How to Solve the Data Privacy Problem for Enterprise Blockchain

Table of Contents

Privacy-focused blockchain projects often get a bad rap in mainstream news. Politicians and regulators seem convinced that privacy projects are behind a wide variety of nefarious activities from terrorist financing to money laundering. 

Because only bad guys want privacy, right? 

The reality is, it’s not just drug traffickers that use encryption… your local hospital uses it too. In fact, if a hospital doesn’t use encryption it can incur severe penalties. 

Just take the University of Rochester Medical Center, which was fined $3 million dollars by regulators last year for failing to properly encrypt mobile devices.

We’re not even talking about a breach of information. Just the failure to implement the expected measures to prevent one from happening. 

In fact, last year six healthcare-related companies were fined a total of $13 million for insufficiently preparing for potential threats to their patients’ health information.

As you can see, data privacy is a critical issue for any company in the healthcare space. I saw this first hand when I served as General Counsel for TigerConnect, which was the first and currently the largest HIPAA compliant, encrypted messaging platform for the US healthcare industry. 

The healthcare companies that we worked with would never consider a service provider if data privacy and encryption were not a key feature of what they offered.

Data privacy concerns go well beyond the healthcare sector. Many industries, including education, fintech, and retail are also under huge pressure from both regulatory agencies and their customers to maintain top security standards. 

Given this, do you think that any companies in any of these sectors could realistically consider implementing enterprise blockchain solutions on a public blockchain that is not equipped with privacy features? 

That’s a rhetorical question, the answer is obviously ‘no’.

Though most public blockchains include limited forms of anonymity, recent advances in chain analysis have shown that nearly all transactions are traceable. 

It doesn’t take much to connect the dots here. The bottom line is– privacy-enabled blockchains are an essential prerequisite for blockchain to become mainstream. Without privacy, the corporate use cases for blockchain are severely limited.

So, where does that leave us today? What options do companies have to build on privacy-enabled blockchains? 

Right now, there are three main ways that companies can take advantage of blockchain while maintaining data privacy, but each method varies dramatically in its effectiveness. 

Read on for an overview of each and which provides the maximum data protection for enterprise users.

Private, Permissioned Blockchain

The most common approach for many big enterprises foraying into blockchain is to invest in building their own private blockchain. 

Private blockchains are easy for corporate decision-makers to comprehend because they are similar in structure to a privately controlled server. All you have to do is restrict who has access to the server and you can safeguard data privacy within the network. 

An example of this in practice would be a consortium of hospitals that share access to patient health information through a permissioned blockchain with each hospital running its own node. 

This allows the private network of hospitals to share data securely, provided each hospital follows the agreed-upon security protocols.

However, with so few nodes in the system, this means that it is not truly decentralized. And thus misses out on the key benefits of a decentralized blockchain. 

A private blockchain is not as robust as a decentralized network. If only a handful of nodes are handling transactions, the risk that one or more nodes goes down is quite high. It would be impossible for a small node network to maintain 100% uptime or even the industry-standard of 99.99% or ‘four nines’ availability as they call it.  

We saw last year how Stellar went down after a critical mass of its 120-node network was taken offline. Quantity counts. If 120 nodes are not enough to secure a network, then having just a handful is inviting downtime.

With such a limited number of nodes supporting these private networks, their blockchains are also much more vulnerable to a malicious attack. This makes transaction history vulnerable to manipulation. 

Note also that private blockchains are very costly to set up. A recent report from Ernst & Young calculated that the costs to set up a private blockchain are over $600,000 for just the initial build and can require an additional $150,000+ per year for on-going maintenance and node hosting. 

That’s no small sum for any business. And if a data breach does occur, a couple million in fines could be added to that. 

From a corporate perspective, is a private blockchain worth it? In a few cases, it may be. But as we’ll see there are public-private alternatives that are superior in almost every way.

Private Blockchain Data Hashed on Public Chain

Already a lot of companies running private blockchains have recognized the drawbacks to the resilience and reliability of their blockchains. 

In order to address the issue of manipulation of ledger history, a private-public solution has popped up in recent years that I’m beginning to see more and more of. 

This is an innovative system where the private blockchain periodically takes a snapshot of its ledger and sends the data to a public chain in the form of a ‘hash’. This way the ledger can always be compared to the hash to ensure that there have been no alterations. 

While this undoubtedly provides an advantage over a purely private blockchain, it is still not a perfect solution. 

The first drawback is that of course, there will always be room for interventions between snapshots. That means a private blockchain will need to ping the public chain frequently in order to maintain the integrity of its data.

The second is, once again, the issue of cost. This system not only requires the exorbitant upfront and maintenance costs of setting up a private blockchain but on top of that, it also requires paying transaction fees to the public blockchain with each hash. 

The more frequently the company wants to send data, the more costly it can become. Given that the average cost on Ethereum right now is around $2.80 per transaction, a few thousand pings definitely ads up. 

So ultimately, while this public-private system is an improvement over a purely private, permissioned blockchain, it’s only a very slight step up. 

Public Sidechain Network That Utilizes Privacy

Ultimately, the ideal solution would enable a company to use a public chain to store its data. Though it would have to be set up with some form of encryption. 

This structure would enable an enterprise to have all the benefits of a public chain, nodes, infrastructure, and immutability. But at the same time, it could encrypt certain portions of the data that need to be private, such as patient health information. Then, only people with the correct keys would be able to see that data. 

This way an enterprise can take advantage of a massive, decentralized network while still maintaining data privacy. Best of all, it wouldn’t have to build the entire system from scratch and pay to maintain it for perpetuity.

Up until recently, however, this wasn’t an available option for businesses because for this system to work, there must be a blockchain that both can be built on and that includes privacy features.

Today, zero-knowledge is looking like the encryption of choice amongst cryptographers. It is used in a number of projects including Zcash, Horizen, and Komodo. In addition, it is being added to other chains by cryptography firms that specialize in zero-knowledge.

While there are public blockchains, like Ethereum or EOS, that developers can build on, these chains do not typically include privacy features. 

And though there are a number of privacy-enabled public blockchains, it is extremely difficult to build directly on them because control of the blockchain is out of the enterprise’s control.

However, there is at least one option that I have discussed before and that I am proud to be a part of. 

Horizen, which most people know as the privacy coin ZEN, has just launched a sidechain ecosystem that enables anyone to easily launch their own blockchain supported by Horizen’s zero-knowledge enabled blockchain.

These sidechains can be set up at minimal cost, come privacy-enabled right out of the box, and can leverage the power, throughput, and resiliency of Horizen’s nearly 40,000 nodes. 

It’s the perfect solution to allow companies to take advantage of a truly decentralized blockchain that serves their data privacy needs. Best of all, it comes at a price that is significantly less than what companies are currently paying to build their own blockchains.

What Does This Mean for Crypto Law Insiders?

For years, companies have been eager to dive into enterprise blockchain. But so far, it’s been mostly just hype. Very few companies have been able to effectively integrate blockchain into their tech stack.

For the most part, this is because the costs of implementing a private blockchain are simply too high. And though public blockchains are more affordable and secure, given the public nature of their ledgers, these have been essentially off-limits for companies in all key industries. 

But now that we have a solution that enables companies to build on a public blockchain that is zero-knowledge privacy enabled and requires minimal cost, it is feasible for companies across the board to leverage blockchain technology for their operations. 

We’ve hit the tipping point. Enterprise blockchain is finally ready to take off. Are you ready for it?

Dean Steinbeck

Dean Steinbeck

Dean Steinbeck, Managing Director of Crypto Law Insider, is the leading authority on legal issues related to cryptocurrency and blockchain technologies.