buyer can quickly validate the asset’s history. Each transaction is verified by both parties and other nodes in the network.
These features are what form the foundation of the $40bn NFT market. NFT stands for Non-Fungible Token, which means the asset cannot be replaced and is unique. If people were able to distort the blockchain then these would be worthless as it would be easy to spoof a high-value asset and scam others.
This system can be used to make larger purchases safer. For example, with property sales, a NFT could be minted to prove ownership in a way that is unquestionable. Smart contracts can be used such that a sale only goes through when both sides have deposited their asset in a secure place, which prevents any party from unilaterally receiving value then running away. It puts an end to the need for traditional escrow and makes the system much more efficient and trustworthy.
Both sides are able to reduce their risk through this method.
While these features are great for protecting people from fraud, privacy is a major concern, especially after major laws such as GDPR were introduced. The idea behind these laws is that people have a right to privacy and in particular a right to be forgotten. These notions directly conflict with the nature of blockchain, where everything is permanent and transparent.
Transaction history within the blockchain is data about a subject, and people can track their transactions. If they were to invoke Article 17, the right to erasure, at many existing blockchains, there would be an uneasy situation. Blockchains are by definition decentralized; who would a case to delete data even be leveled at, as there is no overall owner? This strength of blockchain in terms of being tamper-proof makes it non-compliant in many ways. It’s impossible to enforce, but there will always be people who are hesitant to use the blockchain because of privacy concerns.
This brings us into an interesting discussion of how privacy laws affect wider regulations in general. For instance, data gained unlawfully cannot be used against a defendant even when it proves them guilty beyond any reasonable doubt. Much in the same way, could fraudsters claim their data was being held against their will in the blockchain, thus is it is unethical to use it against them? This legal gray area could be a nightmare for judges in the future.
As GDPR is still a relatively new law and the blockchain is still not used as widely as it eventually will be, there are many uncertainties in how this paradox will be dealt with by the law. Simply banning the entire blockchain for being non-compliant is clearly untenable and while some governments have banned individual cryptocurrencies, none would extend this to a blanket blockchain ban and put themselves at a severe disadvantage for future innovation.
What can be done
While the blockchain itself can never be GDPR-compliant, there are uses that can be. These systems can make use of permissioned blockchain and zero-knowledge technology.
A permissioned blockchain is where a user can set what information they share with other members of the blockchain for assets they own. For example, they might only want people in their network to be able to see their past transactions, rather than this being public information. A zero-knowledge transaction is where an agent proves the information is true without revealing the actual information.
Think of the example of a house sale. The seller will want to know that the buyer has the funds they say they do. Usually, this would be through the buyer needing to provide all kinds of intrusive personal information to a bank, who could then potentially use it for their own purposes. If the bank has a corrupt employee, then your private information could be used against you. In a zero-knowledge blockchain, there could simply be a property that shows that your value is greater than the sum they are asking for, and you can share this flag rather than the actual value of the money you have.
These systems give both parties the peace of mind of knowing they are not being scammed, whilst also being able to keep as much of their information private as they would like. This is the best-case scenario for both security and privacy and is likely to be a path that is tested heavily in the near future.
The immutability and transparency of blockchain technology fundamentally clash with the spirit behind privacy laws that are being introduced across the world at the moment. The blockchain cannot be GDPR-compliant.
Yet, the blockchain can protect so many from fraud in the future. It can support compliant applications using zero-knowledge technology and permissions to give the best of both worlds. Where users can verify the information they need whilst not sharing more than they are comfortable with. It’s exciting to see how this situation shakes out in the real world in the coming years.