The Transparency Machine
Most blockchain ideas that I hear about make no sense. In general, they do not involve blockchains (just some sort of shared database) and where they do actually involve blockchains they are used to emulate shared databases to deliver a slower and more expensive service. How is it then that even a blockchain grouch such as me thinks that the technology has something to offer? Well, first of all, let’s stop talking about blockchains and use the more general terms shared ledgers to cover the spectrum of relevant technologies and enterprise shared ledgers to cover the particular use case of sharing data between organisations (and regulators etc) in a permissioned manner. I think that the use of enterprise shared ledger (ESL) software will transform business more than enterprise resource planning (ERP) did a generation ago because it will go beyond automating existing process and will instead create new ways to do business. [bctt tweet="Transparency is a route to trust." username=""] Consider the recent case study of Wirecard. The auditors reported that the company was solvent because they thought that there were bank accounts with billions of euros in them. It turns out that there were not. What a simple problem to solve! If only there was some form of immutable record of transactions that companies could use to store account balances digitally-signed by their banks and that investors, customers, suppliers and regulators could use instead of auditors to determine that the assets of companies exceed their liabilities! Transparency is a route to trust.
with kind permission of TheOfficeMuse (CC-BY-ND 4.0)
Put the transactions on a blockchain and no more fraud then? It’s not that easy. Some of the information in the ledger is confidential: it should only be accessed by the customers, the banks involved in the transactions and perhaps the market where the transactions take place. There are many applications where the transactions must be private. Therefore we need mechanisms to exploit the beneficial transparency of the shared ledger in such a way as to preserve necessary privacy. What sort of mechanisms? Well, many years ago Eric Hughes, the author of the “cypherpunk manifesto” in the early 1980s, wrote about “encrypted open books”, a topic that now seems fantastically prescient. His idea was to develop cryptographic techniques so that you could perform certain kinds of public operations on private data: in other words, you could build “glass organisations” where anyone could run software to check your accounts without actually being able to read every item of data in them. It sounds completely crazy and in fact it is a perfect example of what I've previously labelled counterintuitive cryptography. The idea of open book accounting is to use homomorphic encryption to store records in a form where they can only be read by authorised parties but can nonetheless be subject to some basic computation while still encoded. In other words you can determine that (encrypted 2) + (encrypted 2) = (encrypted 4) without ever being able to read the “2” or “4” . This means that you can prove certain assertions about data without ever revealing what the data actually is. One obvious use of this, and as far as I can remember this was central to Eric's discussion of the topic, is to take a list of the encrypted assets of the company together with a list of the encrypted liabilities of the company and compute that the company's assets exceeds liabilities. Thus you can, essentially, audit that the company is solvent without being able to read what any of the assets and liabilities actually are. (In practice, for this to work, the assets and liabilities have to be encrypted by some trusted third party. If I show you my encrypted Barclays bank statement then you have to know it is authentic so it would need to be digitally signed by Barclays, but that’s a topic for another day.) When you combine the idea of open book accounting with Ian Griggs’ idea about triple entry accounting that dates from around the same time, you can see the basis for a new and more efficient financial infrastructure that is simultaneously the doom of auditors everywhere. If you are interested, there is a very comprehensive review of the origins and taxonomy of the intersection between open book, triple-entry and shared ledgers in a paper from Juan Ignacio Ibañez, Chris Bayer, Paolo Tasca and Jiahua Xu. Remember in a triple entry system each of the parties to a transaction has a record of the transaction but there is a corresponding entry in a shared ledger that is computationally infeasible to falsify. The entries in my ledger are private to me and the entries in your ledger are private to you but the entries in the shared ledger are available to a much wider range of stakeholders but encrypted so that anyone can use calculations to determine that our assets exceed our liabilities, crucially without being able to read either. Pretty cool.
Transparency and Translucency
The impact of encrypted open books and triple entry working together in this way could be huge, because the transparency and automation means that we will no longer need to wait until the end of the reporting period to conduct an audit and produce results with the help of skilled financial professionals. Instead we will find ourselves in an era of ambient accountability, where the technological architecture means constant verification and validation. If you want to check whether a bank is solvent before you deposit your life savings there you will do it using an app on your smart phone not by looking at a year old auditor’s report covering some figures from a year before filtered through levels of management. (Ambient accountability is a term that I borrowed from architecture to describe this infrastructure. It describes perfectly how transparency can transform the financial services industry and serves as a rallying cry for the next generation of financial services technology innovators, giving it a focus and raison d’être beyond shifting private profits from banks to technology companies and other third parties.) Since the regulators will be able to use the technology, they will be able to spot unusual or inappropriate activity. What’s more, the information stored in the ledgers in encrypted form has been put there by regulated institutions so should there be a need to investigate particular transactions because of, for example, criminal activity then law enforcement agencies will be able to ask the relevant institutions to provide the keys necessary to decrypt the specific transactions. In this way the shared ledger can bring the technology of open book accounting to bear to exploit the beneficial transparency of the shared ledger in such a way as to preserve necessary privacy. In a paper I co-wrote a few years ago with Richard Brown, then at IBM, and Consult Hyperion colleague Salome Parulava [published as "Towards ambient accountability in financial services: shared ledgers, translucent transactions and the legacy of the great financial crisis." Payment Strategy and Systems 10(2): 118-131 (2016).], we borrowed the term "translucent” from Peter Wayner to mean transactions that are transparent for the purposes of consensus (in other words, we can all agree that the transaction took place and the order of transactions) but opaque to those not party to the trade or the appropriate regulators under the relevant circumstances.
Towards Ambient Accountability from David Birch
I gave this talk introducing these concepts at NextBank Barcelona back in 2015 (building on the talk about “The Glass Bank” that I first delivered back in 2011) and I’m very interested to see the continuing developments in the field. To give just one example, Richard Brown is now the CTO at leading Enterprise Shared Ledger (ESL) software provider R3. R3 recently released their Conclave product that takes an interesting step in this direction, allowing organisations to exploit Intel SGX secure hardware to remotely verify what other organisations can and cannot do with shared data. It seems clear that for financial markets this kind of controlled transparency will be a competitive advantage for both permissioned and permissionless ledgers: as an investor, as customer, as a citizen, I would trust these organisations far more than “closed” ones. Why wait for quarterly filings to see how a public company is doing when you could go on the web at any time to see their sales ledger? Why rely on management assurances of cost control when you can see how their purchase ledger is looking (without necessarily seeing what they’re buying or who they are buying it from)? A market built up from “glass organisations” are trading with each other, serving their customers, working with regulators in entirely new ways, is a very attractive prospect and suggests to us that new financial market infrastructure may be on the horizon and that the lasting impact of shared ledger technology will not be to implement existing banking processes in a new way but to create new kinds of markets and therefore new kinds of institutions. In this world, whether it is Wirecard, Enron, Tether or anyone else, nobody will be required to rely on the word of auditors because they can simply calculate for themselves whether the company is solvent or not. No more relying on tips and whispers to find out whether the money in some remote bank account is sufficient to cover the liabilities in other jurisdictions: cryptographic proofs will replace auditing and apps will replace auditors. [An edited version of this piece first appeared on Forbes, 17th January 2021.]