Blockchain Revolution (updated)
Page 7
Pioneered in the 1970s,28 asymmetric cryptography gained some traction in the 1990s in the form of e-mail encryption freeware such as Pretty Good Privacy. PGP is pretty secure, and pretty much a hassle to use because everyone in your network needs to be using it, and you have to keep track of your two keys and everyone’s public keys. There’s no password-reset function. If you forget yours, you have to start all over. According to the Virtru Corporation, “the use of email encryption is on the rise. Still, only 50 percent of emails are encrypted in transit, and end-to-end email encryption is rarer still.”29 Some people use digital certificates, pieces of code that protect messages without the encrypt-decrypt operations, but users must apply (and pay an annual fee) for their individual certificates, and the most common e-mail services—Google, Outlook, and Yahoo!—don’t support them.
“Past schemes failed because they lacked incentive, and people never appreciated privacy as incentive enough to secure those systems,”30 Andreas Antonopoulos said. The bitcoin blockchain solves nearly all these problems by providing the incentive for wide adoption of PKI for all transactions of value, not only through the use of bitcoin but also in the shared bitcoin protocols. We needn’t worry about weak firewalls, thieving employees, or insurance hackers. If we’re both using bitcoin, if we can store and exchange bitcoin securely, then we can store and exchange highly confidential information and digital assets securely on the blockchain.
Here’s how it works. Digital currency isn’t stored in a file per se. It’s represented by transactions indicated by a cryptographic hash. Users hold the cryptokeys to their own money and transact directly with one another. With this security comes the responsibility of keeping one’s private keys private.
Security standards matter. The bitcoin blockchain runs on the very well-known and established SHA-256 published by the U.S. National Institute of Standards and Technology and accepted as a U.S. Federal Information Processing Standard. The difficulty of the many repetitions of this mathematical calculation required to find a block solution forces the computational device to consume substantial electricity in order to solve a puzzle and earn new bitcoin. Other algorithms such as proof of stake burn much less energy.
Remember what Austin Hill said at the start of this chapter about never using the newest and greatest in algorithms. Hill, who works with cryptographer Adam Back at Blockstream, expressed concern over cryptocurrencies that don’t use proof of work. “I don’t think proof of stake ultimately works. To me, it’s a system where the rich get richer, where people who have tokens get to decide what the consensus is, whereas proof of work ultimately is a system rooted in physics. I really like that because it’s very similar to the system for gold.”31
Finally, the longest chain is generally the safest chain. The security of Satoshi’s blockchain benefits greatly from its relative maturity and its established base of bitcoin users and miners. Hacking it would require more computing power than attacking short chains. Hill said, “Whenever one of these new networks start up with an all new chain, there’s a bunch of people who direct their latent computer power, all the computers and CPUs that they took offline from mining bitcoin, they point at these new networks to manipulate them and to essentially attack the networks.”32
Implications for the Blockchain Economy: In the digital age, technological security is obviously the precondition to security of a person in society. Today bits can pass through our firewalls and wallets. Thieves can pick our pockets or hijack our cars from the other side of the world. As each of us relies more on digital tools and platforms, such threats have multiplied in ways that most of us do not understand. With the bitcoin blockchain, with its more secure design and its transparency, we can make transactions of value and protect what happens to our data.
5. Privacy
Principle: People should control their own data. Period. People ought to have the right to decide what, when, how, and how much about their identities to share with anybody else. Respecting one’s right to privacy is not the same as actually respecting one’s privacy. We need to do both. By eliminating the need to trust others, Satoshi eliminated the need to know the true identities of those others in order to interact with them. “I’ve spoken to many engineers and computer scientists, and they all tell me—every single one—‘Of course, we can embed privacy into data architecture, into the design of the programs. Of course we can,’”33 said Ann Cavoukian.
Problem to Be Solved: Privacy is a basic human right and the foundation of free societies. In the last twenty years of the Internet, central databases in both public and private sectors have accumulated all sorts of confidential information about individuals and institutions, sometimes without their knowledge. Everywhere people worry that corporations are creating what we could call cyberclones of them by fracking the digital world for their data. Even democratic governments are creating surveillance nations, evidenced by the recent U.S. National Security Agency’s overextending its surveillance rights by conducting warrantless spying over the Internet. These are double privacy offenses, first collecting and using our data without our understanding or our permission, then not protecting the honeypot from hackers. “It’s all about abandoning zero-sum pursuits, either-or propositions, win-lose, you can have one interest or the other. That, to me, is so dated, so yesterday, and so counterproductive,” said Cavoukian. “We substitute a positive-sum model which is, essentially, you can have privacy and—fill in the blank.”34
Breakthrough: Satoshi installed no identity requirement for the network layer itself, meaning that no one had to provide a name, e-mail address, or any other personal data in order to download and use the bitcoin software. The blockchain doesn’t need to know who anybody is. (And Satoshi didn’t need to capture anybody’s data to market other products. His open source software was the ultimate in thought leadership marketing.) That’s how the Society for Worldwide Interbank Financial Telecommunication works—if you pay in cash, then SWIFT doesn’t generally ask for identification—but we’re guessing that many SWIFT offices have cameras, and financial institutions must comply with anti–money laundering/know your customer (AML/KYC) requirements to join and use SWIFT.
Additionally, the identification and verification layers are separate from the transaction layer, meaning that Party A broadcasts the transfer of bitcoins from Party A’s address to Party B’s address. There’s no reference to anyone’s identity in that transaction. Then the network confirms that Party A not only controlled the amount of bitcoin specified but also authorized the transaction before recognizing Party A’s message as “unspent transaction output” associated with Party B’s address. Only when Party B goes to spend that amount does the network verify that Party B now controls that bitcoin.
Compare that with using credit cards, a very identity-centric model. That’s why millions of people’s addresses and phone numbers are stolen every time a database gets breached. Consider the number of records attached to a few of the more recent data breaches: T-Mobile, 15 million records; JPMorgan Chase, 76 million; Anthem Blue Cross Blue Shield, 80 million; eBay, 145 million; Office of Personnel Management, 37 million; Home Depot, 56 million; Target, 70 million; and Sony, 77 million; and there were smaller breaches of airlines, universities, gas and electric utilities, and hospital facilities, some of our most precious infrastructure assets.35
On the blockchain, participants can choose to maintain a degree of personal anonymity in the sense that they needn’t attach any other details to their identity or store those details in a central database. We can’t underscore how huge this is. There are no honeypots of personal data on the blockchain. The blockchain protocols allow us to choose the level of privacy we’re comfortable with in any given transaction or environment. It helps us to better manage our identities and our interaction with the world.
A start-up called Personal BlackBox Company, LLC, is aiming to help large corporations transform their relationship to consumer data. PBB’s chief marketing officer, Haluk Kulin, told us, “
Companies such as Unilever or Prudential are coming to us and saying, ‘We’re very interested in building better data relationships. Can we leverage your platform? We’re very interested in reducing our data liability.’ They’re seeing that data is increasingly a toxic asset inside of corporations.”36 Its platform gives clients access to anonymous data—much like a clinical trial, where pharmaceuticals know only the relevant aspects of patients’ health—without taking on any data security risk. Some consumers may give away more information in exchange for bitcoins or other corporate benefits. On the back end, PBB’s platform deploys PKI so that only consumers have access to their data through their private keys. Not even PBB has access to consumer data.
The blockchain offers a platform for doing some very flexible forms of selective and anonymous attestation. Austin Hill likened it to the Internet. “A TCP/IP address is not identified to a public ID. The network layer itself doesn’t know. Anyone can join the Internet, get an IP address, and start sending and receiving packets freely around the world. As a society, we’ve seen an incredible benefit allowing that level of pseudonymity. . . . Bitcoin operates almost exactly like this. The network itself does not enforce identity. That’s a good thing for society and for proper network design.”37
So while the blockchain is public—anyone can view it at any time because it resides on the network, not within a centralized institution charged with auditing transactions and keeping records—users’ identities are pseudonymous. This means that you have to do a considerable amount of triangulating of data to figure out who or what owns a particular public key. The sender can provide only the metadata that the recipient needs to know. Moreover, anyone can own multiple public/private key sets, just as anyone can have multiple devices or access points to the Internet and multiple e-mail addresses under various pseudonyms.
That said, Internet service providers like Time Warner that assign IP addresses do keep records linking identities to accounts. Likewise, if you get a bitcoin wallet from a licensed online exchange such as Coinbase, that exchange is required to do its due diligence under AML/KYC requirements. For example, here is Coinbase’s privacy policy: “We collect information sent to us through your computer, mobile phone, or other access device. This information may include your IP address, device information including, but not limited to, identifier, device name and type, operating system, location, mobile network information and standard web log information, such as your browser type, traffic to and from our site and the pages you accessed on our website.”38 So governments can subpoena ISPs and exchanges for this type of user data. But they can’t subpoena the blockchain.
It’s also important to know that we can design higher levels of transparency into any set of transactions, application, or business model, should all the stakeholders agree to do so. In varying situations we will see new capabilities where radical transparency makes a lot of sense. When companies tell the truth to customers, shareholders, or business partners, they build trust.39 That is, privacy for individuals, transparency for organizations, institutions, and public officials.
Implications for the Blockchain Economy: To be sure, the blockchain provides opportunities to stop the stampede to a surveillance society. Now think about the problem of corporate big data for each of us. What does it mean for a corporation to have perfect information about you? We are some twenty years into the global Internet era, and only at the beginning of corporate access to the most intimate details of our personal lives. Coming up fast are personal health and fitness data, our daily comings and goings, the inner lives of our homes, and, well, you name it. Many people are simply unaware of the many micro-Faustian deals they make online every day. By simply using Web sites, consumers authorize their owners to convert trails of digital crumbs into detailed road maps for private commercial benefit.
Unless we shift to the new paradigm, it’s not science fiction to foresee hundreds of millions of avatars humming away in tomorrow’s data centers. With blockchain technology, you could own your personal avatars as you do in the Second Life virtual world, but with real-world implications. The Virtual You could protect your personal information, giving away only the information required in any social or economic exchange work under your command and make sure you receive compensation for any of your data that has value to another party. It’s a shift from big data to private data. Call it “little data.”
6. Rights Preserved
Principle: Ownership rights are transparent and enforceable. Individual freedoms are recognized and respected. We hold this truth to be self-evident—that all of us are born with certain inalienable rights that should and can be protected.
Problem to Be Solved: The first era of the digital economy was about finding ways to exercise these rights more efficiently. The Internet became a medium for new forms of art, news, and entertainment, for establishing copyright of poems, songs, stories, photographs, and audio and video recordings. We could apply the Uniform Commercial Code further to do online what the code had already expedited in physical space, which was to eliminate the need to negotiate and create contracts for every single item, like a tube of toothpaste, no matter how small its price. Even so, we had to trust middlemen to manage transactions, and they had the power to deny the transaction, delay it, and hold the money in their own account (bankers call this “float”), or clear it only to reverse it later. They expected a percentage of people to cheat and accepted a certain level of fraud as unavoidable.
In this great burst of efficiency, legitimate rights got trampled, the rights not only to privacy and security but also free speech, reputation, and equal participation. People could anonymously censor us, defame us, and block us at little cost or risk to themselves. Filmmakers who depended on revenues from syndication, video on demand, enhanced DVD sales, and cable rights to films released decades earlier found their revenue stream drying up to a trickle as their fans uploaded digital files for others to download for free.
Breakthrough: The proof of work required to mint coins also time-stamps transactions, so that only the first spend of a coin would clear and settle. Combined with PKI, the blockchain not only prevents a double spend but also confirms ownership of every coin in circulation, and each transaction is immutable and irrevocable. In other words, we can’t trade what isn’t ours on the blockchain, whether it’s real property, intellectual property, or rights of personhood. Nor can we trade what we aren’t authorized to trade on somebody else’s behalf in an agency role, perhaps as a lawyer or a company manager. And we can’t stifle people’s freedom of expression, assembly, and religion.
Haluk Kulin of Personal BlackBox said it best: “In the thousands of years of human social interaction, every time we’ve taken the right of participation from the people, they have come back and broken the system. We’re discovering that, even in digital, stealing their consent is not sustainable.”40 As the Ledger of Everything, the blockchain can serve as a public registry through such tools as Proof of Existence (PoE), a site that creates and registers cryptographic digests of deeds, titles, receipts, or licenses on the blockchain. Proof of Existence doesn’t maintain a copy of any original document; the hash of the document is calculated on the user’s machine, not on the PoE site, thus ensuring confidentiality of content. Even if a central authority shuts down Proof of Existence, the proof remains on the blockchain.41 So the blockchain provides means of proving ownership and preserving records without censorship.
On the Internet, we couldn’t necessarily enforce contractual rights or oversee implementation. And so, for more complex transactions involving bundles of rights and multiple parties, we now have the smart contract, a piece of special purpose code that executes a complex set of instructions on the blockchain. “That intersection of legal descriptions and software is fundamental, and the smart contracts are the first step in that direction,” said Steve Omohundro, president of think tank Self-Aware Systems. “Once the principles of how you codify law digitally become more understood, then I think every coun
try will start doing it. . . . Each jurisdiction would encode its laws, precisely and digitally, and there would be translation programs between them. . . . Getting rid of the friction of all legal stuff is going to be a huge economic gain.”42
A smart contract provides a means for assigning usage rights to another party, as a composer might assign a completed song to a music publisher. The code of the contract could include the term or duration of the assignment, the magnitude of royalties that would flow from the publisher’s to the composer’s bitcoin account during the term, and some triggers for terminating the contract. For example, if the composer’s account received less than a quarter of a bitcoin in a consecutive thirty-day period, then all rights would automatically revert to the composer, and the publisher would no longer have access to the composer’s work registered on the blockchain. To set this smart contract in motion, both the composer and the publisher—and perhaps representatives of the publisher’s finance and legal teams—would sign using their private keys.
A smart contract also provides a means for owners of assets to pool their resources and create a corporation on the blockchain, where the articles of incorporation are coded into the contract, clearly spelling out and enforcing the rights of those owners. Associated agency-employment contracts could define the decision rights of managers by coding what they could and couldn’t do with corporate resources without ownership permission.
Smart contracts are unprecedented methods of ensuring contractual compliance, including social contracts. “If you have a big transaction with a specific control structure, you can predict the outcome at any period in time,” said Antonopoulos. “If I have a fully verified signed transaction with a number of signatures in a multisignature account, I can predict whether that transaction will be verifiable by the network. And if it is verifiable by the network, then that transaction can be redeemed and irrevocably so. No central authority or third party can revoke it, no one can override the consensus of the network. That’s a new concept in both law and finance. The bitcoin system provides a very high degree of certainty as to the outcome of a contract.”43