Blockchain and the information ownership

Blockchain is generally defined as an immutable ledger kept by a group of peers that maintain the historical chain of events through a decentralized network. In many versions, specific business logic can be executed via smart contracts, scripts installed under consensus from participants.

Although popularly associated with electronic money, the technology has found its place amongst institutions eager to manage the provenance and traceability of information. Discussions on the pure meaning of what a blockchain is and the level of centralization, identification, and replication mechanisms usually find reconciliation under the umbrella of Distributed Ledger Technology (DLT).

The evolution of the technology brought the concept into prime time (or maybe hype time), with big players such as Amazon, Microsoft, and IBM offering the service through their cloud computing environments (cloud) [1]. Hence, since DLTs have opened a new way for cooperation between business partners, government, and institutions alike, what are the risks associated with this new context?

In a highly connected global community, applications are defining a new data-driven society [2]. Consequently, the awareness of information and the rights associated with it have been a source of concern, and for many companies, a constant legal and financial challenge [3]. Meanwhile, cloud services have become commodities for tech corporations and are setting the pattern for data storage and computability [4]. As a result, companies have increased their dependability on the cloud, and consequently, questions on the property, custody, and ethics in the use of data are on the rise.

What are the risks for a data-sharing joint effort?

We are increasingly witnessing threats to digital assets in general such as social engineering, technical failures, data breaches, and ransomware, to name a few. However, these are well-known risks, and corporations are looking for cloud providers to mitigate those threats as an aggregated value. In addition, cloud environments are appealing as a pool of affordable services. The cost-benefit trade-off is attractive in a competitive market since many corporations cannot afford in-house infrastructure and expertise. As a result, the firm's virtualized services' reliability and security can keep the company in the competition.

Therefore, companies are willing to join a data-sharing effort mediated by a cloud provider. However, along with all the perks offered by the virtualized environment, opportunistic behavior may arise either from service providers, and business partners.

The DLT technology is now one of the virtualized services offered by many cloud companies, namely Blockchain as a Service (BaaS). As a result, by adding a third-party provider in the equation, the idea inherits risks for the custody of data such as the honest-but-curious behavior [5], along with the possibility of compromising the Confidentiality, Integrity, and Availability (CIA) of digital assets.

The technology can provide a common ground for business partners to cooperate, but opportunism can also arise even between permissioned partners of a BaaS environment [6]. For instance, companies can opportunistically use the knowledge acquired over data as a commercial advantage. Consequently, partners may avoid cooperation due to financial, legal, or commercial harm by foreseeing such a possibility [7]. A vast literature in economics affirms that legal contracts cannot guarantee that partners will perform as expected, essentially due to its incapacity to prepare for all possible contingencies [8] [9] [10] [11] [12] [13] [14]. Additionally, legal relationships are based on the premise of posterior punishment for previous misbehavior, not guaranteeing that a digital asset or any advantage given by its knowledge could be repossessed. Therefore, to not lose the exclusive aspect of its information, a company may not engage in the joint effort or encrypt its data. By encrypting their data, companies can make these assets not computable in a third-party facility, diminishing the cost-benefit of a BaaS environment.

To discuss a solution for managing the ownership of intangible assets, we must first analyze what data is, and which technological candidates can emulate theoretical solution counterparts. Since we are discussing intangible assets and the insights extracted from them, our focus relies on a combination of resources that could represent a contractual solution to reduce the uncertainty of how partners could interact. Also, a contractual solution should add value to a data-sharing partnership without players losing the advantage given by their shared information. Finally, these resources above need an ownership transfer mechanism to change the property of an asset in order to become a complete solution.

Property over digital assets

The terms “information” and “data” are often usually interchangeably, although information is a byproduct of intelligible data [15]. It hence depends not just on data itself but also on the capacity to extract meaning from it. For many companies, digital assets are the most valuable resources, and the risk of losing or compromising such artifacts threatens the very existence of their businesses [2]. Amongst the most common threats to datasets, we have:

  • data loss: completely removes ownership;
  • data copy (or reproduction): either authorized or not, removes the exclusive aspect of possession and consequently the ability to exercise control;
  • unauthorized analysis: does not explicitly imply loss or duplication of the data resource, although it gives the advantage of knowledge.

Therefore, how could DLTs deal with something ethereal, such as information, by managing its more concrete counterpart, namely data?

A law enforcement mechanism may repossess physical assets, but how to repossess data and, more importantly, information or the advantage given by that? In such situations, the common palliative is a financial compensation after fair arbitration.

Why blockchain as a case for ownership?

Blockchain, now a potentially overused term, became popular due to its more prominent representant – Bitcoin [16]. Bitcoin is a distributed solution for the double-spending problem, a risk for any electronic cash implementation compared to printing fiat currency with no collateral. A trivial approach would be implementing a centralized service. Still, the libertarian ideology behind the new architecture opposed models based on trust, where a service such as a mint would be a single point of failure or censorship [17].

Whereas the pure meaning of what makes a blockchain is still a debate, the core principles of the technology were built around ownership. Bitcoin was designed to manage the property of an intangible coin by the cryptographic proof that the ownership of such electronic money was transferred between users. To make that possible, the system implemented the transaction concept [18] [19], and its alignment with core economic principles [20] [21] makes it able to simulate a market as a medium for exchanges [22].

The Bitcoin initiative aimed at the double-spending problem, but its core construction had no concern regarding copying or reproducing data. The main problem addressed for the new model was opportunism. The original paper approaches the case of a greedy attacker that would create an alternative history of events to change the ownership of coins. The author modeled the dispute between honest users and an adversary as a Binomial Random Walk [23], and by the perspective of the Gambler's Ruin Problem [24], suggested a proof-of-work mechanism. This solution incentivized cooperation by profitable rewards discouraging the use of computer power to collude to defraud users.

Although Bitcoin initially had a reduced scope, new blockchains spawned in many other applications such as cryptocurrencies, security tokens, crypto equities, and crypto bonds. Additionally, new versions developed a flexible model that can define a variety of shared datasets and previously agreed-upon scripts that can execute changes. In such an environment, business partners can agree on the rules that will be allowed in the commercial interaction. Consequently, systems using the blockchain concept can manage data with provenance and traceability.

Solutions

What follows is a discussion on how to take advantage of blockchain technologies for addressing the data ownership problem.

The blockchain aptitude for contractual solutions

A DLT can intermediate coordination, reduce the power imbalance in commercial relationships, and enforce the rules agreed by the parties. In cases where trust is a concern, companies may opt for integrating operations and resources from partners, acquiring the related corporations [25]. However, for some, the cost of realizing it is just not feasible.

Two standard solutions proposed by economists to respectively avoid and remediate post-contractual opportunistic behaviors:

  • vertical integration:  can be too much for a company that only wants to cooperate in a joint effort. Buying another company to access its database may not justify the cost;
  • contractual solutions: go hand in hand with blockchain since the worst aspect of a legal contract is its incapacity to enforce the deal. A smart contract can arbitrate interaction in a database, reflecting the agreement between the parties that persisted the script.

Hence, due to the consensus and scrutiny they go through before being executed, smart contracts are good candidates for implementing compliance to contractual rules [26]. Anyhow, when joining a shared database effort, companies must ensure that their systems of choice keep balanced control over data through a collaborative design [27]. All in all, DLTs can promote a neutral territory for cooperation, and the concept of trust comes from the certainty that no party will unilaterally modify the assets [7].

Homomorphic encryption as a mechanism to exercise control

Now, imagine that one could perform computations over encrypted data without prior decryption. Even if such an endeavor demanded more computation power and storage, cloud computing services would offer a proper environment to execute it for a reasonable price. That is what Homomorphic Encryption (HE) can enable – meaningful computations on encrypted data. The technology was envisioned by Rivest et al [28], and posteriorly many concrete propositions were introduced in the pursuit to achieve a practical construction for real-world applications [29]–[35]. What is then the role of HE in this setting?

We discussed how a DLT could guarantee that parties will abide by contracts, mainly because the behavior is defined upfront, differently from purely physical legal agreements. However, how can smart contracts protect from property loss over meaning? The paradox assessed here is the understanding that a company willing to participate its data implies the will to share, and the encryption of such data seems to be the avoidance of cooperation.

If properly equipped, smart contracts can use HE capabilities to enable privacy-preserving computations. It creates a mechanism to delay the delivery of meaning, giving the owner the right to check calculations performed over his data. Such ability preserves control and guarantees property. A script can generate an analysis for a second party, which is why the HE must be built on top of a system that avoids power imbalance by design. The HE technology is a crucial part of postponing the acquisition of meaning, allowing for a legal revision process [8], and if necessary, the renegotiation of terms [11].

Key update protocols for transferring Ownership

We now have two main components for a solution that manages ownership of data and information. However, up to this point, we discussed a system used as a framework for homomorphically computed data, but no ownership transfer was approached yet.

An encrypted data belongs to the owner of a key [36]. Without the respective key, the encrypted data at hand is not intelligible and, therefore, useless. When business partners decide to participate in a blockchain consortium powered by homomorphically computable data, the main problems regarding the privacy of information are fixed (e.g., cloud, business partners). However, we can question the utility of such capability for partners needing to gather insights over third-party data. Without a mechanism to transfer the ownership and property over the result, the utility of such a combination is severely reduced.

The computation over homomorphically encrypted datasets also generates encrypted results bounded to the respective key of the inputs. Therefore, to transfer property for those artifacts, the update of the result’s key must be performed. This operation should also be implemented under the consent of the parties by pre-agreed scripts or architectures. By doing so, all the involved parties know the HE scheme and the trading rules [8]. Such key update procedure is preceded by a key exchange, where parties agree on a new shared key that will posteriorly update the ownership of the generated result.

In a homomorphically computable blockchain, all participants can unambiguously verify the premises persisted into smart contracts, where the company owning the resultant computations over its assets can perform analysis before transferring the property to a third-party [11] [13] (i.e., the bargaining power remains with the owner). In this environment, cloud providers blindly compute and execute services without compromising the privacy of their customers.

Conclusion

Corporations may use the shared aspect of a blockchain to explore the strategic and commercial advantage of information extracted from the data. On the other hand, institutions such as hospitals may need to cooperate with potentially adversarial or even legally restrained partners, revealing just enough for the task at hand and hiding excessive knowledge from an observer. Although a blockchain can potentially restrict participants' actions over data through scripts, cryptography, and other measures, the low-cost computability of such resources can be undermined. Therefore, since blockchains are intrinsically capable of enforcing contracts, implementing a homomorphic encryption scheme and a key update protocol in a cloud setting can manage the transfer of meaning, allowing valuable insights over third-party data without property loss.

References

[1] M. M. H. Onik and M. H. Miraz, “Performance analytical comparison of blockchain-as-a-service (baas) platforms,” in International Conference for Emerging Technologies in Computing. Springer, 2019, pp. 3–18.

[2] M. A. Cusumano, A. Gawer, and D. B. Yoffie, The business of platforms: Strategy in the age of digital competition, innovation, and power. Harper Business New York, 2019.

[3] L. Duo, “Legal challenges for data-driven society,” in 2017 ITU Kaleido- scope: Challenges for a Data-Driven Society (ITU K). IEEE, 2017, pp. 1–6.

[4] D. R.-J. G.-J. Rydning, “The digitization of the world from edge to core,” Framingham: International Data Corporation, 2018.

[5] S. Tahir and M. Rajarajan, “Privacy-preserving searchable encryption framework for permissioned blockchain networks,” in 2018 IEEE Inter- national Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 2018, pp. 1628–1633.

[6] J. Singh and J. D. Michels, “Blockchain as a service (baas): providers and trust,” in 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 2018, pp. 67–74.

[7] C. Barrera and S. Hurder, “Can blockchain solve the hold-up problem for shared databases?” Prysm White Paper May, vol. 13, 2019.

[8] O. Hart and J. Moore, “Incomplete contracts and renegotiation,” Econometrica: Journal of the Econometric Society, pp. 755–785, 1988.

[9] D. G. Baird, J. P. Dawson, W. B. Harvey, and S. D. Henderson, “Contracts: Cases and comment,” 2008.

[10] B. Klein, R. G. Crawford, and A. A. Alchian, “Vertical integration, appropriable rents, and the competitive contracting process,” The journal of Law and Economics, vol. 21, no. 2, pp. 297–326, 1978.

[11] T.-Y.Chung, “Incomplete contracts, specific investments, and risk sharing,” The Review of Economic Studies, vol. 58, no. 5, pp. 1031–1042, 1991.

[12] W. P. Rogerson, “Contractual solutions to the hold-up problem,” The Review of Economic Studies, vol. 59, no. 4, pp. 777–793, 1992.

[13] P. Aghion, M. Dewatripont, and P. Rey, “Renegotiation design with unverifiable information,” Econometrica: Journal of the Econometric Society, pp. 257–282, 1994.

[14] G. No ̈ldeke and K. M. Schmidt, “Option contracts and renegotiation: a solution to the hold-up problem,” The RAND Journal of Economics, pp. 163–179, 1995.

[15] S. Kullback, Information theory and statistics.
Courier Corporation, 1997.

[16] S. Nakamoto et al., “Bitcoin: A peer-to-peer electronic cash system,” Bitcoin.–URL: https://bitcoin. org/bitcoin. pdf, 2008.

[17] R. Manne, Short Black 9 Cypherpunk Revolutionary: On Julian Assange. Black Inc., 2015, vol. 9.

[18] W. S. O. Williamson, “Markets and hierarchies: Analysis and antitrust implications: A study in the economics of internal organization,” 1975.

[19] R. H. Coase, “The nature of the firm,” economica, vol. 4, no. 16, pp. 386–405, 1937.

[20] J. Nickerson, “Oliver williamson and his impact on the field of strategic management,” Journal of Retailing, vol. 86, no. 3, pp. 270–276, 2010.

[21] A. L. Schlafly, “The coase theorem: the greatest economic insight of the 20th century,” Journal of American Physicians and Surgeons, vol. 12, no. 2, pp. 45–48, 2007.

[22] D. Rutherford, Routledge dictionary of economics. Routledge, 2013

[23] W. Feller, “An introduction to probability theory and its applications,” 1957.

[24] J. L. Coolidge, “The gambler’s ruin,” The Annals of Mathematics, vol. 10, no. 4, pp. 181–192, 1909.

[25] S. J. Grossman and O. D. Hart, “The costs and benefits of ownership: A theory of vertical and lateral integration,” Journal of political economy, vol. 94, no. 4, pp. 691–719, 1986.

[26] R. T. Holden and A. Malani, “Can blockchain solve the hold-up problem in contracts?” National Bureau of Economic Research, Tech. Rep., 2019.

[27] X. Xu, I. Weber, and M. Staples, Architecture for blockchain applications. Springer, 2019

[28] R. L. Rivest, L. Adleman, M. L. Dertouzos et al., “On data banks and privacy homomorphisms,” Foundations of secure computation, vol. 4, no. 11, pp. 169–180, 1978.

[29] C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proceedings of the forty-first annual ACM symposium on Theory ofcomputing, 2009, pp. 169–178.

[30] M. Van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, “Fully homomorphic encryption over the integers,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2010, pp. 24–43.

[31] C. Gentry and S. Halevi, “Implementing gentry’s fully-homomorphic encryption scheme,” in Annual international conference on the theory and applications of cryptographic techniques. Springer, 2011, pp. 129–148.

[32] Z. Brakerski and V. Vaikuntanathan, “Efficient fully homomorphic encryption from (standard) lwe,” SIAM Journal on Computing, vol. 43, no. 2, pp. 831–871, 2014

[33] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(leveled) fully ho- momorphic encryption without bootstrapping,” ACM Transactions on Computation Theory (TOCT), vol. 6, no. 3, pp. 1–36, 2014.

[34] N. P. Smart and F. Vercauteren, “Fully homomorphic encryption with relatively small key and ciphertext sizes,” in International Workshop on Public Key Cryptography. Springer, 2010, pp. 420–443.

[35] D. Stehlé and R. Steinfeld, “Faster fully homomorphic encryption,” in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2010, pp. 377–394.

[36] J. Katz and Y. Lindell, Introduction to modern cryptography. CRC press, 2014.

Tags:
Hanes Oliveira

Hanes is Research Software Engineer at Algemetric

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.