In Uganda, the government is attempting to use blockchain to identify and track counterfeit drugs. In China, there’s an effort to create a “blockchain logistics platform.” And in a few American states like Utah, some officials see blockchain as a way to help overseas citizens cast their votes securely from thousands and thousands of miles away.
Yet, in some circles, there are “raging debates” about the very definition of blockchain, said Timothy M. Persons, chief scientist for the U.S. Government Accountability Office (GAO).
To shed more light on this mysterious technology, this month GAO released a two-page “spotlight” document about the risk-reward characteristics of blockchain and other types of distributed ledger technologies (DLT). Persons described this document as “pre-evaluation work,” meaning his organization will be commenting more on blockchain use in the future.
GAO’s activities here will help “Congress think about things [disruptive technologies] more proactively rather than just reactively,” as blockchain is expected to affect every level of government in the United States. “Blockchain is a federal, state and local issue,” Persons said.
GAO’s spotlight document only scratches the surface of blockchain’s good and concerning aspects, but it breaks down the elevator pitch for blockchain into understandable terms. One section points out that ledgers have been used “to record transactions for thousands of years,” but they’ve always required a “central, trusted authority” to ensure that all transactions are accurate. On the simplest level, blockchain is a digital version of this traditional accounting method. Blockchain simply eliminates the need for the authority figure. In theory, this approach could lead to increased efficiency and transparency.
A 2018 Congressional Research Service report, written by cybersecurity policy analyst Chris Jaikaran, also describes blockchain in plain business language: “Blockchain allows parties who may not trust each other to agree on the current distribution of assets and who has those assets, so that they may conduct new business.”
Given this clarity about blockchain’s basic purpose, why is the subject so complicated?
“The use of this technology in every scenario … is always a double-edged sword,” Persons said. “There’s an upside to using it, and then there’s a risk in using it.”
One risk is tied to access to information in a given blockchain. To illustrate this point, Persons discussed the example of using blockchain to create a comprehensive health record for an individual. People experience numerous changes in regard to health, whether it relates to one’s condition, doctor, medication, or hospital. Blockchain can securely document all of these changes in chronological order throughout one’s life cycle, which has powerful implications for patient care.
But here comes the flipside: Who gets to see that entire longitudinal record? How does one manage access?
“Would, let’s say, a school nurse have full rights and visibility into your child’s entire medical record or just the parts that pertain to being a school nurse, for example?” Persons said.
States have already grappled with similar privacy concerns in setting up statewide longitudinal data systems (SLDS), which can track an individual’s progress from grade school to college to the workforce. While the privacy issue is not new, the technology is different. In blockchain’s case, the technology’s structure, or rules, can be altered to decrease, or even eliminate, the possibility of bad things happening, according to Forrest Senti, director of business and government initiatives at the National Cybersecurity Center.
Senti said blockchain has attracted governments for two main reasons. First, it strengthens security by its very design. Blockchain involves multiple servers rather than one server. New blocks, or transactions, cannot be added to the chain unless a majority of servers allow the transaction to occur. In contrast, existing technologies in government can be manipulated if a hacker can pass through a single point of security.
Consider the hypothetical of a blockchain being used to record tax-related transactions for the IRS, which has a lot of servers. In order to manipulate such a system, an attacker would have to compromise thousands of servers in order to get the majority approval necessary to alter blocks in the chain, Senti said.
Another reason governments look into blockchain is increased transparency and auditability, Senti said. As a government entity adds transactions to a chain, anyone can check the blocks and make sure they contain the correct information.
From Persons’ point of view, the biggest misconception about blockchain is that it’s mature, fully implemented, and already changing the world rapidly.
“The reality is the opposite,” Persons said. “It’s still so nascent and emerging.”
Senti said the U.S. can open up many possibilities with blockchain once people look past the technology’s association with digital currencies like bitcoin. “Bitcoin is blockchain, but blockchain is not bitcoin,” Senti added.
This point is crucial because blockchain has multiple potential models that dictate how blocks can be added. Bitcoin, as well as many other digital currencies, is based on a proof-of-work model, which encourages people to use sheer computational power to add blocks to a chain in order to receive more currency.
Senti said the proof-of-work model, depending on the size of the blockchain, is more susceptible to a 51 percent attack, a term that directly refers to the notion of an attacker taking over a majority of blockchain servers. More than likely, governments would not adopt a proof-of-work model like bitcoin’s, as it would invite individuals to vie for the power to add blocks.
Instead, governmental organizations might be more fond of a “delegated proof-of-stake model,” which would give the government in question the ultimate right to add blocks, Senti said.
No matter the blockchain model, the key for governments will be setting up the appropriate policies and procedures to maintain order.