This post is part of CoinDesk’s 2019 Year in Review, a collection of 100 op-eds, interviews and takes on the state of blockchain and the world. Naveen Jain is co-founder of Tari Labs.
As individuals, we have become accustomed to being filmed by countless cameras in public. Using GPS, WiFi triangulation, facial recognition, and more, we are continuously monitored by corporations and governments alike. We are surrounded by a multiplying legion of devices that record our every word. And we are living in a world where endless HTTP cookies are set as we browse the web, and every click of the mouse is tracked. Our patterns are being harvested, analyzed, and used to predict our future actions with laser precision.
Over time, as tracking software and related infrastructure have grown increasingly sophisticated, we’ve consented broadly to have our personally identifiable information collected on a grand scale and weaponized.
The same is not always true for corporations, which operate in a parallel universe where meaningful identifiable information is mostly shielded from mass surveillance. Trade secrets, IP, and the choices they make are often protected under lock and key or by confidentiality agreements with razor-sharp teeth.
This dichotomy should not exist. Everyone deserves a level playing field with regards to maintaining the privacy of their personally identifiable information.
In the US, consumers are growing increasingly concerned about privacy, the vast trove of data collected by companies and governments, and how it is being used. According to a Pew Research Study conducted this year, 81% of Americans say the risks posed by data collection outweigh the benefits, and 66% say the same about data collected by the US government. Fully 79% of Americans are concerned with how companies use personally identifiable information. Also, a majority of Americans follow privacy-related news closely, and nearly one-third of Americans have suffered some form of significant identity theft.
Thankfully, as we approach the close of 2019, we’ve reached an inflection point in the battle to prevent the unknowing weaponization of personally identifiable data. There is now a clear path towards a world where this kind of information, regardless of whether it belongs to a corporation, or individual, will only be revealed and used with clear and explicit permission. But achieving this goal will require the combined, sustained effort of corporations, lawmakers, developers, and consumers.
Apple is 2019's privacy winner.
If an award existed for the organization that has done the most to advance the cause of privacy, Apple is this year’s winner. Apple started the year with a groundbreaking moment for personal privacy by launching a billboard at the 2019 CES convention in Las Vegas, reading “What happens on your iPhone, stays on your iPhone.” In April, Wired published a story on Apple’s refusal of the FBI’s request to create a backdoor for iOS. Then in August, The Information broke a story about Apple’s decision not to allow VoIP apps to run in the background in iOS 13 for anything other than facilitating internet calls. Before this change, developers could use VoIP features native to iOS to allow their apps to run in the background to collect data without the user’s knowledge. And most recently, Apple launched a beautifully designed privacy-focused site that is as stunning as any product page on Apple.com.
There were other positive developments this year. From a regulatory perspective in the US, Nevada’s SB220 went into effect on October 1, 2019, requiring businesses to provide notice of a designated email, toll-free number, or website address that allows consumers the right to opt-out of the “sale” of their personal information. In November, Democratic senators led by Sen. Maria Cantwell introduced a new federal data privacy bill. If ultimately enacted into law, the federal bill would provide similar data protections as GDPR offers in the EU and create a new FTC enforcement bureau. The most comprehensive privacy act so far was passed by the State of California. It goes into effect on January 1, 2020, and is the first meaningful effort in the country to give consumers control over their identifiable information. The law requires businesses to disclose what personal data they collect, what they intend to use the data for, who it will be shared with, and the ability for consumers to opt-out of their personal information being sold or shared. Businesses must also comply with consumer requests for their data to be deleted.
In the world of Bitcoin, privacy-centric projects like Samourai Wallet are implementing a wide range of features ranging from trustless CoinJoin to increasing entropy in transactions via StoneWall. Lightning Network is also making significant progress in enhancing privacy associated with Bitcoin transactions via Sphinx. These projects and other improvements on the horizon for the Bitcoin network will provide more privacy for all types of users.
Meanwhile, we are also seeing increasing consumer support for privacy-focused coins like Monero. Hundreds of merchants now accept Monero as a form of payment, and it has a highly engaged, rapidly growing community driven by a commitment to financial privacy. Zcash, too, is pushing the bleeding edge of privacy research in an attempt to make their privacy-enhancing technology trustless and use less processing power. Many governments and regulators remain skeptical of these and other privacy-focused assets. However, such skepticism is misplaced as the fiat on-ramps, and off-ramps for Monero and ZCash can be regulated and analyzed at the same level as they can be for any other cryptocurrency project. As consumers continue to see the damage caused by having all manner of identifiable information exposed, cryptocurrency projects with privacy by default will continue to gather momentum. And as businesses begin to understand the value of the new trust paradigm created by public blockchains, privacy by default will become a required feature.
What are the next steps towards a world where identifiable information is universally private by default? The privacy of consumer information must be treated the same if not better than that of corporations.
Regulators and law enforcement have an incredibly difficult and important job of protecting the public during a time of constant change. That being said, they must use the tools at their disposal without infringing on personal privacy. They must realize that the risks of mandating backdoors via concepts like “responsible encryption” will doom us to a world where there is no privacy, and all identifiable information is continuously weaponized.
In the blockchain space, regulators and law enforcement should focus on enforcing anti-money laundering, know your customer, and travel rule requirements via on-ramps and off-ramps, while allowing layer one blockchains to be private by default. If layer one blockchains aren’t private by default, the weaponization of identifiable information becomes inevitable, and therefore blockchains will not be used for a wide range of critical transactions. No business can survive in a world where any competitor can easily find out the balance of a wallet, with whom it transacts with, and the frequency. And few consumers want their financial data harvested in a warrantless manner by law enforcement, or used for precision-targeted advertisements by corporations.
The journey towards a world where identifiable information is revealed and used only with permission is paramount. The meaningful progress made in 2019 gives us strong momentum heading into 2020.