This post was originally published on Medium here.
On the morning of a date sometime in March 2011, thousands of Iranian internet users logged into their Gmail accounts, completely unaware that they had just given their passwords to a hacker. The Dutch company, DigiNotar’s commercial certificate authority servers had been attacked, granting the hacker virtually unprecedented powers to commit identity fraud. Although the identity of the hacker is still unknown, they issued a series of fraudulent certificates for popular services such as Google’s Gmail. Because these certificates were signed by DigiNotar’s certificate authority, they were virtually undetectable, and trusted unquestionably by web browsers and their users.
Even after the breach was discovered, it remained difficult to establish exactly when the attack had occurred and exactly what personal information had been compromised, making it almost impossible to detect and contain the full extent of its consequences. Users around the world were affected, the attack shook the foundations of today’s digital infrastructure, and the situation eventually required the Dutch government’s intervention. Whilst steps were taken to prevent future attacks of this nature, it became painfully clear just how much of the day-to-day functioning of the internet depends on blind assumptions that trusted third parties are, in fact, trustworthy.
The 2011 attack was the “I told you so” moment that cryptography experts had predicted many years earlier. The reliance of users and devices on the services provided by “trusted third parties” like DigiNotar means that it is only a question of when such an attack might happen, and the basic problem of how to protect centralised trust services persists.
Introduction to Blockchains
In October 2008, a paper released under the pseudonym Satoshi Nakamoto proposed an elegantly eccentric mechanism for doing away with trusted third parties altogether. Bitcoin was an entirely novel digital currency whose integrity is ensured by its storage and the storage of all its financial transactions on a decentralised ledger called a blockchain. Nakamoto’s system is at once transparent and “trustless” because it replaces trusted third parties with a decentralised consensus algorithm.
To explain this rather abstract concept, it is useful to draw an analogy with actual systems of government and distinguish between merely (geographically) distributed systems and fully decentralised systems such as Bitcoin and its underlying blockchain.
Systems like DigiNotar support critical internet activities, and their functions are at once distributed and centralised; despite the geographic distribution of their components, their functional hierarchy remains centralised. Their design principles are “authoritarian” because the stability of their systems depends entirely on the authority of “governing” nodes.
These nodes are rather like the generals of an army: all commands directing the actions of their subordinates are transmitted through them. Their orders must be taken as indisputable and authoritative: they are the crucial organising links in the chain of command that guarantees the smooth, disciplined function of the system.
Protecting Data Without Trusted Third Parties
Some experts claim a decentralised, consensus-based blockchain would provide a DigiNotar-like certificate authority without the Achilles heel of vulnerable trusted third parties. Bitcoin has from the start been proposed both as a currency and a digital payments system. For those close to Bitcoin, the term trusted third party is used derisively, and usually when referring to existing financial institutions such as banks and organisations running financial trading markets. So it is not surprising that the financial sector, both domestically and abroad, have been the most sized by blockchain hype and fear of obsolescence.
Here Australia has followed the global trend, with the ASX scrambling to adopt this technology as a replacement for the CHESS post settlement platform. The main question here most non-technical users find themselves asking does is how do blockchain protect and simplify the lives of internet users? The age-old dilemmas of societal trust, public accountability and information ownership have until now largely been relegated to the domains of jurisprudence and political theory and it is here where we must take a step back. Data remains the key asset in this information age. Who defines and classifies it, who is responsible for it as it passes between individuals, businesses and national governments? Who should be held accountable? How do existing demarcation of legal jurisdiction apply to information on the internet?
Regulatory frameworks, as expected, have not kept abreast of technological innovation. A key response has been the European Union’s, updating the General Data Protection Regulation directive which is due to come into effect in May 2018. This new regulation broadens the definition of personal data and protections afforded to EU citizens, making it necessary for any company, regardless of nation of incorporation or physical location of this information.
This legislative trend However has not been reflected in Australia, with a recent federal high court ruling restricting the legal definition of personal data as it applies to existing privacy acts.
This court decision is paradoxical, given Australia’s love of technology, from contactless payments, to the long-running the debate over the GST-free threshold for online shopping, or Australia’s unenvious world leadership in the number of annual data breaches. Even in online government services, the Centrelink overpayments glitch belies Australia’s leadership, as the United Nation’s survey in e-Government services places us in second place globally.
Beyond Human identity
But what about blockchain uses in major Australian industries outside of finance? Blockchains are essentially a generic tool to store transactional data in a distributed, decentralised ledger — and control who has access to that ledger. The liberal Australian legislative environment and the challenges of providing necessary network infrastructure in the harsh, remote areas makes where industrial mining and agriculture tend to operate make the benefits of decentralised, peer-to-peer blockchains a natural fit, rather than applications in finance to replace consumer banking services. This feature also makes blockchains incredibly appealing to the doctors and hospitals that need secure access to a patient’s entire health history. “Now is probably the right time in our history to take a fresh approach to data sharing in health care,” says John Halamka, chief information officer at Boston-based Beth Israel Deaconess Medical Centre.
In the Internet of Things (IoT) would also reap huge benefits of the decentralised storages of device information on blockchains, particularly in agriculture and mining sectors where network connectivity is rare and intermittent. Whilst human identity remains malleable and context-dependent, connected electrical devices have a much simpler identity and this is where the Blockchain could be of use. Blockchains could provide industries with a mechanism for independently verifying the authenticity, integrity, and ownership of the technology devices necessary for large-scale industrial projects in these sectors. Some examples include the use of blockchains in connected devices in the mining industry such automated mining vehicles and the Digital Agriculture Program. Certified owners could issue command and control diktats to their devices: anything from a software upgrade to a new control routine. The devices would then “organically” distribute this command to peer devices within range. The authenticity of these commands could be verified by each participating node, and once confirmed, the device could transmit the command to neighbouring devices. Conversely, devices in remote areas which have been compromised by an unauthorised attacker would be blacklisted on the decentralized blockchain. Other devices would not trust it or accept any new orders it attempted to issue.
Dilemmas of trust and accountability are not everyday concerns to most citizens, yet a cohesive society rests on a sound legal system and a government which makes enforces it and is guided by it in protecting citizens rights. Blockchains are too complex technically to provide immediate, tangible benefits to consumers and are instead more appropriate in industrial applications. Such as in the dominant Australian industries: mining, agribusiness and healthcare.