AnuragHydro
commented
6 years ago A paper trail of access requests, and permissioned reads are definitely very useful. The problem is, it's tough to enforce permissioned reads if the docs are stored publicly, and it's tough to enforce a paper trail if they're stored locally. I think there are some solutions using zero-knowledge proofs or other privacy techs, but they might end up being pretty computationally heavy, and we'll need to think through exactly what this would look like structurally when we get a chance (or open call if anyone wants to write out specs for a zero-knowledge implementation of on-chain document storage with access gateways! @milvinae - might be worth considering making an HCDP task for this.
milvinae
This isn’t direct feedback on the whitepaper, or financial services related, however, given that Hydrogen is developing financial services but has opened the protocol up to any developer for any contractual structure, than other uses would be relevant.
In considering the Hydro ecosystem, particularly Ice, two potential use cases have come to mind that have potential financial implications as well as privacy issues and legal ramifications. These ideas may have functionality elsewhere, however these are areas that I am familiar with.
Of course these have to be considered as part of the larger Hydro ecosystem and not just Ice.
The first case relates to the retention of data and transfer of data across departments and/or stakeholders. This is particularly significant in Government departments where a huge amount of sensitive data is stored and shared.
Due to the advent of the GDPR there is a currently a massive shake up going on across the UK and Europe. Data has to be stored securely and any loss of data has to be reported to the Information Commissioners Office, with fines of up to €20million possible. Although the increased standards are a welcome thing, this has resulted in a huge overreaction, with the bulk deletion of files, removal of permissions and shutting down of file transfer systems across all departments, with no consideration of what the files are, what data is already in the public domain, or who has the correct permissions/ownership. It’s a case of lock it all down and we will deal with it on an individual basis. This can include all USB flash drives, CD burning, and cloud storage services.
From a cost consideration this is understandable; many departments and companies are under financial hardship, especially in the UK Government sector where austerity has a stronghold, so cost vs quality will always be a trade-off.
How could Ice help this?
Employees could be provided appropriate authorisation level via a Snowflake as determined by their employer. This would state what documents they have access too, and what pre-determined clients/stakeholders they can send to, any receiving party would also need the appropriate Snowflake verification to prove that they are authorised to read said data.
At the same time each document would be stamped under the Ice protocol to only be available to authorised persons and no one else. These documents could be read, uploaded, and sent to all relevant parties without the fear of the wrong person reading them and with a paper trail of who has accessed the data and when they accessed it.
Alternatively a document may not be sensitive and may just have a simple data stamp with no restrictions, for example documents in the public domain that are not freely available for whatever reason, e.g. historical documents, document size, or storage space. In this case the document could be read, uploaded and sent to any recipient without the issue of systems being locked down preventing a fluid workflow.
The mass lockdown of systems is an issue. Overzealous policies are understandable, people can be careless or, in some cases, malicious, so these policies make sense. With the correct development we could see the Hydro ecosystem open up these systems and make the workplace both more efficient and more secure, in the long-term.
The second use case is more targeted to a particular industry, again not financial, however I see this to be an interesting case for Ice and document stamping.
Currently laboratories have a significant paper trail that has a number of steps where potentially life changing mistakes can be made, or fraud can be committed. In simple terms a sample is taken and logged with a chain of custody (often in paper format) and packaged under the conditions appropriate for that sample (temperature etc). The sample is then taken by courier, who has their own chain of custody, to a laboratory. Once at the laboratory the sample is logged and stored appropriately until picked up for preparation and analysis. Once analysis has taken place the results are sent to the relevant party to do what they need to do with it.
Such a chain has multiple points of failure, such as have the samples been properly labelled and packaged, has the courier treated them appropriately, who has handled the sample, and has the lab undertaken the correct analysis. It is also the case that historically, labs were not willing to send out results electronically as they believed they were more easily manipulated.
Although many of these aspects have improved greatly over the years, and results are more detailed and available electronically, in many cases the final report is only available to the end user as a paper document with no validation that it is the correct document, without manipulation, and the full chain of custody was complete.
With Ice, and Snowflake, it should be possible to develop an api that follows a sample from start to finish, documents all parties involved, and ensures that all parties involved are made accountable. Sensitive lab results could be made available electronically to relevant parties and stakeholders could be sure that the samples that were sent were the same as the ones on the results sheet in front of them.
It is understood that Ice is geared towards the financial industries, however I believe there to be many related industries that could benefit from the ecosystem if the right developers get involved.