Duncan Jones, Head of Skunkworks, Thales e-Security
Over the past five years, blockchain has risen from an underground currency technology to celebrity status, appearing in everything from banking and financial services to diamond tracking and music royalties. It’s claimed to have transformed the way money, jewels and songs are tracked, delivered and paid for, enabling greater control and driving even more revenue for businesses in these sectors. Every new technology is often overhyped, however. Just look at QR Codes from the ‘00s or “big data” today, both of which promised to revolutionise the business world. While big data has largely lived up to the hype, QR Codes never really took off in the US and Europe, failing to revolutionise mobile payments as promised. Where the problem generally lies is in the understanding of the new technology and how it can be used to transform a business.
For many people, blockchain and Bitcoin are synonymous, but they are in fact very different. Bitcoin is an unregulated digital currency, or cryptocurrency as it’s also known, designed to cut out third party payment providers and bypass government currency controls. Bitcoin transactions are stored and transferred using a distributed ledger on a peer-to-peer network that is anonymous and open. Blockchain is therefore the distributed ledger technology that underpins Bitcoin.
Even though blockchain has made its way into a number of industries beyond financial services, the obvious benefits come with their own set of challenges and misconceptions.
The holy grail of auditing
The audit trail provided by blockchain has the ability to revolutionise financial transactions worldwide. Thanks to blockchain, a transaction only truly happens when it is captured in the ledger (and,as a result, recorded forever). This means there is a one-to-one link between the action and the audit log, providing perfect forensic evidence of every transaction.However, this perfection requires each business transaction to be modelled as a blockchain transaction (perhaps using smart contracts on Ethereum or Burrow). Posting an audit entry to a blockchain after a business transaction completes won’t be effective,as that property will be lost; there’s no guarantee that every transaction was in fact posted to the chain or that every element in the chain is the result of a real business transaction.
All blockchains can resist a certain proportion of cyber criminals trying to subvert their behaviour; typically somewhere between a third to a half of participants. Beyond this threshold, if sufficient nodes collude they can rewrite the past.Imagine a scenario where three banks keep a shared blockchain ledger to record transactions. Is it so hard to imagine two of the banks conspiring to sabotage the third? Probably not, but it’s much easier to imagine (and more likely) that the use of blockchain technology is being championed in all three banks as a cure-all for data integrity and auditing.
Despite the challenges, this type of collaboration is already happening. Six major banks have come together to introduce a new digital currency powered by blockchain. The “Utility Settlement Coin” will allow banks to pay each other or buy securities such as bonds, without having to wait the usual hours or days for money transfers to complete in the traditional way. With involvement from HSBC, Canadian Imperial Bank of Commerce (CIBC), Barclays and Credit Suisse, this new currency will ultimately cut the cost, time and capital required to settle trades.
Smart contracts are the future
Legally binding contracts are another way in which blockchain can be used to help move businesses forward. Ethereum was the first blockchain designed for executing arbitrary code “on the blockchain”.In essence, it’s a decentralised platform that runs smart contracts, enabling applications to run exactly as programmed without the risk of fraud, cyberattacks or company downtime.
On face value, this can be seen as a game-changer for businesses.Error-prone, corruptible human processes can be replaced with autonomous scripts that are guaranteed to execute correctly and audit themselves automatically on the ledger.
However, that’s entirely based on a developer’s ability to write flawless contract code. Last year, $50million was stolen from the DAO, an autonomous corporation running on the Ethereum blockchain, due to a bug in the contract code. The vulnerability meant that the attacker was able to withdraw a third of the value of the corporation into anonymous accounts. Contrast this outcome with a flaw in a legal contract, where you have the opportunity to argue the matter in court and seek a reasonable judgment based on the intention of the document.
This raises yet another issue: the legal enforceability of smart contracts. The reality is, until the technology evolves to the point it’s universally recognised as binding,smart contracts will be secondary to a written contract that actually binds the parties together. Traditional written contracts will still provide legal protection and risk mitigation for the foreseeable future – so don’t write off your solicitor just yet.
That said, it’s unlikely to be that way forever. As the technology advances, smart contracts will no doubt revolutionise the way business is done in a variety of sectors. A great example is the recent move by French insurance firm, AXA, to automate flight delay insurance using smart contracts on Ethereum.
Last year alone, global investment in blockchain technology and start-ups hit $1.5 billion according to Frost & Sullivan, signalling a shift in the technology’s legitimacy. However, like any new innovation, blockchain has its strengths and weaknesses.Understanding the business need and the impact any new technology, blockchain or otherwise, might have on the business is essential before committing any investment.
If your business transactions can be represented as blockchain transactions, you get a lot of powerful side-effects for free.Auditing, shared state and consensus between distrusting parties are pretty impressive secondary benefits.
However, as blockchain technology is still in its infancy, businesses should be cautious of using it as theonly method of solving transactional issues, especially in financial services.