On Blockchain Voting

On Blockchain Voting

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze:

Why is blockchain voting a dumb idea? Glad you asked.

For starters:

  • It doesn’t solve any problems civil elections actually have.
  • It’s basically incompatible with “software independence”, considered an essential property.
  • It can make ballot secrecy difficult or impossible.

I’ve also quoted this XKCD cartoon.

But now I have this excellent paper from MIT researchers:

“Going from Bad to Worse: From Internet Voting to Blockchain Voting”
Sunoo Park, Michael Specter, Neha Narula, and Ronald L. Rivest

Abstract: Voters are understandably concerned about election security. News reports of possible election interference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide.This article examines the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading. While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures.Online voting may seem appealing: voting from a computer or smart phone may seem convenient and accessible. However, studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and it may even increase disenfranchisement. More importantly: given the current state of computer security, any turnout increase derived from with Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded. This state of affairs will continue as long as standard tactics such as malware, zero days, and denial-of-service attacks continue to be effective.This article analyzes and systematizes prior research on the security risks of online and electronic voting, and show that not only do these risks persist in blockchain-based voting systems, but blockchains may introduce additional problems for voting systems. Finally, we suggest questions for critically assessing security risks of new voting system proposals.

You may have heard of Voatz, which uses blockchain for voting. It’s an insecure mess. And this is my general essay on blockchain. Short summary: it’s completely useless.

How will blockchain impact the global economy?

An analysis by PwC shows blockchain technology has the potential to boost global gross domestic product (GDP) by $1.76 trillion over the next decade. That is the key finding of a report assessing how the technology is being currently used and exploring the impact blockchain could have on the global economy.

blockchain impact

Through analysis of the top five uses of blockchain, ranked by their potential to generate economic value, the report gauges the technology’s potential to create value across industry, from healthcare, government and public services, to manufacturing, finance, logistics and retail.

“Blockchain technology has long been associated with cryptocurrencies such as Bitcoin, but there is so much more that it has to offer, particularly in how public and private organizations secure, share and use data,” comments Steve Davies, Global Leader, Blockchain and Partner, PwC UK.

“As organizations grapple with the impacts of the COVID-19 pandemic, many disruptive trends have been accelerated. The analysis shows the potential for blockchain to support organizations in how they rebuild and reconfigure their operations underpinned by improvements in trust, transparency and efficiency across organizations and society.”

Key takeaways

  • The report identifies five key application areas of blockchain and assesses their potential to generate economic value using economic analysis and industry research. The analysis suggests a tipping point in 2025 as blockchain technologies are expected to be adopted at scale across the global economy.
  • Tracking and tracing of products and services – or provenance – which emerged as a new priority for many companies’ supply chains during the COVID-19 pandemic, has the largest economic potential ($962bn). Blockchain’s application can be wide ranging and support companies ranging from heavy industries, including mining through to fashion labels, responding to the rise in public and investor scrutiny around sustainable and ethical sourcing.
  • Payments and financial services, including use of digital currencies, or supporting financial inclusion through cross border and remittance payments ($433bn).
  • Identity management ($224bn) including personal IDs, professional credentials and certificates to help curb fraud and identity theft.
  • Application of blockchain in contracts and dispute resolution ($73bn), and customer engagement ($54bn) including blockchain’s use in loyalty programmes further extends blockchain’s potential into a much wider range of public and private industry sectors.

Blockchain’s success will depend on a supportive policy environment, a business ecosystem that is ready to exploit the new opportunities that technology opens, and a suitable industry mix.

Economic benefits across continents

Across all continents, Asia will likely see the most economic benefits from blockchain technology. In terms of individual countries, blockchain could have the highest potential net benefit in China ($440bn) and the USA ($407bn). Five other countries – Germany, Japan, the UK, India, and France – are also estimated to have net benefits over $50bn.

The benefits for each country differ however, with manufacturing focused economies such as China and Germany benefiting more from provenance and traceability, while the US would benefit most from its application in securitisation and payments as well as identity and credentials.

At a sector level, the biggest beneficiaries look set to be the public administration, education and healthcare sectors. These sectors are expected to benefit approximately $574bn by 2030, by capitalising on the efficiencies blockchain will bring to the world of identity and credentials.

Meanwhile, there will be broader benefits for business services, communications and media, while wholesalers, retailers, manufacturers and construction services, will benefit from using blockchain to engage consumers and meet demand for provenance and traceability.

Digital transformation as top priority

The potential for blockchain to be considered as part of organizations’ future strategy is linked to a research with business leaders that showed 61% of CEOs said they were placing digital transformation of core business operations and processes among their top three priorities, as they rebuild from COVID-19.

“One of the biggest mistakes organizations can make with implementing emerging technologies is to leave it in the realm of the enthusiast in the team. It needs C-Suite support to work, identify the strategic opportunity and value, and to facilitate the right level of collaboration within an industry,” comments Davies.

“Given the scale of economic disruption organizations are dealing with currently, establishing proof of concept uses which can be extended and scaled if successful, will enable businesses to identify the value, while building trust and transparency in the solution to deliver on blockchain’s potential.”

The report warns that if blockchain’s economic impact potential is to be realized, its energy overhead must be managed. Growing business and government action on climate change, including commitments to Net Zero transformation, will mean that organizations need to consider new models for consolidating and sharing infrastructure resources to reduce reliance on traditional data centres and their overall technology related energy consumption.

MatRiCT: A quantum-safe and privacy-preserving blockchain protocol

Researchers from CSIRO’s Data61 and the Monash Blockchain Technology Centre have developed the world’s most efficient blockchain protocol that is both secure against quantum computers and protects the privacy of its users and their transactions.

MatRiCT

The technology can be applied beyond cryptocurrencies, such as digital health, banking, finance and government services, as well as services which may require accountability to prevent illegal use.

The protocol — a set of rules governing how a blockchain network operates — is called MatRiCT.

Cryptocurrencies vulnerable to attacks by quantum computers

The cryptocurrency market is currently valued at more than $325 billion, with an average of approximately $50 billion traded daily over the past year.

However, blockchain-based cryptocurrencies like Bitcoin and Ethereum are vulnerable to attacks by quantum computers, which are capable of performing complex calculations and processing substantial amounts of data to break blockchains, in significantly faster times than current computers.

“Quantum computing can compromise the signatures or keys used to authenticate transactions, as well as the integrity of blockchains themselves,” said Dr Muhammed Esgin, lead researcher at Monash University and Data61’s Distributed Systems Security Group. “Once this occurs, the underlying cryptocurrency could be altered, leading to theft, double spend or forgery, and users’ privacy may be jeopardised.

“Existing cryptocurrencies tend to either be quantum-safe or privacy-preserving, but for the first time our new protocol achieves both in a practical and deployable way.”

The MatRiCT protocol is based on hard lattice problems, which are quantum secure, and introduces three new key features: the shortest quantum-secure ring signature scheme to date, which authenticates activity and transactions using only the signature; a zero-knowledge proof method, which hides sensitive transaction information; and an auditability function, which could help prevent illegal cryptocurrency use.

Blockchain challenged by speed and energy consumption

Speed and energy consumption are significant challenges presented by blockchain technologies which can lead to inefficiencies and increased costs.

“The protocol is designed to address the inefficiencies in previous blockchain protocols such as complex authentication procedures, thereby speeding up calculation efficiencies and using less energy to resolve, leading to significant cost savings,” said Dr Ron Steinfeld, associate professor, co-author of the research and a quantum-safe cryptography expert at Monash University.

“Our new protocol is significantly faster and more efficient, as the identity signatures and proof required when conducting transactions are the shortest to date, thereby requiring less data communication, speeding up the transaction processing time, and reducing the amount of energy required to complete transactions.”

“Hcash will be incorporating the protocol into its own systems, transforming its existing cryptocurrency, HyperCash, into one that is both quantum safe and privacy protecting,” said Dr Joseph Liu, associate professor, Director of Monash Blockchain Technology Centre and HCash Chief Scientist.

Are today’s organizations ready for the data age?

67% of business and IT managers expect the sheer quantity of data to grow nearly five times by 2025, a Splunk survey reveals.

data age

The research shows that leaders see the significant opportunity in this explosion of data and believe data is extremely or very valuable to their organization in terms of: overall success (81%), innovation (75%) and cybersecurity (78%).

81% of survey respondents believe data to be very or highly valuable yet 57% fear that the volume of data is growing faster than their organizations’ ability to keep up.

“The aata age is here. We can now quantify how data is taking center stage in industries around the world. As this new research demonstrates, organizations understand the value of data, but are overwhelmed by the task of adjusting to the many opportunities and threats this new reality presents,” said Doug Merritt, President and CEO, Splunk.

“There are boundless opportunities for organizations willing to quickly learn and adapt, embrace new technologies and harness the power of data.”

The data age has been accelerated by emerging technologies powered by, and contributing to, exponential data growth. Chief among these emerging technologies are Edge Computing, 5G networking, IoT, AI/ML, AR/VR and Blockchain.

It’s these very same technologies 49% of those surveyed expect to use to harness the power of data, but across technologies, on average, just 42% feel they have high levels of understanding of all six.

Data is valuable, and data anxiety is real

To thrive in this new age, every organization needs a complete view of its data — real-time insight, with the ability to take real-time action. But many organizations feel overwhelmed and unprepared. The study quantifies the emergence of a data age as well as the recognition that organizations have some work to do in order to use data effectively and be successful.

  • Data is extremely or very valuable to organizations in terms of: overall success (81%), innovation (75%) and cybersecurity (78%).
  • And yet, 66% of IT and business managers report that half or more of their organizations’ data is dark (untapped, unknown, unused) — a 10% increase over the previous year.
  • 57% say the volume of data is growing faster than their organizations’ ability to keep up.
  • 47% acknowledge their organizations will fall behind when faced with rapid data volume growth.

Some industries are more prepared than others

The study quantifies the emergence of a data age and the adoption of emerging technologies across industries, including:

  • Across industries, IoT has the most current users (but only 28%). 5G has the fewest and has the shortest implementation timeline at 2.6 years.
  • Confidence in understanding of 5G’s potential varies: 59% in France, 62% in China and only 24% in Japan.
  • For five of the six technologies, financial services leads in terms of current development of use cases. Retail comes second in most cases, though retailers lag notably in adoption of AI.
  • 62% of healthcare organizations say that half or more of their data is dark and that they struggle to manage and leverage data.
  • The public sector lags commercial organizations in adoption of emerging technologies.
  • Manufacturing leaders predict growth in data volume (78%) than in any other industry; 76% expect the value of data to continue to rise.

Some countries are more prepared than others

The study also found that countries seen as technology leaders, like the U.S. and China, are more likely to be optimistic about their ability to harness the opportunities of the data age.

  • 90% of business leaders from China expect the value of data to grow. They are by far the most optimistic about the impact of emerging technologies, and they are getting ready. 83% of Chinese organizations are prepared, or are preparing, for rapid data growth compared to just 47% across all regions.
  • U.S. leaders are the second most confident in their ability to prepare for rapid data growth, with 59% indicating that they are at least somewhat confident.
  • In France, 59% of respondents say that no one in their organization is having conversations about the impact of the data age. Meanwhile, in Japan 67% say their organization is struggling to stay up to date, compared to the global average of 58%.
  • U.K. managers report relatively low current usage of emerging technologies but are optimistic about plans to use them in the future. For example, just 19% of U.K. respondents say they are currently using AI/ML technologies, but 58% say they will use them in the near future.

Why a single online name and social cards will be the new norm

Each day, online users provide companies, organizations, and other individuals with vital personal information without much thought. As social networks and brands began to use this data to make money, people have lost their control over how their data is handled.

social cards

Social cards

Just last year, data breaches hit an all-time high with a 17% rise from 2018. Many of these leaks have exposed the private data of hundreds of millions of individuals who shared it with financial institutions, healthcare providers, or social media platforms.

Over the last decade, the rise of social media giants sparked one of the most relevant conversations about privacy. The truth is that not much has changed in how platforms collect and handle our information. As users realize data is a commodity, they will start taking much more control of the usage, ownership, and value of their information than ever before.

A movement based on the principle of letting people own their digital identity is brewing. Users are looking for ways to control their online persona, with single online names and social cards becoming the norm — but what exactly are these tools, and how do they empower consumers that want to take back control of their data?

Your identity online – centralized

Every new service or subscription a person signs up for requires them to give out essential data, whether it’s healthcare information, social security numbers, age, gender, or income — all of which can be easily misused if found in the wrong hands. Just last year, one of the biggest data breaches in history took place. First American Corporation, a title settlement service company, had 885 million real estate documents compromised.

The integrity of your social information is not in safe hands either. Just two years ago, Facebook famously faced one its biggest scandals by allowing a third-party app to gather the information of more than 50 million people; said data ended up in the hands of Cambridge Analytica, a controversial firm, who used it to work with election campaign teams in many countries all over the world.

But the tides are turning: With new movements and demands for greater user privacy, we have seen various solutions emerge on the market. Investors are driving developments of decentralized data platforms, and supporting efforts to democratize data in unseen ways.

Taking control of one’s digital identity can be done through self-sovereign identity (SSI). This is, in essence, a movement based on the idea that users should be in control of their information, deciding how and with whom they share it.

How do SSI cards work?

Current data storage methods are not only dangerous but inefficient for consumers. Using social cards allows the users to always be in control of their private information in a more flexible way, as it gives individuals the ability to set parameters on what others get to see. People may only permit employers to access their professional credentials, while their friends and family members get permission to their social information. It’s a matter of letting everyone decide to which degree of privacy they feel comfortable with.

The idea of self-sovereign identity – that is, a credential owned by an individual, to be accessed only with the individual’s express consent – has existed for years; yet it’s only with the expansion of blockchain technology that it has become a feasible concept for consumers. Blockchain, along with platforms like IPFS and Hyperledger allows for a decentralized solution directly tackling the privacy issues of vulnerable data storage, given the encrypted nature of these tools.

This blockchain identity is both verifiable and immutable; there’s no chance of misinformation when users know exactly who’s requesting their data and what that data says. The path toward a self-sovereign identity is difficult to predict. There are many challenges related to governance, policy, and trust frameworks that have not been tackled. However, each day SSI gains more traction, and this discussion becomes inevitable.

Peek behind the curtain

One of the biggest challenges is the standardization of SSI, which is a conversation that is bound to happen on a government level as the number of individuals adopting said technology grows. This adoption may take time, but with pressures both from top stakeholders and consumers, we’re moving towards widespread adoption.

By 2030, the United Nations wants to provide a universal identity for all human beings on the planet. This blockchain-powered solution could allow each person to hold a credential tied to their fingerprints, birth date, medical records, education, travel, bank accounts, and more. Although the extent of the Self Sovereign part is still under discussion, the technology could provide a secure and trackable ID to everyone.

While the future is uncertain, the way consumers perceive and handle their data is changing fast. Suggesting blockchain as a miracle solution for any issue is often criticized, but decentralizing online identity is one of its strongest features. Hopefully a transition to self-sovereign identity could help individuals gain back control of where their personal information is located, letting them have authority over themselves.

Encryption is finally being used primarily to protect personal data rather than just for compliance

As organizations accelerate digital initiatives such as cloud and the IoT, and data volumes and types continue to rise, IT professionals cite protection of customer personal information as their number one priority, according to nCipher Security and the Ponemon Institute.

deploying encryption

Threats, drivers and priorities

For the first time, protecting consumer personal information is the top driver for deploying encryption (54% of respondents), outranking compliance, which ranked fourth (47%).

Traditionally compliance with regulations was the top driver for deploying encryption, but has dropped in priority since 2017, indicating that encryption is transitioning from a requirement to a proactive choice to safeguard critical information.

Employee mistakes continue to be the biggest threat to sensitive data (54%) and significantly outweigh concerns over attacks by hackers (29%), or malicious insiders (20%). In contrast, the least significant threats cited include government eavesdropping (11%) and lawful data requests (12%).

Data discovery the number one challenge

With the proliferation of data from digital initiatives, cloud use, mobility, IoT devices and the advent of 5G networks, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy, with 67% of respondents citing this as their top concern. And that is likely to increase, with a pandemic-driven surge in employees working remotely, using data at home, creating extra copies on personal devices and cloud storage.

Blockchain, quantum and adoption of new encryption technologies

The study indicates that 48% of organizations have adopted encryption strategies across their enterprises, up from 45% in 2019. With encryption deployment steadily growing, how are organizations looking ahead? In the near term, 60% of organizations plan to use blockchain, with cryptocurrency/wallets, asset transactions, identity, supply chain and smart contracts cited at the top use cases.

Other much-hyped technologies are not on IT organizations’ near-term radar. Most IT professionals see the mainstream adoption of multi-party computation at least five years away, with mainstream adoption of homomorphic encryption more than six years away, and quantum resistant algorithms over eight years out.

Trust, integrity, control

The use of hardware security modules (HSMs) continues to grow, with 48% of respondents deploying HSMs to provide a hardened, tamper-resistant environment with higher levels of trust, integrity and control for both data and applications.

Organizations in Germany, the United States and Middle East are more likely to deploy HSMs, with Australia, Germany and the United States most likely to assign importance to HSMs as part of their organization’s encryption or key management activities.

HSM usage is no longer limited to traditional use cases such as public key infrastructure (PKI), databases, application and network encryption (TLS/SSL).

The demand for trusted encryption for new digital initiatives has driven significant HSM growth for big data encryption (up 17%) code signing (up 12%), IoT root of trust (up 10%) and document signing (up 7%). Additionally, 35% of respondents report using HSMs to secure access to public cloud applications.

The race to the cloud

Eighty-three percent of respondents report transferring sensitive data to the cloud, or planning to do so within the next 12 to 24 months, with organizations in the United States, Brazil, Germany, India and South Korea doing so most frequently.

In the next 12 months, respondents predict a significant increase in the ownership and operation of HSMs to generate and manage Bring Your Own Key (BYOK), and integration with a Cloud Access Security Broker (CASB) to manage keys and cryptographic operations. The survey found that the most important cloud encryption features are:

  • support for Key Management Interoperability Protocol (KMIP) (67%)
  • security information and event management (SIEM) integration (62%)
  • granular access controls (60%)
  • key usage audit logs (55%), and
  • privileged user access controls (50%).

“Consumers expect brands to keep their data safe from breaches and have their best interests at heart. The survey found that IT leaders are taking this seriously, with protection of consumer data cited as the top driver of encryption growth for the first time,” says Dr Larry Ponemon, chairman and founder of Ponemon Institute.

Encryption use is at an all-time high with 48% of respondents this year saying their organization has an overall encryption plan applied consistently across the entire enterprise, and a further 39% having a limited plan or strategy applied to certain application and data types.”

“As the world goes digital, the impact of the global pandemic highlights how security and identity have become critical for organizations and individuals both at work and at home,” says John Grimm vice president of strategy at nCipher Security.

“Organizations are under relentless pressure to deliver high security and seamless access – protecting their customer data, business critical information and applications while ensuring business continuity.”

Other key trends

  • The highest prevalence of organizations with an enterprise encryption strategy is in Germany (66%) followed by the United States (66%), Sweden (62%), Hong Kong (60%), Netherlands (56%) and the United Kingdom (54%).
  • Payment-related data (54% of respondents) and financial records (54% of respondents) are most likely to be encrypted.
  • The least likely data type to be encrypted is health-related information (25% of respondents), a surprising result given the sensitivity of this information and recent high-profile healthcare data breaches.
  • The industries seeing the most significant increase in extensive encryption usage are manufacturing (49%), hospitality (44%) and consumer products (43%).

Researchers develop data exchange approach with blockchain-based security features

An IT startup has developed a novel blockchain-based approach for secure linking of databases, called ChainifyDB.

ChainifyDB

“Our software resembles keyhole surgery. With a barely noticeable procedure we enhance existing database infrastructures with blockchain-based security features. Our software is seamlessly compatible with the most common database management systems, which drastically reduces the barrier to entry for secure digital transactions,” explains Jens Dittrich, Professor of Computer Science at Saarland University at Saarbrücken, Germany.

How does ChainifyDB work?

The system offers various mechanisms for a trustworthy data exchange between several parties. The following example shows one of its use cases.

Assume some doctors are treating the same patient and want to maintain his or her patient file together. To do this, the doctors would have to install the Saarbrücken researchers’ software on their existing database management systems. Then, they could jointly create a data network.

In this network, the doctors set up a shared table in which they enter the patient file for the shared patient. “If a doctor changes something in his table, it affects all other tables in the network. Subsequent changes to older table states are only possible if all doctors in the network agree,” explains Jens Dittrich.

Another special feature: If something about the table is changed, the focus is not on the change itself, but on its result. If the result is identical in all tables in the network, the changes can be accepted. If not, the consensus process starts again.

“This makes the system tamper-proof and guarantees that all network participants’ tables always have the same status. Furthermore, only the shared data in the connected tables is visible to other network participants; all other contents of the home database remain private”, emphasizes Dr. Felix Martin Schuhknecht, Principal Investigator of the project.

Advantages for security-critical situations

The new software offers advantages especially for security-critical situations, such as hacker attacks or when business partners cannot completely trust each other. Malicious participants can be excluded from a network without impairing its functionality.

If a former participant is to be reinstated, the remaining network participants only have to agree on a “correct” table state. The previously suspended partner can then be set to this state. “As far as we know, this function is not yet offered by any comparable software,” adds Dittrich.

In order to bring ChainifyDB to market, the German Federal Ministry of Education and Research is supporting the Saarbrücken researchers’ start-up, which is currently being founded, with 840,000 euros.

Cryptocurrency crime losses more than double to $4.5 billion in 2019

Cryptocurrency users, exchanges and investors suffered $4.5 billion in crypto-related losses resulting from thefts, hacks, and fraud, a CipherTrace report reveals.

cryptocurrency crime losses

Cryptocurrency crime losses

The lion’s share of those losses stem from the staggering growth of Ponzi schemes, exit scams, and misappropriation of funds crimes, the value of which rose 533 percent year over year.

Also, traditional financial services have become increasingly infused with crypto assets. For instance, results of an extensive analysis of the blockchain found almost all U.S. banks harbor illicit virtual asset related money service businesses (MSBs), including cryptocurrency exchanges.

Of additional concern for banks, 66 percent of dark market vendors sell stolen financial products and compromised accounts for cryptocurrency. And virtually all (97 percent) of ransomware attacks use bitcoin as the payment rail.

“Our research revealed some surprising trends in 2019,” said David Jevans, CEO of CipherTrace. “First, there was a dramatic shift away from outright thefts and exchange hacks and toward Ponzi schemes, exit scams, and other con games.

“Second, like them or not, banks have a lot more virtual assets lurking in their accounts and payment networks than most in the industry had previously thought. Banks need new capabilities to ferret out illicit MSBs, terrorist financing, and other major sources of risk.”

The report also provides an overview of regulatory moves throughout the world. This includes a comprehensive chart of anti-money laundering (AML) regulations by country, an update on the respective blockchain-related enforcement authority of the SEC, FinCEN, and the CFTC, and detailed reports on major regulatory and eCrime developments in various countries.

Trends in theft, fraud, hacks and misappropriation of funds

Cryptocriminals had a banner year in 2019. Total cryptocurrency crime increased 160 percent from 2018. However, as the report suggests, if 2019 had a Person of the Year, it would have been The Malicious Insider.

The culprits behind most of the losses were fraudsters operating inside everything from seemingly legitimate blockchain projects that were actually exit scams to crypto Ponzi and pyramid schemes. Ultimately, all that $4.5B worth of illicit cryptocurrency needs to be laundered.

Crypto-asset blind spots expose banks to risk

The typical top 10 U.S. bank unknowingly facilitates approximately $2 billion in illicit cryptocurrency transactions each year. Stealth MSBs using accounts and payment networks expose financial institutions to significant AML and counter terrorism financing (CTF) compliance risk.

Further research revealed banks paid record AML fines globally in 2019—more than $6.2 billion. This number could increase in 2020 as crypto-related money laundering and sanction evasion enforcement ramps up.

“As crypto-assets become increasingly entangled in traditional financial services, AML and CTF compliance risks are on the rise,” said Stephen Ryan, COO of CipherTrace.

“Virtual assets are now pervasive in bank accounts and payment networks, and banks must find ways to deal with the risks. Effectively mitigating cryptocurrency risks requires equipping compliance officers with the best tools and intelligence to gain visibility into this new asset class.”

Darknet markets

The report also outlined a multi-year research project into darknet markets and other illicit vendors, which revealed that of dark market vendors:

  • 40 percent hawked compromised bank account or credit card credentials for as little as 1 percent of face value
  • 24 percent offered compromised payment services accounts
  • 2 percent sold stolen cryptocurrency private keys

These findings further highlighted the issues banks and financial institutions face with regards to payment fraud and virtual asset laundering risks.

The research also showed that bitcoin is the payment of choice for cyber extortionists. During the last year, they demanded BTC as payment in 97 percent of ransomware attacks. All of this extorted bitcoin will need to be laundered before criminals can use the funds.

cryptocurrency crime losses

2020 will be a year of intense regulatory changes

The research team identified varying levels of maturity and sophistication in AML/CTF regimes around the globe. For instance, AMLD5 went into effect across the European Union early January regulating crypto-fiat exchanges for the first time in most EU countries.

Additionally, CipherTrace described urgency among its customers and industry players around pending FATF Travel Rule legislation.

Exchanges and financial institutions in the G20 have less than six months to find a solution for dealing with this major compliance conundrum—how to comply with the requirement to share sender and receiver information before executing cryptocurrency transactions, while protecting confidentiality.

In the US, financial institutions including virtual asset service providers (VASPs) have been reminded by FinCEN that they must meet their funds Travel Rule obligations under the BSA or face enforcement actions.

Benefits of blockchain pilot programs for risk management planning

Through 2022, 80% of supply chain blockchain initiatives will remain at a proof-of-concept (POC) or pilot stage, according to Gartner.

blockchain pilot programs

One of the main reasons for this development is that early blockchain pilots for supply chain pursued technology-oriented models that have been successful in other sectors, such as banking and insurance. However, successful blockchain use cases for supply chain require a different approach.

“Modern supply chains are very complex and require digital connectivity and agility across participants,” said Andrew Stevens, senior director analyst with the Gartner Supply Chain practice.

“Many organizations believed that blockchain could help navigate this complexity and pushed to create robust use cases for the supply chain. However, most of these use cases were inspired by pilots from the banking and insurance sector and didn’t work well in a supply chain environment.”

This setback should not discourage supply chain leaders from experimenting with blockchain. Blockchain use cases simply require a different approach for supply chain than for other sectors.

From technology-first to technology roadmaps

Adopting a technology-first approach that exclusively targets blockchain infrastructure was the initial idea for use cases in supply chain, mirroring the approach of the banking and insurance sector.

However, this approach did not work, because in contrast to the highly digital-only fintech blockchain use cases, many supply chain use cases will need to capture events and data across physical products, packaging layers and transportation assets.

Additionally, supply chain leaders need to understand how these events can be digitalized for sharing across a potential blockchain-enabled ecosystem of stakeholders.

“Today, supply chain leaders have now started to treat blockchain as part of a longer-term technology roadmap and risk management planning. We see that many leaders are adopting a broader end-to-end view across their supply chains and map all requirements – from sourcing across manufacturing to the final distribution,” Mr. Stevens added.

“Having blockchain as part of an overall technology portfolio has created opportunities for internal collaboration across many areas that have a potential interest in blockchain, such as logistics and IT.”

Blockchain pilot programs

Though most blockchain initiatives didn’t survive past the pilot phase, they have provided fresh stimuli for supply chain leaders to conduct broader supply chain process and technology reviews.

“Many supply chain leaders that have conducted blockchain initiatives found that they now have a more complete overview of the current health of their supply chain. Their perception on how blockchain can be used in the supply chain also has shifted,” Mr. Stevens said.

“By going through the process of deploying blockchain pilot programs, they discovered what needs to change in their organization before blockchain technology can be leveraged effectively.”

Before starting another initiative, supply chain leaders should identify and establish key criteria and technology options for measuring and capturing metrics and data that can indicate an organization’s readiness to explore blockchain.

“In a way, blockchain is a collaboration agent. It forces an organization to continually assess on a broad scale if its structure and employees are ready to embrace this new technology,” Mr. Stevens concluded.

Companies risk revenue growth due to innovation achievement gap

While a majority of CEOs express strong confidence in the effectiveness of their current IT systems, most are struggling to close the innovation achievement gap to drive growth and revenue, according to a global study by Accenture.

innovation achievement gap

The is based on Accenture’s largest enterprise IT study conducted to date, including survey data from more than 8,300 organizations across 20 countries and 885 CEOs.

Innovation achievement gap: Adopting new technologies

The research, which analyzed the adoption of both mature and emerging technologies – such as artificial intelligence, cloud, blockchain, and extended reality – found that just 10% of companies are making optimal technology investment and adoption decisions and realizing the full value of those investments.

By adopting new technologies more aggressively and breaking down barriers to effectively scale innovation across their organizations, these leading companies are generating more than twice the rate of revenue growth than those on the lower end of the spectrum.

At the same time, the study found that 80% of CEOs believe they have the right technologies in place to innovate at scale, and 70% claim to be very knowledgeable of their organization’s investments in innovation.

Key factors that distinguish the top 10% of companies from the rest

  • Progress: The extent to which companies apply new technology to evolve business processes across the enterprise. One example is the use of cloud and AI to increase the effectiveness of multiple business processes rather than working in silos.
  • Adaptation: Ensuring that IT systems can adapt and respond to changing market conditions with actions such as decoupling from legacy systems and using cloud services as a catalyst for innovation.
  • Timing: Creating an appropriate sequence and roadmaps for deploying new technology. This begins with identifying foundational technologies and prioritizing adoption based on their enterprise-wide impact.
  • Human+machine workforce: Using technologies to augment employees and make work more engaging while simultaneously realizing efficiency gains. This could entail delivering technology-augmented training that is personalized and experiential for working with technologies of the future.
  • Strategy: Actively aligning business strategy and IT strategy and weaving technology investments together to better seize opportunities.

innovation achievement gap

“Companies that are not actively building enterprise-wide systems that are fully optimized for all of the rapidly-maturing technologies will find it difficult to catch up, and will see that reflected negatively in their financial performance,” said James Wilson, managing director of Information Technology and Business Research at Accenture.

Six trends attracting the attention of enterprise technology leaders

Organizations around the world will accelerate enterprise technology investment in 2020, leveraging digital improvements to make them more competitive, improve connections with consumers, and keep up with the increasing demands of privacy regulation and security needs.

enterprise technology investment 2020

Hyland has identified six technology trends that will drive these improvements and demand the attention of CIOs CTOs in the coming year and beyond.

Prioritize cloud control

Organizations will opt for managed cloud services to increase security and efficiency. Because hosting solutions in a public cloud requires extensive internal oversight, CIOs and CTOs see the value in outsourcing the management and hosting of their cloud infrastructure to experts who handle:

  • Backing up data and implementing the latest security measures
  • Maintaining and updating solutions to ensure compliance with national and international regulations
  • Disaster recovery
  • Scaling solutions up or down as data needs fluctuate

Enterprise technology investment should focus on data security in 2020

The proliferation of national, international and even statewide data and privacy regulations — such as GDPR and the CCPA — is forcing organizations to rethink the way they manage and protect information.

As the stakes for companies to comply continue to rise, so will the challenge to keep up with the ever-changing regulations. Keeping data in perpetuity is no longer an option. As a result, organizations are investing in enterprise technology like content services solutions to automate document retention and records management policies.

Push blockchain beyond Bitcoin

As business processes generate more and more data, and digital transactions increase, the need for transparency and authentication will grow. Blockchain is an increasingly viable way to provide those assurances across industries, from higher education to mortgage lending.

Using tech to answer economic questions

The strong yet unpredictable economy will drive organizations to seek efficiencies today so they can be more nimble and competitive in the future.

In the same way manufacturers have used technology to improve efficiency on the factory floor, organizations in every industry will focus on reducing the cost and complexity of business processes by improving the efficiency of knowledge workers in the back office.

Areas such as accounts payable and other transactional departments are now looking to second- or third-generation solutions that intelligently automate processes.

enterprise technology investment 2020

Enterprise technology investment 2020: Accelerate automation

Fifty-two percent of the Fortune 500 companies that existed in the year 2000 no longer exist due to bankruptcy, mergers and acquisitions, or other reasons. This pace of change will accelerate, as the rise of intelligent automation technology will create new sources of revenue, leading to the rise of new companies and the demise of others.

Robotic process automation will allow “digital workers” to toil around the clock at blinding speeds — complementing human workers and eliminating the most tedious, repetitive manual tasks.

Machine learning and AI will augment the productivity of knowledge workers by driving more processes and making more contextual decisions, freeing up employees to focus on the highest value tasks.

Embrace tech as a customer loyalty program

With the rise of consumerization and the expectation for rapid response in every interaction, organizations are looking to speed up processes in order to improve employee and customer experiences — and thereby gain a competitive edge. Content services technology will play a critical role in organizations’ quest to deliver better experiences to the people they serve.

Judge allows suit against AT&T after $24 million cryptocurrency theft

An AT&T store in New Jersey.

Enlarge / An AT&T store in New Jersey.
Michael Brochstein/SOPA Images/LightRocket via Getty Images

When Michael Terpin’s smartphone suddenly stopped working in June 2017, he knew it wasn’t a good sign. He called his cellular provider, AT&T, and learned that a hacker had gained control of his phone number.

The stakes were high because Terpin is a wealthy and prominent cryptocurrency investor. Terpin says the hackers gained control of his Skype account and tricked a client into sending a cryptocurrency payment to the hackers instead of to Terpin.

After the attack, Terpin asked AT&T to escalate the security protections on his phone number. According to Terpin, AT&T agreed to set up a six-digit passcode that must be entered before anyone could transfer Terpin’s phone number.

But the new security measures didn’t work. In January 2018, “an AT&T store cooperated with an imposter committing SIM swap fraud,” Terpin alleged in his August 2018 lawsuit against AT&T. The thieves “gained control over Mr. Terpin’s accounts and stole nearly $24 million worth of cryptocurrency from him.”

Terpin sued AT&T, seeking at least $24 million in actual damage and millions more in punitive damages. Terpin also asked the court to void terms in AT&T’s customer agreement that disclaim liability for security problems—even in cases of negligence by AT&T. Terpin argued that these boilerplate terms are unconscionable because customers never have an opportunity to negotiate them.

But AT&T asked the judge to dismiss the case, arguing that Terpin didn’t adequately explain how the phone hack led to the loss of his cryptocurrency. Terpin’s lawsuit provided no details about how Terpin had stored his cryptocurrency, how the hackers had gained access to it, or if they might have been able to carry out a similar attack without control of Terpin’s phone number. In any event, AT&T argued that it shouldn’t be held responsible for the misconduct of the hackers who actually carried out the theft of cryptocurrency.

A mixed ruling

On Thursday, Judge Otis Wright—a man we once depicted as a hulking green giant preparing to smash the copyright trolls at Prenda Law—issued a ruling that provided some reason for each side to celebrate.

Wright agreed with AT&T that Terpin had not adequately explained how the hack of his account led to the theft of his cryptocurrency or why AT&T should bear responsibility. As a result, he dismissed claims that relied on Terpin’s claimed $24 million loss.

However, Wright dismissed the claims with “leave to amend,” meaning that Terpin has 21 days to file a new version of his lawsuit that more fully explains how the cryptocurrency was stolen and why AT&T should be held responsible.

At the same time, Wright allowed the case to move forward with Terpin’s arguments against AT&T’s one-sided customer agreement. Wright hasn’t yet voided the terms, but he found Terpin’s arguments on the issue plausible enough to let the case continue.

“We are pleased the court dismissed most of the claims,” AT&T said in an emailed statement. “The plaintiff will have the opportunity to re-plead but we will continue to vigorously contest his claims.”

This kind of phone hacking incident is of particular concern in the cryptocurrency world because of the non-reversibility of most virtual currencies. If a hacker steals funds from a conventional bank account, a fast-acting victim can usually get the transaction reversed and the funds restored. By contrast, if a hacker steals someone’s bitcoins, they’re likely to be gone permanently, since no one has the authority to cancel transactions once they’re committed to the blockchain.

As a result, cryptocurrency is much more of a “user beware” world than the conventional banking system. If you own a significant amount of cryptocurrency—and especially if you’re publicly known to have a significant amount of cryptocurrency—then it’s wise to store it in a way that doesn’t depend on the security of your phone number.