Post 5 - Data - Using blockchain to securely provide an audit trail

Stuart Berman

Published Sep 29, 2024

This is part five, where I discuss how digital data may be formatted in order to preserve it and link it to an owner.

So far I have discussed the value of data, the key to data ownership with digital identity (DID) and next how we link that DID to the digital data itself.

Why can't we just store our data on USB sticks? We can, but due to the ease of copying anything digital there is no proof that I own it. And even if I can somehow prove that I own it, what prevents someone from altering it (what we often see today as the case of 'deep fakes')?

A popular open source Web3 technology called InterPlanetary File System (IPFS) has been around since 2015. It allows people to easily replicate data and has a built in mechanism for non-repudiation (data integrity). A key principle of Web3 is user control of their data.

Unlike traditional web URLs which simply point to a location of a file, IPFS uses a Content Identifier (CID) to point to the content (data) that was originally created, if anything changes with the content then that CID is no longer valid, as the CID can only retrieve the exact copy of that data.

But how does that help us with linking data ownership? This is where we use blockchain to immutably link the owner's token to the CID. This is easily done today with NFTs (non-fungible tokens).

A public blockchain provides both immutability and decentralization (meaning that there is no single owner to make changes to the records on chain).

There are systems today that are built on IPFS such as Filecoin, which has a public blockchain, has a mechanism for preserving long term storage of data and today holds billions of megabytes of data.

Filecoin also has a daily built-in proving mechanism which provides 'proof of storage' to ensure that the content of the CID has not been altered or corrupted, ensuring that when data needs to be retrieved there will be no surprises.

CIDs use cryptography such that stored data can be used as evidence in legal proceedings. Here is an example where photographs are using CIDs to show provenance as unaltered evidence. See: Explore authentication data in Rolling Stone article

We see CIDs being used now to authenticate sources of artificial intelligence source material as a way to prove provenance, as well. See: EQTY Lab

CIDs can be embedded within other content such that the entire collection of verified digital data that anyone can easily validate. I can imagine that whether I am looking at a social media post or a news report, that each image will have a small green check mark that will indicate authenticate content, which if clicked on will prove the origins of the data, even if the author is anonymous. (From earlier posts, a person can prove their authorship even of anonymous content, in this case, let's call that person anonymous1257, and anonymous1257, although their identity is unknown, will have other content that will establish their reputation and be unique among all of the other anonymous authors.)

Now we can pull all of these elements together: A person or entity creates and stores their valuable data in digital form using their proof of ownership, tied to a system that will provide long term proof of storage that is non-repudiable and can be audited with a form of proof of access.

The challenge for developers and builders is to combine these systems in a way that is simple to use and valuable to consumers, while being fool proof:

1. Create or modify front ends for people to create and load their data, this can be social media application, medical data systems, music repositories, etc. which use CIDs

2. Create a front end for people to easily obtain an irrefutable entity token tied only to them which can use other independent services to create identities that the entity token is used to manage, without the use of passwords or other easily cracked secrets.

3. Create an easy to use front end used to store and access digital data tied to user managed identities, use existing back ends such as IPFS or Filecoin for blockchain records with CIDs.