First in a series of blogs about blockchain technology and
its impact on business practices, corporate governance and cybersecurity
It’s hard to avoid articles, white papers, blog pieces and presentations that promote the almost magical use of blockchain – it seems that blockchain, a form of distributed ledger technology, can be applied to virtually any situation, and best of all, it is entirely secure. As Don and Alex Tapscott wrote in Blockchain Revolution, “The blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”
One aspect of blockchain technology has become highly debated – whether it is as secure as its proponents claim. Since it seems inevitable that blockchain technology will be used to drive a variety of transactions, and not simply cryptocurrency, the JMBM Cybersecurity and Privacy Group has examined the technology and its impact on data security and corporate governance.
But before we can discuss the benefits and pitfalls of the technology, we have to answer a threshold question: what is a blockchain?
Evolution, not Revolution
With all the promotion, most blogs, articles and presentations don’t spend a lot of time describing blockchain, with the explanation that it is simply too difficult to understand. That is certainly true for the actual programming of a blockchain system. However, the concept behind blockchain is straightforward: Instead of relying on a central, trusted third party to validate transactions, validation is spread through multiple record holders.
The basis for this technology is a peer-to-peer network, which is not a new concept, and has been used by file sharing systems for upwards of 20 years. Peer-to-peer networks allow different computers to share files directly, instead of through a central clearinghouse. Many readers may remember as far back as 1999, when Napster was introduced, and despite the copyright and other issues, it lives on, allowing for sharing of music and other files.
Blockchain adds some important elements to the peer-to-peer network. One is including shared and synchronized data throughout the network, so that all computers, or “nodes,” on the network have the same data at the same time.
The other key addition is a means of ensuring that the data can only be changed by consensus, so that no record can be altered after its original acceptance without the alteration of all subsequent blocks and the consensus of the network. This allows the participants to verify and audit transactions. The network relies on mass collaboration driven by the shared interests of the participants, and the result is (or should be) a shared data set where there is little, if any, uncertainty regarding data security. As a result, it solves a common problem of shared networks: confirming that each unit of value was transferred only once. Moreover, a blockchain can assign property rights because it provides a record that compels verifiable offer and acceptance.
Blockchain databases achieve these goals through the use of two kinds of records: transactions and blocks. Blocks hold batches of validated transactions that are “hashed” and “encoded” into a chain. Hashing and encoding are technical terms for creating an encrypted set of records. The blocks consist of a transaction linked to the hash (the encrypted set of records) of the prior block. In order to add a block to the chain, it has to be connected to the prior block, which is ultimately connected to the original block that began the chain.
There are many more details associated with blockchains – how blockchains evolve, whether they are “private” or “public” (which have different meanings from what we commonly think of), but that’s generally how blockchain technology works. Rather than a completely new and disruptive technology, it is an extension of prior technologies with some key variations that create new opportunities.
In coming articles, we will explore the uses of blockchain technology, beyond cryptocurrencies and into mainstream uses, whether the hype over blockchain security is matched in reality, and how it might change corporate governance and business practices. Until then, for those who are concerned about the security of blockchain, we have an observation: blockchain technology was created by humans, and no system created by humans has proved to be entirely secure. Will blockchain be the exception to the rule?
Robert E. Braun is the co-chair of the Cybersecurity and Privacy Law Group at Jeffer Mangels Butler & Mitchell LLP. Bob helps clients to develop and implement privacy and information security policies, negotiate agreements for technologies and data management services, and comply with legal and regulatory requirements. He helps clients to develop and implement data breach response plans, and he and his team respond quickly to clients’ needs when a data breach occurs. Contact Bob at RBraun@jmbm.com or +1 310.785.5331.
JMBM’s Cybersecurity and Privacy Group counsels clients in a wide variety of industries, including accounting firms, law firms, business management firms and family offices, in matters ranging from development of cybersecurity strategies, creation of data security and privacy policies, responding to data breaches and regulatory inquiries and investigations, and crisis management. The Cybersecurity and Privacy Group uses a focused intake methodology that permits clients to get a reliable sense of their cybersecurity readiness and to determine optimal, client-specific approaches to cybersecurity.