Bitcoin, blockchain, and smart contracts: today and tomorrow

ESRA has long been a proponent of blockchain technology and its implications. Recently, ESRA gathered a number of leaders in the space to discuss its usages and implications.

“When we talk about Bitcoin, we’ve all heard about crypto currency through salacious headlines,” said Perianne Boring, Founder and President of the Chamber of Digital Commerce, which represents the blockchain industry. “There’s a big distinction between Bitcoin and blockchain, which powers the movement of digital currency and can be used for other types of assets.”

Michael Maloney, Blockchain CTO at Ernst and Young, added: “Bitcoin is stable at around $700 per coin, so that’s a proof of concept for it because it has a market cap of $10 billion.”

Chris Grillone, Vice-President of Business Development Civic Technologies, noted that his company is creating a “decentralized global identity platform. I would like to see blockchain used to vote.”

And Margo Tank, a partner with Buckley Sandler, saw a need to focus on Bitcoin and blockchain around digital commerce payments. She said: “I started advising in the Bitcoin space in 2014, when it was roughly $3. I started buying some Bitcoin with an associate.”

What is blockchain?

“When we talk about blockchain, another term comes to mind: distributed ledger,” said Maloney. “What we mean by that is when everyone on the network receives every transaction for trust purposes, we know every transaction that has occurred and been recorded. Nobody can interdict any of them, and each transaction is an immutable record.”

Grillone added: “Then you can actually have distributed, decentralized data, such as identity, and check it independently on the blockchain without storing the data on the blockchain. My company uses the open blockchain that Bitcoin is based on. The data that one user provides to another can be independently verified on the blockchain and you can determine that it’s valid at the time of the transaction. It’s powerful for real-time verification.”

Boring continued by explaining what makes a blockchain a blockchain.

• Immutability: You can’t go backwards. It’s a record of all transactions that have happened.
• Decentralized: Anyone who wants to participate can do so.
• Distributed: Many people can have access to the database of transactions in the blockchain.
• Mining consensus: How you verify the authenticity of each transaction.

She added: “Distributed ledger technology is something else that we’re hearing about more and more. Bitcoin is open, and sometimes that’s an issue, especially in financial services, where there are many regulations. So financial institutions are building their own blockchains, or distributed ledgers.

“Some examples of other blockchains include Ethereum, which is also open, as well as private ones. Many are being tested and debated to see which type of platform is the most commercially viable one. This is very early days in this ecosystem, so it’s not something that will be implemented on a wide scale soon.”

In terms of use cases, Boring cited digital currency, such as Bitcoin, and “things other than payments” in financial services.

Blockchain in financial services

“It started with asset transfer in financial services, but that’s like saying paper can only be used for money,” said Maloney. “It started as IOUs written on the back of a dollar bill, where someone would use the transaction hash and register it to another database to be something.

“Deriving from that, the initial use cases were securitized loans, mortgage-backed securities, and typical equity asset transfers. If it’s truly a ledger service, you can put full messages and even contracts in there. We even put all of War and Peace on the blockchain with a cryptographic hash.

“When talking about hashes, it’s a mapping of data to a set fixed width. War and Peace and Red Fish, Blue Fish take up the exact same length, for example. That core concept has seen demonstrated use cases with land registry, legal contracts, and especially notaries.

“Using the blockchain as a trusted notary, for example. If you bring that contract up, perform the hashing algorithm, and it comes up to the same 128- or 256-character number, you can say without a doubt that that’s the same document stored there.

“Proof and issuance of transfer are the core uses we’re seeing there.”

Grillone added: “When you’re doing data transfers, you want to be able to validate at the time of the transfer that someone has authenticated it. With the hash, we’re able to store the hashes on the blockchain so the third party receiving that data is able to independently go to an address supplied to them on the blockchain and verify the hash.”

As an example, Grillone offered a passport issued by the U.S. State Department. “You want to know who’s been involved in the transaction. The State Department could put this data in a digital wallet, and then it’s maybe transferred to a Border Patrol officer, who would have a way to independently verify that the data is still valid. And they can see who authenticated that data and know if they trust the authenticating authority.

“That’s how you trust the data and know it hasn’t been altered during the transfer.”

Boring noted: “You have to be able to prove the identities of the parties you’re conducting business with. That’s key to what Civic is working on.”

Using blockchain in real estate

“Apparently e-mortgage is the digital gold that everyone is going for,” observed Maloney. “We haven’t struck gold, but I can point everyone in the right direction.

“There have been multiple use cases for a land registry. For example, Sweden has employed a company to figure out how to do land registry in a public blockchain for proof of ownership. There are use cases in Haiti and other Latin American countries, and Trinidad has done something with leases in a blockchain solution.

“There’s always a disconnect between digital smart contracts and actual legal contracts. A blockchain doesn’t actually say the name of the person who sent a transaction – it’s a string of characters, between 32 and 64, that represents a cryptographic address. It works as a trap door: If I have a private key to the public-facing side of the address, you can verify that that public address actually sent the transaction.

“Civic is registering those addresses to real people and also registering documents to those addresses, so it’s a closed loop system.

“With land registry, it’s largely been a slower going project than initially imagined. The Haiti project is in its second year of delay because of issues with creating the keys and registering them to documents. Digital records, even with photocopies, are incredibly hard to come by.”

Maloney then covered the three components of land registry:

• An actual signature assigned to a person, business, or other entity
• The actual document and having a perfect copy of it in a digital form
• Marrying the two on the block chain

Maloney then noted that if he could choose three countries and put their approaches together to create the perfect land registry solution, they would be:

• Sweden: They have very good digital records.
• Haiti: They have a desire to do this.
• Estonia: Their citizens have their Social Security equivalent issued as a cryptographic key.

He noted: “This could be solved overnight, but social structures tend to get in the way.”

Boring took up the thread by pointing out that at the Chamber of Digital Commerce, “a few of our members are working on this. Part of it is needing to go back and figure out who owned the land in the first place. A friend of mine spent time in Honduras, which had trouble stimulating economy because they can’t put land to work over issues regarding who owns what, thanks to corruption.

“It goes back to the core foundation of proving who owns what. You can apply that in several industries, but it’s interesting to talk about this in land ownership because if you can figure that out, it has wide-ranging impact on all of real estate.”

She continued: “The other part is the identity piece. You have to solve that too. That’s the business model of Civic Technologies. Their founder is someone who is on his second blockchain technology – he sold the first one. The first use case was around gift cards, and he has said that if we don’t figure out the identity piece, there are use cases in block chain that we’ll never get to.”

Boring added: “One of the biggest topics in DC, where we meet with a lot of political leaders, is cyber security. Not just the US – everywhere. As more and more of our lives and economy moves into digital commerce and our lives are being digitized, the idea of being able to protect your digital identity is one that impacts everyone.”

Protecting digital identity

Grillone noted: “What we can do only with the blockchain involves a decentralized identity platform, where even third parties can come into our platform. The goal in the end is that when you have a data breach of PII [personally identifiable information], we would like to have that PII be worthless to the hackers, because of how we’re implementing it and how we’d like it done.

“We’d like our users to have more control over their own identity and control the value of it. The way to do it with blockchain is to have the users themselves have all their PII. Also by them storing it and the user being the one that shares it with the third party, they’re not under international regulations and laws. As soon as you do it on behalf of them, you hit a lot of laws and regulations.

“The user has their identity stored on, say, a mobile device, like we do. The blockchain comes into play where when you receive that data, you verify that it’s truly coming from that user. So if you can do that and third parties are using the blockchain, if they receive data from someone else, it’s worthless.

“Even if it’s being provided by that user, you have to make sure they haven’t altered that data, which we’re using the blockchain for too. Even though we’re talking about identity here, we’re using Bitcoin too. But it’s not anonymous. We’re using it to identify some people, versus completely anonymous transactions with some dark net stuff.

“We’re storing hashes of identity data on the blockchain. You can’t unencrypt that. Within the process, you know who sent you that data. By checking the hash on the blockchain, you know the user hasn’t altered the data. You know who verified the data.”

Grillone then offered a use case: “For example, providing a drivers license to someone. Did the DMV in California supply that? Do you trust that? Or do you trust a third party like Civic handling that data? Our company can allow third parties to use our platform, so the DMV could be the identifying authority, rather than us.

“So you know A) who it’s from, B) that the data hasn’t been altered, and C) is it still valid, which is where we’re using Bitcoin. If the Bitcoin hasn’t been spent, the data is still valid at the time of the third party checking it. That makes it revocable. The third party can spend that Bitcoin so that when a drivers license is provided, the data is no longer valid, if the DMV saw that someone had a DUI and their license was revoked.

“The blockchain offers a way to validate who the information is coming from and that it’s still valid. For us, that allows us to be more of a global platform.”

Regarding using e-signatures with the blockchain, Grillone theorized: “There are multiple use cases we could come up with. It would depend on the kind of transaction. Right now, when someone is signing a document, without the person being there, you can do a biometric verification, such as voice, face, or fingerprint, and verify that they’re accessing the right identity. I provide that data to the e-signature OEM, and they do an independent verification and go to the block chain to verify that it’s me signing off on the document. That gives you multi-factor authentication.”

Tank, asked about her thoughts on this, wondered: “What’s the difference between blockchain and another method, such as a certificate authority?”

Grillone responded: “Some people have said we’re acting like a certificate authority. It comes down to a private key versus a public key. You’re the only one who has access to your private key, and that’s how you’re proving that you’re that individual providing proof to the blockchain. Within certificate authorities, you don’t need one at that point. Our platform replaces that.”

Timelines for implementing blockchain

Asked how long it will take for some of the use cases being discussed to be implemented, Maloney went first. He noted: “It’s 8-year-old technology, but only recently it’s been getting investment. Next year we think it might be $10 million a day in private investment.

“We are still figuring out how to manage development of this. You can’t do agile development. You have to get it right and then improve it. Depending on what you want, it’s either here now or it’s five years away.

“Marriages are already on the blockchain. Two years ago, a couple got married at Disney World and their certificate was embedded in the blockchain.” He added, to some laughs: “They’re still together, which I hope is a sign of the staying power of the blockchain.”

Maloney continued: “I think we’ll see our first legal challenge to a blockchain transaction, which will change the development timeline.

“I also would not be surprised if four years from now, we’re voting on this technology. In five years, we’ll have full financial services embedded across the market. In the next 18 months, everyone will have some level of interaction with a blockchain service in their daily lives.

“I’m pushing for rapid adoption. It’s low-cost to implement. We just need to find places where this technology is needed and get it implemented privately or publicly.

“The first security is going to have a blockchain issuance within the next quarter. If that goes well, we could be purchasing assets that way in the next 12 months.”

Grillone then offered his predictions: “I’m hopeful but a little pessimistic about being able to vote this way in four years because of how slow government moves. There’s a lot of excitement at the federal and state levels. The State Department has an initiative to digitize passports. DHS and DHA have these S&T groups that are looking at the blockchain.

“From a security perspective, you can verify someone’s personal information while respecting their privacy. You’re able to control your privacy because we’re just saying that you’re a verified person, but you can provide your entire identity too.

“We’ve been seeing a ton of interest in the past year. A lot of people feel like they need to play catch-up.”

Maloney observed: “I think that voting in primaries is possible because it’s already happened this primary season. The Libertarian Parties in New York and Texas both voted for primary candidates with the blockchain.”

Using blockchain with smart contracts

Tank then was asked to discuss smart contracts within the context of the blockchain. She started by offering a definition: “They’re computer protocols that facilitate, verify, or enforce the negotiation or performance of a contract using blockchain technology. Smart contracts are programs that act as agreements where the terms of the agreement can be pre-programmed, with the ability to self-execute and self-enforce. The main goal of the contract is to allow two parties to do business over the Internet without the need for a third party.

“The idea of a smart contract is to streamline processes that are currently spread across multiple databases and extending blockchain’s utility from recordkeeping, by using a distributed ledger, to implementing the terms of an agreement.”

She then noted some benefits of this approach: Speed in real-time updates, accuracy, lower execution risk, fewer intermediaries that lower costs, and new business models being developed out of this.

And the challenges: Scalability, flexibility, and immutability are not so good in certain circumstances. “If a program isn’t build to anticipate problems, there could be challenges,” she said, before continuing by noting that privacy and latency, or the time it takes to execute a contract, could be issues too. She noted: “Ethereum has a smart contract that closes every 17 seconds – that may not be fast enough.”

Tank continued: “We’ve all entered into a smart contract when buying a book online. There was a case before the Supreme Court of South Carolina. It was an insurance case where a website acted as the defendant’s electronic agent. It was like the first Geico case where the court looked at UEATA and the plaintiff said they didn’t sign something, but the court said they got it electronically. This case was same thing, where insurance had to be sold by an agent and court said that the agent was the computer.

“Contract law has been developed over many years. It’s a flexible concept. There are either legislative protections that can’t be waived or may be waived, based on certain things. Mistakes, misunderstandings, and good faith are all things that courts address on a daily basis – the question is how to address them in a smart contract. Smart contracts can be used in a simple way, but there’s more thinking needed for complex use cases.”

Boring noted: “Combining smart contract with blockchain gives more opportunities. The simplest form is the ‘I agree’ button, like with automatic bill pay. We have a Smart Contracts Alliance at Chamber and many members are excited about it. We formed a working group to address the challenges.

“The first challenge is basic education. Also, the standards for different companies need to be interoperable. Third is the policy side: having code that’s automatic that makes the contract work that way.”

She added: “It also has to be enforceable. What are the challenges around enforceability?”

Tank replied: “We went up to the Hill to talk to a Representative around this for smart contracts. We had a lengthy discussion regarding whether it’s needed. When you look at ESIGN and UETA, they were drafted with smart contracts in mind. The definitions are in there for electronic agent and automated transaction.

“When we had our discussions, we were exploring the question of, is there a problem? Is enabling legislation needed? We talked about getting use cases and following them all the way through to find gaps that could be addressed by legislation.

“Right now, the definitions are sufficiently broad, so it may not be needed. It may burden commerce and forward movement to question that. We have one case that says electronic agents can create enforceable contracts, so there seems to be a good legal framework.”

Q&A:

Q: On the blockchain side with land registries, where is the legal enforceability? We need courts to enforce these contracts.

Maloney replied: “There’s a mantra that the code is law. We know that the code is not law. If someone can subvert what is programmed in a contract or can get your keys, we don’t want them walking off with $75 million, like what happened a few months ago.

“The hope is that a case will come along where it’s challenged. Hopefully it’s one where everything has been maintained properly on the digital side and the court is educated on the technological underpinnings.”

Q: A lot of cryptographic services were available before blockchain with PKI [public key infrastructure]. We’re trying to figure out where the added value is of the blockchain approach. PKI doesn’t have the ledger or smart contract aspect. But in terms of the fundamentals of the blockchain, that’s all there in PKI, and it underpins a lot of commerce today. How is this really any different?”

Maloney replied: “Blockchain is a mix of technology from the 50s, 60s, 70s, and 90s. On the key aspect, this is like looking at the original Model T and comparing it to a souped-up sports car available today. You can break an RSA token with about $100 in power on a personal computer. The elliptic curves that we’re using would require you to boil the oceans of the Earth ten times over to break that key. We’ve brought to bear the next level of quantum-safe keys and have created security on steroids.”

He continued: “There are existing trust anchors. Those are centralized. Any time you go to a website and it’s HTTPS, like your bank or Gmail, you’re getting a certificate, but it’s coming from one source. We’re getting rid of that centralized authority, which can be subverted. You don’t know if there’s been an interdiction on your technology.

“With public record, rather than having to trust someone, I can ask everyone else to perform the same calculation and use that to create a form of trust. There is room for centralized authorities on blockchain, but we can deliver that faster at a lower cost with a decentralized approach. So we are recreating that wheel, but it’s a better wheel.”