Blockchain Technology

In the U.S. Government

Compiled and Edited by

Michael Erbschloe
Connect with Michael on LinkedIn

©2018 Michael Erbschloe

 Table of Contents
Page
Section
Number
About the Editor 2
Introduction 4
Blockchain Technology Overview NISTIR 8202 6
Blockchain at the GSA 13
Use of Blockchain in Health IT and Health-related Research
14
Challenge
Blockchain Technology: Possibilities for the U.S. Postal Service 17
Address of CFTC Commissioner J. Christopher Giancarlo 26
Blockchain Technology Explored for Homeland Security 33
ICE Homeland Security Investigations Investigative Programs 42
The U.S. Congress and Blockchain Technology 48
About the Editor

Michael Erbschloe has worked for over 30 years performing analysis of the
economics of information technology, public policy relating to technology, and
utilizing technology in reengineering organization processes. He has authored
several books on social and management issues of information technology that
were published by McGraw Hill and other major publishers. He has also taught at
several universities and developed technology-related curriculum. His career has
focused on several interrelated areas:

• Technology strategy, analysis, and forecasting

• Teaching and curriculum development
• Writing books and articles
• Publishing and editing
• Public policy analysis and program evaluation

Books by Michael Erbschloe

Threat Level Red: Cybersecurity Research Programs of the

U.S. Government (CRC Press)
Social Media Warfare: Equal Weapons for All (Auerbach Publications)
Walling Out the Insiders: Controlling Access to Improve Organizational
Security (Auerbach Publications)
Physical Security for IT (Elsevier Science)
Trojans, Worms, and Spyware (Butterworth-Heinemann)
Implementing Homeland Security in Enterprise IT (Digital Press)
Guide to Disaster Recovery (Course Technology)
Socially Responsible IT Management (Digital Press)
Information Warfare: How to Survive Cyber Attacks (McGraw Hill)
The Executive's Guide to Privacy Management (McGraw Hill)
Net Privacy: A Guide to Developing & Implementing an e-business
Privacy Plan (McGraw Hill)
Introduction

Blockchains are immutable digital ledger systems implemented in a distributed fashion (i.e.,
without a central repository) and usually without a central authority. At its most basic level, they
enable a community of users to record transactions in a ledger public to that community such that
no transaction can be changed once published.

Blockchains are a new information technology that have the potential to invert the cybersecurity
paradigm. First, blockchain networks are trustless: they assume compromise of the network by
both insiders and outsiders. Second, blockchains are transparently secure: they do not rely on
failure-prone secrets but rather on a cryptographic data structure that makes tampering both
exceptionally difficult and immediately obvious. Finally, blockchain networks are fault tolerant:
they align the efforts of honest nodes to reject those that are dishonest. As a result, blockchain
networks not only reduce the probability of compromise but also impose significantly greater
costs on an adversary to achieve it. The Air Force, for example, will research and develop
blockchain technology and leverage it for national defense.

A blockchain is a shared, distributed, tamper-resistant database that every participant on a

network can share—but that no one entity controls. In other words, a blockchain is a database
that stores digital records. The database is shared by a group of network participants, all of whom
can submit new records for inclusion. However, those records are only added to the database
based on the agreement, or consensus, of a majority of the group. Additionally, once the records
are entered, they can never be changed or erased.1 In sum, blockchains record and secure digital
information in such a way that it becomes the group's agreed-upon record of the past.

The blockchain was first proposed in 2008 by Satoshi Nakamoto (a pseudonym) in conjunction
with the cryptocurrency Bitcoin. Nakamoto's vision was to "allow online payments to be sent
directly from one party to another without going through a financial institution." However,
without a trusted central authority to oversee accounts and transactions, there would be no way to
prevent dishonest actors from spending a single Bitcoin twice. Nakamoto's solution was a
distributed database of time-stamped, consensus-based, cryptographically tagged transactions
that form a record that cannot be changed—a blockchain. Bitcoin became a reality in 2009, and
since then its market capitalization has gone from zero to more than $6.3 billion as of April
2016. Each day, some of Bitcoin's 6.6 million users exchange more than $75 million in 120,000
transactions across the network.

Bitcoin offers a noteworthy example of a blockchain's potential. All of Bitcoin's currency,

transactions, and accounts that have ever existed are recorded in a blockchain database that lives
on the open Internet. It is fully exposed to the hostile efforts of governments, criminal
organization, and hackers. Yet, the Bitcoin blockchain has never been hacked. Clearly, this
technology deserves study.
While "the blockchain" was virtually synonymous with Bitcoin for several years, it should be
made clear that they are two separate technologies. Bitcoin is just the first popular application of
blockchain, just as e-mail was the first popular application of the Internet.6 Its potential is so
vast, in fact, that advocates compare the maturity and innovative potential of blockchain
technology today to that of the Internet in 1992, an Internet before the World Wide Web.
However, because blockchain technology simply rides on the existing Internet infrastructure, the
maturity of blockchain technology is likely to progress three times faster than the Internet, with
mainstream use expected within the next eight years.

Industry has recognized the potential of blockchain technology. Since 2013 more than $1 billion
of venture capital has been invested into 120 blockchain start-ups. Aims are diverse, ranging
from finance to the tracking and trade of indivisible assets (such as diamonds and art) to digital
notary services that can serve as evidence in a court of law; however, interest has expanded
beyond just start-ups. Large, mature companies such as Lockheed Martin, IBM, and Goldman
Sachs have also begun investigating potential blockchain applications in their respective sectors.

Blockchains solve a challenging problem in data science: how to reliably exchange information
over an unreliable network on which some of the participants cannot be trusted. The blockchain
security model inherently assumes that these dishonest participants will attempt to create friction
by not only generating false data but also attempting to manipulate valid data passed from honest
participants. By using a variety of messaging and consensus techniques, blockchains ensure data
integrity by both rejecting invalid data and preventing valid data from being secretly modified or
deleted.

Blockchain technology is worthy of examination because it offers three significant advantages

over traditional cyber defense strategies. First, rather than trying to defend boundaries from
compromise, blockchains assume compromise by both adversaries and trusted insiders. They are
designed to defend data in a contested cyber environment. Second, blockchain networks harness
the aggregate power of the network to actively resist the efforts of malicious actors. Specifically,
blockchains take advantage of the asymmetry of many against few. Finally, the security that
blockchains provide is not dependent on secrets or trust. There are no passwords to be exposed,
cryptographic keys to be protected, or administrators to be trusted. Blockchains provide an
inherent security function on which additional security functions can be added, depending on the
application. As result of these advantages, blockchains are capable of operating successfully and
securely on the open Internet, without a trusted central authority, while fully exposed to hostile
actors.

This paper examines the blockchain activities of the U.S. Government.

Source: http://www.airuniversity.af.mil/CyberCollege/Portal/Article/Article/1238526/blockchain-technology/
Blockchain Technology Overview NISTIR 8202
Aiming to clarify the subject for the benefit of companies and other organizations, the National
Institute of Standards and Technology (NIST) has released a straightforward introduction to
blockchain, which underpins Bitcoin and other digital currencies.

Virtual barrels of digital ink are flowing in the media nowadays about these cryptocurrencies and
the underlying blockchain technology that enables them. Much of the attention stems either from
the giddy heights of value attained lately by the most well-known of these currencies, Bitcoin, or
from the novelty of blockchain itself, which has been described (link is external) as the most
disruptive technology since the internet. Blockchain’s proponents believe it lets individuals
perform transactions safely without the costs or security risks that accompany the intermediaries
that are required in conventional transactions.

The NIST report’s authors hope it will be useful to businesses that want to make clear-eyed
decisions about whether blockchain would be an asset to their products.

“We want to help people understand how blockchains work so that they can appropriately and
usefully apply them to technology problems,” said Dylan Yaga, a NIST computer scientist who
is one of the report’s authors. “It’s an introduction to the things you should understand and think
about if you want to use blockchain.”

The NIST document, whose full title is Draft NIST Interagency Report (NISTIR) 8202:
Blockchain Technology Overview (link is external), introduces the concept of blockchain,
discusses its use in electronic currency, and shows its broader applications.

A blockchain is essentially a decentralized ledger that maintains transaction records on many

computers simultaneously. Once a group, or block, of records is entered into the ledger, the
block’s information is connected mathematically to other blocks, forming a chain of records.
Because of this mathematical relationship, the information in a particular block cannot be altered
without changing all subsequent blocks in the chain and creating a discrepancy that other record-
keepers in the network would immediately notice. In this way, blockchain technology produces a
dependable ledger without requiring record-keepers to know or trust one another, which
eliminates the dangers that come with data being kept in a central location by a single owner.

The blockchain idea has attracted enough supporters that there are now several hundred digital
currencies on the market (link is external), and the companies that are investigating ways to
employ blockchain number many more. Because the market is growing so rapidly, several
stakeholders, customers and agencies asked NIST to create a straightforward description of
blockchain so that newcomers to the marketplace could enter with the same knowledge about the
technology.
“Blockchain is a powerful new paradigm for business,” Yaga said. “People should use it—if it’s
appropriate.”

The question is when it is appropriate. As with any new tool, there can be a temptation to employ
it purely for its novelty value. The report outlines some possible use cases, including banking,
supply chain management and keeping track of insurance transactions. The report, Yaga said,
was created partly to help IT managers make informed decisions about whether blockchain is the
right tool for a given task.

“In the corporate world, there’s always a push to adopt new technologies,” Yaga said.
“Blockchain is today’s shiny new toy, and there’s a big push to adopt it because of that.”

“We want to help people to see past the hype,” he said, “as lofty a goal as that is.”

NIST has been tasked before with writing definitions of emerging concepts in information
technology, such as the definition of cloud computing it released in 2011. While Yaga describes
the blockchain description as approachable—it’s “as high-level as I can write it,” he said—the
document is longer than some other NIST definitions because the technology combines so many
complex ideas. Among them are digital signatures, peer-to-peer networking and hash chains, all
of which are tools common in cryptography and with which NIST has had extensive
involvement.

“We don’t have any axe to grind or product to sell, though,” Yaga said. “A lot of articles you’ll
read online feature a disclaimer indicating that the author owns a certain amount of
cryptocurrency or stock in a company. I have no vested interest in the monetary value of these
networks. But we don’t pass judgment on the technology; we just want to get past the rumors.”

To that end, Yaga said, the document began as a sort of FAQ addressing falsehoods the authors
had come across—such as the idea that there was no need for trust in the system. (“You do need
trust,” he said, “just not a trusted third party, like a bank.”) It expanded to discuss the technical
tools common to most blockchain-based systems and also explored related issues, such as the
high demands blockchain systems place on network resources. The roughly 60-page report might
enlighten anyone who wants a picture of blockchain that is not skewed to any players’ interests,
but will give perspective to technical decision makers in particular.

“A company’s IT managers need to be able to say, we understand this, and then be able to argue
whether or not the company needs to use it based on that clear understanding,” he said. “Some
people are saying you should use it everywhere for everything. We wrote with the perspective
that you shouldn’t use it if it’s not necessary.”

Source: https://www.nist.gov/news-events/news/2018/01/nist-report-blockchain-technology-
aims-go-beyond-hype
This publication is intended to provide a high-level technical overview of blockchain technology.
It discusses its application for electronic currency as well as broader uses. The document looks at
different categories and approaches for different blockchain platforms.

This document is intended to help readers to understand the technologies which comprise
blockchain systems and to understand how blockchains can be appropriately and usefully applied
to technology problems.

Section 1 provides an introduction to the topic of blockchain technology.

Section 2 defines the high-level components of a blockchain system architecture, including

hashes, transactions, ledgers, blocks, and blockchains.

Section 3 discusses how a blockchain is expanded through the addition of new blocks
representing sets of transactions.

Section 4 examines the need for consensus models to resolve conflicts among blockchain
mining nodes.

Section 5 introduces the concept of forking.

Section 6 defines and discusses smart contracts.

Section 7 looks at blockchain permission models, discusses their application considerations,

and provides use case examples for each model.

Section 8 provides several examples of blockchain platforms in use today to indicate the
variations from one platform to another.

Section 9 highlights some of the limitations of blockchain technology.

Section 10 gives a short conclusion for the document.

Appendix A contains a glossary for selected terms defined in the document.

Appendix B provides a list of acronyms and abbreviations used in the document.

Appendix C defines the references used throughout the document.

Source: https://csrc.nist.gov/publications/detail/nistir/8202/draft#pubs-abstract-header
Executive Summary

Blockchains are immutable digital ledger systems implemented in a distributed fashion

(i.e.,without a central repository) and usually without a central authority. At their most basic
level, they enable a community of users to record transactions in a ledger that is public to that
community, such that no transaction can be changed once published. In 2008, the blockchain
idea was combined in an innovative way with several other technologies and computing concepts
to enable the creation of modern cryptocurrencies: electronic money protected through
cryptographic mechanisms instead of a central repository. The first such blockchain based
approach was Bitcoin. These currency blockchain systems are novel in that they store value, not
just information. The value is attached to a digital wallet—an electronic device (or software) that
allows an individual to make electronic transactions. The wallets are used to sign transactions
sent from one wallet to another, recording the transferred value publicly, allowing all participants
of the network to independently verify the validity of the transactions. Each participant can keep
a full record of all transactions, making the network resilient to attempts to alter that record (or
forge transactions) later.

Because there are countless news articles and videos describing the “magic” of the blockchain,
this paper aims to describe the method behind the magic (i.e., how a blockchain system works).
Arthur C. Clarke once wrote, “Any sufficiently advanced technology is indistinguishable from
magic” [1]. Clarke’s statement is a perfect representation for the emerging use cases for
blockchain technology. There is a high level of hype around the use of blockchains, yet the
technology is not well understood. It is not magical; it will not solve all problems. As with all
new technology, there is a tendency to want to apply it to every sector in every way imaginable.

This document attempts bring a high-level understanding of the technology so that it can be
applied effectively.

As stated above, blockchain technology is the foundation of modern cryptocurrencies, so named

because of blockchain’s heavy usage of cryptographic functions. Users utilize public and private
keys to digitally sign and securely transact within the system. Users of the blockchain may solve
puzzles using cryptographic hashing in hopes of being rewarded with a fixed amount of the
cryptocurrency. However, blockchain technology is more broadly applicable than its application
to cryptocurrencies. In this work, we try to show this broader applicability while still focusing to
a large extent on the cryptocurrency use case (since that is the primary use case today).

Organizations considering implementing blockchain technology need to understand important

aspects of the technology. For example, what happens when an organization implements a
blockchain system and then decides they need to make modifications to the data stored? When
using a database, this can be accomplished through a simple query (or major changes can be
made by updating the database schema or software). However, on a blockchain, it is much more
difficult to change data or update the ‘database’ software. Organizations need to understand the
extreme difficulty in changing anything that is already on the blockchain, and that changes to the
blockchain software may cause forking of the blockchain. Another critical aspect of blockchain
technology is how the participants agree that a transaction is valid. This is called “reaching
consensus”, and there are many models for doing so, each with positives and negatives for a
specific business case.

Some existing blockchain technologies focus on storing wealth, while 154 others are a platform
for smart contracts (software which is deployed on the blockchain itself, and executed by the
computers running that blockchain). New blockchain technologies are being developed
constantly to enable new use cases and to improve the efficiency of existing systems. Some
blockchain implementations are permissionless, meaning anyone can read and write to them.

Other implementations limit participation to specific people or companies, allow finer-grained

controls, and may be managed by a central entity. Knowing these specifics allows an
organization to understand what will be most applicable to its needs.

Despite the many variations of blockchain systems and the rapid development of new
technologies, most blockchains use some common core concepts. Each transaction involves one
or more addresses and a recording of what happened, and it is digitally signed. Blockchains are
comprised of blocks, each block being a group of transactions. All the transactions in a block are
grouped together, along with a cryptographic hash of the previous block. Finally, a new hash is
created for the current block’s header to be recorded within the block data itself as well as within
the next block. Over time, each block is then chained to the previous block in the chain by
adding the hash of the previous block to the header of the current block.

Each technology used in a blockchain system takes existing, proven concepts and merges them
together in a way that can address problems that were previously difficult. This document
explores the fundamentals of how blockchain technologies work, how the participants in the
network come to agree whether a transaction is valid, what happens when changes need to be
made to an existing blockchain deployment, and how permissions work. Additionally, this
document explores specific blockchain applications and examples of when to consider using a
blockchain system.

The use of blockchain technology is not a silver bullet, and there are issues that must be
considered such as how to deal with malicious users, how controls are applied, and the
limitations of any blockchain implementation. That said, blockchain technology is an important
concept that will be a basis for many new solutions.

For more information visit https://csrc.nist.gov/publications/detail/nistir/8202/draft#pubs-

abstract-header
Table of Contents
182 Executive Summary ..................................................................................................... iv
183 1 Introduction ............................................................................................................ 9
184 1.1 Background and History.................................................................................. 9
185 1.2 Purpose and Scope ...................................................................................... 10
186 1.3 Notes on Terms ............................................................................................ 10
187 1.4 Document Structure...................................................................................... 10
188 2 Blockchain Architecture...................................................................................... 12
189 2.1 Hashes.......................................................................................................... 12
190 2.2 Transactions ................................................................................................. 13
191 2.3 Asymmetric-Key Cryptography ..................................................................... 13
192 2.4 Addresses and Address Derivation............................................................... 14
193 2.4.1 Private Key Storage............................................................................ 14
194 2.5 Ledgers......................................................................................................... 15
195 2.6 Blocks ........................................................................................................... 19
196 2.7 Chaining Blocks ............................................................................................ 23
197 3 Blockchains in Operation.................................................................................... 23
198 4 Consensus............................................................................................................ 26
199 4.1 Proof of Work Consensus Model .................................................................. 26
200 4.2 Proof of Stake Consensus Model ................................................................. 29
201 4.3 Round Robin Consensus Model ................................................................... 30
202 4.4 Ledger Conflicts and Resolutions ................................................................. 30
203 5 Forking.................................................................................................................. 33
204 5.1 Soft Forks ..................................................................................................... 33
205 5.2 Hard Forks .................................................................................................... 33
206 5.3 Cryptographic Changes and Forks ............................................................... 34
207 6 Smart Contracts ................................................................................................... 35
208 7 Blockchain Categorization .................................................................................. 36
209 7.1 Permissioned ................................................................................................ 36
210 7.1.1 Application Considerations for Permissioned Blockchains ................. 36
211 7.1.2 Use Case Examples........................................................................... 37
212 7.2 Permissionless.............................................................................................. 38
213 7.2.1 Application Considerations for Permissionless Blockchains............... 38
NISTIR 8202 (DRAFT) BLOCKCHAIN TECHNOLOGY OVERVIEW
vii
214 7.2.2 Use Case Examples........................................................................... 38
215 8 Blockchain Platforms .......................................................................................... 40
216 8.1 Cryptocurrencies........................................................................................... 40
217 8.1.1 Bitcoin (BTC) ...................................................................................... 40
218 8.1.2 Bitcoin Cash (BCC) ............................................................................ 41
219 8.1.3 Litecoin (LTC)..................................................................................... 41
220 8.1.4 Ethereum (ETH) ................................................................................. 41
221 8.1.5 Ethereum Classic (ETC)..................................................................... 41
222 8.1.6 Dash (DASH)...................................................................................... 42
223 8.1.7 Ripple (XRP) ...................................................................................... 42
224 8.2 Hyperledger .................................................................................................. 42
225 8.2.1 Hyperledger Fabric............................................................................. 42
226 8.2.2 Hyperledger Sawtooth........................................................................ 43
227 8.2.3 Hyperledger Iroha............................................................................... 43
228 8.2.4 Hyperledger Burrow............................................................................ 43
229 8.2.5 Hyperledger Indy ................................................................................ 43
230 8.3 MultiChain..................................................................................................... 43
231 9 Blockchain Limitations and Misconceptions..................................................... 44
232 9.1 Blockchain Control ........................................................................................ 44
233 9.2 Malicious Users............................................................................................. 44
234 9.3 No Trust ........................................................................................................ 45
235 9.4 Resource Usage ........................................................................................... 45
236 9.5 Transfer of Burden of Credential Storage to Users....................................... 46
237 9.6 Private/Public Key Infrastructure and Identity ............................................... 46
238 10 Conclusions.......................................................................................................... 47
239
240 List of Appendices
241 Appendix A— Acronyms ............................................................................................ 48
242 Appendix B— Glossary .............................................................................................. 50
243 Appendix C— References .......................................................................................... 55
244
245 List of Tables and Figures
246 Table 1: Examples of Inputs and SHA-256 Digest Values ............................................ 12
NISTIR 8202 (DRAFT) BLOCKCHAIN TECHNOLOGY OVERVIEW
viii
247 Table 2: Example Transaction....................................................................................... 13
248 Figure 1 - A simple network maintaining a copy of a ledger across nodes.................... 16
249 Figure 2 - Submitting a Transaction to a Node, waiting in the Pending Transaction List
250 ............................................................................................................................... 17
251 Figure 3 - Transaction 4 information transmitted from node to node............................. 18
252 Figure 4 - Transaction 4 has been included into a block, nodes are transmitting the
253 information; the final node has not yet received the latest information................... 19
254 Figure 5: Example of a Merkle Tree .............................................................................. 21
255 Figure 6: Blockchain with Merkle Tree .......................................................................... 22
256 Figure 7: Generic Chain of Blocks................................................................................. 23
257 Figure 8: Transaction Being Added to Unspent Transaction Pool................................. 24
258 Figure 9: Finalized Block (Generalized) ........................................................................ 25
259 Figure 10: Distributed Network in Conflict ..................................................................... 31
260 Figure 11: Blockchains in Conflict ................................................................................. 31
261 Figure 12: Chain B Adds the Next Block ....................................................................... 32
262 Table 3: Impact of Quantum Computing on Common Cryptographic Algorithms .......... 34
263
Blockchain at the GSA
Federal agencies are eager to better evaluate and adopt distributed ledger technologies (like
blockchain) that use encryption and coding to improve transparency, efficiency and trust in
information sharing. Blockchain use cases that agencies submit for exploration touch many parts
and processes of an organization, including:

Financial management

Procurement

IT asset and supply chain management

Smart contracts

Patents, Trademarks Copyrights, Royalties

Government-issued credentials like visas, passports, SSN and birth certificates

Federal personnel workforce data

Appropriated funds

Federal assistance and foreign aid delivery

GSA’s Emerging Citizen Technology Office launched the U.S. Federal Blockchain program for
federal agencies and U.S. businesses who are interested in exploring distributed ledger
technology and its implementation within government.

We hosted the first U.S. Federal Blockchain Forum on July 18, 2017, uniting more than 100
federal managers from dozens of unique agencies to discuss use cases, limitations, and solutions.
Agency teams submitted their own potential use cases for blockchain technology to our current
repository of almost 200 submissions.

Get Involved: If you are a government employee with a .gov or .mil email address, join our
Federal Blockchain Community.

To join our public listserv for Blockchain, contact listserv@listserv.gsa.gov with the message
body“SUB BlockchainPublic.”

Source: https://www.gsa.gov/technology/government-it-initiatives/emerging-citizen-technology/blockchain
Use of Blockchain in Health IT and Health-related Research Challenge
The goal of this Ideation Challenge was to solicit White Papers that investigate the relationship
between Blockchain technology and its use in Health IT and/or health-related research. The
paper should discuss the cryptography and underlying fundamentals of Blockchain technology,
examine how the use of Blockchain can advance industry interoperability needs expressed in the
Office of the National Coordinator for Health Information Technology's (ONC) Shared
Nationwide Interoperability Roadmap, as well as for Patient Centered Outcomes Research
(PCOR), the Precision Medicine Initiative (PMI), delivery system reform, and other healthcare
delivery needs, as well as provide recommendations for Blockchain's implementation. In
addition to a monetary award, winners may also have the opportunity to present their White
Papers at an industry-wide "Blockchain & Healthcare Workshop" co- hosted by ONC and NIST.

ONC selected the winning papers based on several factors, including the papers’ proposed
solutions or recommendations for market viability; creativity; ability to inform and foster
transformative change; and potential to support a number of national health and health
information objectives, including advancing the flow of health information for where and when it
is needed most.

The final winners were:

1. Blockchain and Health IT: Algorithms, Privacy, and Data [PDF – 507 KB]. A peer-
to-peer network that enables parties to jointly store and analyze data with complete
privacy that could empower precision medicine clinical trials and research.
Authors: Ackerman Shrier A, Chang A, Diakun-thibalt N, Forni L, Landa F, Mayo J, van
Riezen R, Hardjono, T.
Organization: Project PharmOrchard of MIT’s Experimental Learning “MIT FinTech:
Future Commerce.”

2. Blockchain: Securing a New Health Interoperability Experience [PDF – 609 KB].

Blockchain technologies solutions can support many existing health care business
processes, improve data integrity and enable at-scale interoperability for information
exchange, patient tracking, identity assurance, and validation.
Authors: Brodersen C, Kalis B, Mitchell E, Pupo E, Triscott A.
Organization: Accenture LLP
3. Blockchain Technologies: A Whitepaper Discussing how Claims Process can be
Improved [PDF – 1 MB]. Smart contracts, Blockchain, and other technologies can be
combined into a platform that enables drastic improvements to the claims process and
improves the health care experience for all stakeholders.
Author: Culver K.
Organization: Unaffiliated
4. Blockchain: Opportunities for Health Care [PDF – 787 KB]. Presentation of an
implementation framework and business case for using Blockchain as part of health
information exchange to satisfy national health care objectives.
Authors: Krawiec RJ, Barr D, Killmeyer K, Filipova M, Nesbit A, Israel A, Quarre F,
 Fedosva K, Tsai L.
Organization: Deloitte Consulting LLP
5. A Case Study for Blockchain in Healthcare: “MedRec” Prototype for Electronic
Health Records and Medical Research Data [PDF - 591 KB]. A decentralized record
management system to handle electronic health records, using Blockchain technology
that manages authentication, confidentiality, accountability and data sharing.
Authors: Ekblaw A, Azaria A, Halamka J, Lippman A.
Organizations: MIT Media Lab, Beth Israel Deaconess Medical Center
6. The Use of a Blockchain to Foster the Development of Patient-Reported Outcome
Measures [PDF – 195 KB]. Use of the Internet of Things in combination with
Blockchain technology for Patient Reported Outcome Measures (PROMs).
Author: Goldwater JC.
Organization: National Quality Forum
7. Powering the Physician Patient Relationship with ‘HIE of One’ Blockchain Health
IT [PDF-162 KB]. ‘HIE of One’ links patient protected health information (PHI) to
Blockchain identities and Blockchain identities to verified credential provider institutions
to lower transaction costs and improves security for all participants.
Author: Gropper A.
Organization: Unaffiliated
8. Blockchain: The Chain of Trust and its Potential to Transform Healthcare – Our
Point of View [PDF- 249 KB]. Potential uses of Blockchain technology in health care
including a detailed look at health care pre-authorization payment infrastructure,
counterfeit drug prevention and detection and clinical trial results use cases.
Organization: IBM Global Business Service Public Sector
9. Moving Toward a Blockchain-based Method for the Secure Storage of Patient
Records [PDF – 270 KB]. Use of Blockchain as a novel approach to secure health data
storage, implementation obstacles, and a plan for transitioning incrementally from current
technology to a Blockchain solution.
Author: Ivan D.
Organization: Unaffiliated
10. ModelChain: Decentralized Privacy-Preserving Health Care Predictive Modeling
Framework on Private Blockchain Networks [PDF – 272 KB]. ModelChain is a
framework used to adapt Blockchain to enable privacy-preserving health care predictive
modeling and to increase interoperability between institutions.
Authors: Kuo T, Hsu C, Ohno-Machado L.
Organizations: Health System Department of Biomedical Informatics, University of
California San Diego, La Jolla, CA Division of Health Services Research &
Development, VA San Diego Healthcare System.
11. Blockchain for Health Data and Its Potential Use in Health IT and Health Care
Related Research [PDF – 1.5 MB]. A look at Blockchain based access-control manager
to health records that advances the industry interoperability challenges expressed in
ONC’s Shared Nationwide Interoperability Roadmap.
Authors: Linn L, Koo M.
Organization: Unaffiliated
12. A Blockchain-Based Approach to Health Information Exchange Networks [PDF-402
KB]. A Blockchain-based approach to sharing patient data that trades a single
 centralized source of trust in favor of network consensus, and predicates consensus on
proof of structural and semantic interoperability.
Authors: Peterson K, Deedvanu R, Kanjamala P, Boles K.
Organization: Mayo Clinic
13. Adoption of Blockchain to enable the Scalability and Adoption of Accountable Care
[PDF-500 KB]. A new digital health care delivery model that uses Blockchain as a
foundation to enable peer-to-peer authorization and authentication.
Author: Prakash R.
Organization: Unaffiliated
14. A Blockchain Profile for Medicaid Applicants and Recipients [PDF – 190 KB]. A
solution to the problem churning in the Medicaid program that illustrates how health IT
and health research could leverage Blockchain-based innovations and emerging artificial
intelligence systems to develop new models of health care delivery.
Authors: Vian K, Voto A, Haynes-Sanstead K.
Organization: Blockchain Futures Lab - Institute for the Future
15. Blockchain & Alternate Payment Models [PDF - 601KB]. Blockchain technology has
the potential to assist organizations using alternative payment models in developing IT
platforms that would help link quality and value.
Author: Yip K.
Organization: Unaffiliated

Source: http://wayback.archive-it.org/3926/20170128063822/https://www.hhs.gov/about/news/2016/08/29/onc-
announces-blockchain-challenge-winners.html
Blockchain Technology: Possibilities for the U.S. Postal Service
At its core, blockchain technology is a way to transfer any kind of data or information in a fast,
tracked, and secure way without the need for an intermediary institution. Initially developed to
allow peers to directly exchange digital currency faster and at lower cost, blockchain is now
yielding a variety of promising new solutions beyond financial services. It is difficult to
understand the full potential of these new applications at this formative stage, but they include
property transfers, the execution of contracts, authentication services, device management, and
records management.

• Blockchain technology is a new way to transfer any kind of data or information in a fast,
tracked, and secure manner without need for an intermediary.
• Major companies, such as Citibank and Australia Post, are beginning to research and
experiment with this technology in order to provide new and more efficient services.
• The Postal Service could benefit from use of this technology – particularly regarding
financial services, identity services, supply chain management, and device management –
and should consider exploring and experimenting with it.

Despite their novelty, these applications are beginning to gain traction with major companies and
government entities, from Citibank and JPMorgan Chase to the Estonian government and
Australia Post. These organizations are researching or experimenting with blockchain technology
in order to keep better records and provide new and more efficient services.

The U.S. Postal Service Office of Inspector General contracted with Swiss Economics in order to
better understand blockchain technology’s features and capabilities, as well as identify potential
areas of interest for the Postal Service.

One major area is financial services. The Postal Service could use blockchain technology to
improve the back-end of its financial products, such as international money transfers and money
orders. A blockchain-based financial platform could digitize and streamline the services, making
them faster and cheaper for both the Postal Service and its customers. In the long-term,
blockchain technology could also be useful to the Postal Service in other areas such as identity
services, supply chain management, and device management.

While blockchain was originally developed as part of digital currency, people are realizing that
at its core, it is a way to transfer any kind of information in a fast and private way and that it can
be useful for any kind of information or value transfer that typically involves an intermediary.
This realization has spurred intense development activity in the market. In fact, people in the
field are comparing it to the early stages in the development of the Internet, and there are similar
levels of capital investment in startups related to blockchain services and applications as there
was in the development of the Internet in the mid-1990s. Just as the Internet relies on services
such as browsers and email clients to help consumers access its capabilities, blockchain
technology’s utility and continued development will rely on innovation by new service
providers.

Since the blockchain mechanism was originally conceived as a financial exchange tool for
Bitcoins, much of the innovation activity so far has been in financial applications. It is important
to note, however, that a coin on a blockchain could easily represent more than Bitcoins or
money. It could represent a house, a car, a stock, or even a vote or an identity. Arguably, a coin
could represent any kind of information or any piece of data. It is this realization that is sparking
growth in this sector, including the development of new applications and increased interest in
this technology by major players.

New Applications and Services

Developers are beginning to create and market novel uses of blockchain, which has the potential
to disrupt any sector that uses intermediaries to verify or track the transfer of information. Some
of the major application areas include financial services, the transfer of property, the execution of
contracts, authentication services, network and device management, and records management.
This has led the Institute of Electrical and Electronics Engineers to suggest that “the possibilities
are endless and that money is only the first, and perhaps the most boring, application enabled by
Bitcoin technology.”

Strengths and Weaknesses of Blockchain Technology

Blockchain transactions are quite different from typical transactions. They have unique attributes
that offer users a number of potential benefits. These benefits are what have sparked the interest
in this technology and innovation in this area. On the other hand, as with any new technology,
there are still many challenges associated with blockchain that are important to consider.

The OIG collaborated closely with Swiss Economics to outline the benefits and shortcomings of
blockchain technology. These strengths and weaknesses emerged within the context of financial
applications of blockchain, but they also apply to other application areas.

Strengths

Lower Cost of Transactions

Due to the decentralized nature of blockchains, users have the ability to make online transactions
for a fraction of the fees charged by current intermediaries such as financial or legal institutions.
Credit card companies charge a fee per transaction for processing, which is a cost that is usually
borne by merchants but which can also be passed along to buyers through higher prices or an
additional fee for purchasing with a credit card. Remittance service providers charge senders an
average of 8 percent to transfer money to family overseas. In the financial services sector alone,
Spanish bank Santander estimates that blockchain technology could save banks around the world
$15-20 billion annually in settlement, regulatory, and cross-border payment costs. Outside of the
financial services sector, IBM has suggested that blockchain can help reduce infrastructure and
maintenance costs of scaling the Internet of Things by allowing connected devices to “share
computing resources without dependency on a central cloud or server, thereby optimizing
resource utilization and cost.” Other cost savings of the technology are only just beginning to be
investigated.

Faster Transactions

Blockchain transactions are processed much more quickly than most traditional data transfer
systems, usually in a matter of minutes. With blockchain, time is saved by the elimination of
intermediary institutions such as clearinghouses that make sure banks or others parties have
matching records. This feature is especially significant when it comes to payments, which can
take hours, days, or even weeks to process. For example, when trading stocks or bonds, it usually
takes 3 days for a transaction to settle and for the participants to have their funds available.35
This is true even for electronic transactions where the information exchange may be immediate,
but it may take 3 days to receive payment. Real estate sales are also costly and time-intensive,
often taking weeks to schedule a time for closing with thousands of dollars in closing costs. With
smart property, selling a house could be as simple as transferring a coin. Other applications, such
as not having to present yourself in-person to vote or notarize a document could save time and
increase the convenience of these processes. Blockchain allows for faster, more efficient, and
more customizable transactions.

Geographical Freedom of Transactions

Transactions across a blockchain are not bound to geographical limits. Given the virtual nature
of the system, it does not matter whether an individual sends data to a neighbor or to someone on
the other side of the world. In addition, as blockchains do not use intermediaries, which are
bound by country-specific regulations, transactions can cross national borders with less friction.
This makes blockchain well suited for international transactions.

Irreversibility of Transactions

Blockchain-based payments are irreversible; once a payment is issued, it can only be reversed by
asking the receiver to pay the same amount back in another transaction. This feature is ideal for
lowering transaction risk for a payment recipient, allowing merchants to be sure that buyers
cannot cancel a payment after the sale of a good or service (the way they can with credit card
purchases). This alleviates fraud risks and payment security costs for merchants. On the other
hand, buyers may not view this as an advantage. This is because conventional card- and bank-
based payment providers, acting on behalf of the buyer, can reverse transactions in order to
protect buyers against fraud, such as being overcharged or if a good is defective. However, the
irreversibility feature is not only beneficial to merchants. It applies to other application areas as
well; including the transfer of property where there would be no way, for example, for someone
selling a house on a blockchain to reverse the transaction and get the deed back after receiving
payment. This feature would also mean that records could not be tampered with, altered, or
undone after they have been created, making blockchain a highly transparent and auditable
records management tool.

Increased Privacy of Transactions

Currently, completing an ecommerce transaction or enacting a legally binding contract requires

participants to disclose their personal information to another party, such as an ecommerce
platform. Transferring information across a blockchain is similar to paying with cash: there is no
need to disclose any personal information such as a person’s name, address, credit history, or
credit card number. Individuals only disclose their wallet information, which is an alphanumeric
“address.” In addition to protecting user privacy, blockchain transactions greatly reduce the risks
of identity theft and fraud that are common with other forms of transaction or payment, such as
credit cards.

Weaknesses

Technological Barriers

Blockchain is new and very different from most of the traditional technologies that people use.
As such, in its current form, it requires above-average computer literacy to use properly, which
acts as a barrier to entry for businesses and individuals that are interested in applications but do
not know where to begin. This can limit access to the new technology for non tech-savvy users,
and can expose them to fraud risks. Further, blockchain’s decentralization means that there is no
central customer care resource if users need assistance.

Security Concerns

Although the Bitcoin blockchain has so far not been compromised, service providers (such as
wallet providers or exchange services), are vulnerable to attacks. Furthermore, the privacy of
transactions seen as a benefit to many is also a security concern. Not knowing the identity of the
individual on the other side of the transaction makes it difficult to resolve issues that may arise
and can place users at risk for fraud.

Limited Access

At present, access to blockchain applications is provided by online exchanges. Physical

touchpoints, such as Bitcoin ATMs and other physical service locations, are scarce and scattered.
Service platforms are mostly new start-up firms with little reputation and lack physical exchange
points.

Regulatory Uncertainty

A lot of progress has been made in recent years, but there is still no international — or even
interstate — agreement about how to regulate blockchain applications. Current regulations focus
on financial applications of blockchain technology. It remains to be seen how applications such
as smart contracts, smart property, and records management will be regulated. Up to this point,
some government entities have emphasized instituting consumer protections while letting
innovation continue to develop, but others have imposed more restrictive regulations. For
example, the state of New York requires a “BitLicense” for businesses operating in this space,
causing many startups to leave the state. This regulatory uncertainty, coupled with speculation,
has led to other problems, such as exchange rate volatility in the cryptocurrency applications
such as Bitcoin.

Potential Postal Blockchain Applications

Many of the novel applications that the blockchain community is currently exploring are in
service areas where the Postal Service is already active, which might make blockchain a
worthwhile technology for the Postal Service to consider. The following applications could be of
particular interest to the Postal Service:

Financial Services

The Postal Service currently offers some basic financial services, including international
electronic money transfers. To provide these services through a digital format that could be
cheaper and more efficient for both the customers and the Postal Service, Swiss Economics
suggests leveraging blockchain technology through the creation of a financial platform, that they
term a Postcoin platform. Although financial applications on the blockchain do not need
intermediaries to function, having a trusted entity like the Postal Service acting to facilitate its
fair, affordable, and transparent use may help address many of the challenges that currently
prevent individuals and businesses from taking advantage of this technology.44 For example, the
Postal Service could provide multichannel access and assistance online at USPS.com, through
the USPS mobile app, and in-person through carriers or at post offices. Postcoin could not only
benefit users but the international postal network, for example, by allowing for faster, direct
transactions between posts. Furthermore, embracing new payment technologies and adapting to
the changing wants and needs of customers could help the Postal Service remain relevant in a
market where the use of electronic money increasingly dominates.

Creation of a Postcoin Platform — Two Options

The creation of the Postcoin platform could follow two different paths. One option is to “buy in”
to an existing, public blockchain.

A postal operator would first have to acquire some coins. Once the post owns the coins, it could
add an additional layer of information to each coin, or fraction of a coin, to mark it as
representing a specific and distinct asset — in this case, a Postcoin.
After exchanging money into Postcoin, users can exchange them freely and directly over the
existing public blockchain. The advantage of buying into an existing and already widely used
platform is that the post does not have to foot the bill for the costs to maintain the validation
system or to secure the payment network.

The other option would be to create a brand new blockchain altogether. The Postal Service could
use the Bitcoin protocol, another open source software, or create their own.46 Through the
creation of such an enterprise blockchain platform, the Postal Service could maintain control
over the platform and its features. This would help avoid many of the shortcomings listed above,
addressing security and access issues while still bringing the benefits of speed, low cost, and
auditability of the blockchain.

A Global Postal Payment Platform

Although the Postal Service could develop its own platform, Postcoin would be strongest as a
global postal money transfer and payment platform. Postal operators around the world have an
unmatched physical presence that extends across more than 600,000 post offices worldwide,
including areas where rates of financial exclusion are higher. Since a global Postcoin system
would need national postal operators to interoperate, the Universal Postal Union (UPU) could be
the governance body for a global Postcoin platform, setting standards, determining regulations,
providing support for settling accounts between posts, and setting the value of the Postcoin. The
UPU is well-positioned for this because it already manages a global money transfer and payment
platform that is used by many countries and coordinates payments between operators for
settlement of terminal dues.

Benefits of Postcoin

The Postal Service currently has a steady money transfer business, but use of blockchain could
help improve and expand that service. For example, the Postal Service currently offers
international money transfers. However, these services are currently only cashable in a limited
number of countries. The flexibility and convenience associated with the Postcoin could
potentially allow the expansion of electronic money transfer services to anyone in the world.
Postcoin would not only allow these services to be conducted at a lower cost to both the Postal
Service and its customers, but it might also help the Postal Service modernize and expand the
reach of its financial services. Additionally, the Postcoin could be used for transactions directly
between posts.

These enhancements to existing financial services are actionable in the short-term, and over time,
the Postal Service could naturally expand into new product areas. For example, the Postal
Service could offer blockchain-based escrow services, acting as the trusted and neutral third
party for transactions that take place both in the real world and online. This type of service would
be especially beneficial for peer-to-peer commerce. Additionally, the Postal Service could offer
currency exchange services. This service could allow the traveler to obtain foreign currency at
ATMs or post offices at lower transaction and exchange rate fees.

In the long-term, the Postal Service’s experience with blockchain technology in financial
applications could further expand into nonfinancial application areas that would be enabled by
the technology. In the following sections, we outline three other blockchain applications of
potential interest to the Postal Service.

Identity Services

In order to facilitate safe and transparent financial transactions across a blockchain — either a
postal or a nonpostal blockchain — the Postal Service could offer identity verification services.
The lack of verified identities presents a security issue, a weakness of blockchain discussed
above, and places users at risk for fraud. A verified digital identity would allow users to know
that the peers they are transacting with are real and have proof of ownership.

The Postal Service could verify identities in-person at a post office by using an identification
card, such as a driver’s license, or a biometric ID, such as a fingerprint. The Postal Service could
further link that virtual identity used by the customer to operate within a blockchain system with
real-world identifiers, such as a person’s postal address. Customers could use these verified
identities to login to secure websites, notarize documents, or participate in smart contracts.

The Postal Service already has experience identifying customers for its own services and for
services that it offers to other agencies. For example, many post offices process passport
applications for the Department of State, an identification process that involves verifying both
proof of identity and proof of U.S. citizenship.52 The Postal Service is also familiar with
managing login information for secure government sites through the Federal Cloud Credentialing
Exchange (FCCX) program.

Identity services are one of the biggest areas of opportunity in the blockchain community, and
the Postal Service, as a highly trusted government agency, would be well-suited for a role in
identity verification.

Device Management

Another potential application of blockchain technology is using it to secure and maintain the
Internet of Things — the network of connected devices sensing the environment and acting upon
collected data. Blockchain may be a viable way for the Postal Service to build and manage an
Internet of Postal Things at a lower cost than traditional, centralized methods. As the Internet of
Postal Things scales and thousands of more devices are brought online, blockchain’s
decentralized control and verification system could potentially allow devices to more securely
record and transfer data. This would also help increase the security of the overall network by
removing the risks associated with single points of access, as exists in centralized networks.
In addition, device management through a blockchain could strengthen the ability of devices to
actually act upon the information

they collect.57 With blockchain technology, peer networks of devices would be able to
“negotiate” directly with internal and external stakeholders or even other connected devices to,
for example, share power resources or contract for maintenance services and part replacement.
This could help reduce the infrastructure and maintenance costs of managing the whole system
and increase its efficiency.

Imagine if postal vehicles and sorting equipment could manage their own tracking, monitoring,
and maintance. For example, a vehicle could monitor the performance of its brake pads,
determine when one is about to wear out, find out if that part is still under warranty, create a
contract with the manufacturer to install a replacement part, and then pay for the brake pad and
service — all autonomously. In general, “predictive maintenance” of vehicles has already
demonstrated cost savings in other industries, and would help to reduce both regular and
overtime hours at postal Vehicle Maintenance Facilities. Predictive maintenance alone could
potentially help the Postal Service save 7 percent of current fleet costs, and increasing the level
of automation through use of blockchain could create further efficiencies.

Supply Chain Management

A final application that might also prove useful for the Postal Service is better supply chain
management: using blockchain to identify packages and mail in the same way individuals can be
identified. As mentioned previously, blockchain removes the need for trust between parties,
allowing it to coordinate the activities between parties more efficiently. The Postal Service has a
number of customers, partners, contractors and other stakeholders that it coordinates with,
including: other posts, customs agencies, shipping partners (UPS and FedEx), long-haul trucking
drivers, mailers, and recipients. Using blockchain to manage interactions between these different
entities could speed up shipments, particularly international ones.

Imagine if each mailpiece was embedded with a sensor that could keep track of its own chain of
custody while executing smart contracts for payment and customs clearance. Each mailpiece,
whether a parcel or letter, could be uniquely identified on a blockchain and have the ability to
create transactions, allowing for the timely sharing of information and processing of payments.

It would currently be prohibitively expensive to tag every piece of mail with a sensor. However,
it may be possible that the Postal Service could initially use the blockchain approach on high-
value shipments in its early adoption stages and then rely on downward pressure on the cost of
sensors to expand the feasibility of wider use over time.

This application would allow the Postal Service to keep an auditable chain of custody and embed
additional shipment and tracking information to facilitate customs clearance and faster delivery.
Furthermore, payment processing could be integrated directly into the shipping process — and
paying in a digital currency would lower costs for online merchants and facilitate ecommerce
while also allowing people without bank accounts to participate.

This approach is already being tested in the private sector: one of the current experiments on the
Ethereum blockchain involves invoices that are automatically paid when a shipment arrives.61
There could be great potential for such an application in the cases of dropshipping, worksharing,
or settlement of international terminal dues.

In essence, blockchain technology allows for close linkages between the financial, logistics, and
delivery parts of commercial transactions with the power to unify payment and delivery in one
seamless experience. Posts could become a single intermediary between merchants and
customers, allowing them to reduce coordination needs, offer more efficient ecommerce
solutions, contribute to the growth of ecommerce (particularly cross-border ecommerce), and
increase their market share and revenue.

Blockchain, as a decentralized information and value transfer platform, has the potential to
disrupt sectors that rely on intermediaries to perform verification or tracking activities. It is
currently gaining a lot of buzz as developers apply it to more and more use cases and as global
companies and governments explore its possibilities. Blockchain technology could prove to be
beneficial in specific applications that cross national borders or require the interaction and
agreement of multiple untrusted parties. In addition, benefits could rise from the technology’s
ability to help lower costs, speed up transactions, and introduce a level of automation into
processes.

The Postal Service could benefit from blockchain technology in the short term by studying the
technology and possibly experimenting with blockchain-based solutions for financial services.
The Postal Service already offers some financial services, including money orders and
international money transfers, where blockchain could be an enabling tool, allowing the Postal
Service to offer these services more efficiently. Over time, this experience and experimentation
with blockchain could naturally expand into other areas, such as identity services, device
management, and increased control over the ecommerce supply chain. Because this technology is
likely to be a disruptor in areas of the Postal Service’s business, monitoring the development of
this technology and beginning to experiment with its possible applications could benefit postal
operations and customers.

Source: https://www.uspsoig.gov/document/blockchain-technology-possibilities-us-postal-service/
Keynote Address of CFTC Commissioner J. Christopher Giancarlo Before
the Cato Institute, Cryptocurrency: The Policy Challenges of a Decentralized
Revolution
April 12, 2016

Introduction

Good morning, ladies and gentlemen. Thank you for your warm welcome.

Before I begin, let me say that my remarks reflect my own views and do not necessarily
constitute the views of the Commodity Futures Trading Commission (CFTC or Commission),
my fellow CFTC commissioners or the CFTC staff.

It is a pleasure to be here with you today for this important discussion of the policy implications
of crypto-currencies, one of the more fascinating developments arising from the current
revolution in exponential digital technologies.

Notwithstanding today’s broad topic, my remarks this morning will not be directed broadly to
crypto-currencies. Rather, I want to focus specifically on a key foundational technology that
underlies the crypto-currency, Bitcoin. That is the technology of distributed ledgers often
referred to as the “blockchain,” an emerging technology that may have enormous implications
for the capital and hedging markets overseen by the CFTC and other regulators.

Lack of Counterparty Credit Risk Transparency During the Financial Crisis

To begin, I want to take you back for a moment to September 2008. That was a perilous time in
global financial markets. An enormous U.S. housing bubble had burst triggering a cascading
global credit crisis. Concern was rife about imminent investment and commercial bank failure.

I was on Wall Street, serving as a senior executive of one of the world’s major trading platforms
for credit default swaps (CDS), then the epicenter of systemic risk. Panic was in the air and
tension was on our broking floor trying to maintain orderly markets. I remember a call from a
U.S. bank regulator asking about CDS trading exposure of several major banks, including
Lehman Brothers. In fact, trading conditions were deteriorating by the hour. It was clear that the
regulator had little means, short of telephone calls, to read all the danger signals that the CDS
markets were broadcasting.

Now, let’s fast forward to today. It is seven and a half years after the financial crisis and global
regulators still do not have full visibility into the swaps trading portfolios of major financial
institutions.
It is not for lack of hard work and effort. One of the key market reforms agreed upon following
the financial crisis was the reporting of swaps transactions to regulators and central data
repositories. My agency, the CFTC, started that initiative in 2011 and has pursued it ever since.
Yet, CFTC data still does not provide a complete picture of global swaps trading. In part, it is
because global regulators have not harmonized global reporting protocols and data fields across
international jurisdictions. It is also because of the practical impossibility of a single national
regulator collecting sufficient quality data for both cleared and uncleared swaps to recreate a
real-time ledger of the highly complex, global swaps trading portfolios of all market participants.

Fortunately, emerging distributed ledger technology, what I will call “DLT” or “blockchain,”
may address this crucial need. That is what I want to talk about this morning.

The Promise of Distributed Ledger Technology

The Bank of England recently dubbed DLT the “first attempt at an Internet of Finance.”1 It has
the potential to link networks of legal recordkeeping the same way the Internet connects
networks of data and information, increasing settlement efficiency and speed, reducing
transaction costs and broadening market access.

The potential applications of DLT are being widely imagined and explored and promise benefits
to market participants, consumers and governments alike. DLT could allow for the confirmation
and ownership transfer of virtually anything from hockey tickets and magazine subscriptions to
auto repair warranties, airline loyalty rewards and apartment leases. It could empower better and
more verifiable voting systems, whether for proxies by corporate shareholders, customer
satisfaction surveys or voting for political candidates.

DLT is likely to have a broad impact on global financial markets in payments, banking,
securities settlement, title recording, cyber security and trade reporting and analysis. It may make
possible new “smart” securities and derivatives that can value themselves in real-time, report
themselves to data repositories, automatically calculate and perform margin payments and even
terminate themselves in the event of counterparty default.

As I have noted before, however, this transformation will not come without consequences,
including a greatly disruptive impact on the human capital that supports the recordkeeping and
transaction processing of contemporary financial markets. A recent report by Citigroup forecasts
that retail banking automation including blockchain could spur a 30 percent decline in banking
jobs across the U.S. and Europe over the next decade, the equivalent of eliminating nearly 2
million jobs.

Still, in the wake of the 2008 financial crisis, the potential benefits of DLT are enormous for both
financial services firms and the regulators who oversee them. For market participants, DLT may
manage the enormous operational, transactional and capital complexity brought about by the
legion of disparate mandates, regulations and capital requirements promulgated unceasingly by
regulators here and abroad. In fact, one study estimates that DLT could eventually allow
financial institutions to save as much as $20 billion in infrastructure and operational costs each
year. Another study reportedly estimates that blockchain could cut trading settlement costs by a
third, or $16 billion a year, and cut capital requirements by $120 billion.

For regulators, the potential of blockchain is equally valuable. In February, the U.S. Government
Accountability Office issued a report that U.S. regulation of financial markets has not
meaningfully improved since its issuance of a comprehensive study more than seven years ago
that concluded that the U.S. financial regulatory system is generally “ill-suited to meet the
nation’s needs in the 21st century” because of its high level of complexity and overlap. The
current report finds that the U.S. financial regulatory framework leads to inconsistencies, among
other things, in the oversight by different regulators of securities and derivatives market
participants and banking and depository institutions. Against these inconsistencies, DLT offers
the promise in allowing U.S. government overseers to transcend the fragmented regulatory
structure by providing reference to a single, verified record of all financial transactions across
regulated markets.

In 2008, prudential regulators had to call around to brokerage firms like mine searching for
market confirmation of Lehman’s distress. What a difference it would have made if regulators
had access then to a “golden record” of the real-time ledgers of all regulated trading participants,
rather than trying to assemble piecemeal data to recreate complex, individual trading portfolios. I
believe that, if regulators in 2008 could have viewed a real-time distributed ledger, and, perhaps,
been able to utilize modern cognitive computing capabilities, they may have been able to
recognize anomalies in market-wide trade activity and diverging counterparty exposures
indicating heightened risk of bank failure. It would certainly have allowed for far prompter,
better-informed, and more calibrated regulatory intervention instead of the disorganized response
that unfortunately ensued.

Moreover, had Lehman still failed, records powered by DLT and held by trading counterparties
(and available to regulators) would have accurately shown Lehman’s open positions across asset
classes. Imagine if, instead of requiring countless legal actions spanning eight years, we could
have known all of Lehman’s exposures within minutes of its bankruptcy filing. Accelerated
settlement of open positions and accounts could have taken weeks, not years.

It is, therefore, not surprising that DLT has sparked an incredible amount of interest within the
financial industry – regulators and regulatees alike. Not a week goes by without several news
articles, opinions and reports discussing the potential benefits and challenges of the technology.
Billions of dollars are being invested in dozens of new ventures and innovations.

Last week, seven firms announced the successful test of DLT to record on a shared network a
month’s worth of trades in the multi-trillion dollar single-name CDS market. The test was
organized by the Depository Trust & Clearing Corp. (DTCC) and included Bank of America,
Credit Suisse, J.P. Morgan, Citigroup, financial service provider, Markit, and blockchain
technology developer, Axoni.14 The test included smart contracts and demonstrated the potential
real-time transparency benefits to regulators.15 Tests like this one prove there is merit to the
promise of potential DLT applications. Similarly promising projects are underway.16 A few
weeks ago, DTCC said it has started working with Digital Asset Holdings to determine whether
short-term lending arrangements between dealers known as repos could be settled using
blockchain.17

Adoption of the “Do No Harm” Regulatory Model

DLT development is clearly moving rapidly, certainly faster than underlying legal and regulatory
frameworks. Rules regarding DLT are currently unwritten and likely years away, leaving the
industry with little clarity.

Investment in DLT faces the danger that when regulation does come, it will come from a dozen
different directions with different restrictions stifling crucial technological development before it
reaches fruition.

Fortunately, there is a good model for the healthy development of DLT – the “first, do no harm”
approach to the early Internet. Two decades ago, as the Internet was entering a phase of rapid
growth and expansion, a Republican Congress and the Clinton administration established these
foundational principles: the Internet was to progress through human social interaction; voluntary
contractual relations and free markets; and governments and regulators were not to harm the
Internet’s continuing evolution.

This simple approach is well-recognized as the enlightened regulatory underpinning of the

Internet that brought about such profound changes to human society. During the almost years of
“do no harm” regulation, a massive amount of investment was made in the Internet’s
infrastructure. It yielded a rapid expansion in access that supported swift deployment and mass
adoption of Internet-based technologies. Internet-based innovations have revolutionized nearly
every aspect of American life, from telecommunications to commerce, transportation and
research and development. This robust Internet economy has created jobs, increased productivity
and fostered innovation and consumer choice.

“Do no harm” was unquestionably the right approach to development of the Internet. Similarly,
“do no harm” is the right approach for DLT.

I recently called on the CFTC and its domestic and overseas counterparts to join an international
consensus to avoid impeding essential DLT innovation by protracted rule uncertainty or
uncoordinated actions.
I believe regulators and policy makers have a choice: we can either follow a path that burdens
the industry with multiple onerous regulatory schemes or one where we come together and set
forth uniform principles in an effort to encourage DLT investment and innovation. I favor the
latter approach.

I believe that innovators and investors should not have to seek government’s permission, only its
forbearance, to develop DLT. Government must foster a regulatory environment conducive to
the technological innovation needed to address the increased operational complexity and capital
consumption of modern financial market regulation.

Once again, the private sector must lead. Regulators must avoid impeding innovation and
investment. Instead, they must provide a predictable, consistent and straightforward legal
environment. Protracted regulatory uncertainty or an uncoordinated regulatory approach must be
avoided, as should rigid application of existing rules designed for a bygone technological era.

Need for Global Regulatory Coordination

As they did with the Internet, U.S. and foreign regulators must coordinate to create a principles-
based approach for DLT oversight in order to provide the flexibility, certainty and harmonization
necessary for the technology to flourish.

The Financial Stability Board (FSB) and the International Organization of Securities
Commissions or “IOSCO” have recently turned their attention to financial technology
innovations, including DLT. I was encouraged to read that FSB Chairman Mark Carney
recognizes that regulation should not stifle emerging innovation. I similarly understand that
IOSCO is working on international policies to drive innovation without undermining confidence
in markets.

Noteworthy is the recent white paper of the Office of the Comptroller of the Currency (OCC),
entitled “Supporting Responsible Innovation in the Federal Banking System”. In its paper, the
OCC offers its support for innovation in the financial services industry that it views as
“consistent with safety and soundness, compliant with applicable laws and regulations, and
protective of consumer’s rights.” It emphasizes the need to “support responsible innovation” and
business cultures “receptive to responsible innovation.”

IOSCO Chairman, Greg Medcraft, has said that issues around DLT must be dealt with at the
multilateral level, not by individual countries. I agree. Regulation of DLT must indeed be
coordinated on a multilateral level based on the principle of “do no harm.” Just as many financial
services firms are joining together in broad DLT consortiums, regulators must do the same. The
FSB and IOSCO have important roles to play in coordinating DLT regulation. These
organizations should put forth a set of simple governing principles flexible enough to
accommodate the issues and concerns of different national regulators. Such principles would
create a regulatory environment that encourages the development of DLT, just as U.S.
policymakers’ 1990s framework fostered the exponential growth of the Internet.

Without such a “do no harm” approach, financial services and technology firms will be left
trying to navigate a complex regulatory environment, where multiple agencies have their own
rule frameworks, concerns and issues. Some of the issues are anti-money laundering, know-your-
customer requirements, privacy and security and dispute resolution.

It is therefore critical for regulators to come together to adopt a principles-based approach to

DLT regulation that is flexible enough so innovators do not fear unwitting infractions of an
uncertain regulatory environment. Some regulators have already openly acknowledged the need
for light-touch oversight. Masamichi Kono, Vice Minister for International Affairs at the Japan
Financial Services Agency, stated that regulators must take a “pragmatic and flexible approach”
to regulation of new technologies so not to stifle innovation. Similarly, the UK’s Financial
Conduct Authority (FCA) has committed to regulatory forbearance on DLT development for the
foreseeable future in an effort to give innovators “space” to develop and improve the technology.
The FCA is even going one step further and engaging in discussions with the industry to
determine whether DLT could meet the FCA’s own needs.

I have no doubt that the FCA’s intention to give DLT innovators “space” to innovate will be
good for DLT research and development. I also suspect that it will be very good for London’s
burgeoning FinTech industry and job creation in the United Kingdom.

Yesterday in London, a senior representative of Her Majesty’s Treasury announced that the
United Kingdom will establish an “industry-led panel” that will set an overarching strategy for
the British FinTech industry. She went on to say, “[t]he [UK] government wants to ensure the
UK continues to be the best place in the world to be a FinTech company.”

It is unfortunate that we do not hear similarly strong voices on this side of the Atlantic. U.S.
lawmakers concerned about the rapid loss of jobs in the U.S. financial service industry,
especially in the New York City area where job losses are pronounced,37 should similarly look
to provide “space” to U.S. DLT innovation and entrepreneurship and the well-paying jobs that
will surely follow.

American global leadership in technological innovation of the Internet was built hand-in-hand
with regulators’ enlightened, “do no harm” approach. The same opportunity for technology
leadership is present today – if we have the good sense to seize it.

Practical Steps to “Do No Harm”

While international regulatory coordination and the adoption of a principles-based approach are
important, each regulatory agency can take steps now to ensure that its existing rules do not
inhibit DLT development and adoption.

For the CFTC, one example comes to mind – recordkeeping rule 1.31.38 Rule 1.31 requires all
books and records to be kept in their original form or native file format. Such records must be
produced in a form specified by any representative of the Commission. Rule 1.31 also has
requirements for certain records to be stored in either micrographic media or electronic storage
media and other related conditions.

As I have previously stated, the CFTC should revisit this rule and make it technologically neutral
such that it can accommodate DLT and other innovations that promote efficiency, accuracy and
security in recordkeeping. The CFTC should also examine and, as necessary, revise other rules
that may inhibit DLT innovation. Other regulators should similarly examine their recordkeeping
and other rules.

Conclusion

In conclusion, I note that when the Internet developed in the mid-1990s, none of us could have
imagined its capabilities that we take for granted today.

Fortunately, policymakers had the foresight to create a “do no harm” regulatory environment that
served as a catalyst rather than a choke point for innovation. Thanks to their forethought and
restraint, Internet-based applications have revolutionized nearly every aspect of human life,
created millions of jobs and increased productivity and consumer choice.

Policymakers must show that same forethought and restraint now.

Today, I repeat my call for my agency, the CFTC, and other U.S. and overseas policymakers and
regulatory counterparts to repeat that broad-minded approach.

I look forward to working with my fellow CFTC commissioners, U.S. lawmakers and other
financial services regulators here and abroad to develop a “do no harm” framework from which
to launch a new era of innovation in distributed ledger technology – for the good of our markets,
the jobs they support and the people they serve.

Thank you for your time and attention.

Source: http://www.cftc.gov/PressRoom/SpeechesTestimony/opagiancarlo-14
Blockchain Technology Explored for Homeland Security
Release Date:

January 10, 2017

Remember when we were excited about The Cloud? Today, internet storage space is an assumed
amenity for many of us. Now it’s time to look toward Blockchain. It’s something you might have
heard of, but you might not know much about it.

Who is interested in blockchain?

Blockchain technology represents an innovative leap forward that has many uses and
applications across multiple sectors of the economy. Many people, organizations, companies and
departments are increasingly excited about blockchain.

So, is it potentially relevant to the homeland security enterprise (HSE)? If so, what needs to be
proven before its use and adoption by the federal government?

In its role as the science advisor to the Department of Homeland Security, the Science and
Technology Directorate (S&T) is well-positioned to answer these questions. S&T is taking the
lead with research and development projects in this area to determine viable uses for the
technology.

What is blockchain?

In short, blockchain powers the engine that drives Bitcoin’s digital currency’s transaction
confirmation process. The technology provides a level of independently verifiable tracking and
transparency for every exchange of the digital monies involved. For each transaction, another
“block” of transaction information is added to a public ledger on a shared database. So, if
someone wanted to track the history of a particular unit of digital currency, they could. Gone are
the concerns of “version control.” The blockchain process and database are touted as secure and
tamper-proof and the technology is highly resistant to hacking and data modification.

How did blockchain begin?

In 2008, an obscure technical paper titled Bitcoin: A Peer-to-Peer Electronic Cash System
proposed a revolutionary mechanism to solve a growing problem within the transfer of digital
currencies—fraud. When using a peer-to-peer network, preventing double-spend became
extremely complex. The lack of transparency within the system only added to the challenge.

Since transactions were through peer-to-peer networks, there was not a centralized bank to
coordinate and monitor every transaction of the electronic monies. Nor was there a way to stop
all illegal duplication of the digital monies, which could be spent multiple times. Not only was it
hard to prevent, it was hard to find the digital paper-trail of wrongdoing.

The article was published by an anonymous individual or group—no one knows which—that
goes by the name of Satoshi Nakomoto. The proposed mechanism combined something as old as
recordkeeping—a ledger—with an innovative mechanism for reconciling the transactions in that
ledger without using a trusted, centralized bookkeeper.

It did so by replacing that trusted bookkeeper with a set of crowd-sourced entities who were
incentivized to reach consensus on the state and order of the transactions in the ledger. Their
“incentive” was they got paid in Bitcoin for their work. This combination of a “distributed
electronic ledger” and the associated incentive structure (which makes the Bitcoin digital
currency possible) is called the blockchain.

What does blockchain do?

Blockchain transparently stores all the information about every transaction involving the Bitcoin
cryptocurrency so the same Bitcoin cannot be spent more than once.

As of late, the term blockchain has taken on near mystical overtones. Some have called it the
“second generation of the Internet,” with proponents claiming it will enable everything from
letting users police the monetary system to providing unlimited communication channels. Some
even assert it will replace lawyers via the use of smart contracts.

In fact, advocates say blockchain’s potential uses extend far beyond its original application and
are nearly limitless. They contend its uses encompass almost any transaction involving money,
goods and property, while reducing fraud because blockchain records all transactions on a public
ledger, which can be viewed by anyone.

With interest growing, spending on further development of blockchain technology in the finance,
business, government and public sectors rose dramatically in 2015. The financial services sector
alone spent $75 million developing the technology for its uses, while angel investors and venture
capitalists invested another $180 million in blockchain startups last year.

Blockchain and S&T?

Cutting through the sensationalism associated with such a product, S&T sees the reality of
blockchain’s promise. The technology presents intriguing possibilities with associated far-
reaching benefits that may be relevant to the HSE, such as:

• No central authority needed to reconcile the ledger

• Parties in the transaction do not have to trust each other
• Immutability of records after reconciliation

The wide gap between the hype and the reality requires proving if security and privacy controls
can be supported or enabled by blockchain and whether the benefits of adopting the technology
outweigh the pain of incorporating it into a proven information technology environment.

• If in fact the security and privacy claims of blockchain’s advocates can be proven to be
valid, there are some interesting HSE use-cases that could be enabled by this technology,
including:
• Sharing of emergency responder credentials across federal, state, local, tribal and
international borders by authoritative parties with no single point of failure
• Creating immutable records and audit logs of data that cannot be spoofed and can be
publicly verified without revealing personally identifiable information
• Improving traveler experience in airports by reducing redundant checks
• Reducing fraud in the transfer of goods across international boundaries that touch
multiple entities who do not trust each other

With such potential, proving the security and privacy aspects is precisely where S&T currently is
focusing its resources. It is doing so via Small Business Innovation Research projects to
investigate the various capabilities of blockchain. This includes security and privacy
characteristics as well as exploring its immutability, data integrity and anti-spoofing aspects via a
Silicon Valley Innovation Program project.

If these research projects bear fruit, S&T will begin developing ways to implement blockchain
technology to better safeguard the American people, our homeland and our values.

Source: https://www.dhs.gov/science-and-technology/news/2017/01/10/snapshot-blockchain-technology-explored-
homeland-security
DHS S&T Awards $750K to Virginia Tech Company for Blockchain Identity Management
Research and Development September 25, 2017

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has
awarded a $749,241 Small Business Innovation Program (SBIR) contract to Digital Bazaar, Inc.
to develop fit-for-purpose blockhains for identity and access management.

Under the SBIR Phase II contract, the Blacksburg, Virginia-based technology company will
develop a flexible software ecosystem that combines fit-for-purpose distributed ledger
technology, digital credentials and digital wallets to address a wide variety of identity
management and online access use cases for the Homeland Security Enterprise (HSE). This
research and development (R&D) project is being managed by the Cyber Security Division’s
(CSD) Identity Management project. CSD is part of the Homeland Security Advanced Research
Projects Agency.

“Blockchain technologies have the potential to revolutionize the way we manage online identity
and access the internet,” said CSD Director Douglas Maughan. “This R&D project will help
bring this potential closer to reality.”

Under its project titled “Fit-for-Purpose Blockchains/Identity and Access Management,” Digital
Bazaar will build on its current platform to develop a standards-based digital credentialing
solution coupled with a fit-for-purpose blockchain that will provide the new capabilities. Once
completed, the enhanced product will be positioned as a Ledger As A Service (LaaS) platform.
The company will deploy the LaaS platform in several HSE pilot projects to demonstrate its
capability.

“Current blockchain implementations do not use any type of open standards to describe the data
they work with. At the same time, scalable deployment requires such interoperability,” said S&T
Identity Management Program Manager Anil John. “This blockchain project will deliver a
solution that uses open standards developed via existing worldwide standards development
organizations to ensure interoperability across blockchain implementations.”

Initiated in 2004, the DHS S&T SBIR program is a competitive contract awards program that
increases the participation of innovative and creative U.S. small businesses in federal R&D
initiatives and facilitates private-sector commercialization of SBIR-funded solutions. A SBIR
Phase II awardee continues its R&D from a completed Phase I project that successfully affirms
the scientific and technical merit and feasibility of a proposed effort. S&T’s CSD leverages the
SBIR program to fund small business development of new and enhanced cybersecurity solutions.
For more about the S&T SBIR program, visit https://www.dhs.gov/science-and-technology/sbir.

CSD’s mission is to enhance the security and resilience of the nation’s critical information
infrastructure and the Internet by developing and delivering new technologies, tools and
techniques to defend against cyberattacks. The division conducts and supports technology
transitions and leads and coordinates R&D among the R&D community, which includes DHS
customers, government agencies, the private sector and international partners. For more
information about CSD, visit https://www.dhs.gov/cyber-research.

DHS S&T awards $9.7M for 13 Phase II Small Business Innovation Research Projects May
2, 2017

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has
awarded $9.7 million to 12 small businesses for 13 Phase II contracts through the Small Business
Innovation Research (SBIR) program.

Each Phase II award contract received approximately $750,000 to develop a prototype based on
the feasibility of the technologies demonstrated in the Phase I effort, which were completed in
November 2016.

“Small businesses play a key role in developing effective and innovative solutions to pressing
homeland security challenges,” said DHS Under Secretary for Science and Technology (Acting)
Dr. Robert Griffin. “The SBIR program enables us to capture some of the best scientific thinking
to find solutions to apply in the current threat landscape.”

The Phase II contracts were awarded to:

• BlockCypher (Redwood City, CA), Blockchain Platform for Multiple Blockchains,

Applications, and Analytics

• BlueRISC Inc. (Amherst, MA), Cyber Attack Prediction for Situational Understanding
and Preemptive Cyber Defense

• Card Smart Technologies (Basking Ridge, NJ), Composite Identity for High Assurance
Remote Identity Proofing

• Digital Bazaar (Blacksburg, VA), Verifiable Claims and Fit-for-Purpose Decentralized

Ledgers

• Evernym Inc. (Herriman, UT), Decentralized Key Management using Blockchain

• Evigia Systems, Inc. (Ann Arbor, MI), Wide-Area Flood Alert Sensor Network

• Inferlink Corp. (El Segundo, CA), OpenWatch: An Architecture for Scalable Resiliency
Assessment
 • McQ Inc. (Fredericksburg, VA), MEGASCOP: Multi Interface Secure Audio/Video
Rebroadcasting (SAVR) System

• Oceanit Laboratories (Honolulu, HI), FIND (First responder INdoor Determination)

• Physical Optics Corp. (Torrance, CA), Real-time Flood Forecasting and Reporting

• Physical Optics Corp. (Torrance, CA), Real-time Information Contextual Correlation

and Analysis Software System

• Progeny Systems Corp. (Manassas, VA), Internet of Things (IoT) Low-Cost Flood
Inundation Sensor

• Red Balloon Security (New York, NY), Hybrid Prediction for Embedded Malware

DHS S&T Awards $749K to Evernym for Decentralized Key Management Research and
Development July 20, 2017

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has
awarded Salt Lake City-based startup Evernym a $749,000 Small Business Innovation Program
(SBIR) award to develop an easy-to-use, decentralized mechanism for managing public and
private keys needed for the secure and scalable deployment of blockchain technologies.

Under the SBIR Phase II contract, Evernym will design and implement a decentralized key
management system (DKMS) for blockchain technologies based on National Institute of
Standards and Technology Special Publication 800-130, titled “A Framework for Designing Key
Management Systems.” The research project is being managed by the S&T Cyber Security
Division’s (CSD) Identity Management project.

“A better, more secure method is needed to safeguard the identity and privacy of web-users,”
said Acting DHS Under Secretary for Science and Technology William N. Bryan. “Research in
blockchain holds significant potential to provide a solution that will make it considerably more
difficult to hack an online user’s identity.”

Through a project titled “Applicability of Blockchain Technology to Privacy Respecting Identity

Management,” Evernym is developing a DKMS—a cryptographic key management approach
used with blockchain and other distributed-ledger technologies—to boost online authentication
and verification. Within a DKMS, the initial “root-of-trust” for all participants is a distributed
ledger that supports a decentralized identifier—a new form of root identity record.
“Managing public and private cryptographic keys in existing public key infrastructure as well as
permissioned and permission-less blockchains continues to be a difficult challenge,” said S&T
Identity Management Program Manager Anil John. “Through this project, Evernym will push the
limits of the emerging decentralized key management system technology to deliver a high level
of comfort to the public and American businesses as they integrate blockchain technologies into
their technology portfolio.”

CSD is part of S&T’s Homeland Security Advanced Research Projects Agency. Its mission is to
enhance the security and resilience of the nation’s critical information infrastructure and the
Internet by developing and delivering new technologies, tools and techniques to defend against
cyberattacks. The division conducts and supports technology transitions and leads and
coordinates R&D among the R&D community, which includes DHS customers, government
agencies, the private sector and international partners. For more information about CSD, visit
https://www.dhs.gov/cyber-research.

DHS Announces $3 Million in Small Business Innovation Research Awards June 7, 2016

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) today
announced a total of $3.1 million in competitive research awards for 29 small businesses located
across 12 states, and Washington, D.C. Each business was awarded approximately $100,000 in
preliminary funding through DHS S&T’s Small Business Innovation Research (SBIR) program.
Thirty-one contracts were awarded in 10 topic areas:

Security Systems Video and Audio Interoperability

• Balfour Technologies LLC (Bethpage, NY)

• McQ Inc. (Fredericksburg, VA)
• Systems Engineering, Inc. (Dulles, VA)

Applicability of Blockchain Technology to Identity Management and Privacy Protection

• Digital Bazaar, Inc. (Blacksburg, VA)

• Respect Network Corporation (Seattle, WA)
• Narf Industries LLC (Washington, DC)
• Celerity Government Solutions, LLC (McLean, VA)
• Malware Prediction for Preemptive Cyber Defense
 • BlueRISC, Inc. (Amherst, MA)
• GrammaTech, Inc. (Ithaca, NY)
• Red Balloon Security (New York, NY)
• ZeroPoint Dynamics, LLC (Cary, NC)

Autonomous Indoor Navigation and Tracking of First Responders

• Robotic Research, LLC (Gaithersburg, MD)

• Oceanit laboratories, Inc. (Honolulu, HI)
• Integrated Solutions for Systems (Huntsville, AL)
• Human Systems Integration, Inc. (Walpole, MA)

Internet of Things (IoT) Low-Cost Flood Inundation Sensor

• Physical Optics Corporation (Torrance, CA)

• Progeny Systems Corporation (Manassas, VA)
• Evigia Systems, Inc. (Ann Arbor, MI)

Low-Cost, Real-Time Data Analytics for Underserved EMS Agencies

• ElanTech (Columbia, MD)

• Azavea Inc. (Philadelphia, PA)

Real-Time Assessment of Resilience and Preparedness

• InferLink Corporation (El Segundo, CA)

• Datanova Scientific LLC (Baltimore, MD)

Using Social Media to Support Timely and Targeted Emergency Response Actions

• Physical Optics Corporation (Torrance, CA)

• ElanTech (Columbia, MD)
• Decisive Analytics (Arlington, VA)
• UtopiaCompression Corporation (Los Angeles, CA)
• Block Cypher (Redwood City, CA)
• RAM laboratories, Inc. (San Diego, CA)

Remote Identity Proofing Alternatives to Knowledge Based Authentication and Verification

• Card Smart Technologies (Basking Ridge, NJ)

 • PreID Inc. (Atherton, CA)
• Pomian & Corella (Carmichael, CA)

The solicitation, released in December 2015, included the above topics developed by S&T
program managers to address the research and development needs of DHS components and the
greater homeland security enterprise. Small businesses may be eligible for further development
funding from their initial project results, as well as the scientific and technical merit and
perceived commercialization potential moving forward into development.
Written testimony of ICE Homeland Security Investigations Investigative Programs
Assistant Director Matthew Allen for a Senate Committee on the Judiciary hearing titled
“S.1241: Modernizing AML Laws to Combat Money Laundering and Terrorist Financing”
November 28, 2017

Chairman Grassley, Ranking Member Feinstein, and distinguished members of the Committee:

On behalf of the Department of Homeland Security (DHS), thank you for the opportunity to
testify before you today to discuss how U.S. Immigration and Customs Enforcement (ICE),
Homeland Security Investigations (HSI), the largest investigative DHS Component, is
combatting the money laundering efforts of transnational criminal organizations – what we refer
to as “TCOs.” ICE HSI’s primary mission is to promote homeland security and public safety
through criminal and civil enforcement of federal laws governing border control, customs, trade,
and immigration.

With more than 6,000 special agents working in 210 domestic offices and 50 foreign countries,
HSI is uniquely positioned to combat transnational and cross-border financial crimes. HSI
special agents work from the understanding that virtually all crime is financially motivated and,
as such, our investigations focus on the financial aspects of transnational crime and how illicit
funds are earned, moved, laundered and stored. One of our key responsibilities is to ensure that
the U.S. financial system is not exploited to launder illicit funds and, as such, we work to
eliminate vulnerabilities in our financial system and institutions. In Fiscal Year (FY) 2017, HSI
initiated 4,059 financial crime investigations, effected 2,049 financial related criminal arrests,
and seized $467,534,795 in illicit proceeds.

Because of the nature of the transnational crimes that HSI investigates, HSI money laundering
investigations focus on a very broad array of money laundering threats and vulnerabilities, with
varying degrees of sophistication and challenges. The money laundering techniques that HSI
faces include Bulk Cash Smuggling, Trade-Based Money Laundering, criminal exploitation of
Money Services Businesses, Third-Party Money Launderers, and most recently the use of virtual
currency. I will talk about each of these threats and what HSI does to counter them along with
some of our challenges.

As I mentioned, one of HSI’s key responsibilities is to work with other Federal Government
agencies and the U.S. financial sector to ensure that the U.S. financial system is not exploited to
launder illicit funds. HSI recognizes that the financial industry is the frontline in detecting
financial and money laundering crimes. HSI and other law enforcement agencies have a
responsibility to partner with financial institutions and educate them about what law enforcement
knows about how institutions are, or could be, exploited by money launderers. In 2003, HSI
established the Cornerstone Program which serves as our national umbrella effort to engage and
share criminal typologies and red flag indicators with financial institutions throughout the United
States. The Cornerstone Program is aimed at anchoring HSI’s Anti-Money Laundering (AML)
capacity building efforts. Internationally, HSI uses the Cornerstone Program to provide capacity
building through training, including cash courier interdiction training, and technical assistance to
various nations to encourage compliance with international standards as recommended by the
Financial Action Task Force to combat money laundering and terrorist financing. The
Cornerstone Program is administered at the Headquarters level by the HSI Illicit Finance and
Proceeds of Crime Unit. In FY 2017, HSI Special Agents made Cornerstone presentations to
26,624 financial sector representatives.

Bulk Cash Smuggling

With some exceptions that I will speak to later, transnational crime remains, at the core, a cash
business. The first challenge for any TCO is to get the cash that they have amassed in the United
States back to their home country. The domestic and cross-border movement of illicit cash has
been the focus of HSI, U.S. Customs and Border Protection (CBP), other Federal agencies and
State and local law enforcement for decades. We continue to see Bulk Cash Smuggling as a
significant threat. However, due to the vigilance of U.S. financial institutions and Bank Secrecy
Act (BSA) reporting, including Currency Transaction Reports and Suspicious Activity Reports
instituted in the 1980s, TCOs are limited in their ability to place their illicit funds in U.S. banks
and other financial institutions.

The National Bulk Cash Smuggling Center

Recognizing the threat that Bulk Cash Smuggling presents, in 2009, HSI established the National
Bulk Cash Smuggling Center (BCSC) to develop investigations into the illicit domestic and
cross-border movement of cash derived from criminal activity and to further support HSI
financial investigations through the production of operational intelligence. The BCSC has
initiated and substantially contributed to investigative leads resulting in criminal convictions and
the seizure of illicit bulk currency. Through its operational expertise and the application of
analytics, the BCSC supports domestic and international law enforcement agencies in their
efforts to restrict the flow of criminal proceeds.

National Targeting Center – Investigations

The companion to the BCSC is the National Targeting Center-Investigations (NTC-I),

established by HSI and housed at CBP’s National Targeting Center, to enhance and integrate
HSI and CBP’s focus on targeting of transnational crime. HSI’s presence at the NTC supports
the entire border security continuum, from CBP interdictions and HSI investigations, to the joint
exploitation of intelligence. The BCSC and NTC-I work closely with CBP to target cross-border,
outbound bulk cash shipments for interdiction and seizure.

Trade-Based Money Laundering

As it has become more difficult for TCOs to place their illicit cash proceeds directly into U.S.
banks and other financial institutions, they have been forced to resort to more complex methods
to place and launder their illicit proceeds. One of the most challenging international money
laundering techniques faced by U.S. law enforcement is referred to as Trade-Based Money
Laundering (TBML). The foundation of TBML is the conversion of illicit cash into another
commodity such as electronics, automobiles, clothing, precious metals or other merchandise,
which is then exported from the U.S. to another country where the goods are sold in the local
currency and the proceeds are returned to the TCO, effectively completing the laundering
process and allowing the TCO to legitimize their illicit proceeds.

Trade Transparency Units

HSI has learned that one of the most effective ways to detect TBML is to compare U.S. export
data with the import data from the countries where TCOs import their goods. We have learned
over time that trade-based money launderers also commit other violations in the TBML process,
primarily Customs and other trade fraud violations, and the analysis of trade data allows us and
our foreign partners to identify TBML schemes. In order to exploit this opportunity, HSI has
leveraged existing bilateral Customs Mutual Assistance Agreements and established Trade
Transparency Units (TTUs) that share trade data bilaterally to detect TBML and Customs fraud
such as overvaluation, undervaluation, and false invoicing. To date, HSI has 16 partnerships with
corresponding foreign country TTUs.

One example of how trade and financial data are beneficial to TBML investigations is Operation
“Fashion Police,” a HSI-led, Organized Crime and Drug Enforcement Task Forces (OCDETF)
investigation. Beginning in 2014, this investigation targeted numerous Los Angeles-based
importers/exporters of Chinese textiles who accepted narcotic proceeds in payment for textiles
exported to Mexico. The identification of the money laundering scheme was achieved through
analysis of the trade and financial data. As a result, approximately $140 million in assets were
seized, including $90 million in U.S. currency, the largest bulk cash seizure in U.S. history.

Money Services Businesses

Abuse of Money Services Businesses (MSBs) is another method we have seen criminals use to
facilitate activity or launder illicit proceeds from several areas of transnational crime that HSI
investigates. For instance, MSBs are often used to facilitate the payment of smuggling fees for
aliens smuggled to the U.S. and also by illegal aliens that have obtained employment in the
United States to send money to their families in their home countries. HSI also sees MSBs used
to facilitate payments for cyber-enabled crimes such as the on-line sale of intellectual property
infringing materials, drugs and other illicit goods. In the scheme, illicit proceeds were
transported to El Paso, Texas, and deposited in Mr. Delgado's Interest on Lawyers Trust Account
bank account.
In another investigation, HSI developed a corruption investigation targeting Roberto Enrique
Rincon who was conducting suspicious financial transactions involving several businesses. Mr.
Rincon facilitated rigged energy contracts involving Venezuela’s state-owned and controlled oil
company Petroleos de Venezuela S.A. (PDVSA) in order to personally enrich numerous
Venezuelan public officials. These deals, some of which involved U.S.-based companies, were
part of a massive bribery and kick-back scheme that began after 2010 when former President
Hugo Chavez signed a decree declaring an energy emergency in Venezuela and nationalized the
oil industry. To date, four PDVSA officials and six businessmen have pleaded guilty and agreed
to forfeit in excess of $80 million in U.S. currency.

Virtual Currency

Many of the traditional transnational crimes that HSI investigates have begun to migrate to
become “cyber-enabled,” with significant parts of the crime committed over the internet,
including both the “indexed” internet and the “unindexed” dark web. Transnational crimes that
HSI investigates, including child exploitation, drug smuggling, intellectual property rights
violations, illegal export of firearms, and money laundering now all have cyber-enabled elements
to them. This transition has paralleled the growth of e-commerce, generally, and poses
challenges for law enforcement, in particular HSI and CBP.

In addition to the traditional complexities posed by conducting cyber investigations, many of the
illicit activities conducted in cyber-enabled crimes are paid for with virtual currency, including
both centralized and decentralized convertible virtual currencies. The latter are sometimes
referred to as cryptocurrencies. Virtual currencies are not issued or backed by any sovereign
nation, and are distinguished from fiat currency or “real currency,” which is the coin and paper
money of a country that is issued and guaranteed by the country; designated as its legal tender;
and circulates and is customarily used and accepted as a medium of exchange in the issuing
country. HSI agents are increasingly encountering virtual currency, including more recent,
anonymity enhancing cryptocurrencies (AECs), in the course of their investigations. AECs are
designed to better obfuscate transaction information and are increasingly preferred by TCOs.
Some illicit virtual currency exchangers have also begun to cater to TCO actors, including
through the use of “mixers” or “tumblers” that anonymize virtual currency addresses and
transactions by weaving together inflows and outflows from different users, further increasing
the challenge to law enforcement’s ability to tie virtual currency transactions to real world
individuals.

In November 2016, HSI special agents investigated and seized $1.2 million in cash from Utah
resident Aaron Shamo, who led a Xanax and fentanyl pill production organization. Shamo sold
his illicit products via the dark web, and an investigation led to the identification of his virtual
currency wallet address. Through the use of Blockchain analysis tools, agents were able to
identify Shamo’s Bitcoin transactions and seize bitcoins valued at approximately $2.5 million in
U.S. dollars. Shamo was indicted in December 2016 and the subject of a supersceding indictment
in May 2017.

In another HSI opioid smuggling investigation, Pennsylvania resident Henry Koffie was arrested
in July 2017 and indicted with Distribution of a Controlled Substance Resulting in Death and
Importation of a Controlled Substance. Koffie, a.k.a. NARCOBOSS, was a dark web vendor of
fentanyl who filled more than 7,800 orders between July 2016 to June 2017, most of it paid for
with bitcoin. HSI seized $154,000 from Koffie’s accounts.

Financial Institution Integrity Initiative (F3I)

While HSI partners with financial institutions regularly through the Cornerstone Program, we
have also targeted financial institutions that fail to maintain effective money laundering
programs or are willfully blind to their institutions’ facilitation of money laundering. HSI has
partnered with TEOAF and the Department of Justice’s (DOJ) Money Laundering and Asset
Recovery Section (MLARS) to target financial institutions where warranted.

An example of this was when HSI New York initiated and led an investigation that resulted in a
deferred prosecution agreement and $1.256 billion forfeiture against HSBC Holding plc and
HSBC Bank USA N.A. (collectively, HSBC) in 2012. The investigation identified millions of
dollars in illicit drug proceeds transmitted through HSBC in addition to HSBC’s failure to
maintain an effective Anti-Money Laundering Program and to conduct appropriate due diligence
on foreign accountholders, violations of the Trading with the Enemy Act and the International
Emergency Economic Powers Act. The investigation exemplified HSI’s capabilities and
potential with regard to financial institution investigations.

Similarly, in a 2017 HSI investigation conducted with DOJ’s MLARS and four U.S. Attorney’s
Offices, Western Union admitted to criminal violations including willful failure to maintain an
effective AML program and aiding and abetting wire fraud, and agreed to forfeit $586 million.
The investigation revealed that Western Union agents were complicit in fraud schemes targeting
U.S. victims and allowed criminals to illegally structure financial transactions. The investigation
also revealed that hundreds of millions of dollars were sent to China in structured transactions
designed to avoid reporting requirements of the BSA by illegal immigrants to pay their human
smugglers.

In April 2017, HSI formalized its relationship with MLARS and TEOAF and implemented the
Financial Institution Integrity Initiative (F3I). The objective of the F3I is to identify, support, and
expand significant, complex HSI criminal cases throughout the United States and abroad by
investigating financial institutions, their employees, and their agents for violations of the BSA,
U.S. economic sanctions and money laundering laws in coordination with MLARS.

Transnational Criminal Investigative Units

HSI’s money laundering efforts are also global in nature. HSI currently has 12 vetted and
operational Transnational Criminal Investigative Units (TCIUs) overseas that facilitate
information exchange and rapid bilateral investigations of the violations of law that are both
jointly within HSI and our foreign partners’ investigative purview, to include financial and
money laundering crimes. TCIUs identify targets, collect evidence, share intelligence, and
facilitate the prosecution of TCOs both in-country and through the U.S. judicial system.

As an example, on November 1, 2017, based on HSI-derived information, the HSI Bogota TCIU
made a bulk cash seizure of $200,000 in U.S. currency and arrested a Mexican national, for
money laundering related to bulk cash smuggling in violation of Colombian law. This Mexican
national belonged to a network of couriers operating on behalf of a drug trafficking and bulk
cash smuggling organization operating between Mexico, Colombia, Europe, and the United
States.

Other Partnerships

An essential element to HSI’s financial investigative portfolio of cases is its relationship with the
Department of Treasury’s Financial Crimes Enforcement Network (FinCEN). HSI’s access to
FinCEN’s data collected in accordance with FinCEN’s unique enforcement authorities to detect,
disrupt and deter key illicit finance threats is invaluable. HSI has also benefitted from FinCEN’s
authorities to implement special measures for domestic financial institutions, such as Geographic
Targeting Orders (GTOs) issued under the BSA. GTOs impose additional recordkeeping or
reporting requirements on domestic financial institutions or other businesses in a specific
geographical area over a period of time, generally not to exceed 180 days. Some recent examples
of these GTOs involved real estate transactions, TBML and Armored Car Services.

Conclusion

Each criminal case that HSI investigates has a potential financial nexus. We remain committed to
working towards disrupting and dismantling cross-border illicit financial activities, by both
individuals and transnational organizations engaged in money laundering, fraud, and bulk cash
smuggling. These criminals will continue to manipulate and exploit legitimate banking, financial,
and commercial trade systems to sustain and expand their illegal operations. HSI will continue to
work aggressively to utilize its resources and ensure that money launderers and illicit actors are
detected, apprehended, and brought to justice.

Source: https://www.dhs.gov/news/2017/11/28/written-testimony-ice-senate-committee-judiciary-hearing-titled-
s1241-modernizing
The U.S. Congress and Blockchain Technology

Congress gets serious about Blockchain. Polis, Schweikert launch Congressional

Blockchain Caucus. Washington, February 9, 2017

Today, Rep. Jared Polis (D-Colo.) and David Schweikert (R-Ariz.) announced the launch of the
Congressional Blockchain Caucus. The bipartisan Caucus will be dedicated to the advancement
of sound public policy toward blockchain-based technologies and digital currencies.

“Blockchain has the potential to transform the 21st century economy,” Polis said. “Lawmakers
need to understand that as the world rapidly changes, it’s our responsibility to ensure that we
craft policies and adapt laws that match our ingenuity. Blockchain’s potential to reshape
everything from the financial industry, to supply chains, to cybersecurity, to health care is
something we should embrace. I look forward to the Caucus’s upcoming policy briefings and
meetings that will educate members of Congress on these innovative technologies.”

“Open blockchain networks and distributed ledger technologies are still new, but it’s critical for
members of Congress to begin comprehending both their current applications and future use
cases,” Rep. Schweikert said. “It is critically important the United States remain competitive
regarding emerging technologies, and distributed ledger technology is the open, secure, efficient
technology backbone we've been looking for.”

The Congressional Blockchain Caucus will seek to educate, engage, and provide research to help
policymakers implement smart regulatory approaches to the issues raised by blockchain-based
technologies and networks. Polis relaunched the bipartisan caucus alongside David Schweikert
(R-Ariz.). Schweikert will replace former Co-Chair of the Blockchain Caucus, Rep. Mick
Mulvaney (R-S.C.).

“Coin Center is thrilled that there is now a caucus dedicated to this revolutionary technology and
the important policy issues it raises,” Jerry Brito, Executive Director of Coin Center said.
“Blockchain technology has the potential to revolutionize many industries, but it also presents
some risks. Its development could also be hampered by outmoded regulation. We applaud Reps.
Polis and Schweikert for having the foresight to create a forum for members of Congress to learn
about the technology and champion its responsible development, and we're honored to have
helped them in launching this effort.

"Blockchain technology is one of the most important inventions in modern finance. Key to
unleashing the power of this technology is collaboration and engagement between the industry
and policy makers. Our Members look forward to playing a significant role in the development
of this sector by working with Rep. Polis, Rep, Schweikert and the Blockchain Caucus towards
building a legal environment that fosters innovation, jobs, and investment," said Perianne
Boring, Founder and President of the Chamber of Digital Commerce, which represents the
world’s leading innovators in the blockchain technology ecosystem.

Blockchain is a decentralized distributed ledger that is the main technology powering

cryptocurrencies such as Bitcoin and Ethereum. By using math and cryptography, blockchain
supplies a decentralized database of every transaction involving value. This creates a record of
authenticity that is verifiable by a user community, increasing transparency and reducing fraud.

Gennaro (Jerry) Cuomo, IBM Fellow

Vice President, Blockchain Technologies
House Energy and Commerce Subcommittee on Commerce, Manufacturing & Trade How
to Capitalize on Blockchain
March 16, 2016

Good Morning Chairman Upton, Ranking Member Pallone, Chairman Burgess, Ranking
Member Schakowsky, and members of the subcommittee. My name is Jerry Cuomo and I am
IBM’s Vice President for Blockchain Technologies. Thank you very much for the opportunity to
testify this morning.

Technology and business leaders at IBM believe that blockchain is a revolutionary technology.
It’s a foundation for building a new generation of applications that establish trust and
transparency while streamlining a wide variety of transactional processes. You are wise to
include blockchain in your study of “disruptive” technologies because blockchain has the
potential to vastly reduce the cost and complexity of getting things done—across industries,
government agencies and social institutions.

I also want to tell you what blockchain is not, It’s not Bitcoin, the cryptocurrency. While
blockchain is the core technology that enables Bitcoin to operate, it can be used for entirely
different purposes. Whereas Bitcoin is an anonymous network, blockchain can be used to set up
trusted networks to handle interactions between known parties. In this paper I’ll explain what
blockchain is, how it works, how it can best be built and used—for the benefit of business, the
economy and society. Key points:

Blockchain creates trustworthy and efficient interactions. It’s a distributed ledger shared via a
peer-to-peer network that maintains an ever-expanding list of data records. Each participant has
an exact copy of the ledger’s data, and additions to the chain are propagated throughout the
network. Therefore, all participants in an interaction have an up-to-date ledger that reflects the
most recent transactions or changes. (The “block” is the record and the “chain” is the collection
of blocks that populate the ledger.)
In this way, Blockchain reduces the need for establishing trust using traditional methods.
Blockchain technologies must be enhanced to meet the needs of businesses. The core technology
must be adapted to further address security and privacy concerns—creating an enterprise-ready
blockchain. In addition, computer systems and networks must be architected so they can scale up
to handle an immense volume of transactions and industries and governments begin using the
technology to handle their core organizational processes—and complete their tasks in seconds
rather than minutes.

Blockchains must be open and interoperable. For blockchain to fulfill its full potential, it must be
based on non-proprietary technology standards to assure the compatibility and interoperability of
systems. Furthermore, the various blockchain versions should be built using open source
software, with a combination of liberal licensing terms and strict governance, rather than
proprietary software--which could be used to suppress competition.

Only with openness will blockchain be widely adopted and will innovation flourish. Blockchain
will greatly benefit from government participation. It’s critical from a national competiveness
point of view for US companies and government agencies to lead the world in understanding the
potential of blockchain and putting it to use. Because of the transparency made possible by
blockchain, government agencies will be able to understand better what’s going on within
financial and commercial systems—and spot potential problems before they become critical.
Blockchain will also enable more efficient interactions between government and businesses—
regarding everything from taxes to land use.

Part 1: How Blockchain Can Be Used

Over the past two decades, the Internet, cloud computing and related technologies have
revolutionized many aspects of business and society. These advances have made individuals and
organizations more productive, and they have enriched many people’s lives. Yet the basic
mechanics of how people and organizations forge agreements with one another and execute them
have not been updated for the 21st century. In fact, with each passing generation we’ve added
more middlemen, more processes, more bureaucratic checks and balances, and more layers of
complexity to our formal interactions–especially financial transactions. We’re pushing old
procedures through new pipes. This apparatus–the red tape of modern society–extracts a “tax” of
many billions of dollars per year on the global economy and businesses.

What can be done? Businesses, governments and other institutions can use blockchains to build
and govern business networks. Blockchain-based systems could help radically improve whole
industries, beginning with banking and insurance. But its impact could be much broader. It could
make a difference whenever valuable assets are transferred from one party to another and
whenever you need to know for certain that a piece of digital information —anything from
electronic artwork to the terms of a business agreement —is unique and unchangeable by any
party without the agreement of all parties.I want to add a note of caution, however. Blockchain
isn’t the answer to every process-or transaction-related problem. There will be situations where it
will improve efficiencies and provide other benefits, but there will be others where it’s not a
good fit. Furthermore, don’t underestimate the technical and organizational challenges of
building and adopting blockchain-based systems.

Here’s where blockchain fits well—an aging a business agreement between two or more
companies. They can record the terms of that agreement on a blockchain, knowing it will execute
and be enforced autonomously (e.g., “if you pay me in under 15 days, then I will give you a
discount.”). Nobody is in private control of the ledger and nobody can secretly change the terms
of the agreement. It’s like every guest at a B&B writing in the guest book with an indelible
Sharpie. So, with blockchain, facts and agreements are recorded certifiably and indelibly,
increasing trust, reducing risk, and thus reducing friction in business.

There’s a broad range of potential business solutions. On one hand, enterprises will be able to re-
imagine well known business processes and areas like supply chain, securities trading and
logistics. At the same time, blockchain is poised to enable enterprises and whole industries to
invent new digital business processes that include connected devices (Internet of Things) like
cars, smartphones, appliances, solar energy panels, and drones. This capability could be critical,
for instance, in enabling the insurance industry to design liability insurance policies to cover
autonomous vehicles.

IBM is already begun deploying a blockchain-based system internally—for managing our

commercial financing business. The financial services industry is in the forefront of blockchain
adoption. Almost every transaction in financial services involves multiple parties and many
steps, largely because of the checks and balances that are required to assure that what has been
promised has been done.

Consider how the technology might be used in a critical financial services process, the settlement
in securities trading. People in the industry are talking about a concept they call T+0, which
means same day settlement. The hope is that they’ll be able to use blockchain to strip out the
inefficiencies and handoffs that are required to settle a trade so that settlement occurs on the
same day as opposed to 2 or 3 days later as it is today, depending on the market.

Now, imagine supply chains where blockchain is put to work. An aircraft manufacturer, for
example, might create a blockchain-based system for holistically managing all of its
relationships with suppliers of parts and components. All of the suppliers will share the exact
same information about a new aircraft model–every step in the process of planning, designing,
assembling, delivering and maintaining it. At the same time, the manufacturer will use other
blockchain-based systems for managing the financial relationships and transactions connected to
each step. Thanks to blockchain, trust and accountability are built into supply chains. So are
compliance with government regulations and internal rules and processes.
Blockchain fundamentally changes the game across three dimensions: time, cost, and risk. It
reduces the time required to settle a multi-party contract from days to seconds, potentially. It
reduces costs by stripping out intermediary organizations and processes. And, by enabling
permissioned networks to share a transparent and non-changeable ledger, you reduce the risk of
tampering, fraud and collusion.

Part 2: How Blockchain Works

Blockchain is both a software technology and a mechanism for groups working together. At the
heart of the blockchain network is a shared ledger, which describes assets, identifies their
owners, lays out the steps in a process and records when each step is completed. Only at that
point is the exchange of things of value consummated. The ledger has three important properties:
replication, which synchronizes all of the copies of the ledger in the network; consensus, which
assures that all ledgers are exact copies; and permissions, which ensure that members of a
network can only see items in ledger that involve them.

When an entry is agreed to and committed to the blockchain’s shared ledger, it cannot be
changed. This is a critical feature, which differentiates blockchain’s ledger from most database
technologies--where entries can be updated and deleted. This makes blockchain resistant to
tampering and provides clear audit trails for parties in transactions and government investigators
to follow. Another critical element of blockchain technology is the “smart contract.” These are
terms of agreement that are captured in software and stored and executed within the blockchain.
The smart contracts automatically fulfill the obligations that members have agreed to. A
blockchain is an ideal place to store and run such contracts because of its immutability and
cryptographic security. In our view, however, most blockchain implementations, and the tools
surrounding them, aren’t yet ready for many serious business uses.

The concept and architecture are taking form, but some key capabilities and standards are
missing or only now emerging. For instance, many enterprise applications require more
extensive security capabilities than most of today’s blockchain implementations offer. Within
healthcare, more extensive privacy protections are needed.So IBM and others in the industry are
augmenting the core blockchain technologies with additional features. One goal is to ensure that
institutions and individuals (whether participants or not) can only access information they’re
supposed to see. A key element is “entitled access,” which is achieved by using modern
cryptography so access to private data requires presentation of encryption keys/certificates held
by authorized participants.

We’re also taking steps to ensure that participants cannot commit fraud or collude in ways that
jeopardize the integrity of the blockchain. Fraud and collusion resistance is achieved by ensuring
that every transaction is validated by all the members of the blockchain networks, which might
include regulatory and clearinghouse institutions.
Lastly, we’re enabling regulators , with permission, to check for regulatory compliance, and for
law enforcement with proper judicial authority, to access details of transactions in the course of
criminal investigations. These additional features will be essential in healthcare scenarios, where
the privacy of individuals is both a legal and moral imperative. Blockchain can prevent against
accidental or malicious privacy breaches by requiring both encryption and multiple signatures to
approve access to sensitive information. There might be a mechanism, for instance, that for a
patient record to be seen, a doctor, a nurse and the patient must approve within the blockchain.

Part 3: Why it’s Critical for Blockchains to be Open and Interoperable

It’s essential for blockchain technology to be developed following the open source model so a
critical mass of organizations will coalesce around it—and reap its full benefits. Because of open
source rules, participants can trust that the technology will fulfill their needs and conform with
industry standards–assuring interoperability between blockchain applications. Also, by sharing
the foundational layer, the participants can focus their individual efforts on industry-specific
applications, platforms, and hardware systems to support transactions.

An open source blockchain with liberal licensing terms and strict governance will enable the
broadest adoption of blockchain by regulated industries. The liberal licensing terms will
accelerate innovation, and the strict governance will hasten adoption and regulatory acceptance.

Given the nature of a blockchain network, industry users and regulators of blockchain are going
to want visibility right down to the source code to verify its source, accuracy and security.We
believe that the best path forward for blockchain is for the tech industry, government, and the
business community to consolidate their efforts around a single open source blockchain
foundation that’s developed and governed in an environment of transparency and cooperation.
We also believe that organizations will be best served if they use industry-specific or function-
specific extensions of that technology, which are created and governed following the same
principles. An example of this might be a banking framework that deals with loans, lenders and
borrowers.

There are several open source blockchain projects, but only the project managed and sanctioned
by the Linux Foundation, called Linux Hyperledger, offers industry friendly terms and multi-
company governance. That’s why we’re participating in the Linux Hyperledger project and
urgingothers to do so as well. The Linux Foundation announced the project last December.
Founding members of the initiative represent a diverse group of stakeholders, including ABN
AMRO, Accenture, ANZ Bank, BNY Mellon, Cisco, The Depository Trust & Clearing
Corporation (DTCC), Deutsche Börse Group, Digital Asset Holdings, Fujitsu Limited, IBM,
Intel, J.P. Morgan, R3, Red Hat, SWIFT, VMware and Wells Fargo.

Already, several companies, including IBM, have contributed high-quality software code,
technology, and intellectual property rights. The transparency, collaboration and shared
governance of this project makes it attractive to participants—whether they’re technology
companies or enterprises who want to deploy the technology.

The reaction to the announcement was overwhelming. More than 2300 organizations or
individuals have asked to participate, the highest such tally in the Linux Foundation’s history.

Part 4: Government’s Stake in Blockchain

Blockchain is a true technology phenomenon. Less than a year ago, it was little known outside a
small group of technologists.

Now, it’s making headlines everywhere and businesses and governments are scrambling to come
to terms with it. The good news for government leaders is that Blockchain has the potential to
transform governmental processes as fundamentally as is does those of the businesses—
providing superior levels of transparency, accuracy and efficiency. It could help governments do
everything from collect taxes and deliver social services benefits, to manage land registries and
assure the integrity of government records.

Take the US Social Security system, for instance. It involves the federal government, millions of
employers, their payroll service providers, and more than 200 million beneficiaries and working
individuals who are paying into the system. This is a model scenario for blockchain. There are
many parties, many rules, many steps in the process of administering the system, and a critical
need for very high levels of privacy protection and security from breaches.

Other potential uses of the technology are quite intriguing. What if the US government began
issuing regulations and monitoring compliance via blockchain technology? And what if the
government implemented the taxation system with blockchain. Individuals and businesses might
never have to file an income tax return. Instead, a blockchain network noting their tax
obligations and recording their financial transactions would continuously invoke the tax code,
assess taxes and transfer money. No need to file a tax return. The possibilities are endless, yet
most governments around the world have not yet begun to come to terms with blockchain. In my
view, there’s a clear role for government—cribbed liberally from a position paper issued recently
by the UK government. It should:

Government should act as an early adopter and start deploying the technology for projects like
voting, recording land registries, managing immigration, and the like.

Invest in research. Just as the National Institute of Standards and Technologyworks with industry
to develop and apply technology, measurements, and standards, the government should
investigate to make sure blockchain technology is robust, secure and scalable, while
understanding the ethical and social implications of potential uses and the costs and benefits of
adoption.
Create a regulation framework. The government needs to make sure that blockchains are being
used in accordance with US laws while avoiding the stifling of innovation through excessive or
rigid regulations.

Set standards to ensure security and privacy. The government needs to work with academia and
industry to ensure that standards are set for the integrity, security and privacy of distributed
ledgers and their contents. These standards need to be reflected in both regulatory and software
code.

Conclusion

Blockchain is a classic emergent technology. It appears to have a broad set of uses and benefits,
but it’s so strikingly different from what people are used to that many business and government
leaders alike are adopting a wait-and-see attitude. We applaud judicious caution, but, at the same
time, we believe that organizations and institutions that don’t quickly assess the potential of
blockchain and begin experimenting with it risk falling behind as the world undergoes what we
see as a tectonic shift.

Therefore, we urge Congress and the Obama administration to study and discover the best uses
of blockchain for the US government and the best regulatory approaches to maximizing its
potential while protecting the interests of citizens. Blockchain may have begun its existence in
the shadows of the cryptocurrency realm, but it now stands in the open—a powerful tool ready to
serve business and society.