How blockchain can contribute to WADA’s Defence against cyber-attacks.
By Ilaria Capitanio, D&D Consulting Services
The cyber–attacks occurred throughout the summer to WADA (World Anti-Doping Agency) and the consequent revealing of athletes’ medical records have raised the necessity of upgrading the safety of the agency’s database. An interesting option would be constituted by the blockchain system.
After the Russian doping scandal and repeated leaks in the security system, it appears that the World Anti-Doping Agency has survived the thunderstorm, and yet still faces some hard time ahead.
Rewinding the tape.
In July, following the release of McLaren Report the WADA denounced the widespread doping cases involving Russian athletes in what has been identified as “state doping” and prompted the International Olympic Committee (IOC) to impose a blanket ban on Russian athletes, which the IOC refused by delegating the decision to the single International Federations. Since August, a group of hackers identified as the “Fancy Bears” have gained access to the Anti-Doping Administration & Management System, i.e. WADA’s database of athletes’ medical records, by spear phishing an email account appositely created for the Rio 2016 Games. Through this cyber-attacks, the hackers penetrated a sensitive database carrying information on top athletes authorized by WADA to use substances for medical reasons which are normally included in WADA’s Prohibited List and have released fives subsequent waves of leaks.
Although the exemptions do not entail any doping offence, the WADA has been subjected to an assault of critiques not only as the mechanism of the Therapeutic Use Exemptions (TUEs) lacks of clarity and could be open to abuse, but also on the effective security of its database.
Commenting on the challenging assessment of clean athletes throughout the Rio 2016 Olympic Games, IOC President Thomas Bach has declared that the Committee will ask for“a full review of WADA’s Anti-Doping System in order to make it more robust, more efficient, more transparent and more harmonious”. This goal was the object of discussion during last IOC Summit, which took place in Lausanne on October 8: during the Summit, WADA received a mandate to protect clean athletes, which is “an absolute priority for the entire Olympic Movement”. Mr Bach further advocated for “an independent and worldwide harmonized fight against doping by a stronger World Anti-Doping Agency”.
However, the most important call for action has been launched by the athletes, as far as a total of 107 Olympic athletes have indeed been affected by the leaks and the risk is not defeated yet. Although athletes such as distance runner Mo Farah and tennis champion Rafael Nadal have declined to comment or have acknowledged the granting of the TUEs, several athletes such as hockey gold medallist Sam Queck have expressed their discomfort at the public display of their health records and at the allegations that their TUEsare regarded by a part of the larger public as a stain on their Olympic achievements.
Angela Ruggiero, the recently appointed President of IOC Athletes Commission, has declared that “the data privacy of athletes’ medical information in ADAMS is paramount and a key concern for the IOC Athletes’ Commission”. Furthermore, Ruggiero has pointed out that the Commission “is strongly in favour of strengthening the anti-doping system, including protecting athletes’ privacy, and is actively involved in the discussions currently taking place with WADA on solutions to improve the independency and security of the fight against doping.”
WADA already paid its mea culpa. Despite claiming that just a minimal part of the ADAMS system was broken, and that tens of thousands of athletes has nothing to fear, WADA’s Director of Science Olivier Rabin conceded indeed that the agency “needs to draw lessons from what happened”. Hence, the agency is investigating and relying on every source of intelligence at its disposal to discover how the protection system has been circumvented.The priorities at stake are high: WADA needs not only to restore its damaged credibility in front of the IOC and the word, but first and foremost in front of the athletes whose privacy it is bound to protect.
From the Panama Papers to the leaks in the TTIP documents published by Greenpeace, the security systems of any institution are submitted to constant threat, and guaranteeing data protection is increasingly challenging. Therefore, WADA’s first goal to tackle the cyber-attacks is to upgrade the protection of the ADAMS system in order to prevent further intrusions.
How does the ADAMS work and how could it be perfected with the blockchain?
The ADAMS utmost privileges are its safety and its facility of the usage, which make the “collecting, storing, entering and sharing this anti-doping information with people who need it should be as easy and secure as filling a bottle”. Up to the recent events, ADAMS has been functioning flawlessly, but the athletes’ requests for increased data security demonstrate the need for an upgrading of the system, which must be carefully dealt with as far as the procedure for data exchange in the Olympic Sports environment is complex and included several layers of communication. Data of the anti-doping analyses are indeed processed by anti-doping laboratories and then they are included in the ADAMS system where they are made available to the athletes, the National Anti-Doping Organizations, the International Sports Federations, the WADA and the International Olympic Committee. Considering the high number of people which are granted access to the system, it must be recognized that the barriers opposing external intrusions should be strengthened. Thus, as suggested by Alexander Chernozubov, a former gymnastics champion now dedicated to increase the applications of technology to make sport fair and clean, the appropriate solution to secure the safety of data exchange within the players of the Olympic community could be represented by the blockchain system.
The blockchain, which was originally designed for the Bitcoin by Satoshi Nakamoto in 2008, consists in a sequence of blocks in which the data that should be protected are stored. The blocks are intertwined through complex algorithms – completely independent from one another –and therefore form an inextricable chain which cannot be overwritten, modified or removed.
The blockchain guarantees a higher degree of data protection thanks to the decentralization. Since each computer registered in the system must give the green light to the introduction of any new piece of information and only prior global approval the new data is passed from a block to the other, the blockchain constitutes an innovative model for the defence of data integrity and reliability, which wouldn’t present any difficulty of usage by the athletes and national federations.
To conclude, when an attempt of hacking of modifying the data in a computer occurs, the complex structure of encrypted algorithms ensures that every other computer in the system intervenes to block and neutralize the cyber-attack and to immediately restore the information which was affected.
Thanks to these perks, the blockchain system has the potential to become an essential element in the upgrading of ADAMS and could be the tool to prevent further hackers’ intrusion and to guarantee the safety of the athletes’ personal medical records. Since the internal reassessment of how to tackle the doping will require time and since WADA may be the object of further retaliations in the upcoming editions of the Olympic Games, strengthening ADAMS’s barriers against external attackers may just be the beginning to revamp the fight against doping and ensure that the incoming Olympic competitions will be fair and clean.