Yes, Blockchain Does Have a Kryptonite
New research on supply chains reveals three vulnerabilities that can breach blockchain’s shield of trust
Blockchain, the decentralized and secure ledger technology, is touted as the “trust machine”, the “trust layer” and a “promise for transparency”. For supply chains in particular, proponents say blockchain offers unprecedented levels of accountability that will help producers reduce food contamination, shippers resolve customer disputes and on and on.
But not so fast, says Erica Pimentel, an assistant professor at Smith School of Business. Pimentel and her co-authors of a new research paper about permissioned blockchains in supply networks say full accountability is not a given. The problem, they say, centres on transparency.
“There is this basic promise that blockchains make — that you don’t need a human intermediary involved because you have this ledger that shows all the transactions that have ever happened on a network,” Pimentel says. “We argue that while that’s really nice in theory, in reality it obfuscates the truth.”
Trading transparency for trust
At its core, every blockchain is essentially a distributed database or ledger shared across the computers of people privy to it. However, there are different types of blockchains.
The best known are public or “permissionless” blockchains, such as Bitcoin, that allow anyone to read, write and audit what happens on them. For private, “permissioned” blockchains, users must be invited by an owner or operator and may have to follow specific rules, such as what type of data they can add to the digital ledger.
One of the more common applications of permissioned blockchains is in supply chains. A retailer, for instance, can be the owner of a permissioned blockchain that invites each entity at a touchpoint within a supply network to participate. These entities can include manufacturers, distributors, shippers and even customs agents.
“Supply chain is the ideal application of this because it gives this real-time record of what’s going on,” Pimentel says. “Every party has a piece of information to add to the puzzle so that we have this 360-degree visibility of things like where are these goods, who has the goods, how much is there, and how much is it costing.”
The problem, says Pimentel and colleagues Mélissa Fortin and Emilio Boulianne of the John Molson School of Business, is that visibility alone is not enough to ensure that each party is performing as it should. Just because each blockchain user can see every transaction does not mean that those users understand what those transactions say. It also does not mean the code underlying the blockchain is without error or that some users are not concealing information.
“Trading transparency for trust is dishonest,” Pimentel says. Instead, as she and her colleagues argue, three “levers” must be considered for a blockchain to be a true mechanism of accountability. These levers are: the ledger, the code and the people.
Three levers of accountability
Pimentel and her colleagues came to this conclusion after conducting 28 interviews with permissioned blockchain users and providers working within supply chains. They also analyzed a trove of documents provided by interviewees about their blockchains.
What they heard and read was that the ledger itself is a boon for accountability. It provides visibility of every transaction that happens at every step. But accountability also depends on reliable information being registered within the blockchain at each stage along the supply chain — and that is not guaranteed.
As Pimentel and her colleagues note in their paper, consider a mine that wants to hide its mistreatment of workers. Controls are needed to validate the information input at the mine and across the supply chain. “Otherwise,” they point out, “as the adage ‘garbage in, garbage out’ would predict, the benefits of a blockchain would be nil if the information it provides is not reliable.”
Similarly, it is not guaranteed that the computer code underlying the ledger is reliable. The code is what provides the steps for when and how a transaction is recorded, but that code could have bugs or errors invisible to those using the blockchain, most of whom are not IT experts. This is why the researchers argue that the code itself must have some layer of translation as well as people checking it to ensure the code is doing what is intended.
People, in fact, are one of the biggest keys to accountability, Pimentel says. “At the end of the day, human beings are the backstop. While the world is being transformed into algorithms, people forget that these algorithms are not self-sustaining.”
But, as she also notes, since permissioned blockchains are digital representations of real-world human relationships, those relationships are significant factors when considering accountability.
“Unlike a public blockchain like Ethereum, where you, me and the guy down the street are transacting together without knowing it, in a supply chain context I could have a pre-existing relationship with my supplier, and my history of trusting or not trusting him is going to impact the relationship that we have online.”
Beyond transparency
Although the researchers focused on permissioned blockchains in this paper, they hope to expand their model to show it can apply to permissionless ones as well, says Pimentel. “Think of Ethereum, for instance, and when there were major hacks. Those happened because the information wasn’t reliable, or there were errors in the code or the people behind it weren’t collaborating.”
This brings Pimentel back to what she hopes is the biggest takeaway from this research: That simply more data and transparency will not guarantee blockchain accountability.
“We can’t just blindly accept transparency as beneficial,” she says. “True transparency comes with a cost, and we have to make sure that the cost-benefit is there and that there are other accountability mechanisms in place that are constantly checking that the blockchain is doing what we want it to do.”