Tag Archives: Yessi Bello Perez

Provenance For Supply Chains

Years ago, I contributed to an earlier effort to create the Open Provenance Model [1], which as since evolved into other efforts, including the larger. Stemming from the challenges of documenting complex scientific processes, data, and conclusions, these rather obscure offshoots of the (itself obscure) Semantic Web have not had the impact I would have hoped.  “Sank without a trace” would not be too far off.

So my eye caught by a new app, called “Provenance”, said to be coming Real Soon Now. And it uses the Bitcoin blockchain to publish provenance.

Provenance-the-app is the brainchild of designer Jessi Baker and others, and seeks to implementing the idea for “supply chains” rather than scientific chains of reasoning. The overall goal is make product sourcing “transparent”, arguing that this will allow people to consume more ethically, and save the planet. This means they need to be a consumer facing app, as well, not just a backend reasoning and query engine.

I’m with you so far. I’m not totally convinced of how well transparency will help save the planet, but it can’t hurt. And Baker is, like me, interested in “making things that fuse digital and physical.”  So let’s have a look.

The Provenance app is highly influenced by blockchain technology, including Ethereum. Their white paper [2] is mainly about in public key signatures, assertions about the perceived merits of “decentralized” systems, and some very detailed ideas about digitally tagging  physical processes and products.

They envision a system of certifications that document the sources and chain of processing for consumer products.  These cryptographically sealed certificates are to be posted on a public blockchain, where they cannot be fiddled with, and where anyone can access them.

The idea is to make it possible to scan a product and quickly retrieve a trustworthy confirmation that it meets your ethical requirements.  Presumably, people will be willing to pay extra for products that have these certificates.

Whether a blockchain per se is critical to this enterprise is arguable. Public key cryptography is certainly useful for establishing chains of trust. But the write-once ledger of the blockchain itself only solves the problem of destroying or hiding information, which isn’t necessarily the biggest problem. There are lots of ways to openly publish data, and, contrary to their assertions, a blockchain isn’t really that much better than other open publications—especially if you have good public key technology.

Provenance-the-app looks to be positioned to make some very important contributions to the overall problem of Provenance, which appears in many guises.  They are working out some hard problems of digital signatures and open data access. This is very impressive.

To the degree that they succeed, their technology might be repurposed into scientific and other record keeping. If you can track a fish from source to table, you can track the “ingredients” of a scientific paper, no?

Looking through the materials available, it appears that they are unaware (or perhaps deliberately reject) they don’t have anything to say about our earlier work and the W3C Semantic Web activity. At least, t They do not explicitly acknowledge it. (See comment below.)

If I may offer advice, I think they would be well served to harmonize with the W3C PROV WG. As “Open Data” folks, they should hew to open metadata standards, no? Second, they might glance at the earlier academic work in which we worked on models for automated reasoning about Provenance. They may not realize it yet, but there are important, difficult problems that they will want to solve in this area. I’m just sayin’.

(Update (12/24/2015):  see comment below, indicating that there is collaboration in progress with W3C PROV.)


  1. Luc Moreau, Juliana Freire, Robert E. McGrath, Jim Myers, Joe Futrelle, and Patrick Paulson, The Open Provenance Model. 2007. http://eprints.ecs.soton.ac.uk/14979/1/opm.pdf
  2. Jutta Steiner, Jessi Baker, and Gavin Wood, Blockchain: the solution for transparency in product supply chains. Project Provenance Ltd White Paper, 2015. https://www.provenance.org/whitepaper

Cryptocurrency: Land of Conceptual Confusion

As we discover that the recent price spike in Bitcoin might have been driven by a giant pyramid scheme in China, not, as we were told, by the inevitable unraveling of the conventional financial system, we are treated to some classic examples of Confused Crypto Reasoning.

For instance, Bitcoin pioneer and leader of Ethereum Nick Szabo discussed the security of the Bitcoin blockchain.  He specifically compared the decentralized blockchain to “centralized” banks, which “rely” on government and law enforcement. This, he says, is why they are “stuck and highly regulated”, which he labels “insecure”. In contract, the decentralized blockchain is….unstuck and unregulated? I’m not sure how that makes things “secure”.

Aside from the apparent disdain for democratically elected governments and the rule of law, Szabo is using the term “security” in a rather idiosyncratic way. As a historical note, the “highly regulated” financial system is specifically designed to provide “security” against crazy pyramid schemes such as mentioned above.

“Security” means a lot of things, but in technical systems it is generally a claim about resistance to specific threats. No system is resistant to every possible menace, so “security” must be stated in terms of what is protected from what. This is often a balance of costs and benefits, considering expenditures (in money, time, inconvenience, etc.) that decrease the likelihood of certain attacks. It is also about who takes the risk and who benefits, and usually about spreading costs and sharing risks.

Finally, as I have discussed many times, you have to consider the entire system, end to end, not just one part. In “centralized” systems, many key parts are secured, for better or worse, in the centralized service. In a “decentralized” system, the parts are scattered and in the hands of many parties, including hapless consumers like me. End-to-end analysis shows that the same things need to be protected, but the methods available must be different.

Szabo’s comments that, we should think more broadly about security are certainly on target. But the suggestion that we should “try to secure everything, protect everything that is important to us as much as we can” is demonstrates naivete of truly planetary scale.

In the end, I really have no idea what Szabo means by “security” here. He certainly isn’t talking about “security” in any way that I recognize. What is “secure” from what?

Finally, we have the “feel good” story “Meet the Dad Who Registered His Daughter’s Birth on the Blockchain”. Apparently concerned that for most people, “The first database entry done to every single human being born until now has always been on a governmental database”, and, moreover, wishing his daughter to be a citizen of Earth, not one particular “arbitrary piece of territory”, he attempted to record his daughter’s birth on the Bitcoin blockchain.

We could point out that the notion that “until now” everyone was registered in a government database is ahistorical and ignores the fact that democratically elected governments were constituted in part to secure the benefits of these types of records for all citizens, not just the wealthy or those belonging to a major church.

But let’s examine what he has done, and how it “solves” the problem he perceives. Apparently, he created a video statement (by the way, web video is not a terribly wise choice for a record that is intended to last a lifetime) testifying to the birth of his girl. He cryptographically sealed this file, and posted the hash onto the Bitcoin blockchain.

What problem does the blockchain “solve”? The blockchain provides a timestamped record of when this version of this video was registered, i.e., no later than that date. Assuming the video survives and remains viable in 50 years, it will be possible to see dad tell us when his daughter was born. The timestamp certainly helps detect later forgeries, e.g., it would be easy to detect a similar record that claims she was born a few years later, or with another name. (I can detect that one must be a forgery, but how I could decide which of the two is valid is a different question.)

So, how well does this video meet the requirements for a birth notice? Well, we can be sure that the original isn’t modified in coming years. That’s good, though there isn’t a really big problem with tampered birth certificates. From the video, I be sure that, well, someone says they have a daughter, born this day. Do I believe this? Unless I know the father, or otherwise take his word for truth, I’ll probably have to cross check this with other records anyway.

Worse, this kind of record has no way to connect it to the actual parties in question. Neither the video nor the people can be authenticated from this record. Pretty much anyone could claim that video as their own. How would you know that she isn’t the original girl?

Obviously, you could embed biometrics in the record, just as some birth records include a foot print and blood type. This would have to be done carefully, encrypted in some way that is confirmable but not copyable. You don’t want to post your DNA, fingerprints, or retina to the blockchain, unless you don’t mind someone impersonating you.

Finally, there is nothing to stop me from flooding the blockchain with thousands of bogus birth announcements. Who will know if these people exist, or if the records are accurate?  Which ones are legitimate? Enough noise will surely drown out the signal.

The basic point is that registering a birth record on the blockchain accomplishes very little. And the blockchain itself contributes only a timestamp and a broadcast channel. Tamper resistance and availability are provided by the Internet and public key cryptography, not the blockchain, per se.

Finally, the record itself needs to be a useful certificate, not just testimony.

The whole thing is conceptually muddled and poorly thought out.

I think I’m repeating myself.


Crypttocurrency Thursday

A Useless Blockchain “Solution”

The Holberton trade school  in Silicon Valley (“a two-year higher-education program to become a full-stack software engineer”) plans to issue their certificates using the Bitcoin blockchain.  Basically, cryptographic signatures are used to issue a notarized statement of completion., which are posted to the Bitcoin blockchain.

It isn’t clear whether the cryptographic certificate actually solve any important problem, or just sounds sexy and innovative.

I’ll set aside the question of whether someone who knows the current “full stack”, “different types of applications and systems on different devices, operating systems and clouds, with a large variety of programming languages, tools and algorithms” is a qualified “software engineer” or not.  (Likely, not, in my own view.)

This blockchain certificate (pioneered earlier by the offshore University of Nicosia) seems to address the perceived problems of company HR offices, who must verify credentials presented by applicants. This approach might be cheaper for the issuing institution, as well, but seems to offer no particular value to honest students.

Gracy Caffyn comments that employers have reason to be concerned about false credentials, and the Internet makes it easy to create beautiful, artistic, fakes. However, most reputable institutions have mechanisms to quickly verify certificates, diplomas, and transcripts.  Whether the blockchain solution is better or even cheaper than other solutions is not obvious to me.

On a related front, Bitfury issued a white paper discussing “Public vs. Private Blockchains”.  ([Part 1] [Part 2])  The interesting point here is their discussion of “permissiveness”:  the public blockchain is writeable by everyone.  “Private” blockchains would use similar technology but the protocols would limit who can write to the blockchain.

The report itself tries to systematically lay out the differences between these technologies, ultimately concluding that they are largely compatible.  It is almost always possible to create a “private” protocol on top of or linked to the public blockchain, so this is not really an either/or proposition.

But the main thing here about the Bitfury paper is to think a bit about how much you want to trust the records on a blockchain that anyone can write to.  In the simplest form, the records are simply assertions that the blockchain protocol assures us have not been monkeyed with. The assertion itself could be true or false, and  since everything is unauthenticated, we have no way to know who actually made the assertion, from the blockchain itself.

The Holberton certificates are a perfect example of this point.    They are reported to use BitProof technology  , which generates a cryptographically sealed checksum for the certificate (this part is not new technology), and stores the checksum on the bitcoin blockchain. Anyone can read it there, but to decode it to prove that it is valid you need to find the full document, which has to be kept secure.

The fundamental record is an assertion that “School A issued certificate B to student C”. The checksum, after you unwind it, proves if you have an unmodified copy of the document in question, but you can’t recover the actual document from the blockchain alone.

First of all, this “trustless” system requires you to trust Bitproof.   Furthermore, this trust will surely be based on the cryptography that they used, not the use of the public blockchain to publish the checksum.  The blockchain does make it difficult for to fiddle with or erase one of the checksums –which does eliminate some (probably uncommon) frauds.

This chain of trust extends further.  Bitproof provides a database that proves that someone sealed this document.  To determine that a certificate was actually issued by the relevant body to the relevant person, you need to identify the parties. The cryptography helps, but you still need to authenticate the parties somehow, or the cryptography is just circular.  (I have a key proving to you that I have Bob’s key.  Who is Bob?  Am I really Bob?  Ditto for Holberton School.)

And, once authenticated, you still have to decide if you trust them.  A completely valid record can still be fraudulent if the actors are dishonest.

How does this process work without the blockchain?  Well, you issue a signed document that is published at a replicated database run by, say, the university itself.  The process is the same, except you jump directly to the question of whether you trust the institution and have a valid link to it; and at the same time, you have to validate the identity of the person claiming to be the graduate. The blockchain is irrelevant to this part of the work, indeed, it simply adds a tiny bit of useless extra work, talking to Bitproof and the blockchain to bootstrap the process.

The point here is that using the blockchain itself is adding very little to the process; the contribution of the blockchain (as opposed to cryptographic signatures) is relatively unimportant.  What matters is the reputation of the institution (which Holberton and Nicosia are striving to build by using trendy technology), and authenticate the identity of the graduate, which ultimately requires some kind of “trust”.

This “app” for the blockchain looks to me like more hype than hope.

Cryptocurrency Thursday

Bitcoin Piggybank Idea

ERNIT (“the smart piggy bank) is certainly up to date, accepting Bitcoin (from anyone or anywhere). It is a tangible interface to a digital wallet, including a Bitcoin wallet.

Yay!  Tangible interfaces meets intangible money!  What can possibly go wrong? ☺

ERNIT consists of an app and a smart piggy bank. The app enables you and your kids to set savings goals, and allows you and others to contribute money from nearby or far away. The piggy bank provides a physical way for kids to connect with their savings. They can hear when money is added, and the light on their piggy’s snout lets them know how far along they are toward reaching their goal.

Ernit defines a four step process:


The transactions are handled by an app, “[y]our child’s savings will be stored securely and with no risk through one of our financial partners”. In other words, this is a conventional bank account with a kid-friendly tangible interface.

The app has a “goal setting” task for the young saver. This involves touch screen interactions, and rather complex activities such as setting a goal that has a specific numerical target (e.g., purchase price for a new video game), setting multiple goals, seeing how much of the numerical goal has been reached, and allocating current savings among multiple goals.  (This sounds more like budgeting than savings.  But what do I know.)

It also implements a model of “allowance” which seems to make assumptions about family finances and parenting philosophy. The actual implementation itself is recognizable as a version of the gig economy. Parents define assignments with specified payouts, which show up on the screen. Ernit could argue that they not only teach financial literacy, they are also preparing your child for a life in Uber economy.  Great.

My biggest objection to the design is that the piggy fails to replicate the single most important feature of the classicanalog piggy bank: you can put money in easily, but there is no way to get it out easily. Ernit is basically just a front end to a bank account, and so “[c]ashing out can be done just as easily as putting money into the system.”

Bad idea. You should have to “smash” the pig to get the money out.

While the goal setting is designed to be a personal interaction, parent and child together, the deposits (and ultimate withdrawals) are purely digital and invisible. I have to wonder how this impersonal transaction is understood by kids, and what they learn from the experience.

Given that all the action is happening in the not particularly unique app, why bother with the piggy bank? The Ernit crew has thought about this, and think that the tangible interface is a valuable tool.

Children need a connection between intangible numbers and tangible value – that is why the ERNIT app and piggy bank focus so much on touch, feel and sound.

Hmm. This is supposed to teach the connection between “intangible numbers and tangible value”? Evidence?

The kickstarter video says they talked to many experts and visited a lot of homes. It is impossible to evaluate this unreported research, and in any case it was not an evaluation of the actual effects of the product.

Lot’s of questions deserve to be answered.

Do kids (and parents) use for a long time, or grow tired and lose interest? Do kids like it better than just using a digital wallet or other alternative method? How do parents like interact with kids around this product? What do kids actually learn? How does the goal setting work? What kinds of goals do the set, and do they achieve them?

By the way, since most grown ups, even technically savvy people like me, have trouble grokking Bitcoin, you have to wonder if it is something that kids should be playing with at all.

I must say that the physical design of the piggy is quite attractive. Personally, I would love to have one if I could just use it as a crypto or digital wallet (i.e., ditch the app). Why not? ☺  The report in CoinDesk suggests that you probably can ignore most of the app if you want to, but I’d like a stripped down app that just connects to my own crypto wallet, period.

I don’t really like the app at all, or the fact that you need an app. I’d be much happier with a much simpler interface. And if I have to talk to piggy with my device, I want it physically connected, not wireless, to make it clearly and tightly associated with the piggy. Make some kind of docking cradle on the piggy?

Also, I don’t really like the feel of the goal setting. It is designed like a wishbook, and basically teaches that the first step if savings is to shop around for “stuff” you want. Call me old fashioned, but I think the purpose of savings is to not spend the money, to prepare for unforeseen needs, and to stop thinking about life as a shopping spree.

I’m going to give this a yellow card for a borderline “Inappropriate Touch Screen Interface“.  They have been warned!

Finally, the audio should be expanded. The piggy is supposed to make noise when a deposit is made, though I don’t know what that sound is. Clearly, it should be proportional to the size of the deposit (“ka-ching!”), and also to the amount already in the piggy (“ka-chunk”). Even more important, shaking the piggy should make a noise representative of how full the bank is! (Ideally, the bank should get heavier as it fills up, but I don’t know a good way to implement that feature.)



Cryptocurrency Thursday

Cryptocurrency Communities: High Times Sector

I have discussed the many sub-communities within “the” Bitcoin community, which embrace different, and frequently conflicting goals and stories about “what Bitcoin is for”. (Aside:  Coindesk has just released a survey of Bitcoin users that probably has interesting information. They have only published a fragment (so I can’t read it), the rest of the information is not public, or, so far as I can tell, peer reviewed.)

The fastest growing sector—despite big deal press releases—is the illicit sector, AKA the dark web. (Historic note: the term “dark web” used to mean something quite different, referring to ethically neutral but technologically “unpublic” areas of the web—think corporate intranets, here. Nowadays it appears to generally mean gray- or blackmarket commerce and crime.)

It is interesting to see the prejudices of Bitcoinistas unconsciously paraded in uncritical “reporting” of these topics. (Okay, I should expect this from a group, some of who dote on cranks like Rand Paul.)

Case in point, Coindesk’s report on dark net drug sales has the astonishing headline, “Survey: Silk Road Closure Didn’t Stop Dark Web Drug Surge”.  The actual survey is a serious effort to do a difficult job, and gives us at least tentative insight into what is really going on. (And it is published so we can all learn from it and check it’s methods—Coindesk, take note of proper procedure.)

The summary of the survey notes that some of the comments from convicted felon Ross Ulbright are echoed by his customers. E.g., they like buying drugs on line rather than on the street.

The Coindesk article chooses to argue the case that the arrest and conviction of Ulbricht had no deterrent effect. Obviously, the actual survey could not possible show that, nor does any sensible person believe that one prosecution would “deter” drug dealers everywhere.

The survey documents that the customers perceive advantages to using the dark markets, especially in reduced risks of violence. That may or may not be a real effect for the retail buyers, but it is certainly an iffy claim about the whole business.

Besides the drug trade, Bitcoin is also facilitating the explosion of ransomware. A BBC report notes that easily available kits may be purchased, and the payoff can be many times the outlay.  And the payment of choice is Bitcoin.  Ouch.

It is increasingly obvious that, while Bitcoin did not invent ransomware (or drug markets, for that matter), it is a perfect technology for this use case, and has contributed to the growth.

Let me point out that it isn’t necessary to be either a freedom fighter nor a technical wizard. All you have to do is by a kit and follow the directions. Not heroic in any sense. And I can’t see even a shred of social good that comes from extortion games.

I’m beginning to worry a bit about the doublethink needed to follow cryptocurrency. The public news is all about helping the poor (microcommerce, remittances, etc.) and revolutionizing conventional finance. This is still mostly talk. Meanwhile, under the surface, the technology is fueling dangerous criminality. There is real action happening, but it is largely undesirable. This is not a good thing for “the Bitcoin community”: most people will encounter Bitcoin in the context of a crime or illicit deal.



Cryptocurrency Thursday


Bitcoin “Pizza Day”

Last week saw the fifth anniversary of the culturally iconic purchase of delivery pizza by Laszlo Hanyecz, which has come to have immense symbolic significance for Bitcoin. This is the earliest known case where Bitcoin was used to buy something “real”. At the time, it took heroic effort involving a transatlantic transaction in order to transmit the coins to the store down the road. But it showed the idea, sort of. (And pizza is a standard unit for the software industry. The Electron Volt for phylum nerdus.)

The event is commemorated in pizza parties around the world. As Yessi Bello Perez reports at Coindesk, these show off a much more fun and human side of the Bitcoin community, compared to the endless drum beat of arrests, nearly identical corporate launches, and repetitive libertarian manifestos. This is nice to see.

This annual event always makes me think. Why is this so significant? And what does it meant that Bitcoinistas are so excited about it?

On the one hand, buying pizza is scarcely “innovative”, let alone “disruptive”. There is no shortage of pizza, and there are lots of ways to buy it. We never needed Bitcoin in order to get pizza delivered.

Bitcoin is neither necessary nor sufficient to getch-yer pizza.

 But the point is, of course, is that Bitcoin isn’t really a serious thing if it is only useful for digital commerce. If Bitcoin is really going to operate as money, you have to be able to use it in everyday life. And buying pizza is a reasonable illustration of everyday life (at least for twenty-something male techies.)

 Buying pizza take out with Bitcoin is doing real commerce.

So, for those who celebrated, Happy Bitcoin Pizza Day! (We really need a better name for it!)



Cryptocurrency Thursday

Humanistic Applications of Blockchain Technology?

Yessi Belio Perez writes at Coindesk about “How Blockchain Tech is Inspiring the Art World”. Wow! Something as boring as a distributed data structure is “inspiring” someone? That’s unbelievably cool.  Or just unbelievable.

Actually, most of the interest from artists he cites is in the rather mundane area of record keeping, especially tracking ownership of digital assets. This is indeed a huge problem for all kinds of digital “property”, not only “art”, and blockchain technology may be useful (if not necessarily “inspirational”).

The general idea seems to be variations on the theme of ways to create limited edition, digitally signed, works using blockchain to publically and unforgeably record ownership. These properties of the blockchain are a good match to the commercial concept of “authenticity”: proof that this object came from the hand of the creator, through a chain of legitimate transfers. In addition, the blockchain is universally available, helping defeat transborder and dark market shenanigans.

This “authenticity” is important for the artist, of course, and for buyers: it preserves the scarcity and perceived “value” of the asset, and excludes copies and creative forgeries.   This sort of authenticity has little to do with artistic merit, per se, and everything to do with commerce.

Technologically, the blockchain is being used in quite conventional, uninspired ways. A “work” is given a digital rather than paper certificate, secured by checksums and cryptographic signatures. This certificate is registered on the blockchain (e.g., as part of a microtransaction in Bitcoin). When the work is sold, for Bitcoin or other currency, the transfer is registered on the blockchain as well.

For example, Ascribe implements a registry which securely stores a record of the authentic work along with checksums and cryptographic signatures. They also provide time-stamped cryptographic ownership certificates, which can track the provenance of a work. The registry service is centralized, but the records are published through the distributed blockchain. (Is this a “centralized” or a “decentralized” service? I dunno.)

This kind of service is really no different from conventional practice, except that the blockchain is pretty secure from tampering and is fully public. If there ever was a case where the blockchain really is arguably better than the opaque, self-dealing, corrupt old systems, it is probably here in the snake pit art commerce.

This usage reveals an interesting wrinkle in the concept of blockchain “smart contracts”. These transaction records are public and unforgeable, but are they legally valid, recognized, and enforceable? Is there any reason for me to care if the blockchain says you “own” something?

While some believe that the blockchain is sufficient, and, as Samuel Miller, a London-based artist suggests, “It just kind of can be used for anything, to get rid of lawyers, to bypass copyright law – which is obviously really important for artists. It [the blockchain] will completely empower artists.”  (quoted by Coindesk).

On the other hand, another digital artist Stephan Vogler makes extensive use of blockchain based licenses and Bitcoin transactions to sell his works. In his case, the blockchain certificate signifies agreement to a conventional real-world contract. In fact, the completely ordinary contract includes the completely ordinary clause, “The place of jurisdiction shall be Regensburg. This agreement shall be governed by the law of the Federal Republic of Germany.” This license is not quite so magical or inspired as romantics might wish.

Overall, this technology is probably a good thing for creators, not bad for legitimate consumers, and bad for pirates and leaches. Useful? Sure. Inspirational? Hardly.


Cryptocurrency Thursday