ISACA Journal
Volume 2, 2,018 

Features 

Digital Ethics and the Blockchain 

Dan Blum, CISSP 

How the digital transformation turns out may depend on how well it supports core values such as prosperity, fairness, integrity, transparency and privacy atop an Internet that erodes some of these values.

Many hope platforms built on blockchains will improve online ethics by providing the Internet’s missing trust layer.

Blockchain Primer

A blockchain is a form of digital ledger that records and widely distributes transactions while offering strong provisions for data integrity and availability. Different types exist. Some (such as Bitcoin’s) are highly decentralized, while others (such as the R3 Corda) are controlled by private industry groups. All promise to enable previously risk-prohibitive use cases. All are cryptographically protected to provide an immutable record of historical transactions and some support anonymous accounts. Figure 1 contains more information on blockchain, and its types, features and applications.

Ethics and Disruptive Technologies

Ethics are value systems societies create to govern behavior and activity. Technologies constantly destabilize legal, social and economic structures. For example, city regulations license taxi franchises in the name of public safety. Uber comes along with a safe, convenient and cost-effective alternative. Taxi companies protest. An ethical value judgment needs to be made: Is it more important to make Uber available for new drivers and passengers or to protect existing taxi drivers?

Digital ethics and societal ethics are becoming one. An ethical society cannot exist unless digital ethics catch up to society’s ideals. One can argue the Internet status quo tramples privacy and tilts the playing field toward large technology companies. Or that banks and other industries have followed the money and not served everyone well; globally, more than 2 billion people are unbanked and lack any digital identity.1

Blockchain Hopes and Expectations

People tend to project their hopes and dreams onto new technologies. From the poem “All Watched Over by Machines of Loving Grace”2 to the early Internet and open-source technology movements, many have promoted ideas such as freeware, shareware and network neutrality. But somewhere along the line, the advertising-funded Internet came to look more like a tragedy of the commons than a technological utopia.

Could this be changing? As written in Blockchain Revolution:

If business, government, and civil society innovators get this right, we will move from an Internet driven primarily by the falling costs of search [and coordination]… to one driven by the falling costs of bargaining, policing, and enforcing social and commercial agreements, where the name of the game will be integrity, security, collaboration, the privacy of all transactions, and the creation and distribution of value.4

Prosperity and Fairness

Blockchain promises to unlock value and improve the distribution of opportunity. Financial services are ripe for disruption. Blockchains’ ability to enable attestation of untrusting parties; dramatically lower costs; increase the speed of transactions; and provide microtransactions, microloans, crowdfunding and smart contracts offers incredible potential. Multiple players are competing for the opportunity: Ripple and Stellar use cryptocurrencies to enable seamless international transactions and value exchanges; the R3 consortium uses private distributed ledgers for interbank payments; Abra is a peer-to-peer remittances application based on Bitcoin that is improving life for some of the world’s most disadvantaged persons and countries.

Beyond financial services, blockchain technologies may transform healthcare, placing patients at the ecosystem center. PeerTracks plugs into the BitShares Music blockchain to reinvent an artist-centered music industry.

But blockchain technologies are also at the peak of an immense hype cycle. The market is rife with pump-and-dump cryptocurrency-fueled schemes. Irrational exuberance abounds; one blockchain announcement tripled Kodak’s stock price.5 Many investments will founder. Immature technology, restrictive regulations, security vulnerabilities, etc., will sink ideas that should never have been built on blockchains (or built at all). Public, permissionless blockchain miners running proof-of-work consensus algorithms burn energy at rates that may be unsustainable as use increases exponentially.

Integrity and Transparency

Integrity and transparency are core values for delivering trust to prosperous markets. Blockchains can provide immutable land title records to improve property rights and growth in small economies, such as Honduras.6 In smart power grids, blockchain-enabled meters can replace inefficient centralized record-keeping systems for transparent energy trading. Businesses can keep transparent records for product provenance, production, distribution and sales. Forward-thinking governments are exploring use cases through which transparent, immutable blockchains could facilitate a lighter, more effective regulatory touch to holding industry accountable.

However, trade secrets and personal information should not be published openly on blockchains. Blockchain miners may reorder transactions to increase fees or delay certain business processes at the expense of others.7 Architects must leaven accountability and transparency with confidentiality and privacy. Developers (or regulators) should sometimes add a human touch to smart contracts to avoid rigid systems operating without any consumer safeguards.8

Privacy

For as long as commercial Internet providers and governments have surveilled or monetized personal information, activists have campaigned for privacy rights. After the 2010s saw one cataclysmic identity breach after another—from the Edward Snowden leaks to the Equifax data spill—privacy regulations across the world have toughened dramatically.9 Privacy regulations will force organizations to implement more decentralized identity and access management (IAM) systems, and to keep a close accounting of end-user consent for the collection, sharing and use of personal data.

Decentralized IAM enthusiasts argue blockchains could provide sovereign identity, privacy and control along with secure, authenticated and verifiable transactions. uPort, Sovrin Foundation and SecureKey are building public, public/permissioned and private blockchains respectively, with privacy-enhanced capabilities such as zero-knowledge proofs. By creating a logically centralized store for identity hashes, pointers and services, IAM blockchains enable private data to be highly distributed, yet still useful.

Even once IAM blockchains are proven, it will take time for existing applications to adapt to their privacy-by-design models. Standards must also emerge to overcome identity infrastructure “chicken and egg” issues.

Conclusion

Technology tends to be neutral, not biased for or against fairness and other values such as sustainability, liberty or equality. Yet these values flourish in the presence of trust, and blockchains’ decentralized architectures can enable applications to favor the many over the few. Newer blockchains may improve energy sustainability.10 If blockchains are built for integrity, privacy, security, distributed value and inclusion, economies and social institutions can be redesigned to be worthy of trust.

Endnotes

1 Hodgson, C.; “The World’s 2 Billion Unbanked, in 6 Charts,” Business Insider, 30 August 2017, www.businessinsider.com/the-worlds-unbanked-population-in-6-charts-2017-8
2 Brautigan, R.; All Watched Over by Machines of Loving Grace, The Communication Company, 1967, USA
3 Daniell, J.: “Ethereum Creator Vitalik Buterin Addresses Questions From the Ecosystem,” ETH News, 15 August 2017, https://www.ethnews.com/vitalik-buterin-addresses-questions-from-the-ecosystem
4 Tapscott, D.; A. Tapscott; Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World, Penguin Random House LLC, USA, 2016
5 Prisco, G.; “Kodak Pivots Toward Blockchain Technology,” Nasdaq, 18 January 2018, www.nasdaq.com/article/kodak-pivots-toward-blockchain-technology-cm907246
6 Dale, B.; “Three Small Economies Where Land Title Could Use Blockchain to Leapfrog the US,” Observer, 5 October 2016, http://observer.com/2016/10/benben-factom-bitfury-ghana-georgia-honduras/
7 Prestwich, J.; “Miners Aren’t Your Friends,” Keep, 10 January 2018, https://blog.keep.network/miners-arent-your-friends-cde9b6e0e9ac
8 Wright, A.; P. De Filippi; “Decentralized Blockchain Technology and the Rise of Lex Cryptographia,” SSRN, 15 March 2015, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2580664
9 Blum, D.; “Digital Identity—Will the New Oil Create Fuel or Fire in Today’s Economy?” ISACA Journal, vol. 6, 2017, www.isaca.org/journal/archives
10 Rosic, A.; “Proof of Work vs Proof of Stake: Basic Mining Guide,” Blockgeeks, March 2017, https://blockgeeks.com/guides/proof-of-work-vs-proof-of-stake/

Dan Blum, CISSP
Is a principal consultant with Security Architects Partners. As an internationally recognized expert in security, privacy, cloud computing and identity management, he leads and delivers consulting projects spanning multiple industries. Formerly a Golden Quill award-winning vice president and distinguished analyst at Gartner, he has led or contributed to projects such as cloud security and privacy assessments, security program assessments, risk management framework reviews, and identity management architectures. He has performed technical security consulting engagements in all areas of data protection domains including encryption/key management, data loss prevention, privileged access management and enterprise authorization. Blum has participated in industry groups such as ISACA, The Open Group, the FAIR Institute, CSA, Kantara Initiative and OASIS.

 

Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.