NFTs: The Privacy Angle
Non-Fungible Tokens (“NFTs”), as the name implies, are tokenized representations of non-fungible assets (physical or digital). Each NFT is unique and contains unique identifiers, data, and metadata. The NFT not only identifies what that NFT represents – a work of art or real estate for example – and its value, it also provides authentications, ownership interests and rights, and any other pertinent information.
NFTs “are an evolution over the relatively simple concept of cryptocurrencies….” And while a “digital representation of physical assets is not novel…when combined with the benefits of a tamper-resistant blockchain of smart contracts, they become a potent force for change” (Sharma, 2021).
While NFTs have entered the public consciousness through high-profile (sometimes bemusing) transactions like the sale of “Beeple’s digital artwork “Everydays: The First 5000 Days,” for $69 million, their potential for advancing concepts like distributed finance (“DeFi”), create new market efficiencies, and democratize investing to the benefit of value creators and purchasers alike is profound.
In economies governed by information exchange, NFTs look to be the next generation of information transfer. And privacy will increasingly play a role.
Blockchain and NFTs were a topic of discussion at the recent Spokes Privacy Conference session NFTs: The Privacy Angle. WireWheel Co-Founder and Chief Scientist Amol Deshpande presented a primer on blockchain, and Luca Cosentino, Product Lead at Oasis Labs, elucidated the existing and potential NFT ecosystem.
Blockchain and NFT: A Primer
Blockchains are the fundamental technology on which cryptocurrencies and now NFTs are built, explains Deshpande. A blockchain in a sense is a shared ledger…not unlike a ledger that a bank might maintain. But instead of a single entity controlling the ledger, a blockchain is maintained in a distributed, decentralized fashion.
To add an asset to this “ledger,” a set of rules must be followed that have been agreed in advance by everyone involved. As long as those rules are satisfied, anyone can propose adding new transactions to the blockchain.
The blockchain is guaranteed (using cryptographic primitives) to be immutable. Once something is added to a blockchain it cannot be changed in any way.
The decisions about what specific transactions or records to add to this ledger are also made in a decentralized fashion, validated by either a “proof of work” like bitcoin uses, or more eco-friendly alternatives like “proof of stake” that Ethereum is trying to move towards.
Although a decentralized currency was the original motivation for the first popular blockchain Bitcoin, over the last decade many decentralized apps, especially decentralized finance apps (“DeFi Apps”) have been built on top of blockchains.
NFTs are also built on blockchain, enabling more use cases that are being explored by many companies today.
NFTs: What’s Their Value?
NFTs came to market as an alternative to fungible (i.e., individual units of a commodity capable of mutual substitution) tokens like Ethereum and Bitcoin. As each Bitcoin or Ethereum is equivalent in value, there is no distinction between the first, second, third, hundredth, or thousandth token. There is no way, or need, to distinguish one from the other.
But when you consider other forms of value – which are not necessarily monetary – but mostly related to information, or goods, it is clear how NFTs differ from the currencies or the need to represent currencies in a digital form.
An artist creates a digital artwork and then wants to create a token that represents this work. The way to do it is with an NFT that contains data proving the authenticity of that creation; proves the ownership of that creation, and may also be a proof source for other information like the history of transactions associated with art, or other useful information.
Why is this important or even interesting?
If we think about a piece of digital art in the digital context one can imagine going to an online gallery and wanting to buy the digital artwork.
Questions that might immediately come to mind include the artist’s identity; proving the authenticity of the work; how many copies, if any, exist; the transaction history; and how can you prove to other people that the piece your required is authentic The NFT is meant to do all these things in the one token that represents the artwork.
For some, the idea of owning something in purely digital form, that may have an unlimited number of “copies,” and in fact, may be accessible online for public view can be a bit of a hurdle to get over. But this has an analogy in the traditional art world as well.
Consider, there is only one Mona Lisa. And there is certainly a unique level of satisfaction (and even exclusivity) standing in the Louvre looking at Da Vinci’s original. While looking at a copy may not rise to that level, it is not valueless as evidenced by the commercial success of copies. In fact, the Mona Lisa is the most copied painting in the world. There are countless reproductions of all types, and her image appears on a lot of merchandise (from postcards to t-shirts). None of which command exclusivity, but they clearly have value and give pleasure to those who have paid for them.
“NFTs are meant to do the same thing” explains Luca, “for any kind of creation and any kind of value that can be produced by creators” in the digital, or corporeal realm.
“The ability of NFTs to enable a creator or asset holder – whether it’s a piece of art, music, real estate, blog post, or some other thing – to tokenize it and sell, share, or grant some other rights to an individual or company interested in that asset, peer-to-peer, without a central controlling institution is compelling.” (Cosentino, 2021)
NFTs: Limitations & Concerns
As NFTs are increasingly being explored, there are things that we need to be aware of (most of which generally apply to blockchain as well).
One thing to keep in mind is that almost none of this has been regulated thus far. While we have seen some regulation around the use of cryptocurrencies as currency; with regard to the data that are on the blockchain, there is very little specific regulation that governs it.
“A very simple question like ‘who is the data controller?’, becomes difficult in this context” cautions Amol, as the data is hosted in various different locations. Understanding who the data controller is can become a crucial question, particularly in the context of fraud.
Another thing to keep in mind is that a participant can retrieve entire histories to verify, for example, ownership changes. This means all data on a blockchain is publicly viewable. Because of this transparency, there are limitations to what data can be stored on the blockchain directly.
One solution is to move data to “off-chain” storage, where private data is not kept on the blockchain itself, but rather, there is a pointer to the data on the blockchain. However, “at that point, you lose the promise of verifiability, and immutability of on-chain storage, opines Deshpande, but in many scenarios, off-chain storage is likely the only viable path forward.”
In short, there appears to be a conflict between privacy and the need for both verifiability and immutability necessary to the proper functioning of blockchains and the NFTs that leverage them.
Solving the Privacy Problem
There are three categories of challenges with regard to privacy, suggests Luca:
- The authenticity and ownership of the information,
- The regulation of, and incentives to, participate in a system that doesn’t offer the ability to separate private and public information; and critically,
- The many use cases that would not be possible without some level of privacy.
The solution is pretty much the same regardless of which use case we are describing. And I think the idea is always the same: the separation of public and private information by what is called privacy-preserving computation. This means that even though the data is private, the ability to use this data is never compromised.
This is the most important and fundamental property.
Significantly, while both technical and non-technical people often perceive some tradeoff between using data and revealing the data to third parties – and accept onboarding a level of risk associated with using the data – now, this tradeoff is no longer necessary.
Because there is a third way (i.e., privacy-preserving computation) that allows data to be utilized without being revealed to another person or entity, broader use cases at scale are enabled.
It is these use cases – and the role of privacy in the context of NFTs – that are far more interesting than the actual technology (which is the current industry focus), enthuses Luca.
Ultimately, as Luca wrote, NFTs will “allow content producers all over the world to create experiences, create products, or even create new use cases for [tokens which] are eminently scalable, extensible….This ability is unconstrained by who you are, where you are, or the nature of the underlying asset. There is very little friction.”
 A blockchain transaction’s approval comes from a process known as consensus….Bitcoin transactions join the blockchain using a form of consensus known as proof of work. The process requires the blockchain nodes to compete against each other to answer a mathematical equation with an answer that starts with four zeros. Different blockchains can use different algorithms. Bitcoin uses the SHA-256 algorithm [a hash value]….This process is called mining (Hamilton, 2018).
 The proof of stake consensus mechanism came about as a direct result of the insane amount of electricity Bitcoin miners gobbled up….Proof of stake consensus eliminates the need for computers to battle over who is next to add a block to the blockchain. Instead, the protocol chooses nodes randomly or based on their holdings, size, or time in operation. (Hamilton, supra note 1)
 Secure multi-party computation (also known as secure computation, multi-party computation (MPC), or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Unlike traditional [cryptography focused on keeping an adversary out]…this model protects participants’ privacy from each other. (Wikipedia.org)
Suggested Blog Posts
A key component of privacy governance is assessments. While Records of Processing Activity (ROPAs) do not assess risk...
Retrieve Unstructured Data and Save Time With WireWheel’s Trust Access and Consent Center’s M365 Integration
Privacy Laws continue to proliferate across the globe. Many of these laws, including the European Union’s GDPR,...
We are seeing a parallel to what the financial and banking industry went through during the early years of...
Congressional testimony from a former Facebook employee has sparked outrage over the governance of the company’s...
Introduction ‘Personal Data’ has different legal definitions in the GDPR, CCPA in California, CDPA in Virginia, LGPD...