A question of privacy
Privacy versus transparency (PvT): do they have to be mutually exclusive?
I accept that my obsession with transparency - and the diatribes which it creates - can easily be described as banging on. Well today, I’m banging on about why I’m convinced that it’s possible to respect people’s privacy - and the laws that protect it - don’t have to be compromised by openness.
The CertiQi system revolves around giving every concerned party a full picture of the businesses and people with whom they’re dealing. But those people have a right to privacy; the fact that they’ve chosen to share some information with their bank shouldn’t open their confidential information to anyone who fancies a peek. The good news is that it doesn’t have to.
Privacy of information requires two key elements, security and confidentiality. If either is lacking, the other is useless.
Security
We’ll start with the easy one, even though satisfying its demands was the most technologically demanding. All data and documents collected to fuel the information network is stored in our unique and patented DotLedger. It’s encrypted using highly advanced algorithms and stored in a network of blocks (not a blockchain, rather an evolved development of the concept), the location and relationships of which can’t be discovered. Each block locks the content of every other, providing immutability and ultimate security. In fact, it’s so secure that even we’re unable to access any of the information without the express authorisation of the owner.
Put simply, this means, if you’re not authorised to access the data, you can’t. Full stop. If you’re (considerably) more skilled than the hackers who managed to break into the Etherium chain, then it’s, at least theoretically, possible that you might get to see the contents of a block. Congratulations. Unfortunately, you can’t change it, and unless you’ve developed beyond-quantum computer powers, you can’t decrypt it. Oh, and if you managed that, you’ll have no way of knowing to whom the information refers. You can read more about DotLedger here.
Confidentiality
An eKeyiD identifies a chunk of information of unlimited size. It could locate highly sensitive details about its subjects. In the wrong hands, that information could be devastating. Most countries protect the rights to privacy of their citizens through laws such as CCPA in the US and GDPR in the UK. Banks and NBFIs, who have to share compliance information with their counterparties, operate privacy policies to which their customers agree. They register as the data controller and must meet the legislative standards required by their region. The CertiQi platform doesn’t change that and, as CertiQi has no access to the data, it is never a data controller for the information its customers store.
When an eKeyiD is shared, it can be used as a locator to find the information to which it refers, but it doesn’t provide access. Think of it as an address; I can tell you where I live, but I don’t have to give you the house keys. When a party wishes to view the data stack, a request is automatically passed to the relevant data controller - or, where applicable, the data subject themselves - to allow the access. Where permitted, an invisible decryption key is applied to the new user’s account, allowing the information to be reassembled into readable format. The right to view the content can be revoked at any time, and it’s possible to specify which items are viewable by a specific party.
This is a highly simplified explanation of a complex system, but it gives a view of how the eKeyiD can be freely and publicly shared without compromising the security or confidentiality of the data to which it refers. Added to this, the federated nature of the ledger allows each organisation to store data within it’s preferred region, further satisfying data control regulations. The PvT balance is essential to preserving the privacy of individuals while permitting the controlled transparency that’s essential to world commerce.