Who ate all the PII? Not the blockchain, thankfully

GDPR be praised, new product keeps personally identifiable information off the chain


Dutch security firm Gemalto has said its blockchain product, slated to pilot later this year, will keep personal data off the blockchain.

According to the Dutch outfit, the forgettably named Trust ID Network is aimed at users and digital service providers that need verifiable Self-Sovereign Digital IDs where "attestations" issued by trusted parties are stored on the blockchain.

Only the "attestations" will be stored on the blockchain, keeping the personally identifiable information (PII) itself under sole control of the users.

The app will sit on R3 open-source blockchain platform from Corda.

Getting personal

A misapprehension about blockchain was that as an immutable distributed ledger it would be the perfect platform for storing PII or that such information should or would be included in each chain.

Another view held that blockchain could be used to create "attestations" on the chain that point to off-chain PII storage. It remains a controversial topic within the blockchain community.

Dan Gisolfi, IBM CTO of Trusted Identity, Blockchain Technologies, said earlier this year: "One of the most common myths surrounding blockchain and identity is that blockchain technology provides an ideal distributed alternative to a centralised database for storing personally identifiable information.

"This misconception about PII storage in the early stages of the blockchain technology adoption lifecycle is so pervasive that it inspired a Twitter thread dedicated to the debate on why putting hashed PII on any immutable ledger is a bad idea. From GDPR compliance, to correlation, to the cost of block read/write transactions, the debate continues."

Gisolfi reckoned he was trying to debunk some myths and help people gain "an understanding for how blockchain can be used as an infrastructure for identity attestations".

TrustedID? IDTrust? What's it called again?

Gemalto said Trust ID Network would provide privacy, security and immutability along with a streamlined integration for service providers and the ability to support mission critical identity services.

Bertrand Knopf, Gemalto executive vice president for banking and payment, claimed in a statement that the app would solve the weaknesses of traditional, siloed identity frameworks that suffer from "clumsy user experiences", rising costs and difficulties in complying with stricter regulations.

As a guideline, recitals in EU's General Data Protection Regulation describe pseudonymisation as an "appropriate safeguard" (156) and emphasised that it should be incentivised (recital 29).

However, the understanding is hashed or "pseudonymized" data is still considered "personal data" because there is always a risk of reidentification, so this sort of solution makes sense from a risk-reduction point of view. ®


Other stories you might like

  • Microsoft Azure to spin up AMD MI200 GPU clusters for 'large scale' AI training
    Windows giant carries a PyTorch for chip designer and its rival Nvidia

    Microsoft Build Microsoft Azure on Thursday revealed it will use AMD's top-tier MI200 Instinct GPUs to perform “large-scale” AI training in the cloud.

    “Azure will be the first public cloud to deploy clusters of AMD's flagship MI200 GPUs for large-scale AI training,” Microsoft CTO Kevin Scott said during the company’s Build conference this week. “We've already started testing these clusters using some of our own AI workloads with great performance.”

    AMD launched its MI200-series GPUs at its Accelerated Datacenter event last fall. The GPUs are based on AMD’s CDNA2 architecture and pack 58 billion transistors and up to 128GB of high-bandwidth memory into a dual-die package.

    Continue reading
  • New York City rips out last city-owned public payphones
    Y'know, those large cellphones fixed in place that you share with everyone and have to put coins in. Y'know, those metal disks representing...

    New York City this week ripped out its last municipally-owned payphones from Times Square to make room for Wi-Fi kiosks from city infrastructure project LinkNYC.

    "NYC's last free-standing payphones were removed today; they'll be replaced with a Link, boosting accessibility and connectivity across the city," LinkNYC said via Twitter.

    Manhattan Borough President Mark Levine said, "Truly the end of an era but also, hopefully, the start of a new one with more equity in technology access!"

    Continue reading
  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover scramble

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading

Biting the hand that feeds IT © 1998–2022