Page 467 - Kaleidoscope Academic Conference Proceedings 2024
P. 467

Innovation and Digital Transformation for a Sustainable World




           architectures from the data identification design flow. This is   4.4   Censorship resistance
           done by giving individuals tools such as digital wallets to
           manage  who  has  access  to  their  data  for  verification  and   Decentralization,  immutability,  transparency,  and  peer-to-
           transaction services via their personal devices. SSI design   peer  networking  creates  an  environment  resistant  to
           flow  uses  claims  (requests),  proofs  (evidence),  and   censorship. Coupled with privacy models such as SSI this
           attestations (validation) allowing individuals to choose what   allows for everyone to participate equally in the conversation
           they  share  and  when.  As  well  as  the  increase  to  personal   about  local,  state,  and  global  policy  without  fear  of
           privacy this model reduces risk derived from attacks to large   retribution. However, we must be cognoscente that although
           scale centralized data stores. Through this design individuals   the blockchain itself is censorship resistant, the application
           create  unique  decentralized  identifiers  (DIDs)  to  create   layer could still introduce control points or vulnerabilities
           public  keys  for  verification  allowing  secure  peer-to-peer   that potentially allow censorship. Therefore, it is essential we
           connections.  This  is  supported  by  authentication,  service   introduce  technology  design  principles  that  discourage
           endpoints, timestamps, and private key signatures to ensure   development  that  may  allow  for  this,  whilst  championing
           verifiable  histories.  As  well  as  offering  opportunities  for   designs that introduce real self-sovereign privacy controls.
           removing  intermediaries  from  the  verification  process  for   Other challenges that have been raised include concerns over
           individuals, SSI can be used by legal entities to verify their   anonymity being an opportunity for increased illicit and/or
           DID with company documents. One main challenge to SSI   society  damaging  activities.  A  study  of  Tor  entry  nodes
           is its lack of interoperability, although developments such as   estimated  that  around  6.7%  network  users  accessed
           OpenAPI Specification and Open Telemetry standards are   ‘Onion/Hidden Services’ that are disproportionally used for
           working  towards  addressing  this.  Once  challenges  are   illicit activities [42]. However, one problem with using Tor
           addressed however, SSI alongside the blockchain becomes   based  indicators  in  discussions  regarding  the  impact  of
           integral to removing centralized surveillance models.   increased web privacy, is that Tor users are already a sub-set
                                                              of  technically  competent  web  users  looking  for  increased
           4.2   Decentralized Autonomous Organizations (DAO)   privacy  to  avoid  corporate  and  government  oversight.
                                                              Therefore, it could be argued that the percentage of those
           DAO’s  are  models  built  on  blockchains  utilizing  W3.0   doing so for negative social benefits is higher than those who
           technologies, digital assets, and democratic decision-making   currently do not seek Tor protections and are interacting with
           processes to distribute resources and coordinate activities.   the web in the knowledge that they may be being surveilled.
           They constitute technical frameworks that allow governance
           and  consensus  decision  making  by  eligible  participants,   4.5   Security vulnerabilities
           which  leads  to  collaborative  user  stakeholder  engagement
           and  drives  collective  benefits  rather  than  individualistic   There  are  several  potential  security  vulnerabilities  for  the
           corporate benefits. The privacy element of this model allows   blockchain  such  as  51%  attacks,  poorly  written  smart
           for  distributed  funding  without  identity  bias,  thereby   contracts,  Sybil  attacks,  routing  attacks,  time-jacking,  and
           improving the human rights of groups who may otherwise be   endpoint vulnerabilities, although the impact to personal data
           marginalized  by  centralized  organizations.  As  DAOs  are   is minimized by its structure. Whilst a single individual may
           underpinned by automated smart contract parameters, it is   suffer loss of data through a smart contract vulnerability or
           essential that contracts are designed with privacy-preserving   end-point  security  breach,  the  effort  and  cost  to  complete
           mechanisms that only require essential data points to execute   these kinds of attacks on a mass scale for the purpose of
           the  steps  needed  to  complete  the  contract.  Whilst  DAOs   accessing data becomes a deterrent to malicious agents. That
           allow transactions and governance without the need for an   does not remove the risk altogether, as we are aware of the
           intermediary  to  collect  and  store  personal  data,  privacy   proliferation  of  social  engineering  phishing  scams  but  the
           remains  paramount  in  a  model  that  requires  transaction   ability  to  access  large  data  sets  with  a  similar  impact  to
           transparency to reinforce the token-based voting model.   historical  W2.0  breaches  is  made  near  impossible.  By
                                                              moving the data loss risk from a centralized control point to
           4.3   Data Cooperatives (DC)                       individual users through SSI, we increase protections against
                                                              malicious agents who would acquire mass datasets, mine the
           Where DAOs focus on removing third party intermediaries,   data  for  vulnerability  markers,  and  make  use  of  that
           DCs are working on negotiating the terms of service against   information for more targeted attacks on individuals. This
           which intermediaries can remunerate members for access to   increased  protection  frees  users  to  be  more  open  in
           data  pools.  They  are  membership-based  organizations   expressing their identities without concerns about whether a
           specifically focused on managing data as a collective source.   central agent is appropriately protecting that information.
           They  are  not  inherently  tied  to  the  blockchain,  with
           distributed  database,  federated  cloud  service,  encryption,
           data  trust  frameworks,  and  API  management  all  offering   4.6   Regulatory and watchdog oversight
           potential avenues to create a DC. However, blockchain self-
           sovereign  protections  have  the  potential  to  simplify  and   If we change our communication and trade structure from
           increase trust to such concepts. Whilst DCs allow users to   centralized institutions acting as gatekeepers, to peer-to-peer
           monetize their data and often work on a one-member one-  trading, what do we do if something goes wrong and our data
           vote  decision  making  basis,  challenges  arise  if  a  member   is breached? To avoid the centralized controls of the current
           becomes unhappy with group decisions impacting their data.   W2.0 model we must avoid creating brokers and agents that




                                                          – 423 –
   462   463   464   465   466   467   468   469   470   471   472