The Business Blockchain: Promise, Practice, and Application of the Next Internet Technology - William Mougayar, Vitalik Buterin (2016)
Chapter 2. HOW BLOCKCHAIN TRUST INFILTRATES
“I cannot understand why people are frightened of new ideas. I’m frightened of the old ones.”
REACHING CONSENSUS is at the heart of a blockchain’s operations. But the blockchain does it in a decentralized way that breaks the old paradigm of centralized consensus, when one central database used to rule transaction validity. A decentralized scheme (which the blockchain is based on) transfers authority and trust to a decentralized network and enables its nodes to continuously and sequentially record their transactions on a public “block,” creating a unique “chain”—the blockchain.
Of course, the blockchain is destined to affect almost everything. But the challenge is in knowing how, when, and what the impact will be. The first chapter was essential for laying out the multiple capabilities of the blockchain technology, paving the way for your understanding of its usage, and making you believe that peer-to-peer transactions can be finalized on the blockchain, without known intermediaries, except for the blockchain itself.
Blockchain is not a one-trick pony. It is a multi-headed beast that takes many forms.
If you see it as a technology, then you will implement it as a technology. If you see it as a business change enabler, then you will think about business processes. If you discern the legal implications, you will be emboldened by its new governance characteristics. And if you see it as a blank sheet of paper for designing new possibilities that either didn’t exist before, or that challenge existing legacies, then you will want to get very creative at dreaming up these new opportunities.
At its genesis, blockchain (and certainly Bitcoin) is a technology that came to life to challenge the status quo, without preconceived sympathy to what the status quo held on to. Nowhere in the Nakamoto paper was there a mention about integrating with the existing world. Much of that came as an afterthought by those who later interpreted and applied Bitcoin in so many different ways.
At the macro level, the future of blockchain technology will unfold in ways that may not be so different from how the Web unfolded, from a market deployment and acceptance perspective.
A NEW TRUST LAYER
The blockchain disrupts and redefines our commonly accepted beliefs around trust.
If we exclude spiritual, philosophical, and emotional connotations when we think of trust, in the business transactional sense, we think of the following meanings: reliance, predictability, confidence, truth, assurance, credence, certainty, certitude, responsibility, and dependence.
As citizens or business people, let us pick on a few commonly trusted institutions we interact with on a daily basis: banks, governments, credit card companies, and utilities companies.
We typically trust these organizations because most of them do a good job most of the time, and they deliver, armed with our trust. Banks do not steal our money, and they let us withdraw it anytime we would like. Governments deliver services in return for taxes they collect. Credit card companies let us borrow money, with the added convenience of ubiquitous usage. And utilities companies deliver electricity, water, or telecommunications services, as long as we keep paying our bills.
Nothing wrong with that picture, you might think. Yet, for each of these organizations, we also can think of cases where the trust that we seemingly granted them also could be eroded, abused, neglected, forgotten, or sometimes become too expensive.
Banks will delay clearing our checks, even if they can immediately debit our accounts when we buy something. Governments easily squander our tax money, but we cannot see that, or readily prove it. Credit card companies charge us 23% in interest, even when the prime rate is only at 1%. Utility companies subject us to service outages or degradations without compensating us; or worse, they can change their rates or terms with little notice.
There is a cause and effect relationship at play. These institutions can get away with these extreme cases (the unfortunate effects), because we trust them otherwise 95% of the time, and we are tolerant towards their trust failures. So what does the blockchain have to do with this?
The blockchain will not do much to save us the 5% of the time when the above “bad” cases happened. But, we will argue that the blockchain can do a lot in improving transparency for the remaining 95% of the time when transactions are trusted, so that the unfortunate effects of trust failures could be eliminated (or at least dampened). By giving us more transparency about their trust layers, organizations would fail less, not just because they will be more on guard, or fear getting questioned, but because they can decentralize their potential failures, and allow us to be part of early warning systems, and consequently, that should result in lowering their overall risks.
The blockchain offers a degree of transparency and access to truth that can prevent breaches of trust. What if this new technology could redefine the trust function that intermediaries used to perform, and deliver a similar outcome, with added benefits? Blockchains offers truth and transparency as a base layer. But most trusted institutions do not offer transparency or truth. It will be an interesting encounter.
DECENTRALIZATION OF TRUST—WHAT DOES IT MEAN?
With the blockchain, the trust train is moving to a new destination. It is shifting from humans and central organizations to computers and decentralized organizations, via an underlying blockchain-based decentralized consensus protocol that governs its delivery.
The previous paradigm was to channel our attention towards trusted authorities, and allow them to handle our transactions, our data, our legal status, our possessions, and our wealth.
In a new paradigm, some parts of central trust processes will be relegated to blockchains that can serve that trust function. If traditional “trust checking” has become a costly, friction-rich element of a given process or service, maybe the blockchain could offer a solution.
The central question is: can the blockchain give us Trust 2.0, a better form of trust that does not always depend on central intermediaries who may have become too big to fail, too bureaucratic to see risk, or too slow to change?
Here are seven principles that we will need to believe in, if we are to believe in the future of decentralized trust:
1. It would be inaccurate to label blockchains as a tool for the disintermediation of trust. In reality, they only enable a re-intermediation of trust.
2. Blockchains enable a degree of trust unbundling. The blockchain challenges the roles of some existing trust players and reassigns some of their responsibilities, sometimes weakening their authority.
3. The blockchain does not eliminate trust. It shifts it. It moves it around.
4. Trust is always needed. What changes with the blockchain is how trust is delivered and how it is earned. Whoever earns the trust earns the relationship and that includes trusting a blockchain.
5. The blockchain decentralizes trust and makes way to multiple, singularly harmless, but collectively powerful entities that authenticate it.
6. The blockchain disrupts existing economics of trust because the costs of delivering that trust are now distributed.
7. Whereas central trust distanced us, distributed trust will bring us together.
This may sound abstract, but a key aspiration of blockchains is to become a dial tone for trust-based services. This means that we will be able to check and verify the veracity and authenticity of facts, data, processes, events, or anything, with the same simplicity as googling for information, services, or products today.
Dialing, or googling for trust will be possible as we perfect our iterations of “trust logic.”
We already have perfected network logic. You connect your computer to the Internet and it works. You go to a Wi-Fi spot and it finds your computer. You get into your car and it connects with your smartphone via bluetooth. All this works magically because we have figured out the logic behind connecting networks and made the act of connecting seamless and easy for users.
The next logic we will need to figure out is trust logic. It will be about embedding trust inside hardware or software systems, and enabling the products and services behind these connections to easily interact with one other. Think about the multitude of things and offerings that can get smart when they are trusted to perform certain operations without human assistance.
Transparency and truth seeking are complementary characteristics of trust. Transparency asks the question: can we see it? Truth asks: can we verify it?
HOW AIRBNB DESIGNED TRUST FOR STRANGERS
What does Airbnb have to do with blockchain-based trust? A lot.
There is a lesson from Airbnb, which has mastered the art of allowing strangers to sleep in your house without fear. At the onset, matching two strangers with each other and facilitating a transaction to completion is very similar to a blockchain facilitating peer-to-peer interaction between two (or more) parties that do not know each other.
What is common to both situations is what lubricates the transaction and allows it to happen in an orderly and trustworthy manner. That common element is about sharing identity and reputation details. In the case of Airbnb, guests share a lot of information about themselves—a key step that helps the host in gaining confidence about trusting them. On the blockchain, identity and reputation are the primary entry-level factors that effectively lock the peer-to-peer transaction in place.
Says Joe Gebbia, Airbnb co-founder, “It turns out, a well-designed reputation system is key for building trust. We also learned that building the right amount of trust takes the right amount of disclosure.”
Whereas Airbnb has designed for the human element of trust, the blockchain was designed for a parallel element of transactional trust, where the human is also part of it, but behind the scenes, and that human is represented on the blockchain via their identity and reputation status.
Eventually, Airbnb could also apply a user’s blockchain identity and reputation to complement their current reputation and identification process. Why reinvent something if the blockchain provides a solid alternative that is portable to other services?
A SPECTRUM OF TRUST SERVICES BASED ON PROOFS
The burden of proving that something happened is a blockchain specialty. The hierarchy of proof methods range from being embedded as part of a consensus protocol (such as Proof-of-Work or Proof-of-Stake), to Proof-as-a-Service (such as proving an identity or ownership), to a Proof-in-the-Service, where proving something is part of another service (such as a land registry or a wedding registration).
Here is a table that covers some examples of proof-related services in the different segments where we might encounter them. We can expect a long list of innovations in the Proof-in-a-Service and Proof-as-a-Service categories.
THE BLOCKCHAIN LANDSCAPE
One way to understand how the blockchain market will evolve is by portraying it according to three successive layers of architecture. I’ve again borrowed from a popular segmentation method I used in the late 1990s to explain the Internet:
· Infrastructure and Protocols
· Middleware and Services
· End-User Applications
Generically, the narrative goes like this. First, you need a strong set of infrastructure capabilities as foundational elements. For the Internet, it was TCP/IP, HTTP, SMTP, as examples of building blocks. For the blockchain, it will be the different flavors of blockchain protocols being laid out as infrastructure. Then, you need a number of middleware software and services that will be built or delivered on top of the infrastructure elements. Middleware extends the functionality of the infrastructure elements, and makes it easier to build applications. It is like the glue between the infrastructure and applications. Finally, thousands of applications will flourish by relying on the infrastructure and middleware software and services, because they are being built on top of them.
Ideally, the more mature the bottom two layers are, the easier the development of applications becomes. As far as evolution goes, these three layers do not get created in a clear-cut order of succession. Developers start to build applications even when the infrastructure and middleware layers are not completely built out. Then, everything progresses via an iterative evolution, in each of the various layers of this landscape depiction.
BENEFITS AND INDIRECT BENEFITS
So, what are the benefits of blockchain technology? What problems does it solve?
Entrepreneurs and startups do not need to ask. They have taken to this new technology like ducks to water and are busy creating new businesses and solutions that want to replace existing ones, using different rules.
Enterprises are the ones asking, because the benefits are not necessarily obvious to them. For large companies, the blockchain presented itself as a headache initially. It was something they had not planned for.
Here’s the sad truth about questioning the blockchain’s benefits: if you are content with the status quo, then you will think that the blockchain does not add any value. True, the blockchain is not for everything, but if it were for something you are protecting, and you ignore the blockchain, then one day, you might realize your judgment error when a blockchain-based company starts to affect your existing business.
The blockchain may have suffered initially from the fortune cookie principle, as outlined by Bernadette Jiwa:1 “People do not buy fortune cookies because they taste better than every other cookie on the shelf. They buy them for the delight they deliver at the end of a meal. Marketers spend most of their time selling the cookie, when what they should be doing is finding a way to create a better fortune. Of course your job is to bake a good cookie, the very best that you can, but you must also spend time figuring out how to tell a great story.”
For developers, the blockchain has meaning. They have found the fortune story inside, before eating the cookie. But for the general public of users and many enterprises, Bitcoin, blockchains or cryptocurrencies do not have a lot a meaning (yet), because they are being sold the cookie.
Engineers typically want to solve a technical problem. But if solving the technical problem does not result in solving an end-user problem, users will ask: “Was that a solution looking for a problem…because I do not see this problem.”
The end-user mindset just wants a simple solution to work. The end-user does not care who created or who dreamt a particular technological novelty. Business stakeholders are also part of this equation, because they know that problems cost them money, and they welcome the solutions that address these problems.
Generically, the blockchain’s benefits can be examined on a long list:
· Cost savings: direct or indirect.
· Speed: removing time delays.
· Transparency: providing the right information to the right people.
· Better privacy: protecting consumers, businesses via more granular controls.
· Lower risk: better visibility, less exposure, less fraud, less tampering.
· Access: more equitable access.
· Productivity: more work output.
· Efficiency: faster processing or reporting.
· Quality: less errors or more satisfaction.
· Outcomes: profits and growth.
Blockchain is not a process improvement type of technology, but it will get used for that, because it’s easier to improve an existing process than to invent a new one. At least, that is the conventional wisdom, and prevailing modus operandi within large organizations.
Yes, you can improve by 1.5x or 2x and that’s a respectable achievement, but what if you could improve by 10x?
There is a strange dichotomy between how startups and large companies see blockchains. Startups see it as a solution to everything, whereas big companies see it as a pain, since it challenges existing processes.
EXPLAINING SOME BASIC FUNCTIONS
Smart property is a native unit requirement for blockchain operations. To understand it, think of its two predecessors, a “digital file” and a “digital asset.” A digital asset is a digitized version of a product that includes specific rights to use, and typically has a value attached to it. Without rights, it is not considered to be an asset, and is just a “digital file.” Examples of a digital asset include a song, an e-book, a photo, or a logo. Prior to the Bitcoin invention, it did not make sense to have money as a digital asset, because the double-spend (or double-send) problem was not solved yet, which meant that fraud could have dominated. As a parallel, when you send a photo from your smartphone to someone, you still maintain a copy, and you are both owners of that image. That would not be acceptable in the money world, or with assets that are a real value or right, and cannot be shared with multiple owners.
Smart property takes the concept of a digital asset further, and it links the asset to a blockchain such that it can never be double-spent, double-owned or double-sent. If you are a creator or owner of these digital assets, imagine if you could also bind your ownership (or rights) in irrevocable ways that cannot be undone unless you decide to transfer or sell them. And it’s all within your own control, not someone else’s.
As such, you would be creating a smart property, which is an asset or thing that knows who owns it. A smart property does not have to be a digital-only product. It can be a physical object or thing that was made “smart” through an explicit or implicit linkage to a blockchain. There are thousands of such examples, including a lock, a car, a fridge, or even your house. The blockchain can be used as an auditable database linked to your cryptographic signature, and your smart property becomes linked to a unique digital fingerprint based on its content.
Now imagine the portability, flexibility, and discoverability aspects that accompany these capabilities, and they become a great lubricators for decentralized peer-to-peer transactions, financial trading or commerce. A smart property is the new form of digital bits that are made for the blockchain rails.
Time stamping is a basic function that permanently registers on the blockchain the time that a particular action took place. For example, this could be the recording of an asset’s change of ownership, or the fact that an action occurred, like a medical exam or a specific transaction. This is useful to prove or verify at a later date that an event actually took place at that particular time. Timestamping is an irrefutable and immutable action once recorded on a blockchain, so it is useful when seeking the truth.
Multisignature (also known as multisig) is a process where more than one signature is required to clear the status of a transaction or to give the go-ahead for an approval. It is the equivalent of requiring multiple signatures on a paper agreement to make it valid, but this happens automatically and quickly on the blockchain. What makes this approach even more powerful is that you can insert business logic in-between the multiple signatures, so that each signature can trigger a new action, resulting in the creation of escrow services as part of these transactions.
Smart contracts are a key underpinning of blockchain technology. If you do not understand smart contracts, then you do not understand the power of blockchains. They will be no less revolutionary than the invention of the HTML markup language that allowed information to be openly published and linked on the Web. Smart contracts promise to program our world on the head of blockchains, and potentially replace some of the functions currently executed by expensive or slow, legacy intermediaries.
The concept was first introduced by Nick Szabo in 1994,2 but it underwent a long gestation period of inactivity and disinterest, because there was no platform that could enforce smart contracts, until the advent of the Bitcoin blockchain technology in 2009. Since 2015, smart contracts have been gaining popularity, especially since Ethereum made programming them a basic tenet of their blockchain’s power.
Like any new buzzword, the more a term gets popular, the more it spreads around, and the more it will get used, but also misused and abused. It will mean a lot of different things to different people. Here are some facts about smart contracts:
1. 1. Smart contracts are not the same as a contractual agreement. If we stick to Nick Szabo’s original idea, smart contracts help make the breach of an agreement expensive because they control a real-world valuable property via “digital means.” So, a smart contract can enforce a functional implementation of a particular requirement, and can show proof that certain conditions were met or not met. These can be fairly strict implementations, for example, if a car payment is not made on-time, the car gets digitally locked until the payment is received.
2. 2. Smart contracts are not like Ricardian contracts. Ricardian contracts, popularized by Ian Grigg,3 are semantic representations that can track the liability of an actual agreement between parties. These can also be implemented on a blockchain, with or without a smart contract. Typically, multisignatures are part of a Ricardian contract’s execution.
3. 3. Smart contracts are not law. Smart contracts, being computer programs, are just the enabling technology, but the consequence of their actions can be made part of a legal agreement, for example a smart contract could transfer shares ownerships from one party to another. As of 2016, the full legal ramifications around smart contracts were a work in progress. A smart contract outcome could be used as an audit trail to prove if terms of legal agreement were followed or not.
4. 4. Smart contracts do not include Artificial Intelligence. Smart contracts are software code representing business logic that runs a blockchain, and they are triggered by some external data that lets them modify some other data. They are closer to an event-driven construct, more than artificial intelligence.
5. 5. Smart contracts are not the same as blockchain applications. Smart contracts are usually part of a decentralized (blockchain) application. There could be several contracts to a specific application. For example, if certain conditions in a smart contract are met, then the program is allowed to update a database.
6. 6. Smart contracts are fairly easy to program. Writing a simple contract is easy, especially if you are using a specific smart contract language (e.g., Ethereum’s Solidity), which lets you write complex processes in a few lines of code. But there are more advanced implementations of smart contracts that use “oracles.” Oracles are data sources that send actionable information to smart contracts.
7. 7. Smart contracts are not for developers only. The next generation of smart contracts will include user-friendly entry points, like a Web browser. That will allow any business user to configure smart contracts via a graphical user interface, or perhaps a text-based language input.
8. 8. Smart contracts are safe. Even in the Ethereum implementation, smart contracts run as quasi-Turing complete programs. This means there is finality in their execution, and they do not risk looping infinitely.
9. 9. Smart contract have a wide range of applications. Like HTML, the applications are limited by whoever writes them. Smart contracts are ideal for interacting with real-world assets, smart property, Internet of Things (IoT), and financial services instruments. They are not limited to money movements. They apply to almost anything that changes its state over time, and could have a value attached to it.
Developers with smart contracts expertise will be in demand. Learning smart contracts allows one to get into blockchains, without the burden of getting directly under the hood of blockchains. Many smart contract languages are derivatives of C++, Java or Python, three of the most popular software languages, and that makes learning them a lot easier.
Smart contracts are an under-appreciated piece of blockchain technology architecture. Yet, they promise to power the blockchains of the future.
If trust is the atomic unit of blockchains, then smart contracts are what programs the variety of trust into specific applications. Soon enough, there will be millions of smart contracts bombarding blockchains with logical representations of our world, and that will be a good evolution to expect.
Oracles are an interesting concept, relating to smart contracts. You can think of them as off-chain data sources that a smart contract can use to modify its behavior. Smart oracles contain a real-world representation of information, such as an identity, an address, or a certificate, and they could also have agent-like property that directs the smart contract to behave in a certain way.
They work together in harmony because one of them is on the blockchain (smart contracts), and the other one is off-chain (smart oracles). For example, a smart contract that concerns itself with a Know Your Customer (KYC) function could interact with a smart oracle that contains identity information. Or, if a police officer wishes to check the status of a driver’s license, instead of dialing the motor vehicle database, they could check the blockchain and get the latest information pertaining to the validity of the license, its expiry, or other driver-related information. Conceivably, instead of maintaining expensive central databases, the motor vehicle department could become a smart oracle and publish their data on the blockchain. The data would be encrypted, and only accessible to authorities that hold the right keys to access them, but the process would be more efficient and less costly to maintain.4
WHAT DOES A TRUSTED BLOCKCHAIN ENABLE?
I have suggested a practical way to remember what the blockchain touches. Just think of the word ATOMIC, and you will remember what each letter means:
Assets, Trust, Ownership, Money, Identity, Contracts
Indeed, the blockchain offers:
· Programmable Assets
· Programmable Trust
· Programmable Ownership
· Programmable Money
· Programmable Identity
· Programmable Contracts
Put together, these six concepts are powerful catalysts for understand where the blockchain can be used in any particular situation.
Let us expand on some of these topics.
Creation and Real-Time Movement of Digital Assets
Digital assets can be created, managed, and transferred on a blockchain network without incurring clearing-related delays due to the existence of intermediaries. Not requiring human or central database intervention to enforce verifiability is a fundamental novelty.
Embedding Trust Rules Inside Transactions & Interactions
By inserting rules that represent trust inside transactions, the blockchain becomes a new way to validate these transactions via logic in the network, not via a database entry or central authority. Therefore, a new “trust factor” is created that is part of the transaction itself.
Time-Stamping, Rights, & Ownership Proofs
The blockchain allows the time-stamping of documents representing rights or ownerships, therefore providing irrefutable proofs that are cryptographically secure. This, in turn, can enable a variety of applications to be built on top of these new seamless verification capabilities.
Self-Execution of Business Logic with Self-Enforcement
Because verification is done by the blockchain’s black box, and the trust component is part of the transaction, the end-result is a self-clearing transaction. The clearing and settlement of assets are merged together.
Selective Transparency & Privacy
This is achieved via cryptographic technologies, and it will result in new levels of decentralized data privacy and security where transactions can be verified without revealing everything about the identity of their owners. Transparency exposes the ethics of a business, so it will get resisted. But increased transparency can also provide increased levels of trust.
Resistance to Single Points of Failure or Censorship
Because the blockchain consists of several decentralized computers and resources, there is no single point of failure; therefore, the network is more resilient than centrally controlled infrastructures. And blockchains are typically censorship resistant, due to the decentralized nature of data storage, encryption, and peer controls at the edge of the network.
IDENTITY OWNERSHIPS & REPRESENTATION
Anonymous, pseudonymous, or real identities can be uniquely mapped on the blockchain, offering us the promise of owning our own identities, and not having them controlled by Google or Facebook.
The vision of blockchain-based identity promises to empower users to be in complete control of their identity.
This promise could lead to easy, single, or seamless sign-ons that zigzag Internet users straight through the maze of entry and access points to unlock personal information, access services, and transact with digital assets.
In its simplest form, the blockchain can be used to uniquely authenticate your identification, in irrefutable and immutable ways, because your “keys” are your identity. But what happens if you need several keys instead of just one, because every service you use requires a different one? Imagine if you had five keys to your house, and depending on the day, or the entry point, you’d need to use a different one. Or, if you had five different homes in different parts of the world, you would certainly come up with a way to keep your keys. It’s definitely possible, but burdensome.
Online, we are already challenged by keeping track of multiple passwords in our heads, or in notes, and we’re always worried about getting hacked potentially, or forgetting them. I would expect that blockchain-assisted identity and access solutions can help us arrive at better solutions than the current ones.
In an ideal world, why could not our online and offline identities blur? Why do we accept that our driver’s license is only valid in physical settings (mostly), and our online identities (Facebook or other) are useless at airport security or at the bank? Of course, newly issued passports are beginning to bridge that divide when we scan them at the airport kiosks, and we complete our identification via a retinal scan, or other pieces of information to triangulate on our identity.
In the blockchain world, there are various approaches that are addressing identity and personal security, including granting us access to data and services. Some require new hardware solutions, others are software-based, and some integrate with business-to-business solutions.
1. Hardware. The analogy is similar to showing a passport, or other government-issued identity card, such as driver’s license. That card gives us access to travel, or authorizes us to drive a car. On the blockchain, some of these solutions are also combining biometric data to add to the authentication mix. Examples: ShoCard, Case.
2. Software. The closest analogy is the current OAuth-based identifications we routinely perform on the Web when signing to websites using our Facebook, Twitter or Google IDs. But with blockchain solutions, the roles are reversed: you self-register your identity first, and then you link to your social accounts. Examples: Netki, OneName, BitID, Identifi.
3. Integration-first. Whereas the first two approaches generally start with the consumer, this segment starts by figuring out the integration requirements with existing business solutions. Examples: Cambridge Blockchain, Trunomi, uPort, Tradle, Ripple KYC Gateway.
Blockchain identification schemes have a chance, but there are uncertainties ahead. On the consumer side, could they replace our linking to Facebook, Google, or Twitter, and lure us to start with them instead? And on the business side, could they supplant already entrenched solutions such as SWIFT’s 3SKey multi-bank, multi-network personal identity solution, or Markit’s KYC?
For blockchain-based solutions, the bar is high for simplicity requirements and reaching large numbers of users. They are going against the millions of Google, Facebook, and Twitter users, or the thousands of financial institutions already using SWIFT or Markit.
Of course the blockchain industry could have its own solution. Why should we be subjected to repetitive Know Your Customer processes each time we register for a new cryptocurrency exchange? Let us not make the same mistake as in the physical world.
When it comes to the implementation and evolution of blockchain solutions, there are a few issues and questions:
What sorts of applications will drive these new forms of identity representations? In the Facebook and Google world, their specific application (e.g., social media or documents access) drives our usage. But on the blockchain, most identity solutions providers are rushing to deliver solutions before bolting them onto applications that will drive usage.
· Can a self-managed online personal identity layer supplant the current de-facto standard of using Facebook or Google to authenticate our identity and information access?
· Will users be willing to self-manage the complexity that comes with higher levels of security rules and access levels?
· What does portability really mean in the context of identity? Will it lead to managing multiple identities, and will that become a similar nightmare as managing passwords?
· What is the role of zero knowledge technology to protect the confidentiality of transactions and the privacy of individuals?
· What is the role of the smartphone? Can it become our “digital passport,” as it is already becoming our digital wallet?
What happens if we lose our secured card or private keys? Can the average user be trusted to self-manage access to their data in the same ease as protecting one’s own property at home, for example?
· Do we need new types of certificate authorities to provide their stamps of approvals on these identity systems?
· Could we configure information access in more granular way, so that peer-to-peer security rules can supplant firewall-based solutions?
· What is the relationship with current Know Your Customer (KYC) practices, and will these new identity solutions provide a more secure layer for facilitating AML and counterterrorism types of activities?
· Will this drive more consumer or business applications?
· Are there legal or regulatory hurdles that need to be addressed to enable the full deployment of these types of solutions?
Changing habits is one of the biggest hurdles to technology adoption, and this area is no different. We do not know yet if a full move to digital identities would invite some abuse, or decrease friction, and increase total user engagement.
· Is the separation of data and identity a good thing? Does it create multiple pseudo identities and personas ad nauseam?
· How about the impact of transaction history on our reputation? Will rating our online reputation become the new consumer credit score equivalent?
· Is anonymity a good thing, or can that moniker be abused to achieve malicious goals?
· Does this open up the market to promote financial inclusion, or does it raise the adoption bar higher?
DECENTRALIZED DATA SECURITY
The blockchain brings some solutions to the dilemma of balancing data, identity, and transaction-based privacy and security.
We have seen security and privacy breaches within large/central organizations (for example, Target, Sony, Blue Cross, Ashley Madison, and the Turkish government), and that is leading us to wonder if the Web or large databases are really secure anymore. The privacy of customer information, citizens, and transaction history can be compromised, and this has implications on the security of applications data and online identities.
Enter the blockchain and decentralized applications based on it. Their advent brings potential solutions to data security because cryptographically-secured encryption becomes a standard part of blockchain applications, especially pertaining to the data parts. By default, everything is encrypted. By virtue of decentralizing the information architecture elements, each user can own their private data, and central repositories are less vulnerable to data losses or breaches because they only store encrypted information and coded pointers to distributed storage locations that are spread across distributed computer networks. Therefore, hackers cannot reconstruct or make sense of whatever partial information they might get their hands on. At least, that’s the theory behind this vision, and work is being done to bring it to reality.
In this new world of decentralized technologies, security, privacy, and data ownership requirements are part of the design and not an afterthought. They come first.
But blockchains are not perfect. They also introduce security challenges due to their inherent designs relating to three key areas:
· Consensus engines on blockchains
· Decentralization of computing architectures
· Peer-to-peer clients
Consensus in public blockchains is done publicly, and is theoretically subject to the proverbial Sybil attacks (although it has not happened yet). The trend for decentralized computing architectures requires a new mindset for planning and writing applications that is different than the traditional Web architectures. Finally, each time you download a software client that sits on your personal computer or smartphone and it “listens” to the network, you are potentially opening security risks, unless it is well implemented.
We also need to be aware that Internet of Things devices also are subject to potential security breaches, because potential vulnerabilities are being pushed from the centers to the edges, wherever there is some computing resources at the edge.
Luckily, some solutions are in the works, such as private blockchains, zero-knowledge proofs and ring signatures, but we will not enter this technical territory within the scope of this book.
Another bright light is that we do not need to reinvent decentralized security, decentralized data and how to write decentralized applications because there are new platforms that provide these basic buildings blocks as part of their core offerings.
If you are a developer, the implications for the future are to:
1. Secure data inside applications while you write them
2. Decentralize user data to protect it
3. Learn blockchains and decentralization technologies
4. Write smart contracts on new/thin cloud architectures (no servers)
5. Rethink identity ownerships for your customers
Security and privacy need to be part of the initial design, and not as an afterthought.
ANONYMITY & UNTRACEABLE COMMUNICATION
The blockchain enables user anonymity by choice, and it is one of the most annoying features for regulators and financial reporting authorities, specifically in consumer applications. What comes to their mind, of course, would be money laundering, illicit trade, and terrorism-related activities where users could hide under pseudo-anonymous identities, and stay under the radar for a long time before they get discovered. Obviously, this is not a design objective of public blockchains or decentralized applications that run them, and although they are corner cases for the normal person, they can be seen as show-stoppers for policy makers and government institutions.
Without brushing aside the potential risks associated with implicitly protecting criminals and bad actors, there are cases where untraceable communication is desirable, for good and valid reasons.
Says David Shaum, the inventor of digital cash and privacy technologies: “Untraceable communication is fundamental to freedom of inquiry, freedom of expression, and increasingly to online privacy generally, including person-to-person communication. To address these needs a system should support, ideally within a combined anonymity set, the most common use cases: chat, photo/video sharing, feed following, searching, posting, payments, all with various types of potentially pseudonymous authentication.”
In 1994, Kevin Kelly, author of Out of Control, wrote this:
A pretty good society needs more than just anonymity. An online civilization requires online anonymity, online identification, online authentication, online reputations, online trust holders, online signatures, online privacy, and online access. All are essential ingredients of any open society.
It is disheartening to realize that, as of 2016, we were still very much behind on that vision of a “pretty good, open, online society.” The blockchain can help, because too many Web companies centralized and hijacked what could have been a more decentralized set of services.
There is hope that we can reconcile the anonymity and accountability requirements, and strike a good balance between the two, where “evil doers” can be rooted out of the network, while preserving the normality of operations for the majority of “good” users.5
BLOCKCHAIN AS CLOUD
We can also think of blockchains as a shared infrastructure that is like a utility. If you think about how the current Internet infrastructure is being paid for, we subsidize it by paying monthly fees to Internet service providers. As public blockchains proliferate and we start running millions of smart contracts and verification services on them, we might be also subsidizing their operations, by paying via micro transactions, in the form of transaction fees, smart contracts tolls, donation buttons, or pay-per-use schemes.
Blockchains are like a virtual computer somewhere in a distributed cloud that is virtual and does not require server setups. Whoever opens a blockchain node runs the server, but not users or developers.
So, the blockchain is like a networked infrastructure of computing machinery. With that in mind, we could easily imagine how computer programs can run on this new infrastructure.
But we should not take the cloud computing analogy literally. The blockchain infrastructure does not replace cloud computing. It unbundles it, and democratizes parts of it.
More likely, the blockchain infrastructure resembles a layer of cloud computing infrastructure. Blockchain virtual machines may be too expensive if we are to literally compare their functionality to a typical cloud service such as Amazon Web Services or DigitalOcean, but they will be be certainly useful for smart contracts that execute their logic on the blockchain’s virtual machinery, or decentralized applications, also called Dapps. As a sidenote, we could also see a future where client nodes can talk to each other directly in scenarios where blockchains are too expensive or slow.
When you run an application in the cloud (for example, on Amazon Web Services or Microsoft Azure), you are billed according to a combination of time, storage, data transfer, and computing speed requirements. The novelty with virtual machine costing is that you are paying to run the business logic on the blockchain, which is otherwise running on physical servers (on existing cloud infrastructure), but you do not have to worry about setting up these servers because they are managed by other users who are getting paid anyways for running that infrastructure via mining.
Therefore, the blockchain cloud has a form of micro-value pricing model that parallels the traditional cloud computing stack, but via a new layer. It is not a physical unbundling of the cloud, rather it is a new layering of cryptography-based transaction validation and state transition recordings on a parallel, but thinner cloud.
What is happening here within a grander context? Let us put this in perspective. We are witnessing a delayering across various technology pieces:
· Applications Programming Interfaces (APIs) are now coming from a public infrastructure that is cryptographically secured (the blockchains).
· Blockchains are being used as a new form of database, for example as a place to permanently store immutable cryptographic keys (or hashes) in Distributed Hash Tables (DHTs) that point to larger data values that are stored off-chain.
· A new type of browser will allow users to launch decentralized apps (Dapps), not just Web pages (e.g., Mist from Ethereum).
· The World Wide Web’s original Hypertext Protocol is getting augmented by a new hypermedia protocol called InterPlanetary File System (IPFS), which is a peer-to-peer distributed file system that connects all computing devices with the same system of files.
· Contractual Law is being sliced off, for example via Ricardian contracts that track the liability of one party to another (for example, OpenBazaar is implementing them in their peer-to-peer e-commerce protocol).
Here is a profound implication for large enterprises. Business users will also be able to run their own smart contracts, P2P apps, and other Dapps on open blockchains without seeking permission from IT departments, in the same way that Software-as-a-Service (SaaS) was a Trojan horse that enabled employees to sign up for services on their own without disturbing the company infrastructures (until it was time to perform some integrations).
This new form of SaaS will be possible because a new infrastructure layer can emerge by being supported on a peer-to-peer and shared-cost basis. And it is very possible that the costs of this new computing infrastructure will be as cheap as Internet access today, on a relative per-user basis. If that’s the case, this expands the applications possibilities even further.
The thin cloud represents freedom and flexibility for users and developers. It will allow anyone to create their own business logic for ownership, commerce, contractual law, transaction formats, and state transition functions without worrying about setting up an infrastructure.
We must fully embrace the thin cloud as an outcome of the blockchains’ infrastructures, and we must innovate with creative applications that run on it.
GETTING TO MILLIONS OF BLOCKCHAINS
In 1994, when the Web came along, websites were the novelty, and up until about 1998, we kept lists of Fortune 500 companies with or without websites. It took about three years before most companies were on board. Then, many of these early sites were criticized for being mostly glorified brochures or information sheets, and we kept referring to Amazon as one of the few companies that actually conducted business on the Internet.
Fast forward to 2016 and beyond. The blockchain will be the new website, figuratively speaking. Yes, blockchains are geeky (and the challenge is to take out that geekiness), but every company is destined to own or participate in a variety of blockchains, whether they are private, semi-private, or public.
Using the website analogy, companies could use the familiar portal approach to deliver a range of blockchain services, to facilitate the on-boarding of new users, while showcasing the blockchain’s capabilities.
The first steps involve finding what is appropriate for the blockchain, starting with your current operations. Just as with your first website when the question was, “What information can we publish on it?,” there are initial questions you can try answering first, to uncover potential blockchain use cases pertaining to the variety of peer-to-peer value exchange services that are possible.
It is almost unimaginable to think that when Satoshi Nakamoto released the code for the first Bitcoin blockchain in 2009, it consisted of just two computers and a token. Then, it proceeded to grow because anyone could download a software program and connect to the network as another identical node that ran the same code. It proceeded to become a self-growing type of network. That is how public blockchains grow.
Bitcoin was that first public blockchain, and it inspired many others. Ethereum was another major public blockchain that has grown rapidly to establish itself as the second largest and significant public, multi-purpose blockchain.
One of the primary differences between a public and private blockchain is that public blockchains typically have a generic purpose and are generally cheaper to use, whereas private blockchains have a more specific usage, and they are more expensive to set up because the cost is born by fewer owners. We can also expect special purpose public blockchains to emerge, for example, the Zcash one that promises to deliver total privacy.
With the proliferation of public, private, semi-private, special purpose, and other types of blockchains, a world of millions of blockchains will be achievable.
KEY IDEAS FROM CHAPTER TWO
1. Blockchains offer a new paradigm for implementing transactional trust. We should open our minds, and accept that trust will be computed by machines, instead of verified by humans.
2. Trust can be achieved by increasing transparency requirements, namely by sharing identity and reputation information.
3. Proving that something has happened will be served by blockchains. There will be millions of such cases, with access rivalling the way we google for information.
4. Anonymity, identity, decentralized data, and security are evolving issues that are well suited for blockchains.
5. Smart contracts and smart property are key underpinnings of a blockchain’s operations, and they open up the applications, possibilities. Developers will rush to create smart contract-based applications without worrying about learning the internal elements of blockchains.
1. “The Fortune Cookie Principle;,” Bernadette Jiwa, http://thestoryoftelling.com/fortune-cookie-principle/.2. Smart Contracts, Nick Szabo, http://szabo.best.vwh.net/smart_contracts_idea.html.3. The Ricardian Contract, Ian Grigg, http://iang.org/papers/ricardian_contract.html.4. Digital Identity on Blockchain: Alex Batlin’s “prediction,” Alex Batlin, http://fintechnews.ch/803/blockchain_bitcoin/digital-identity-on-blockchain-alex-batlins-prediction/.5. PrivaTegrity—David Chaum’s Anonymous Communications Project, SecurityWeek, http://www.securityweek.com/privategrity-david-chaums-anonymous-communications-project.6. Less-techy: What is Web 3.0, Gavin Wood, http://gavwood.com/web3lt.html.