Northern Trust, IBM, and Block-Colored Things, A Recipe for Disaster | dinbits


IBM claims to have implemented a blockchain for private equity at Northern Trust. This was in the mainstream media's headlines late last week and at first glance it sounds incredible.

Then reality sets in. 

First of all, IBM is involved. That alone tells you that whatever was implemented might not be a blockchain and if it is, then might not be very secure. Secondly, it doesn't use a blockchain at all, it uses Hyperledger's Fabric, which is IBM's version of  distributed ledger that is limited to operating on IBM's private "permissioned" network. 

The combination of the two is a dangerous disaster waiting to happen and clients of Northern Trust may want to find themselves a new place for private equity investments unless there's a option to not use this system. 

Private Downgrade

Hyperledger Fabric may be a useful system for something, such as internal office procurement of furniture or pencils that require a group of approvals beyond the purchaser but private equity investments? It's difficult to support the theory since it has taken all the blockchain technology parts out and what's left is a software that does similar things that a blockchain does without the security and immutability benefits of blockchain technology.

In a nutshell, providing a secure trust using nothing but itself as that trust is what defines blockchain technology. IBM can't do that, Fabric can't do that, and Northern Trusts new system can't do that. because it's broken before it has a chance.

Linux foundation, who put Hyperledger in motion, boasts the "blockchain technology for business" tagline on their website. This is a bit misleading since this would sounds as if you could utilize true blockchain technology with Hyperledger, but the truth is that it's not possible currently. There may well be blockchain technology on its way from Hyperledger but nothing has surfaced to date.

Blockchain Technology Vs. Distributed Ledgers

With private ledgers, "enterprise grade" is synonymous with "downgrade", meaning the security and immutability that a universal (global) blockchain provides is no longer present. In other words the stuff that makes a blockchain a blockchain is no longer there. Instead of immutability and security provided by thousands of nodes, there is no immutability and security is limited to traditional security that has been breached in today's infrastructure.

Rather than a specified protocol by which transactions are to adhere, contractual agreements are in place between nodes and these nodes are controlled by operators who are governed by contracts like they are today. This is not to say that private networks cannot operate exactly as blockchains or even be blockchains, they certainly can. However without a strong network providing security and the inclusion of entity agreement holders (which ultimately means human interaction), the security and immutability provided by a global blockchain is simply non-existent.

That said, there are some advantages. For example, if there are 5 nodes, then there are 5 parties that have to agree/approve and that lends more blockchain like functionality making transactions somewhat more secure in that it requires 5 entities to agree on a transaction, however, nothing in comparison to bitcoins blockchain or even Ethereum. If there are 5 parties one need only breach 3 parties security to control the network. It's the same principal of smaller altcoins networks and the danger they initially face.

It was this very threat itself that made Ethereum Classic strong. At one point a miner threatened to overtake 51% of the network and the community responded by pointing hash-power towards ETC to prevent that from happening. In fact we called that one before it happened.

To make matters more concerning is that some of these talk about the ability to reverse transactions and delete records which destroys immutability, Accenture even promotes the ability to edit completed transactions (yes, they really do), and to take all of that that a step further in the wrong direction, IBM is promoting doing all of this in their cloud, meaning their server rooms under their watch and error giving the entire architecture another massive hole.

There have been glorious talks of ultra-secure this, and super-secure that, yet last year wuth all of this same security technology in place that is to secure "private blockchains" 81 million got hacked through the Federal Reserve and in June, 2016, they release a report noting over 50 security breaches between 2011 and 2015.

The blockchain (bitcoin) in comparison has over 6000 nodes and each node receives hash power from potentially thousands of miners globally. It's current hash-rate is approximately 3.9 exahash. It's never been hacked and even an armada of quantum computers wouldn't be able to penetrate the network, you'd need about 1.2 million of them to overtake the network. At over 15 million USD a pop that's over 12 trillion just to make an attempt.

[Correction: In theory (51% attack) the cost would be approximately 6.3 trillion]

Obviously a 5 node private network with humans prone to manipulation and error involved is a much easier target for hackers. 

This is one huge issue with blockcolored software like IBM's cloudware, it looks and feels like the real thing but it's not. That's the danger the industry faces right now. The continued diluting of blockchain technology with assumptions of functionality that only bitcoins blockchain and perhaps a few others can deliver

To Blockchain or To Not Blockchain...

The biggest question everyone seems to be asking is why? Why bother with simulating a blockchain like network in a controlled private environment when if everything is going to be enforced with contracts, then why bother in the first place? In this case you can end up with 5 versions of the truth in a dispute that could be prone to the strongest legal team prevailing and quite frankly puts systems of this nature right back in the same mess they are in now.

It doesn't make allot of sense. 

They state savings and increased settlement times, but when considering the security risks and cost, when the system eventually fails its going to depend on how costly that failure is to evaluate if there is any benefit at all. Yes, when the system fails. It is inevitable since every system fails and to date every system has been hacked because there is no perfect system.

Bitcoins blockchain is no different, it's had allot of issues through the years, although hacking into the network hasn't been one of them (not exactly anyway, in its 1st year when the network was weak, an immediate fork was required at the alarm of a possible hack), but it's also 8 years old, billions tested, and the fastest man-made computing system to have ever existed so the chance these days for a hack is nearly impossible. However, system failure is certainly a threat as is evident with the current block size issue.

The point being had Northern Trust, or any of these current efforts, opted to settle on the blockchain (bitcoin) by side-chaining their networks (or IBM's cloudware) then all of these worries and potential problems would go away. They'd be less prominent overall being restricted to off-chain transactions prior to a commit. For example, Overstocks T0 does things this way and is a true pioneer in this area. 

Unfortunately, instead of the most secure system to have ever existed and the one system on earth that provides an absolute truth, Northern Trust decided to trust IBM.

This is going to end badly. It may not be next month or even next year, but mark my words, the "enterprise" downgrade of diluted blockchain functionality is going to blow up in all of our faces one day and everyone is going to look bad. Even bitcoin and others like Ethereum regardless of the fact they have nothing to do with this and regardless of the fact that many in the industry, as I am right now, keep saying how much of a bad idea this is. 

Note, I am not referring to Northern Trusts implementation specifically, I am talking about private and blockcolored software in general. 

The Aftermath 

Allot of people complain about banks and companies like IBM badmouthing bitcoin and its blockchain but it may turn out to be the greatest asset of blockchain technologies survival

Why? 

Because when one of the blockchain systems implodes and takes everyone around them down with them, it might just be enough to hep people realize that bitcoins blockchain and these other software systems being called blockchains have nothing at all to do with each other and the damage it causes may be just shy enough of catastrophic to allow bitcoin and possibly a few others to survive in the aftermath.

There are many efforts doing things the global blockchain way and although this is a less favorable method due to misconceptions and perception and although the realization and development is massively more complicated and time consuming, in the end these efforts are likely to also survive. 

In the end, it may well be a no-harm-no-foul other than millions of bank and tech-giant dollars blown on the upcoming growing pains they could have avoided, but still ... 

...it just kind of sucks having to watch the lamb prance into the lions den after dark. 




Article by dinbits
Image Credits:
Banner Image by dinbits.com staff


The opinions expressed by authors of articles linked, referenced, or published on dinbits.com do not necessarily express, nor are endorsed by, the opinions the of dinbits.com or its affiliates.








Post a Comment

Powered by Blogger.