Distributed Ledger Technologies in Public Services

4. What is Distributed Ledger Technology?

4.1 How did the Distributed Ledger Technologies evolve?

In this report we examine the use and potential of Distributed Ledger technologies (DLT) in digital public services.

In the same way that the category "vehicle" covers the passenger car, the freight ship, and the space shuttle, the term DLT spans a broad set of technologies.

The foundation technologies of DLT can be traced to fundamental cryptography work over the past 50 years^[4]. In 2008 a novel scheme called Bitcoin combined some existing DLT tools into an "open public network" with a "distributed trust-less consensus". In the Bitcoin network anyone can join, and can exchange value by 'spending a coin' and agree on who owns what without trusting others in the network.

In the Bitcoin scheme value exchange transactions are grouped into blocks and cryptographically linked together in a block chain.

Since then the word "blockchain" has become part of the popular dictionary, used to describe both the foundation technologies and applications of distributed ledger technologies. This is confusing; there is no clear definition of what a blockchain is, or its capabilities, and the term blockchain infers certain specific qualities present in Bitcoin^[5] but not all DLTs.

For this reason, we use the broader term "Distributed Ledger Technology" which is more commonly used in Public Services applications. We refer to "blockchain" only when discussing a specific technology implementation which has these characteristics.

The scope of this document does not include a summary of the many specific DLT platforms. Rather it examines the general utility of their use in Public Services scenarios.

4.2 A simple definition of Distributed Ledger Technology

The simplest description of a distributed ledger is that it is like a spreadsheet, which instead of resting with a single provider, is shared across a network. Every change is replicated, recorded and agreed by everyone.

Physically, the ledger is duplicated across many computers, so it is more difficult to subvert or destroy. Distributed Ledgers use cryptography to make them resilient to attack or unauthorised change. Usually the ledger's cryptography builds up over time so it becomes more and more difficult to hack. This makes it "immutable"—it is extremely improbable that anyone could go back and subvert the ledger's history.

The result can be a more open, transparent and verifiable shared database.

These technologies are based on research and innovation that has been going on for several decades. An important development in 2009 was Bitcoin's innovative combination of approaches (including collating transactions into blocks and cryptographically chaining these blocks together) which solved the "double-spend"^[6] problem.

This use for "value transactions", i.e. sending money, enables "trust" without an intermediary.

Bitcoin evolved into a global "public" network; public because anyone can download the software and join in. Speculation on this new asset class drove demand for its constrained supply, and focussed further attention and development. Five years later the Ethereum blockchain was proposed, evolving the idea of autonomous or "smart contracts"; software programs which trigger when specific conditions are met to automate a process or fulfil an agreement.

Further developments have continued in the evolution of DLT technology, in both the "public" blockchain networks, and in private networks where only "permissioned" actors can play.

Likewise, in the past 5 years there has been an explosion in the application of these technology platforms to business and societal problems. "Figure 4-1 Evolution of DLT technology and applications" puts blockchain in the context of development of cryptography and Internet technology.

DLT development and application continues to influence the way we think about exchanging value and assets, enforcing contracts and sharing data.

1. Someone requests a transaction

⇓

2. The requested transaction is broadcasted to a peer-to-peer network consisting of computers, or ‘nodes’

⇓

3. The transaction and user are validated by the network using known algorithms

⇓

4. The transaction is combined with other transactions to create a new block of data for the ledger

⇓

5. This new block is added to the existing blockchain, in a way that is permanent and unalterable

⇓

6. The transaction is complete

Figure 4-1 Evolution of DLT technology and applications

4.3 How can we use Distributed Ledger Technology in Digital Public Services?

Broadly speaking, Distributed Ledger technologies are tools which can engender transparency and security in transactions and make markets and systems more efficient.

This broad scope has led to a growing diversity of applications, across many vertical industries as diverse as financial services and transportation.

Some patterns of use have emerged. The following is not exhaustive, but we summarise an outline taxonomy of key DLT application themes below in "Figure 4-2 DLT Application Themes", with the specific scope of application in digital public services in mind, to inform our discussion.

Figure 4-2 DLT Application Themes

Streamlined collaboration: DLT can be applied to scenarios where multiple organisations must collaborate to achieve outcomes, but each may only act in a way that all other consent to. Examples include many legal processes such as conveyancing, or benefit and grant approvals and disbursement.

Security and Resilience: DLTs can be more "cyber-resilient" as, simplistically speaking, they deal with encryption and integrity "by default". In addition, their security compounds over time—data can be encrypted and permissioned, and then distributed to make it more robust against subversion or external attack.

Privacy and Confidentiality: DLTs reduce the need to retain multiple copies of sensitive information amongst co-operating parties, so reducing risks of that information being compromised. In addition, they can support sharing and transactions on data while maintaining its confidentiality. Such techniques can be used to let a citizen or organisation enter or generate information once, yet have it shared only appropriately and with minimal exposure. Examples include identity verification and sharing of patient medical records.

Each of the three above points have a role in supporting simplified Citizen Experience, for example where citizens need enter information only once and it can be securely shared across government.

Compliance and Oversight: DLT can be used to track the provenance of all data and interactions involved in completing a process, particularly in demonstrating a "chain of custody" in a regulated process. Examples include traceability in logistics and procurement supply chains, or in managing governance around the process of applying for a taxi license.

Paperless reconciliation: An obvious application of DLT is in banking, where each institution maintains its accounts and their balances. When an inter-bank transfer occurs, the sending bank adds a debit to its ledger, and the receiving bank adds a credit to its ledger. At COB, the ledgers are reconciled to update the correct balances. A shared distributed ledger makes reconciliation unnecessary, eliminating an administrative step and improving efficiency.

Registration and Recording: DLTs can produce a permanent and irrefutable digital record of what happened. Unique digital tokens can be applied to registry of ownership applications where assets change hands, and in provenance applications where it's important to track the origin and history of an asset over time. Examples include land registry and provenance of food and ingredients or precious gemstones.

4.4 Further notes and common questions on DLT

As stated above, the scope of this document does extend to a detailed description of DLT and blockchain platforms in this quickly evolving industry. This section contextualises further details on Distributed Ledger technology in the form of accessible answers to common questions and strikes a "devils advocate" tone to counterbalance any unconscious bias from the writers of this report.

4.4.1 Isn't blockchain over-hyped?

The Bitcoin blockchain became the subject of abnormal global attention as cryptocurrency investment caught the Financial Services industry off-guard and made some early investors very rich. Simultaneously blockchain's "distributed disintermediation" narrative also seemed to catch the popular mood. There has undoubtedly been a case of "blockchain fever".

Enthusiasm around the potential of any new technology must be tempered with recognition of its maturity, shortcomings and risks. Many contemporary applications of DLT are in the early stages of construction and deployment. There is a danger that it will be positioned beyond its current capabilities as a not-yet-fully-mature technology, and in some cases beyond sensible application where no benefit case can be shown above conventional simpler technologies.

However, as of June 2018 it is beyond reasonable doubt that this technology may be used to address real-world problems in industries such as Financial Services, Public Services, and Supply Chain. Academics, engineers, government leaders and business people overwhelmingly agree. Furthermore, consensus has emerged that the DLTs have an important role to play in information security and online privacy.

4.4.2 So what are the risks around deploying DLT today?

The broad category of Distributed Ledger includes some mature technologies, and some still in their infancy.

It may yet be several years before the category can fully meet enterprise requirements of clear standards, interoperability, predictable roadmap, availability of skills, and readiness for enterprise operations. Also, as the market becomes better defined there are risks from investing in technology from early market vendors who may suffer from inevitable market consolidation.

4.4.3 What do you mean by Public and Private, and why is it important?

"A simple definition of Distributed Ledger Technology " above discusses "public" blockchains such as Bitcoin and Ethereum. In these any party can download and run its software. This joins the network by becoming a "node", validating that any change is legitimate and meets rules agreed by the whole network. Also, a subset of these nodes may serve to secure the network in exchange for the chance of rewards, by becoming a "miner".

In public blockchains miners compete with each other to solve a puzzle. The first to do so gets a reward and is able to "seal" a block of changes, and add a block to the chain. This proof of computer processing effort, or "proof-of-work" is the method by which every node in the network achieves consensus on the ledger's current state.

The Proof of Work consensus algorithm is often cited as a flaw in the Bitcoin public blockchain. Though very effective at making it computationally unfeasible to subvert the network, it also makes its transaction rate low and energy consumption high. Another criticism of Bitcoin is one of privacy—its unprecedented level of transparency means that every balance and all transactions can be viewed by everyone.

DLTs may be considered Private (or Permissioned), when the above validation and mining activities are more constrained to specific actors.

For example, much work in Financial Services focuses around a permissioned DLT called Corda, which requires participants to identify themselves, and uses a "Proof of Authority" consensus where only pre-approved, authorised notaries can make changes to the ledger.

DLT applications in Public Services typically leverage Permissioned DLTs, where only co-operating government actors and agencies or their delegates are authorised to "mine" changes.

4.4.5 Doesn't blockchain waste electricity?

Bitcoin uses a lot of electricity. As explained above a competition is run roughly every 10 minutes where "miners" compete to solve a mathematical puzzle first enabling them to validate and secure a block, in return for a Bitcoin reward.

Bitcoin is a global public network with many individuals and commercial "mining" businesses competing in parallel. It is estimated that each Bitcoin trade or transaction consumes 200kWh, enough to keep a small family home in electricity for a month. Clearly this seems overly energy intensive.

However, advances in public blockchain technologies seem set to address these inefficiencies. For example, the Ethereum blockchain's roadmap will have it move to a far more energy efficient "proof of stake" consensus algorithm.

Typically, "permissioned" blockchain technologies feature a restricted set of users who have the rights to validate the block transaction, meaning that energy intensive competitions are not necessary.

4.4.6 How does blockchain line up with GDPR?

A legal framework for personal data privacy known as General Data Protection Regulation (GDPR) became effective across the European Union on May 25th 2018.

The spirit of GDPR is to strengthen individual control over storage and use of their sensitive data and identity attributes. It places several obligations on organisations around their management of personal data including its access, protection, erasure, and portability.

Opinion varies on whether Distributed Ledgers are a solution to, or problem for, GDPR. On one hand their distributed nature creates many "copies" of citizen data and by design eliminates a single point of control. It is not always clear in a peer-to-peer network who is the responsible "data processor".

On the other hand, some DLT implementations are credited with enabling "privacy by design" where the "data subject" retains control over which actors have access to data, rather than surrendering control of it to another data processor.

A March 2018 report (IBM, 2018) asserted that DLT aligns closely with GDPR's goals of secured and self-sovereign data. It stated a caveat—that only cryptographic hashes of personal data (i.e. evidence of the data's existence and state) should be stored "on chain". This concern focusses on the "append only" characteristics of DLT, and supports the "right to be forgotten" (or the right of erasure).

However, many in the DLT and self-sovereign identity communities, assert the opposite view; that to show data has been "erased" is best demonstrated through cryptography, e.g. that the data has been irreversibly encrypted or that the requisite decryption keys have been put beyond use. This view is elucidated by International legal firm Hogan Lovells LLP in an explanation of blockchain's role in data protection (Hogan Lovells LLP, 2017).

Such a scheme would allow the "destruction" of data in public record-keeping applications where for example in disregarding offences registered and since pardoned or disregarded^[7].

We anticipate that greater clarity around the issue of erasure will emerge as regulatory rulings and relevant case law emerges over time.