Leveraging blockchain to decrease data breaches, increase security

Originally published in Thomson Reuters AnswersOn

By Joseph Raczynski

In the not-too-distant future, blockchain will get personal – very personal. That’s a good thing when it comes to integrity of your digital identity.

The Internet is a complex space for identity management.  Every site has a login and password, and those sites which have federated their login credentials have become massive targets for hackers.  In addition, the largest institutions charged with holding onto private information have become single points of failure; e.g. Equifax and the federal government’s Office of Personnel Management (OPM).  As the security breaches have grown in size, so too has the importance of finding a new solution to protecting of data in our always-connected world.

The solution will soon be in our hands

In the not-too-distant future, you will have a digital wallet containing hundreds or thousands of Decentralized Identifiers (DIDs).  DIDs are described as a new type of globally resolvable, cryptographically verifiable identifier registered on a distributed ledger.  These will be unique, encrypted, addresses that each of us holds in a mobile app to verify something about us; e.g. our age, height or even personal preferences.  They will be granted by a trusted source, but we will hold on to these privately and have complete control over them.  As the Sovrin Foundation explains, “The next evolution of the Internet will be the creation of a common identity layer that allows people, organizations and things to have their own self-sovereign identity—a digital identity they own and control, and which cannot be taken away from them.” This monumental shift enabled through the use of blockchain will change the paradigm of ownership of identity from the traditional large organization like Equifax into private hands.

Submitted photo courtesy of Department of Homeland Security

How will DIDs work?

I would expect that in the next five to 10 years, everyone in the United States will be issued a new national identification number to replace our current social security number.  As you can see in the above graphic, an agency such as the Department of Homeland Security (DHS) will issue this new number.  It will assure the person making the claim is who he or she says he or she is, and issue a DID with a private key (for their eyes only) and public key (for anyone to verify the ID) which the person holds in his or her digital wallet.  The DHS will also register proof of claim integrity on the permissioned blockchain (a vetted private blockchain).  Going forward when requested, the person can present his or her digital identification (public key) to the verifier (Border Patrol, an employer, IRS) who can then validate this claim’s integrity through the secured blockchain registry.  Most of these exchanges of information will use a QR code so the DID can be scanned with ease.  This new verification system will create significant efficiencies and will be much more secure.

Eventually, this will be expanded beyond government issued identifiers, though at MIT Sovrin, it was mentioned the IRS is looking at this solution now.  You will soon have DIDs for access to anything you normally use for login and passwords on websites, access to your house and starting your car.  Anything that requires a key or login now will leverage this new technology.  Self-sovereign identity flips the old model of control from central authorities, or single points of failure to individuals.

Blockchain, a Disruptive Force Now Impacting the Legal Industry

Originally published in LegalBusinessWorld

By Joseph Raczynski

Blockchain, a Disruptive Force Now Impacting the Legal Industry

Defining the technology and citing real world examples in Legal

Basics of Blockchain

We are at the precipice of transformative change in nearly every industry.  Blockchain or Distributed Ledger Technology (DLT) is the cornerstone of this rapidly evolving new era of efficiency and disruption impacting the legal industry.  Blockchain is generally defined as a distributed database or ledger.  This differs from the traditional record, in that a database is usually centralized, generally in one location or system.  With DLT, it evolves from a central database (a single store of information), to a database that is spread among multiple computers (sometimes thousands) saving a copy of the information.  Ultimately each computer will have a duplicate of the data.  It is encrypted, immutable (cannot be changed), driven by consensus (all computers have to agree), and is not owned by any single entity.

A natural question that arises.  Why would anyone want a database to be distributed?  The financial crisis of 2008 taught us many valuable lessons, one of which was that massive organizations who wielded all of the power (think a single database) can be a weak link for the broader system.  If that one entity should fail, the entire system likely will follow.  From these financial reverberations, Bitcoin was born, which has as its underlining technology, the original Blockchain.  The intent, distribute data over a massive network, for verification, authentication, and transparency without one person or organization having dominate control over the system or data.  At its heart these are ideological motives that clearly have anti-establishment roots.  However the technology it is starting to flourish at an exponential rate.

Real World Blockchain Examples

As you may gather there is certainly much hype around what can be done with this technology.  Below you will find several examples that I discussed recently with industry experts at Consensus 2017, a massive Blockchain conference in New York City.  Here I met with and examined several smaller startups and their quest to build out solutions with DLT which will impact the legal industry.

Government – Blockchain Powered Land Registry:  Thomson Reuters Tax and Accounting states that 70% of the world’s land is unregistered.  Ownership of land leads to significant empowerment and growth of wealth for individuals.  An organization called BenBen is endeavoring to help lock in property rights for citizens of Ghana, Africa using the Blockchain.

Problem: In this use case, land records are stored in a centralized database with no other benefits besides a paper registry. BenBen states, “It is virtually impossible to collateralize property rights in Ghana because other paper registry system is unenforceable in court.  Because of unenforceability, banks will not accept land as collateral.  This situation leaves millions without the possibility of leveraging their property to rely on the rule of law for protection – continuing the ongoing cycle of poverty for much of the population”.

Solution: BenBen is working with BigchainDB, a new Blockchain organization to create a “top-of-stack” land registry verification platform.  Essentially it is a new infrastructure built on a Blockchain and integrated with financial institutions to update current registries.  Essentially BigChainDB are “enabling smart contracts and distributing private keys for clients to allow an automated and trusted property transaction between all parties.”  So people would be able to verify that they own something in order to more easily obtain loans and build wealth.     

 

Intellectual Property – Music Ownership and Distribution:  Currently there are dozens of entities that get paid out on a single song that you may download from iTunes.  The labels, marketers, distributors, and finally the artists all get a cut of the proceeds.  The current payout model looks like a bowl of spaghetti with a myriad of entangled strings connected, each piece of the business seeking their $auce.

Problem: The control of the music in the traditional model is in the hands of the corporations and labels.  A fraction of the funds are eventually paid back to the artist.

Solution: Resonate, another Blockchain startup, is working on a solution to use this technology to bypass the corporations and labels.  As you listen to music, you can make micropayments to artists – directly to them.  Micropayments are cents or fractions of cents that are possible through the newer cryptocurrencies, which may be divisible by tiny fractions of a penny USD.  All of these transactions are stored on the distributed ledger, essentially cutting out all of the middlemen.  Baked into this are smart contracts which are encoded into the chain and automatically perform actions that normally humans would be oversee, i.e. the payouts.

 

Identity – Verified Identity Credentials: When a job is posted, how do you know that the person applying for the role graduated from the school they listed?  One area being explored is how to leverage the Blockchain to verify who someone is and what they are stating is true.

Problem: In the traditional Resume or CV people sometimes forge, alter, or falsify documents in order to buoy their chances.

Solution: Recruit Technologies has built a prototype resume authentication database for people looking for jobs and employers.  BigchainDB is working to leverage DLT to store applications and their documents.  Through the natural immutability, the files offer greater trust and auditability.  Built on this platform, a company could be better positioned and hold less liability.

 

With hundreds if not thousands of use cases forming that leverage Blockchain technology, the legal industry is perfectly positioned to adapt and assist in this space.  The three aforementioned use cases are directly connected to people and business; therefore have a direct play within legal.  While Blockchain may impact certain parts of how a law firm works, government agency interacts with people or a corporation works, there is little doubt that the early adopters will have a major head start compared to their counterparts by engaging in Blockchain.

Google Glass – Thoughts on Glass: Privacy, Security and Its Future

By Joseph Raczynski

This is part two in a series of video’s surrounding Google Glass. This is the Privacy, Security and future of Google Glass. In this video we get to see the complete Google Glass. Take a look at the Google Glass Explorer program.

Glass Series Includes:

1) Glass Unboxing

2) Thoughts on Glass: Privacy, Security and Its Future

3) Usability Demo

4) Law Firms and Glass

5) Full Demo

 

Missing Insurance Payments?

By Joseph Raczynski

What if your life insurance company looked to find ways to discontinue payments, but not to locate beneficiaries who were missing payments owed to them?

Well it happened and one major life insurance company has recently settled a law suit where they must pay nearly $500 million to people across the United States who were not receiving payments owed to them.  This is the third insurance company who has been forced into a similar settlement.

How did this happen? 

Insurance companies use the “Social Security Death Master File” to determine who is dead or alive, but in this circumstance if an individual had died, they were not proactively sending the beneficiaries’ their money.  You as a recipient of said money would have to know you were a beneficiary, know the company it was held by, and actively pursue it.  I believe it is a fair statement to say that not all of us know if we are listed as a beneficiary on a policy and moreover where to submit the claim.

The Recommendation:

As part of a multistate settlement, these insurance companies must figure out a way to monitor and maintain contact with their insurance holders.

 

As a best practice these companies need to find customers they have lost contact with over the years.  Using technologies that integrate the best public and proprietary record databases, they could see if their customer is dead or alive.  In addition through these services they could match that individual to the last known address.  Finally if the customer happened to be deceased, they could reach out to the relatives of the beneficiary.  All of this is easily accomplished with the databases which have the most up to date addresses and comprehensive information on individuals who may have insurance.

 

Obviously in this instance a few insurance companies were at fault for a lack of due diligence on their part.  Nonetheless some responsibility rests with the insurance holder who must advise family and friends who are designated as their beneficiary’s.  Then those people need to actively follow up once that time arrives.

 

Can you conceptualize ways in which we could determine if we are a beneficiary?  How about a centralized website where a user entered their social security number, and then they would know who has them listed as a beneficiary and the name of the insurance company… just a thought.

 

 

Social Media: From Handcuffs to Handshake?

By Joseph Raczynski

The world of ever evolving social media can be legally and technologically confining for companies.  ALM recently hosted an event Social Media: Risks and Rewards at the Harvard Club in New York City.  The stage was set for the daylong conference by the keynote Joel Reidenberg, Professor of Law and Director at Fordham University School of Law.   He focused on the impact of Social Media from a user and business perspective delving into a web site’s terms of service, privacy policy and technology.

The lively discussion began with a poll of the audience.  Of the nearly one hundred senior level counsels in attendance, two had read the terms of service and five the privacy policy of LinkedIn.  Simply stated, most consumers do not look at the terms of a web site.  Increasingly alarming, as Facebook learned, social media sites tend to be unaware of what their “App” vendors are doing.  Blending this issue with social media name squatting, underutilized technology to aid awareness of policies, and an under educated social media public; attorneys are finding it an arduous task to craft appropriate policies.

Reidenberg makes several technological and policy recommendations:

  • If you are advising clients make sure you tell them to be transparent.  Use technology tools, e.g. popups or interstitial pages to make it clear to users information is being collected.  Ask, “Would a normal person be able to understand the terms and conditions?”
  • Focus on substantive fairness, i.e. the “The Grandmother Test”, as a company, can you describe to your grandmother what you are doing, and do it with a straight face?
  • Technology tools will be very important going forward.  Some of these exist, and some need to be developed.  For example, if you want your information to be deleted from a social media website, how to do this needs to be explicitly stated, but additionally the site needs technology tools to allow this to be automated.  Giving a user the rights to review and make adjustments to personal information will soon have to be the standard in the social media sphere.  Currently there is a disincentive for advertiser based companies to use these technologies because it decreases their revenue.
  • General public education will have to be enhanced.  Companies need to focus on how to raise awareness about helping people, especially children, to understand risks.

Lastly here are some interesting concluding thoughts from Reidenberg:

Privacy Policies:  A Neilsen rating report stated that 78% of the public thought that if a website has a privacy policy; it means they do not share personal information.  This is not the case.  A policy could clearly state all the information a user submits is sellable.

Prediction:  Facebook and similar social media sites could potentially be a prime candidate of a class action suit.  As they continue to collect volumes of information from its users, it is possible to hold them subject to the Fair Credit Reporting Act.  The reason, Facebook is increasingly being used to screen employees.

Ultimately if policies are transparent, technology is utilized, and education is enhanced, companies can fully embrace social media as an effective tool to better their brand.

 

Social Media and Privacy

By Joseph Raczynski

Editor’s note: Guest blogger Joseph Raczynski, an Applications Integrator for Thomson Reuters, Legal , is also a technology evangelist who specializes in social media and portal technology.  He also has been a consultant in web and wireless development.

Legal Tech May 20, 2010

Legal Tech: Social Media & Privacy

I attended the “Social Media & Privacy” seminar of Virtual Legal Tech.  Jason Romrell General Counsel at InsuranceLeads.com spoke about “How Much Exposure is Too Much?”  In this discussion he offers two examples, and then provides specific awareness consulting about privacy surrounding social media.

First he discussed acts of, in his words, “privacy stupidity”.  In one example an employee of a large firm claimed workmen’s compensation and thus received medical benefits for the inability to walk.  When pictures of her surfing in South Beach appear on Facebook, her benefits were terminated immediately.  In the second example, Microsoft “fired” an employee for publicly posting a picture of the delivery of Apple’s Macbooks to Bill Gates building with Microsoft’s signage clearly in the background.

In both of these cases, Romrell points out that “off the clock” activities posted publically can be used against the individual.  Most companies operate using “at-will” employment, thus any action they do not approve of is grounds for dismissal.

In one very curious aspect he mentioned that the IRS and DOJ are also using social media, e.g. Twitter and Facebook, to investigate individuals with cause.

As Romrell underscores, it is crucial to recognize that any and all information posted online via social media has the potential to be viewed by anyone.  However, read what you see with a skeptical eye.  Be aware users who post as “Angie Smith” may actually be someone attempting to pass themselves off as Angie.