There are many important questions an organization must ask itself before implementing a blockchain system. Three questions are especially salient for nonprofits.
Does the organization really need to use a blockchain based system?
Blockchains are distributed ledger systems with benefits including increased transparency and security. However an organization must consider what specific benefit a blockchain based system will provide for them. This requires critical evaluation of the specific problem an institution needs solved. Some questions to consider may be:
Is the current system experiencing critical failures that a blockchain will solve?
Is it really necessary to have many copies of data on many computers?
How exactly is the new system better than the currently deployed system?
Is it in everyone’s best interest to put this information permanently on a blockchain?
The is by no means an exclusive list of considerations. In some cases blockchain powered systems will provide a clear solution, and in other cases it will not. The answer to these questions will differ by institution and may change over time.
How will the system comply with our data and data privacy requirements?
It is important to recognize that some data privacy laws may be incompatible with blockchain’s near immutability. Recently passed GDPR mandates in the EU allow for citizens to request that their personally identifying information be erased. The GDPR introduces the category of pseudonymised data, defining it as the process of storing personal data in a manner that it can only be attributed to a person with the use of additional information. Because blockchain allows user data to be read via decryption keys it is considered pseudonymised data and thus subject to GDPR erasure requirements. Developers are working on different ways to comply with this law including destroying decryption keys, storing personal data in off-chain databases, and creating chameleon keys, but currently compliance remains a challenge.
What risks are there for the organization and its stakeholders?
Blockchains are not risk free. For example, small blockchains who mine blocks in a proof of work format have been subjected to 51% attacks. A 51% attacks happens when an entity takes control of 51% of the computers hosting the blockchain. With that level of control they can reset a blockchain to a certain point, or force a blockchain to validate a new block as a replacement for a removed block. These types of attacks are more difficult on large diversified blockchain although technically not impossible. It is further hypothesized that quantum computers, technology that is still 15-20 year away, could eventually break blockchain encryption. Both endeavors require an enormous amount of energy and resources. The larger and more diversified a blockchain, the more difficult it is to effectively launch a 51% attack.
Many private permissioned blockchains mine blocks on proof of stake or round robin system, however that doesn’t mean that all the information stored on a blockchain is safe from attack. To access information on a blockchain each user is given their own individual cryptokey. These cryptokeys are like passwords, however unlike passwords they generally cannot be reset or changed if lost or stolen. Therefore many users choose to store their cryptokeys in their computer keychain, in a digital wallet, or on an external devise. These systems provide varying levels of protection, but are not generally considered immune from cyber-attack or from the human risk of losing the physical devise itself. As the use of Bitcoins has increased, so too has the level of wallet hacks and phishing scams. Should an account be hacked the cryptokey will likely be permanently available to the thief, and thus any stored data will be viewable to anyone with the cryptokey. The violated user typically cannot change the key or remove the data, thus the security breach is most likely permanent. Any arts organization that chooses to deploy a blockchain must develop a plan for cryptokey storage. This is particularly true for any institution that experiences high turnover.
Blockchain powered systems are exciting new technology, but an organization must carefully consider these, and other relevant questions before committing to a blockchain deployment. The near immutability the technology is known for means that an arts manager must very carefully weigh these, and many other questions before making a choice for their organization that is challenging to undo.
For More on Blockchain and the Arts Check Out: