The Bank of England and the UK Treasury have announced a Central Bank Digital Currency (CBDC) Taskforce to coordinate the exploration of a potential British CBDC. But how could a digital Pound actually work? As it happens, this is something that Consult Hyperion knows rather a lot about. Apart from our work on the first British central bank digital currency (Mondex) back in the 1990s, our work on the first population-scale mobile money scheme (M-PESA) in the 2000s and our work on the most transformational contactless payment roll-out (Transport for London) in the 2010s, our practical experience across implementation platforms means that we understand the architectural options better than anyone.
I’m not sure if you’re supposed to have a favourite supply chain fraud or not but I do, and it is the famous case of the vegetable oil that almost bankrupted American Express (and went some way toward making Warren Buffet a multi-billionaire). The essence of the story is that a conman, Anthony “Tino” De Angelis, discovered that people would lend him money on the basis of commodities in the supply chain. His chosen commodity was vegetable oil (see How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE). Amex had a division that made loans to businesses using inventories as collateral. They gave De Angelis financing for vegetable oil and he took the Amex receipts to a broker who discounted them for cash. So he had tanks of vegetable oil and Amex had loaned him money against the value of the oil in those tanks, the idea being that they would get the money back with a bit extra when the oil was sold on. Now as it happened, the tanks didn’t much contain oil at all. They were mostly water with a layer of oil on top so that when the inspectors opened the tanks and looked inside they saw oil and signed off whatever documentation was required. Eventually the whole scam blew up and nearly took Amex down, enabling the sage of Omaha to buy up their stock and make a fortune.
Fortunately for us and unfortunately for conmen like Tino, the supply chain is one of the many industries that the blockchain is going to disrupt. As my good friend Michael Casey and his co-author Pindar Wong explain in their recent Harvard Business Review piece on the topic (Global Supply Chains are about to get Better, Thanks to Blockchain in HBR, 13th March 2017), blockchain technology allows computers from different organisations to collaborate and validate entries in a blockchain. This removes the need for error prone reconciliation between the different organisation’s internal records and therefore allows stakeholders better and timelier visibility of overall activity. The idea discussed in this HBR piece (and elsewhere) is that some combination of “smart contracts” and tagging and tracing will mean that supply chains become somehow more efficient and more cost-effective.
An aside. I put “smart contracts” in quotes because, of course, they are not actually contracts. Or smart. Bill Maurer and DuPont nailed this in their superb King’s Review article on Ledgers and Law in the Blockchain (22nd June 2015), where they note that smart contracts are not contracts at all but computer programs and so strictly speaking just an “automaticity” on the ledger. (Indeed, they go on to quote Ethereum architect Vitalik Buterin saying that “I now regret calling the objects in Ethereum ‘contracts’ as you’re meant to think of them as arbitrary programs and not smart contracts specifically”.)
Trusting these third parties can be a risk. Another of my favourite scandals (I have quite a few, I should have mentioned that) is the horsemeat scandal that swept Europe on the 50th anniversary of the salad oil scandal. Basically horsemeat was being mixed with beef in the supply chain and then sold on to the suppliers of major supermarkets in, for example, the UK. One of the traders involved was sentenced to jail for forging labels on 330 tonnes of meat as being 100% beef when they were not. Once again, I am curious to know how a blockchain would have helped the situation since the enterprising Eastern European equine entrepreneur would simply have digitally-signed that the consignment of donkey dongs were Polish dogs and no-one would have been any the wiser. It is not clear how a fintech solution based on blockchains and smart contracts would have helped, other than to make the frauds propagate more quickly.
The reason that I am interested in scandals like this one is that the tracking of food features as a one of the main supply chain problems that advocates hope the blockchain will solve for us. Work is already under way in a number of areas. I understand that Walmart have carried out some sort of pilot with IBM to try to track pork from China to the US and another pilot was used to track tuna from Indonesia all the way to the US. But if someone has signed a certificate to say that the ethically-reared pork is actually tuna, or whatever, how is the shared ledger going to know any different? A smart contract that pays the Chinese supplier when the refrigerated pork arrives in a US warehouse, as detected by RFID tags and such like, has no idea whether the slabs in the freezer are pork or platypus.
If you do discover platypus in your chow mein, then I suppose you could argue that the blockchain provides an immutable record that will enable you to track back along the supply chain to find out where it came from. But how will you know when or where the switcheroo took place? Some of the representations of the blockchain’s powers are frankly incredible, but it isn’t magic. It’s a data structure that recapitulates the consensus of its construction, not a Chain of True Seeing with +2 save against poison. So is there any point in considering a form of shared ledger technology (whether a blockchain or anything else) for this kind of supply chain application? Well, yes. We think there is.
Let’s go back to the first example, the great vegetable oil swindle. Had American Express and other stakeholders had access to a shared ledger that recorded the volumes of vegetable oil being used as collateral, the fraud would have been easily discovered.
“If American Express had done their homework, they would have realized that De Angelis’s reported vegetable oil ‘holdings’ were greater than the inventories of the entire United States as reported by the Department of Agriculture. “
How might such a ledger might operate? Would American Express want a rival to know how much vegetable oil it had on its books? Would it want anyone to know? The Bank of Canada, in their discussion of lessons learned from their first blockchain project, said that “in an actual production system, trade-offs will need to be resolved between how widely data and transactions are verified by members of the system, and how widely information is shared”. In other words, we have to think very carefully about what information we put in a shared ledger and who is allowed to say whether that information is valid or not. Luckily, there are cryptographic techniques known as “Zero Knowledge Proofs” (ZKPs) that can deliver the apparently paradoxical functionality of allowing observers to check that ledger entries are correct without revealing their contents and these, together with other well-known cryptographic techniques, are what allow us to create a whole new and surprising solution to the problem of the integrity of private information in a public space.
It is clear from this description that a workable solution rests on what Casey and Wong call “partial transparency”. At Consult Hyperion we agree, and we borrowed the term translucency from Peter Wagner for the concept. For the past couple of years we have used a narrative built around this to help senior management to understand the potential of shared ledger technology and form strategies to exploit it. Indeed, in some contexts we focus on translucent transactions as the most important property of shared ledgers and as a platform for new kinds of marketplaces that will be cheaper and safer, a position that you can find explored in more detail in the paper that I co-authored with my colleague Salome Parulava and Richard Brown, CTO of R3CEV. See Towards ambient accountability in financial services: shared ledgers, translucent transactions and the legacy of the great financial crisis.Journal of Payment Strategy and Systems 10(2): 118-131 (2016).
As you might deduce from the title, in this paper we co-opt the architectural term “ambient accountability” to describe the combination of practical Byazantine fault tolerance consensus protocols and replicated incorruptible data structures (together forming “shared ledger” technology) to deliver a transactional environment with translucency. As Anthony Lewis from R3CEV describes in an insightful piece on this new environment, it is much simpler to operate and regulate markets that are built from such structures.
The reconciliation comes as part of the fact recording; not after. Organisations can “confirm as they go“, rather than recording something, then checking externally afterwards.
In this way the traditional disciplines of accounting and auditing are dissolved, re-combined and embedded in the environment. Smart contracts wouldn’t have disrupted Tino’s business, but ambient accountability would have uncovered his plot at a much earlier stage, when the near real-time computation of vegetable oil inventories would delivered data on his dastardly plot. You’d hardly need Watson to spot that inventories greater than the United States entire annual production ought to be looked into in more detail.
Perhaps we need to shift perspective. It is the industry-wide perspective of the shared ledger, the shared ledger as a regtech, that makes the disruptive difference to supply chains, just as it is the shared ledger as a regtech that will reshape financial markets by creating environments for faster, cheaper and less opaque transactions between intermediaries that have to add value to earn their fees rather than rely on information asymmetries to extract their rent. As the World Economic Forum’s report on the Future of Financial Services says, “New financial services infrastructure built on [shared ledgers] will redraw processes and call into question orthodoxies that are foundational to today’s business models”. We agree, and if you want to make this a reality for your organisation, give me or my colleagues at Consult Hyperion a call. We will provide help, not hype.
Incidentally, the brilliant Maya Zahavi from QED-it will be explaining how ZKPs can transform supply chains at the 20th annual Consult Hyperion Tomorrow’s Transactions Forum on April 26th and 27th in London. Run, don’t walk, over to that link and sign up now for one of the few remaining delegate places and to be kept up-to-date in the future, sign up for our mailing list as well.
[Sincere thanks to my colleague Tim Richards and to my former colleague Salome Parulava for their helpful comments on an earlier draft of this post.]
Well, that was the fun. The nice people at the Meaning Conference gave me 13 minutes to try to explain what a blockchain technology is, what blockchains might do, and what the implications might be, to an audience of largely creative people. Quite a challenge.
Since they were creative types, I thought I ought to frame my explanations with poetry rather than mathematics. I decided to start with the Ur-statement of ordered immutability, the Rubiyaat of Omar Khayyam (1048-1131):
“The Moving Finger writes; and, having writ,
Moves on: nor all thy Piety nor Wit
Shall lure it back to cancel half a Line,
Nor all thy Tears wash out a Word of it.”
You can see a revised version of the slide deck here (we accidentally sent the wrong version on the day, but it really didn’t matter). It sets out the revised “4x4x4” model of shared ledgers, so that there is context for talking about the blockchain, and then quickly works through how there are different kinds of blockchains (and bitcoin is only one) and then gets to what I think will be the lasting impact: ambient accountability and new kinds of transaction environments where traditional auditing and policing are taken care of by the environment itself.
In order to explain my focus on ambient accountability, we went back to poetry, this time with T.S. Eliot and choruses from The Rock (1934).
“They constantly try to escape
From the darkness outside and within
By dreaming of systems so perfect that no one will need to be good.”
The point here is to frame shared ledgers as as much of a regtech as a fintech. The technology may well not cut the cost of financial transactions at all — as I constantly point out, when people tell me about bitcoin’s incredible ability to move money around the world instantly and for free, the blockchain isn’t instant and it isn’t free — but it has the potential to cut the cost of regulating financial transactions substantially. We can, I think, see ways to dissolve traditional notions of auditing and replace them with infrastructure that embodies auditing instead. If there’s no way that your view of the ledger and my view of the ledger can differ, then there’s no need to reconcile them.
You can watch the presentation here on YouTube (where it takes 19 minutes – I failed). They were kind to me with their feedback, although going back over the presentation I’m a little disappointed with it. I think I can do better to bring the new world of the shared ledger to the general audience. So I’d appreciate your feedback on two elements of the presentation. First, does the “real world ledger” model help with the discussion or is it an unnecessary complication and second do the example ledgers presented across those six layers make sense? I want to quickly show the different types of ledger in one slide, so I want a decent graphic comparing Bitcoin, Ethereum, R3, Hyperledger, DAH and so on. If someone has one I’d love to use it (fully credited, of course).
On a cold and foggy December morning I set off for the Mother of Parliaments. As I had contributed to the Parliamentary Office of Science and Technology (POST) work on shared ledger technologies (SLTs), I had been invited to the House of Lords for a slap-up full English and a discussion on the topic with assembled Lords and Commons. Very exciting for a lad from Swindon.
Once I reached the Palace of Westminster I went straight for the Black Rod’s garden gate.
But this turned out to be the exit, not the entrance. I went back round to the entrance and found a queue of blockchainafficionadospatiently awaiting the constable in charge of opening the gate at 8am sharp. I told the assembled throng (from the STFC) that I was there to lobby parliament to have THE BLOCKCHAIN accepted as a religion, like Scientology, and to have all associated tax breaks and other privileges. They think I’m joking, but they are not entirely sure. They are planning to put physicists on theblockchain, so I am a little suspicious of them.
At 8am on the dot the boys in blue let us in. They put my bag and coat and things through an X-ray machine, even though I told them that I had noblockchainsabout my person, and then we were inside the hallowed halls. I began the search for the elusive darkblockchainwith the help of the STFC chaps. No luck.
The breakfast was held in the Attlee Room. This is named after Clement Attlee, who led the post-war Labour government in Britain. The picture on the wall behind me is by “Michael Hestletine”, although it wasn’t clear to me whether it was by a Michael Hestletine or by the Michael Hestletine. Much like the distinction between the blockchainand a blockchain, it is rather important in my opinion.
I have to say that the slap-up full English was top notch. Two things I particularly liked: they didn’t use cheap sausages (skimping on the sausages ruins a full English in my opinion) and they served the baked beans in a separate little pot (is it called a “ramekin”?) which I really appreciated because I don’t like the beans mixing with the scrambled eggs and tomato. Anyway, to move on, Stephen Metcalfe MP, chair of the Science and Technology Committee, and Sir Mark Walport, the Government’s Chief Scientific Adviser (GCSA), opened the proceedings. Sir Mark had published a report on the technology earlier in the year.
The British Government’s Chief scientific adviser, Sir Mark Walport, has published his Government Office for Science report on “Distributed Ledger Technology: beyond blockchain”.
He said that the goal of the POST reports is to demystify technology for policy makers although I have toreport that in his closing remarks he said that we had not been entirely successful in this enterprise and I fully concur with his opinion.
Sir Mark comes from the medical profession and he used a pharmacological analogy to introduce the topic to the group, saying that new drugs tend to go through a familiar cycle of “miracle cure” to “wouldn’t give it to a dog” on to “is good for X, Y and Z under certain conditions”. I think he was asking the expert speakers to explain what the X, Y and Z might be and under which conditions. In which case, and I am not casting the first stone here, we failed.
Sir Mark, as you might recall, was kind enough to the use the Consult Hyperion model of SLTs in his report mentioned above, gave a couple of examples that – and I say this in a spirit of enquiry and integrity – I just don’t buy. He specifically mentioned the example of constraints on the spending of welfare payments. Now, while I think this is a bad idea, I can think of far easier ways to achieve it (MCC restriction, for example) than tracking everything that welfare recipients spend on a blockchain. I can certainly seethat in the coming world of smart money (i.e., money that is transferred between ~smart ~contracts) it will be possible to constrain, restrict or censor transactions, but who and why are more important questions than how. In any case, who would mine this blockchain? The Department of Work and Pensions and… well, I think I wouldneed to see a more fully-developed architecture to comment.
My old friend Simon Taylor from 11:FS had also been asked along to provide input to the discussion and he tried a different set of metaphors relating to the confirmation of events from multiple sources but it was notclear to me that he was able to help Lord Birt and others to understand the key issues.
After a while, the discussion moved on to the Estonian electronic identity system. I expressed some scepticism as to whether the Estonian electronic identity system was on a blockchain. The conversation continued. Then to my shame I lost it and began babbling “it’s not a blockchain” until the chairman, in an appropriate and gentlemanly manner, told me to shut up. At this point, Simon and I got into an excellent twitter debate about what might constitute a distributed ledger and whether you need some particular combination of characteristics in order to claim that a system is a distributed ledger and whether, irrespective of the blocks and chains, the blockchain is a sensible description of certain systems.
I noted that someone nearby was looking at me with a slightly quizzical expression that I took to be some questioning of my ability to comment on the topic. Well, I went all “don’t bring your knife to my gunfight” on twitter. First of all, one of the first podcasts I ever recorded (a decade ago) was with Tarvi Martens, one of the architects of the scheme. Tarvi kindly contributed a case study on thescheme to my 2007 book “Digital Identity Management” (available from all good bookstores).
Forum friend Tarvi Martens presented a case study from Estonia on population-scale identity cards. This had been updated from the original case study that Tarvi kindly contributed to both the Digital Identity Forum and Digital Identity Management. The first card was issued back in 2002 and by October 2006 there were a million cards in circulation.
One of the things that I couldn’t help but point out is that the Estonian eID card gained initial traction due to some unusual circumstances.
Unusually amongst ID card, the principal use of the Estonian card is an a transit card in Tallin (120,000 people every day use their card for this) and as a travel document.
Hence I couldn’t resist asking their Lordships whether the transport secretary’s announcement on this very same day of some sort of national travel smart card today was an attempt to introduce an identity card by the back door…
So. The Estonian ID card, which was first issued in 2002, has nothing to do with distributed ledgers or blockchains or any similar technology. End of.
When it came time for my two-pennyworth around the table, I said that it wasn’t atall clear to me that it was accurate to describe Bitcoin as a decentralised system since almost all of the hashing power resides with a very small number of unaccountable mining pools based in China but, more importantly that
It seems to me that many of the efforts to move shared ledgers into the marketplace have concentrated on shaping shared ledgers to emulate existing solutions in the hope that SLTs will be faster, higher or stronger. These are all unproven assertions. It is possible that a shared ledger replacement for RTGS might be cheaper, or more resilient or more functional that the currency centralised solution, but who knows?
The transparency of the shared ledger, the aspect that most doesn’t work for current solutions in current markets, may well turn out to be the most important characteristic because it allows for ambient accountability and therefore opens up the potential for new kinds of markets that are far less costly and complex to regulate, manage, inspect and audit. This is the “shared ledger as regtech not fintech meme” that I am rather fond of.
Just as the invention of double-entry bookkeeping allowed for the creation of new kinds of enterprise, so it seems to me that the shared ledger will similarly lead to new kinds of enterprise that use the shared ledger application (the SLAPP) as the engine of progress and the focus of innovation. I assume that there are kids in basements experimenting with SLAPPs right now and that this is where the breakthrough use case will come from. As I said last year in a discussion about shared ledgers for land registry, turning the ledger into a platform may be the most important reason for shifting to this implementation.
The ability to execute general purpose code on the consensus computer means that, just as the ability to executer general purpose code on conventional computers did, people will create some amazing things that we can’t imagine right now.
This will, in the long run, turn out to be much more important than creating a new kind of database.
When I wrote this I was thinking that the ideas for these new kinds of applications can only come from fresh perspectives, but I have changed my opinion on that having seen some of the work already going on the field. Maybe some of us old hands still have something to offer when it comes to rethinking the ways markets can work. All in all, a very interesting start to the day. Incidentally, the only people around the table who made complete sense, as far as I could tell, were Professor Vili Lehdonvirta from the Oxford Internet Institute (who talked about the need for control and governance) and Calogero Scibatta of Everledger who, of course, actually already has a business that depends on shared ledgers. Here I am with Calogero on the way out, still discussing whether the ontological classification of Bitcoin recapitulates its phylogeny or whether it should be re-classified according to external definitions unrelated to its history and development. In other words, just because it was designed to be decentralised doesn’t mean it is decentralised.
Oh, I also told the assembled Lords that most of the stuff I read every day about “the blockchain” is rubbish. It’s become a meaningless chromewash term. Here is a real conversation that took place with a blockchain vendor in the presence of a client recently:
Vendor: We are using the blockchain to revolutionise [redacted].
Me: What’s in the blocks?
Vendor: We don’t need to use blocks westore each transaction in such a way that only the parties to the transaction can see it.
Me: Who forms the consensus?
Vendor: It’s a master-slave consensus so the purchaser has a master record and the suppliers have a copy of it.
Me: How are the transactions chained together?
Vendor: They store the transaction but we also store the hash of each transaction.
Vendor: Because blockchain (I’m paraphrasing).
If Roger Ver is the undisputed Bitcoin Jesus, then I claim that after yesterday’s performance my position as the Blockchain Meldrew is now unassailable.
Now we all know what the bitcoin blockchain is, don’t we? It’s just one particular version of the general class of blockchains, which share the characteristics that data is stored in blocks and because of some cryptographic jiggery-pokery the blocks are chained together, so that you can’t go back and change the contents of a block without having to then change the contents of every subsequent block. And depending on the consensus protocol that is used, you can’t change the blocks without everyone else agreeing to let you do it. Thus it is, as my colleague Salome Parulava describes it, “mutable by consensus”.
Whereas auditing at present entails the confirmation of transactions and balances on a company’s accounting ledger at the end of the period, a transaction on the blockchain would provide a permanent and immutable record of the transaction almost immediately.
The reason that this kind of structure is called immutable, even though it is mutable by consensus, is that it is computationally infeasible to go back post-consensus and make a change. Even if you obtain consensus and co-ordinate more than half of the “hashing power” in the case of bitcoin, and could in theory go back to the very first block, change it to send the bitcoins in it to yourself, and then go forward rewriting all of the subsequent blocks, it would take years and years of massive computing power. Someone could, in theory, treat all of the bitcoin transactions from the last checkpoint up until now as the wrong side of a fork. (For all we know, secret mining pools are As my good friend Gideon Greenspan pointed out to me, just because you could see that corrupt agents were rewriting history in this way it doesn’t mean that you could stop them. But it’s not a realistic attack. We can live with the description “immutable” to mean “theoretically mutable but not mutable under any practical circumstances that we can envisage”.
If you had a different kind of blockchain, however, you could design it work in a different way. It could be mutable by consensus, or mutable by a dictator, and it could be mutable in a computationally feasible way. This is what some researchers in the US and Italy have put forward in a paper called “Redactable Blockchain, or Rewriting History in Bitcoin and Friends” (5th August 2016). Giuseppe Ateniese, Bernado Magri, Daniele Venturi and Ewerton Andrade say:
We put forward a new framework that makes it possible to re-write and/or compress the content of any number of blocks in decentralized services exploiting the blockchain technology. As we argue, there are several reasons to prefer an editable blockchain, spanning from the necessity to remove improper content and the possibility to support applications requiring re-writable storage, to “the right to be forgotten”.
We don’t need to go into the clever mathematics behind this. Just take forward the idea that you can use that clever mathematics to substitute for massive amounts of computing power that I mentioned above and can rewrite a block without having to go forward and rewrite all subsequent blocks. The well-known and well-respected outsourcing company Accenture has filed a patent on this idea with Professor Ateniese.
By allowing a central administrator to amend or delete information stored on a blockchain, the [outsorucing company, Accenture] says that its prototype will make the technology more attractive to the financial services industry.
This announcement was met with widespread derision on social media, and I can understand why. One of the key reasons for considering a blockchain to implement certain kinds of financial services is that the state of the blockchain, the shared world view, is locked down and the end of each block. If the shared world view can be changed, it wouldn’t be useful for these services any more. Now, I can see why some people might want an accounting system that works this way (see, for example, the case of Kingfisher Airlines in India) but I wouldn’t have thought that society wants accounting systems that work this way at all. Why would you want a ledger that can be edited either by some group or subgroup of the consensus forming stakeholders or by some central authority? I can think of a few reasons, but none of them make any sense.
The financial services industry needs to face the question of how to balance the appeal of pristine accounting with the demands of the real world, where some things simply need to be struck from the records.
Nothing ever needs to be “struck from the records”. If a bank makes a mistake — let’s say it accidentally opens a couple of million bogus accounts — then it can’t just go back and scrub the backup tapes and pretend it never happened. The way to correct a wrong debit is with a correct credit. The Financial Times quotes blockchain entrepreneur and serious player Blythe Masters, the former JPMorgan banker running Digital Asset Holdings, as saying of Accenture’s approach that “we think it is innovative and can strike the right balance between preserving blockchain’s key features and adapting it for real-world requirements within some permissioned systems.” But what are these real-world requirements within some permissioned systems that Ms. Masters is referring to?
I don’t think anyone would use the bitcoin blockchain consensus protocol that was designed for an open, permissionless blockchain (i.e., proof of work) for a closed, permissioned blockchain so you would never need to edit it this way. My reading of the paper, from a not-a-cryptographer perspective, is that it does not deliver against the real-world requirements for permissioned systems in financial markets. The use cases that are set out in the paper are the need to remove child pornography from a public blockchain, the “right to be forgotten” and the need to consolidate records financial transactions. My feeling is that none of these are real-world requirements.
As for the first use case, this is not something that our clients need consider since none of them are proposing to implement critical national financial infrastructure on a public blockchain with arbitrary content controlled by unaccountable consensus groups. If, for example, a stock exchange were to implement a blockchain settlement system, it would not be of such a type as to allow members of the general public to store child pornography on it (or at least it wouldn’t be if it had people such as Consult Hyperion designing it).
What’s more, if a stock exchange were implemented on an editable blockchain, it would be utterly chaotic since at the execution of any transaction, no-one could be certain about the state of the ledger (since it would be possible for some future intervention to change it). My granny dies and leaves me IBM shares. I sell you my IBM shares. I use the money to buy a car. Then a decade later a court order overturns my granny’s will as it turns out she had a son that we’d never heard of. So we go back and change the blockchain so that the IBM shares belong to him instead of me. So now I didn’t have the money to buy the car. So I have to give the car back. But the car was scrapped… and so on. Interstellar overdrive… then I go back five years later because it turns out he wasn’t her son at all and now I want the blockchain changed to give me my IBM shares…
Richard Lumb, global head of financial services at Accenture, told the Financial Times that financial institutions and regulators would need a means to quickly correct errors on the blockchain before using it in securities markets. He gave the example of a “fat finger” trading error, or a trade assigned to the wrong counterparty.
That’s not how you correct errors, by just rubbing out mistakes. These are regulated financial institutions, not the mafia. No-one is going to build a financial services market on top of a mutable blockchain. In one of the comments I saw about this proposal, someone said that it would be OK because the market participants would keep an audit log of the changes and who agreed them. I thought that perhaps such an important log might need to be stored on an immutable ledger. Uh oh, blockchain Inception.
As for the next use case, I am not a lawyer, but I think that the paper misinterprets the so-called “right to be forgotten”. However misguided the European Court’s decision on this might be, it does not demand the rewriting of history. If you publish an article about me that I think contains “old, inaccurate or even just irrelevant data“, and I manage to persuade Google that it should be harder to find, then the article is not deleted. The link to the article is removed from Google search results but the article is still there. Here, for example, is the Daily Telegraph’s full list of stories that have been removed from search results.
Newspapers are not required to go back and tear out articles from their archives, they are exempt (but in Europe, Google opted not to be regulated as media company so is not exempt). And I’m sure none of us what would to live in a world where politicians could obtain court orders to go back a change the historical record! When it comes to the serious use cases (e.g., revenge porn) it is already impossible to purge the matrix and it won’t make any difference whether they are stored on a blockchain or not (although with a permissioned blockchain you would at least know who had put them there and therefore who to arrest).
The third use case, the consolidation of financial records is not clear to me at all. Since the invention of double-entry bookkeeping, the whole point of keeping a ledger has been that you have a record of all of the credits and debits that contribute to the current world view. Companies do not delete old transactions every few months to save space. In fact the law requires them to maintain the transaction records for years. Here’s one example: in the UK, the “direct debit guarantee” has no time limit at all, so all records relating to direct debits need to be kept forever. If there is something about this use case that I haven’t understood, I would be genuinely interested to be corrected.
In summary, then. We all appreciate the clever mathematical tricks behind the mutable blockchain, but when it comes to the serious world of banking and financial services, it seems like (in the casual demotic of our unlearned age) a bit of a chocolate teapot.
Like many of you I am sure I never miss The Economist “Money Talks” podcast, which is how come I happened to hear about the bankruptcy of an Indian airline. A first glance a normal, run of the mill corporate failure…
Inaugurated in 2005, Kingfisher Airlines… never made money, not in one year. On 20 October 2010, the Directorate General of Civil Aviation (DGCA) suspended its licence to fly. Some 3,700 employees were left contemplating their future. More importantly, a clutch of largely public- sector banks is looking at writing off loans worth roughly Rs 6,000 crore as bad debt.
Well, these things happen. The more cynical among you might just note this as another example the subverted corporatist version of capitalism that we are familiar with today, where profits are privatised and losses are socialised, and put it to one side. But the story has a particularly fascinating trajectory and one of that is relevant to the kinds of discussions going on at executive level amongst some of Consult Hyperion’s customers. Here’s why. It’s the story of an unshared ledger. Kingfisher Airline’s corporate records have vanished.
The airline’s missing accounts—apparently stored on servers seized by a vendor who had gone unpaid—is an unwelcome complication for those who had hoped the Kingfisher saga might be inching towards some sort of resolution.
Now, I hate to say it, but this is one of the few news stories that I have seen recently that actually points out a genuine use case for shared ledger technology and as far as I can see (from my single source of truth, my Twitter feed) no-one picked this up. Set against the common vague management consultant stuff about how “the blockchain” is going to transform the health care industry, the refugee crisis and insurance, this is a real example of a use case that is not based on fantasies about reduced costs or improved performance or the eradication of intermediaries or “code is law” but the solid reality of a consensus computer in operation.
So, imagine that Kingfisher had adopted something along the lines of Ian Grigg’s “triple entry” system. There’s a permissioned shared ledger that is maintained by, amongst others, the airline itself, the 17 creditor banks and the airline industry regulator. The airline and the banks update their own double-entry accounting systems using the data from the shared ledger.
If the airline goes bust or vanishes into a black hole or is infiltrated by ne’erdowells, it doesn’t matter, because everyone has a copy of the shared ledger. The banks can see that there are transactions with other banks, but may or may not see what those transactions are without permission. I assume that when a bank lends a few million quid to a company one of the first things it does is send in expensive finance-type persons to find out what other loans are outstanding and under what terms, so I don’t see my the transactions would be encrypted but I know nothing about corporate finance. But even if they were, then under warrant the regulator and law enforcement agencies would be able obtain the escrowed transaction keys needed to decrypt transactions of interest. You can sort of see how it would work. Back here to my fantasies about encrypted open books, translucent databases and shared ledger applications. Everyone would be able to see that assets exceed liabilities even though no-one (other than the relevant parties) could see what those assets or liabilities were.
If I were casting around for a practical proof-of-concept in the world of the shared ledger, I would certainly consider such an example. In this case we have a system where there are trusted participants who may become untrusted, records that must be immutable beyond the lifetime of their creator and real money to shared amongst the stakeholders. Think of all the money that could have been saved on auditing, forensic accounting and compliance! Money that could have instead been spent on customers, employees and suppliers of discretionary services.
So that’s why I used this particular story to help develop narrative in a couple of client meetings this week. As it happens, though, the story has even more to it as an exemplar. But first, a word about identity… Remember, names are attributes not identifiers. I’m a Dave Birch, but that doesn’t necessarily make me the Dave Birch in any specific instance. Now back to the story. The creditors want their money back so they are going after the guarantors of the loans made to Kingfisher where they have some evidence of the loan and the guarantor. Fair enough.
Last month it emerged that one of the aggrieved banks froze the accounts of three customers it alleged had guaranteed loans to the carrier in their role as board directors of Kingfisher. In fact, it blocked a destitute farmer, a vegetable stallholder and a security guard with similar names.
Ruh roh. So much for Know-Your-Customer (KYC). I’m sure this kind of problem will not recur, because India now has the Aadhar universal identity service. I’m sure that future loan guarantors will have to present their Aadhar card and be biometrically-identified as part of the loan process. This was, after all, part of the original vision for the Indian UID service, made clear back in 2010.
“Lack of identity is hurting people and blocking progress. Aadhar (the brand name for UID) can serve as the know your customer guidelines that banks have. It can reduce friction for the poor person who is trying to access public services like banking,” Nilekani said…
But in other jurisdictions where universal identity is not yet the rule, some alternative might be needed. Perhaps here the shared ledger, which may in the long term be seen as a #regtech revolution and not a #fintech revolution at all, might also provide the necessary infrastructure (as I suggested in my presentation on “CRUDchains” at the Dutch national blockchain conference earlier this year). So now we have an interesting — but practical — model to work with. A shared ledger for the accounts that is linked to a shared ledger for the KYC. Anti-money laundering implemented as a process that constantly traverses both chains, not a set of expensive procedures.
I’m think I might use this example to test some of the ideas we are developing around shared ledger structures and blockchain (and other implementations) with some of our clients and partners, but as always I’m genuinely curious to hear what you have to say about the potential here.
Well, the paper that Richard Brown of R3, my colleague Salome Parulava and I put together what seems like an age ago (a year is a long time in fintech) has finally been published! Hurrah! Here’s the reference for you:
Birch, D., R. Brown and S. Parulava. Towards ambient accountability in financial services: shared ledgers, translucent transactions and the legacy of the great financial crisis. Journal of Payment Strategy and Systems 10(2): 118-131 (2016).
The paper itself is not online (you have to subscribe to the Journal for that) but I’m sure that the fine people from Henry Stewart Publications will have no objection to me reproducing the abstract for you here:
The consensus in the finance sector seems to be that the shared ledger technology behind Bitcoin, the blockchain, will disrupt the sector, although many commentators are not at all clear how (or, indeed, why). The blockchain is, however, only one kind of shared ledger and the Bitcoin blockchain works in a very specific way. This may not be the best way to organise shared ledgers for disruptive innovation in financial services. So what is? And why would financial services organisations want to do exploit it?
This paper sets out a simple shared ledger taxonomy and layered architecture designed to facilitate communication between technologists, businesses and regulators in the financial services world and explains why the various forms of shared ledgers might be attractive to financial services organisations, borrowing the phrase “ambient accountability” from architecture to suggest a new way to organise a financial sector.
The paper sets out the “4×4” model that we have used for exploring shared ledger technology with a variety of clients (and have found it to be a very useful tool to help clients develop their strategies around shared ledgers) and then uses this model to discuss the application of shared ledgers to financial services.
We finish by putting forward the idea that the legacy of the great financial crisis of the last decade might be the creation of more transparent financial markets. Our focus on transparency was reinforced by the discussions at Money 2020 in Copenhagen, where I think I detected the emergence of “regtech” as a distinct from “fintech” as a paradigm and organising principle. I spoke to a few people about this during the course of those sessions and it seems to me that for many of the financial services delegates their number one problem, the place where costs are out of control and apparently growing without limit, is compliance not technology. Yes, there is great new technology out there but it can’t help unless it has a regulatory context in which to flourish. The idea that there might be new categories of technology (and actually I think that the shared ledger might be one of them because of its potential for a new kind of transparency and a regulatory win-win) where the impact is to reduce the cost of complying with regulation rather than to reduce the cost of delivering a functional service sounds is potentially revolutionary.
What would transparency mean in our context? We envisaged a new kind of financial marketplace where “translucent” transactions that are clear to counterparts, clear in outline to regulators and opaque to others might allow us to set up a transactional environment with ambient accountability. We use the “glass bank” example to create a narrative, and it’s an example that I’ve used before to illustrate the relationship between transparency and trust. Here’s something about it from six years ago:
Transparency increases confidence and trust. I often use a story from the August 1931 edition of Popular Mechanics to illustrate this point.
The legacy of a crisis is often regulation. If we view the shared ledger not only as a fintech (a technology that changes the cost/benefit landscape around financial services) but also as a regtech (a technology that changes the cost/benefit landscape around the regulation of financial services) then we might be able to make the legacy of the last crisis a better and more effectively regulated financial services sector that is a platform for radically new products and services. At a time when so much money is going on compliance and so much momentum is going into “legacy” regtech we realise that the use of shared ledgers may seem radical, but we are convinced that it is time for a new approach.
Speaking at the Dutch National Blockchain Conference back in June, I remarked in passing that I thought bank customers would be storing their money (their wealth) in all sorts of places in the future – from a small percentage in demand deposit accounts, through investment accounts of one form or another, P2P marketplaces and who knows what – but that they would be storing their identity back at the bank.
This was picked up on Twitter and a few people commented on it, so I thought I’d expand on what I meant here. First of all, it is neither a new idea nor my idea: other people have been saying this and they’ve been saying it for a while. I might have expressed it in a better soundbite, but it isn’t my concept.
Britain’s high street banks believe their future role will be as repositories of more than just money: they want to be the safe place where customers store their digital identities.
That’s from a couple of years ago. It is not some out-of-left-field edge thinking or me spouting aphorisms for a conference stream either. Round about this time, the European Banking Association (EBA) said something similar and you can’t get much more mainstream than them.
Banks are well positioned as is explained in a recent white paper of the European Banking Association (EBA).
So what might banks do with your identity once they’ve got it safely locked away in their vaults? Well, one idea, particularly popular with me, is that they might give you a safe, pseudonymous virtual identity to go out an about with.
Some suggest that digital identity verification by banks could ultimately end the need to type in a credit-card number on an ecommerce website
Some others (uncharitable persons, of which I am not one) also suggest that banks will pratt about and muck this all up and hand digital identity ownership over to Apple, Facebook, Google, Amazon and Microsoft on a plate. But if banks were to develop some common strategy around this topic (perhaps related to the financial services passport concept that’s been discussed here before) then where should they start?
Well, what about the “adult identity”? Why doesn’t my bank put a token in my Apple Pay that doesn’t disclose my name or any other personal information, a “stealth card” that I can use to buy adult services online using the new Safari in-browser Apple Pay experience? This would be a simple win-win: good for the merchants as it will remove CNP fraud and good for the customers as it will prevent the next Ashley-Madison catastrophe. Keep my real identity safe in the value, give me blank card to top shopping with – a simple use case that will test the viability of the concept.
When people say “blockchain” they mean different things. And some of the things they mean are just absolutely, categorically different. Implications of public open blockchain designs and private blockchain designs vary drastically. I emphasis this distinction because it is key – the different designs assume and imply totally different things.
Both types are important but for different reasons, for different markets and for different use cases. I think we have passed the time when “Bitcoin bad – Blockchain good” seemed an eye opener. What this kind of argument did is it drew the attention of financial incumbents from the Bitcoin-like permissionless space to the private, permissioned space. Which makes sense for their business models. But I think they are not paying enough attention to the permissionless space. I think you are not either!
I bet you hadn’t anticipated such a steep rise of Ethereum (the price of native Ethereum currency soared 10 times from the beginning of 2015 and Ethereum’s market cap reached 1.5 billion dollars). You may have even missed the creation of the first human-free organisation. Even if you try to keep an eye on the public blockchain world, you only get reminded of its existence when Bitcoin price surges to its 2-year high (it now trades at over 700$) and all the mainstream media cover this.
Both public and private shared ledgers (
Blockchains) are essentially shared book-keeping (and computing) systems, one class – open for everyone to use (public), another – restricted to a certain group of members (private). And this is it. Open for everyone to use means lower entry barriers, it means identity-free and regulation-free shared book-keeping (and computing). What could be restricted by identity policies and financial regulations goes around this. You can, say, restrict a person from buying bitcoins by setting high KYC requirements to online exchanges (for users not to be able to change dollars for bitcoins if they are not KYC’d). You can even cut his or her internet connection. You can issue a court order to close a business that accepts bitcoins as money. And so on and so forth.
A lot of this effort looks similar to trying to stop the Internet, but I suppose the regulators can dream!
Public technology service and native digital rights
“Proof-of-work is inefficient”. So what? Let it go! Think of what’s the idea behind it and what it tries to achieve, regardless of this inefficiency. Regardless – because even if proof-of-work is not ideal, there are other permissionless technologies already developed and many more that are work in progress. Some of best minds in the world are looking to provide the benefits of permissionless shared ledger environment without the drawbacks of original Bitcoin’s proof-of-work. Just assume that they will solve that problem and move your thinking on.
What the blockchain delivers is permissionless book-keeping (and computing) public technology service (with the unchangeable and transparent transaction history as an incredibly valuable side effect). When I say “public service”, I do not mean that a company or public organisation provides it, I mean technology itself and collaborative user effort provide it. In a sense – everyone and no one. The protocol acts as the service provider.
And this is crucial. In traditional financial world, the basic value transfer layer that cryptocurrencies (i.e. everyone and no one) provide as a public technology service, is provided by companies – service providers, and is not accessible to anyone. For example, PayPal provides digital value transfer service.
Here I want to make a point that permissionless cryptocurrency systems have a promise of a digital environment in which value transfer is intrinsic, embedded on the protocol level – and so, for users the ability to make a transfer could become what I call a native digital right. Just to give you an analogy (it’s not a very accurate analogy but you’ll like it!) – take a guess what you see on the picture below. Well, it’s a standard residential elevator in my mother country Georgia, where you need to pay every time you use it! Up and down. Every time up, every time down!
So maybe we all (all internet users) live in our kind of Georgia, where every time we want to make a deal (economic agreement) in the online world we have to go through a cumbersome process and pay an unreasonable fee (each time!) for it. We need to get our bag out, fill in our card details, merchant’s acquirer (if it’s a merchant – even more obstacles with peer transfers) needs to send a request, card issuer needs to approve the transaction etc. Our today’s economic life online is based on this very complex e-commerce domain. And to me, it looks a lot like Georgian elevator. Think about it: on top of the obvious, that elevator only accepts certain denominations of Georgian coins – very specific, and is broken every once in a while – so even if you want to use a paid elevator sometimes you just can’t. So familiar.
How great would it be if we had a native digital right to make a value transfer online that noone could take from us (or grant us!), on a protocol level. How many applications could be built on top (at Consult Hyperion we call them SLAPPs -shared ledger applications)!
Persistence of permissionless
At the heart of the public shared ledgers is value transfer. This is because in order to assure the liveliness and self-sufficiency of the system, while providing non-restricted access to it, there needs to be an intrinsic economic incentive for those who maintain it. In other words, there should be a positive value to maintaining consensus. Most public shared ledgers for this reason can be described as currencies (decentralised cryptocurrencies) because they provide this incentive as a reward on the ledger in the ledger’s own “money”.
The canonical example of such a decentralised cryptocurrency is, of course, Bitcoin (remember, there are hundreds of them though!). As Bitcoin was intended to exist and evolve out of the reach of regulatory, corporate or any other centralised command, the technology includes mechanisms that ensure it persistently “survives” and proves its robustness and self-sufficiency. (Disclaimer: I’m not a Bitcoin maximalist)
This persistence is a differentiating characteristic of a public shared ledger system. The technology does not need people at tables making decisions in order to survive, it is “permissionless” (nevertheless, the way it evolves to an extent is influenced by “people at the tables” – just different people).
Potentially the principal implication of this persistence is the permissionless ascent of alternative virtual economy on top of decentralised protocols. Cryptocurrencies are not just a new form of payment – but rather, it’s a potential foundation for a new virtual economy, with new forms of economic interactions coming into place. When I say “new”, I don’t mean substitutive – I mean additional.
Virtual economic activity could become something fundamental to the Internet. Similar to the way the ability to communicate transformed into the ability to communicate over the Internet – it could grow into the ability to make friction-less economic arrangements (“economically” communicate) in the virtual world.
Thanks to the shared ledger technology and “smart contracts” innovation, not only the emergence of alternative economy is permissionless (and so – non-stoppable), but if it happens at certain scale, the very nature of economic relationships in this economy could be drastically different from what we are used to. A good depiction of such transformation is content monetisation on the web through the use of “invisible” micropayments. Another good example is seamless online payments in video games:
Breakout Coin provides for seamless in-game payments anywhere in the world, while the blockchain technology behind it, Breakout Chain, uses smart contracts and sidechains to enforce these financial agreements between parties.
Shared ledger technology could even turn our things (as in “Internet of Things”) into active economic agents through smart contracts.
Public shared ledger technology may help to turn a big part of our (as it seems) non-economic life into an economic activities.
Although there are many “if” in that, we should not dismiss this possibility quite yet and keep an eye on the permissionless space. You can observe or get involved, but it would be a mistake to put your head in the sand and deny that something incredible is happening.
Recently I had the pleasure to moderate a panel on “Blockchain and Identity” at the KYC & Identity conference organised by ECN in London. It was a well-organised event with speakers and participants from major institutions such as the European Commission, Barclays, Open Identity Exchange (OIX) and such. The conference, excellently chaired by Jon Shamah (from EEMA, the European Association for e-Identity & Security), had an interactive and friendly format, very useful to facilitate discussion.
Our panel (with UBS and Zerado) was the only one dedicated specifically to Blockchain, but one could hear the word mentioned here and there: almost inevitably discussions of the problems and future of identity led to Blockchain. And this is not a surprise: Blockchain & Identity is a hot topic, which Consult Hyperion has been exploring for a while with our clients.
Let’s take two different approaches to thinking about importance of this topic: “Identity for Blockchain” and “Blockchain for Identity”.
First, “Identity for Blockchain”, assumes that if Blockchain platforms (developed for many different use cases) are to gain widespread adoption, we need to understand how the identity dimension for these systems would look like. It is quite obvious that existing ways to manage identity won’t work for “the new magic blockchain enabled world”. At the moment, dozens of major institutions are developing blockchain platforms (or more precisely, shared ledger technologies = SLT). Take R3CEV for example, a consortium of 40+ international banks such as Barclays and Goldman Sachs, that has recently announced “Corda” shared ledger protocol for financial use cases. Linux foundation, IBM, DAH and others work on the “Hyperledger” project – a multipurpose standardized blockchain software stack. Assuming these technologies gain adoption that is at least 10% as widespread as the industry’s attention to them today, there will be a need for a robust and reliable identity layer to manage KYC, AML, authentication and authorisation processes for shared ledger applications.
Second approach could be called “Blockchain for Identity” and it formulates a separate self-sustained class of use cases. It assumes that Blockchain technology can enable solutions to known identity problems and can solve them better than current models are able to do. This week, blogposts from my colleague Dave Birch (Director of Innovation at Consult Hyperion) have been focusing on this latter approach, which we will explore further here.
So what problems does a “blockchain for identity” solve?
I would argue that the one of two key problems at question is lack of interoperability of identity information across organisations and marketplaces, in each of the three domains: identification, authentication and authorisation (see the series of “Putting Identity on the Blockchain” from Dave this week). KYC-sharing use case falls under this umbrella, but KYC is just one bunch of the identity data that can be shared. Nathan Blecharczyk, a co-founder and CTO at Airbnb (who have recently hired a bunch of blockchain experts), talks about sharing user’s reputation:
“The question is whether there’s a way to export [a user’s reputation] and allow access elsewhere to help other sharing economy models really flourish.”
– Nathan Blecharczyk, a co-founder and CTO at Airbnb.
Isolated identity systems create silos of ID information. Such disparate systems and fragmentation of ID markets limits the ways in which useful identity information can be generated, derived and enriched (not just shared). Therefore an associated problem is poor quality and lack of meaningful identity data. One example of rich identity data is (or at least should be) credit ratings. Another interesting example that has just been mentioned in another context is reputation:
Within the context of Airbnb, your reputation is everything, and I can see it being even more so in the future, whereby you might need a certain reputation in order to have access to certain types of homes”
– Nathan Blecharczyk, a co-founder and CTO at Airbnb.
Why suggest that Blockchain can help with this? To answer this question, let’s look at one of the key characteristics of the Blockchain technology – the immutability (unchangeability) and transparency of historical transaction records. All the identity transactions executed on Blockchain remain in the history and cannot be deleted or altered. This means that history of identity transactions can be held in a sort of public registry (this does not imply that actual personal data is transparent – let’s put aside the privacy issues for a moment). And therefore the history of identity transactions across organisations can become a basis from which new identity information is derived (through aggregation, referencing & vouching, statistical analysis, cross-attestations etc).
I call reputation an identity derivative (because it is derived from the attributes of an identity, it is not an attribute itself) that can be dynamically changed and simultaneously used in a Blockchain environment. Another connected identity derivative is “provenance”. Proof of provenance shapes one of the promising business cases for Blockchain. For example, “provenance” attributes can be used by insurance companies as a source of reliable information about the history, reliability and origin of a document, a digital good or a physical good with digital representation. See our favourite example of Everledger, a Barclays accelerator startup that records provenance of diamonds on the blockchain.
Thus, the promise of “Blockchain for Identity” is to tackle the problems mentioned above: lack of interoperability and lack of meaningful identity data. Potential is – to enable sharing of identity information and to create enriched identity derivatives that could in turn open doors to new business cases in trade, commerce, capital markets – any area in which identity-based decisions are made on daily basis really.
Identity is fundamental to businesses and markets today – so changing how it works could drastically transform to the way businesses operate.
Big risk. And big opportunity.