Skip to content

Blockchain Benefits in Australia: Beyond the Hype

This post was originally published on Medium here.

On the morning of a date sometime in March 2011, thousands of Iranian internet users logged into their Gmail accounts, completely unaware that they had just given their passwords to a hacker. The Dutch company, DigiNotar’s commercial certificate authority servers had been attacked, granting the hacker virtually unprecedented powers to commit identity fraud. Although the identity of the hacker is still unknown, they issued a series of fraudulent certificates for popular services such as Google’s Gmail. Because these certificates were signed by DigiNotar’s certificate authority, they were virtually undetectable, and trusted unquestionably by web browsers and their users.

Even after the breach was discovered, it remained difficult to establish exactly when the attack had occurred and exactly what personal information had been compromised, making it almost impossible to detect and contain the full extent of its consequences. Users around the world were affected, the attack shook the foundations of today’s digital infrastructure, and the situation eventually required the Dutch government’s intervention. Whilst steps were taken to prevent future attacks of this nature, it became painfully clear just how much of the day-to-day functioning of the internet depends on blind assumptions that trusted third parties are, in fact, trustworthy.

The 2011 attack was the “I told you so” moment that cryptography experts had predicted many years earlier. The reliance of users and devices on the services provided by “trusted third parties” like DigiNotar means that it is only a question of when such an attack might happen, and the basic problem of how to protect centralised trust services persists.

Introduction to Blockchains

In October 2008, a paper released under the pseudonym Satoshi Nakamoto proposed an elegantly eccentric mechanism for doing away with trusted third parties altogether. Bitcoin was an entirely novel digital currency whose integrity is ensured by its storage and the storage of all its financial transactions on a decentralised ledger called a blockchain. Nakamoto’s system is at once transparent and “trustless” because it replaces trusted third parties with a decentralised consensus algorithm.

To explain this rather abstract concept, it is useful to draw an analogy with actual systems of government and distinguish between merely (geographically) distributed systems and fully decentralised systems such as Bitcoin and its underlying blockchain.

Systems like DigiNotar support critical internet activities, and their functions are at once distributed and centralised; despite the geographic distribution of their components, their functional hierarchy remains centralised. Their design principles are “authoritarian” because the stability of their systems depends entirely on the authority of “governing” nodes.

These nodes are rather like the generals of an army: all commands directing the actions of their subordinates are transmitted through them. Their orders must be taken as indisputable and authoritative: they are the crucial organising links in the chain of command that guarantees the smooth, disciplined function of the system.

Protecting Data Without Trusted Third Parties

Some experts claim a decentralised, consensus-based blockchain would provide a DigiNotar-like certificate authority without the Achilles heel of vulnerable trusted third parties. Bitcoin has from the start been proposed both as a currency and a digital payments system. For those close to Bitcoin, the term trusted third party is used derisively, and usually when referring to existing financial institutions such as banks and organisations running financial trading markets. So it is not surprising that the financial sector, both domestically and abroad, have been the most sized by blockchain hype and fear of obsolescence.

Here Australia has followed the global trend, with the ASX scrambling to adopt this technology as a replacement for the CHESS post settlement platform. The main question here most non-technical users find themselves asking does is how do blockchain protect and simplify the lives of internet users? The age-old dilemmas of societal trust, public accountability and information ownership have until now largely been relegated to the domains of jurisprudence and political theory and it is here where we must take a step back. Data remains the key asset in this information age. Who defines and classifies it, who is responsible for it as it passes between individuals, businesses and national governments? Who should be held accountable? How do existing demarcation of legal jurisdiction apply to information on the internet?

Regulatory frameworks, as expected, have not kept abreast of technological innovation. A key response has been the European Union’s, updating the General Data Protection Regulation directive which is due to come into effect in May 2018. This new regulation broadens the definition of personal data and protections afforded to EU citizens, making it necessary for any company, regardless of nation of incorporation or physical location of this information.

This legislative trend However has not been reflected in Australia, with a recent federal high court ruling restricting the legal definition of personal data as it applies to existing privacy acts.

This court decision is paradoxical, given Australia’s love of technology, from contactless payments, to the long-running the debate over the GST-free threshold for online shopping, or Australia’s unenvious world leadership in the number of annual data breaches. Even in online government services, the Centrelink overpayments glitch belies Australia’s leadership, as the United Nation’s survey in e-Government services places us in second place globally.

Beyond Human identity

But what about blockchain uses in major Australian industries outside of finance? Blockchains are essentially a generic tool to store transactional data in a distributed, decentralised ledger — and control who has access to that ledger. The liberal Australian legislative environment and the challenges of providing necessary network infrastructure in the harsh, remote areas makes where industrial mining and agriculture tend to operate make the benefits of decentralised, peer-to-peer blockchains a natural fit, rather than applications in finance to replace consumer banking services. This feature also makes blockchains incredibly appealing to the doctors and hospitals that need secure access to a patient’s entire health history. “Now is probably the right time in our history to take a fresh approach to data sharing in health care,” says John Halamka, chief information officer at Boston-based Beth Israel Deaconess Medical Centre.

In the Internet of Things (IoT) would also reap huge benefits of the decentralised storages of device information on blockchains, particularly in agriculture and mining sectors where network connectivity is rare and intermittent. Whilst human identity remains malleable and context-dependent, connected electrical devices have a much simpler identity and this is where the Blockchain could be of use. Blockchains could provide industries with a mechanism for independently verifying the authenticity, integrity, and ownership of the technology devices necessary for large-scale industrial projects in these sectors. Some examples include the use of blockchains in connected devices in the mining industry such automated mining vehicles and the Digital Agriculture Program. Certified owners could issue command and control diktats to their devices: anything from a software upgrade to a new control routine. The devices would then “organically” distribute this command to peer devices within range. The authenticity of these commands could be verified by each participating node, and once confirmed, the device could transmit the command to neighbouring devices. Conversely, devices in remote areas which have been compromised by an unauthorised attacker would be blacklisted on the decentralized blockchain. Other devices would not trust it or accept any new orders it attempted to issue.

Dilemmas of trust and accountability are not everyday concerns to most citizens, yet a cohesive society rests on a sound legal system and a government which makes enforces it and is guided by it in protecting citizens rights. Blockchains are too complex technically to provide immediate, tangible benefits to consumers and are instead more appropriate in industrial applications. Such as in the dominant Australian industries: mining, agribusiness and healthcare.

 

 

Global Nomad Bureaucracy Blues

 

2016 was a crazy year. Mid-2015 I was unemployed, largely due to volatility in the IAM vendor market space. IAM is my area of expertise, and you wouldn’t think that the acquisition a software company by a global vendor would have such immediate personal consequences. As a tech consultant, stints of unemployment are pretty normal. So is short, project-based employment stints.

So anyhow, when I got a Linkedin message offering me an employment opportunity in Germany I was overjoyed. I’d been in Australia for seven years and I did miss Europe. But I forgot that Europe isn’t all the same, much like Europeans think Africa is a country. I missed Italy, Southern Europe, and although Greece, Spain & Portugal – and even Italy itself – have different languages, cultures and history, we Southern Europeans share a certain affinity, a soul you might say, which the orderly northerners lack. Their psychological disposition is simply too hygienic. Their tidy houses, well-defined rules and languages have no place for nuance, ambivalence or passion.

Most of the world thinks of Germany as efficient, hard-working and environmentally conscious, the powerhouse of Europe. I also fell for this tourist marketing brochure boilerplate. Germans think they pay more than their fair share in the European Union. More than those lazy southerners. They think they’re at the cutting edge of innovation. Instead I found an arrogant country with a byzantine bureaucracy and more than a bit behind digital compared to other countries. Online government services? Nope. Contactless electronic payments? Non-existent. And as for being an economic powerhouse, I found I was working twice as hard (70 hour work weeks) for half the money. My Australian partner tried hard to learn the language but nonetheless was treated rudely and couldn’t find work.

My German tech salary was considered high over there, yet I could not get so much as a smartphone on a postpaid contract plan, let alone a credit card. I’d go to a bank, payslips and employment contract in hand, and would get all smiles until “computer says no”. The maddening thing about this is that no one could say why I was being rejected for credit, they cited “privacy reasons”!

I was having stress related health issues due to the workload and we decided to move back to Australia. Little did I know I’d be facing the same “computer says no” when applying for a credit card in Australia. We had to move house too since returning after being given a “no reason” eviction, so when filling in forms for credit card applications, getting to the “what’s your address and how long have you lived there?” part was an amusing affair.

By the way, I’m German-Italian-Australian, born in Switzerland, and I’ve spent some years growing up in Southern Africa. I had a rough childhood, my parents met in a cult (google “Children of God”). That cult brutalised me as a child and I have PTSD from the ordeal. The worst part of it is feelings of shame. For much of my life I’ve hidden my past, as if I was somehow to blame for having been born into a hippie sex cult that treated children as slaves.

Bureaucracy terrifies me. Whether it’s applying for a credit card, security clearance or permanent residency. I’ve lived in two dozen countries across three continents. I’ve moved houses about 60 times. There are many reasons for my many moves: that cult, a BPD mother, and later on well, working in tech, things are always changing. When you need to fill in a form providing addresses of the past ten years, the bureaucrats just don’t know what to make of me. I have zero debt, a six-figure tech salary, savings, a successful career, and the biggest challenge to finding work or getting credit is getting past the HR drones or the credit underwriter bureaucrats.

The thing is, my story isn’t all that unusual in the 21st century. Immigrants, expats, multi-ethnic families, itinerant tech experts, wanderlust-stricken millennials, people moving to another city to get away from a toxic relationship or family. Today’s reality in this hyper-connected world means that for many people the question “where are you from?” is almost impossible to answer. I’ve struggled to find employment in the past, due to my many moves, but get me in a room with a real person and I can tell them my story (and probably ace the interview, I’m good at what I do). This is why the question “what’s your story?” or “what motivates you?” are probably a better questions than “where are you from?”, “what’s your employment history?”, “where have you lived in the past 10 years?”.

How can you size up a person with the sterile questions demanded in application forms and the CV format? You see a CV in front of you with someone who’s had a number of short tenures, or periods of unemployment. You see an application form showing five different addresses in five different years. The first thing that comes to mind is this person is untrustworthy or mentally unstable, probably both, but if you actually sat down with them, in person, and asked them “tell me your story” the sterile data points would come to life.

 

 

The Best Cyber Security Tip yet? Don’t Have Secrets and to Hell with Intellectual Property

Medium Link

As anyone who’s undergone security clearance vetting knows, the main objective is ensuring that the candidate can’t be black mailed. That they don’t have some secret which can be used as leverage against them. This simple principle has broad implications, from intellectual property to piracy to a naughty browser history. Let’s examine privacy consent in positive and negative contexts.

When we talk about the right to privacy, what do we actually mean? Let’s not confuse contexts with legality and secrecy. It’s perfectly legal to purchase sex toys, but would you want your parents or your work colleagues knowing your adult toy purchasing preferences, or you porn browsing history? Most certainly not! That’s context. That’s what Incognito Mode is for.

The right to privacy is the right not have information about your activities be misused by leaking or doxxing. In short, the right to maintain context boundaries. This is the dark stuff, this is where the law must protect you. Negative freedom, freedom from having your information exfiltrated from differing contexts for the purpose of doing harm.

The European Union’s General Data Protection Regulation on the frontier here. Consent is key. Data can be a toxic asset, and we don’t want data about our browsing activities, purchasing habits or sexual preferences misused.

But data privacy rights isn’t just about negative freedom. It’s also about positive freedom; freedom towards. How reassuring is it to find that others have encountered the same problems we have and have already come up with a useful solution? This works on an individual level such as “which internet service provider gives me the best plan and customer service?” or “how do I solve problem X?”, to more general problems such as “how do I integrate this API with that service to solve challenge Y?”.

I work in technology consulting, and I’ve come to the conclusion that organisations aren’t all that unique. Organisations and businesses have common challenges, yet much like humans, they think they’re unique and their problems are special. Psychologists will say the same. Sorry snowflake, you’re not special, you’re just like everyone else!

The secret is differentiating common problems from special problems. How do we distinguish common problems from special problems? By sharing your problems with others, and by never thinking that the solutions you come up with are special and necessitate secrecy. Value lies in relationships and implementation details, not in intellectual property secrecy.

Have you ever successfully interviewed for a job by stating you have a cache of secret approaches to problems? Didn’t think so. You got the job by demonstrating you can work well with others and you have a good understanding of the knowledge domain you’re being hired for.

The devil is in the the details; in actually making something work. But the patterns, the tool set for approaching the problems are probably common knowledge in your industry.

So, to hell with secrecy! Actually implementing the solution requires the skill of the seasoned consultant. Re-inventing the wheel by keeping secret caches of code, of patterns, of diagrams, is both counter-productive and ineffective if not downright stupid.

It’s counter-productive because someone probably has already figured an approach to the problem you face, it’s stupid because your solution hasn’t been road-tested and it could also be risky because you’ve failed to take into account issues that the collective intellect has already come across and resolved.

So let’s put the fantasy of the lone genius in their garage who will come down from the mountain to regale us with their pearls of wisdom to rest for good. Most of the problems an individual or an organisation faces are faced by other individuals or organisations, so it’s safe to assume that the solutions to most of these problems can and have already been solved collectively. So when faced with a problem or challenge, start with the assumption that the problem has already been faced by others previously, and that a working solution has already been attempted. And if not, it’s a problem which merits collective troubleshooting, and the crowd will probably be better at figuring out a solution than some individual. And for god’s sake, share the solution, the pattern, the approach, with everyone. Actually implementing it to fix a specific problem will be a far greater challenge than coming up with that magical idea in the first place.

So share often, ask others, and don’t keep it a secret!

The need for Social News Aggregators

Attempts to create open source alternatives to Facebook failed. the reasons are similar to why Linux never really made it as a mainstream desktop OS: user interface, ease of use, lack of applications geared towards end users. Open source cannot compete will the technology giants, who can pour millions into developing partnerships and building their walled garden ecosystems.

But Linux is far from a failure. It is THE standard for server-side uses. Lesson here is one I repeat endlessly to clients. There’s no such thing as the ultimate product that can fulfill all possible use cases. Let Apple and Microsoft have their desktop OSes, let Google and Apple dominate the mobile space, let Facebook and Twitter dominate social networks. Social networks are great for banter, bragging, arguing, meeting new people & sharing otter videos. But we need to take back control of how we gather news and information. Yes, by resurrecting RSS and Atom possibly, by creating a Goodreads for news and blog aggregators.

It would be great to work on a social news and blog aggregator, integrated with facebook, so one can create lists and share them with FB friends, and have a twitter-like real-time feed of articles friends have read/shared/liked, or lists of interesting sources friends have created. I’ve found none so far that are free that do just that, but many tools and libraries exist, it’s just a case of patching them together.

%d bloggers like this: