Trustcorp THE CHALLENGE OF TRUST IN THE DIGITAL AGE - Copyright trustcorp, 2018
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
trustcorp
THE CHALLENGE OF TRUST
IN THE DIGITAL AGE
Copyright © trustcorp, 2018
AGENDA
1. THE DIGITAL TRUST
2. THE NEED FOR PRIVACY
3. PUBLIC BLOCKCHAIN? YES BUT…
4. A PRAGMATIC SOLUTION FOR A NEW ECONOMY
copyright © trustcorp, 2018 2 trustcorp
3. PUBLIC BLOCKCHAIN? YES BUT… copyright © trustcorp, 2018 3 trustcorp
6 MAIN CRITERIA FOR GDPR COMPLIANCE
Guarantee the security of all Guarantee to individuals
1 data collected, processed and
stored
access, modification, restitution
and erasing their data
2
Notify the National
Authority under
Collect and prove
72h in case real
6 risk of protection GDPR
the informed consent
of individuals
3
of private life
infringement
Document all protection Secure data against the
5 measures and procedures risk of loss, theft or disclosure 4
Copyright © Trustcorp, 2018 4 trustcorp
99 ARTICLES, 11 CHAPITRES
Autorités de contrôles
indépendantes
Transfert de données à Coopération et
caractère personnel (hors UE) cohérence
Responsable Voies de recours,
traitement et responsabilités et
sous-traitant sanctions
Droits de la 05 06 07 Dispositions pour des
personne situations particulières
concernée 04 08 de traitement
03 09
02 10
Actes délégués
Principes et actes
01 11 d’exécution
Dispositions Dispositions
générales finales
copyright © trustcorp, 2018 5
3 CYBER SECURITY LAWS TOTAL LAW GDPR LAW e.IDAS LAW NIS
DOMAINS Personal Personal Advanced Interoperability
Data Protection Signature Responsibility
-
Operational constraints
Compulsory computer functions 93 63 47 21
Obligations of result
Articles of law / Obligations of result 231 114 102 15
Section of the Act / Recommendations 174 100 38 36
TOTAL ITEMS 498 277 187 72
% 100% 55,62% 37,55% 14,45 %
copyright © trustcorp, 2018 6
GDPR ENFORCEMENT
Source: (https://clusif.fr/publications/infographic-personal-data-has-entered-the-gdpr-era/)
Copyright © Trustcorp, 2018 7 trustcorp
TOUS LES DOMAINES ÉCONOMIQUES SONT CONCERNÉS PAR
LA TRANSFORMATION NUMÉRIQUE
Maturité
numérique du TOURISME
secteur
MÉDIAS
BANQUE
DE DÉTAIL
DISTRIBUTION
BIENS DE GRANDES
CONSOMMATION
SANTÉ
SECTEUR PUBLIC
AGRICULTURE
CONSTRUCTION
Évolution dans le temps
copyright © trustcorp, 2018 8 Source : McKinsey France, 2015
LE BAROMÈTRE DES SANCTIONS
Amende de
20M€ ou 4% CA Global
▪ Non-respect des principes de la protection des données personnelles
▪ Infraction aux règles applicables au consentement
▪ Infractions aux transferts de données hors de l’EEE
Amende de
10M€ ou 2% CA Global
▪ Absence de protection des données dès la conception et par défaut
▪ Défaut de sécurité des données
▪ Absence de notification des violations des données
▪ Absence de registre des traitements
▪ Non-respect des règles de désignation du DPO
1er avertissement
par écrit
Copyright © Trustcorp, 2018 9 trustcorp
PUBLIC BLOCKCHAIN – HOW IT WORKS?
Someone requests
a transaction
The requested
transaction
is broadcasted to
a P2P network
of computers
(the nodes) A verified
VALIDATION transaction
The network of nodes validates can involve
the transaction and the user’s crypto
status using know algorithm currency,
contract,
records or
other
information
The new block is then added to the existing
The transaction is
blockchain, in a way that is permanent and unalterable
completed
CRYPTOCURRENCY
Has no intrinsic Its supply is not
value in that it is not Has no physical form determined by a central
redeemable for another and exists only in the bank and the network is
commodity such as gold network completely decentralized
Copyright © Trustcorp, 2018 10 trustcorpPUBLIC BLOCKCHAIN – POINTS OF ATTENTION
Someone requests
a transaction
The requested
transaction
is broadcasted to
a P2P network
of computers
(the nodes) A verified
VALIDATION transaction
The network of nodes validates can involve
the transaction and the user’s crypto
status using know algorithm currency,
contract,
records or
other
information
The new block is then added to the existing
The transaction is
blockchain, in a way that is permanent and unalterable
completed
CRYPTOCURRENCY
Has no intrinsic Its supply is not
value in that it is not Has no physical form determined by a central
redeemable for another and exists only in the bank and the network is
commodity such as gold network completely decentralized
Copyright © Trustcorp, 2018 11 trustcorpTHE REALITY ON DECENTRALIZATION
“The entire blockchain for both systems (Bitcoin and
Ethereum) is determined by fewer than 20 mining entities.
“
Source: Decentralization in Bitcoin and Ethereum Networks, Financial
Cryptography and Data Security 2018 (https://arxiv.org/abs/1801.03998)
% of mining capabilities
coming from data
centres.
58% 28%
Copyright © Trustcorp, 2018 12 trustcorpA QUESTION OF NATIONAL SOVEREIGNTY
vulnerable national sovereignty
Source: https://www.ethernodes.org/ (on August 1, 2018 at 15:09 CET)
One country
running the
show!
Copyright © Trustcorp, 2018 13 trustcorpA QUESTION OF INDEPENDENCE
Source: https://www.etherchain.org/charts/topMiners (on August 1, 2018 at 15:09 CET)
no strategic independence
+72% of the
blocks under
the control of
4 miners
Copyright © Trustcorp, 2018 14 trustcorpTHE REALITY ON SECURITY
“Bitcoin
The cost of the deanonymisation attack on the full
network is under 1500 €
“
Source: Deanonymisation of clients in Bitcoin P2P network, ACM Conference on
Computer and Communications Security, 2014 (https://arxiv.org/pdf/1405.7418)
NO BINDING SECURITY WITH DEEP
CONTROL
Miners’ have strong influence on transaction
management as they can:
1. Censor transactions (→ DoS)
2. Re-order transactions (→ front-running)
Source: Security challenges in Ethereum smart contract programming
Sergei Tikhomirov, CLUSIL Blockchain series – Installment #4 Luxembourg, 7/9/2017
(https://www.slideshare.net/SergeiTikhomirov/security-challenges-in-ethereum-smart-contract-programming)
Copyright © Trustcorp, 2018 15 trustcorpBUILDING A PROFITABLE BUSINESS MODEL?
PRICING BASIC
Ethereum transaction
PRINCIPLE
fees based on
ETH rate.
Bill of
Material
Highly fluctuating Cost
and not regulated.
speculative solution unacceptable by
industry Development
Strategy led by banks favorable to Cost
speculation and trading !!!!
Overhead
Service/
Product
Price of a Price
service/product is
negotiated up-front
Source : https://markets.businessinsider.com/currencies/eth-usd, with the customer
on August 1, 2018 at 16:47 CET and cannot handle
the fluctuations of
ETH.
Copyright © Trustcorp, 2018 16 trustcorpA CLEAR NEED FOR INTEROPERABILITY
A PAYMENT TRANSACTION ACROSS MULTIPLE "LEDGERS »
2 WAYS TO ADDRESS THE
PROBLEM:
(1) Homogeneization
▪ Hard to achieve
(2) Interoperability
▪ Hard to implement
and maintain inside
each blockchain
architecture
▪ Easier to implement
and maintain via a
third party solution
ISSUES
▪ Unpredictable (slow) delivery ▪ Manual customer service
▪ Unpredictable (high) cost ▪ High exception rate
Source: https://www.finastra.com/viewpoints/product-insights/five-things-blockchain-must-get-right-to-realize-its-full-transformative-potential
Copyright © Trustcorp, 2018 17 trustcorpAND... PUBLIC BLOCKCHAIN CANNOT ENFORCE GDPR
Total ▪ Data are visible to
anyone.
transaction ▪ Blocks are public.
privacy? ▪ Even if it is encrypted.
Infrastructure
maintained by
Right to be forgotten? known/trusted entities?
GDPR
▪ Blocks are immutable. ▪ By construction, there is no
▪ Impossible go back in the past. “a priori” trust established in
the public blockchain.
▪ A consensus must be
established.
▪ There is no identity
Proof of
check in the public
identity? blockchain.
Copyright © Trustcorp, 2018 18 trustcorpLES BLOCKCHAINS PRIVÉES AUSSI...
Dans le contexte de la Blockchain sans Blockchain avec La Blockchain ValeSign
conformité au RGPD permission permission (supervisée et de
(depuis le 25 mai 2018) (publique – ex., BITCOIN) (privée ou consortium) confiance)
1. Accès « offline » Non Possible Oui
2. Validation indépendante
Non Non Oui
de l’infrastructure
3. Transactions totalement
Non Non Oui
confidentielles
4. Infrastructure maintenue
par une entité connue et Non Oui Oui
de confiance
5. Coût raisonnable (faible
Non Oui Oui
coût de transaction)
6. Rapide (validation rapide
Non Oui Oui
d’une transaction)
7. Preuve d’identité Non Possible Oui (eSignature qualifiée)
8. Droit à l’oubli
(possibilité d’effacer une Non Non Oui
information)
copyright © trustcorp, 2018 19 trustcorpTHE 7 MAIN TECHNOLOGIES NECESSARY FOR GDPR REGULATION
1. New Communication Method: Security Double
(Authentication and Qualified Seal + Revocation Lists)
2. New Signature Advanced : Legality Double
(Individual and Notary)
3. New Encryption Process: Secret Double
(Symetric and Asymmetric combined together)
4. New Validation Process: Blockchain Trinary
(Seal, Encryption, Advanced Signature combined)
5. New Rooming Framework: Interoperability Trinary
Qualified Controllers/Processors/Validation Parties
6. New digital Governance-Sovereignty: Justice Trinary
(Law/Code of Conduct/Private Agreement)
7. New Cross border Market Places: real time scheduling Multilateral
copyright © trustcorp, 2018 20DYNAMIC AGILE “PRIVATE BLOCKCHAIN” IN FULL INTEROPERABILITY BETWEEN APPOINTED -QUALIFIED CONTROLLERS and PROCESSORS
.
SEQUENCES 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4
TRUST
SERVICE
CONTROLLER
1
.
OPERATOR
PROCESSOR
1
VALIDATION
CERTIFICATIO
N PARTY
OPERATOR
PROCESSOR
2
TRUST
SERVICE
CONTROLLER
2
SEQUENCES 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3
0 1 2 3 4 5 6 6 8 8 0 1 2 3 4 5 6 7 7 7 0 1 2 3 4
copyright © trustcorp, 2018 21THE FUTURE OF (PUBLIC) BLOCKCHAIN...
“standalone
Research concludes that blockchain will escape from cryptocurrencies and drive
applications/utilities for financial services.
“
Source: https://www.finastra.com/viewpoints/product-insights/five-things-blockchain-must-get-right-to-realize-its-full-transformative-potential
1 2 3 4 5
Turns into a fad Remains a niche Currency Currency Ushers in
(like Secondlife) payment instrument Blockchain Blockchain "Trustless » world
▪ Low adoption ▪ Strict regulation ▪ Central banks ▪ Volume ▪ Becomes the de
and high risk reducing scope control the handling limit do facto standard
▪ Value collapsing of use currency aspect not enable for all financial
▪ Technology ▪ Blockchain is scaling transactions
buzz adopted as a ▪ Decentralization
record keeper concept do not
scale and
blockchain is
processed on
traditional
systems
Probability 25% 75% 60% 10% 10%
Time to event 1-3 years 1-3 years 1-2 years 5-10 years 10-20 years
Copyright © Trustcorp, 2018 22 trustcorpMAKE THE RE-ENGINEERING OF THE BLOCKCHAIN TO BE STRONG AND COMPLIANT GDPR, e.IDAS & NIS. copyright © trustcorp, 2018 23 trustcorp
You can also read
