Today, commerce relies on trusted intermediaries to sit between two or more parties. The classic example of a trusted intermediary is a bank. The bank sits between the merchant who is selling a product and the customer who is purchasing. Blockchain professes to provide a trusted environment where there is no longer a need for these trusted intermediaries.
But there are still risks. Risks of misplaced trust.
Blockchain systems such as the Bitcoin and Ethereum blockchain create records which are tamper proof using cryptography as a means of creating an immutable (unchanging over time or unable to be changed) records. What blockchain doesn’t provide is a means to ensure that the data written into the blockchain is correct at the time it is written.
There are still chances for the wrong data (accidentally or maliciously) to be written into the blockchain and so we need to be aware that just because it is written in the blockchain is not a 100% guarantee that the data can be relied upon.
And this is where audits come in and become interesting.
Audits of supply chains, finances, regulatory compliance or other are already taking place. The challenges are often around the source of data being audited as well as the risk that data sources have been tampered with to try and obscure bad acts “after the fact”.
Immutability of blockchain provides confidence to auditors that data has not been tampered with, but there is another aspect blockchain technology provides and that is provable source: who/what added this data to the blockchain and at what time?
Blockchain entries have a timestamp as a critical component of each record. They also provide a specific signature from the individual or device (think IoT devices writing to the blockchain) for every entry in the blockchain. This means that during any audit it is possible to attribute data back to specific individuals or devices and to easily identify misbehaving, inaccurate or intentionally bad actors. And the fact that any data they add to the blockchain is traceable to specific individuals is a significant dis-incentive to being a bad actor.
Another core aspect of blockchain which provides ‘trust’ is the idea of decentralisation. When there are multiple nodes running a blockchain then corrupting the blockchain would require taking over sufficient nodes to interrupt the consensus mechanism (the means by which all nodes agree on a single version of truth and assess the accuracy of the blockchain and validity of new entries).
But what if you are a single business running a blockchain? And what if you own and operate all of the nodes? What is to stop you from changing the data on the blockchain? Who is ensuring that trust is maintained? If you are running your own blockchain and you own all the nodes, you may as well run a DLT or just run a standard database.
Despite being a blockchain and DLT believer, there is far too much hype and/or nonsense in the market about what blockchain can actually offer. Some people will have you believe that blockchain will cure cancer. Others will tell you that blockchain is only used to buy and sell guns and drugs on the dark web. Neither of these is true when looking at blockchain as a foundation technology.
If there is no need for records of transactions to be immutable, then don’t use blockchain. Don’t have multiple distrusting parties, then don’t use blockchain. I’m hoping with this ever chillier crypto winter we are having, that many of the crappier blockchain startups are going to start going to the wall, never to be heard of again until someone writes a quality book on the strange period for start-up funding in tech history between 2016 and early 2019.
Blockchain is often vaunted as a record of verifiable truth, and how this can be quite misleading as a statement. Blockchains are a record of data, however, if the data that gets etched into a blockchain comes from a questionable source then just because it’s on the blockchain, it does not make it true.
Let me give you an example to clarify what I mean here… I have a long background in digital advertising and the adtech sector as a whole. One of the main use cases for blockchain that is being promoted and touted to adtech is how Blockchain can clean up fraud and create transparency in a highly opaque supply chain and will enable advertisers to ensure that all of their ads are viewed by humans rather than fraudsters using bots, and that not only have their ads been served, but actually seen by said humans. Great, right?
Of course, the devil is always in the detail. One Blockchain project I have seen promoted to the industry is using several external suppliers to verify whether the advertiser’s ads have actually been seen and by humans – but what’s their methodology? Who has verified that their methods work? How easy is it for fraudsters to use workaround that those companies haven’t figured out yet to allow those ad impressions be marked as fraud free? Can you see how the “verifiable truth” that is written in stone on a blockchain is now highly questionable.
The rush to use blockchain in various industries is well intended, but without a clear understanding of who is writing what into it, and then the meaning that is inferred from it, it’s just immutable junk.
Enterprise blockchains and DLTs in the future will be able to be verifiable sources of truth, once the stakeholders in them get to grips with what should and shouldn’t be recorded on them, when an agreed audit process is deployed and an agreement as to which external partners are “verifying” certain things and why.
In the end it’s easy: In blockchain we can trust – depending on who adds what data to the blockchain – and how we audit the data from time to time.