Posted on Thursday, October 10, 2019

Why IoT architectures are adopting blockchains

“Things” have been around much longer than the Internet or Blockchain. The term “Internet of Things”, however, seems to have emerged around 1999 [1], [2], and gained more widespread recognition with the 2005 ITU report [3] (which seemed largely concerned with RFID technologies). In 2010, the IoT application domains included transportation and logistics, healthcare, smart environments, personal and social, and robot taxis, smart cities, and virtual reality were considered “futuristic”; while data authentication, data integrity, privacy, and data forgetting were considered open research issues [4]. IoT was added to the 2011 Gartner Hype Cycle, and hit the peak of inflated expectations in 2014, based on embedded sensors, image recognition, and near-field payment technologies. Early standardization efforts on IoT were primarily focused on optimized communication technologies (e.g. [5]). Google Glass was released in 2013 triggering popular interest in Augmented Reality and Virtual Reality, and Amazon released the Echo voice assistant in 2014. Around this time trust management aspects of IoT started to receive more attention [6] as did the intersection between IoT and social networks [7]. IoT Architectures in 2015 were mainly layer-oriented, separating sensing/ perception from communication and (centralized) processing [8], and security threats were also categorized by these layers[9]. By 2016, IoT device deployments we sufficiently large to form an attractive target for malware attacks (e.g., Mirai malware) and Blockchain started to come into the IoT conversation [10]. Blockchain capabilities like immutability, transparency, auditability, data encryption, and operational resilience have been proposed to solve many architectural shortcomings of early IoT systems [11].

IoT architectures seem to be adopting blockchains to leverage advantages from decentralization, security/ trust models and enablement of new business models providing greater user control of the IoT data [12], [13]. Centralized IoT architectures have enabled users to surrender their data to others in exchange for IoT services; blockchain technologies enable more nuanced controls on data usage and offer possibilities of commercial microtransactions thus enabling new business models. Existing IoT business models have been analyzed across multiple dimensions (e.g. [14]), but the impact of additional blockchain capabilities was not considered. With blockchains’ roots in cryptocurrencies, they can also be used to facilitate microtransactions and other trading activities in the IoT applications (e.g., smart-grid energy trading & settlement [15]). IoT architectures relying on centralized servers are vulnerable to failures and Denial of service attacks on a single point. IoT architectures are characterized by massive quantities of nodes, with the law of large numbers ensuring that some portion of the nodes is impacted by limited or intermittent connectivity, power or other faults. Blockchains based on redundant peer-peer infrastructure provide some degree of resiliency in the face of failure. Centralized IoT architectures rely on trusting a third party to handle the data, and typically do not support assurances against the life cycle of data integrity (e.g. data tampering, deletion or provenance). Blockchains can provide some assurances regarding data integrity, and blockchain consensus mechanisms can provide assurances of data provenance even amongst untrusting parties, and by distributing data over a peer-peer network provide alternate mechanisms for establishing trust in the IoT ecosystem [16]. Historically, centralized IoT architectures have provided users with only limited knowledge or control over how their data may be used and by whom. Blockchains and smart contracts can provide constraints on operations permitted on the data in the blockchain. Massive IoT deployments in centralized architectures imply substantial costs for centralized infrastructure support; in contrast, distributed peer-peer blockchain IoT architectures have no centralized servers. An IoT ecosystem has numerous vulnerabilities concerning confidentiality, privacy, and data integrity. With its cryptographic characteristics, blockchain can help in addressing security requirements in IoT [17] ([18] provides a SWOT analysis of blockchain as a mechanism to improve the security of IoTs). [19] proposed a blockchain architecture for IoT for improved privacy by distributing the data and placing it under the control of the user. [20] proposed a design for the tamper-resistant gathering, processing, and exchange of IoT sensor data (car mileage) that was intended to be scalable, efficient, and privacy-preserving. [21] prototyped a blockchain IoT leveraging the immutability properties of blockchains to preserve evidence for use in law enforcement and insurance cases. Whether viewed from the perspective of adding blockchain features to IoT, or including IoT data flows in blockchains, the integration trend of these technologies is expected to continue.

The IoT encompasses a broad range of sensors, systems, and services that tend to be optimized for (or fragmented into) specific applications. [22] provides an overview of the scope of IoT across the perspectives of multiple taxonomies to identify the main dimensions used to characterize IoT systems. Most of the literature focused on the IoT “things”, their communication patterns and to a lesser extent, the data made available by the IoT system; complete treatments of all the potential elements of IoT systems or all the quality dimensions of IoT systems have typically not been provided. Given the breadth of IoT, not every IoT deployment requires a blockchain – IoT applications with multiple independent, interacting entities that do not have a shared trusted authority are more suitable for blockchains [23]. The scale, connectivity and transaction patterns of IoT architectures are not the same as cryptocurrency applications that blockchains were initially deployed in. Blockchains designed for other purposes may not have the inherent characteristics required for IoT [24]. IoT devices are typically resource-constrained (e.g. RFIDs have no computational elements), and blockchains involve computation heavy cryptographic functions; blockchains have, however, been demonstrated in the context resource-limited computing nodes such as the Raspberry Pi [25]. Blockchain also appears to be adopting IoT as a key use case, with increasing numbers of publications focused on the topic [26]. While blockchains and smart contracts can provide interesting features to IoT architectures, they may need optimization for the IoT context, and don’t necessarily address all of the emerging IoT requirements in areas such as privacy. With billions of IoT devices already deployed, existing IoT architectures may need to be adapted to support blockchain capabilities. Developers of new IoT architectures should consider whether to include blockchain capabilities. While new blockchain technologies optimized for IoT are emerging, existing blockchain deployments may also need to consider the impacts of IoT data flows on their infrastructure (e.g., address space consumption, transaction performance, etc.). Smart contracts may provide a path to ease the integration of IoT data on blockchains while enabling new capabilities (e.g. control loops or transactions triggered by IoT sensor data).

If you are looking for a book that provides a detailed overview of the legal implications of blockchain technology and smart contracts, then “Blockchains, Smart Contracts, and the Law” is the perfect choice for you. This book is written clearly and concisely, making it easy to understand even for those who are new to the topic.

References

[1] K. Ashton, “That ‘Internet of Things’ Thing”, RFID Journal, June 2009

[2] N. Gershenfeld, “When things start to think”, Henry Holt & Co, 1999. ISBN 0805058745

[3] ITU “ITU Internet Reports 2005” The Internet of Things”, 2005

[4] L. Atzori, et. al., “The internet of things: A survey.” Computer networks 54.15 (2010): 2787-2805.

[5] I. Ishaq, et. al., “IETF standardization in the field of the internet of things (IoT): a survey.” Journal of Sensor and Actuator Networks 2.2 (2013): 235-287.

[6] Z. Yan, et. al., “A survey on trust management for Internet of Things.” Journal of network and computer applications 42 (2014): 120-134.

[7] A. Ortiz, et. al., “The cluster between internet of things and social networks: Review and research challenges.” IEEE Internet of Things Journal 1.3 (2014): 206-215.

[8] S. Madakam, et. al., “Internet of Things (IoT): A literature review.” Journal of Computer and Communications 3.05 (2015): 164.

[9] E. Leloglu, “A review of security concerns in Internet of Things.” Journal of Computer and Communications 5.1 (2016): 121-136.

[10] M. Conoscenti, et. al., “Blockchain for the Internet of Things: A systematic literature review.” 2016 IEEE/ACS 13th Int’l Conf. of Computer Systems and Applications (AICCSA). IEEE, 2016.

[11] A. Panarello, et. al., “Blockchain and iot integration: A systematic survey.” Sensors 18.8 (2018): 2575.

[12] M. Ali, et. al. “Applications of blockchains in the Internet of Things: A comprehensive survey.” IEEE Communications Surveys & Tutorials 21.2 (2018): 1676-1717.

[13] R. Thakore, et al. “Blockchain-based IoT: A Survey.” Procedia Computer Science 155 (2019): 704-709.

[14] D. Hodapp, et. al., “Business Models for Internet of Things Platforms: Empirical Development of a Taxonomy and Archetypes.” AIS: 14th Int’l Conf. on Wirtschaftsinformatik, Feb. 24-27, 2019, Siegen, Germany

[15] M. Andoni, et. al., “Blockchain technology in the energy sector: A systematic review of challenges and opportunities.” Renewable and Sustainable Energy Reviews 100 (2019): 143-174.

[16] B. Yu, et. al. “IoTChain: Establishing trust in the internet of things ecosystem using blockchain.” IEEE Cloud Computing5.4 (2018): 12-23.

[17] M. Khan, et.al., “IoT security: Review, blockchain solutions, and open challenges.” Future Generation Computer Systems 82 (2018): 395-411.

[18] S. Moin, et. al. “Securing IoTs in distributed blockchain: Analysis, requirements and open issues.” Future Generation Computer Systems 100 (2019): 325-343.

[19] M. Ali, et.al., “IoT data privacy via blockchains and IPFS.” Proceedings of the Seventh International Conference on the Internet of Things. ACM, 2017.

[20] M. Chanson, et al. ,”Blockchain for the IoT: privacy-preserving protection of sensor data.” Journal of the Association for Information Systems 20.9 (2019): 10.

[21] D. Billard, et. al., “Digital Forensics and Privacy-by-Design: Example in a Blockchain-Based Dynamic Navigation System.” Annual Privacy Forum. Springer, Cham, 2019.

[22] F. Alkhabbas, et. al., “Characterizing Internet of Things Systems through Taxonomies: A Systematic Mapping Study.” Internet of Things7 (2019): 100084.

[23] N. El Ioini, et.al., “A decision framework for blockchain platforms for IoT and edge computing.” SCITEPRESS, 2018.

[24] R. Han, et.al., “Evaluating blockchains for iot.” 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS). IEEE, 2018.

[25] A. Reyna, et. al., “On blockchain and its integration with IoT. Challenges and opportunities.” Future Generation Computer Systems 88 (2018): 173-190.

[26] A. Firdaus, et al., “The rise of “blockchain”: bibliometric analysis of blockchain study.” Scientometrics 120.3 (2019): 1289-1331.

Posted on Saturday, September 28, 2019

Healthcare Blockchains & Smart Contracts: Technical and Legal Challenges

Blockchains and related concepts like smart contracts and digital autonomous organizations (DAOs) have emerged from the computer networking and cryptography techniques popularized by cryptocurrencies like bitcoin. With bitcoin having some degree of commercial operational success, a number of folks have been keen to apply these technologies in other fields. One approach to valuation for the impact of technologies is to consider the size of the addressable market. With cryptocurrencies, the potentially addressable market is very large – almost everyone on the planet uses money in some form these days. Many other blockchain applications[1] (e.g. supply chain provenance) address narrower industrial rather than consumer markets. Healthcare blockchain applications may be one area with a large potentially addressable market (who doesn’t have health to worry about?) depending on the specific use case.

A variety of healthcare applications have been proposed [2] including drug counterfeiting prevention, clinical trial, public healthcare management, longitudinal healthcare records, automated health claims adjudication, online patient access, sharing patients’ medical data, user-oriented medical research, precision medicine, and, smart contracts to improve the credibility of medical research. In some cases, these are moving beyond proposals into implementations based on open-source code bases such as Ethereum or Hyperledger. The designers of healthcare information systems may have a number of different requirements associated with the systems they are designing, and the criteria for applying blockchain are not always clear. Healthcare applications must balance patient care with information privacy, access, completeness, and cost. Rationales proposed for using blockchains in healthcare applications include: access control, non-repudiation, data versioning, logging, data provenance, data auditing, and data integrity, which is quite far from the double-spending problem solved by Nakamoto in his famous whitepaper. The data stored in and the actors operating on a healthcare blockchain also seem quite different from the actors and transactions of cryptocurrency blockchains.

Many of the healthcare application proposals do not address mass markets. Assuring drug provenance, for example, is an important social good given impetus with the DSCSA legislation in the USA. This, however, addresses and industrial market – the pharmaceutical supply chain, and while mass-market consumers benefit from this advancement, they do not directly interact with the blockchain in this use case. Use cases around medical records and adjudication of healthcare claims have a greater potential for impacting mass-market consumers. Work remains, however, to crystalize use cases that are viable – not just from a technological perspective, but also from commercial and legal perspectives as well as from the perspectives of the various actors in health care delivery.

Technology issues can be seen as risks impeding design and deployment of healthcare blockchains. There is not one blockchain but a variety of implementations with different characteristics (even the original bitcoin has forked). With multiple (and uncertain) use cases and fragmented or customized technology approaches, it is only possible to talk of the technology and legal challenges in general terms. Identified[3] technology challenges to the development of healthcare blockchains include interoperability, security and privacy, scalability, speed, and patient engagement. Interoperability, scalability, and speed are characteristics of the software implementation of healthcare applications on the blockchain. The degree of patient engagement can be significantly impacted by the not just the implementation and trust issues, but also the usability of the system and the overall user experience with the healthcare blockchain. Security, privacy and trust issues reflect concerns about not just the implementation, but the processes for assuring the users can trust the blockchain and its associated software, as well as the organizational and legal context. Because of the use of blockchain technology in the financial industry, and the associated loss risks, the security of blockchains and related smart contracts have received significant attention. Financial losses can often be addressed through other means (e.g. insurance); privacy losses (e.g., disclosed medical records) may be harder to detect and redress.

Legal issues often arise with the introduction of new technologies. Where the use cases involve sophisticated commercial entities and complement existing industry transactions, the legal issues can often be resolved with private law e.g. contracts between the parties. How existing regulations are applicable would depend on the specific industry and the use case. Where the use case involves mass-market consumers (generally assumed to not be sophisticated parties), public laws and regulations are more likely to be applicable, protective of the consumer, and were written prior to the possibilities of the new technology being envisioned. There are very few public laws explicitly mentioning blockchain, though there has been some incremental progress at the State level in the USA, most of this is targeted as fintech applications of blockchains. In this environment, the legal uncertainty often reduces to assessing how the technology use case would be classified under the existing regulations. DAOs are rather novel as legal entities, but such entities may prove useful to meet the privacy requirements of consumer-oriented healthcare blockchains. While DAOs may fit within some states’ LLC enabling legislation, additional legislative initiatives may be required for DAOs to be deployed more widely.

Smart contracts provide a computational mechanism built on top of a blockchain. These have a number of applications from enforcing legal requirements for transactions to implementing business process workflows. With industrial use cases, sophisticated parties may negotiate the smart contract before implementing it. With consumer use cases, the smart contract would more likely be an adhesion contract that the consumer would not be able to negotiate. Of particular concern with smart contracts is the source of data to trigger smart contract decisions. Oracles for financial data feeds are emerging, but medical data oracles are less widely available. Smart contracts have been proposed for dispute resolution in a manner similar to arbitration, but this has not yet received large scale adoption.

Open source blockchains like ethereum and hyperledger enable easier technology exploration. Building on these with privacy enhancement technologies like zero-knowledge proofs and privacy-preserving computation will help address the technical challenges in privacy that healthcare blockchain use cases bring. The development of standards[4] to build industry consensus around the terminology and fundamental technical choices to be made will help reduce the fragmentation in the technology. The IEEE 2418.6 healthcare standards project can help, but will take some time to address all the use cases. Specific use case development to define the service requirements from the user point of view would also be very helpful. Automation of existing use cases may be more easily tractable; given increasing concerns for privacy, however, new paradigms to empower people to control their data footprint in cyberspace are emerging. Placing patients in control of their data and having others query for it would be a significant change from existing practices. For industrial markets, existing standards bodies may be well-positioned to develop these use cases. For consumer use cases these may emerge through private enterprise, or through discussion in more public forums (e.g., regulatory hearings, NGO activities etc.).

For a more detailed treatment of this topic refer to my paper presented at the 2019 ITU Kaleidoscope academic conference “ICT for Health: Networks, standards and innovation”.

[1] See e.g., F.Casino, et. al., “A Systematic literature review of blockchain based applications: Current Status, classification and open issues” Telematics and Informatics, vol. 36, pp 55-81, (2019).

[2] See e.g., S.Agraal, et. al, “Blockchain Technology: applications in Healthcare”, Circulation: Cardiovascular Quality and Outcomes 10.9 (2017)

[3] See, e.g., C. Agbo, et. al., “Blockchain Technology in Healthcare: A Systematic Review”, Healthcare, vol.7, no.56, (2019)

[4] See e.g., the work of ISO TC 307, IEEE, ITU

Posted on Friday, September 27, 2019

Blockchain and Smart Contract Trends

Blockchain and Smart contracts have evolved out of the technology underlying and popularized by bitcoin. So how widespread are these concepts? Have they reached the public awareness or are these merely niche technologies? Google Trends provides one perspective based on search queries which shows much greater search interest and therefore awareness of “Bitcoin” than “Blockchain” or “Smart Contracts”. It may also reflect the maturity and scale of bitcoin commercial offerings with multiple cryptocurrency exchanges in operation globally. In contrast, Blockchains and Smart Contracts appear to be at an earlier stage of development and commercialization as well as being targeted towards markets that are less mass market and more niche industrial applications (e.g. tracking supply chain provenance for pharmaceuticals).

The search terms “Bitcoin”, Blockchain” and “Smart Contract” all have a similar global spread, with peak search volumes coming, perhaps surprisingly, from Africa. Peak search volumes were associated with bitcoin price queries as might be expected. The results for “Smart Contract” also indicated related queries associated with mobile phones. This may reflect some different interpretations of the phrase (e.g. advertising for mobile phone subscription contracts) or perhaps an interest in access to bitcoins and blockchain smart contracts through wallets on mobile devices.

The Gartner Hype Cycle for Emerging technologies provides a perspective on perceived technology maturity. Newly emerging technologies are posited to go through stages from being an “innovation trigger” to the “Peak of Inflated Expectations” then through the “Trough of Disillusionment”, and up the “Slope of Enlightenment” to finally reach a “Plateau of Productivity”. The Gartner Hype Cycle 2016 identified “Blockchain as nearing the “Peak of Inflated Expectations”. The Gartner Hype Cycle 2017 identified “Blockchain” as about to cross between the “Peak of Inflated Expectations” and the “Trough of Disillusionment”. The Gartner Hype Cycle 2018 maintained “Blockchain” as about to cross between the “Peak of Inflated Expectations” and the “Trough of Disillusionment”. It also split out “Blockchain for Data Security” as being in the “Innovation Trigger” stage. The Gartner Hype Cycle 2019 does not list Bitcoin, Blockchain or Smart Contracts, but it does call out “Decentralized Autonomous Organizations” (DAOs) as being in the “Innovation Trigger” stage. DAOs may be considered as LegalTech – prototype legal entities associated with blockchain smart contracts. Gartner’s 2019 Hype Cycle for Blockchain Technologies provides a more detailed perspective. While the more generic term “blockchain” is sliding into the trough, smart contracts, decentralized identities, and consensus mechanisms are at the peak; zero-knowledge proofs, privacy-enhanced multiparty computing, and smart contract oracles are on the rise.

Bitcoin has moved into the mass market vocabulary and seems to be providing some operational utility as a financial asset with many searches for bitcoin prices. Blockchain applications beyond cryptocurrency are often not mass-market applications. Blockchain Loyalty Programs would target mass-market consumer awareness but even these have limitations of scale compared to cryptocurrencies. Industrial applications of blockchains, in supply chains, for example, would not reach consumer awareness to trigger searches.

Posted on Thursday, August 29, 2019

Blockchain Network Topologies

Blockchains are hashed linked data structures replicated over a peer to peer network. In considering blockchain topologies we need to distinguish between the topology of the peer to peer network and the topology of the blockchain data structure.

Peer-Peer networks became prominent with the file-sharing application pioneered by Napster in 1999. File sharing was popular with many consumers sharing music or video files; however, it was much less popular with various copyright holders whose content was being shared without permission, and Napster eventually closed in 2001. File sharing continued with Gnutella, BitTorrent, and, others, though the underlying technology architectures evolved[1]. The node connectivity could be structured or unstructured. The files being shared could be centralized or distributed. Centralized file structures created a point of attack for opponents of file sharing, as did regular structured topologies. Peer – peer applications moved beyond file sharing with communications services like Skype.

The nodes in peer-peer networks are not all completely meshed – each node is connected to a limited (and different!) set of peers. Typically, less than 16 peers are sufficient[2] for the content to propagate through the peer-peer network, though specific performance with obviously be impacted by the processing power and bandwidth available to the nodes, and the content sharing protocols of the particular peer-peer network. In this model, nodes are also not required to be permanently connected – as long as some porting of the network remains active, new nodes can be connected, and the content propagates.

Permissionless blockchain systems rely on an unstructured public P2P network for information dissemination between participating peers. Flooding or gossip protocols are then used for the propagation of the required information to all peers so that the blockchain consensus protocols have the information they need. At design time, the node attachment and communication strategies that impact the topology of the network in operation are fixed. While a complete peer-peer network is not easily observable, these network characteristics are known to adversaries and can be targeted for attacks. The users of these permissionless blockchain networks have requirements[3] for their applications that typically include aspects such as performance, low participation cost, topology hiding, Denial of Service (DoS) resistance and anonymity. The tradeoffs between the implementation choices for these requirements are not well understood, and further work in these areas is expected to help improve the maturity of blockchain solutions.

[1] For a summary of file sharing approaches see, Masood, Saleha, et al. “Comparative Analysis of Peer to Peer Networks.” International Journal of Advanced Networking and Applications 9.4 (2018): 3477-3491

[2] For an example study on BitTorrent performance, see, Bharambe, Ashwin R., Cormac Herley, and Venkata N. Padmanabhan. “Analyzing and improving a BitTorrent network’s performance mechanisms.” Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications. IEEE, 2006.

[3] Neudecker, Till, and Hannes Hartenstein. “Network layer aspects of permissionless blockchains.” IEEE Communications Surveys & Tutorials 21.1 (2018): 838-857.

Posted on Wednesday, August 28, 2019

Pharmaceutical Supply BlockChains

Beyond cryptocurrencies, blockchains have been proposed for applications in a number of different fields[1] including financial, integrity verification, governance, internet of things, health, education, privacy and security, business and industry. Applications may be a good fit for blockchain[2] if multiple stakeholders are contributing; more trust is required between parties than currently exists; there an intermediary that could be removed or omitted to increase trust or efficiency; there is a need for reliable tracking of activity and there is a need for data to be reliable over time. One of the factors not on that is the degree of legal/regulatory headwinds or tailwinds that a new blockchain application would receive. Recall that blockchain applications are inherently distributed multiparty applications where trust is an issue. Such applications will almost always have some industry or market-specific legal/regulatory framework in place for the resolution of issues with existing transactions. While cryptocurrency applications may face some headwinds from existing legal regulatory frameworks (e.g. AML) that predate their invention, other applications may face more neutral or even favorable legal/regulatory environments.

Supply chain applications for blockchain have been proposed[3],[4] for some time, and with good reason – typical supply chains have multiple competitive actors; increased trust may be required for a number of reasons; optimizing supply chains with the addition or removal of actors is an ongoing process for most large enterprises and the needs for tracking and logging are increasing. The scale, structure, and dispersion of supply chains vary by industry and the complexity of the products and services being delivered. The components delivered through supply chains vary from traditional commodity products (e.g. minerals, agricultural products), complex manufactured goods (e.g., aircraft or smartphone components) or even intellectual property (e.g., software, digital assets). While tokens representing commodity products might be fungible, most of the other supply chain applications would seem to lend themselves more to non-fungible tokens. Indeed, for some supply chains, the scaling challenge lies in the large number of non-fungible tokens required e.g. consider the number of components in a modern jet aircraft.

Increased levels of terrorism, trade disruptions, and product diversion or tampering all support the need for increased tracking and logging of the provenance of the goods in the supply chain. Depending on the industry, there may be varying degrees of regulatory/ legal incentives for tracking/ logging provenance. Most industrial supply chains would seem to have a relatively neutral legal/regulatory environments. Even commodity metals may require provenance in some cases – (e.g. Tin, tantalum, tungsten, gold have supply chain laws/regulations in US[5] and EU[6]), but pharmaceutical supply chains have specific incentives to consider mechanisms to track provenance under the Drug Supply Chain Security Act (DSCSA) of 2013 . This outlines steps to build an electronic, interoperable system to identify and trace certain prescription drugs as they are distributed in the United States, and gives the FDA a 10-year timetable to implement the necessary standards and regulations in a phased approach. The FDA had an initial workshop on pilot projects in 2016 and recently extended the pilot project program in 2019. Several of the proposed pilot projects are explicitly based on blockchains or distributed ledger technology including:

Project Leads	Pilot Project Title
IBM/KPMG/Merck/Walmart	DSCSA Blockchain interoperability Pilot
IDLogiq	IDLogiq Next Generation Advanced REAL FIPS-Compliant Cryptographic ID Authentication with Transaction Ledger Powered by Blockchain/Distributed Ledger Technology for Decentralized Heterogeneous Global Network Computing Environment
MediLedger	MediLedger DSCSA Pilot
Rymedi	DSCSA Implementation in Intra and Inter Healthcare System Medicine Transfers
TraceLink	DSCSA Traceability with Distributed Ledgers and Digital Recalls Project Proposal
UCLA Health	UCLA-LedgerDomain: DSCSA Solution Through Blockchain Technology

While the DSCSA legislation and FDA actions to date are not technology-specific, this does provide significant legal/regulatory tailwinds for blockchain-based applications in the pharmaceutical supply chain. The phased approach of the FDA also helps the pharmaceutical industry to mature the blockchain solutions before the final regulations come in place by 2023.

[1] F.Casino, et.al. “A systematic literature review of blockchain-based applications: Current status, classification and open issues,” Telematics and Informatics, vol. 36, pp. 55-81, 2019.

[2] According to – M. Englehardt, “Hitching healthcare to the chain: An introduction to blockchain technology in the healthcare sector.,” Technology Innovation Management Review, vol. 7, no. 10, 2017.

[3] M. Casey, P.Wong, “Global Supply Chains Are About to Get Better, Thanks to Blockchain”, Harvard Business Review, March 13, 2017

[4] T.Felin, K. Lakhani, “What problems will you solve with blockchain?”, MIT Sloan Management Review, Fall 2018

[5] Dodd-Frank Act Section 1502 and SEC implementation rules at 17 CFR 229.

[6] Regulation (EU) 2017/821 of the European Parliament.

Posted on Sunday, August 18, 2019

Blockchain Maturity

Blockchain technologies are seen by many as a key infrastructure component enabling a wide variety of new applications – from Accounting applications like share registries, Biotech blockchains, Cryptocurrencies and down through the rest of the alphabet. While many claims are made for blockchains, the resilience of an infrastructure based on a peer-peer network operating autonomously of centralized actors is seen as key for what seems to be emerging as an infrastructure software layer for many fintech applications, if not the wider Internet. While there are multiple blockchain architectures; beyond the peer-peer infrastructure and the blockchain data structure itself, many blockchains support a distributed applications layer of dApps or Smart contracts executing on the underlying blockchain infrastructure. Blockchain appears poised for wider adoption with open-source implementations available, large scale existing deployments in cryptocurrency mining and large commercial entities reportedly exploring and, in some cases, deploying the technology. But is the technology really mature enough for wide-scale public use?

Adoption of a new technology can be limited by readiness or maturity issues in the operational processes using the new technology, the staff driving those processes, or the development of the blockchain itself. Process maturity is typically measured with a 5-point scale such as:

Initial (not under statistical process control)
Repeatable (the organization has a stable process with repeatable levels of statistical process control and rigorous project management)
Defined (the process is defined for consistent implementation)
Managed (the process is comprehensively measured and analyzed)
Optimizing (the process is continuously improved)

These five levels have been adapted for use in a number of different industries. The blockchain software components (peer-peer network, blockchain data structure, consensus protocols, etc.) could be evaluated on such a scale. In a similar fashion, the operational context (market, regulation, consumer/ operator use-cases, etc.) could also be evaluated. Blockchains are inherently distributed applications (otherwise a centralized database could be used). With distributed applications, multiple actors are involved. Multiple independent human actors add complexity to process evaluations because their individual evaluations of the process maturity may be different, and their understanding of the expected operational use-cases may also differ. While there have been proposals[1] for blockchain maturity models, it is not clear how widely supported they are.

To err is human, and the open-source blockchain developers have demonstrated their humanity in a number of ways[2]. What matters more is the process for resolving those inevitable bugs. One approach to tracking maturity, particularly for open source projects is the core infrastructure initiative (CII) from the Linux Foundation. This provides not just tooling and education, but also a (free) badging program for open source projects to attest to their adherence to industry best practices. CII is not restricted to Linux Foundation projects; but as might perhaps be expected, Hyperledger projects do report on CII; unfortunately, Etherium does not; though there are a number of other blockchain projects that do.

If blockchain systems and technologies are to live up to their promise as future infrastructure, then their maturity needs to be demonstrated. Developers and open source communities have tools like CII to demonstrate the maturity of their software. Users of blockchain software should ask their suppliers for evidence of the maturity of their products. Beyond the software, other aspects (e.g., market and regulatory dimensions) may need industry-specific adaptions of the process maturity scale to evaluate the operability of blockchain proposals in their context.

[1] See e.g., Wang, H., Chen, K. & Xu, D. Financ. Innov. (2016) 2: 12. https://doi.org/10.1186/s40854-016-0031-z

[2] See e.g., Wan, Z., Lo, D., Xia, X., & Cai, L. (2017, May). Bug characteristics in blockchain systems: a large-scale empirical study. In 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR) (pp. 413-424). IEEE.

Blockchain Loyalty: Disrupting loyalty and reinventing marketing using blockchain and cryptocurrencies 2ed by Philip Shelper (Loyalty & Reward Co Pty. Ltd., 2019)

Philip Shelper surveys the intersection of blockchain and customer loyalty programs. Beyond transferring cryptocurrency as a customer reward in place of miles or points, he considers other enterprise loyalty strategies including:

A loyalty program powered by a single token
A loyalty program powered by an existing cryptocurrency
Many loyalty programs powered by multiple new cryptotokens on a single platform
A security token supported by a loyalty program
A loyalty program enhanced by an enterprise blockchain loyalty solution.

The regulations on blockchains and cryptocurrencies are continuing to evolve and may impact loyalty programs based on them. See e.g. Blockchain Loyalty Programs.

Posted on Saturday, August 17, 2019

Blockchain Loyalty Programs

“What gets us into trouble is not what we don’t know. It’s what we know for sure that just ain’t so.”
― Mark Twain

Under current taxation regimes, cryptocurrencies are treated as property by the IRS, which implies a host of existing rules and regulations regarding the reporting and taxation of property transactions. This reporting and tax collection can be manually burdensome and is rarely automated given the current state of the technology. The IRS has recently started increased enforcement actions on cryptocurrency transactions. Blockchain and cryptocurrency enthusiasts have sought to apply some of the underlying technology and concepts in a variety of other ways to avoid these burdens. One proposed use is in customer loyalty programs.

Customer loyalty programs can provide differentiation and sustain competitive advantages, particularly where the switching costs are low[1]. Customer loyalty programs have a long history with applications in the 1700s and 1800s with tokens and stamps that could be used by the customer for discounts on future purchases with the same supplier. Perhaps the modern stereotype is the frequent flyer mile. Originally acquired and used solely for air travel, these can now be acquired without using air transport and exchanged for a variety of other goods and services. While typically not fungible beyond the partner ecosystem, customer loyalty tokens (e.g. frequent flyer miles) are sometimes seen as alternative currencies by both the creators and users. The analogy with cryptocurrency schemes as an alternative currency seems obvious.

Most consumers don’t think about taxation of their frequent flyer miles; and, most would typically assume that they are not taxable. This, unfortunately, ain’t always so. The IRS has issued limited guidance on the taxation of frequent flyer miles with IRS announcement 2002-18 stating they would not pursue a tax enforcement program on frequent flyer miles – and not that these were not taxable. This relief does not apply to travel or other promotional benefits that are converted to cash, to compensation that is paid in the form of travel or other promotional benefits, or in other circumstances where these benefits are used for tax avoidance purposes. And there are a couple of court cases[2] where the value asserted in a frequent flyer miles transaction has exceeded de minimus limits and resulted in the issuance of 1099-MISC income statements with tax impacts. There are many variants in customer loyalty programs and opinions on the practicality of heir taxability[3]. Unexpected tax enforcement against consumers of loyalty program tokens would significantly impact the value of such programs. No consumer-facing company wants to give its customers promotional tokens that result in tax problems from unexpected liabilities or reporting concerns.

Considering the potential for increased tax enforcement against cryptocurrency transactions, proponents of blockchain-based customer loyalty programs should consider how closely their proposed loyalty programs match the original concept of discounts against future purchases with the same supplier vs fungible alternative currency.

For companies considering a blockchain-based loyalty program there are additional considerations. FINCEN has recently issued guidance involving convertible virtual currencies. While this guidance seems directed to virtual currency exchanges, it is not clear that businesses exchanging virtual currencies for goods and services are exempt. If applicable, then the business would need to comply with state money transmission regulations. This gives companies considering blockchain-based loyalty programs added incentives for restricting the program to match the original concept of discounts against future purchases with the same supplier vs fungible alternative currency.

Blockchain-based customer loyalty programs are not impossible; however, due diligence needs to be undertaken with the applicable regulations, to ensure the loyalty program is designed appropriately.

[1] A. Nastasiou, M. Vandenbosch, “Competing with loyalty: How to design successful customer loyalty reward programs”, Business Horizons Vol 62, Is 2. March-April 2019 pp 2017-214.

[2] See e.g., Shankar v Commissioner 143 T.C. No 5 (2014), Hirsch v Citibank (S.D.N.Y) Case 1:12-cv-01124-DAB-JLC (2016)

[3] J. A. Mankin, J.J. Jewell, “Frequent Flyer Miles as company scrip: implications on taxation” Business Studies Journal, Vol 7, No. 1, 2015

Posted on Sunday, June 30, 2019

Blockchain Terminology

Tokens may be used to safeguard sensitive data involving, for example, bank accounts, financial statements, medical records, criminal records, driver’s licenses, loan applications, stock trades, voter registrations, and other types of personally identifiable information (PII)

Initial Coin Offering (ICO) –In an ICO, a quantity of cryptocurrency is sold in the form of “tokens” (“coins”) to speculators or investors, in exchange for legal tender or other cryptocurrencies. The tokens sold are promoted as future functional units of currency if or when the ICO’s funding goal is met and the project launches. In some cases, like Ethereum, the tokens are required to use the system for its purposes.

Stablecoins are cryptocurrencies designed to minimize the volatility of the price of the stablecoin, relative to some “stable” asset or basket of assets.

Backed Stablecoins are redeemable in commodities (such as precious or industrial metals).

Currency backed stable coins are pegged to one or more fiat currencies (e.g. US Dollar, Euro etc.)

Cryptocurrency backed stable coins are issued with cryptocurrencies as collateral, which is conceptually similar to fiat-backed stablecoins; the significant difference between the two designs is that while fiat collateralization typically happens off the blockchain, the cryptocurrency or crypto asset used to back this type of stablecoins is done on the blockchain, using smart contracts in a more decentralized fashion.

Colored coins are a class of methods for associating real world assets (e.g. a deed for a house, stocks, bonds or futures) with blocks on the blockchain network.

Mining– process of generating a new block on the blockchain – typically includes a PoW assertion.

Mining pool– a collection of miners who have pooled their resources together in order to mine a cryptocurrency

Single mining pool– A mining pool that mines a single cryptocurrency.

Multipool mining– mining poll that mines multiple cryptocurrencies

Orphan blocks– a successfully completed PoW that was not accepted by the consensus protocol – discarded (waste) in bitcoin

Stale blocks– a block that is abandoned because the mining node already received a solution from some of other node.

Uncle blocks– an orphan block; in Etherium, orphan (uncle) blocks can earn ether.

Genesis blocks– the first block on the blockchain.

Just as a Mint creates new currency notes and coins, minting on a blockchain expands the size of the cryptocurrency in circulation and supported by the blockchain.

To Burn a crypto currency asset is to destroy it – reduces the size of the cryptocurrency in circulation and supported by the blockchain.

Fiat currency is an object (like a paper bill or metal coin) that has been established as money, often by a government

A Digital Currency is a type of currency designed to be used in the digital form. A cryptocurrency is a digital currency.

On a permission less network, anyone who meets certain technical requirements can access the network or operate a node.

On a permissioned network, an entity controls access to the network and oversees who can operate a node.

Blockchain Governance is the approach to decision making taken by the decentralized nodes on a blockchain.

A non-fungible token (NFT) is a special type of cryptographic token which represents something unique; non-fungible tokens are thus not interchangeable. This is in contrast to cryptocurrencies like bitcoin, and many network or utility tokens that are fungible in nature.

A cryptocurrency wallet is a device (e.g. usb stick), physical medium, program or a service which stores the public and/or private keys and can be used to track ownership, receive or spend cryptocurrencies. The cryptocurrency itself is not in the wallet. In case of bitcoin and cryptocurrencies derived from it, the cryptocurrency is decentrally stored and maintained in a publicly available ledger called the blockchain. A public key allows for other wallets to make payments to the wallet’s account(address), whereas a private key enables the spending of cryptocurrency from that address.

Posted on Saturday, February 3, 2024

Digitization and Remote Agency: A New Era

Insights from “Blockchain Smart Contracts and the Law”

Digitization and remote agency have continued to accelerate as software eats the world. With the advent of advanced technologies, businesses are now able to operate remotely, transcending geographical boundaries and time zones.

The digitization of business processes has revolutionized the way organizations operate. It has enabled them to streamline operations, improve efficiency, and deliver better customer experiences. From cloud computing to artificial intelligence, digital technologies are reshaping the business landscape. One of the most significant developments in this digital revolution is the emergence of blockchain technology. Blockchain, with its decentralized and transparent nature, offers a secure platform for conducting business transactions. It eliminates the need for intermediaries, thereby reducing costs and increasing efficiency.

A key application of blockchain technology is smart contracts. These are self-executing contracts with the terms of the agreement directly written into code. They automatically execute transactions when predefined conditions are met, eliminating the need for manual intervention. However, as with any new technology, blockchain and smart contracts present legal challenges. Understanding these challenges and how to navigate them is crucial for businesses looking to leverage these technologies.

This is where the book “Blockchain Smart Contracts and the Law” comes in. This comprehensive guide provides an in-depth understanding of the legal aspects of blockchain and smart contracts. It offers valuable insights into how businesses can mitigate risks and ensure compliance while reaping the benefits of these technologies. As we move further into the digital age, the role of remote agency will continue to evolve. Businesses that adapt to these changes and leverage new technologies will be the ones that thrive.

In conclusion, the digitization of business processes and the advent of technologies like blockchain and smart contracts are transforming the concept of remote agency. To navigate this new landscape, it is essential to understand the legal implications of these technologies.Equip yourself with the knowledge to navigate this new era. Get your copy of “Blockchain Smart Contracts and the Law” today and stay ahead of the curve.