Anonybit & the GDPR
One of the key concerns of users in relation to consumer products today is the degree to which they preserve and protect their privacy. This is especially true when it comes to sensitive biometric data. GDPR, CPRA and other data protection regulations are setting up the framework for ensuring that our personal data is secured and there is accountability for those who collect and store it.
To explain how Anonybit helps organizations comply with these regulations, it is first important to understand that for the most part, they operate under the assumption that a single entity (called a “controller”) collects and processes personal data provided by a data subject, and must therefore put in place processes and protections to ensure the integrity of the data, including ensuring there is a legitimate use for collection. This may include consent, health, etc. A “processor” may be contracted by the “controller” to help manage and process the data.
Anonybit breaks this mold. Similar to the distributed ledger technology on which blockchains and cryptocurrencies are based, the Anonybit system distributes the data amongst the various users of the system. However, a key difference between distributed ledgers and the Anonybit system is the status of the data stored in the system. The main “flaw”, from a privacy perspective, of the distributed ledger model, is that every user holds a full copy of the entire ledger, and the entire ledger is fully available to the public (e.g. each Bitcoin user holds a digital wallet which contains the entire history of all Bitcoin transactions ever made). The positive element of the distributed ledger model is that it eliminates the need for a centralized body to regulate the system. The users regulate the system by ensuring everything is public and permanent. From a biometrics perspective, there are significant drawbacks to blockchain which make it infeasible to use as an underlying technology. (This will be the subject of a separate blog.)
Contrary to the distributed ledger solution, the data stored in the Anonybit network is divided amongst different nodes, where each individual user has a fractional, encrypted, and completely meaningless piece of the “puzzle”. The pieces never come together for matching, leveraging a technique known as Zero-Knowledge Proofs. With Zero-Knowledge Proofs, there is no single point where the information, in its entirety, is stored, processed or returned, and therefore no single point of failure exists. The only time at which the data is “whole” is when it is initially captured by the device which the user is using to provide the biometric sample.
Here’s how it works:
Enrollment: When first signing up, the user will provide a biometric sample. For example, the user might use the camera of their cell phone to capture a photograph of their face. The system will take this photograph, convert the image into a vector, split it up into a number of pieces, encrypt and spread the pieces across the Anonybit network.
Authentication: When a user then seeks to verify their identity via Anonybit, they will provide a biometric sample (e.g. via the cell phone camera) for comparison. The sample will then be converted into vector pieces and queried against the vector pieces spread out amongst the Anonybit network. A positive match will allow the user into the system. A negative match will prevent entry.
A key point to understand about the solution is that neither the entity which is seeking to verify the user’s identity in order to grant access to the system, nor Anonybit, nor any of the other users of the system, has access to the data as a whole. Each Anonybit network-node only holds a partial, anonymized, completely isolated and encrypted vector piece representing a portion of the biometric data. This partial piece of data is completely meaningless on its own.
Most solutions today are focused on reactive privacy measures (adding layers of security to existing processing, adding stronger encryption, etc). Rather than adding reactive security measures aimed at protecting access to, and the integrity of, the personal data, Anonybit solves these privacy concerns at their source by addressing the concerns that trigger GDPR in the first place. Instead of adding protective layers, Anonybit prevents third parties from ever possessing the data in the first place, ensuring that the user retains full control over their data, while at the same time not hindering the system’s technological abilities. Anonybit shifts the paradigm by returning the power and control over the data to the user, and by empowering the user to decide which entities are able to use the system to verify their identity.
From a GDPR perspective, this means data minimization, privacy-by-design and inherent compliance. For more information, contact us.