We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Despite our unprecedented rate of global connectivity giving buyers and sellers of goods and services direct connections with each other, due to a basic lack of trust, new centralized power centers, such as Uber and Airbnb, which merely serve as intermediaries providing enhanced trust, have emerged. These types of organizations become single points of failure and charge significant commissions from actual value creators and providers of goods and services.
In addition, these companies command massive levels of monopoly power over service and value providers in terms of setting prices and commissions as well as maintaining access to customers. These new centers of power neither own assets nor provide any direct service. They simply provide centralizing technology and enhanced trust between buyers and sellers to enable them to conduct a transaction. Banks are a similar intermediary organization from our conventional world.
Blockchain technology has the promise and potential to change this altogether. This technology could make intermediaries obsolete by imparting immutable and perpetual trust to transactions. The technology could lead to individually stored value, smart contracts and distributed ledgers, which reside perpetually on the network. Transactions and integrity of information are enforced through technology and transparency without the need for a central trust authority. This is what authors Don Tapscott and Alan Tapscott explain in the book Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World.
Intermediary trust organizations in the conventional, as well as the global, hyperconnected internet, marketplace have centralized and monopolized power and influence. Such central organizations store personal information of both buyers and sellers of services, and frequently leave their data and privacy unprotected. Buyers and sellers are forced to reveal far more information than is usually required to complete a transaction. In addition, these organizations usually actively prevent buyers and sellers from conducting business directly, thus slowing down or otherwise hampering transactions.
Imagine a world without banks, without Uber, without the distributors, without the wholesalers who charge commissions from any transaction to make a service more expensive for any buyer and less profitable for the seller. Imagine a world where the actual producers of goods and services get their full fair market share of the profits from their endeavors. Widespread adoption of blockchain technology in the areas of identity, authentication, contracts, and other financial transactions has the potential to disrupt the current centers of business and financial power and fulfill the true promise of capitalism.
In such a world, buyer and seller identities would become inherently trustworthy through identity blockchain technology. Buyers and sellers would only have to reveal sufficient information to make the transaction possible. Therefore, their privacy would be better protected, and they would always be in control of their information and share what they need to share with whomever they need to share.
The authors provide a golden eight summary of the tantalizing possibilities of blockchain in the financial sector. The authors do not necessarily predict such a world. Rather they point out the possibilities, along with the possible risks and downsides. For example, the authors point out efforts already underway to create private blockchain powerhouses, which seek to actively work against the success of the Blockchain Revolution in order to retain their hold on power.
Finance companies, auditing companies, banks, and other organizations are already working on private blockchain initiatives because the new world may make these companies irrelevant. These initiatives are counter to the very promise of blockchain, which is based on open technology and transparency. In general, while companies cannot always be trusted to act in the public good, blockchain technology is designed to be agnostic to the ethical motives of companies. Integrity is built into the technology.
Breach after breach, over the last several years, has been wreaking havoc on innocent people whose personal data are in the custody of large companies, such as Anthem, Equifax, Yahoo!, Facebook, and others. Such companies monetize the personal data of people, sometimes without adequately protecting either their data or their privacy.
Despite the massive interconnectivity of systems and people, such large concentrations of sensitive, personal data in the hands of large companies have been extremely harmful to the owners of data while providing massive profits to the custodians of these data.
A similar phenomenon exists in other service areas, such as personal banking and personal transportation services, where large organizations use other people’s money or services to make money for themselves while wielding disproportionate levels of influence over the lives of people from whose money or services they profit.
Sometimes these service providers have even failed to provide reliable and easy-to-use systems for authentication and authorization. Their overreliance on cryptic and hard-to-remember passwords, as well as forced changes at their whim, have been the bane of users without actually increasing security. Instead, these policies have dramatically reduced security.
Antiquated authentication systems, with their frequent change requirements and burdensome complexity, have forced people to write down passwords. This has also led to the rise of weak methods of password recovery and reset – all of which has been a boon to the criminal industry; once a password is compromised, the user is done. Criminals have easy access to information without needing to break the technical barriers of the system.
Blockchain technology has the promise of changing everything for the better without creating a cumbersome burden on users. This is the titillating promise that authors Don Tapscott and Alan Tapscott share in the book Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World
The book has three parts, which I have shared below.
Part One – Say You Want a Revolution, discusses what the authors call Blockchain’s Seven, which are the seven design principles of the Blockchain Revolution:
- Networked Integrity – integrity is inherent and immutable in the network.
- Distributed Power – there are no single points of failure.
- Value as Incentive – easier comparison of transaction value.
- Security – inherent security.
- Privacy – privacy is controlled by data owners and not centralized custodians.
- Rights Preserved – rights cannot be taken away.
- Inclusion – everyone can participate.
The authors explain how, despite dramatic changes in banking transactions on the outside enabled by technology, the method of clearing and reconciling these transactions on the back end has remained rooted in the 1970s technology and mainframes. Principles of accounting remain rooted in the 1500s.
They say that banks, finance, and credit organizations have reaped large fees and profits simply through monopoly power and not the creation of increased value to a transaction. Moving and storing value and transactions come with fees. In fact, banks have even eliminated simple interest payments for savers who provide them the money the banks use to produce profits.
Banks do not service almost 2 billion people around the world because these people do not have enough money or transact in such small amounts that the banks find it unprofitable to provide them with services. Blockchain technology would enable transactions of any size, including micro-transactions, and thus allow everyone full participation in the global economy.
The authors further note how, in the areas of book publishing and music, publishers and record label companies hold such power over marketing and distribution that they end up making more money than the authors and artists – the actual creators of value. Blockchain has the promise of taking back power from the distributors and giving it to the creators of products.
Banks and similar intermediaries sometimes have poor track records of protecting people’s privacy, their data, and even their money. Even preservation of property rights can fall under attack because business executives and powerful government officials cannot be trusted to act ethically at all times. Property ownership records can be lost or even forged.
Business organizations disproportionately favor executives and pay them far more than the value they create. The workers who actually create the products of value do not receive the proportionate share of their innovation and labor because power is concentrated in the hands of executives. Capitalism is not supposed to work in this manner. Capitalism promises that people who create value and work hard will receive fair market benefits of their labor and innovation.
Blockchain technology, with its inherent seven key attributes, can be a powerful game-changer for the storage and transfer of value and transactions. The revolutionary new economy enabled by blockchain technology could virtually eliminate all intermediary, unfair, unethical, and slow organizations.
Part Two – Transformations, discusses what the authors call Blockchain’s Golden Eight functions:
- Authenticating Identity and Value: This allows for robust identification of everyone through PKI based cryptography. Such a robust system of authentication and representation of value could be used in a variety of ways by rating agencies, marketing, banking, payment card networks, regulators, and a host of other organizations and systems.
- Moving Value: This would allow movement of large and small amounts of value from anyone to anyone else directly without middle agencies, latency, or intermediary transaction fees.
- Storing Value: People would no longer need banks to store their money, or worry about unreliable county property records to preserve their ownership of financial assets or real property.
- Lending Value: Direct transactions between lender and borrower could transform lending.
- Exchanging Value: Settlement time for exchange transactions could be reduced to minutes instead days or weeks. Smart contracts could eliminate downtime, fraud, censorship, or interference by third parties.
- Funding and Investing in an Asset or Organization: Peer-to-peer funding and investments could make the current concentration of powerhouses in this arena obsolete.
- Insuring Value and Managing Risk: Actuarial models could be dramatically transformed. Many people now deemed too risky because of a lack of transaction history could participate in the system much more fully at a reduced cost.
- Accounting for Value: This could fundamentally change accounting, reporting, and taxation as well as dramatically increase the transparency of all transactions and allow accurate regulation.
These functions can recreate the financial services industry, change our concepts of what business organizations are, and completely change the world we live in today. Smart ledgers, smart contracts, and smart and irrefutable identities could allow true capitalism and even democracy to flourish by enabling fuller participation by everyone. The existing systems with large concentrations of power and disproportionate rewards for executives, well-beyond their actual contributions of value to a company, run counter to true capitalism. Similarly, the outsize influence of financial powerhouses over the political system runs counter to the principles of true democracy and representation.
With integrity and trust built into the network and technology, corrupt governments, unethical politicians, and crooked business executives could find it difficult to usurp power or skim a disproportionate level of value off of the true creators of value. Such an economy could also make digital crime rather difficult to commit.
Part Three – Promises and Peril, shares the following ten implementation challenges from detractors and the entrenched beneficiaries of the current and older order that blockchain technology is likely to face:
- The Technology is Not Ready for Primetime.
- The Energy Consumed is Unsustainable.
- Government Will Stifle or Twist It.
- Powerful Incumbents of the Old Paradigm Will Usurp It.
- The Incentives are Inadequate for Distributed Mass Collaboration.
- The Blockchain is a Job Killer.
- Governing the Protocol is Like Herding Cats.
- Distributed Autonomous Agents Will Form Skynet.
- Big Brother is (Still) Watching You.
- Criminals Will Use It.
As the authors point out, blockchain technology will face massive headwinds and serious challenges, including efforts to sabotage and privatize this open source technology by governments and politicians as well as current, entrenched business organizations that stand to lose in the network economy of the future.
No revolution was ever created by the powers of an old order. Therefore, this is unlikely in the digital world, as well. During the mainframe era, the network revolution was brought about by many upstart thinkers who imagined the new world, and worked systematically to fight and dismantle the old. Sometimes this required generational changes.
Blockbuster did not create Netflix. Barnes & Nobles did not create Amazon. Kodak certainly did embrace digital photographs. Therefore, the new order of the blockchain revolution will most likely be led by people and organizations that operate and think differently, neither entrenched in nor benefiting from the old order. Such newer forms of business blockchains do exist already and are being created regularly. Ethereum, bAirbnb, and other blockchain-based value and goods sharing applications are challenging the centralization efforts of such companies as AirBnB and Uber.
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World (2016) by Don Tapscott and Alan Tapscott is a Cybersecurity Canon nominee for providing us with a well-researched and thorough explanation of blockchain technology, along with an analysis of the possibilities and perils of one of the most promising cybersecurity technologies of our time.
The book is an easy read. However, the audio narration was not performed by the authors. The narration felt perfunctory, and lacked the conviction and passion I typically sense when authors narrate their own works. The book also needs a thorough editing review to shorten the length and reduce repetitious material. Nevertheless, if anyone wants to understand the promises and perils of blockchain technology, this book is a must-read.