In the digital age, blockchain technology is revolutionizing various sectors, from organizations to IoT and voting systems are no exception. The book “Blockchain Smart Contracts and the Law” provides a comprehensive exploration of this topic, demonstrating how blockchain can transform the way we vote.
Blockchain voting refers to the use of blockchain technology to record and verify votes in an election. It offers a secure, transparent, and tamper-proof method of voting, addressing many of the challenges associated with traditional voting systems.
One of the key advantages of blockchains for voting is its potential to enhance election integrity. With blockchain, each vote is recorded as a transaction on the blockchain, making it nearly impossible to change or delete votes. This feature can significantly reduce the risk of election fraud.
Another advantage is the potential for increased voter participation. Blockchain are decentralized so voting can be done remotely, making it more accessible to those who may find it difficult to reach polling stations. This could lead to higher voter turnout and a more representative democracy. However, the implementation of voting using blockchains is not without challenges. Issues such as voter privacy, system scalability, and legal compliance need to be addressed. The book “Blockchain Smart Contracts and the Law” delves into these challenges, providing valuable insights for anyone interested in the intersection of blockchain and voting.
In conclusion, blockchain voting represents a promising solution to many of the challenges faced by traditional voting systems. It has the potential to enhance election integrity, increase voter participation, and usher in a new era of democracy. The book “Blockchain Smart Contracts and the Law” serves as a valuable guide for navigating this new landscape. Ready to delve deeper into the world of blockchain voting? Equip yourself with the knowledge to navigate this landscape confidently and legally. Get your copy of “Blockchain Smart Contracts and the Law” today and take the first step towards understanding the future of voting.
A Deep Dive into “Blockchain Smart Contracts and the Law”
In the ever-evolving digital landscape, leveraging blockchain technology for business innovation has emerged as a revolutionary tool that holds immense potential in industries as diverse as healthcare or telecommunications. The book “Blockchain Smart Contracts and the Law” provides an in-depth exploration of this topic, demonstrating how leveraging blockchain for businesses can create strategic advantage. At its core, blockchain is a decentralized and transparent ledger system. It offers a secure way to record transactions, eliminating the need for intermediaries. This feature is particularly beneficial for businesses, as it can streamline operations, reduce costs, and enhance transparency. It also fosters trust among stakeholders, as every transaction is verifiable and immutable.
One of the most promising applications of blockchain is in the realm of smart contracts. These are self-executing contracts with the terms of the agreement directly written into code. They automatically execute transactions when predefined conditions are met, reducing the risk of fraud and discrepancies. This automation can significantly improve efficiency and accuracy in business operations.
The book “Blockchain Smart Contracts and the Law” delves into the legal aspects of these smart contracts. It highlights the potential legal challenges and offers guidance on navigating the complex regulatory landscape. This knowledge is crucial for businesses looking to adopt blockchain technology, as it ensures they can do so in a legally compliant manner.
The book also explores the transformative potential of blockchain and smart contracts across various industries. From supply chain management to financial services, blockchain can disrupt traditional business models and pave the way for innovative solutions. It can enable real-time tracking of goods, facilitate cross-border payments, and much more. However, the adoption of blockchain is not without challenges. Issues such as scalability, interoperability, and data privacy need to be addressed. The book provides a balanced perspective, discussing these challenges and suggesting possible solutions.
In conclusion, “Blockchain Smart Contracts and the Law” serves as a valuable resource for businesses seeking to innovate using blockchain technology. It offers a comprehensive overview of the legal implications of blockchain and smart contracts, empowering businesses to harness the power of this technology while mitigating potential risks. Ready to leverage blockchain for your business innovation? Equip yourself with the knowledge to navigate the blockchain landscape confidently and legally. Get your copy of “Blockchain Smart Contracts and the Law” today and take the first step towards a blockchain-powered future.
Blockchains, Smart Contracts, and the Law
“Blockchains, Smart Contracts, and the Law” is a comprehensive guide to the legal implications of blockchain technology and smart contracts. The book is suitable for a wide range of audiences, including:
Lawyers and legal professionals: This book provides a detailed overview of the legal implications of blockchain technology and smart contracts. It covers a wide range of topics, including token assets as money, token assets as property, decentralized finance, token assets as securities, blockchain operations, decentralized autonomous organizations, tokens as real estate, blockchain and open source, and blockchain justice. Legal professionals can use this book to gain a deeper understanding of the legal implications of blockchain technology and smart contracts, and how they can be applied in practice.
Business executives and entrepreneurs: This book provides a comprehensive overview of the legal implications of blockchain technology and smart contracts, and how they can be used to create new business opportunities. Business executives and entrepreneurs can use this book to gain a deeper understanding of the legal implications of blockchain technology and smart contracts, and how they can be applied to create new business models and revenue streams.
Blockchain developers and engineers: This book provides a detailed overview of the legal implications of blockchain technology and smart contracts, and how they can be applied in practice. Blockchain developers and engineers can use this book to gain a deeper understanding of the legal implications of blockchain technology and smart contracts, and how they can be applied to create new blockchain-based applications and services.
Academics and researchers: This book provides a comprehensive overview of the legal implications of blockchain technology and smart contracts, and how they can be applied in practice. Academics and researchers can use this book to gain a deeper understanding of the legal implications of blockchain technology and smart contracts, and how they can be applied to create new research opportunities and areas of study.
General readers: This book provides a comprehensive overview of the legal implications of blockchain technology and smart contracts, and how they can be applied in practice. General readers interested in blockchain technology and smart contracts and how they are changing the world around us, can use this book to gain a deeper understanding of the legal implications of these technologies
“Blockchains, Smart Contracts, and the Law” is a comprehensive guide to the legal implications of blockchain technology and smart contracts. The book is divided into ten chapters, each of which covers a different aspect of the topic. The first chapter, “Digitization and Remote Agency,” discusses the impact of digital transformations on remote life, signatures, witnesses, and blockchain jurisdiction. The second chapter, “Token Assets as Money,” explores the characteristics of money, US monetary laws, cryptocurrencies as legal tender, monetary malfeasances, agencies of monetary regulation, alternative financial payment and settlement arrangements, and central banks and digital currencies. The third chapter, “Token Assets as Property,” covers token taxation, privacy considerations with blockchain tokens, and references. The fourth chapter, “Decentralized Finance,” compares DeFi vs TradFi/CeFi, decentralized exchanges, and references. The fifth chapter, “Token Assets as Securities,” discusses investments, securities, commodities, token classification tests, token investment performance, and references. The sixth chapter, “Blockchain Operations,” covers blockchain mining/validation and energy, MEV, Flashbots, transaction fees, self-custody & account abstraction, password/account recovery mechanisms, and references. The seventh chapter, “Decentralized Autonomous Organizations,” explains what a DAO is, legal entity status for DAOs, legal issues with DAOs, and references. The eighth chapter, “Tokens as Real Estate,” discusses physical real estate tokens, real estate recordation, virtual real estate tokens, legal issues with real estate transactions via blockchains, and references. The ninth chapter, “Blockchain and Open Source,” covers code repositories, open-source licenses, the role of foundations/non-profits, the role of whitepapers, the role of DAOs, and references. The tenth chapter, “Blockchain Justice,” discusses blockchain dispute resolution and the rise of blockchain ADR mechanisms. Tokens as artworks are discussed in the eleventh chapter, while credential applications are discussed in the twelfth chapter and provenance applications in the thirteenth chapter. The final three chapters cover smart contracts and insurance, estate planning and blockchains, and blockchain voting. The book also includes appendices on hash functions and financial industry terminology.
“Blockchains, Smart Contracts, and the Law” is a comprehensive guide to the legal implications of blockchain technology and smart contracts. This book is an essential resource for anyone who wants to gain a deeper understanding of the legal implications of blockchain technology and smart contracts. Whether you are a lawyer, business executive, entrepreneur, blockchain developer, engineer, academic, researcher, or general readers interested in blockchain technology and smart contracts, this book provides a comprehensive overview of the legal implications of these technologies and how they can be applied in practice. If you are interested in purchasing this book, you can find it on Amazon and other online retailers. The book is available in both paperback and hardback formats. Don’t miss out on this opportunity to gain a deeper understanding of the legal implications of blockchain technology and smart contracts. Order your copy today!
If you are looking for a book that provides a detailed overview of the legal implications of blockchain technology and smart contracts, then “Blockchains, Smart Contracts, and the Law” is the perfect choice for you. This book is written clearly and concisely, making it easy to understand even for those who are new to the topic. The book is divided into sixteen chapters, (and two appendices) each of which covers a different aspect of the topic. Here are some quotes from experts in the field that support the book:
“For a highly readable and reliable roadmap to the blockchain universe you won’t find a better guide than Steven Wright, whose lens captures the scope and details of this world from the heights of the monetary system and tokenomics to the inner workings of bitcoin mining, synthetic derivatives, hash functions and more. I’ll be keeping this encyclopedic work not just in my library for interesting reading, but by my desk as an indispensable guide to this rapidly-evolving landscape.”
Charles N. Bowen
Founder, Legal Path LLC / Adjunct Professor, Georgia State University College of Law
Don’t miss out on this opportunity to gain a deeper understanding of the legal implications of blockchain technology and smart contracts. Order your copy of “Blockchains, Smart Contracts, and the Law” today!
Achieving a digitalized economy assumes a process of digital transformation with digital technologies being adopted and new management techniques to effectively manage the identification of suitable technologies; match technologies with organizational opportunities; and then administer the organization in the digitalized economy. Digital transformation involves new concepts, radical innovation, and radical organizational change across multiple organizational dimensions. Blockchains can be considered a form of digital transformation for organizations. An aspect of the radical nature of blockchains flows from the capabilities it can provide for trustworthy transactions between organizations. Blockchains are associated with a decentralized implementation architecture which often contradicts centralization assumptions inherent in both IT infrastructure (e.g., Client-Server) and in organizational processes and management structures. Blockchains also enable Decentralized Autonomous Organizations (DAOs) which may be better considered as a software implementation of organizational governance rather than a typical technology for process automation.
Blockchain Technology (including DAOs)
This creates opportunities for new business models by disintermediation of some parties to traditional transaction flows in the same industry or supply chain. Multiple parties have to agree to adopt the new style of transactions. Decentralization is an architectural approach to restructuring the power and influence of elements within an economic system. Early approaches to decentralized distributed computing (such as Autonomous Decentralized Systems (ADSs) focused on building operational resilience for large-scale infrastructure, more recent DAO innovations have focussed on the organizational aspects. Both intra-organizational and inter-organizational technology adoption tend to be analyzed with similar frameworks such as the Technology, Organization, and Environment (TOE) framework. While most technology adoption frameworks focus on a single organization, blockchain exhibits network effects when deployed across multiple organizations.
Blockchain ( & DAOs) in or between organizations
The digital transformation of an organization for the digitalized economy goes beyond mere technology adoption within existing organizations and includes new forms of digital native organizations such as DAOs. Scorecards and metrics have been applied in many areas within organizations from accounting to ethics; but multiparty technology adoption has an additional scope that metrics within a single organization do not. Metrics and scorecards help organizations evaluate their readiness for blockchain implementations. Organizational readiness and maturity metrics for effectively utilizing blockchains have to address the broad range of business considerations that management should consider when evaluating opportunities for digital transformation via blockchain. A digitalized economy, and blockchains, need readiness metrics that apply across organizations.
Digital twins (DTs) have emerged as a critical concept in cyberspace infrastructure. DTs are fit-for-purpose digital representations of an observable manufacturing element with a means to enable convergence between the element and its digital representation at an appropriate rate of synchronization. Human DTs (HDTs) are also emerging for healthcare and social interaction. Blockchain Digital Twins (BDTs) are a subset of the DTs that incorporate blockchains to provide additional trust-based features, typically relying on underlying capabilities of IoT Blockchains. The ITU-T recognized DTs as a use case driving additional requirements for 6G features.
Blockchain Digital Twins
The value provided by DTs relies on their fidelity in representation. A dynamic DT maintains a digital representation of the current state of the physical object. Blockchains provide trust assurance mechanisms, particularly where multiple parties are involved. For users of DTs to benefit from this digital representation, they must trust that it provides an adequate representation for their purposes. The expected life cycle operations of the IoT, blockchain, and DT need to be considered to develop economically useful blockchain digital twin (BDT) models. Blockchains can be used for assurance of authenticity of actions by DT. BDTs do not exist in isolation, but rather within a DT environment (DTE). A metaverse as a collection of virtual worlds may include virtual worlds that are DTEs ie capable of supporting the operation of DTs within them. A DTE may include multiple DTs of different objects to enable interactions between these objects to be evaluated in both virtual reality and mixed reality cases.
To populate DTEs with multiple DTs requires industrialized tooling to support the rapid creation of DTs.The industrialization of DT creation requires frameworks, architectures, and standards to enable interoperability between DTs and DTEs. While blockchains developed from fintech applications, BDT applications will have different requirements for blockchain features and performance – e.g. in notions of privacy.
The Internet has evolved from a fault-tolerant infrastructure to support both social networking and a semantic web for machine users. Trust in the data, and the infrastructure, has become increasingly important as cyber threats and privacy concerns rise. Communication services become increasingly delivered through virtualized, software-defined infrastructures, like overlays across multiple infrastructure providers. Increasing recognition of the need for services to be not only fault-tolerant but also censorship-resistant while delivering an increasing variety of services through a complex ecosystem of service providers drives the need for decentralized solutions like blockchains. Service providers have traditionally relied on contractual arrangements to deliver end-to-end services globally. Some of the contract terms can now be automated through smart contracts using blockchain technology.
Blockchain network management
This is a complex distributed environment with multiple actors and resources. The trend from universal service to service fragmentation, already visible in the increasing IoT deployments using blockchains, is expected to continue in 6G. Virtualization of the infrastructure with NFV-SDN make prevalent the concepts of network overlays, network underlays, network slices. In the 6G era, it seems that service providers will need to provide network management service assurance beyond availability including aspects such as identities, trustworthiness, and censorship resistance.
Blockchains are not only proposed for use at a business services level but also in the operation of the network infrastructure including dynamic spectrum management, SDN and resource management, metering and IoT services. Traditional approaches to network management have relied on client–server protocols and centralized architectures. The range of services offered over 6G wireless that need to be managed is expected to be larger than the variety of services over existing networks. Scaling delivery may also require additional partners to provide the appropriate market coverage. Management of 6G services needs to support more complex services in a more complex commercial environment, and yet perform effectively as the services and infrastructure scale.
Digital transformation at both network operators and many of their customers has led to a software-defined infrastructure for communication services, based on virtualized network functions. Decentralized approaches for network management have gained increasing attention from researchers. The operators increased need for mechanisms to assure trust in data, operations and commercial transactions while maintaining business continuity through software and equipment failures, and cyberattacks provide further motivations for blockchain-based approaches. These architectural trends towards autonomy, zero touch and zero trust are expected to continue as a response to networking requirements. Blockchain infrastructures seem to provide an approach address some of these requirements.
Blockchain-enabled decentralized network management is disruptive change to existing network management processes. The scope and scale of the 6G network management challenge supports the need for these types of network management architectures. Both technical and commercial or organization challenges remain before the wider adoption of these technologies. Blockchain-enabled decentralized network management provides a promising framework for considering the operational and administrative challenges expected in 6G communications infrastructure.
Voting systems are a problem space that matter to humans because of the actions required of participants, and the impacts of voting decisions. Reports of unauthorized voting, of possible election interference by foreign powers, of voter disenfranchisement, and of technological failures call into question election integrity. Automated voting systems promise efficiency and improved accuracy. This improvement comes from elimination in the electoral processes of humans that may be error prone, or otherwise biased. Information, computing, communication and connectivity technologies offer capabilities that are not leveraged by existing paper voting systems.
Maybe it is time fore some outside of the box thinking. Suitable electronic systems may enable other democratic forms beyond representative democracy or direct democracy. From the perspective of an existing voting process, blockchain voting systems are an example of digital transformation. Transforming voting is also subject to a number of risks or threats regarding political exclusion, legitimacy issues, identity and privacy/ secrecy concerns.
Towards a Blockchain Voting Roadmap
Roadmaps as a retrospective provide the opportunity to learn from past mistakes. But, the main value of prospective technology roadmaps, is as a decision aid in developing the technology. Such roadmaps identify the sequence of evolutionary technology improvements needed. Community engagement and recognition of roadmaps as emergent rather than centrally planned are key.
Deployments of new voting systems by election organizers is easier in “greenfield” situations. This is because existing voting procedures do not need to be displaced. Election organizers have used a variety of different implementation and delivery models for other voting systems. These implementation and delivery models could be applied by election organizers for a blockchain based voting system as well. A blockchain voting system could be designed for a single organization. An alternative design might prefer a single instance be usable by multiple organizations. The designer of a blockchain voting service could offer it “as a Service”. The Service hides the implementation details. Alternatively, the developer could build on an existing blockchain infrastructure where the blockchain implementation is explicit.
Community Roadmap Development
Roadmaps can provide a decisional framework; and identify milestones to determine progress. Roadmaps with fewer dimensions help to concentrate efforts to improve performance in those dimensions. Roadmapping can help clarify the different areas where blockchain voting systems may be more easily implementable and deployable. Blockchain voting systems targeting market based or corporate governance may be more tractable in the near term. Establishing broader consumer familiarity with the technology may eventually lead to use in political governance. To read further a lengthier published article is available : Towards a Blockchain Voting Roadmap
Whether you are a researcher, business professional, or social entrepreneur, the solutions you develop to the problems that you face matter! Framing and reframing the problem from different perspectives can enable you to see past constraints. These constraints may not exist from a different perspective. Developing a client-centric, solution-agnostic problem statement can enable the needed creative thinking.
If you need help bringing the power of perspective to your clients’ needs problem statement contact me.
Technology entrepreneurship has enabled the widespread commercial adoption of internet technologies. These internet technologies have reformed consumer commercial experiences towards an online environment. As the online consumer experience becomes more predominant, various actors have recognized the significance of developing appropriate regulations for online consumer experiences to reflect various policy objectives including consumer protection. Network efficiencies and large-scale infrastructures enable a single provider to deliver services to mass market consumers. Contract negotiation at such scale is typically not the “meeting of the minds” envisaged by contract law as crafting terms carefully considered by knowledgeable parties. Such services are typically delivered under terms of service developed by the service provider alone; and accepted by the consumer with a single click and little if any consideration.
Consumers typically ignore these terms of service in reliance on consumer protection laws or the courts to ensure fair treatment. Consumer protection laws have focused primarily on requirements directed at the service provider. Common law courts have contract defenses against unconscionable terms, but these rely on community standards of reasonable behavior which may be difficult to ascertain when the adoption of new technologies and practices is not uniform. The successful adoption of new internet-based technologies and commercial practices has encouraged more technology entrepreneurship in a positive feedback cycle.
Electronic signatures have become the norm as transactions increasingly move online, unfortunately with little thought or evaluation by consumers. A swath of new internet-based technologies and commercial practices enabled by blockchains are expected to become mainstream within the near future. Regulatory and Policy decision makers are considering necessary regulatory changes as these technologies evolve to support a greater range of more complex transactions affecting not just financial assets, but also cyber physical infrastructure.
To avoid the problems created by oblivious signatures, some efforts at increasing consumer engagement with the terms of service may be a useful and tractable step towards improved consumer experiences. In comparison, previous efforts focused on the plain language movement may have increased comprehensibility ultimately failed to achieve the necessary consumer attention for a true “meeting of the minds”. Blockchain smart contracts appear to provide promising capabilities to enable greater consumer engagement with the terms and conditions of the online services by enabling e.g. multiple signatures per transaction, and more sophisticated transaction logic to verify engagement. If service providers and regulators will also engage, by considering such click through licensing processes through the lens of consumer engagement, consumer orient blockchain smart contracts could become more widespread.
Design patterns have been proposed as a method to improve the consistent application of proven solutions across designs. Privacy in operational IoT blockchains today is mostly an attestation from the operator of the service based on IoT. Privacy testing in operational systems an opportunity for further improvement. Privacy risks, threat model and requirements are continuing to evolve and IoT systems will need to evolve with them. [Alqassam 2014]. Privacy threats need to be managed throughout the operational life cycle of the IoT blockchain including changing sensors, upgrading software, etc. Privacy patterns can help maintain consistency across these disruptions; though testing and attestations will also have a role to play.
Privacy patterns for
IoT Blockchain Design
Developers often use the vocabulary of data security to approach privacy challenges, and software architectural patterns frame privacy solutions that are used throughout the development process [Hadar 2018]. There are over 100 IoT design patterns in the literature, but very little explicit identification of IoT design pattern reuse [Washizaki 2019]. As a “step” toward solving security and privacy concerns, [Bloom 2018] identified common input-output (I/O) design patterns that exist in Industrial IoT applications, but these design patterns don’t address the full scope of privacy threats, nor the blockchain aspects. [Xu 2018] collects blockchain design patterns, but these mainly identify privacy as an area for further improvement. [Wirth 2018] provides an initial blockchain and smart contracts architectural blueprint claiming GDPR compliance. [Pape 2018] considers privacy patterns in the IoT architecture, assuming a three-layer service delivery model based on fog computing, and does not consider blockchain aspects, nor an explicit data controller role. The privacy patterns [Pape 2018] identified included: personal data store, data isolation at different entities, decoupling content and location visibility, added noise measurement obfuscation, aggregation of data, data aggregation gateways, and single point of contact. A more comprehensive list of privacy patterns, though not targeted at IoT, is online at https://privacypatterns.org/patterns/. Privacy patterns abstract away from the detailed solution of specific PETs. At best, privacy design patterns align with specific privacy threat models, and the suite of patterns covers the full scope of privacy threats. Privacy design patterns can provide a useful common abstraction for communication between the designers and operators of IoT blockchain during its design and operational lifecycle.
Privacy Testing
Modern software development practices like devops, CI/CD,
etc. have an emphasis on the availability of system tests to ensure key use
cases remain valid during development. Some methodologies (e.g. Design for
Testability) go further and require the development of tests before the development
of the code. It would be helpful if
privacy design patterns had industry consensus methods to verify correct
implementation and operation.
Testing in the context of distributed architectures like IoT and blockchains adds additional complexity. [Pontes 2018] formalizes the notion of a pattern-based IoT testing method for systematizing and automating the testing of IoT ecosystems. It consists of a set of test strategies for recurring behaviors of the IoT system, which can be defined as IoT test patterns. Unfortunately, these did not address the scope of privacy concerns. Similarly, the blockchain literature has few examples of automated test suites (see e.g., [Gao 2019]). Neither of these test patterns is specific to privacy. [Muntes-Molero 2019] proposes an approach towards continuous monitoring for privacy risk control in trustworthy IoT systems. The assumption of trustworthy systems requires additional justification. Blockchains can be designed to achieve secure consensus results despite running on untrusted nodes in a peer-peer network. With little in the literature beyond penetration testing (e.g., [Probst 2012]), testing of assertions that privacy threats have been resolved seems an area for further research.
Given the scope of privacy concerns, privacy testing is unlikely to be accomplished by a single test. While many traditional notions of privacy focus on disclosure, recent regulatory initiatives have created new requirements for user controls. While those controls may be implemented with manual procedures in the short term, IoT blockchain architectures can be expected to evolve to provide automated support for these features, and that will need to be tested. An IoT blockchain may be assembled from different components, and will likely evolve over its operational life as new components are added, software updated, etc. Privacy testing will need to apply both at the component level and cumulatively across the larger architecture, and during run time operations.
Privacy Attestation
Some [Wirth 2018], [Bansal 2008] have noted that trademarks and certification seals may be useful for consumers to identify and trust products and services that provide privacy assertions (e.g., conformance to privacy regulations such as the GDPR). Certification schemes usually require independent verification/ testing to assure the quality of certified goods/services. While privacy testing regimes are still in early stages of development, attestations by entities operating services based on IoT blockchains may provide some interim assurance. This may require similar assurances and indemnification through the component supply chain.
The scope of the attestations that consumers may require to protect their privacy and build trust needs further consideration. Solove’s taxonomy is now incomplete as it does not include the more recent regulatory initiatives like GDPR that mandate some degree of control of the data by the data subject. Traditional data access controls (Create/Read/Update/Delete) are helpful, but more nuanced controls may be required to constrain privacy threats from information processing and secondary uses. GDPR takes a step in this direction by identifying the data controller role and imposing privacy-related obligations on data controllers. IoT blockchain architectures could support a limited set of more nuanced operations on private data through SMC. The SMC code could be open-sourced and inspectable to provide assurances of correct operation. Moving the computing algorithms to the data like this may reduce the amount of attestation required to build trust.
Privacy is an ongoing operational concern, not just a design-time objective. The IoT blockchain architecture, though, it will need adequate capabilities to be designed in so that operators of services based on them will be able to make adequate assurances to their customers, and perhaps their regulators as well. While attestations may provide assurances in the short term, ultimately adequate privacy testing regimes will be required to demonstrate the integrity of the solutions.
[Bloom 2018] G. Bloom, et al. “Design patterns
for the industrial Internet of Things.” 2018 14th IEEE
International Workshop on Factory Communication Systems (WFCS). IEEE, 2018.
[Gao 2019] J. Gao, et al., “Towards automated
testing of blockchain-based decentralized applications.” Proc. of
the 27th Int’l Conf. on Program Comprehension. IEEE, 2019.
[Hadar 2018] I. Hadar, et al. “Privacy by
designers: software developers’ privacy mindset.” Empirical
Software Engineering 23.1 (2018): 259-289.
[Pontes 2018] P. Pontes, et. al., “Test
patterns for IoT.” Proceedings of the 9th ACM SIGSOFT
International Workshop on Automating TEST Case Design, Selection, and Evaluation.
ACM, 2018.
More concise privacy threat models are emerging as awareness grows that privacy concepts expect beyond the scope of traditional security threat models. The Data Controller role has received more interest after GDPR but rarely appears in IoT blockchain architectures. To resolve human privacy concerns requires establishing trust in both the IoT systems and in the entities operating them. Legal innovations (e.g., BBLLCs) enable the possibility of new entities that may help manage privacy threats. Technology innovations (e.g., SMC) enable new privacy patterns by changing the data flow requirements to bring the computation to the data, rather than the reverse.
Privacy Threat Models
Developers often use the vocabulary of data security to approach privacy challenges, and this vocabulary limits their perceptions of privacy mainly to third-party threats coming from outside of the organization [Hadar 2018]. Security by design has achieved wider adoption through the use of methodologies based around threat modeling to build common design patterns around data flows in system architectures. [Deng 2011] applies this approach to privacy threat modelling, distinguishing between hard privacy (based on data minimization) and soft privacy (based on trust in the operations of some external data controller), and identifying a number of privacy properties (unlinkability, anonymity, pseudonymity, plausible deniability, undetectability / unobservability, confidentiality, content awareness, policy and consent compliance). [Muntes-Molero 2019] provides a mapping of the connection between security threat models (STRIDE) and Privacy threat models (LINDDUN).
[Feng 2018] identifies blockchain privacy requirements as only either (1) identity privacy or (2) transaction privacy, and also identifies several attacks for deanonymization of identities in blockchain systems are known including: network analysis, address clustering, transaction fingerprinting, Denial of Service attacks against anonymizing networks, Sybil attacks against the P2P network reputation system. Transaction privacy can also be threatened by transaction pattern exposure through, for example, transaction graph analysis. Identity preservation methods mixing services (which obfuscate transaction relationships with other traffic), ring signatures (which obfuscate the real signer amongst a group of signatories), and non-interactive zero-knowledge proofs (which prove a given statement without leaking additional information). Transaction privacy-preserving mechanisms identified include non-interactive zero-knowledge proofs, and homomorphic cryptosystems (which preserve arithmetic operations carried out on ciphertexts).
The privacy threat models, and traditional IoT architectures, generally assume a data flow pattern where data moves and aggregates for centralized analysis by some other party. IoT blockchains supporting SMC offer a potential alternative architecture of moving the computation rather than the data – exposing only the result of the computation rather than the original private data. This would enable the computations to be trusted rather than some other party. This would also limit the secondary use threat to privacy from Solove’s taxonomy when the data is transferred directly, which otherwise does not seem to be addressed effectively in the privacy principles, or threat models.
Data Controller Entities and business models
Ownership provides a legal basis for data controllers to exercise control over “their” data. In the context of cross border data flows, [Unctad 2019] considered four data ownership policies as options for capturing value for data: personal data markets, data trusts (between members of a group, or digital platform), collective data ownership (nationalization as a public resource), and digital data commons (placing data in the public domain). Assertions of collective ownership or digital commons likely require changes in public policy. While individuals could theoretically build their own IoT systems to control their own data, this is not a scalable approach for IoT deployments as not everyone has the skills, capital or motivation, and the lack of uniformity in approach would reduce the aggregate value. If the data collected has commercial value, then some entity is likely to be claiming ownership of that data. For most IoT architectures this entity is not the humans that may be subjects of IoT surveillance. Many existing IoT architectures require people to trade otherwise private data about themselves for access to some monitoring service. The role of a data controller was identified in [OECD 1980] and reinforced with the GDPR; data controllers have not typically been an element in IoT architectures. A data controller may typically be a data owner, but this is not required – it could be operating under some contract or other license arrangements.
Hence humans subject to surveillance by services based on IoT architectures must trust the entity operating those services for any privacy assurances. For commercial entities operating a service based on IoT, there most likely is terms and conditions (T&C) agreement between the IoT operator and the user. Ideally, this would include some attestations or promises regarding the user’s privacy (e.g. not to resell the data to others for secondary uses). It is difficult for the user to detect violations of such privacy attestations. Other data controllers may collect IoT data implicating privacy without T&C agreements in place. Regulations, such as GDPR, may still apply in such cases. In the event of a change of control at the entity operating the IoT service (e.g., a bankruptcy), the data within its control could be repurposed without notice to the user.
Blockchain technology offers a new entity for consideration as the data controller: an IOT blockchain could be structured as a DAO and incorporated as a BBLLC [Vermont 2018]. In this case, the user would have to trust the BBLLC (and its developers) rather than a commercial platform operator. The BBLLC replaces the human with a computational machine as the data controller. The data controls could be implemented with smart contracts. The smart contracts could be publicly inspectable to build trust in the logic. Several blockchains and smart contracts are already inspectable as open source. The BBLLC could also have preplanned smart contracts for the data to be returned or destroyed in the event of foreseeable disruptions of the BBLLC (e.g., forking, dissolution). While blockchains and smart contracts hold a lot of promise, current implementations do not exhibit all these features, and it may take some time for a consensus to emerge on the detailed scope of the features required in IoT blockchains to support the full scope of privacy threats.
If you are looking for a book that provides a detailed overview of the legal implications of blockchain technology and smart contracts, then “Blockchains, Smart Contracts, and the Law” is the perfect choice for you. This book is written clearly and concisely, making it easy to understand even for those who are new to the topic.
