Blockchains, Smart Contracts, and the Law

“Blockchains, Smart Contracts, and the Law” is a comprehensive guide to the legal implications of blockchain technology and smart contracts. The book is suitable for a wide range of audiences, including:

Lawyers and legal professionals: This book provides a detailed overview of the legal implications of blockchain technology and smart contracts. It covers a wide range of topics, including token assets as money, token assets as property, decentralized finance, token assets as securities, blockchain operations, decentralized autonomous organizations, tokens as real estate, blockchain and open source, and blockchain justice. Legal professionals can use this book to gain a deeper understanding of the legal implications of blockchain technology and smart contracts, and how they can be applied in practice.
Business executives and entrepreneurs: This book provides a comprehensive overview of the legal implications of blockchain technology and smart contracts, and how they can be used to create new business opportunities. Business executives and entrepreneurs can use this book to gain a deeper understanding of the legal implications of blockchain technology and smart contracts, and how they can be applied to create new business models and revenue streams.
Blockchain developers and engineers: This book provides a detailed overview of the legal implications of blockchain technology and smart contracts, and how they can be applied in practice. Blockchain developers and engineers can use this book to gain a deeper understanding of the legal implications of blockchain technology and smart contracts, and how they can be applied to create new blockchain-based applications and services.
Academics and researchers: This book provides a comprehensive overview of the legal implications of blockchain technology and smart contracts, and how they can be applied in practice. Academics and researchers can use this book to gain a deeper understanding of the legal implications of blockchain technology and smart contracts, and how they can be applied to create new research opportunities and areas of study.
General readers: This book provides a comprehensive overview of the legal implications of blockchain technology and smart contracts, and how they can be applied in practice. General readers interested in blockchain technology and smart contracts and how they are changing the world around us, can use this book to gain a deeper understanding of the legal implications of these technologies

blockchains, smart contracts, and teh law

“Blockchains, Smart Contracts, and the Law” is a comprehensive guide to the legal implications of blockchain technology and smart contracts. The book is divided into ten chapters, each of which covers a different aspect of the topic. The first chapter, “Digitization and Remote Agency,” discusses the impact of digital transformations on remote life, signatures, witnesses, and blockchain jurisdiction. The second chapter, “Token Assets as Money,” explores the characteristics of money, US monetary laws, cryptocurrencies as legal tender, monetary malfeasances, agencies of monetary regulation, alternative financial payment and settlement arrangements, and central banks and digital currencies. The third chapter, “Token Assets as Property,” covers token taxation, privacy considerations with blockchain tokens, and references. The fourth chapter, “Decentralized Finance,” compares DeFi vs TradFi/CeFi, decentralized exchanges, and references. The fifth chapter, “Token Assets as Securities,” discusses investments, securities, commodities, token classification tests, token investment performance, and references. The sixth chapter, “Blockchain Operations,” covers blockchain mining/validation and energy, MEV, Flashbots, transaction fees, self-custody & account abstraction, password/account recovery mechanisms, and references. The seventh chapter, “Decentralized Autonomous Organizations,” explains what a DAO is, legal entity status for DAOs, legal issues with DAOs, and references. The eighth chapter, “Tokens as Real Estate,” discusses physical real estate tokens, real estate recordation, virtual real estate tokens, legal issues with real estate transactions via blockchains, and references. The ninth chapter, “Blockchain and Open Source,” covers code repositories, open-source licenses, the role of foundations/non-profits, the role of whitepapers, the role of DAOs, and references. The tenth chapter, “Blockchain Justice,” discusses blockchain dispute resolution and the rise of blockchain ADR mechanisms. Tokens as artworks are discussed in the eleventh chapter, while credential applications are discussed in the twelfth chapter and provenance applications in the thirteenth chapter. The final three chapters cover smart contracts and insurance, estate planning and blockchains, and blockchain voting. The book also includes appendices on hash functions and financial industry terminology.

blockchains, smart contracts and the law

“Blockchains, Smart Contracts, and the Law” is a comprehensive guide to the legal implications of blockchain technology and smart contracts. This book is an essential resource for anyone who wants to gain a deeper understanding of the legal implications of blockchain technology and smart contracts. Whether you are a lawyer, business executive, entrepreneur, blockchain developer, engineer, academic, researcher, or general readers interested in blockchain technology and smart contracts, this book provides a comprehensive overview of the legal implications of these technologies and how they can be applied in practice. If you are interested in purchasing this book, you can find it on Amazon and other online retailers. The book is available in both paperback and hardback formats. Don’t miss out on this opportunity to gain a deeper understanding of the legal implications of blockchain technology and smart contracts. Order your copy today!

Blockchains, Smart Contracts and the Law

If you are looking for a book that provides a detailed overview of the legal implications of blockchain technology and smart contracts, then “Blockchains, Smart Contracts, and the Law” is the perfect choice for you. This book is written clearly and concisely, making it easy to understand even for those who are new to the topic. The book is divided into sixteen chapters, (and two appendices) each of which covers a different aspect of the topic. Here are some quotes from experts in the field that support the book:

“For a highly readable and reliable roadmap to the blockchain universe you won’t find a better guide than Steven Wright, whose lens captures the scope and details of this world from the heights of the monetary system and tokenomics to the inner workings of bitcoin mining, synthetic derivatives, hash functions and more. I’ll be keeping this encyclopedic work not just in my library for interesting reading, but by my desk as an indispensable guide to this rapidly-evolving landscape.”

Charles N. Bowen
Founder, Legal Path LLC / Adjunct Professor, Georgia State University College of Law

Don’t miss out on this opportunity to gain a deeper understanding of the legal implications of blockchain technology and smart contracts. Order your copy of “Blockchains, Smart Contracts, and the Law” today!

Posted on Saturday, November 11, 2023

Organizational Readiness/Maturity Considerations for Adoption of Blockchain & DAOs

Blockchain - technology vs organization (DAOs)

Achieving a digitalized economy assumes a process of digital transformation with digital technologies being adopted and new management techniques to effectively manage the identification of suitable technologies; match technologies with organizational opportunities; and then administer the organization in the digitalized economy. Digital transformation involves new concepts, radical innovation, and radical organizational change across multiple organizational dimensions. Blockchains can be considered a form of digital transformation for organizations. An aspect of the radical nature of blockchains flows from the capabilities it can provide for trustworthy transactions between organizations. Blockchains are associated with a decentralized implementation architecture which often contradicts centralization assumptions inherent in both IT infrastructure (e.g., Client-Server) and in organizational processes and management structures. Blockchains also enable Decentralized Autonomous Organizations (DAOs) which may be better considered as a software implementation of organizational governance rather than a typical technology for process automation.

Blockchain Technology (including DAOs)

This creates opportunities for new business models by disintermediation of some parties to traditional transaction flows in the same industry or supply chain. Multiple parties have to agree to adopt the new style of transactions. Decentralization is an architectural approach to restructuring the power and influence of elements within an economic system. Early approaches to decentralized distributed computing (such as Autonomous Decentralized Systems (ADSs) focused on building operational resilience for large-scale infrastructure, more recent DAO innovations have focussed on the organizational aspects. Both intra-organizational and inter-organizational technology adoption tend to be analyzed with similar frameworks such as the Technology, Organization, and Environment (TOE) framework. While most technology adoption frameworks focus on a single organization, blockchain exhibits network effects when deployed across multiple organizations.

Blockchain ( & DAOs) in or between organizations

The digital transformation of an organization for the digitalized economy goes beyond mere technology adoption within existing organizations and includes new forms of digital native organizations such as DAOs. Scorecards and metrics have been applied in many areas within organizations from accounting to ethics; but multiparty technology adoption has an additional scope that metrics within a single organization do not. Metrics and scorecards help organizations evaluate their readiness for blockchain implementations. Organizational readiness and maturity metrics for effectively utilizing blockchains have to address the broad range of business considerations that management should consider when evaluating opportunities for digital transformation via blockchain. A digitalized economy, and blockchains, need readiness metrics that apply across organizations.

For additional information refer to Wright, S. A. (2022). Organizational Readiness/Maturity Considerations for Blockchain Adoption. In Handbook of Research on Digital Transformation Management and Tools (pp. 344-365). IGI Global.

Posted on Sunday, September 10, 2023

IoT Blockchains for Digital Twins

Digital twins (DTs) have emerged as a critical concept in cyberspace infrastructure. DTs are fit-for-purpose digital representations of an observable manufacturing element with a means to enable convergence between the element and its digital representation at an appropriate rate of synchronization. Human DTs (HDTs) are also emerging for healthcare and social interaction. Blockchain Digital Twins (BDTs) are a subset of the DTs that incorporate blockchains to provide additional trust-based features, typically relying on underlying capabilities of IoT Blockchains. The ITU-T recognized DTs as a use case driving additional requirements for 6G features.

Blockchain Digital Twins

The value provided by DTs relies on their fidelity in representation. A dynamic DT maintains a digital representation of the current state of the physical object. Blockchains provide trust assurance mechanisms, particularly where multiple parties are involved. For users of DTs to benefit from this digital representation, they must trust that it provides an adequate representation for their purposes. The expected life cycle operations of the IoT, blockchain, and DT need to be considered to develop economically useful blockchain digital twin (BDT) models. Blockchains can be used for assurance of authenticity of actions by DT. BDTs do not exist in isolation, but rather within a DT environment (DTE). A metaverse as a collection of virtual worlds may include virtual worlds that are DTEs ie capable of supporting the operation of DTs within them. A DTE may include multiple DTs of different objects to enable interactions between these objects to be evaluated in both virtual reality and mixed reality cases.

To populate DTEs with multiple DTs requires industrialized tooling to support the rapid creation of DTs.The industrialization of DT creation requires frameworks, architectures, and standards to enable interoperability between DTs and DTEs. While blockchains developed from fintech applications, BDT applications will have different requirements for blockchain features and performance – e.g. in notions of privacy.

For further information refer to Wright, S. A. (2023). IoT Blockchains for Digital Twins. In Role of 6G Wireless Networks in AI and Blockchain-Based Applications (pp. 57-79). IGI Global.

Posted on Monday, February 20, 2023

Blockchain Enabled Decentralized Network Management in 6G

The Internet has evolved from a fault-tolerant infrastructure to support both social networking and a semantic web for machine users. Trust in the data, and the infrastructure, has become increasingly important as cyber threats and privacy concerns rise. Communication services become increasingly delivered through virtualized, software-defined infrastructures, like overlays across multiple infrastructure providers. Increasing recognition of the need for services to be not only fault-tolerant but also censorship-resistant while delivering an increasing variety of services through a complex ecosystem of service providers drives the need for decentralized solutions like blockchains. Service providers have traditionally relied on contractual arrangements to deliver end-to-end services globally. Some of the contract terms can now be automated through smart contracts using blockchain technology.

Blockchain network management

This is a complex distributed environment with multiple actors and resources. The trend from universal service to service fragmentation, already visible in the increasing IoT deployments using blockchains, is expected to continue in 6G. Virtualization of the infrastructure with NFV-SDN make prevalent the concepts of network overlays, network underlays, network slices. In the 6G era, it seems that service providers will need to provide network management service assurance beyond availability including aspects such as identities, trustworthiness, and censorship resistance.

Blockchains are not only proposed for use at a business services level but also in the operation of the network infrastructure including dynamic spectrum management, SDN and resource management, metering and IoT services. Traditional approaches to network management have relied on client–server protocols and centralized architectures. The range of services offered over 6G wireless that need to be managed is expected to be larger than the variety of services over existing networks. Scaling delivery may also require additional partners to provide the appropriate market coverage. Management of 6G services needs to support more complex services in a more complex commercial environment, and yet perform effectively as the services and infrastructure scale.

Digital transformation at both network operators and many of their customers has led to a software-defined infrastructure for communication services, based on virtualized network functions. Decentralized approaches for network management have gained increasing attention from researchers. The operators increased need for mechanisms to assure trust in data, operations and commercial transactions while maintaining business continuity through software and equipment failures, and cyberattacks provide further motivations for blockchain-based approaches. These architectural trends towards autonomy, zero touch and zero trust are expected to continue as a response to networking requirements. Blockchain infrastructures seem to provide an approach address some of these requirements.

Blockchain-enabled decentralized network management is disruptive change to existing network management processes. The scope and scale of the 6G network management challenge supports the need for these types of network management architectures. Both technical and commercial or organization challenges remain before the wider adoption of these technologies. Blockchain-enabled decentralized network management provides a promising framework for considering the operational and administrative challenges expected in 6G communications infrastructure.

For further details refer to Wright, S.A. (2022). Blockchain-Enabled Decentralized Network Management in 6G. In: Dutta Borah, M., Singh, P., Deka, G.C. (eds) AI and Blockchain Technology in 6G Wireless Network. Blockchain Technologies. Springer, Singapore. https://doi.org/10.1007/978-981-19-2868-0_3

Posted on Sunday, November 7, 2021

Towards a Blockchain Voting Roadmap

Voting systems are a problem space that matter to humans because of the actions required of participants, and the impacts of voting decisions. Reports of unauthorized voting, of possible election interference by foreign powers, of voter disenfranchisement, and of technological failures call into question election integrity. Automated voting systems promise efficiency and improved accuracy. This improvement comes from elimination in the electoral processes of humans that may be error prone, or otherwise biased. Information, computing, communication and connectivity technologies offer capabilities that are not leveraged by existing paper voting systems.

Maybe it is time fore some outside of the box thinking. Suitable electronic systems may enable other democratic forms beyond representative democracy or direct democracy. From the perspective of an existing voting process, blockchain voting systems are an example of digital transformation. Transforming voting is also subject to a number of risks or threats regarding political exclusion, legitimacy issues, identity and privacy/ secrecy concerns.

Roadmaps as a retrospective provide the opportunity to learn from past mistakes. But, the main value of prospective technology roadmaps, is as a decision aid in developing the technology. Such roadmaps identify the sequence of evolutionary technology improvements needed. Community engagement and recognition of roadmaps as emergent rather than centrally planned are key.

Deployments of new voting systems by election organizers is easier in “greenfield” situations. This is because existing voting procedures do not need to be displaced. Election organizers have used a variety of different implementation and delivery models for other voting systems. These implementation and delivery models could be applied by election organizers for a blockchain based voting system as well. A blockchain voting system could be designed for a single organization. An alternative design might prefer a single instance be usable by multiple organizations. The designer of a blockchain voting service could offer it “as a Service”. The Service hides the implementation details. Alternatively, the developer could build on an existing blockchain infrastructure where the blockchain implementation is explicit.

Roadmaps can provide a decisional framework; and identify milestones to determine progress. Roadmaps with fewer dimensions help to concentrate efforts to improve performance in those dimensions. Roadmapping can help clarify the different areas where blockchain voting systems may be more easily implementable and deployable. Blockchain voting systems targeting market based or corporate governance may be more tractable in the near term. Establishing broader consumer familiarity with the technology may eventually lead to use in political governance. To read further a lengthier published article is available : Towards a Blockchain Voting Roadmap

Whether you are a researcher, business professional, or social entrepreneur, the solutions you develop to the problems that you face matter! Framing and reframing the problem from different perspectives can enable you to see past constraints. These constraints may not exist from a different perspective. Developing a client-centric, solution-agnostic problem statement can enable the needed creative thinking.

If you need help bringing the power of perspective to your clients’ needs problem statement contact me.

Posted on Wednesday, November 11, 2020

Blockchain smart contracts to improve consumer engagement?

Technology entrepreneurship has enabled the widespread commercial adoption of internet technologies. These internet technologies have reformed consumer commercial experiences towards an online environment. As the online consumer experience becomes more predominant, various actors have recognized the significance of developing appropriate regulations for online consumer experiences to reflect various policy objectives including consumer protection. Network efficiencies and large-scale infrastructures enable a single provider to deliver services to mass market consumers. Contract negotiation at such scale is typically not the “meeting of the minds” envisaged by contract law as crafting terms carefully considered by knowledgeable parties. Such services are typically delivered under terms of service developed by the service provider alone; and accepted by the consumer with a single click and little if any consideration.

Consumers typically ignore these terms of service in reliance on consumer protection laws or the courts to ensure fair treatment. Consumer protection laws have focused primarily on requirements directed at the service provider. Common law courts have contract defenses against unconscionable terms, but these rely on community standards of reasonable behavior which may be difficult to ascertain when the adoption of new technologies and practices is not uniform. The successful adoption of new internet-based technologies and commercial practices has encouraged more technology entrepreneurship in a positive feedback cycle.

Electronic signatures have become the norm as transactions increasingly move online, unfortunately with little thought or evaluation by consumers. A swath of new internet-based technologies and commercial practices enabled by blockchains are expected to become mainstream within the near future. Regulatory and Policy decision makers are considering necessary regulatory changes as these technologies evolve to support a greater range of more complex transactions affecting not just financial assets, but also cyber physical infrastructure.

To avoid the problems created by oblivious signatures, some efforts at increasing consumer engagement with the terms of service may be a useful and tractable step towards improved consumer experiences. In comparison, previous efforts focused on the plain language movement may have increased comprehensibility ultimately failed to achieve the necessary consumer attention for a true “meeting of the minds”. Blockchain smart contracts appear to provide promising capabilities to enable greater consumer engagement with the terms and conditions of the online services by enabling e.g. multiple signatures per transaction, and more sophisticated transaction logic to verify engagement. If service providers and regulators will also engage, by considering such click through licensing processes through the lens of consumer engagement, consumer orient blockchain smart contracts could become more widespread.

I’ll be presenting a technical paper on this approach at the International Symposium on Technology and Society 2020. If you’d be interested to discuss this topic further please contact me Dr Steven A Wright.

Posted on Sunday, October 20, 2019

Practicing Privacy in IoT Blockchain Design and Operation

Design patterns have been proposed as a method to improve the consistent application of proven solutions across designs. Privacy in operational IoT blockchains today is mostly an attestation from the operator of the service based on IoT. Privacy testing in operational systems an opportunity for further improvement. Privacy risks, threat model and requirements are continuing to evolve and IoT systems will need to evolve with them. [Alqassam 2014]. Privacy threats need to be managed throughout the operational life cycle of the IoT blockchain including changing sensors, upgrading software, etc. Privacy patterns can help maintain consistency across these disruptions; though testing and attestations will also have a role to play.

Privacy patterns for IoT Blockchain Design

Developers often use the vocabulary of data security to approach privacy challenges, and software architectural patterns frame privacy solutions that are used throughout the development process [Hadar 2018]. There are over 100 IoT design patterns in the literature, but very little explicit identification of IoT design pattern reuse [Washizaki 2019]. As a “step” toward solving security and privacy concerns, [Bloom 2018] identified common input-output (I/O) design patterns that exist in Industrial IoT applications, but these design patterns don’t address the full scope of privacy threats, nor the blockchain aspects. [Xu 2018] collects blockchain design patterns, but these mainly identify privacy as an area for further improvement. [Wirth 2018] provides an initial blockchain and smart contracts architectural blueprint claiming GDPR compliance. [Pape 2018] considers privacy patterns in the IoT architecture, assuming a three-layer service delivery model based on fog computing, and does not consider blockchain aspects, nor an explicit data controller role. The privacy patterns [Pape 2018] identified included: personal data store, data isolation at different entities, decoupling content and location visibility, added noise measurement obfuscation, aggregation of data, data aggregation gateways, and single point of contact. A more comprehensive list of privacy patterns, though not targeted at IoT, is online at https://privacypatterns.org/patterns/. Privacy patterns abstract away from the detailed solution of specific PETs. At best, privacy design patterns align with specific privacy threat models, and the suite of patterns covers the full scope of privacy threats. Privacy design patterns can provide a useful common abstraction for communication between the designers and operators of IoT blockchain during its design and operational lifecycle.

Privacy Testing

Modern software development practices like devops, CI/CD, etc. have an emphasis on the availability of system tests to ensure key use cases remain valid during development. Some methodologies (e.g. Design for Testability) go further and require the development of tests before the development of the code. It would be helpful if privacy design patterns had industry consensus methods to verify correct implementation and operation.

Testing in the context of distributed architectures like IoT and blockchains adds additional complexity. [Pontes 2018] formalizes the notion of a pattern-based IoT testing method for systematizing and automating the testing of IoT ecosystems. It consists of a set of test strategies for recurring behaviors of the IoT system, which can be defined as IoT test patterns. Unfortunately, these did not address the scope of privacy concerns. Similarly, the blockchain literature has few examples of automated test suites (see e.g., [Gao 2019]). Neither of these test patterns is specific to privacy. [Muntes-Molero 2019] proposes an approach towards continuous monitoring for privacy risk control in trustworthy IoT systems. The assumption of trustworthy systems requires additional justification. Blockchains can be designed to achieve secure consensus results despite running on untrusted nodes in a peer-peer network. With little in the literature beyond penetration testing (e.g., [Probst 2012]), testing of assertions that privacy threats have been resolved seems an area for further research.

Given the scope of privacy concerns, privacy testing is unlikely to be accomplished by a single test. While many traditional notions of privacy focus on disclosure, recent regulatory initiatives have created new requirements for user controls. While those controls may be implemented with manual procedures in the short term, IoT blockchain architectures can be expected to evolve to provide automated support for these features, and that will need to be tested. An IoT blockchain may be assembled from different components, and will likely evolve over its operational life as new components are added, software updated, etc. Privacy testing will need to apply both at the component level and cumulatively across the larger architecture, and during run time operations.

Privacy Attestation

Some [Wirth 2018], [Bansal 2008] have noted that trademarks and certification seals may be useful for consumers to identify and trust products and services that provide privacy assertions (e.g., conformance to privacy regulations such as the GDPR). Certification schemes usually require independent verification/ testing to assure the quality of certified goods/services. While privacy testing regimes are still in early stages of development, attestations by entities operating services based on IoT blockchains may provide some interim assurance. This may require similar assurances and indemnification through the component supply chain.

The scope of the attestations that consumers may require to protect their privacy and build trust needs further consideration. Solove’s taxonomy is now incomplete as it does not include the more recent regulatory initiatives like GDPR that mandate some degree of control of the data by the data subject. Traditional data access controls (Create/Read/Update/Delete) are helpful, but more nuanced controls may be required to constrain privacy threats from information processing and secondary uses. GDPR takes a step in this direction by identifying the data controller role and imposing privacy-related obligations on data controllers. IoT blockchain architectures could support a limited set of more nuanced operations on private data through SMC. The SMC code could be open-sourced and inspectable to provide assurances of correct operation. Moving the computing algorithms to the data like this may reduce the amount of attestation required to build trust.

Privacy is an ongoing operational concern, not just a design-time objective. The IoT blockchain architecture, though, it will need adequate capabilities to be designed in so that operators of services based on them will be able to make adequate assurances to their customers, and perhaps their regulators as well. While attestations may provide assurances in the short term, ultimately adequate privacy testing regimes will be required to demonstrate the integrity of the solutions.

References

[Alqassam 2014] I.Alqassem, et.al., “A taxonomy of security and privacy requirements for the Internet of Things (IoT).” 2014 IEEE International Conference on Industrial Engineering and Engineering Management. IEEE, 2014.

[Bansal 2008] G. Bansal, et.al., “The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms for building trust: A multiple-context investigation.” ICIS 2008 Proceedings (2008)

[Bloom 2018] G. Bloom, et al. “Design patterns for the industrial Internet of Things.” 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS). IEEE, 2018.

[Gao 2019] J. Gao, et al., “Towards automated testing of blockchain-based decentralized applications.” Proc. of the 27th Int’l Conf. on Program Comprehension. IEEE, 2019.

[Hadar 2018] I. Hadar, et al. “Privacy by designers: software developers’ privacy mindset.” Empirical Software Engineering 23.1 (2018): 259-289.

[Muntes-Molero 2019] V. Muntés-Mulero, et al. “Model-driven Evidence-based Privacy Risk Control in Trustworthy Smart IoT Systems.” (2019).

[Pape 2018] Pape, Sebastian, and Kai Rannenberg. “Applying Privacy Patterns to the Internet of Things’(IoT) Architecture.” Mobile Networks and Applications 24.3 (2019): 925-933.

[Pontes 2018] P. Pontes, et. al., “Test patterns for IoT.” Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation. ACM, 2018.

[Probst 2012] W. Probst, et al. “Privacy penetration testing: How to establish trust in your cloud provider.” European Data Protection: In Good Health?. Springer, Dordrecht, 2012. 251-265.

[Washizaki 2019] H. Washizaki, et al. “Landscape of IoT Patterns.” arXiv preprint arXiv:1902.09718 (2019).

[Wirth 2018] C. Wirth, et. al., “Privacy by blockchain design: a blockchain-enabled GDPR-compliant approach for handling personal data.” Proceedings of 1st ERCIM Blockchain Workshop 2018. European Society for Socially Embedded Technologies (EUSSET), 2018.

[Xu 2018] Xu, Xiwei, et al. “A pattern collection for blockchain-based applications.” Proceedings of the 23rd European Conference on Pattern Languages of Programs. ACM, 2018.

Posted on Saturday, October 19, 2019

Privacy Threat and Data Ownership Models in IoT Blockchains

More concise privacy threat models are emerging as awareness grows that privacy concepts expect beyond the scope of traditional security threat models. The Data Controller role has received more interest after GDPR but rarely appears in IoT blockchain architectures. To resolve human privacy concerns requires establishing trust in both the IoT systems and in the entities operating them. Legal innovations (e.g., BBLLCs) enable the possibility of new entities that may help manage privacy threats. Technology innovations (e.g., SMC) enable new privacy patterns by changing the data flow requirements to bring the computation to the data, rather than the reverse.

Privacy Threat Models

Developers often use the vocabulary of data security to approach privacy challenges, and this vocabulary limits their perceptions of privacy mainly to third-party threats coming from outside of the organization [Hadar 2018]. Security by design has achieved wider adoption through the use of methodologies based around threat modeling to build common design patterns around data flows in system architectures. [Deng 2011] applies this approach to privacy threat modelling, distinguishing between hard privacy (based on data minimization) and soft privacy (based on trust in the operations of some external data controller), and identifying a number of privacy properties (unlinkability, anonymity, pseudonymity, plausible deniability, undetectability / unobservability, confidentiality, content awareness, policy and consent compliance). [Muntes-Molero 2019] provides a mapping of the connection between security threat models (STRIDE) and Privacy threat models (LINDDUN).

[Feng 2018] identifies blockchain privacy requirements as only either (1) identity privacy or (2) transaction privacy, and also identifies several attacks for deanonymization of identities in blockchain systems are known including: network analysis, address clustering, transaction fingerprinting, Denial of Service attacks against anonymizing networks, Sybil attacks against the P2P network reputation system. Transaction privacy can also be threatened by transaction pattern exposure through, for example, transaction graph analysis. Identity preservation methods mixing services (which obfuscate transaction relationships with other traffic), ring signatures (which obfuscate the real signer amongst a group of signatories), and non-interactive zero-knowledge proofs (which prove a given statement without leaking additional information). Transaction privacy-preserving mechanisms identified include non-interactive zero-knowledge proofs, and homomorphic cryptosystems (which preserve arithmetic operations carried out on ciphertexts).

The privacy threat models, and traditional IoT architectures, generally assume a data flow pattern where data moves and aggregates for centralized analysis by some other party. IoT blockchains supporting SMC offer a potential alternative architecture of moving the computation rather than the data – exposing only the result of the computation rather than the original private data. This would enable the computations to be trusted rather than some other party. This would also limit the secondary use threat to privacy from Solove’s taxonomy when the data is transferred directly, which otherwise does not seem to be addressed effectively in the privacy principles, or threat models.

Data Controller Entities and business models

Ownership provides a legal basis for data controllers to exercise control over “their” data. In the context of cross border data flows, [Unctad 2019] considered four data ownership policies as options for capturing value for data: personal data markets, data trusts (between members of a group, or digital platform), collective data ownership (nationalization as a public resource), and digital data commons (placing data in the public domain). Assertions of collective ownership or digital commons likely require changes in public policy. While individuals could theoretically build their own IoT systems to control their own data, this is not a scalable approach for IoT deployments as not everyone has the skills, capital or motivation, and the lack of uniformity in approach would reduce the aggregate value. If the data collected has commercial value, then some entity is likely to be claiming ownership of that data. For most IoT architectures this entity is not the humans that may be subjects of IoT surveillance. Many existing IoT architectures require people to trade otherwise private data about themselves for access to some monitoring service. The role of a data controller was identified in [OECD 1980] and reinforced with the GDPR; data controllers have not typically been an element in IoT architectures. A data controller may typically be a data owner, but this is not required – it could be operating under some contract or other license arrangements.

Hence humans subject to surveillance by services based on IoT architectures must trust the entity operating those services for any privacy assurances. For commercial entities operating a service based on IoT, there most likely is terms and conditions (T&C) agreement between the IoT operator and the user. Ideally, this would include some attestations or promises regarding the user’s privacy (e.g. not to resell the data to others for secondary uses). It is difficult for the user to detect violations of such privacy attestations. Other data controllers may collect IoT data implicating privacy without T&C agreements in place. Regulations, such as GDPR, may still apply in such cases. In the event of a change of control at the entity operating the IoT service (e.g., a bankruptcy), the data within its control could be repurposed without notice to the user.

Blockchain technology offers a new entity for consideration as the data controller: an IOT blockchain could be structured as a DAO and incorporated as a BBLLC [Vermont 2018]. In this case, the user would have to trust the BBLLC (and its developers) rather than a commercial platform operator. The BBLLC replaces the human with a computational machine as the data controller. The data controls could be implemented with smart contracts. The smart contracts could be publicly inspectable to build trust in the logic. Several blockchains and smart contracts are already inspectable as open source. The BBLLC could also have preplanned smart contracts for the data to be returned or destroyed in the event of foreseeable disruptions of the BBLLC (e.g., forking, dissolution). While blockchains and smart contracts hold a lot of promise, current implementations do not exhibit all these features, and it may take some time for a consensus to emerge on the detailed scope of the features required in IoT blockchains to support the full scope of privacy threats.

References

[Deng 2011] M. Deng, et al. “A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements.” Requirements Engineering 16.1 (2011): 3-32.

[Feng 2018] Feng, Qi, et al. “A survey on privacy protection in blockchain system.” Journal of Network and Computer Applications (2018).

[Hadar 2018] I. Hadar, et al. “Privacy by designers: software developers’ privacy mindset.” Empirical Software Engineering 23.1 (2018): 259-289.

[Muntes-Molero 2019] V. Muntés-Mulero, et al. “Model-driven Evidence-based Privacy Risk Control in Trustworthy Smart IoT Systems.” (2019).

[OECD 1980] OECD, “Guidelines governing the protection of privacy and transborder flows of personal data” Annex to the recommendation of the council 23^rd Sept.1980

[UNCTAD 2019] UNCTAD, “Digital Economy Report 2019: Value Creation and capture: implications for developing countries” Sept. 2019.

[Vermont 2018] Vermont S.269 (Act 205) 2018 §4171-74

Posted on Saturday, October 19, 2019

Framing the Privacy Challenge for IoT Blockchains

Legal principles and regulations are generally concerned with the technology-independent classification of events. Privacy principles have been proposed as a step beyond legal classifications of privacy violations, but these still remain difficult for many IoT blockchain developers to apply. Privacy Impact Assessments (PIAs) have also been proposed to expose privacy issues, but these have not been widely adopted.

Privacy Principles and Frameworks for IoT Blockchains

Principles have been proposed as implementation and operation guidance on privacy. The OECD guidelines [OECD 1980], are perhaps the most widely known privacy principles. These eight principles, intended for nations to apply to trans-border data flows, are: (1) collection limitation principle, (2) data quality principle, (3) purpose specification principle, (4) use limitation principle, (5) security safeguards principle, (6) openness principle, (7) individual participation principle, and (8) accountability principle. More recently the GDPR has endorsed Privacy by Design (PbD). PbD [Cavoukian 2010] builds on seven foundational principles: (1) proactive not reactive; (2) privacy as the default; (3) privacy embedded in the design; (4) full functionality- positive-sum, not zero-sum; (5) end-to-end life cycle protection; (6) visibility and transparency; (7) respect for user privacy. While OECD principles apply in the context of nations managing data flows, PbD principles are intended in the context of IT systems; as such these two sets of principles are complementary.

While the privacy principles are helpful in moving beyond classifying privacy violations they are not necessarily easily applicable to specific architectural contexts (e.g. IoT blockchains), or software development methodologies [Omoronyia 2019], [Perera 2019], and further refinement may be required for practical adoption. Principles present too abstract a framework to inform design; and are often applied after many critical design decisions have been made in defining the business opportunity. [Edwards 2016]. Both the OECD principles and the Policy by design principles provide a step forward from Solove’s privacy threat taxonomy to provide guidance to the developers and operators of information systems. There is no simple mapping between the privacy threat taxonomy and the privacy policies to validate their completeness. The privacy threat taxonomy provides a static view, classifying events after they have happened, while the policies are intended to be more proactive and preventative, applying to ongoing operations and data flows.

There is a lack of comprehensive, widely adopted frameworks to address privacy issues for IoT applications [Thorburn 2019] (for example, [Panagiotou 2018] only considers some cryptography aspects, [Cha 2018] focused only on informed consent). For privacy engineering, the availability and usage of standards, analysis methodologies, and software tools are relatively weaker than for safety and security, reflecting the fact that privacy engineering is an emerging concern for practitioners [Shan 2019]. If detailed technical standards existed, they could provide a framework for IoT Blockchain developers to work from. [ISO 2009] defines information security in terms of preservation of confidentiality, integrity, and availability of information, but notes that other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved, but other principles like privacy and non-repudiation don’t fit cleanly into this famous triad. [ISO 2011] added a privacy framework, [ISO 2014] added a code of practice for handling Personally Identifiable Information, [ISO 2017] added guidelines for privacy impact assessments and [ISO 2019] provided guidelines and requirements for privacy information management. While providing some guidance, these ISO standards are neither complete nor customized for an IoT blockchain architectural context. There are a number of more specific IoT standards [Miloslavskaya 2019], but they do not address privacy in detail. [NIST 2019] starts to separate IoT privacy concerns from other security concerns; but, does not provide detailed guidance. Blockchain standards, today, seem to be evolving in open source (see e.g., Ethereum RFCs) at the level of APIs, but do not provide a larger view of the privacy impacts. ISO TC/307 is still developing formal specifications on blockchain technologies. While more comprehensive standards may exist in the future, the standards available at present do not provide a comprehensive framework for privacy in IoT blockchains.

IoT Blockchain is by its nature a distributed architecture; this implies that privacy threats can attack multiple points (in motion and at rest) within the architecture. Understanding the data flows, becomes a prerequisite to analyzing privacy across the IoT blockchain architecture. Recall the OECD principles were developed in the context of data flows between nations; data flows in IoT blockchains, however, are not technically restricted by national borders. Data flows for business processes are often modelled to capture stakeholder collaboration in business processes supported by technology/ automation. [Pullonen 2019] proposed Privacy Enhanced Business Process Modelling Notation (PE-BPMN) to capture the use of PETs along the flow of private information. Such notations may be helpful in discussing the end-end privacy management processes of IoT blockchain architectures.

Identifying privacy Impacts

When analyzing IoT privacy requirements, it can be challenging to identify what information should be protected, when it should be protected, and to whom access should be granted.

IoT consists of diverse technologies and the integration of these technologies can lead to unknown risks. Not all the data collected by IoT architectures is necessarily implicated by privacy concerns; data related to legal entities (e.g. data about people and their possessions), however, may be implicated. For example, IoT sensor data from personal fitness devices, or personal vehicles may be used to infer a person’s location which they may wish to keep private. [Ni 2017] identifies four categories of privacy relevant IoT data: (1) identity, (2) usage, (3) location, and (4) other miscellaneous data (e.g., user preferences, sensor data). It is not only the data collected by IoT architectures that may be problematic for privacy; privacy threats may arise from the linkages [Madaan 2018] between IoT data streams (ie. the information processing aggregation privacy threats in Solove’s taxonomy).

PIAs have been proposed for information systems generally (see e.g., [ISO 2017]. If required, these are typically developed manually at an early[1] stage of the project to scope and shape the development of the solution architecture. Conducting a PIA remains a complicated and bewildering task, mainly due to the lack of detailed, practical guidance on how to carry out such an assessment. The available guidance is mainly at the level of legal, policy, or academic proposals [Vemou 2018] rather than targeted for software developers of other technologists designing and implementing IoT blockchain systems. Even for the ISO standard in PIAs, there are proposals (e.g., [Vemou 2019] for extensions to make the PIA process more tractable for practitioners, but these are still not specialized for the IoT Blockchain context. There are not many published examples of PIAs for IoT architectures in the literature. The EU at one stage had required the development of PIAs for RFID applications [EU 2011]. [Pribadi 2017] provides an example PIA for a smart health care services IoT.

Developers of IoT blockchains need more detailed guidance on how to apply privacy principles in their context. Privacy frameworks and standards are emerging, but still incomplete. PIAs are not guidance for IoT blockchain developers, rather these are created by the IoT blockchain developers for external audiences to understand the scope of privacy threats, and the mitigations supported within their architectures. While not trivial to implement, PIAs may be actionable by IoT blockchain developers to provide more insight for regulators, and the operators and users of services built on IoT blockchains, about potential exposures to privacy threats.

References

[Cavoukian 2010] A.Cavoukian, “Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph. D.” Identity in the Information Society 3.2 (2010): 247-251.

[Cha 2018] S.Cha, et al. “A user-friendly privacy framework for users to achieve consents with nearby BLE devices.” IEEE Access 6 (2018): 20779-20787.

[EU 2011] European Commission, Privacy and Data Protection Impact Assessment Framework for RFID Applications, 12 January 2011

[Edwards 2016] L. Edwards, et. al., “From privacy impact assessment to social impact assessment.” 2016 IEEE Security and Privacy Workshops (SPW). IEEE, 2016.

[ISO 2009] ISO, “Information technology — Security techniques — Information security management systems — Overview and vocabulary” ISO/IEC 27000:2009

[ISO 2011] ISO, “Information technology — Security techniques — Privacy framework” ISO/IEC 29100:2011

[ISO 2014] ISO, “Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors”, ISO/IEC 27018:2014

[ISO 2017] ISO, “Information technology — Security techniques — Guidelines for privacy impact assessment” ISO/IEC 29134:2017

[ISO 2019] ISO, “Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines” ISO/IEC 27701:2019

[Madaan 2018] N. Madaan, et.al., “Data integration in IoT ecosystem: Information linkage as a privacy threat.” Computer law & security review 34.1 (2018): 125-133.

[Miloslavskaya 2019] N. Miloslavskaya, et al. “Standardization Issues for the Internet of Things.” World Conference on Information Systems and Technologies. Springer, Cham, 2019.

[Ni 2017] Ni, Jianbing, et al. “Securing fog computing for internet of things applications: Challenges and solutions.” IEEE Communications Surveys & Tutorials 20.1 (2017): 601-628.

[NIST 2019] NIST, “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks” NISTIR 8228, June 2019.

[OECD 1980] OECD, “Guidelines governing the protection of privacy and transborder flows of personal data” Annex to the recommendation of the council 23^rd Sept.1980

[Omoronyia 2019] I.Omoronyia, “Why is Baking Privacy into Software Design Hard?.” ITNOW 61.3 (2019): 44-45.

[Panagiotou 2018] P. Panagiotou, et. al.., “Design and Implementation of a Privacy Framework for the Internet of Things (IoT).” 2018 21st Euromicro Conf. on Digital System Design (DSD). IEEE, 2018.

[Perera 2019] C.Perera, et al. “Designing privacy-aware internet of things applications.” Information Sciences (2019).

[Pribadi 2017] I. Pribadi, et. al., “Regulatory recommendations for IoT smart-health care services by using privacy impact assessment (PIA).” 2017 15th Int’l Conf. on Quality in Research (QiR): International Symposium on Electrical and Computer Engineering. IEEE, 2017

[Pullonen 2019] P. Pullonen, et. al., “Privacy-enhanced BPMN: enabling data privacy analysis in business processes models.” Software & Systems Modeling (2019): 1-30.

[Shan 2019] Shan, Lijun, et al. “A Survey on the Applicability of Safety, Security and Privacy Standards in Developing Dependable Systems.” International Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2019.

[Thorburn 2019] R. Thorburn, et. al., “Towards an integrated privacy protection framework for IoT: contextualising regulatory requirements with industry best practices.” (2019)

[Vemou 2018] K. Vemou, et. al., “An Evaluation Framework for Privacy Impact Assessment Methods.” (2018).

[Vemou 2019] K. Vemou, et.al., “Evaluating privacy impact assessment methods: guidelines and best practice.” Information & Computer Security (2019).

[1] See e.g., https://www.oaic.gov.au/privacy/guidance-and-advice/guide-to-undertaking-privacy-impact-assessments/

Posted on Saturday, October 19, 2019

Tools for Measurable Progress in IoT Blockchain Privacy Capabilities

Much of the existing IoT Blockchain literature considering privacy is ad hoc and not comprehensive in scope [Yan 2014]. Integrating blockchains into IoT architectures can provide additional security-related features, but simply integrating IoT and blockchain without a more comprehensive approach does not assure privacy. A number of useful Privacy Enhancing Techniques (PETs) have been identified, but without a comprehensive, systematic approach the resulting IoT architecture would remain subject to various privacy threats. While some progress has been made in quantifying privacy, end to end privacy metrics for consumers to evaluate services based on IoT blockchain offerings have not been defined. PETs provide a toolkit enabling IoT blockchain architects to improve privacy in specific dimensions. Technical privacy metrics enable measurements of the improvements in privacy in that specific dimension. Individual PETs do not address the scope of privacy threats, and so care must be taken in designing the IoT blockchain architecture to select a set of PETs that address the scope of threats expected. Methods to aggregate privacy metrics to provide adequate comparisons between IoT blockchain architectures on an end to end basis across the scope of privacy threats remain are needed.

Privacy Enhancing Technologies

[Sen 2018] separates the fundamental concerns of IoT privacy compare to security and then identified and grouped previous IoT PETs into classes: anonymity; working with data; access control and users’ requests; awareness; policy and laws. [Hassan 2019] identified the basic privacy preservation strategies in blockchain-based IoT systems as anonymization, encryption, private contract, mixing and differential privacy. In the context of smart cities, [Curzon 2019] identified 28 PETs: association rule protection, attribute-based credentials, blockchain, encryption, homomorphic encryption, generalization, coding, hashing, micro-aggregation, k-anonymity, J-diversity, t-closeness, mix networks, oblivious transfer, blind signatures, secure multiparty computation (SMC), zero-knowledge proofs, onion routing, private data warehouse queries, private information retrieval, sampling, substitution, masking, nulling out, shuffling, variance, synthetic data and differential privacy. [Yan 2014] –identifies and categorizes a number of PETs from a trust perspective: identity trust and privacy preservation, transmission and communication trust, SMC (privacy-preserving database query, privacy-preserving scientific computations, privacy-preserving intrusion detection, privacy-preserving data mining). [Heurix 2015] proposes a different taxonomy for PETs, classifying them based on the scenario, aspect, aim, foundation, data, trusted third party, and reversibility. While [Yan 2014], [Curzon 2019], and [Heurix 2015] provide views of the PET toolkit that moved beyond notions of privacy as confidentiality, none of them mapped the scope of the PETs they considered against the breadth of privacy threats considered in Solove’s taxonomy. The challenge for IoT architects lies in selecting the appropriate PETs. Technical privacy metrics can provide an indication of privacy improvement, but these are often very specific to the PET and may not be easy to compare across different techniques. The challenge for users lies in understanding the scope of privacy threats that are protected against by the whole IoT architecture – IoT blockchain architectures emphasizing the inclusion of a specific PET, may give the impression that privacy has been protected, when the scope of the PET is narrower than the range of privacy threats.

Privacy Measurement

What can’t be measured, can’t be controlled or improved. [Wagner 2018] provided a systematic survey, identifying more than 80 technical privacy metrics from the literature and classifying them based on the adversary model assumptions, data sources, metric inputs, and metric outputs. These metrics were identified from PETs used in six domains – communication systems, databases, location-based services, smart metering, social networks and genome privacy; many of these dimensions are associated with IoT blockchain applications. The adversary model assumptions were broken into adversary capabilities and adversary goals; the adversary goal was assumed to be compromise of the users’ privacy by learning sensitive information, but this only addresses a portion of the privacy threats scope. The data sources to be protected were categorized as published data, observable data, repurposed data and all other data. IoT blockchain architectures may include data from all four categories. The inputs to calculate the privacy metrics were classified as configuration parameters (e.g., threshold values), prior knowledge (e.g., statistical averages on some population), the estimate of the adversary’s resources, the adversary’s estimate of the true data and the true data itself. The value of metrics based on largely estimated inputs may be questionable. The outputs calculated by the metric were classified as uncertainty, information gain or loss, data similarity, indistinguishability, adversary’s success probability, error, time, or accuracy/precision. With so many metrics to choose from [Wagner 2018] proposes a set of nine questions to select suitable metrics based on the output measured required, adversary characteristics expected, data sources identified for protection, input data available, target audience for the metric, availability of related work (e.g., metrics from a different domain), quality of the metric, metric implementation aspects, and metric parameter considerations.

One important use for privacy metrics would be in comparing alternative IoT blockchain architecture proposals. If the metric inputs are driven by estimates, it would be helpful to have common estimates to enable comparisons across the architectures. Industry-standard benchmarks for the thresholds used in configuring privacy metrics would also help improve comparability in privacy measurements. Similarly, it would be useful to develop some consensus around which of the output metrics are most appropriate for architecture comparisons in the context of IoT blockchains.[Wagner 2018] provides a significant step forward to help IoT blockchain architects select the appropriate PETs from the available toolkit, but more remains to be done to enable effective comparisons of the privacy performance of IoT blockchain architecture proposals.

While valuable within their application niches, most of these technical privacy metrics on PETs don’t address the breadth of IoT privacy concerns from a consumer perspective. Solove’s taxonomy provides a broader perspective; this taxonomy, however, is at a very high level and, like privacy principles, may be difficult to apply in the context of IoT architectures. In [Gemalto 2018] 62% of consumers have increased concerns over privacy as a result of increasing IoT. While 95% of consumers through security was important, lack of privacy was the biggest fear identified. “Silent Authentication” (where a human is authenticated by multiple passive IoT systems) was seen as key feature enabling personalization in smart environments with pervasive IoT. Passive silent authentication clearly implicates several notions of privacy. Given the level of consumer concern, and the emergence of features implicating privacy, there is a need for better privacy metrics for use at the consumer level. One approach could be to construct a privacy metric using a reasonably comprehensive list of privacy threats that have been addressed/assured in the design of the IoT blockchain architecture. Consumers of IoT blockchain services could then look for attestation by the designers or operators regarding the scope of privacy assertions available.

References

[Curzon 2019] J. Curzon, et. al., “A survey of privacy enhancing technologies for smart cities.” Pervasive and Mobile Computing (2019).

[Gemalto 2018] Gemalto, “IoT Connected Living 2030”

[Hassan 2019] M. Hassan, et. al., “Privacy preservation in blockchain based IoT systems: Integration issues, prospects, challenges, and future research directions.” Future Generation Computer Systems 97 (2019): 512-529.

[Heurix 2015] J.Heurix, et al. “A taxonomy for privacy enhancing technologies.” Computers & Security 53 (2015): 1-17.

[Sen 2018] A. Sen, et al., “Preserving privacy in internet of things: a survey.” International Journal of Information Technology 10.2 (2018): 189-200.

[Wagner 2018] I. Wagner, et. al., “Technical privacy metrics: a systematic survey.” ACM Computing Surveys (CSUR) 51.3 (2018): 57.

[Yan 2014] Yan, Zheng, Peng Zhang, and Athanasios V. Vasilakos. “A survey on trust management for Internet of Things.” Journal of network and computer applications 42 (2014): 120-134.