Bitcoin’s Biggest Problem Isn’t Child Porn, It’s GDPR


Join our community of 10 000 traders on Hacked.com for just $39 per month.

This week, a barrage of articles came out proclaiming bitcoin’s demise. They had titles like “Bitcoin Could Become Illegal Almost Everywhere, After Shocking Discovery in The Blockchain“, “Bitcoin’s (BTC) Story May Have Come To An End” and even “Child Abuse Content on Bitcoin Blockchain: Can Node Operators Be Prosecuted?“. The basic premise of these articles is as follows:

  • A research report “A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin“, claims that there are 8 instances of blockchain encoded data which would be considered child porn in “many jurisdictions”
  • Out of these 8, “five files only show, describe, or link to mildly pornographic content”, two of the other three contain lists of links (although there’s no evidence that any of these are still live). One contains an image depicting “mild nudity of a young woman”
  • Somehow this makes anyone running a full Bitcoin node a criminal guilty of possession and distribution of child pornography

This claim just doesn’t make a lot of sense. First of all, the links themselves don’t constitute child pornography. Second of all, the researchers have not cited any of their “findings” on the blockchain meaning it’s impossible to verify the validity of their claims. Third of all child pornography law is (perhaps unfortunately) far more nuanced than the authors of some of the aforementioned articles make it out to be.

This is an entirely computer-generated image and therefore does not legally constitute an “actual person”

Although the paper mentions many jurisdictions, we’ll use the United States as our example. It’s probably the most well known to readers and also reflects the general sentiment of laws in different countries. U.S. law states that you must “knowingly possesses any image that contains child pornography, and the image moved interstate commerce or was made by items that moved in interstate commerce”.

I think it’s safe to say that all miners are unaware of any child pornography on the blockchain. I’m personally doubtful anyone is aware of any child pornography on the blockchain (because I don’t think there is any). Secondly, the courts have stipulated that the image must “show an actual minor child”. This is tougher than it sounds to prove (see image on the left).

Computer generated images aside, it’s also tough to prove someone in an image is a child despite age. We all know Photoshop can do a lot and these include making young looking 18 your olds look much younger. For this reason, about half the time, courts have to establish the identities of victims. This is becoming extremely hard as technology progresses and is another reason the articles above employed irresponsible reporting by claiming the blockchain contains child pornography.

Despite the ludicrousness of some of the claims surrounding child pornography on the blockchain, its immutability does cause other issues. Namely compliance with another law known as the General Data Protection Regulation (GDPR). GDPR is a regulation which aims to give users back control of there data. It also raises a few issues which are relevant to the blockchain.

The biggest of these is the right to be forgotten. Also known as data erasure, the GDPR website describes it as “data no longer being relevant to original purposes for processing, or data subjects withdrawing consent”. This means that EU citizens can file “right to be forgotten requests” and organizations must delete their data. This is a huge problem in blockchain applications. Let’s take cryptograffiti.info for instance, which runs on the Bitcoin Cash blockchain. CryptoGraffiti allows users to post images or text on the blockchain to be permanently stored. As an example for this story I wrote the following message:

 

Suddenly, I’ve changed my mind and I would like to exercise my “right to be forgotten”. I can submit a request to cryptograffiti.info. They’d be forced to comply, but that’s not all. This data was written to the blockchain in this transaction. This means it now resides on every single bitcoin cash block explorer. I now have to submit requests to blockexplorer.com, bitcoin.com, blockdozer and the list goes on. They all will also be forced to comply under GDPR rules. Then there are the miners.

Under GDPR, every miner is a “data processor” who holds the data, meaning I can ask them to delete the data and under the law, as it’s written now, they have to comply. One can quickly see this getting out of hand. Bitcoin and Bitcoin cash are publicly held blockchains, no one “owns” them so in theory, no one can be accountable for GDPR compliance. This is not the case for blockchains started by a corporation, which are in a legally ambiguous area.

These questions cause serious issues for any company looking to use blockchain in their tech stack. Can a company like Toyota really use BigChainDB and remain compliant with GDPR. It’s obvious moving forward that something has to give: blockchain applications cannot exist under the laws put forward by the EU.

Featured image from Shutterstock.

Follow us on Telegram.
Advertisement

Source