Perspective by: Eran Barak, CEO at Midnight
Nearly 16 years have passed since blockchain transitioned from a niche topic to a significant player in global discussions, a shift recently reinforced by ongoing support from established Wall Street firms. However, despite this incredible growth, the reality is that blockchain technology has not yet tapped into its full business potential. A significant hurdle persists: a substantial amount of sensitive data remains unprotected on public platforms.
The core of the issue lies in the need for businesses to keep their data confidential while individuals strive to protect their personal information. Once data is recorded on a public blockchain, it becomes permanently exposed and cannot be hidden.
Even with the utmost diligence to protect their information, companies risk having sensitive on-chain data or related metadata compromised due to human error or system vulnerabilities, potentially revealing individual identities. This situation can lead to breaches of privacy, compliance failures, or both, eroding the fundamental trust in blockchain and highlighting the necessity for strong data protection measures.
Conversely, while veiling activities on the blockchain may seem like a solution, it could facilitate money laundering, prompting adverse reactions from regulatory bodies. High-profile cases have fostered a misconception that governments are fundamentally against the privacy aspects of Web3, which are essential for businesses contemplating the adoption of this technology.
No matter how we approach it, ensuring privacy on blockchain presents an intricate challenge for Web3. Until this conundrum is resolved, it is unreasonable for businesses to be expected to make the leap across the divide.
Misconceptions about government stances on blockchain privacy
Many in the Web3 entrepreneurial sphere have developed a fear that creating decentralized applications and businesses that promote financial anonymity will lead to regulatory repercussions. The cases of Samourai Wallet, whose founders faced money laundering charges, or Tornado Cash, whose developer received a lengthy prison sentence for similar offenses, serve as cautionary tales.
These incidents have contributed to a prevailing belief that governmental entities oppose privacy measures in the blockchain realm.
Recent: AI agents and blockchain are reshaping the digital economy
This notion could not be more misleading. Governments do not oppose privacy; they require it across various sectors. Legislation such as the General Data Protection Regulation and the Health Insurance Portability and Accountability Act is in place to ensure that businesses safeguard customer data against misuse and security threats.
The true issue highlighted by these high-profile incidents is that the data protection mechanisms in Web3 can be exploited, allowing for criminal activities that understandably raise alarms for governmental authorities. Protecting blockchain data should not come at the expense of established laws meant to shield society from terrorism, human trafficking, fraud, and other criminal enterprises.
This raises an important question: What does effective privacy look like?
Controlled disclosure
In the blockchain space, safeguarding sensitive information typically involves either keeping data off-chain or encrypting it on-chain. However, the latter option is compromised by the rapid advancements in quantum computing that threaten encryption durability.
The introduction of zero-knowledge (ZK) technology, a sophisticated cryptographic method, allows users to keep sensitive data off-chain while providing attestations regarding the authenticity of the information instead. In the context of Web3, ZK technology has emerged as a groundbreaking approach to bolster privacy, enabling untrustworthy parties to confirm that a transaction has taken place without revealing any details about it.
Decentralized applications can implement controlled disclosure by choosing to either store data on-chain (full transparency), encrypt data on-chain (limited disclosure via keys), or utilize ZK to only release attestations about the data (offering functionality without revealing details). However, controlled data disclosure addresses only part of the overall privacy challenge, inadvertently neglecting the metadata aspect.
The next frontier in privacy
Metadata—information about our data—is often overlooked when discussing the exposure of sensitive information on blockchains; it can lead to inferences that add another layer of risk, even when the primary data is concealed.
For instance, transaction metadata can reveal investment and trading strategies, along with other behavioral patterns. For companies, the ramifications can be damaging, impacting their competitiveness and strategic positioning. They are unable to afford public exposure of trade secrets, strategies, or the identities of other entities involved in transactions.
Thus, it is critical to protect metadata and eliminate the potential to draw conclusions, a need that could be met with a private token. Nevertheless, this approach could also be misused for illicit activities like money laundering.
If the use of a private token isn’t the answer and a public token fails to deliver adequate confidentiality, then we must reconsider Web3’s methodology regarding the protection of metadata. We should look to integrate the advantages of both methods by creating a dual-asset system that employs both public and private tokens. Each token can operate independently, allowing for the imposition of specific restrictions to mitigate illegal actions such as money laundering while preserving essential benefits.
A robust framework
The dual-asset model facilitates confidentiality without the drawbacks related to the shielding of metadata, making compliance and the enforcement of business policies achievable. By merging this tokenomics structure with controlled disclosure, we can ensure that privacy and regulatory compliance coexist on the blockchain, which could have significant implications for adoption and innovation.
Perspective by: Eran Barak, CEO at Midnight.
This article is intended for general information purposes and should not be construed as legal or investment advice. The views, thoughts, and opinions expressed herein belong solely to the author and do not necessarily coincide with those of any affiliated organizations.