Blockchain identity: Cambridge Analytica, but on the blockchain

Nobody much uses blockchains for real work — they don’t work very well in practice, they utterly fail to scale, and the most famous and widely-used one, Bitcoin, uses more energy than entire countries.

So their fantasy life is amazing.

The fabulous claims of Blockchain!

Most of the fantastic claims for Blockchain™ originated as fantastic claims for Bitcoin. I detail some of the claims that carried over in chapter 3 of the book:

  • totally decentralised, there’s no central controller that you have to trust!
  • immune to bad actors!
  • the blockchain is immutable and incorruptible!
  • money can flow instantly and internationally for near-free!
  • will destroy hierarchies and the present order of corrupt governments and banks!

And from the smart contract hype (chapter 10):

  • smart contracts will do all your back-office work for free … out there somewhere … on the blockchain!
  • no human element in resolving disputes!

What happened was that Bitcoin had failed at decentralisation by early 2014 (three miners control over 50% of the mining) and at free and instant flow of money by mid-2015 (the transaction clog, and the stupendous power usage). It also inexplicably failed to replace goverments or banks.

(Bitcoin did succeed at immutability, which is why it’s got illegal pornography on it that nobody can remove.)

But the promises crossed over to business blockchain promotion — where unlikely claims are put forward, with the implication that you can get not just one, but all, of these unlikely things, and all at the same time.

The attraction is the hope that your business or your organisation can work more efficiently. Any organisation has bureaucracy, and if you make it work better you can achieve more with less.

The trouble is that prospective users hear the hype, and assume the hypotheticals are real products that exist now — when “the blockchain could” is a phrase that really means “the blockchain doesn’t.”

The way this works is:

  1. come up with some things that magical flying unicorn ponies could do;
  2. detail the many astounding consequences and use cases for these magical flying unicorn pony byproducts;
  3. write a report stressing the importance of closing the magical flying unicorn pony gap;
  4. ignore that magic doesn’t happen, and flying unicorn ponies don’t exist.



Examples: the United Nations buys the hype

Here’s a real-life example from “UN Women and partners to pilot blockchain technology in humanitarian action,” from February 2018:

Blockchain is a distributed database of immutable digital records that can be accessed from anywhere. It offers users the ability to build and maintain immutable and secure records and to directly transfer digital assets without the need for intermediaries and associated costs.

Pretty good for a database structure. You never hear Postgres advocates talking like this. (Though MongoDB advocates used to get a bit strident.)

I found an astounding presentation from the United Nations Office of Information and Communications Technology, August 2017: “Usage of Blockchain in the UN System.”

Page 3 is a big splash: “15 UN entities carrying out Blockchain initiatives.” Page 4 reveals that three are proofs-of-concept, one is a hackathon event, ten are discussions and white papers on the possibilities, and one is funding for other people to posit possibilities.

The only production system listed is the World Food Programme blockchain initiative — which, as I’ve detailed previously, is a “blockchain” system with … a single user. That is to say, a database.

The WFP initiative is a good programme, with some startling efficiency gains — but all the gains are because they brought funds disbursement in-house, rather than because they’re running a private Ethereum instance as their back-end database.

Also mentioned in the presentation is the UN Conference on Trade and Development‘s “e-Trade for All” initiative, proudly based on the Estonian “blockchain” solution — the one that isn’t even a blockchain, except in the marketing buzzword sense.

(I went to the UNCTAD and e-Trade for All sites, and couldn’t find anything about e-Trade for All being “blockchain” related. In fact, this presentation appears to be the only source of the claim that blockchains are involved.)

A complete surveillance panopticon, but on the blockchain

There are a disconcerting number of initiatives that are pretty much Cambridge Analytica on the blockchain. Lots of blockchain promoters still think a panopticon containing ALL THE PERSONAL DATA, forever, immutably, is a good idea and not a terrible one.

The UN High Commission on Refugees recently posted “Promise or hype: Provides Blockchain a Safe Identity?” It’s very technically vague and conditional:

Blockchain technology and strong encryption seem to be new tools for setting up a globally applicable system of digital proofs of identity, relevant for any kind of personal data (birth, health, citizenship, education and so on).

It includes claims that are somewhere between “wrong” and “not even wrong,” like this one:

Users’ identities within a ledger are encrypted and therefore known only to the users themselves. These encrypted and verified identities are not stored on a centralized corporate, governmental or institutional server (ripe for hacking). Instead, blockchain technology allows personal information to be stored on the relevant decentralized ledger, while cryptographic hashing creates an unbreakable layer of safety.

This is a confusion of multiple misunderstood ideas, with the hope that magic happens and they can get the result they want from it.

The striking thing about this proposal is that it would require the entire population of the world — all seven billion of us — to store our personal information on a single blockchain. Unchangeably, too.

This is fundamentally the Cambridge Analytica scandal, on the blockchain. You can say “no, no, we’re using it for good causes!” — but it’s still a horrifyingly dangerous pile of highly personal data, that some foolish person has decided would be a good idea to put onto a single public database existing in thousands of copies. This would be a personal data time bomb.

(The World Food Programme’s blockchain initiative literally proposed putting everyone’s iris scans onto the public Ethereum blockchain.)

Our greatest protection against the Orwellian consequences of universal blockchain-based surveillance is that none of this is in any way technically feasible, and our businesses and nonprofits are being sold a pup.

“Decentralised” means “what? Our responsibility?”

It’s also entirely senseless for a single organsation, responsible for a system, to claim a decentralised blockchain with no human responsibility is an advantage.

It’s an abrogation of responsibility. This is what the claim of being “decentralised” and immune to corruption by human agency leads to — the vague notion that there’s no central agency running the thing, if it’s on a blockchain.

Smart contracts won’t help you here either. “The algorithm did it” is accepted as an excuse less and less these days.

Are you claiming that your organisation’s database is somehow not under your control? It’s entirely unclear how this would be an acceptable claim in a dispute, if you chose to put your data on a blockchain and use it as your back-end database.

It’s important to note that the panopticon-like plans would be a GDPR nightmare in Europe. The General Data Protection Regulation requires that any personal information must be removed from a database (very broadly defined) that you control, on request from the subject — with maximum penalties for noncompliance of €20 million, or 4% of global turnover.

If that database is a blockchain being used by your organisation — then you’ve just made the job of removal all but impossible. For no advantage to you.

And there’s no excuse to export to other countries what we wouldn’t put up with here.

The good bit: the data structure

There are genuine uses for blockchain-like databases — the append-only ledger, made cryptographically tamper-evident. We’ve had this data construct for decades, and it’s been very useful where it’s appropriate.

It’s just like an accounting ledger that you can only add to, and not alter previous entries. If you want public assurance, you can distribute complete copies of the ledger for others to check over.

If you do need to go and alter previous entries, it’s a huge faff — you have to declare a flag day, and say “here’s the new version, use this one” — but it’s quite doable. (And really, you’d want it to be difficult, but not impossible.)

As I say in chapter 11 of the book, there are things being sold as “blockchain” that are pretty much just the useful data structure. If these are popularised under the name “blockchain,” I can live with that.

And then they’ll be known to people outside the programmers in your technology department — who almost certainly save their programs in one popular use case for this data structure, Git.

When you’re looking into blockchain systems, bring along your most cynical system administrator. Get them to ask the salesperson lots of pointed questions.

Become a Patron!

Your subscriptions keep this site going. Sign up today!

4 Comments on “Blockchain identity: Cambridge Analytica, but on the blockchain”

  1. It’s not that there are *no* intermediaries – it’s that effectuvely *everybody* is an intermediary, altogether. We wouldn’t accept a merchant processor that told us we have to send to 100K processors at the same time… how could that *possibly* be efficient?

  2. So, as fashionable and fun it is these days to laugh at all things blockchain, as someone deeply embedded in all things blockchain identity I will just say that yes, please, bring your concerns, criticisms, and skepticisms to us at Rebooting Web-of-Trust!

    This is a fantastic group of very smart people, that has already put on 5 or 6 workshops, organized by the co-author of SSL/TLS Christopher Allen, that is trying to fix some of the past mistakes made with authenticating online identity, and we certainly want to do our best to avoid repeating them or making new ones!

    So I love it when people are critical of the blockchain, and especially blockchain identity, even though I spend most of my time working on exactly that. We need more of you critics to come to our events to tell us how we’re wrong about everything, please.

    Why am I still so passionate about it? Because in spite of all of the skepticism, I know just how broken our existing certificate authority system is [1], and the blockchain, *properly applied*, can really help fix some of the glaring security issues with it.


  3. Thinking about it, BitCoiners just don’t get irony. I mean, the Bitcoin eco-system is wasting 840 KWh of electricity per transaction on a security system solely designed to prevent the double spending of coins. The irony is that when it came to the BTC BCH hard fork, that ensured that all BTCHs would be effectively double spent for perpetuity from that point on.

  4. You touch on it here and its not discussed nearly enough, but all decentralized, distributed, public blockchains are is a particular backend data architecture and it just happens to be the most inefficient software backend ever developed – by a mind blowing very long way. XML and Microsoft’s run at server .Net paradigms were all greeted with the same kind of world changing evangelism but changes to data storage and distribution architectures do not necessarily make for good or useful software in terms of any real world usefulness.

    Blockchain has it all backwards, it assumes that you don’t need political or economic business plans or new ideas and that the first step in any new initiative is to establish an accounting department in the hope that a decent business or politics may grow out of it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.