Trust, Privacy and the Blockchain

Trust, Privacy and the Blockchain
Juan Carlos Farah
juancarlos.farah@epfl.ch
École Polytechnique Fédérale de Lausanne
6 March 2020

Step Back: What will we look at today?
- Motivation
- Trust
- Domains: Philosophy, Law, Sociology, Economics, Psychology, ...
- Privacy
- Domains: Philosophy, Law, Sociology, Economics, Psychology, Security, ...
- Blockchain
- Domains: Computer Science, Engineering, Cryptography, Economics, …
- Break
- Blockchain
- Case Study
- Domains: Education, All of the Above

“Trust… is a particular level of the subjective probability with
which an agent assesses that another agent or group of
agents will perform a particular action, both before he can
monitor such action… and in a context in which it affects his
own action.”
Diego Gambetta, Can We Trust Trust? (2000)

“Trust is in the end a practical matter. It’s a question of trying
to place it intelligently. [...] With trust, you want to trust things
that are trustworthy and mistrust what’s untrustworthy. And in
both cases the evidence is incomplete and it’s quite difficult.”
Onora O’Neill, Trust, BBC Radio 4 Analysis (2011)

Motivation: Measuring Trust / Trustworthiness
- What are some ways in which this could be achieved?

- Surveys
- General Social Survey (GSS)
- World Values Survey
- Often questions or statements like:
- “Most people can be trusted.”
- “You can’t be too careful in dealing with people.”

- Surveys
- Experiments
- The Trust Game (Berg et al., Trust, Reciprocity and Social History, 1995).
- One subject is given 15 USD to give to a second subject. Amount given is
tripled/doubled. Receiver can then give back some amount to first subject.
- Endless variations.

- Surveys
- Experiments
- The Trust Game (Berg et al., Trust, Reciprocity and Social History, 1995).
- One subject is given 15 USD to give to a second subject. Amount given is
tripled/doubled. Receiver can then give back some amount to first subject.
- Endless variations.
- Proxies
- Role within a Social Network
- Reputation

Motivation: Reputation
- “Reputation is information used to make a value judgment about an object
or a person.”
- Value judgments can be decisive, continuous and expressive.
- E.g. thumbs up, favourite, rating, review, etc.
- The object or person in question is a reputable entity (i.e. can have a reputation).
- The information is a reputation statement.
- E.g. a city is worth visiting, an article is worth reading, a movie is bad.
F. Randall Farmer, Bryce Glass, Building Web Reputation
Systems, 2010.

or a person.”
- Reputation takes place within a context (geography, subject, purpose).
- E.g. local universities, winter tires, abstract art, etc.
Systems, 2010.

or a person.”
- Reputation is often limited in scope, which can or not be surfaced globally.
- E.g. favourite restaurants vs internal employee reviews.
Systems, 2010.

or a person.”
- Reputation is often limited in scope, which can or not be surfaced globally.
- E.g. favourite restaurants vs internal employee reviews.
- “[Reputation] brings structure to chaos by allowing us to proxy trust when
making day-to-day decisions.” F. Randall Farmer, Bryce Glass, Building Web Reputation
Systems, 2010.

Motivation: Reputation Models
- What are some common (web-based) reputation models?
Systems, 2010.

- Favourites and Flags (Reddit)
- Vote to Promote
- Favourites
- Report Abuse
Systems, 2010.

- Vote to Promote
- Favourites
- Report Abuse
- This-or-That Voting (Amazon)
Systems, 2010.

- Favourites and Flags
- Vote to Promote
- Favourites
- Report Abuse
- Ratings (Uber)
Systems, 2010.

- Vote to Promote
- Favourites
- Report Abuse
- Ratings (Uber)
- Reviews (Airbnb)
Systems, 2010.

- Vote to Promote
- Favourites
- Report Abuse
- Ratings (Uber)
- Reviews (Airbnb)
- Points (Stack Overflow)
Systems, 2010.

- Vote to Promote
- Favourites
- Report Abuse
- Ratings (Uber)
- Reviews (Airbnb)
- Points (Stack Overflow)
- Karma (eBay)
- Participation Karma
- Quality Karma
- Robust Karma
Systems, 2010.

Motivation: Defining Trust and Trustworthiness
- The definition of trust changes in accordance to the domain and context.
- Throughout this lecture, we should keep in mind how the ideas of trust and
reputation apply to the concepts at hand.
- Some questions to keep in mind:
- Do we trust the services that we use? Why?
- Do we trust their infrastructure? Why?
- Do we trust the people behind them? Why?

Motivation: Why is trust important?
“[Trust] matters because the world is quite uncertain and
getting it right is very useful. It’s very useful if I know whom I
can rely on for which purpose and whom I can’t rely on.”
Onora O’Neill, Trust, BBC Radio 4 Analysis (2011)

Motivation: Why is trust important?
More lightly speaking... how would your behaviour change
if you were not sure you could trust [ ]?

“No one must be subjected to arbitrary interference with his
privacy, family, home or correspondence, nor to attacks upon
his honor and reputation.”
Article 12, Universal Declaration of Human Rights

Motivation: Privacy
- The Universal Declaration of Human Rights tells us that we need to value our
own, and respect others’ privacy.
- But what exactly is privacy?

Motivation: What is privacy?
1. Privacy is a relational concept. It comes to the fore in a community. Where
people interact, the issue of privacy emerges.
Lucas D. Introna, Privacy and the computer: why we need
privacy in the information society, Metaphilosophy, 1997.

2. Privacy is directed towards the personal domain. What is deemed
personal is, to some extent at least, culturally defined.

3. To claim privacy is to claim the right to limit access or control access to my
personal or private domain.

4. An effective way to control access to my personal realm is to control the
distribution of textual images or verbal information about it.

5. To claim privacy is to claim the right to a (personal) domain of immunity
against the judgments of others.

5. To claim privacy is to claim the right to a (personal) domain of immunity
against the judgments of others.
6. Privacy is a relative concept. It is a continuum. Total privacy may be as
undesirable as total transparency. Lucas D. Introna, Privacy and the computer: why we need

Motivation: Why is privacy important?
“Privacy is necessary to the creation of selves out of human beings, since a self is
at least in part a human being who regards his existence, his thoughts, his body,
his actions as his own.”
- Jeffrey H. Reinman, Privacy, Intimacy, and Personhood, 1976

“Privacy is necessary to the creation of selves out of human beings, since a self is
at least in part a human being who regards his existence, his thoughts, his body,
his actions as his own.”
- Jeffrey H. Reinman, Privacy, Intimacy, and Personhood, 1976
“Privacy contributes to the formation and persistence of autonomous individuals by
providing them with control over whether or not their physical and psychological
existence becomes part of another’s experience. Just this sort of control is
necessary for them to think of themselves as self-determining.”
- Joseph Kupfer, Privacy, Autonomy, and Self-Concept, 1987

More lightly speaking... would you act the same if you
knew that someone was observing you?

Motivation: Privacy is Important
- In 1890, Samuel Warren and Louis Brandeis publish “The
Right to Privacy”, in the Harvard Law Review.
- Considered an touchstone of modern privacy law.
- They were quite concerned about new technologies and the
role of the press in society.
- “If we are correct… the existing law affords a principle which
may be invoked to protect the privacy of the individual from
invasion either by the too enterprising press, the
photographer, or the possessor of any other modern device
for recording or reproducing scenes or sounds.” Louis Brandeis
Source: Wikipedia
Samuel D. Warren and Louis D. Brandeis, The Right to Privacy,
Harvard Law Review, Vol. 4, No. 5. (Dec. 15, 1890), pp. 193-220.

Motivation: But is privacy really that important?
Jeremy Bentham (1748 - 1832)
Source: Wikipedia

- Panopticism: From the Greek παν- “all” and -οπτικος “seeing”
- In the late 18th century, English philosopher Jeremy Bentham proposed the
panopticon in the context of prisons.
- Concept:
- Constant surveillance.
- Inmates cannot know when the watchman is observing them.
- Inmates regulate their own behaviour.
“Morals reformed—health preserved—industry invigorated—
instruction diffused—public burthens lightened…”

A panopticon building at Presidio Modelo prison in Cuba.
Photo Credit: Tod Seelie.
Atlas Obscura, 19 June 2017

- In 1975, French philosopher Michel Foucault revisited the panopticon in his
book Discipline and Punish.
- There are panoptic methods operated throughout a disciplinary society (in
schools, factories, hospitals, military regiments, prison), which allows it to
keep its citizens under control and conforming to certain norms.
- Discipline, through these methods, creates “docile bodies”.
- Docile bodies are “something that can be made; out of a formless clay,
an inapt body [from which] the machine required can be constructed.”
- Importance of training.

- Put in the context of privacy, Introna explains that “the transparency—the
universal ‘gaze’—created by the panopticon effect (universal and continual
surveillance) leads to the internalization of man. In his self-surveillance, man
cultivates a self-consciousness. Thus, Foucault argues that our world is de
facto transparent and that privacy is impossible, since ultimately we always
observe ourselves.”

Motivation: Cambridge Analytica
Data drives all we do.
Cambridge Analytica uses data to
change audience behavior.

Motivation: Cambridge Analytica
- British data analytics firm.
- Harvested personal data from over 50 million Facebook profiles without
permission.
- Built a system that targeted voters in the US with political ads based on their
personal profile.
- Employees were “filmed boasting of using manufactured sex scandals, fake
news and dirty tricks to swing elections around the world”.
The Guardian, 26 March 2018

Photo Credit: AP
Forbes, 2 May 2018
This landed Mark Zuckerberg a visit to congress.

Takeaway 1:
Privacy-wise, it’s somewhat
of a wild west out there on
the Internet.

Motivation: GDPR
- GDPR stands for General Data Protection Regulation.
- It came into effect on 25 May 2018.
- “GDPR is a vast piece of legislation which grants people living in Europe new
powers over the data being collected about them—like the right to access or
delete their own data, and the need for their consent to use it.”
- “The maximum fine for non-compliance with GDPR is 4% of annual turnover
or €20 million ($24.6 million).”
Forbes, 2 May 2018

Motivation: GDPR
bit.ly/2K8xesn

Motivation: GDPR
Photo Credit: British Museum
Archaeology, 26 April 2016

“GDPR is costing the average Fortune 500 company a whopping $16 million.”
Forbes, May 2018

Takeaway 2:
Whatever your opinion on
Internet privacy, you need to
treat user (especially
European user) data with care.

“You could say that blockchain is the ultimate ‘anti-trust’
technology. That’s not only because it facilitates transactions
between parties that don’t have to trust each other, but also
because it doesn’t rely on a single source of power with total
control of a market, like old-fashioned ‘trusts’.”
Derek Thompson, It Is Silly Season in the Land of
Cryptocurrency, The Atlantic, 10 January 2018.

This is how blockchain was doing three years ago.
Blockchain
Gartner, 15 August 2017

And this is how it was doing in 2018.
Blockchain
Gartner, 16 August 2018

This year, it is deep in the trough of disillusionment. But
many specific blockchain uses are on the rise.
Gartner, 12 September 2019
Blockchain

The Guardian, 21 December 2017

Motivation: ICOs
- ICO stands for Initial Coin Offering.
- It is a fundraising strategy, commonly used by blockchain startups.
- It consists of selling crypto tokens in exchange for a cryptocurrency.

Motivation: ICOs
- Each project usually has its own token(s).
- Equity Tokens: Share in the project or company.
- Utility Tokens: Can be used in the application that is being created.
- Asset Tokens: Represent a physical asset or product (e.g. gold).
- Reputation Tokens: Represents a user’s reputation.

Motivation: ICOs
- Each project usually has its own token(s).
- Equity Tokens: Share in the project or company.
- Utility Tokens: Can be used in the application that is being created.
- Asset Tokens: Represent a physical asset or product (e.g. gold).
- Reputation Tokens: Represents a user’s reputation.
- According to The State of the Token Market 2017 report, more than 5.6 billion
USD of capital was raised in 2017 through ICOs. At the end of Q3 2018, this
number was 12.3 billion USD (The State of the Token Market 2018).
- However, we’re still waiting for the 2019 report.

Takeaway 3:
There is a lot of hype, but also
a lot of money being invested
in the blockchain space.

“The technology at the heart of bitcoin and other virtual
currencies, blockchain is an open, distributed ledger that
can record transactions between two parties efficiently and in
a verifiable and permanent way.”
Marco Iansiti and Karim R. Lakhani. The Truth about
Blockchain, Harvard Business Review 95, no. 1
(January–February 2017): 118–127.

Blockchain: What is a blockchain?
- Originally the distributed ledger on which Bitcoin transactions are recorded.
- It employs cryptographic functions to create an append-only,
tamper-evident log.
- Verifiable
- Permanent
- Items get inscribed only if approved by the majority of participants (peers) in
the network.
- Consensus

Blockchain: Distributed Network
Paul Baran, On Distributed Communications: I. Introduction
to Distributed Communications Networks, 1964.

Blockchain: Cryptographic Hash Functions
- Mathematical algorithm that takes as input a message of arbitrary length and
outputs a message digest of fixed length.

- Key properties:
- Deterministic: Same message always generates the same digest.
- Efficient: Fast computation of digest from message.
- Collision-Free: Infeasible to find two different messages with the same digest.
- Hiding: Digest does not reveal information about the message.
- One-Way: Infeasible to generate a message from its digest.

- Key properties:
- Deterministic: Same message always generates the same digest.
- Efficient: Fast computation of digest from message.
- Collision-Free: Infeasible to find two different messages with the same digest.
- Hiding: Digest does not reveal information about the message.
- One-Way: Infeasible to generate a message from its digest.
- Examples:
- MD5: Insecure. Used for checking data integrity (checksum). (Try it out: bit.ly/2jFEJvN)
- SHA-256: Secure. Used by the Bitcoin blockchain. (Try it out: bit.ly/2IobpaZ)

Blockchain: SHA-256
- Example 1:
- Input: The quick brown fox jumps over the lazy dog. (Message)
- Output: EF537F25C895BFA782526529A9B63D97AA631564D5D789C2B765448C8635FB6C (SHA-256 Digest)

Blockchain: SHA-256
- Example 1:
- Input: The quick brown fox jumps over the lazy dog. (Message)
- Output: EF537F25C895BFA782526529A9B63D97AA631564D5D789C2B765448C8635FB6C (SHA-256 Digest)
- Example 2:
- Input 2: The quick brown fox jumps over the lazy dog (Message)
- Output 2: D7A8FBB307D7809469CA9ABCB0082E4F8D5651E46D3CDB762D02D0BF37C9E592 (SHA-256 Digest)

Cryptocurrencies: Last Week Tonight with John Oliver (HBO)
bit.ly/2I1mkbe

Blockchain: Append-Only, Tamper-Evident
- Blocks Appended. New transactions are registered on the blockchain by
appending a block to the chain.
- Hash Pointers. For a block to be appended, it has to include the
cryptographic hash of the previous block. This ensures that by having the
hash at the end of the chain, you can confirm the integrity of all previous
blocks.
- Temporary Forks. It is possible that two blocks can be generated at the
same time and appended to the blockchain. These “forks” are temporary.
- Longest Chain. The “longest” chain is considered to be the valid one.
Well-behaved peers are expected to follow this.

Blocks are appended and include a hash pointer to the
previous block on the chain. This makes the blockchain
structure tamper-evident.
10 11 12

Let’s say we know the hash at the head of the list.
10 11 12

Now let’s say a malicious agent wants to tamper with data in block 10.
10 11 12

The agent will also have to modify the hash pointer in block 11.
10 11 12

As well as the hash pointer in block 12.
10 11 12

At this point, we know someone has tampered with the data
because we remember the hash at the head of the list.
!
10 11 12

It is possible that two blocks can be generated at the
same time and appended to the blockchain temporarily.

Let’s take our distributed network.

Now let’s say two nodes add a block to the chain at the
same time.
Green Lead: 1 Red Lead: 1

They will propagate this chain through the network.
Red Lead: 4Green Lead: 10

The chain with the leading green block spreads faster
because of the topology of the network.

Now let’s say one of the green nodes appends a yellow
block to the chain. This is now the longest chain.
Yellow Lead: 1

At this point, the last nodes could receive any of the three
versions of the blockchain. It all depends on timing.
Yellow Lead: 5

But let’s say that they receive the chain with the leading
red block.
Yellow Lead: 5

When they then receive the chain with the leading yellow
block, they will see that it’s longer and ignore the red block.
Yellow Lead: 15

Eventually, the whole network will have the chain with the
leading yellow block.
Yellow Lead: 47

The red block will be left on a “temporary” fork of the
chain. These blocks are referred to as “orphaned”.

Takeaway 4:
Blockchain architectures are
complicated, but have some
pretty cool features.

Blockchain: Uses
- Blockchain has been proposed as the core building block of decentralized
applications in various sectors where user privacy and data authenticity is
paramount, including finance, telecommunications, and healthcare.

Blockchain: Evolution
Blockchain 1.0: The Bitcoin Blockchain
(Internet Analogy: “Transport Layer TCP/IP”)
- Currency
- Escrow, Contracts, Arbitration, Multiparty Signatures
Melanie Swan, Blockchain for a New Economy, 2015.

Blockchain 1.0: The Bitcoin Blockchain
(Internet Analogy: “Transport Layer TCP/IP”)
- Currency
- Escrow, Contracts, Arbitration, Multiparty Signatures
Blockchain 2.0: Smart Contracts
(Internet Analogy: “Protocols HTTP/SMTP/FTP”)
- Other assets beyond currency. Recall the tokens.
- Ethereum introduces a Turing-complete virtual machine.
- Distributed Applications (DApps)
- Distributed Autonomous Organisations (DAOs)

Blockchain 3.0: Applications Beyond Currency Economics and Markets
(Internet Analogy: “HTML, Email”)
- Blockchain Science
- Blockchain Genomics
- Blockchain Health
- Blockchain Learning
- ...

Blockchain, World Economic Forum

Blockchain: Challenges
- “To make effective progress in this area you need to bring together a
combination of a large number of interdisciplinary skills and perspectives…
You don’t just need excellent technical people… but you can’t also forget
about for example your experts in business processes, economics, security
and privacy and the law.”
- “How can ordinary people have faith that the contracts they are signing up to
are what they really think they’re signing up to without becoming experts in
reading smart contract code.”
- “We need mechanisms to link physical objects and identities in the real world
to the virtual object on the blockchain. That’s absolutely not a simple problem,
but it’s a key step in reinforcing the trust that we have in such blockchains.”
William Knottenbelt & Catherine Mulligan, Blockchain, World Economic Forum, 21 June 2017.

Takeaway 5:
Blockchain could be the
underlying technology to solve
a wide array of problems in
various domains, but there are
some challenges.

Case Study: Graasp
Activity Traces in an Online Learning Platform

Case Study: Graasp
- Online platform for learning spaces.
- Teachers can create learning spaces in which they can embed various types
of resources (videos, images, etc.), as well as interactive applications.
- Students then perform a learning activity inside these spaces and in doing so,
might generate activity traces (similar to Google Analytics).

Case Study: Premise
- Users perform a learning activity on Graasp and generate traces.
- These traces are used for educational research.
- Users can be anonymous.

Case Study: The Problem
- We don’t want to necessarily store activity traces ourselves, we want to allow
users to store activity traces in their own repositories. (GDPR)
- We also want to allow education researchers to run analyses on the data
users generated on our platform.
- Users can voluntarily provide their data for these studies. (GDPR)

- Problem: If we allow users to store their own data, how can we guarantee
that the data has not been tampered with when we retrieve it for analysis?

- Problem: If we allow users to store their own data, how can we guarantee
that the data has not been tampered with when we retrieve it for analysis?
- Solution: Store a hash of activity traces ourselves before sending them out.

Case Study: Another Problem
- Are we a trusted third party (TTP)?

- Why might we not trust ourselves?
- Being an application provider does not mean that you can trust us with
your data.
- Malicious.
- Service might go offline (temporarily or permanently).
- A trustworthy company does not necessarily have trustworthy employees.
- E.g. Uber (Reveal News, 12 December 2016).

your data.
- Malicious.
- Can we trust another third-party? Can we trust the government?
- Probably, but then we might run into the same issues mentioned above.

your data.
- Malicious.
- Can we trust another third-party? Can we trust the government?
- Probably, but then we might run into the same issues mentioned above.
- Solution: Store the hash on a blockchain.

Recording Process: A learner’s interaction with a LE generates learning traces, which
are then put together and emitted as a learning block at the end of the learning activity.
This block is then signed and sent to an external LBR, with its hash being recorded on
the blockchain for future validation.
Farah et al., A Blueprint for a Blockchain-Based Architecture, ICALT, Mumbai, 2018.

Validating Process: To retrieve a learning block, the requesting party requires access
granted by the owner of the repository. If a request is legitimate and the repository is
online, a block is verified by comparing its hash to the one recorded on the blockchain
and returned if valid.
Farah et al., A Blueprint for a Blockchain-Based Architecture, ICALT, Mumbai, 2018.

Modular: These processes can be a part of a larger infrastructure.
Machado et al., Towards Open Data in Digital Education Platforms, 2019.

Case Study: The Real Problem
- Remember Takeaway #4?
- Blockchains are complicated.

- Challenges Identified
- What do you store in the blockchain?
- Privacy Issues (GDPR)

- How frequent do you write to / read from the blockchain?
- Fees
- Latency

- Fees
- Latency
- Are your contracts really smart?
- Ethereum smart contracts are open source and could be exploited if vulnerable.

- Fees
- Latency
- Are your contracts really smart?
- Ethereum smart contracts are open source and could be exploited if vulnerable.
- Do end users really care about the problem identified?
- We do not want to complicate user experience for no added value.

Do we really need a
blockchain?

A flowchart to determine if you need a blockchain for your application.
Karl Wüst and Arthur Gervais, Do you need a Blockchain?, 2017.

Do we need to store state?

Are multiple users writing to the data store?

Are we a trusted third party?

Do we know all of the users that are writing to the database?

Permissionless Blockchain!

Do we really need a
blockchain? Maybe.

Takeaway 6:
Think well and consider your
options before you use a
blockchain.

Conclusions: What we looked at today?
- Motivation
- Trust
- Definitions.
- Privacy
- Definitions, Breaches, Regulation
- Blockchain
- Hype
- Blockchain
- Basic Features and Applications
- Case Study
- Applying Blockchain in Educational Technology and Research.

Conclusions: Key Takeaway Points
1. Privacy-wise, it’s somewhat of a wild west out there on the Internet.
2. Whatever your opinion on Internet privacy, you need to treat user (especially
European user) data with care.
3. There is a lot of hype, but also a lot of money being invested in the blockchain
space.
4. Blockchain architectures are complicated, but have some pretty cool features.
5. Blockchain could be the underlying technology to solve a wide array of
problems in various domains, but there are some challenges.
6. Think well and consider your options before you use a blockchain.

Image Source: Adapted from XKCD

Questions?

Thanks!
Email: juancarlos.farah@epfl.ch

Trust, Privacy and the Blockchain

Recommended

Recommended

More Related Content

Similar to Trust, Privacy and the Blockchain

Similar to Trust, Privacy and the Blockchain (20)

Recently uploaded

Recently uploaded (20)

Trust, Privacy and the Blockchain