Bankless Times talks to Chris Were, co-founder and CEO at Verida since early 2021, who led the technology design and implementation of the Verida Network and Wallet. An Australian-based technology entrepreneur, Chris has spent more than 20 years devoted to developing innovative software solutions across diverse industries including finance, media and healthcare industries.
Mr. Were, what inspired you to start Verida?
A number of years ago, I started a company in Australia called Community Data Solutions. We were building CRM systems for nonprofit organizations. As a part of that work, we had to deal with a lot of very sensitive information – Personally Identifiable Information (PII) like name, address, date of birth, and also case notes for people with gambling addiction or victims of domestic violence. This required technology and processes to protect this data.
Over time, I spoke to many customers and realized that despite providing valuable software to these organizations, the end clients – the people needing help – were getting lost in the process. The introduction of cloud software and software-as-a-service (SaaS) business models meant that people lost control of their digital identity and data.
The Cambridge Analytica hack on Facebook reinforced the need for a shift in how we think about digital identity and personal data. This led to the inception of Verida, where I explored blockchain technology to give individuals control over their digital identity and data.
How would you describe what Verida is and does?
Verida is first and foremost a decentralized physical infrastructure network, a DePIN, providing decentralized database storage infrastructure. All data is owned and controlled by users and their private keys. With a private key, users can read and write to a decentralized global database infrastructure efficiently, at low cost, in a way that meets regulatory compliance requirements.
Our long-term vision is for individuals to have complete agency and control over their digital identity and personal data. Besides the storage network, we’ve developed a high performance compliant decentralized identity implementation, the Verida wallet for interacting with applications and user data, an SDK for developers to build apps, and the Verida token supporting a new data economy around ownership, storage, sharing, and consent of personal data.
What makes your platform and the Verida wallet unique?
The Verida network is unique as one of the only decentralized data storage networks designed for personal information stored in a database. It includes encryption, privacy, and authentication at a core level, providing security for user data. The network is region-aware, allowing users to have their data stored close to their physical location for regulatory compliance.
The Verida wallet is a web3 super wallet, supporting multiple blockchains, implementing decentralized identifier standards, and facilitating data storage using the Verida network. It includes a consent interface and a powerful inbox for user data sharing and consent management.
How can patients control what happens to their data?
Currently, patient data is stored in centralized systems, whether it’s at your local GP’s office, within a hospital, or possibly with your physiotherapist. Some of your health data may reside on your phone or watch, where your Apple Watch tracks your heart rate, or Strava monitors the bike rides in your exercise routine. Consequently, healthcare data is fragmented and challenging to access.
In the Verida model, our aim is to empower individuals to utilize APIs and integrations to retrieve their data from various sources, whether it’s in Apple Health, a hospital system, or with a doctor. The objective is to provide users with control over their data and furnish them with an interface for seamless sharing. This includes the ability to determine when, where, how, and for what duration their data is shared. This represents a novel and potent model, incorporating features such as allowing users to delete their data or revoke access to a third party.
How can the blockchain safeguard patient privacy?
Interestingly, the blockchain poses challenges in safeguarding patient privacy due to its inherent characteristics – transparency, openness, and limited data storage capacity. Blockchain is slow and not suited for storing substantial amounts of data while maintaining privacy.
However, the blockchain plays a pivotal role in coordination and discovery within the Verida network. We leverage the blockchain to register storage nodes dedicated to storing data for users, facilitating a system where users can discover these nodes for their data storage needs. Moreover, the blockchain is instrumental in users registering their identities, providing a secure means for individuals to prove their existence and identity. This, in turn, enables discoverable interactions, like sending messages or locating servers for authentication when communicating with a user’s database.
Additionally, the blockchain serves as a foundation for token functionality within the Verida network. Tokens, in this context, play a crucial role as a method of payment for utilizing infrastructure. Users can seamlessly pay in tokens to access storage, store their data securely, and facilitate the smooth transfer of messages.
While the blockchain isn’t directly employed for data storage due to its limitations, it acts as a powerful tool for coordinating the network, thereby ensuring the security of the data. Consequently, the actual storage of data occurs on the decentralized network of storage nodes, strategically coordinated by the blockchain.
What are the main causes of medical data theft?
By far the largest causes of medical data theft is hacking, with attackers exploiting vulnerabilities in medical software or engaging in software engineering of key personnel to obtain access to healthcare systems.
What are the worst possible consequences of medical data theft?
I’ll address an extreme scenario. During a conversation with a healthcare expert in a war-torn country, a chilling account emerged. In the aftermath of a military coup, the military seized control, initiating ethnic cleansing. Disturbingly, armed forces visited doctors’ offices, coercing workers to surrender all healthcare records at gunpoint. This information enabled them to meticulously identify potential targets for abduction or more severe actions.
While this is an extreme case, it underscores the broader issue of cultural identification and discrimination through the illicit use of healthcare data. Unfortunately, such instances are more prevalent than they should be, highlighting a grave consequence of medical data theft.
Do you think this type of theft has the potential to get worse with time?
Certainly, another alarming example revolves around the recent data leaks at 23andMe, a DNA company aiding individuals in navigating their family tree through genetic information. This incident involved a substantial and highly valuable dataset. The potential exposure of such data poses significant risks, allowing access to ethnicity information and various targeted details about individuals worldwide, transcending specific countries. The digital nature of this process enables swift and efficient exploitation.
This underscores the inherent dangers of centralized systems, acting as substantial honeypots that attract hackers seeking to invest considerable effort and resources to access and extract valuable information. The constant evolution towards digitalization and the continual generation of new digital data further elevate the risks associated with these types of data thefts. As larger corporations centralize vast amounts of people’s data, the vulnerability to theft intensifies, amplifying the potential impact on individuals.