Where is the Bitcoin blockchain stored?
Data stored in blockchains cannot be changed, which means that personal data they contain cannot be removed. Jeni Tennison, the ODI’s Technical Director, explains why it’s really important that we design blockchains to protect people’s privacy
Blockchains are currently getting a lot of attention as a distributed way of storing data. But the irreversibility and transparency of blockchains mean they are probably unsuitable for personal data. We need to be careful when designing blockchains not to infringe on people’s privacy, and to account for a world in which we have doxing, identity theft and the right to be forgotten.
The examples in this post aren’t necessarily here because anyone has suggested providing these kinds of data in blockchains. But blockchains are being investigated for a range of purposes and we need to explore their limits.
Blockchain basics
A blockchain stores a series of transactions, which can be data of any sort, in blocks, which get added to a blockchain one after the other. I’ve written elsewhere about the technical details on how this works.
Blockchains are what’s known as an append-only data store. That means you can only add data to the store, you can’t take it away. They are also distributed: blockchains are maintained by a peer network of nodes in which every node has a copy of the blockchain and has equal authority to add to it. Every node publishes that data for other nodes to pick up and use.
One of the unique selling points of blockchains is that once data is embedded in the blockchain it cannot be altered without that change being detected and rejected by the other nodes in the network. This is useful for data that people need to trust because it provides a guarantee that the data in the blockchain hasn’t been changed since it was put there.
What irreversibility means for privacy
There are types of data, particularly personal data, where the inability to remove data retroactively could lead to problems.
For example, in the UK, personal insolvency notices are published in the London Gazette when people are declared bankrupt. They are published in paper copies of the Gazette (which are relatively hard to get hold of or search) and published on the web. There are times when there are requests for notices to be removed from the website to avoid them being as easy to find, such as:
- The notice includes the current address of a person who is attempting to avoid an abuser, and thus the notice increases the risk of discovery and harm to that individual
It’s easy to imagine other scenarios where blockchains could be used to hold data about people that might seem innocuous at the time but where the situation changes such that data should no longer be held in the same way. For example, a recent change in UK law means that company directors’ birth dates are no longer published by Companies House. Data about people applying for planning applications, holders of licences and those in public office is routinely published and could change in similar ways.