Blockchain: Beating the Buzzword

I attended a round-table discussion about blockchain recently, with Canadian blockchain experts across industry, government, and academia.  We talked about the uses of blockchain, primarily beyond the basic use for cryptocurrency.  We discussed a lot of the real challenges in using the technology.

Many of our concerns are about privacy and identity.  For example, because a blockchain ledger is immutable, in a public blockchain that information is available to everyone forever.  Better blockchain solutions don’t store private information on the blockchain; they store cryptographic hashes or “keys” on the blockchain that simply reference off-chain data, which is kept secure.  This way you can prove that the data has not changed, without giving access to the data to everyone.  Alternatively, some of the data stored in a blockchain can be encrypted; nodes on the blockchain can see the transactions but not the encrypted packets within them.   With Europe’s GDPR privacy regulations and various data & privacy breaches recently, the concept of privacy when using a blockchain is a key concern.  And it’s a double-edged sword; the anonymous (really, pseudonymous) benefits of a public blockchain are not really what a lot of private blockchain projects aim to achieve.

Blockchains are generally very secure.  But there are dozens of different blockchain implementations now, with different consensus models.  Each solves the security problem in a different way, and each has its own security limitations.  Attacks are still possible on any of them – including network-driven “34%” attacks on any blockchain, as well as the more commonly quoted “51%” double-spending attacks.  That said, well-implemented blockchains are generally very secure.  Choosing the right blockchain platform and the right consensus model for your use-case is critical for a secure solution.

The bigger aspect of security is not the blockchain itself, but the human part of the puzzle.  Securing keys and wallets.  Coercion and blackmail are possibly even more serious problems for a public blockchain solution because once your money is stolen, it generally can’t be recovered.  Private blockchains can mitigate this class of problems through centralized control.  While some degree of trust in a central authority may seem to go against the decentralized nature of a blockchain, I believe it’s a useful element of private / permission blockchains.

Perhaps the biggest problem with blockchains is the hype.  The technology is being proposed for seemingly everything these days, and many of these projects don’t really benefit from using a distributed, immutable ledger.   And it’s a bit backward; people want to use blockchain, and then they look for ways they can use it.  That’s like saying we want to build a new application in C++ and then trying to figure out what the app should be.  It’s a technical solution coming before the problem.  Sometimes, it doesn’t really fit.

And then there is the ICO’s.  Many are simply new cryptocurrencies, and I don’t really see the value in yet another currency.  But let’s talk about ICO’s for products making use of blockchain for some application, like storage, financial transactions, various other B2B transactions, supply-chain auditing, permanent record-keeping, etc. The sky-high valuations around so many of these ICO’s seem to be driven by hype because of the use of the word blockchain.  Sure, some of them are grand schemes which could genuinely have huge value if the company can pull it off.  But some of them smell an awful lot like hyped-up schemes or even flat-out fraud, at least from a technical point of view.  Really, you need hundreds of millions of dollars to build that?

I believe that blockchain technology will be a fundamental part of many applications in the future.  But we need to think of it more like a fundamental technology, like TCP/IP or C++ or HTML, rather than as a game-changing one.  The game changers will be the applications built on top of this technology.  We need to start looking at it the other way around; what technology can help solve my problem?  Instead of starting with a buzzword.