Distributed ledger (aka blockchain) technology is crying out for standards.
Mutual distributed ledgers (MDLs), my preferred term for the tech, hold immense promise, providing multi-organizational databases with a super audit trail, owned by no one and everyone. Hence, the term "immutable ledgers", "widely distributed" and "mutual".
It's hardly surprising, then, that developers see a host of opportunities to transform business practices and offer new services, and businesses (although slightly less clear about the vision) see a host of opportunities to cooperate where it has been difficult before.
But businesses have been here before.
In the 1980s, electronic data interchange (EDI) was all the rage. EDI gave businesses standards for data communications, typically about business processes, facilitating the exchange of business information such as purchase orders, invoices or shipping notices. A landmark framework was eventually even put forth by the United Nations, the Electronic Data Interchange for Administration, Commerce and Transport (EDIFACT), in 1987.
Then again, in the 1990s, eXtensible Markup Language (XML) was all the rage.
The then-brand-new HTML (HypterText Markup Language) of 1991 was not rich enough to transfer business documentation, so a movement for an extension began. (XML is a markup language that defines a set of rules for encoding documents so they are both human-readable and machine-readable).
HTML and XML are older than they look. IBM's GML (Generalized Markup Language), developed in the 1960s by Charles Goldfarb, Edward Mosher and Raymond Lorie, begat SGML (Standard Generalized Markup Language) as an ISO standard in 1986, that in turn begat HTML in 1991, and XML around 1996.
Most EDI initiatives transformed into XML initiatives as the World Wide Web gained momentum. A leading example is SWIFT and ISO 20022, which defines XML financial messages.
So, what has all this to do with MDLs? A lot.
Anywhere there is a big pile of XML standards (even better, if they were originally EDI standards), there is a huge, pent-up demand for organizations to communicate with each other. However, along with technical difficulties, one of the big problems preventing such communication has been the need for a central third-party to control the communications.
A single third party can create a natural monopoly it might abuse, and MDLs remove much of that risk by providing a technology that no one owns and that everyone can keep their own copy of in the event of technical failure.
Businesses hunger to talk with one another without a central third party – MDLs are the ideal tool for this and can also re-energize XML initiatives. And there are a lot of them.
ACORD for insurers, essDOCS and Bolero for shipping and trade. And on and on …
One standard to rule them all
But what about progress so far?
In April 2016, Standards Australia, a non-government, not-for-profit standards organization proposed that the International Standards Organization (ISO) extend its mandate to include blockchain as a "new field of technical activity".
Later in September, ISO appointed Standards Australia to manage the secretariat of an international technical committee for the development of blockchain standards. This is worthy, but what is really needed?
MDLs will realize their potential to contribute to economic growth when the technology is widely diffused and used, and diffusion itself results from a series of individual decisions to begin using the new technology, decisions that are often the result of a comparison of the uncertain benefits of the technology with the uncertain costs of adopting it.
It is diffusion, rather than invention or innovation, that ultimately determines the pace of economic growth and the rate of change of productivity, and until many users adopt MDL technology it may contribute little to our well-being.
The key to ensuring widespread diffusion is ensuring that MDLs are viewed as safe, reliable technology.
Regulators have two primary levers they can use: regulation and standards. Regulation is sometimes a knee-jerk response by policy makers to perceived risk. While it can be speedy and authoritative, the process to create regulations can be distanced from the participants, resulting in unnecessary burdens or unforeseen consequences.
Standards, if implemented as part of a voluntary standards market with strict certification and accreditation can be highly effective – but strict certification and accreditation are essential.
Continuing on from work in 2014 and 2015, Long Finance researched the need for MDL standards during 2016.
Sponsored by the States of Alderney, PwC and the Cardano Foundation, the research aimed to answer four questions:
- What are the potential risks associated with future widespread use of mutual distributed ledgers, and what are their implications?
- How do distributed ledgers fit within existing regulatory frameworks, and are existing laws sufficient to cover the activities supported by distributed ledgers, or is new legislation is needed?
- Would MDLs benefit from the development of standards, and which sectors and services might need MDLs most?
- What different paths could be taken to create standards?
The study consulted over 80 people involved in MDLs, looking at a variety of areas where the technology might increase risk.
Potential Risk Areas For MDLs
Three risk areas occupied the thoughts of the majority of the practitioners:
- Governance: Organizations will need to put in place many inter-organizational structures to manage MDLs. How will errors be corrected? Who will have authority to write to the ledger? Will there be a central authority who can make changes to the records, or change the entire system to help it evolve?
- Liability and responsibility: How should high risk activities such as AML and KYC be handled? Who will 'carry the can' if things go wrong? What systems are in place to manage and resolve disputes?
- Taxonomies: What exactly is any specific MDL in front of a regulator: permissioned or unpermissioned, public or private, opaque or transparent, proof-of-work or proof-of-stake? What are the tolerances and performance capabilities? These questions are of pressing concern to users but, as this is a rapidly developing field, a common language has yet to develop.
The research was published in November 2016 as "The Missing Links In The Chains? Mutual Distributed Ledger (aka blockchain) Standards", and concluded that in the majority of cases MDLs will support existing services that have existing processes and support technologies.
There will be a rich standards and regulation landscape that they must negotiate in order to be fit for purpose.
It found, too, that simpler, less regulated domains are more likely to adopt MDL approaches earlier, particularly where MDLs can solve an unaddressed problem (eg: know-your-customer, anti-money-laundering, ultimate-beneficial-ownership in financial services), and offer a difference to traditional central third party approaches (eg: meeting EU General Data Protection Regulation for the 'right to be forgotten' surrounding identity documentation).
Are new regulations needed for MDLs? MDLs will, in the majority of cases, be deployed into existing regulatory environments.
Unless regulations specifically stipulate the use of third-party intermediaries, they are likely to be sufficient to cover the activities supported by MDLs. Further, MDLs can piggy-back on existing XML work.
In a sense, the MDL is merely another way of messaging, but without a central third party and with a ‘super audit trail’.
Not so fast
Another notable conclusion was that some standards could constrain innovation too early.
While existing thematic standards, such as ISO 9000 for quality management or ISO 31000 for risk management, were probably flexible enough to cover the use of MDLs, there were three salient gaps:
- Taxonomies and performance standards need to be outcome-focused sets of definitions and characteristics, so that regulators and potential purchasers can assess MDLs based on their outputs, rather than the mechanics of how they operate.
- Data governance and liability standards need to pay fundamental attention to the civil liberty implications of data aggregation, sharing and mining.
- Commercial governance and liability standards need to structure how organizations link legally and contractually with MDLs.
So how could an appropriate voluntary standards market be established?
Three potential routes present themselves:
- ISO standards developed at a global level with national standards institutions and wider stakeholders. Standards Australia are considering this route on technical standards for blockchains. ISO standards carry immense credibility because of their well-established model for certification and accreditation, but the ISO path can be a long one.
- Publicly Available Specifications (PASs) created with a national standards institution, perhaps later rolled-out as an ISO standard. This route has the advantage of creating standards which are close to the industries they are intended for, resulting in cost-effective and streamlined solutions.
- Open process standards work up from industry participants, but can suffer from a tendency to certification and accreditation procedures, the end result can lack credibility.
"The Missing Links in the Chains" confirms that the establishment of a voluntary standards market may be beneficial in promoting MDLs by providing certainty to both users and developers, while assisting regulators in fulfilling their duties. A PAS route seems the most likely, but further consideration is needed on the scope of 'taxonomies and performance', 'data governance and liability' and 'commercial governance and liability'.
And of course, a big question lurks here, what group is prepared to pay to take independent standards forward?
Have an opinion on blockchain in 2016? A prediction for 2017? Email editors@coindesk.com to learn how you can contribute to our series.
Maze image via Shutterstock