How the Facebook Data Breach Reminds us that it's Time to Start Taking Control of our Data

Our data is everywhere! It's being collected by companies like Amazon, Facebook, Google and many other organizations through their applications and connected devices. These products and services that we have all come so comfortable with have resulted in people trading their privacy for convenience. The latest Facebook data breach tells us that the current centralized architecture is flawed and it can not protect our valuable data. Just recently Facebook exposed over 50 million users records.

The Equifax breach last year left over 140 million people's sensitive information flapping in the wind. These two examples are just the tip of the iceberg. This problem stretches way beyond your social media and credit information. It runs deep through one of the most valuable data points you own, your personal health records.

The Health Data Epidemic

In the US, there have been over 175 million records breached between 2010 and 2017. Exploits like these are possible when data is under centralized control. The fact is that healthcare providers are not in a position to deal with cyber attacks and fraudulent activity relating to data security. According to the Ponemon Institute research study, it can cost a provider around $400 per health record compromised. Just to put that into perspective, in 2017 there were over 5.5 million patients affected by data breaches. This is costing the healthcare industry billions of dollars and putting everyones private data at risk.

There are many reasons your health data is a target. Overall, it seems to boil down into two motivators...

1. Easy Money The black market value of health records is high $$$
2. Vulnerable Target The victims (patient, provider etc..) have to comply

The market value for a single health record on the dark web could range from $20-50. However, batches of records in large sets could fetch thousands of dollars at a time.

Data breaches can be done internally or externally from the target person/organization. When people usually think about a company getting hacked and exposing data, one might assume it was a malicious cyber attacker using sophisticated programming, while sitting in a remote location. Most of the time these breaches are rolled out using simple internal access vulnerabilities and exploits targeted with a Remote Access Tool (RAT) that can be easily downloaded on to a virtual machine to launch devastating payloads. This unwelcome access often goes undetected for several months. At that point it is too late. The attack had already been launched.

Decentralizing a Solution for the Future

The world runs on a centralized model. Everything from company structures, network architectures to shipping/logistics, healthcare to nation states. All of these things are organized with a central point. Even distributed networks today are still considered "centralized". When we look at Facebook, they are a distributed network with servers all over the world. However the controlling authority of that network is still very much centralized. These network topologies put two major issues at stake for people.

1. We give up all our rights to data in exchange for access or convenience in order for a central authority to monetize it themselves. It ends up becoming a great revenue stream for them and leaves you and me as the "product".
2. Our data is vulnerable to large scale attacks that compromise user records. When we blindly trust these organizations to be the custodian of our data, we are assuming it's just going to be 'safe'. However, the large central data stockpiles are constantly being attacked leaving private information readily available.

It's time to start really thinking about how we can store, manage and exchange our own data on a fully decentralized peer to peer type network. In this scenario there would be no single owner of the data and each user would own their own information, allowing them to be the beneficiary of receiving any monetization for their personal data.

There are many exciting new projects that focus around these issues. Everything from decentralized token exchanges to social networks. When it comes to healthcare data it is critical that we begin to move into a more secure, reliable and transparent system. It's one thing when your instagram gets hacked, but imagine you get in an accident and the health network gets locked up by malicious attackers. The ER is filling up fast and the doctor can't access your medical record. In the mist of the chaos in the hospital lobby, maybe you get treated with something that triggers an allergic reaction. What if the reaction is fatal? It's not worth it. It's bad enough healthcare networks barely integrate between each other as it is today. The baseline for the level of interoperability between healthcare organizations is at zero. This approach leads to data silos, which then turn into points of failure and vulnerabilities in the first place.

Blockchain as a Decentralized Database of Record

So what is a blockchain? To put it simply, it is an immutable, decentralized ledger of transactions. The network is not owned by any single person or company, but rather a collection of all the participants in the network. The “blockchain” is an ever-expanding ledger that holds the transaction history of all transactions in circulation, and lives on the thousands of machines on the network. But if there is no central authority, who decides which transactions are valid and should be added to the blockchain? And how is it possible to ensure that the system cannot be gamed, for example by spending the same bitcoin twice? The answer is mining. Every transaction needs to be validated through a proof of work consensus algorithm. Miners on the network need to reach consensus to validate. This makes it almost impossible to break the system. It has been about 10 years since the inception of bitcoin. Even after a decade the network hasn't been successfully hacked.

As of today it would take about 500 of the worlds best supercomputers working at the same time to potentially accomplish such a task. The diagram below shows how a hash and a nonce are verified by the next block, while the Merkle Root contains the transactions. This simple but effective transaction process ensures a tamper free experience with no middle men needed.

A Bitcoin private key is a random 256-bit number. However, the public key reveals some information about the private key. The best known algorithms for breaking ECDSA require O(sqrt(n)) operations. That means 2^128 operations would be needed to break a Bitcoin account.

If we assume it takes the same time to run an ECDSA operation as it takes to check an sha256 hash (Which it doesn't), and we use an optimization that allows us to only need 2^128 ECDSA operations, then the time needed can be calculated:

>>> pow(2,128) / (15 * pow(2,40)) / 3600 / 24 / 365.25 / 1e9 / 1e9
0.6537992112229596

It's 0.65 billion billion years. That's a very conservative estimate for the time taken to break just one single Bitcoin address.

Computers tend to get exponentially faster over time, according to Moore's Law. Assuming speed doubles every year, then in 59 years it'll only take 1.13 years. I would expect the algorithms to be updated or changed long before it's feasible to break the protection they provide. The largest ECDSA key broken to date of the type that Bitcoin uses was 112 bits long. A Bitcoin account is more than 4,000 billion billion times harder to break. The only realistic risk would be quantum computing.

Ok, blockchain technology does look promising. However, there are issues that need to be addressed. I won't mention them all but I will cover a few of the main ones pertaining to the use case of managing your own data through a unique digital twin identity.

Scalability - Transactions fill each block until a new block is mined and verified by the previous hash. The blockchain continues to add more blocks to its ladder of transactions, and every block increases with data as it carries the history of the blocks before it. Every recordable transaction requires peer-to-peer validation, which can become time-consuming with the number of blocks involved. Bitcoin is currently verifying, or creating, one block every ten minutes. While it takes Ethereum about 3 minutes.

As more users incur more transactions, it takes longer for verification, with waiting times increasing sharply at peak times, sometimes even causing network congestion. This was common in 2017 - early 2018 when ICO's were launching every day. This lead to issues on the Ethereum network.

Bitcoin can handle approximately 60 transactions per second, which pales in comparison to Visa’s peak rate of 47,000 per second. In order for it to expand into the same ubiquitous role as fiat currency, cryptocurrency must be able to process much higher numbers of transactions. For Bitcoin to reach Visa’s numbers, it would be equivalent to trading four terabytes of data per year. Ether, however, despite its lack of block limit, takes approximately 14 seconds to generate a block.

Block size - Bitcoin blocks were originally hard-capped at 1MB, or around 2,020 transactions, but there is the potential for an infinite number of transactions to be made on each coin and therefore to be recorded on each block.

As transactions continue and records grow, block sizes increase, eventually exceeding any limits set. Although Bitcoin has increased its cap per-block, and Ethereum has no hard cap and therefore can adjust to scale much better, this still presents problems: blocks will continue to grow with use, and each transaction will need more time to be processed.

User adoption - As with any new and emerging technology it can take time for user adoption. More people will migrate to products and services as the technology matures. More integration with existing technologies will help speed up the progress.

Cost - increased traffic caused by a growing number of users facilitating more transactions, while more nodes are needed to process them, and when you factor in the running costs, it isn't that cheap. Additionally, miners will show preference for transactions that come with higher fees, meaning that to have a transaction verified in a timely fashion during peak times it can increase from a fraction of a cent to several dollars, and there’s no telling how high it could go when fully scaled out.

Additional components are also needed to work along side blockchain technology to handle some of the current challenges. Most applications are exploring side chains and separate data lakes to make up for some of these issues. As this space continues to mature over the next few years, a full stack will emerge that could someday out perform all traditional systems today.

Some of the components are noted below. I won't go into great detail but this will give you an idea of some of the major elements that make up blockchain data projects today.

Oracles

The next generation API for a decentralized network. Oracles serve as a way to grab data from the outside world and bring it into the blockchain. An oracle essentially is a third-party information source that has the function of supplying data to a smart contract. It acts as a trusted data source and can trigger actions based on predetermined criteria.

Smart Contracts

A smart contract serves as an agent that can facilitate a transaction and store executable code. This is very interesting because it can allow for more sophisticated transactions between people, companies and different organizations without the need for a trusted middle man. These contracts will automatically self execute after pre determined conditions are met. At a fundamental level it is simply a self-executing piece of code; smart contracts can evaluate incoming data from an oracle and initiate a flow of execution depending on the received information. The applications for this technology are endless.

BigChainDB

BigchainDB is a scalable blockchain database. It’s designed to merge the best of two worlds: the “traditional” distributed database world and the “traditional” blockchain world.

BigchainDB starts with a traditional distributed database, which has characteristics of:

• scale (throughput, capacity, low latency), and
• query-ability.

Added in blockchain characteristics:

• decentralized (no single entity owns or controls it),
• immutable (tamper-resistance), and
• assets (you own the asset if you own the private key, aka blockchain-style permissioning).

BigchainDB supports both public and private deployments. Writes take less than a second because validation is based on federation of voting nodes. Being a decentralized database, it is complementary to decentralized processing technologies like Ethereum Virtual Machine (EVM), and decentralized file systems like IPFS. 

Secure Hardware Devices (MFA)

Multi factor authentication (MFA) is a method of confirming a user's identity in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). This is a a great way to securely bridge your physical identity into the digital world. There are several different types of these products on the market. I think that MFA could add a fundamental element to identifying and authenticating valid access to data.

Being the Owner of your Data

By starting to develop a path towards individual data ownership, we can begin to create a future that puts us in control of our information. That's exactly what we are doing over at Helix3 Technologies.

Helix3 is developing a global, decentralized health platform that empowers people to gain control of their data in a meaningful way. Through the world's first digital twin health identity, users can securely collect fitness, genome and health data through various IoT/IoMT devices, genome databases & health records systems. 

Our goal is to drive a healthier world by connecting users with healthcare organizations around the mutual goal of creating a much better health system with improved clinical outcomes, at a reduced cost. By merging the perfect storm of blockchain, IoT and AI we are building the next dimension in health technology.

#healthcareblockchain #future #health #data