By R. Greg Szrama III

A New Technology, Blockchain, is being implemented by organizations and governments worldwide. Proponents claim it’s a panacea for revising stale business processes and securing all our data. That’s inspiring marketing copy, but in reality Blockchain is more of a foundation upon which truly disruptive innovations may be built.

What Is Blockchain?

Say you’re a researcher or inventor, and you’re developing an innovative new idea. You hope to patent your idea, but to do so you need to prove you’re the first to get the idea on paper to establish precedence. Researchers have grappled with this in numerous ways, including keeping a timestamped, notarized ledger, or sending a document via certified mail and leaving it unopened. These methods work but are time-intensive, susceptible to alteration or tampering, and require a trusted second party to vouch for the claims.

The problem of timestamping documents and proving precedence is even harder when we consider digital media, which is trivial to tamper with for a sophisticated user. A file system timestamp or even a rigorous audit trail can be invisibly tampered with in a way that may not leave any forensic trail. In 1991, S. Haber and W.S. Stornetta described an innovative means of solving this problem. They found that:

What is needed is a method of time-stamping digital documents with the following two properties. First, we must find a way to time-stamp the data itself, without any reliance on the characteristics of the medium on which the data appears, so that it is impossible to change even one bit of the document without the change being apparent. Second, it should be impossible to stamp a document with a time and data different from the actual one.[1]

This elegant theoretical approach to the timestamping problem formed the technical foundation for what eventually became known as a blockchain. At its heart, a blockchain is nothing more than a secure timestamped ledger. Entries in the ledger are grouped into blocks that form a sequential chain that grows longer over time. Each new block contains a fingerprint (a cryptographically secure hash value) of itself that covers both the new data entries in the block and the fingerprint of the prior block. This chaining of fingerprints means that altering a single record in a given block (even by only one bit) changes that block’s fingerprint and invalidates all subsequent fingerprints as well. This gives us a very high level of trust in the accuracy of the ledger.

In 2008, the idea of a distributed blockchain grew among cryptography researchers. This solution called for the entire ledger being present on many different individual servers, each competing to combine digitally signed transactions into new blocks. It was implemented in 2009 as the Bitcoin Network and became the first publicly accessible distributed blockchain. Because it’s decentralized, there is no single point of failure—and because each node has a copy of the entire ledger, there is massive built-in replication that gives a high level of data quality and trust. When adding new blocks, each node also validates all transactions added to the block—providing a redundant guarantee that funds have not been previously spent—and then fingerprinting the block to prevent tampering. Additional blocks added to the chain further provide validation for prior blocks and make the task of falsifying or altering prior transactions increasingly difficult.

One important feature of a blockchain in general is that any data may be stored in the ledger. Bitcoin’s blockchain contains, in addition to bitcoin transactions, material from Wikileaks cables, prayers from bitcoin miners, the original bitcoin white paper, and even an image of Nelson Mandela.[2] In principle, any data could be stored in any blockchain, but the specific implementation may have certain limits or costs. Embedding files in bitcoin’s ledger is something of a hack and requires specially encoding the file as text, breaking it into 32-character chunks to serve as fake recipients of transactions, then issuing transactions against these fake addresses and paying any attendant transaction fees. Further, bitcoin blocks have a maximum limit of 1 megabyte for transaction data so large files, like the Wikileaks cables, must be split across many transactions over multiple blocks.

Is Open a Good Thing?

The blockchain underlying bitcoin, as with most other early blockchains, is both public and open. This means that anyone at any time may browse bitcoin transactions—and, in fact, anyone running a bitcoin node has a full record of all bitcoin transactions ever made. Counterintuitively, this makes bitcoin a more secure and more trustworthy ledger than a closed system could be.

Consider a scenario in which a global financial institution deploys a private blockchain on its own server infrastructure to maintain financial transactions. This means the financial institution itself controls all nodes that perform transaction validations and add new blocks to the chain. The first and most obvious effect of this is that a logically singular source of authority has been generated which, if compromised, allows arbitrary modifications to the blockchain ledger. More perniciously, it’s time-consuming and extremely expensive to operate a network at a large enough scale to provide the same level of redundancy provided by independent operators vying to add new blocks to the chain. By one estimate, operators running bitcoin nodes currently consume around 4 terawatt-hours of electricity annualized, may grow to consume about as much electricity as Denmark by 2020,[3] and perform over 7 trillion hash computations per second[4] using specialized hardware.

In the case of bitcoin, no single person controls more than a small piece of the servers validating transactions and adding new blocks to the blockchain. New transactions are broadcast to all nodes on the network, making validation of the transactions in a completed block trivial for the other nodes on the network. To abuse the network and block transactions to favor a specific user or invalidate transactions and allow double-spending of bitcoins would (theoretically) require a single group to control more than 50 percent of the total computing power involved in computing new blocks. Even then, changing historical transactions would range from difficult to impossible due to the periodic checkpoints embedded in bitcoin’s source code that record the fingerprints of specific nodes in the chain.

Bitcoin also benefits from providing a financial incentive for creating new blocks. This incentive comes in the form of assigning newly minted bitcoins to the person who created the block, as well as transaction fees for each transaction in the block. Creating blocks involves computationally expensive calculations; the algorithm used is tuned such that, on average, a new block is created every 10 minutes. Incentivizing block creation allows for a competitive enterprise where operators race to be the first to calculate, or mine, a new block. This financial incentive draws in new operators—thereby establishing additional redundant nodes—and also allows bitcoin to take advantage of the network effect to increase the utility of the service for all users.

Given that blockchains are generally public, a common and valid concern among new users is maintaining their privacy. This is provided for using publicly available encryption tools. In bitcoin, the value of a transaction is publicly known but the parties are anonymized using digital signatures. The use of fingerprinting (hashing) techniques is fundamental to the design of blockchain; the same techniques can be used to fingerprint a document and provide a valid timestamp for that document. Possessing the fingerprint does not allow a person to determine the original contents of the document, but the original document can always be used to regenerate the fingerprint to prove possession of the asset. This combination of attributes—anonymity of users coupled with verifiable and precise timestamps of data—is what makes blockchain a potentially transformative protocol.

Digital Media and Blockchain

Due to its origins as a timestamped ledger, blockchains are currently closely tied to financial interests and, to a lesser degree, document publishing. Another area that may benefit from adopting blockchain protocols is digital rights management for musicians and other artists.

Blockchain could readily power a global ledger documenting creative works and the artists contributing to their creation—songwriters, producers, and musicians in music. The most immediate impact of this is to prove ownership of rights for collection of royalties.

Things get exciting when smart contracts are added into the mix. One application of these smart contracts might be to automate royalty payments to all interested parties. Buying or listening to a song from a digital service provider, for example, could automatically result in payment records to all who participated in the creation of the song. This mechanism, due to blockchain’s nature, is traceable and introduces a level of transparency sorely needed in such payment processes.[†]

Another use of this technology could come in consumers owning and sharing music they have purchased. By storing the fact of purchase in immutable blockchain, there is a permanent record that an individual owns certain rights (personal use, public use, etc.) for a specific piece of media. This record of ownership can be used to enable sharing of media in a legal fashion. Back when CDs were a popular format, you could lend a CD to a friend but then lost the ability to listen to that music until it was returned. With blockchain, a smart contract could be implemented to fill the same lending function, with the same single-user-restricted access.

Reference

[†] “Songwriters Lose Out on Royalties”; The Wall Street Journal website; Accessed at www.wsj.com/articles/songwriters-lose-out-on-royalties-1444864895 on Sept. 26, 2017.

Other Applications

The most prominent example of blockchain is bitcoin, both because it was the first public distributed blockchain and because it’s been financially successful. Most applications of blockchain are still theoretical, but governments and private enterprises have both fielded successful deployments of the technology beyond just currencies.

One area with considerable promise is digital identity management. One possibility envisioned is to have two parallel blockchains: One is a document ledger containing digitally signed identity documents, the other a traditional transaction register. Each user of the system has an ID used for assigning transactions and for granting access to their documents stored in the document ledger. Users may then request access to another user’s documents, recorded in the transaction ledger, with a full audit trail of requests. As a user controls his own documents, the user may grant access at any time and then revoke it as well. The solutions typically allow for making specific queries such as, “Are you older than 25?” or “What is your blood type?” This ability to respond to individual, specific queries reinforces the security principle of least access and allows the owner of data to decide whether the requester has a suitable need to know.

The government of Estonia rolled out such a system in 2012.[5] The system initially provided access to national health, judicial, legislative, security, and commercial code systems. The country plans to expand its system until it also covers personal medicine, cybersecurity, and other realms. The system is seeing success in encouraging Estonians to move common government interactions to digital forms and in encouraging a unique national identity fully separate from its legacy as a former Soviet state. One of the more exciting aspects of the move to blockchain and other distributed technologies is the plan to establish digital embassies containing secure nodes outside Estonia’s national borders, thereby ensuring access to critical information should internal servers be compromised or destroyed. The first such digital embassy is planned to open in Luxembourg by the end of 2017.[6]

The Factom Foundation developed another novel use of blockchain technology—creating a secure, immutable, digital document publishing and auditing ledger.[7] Its Factom software is open-source and runs on servers on a volunteer basis. The company’s approach to securing the Factom blockchain is to periodically “anchor” it in the bitcoin blockchain by recording its state (represented as a fingerprint of the last block) every 10 minutes. Part of Factom’s goal is to move non-value transfer transactions off the bitcoin ledger; anchoring its own blockchain in bitcoin makes Factom as immutable as bitcoin is.

The real value of Factom’s ledger is in proving the existence of documents, proving the order in which these documents were created, and providing access at any time for independent audit. In a sense, Factom is an automated and mathematically secure notarization process that can be used as a distributed source of veracity or as an immutable proof of process. While anyone can post a transaction to bitcoin to prove a specific document exists at a given time, doing so only establishes positive proof that a document exists. Factom’s ledger allows for, among other things, describing document changes when an updated version is published and sending automated notifications when such a change is made.

Impact for the Insurance Industry

Identity management and auditable proof of publishing are powerful reasons for any business to embrace blockchain technology. Of specific note to insurance companies, however, are applications in so-called smart contracts and fraud detection and prevention.

Smart contracts, containing promises in digital form and protocols for performing on those promises, are enabled by the immutability and reliability of blockchain networks. These contracts may be formulated to be both binding and automatically executing. Smart contracts and their triggering clauses become a matter of permanent record for anyone with proper permission to view them (that is, anyone possessing an appropriate encryption key). Payment of premiums, for example, may be stored on the blockchain, providing instant access to validate coverage.

The distributed and open nature of blockchain also means that parties to a contract in different organizations do not need to maintain and synchronize their own copies of relevant documentation and validate it against an external trusted source. All records in the distributed ledger are individually encrypted, so even if a malicious actor somehow breaks one record, that does not grant the hacker visibility into any other relevant record.

The trustworthiness of timestamps in the ledger also allows for automated execution of contracts. For example, a mortgage insurer may use smart contracts, backed by the blockchain, to automate escrow payments. When discussing liability insurance, a smart contract may be written to observe record of a triggering event, such as a hurricane landfall, to execute required payments. This allows the insurer to be more responsive to its customers and to have an auditable record of all events for nonrepudiation purposes.

The provision of nonrepudiation also holds promise in the field of fraud detection and prevention. Premium diversion, the most common type of insurance fraud,[8] becomes trivial to detect if all transactions are written to the blockchain. If an agent fails to send premiums to the underwriter, for example, there is a clear and broken chain of clients paying premiums and those premiums not leaving the agent’s account. If all payments must be written to the ledger, then the nonrepudiation facet of blockchain means we can be certain that a lack of an entry means no payment was made.

Smart contracts may also be applied here to automate payments to the underwriter, making it impossible to perform this type of fraud. Selling insurance without a license also becomes more difficult if licensing can be publicly and instantly verified with a near-instant check to a service like Factom to confirm the status of the agent’s license.

The promise of blockchain may see the biggest return on investment in combating fraud and improper payments in government benefits programs. According to a 2015 report from the Government Accountability Office,[9] Medicare loses over $60 billion annually to fraudulent activity and improper payments. Now let’s imagine that the Centers for Medicare and Medicaid Services (CMS) were to adopt a blockchain-based distributed ledger for recording all physician and pharmacy payment requests and fulfilments, along with metadata containing details on the reasons for those requests. Analytics engines operating on this data could then readily identify cases like the doctor in West Virginia who wrote 325 prescriptions in one month for a total of over 19,000 oxycodone pills.[10] Each of those prescriptions must be filled at a pharmacy with attendant claims for payment, and a significant percentage of such prescriptions are filled through Medicare Part D and Medicaid coverage.[11, 12, 13] Analytics can also uncover other patterns of fraud, including stolen doctor identities, double-billing, and claims for durable medical equipment.

While blockchain by itself is not a disruptive technology, the applications it allows certainly hold promise for disrupting existing business models. Organizations effectively taking advantage of blockchain can see significant efficiency improvements and reductions in payment of processing fees. Blockchain holds great promise for creating immutable records of events, which can aid in detecting fraud and proving creation and ownership of digital assets of all types.

In a very short amount of time, blockchain has fundamentally changed how we approach digital record-keeping by providing a secure and immutable transaction ledger. Blockchain is still in an early adopter phase but look for companies and governments to make increasing moves toward implementing these protocols in the coming years.

 

GREG SZRAMA III is a software engineering manager at Accenture, where he focuses on high-throughput data processing applications.

 

Endnotes

[1]          “How to time-stamp a digital document”; Journal of Cryptology; January 1991.

[2]          “Hidden surprises in the Bitcoin blockchain and how they are stored: Nelson Mandela, Wikileaks, photos, and Python software”; Ken Shirriff’s blog; accessed at www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html on Sept. 26, 2017.

[3]          “Hash Rate”; Blockchain official website, 7-day running average; Accessed at blockchain.info/charts/hash-rate?daysAverageString=7 on Sept. 26, 2017.

[4]          “Mining Bitcoins Is A Surprisingly Energy-Intensive Endeavor”; Forbes website; Accessed at www.forbes.com/sites/peterdet wiler/2016/07/21/mining-bitcoins-is-a-surprisingly-energy-intensive-endeavor/ on Sept. 26, 2017.

[5]          “Blockchain”; Estonia government operated e-Estonia website; Accessed at e-estonia.com on Sept. 26, 2017.

[6]          “Estonia to open the world’s first data embassy in Luxembourg”; Estonia government operated e-Estonia website; Accessed at e-estonia.com/estonia-to-open-the-worlds-first-data-embassy-in-luxembourg/ on Sept. 26, 2017.

[7]          “What is Factom?”; Factom website; Accessed at www.factom.com/about/faqs on Sept. 26, 2017.

[8]          “Insurance Fraud”; FBI Reports and Publications website; Accessed at www.fbi.gov/stats-services/publications/insurance-fraud on Sept. 26, 2017.

[9]          “Government Efficiency and Effectiveness: Opportunities to Reduce Fragmentation, Overlap, Duplication, and Improper Payments and Achieve Other Financial benefits”; GAO-15-440T; U.S. Government Accountability Office; Mar. 4, 2015.

[10]        “West Virginia doctor investigated for deaths in opioid epidemic”; CBS News report; Accessed at www.cbsnews.com/news/west-virginia-doctor-michael-kostenko-investigated-for-deaths-in-opioid-painkiller-epidemic/ on Sept. 26, 2017.

[11]        “Medicaid’s Role in Addressing the Opioid Epidemic”; Kaiser Family Foundation website; accessed at www.kff.org/infographic/medicaids-role-in-addressing-opioid-epidemic/ on Sept. 26, 2017.

[12]        “Understanding Who Opioid Users Are Underscores Challenges”; Kaiser Family Foundation website; accessed at www.kff.org/other/perspective/understanding-who-opioid-users-are-underscores-challenges/ on Sept. 26, 2017.

[13]        “Payments For Opioids Shifted Substantially To Public And Private Insurers While Consumer Spending Declined, 1999–2012”; U.S. National Library of Medicine, National Institutes of Health website; accessed at www.ncbi.nlm.nih.gov/pmc/articles/PMC4955937/ on Sept. 26, 2017.

Print Article

Next article The Case for Variable Long-Term Care Insurance
Previous article The Hows and Whys of WannaCry: Ransomware, cryptoviruses, and IT security—what you need to know.

Related posts