Of #Smart Contracts, Blockchains And Other Distributed Ledgers

Seems I caught Smart Contract Fever at last week's meeting of the Bitcoin & Blockchain Leadership Forum. So rather than continuing to fire random emails at colleagues, I've tried to calm myself down with a post on the topic.

For context it's important to understand that 'smart contracts' rely on the use of a cryptographic technology or protocol which generates a 'ledger' that is accessible to any computer using the same protocol. One type of 'distributed ledger' is known as a 'blockchain', since every transaction which is accepted is then 'hashed' (shortened into a string of letters and numbers) and included with other transactions into a single 'block', which is itself hashed and added to a series or chain of such blocks. The leading distributed ledger is 'Bitcoin', the blockchain-based virtual currency. But virtual currencies (commodities?) are just one use-case for a distributed ledger - indeed the Bitcoin blockchain is being used for all sorts of non-currency applications, as explained in the very informative book, Cryptocurrency: How Bitcoin and Digital Money are Challenging the Global Economic Order. As Jay Cassano also explains, another example is Ripple, which is designed to be interoperable with other ledgers to support the wider payments ecosystem; while Ethereum is even more broadly ambitious in its attempt to use smart contracts as the basis for all kinds of ledger-based applications.

Generally speaking, the process of forming a 'smart contract' would be started by each party publishing a coded bid/offer or offer/acceptance to the same ledger or 'blockchain', using the same cryptographic protocol. These would be like two (or more) mini-apps specifying the terms on which the parties were seeking to agree. When matched, these apps would form a single application encoding the terms of the concluded contract, and this would also be recorded in the distributed ledger accessible to all computers running the same protocol. Further records could be 'published' in the ledger each time a party performed or failed to perform a contractual obligation. So the ledger would act as its own trust mechanism to verify the existence and performance of the contract. Various applications running off the ledger would be interacting with the contract and related performance data, including payment applications, authentication processes and messaging clients of the various people and machines involved as 'customers' or 'suppliers' in the related business processes. In the event of a dispute, a pre-agreed dispute resolution process could be triggered, including enforcement action via a third party's systems that could rely on the performance data posted to the ledger as 'evidence' on which to initiate a specific remedy. 

Some commentators have suggested this will kill-off various types of intermediaries, lawyers and courts etc. But I think the better view is that existing roles and processes in the affected contractual scenarios will adapt to the new contractual methodology. Some roles might be replaced by the ledger itself, or become fully automated, but it's likely that the people or entities occupying today's roles would be somehow part of that evolution (if they aren't too sleepy). The need for a lot of human-readable messages would also disappear, signalling the demise of applications like email, SMS and maybe even the humble Internet browser. Most data could flow among machines, and they could alert humans in ways that don't involve buttons and keyboards.

So what are the benefits?

Well, it might take significant investment to set up such a process, but it should produce great savings in time, cost, record-keeping and so on throughout the lifetime of a contract. And, hey, no more price comparison sites or banner ads! Crypto-tech distributed ledgers would enable you to access and use a 'semantic web' of linked-data, open data, midata, wearables, smart meters, robots, drones and driverless cars - the Internet of Things - to control your day-to-day existence.

The downside?

This also might also play into the hands of the Big Data crowd (if they find a way to snoop on your encrypted contracts), or even the machines themselves. So it's critical that we figure out the right control mechanisms to 'keep humans at the heart of technology - the topic of the SCL's Tech Law Futures Conference in June, for example.

Meanwhile, I'm reviewing my first smart contract, which is proving rather like being involved in the negotiation of a software development agreement - which it is, of course. I'll post on that in due course, confidentiality permitting...

Of #Blockchains And #MultiFactorAuthentication

Okay, so yesterday I was trying to use the car rental scenario to understand the concept of blockchains and distributed ledger technology and ended with the point that all sorts of computer applications could run "on" the blockchain. Some could act as gateways between/among blockchains, and some could link applications on blockchains with the applications running on the Internet - like social media, email - or applications on mobile networks, including SMS. 

So, in the example, the contractual program running on the blockchain that doubles as my car rental contract could also initiate a text message telling me where and when to pick up my rental car. 

I also mentioned that my own request to rent a car could provide the details for where the car rental company's program could go to verify my driver's licence. I didn't mean for identification purposes, but to work out if I'm licensed to drive a vehicle.

On the identity front, I mentioned that both me and the car rental company would be acting pseudonymously. That's important because blockchain transactions are accessible by anyone with a device running the relevant technology. So mine and the rental car company's respective bits of code would have to offer a way for us to authenticate each other. And this is where the public nature of blockchains really come into their own.

Back in 2011, we had a big discussion on identity at the CSFI from which my 'takeaways' were that (1) identity is dynamic, not static - we are better defined by the data generated by everything we do, rather than a birth date or fingerprints. So (2) verifying our identity could be based on a unique snapshot of our behavioural data, which could then be discarded, rather than a passport etc.  which could be copied and used by fraudsters.

The challenge with multi-factor authentication in the Internet world is possibly that the data is subject to alteration (though on a mass scale it could be hard to alter every item of data about a person's behaviour).

But blockchains are infinitely harder to alter, since (I'm told) all the computers running the technology check each block when it is completed and that can't be undone, unless you control most of the computers at any one time (like a villain in a Bond movie).

So our identities could be verified by reference to a series of our blockchain transactions. For privacy and security reasons, each blockchain transaction should be coded so as not to give away much information about the transaction itself. That ought to be easy, since the code only needs to be understood by the computers who process each transaction at that time. At any rate, each transaction could somehow be combined into a unique identity token that would continually evolve to remain unique.

Hey presto, reliable multi-factor authentication!

Do I have any of this right?

 

Of #Blockchain And Other Distributed Ledger Technologies

I'm still trying to get my head around the concept of the blockchain and other 'distributed ledger' technologies, how they are useful and what else needs to happen to harness their potential. To that end, I'm trying to ignore the 'virtual currency' use-case that seems to get everyone tied up in knots. I mean, the Internet is more than a money remittance platform, right? Well, the concept of a 'distributed ledger' is similarly broad - maybe broader than the Internet. According to Ethereum, "a platform for decentralised applications", even the word 'ledger' is too limiting.

Recently, I read the 'call for evidence' on this topic from European Securities and Markets Authority (ESMA), especially as there's been a lot of talk about using the blockchain to cut the time and cost of central clearing and settlement in the financial markets.

Yet, as the call for evidence itself shows, even ESMA is struggling to understand the uses beyond investment products which (a) provide exposure to a virtual currency without buying it, or (b) require you to actually trade in virtual currency in ways that are recorded in the relevant 'blockchain' or other currency ledger. 

This could be because ESMA is viewing the technology through the lens of the existing, heavily intermediated financial market structures and how these might be somehow replicated using the new technology (see the two diagrams in section 4).  But as I've complained for years, financial regulation (for which ESMA is partially responsible) funnels investment funds and opportunities into marketplaces where comparatively few intermediaries are allowed to operate - so they can charge what they like and not bother innovating, except to suit themselves (high frequency trading?). Internet technology has helped a bit, by making it cheaper to build and host systems etc, but that technology is still based on the idea that transactions occur in separate computers and the related data remains locked away in proprietary databases, or displayed only to subscribers.  

Distributed ledger technology seems to herald something far more revolutionary.

As I see it, these technologies basically involve publishing machine-readable applications or programs that can be read by any device running the same technology. Each market participant just needs to publish or display to others what it is offering or what it needs and any 'deal' will be recorded or coded on a nominated blockchain or ledger. Certain stuff can still be kept secret, but enough information can be shared to enable the computers to record the deal publicly so that everyone knows the deal was done.

Take an ordinary consumer transaction like renting a car. The rental car company's computer could publish a certain program that identifies the company itself (pseudonymously), a specific car, the make/model, its current location and the price to rent it for the day (including full collision damage waiver!). If I need to rent a car, I could publish some code that identifies me (pseudonymously), what type of car I need, where, when, how much I'm prepared to pay per day, the payment method and how the rental company can authenticate my driver's licence. Our computers find each other, like what they see and submit a transaction to a third computer which writes it up in code that instructs other computers to take my payment, send me the collection details and so on. In other words, as well as being an open record that the transaction exists, the code can also refer others to more detailed information where necessary.

It seems that very little should need to change outside the above scenario for this begin to happen, since the programming languages are now expressive enough to enable such codes to be written about every day transactions without a lot of fuss over industry standards. However, over time the same technology could be at work all over the place in more technical scenarios. For instance, my driver's licence could also just be a computer code available on a separate blockchain or ledger, to which the rental company's computers could be referred to check when it expires, whether I have any demerit points and so on. Even credit references and so on might be ascertainable in this way. 

In other words, all sorts of computer applications could run "on" the blockchain and/or act as gateways between/among blockchains and between blockchains and the applications running on the ordinary old Internet, like social media, email or those running on mobile networks, like SMS. So, in the example, a program running on the blockchain could initiate a text message telling me where and when to pick up my rental car.

I'm now struggling a little to see the difference between 'distributed ledger technology' and the 'semantic web' or 'Web 3.0', Linked Data, Open Data and so on. But, hey, I'm taking it a day at a time. At any rate, it all seems to promise the death of human-readable price comparison sites and their corny advertising, so bring it on!

Need To #Crowdfund Your US Launch? Try Reggae...

... er, that should read "Reg A". 

I'm indebted to Anna Pinedo and Jim Tanenbaum for pointing out that the SEC has finally done its job under Title IV of the JOBS Act. As they carefully explain in a recent Mofo Alert, the amendments to Regulation A that take effect in about 90 days time will enable private US and Canadian companies to raise up to $50 million in a 12 month period. That entity could be the holding company for a UK start-up, for example, or possibly the US subsidiary of a UK start-up, so long as it has a genuine US establishment - you know, real people and office equipment and a decent coffee machine. 

Existing shareholders may also sell reasonable amounts of stock as part of the offering. 

And eligible investors include 'the crowd' - provided they each limit their purchases to no more than 10% of the greater of their annual income or net worth (with a similar limit for non-accredited corporate entities). 

It should also be possible to combine a Reggae Reg A offering with private offering, if you really, really need the extra money.

Mobile Consumer Rights

The mobile operators have finally agreed a code of practice on consumer billing. 

It does not state a standard cap on the customer’s liability for charges incurred as a result of unauthorised use of the device after it has been lost or stolen, or the notification period for the customer to report a device lost or stolen in order to qualify for the cap. But I understand that there is agreement on a £100 cap on the basis for notification to both the operator and police within 24 hours. 

That's a higher cap than for payment services (which have a cap of 50 euros) and an additional report to the police seem a little onerous, and just more admin for customers and police. However, the code leaves it open for providers to compete over this issue...

Big Day For Providers Of #AlternativeFinance To #SMEs

This morning, the British Business Bank began the process of creating a market for small business loan applications that the banks decline to fund, as well as opening up the banks' credit data to improve credit scoring for small business borrowers. 

Specifically, the BBB has called for expressions of interest from firms wishing to become either a designated finance platform, to whom banks must offer to refer any small businesses whose loan applications are rejected.

In addition, the BBB is seeking information from credit reference agencies that would like to receive credit data held by banks on small businesses to increase the reliability of SME credit scoring for non-bank lenders.

UK Plans For #VirtualCurrencies and #Blockchain Technologies

The Treasury has published its response to the recent call for evidence on virtual currencies. The plan is to apply anti-money laundering regulation to virtual currency exchanges and ensure effective enforcement related to the criminal use of the currencies themselves, including seizure. It will also foster the development of standards for consumer protection in conjunction with the British Standards Institute. The government will also invest £10m to address 'research opportunities and challenges'.

In addition to addressing the risks, the report also explores the benefits of digital currencies as methods of payment, including uses beyond the retail scenarios, as well as other applications of blockchain technology; as well as barriers to suppliers setting up in the UK and how the government can help clear the way.

Alternative uses for the “distributed ledger” technology (i.e. beyond retail payment services) that the Treasury identified were:

• transfer of title to digital assets, with inherent authentication, digital ‘signing’ and time-stamping and record-keeping e.g. recording and transferring the ownership of bonds, shares, securities and other financial instruments; passports, driving licences, criminal records, land registry and digital voting; 
• ‘smart contracts’ and smart payments, whereby users encode requirements into a payment instruction or other message in order to achieve autonomous, self-executing payments and contracts that adjust for specific conditions. 
• decentralised data storage solutions (using blockchain technology to store files securely and efficiently);
• encrypted peer-to-peer messaging networks; and 
• links with ‘smart property’ and the Internet of Things, whereby devices (including autonomous vehicles) communicate with each other and maintain and update themselves semi-autonomously.

Great news for the everyone that the government is positively engaging with this technology.