Privacy as a fundamental right for individual freedom
Privacy and personal data management is a paramount point of the international debate concerning technology and the way it is used. Nowadays data represent the fuel of the digital economy: every single day each user of the internet offers and receive massive quantities of data, this data sharing is more or less intentional and it is particularly sensitive whenever personal data are involved. The evolution of the internet and the success of social media shifted the attention towards the so-called virtual society, in this context data sharing is easier and immediate but somehow it is also perceived as less important. We do not mind giving out our date of birth, our address, or telephone number to register for an online service, don’t we? If we take our LinkedIn profile as an example, we can easily imagine how many times gave access to our profile to enroll for a webinar on an external web site. Another example is the classic “accept” button we systematically check without reading the terms.
However, in recent years, we have noticed a growing interest in defending personal data. Headlines regarding the scandal involving Cambridge Analityca and Facebook or the revelations made by Edward Snowden proved how our reality may not be too far away from the dystopian scenarios we picture while enjoying sci-fi books or movies. Furthermore, the recent Covid-19 pandemic additionally escalated the debate about personal location data retrieval to be implemented in the adoption of tracking apps for individuals.
When considering financial institutions, again we have to deal with privacy protection and the way it is more or less guaranteed: the data breach Equifax was subject to made clear how important privacy protection and cybersecurity are, the latter had been particularly underrated and not sufficiently considered.
Personal data management and privacy protection need to be given maximum priority by institutions handling sensitive data such as financial information of their customers. This needs to be done to prevent the same mistakes before it is too late.
Therefore, it is essential to foresee these issues so that we do not have to retroactively fix the problems once the misdeed had already occurred. This is the attitude we need to keep in mind but we can obtain additional help from new technologies and innovative processes that are on the rise.
If any application designed for financial transactions that leverage the blockchain as a settlement layer was not implemented in the right way, therefore using a publicly verifiable ledger with open source code, it would potentially create a situation of information asymmetry which is favorable those companies that manage sensitive data such as those regarding payments. This situation could potentially lead to stricter interventions by regulators in case of substantial events such as data leakage. Moreover, a more proactive approach by the financial institutions towards privacy protection and data security is very much needed because it would result in a truly customer-centric attitude that guarantees relevance and personal security for the customer.
To implement a publicly verifiable settlement layer does not mean our data are in the open because data registered onto the blockchain are anonymized by cryptographic processes. It is important to remind that when talking about blockchain, we are dealing with a kind of technology that is relatively recent hence still in a development phase and its application will probably impact contemporary financial processes in a way similar to that seen regarding informative processes activated by mass adoption of the internet. This technology has the potential to elevate the standards in the field of digital identity.
The protection of sensitive and personal data is of paramount importance for the public society, both on an individual level as well as on a collective/commercial level. The right to protect our personal information coincides with the right to protect our own life.
Privacy protection in WizKey
Wizkey addresses its solutions to those financial institutions and operators such as banks, investment funds and servicers. All of them require the highest standards of privacy: they handle massive quantities of personal data, it is essential for them (and for us) to protect this information in the best way possible. We developed our platform Wizkey define keeping this in mind and posing particular attention on privacy and the way it guaranteed: the platform is designed to guarantee compliance with regulations and to assure the operators the highest privacy level. Unlikely other operators, Wizkey decided not to have access to customers’ data on the platform, nor we can supervise transactions carried out on it. In the light of what previously mentioned, it is clear that these institutions must give maximum priority to privacy protection, this approach will automatically create a more inclusive ecosystem where the customer feels safe and truly resilient to malevolent actions.
We aim to guarantee maximum privacy to our users, both for their personal information and the transactions they will carry out through our platform. We achieved it thanks to the separation between the WizKey Node (WKN) and WizKey services (WKS). When the user decides to use Wizkey Define to sell his credits he has to open and set up a WZN, which is a docker image deployable on a containerized infrastructure, both on-premise and on a dedicated cloud account. If the user decides to open it on-premise, then it could be deployed on its private network, creating a DMZ or segregating it. Otherwise, the user could decide to rely on the cloud service on which WizKey works. In both cases, the user has complete control over the documentation (i.e. data and metadata) uploaded on the platform, as they will never be stored in a server or a cloud account managed by WizKey but rather in its own, private, unlimited data room. Furthermore, the WKN provides an automated system for checking notarization of documents on the blockchain, protecting users from potential fraud risks (e.g. the same credit inside two different portfolios or the double-pledge of an invoice). Such an architecture allows us to deploy, on every single WKN, AI services that will be trained locally, granting our users that data elaborated by the AI will never be visible to any third party.
Regarding public blockchain, a common question that could come up is if the data will be public. The answer is no. Data registered on the blockchain are hash of documents: making use of a one-way cryptographic algorithm such as SHA-256, none can recreate the original document but the owner. Moreover, linking a user to a public address is not an easy task, and it will become far more difficult once a more secure cryptography algorithm will be deployed (e.g. ZK-SNARKS, ZK-STARKS and ZK rollups).
Along with the WKN, users will benefit from the WKS, a single-tenant cloud-hosted services released by WizKey. WKS implement routing and login services: authentication of users ensures Know Your Customer (KYC), and this allows us to create a list of addresses used for the settlement of transactions. Simply put, WizKey is similar to a telephone exchange: we have the list of the WKN, that is our phone book and we use it to route one user with the other when a transaction has to be settled. WizKey never has access to any data nor it acts as an intermediary in any transaction, it just provides the necessary routing between two parties
Privacy as never seen before
Wizkey Defines comes with a specific architecture that provides its users a significant advantage over privacy protection. At all times, operators have complete control over sensitive data (including price-sensitive information), documentation of any kind will always be available to the owner only and no one can have access to it unless permission is granted. The setup of a WZN combined with the accessibility of WKS allows the operators to carry out transactions and management at the highest level of security and privacy.
Since the beginning, the choices made by the Wizkey team have been dedicated to ensure the maximum level of protection for our users’ privacy and sensitive information, while at the same time ensuring the maximum level of transparency and legal protection during the processes.