ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               There are also reportedly flaws prevalent in smart contract blockchain codes:  while there have been important
                                                                              68
               academic studies of vulnerabilities in blockchain,  automated software applications that may detect these
                                                         69
               flaws before they are exploited and lead to loss are only now being developed.
                                                                                 70



               5      Challenges in implementation of DLTs



               5.1    Overview

               DLT provides opportunities to innovators and may challenge the current role of trusted intermediaries that have
               positions of control within a centralized hierarchy.  But while the technology matures and the ‘tires are kicked’,
                                                        71
               there are current and evolving concerns that will need to be addressed in both developed and developing world
               contexts. These range from confidentiality of data, user privacy, security of blockchains, legal and regulatory
               issues, and fragmentation of the technology, as well as the veracity of the data placed on a blockchain. 72


               5.2    Privacy and confidentiality of data

               Current methods of data storage on centralized systems have always been vexed by attempted and successful
               intrusions.  Database controllers attempt to harden these systems against data compromise and leak of private
                        73
               and confidential information through inter alia tightly controlling access through just one or more trusted
               (central) parties and by encrypting databases. 74
               With the distributed node motif embedded in the DNA of most DLTs, they have a different perspective to
               the storage of data and access thereto. That is, data on blockchains in large measure should be visible to
               everyone – the nodes ‒ on that blockchain.  The ostensible reason for this is that to validate additions of
                                                     76
                                  75
               data to the chain, nodes must have visibility over the data they are validating.  In theory then, everyone could
                                                                               77
               see everyone else’s data, at all times.
               And, although access to a blockchain requires a private key, not all of the information on a blockchain is
               encrypted.  For example, on the Bitcoin permissionless, public blockchain, data is pseudo-anonymous: The
                        78
               user’s ID is self-asserted and encrypted, but transactional data is not.


               68   See in relation to issues discovered with the Ethereum blockchain; Buterin, V (2016) Thinking About Smart Contract Security,
                  available at https:// goo. gl/ iH78GN ; and Daian, P (2016) Chasing the DAO Attacker’s Wake, available at https:// goo. gl/ DxgOHD.
               69   See Cornell Sun (2016) Cornell Prof Uncovers Bugs in Smart Contract System, Urges More Safety in Program Design, available at
                  https:// goo. gl/ d6d4F2 .
               70   See Olickel (2016) ibid
               71   They also offer authorities a new, and almost real-time, access to data for compliance (RegTech) purposes, while blockchains
                  such as Bitcoin that create new decentralized currencies may challenge the current supremacy of governments in managing
                  the national and international economic and monetary systems. On the disruptive possibilities of DLTs and the implications, see
                  Mills et al (2016) ibid; UK Government Office for Science (2016) ibid; Credit Suisse (2016) Blockchain, available at https:// goo. gl/
                  1YT6Ci; IBM (2016) ibid; Accenture (2016) Blockchain Technology: How Banks Are Building a Real-Time Global Payment Network,
                  available at https:// goo. gl/ 5bHSd4 .
               72   There are other challenges, but as noted earlier, these are beyond the scope of this paper.
               73   See for example, BI (2016) 1 Billion Yahoo Accounts Have Been Stolen in the Biggest Hack Ever — Here's What You Should do,
                  available at https:// goo. gl/ lnKf4j .
               74   Of course, these characteristics have their advantages and disadvantages. That is, centralized access through trusted parties, but
                  a potential single point of failure where an intrusion could expose data.
               75   These nodes may be trustless.
               76   As noted below, some newer blockchains design solutions so that some parties can only read the blockchain, while others can
                  also sign to add blocks to the chain
               77   Even so, there have been instances where identities of blockchain users have been discovered using transaction graph analysis.
                  This uses the transparency of the transaction ledger to reveal spending patterns in the blockchain that allow bitcoin addresses
                  – using IP addresses and IP address de-anonymization techniques - to be bundled by user. Ludwin, A (2015) How Anonymous is
                  Bitcoin? A Backgrounder for Policymakers, available at https:// goo. gl/ DJnIvP .
               78   This also depends on the blockchain design. A blockchain can have all of its data encrypted, but signing/creating the blockchain
                  wouldn’t necessarily be dependent on being able to read the data. An example may be a digital identity blockchain.



                136