Insights & Analyses

OWI Labs op-ed: In trustlessness we trust

October 6, 2017

The OWI Labs op-ed series breaks down the latest news with an inside look at the identity industry dynamics our team of experts is following. This week, OWI Principal Analyst Kaelyn Lowmaster breaks down trust and trustlessness on the blockchain.

There’s a new urgency to the question of whom we can trust with our digital data.

Over the past few weeks, the vulnerability of our credit reporting agencies, government organizations, and financial institutions has fallen under a particularly harsh spotlight. Traditionally, these have been the authoritative institutions that not only shape our digital identities, but also serve as authoritative sources of our digital reputations for a wide range of transactions.

While the value of the consumer information lost or exploited is difficult to measure, consequences for these institutions are, all too often, minimal.

Where can concerned consumers turn, then, if we can’t rely on these historically trusted organizations?

Especially in the wake of the Equifax hack, many in the tech world are pointing to blockchain as the best solution for this crisis of trust.

The original bitcoin blockchain was famously “trustless.” That is, completing a transaction doesn’t require you to know with whom you’re interacting, nor does it require a trusted third party, like a bank or a government, to verify a transaction in order for it to be considered legitimate. The technology’s proof-of-work mechanism provided an elegant means of establishing consensus among all participants in the community, and the transparency and immutability of transactions means that the technology itself is notoriously difficult to fool. The decentralized nature of distributed ledgers is especially attractive after massive corporate databases of personal information have proven to be juicy targets for malicious actors.

As blockchain spreads into a widening array of use cases, from finance and healthcare to digital-identity and beyond, many new blockchain-based companies consider “trustlessness” to be a core virtue of the technology. Customers can have greater control of their data, many claim, when no central authority dictates how our attributes can be shared. They argue that we won’t have to trust a hackable bank to verify a transaction or a fallible credit bureau to track our digital reputation, for example, if we can rely on transparent transactions of encrypted data on a distributed ledger. We could even start a new economy of our personal data, charging others for the right to view and use select information, rather than letting online service providers leverage it for free.

blockchain doesn’t eliminate the need for trust – it just changes where we put it.

But in reality, blockchain doesn’t eliminate the need for trust — it just changes where we put it.

It’s true that some applications of blockchain technology remove the need for counterparty and institutional trust. However, it requires that users shift that confidence to the technology itself and the small group of programmers that create it. With the uptick in adoption across industries, blockchain is moving away from the days where individual users could, for example, mine bitcoin and transfer funds without using intermediaries. The vast majority of consumers currently engaging in transactions involving blockchain, both in cryptocurrency and for other use cases, don’t know how it works at a granular level. But they do trust that the algorithm is sound, the consensus mechanisms are viable, and that, fundamentally, the transaction will work. Trust hasn’t disappeared, even in the most “trustless” blockchain environment.

This “trust shift” has a few key implications as major industries move toward wider blockchain adoption.

First, just because a piece of data is on the blockchain, doesn’t mean it’s necessarily accurate or trustworthy. Especially if a particular blockchain is recording transactions of assets that have manifestations in the physical world (like identity data), there is always a risk of error in the “off-chain” to “on-chain” transaction. The “garbage in, garbage out” problem still exists, no matter how much users trust the algorithms shaping the garbage exchange.

Second, trust in blockchain technology makes it tempting for users to blindly trust associated intermediaries and applications too. Many of the largest cryptocurrency breaches in the past few years, for example, have been due to strikingly familiar failures of security on the part of cryptocurrency exchanges (like phishing attacks or bad password management), rather than hacks of blockchain technology itself. The need for good security hygiene isn’t going away.

Third, it’s hard to regulate technology, no matter how much we trust it to work. Governments can fine Equifax, bring its leadership before Congress, and propose new legislation for how credit bureaus are run, but there’s no precedent for holding programmers accountable for the tech tools they create. There’s no fiduciary standard for tech developers.

While it’s true that blockchain holds promise for solving some of the pressing issues for protecting our digital identities, it’s important to be aware that we as consumers will still be investing a lot of trust, even in “trustlessness.”