• Anthony Stevens

Blockchain, Trust and the Next Generation Platform

Updated: Jul 25, 2018

With the proliferation of data privacy challenges, a shift underway with geopolitics, increased levels of cyber-attacks and a tidal-wave of technology-based investment, what is the future of trust in our new economy? How will the internet now evolve?

Over the last 10 years, platforms have emerged from the success of big-tech who now dominate entire industries — think Airbnb, Amazon, Netflix and Google. Platforms connect buyers and sellers creating economies of scale on both the demand and supply side creating a fly-wheel based growth engine.

For any business, one of the reasons to want a platform is for control. The alternative is to accept a growing portfolio of technology that doesn’t work together and can’t be re-used leading to increased operating costs and lower agility. A platform brings with it both opportunities and challenges — none more pressing than that of trust.

For a company with a platform, apart from the apprehension business units may have in losing control, there is also an element of concentration risk, i.e. even with the best (and most expensive) defence in place, no system is foolproof, and the impact of a breach for an organisation could be catastrophic. Regulatory penalties and the reputational damage of a substantial breach are the most apparent impacts, but even failing to comply with regulations when there has been no breach, can be costly.

With the next generation platform, security and compliance are probably the most obvious challenges, but there are others. The proprietary and centrally controlled platforms today need to be replaced with decentralized, open ones; trusted parties replaced with verifiable computation; and inefficient monolithic services replaced with peer-to-peer algorithmic markets.

Six areas of abundant opportunity

Think about a business that provides access to their data for another company to provide a service. Or the employee that needs to access an external system to perform their role. In these cases, there are assumptions made that relate to trust, as contracts and the law can only go so far. What’s overarching is the trust we have in the company providing access to the system however, this is becoming less ideal as company lifespans are reducing with 99.9% not reaching the age of 50.

The following opportunities will help the platform provider redefine expectations of trust. Brand and reputation alone will no longer suffice. As Bitcoin has with currency we need to re-think the paradigm altogether.

  1. Audit and compliance: It’s hard or impossible to prove adherence to personal information regulations or provide assurance about the state and history of system configuration.

  2. Data security and integrity: It is difficult (and takes too long) to prove that data is tamper-free.

  3. Identity and access management: Identifying who has access to what, at any given point of time, can be time-consuming and often inconclusive.

  4. Vendor and reputation management: Getting customers to trust your vendors the same way they trust you can hamper your ability to sell.

  5. Proving authenticity: It is difficult to verify the authenticity of data before it is used, otherwise, there can be uncertainty with your applications and their related results.

  6. Incentive management: Creating an immutable record and basis to manage incentives associated with the use, contribution and storage of data on a platform.

Addressing each of these will reduce friction making business easier. Less emphasis is required by lawyers to manage the inherent risks, and there’s likely to be better alignment between growth, technology adoption, risk management and regulation.

Blockchain as part of the solution

A blockchain is a decentralised electronic ledger — a set of records available to all parties on the ledger which is immutable, i.e. cannot be changed, only added to. Any additions to the ledger have to be agreed by all parties using a mathematical proof and everyone can inspect the ledger. There is no assumed trust or faith that the records are correct; they are proven to be accurate by computation by multiple independent parties.

This ability to make records immutable made the use of blockchain attractive to crypto-currencies such as Bitcoin, but more and more non-financial applications of blockchains are being discovered and most importantly, applied.

Platforms and the application of blockchain

Audit and compliance

Paper-based records provide a good audit trail by design, but electronic ones must be built to keep a trail. A poor design that does not cater for resilience, corruption or a malicious action could mean records are lost or were never logged in the first place.

Writing electronic transactions from the platform to a blockchain means that the records are not only resilient (all parties have a copy) but that they are tamper-proof. A policy of writing all personally identifiable (PI) related transactions (but not the PI data itself) to a blockchain will help ensure your organisation is compliant with PI regulations.

Data security and integrity

With the increasing reliance on cloud and the powerful tooling it provides, there is an inherent risk that a rogue actor tries to cover their tracks after malicious activity (such as trying to disable the PI compliance checks or stealing data).

Logging all configuration settings and changes to them to a blockchain will ensure that there is a clear audit trail of the activities carried out and who undertook them.

Identity and access management

Governing the administration of digital identities, entitlements and the assignment of entitlements to identities is central to any platform, but governance often takes the form of a periodic manual check that is both error-prone and delayed.

In principle, maintaining identity and entitlements in the blockchain provides a tamper-proof mechanism to ensure identities can only access resources based on their entitlements (which can be inspected at any time and any changes are visible). In practice, identities shouldn’t be stored in a decentralized ledger since this may constitute a PI breach in its own right — but a ‘pointer’ to an identity can be stored, and the concept of self-sovereign identities makes this possible since only the user has control over their identity record (similar in concept to a physical passport but the passport number can be validated).

Vendor and reputation management

Companies increasingly need to resell services provided by third-party vendors. For large enterprises, they may be putting their reputation at stake and customers may be uncomfortable receiving services from someone other than their usual trusted supplier.

Writing vendor information, results of their compliance checks, accreditation and reviews on the blockchain will ensure customers can easily and directly verify what they’re getting without the need for an intermediary.

Counterparty risk is inherent in contract execution and usually depends on a third party to arbitrate when things don’t go as planned. Digital organisations will often need to coordinate across multiple suppliers before a customer can accept the terms of the agreement (which usually pushes the risk to the customer).

Smart contracts permit trusted transactions and agreements to be carried out among disparate, anonymous parties without the need for a central authority. Using the blockchain to track the acceptance of terms by a customer can enable a set of smart contracts to be executed with various suppliers at the point of acceptance. As a useful risk management tool, smart contracts remove trust from the transaction and guarantee that the contracts will be executed as stipulated.

Proving the authenticity of external data

Financial data is a natural fit for Blockchain. Data once written to blockchain cannot be altered without causing network collision. This ensures that the transactions are inherently tamper-proof. No proprietary techniques or methodology is required to achieve high security which makes blockchain a preferred technology. In the older way of doing things, paper receipts were used. The risk of unnoticed modification in paper receipts is comparably low, because of their physical nature.

In contrast, electronic files cannot be observed physically and hence are vulnerable. This introduces the necessity for proving the authenticity of the file to then integrate the result as part of a blockchain to ensure the smart contracts can be trusted end-to-end.

Incentive management

Blockchains offer us an alternative to a central authority for managing application specific currencies. Anything we can prove with a smart contract can be used to exchange the currency for provable actions, like transferring a file. There are four areas where the use of an application specific currency may be useful:

  1. User engagement — a currency used by suppliers to promote their application or content where the user gets a share of the revenue for their attention.

  2. Proof of replication — proving that those storing data have done so correctly — i.e. they are rewarded for the storage they are providing along with proofs but are penalised if they skip the proof (by losing part of their collateral) and not rewarded for their storage.

  3. Reputation management — a currency used to increment the reputation of a supplier post a transaction for a good/service in exchange for an incentive.

The next generation platform

Blockchain has proven effective in solving many problems associated with centralisation; the canonical example being Bitcoin. Over the last couple of years, a range of applications have emerged with similar missions — to use mathematical proofs and techniques of decentralization to provide a system that can be trusted — 100%. Trust works both ways though, and with greater inherent levels of trust, the risk profile and related investment for all participants is lower.

Thanks to Louis Strauss, Jothi Rengaraj, Shariq Khwaja and Wayne Jenkins for their thoughts and contributions to this article.