Monthly Archives: August 2019

Posted on

Blockchain Network Topologies

Blockchains are hashed linked data structures replicated over a peer to peer network. In considering blockchain topologies we need to distinguish between the topology of the peer to peer network and the topology of the blockchain data structure.

Peer-Peer networks became prominent with the file-sharing application pioneered by Napster in 1999. File sharing was popular with many consumers sharing music or video files; however, it was much less popular with various copyright holders whose content was being shared without permission, and Napster eventually closed in 2001. File sharing continued with Gnutella, BitTorrent, and, others, though the underlying technology architectures evolved[1]. The node connectivity could be structured or unstructured. The files being shared could be centralized or distributed. Centralized file structures created a point of attack for opponents of file sharing, as did regular structured topologies. Peer – peer applications moved beyond file sharing with communications services like Skype.  

The nodes in peer-peer networks are not all completely meshed – each node is connected to a limited (and different!) set of peers.  Typically, less than 16 peers are sufficient[2] for the content to propagate through the peer-peer network, though specific performance with obviously be impacted by the processing power and bandwidth available to the nodes, and the content sharing protocols of the particular peer-peer network. In this model, nodes are also not required to be permanently connected – as long as some porting of the network remains active, new nodes can be connected, and the content propagates.

Permissionless blockchain systems rely on an unstructured public P2P network for information dissemination between participating peers. Flooding or gossip protocols are then used for the propagation of the required information to all peers so that the blockchain consensus protocols have the information they need. At design time, the node attachment and communication strategies that impact the topology of the network in operation are fixed. While a complete peer-peer network is not easily observable, these network characteristics are known to adversaries and can be targeted for attacks. The users of these permissionless blockchain networks have requirements[3] for their applications that typically include aspects such as performance, low participation cost, topology hiding, Denial of Service (DoS) resistance and anonymity. The tradeoffs between the implementation choices for these requirements are not well understood, and further work in these areas is expected to help improve the maturity of blockchain solutions.

[1] For a summary of file sharing approaches see, Masood, Saleha, et al. “Comparative Analysis of Peer to Peer Networks.” International Journal of Advanced Networking and Applications 9.4 (2018): 3477-3491

[2] For an example study on BitTorrent performance, see, Bharambe, Ashwin R., Cormac Herley, and Venkata N. Padmanabhan. “Analyzing and improving a BitTorrent network’s performance mechanisms.” Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications. IEEE, 2006.

[3] Neudecker, Till, and Hannes Hartenstein. “Network layer aspects of permissionless blockchains.” IEEE Communications Surveys & Tutorials 21.1 (2018): 838-857.

Posted on

Pharmaceutical Supply BlockChains

Beyond cryptocurrencies, blockchains have been proposed for applications in a number of different fields[1] including financial, integrity verification, governance, internet of things, health, education, privacy and security, business and industry. Applications may be a good fit for blockchain[2]  if multiple stakeholders are contributing; more trust is required between parties than currently exists; there an intermediary that could be removed or omitted to increase trust or efficiency; there is a need for reliable tracking of activity and there is a need for data to be reliable over time. One of the factors not on that is the degree of legal/regulatory headwinds or tailwinds that a new blockchain application would receive. Recall that blockchain applications are inherently distributed multiparty applications where trust is an issue. Such applications will almost always have some industry or market-specific legal/regulatory framework in place for the resolution of issues with existing transactions. While cryptocurrency applications may face some headwinds from existing legal regulatory frameworks (e.g. AML) that predate their invention, other applications may face more neutral or even favorable legal/regulatory environments.

Supply chain applications for blockchain have been proposed[3],[4] for some time, and with good reason – typical supply chains have multiple competitive actors; increased trust may be required for a number of reasons; optimizing supply chains with the addition or removal of actors is an ongoing process for most large enterprises and the needs for tracking and logging are increasing. The scale, structure, and dispersion of supply chains vary by industry and the complexity of the products and services being delivered. The components delivered through supply chains vary from traditional commodity products (e.g. minerals, agricultural products), complex manufactured goods (e.g., aircraft or smartphone components) or even intellectual property (e.g., software, digital assets). While tokens representing commodity products might be fungible, most of the other supply chain applications would seem to lend themselves more to non-fungible tokens. Indeed, for some supply chains, the scaling challenge lies in the large number of non-fungible tokens required e.g. consider the number of components in a modern jet aircraft.

Increased levels of terrorism, trade disruptions, and product diversion or tampering all support the need for increased tracking and logging of the provenance of the goods in the supply chain. Depending on the industry, there may be varying degrees of regulatory/ legal incentives for tracking/ logging provenance. Most industrial supply chains would seem to have a relatively neutral legal/regulatory environments. Even commodity metals may require provenance in some cases – (e.g. Tin, tantalum, tungsten, gold have supply chain laws/regulations in US[5] and EU[6]), but pharmaceutical supply chains have specific incentives to consider mechanisms to track provenance under the Drug Supply Chain Security Act (DSCSA) of 2013 . This outlines steps to build an electronic, interoperable system to identify and trace certain prescription drugs as they are distributed in the United States, and gives the FDA a 10-year timetable to implement the necessary standards and regulations in a phased approach. The FDA had an initial workshop on pilot projects in 2016  and recently extended the pilot project program in 2019. Several of the proposed pilot projects are explicitly based on blockchains or distributed ledger technology including:

Project Leads Pilot Project Title
IBM/KPMG/Merck/Walmart DSCSA Blockchain interoperability Pilot
IDLogiq IDLogiq Next Generation Advanced REAL FIPS-Compliant Cryptographic ID Authentication with Transaction Ledger Powered by Blockchain/Distributed Ledger Technology for Decentralized Heterogeneous Global Network Computing Environment
MediLedger MediLedger DSCSA Pilot
Rymedi DSCSA Implementation in Intra and Inter Healthcare System Medicine Transfers
TraceLink DSCSA Traceability with Distributed Ledgers and Digital Recalls Project Proposal
UCLA Health UCLA-LedgerDomain: DSCSA Solution Through Blockchain Technology

 While the DSCSA legislation and FDA actions to date are not technology-specific, this does provide significant legal/regulatory tailwinds for blockchain-based applications in the pharmaceutical supply chain. The phased approach of the FDA also helps the pharmaceutical industry to mature the blockchain solutions before the final regulations come in place by 2023. 

If you are looking for a book that provides a detailed overview of the legal implications of blockchain technology and smart contracts, then “Blockchains, Smart Contracts, and the Law” is the perfect choice for you. This book is written clearly and concisely, making it easy to understand even for those who are new to the topic.

[1] F.Casino, et.al.  “A systematic literature review of blockchain-based applications: Current status, classification and open issues,” Telematics and Informatics, vol. 36, pp. 55-81, 2019.

[2] According to – M. Englehardt, “Hitching healthcare to the chain: An introduction to blockchain technology in the healthcare sector.,” Technology Innovation Management Review, vol. 7, no. 10, 2017.

[3] M. Casey, P.Wong, “Global Supply Chains Are About to Get Better, Thanks to Blockchain”, Harvard Business Review, March 13, 2017

[4] T.Felin, K. Lakhani, “What problems will you solve with blockchain?”, MIT Sloan Management Review, Fall 2018

[5] Dodd-Frank Act Section 1502 and SEC implementation rules at 17 CFR 229.

[6] Regulation (EU) 2017/821 of the European Parliament.

Posted on

AML Primer for Crypto Enthusiasts

Money laundering is a process of taking the proceeds of criminal activity and making them appear as if they have been lawfully obtained (criminalized in the US under  18 U.S. Code § 1957). UNODC estimates the scale of money laundering at 2-5% of global GDP. Criminal activities in narcotics and later terrorism were the primary motivation for increased surveillance of financial transactions in the US and abroad under the rubric of Anti Money Laundering (AML) enabling legislation, starting with the Bank Secrecy Act of 1970 (BSA), (31 U.S.C.A. §§ 5311 et seq.). 

UN activities through the Office on Drugs and crime have a global program encouraging similar legislation and regulation in other countries as well as related UN conventions starting with the 1988 UN convention against Illegal traffic in Narcotic drugs. These international legal coordination activities are relevant for crypto enthusiasts because the peer-peer networks underlying many cryptocurrencies are inherently international.  UN resolutions in 2005 and 2006 also recognized the importance of more specific recommendations from the Financial Action Task Force (FATF). FATF recently issued their Guidance for a risk based approach to Virtual Assets and Virtual Asset Service Providers; this provides common terminology and interpretation of how other FATF regulations should be interpreted in the case of virtual assets such as crypto currencies (whether fiat backed or not) and considering the roles of virtual asset service providers that provide services to exchange cryptocurrencies (whether to fiat currencies or other virtual assets), as well as some comparisons of the relevant regulatory regimes in several different countries. All of the enabling legislation predates the release of Nakamoto’s Bitcoin whitepaper in 2008.

At the federal level, FINCEN  regulates  money transmission in coordination with State regulations and laws on money transmission. To the extent that a virtual asset is a security, the SEC has regulatory and enforcement authority and securities require registration with FINRA. Virtual assets that may qualify as commodities or derivatives (e.g. futures) would be within the jurisdiction of the CFTC; and require registration with the National Futures Association (NFA). US financial sanctions (which apply to transactions in cryptocurrencies as well as fiat currency)  are administered by OFAC.

Many cryptocurrency exchanges fall within the category of Money Transmitters under the BSA, thus requiring registration with FINCEN and additional state licensing. State money transmitter laws vary and not all State address cryptocurrencies explicitly. The money transmitter laws and regulations are not specific to cryptocurrencies and include some potentially broad categories such as Money Service Businesses (MSBs). The MSB definition in §1010.100 (ff) is fairly complex and broad interpretation may imply that even businesses accepting cryptocurrencies need to register as MSBs.

FINCEN registration and AML reporting  and other AML compliance program requirements are identified under 31 CFR Chapter X. In particular, reporting by MSBs is required for Currency Transaction Reports (CTRs) (under §1022.310) and Suspicious Activity Reports(SARs) (under §1022.320), with threshold transaction amounts and red flag indicators triggering reporting. Money transmitters have been required to submit electronic SARs and CTRs since 2013.  The number of CTRs is largely driven by economic transaction activity; SARs are more driven by the compliance programs of the Money Transmitters. While SARs are not specific to cryptocurrency transactions, FINCEN publishes aggregate statistics on SARs; and, 10s of thousands of SARs are generated in a year within a single state.

FINCEN also recently issued an advisory on illicit activity involving convertible virtual currency. They have also initiated enforcement actions against cryptocurrency exchanges that failed to register as MSBs.

Businesses involved with cryptocurrencies clearly need to review their registration and compliance procedures for conformance with the relevant AML regulations in their jurisdictions. This is not just a US phenomenon – since the FATF’s Guidance for a risk based approach to Virtual Assets and Virtual Asset Service Providers, other jurisdictions  (e.g., the Swiss FINMA) are issuing similar AML guidance even as they proceed with licensing crypto exchanges.

Posted on

Blockchain Maturity

Blockchain technologies are seen by many as a key infrastructure component enabling a wide variety of new applications – from Accounting applications like share registries, Biotech blockchains, Cryptocurrencies and down through the rest of the alphabet. While many claims are made for blockchains, the resilience of an infrastructure based on a peer-peer network operating autonomously of centralized actors is seen as key for what seems to be emerging as an infrastructure software layer for many fintech applications, if not the wider Internet.  While there are multiple blockchain architectures; beyond the peer-peer infrastructure and the blockchain data structure itself, many blockchains support a distributed applications layer of dApps or Smart contracts executing on the underlying blockchain infrastructure. Blockchain appears poised for wider adoption with open-source implementations available, large scale existing deployments in cryptocurrency mining and large commercial entities reportedly exploring and, in some cases, deploying the technology.  But is the technology really mature enough for wide-scale public use?

Adoption of a new technology can be limited by readiness or maturity issues in the operational processes using the new technology, the staff driving those processes, or the development of the blockchain itself.  Process maturity is typically measured with a 5-point scale such as:

  1. Initial               (not under statistical process control)
  2. Repeatable     (the organization has a stable process with repeatable levels of statistical process control and rigorous project management)
  3. Defined           (the process is defined for consistent implementation)
  4. Managed         (the process is comprehensively measured and analyzed)
  5. Optimizing      (the process is continuously improved)   

These five levels have been adapted for use in a number of different industries. The blockchain software components (peer-peer network, blockchain data structure, consensus protocols, etc.) could be evaluated on such a scale. In a similar fashion, the operational context (market, regulation, consumer/ operator use-cases, etc.) could also be evaluated. Blockchains are inherently distributed applications (otherwise a centralized database could be used).  With distributed applications, multiple actors are involved.  Multiple independent human actors add complexity to process evaluations because their individual evaluations of the process maturity may be different, and their understanding of the expected operational use-cases may also differ. While there have been proposals[1] for blockchain maturity models, it is not clear how widely supported they are.  

To err is human, and the open-source blockchain developers have demonstrated their humanity in a number of ways[2]. What matters more is the process for resolving those inevitable bugs. One approach to tracking maturity, particularly for open source projects is the core infrastructure initiative  (CII) from the Linux Foundation.  This provides not just tooling and education, but also a (free) badging program for open source projects to attest to their adherence to industry best practices. CII is not restricted to Linux Foundation projects;  but as might perhaps be expected,  Hyperledger projects do report on CII; unfortunately, Etherium does not; though there are a number of other blockchain projects that do.

If blockchain systems and technologies are to live up to their promise as future infrastructure, then their maturity needs to be demonstrated. Developers and open source communities have tools like CII to demonstrate the maturity of their software. Users of blockchain software should ask their suppliers for evidence of the maturity of their products. Beyond the software, other aspects (e.g., market and regulatory dimensions) may need industry-specific adaptions of the process maturity scale to evaluate the operability of blockchain proposals in their context.

[1] See e.g., Wang, H., Chen, K. & Xu, D. Financ. Innov. (2016) 2: 12. https://doi.org/10.1186/s40854-016-0031-z

[2] See e.g., Wan, Z., Lo, D., Xia, X., & Cai, L. (2017, May). Bug characteristics in blockchain systems: a large-scale empirical study. In 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR) (pp. 413-424). IEEE.

Blockchain Loyalty: Disrupting loyalty and reinventing marketing using blockchain and cryptocurrencies 2ed by Philip Shelper (Loyalty & Reward Co Pty. Ltd., 2019)

Philip Shelper surveys the intersection of blockchain and customer loyalty programs. Beyond transferring cryptocurrency as a customer reward in place of miles or points, he considers other enterprise loyalty strategies including:

  • A loyalty program powered by a single token
  • A loyalty program powered by an existing cryptocurrency
  • Many loyalty programs powered by multiple new cryptotokens on a single platform
  • A security token supported by a loyalty program
  • A loyalty program enhanced by an enterprise blockchain loyalty solution.

The regulations on blockchains and cryptocurrencies are continuing to evolve and may impact loyalty programs based on them. See e.g. Blockchain Loyalty Programs.

Posted on

Blockchain Loyalty Programs

“What gets us into trouble is not what we don’t know. It’s what we know for sure that just ain’t so.”
― Mark Twain

Under current taxation regimes, cryptocurrencies are treated as property by the IRS, which implies a host of existing rules and regulations regarding the reporting and taxation of property transactions.  This reporting and tax collection can be manually burdensome and is rarely automated given the current state of the technology. The IRS has recently started increased enforcement actions on cryptocurrency transactions. Blockchain and cryptocurrency enthusiasts have sought to apply some of the underlying technology and concepts in a variety of other ways to avoid these burdens.  One proposed use is in customer loyalty programs.

Customer loyalty programs can provide differentiation and sustain competitive advantages, particularly where the switching costs are low[1].  Customer loyalty programs have a long history with applications in the 1700s and 1800s with tokens and stamps that could be used by the customer for discounts on future purchases with the same supplier. Perhaps the modern stereotype is the frequent flyer mile. Originally acquired and used solely for air travel, these can now be acquired without using air transport and exchanged for a variety of other goods and services.  While typically not fungible beyond the partner ecosystem, customer loyalty tokens (e.g. frequent flyer miles) are sometimes seen as alternative currencies by both the creators and users. The analogy with cryptocurrency schemes as an alternative currency seems obvious.

Most consumers don’t think about taxation of their frequent flyer miles; and, most would typically assume that they are not taxable.  This, unfortunately, ain’t always so. The IRS has issued limited guidance on the taxation of frequent flyer miles with IRS announcement 2002-18 stating they would not pursue a tax enforcement program on frequent flyer miles – and not that these were not taxable. This relief does not apply to travel or other promotional benefits that are converted to cash, to compensation that is paid in the form of travel or other promotional benefits, or in other circumstances where these benefits are used for tax avoidance purposes. And there are a couple of court cases[2] where the value asserted in a frequent flyer miles transaction has exceeded de minimus limits and resulted in the issuance of 1099-MISC income statements with tax impacts. There are many variants in customer loyalty programs and opinions on the practicality of heir taxability[3]. Unexpected tax enforcement against consumers of loyalty program tokens would significantly impact the value of such programs.  No consumer-facing company wants to give its customers promotional tokens that result in tax problems from unexpected liabilities or reporting concerns.

Considering the potential for increased tax enforcement against cryptocurrency transactions, proponents of blockchain-based customer loyalty programs should consider how closely their proposed loyalty programs match the original concept of discounts against future purchases with the same supplier vs fungible alternative currency.

For companies considering a blockchain-based loyalty program there are additional considerations. FINCEN has recently issued guidance involving convertible virtual currencies.   While this guidance seems directed to virtual currency exchanges, it is not clear that businesses exchanging virtual currencies for goods and services are exempt. If applicable, then the business would need to comply with state money transmission regulations. This gives companies considering blockchain-based loyalty programs added incentives for restricting the program to match the original concept of discounts against future purchases with the same supplier vs fungible alternative currency.

Blockchain-based customer loyalty programs are not impossible; however, due diligence needs to be undertaken with the applicable regulations, to ensure the loyalty program is designed appropriately.

[1] A. Nastasiou, M. Vandenbosch, “Competing with loyalty: How to design successful customer loyalty reward programs”, Business Horizons Vol 62, Is 2. March-April 2019 pp 2017-214.

[2] See e.g., Shankar v Commissioner 143 T.C. No 5 (2014), Hirsch v Citibank (S.D.N.Y) Case 1:12-cv-01124-DAB-JLC (2016)

[3] J. A. Mankin, J.J. Jewell, “Frequent Flyer Miles as company scrip: implications on taxation” Business Studies Journal, Vol 7, No. 1, 2015