Blockchain Internet Governance

Learning About Blockchain, Internet Governance, and Cryptocurrency

My first task as the Internet Society’s Regional Community Manager for the Middle East was to organize three events in a span of a week in three different cities around the Middle East about Blockchain with Dr. Walid Al Saqaf, Internet Society Board of Trustees, as the keynote speaker.

Amman, Beirut, and Dubai

July 8th was D-Day for Amman at the Grand Hyatt Hotel in partnership with Int@j Jordan and Tank by Omnia. July 19th was Beirut, Lebanon, at the Movenpick Beirut, co-organized with the Internet Society Lebanon Chapter. July 12th was Dubai, UAE, at DTEC Silicon Oasis Authority, co-organized with the ISOC UAE Chapter. All three cities differed in the type of attendees, but the subjects were the same: Blockchain, Internet Governance, and Cryptocurrency.

Dr. Walid Al Saqaf, along with Waheed Al Barghouti, a cryptocurrency expert, conducted a four-hour morning workshop with a live mining demo, “create your blockchain” exercise, and smart contract creation, rules, and regulations. Moreover, there was an open forum in the afternoon that included high-level government representatives as well as private and public sector attendees.

Blockchain had been ambiguous to me, yet after the first workshop I found myself knowing more and more about this decentralized world that is creating endless opportunities in implementations in different domains around the world. We all learned how blockchain started, how bitcoin incepted, and how different cryptocurrencies such as Ethereum work.

The history of blockchain sparked discussions such as: what are the implementations of the blockchain, what is proof of work, what is the method of verifying an entry in the blockchain ledger, and using multiple viewers. We were also informed that we couldn’t exchange cryptocurrency without an exchange fee and that these fees are determined by an algorithm. However, we saw some examples of mining without fees, timestamps on transactions for the network, hashing, headers, and the transactions memory pool. Other things discussed were Giga hash (mining plants), Pool mining, orphan blocks, private keys, public keys, smart contracts, decentralized Heroku, and supply chain workflows. The languages used in the workshop were Remix, Truffle, EVM, Embark and JavaScript.

Waheed Al Barghouthi explained that smart contracts were open source, and anyone can create one. He showed us an example of a smart contract used for a ticketing system, how the ticket is issued, then refunded. These contracts can become the future for dealing with any purchase in the world. Walid Al Saqaf jumped in to mention that Georgia is the first country to use smart contracts and blockchain in all of its real estate transactions.

One of the funniest things to hear during the day was “gas.” What is gas you say? It’s not pumped out of the earth when it comes to cryptocurrencies; it is the fee used by Ethereum. For example, if you’re sending Ethereum to anyone and want your transaction to happen immediately, your gas fee is higher than if you wait 48 hours. It was also my first time hearing about something called Bitcoin ATMs where you can exchange bitcoin from your wallets into cash. These ATM’s exist around the world and can be used for withdrawals. At all times, Mr. Waheed confirmed that Dr. Walid was doing a great job, as a humorous side of the workshop.

Dr. Walid confirmed that the Internet cannot be destroyed; it’s built in a way to sustain a nuclear attack! That was reassuring to know. What we know is, just like the Internet first started, blockchain is taking a similar route. As much as the Internet is here to stay, blockchain is also here to stay. It’s a new world and we need to learn more about and welcome its adoption.

Learn more about blockchain and read Do Blockchains Have Anything to Offer Identity?

Blockchain Building Trust Deploy360 Improving Technical Security Internet of Things (IoT)

ISOC has goals at TNC18

This week is TNC18, the largest European research and education networking conference, which is being held at the Lerkendal Stadium in Trondheim, Norway – the home of current Norwegian Football Champions Rosenborg BK. Of course we’re actually in a conference centre underneath one of the grandstands and not on the pitch, but this is still a premier event that brings together managers, network engineers, and researchers from R&E networks in Europe and the rest of the world.

The Internet Society is not only one of the conference sponsors, but has a significant role in the programme as well. Our colleague Karen O’Donoghue on Monday spoke about NRENs and IoT Security in the ‘What’s Coming Next In Privacy Innovation‘ session, where she’s discussing the security and privacy challenges of burgeoning numbers of IoT devices and how these will impact R&E communities. ISOC is encouraging the development of best practices through the Online Trust Alliance’s IoT Security & Privacy Trust Framework, and this is a good opportunity to discuss how the NREN community can take the lead in adopting good operational practice.

Karen will also be talking about Time and Security during the ‘Security‘ session on Tuesday. Time synchronisation is critical for many Internet applications, and for many years NTP has worked fine without any real consideration for security. However, in recent years there have been an increasing number of attacks on the time synchronisation system in order to create disruption and cause damage, so there has been ongoing work in both the IETF and IEEE to secure the NTP and PTP protocols.

Our other colleague Steve Olshansky will be presenting on Blockchain and Digital Identity during the lightning talks session on Tuesday. He’ll be discussing whether Blockchain can be used for identity and access management, and what the implications are for user privacy and control over their identity.

I was organising the GLIF session on Monday too, which focused on recent developments in the global lightpath space that are used to support large-scale high-bandwidth research applications such as the Square Kilometre Array and Global Research Platform. In particular, networks are increasingly becoming software driven as more services move into the cloud, and whilst this hides the complexity from users, it makes managing networks more complex and requires more sophisticated measurement and monitoring. R&E networks cannot continue to justify higher bandwidth networks on a handful of big data research projects alone, and need to ensure good access to compute and storage clusters for the smaller research projects as well.

In addition, we’re raising awareness of routing security issues by providing some MANRS information in the conference poster session, as well as having some prominent ‘advertising’ around the venue. By offering four simple but concrete actions – namely filtering, anti-spoofing, improved coordination and global validation – network operators can collectively improve the security and reliability of the Internet.

If you’re unable to make it to TNC18 in person, the sessions are being both streamed and recorded.

Blockchain Identity

Blockchain and Digital Identity – A Good Fit?

Every time you see “Login with Facebook” or “Login with Twitter” etc. on a website or use login credentials issued by your employer or school, you’re using Identity and Access Management (IAM) technologies in the background. IAM has become central to our online interactions, but like a lot of infrastructure it’s largely invisible to users (at least when it’s well designed and implemented). IAM is evolving rapidly, the stakes are high, and enterprises face an increasingly complex and puzzling digital identity landscape. There is also growing concern that businesses know too much about us, and therefore end users should reclaim control over their own identities. IAM is a hot topic in the technology world, with new architectures, business models, and philosophies all in play.

Blockchain technology (sometimes also called distributed ledger technology – DLT) is also gaining attention. Proponents advocate it for a wide variety of use cases, including IAM. Blockchain is a broad class of relatively new data security methods, with certain properties of potential value in IAM. Many IAM companies have launched identity registration solutions “on the blockchain,” while others are developing new blockchain-inspired infrastructure for distributing information about users (called “attributes” and used to inform decisions about whether to grant access to resources), which is a key element of IAM.

We wrote a white paper, titled “Do Blockchains Have Anything to Offer Identity?”, to provide an in-depth analysis of blockchain and IAM, and to provide a lens through which to view and evaluate forthcoming developments. Faced with a growing amount of hype and scepticism, we seek to provide a balanced perspective, and to clarify the ways in which blockchain technologies may or may not serve the needs of IAM.

In answering whether these new and innovative technologies can help with IAM, the starting point should be to appreciate what the first blockchains were designed to do (cryptocurrency), and then to build carefully on that. This paper should help those devising new IAM solutions, and those acquiring solutions and needing to evaluate blockchain-based approaches. Perhaps most importantly, we hope to provide guidance in evaluating current and new blockchain-based IAM solutions as they come along.

After our analysis, it is clear that blockchain technologies are collectively a work in progress. Our conclusion is that despite early enthusiasm about their general security properties, on closer inspection we find that the original public blockchains are generally not a good fit for IAM. The objective of cryptocurrency – to exchange electronic cash without intermediaries and without trust – is fundamentally different from that of enterprise IAM, which typically requires much more rigorous key lifecycle management and access controls than public blockchains offer.

Several new blockchain technology developments show promise for improving particular aspects of IAM, such as the provenance of identity attributes and cryptographic keys. Our recommendation is that any ongoing examination of blockchain technologies for IAM begin with a clear problem statement, and an appreciation of the nuances in blockchain security.

We hope you will read the paper and let us know if you have any thoughts on the matter.

Steve Wilson is a researcher, analyst and adviser in digital identity and privacy. He is General Manager of the Lockstep Group headquartered in Sydney, Australia, and holds an adjunct position as Principal Analyst with Silicon Valley based Constellation Research.

Steve Olshansky is Internet Technology Program Manager for the Internet Society.

Blockchain Building Trust Events Growing the Internet Human Rights Improving Technical Security Internet of Things (IoT)

EuroDIG 2017: ISOC Speaks on Cybersecurity, Blockchain, Human Rights, IoT, Internet Shutdowns and more

How do we create a more secure and trusted Internet within the multistakeholder model of Internet governance? That will be among the many questions addressed this week at the European Dialogue on Internet Governance (EuroDIG) in Tallinn, Estonia. From June 5-7, we will have an Internet Society team on site participating in many sessions. Our EuroDIG 2017 page has all the details – including links to live video streams – but at a high level here are some of the workshops we are participating in:

  • Plenary panel on cybersecurity
  • New business models and the Internet
  • Blockchain technology and internet governance
  • Community connectivity: empowering the unconnected
  • Criminal justice on the Internet – identifying common solutions
  • Workshop on human rights and IoT
  • Internet content blocking: from collateral damages to better solutions
  • Stress testing the multistakeholder model in cybersecurity
  • Drowning in data – digital pollution, green IT, and sustainable access
  • Forced data localization and barriers to cross-border data flows: toward a multistakeholder approach

Again, view our EuroDIG 2017 event page to see exact times and live stream links.

To stay up on our activities, you can follow us on social media – and follow the hashtags #eurodig17 and #eurodig on Twitter.

Please do say hello to our staff in the sessions – and tell us how you think we need to work together to build a stronger Internet and #ShapeTomorrow.

Blockchain Building Trust Identity Privacy

Is Your Reputation Safe on the Blockchain?

Over on the Consult Hyperion blog, Dave Birch has written a characteristically lucid and engaging piece about hyperbole around the idea of the mutable blockchain.

One of the use cases Dave cites (not his, I hasten to add) is the use of mutable blockchains to implement the so-called “right to be forgotten” (RTBF) – or “droit à l’oubli”, as I should perhaps call it while I am still allowed to. That prompted two thoughts which I felt deserved a blog post.

First, a quick swipe at RTBF, a label which has caused more trouble than it deserves, given the merits of the underlying principle. The Google v Spain ruling interpreted RTBF as a requirement for search engines to “de-list” search results that linked Mr Consteja Gonzales, by name, to data about one aspect of his past. The ruling also does not affect search results outside the EU.

That’s a very qualified constraint on people’s ability to find out about what happened. If you search for “Spanish guy bankrupt Google”, you should get the details faster than you can say Streisand Effect. So, as a “right to be forgotten”, this seems somewhat flimsy. And yet, it is the basis of a robust legal judgment – so what did the judges and lawmakers really intend?

One thing the Google v Spain ruling definitely doesn’t try and do is stamp out all the original instances of the data in question: one of the characteristics of the Internet is the ease and speed with which new copies of data can be published and disseminated globally. In that sense, the Internet has made such publication and dissemination almost entirely frictionless. However, readers still need to get to the information in order to read it — and, of course, it follows from the above that there is an ever-increasing mass of information out there to search through.

Seen from that perspective, the Spanish court’s qualified constraints on access to data are best explained as a re-introduction of just some of the friction which the Internet as a whole, and search engines in particular, have removed. RTBF is really “the right to have some information made slightly more inconvenient to retrieve”. Which is so catchy, I can’t really understand why “the right to be forgotten” ever caught on in the first place.

All that said, what I think this shows is that the technical “fix” (redacting the results of some online searches) is a rather clumsy and only partially effective way to achieve the desired social result, which is that the individual’s reputation should not be inappropriately sullied by inaccurate or irrelevant data which happens to be easy to retrieve.

Clumsy or not, I can’t see any sensible way of applying blockchain technology to this problem that makes it any better. In fact, the idea that your Internet search results are based on a cumulatively-signed consensus among, say, the major search engines and the libel courts is mind-boggling, to put it mildly.

Now, on to my second thought.

When I’ve talked about identity and privacy over the past decade or so, I have noted that they are a function of social interaction. Almost exactly three years ago, Vint Cerf observed that he thought privacy was probably an anomaly. I disagreed, and set out some of the reasons why in a blog post which, I think, remains relevant. I don’t think an expectation of privacy is an anomaly, because I don’t think social interaction is an anomaly.

However, to recap briefly from that post: social interaction has some characteristics which it is proving hard to replicate in our technically mediated online lives. If you live and work in a small village, you might have less expectation of privacy, but since people have to get along with each other in the long term, past indiscretions might be forgiven and forgotten, especially if the individual concerned demonstrates remorse and better behaviour.

Over time, in other words, people develop a reputation, based on one’s past experience of them, the narratives constructed by others, information in the public domain, and so on. And this, I think, is where we come to the point of intersection with the example that Dave Birch cited (and rightly dismissed), about using a mutable blockchain to implement the “right to be forgotten”.

First, I absolutely agree with Dave’s argument that, in the ledger use-case, the way to deal with an incorrect ledger entry is to leave it exactly as it is, and append a corresponding correcting entry when the error is discovered. That way, you balance the books.

But what does “balancing the books” mean, if the blockchain is being used, not for an ledger of accounts, but to record information that contributes (positively or negatively) to an individual’s reputation? What is the right way to correct an entry that is recognised as being wrong? Let’s make it a bit less abstract.

Suppose that the blockchain in question is a record of someone’s ratings as a Seller on an auction site. Most of them are 100% positive, but then there’s one which is dreadful: “Terrible service; goods arrived late, I was wrongly charged, and the product fell apart. I will never buy from this seller again, and neither should you. 0/5” Then it turns out that this review was actually meant for another seller.

What’s the right way to make a correction? Is it to go back and delete the entry, or to leave it in place but ensure that it can only be viewed in conjunction with a full retraction and an explanation that it was a review of someone else?

Either way, what do you do about the Seller’s cumulative reputation score? In the ledger example, a correcting entry balances the books – but in this case, a simple correcting entry of 5/5 can’t restore the Seller’s perfect record of 100% satisfaction scores, and 10/5 isn’t a realistic option.

So, the accounting ledger isn’t a useful design template in this case. We’re not looking for a technical solution that balances the books, we’re trying to manage the effect on someone’s reputation of the data that is recorded about them.

Like trust, reputation is something which is hard to accrue and easy to forfeit. There’s an asymmetry there, which explains why the “balancing” entry to a reputation-damaging assertion cannot simply be a statement of the opposite.

Is the answer, then, to delete the original entry? Well, that might work in the hypothetical I’ve constructed (where the original entry was simply mistaken); but suppose the original entry was true, and the seller not only rectified the error, but did it so graciously that the customer was delighted. Deleting the truthful original entry, in that case, seems wrong – but neither do we want to leave the possibility that it might be seen and taken as definitive. Is the correct action to ensure that the original review can only be viewed in tandem with updates that explain the subsequent outcome? Here, a “balancing” entry might be part of the answer, but doesn’t seem to be enough on its own.

In other words, just as in the RTBF case, we are trying to replicate several nuanced features of social interaction (reputation, forgiveness, restitution…) using clumsy technical tools which simply don’t fit.

Blockchain might be the best possible technology for implementing crypto-currencies, but be a lousy way to try and build a reputation management system. Blockchain may be a perfectly good hammer, but I wish its fans would stop trying to re-cast every online trust problem as a nail.

Blockchain IETF Internet Governance Open Internet Standards Technology

ISOC@OECD, Day 3: Walid Al-Saqaf on Blockchain; IETF Chair Jari Arkko on Network Convergence

It’s the final day of the OECD Ministerial Meeting on the Digital Economy here in Cancun, Mexico, and there are just two more sessions blocks followed by the Closing Ceremony. Here below is where our attention will be focused today – and to understand the broader questions around why we are here, please read our OECD Ministerial Background Paper (All times are local to Cancun – UTC-5.)

You can also view the OECD Ministerial Agenda for a full list of sessions and participants.

9:00-10:45 – Improving Networks and Services through Convergence

In the first session on “Improving Networks and Services through Convergence“, Internet Engineering Task Force (IETF) Chair Jari Arkko is one of the speakers in a session about the convergence of telecommunications and Internet services. The panel is moderated by U.S. Ambassador Daniel Sepulveda and includes communications ministers, regulators, the CEO of AT&T Mexico and a VP from Facebook.  It should be an interesting session given this tension between the older world of telecom and the newer world of the Internet.

Simultaneously, the other active session will be “New Markets and New Jobs in the Digital Economy” and it includes another ITAC organization, the IEEE, represented by their Managing Director, Konstantinos Karachalios.

11:15-13:00 – Skills for a Digital World

In the final session block, Internet Society Board of Trustee Member Walid Al-Saqaf will be a “key intervener” in the panel “Skills for a Digital World“. As Walid notes in a blog post published today, he intends to ask the panel about what policy makers are doing to stay up-to-date on blockchain technology. (Process note: a “key intervener” is a participant who is designated before the event to ask a question of the panel.)

At the same time, the session in the room next door will be on “Tomorrow’s Internet of Things” and includes a wide range of ministers, executives and others. (We would naturally hope that people there will have read our Internet of Things Overview document that outlines some of the key challenges and opportunities we see with the IoT.)

After that, there will be lunch, the Closing Ceremony and the final press conference… and we’re done!

For more information about what we have been doing here at the OECD Ministerial on the Digital Economy, please visit our event page. We will be adding links there to our articles, videos and more.

Throughout the day you can follow our @InternetSociety Twitter account where we will be providing updates using the #OECDdigitalMX hashtag.

Watch this blog, too, for a wrap-up post coming from Constance Bommelaer tomorrow.

Image credit: a photo I took of the “Official Photo of Ministers and Heads of Delegations”. Our Constance Bommelaer is standing at the front left edge. 

Blockchain Internet Governance

Internet and blockchain technology: expectations of what is to come

The Internet is an enabler of many disrupting technologies – of which the blockchain is currently one of the most exciting.

Simply put, the blockchain can act as a virtual public ledger that records transactions processed and maintained by a network of communicating nodes running cryptocurrency software. It was invented in 2008 as part of Bitcoin by a person with the computer nickname ‘Satoshi Nakamoto’. It was envisioned as a peer-to-peer payment system and digital currency that can be transferred between any two users connected to the Internet, without using any intermediary.

As of today, the value of one bitcoin exceeds USD 600 and the trading cap of the cryptocurrency has recently exceeded USD12 billion.

While Bitcoin’s popularity is on the rise, what I believe is truly fascinating is the blockchain technology. It is a public ledger that holds immutable data in a secure and encrypted way and ensures that its transactions can never be altered.

This in itself is a major technological feat that can be compared to the creation of the Internet itself.

The strength of the blockchain is that it has no single point of failure. The “One Internet” report released by the Global Commission on Internet Governance (GCIG) this week at the OECD meeting specifically mentioned that “distributed ledger technologies” such as the blockchain “let people who have no particular confidence in each other collaborate without having to go through a neutral central authority.”

Applications can range from storing valuable data for permanent preservation to enabling fast and effective delivery of aid with a fraction of the cost and time needed to send it using a bank wire transfer.

What is concerning is that while technologists and businesses have been exploring the blockchain technology and its applications, many governments seem skeptical and not taking it seriously.

In a time when multistakeholder collaboration is the key to addressing Internet-related issues, governments need to learn more about this evolving technology and how it could change the world.

At the OECD High Level Ministerial Meeting in Cancun during 21-23 June, I will be reflecting on the need for governments to stay up-to-date and to engage with other stakeholders on Internet-enabled disruptive technologies that are gaining steady momentum.

Let us not forget that the Internet itself didn’t get enough attention by governments during its early years of creation. And I fear that policy makers are also not paying attention and are insufficiently informed about the blockchain.

I will ask public policy shapers at the OECD a question on how to get them to educate and inform themselves about the blockchain and its enormous potential for economic development.

The Internet Society believes that while we should not ignore some of the risks associated with disruptive technologies such as the blockchain, the balance should tilt in favor of embracing the benefits and opportunities of such technologies. This is particularly the case for disruptive technologies that are built upon an open, trusted and interoperable Internet

I am confident that to make the best out of the blockchain and other Internet-enabled disruptive technologies, we have to harness the collective expertise and wisdom of all stakeholders, including governments, civil society, business and the technical community.

Governments of today should realize that it is better to learn and embrace positive aspects of new technologies. They should not ignore them. Embracing new technologies can ensure effective economic development for their countries and the world at large.

Image credit: BTC Keychain on Flickr CC BY