Distributed Ledgers And Their Implications In Information Technology Law

Year 2023, Volume: 5 Issue: 2, 15 - 27, 29.12.2023

Necla Sümer Özdemir

Abstract

Electronic communications security has gained a considerable significance in parallel with the increasing usage of the information and communication technologies. Being one of these technologies, distributed ledger technologies (DLTs), more specifically the blockchains, are regarded as a revolution which propose a new era, called “blockchain of things” following the era of “internet of things”. While DLTs promoted the business functionalities and compliance with information security obligations, it has also some vulnerabilities. By the DLTs the cost of intermediaries could easily be eliminated while at the same time assets/transactions are recorded and secured digitally. Nevertheless, this has simultaneously resulted in decentralised power/anarchy. Besides, majority of the studies focus on the contributions of the DLTs. This article aims to concentrate on the security aspect of this technology, which is often disregarded. Thus, after addressing fundamental characteristics of DLTs, it will unfold their tools and advantages in terms of compliance to information security obligations, then, exercise its vulnerabilities and related risks with respect to information security legal frameworks from over the world.

Keywords

distributed ledger, blockchain, encryption, anonymization, information security

Ethical Statement

This article is based on a study of the author presented for the master program in Queen Mary University of London.

Dağıtık Defterler ve Bilgi Teknolojileri Hukukundaki Yansımaları

Abstract

Elektronik haberleşme güvenliği, bilgi ve iletişim teknolojilerinin artan kullanımına paralel olarak kayda değer bir önem kazanmıştır. Bu teknolojilerden biri olan dağıtık defter teknolojileri (DLT'ler), özellikle blokzincirler, “nesnelerin interneti” çağının ardından “nesnelerin blok zinciri” olarak adlandırılan yeni bir dönemi çağrıştıran bir devrim olarak kabul edilmektedir. DLT'ler, ticari işlevleri ve bilgi güvenliği yükümlülüklerine uyumu sağlamakla birlikte bazı güvenlik açıklarına da sahiptir. DLT'ler sayesinde, aracılık maliyetleri kolayca ortadan kaldırılabilir, varlıklar/işlemler dijital olarak kaydedilir ve güvence altına alınır. Ancak, bu aynı anda adem-i merkeziyetçilik/anarşi ile sonuçlanmaktadır. Dahası, bu alandaki çalışmaların çoğu DLT'lerin katkılarına odaklanmaktadır. Bu çalışma, DLT’lerin genellikle göz ardı edilen güvenlik yönüne odaklanmayı amaçlamaktadır. Bu çerçevede, DLT'lerin temel özelliklerini ele aldıktan sonra, bilgi güvenliği yükümlülüklerine uyum açısından DLT'lerin araçlarını ve avantajlarını ortaya çıkaracak, ardından dünyanın dört bir yanındaki bilgi güvenliği yasal çerçevelerine ilişkin güvenlik açıklarını ve ilgili riskleri analiz edecektir.

Keywords

dağıtık defter, blokzincir, şifreleme, anonimleşme, bilgi güvenliği

References

• Accenture. (2016) Seizing the Opportunities Unlocked by the EU’s Revised Payment Services Directive PSD2: A Catalyst for New Growth Strategies in Payments and Digital Banking. Everyday Bank Research Series <https://www.paymentscardsandmobile.com/wp-content/uploads/2016/05/Final-Accenture-Payment-Services-PSD2-PoV-Web-April-2016-1.pdf> accessed 3 May 2023.
• Article 29 Data Protection Working Party. (2014) Opinion 05/2014 on Anonymisation Techniques 0829/14/EN WP216. <https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf> accessed 4 November 2023.
• European Network and Information Security Agency. (2014) Network and Information Security in The Finance Sector: Regulatory Landscape and Industry Priorities. <http://bookshop.europa.eu/uri?target=EUB:NOTICE:TP0514150:EN:HTML> accessed 10 February 2019.
• European Union Agency for Network and Information Security. (2015) Information Security and Privacy Standards for SMEs: Recommendations to Improve the Adoption of Information Security and Privacy Standards in Small and Medium Enterprises <http://bookshop.europa.eu/uri?target=EUB:NOTICE:TP0215977:EN:HTML> accessed 4 November 2023.
• Fedorov, A. K., Kiktenko, E. O. and Lvovsky, A. I. (2018) Quantum Computers Put Blockchain Security at Risk. Nature, 563, 465.
• Filippi, P. D. and Wright, A. (2018) Blockchain and the Law: The Rule of Code (2nd edn). Cambridge, Massachusetts: Harvard University Press.
• Kuszmaul, W. (15 January 2019) The (Almost) Secret Algorithm Researchers Used to Break Thousands of RSA Keys. Algorithm Soup <https://algorithmsoup.wordpress.com/2019/01/15/breaking-an-unbreakable-code-part-1-the-hack/> accessed 3 May 2023.
• Lee, Y.N. (12 December 2017) Bitcoin Hack: Expect Larger Cyber Attacks in 2018, A10 Networks Says. CNBC <https://www.cnbc.com/2017/12/12/bitcoin-hack-expect-larger-cyber-attacks-in-2018-a10-networks-says.html> accessed 3 May 2023.
• Lexis PSL TMT Team (ed). 2018. An Introduction to Technology Law (1st edn). United Kingdom: LexisNexis.
• The EU Blockchain Observatory and Forum. (2019) Blockchain and the GDPR <https://www.eublockchainforum.eu/reports> accessed 3 May 2023.
• The EU Blockchain Observatory and Forum. (2018) No Law unto Itself: Blockchain and the European Legal and Regulatory Framework. EUBlockchain <https://www.eublockchainforum.eu/news/no-law-unto-itself-blockchain-and-european-legal-and-regulatory-framework> accessed 9 February 2019.
• Turkish Data Protection Authority. (2018) Kişisel Verilerin Silinmesi, Yok Edilmesi Veya Anonim Hale Getirilmesi Rehberi <https://www.kvkk.gov.tr/SharedFolderServer/CMSFiles/bc1cb353-ef85-4e58-bb99-3bba31258508.pdf> accessed 11 May 2023.
• Turkish Republic Ministry of Environment, Urbanization and Climate Change. (2022) Blok Zincir ve Metaverse Teknolojisi Çalışma Heyeti Sonuç Raporu <https://webdosya.csb.gov.tr/db/cbs/icerikler/blokz-nc-r-ve-metaverse-calisma-heyet--raporu-20220823173218.pdf> accessed 4 November 2023.
• UK Government Office for Science. (2016) Distributed Ledger Technology: Beyond Block Chain <https://www.gov.uk/government/news/distributed-ledger-technology-beyond-block-chain> 3 May 2023.
• Park, Jin and Park, Jong. (2018) Blockchain Security in Cloud Computing: Use Cases, Challenges, and Solutions. Symmetry 9, 164.
• Presidency of Republic of Turkiye-Presidency of Strategy and Budget. (2023) Medium Term Program 2024-2026 <https://www.sbb.gov.tr/orta-vadeli-programlar/> accessed 4 November 2023.
• Ray, S. (20 February 2018) The Difference Between Blockchains & Distributed Ledger Technology. Towards Data Science <https://towardsdatascience.com/the-difference-between-blockchains-distributed-ledger-technology-42715a0fa92> accessed 25 February 2019.
• Stephen, R. and Alex, A. (2018) A Review on BlockChain Security. IOP Conference Series: Materials Science and Engineering 012030, 396.