CMS host Bitcoin and Blockchain Leadership Forum

CMS hosted the latest meeting of the Bitcoin and Blockchain Leadership Forum in London on 24 February 2016. In attendance were a number of key stakeholders in the emerging technologies, and speakers included Andrea Stedman from Everledger, a permanent ledger for diamond certification, and Jessi Baker, the founder of Provenance, a London-based start-up promoting supply chain transparency.

Interest in “blockchain” and similar distributed ledger technology (“DLT”) has been building and reaching the mainstream as their potential uses outside of Bitcoin have been identified and developed. Put simply, a distributed ledger is an asset database shared across multiple participants, where each participant has an identical copy of the ledger. The security and accuracy of the ledger is maintained by keys or signatures, the control of which is governed by the pre-determined rules of the network. Any changes update instantaneously across the ledger, which has several advantages over traditional, centralised databases. For example, distributed ledgers are said to be less vulnerable to cyber-attack since in order to be successful, an attack would have to attack the multiple shared copies of the same database simultaneously. Unauthorised change or malicious tampering can also be easier to spot by the various participants in the network.

Certain distributed ledger models benefit more from this resilience than others. ‘Permissioned’ ledgers have one or multiple owners who are exclusively able to add records and verify the contents of the ledgers; ‘Unpermissioned’ ledgers cannot be owned and are open to everyone to contribute. As the permissioned ledgers are not public and there are fewer ‘copies’ of the data they will not benefit from the same levels of resilience that unpermissioned ledgers have in this respect, although while unpermissioned ledgers may less vulnerable to cyber-attack, their open nature will not be suitable for all applications.

The technology itself was invented to facilitate the creation of Bitcoin, a virtual currency where transactions are verified and recorded on a blockchain public distributed ledger, acting as a secure database for the payment history of every bitcoin in circulation. In a recent report, the UK Government Office for Science has considered the many examples of government and private sector uses for distributed ledger technology beyond Bitcoin, and has made a number of practical and regulatory recommendations and observations for how the government can both support the development of and benefit from DLT.

The report notes that DLTs have the potential to help governments collect taxes, deliver benefits, issue passports and update land registries, while in the NHS the new technology could help improve and authenticate the delivery of services and the sharing of records. It also suggests new approaches to regulation that could be adopted to control the new technology, such as regulation by technological code and protocols, and legal codes that comprise both private rules and public legislation. This both sets a challenge and presents an opportunity to industry and developers to set standards and rules that may obviate the need for externally improved laws and regulation, and also enables the use of DLT as a tool for compliance with the existing regulatory regime.

At the forum in February, CMS technology partner Ian Stevens commented that:

“Data protection is one of the big global challenges of this technology. We’re trying to create a high-resilience distributed ledger across multiple jurisdictions, potentially like a cloud solution. The beauty of a blockchain solution is that it doesn’t respect borders or boundaries, but that brings policy challenges, in terms of protecting people’s personal data that arise from crossing borders. At the moment, most regulatory regimes don’t consider encrypted personal data to be anonymous data, so you still have to comply with regulations regarding data privacy in each jurisdiction, which are all different. That’s a real challenge in these environments. Much will come down to the nature of the solution (permissioned or unpermissioned), who is storing the data on the blockchain and the capacity in which they are doing so.”

It will be interesting to see how the guidance of data protection authorities develops to accommodate these new technologies, for example in relation to the provision of fair processing information, consent (and its withdrawal) and the right to be forgotten.

The discussions also highlighted practical risks such as when a solution is deployed to mass engagement and a serious defect then appears in the technology, causing a huge number of instances to be invalidated. Ian gave the example of a solution being used in a medical environment, with hundreds or thousands of patients being treated in a particular way, before it is discovered that one of the premises on which they were treated – one of the pieces of data on the blockchain – was incorrect:

“As a result of acting on that incorrect data you may have misdiagnosed or mistreated thousands of patients. The beauty of the automation is that it’s efficient and cost effective. The downside is you can do stupid things more quickly and with much greater impact. That could lead to mass litigation.”

Accordingly the need in this developing market for reliable, demonstrable and auditable standards around certification bodies and authentication, so that users can have a high degree of certainty as to the accuracy and quality of inputted data, cannot be underestimated.

Siân Jones from the virtual currency consultancy Coinsult took the opportunity to highlight news of proposed new regulation that will affect virtual currency exchanges. As part of its Action Plan on the fight against terrorist financing, the European Commission has proposed bringing the virtual currency exchanges, such as those on which bitcoins are traded, within the scope of the Anti-Money Laundering Directive. This would mean that the exchanges would be subject to requirements to perform customer due diligence controls when providing an exchange of virtual for real currency, thus ending the anonymous nature of these exchanges. The Commission is also looking into whether this should be extended to virtual wallet providers. These moves have been spurred by the EU institutions looking to be seen to be responding to the Paris terror attacks, and are part of a wider drive to bring greater transparency to payments, accounts and exchanges to help prevent terrorist financing.