The National Institute of Standards and Technology is prepping the final version of a report on effective blockchain use—and when to avoid it.
One of my Nextgov predictions for technology and government in 2018 was a more mainstream use of blockchain technology in government and the private sector. And it looks like that one might be coming true, as the National Institute of Standards and Technology readies the final version of Interagency Report 8202, straightforwardly entitled Blockchain Technology Overview. The report is aimed at showing ways that government could use blockchain effectively and cautions about a few situations when it should be avoided.
For the most part, researchers examining the technology were impressed. “Blockchain is a powerful new paradigm for business,” said Dylan Yaga, a NIST computer scientist and one of the authors of NIST Interagency Report 8202, “People should use it—if it’s appropriate.”
When it was originally created in 2009, blockchain was used to secure the emerging concept of cryptocurrency. It’s one of the main ideas that enabled the ubiquitous Bitcoin monetary unit. As such, it has mostly been associated with cryptocurrency, especially because it allows for the creation of a public record of transactions while keeping the actual participants anonymous.
But it has many potential uses beyond just finance. Blockchain works because every record, which is also called a block, within the transactional chain is protected by encryption. As the record changes hands, new blocks are created that point back to the previous records within the chain. And once recorded, no data can be changed or altered without going back and modifying every subsequent block—a process that normally requires permission from all previous record holders. In a sense, it gets more secure the longer it’s used. But the really interesting thing about blockchain is that it does not require a centralized server to make transactions. It’s truly a distributed computing platform, which makes it even more secure because there is no central server to attack or compromise.
The government is likely considering blockchain as a way to create truly secure messaging, with every new message block getting encrypted and linked back to all previous messages. Nobody could modify the current message, or alter any previous ones, without alerting the owners of every other record along the way. This could also be a great way to secure supply chains and ensure proper proof of custody for highly secure files.
Part of the National Defense Authorization Act of 2018 directed the Defense Department to conduct a comprehensive study of blockchain technology to find out where it can be successfully deployed in government. But the NIST Interagency Report 8202 is the first public view of what is being done to bring more blockchain to agencies.
In typically cautious NIST fashion, the report avoids embracing blockchain as vigorously as many companies and organizations in the private sector. You have to love NIST for always going the extra mile to fully scrutinize every possible issue. Full disclosure: My father worked there for over 40 years, so I have a bit of a soft spot for them. Anyway, the report warns that “There is a tendency to overhype and overuse most nascent technology. Many projects will attempt to incorporate the technology, even if it is unnecessary.”
The report also notes some limitations of the technology, including the fact that the distributed system has no credential storage as part of the design. If users lose their credentials, they won’t be able to interact with that blockchain, meaning the data is essentially lost. It also points out that the actual users within a blockchain are anonymous and untracked, with only the transaction records protected, which could allow for malicious users—though what they could actually do would be limited by the rules governing the specific blockchain.
Among other points, NIST seemed particularly concerned over the resource requirements of a distributed computing system, which is needed to verify work done and to download records. Not having access to the distributed network, or having limited or slow access, could significantly delay blockchain transactions—something that has occasionally happened with financial blockchains.
Taken as a whole, however, it’s clear that the NIST report is quite favorable toward blockchain. Also, there is nothing preventing the government from using the concept of the blockchain, but then creating its own non-public flavor for internal use. For example, instead of relying on a distributed network, the government could establish a central server or data center for processing its own blockchain transactions. That would add a single point of failure to the system, but would give the government more control over how their blockchains were used, as well as control over users. Someone using a government blockchain, for example, might have to give up their anonymity. Even credential storage could be included as part of government blockchain technology if needed.
At that point, the question becomes how much you can modify something before it becomes something else. If the government adds things like a central server for blockchain, is it really still the same technology? I would say that it is, and in truth, the answer doesn’t really matter. The government isn’t interested in creating a new, untraceable cryptocurrency. But if that technology can be modified to help protect government data, then it absolutely should be employed.
The NIST report proves that government is getting serious about establishing its first links in the blockchain. I expect we will hear a lot more about this in the near future.
John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys
NEXT STORY: What Federal Mobile Security is Missing