Distributed Ledger Technology: Cutting Through The Hype

A busy start to 2016 has meant the blogging has suffered, but I have at least co-written an article with Susan McLean of Morrison & Foerster that cuts through the hype around blockchain and other distributed ledger technology (DLT). 

The article includes updates on a range of DLT initiatives across numerous business sectors; various policy and regulatory responses; as well as some thoughts on the challenges involved in implementing DLTs.

You won't be able to put it down! ;-)

Isle of Man Goes Crypto-Crazy

I'm indebted to my colleagues in the Isle of Man for pointing me to the IoM's recent Designated Businesses (Registration and Oversight Act 2015, which imposes various registration and anti-money laundering requirements on distributed ledger technology. Do we have a poster-child for how regulation of new technology can go way too far?

The IoM compliance obligations are aimed at: 

"the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating convertible virtual currencies, including crypto-currencies or similar concepts where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity;"

This seems likely to be counter-productive, to say the least, given that the 'currency' aspect of distributed ledgers is often merely there to reward the 'miner' or processor of transactions or events that occur on the ledger, regardless of whether those events are themselves financial in nature - financial services being merely one of many different potential applications.

So, should every business on the IoM that uses, or might wish to use, distributed ledgers register with the authorities and introduce AML controls on everyone it deals with, just in case? Maybe so...

Two specific points to make:

1. ‘convertible virtual currencies’ are defined more broadly than one would expect:

“including crypto-currencies or similar concepts [neither term being defined, except by what follows…] where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity”, 

Most definitions of a ‘currency’ require all these criteria to be met, not just any one of them. Imagine what would happen to the US Dollar, for example, if suddenly it was not accepted as meeting just one of the above criteria...  Indeed, for this reason many people disagree that Bitcoin - the most widely used form of 'crypto-currency' - is still nothing more than a commodity.

In addition, none of the typical exemptions under payment services regulations seem to be imported here. To take but one relevant example: consumer loyalty/rewards programmes are typically exempt on the basis that the rewards are only accepted as a means of payment within a 'limited network'. Do the local authorities really want every business participating in a loyalty scheme on the Isle of Man to register and apply AML controls just because the scheme involves distributed ledger technology? Maybe so...

2.  Similarly, the list of activities that trigger the relevant compliance obligations would seem to cover a vast array of potential services and their providers/users - recognising that these are distributed ledgers to which all computers running the protocol have the same access. Again, just think of consumer loyalty programmes as you go through the list:

the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating...

Even payment services regulation, for instance, exempts technology services that support transactions without the service provider handling funds. And the whole point of the ledger is that no intermediary is actually handling funds - its all happening peer-to-peer amongst machines - indeed perhaps everyone's device is handling the funds. Furthermore, there will be instances where access to a distributed ledger is just one element of a wider system - as in the car-rental example, or tracking shipping containers - and it may not be clear to everyone that a distributed ledger is involved if it's just to share the location or state of a vehicle or container.

Still, the Isle of Man's approach might at least be useful in demonstrating how regulation in this area can go too far...

Heap's Giant Leap!

Another great discussion about distributed ledgers, this time focused on the music sector, hosted by the Copyright Hub at the Digital Catapult. A quick summary of the discussion along Chatham House lines to protect the innocent.

By now it's clear that people in different sectors are encountering very similar issues that might be solved by distributed ledgers, but each sector tends to have a different set of priorities that might mean one is faster to take advantage of the technology. The fact that the first solutions have been alternative currencies tells you that proponents of distributed ledgers are not shy of a challenge. Now music is to get the same treatment with key events this Friday and Saturday night featuring the release of Imogen Heap's song "Tiny Human" into a distributed ledger for 'hackers' to attempt to spoil the party, followed by a live Saturday night post mortem on what could be improved. No doubt future events will try to perfect the process.

Why music? 

The problems in the music industry (and most other segments of the entertainment market) are pretty well-rehearsed, with just about every stakeholder group (except the consumers, these days) split over whether digital technology is helping all the participants strike the right bargain or robbing them blind. The revenue flows (or lack of them) have been the subject of constant disruption from internet technology, with the advent of P2P file-sharing via Kazaa in 2001 and rewards-based crowdfunding through Artistshare in 2003.

But bigger obstacles to reaching a better settlement for all concerned lie in the notorious lack of data about who really created and/or worked on various tracks and albums; or even about what's really in many 'back catalogues'. Then there's the secrecy surrounding licensing/royalty deals and the snail's pace of royalty collection/distribution - not to mention who sampled what; whether a performance and related video was a private family affair or an attempt to build a public-facing YouTube channel; hacking digital rights management software; and file-sharing. 

A lot of these issues go away if you just focus on creating and dealing with new music in a more efficient way. And few of these issues are exclusive to music itself. They relate to any item whose status changes a lot and where a multitude of different parties are affected but find it hard to get all their systems and processes to talk to one another. 

So this seems another case for getting everyone's machines to share a single view of a marketplace that avoids 'capture' by any single intermediary. In fact, the 'ledger' they all share becomes that intermediary. In that case, all the participants' machines running the same ledger protocol would be able to see and agree who created which music in its myriad iterations and remixes; who has the various types of rights to exploit or consume the various versions; who owes what to whom; and even make payments in the ledger currency.

Will it work? There's only one way to find out - hence Imogen's giant leap on Friday night.

I reckon it'll be all the rage this Christmas ;-)

What (The Hell) Is A Smart Contract?

Another good meeting of the BitcoinBlockchain Leadership Forum today, with the focus on practical use-cases for distributed ledgers and grasping at the nebulous concept of 'smart contracts' (links are to my own recent posts on these topics). 

In particular, we saw good, productive tension between Bitcoin blockchain purists who are intent on coding pretty much every element of a transaction into the blockchain; and those who see distributed ledgers as (also) playing a more limited role as just one layer or component in a broader array of gadgetry involved in any contractual scenario.

In my view, both approaches are valid but which 'wins' will depend on the use-case. And the development of the Internet demonstrates the technology will be used in ways no one intended anyway.

So, for my money, the definition of a 'smart contract' needs to be very broad, and I've suggested:

"an agreement performed via any number of applications, devices, networks and messages, which may involve entries in a distributed ledger."

This definition flows partly from a great discussion I had with Alex Amsel of Bitshake recently. I made the point that distributed ledgers seem most useful where a specific item is somehow dealt with or used very frequently and by many people or entities. Alex added a third condition: the participants are running different proprietary software, operating systems and/or devices - in other words they have an expensive interoperability challenge.

So a 'smart contract' might just be written in Word format, or html, and not embedded in a distributed ledger at all. But the subject matter of the contract - the rights to play a song, or rent a shipping container or space on a truck - might be 'hashed' into the ledger, and users' machines could interact using that hash, triggering instructions to pay the contractual amount to a certain account. Multi-factor authentication as one step in the contractual process (e.g. identify checks for anti-money laundering) is another example.

At the forum, there was mention of locating, booking and paying for a car space as another example. This was dismissed by lots of people who said you can already do this without a distributed ledger - the parking space is already entered in the systems of the council's chosen payment service provider. But that means I need to know which municipality I'm in to find the right payment app, download it and register a payment method before paying (I changed cars recently, so I have to re-do all that). And that inaccessibility is partly a function of having to cover the cost of expensive proprietary systems. But if parking spaces were 'hashed' in an openly accessible public ledger, couldn't our smartphones find and pay for them using that code and our own chosen payment method?

Anyhow, the point is not that we necessarily need distributed ledgers to pay for parking or any other specific use-case, but that once people begin using distributed ledgers more widely, tons of other apparently trivial uses become feasible and worthwhile. Conversely, a comparatively trivial but widely shared use-case might unleash more widespread adoption, as happened with text messaging (I'm not suggesting that parking will do it, by the way).

Of course, Bitcoin users will be screaming at their screens by now, if they've got this far. They'll be shouting that Bitcoin has already unleashed distributed ledgers. 

They're probably right.

1001 Use Cases For Distributed Ledger Technology...

Virtual currencies are so last year. This year is about all the other uses for the underlying technology - the blockchain and other distributed ledgers.  

The number of use-cases is starting to snowball with every discussion about scenarios in which a certain item is dealt with many times by many parties. That's because it will be more efficient and cost-effective for the item to be represented by a 'hash' in the ledger, and each transaction related to that item to be 'hashed' so they are available to any computer running the same language/protocol, rather than dealing with that using 'old' technology. Even though the ledger is openly accessible to everyone's machine, confidentiality can be guaranteed using encryption, so that only those computers with the right private key could unlock the hash and see the details.

Here are a few of the ideas, some of which are definitely being kicked around and most of which involve smart contracts, e.g.:

• car rental;

• identification tools - multi-factor authentication - e.g. checking validity of a drivers licence (hat tip to Alex Batlin)

• issuing/trading shares, bonds and other financial instruments;

• freight, transport, logistics - e.g. booking space in shipping containers, long-haul trucks and aircraft, and keeping track of the delivery items themselves;

• tracking, controlling autonomous vehicles/devices;

• switching to the best tariff minute to minute for services related to cars, homes, devices like insurance, gas, electricity, phone contracts;

• renting hotel rooms, accommodation;

• tracking and paying royalties for music, films etc;

• something I'm working on that it's not my place to disclose;

and on, and on.

In other words, distributed ledgers as a platform will have the same horizontal impact as the Internet,  mobile networks and the smartphone. The ledgers won't necessarily replace any of that, but will be an important layer, enabling all sorts of applications and devices to 'run' off the recorded transactions and related events.

Worth giving is some thought - just keep a good old fashioned pen and paper handy to jot down the flow of ideas ;-)

Virtual Currencies Get Real

The Establishment has finally woken up to the reality of virtual currencies, but official responses are all over the place. Let's hope the industry can help forge some international consensus on how to proceed towards a supportive mix of proportionate regulation and self-regulation in the months ahead.

So far, UK officials seem to be the most openly supportive of innovation in this space. The Cabinet Office included virtual currencies in an open workshop in October 2013 (video here) and the Revenue issued a statement clarifying their tax treatment earlier this year.

In the meantime, the industry formed its own body in November 2013 - the Digital Asset Transfer Authority - to participate in the policy making process. Over 30 firms worldwide are represented, and many US Federal and State regulators attened the AGM in April 2014.

That wasn't enough for the Canadians, however. In late June they drew a line in the sand with specific regulatory measures aimed at "dealing in virtual currencies" (undefined), including restricting banking services to registered dealers.

Uncertainty as to what is meant by "virtual currencies" and "dealing" may explain why most other authorities have been careful not to rush. For instance, the Financial Action Taskforce (FATF) released a report at the end of June that was designed to “stimulate a discussion” on appropriate definitions and how best to introduce risk-based controls. That seems to be an initiative that it would be worthwhile for the industry to engage with.

Last Friday, however, the EBA steered a strange path between the Canadians and FATF, requesting the EU's national financial regulators to 'discourage' their financial institutions from buying, holding or selling virtual currencies.  I've reviewed the shortcomings of that approach in an article for Society for Computers and Law. Let's hope wiser heads prevail - it can't be help anyone's cause for the regulated financial sector to completely lose touch with such an important area of innovation.

What the industry makes of all this sudden activity is not yet clear, but I'm sure it's all been much discussed at CoinSummit over the past few days and no doubt we'll hear something from DATA soon. Perhaps from a new Brussels office...