[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
BEYOND BITCOIN: EMERGING APPLICATIONS
FOR BLOCKCHAIN TECHNOLOGY
=======================================================================
JOINT HEARING
BEFORE THE
SUBCOMMITTEE ON OVERSIGHT &
SUBCOMMITTEE ON RESEARCH AND TECHNOLOGY
COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
SECOND SESSION
__________
FEBRUARY 14, 2018
__________
Serial No. 115-47
__________
Printed for the use of the Committee on Science, Space, and Technology
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://science.house.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
28-934PDF WASHINGTON : 2018
----------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].
COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY
HON. LAMAR S. SMITH, Texas, Chair
FRANK D. LUCAS, Oklahoma EDDIE BERNICE JOHNSON, Texas
DANA ROHRABACHER, California ZOE LOFGREN, California
MO BROOKS, Alabama DANIEL LIPINSKI, Illinois
RANDY HULTGREN, Illinois SUZANNE BONAMICI, Oregon
BILL POSEY, Florida AMI BERA, California
THOMAS MASSIE, Kentucky ELIZABETH H. ESTY, Connecticut
JIM BRIDENSTINE, Oklahoma MARC A. VEASEY, Texas
RANDY K. WEBER, Texas DONALD S. BEYER, JR., Virginia
STEPHEN KNIGHT, California JACKY ROSEN, Nevada
BRIAN BABIN, Texas JERRY McNERNEY, California
BARBARA COMSTOCK, Virginia ED PERLMUTTER, Colorado
BARRY LOUDERMILK, Georgia PAUL TONKO, New York
RALPH LEE ABRAHAM, Louisiana BILL FOSTER, Illinois
DANIEL WEBSTER, Florida MARK TAKANO, California
JIM BANKS, Indiana COLLEEN HANABUSA, Hawaii
ANDY BIGGS, Arizona CHARLIE CRIST, Florida
ROGER W. MARSHALL, Kansas
NEAL P. DUNN, Florida
CLAY HIGGINS, Louisiana
RALPH NORMAN, South Carolina
------
Subcommittee on Oversight
RALPH LEE ABRAHAM, Louisiana, Chair
FRANK D. LUCAS, Oklahoma DONALD S. BEYER, Jr., Virginia
BILL POSEY, Florida JERRY McNERNEY, California
THOMAS MASSIE, Kentucky ED PERLMUTTER, Colorado
BARRY LOUDERMILK, Georgia EDDIE BERNICE JOHNSON, Texas
ROGER W. MARSHALL, Kansas
CLAY HIGGINS, Louisiana
RALPH NORMAN, South Carolina
LAMAR S. SMITH, Texas
------
Subcommittee on Research and Technology
HON. BARBARA COMSTOCK, Virginia, Chair
FRANK D. LUCAS, Oklahoma DANIEL LIPINSKI, Illinois
RANDY HULTGREN, Illinois ELIZABETH H. ESTY, Connecticut
STEPHEN KNIGHT, California JACKY ROSEN, Nevada
RALPH LEE ABRAHAM, Louisiana SUZANNE BONAMICI, Oregon
DANIEL WEBSTER, Florida AMI BERA, California
JIM BANKS, Indiana DONALD S. BEYER, JR., Virginia
ROGER W. MARSHALL, Kansas EDDIE BERNICE JOHNSON, Texas
LAMAR S. SMITH, Texas
C O N T E N T S
February 14, 2018
Page
Witness List..................................................... 2
Hearing Charter.................................................. 3
Opening Statements
Statement by Representative Ralph Lee Abraham, Chairman,
Subcommittee on Oversight, Committee on Science, Space, and
Technology, U.S. House of Representatives...................... 4
Written Statement............................................ 6
Statement by Representative Donald S. Beyer, Jr., Ranking Member,
Subcommittee on Oversight, Committee on Science, Space, and
Technology, U.S. House of Representatives...................... 8
Written Statement............................................ 10
Statement by Representative Barbara Comstock, Chairwoman,
Subcommittee on Research and Technology, Committee on Science,
Space, and Technology, U.S. House of Representatives........... 12
Written Statement............................................ 13
Written Statement by Representative Eddie Bernice Johnson,
Ranking Member, Committee on Science, Space, and Technology,
U.S. House of Representatives.................................. 15
Written Statement by Representative Daniel Lipinski, Ranking
Member, Subcommittee on Research and Technology, Committee on
Science, Space, and Technology, U.S. House of Representatives.. 16
Witnesses:
Mr. Chris A. Jaikaran, Analyst in Cybersecurity Policy,
Government and Finance Division, Congressional Research Service
Oral Statement............................................... 17
Written Statement............................................ 20
Dr. Charles H. Romine, Director, Information Technology
Laboratory, National Institute of Standards and Technology
Oral Statement............................................... 31
Written Statement............................................ 33
Mr. Gennaro ``Jerry'' Cuomo, IBM Fellow and Vice President
Blockchain Technologies, IBM Cloud
Oral Statement............................................... 41
Written Statement............................................ 43
Mr. Frank Yiannas, Vice President of Food Safety, Walmart
Oral Statement............................................... 52
Written Statement............................................ 54
Mr. Aaron Wright, Associate Clinical Professor and Co-Director of
the Blockchain Project, Benjamin N. Cardozo School of Law
Oral Statement............................................... 64
Written Statement............................................ 67
Discussion....................................................... 74
Appendix I: Additional Material for the Record
Letter submitted by Representative Representative Donald S.
Beyer, Jr., Ranking Member, Subcommittee on Oversight,
Committee on Science, Space, and Technology, U.S. House of
Representatives................................................ 104
BEYOND BITCOIN: EMERGING APPLICATIONS
FOR BLOCKCHAIN TECHNOLOGY
----------
WEDNESDAY, FEBRUARY 14, 2018
House of Representatives,
Subcommittee on Oversight and
Subcommittee on Research and Technology
Committee on Science, Space, and Technology,
Washington, D.C.
The Subcommittees met, pursuant to call, at 10:03 a.m., in
Room 2318 of the Rayburn House Office Building, Hon. Ralph
Abraham [Chairman of the Subcommittee on Oversight] presiding.
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. The Subcommittee on Oversight and
Research and Technology will come to order.
Without objection, the Chair is authorized to declare
recess of the Subcommittee at any time.
Good morning. Welcome to today's hearing entitled ``Beyond
Bitcoin: Emerging Applications for Blockchain Technology.'' I'm
going to recognize myself for five minutes for an opening
statement.
Again, good morning, and welcome to the panelists--I think
I've met most of you--to this joint Oversight and Research and
Technology Subcommittee hearing. And again, the title is
``Beyond Bitcoin: Emerging Applications for Blockchain
Technology.''
The purpose of this hearing is to explore blockchain
technology, its potential, and emerging applications beyond
cryptocurrency and financial technology. Today, we will hear
from government and private-sector experts about the basics of
blockchain technology and the ways this emerging technology can
be leveraged to improve the provision of products and services
for government and industry alike.
Historically, the Science Committee has engaged in vigorous
oversight of emerging forms of research and technology,
especially those that stand to directly benefit business and
government by ensuring their reliability, increasing their
productivity, and securing systems and data.
This hearing is an opportunity to learn more about the
standards, guidelines, and best practices that may be necessary
to ensure the effective and appropriate implementation of
blockchain technology to those emerging applications, and I
look forward to hearing from the witnesses today about
improving certainly our government efficiency and private-
sector successes with this technology.
And while there has been much discussion throughout
Congress regarding the cryptocurrencies, this hearing is not
intended to discuss those directly such as Bitcoin, and the
numerous reported security, regulatory, and environmental
issues associated with them. And although Bitcoin and other
cryptocurrencies are popular and eye-catching examples of the
use of blockchain technology, we will learn today that there
are many emerging applications with much potential that could
eventually provide substantial benefits to businesses and
taxpayers.
The Committee hopes to highlight this often underreported
use of blockchain technology without getting caught up in the
topic of the recently volatile and unsecure cryptocurrencies.
We are also interested in the ongoing, proactive efforts and
the coordination among private industries utilizing blockchain
technology in different areas of their business models.
I wish to thank Mr. Cuomo for being here to represent IBM,
Mr. Yiannas is representing Walmart, and we look forward to
hearing about the specific actions of IBM and Walmart have
taken to utilize and harness the strength of this technology,
especially in the supply chain and data management domains.
Beyond an interest in the application of blockchain
technology, the Science Committee will continue to address
cybersecurity and how incorporation of blockchain technology
could potentially bolster private companies' and the federal
government's cybersecurity weaknesses. Cybersecurity is a
complex and evolving issue that affects U.S. national and
economic security, and we must consider the appropriate role
for blockchain technology. All departments and agencies must
remain diligent in their efforts to strengthen and secure our
federal systems, and our approaches to addressing cybersecurity
issues must evolve to keep pace with the everchanging threats.
Bolstering the cybersecurity of federal information systems
is among the Committee's top priorities, and I'm hopeful that
our efforts here today will take us one step closer to
achieving this objective.
Dr. Romine, we appreciate NIST being here, and thank you
for the--continuing to provide the guidance on this emerging
technology. I know it's an evolving and very rapidly changing
field. NIST is in a unique position to provide valuable
standards and guidelines for blockchain with their extensive
involvement with cryptography, the mathematical tools at the
heart of blockchain technology. NIST has the ability to
effectively ensure current standards--that current standards
are sufficient in addressing potential for blockchain
technology being utilized on a broader and a more intensive
scale.
And additionally, NIST can serve a useful role in providing
a greater understanding of how the technology could lead to
solutions that help secure data and ultimately enhance our
national security, which is critical.
I look forward to the insight of our witnesses today--they
will provide, which will help resolve these important questions
and hopefully help us better understand the next steps that
must be taken to ensure the integrity, the resilience, and the
security of systems and industries that could and do benefit
from the application of this technology.
[The prepared statement of Chairman Abraham follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. Next, Mr. Beyer. I now recognize the
Ranking Member of the Oversight Subcommittee, the gentleman
from Virginia, Mr. Beyer, for an opening statement.
Mr. Beyer. Thank you, Mr. Chairman, very much.
Congratulations on your new chairmanship----
Chairman Abraham. Thank you. I appreciate that.
Mr. Beyer. --of this Oversight. And I want to thank you and
Chairwoman Comstock for putting on this hearing. It's a
fascinating topic. I've been asking everyone I know in the last
week to explain blockchain technology to me. No one can. People
can spell it; that's about all. So I'm hoping that after we get
finished today, you guys will also explain special relativity
and quantum mechanics to the rest of the team, too.
But this really is incredibly important. I just came back
from the World Economic Forum where it seemed like every other
forum was about blockchain technology. So entrepreneurs,
innovators, big business, small businesses, small enterprises,
everyone seems to be scrambling to understand the applications
of blockchain technology. And as the hearing title suggests, it
seems to be quickly moved past Bitcoin and past
cryptocurrencies into supply chain industry, health care, clean
energy field, legal/financial markets, election infrastructure.
I read a great article last week about how it could affect
education in the years to come.
So this--potential blockchains offer better security,
enhanced privacy, transactional transparency. But it's also
obviously a disruptive technology, and so government and law
enforcement agencies are trying to start to figure out the
ramifications of blockchain services and applications. We know
they have a difficult task ahead of them. As a nation, I
believe that all of us want to ensure that these blockchain-
based technologies are used appropriately, that government
regulations are not disregarded or intentionally circumvented,
but at the same time that they aren't burdensome, that we are
encouraging innovation and broad-based applications when
appropriate and advantageous.
So I'm particularly interested in hearing all that you have
to say and the specific steps that you believe the U.S.
Government, particularly our science-based agencies--NIST,
National Science Foundation, Department of Energy, and Homeland
Security--should be taking to foster innovation in this field
and to help ensure that America is the hub for blockchain
research development and discovery.
By the way, Chairman Abraham, I believe the Science
Committee can play an important oversight role in providing a
public forum to address these and many other issues, so I'm
hoping that past blockchain will look at the ethical issues
surrounding artificial intelligence and mimicking software
where we draw the limits and regulate such technology; that we
think about the security consequences of deploying autonomous
vehicles, drones, and other similar technologies; what are the
technical challenges and the ethical implications of
implantable medical devices and brain computer interfaces; and
how can we or should we keep a closer eye on the deployment of
commercially owned and operated biometric and other
surveillance technologies both online, in the streets, and in
the retail stores across America?
This is a very fun committee to be on because we're dealing
with so many things that are absolute--you know, that we
wouldn't have predicted three years ago, maybe last year. So
thank you very much for coming and educating us. We hope to ask
intelligent questions. We hope to be a lot smarter at the end
of this. Mr. Chairman, I yield back.
[The prepared statement of Mr. Beyer follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. Thank you, Mr. Beyer.
And I now recognize the Chair of the Research and
Technology Subcommittee, Mrs. Comstock, for an opening
statement.
Mrs. Comstock. Thank you, Chairman Abraham, for putting
together this hearing on such an important topic, and
congratulations on your new position as Chairman of the
Oversight Subcommittee.
Today's hearing topic is of great interest to me and my
constituents in the Commonwealth of Virginia. The 10th District
attracts many of the leading internet, high-tech, health and
defense companies in the world, and the northern Virginia
region is home to many research and technology companies on the
forefront of innovation.
A recent overview by the National Institute of Standards
and Technology describes blockchains as, quote, ``a significant
new avenue for technological advancements, enabling secure
transactions without the need for a central authority,'' end
quote. While many of my more technologically inclined
constituents may grasp the cryptocurrency benefits of
blockchain technology, today's hearing will provide some
insights into blockchain's applications beyond cryptocurrency.
Blockchains have a myriad of applications in areas such as
cybersecurity, identity authentication and verification, supply
chain risk management and digital rights management, among
others. These applications have potential implications and
benefits for the federal government. A recent Department of
Transportation report notes that there are ``several proposed,
ongoing, and theoretical ways of applying blockchains in
government.'' This includes the State Department's exploration
of ways to use blockchain to improve efficiency, as well as
research by the Postal Service and Department of Homeland
Security on how blockchains may help in the establishment of
secure identity management. I am pleased to hear about such
efforts.
In the previous session of Congress, the Research and
Technology Subcommittee held a hearing following the many data
breaches at the Office of Personnel Management. Like thousands
of my constituents, I, too, received a letter from OPM
informing me that my personal information may have been
compromised or stolen by the criminals behind this attack. I
also received a letter from the IRS on the same, and--I think I
got three letters. I think I hit the trifecta on letters and
information being compromised.
So I look forward to hearing more about the potential and
emerging applications of blockchain technology today,
particularly if the technology can help with securing people's
private and sensitive information. Thank you, and I yield back.
[The prepared statement of Mrs. Comstock follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[The prepared statement of Ranking Member Johnson follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[The prepared statement of Mr. Lipinski follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. Thank you, Mrs. Comstock.
I'm going to introduce our witnesses now. Our first witness
today is Mr. Chris Jaikaran, an Analyst in Cybersecurity Policy
with the Congressional Research Service. Mr. Jaikaran
previously worked for the Department of Homeland Security
starting in 2005 as a Program Analyst before being promoted in
2008 to Planner. He holds a bachelor of arts degree from
Syracuse University, a master's degree in public policy from
George Mason University, and a graduate certificate in
cybersecurity fundamentals from the Naval Postgraduate School.
Dr. Charles Romine, our second witness, is a Director of
Information Technology at NIST. Dr. Romine joined NIST in 2009
as an Associate Director for Program Implementation. In
November 2011, Dr. Romine became the Director of Information
Technology Laboratory at NIST. Dr. Romine received both his
bachelor's of arts degree in mathematics and a Ph.D. in applied
mathematics from the University of Virginia.
Mr. Jerry Cuomo, our next witness, is an IBM Fellow and a
Vice President of Blockchain Technologies at IBM. Mr. Cuomo has
worked with IBM since 1987 as an engineer with IBM Research. He
was promoted in 2001 to an IBM Distinguished Engineer, and in
2006 he became an IBM Fellow. He received a master's degree in
computer science from New York University Polytechnic School of
Engineering.
Mr. Frank Yiannas, our fourth witness, is Vice President of
Food Safety at Walmart. Mr. Yiannas previously worked for Walt
Disney World as Director of Safety Health from 1989 to 2008. He
holds a bachelor's degree of science and microbiology from the
University of Central Florida and a master's degree in public
health from the University of South Florida.
Our last witness, Mr. Aaron Wright, is an Associate
Clinical Professor and Co-Director of the Blockchain Project at
the Benjamin N. Cardozo School of Law. Mr. Wright holds a
bachelor's of arts degree from Tufts University and a juris
doctor from the Benjamin N. Cardozo School of Law.
I now recognize Mr. Jaikaran for five minutes to present
his testimony.
TESTIMONY OF MR. CHRIS A. JAIKARAN,
ANALYST IN CYBERSECURITY POLICY,
GOVERNMENT AND FINANCE DIVISION,
CONGRESSIONAL RESEARCH SERVICE
Mr. Jaikaran. Thank you. Chairs Abraham and Comstock,
Ranking Members Beyer and Lipinski, and Members of the
Committee, thank you for the opportunity to testify today on
blockchain. My name is Chris Jaikaran, and I'm an Analyst in
Cybersecurity Policy at the Congressional Research Service. In
this role I research and analyze a variety of informational
technology issues to include blockchain. My testimony today
includes an explanation of blockchain, potential applications
for it, limitations and concerns in using it, and potential
considerations for Congress.
Blockchain is not a new technology. Rather, it is an
innovative way of using technologies we already have. The
technology allows parties that may not trust each other to
agree on the current distribution of assets, who has those
assets--and who has those assets so they may conduct new
business.
But while there has been hype surrounding blockchain, it
also has certain pitfalls that may inhibit its utility.
Blockchain is a digital ledger that allows parties to transact
without the use of a central authority. In this ledger,
transactions are grouped together in blocks, which are
cryptographically tamperproof, and those blocks are
cryptographically chained together in a way that creates an
indisputable history. With blockchain, the use of a third-party
can be avoided because, as transactions are added, the
identities of the parties conducting those transactions are
verified and the transactions themselves are verifiable by
other users.
The strong relationship between identities, transactions,
and the ledger enables parties that may not trust each other to
agree on the state of resources as logged in that ledger. With
that agreement, they may conduct a new transaction with a
common understanding of who has which resource and their
ability to trade that resource.
Blockchain is not a new single technology. Rather, it uses
existing technologies in a novel way. Blockchain is enabled by
asymmetric key encryption, pass values, Merkle trees, and peer-
to-peer networks. My written statement goes further into these.
Blockchain is not a panacea technology. A blockchain
records events as transactions when they happen, in the order
they happen, and in an add-on-only manner. Previous data on the
blockchain cannot be altered, and users of the blockchain have
access to the data on the blockchain in order to validate the
distribution of resources. Some advocate the use of blockchain
when a combination of off-the-shelf database, cloud, and
identity management technology would likely be more
appropriate. An advantage to blockchain emerges when the users
want the ledger to be undeniable and traceable.
Though there are benefits to blockchain, there are also
pitfalls and unsolved conditions which may inhibit blockchain
use. Some of those concerns are data portability, ill-defined
requirements, key security, user collusion, and user safety. My
written statement elaborates on these further.
As with adopting any technology, users must examine
business, legal, and technical aspects of that technology. What
is the business case for the technology? Do customers demand
attributes which it provides? Or will employees benefit from
them? What are the legal implications for using the new
technology? Will adhering to compliance regimes be made easier
or more difficult through using it? Will data help the new
technology be accessible to auditors for review, or will it
inhibit regulated transparency? Finally, what are the specific
technologies that will be adopted? What are the attributes of
that technology and how will it affect current business
practices and how will they adapt over time? Blockchain is
currently being tested by industry but at this time does not
appear to be a complete replacement for existing systems.
My written statement provides a few examples of how
blockchain is being employed, piloted, or proposed. One such
example is to manage electronic health records. In this
example, actual medical records are retained on provider
systems, but a record of that record is published to the
blockchain. As identities are cryptographically signed to
include those of patients, providers, payers, and other
parties, the patient can manage who has access to those records
by publishing access rights to specific identities on the
blockchain. This is designed to shift the control of these
records toward the patient. While technically feasible, this
proposal would likely still face federal and state privacy
laws, as well as a lack of standards, data processing, and
storage, which may inhibit its adoption.
Through the adoption of blockchain--though the adoption of
blockchain is in its early stages, Congress may have a role to
play in several areas, including providing oversight of federal
agencies seeking to use blockchain for government business or
regulating industries using blockchain. Some federal agencies
are seeking to better manage identities, assets, data, and
contracts through the adoption of blockchain technology. In
addition, some of--federal agencies are issuing guidance on
industry use of blockchain and whether or not the current legal
framework governs blockchain use.
Thank you for the opportunity to testify today and I look
forward to your questions.
[The prepared statement of Mr. Jaikaran follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. Thank you, Doctor.
I now recognize Dr. Romine for five minutes to present his
testimony.
TESTIMONY OF DR. CHARLES H. ROMINE, DIRECTOR,
INFORMATION TECHNOLOGY LABORATORY,
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Dr. Romine. Chairman Abraham, Ranking Member Beyer,
Chairwoman Comstock, and Ranking Member Lipinski, and Members
of the Subcommittees, I'm Chuck Romine, the Director of the
Information Technology Laboratory at the Department of
Commerce's National Institute of Standards and Technology, also
known as NIST. Thank you for the opportunity to appear before
you today to discuss NIST's role in blockchain technologies.
Blockchains are defined as immutable digital ledger systems
implemented in a distributed fashion that is without a central
repository. At their most basic level, they enable a community
of users to record transactions in a ledger that is public to
that community so that transactions cannot be changed once
published without the community knowing.
The core ideas behind blockchain technology emerged in
1991, and this technology became widely known in 2008 when the
blockchain idea was combined with several other technologies
and computing concepts to enable the creation of modern
cryptocurrencies. Cryptocurrencies such as Bitcoin are
electronic money protected through cryptographic mechanisms or
blockchains for secure funds transfer. Blockchains are often
viewed as synonymous with Bitcoin, but its applications are
broader than fund transfer security. Its use cases vary from
banking to secure supply chains to insurance and, as you've
heard, health care.
The use of blockchain technology, however, is not a silver
bullet. Some issues must be considered such as how to deal with
malicious users, how controls are applied, and the limitations
of any blockchain implementation. NIST has a strong research
program in advancing key components of the blockchain such as
measurement science for computer security, cryptography, and
cryptographic key management, creating solutions to real-world
problems.
In January 2018 NIST published a draft report ``Blockchain
Technology Overview,'' which is now out for public comment. The
report introduces the concept of blockchain, discusses its use
in electronic currency, and shows its broader applications.
NIST has conducted extensive research on asymmetric key
cryptography, also referred to as public-private key
cryptography, which is a fundamental technology to secure
blockchain technologies. NIST develops, maintains, and tests
implementations that meet NIST's standards and guidelines for
key generation and derivation, key establishment, and key
exchanges.
Because blockchains are not centralized, users must manage
their own private keys, meaning if one is lost, anything
related to that private key, such as digital assets, is lost.
If a private key is stolen, the attacker will have full access
to all assets controlled by that private key. Therefore,
security of private keys is critical. When the news media
reports that Bitcoin was stolen from, it almost certainly means
that the private keys were found and used to sign a transaction
sending the money to a new account, not that the system itself
was compromised.
Looking forward, quantum computers will be a threat to
blockchain technologies because they will be able to break the
code and crack the public key cryptosystems. NIST is leading
the global effort to ensure new encryption is available to
industry and built into products before quantum computers
emerge.
Research at NIST to more generally use blockchain platforms
is ongoing via the NIST blockchain workbench, which provides
flexible testbeds that NIST researchers can use to implement
theoretical solutions. This hands-on experience is essential to
complement NIST interactions with industry and documentary
standards research when NIST issues papers, guidance, tools,
and references.
Blockchains are a new and exciting technology that have the
potential to address real corporate and consumer needs, but
much work still needs to be done to understand this technology,
to bring out its potential, and let markets reward usable and
secure implementations that meet real customer needs.
NIST will continue its research and development in the
foundational cryptography that blockchains use. We will
continue to learn from our research and continue to build
collaborations with industry in the publication of guidelines.
NIST also continues to work with international standards bodies
that have started study groups and technical committees to
initiate standards work for blockchains. This is an exciting
time for blockchain technology as it emerges into markets and
sectors.
Thank you for the opportunity to testify on NIST's work
regarding blockchain, and I'll be happy to answer any questions
that you may have.
[The prepared statement of Dr. Romine follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. Thank you, Dr. Romine.
I now recognize Mr. Cuomo for five minutes to present his
testimony.
TESTIMONY OF MR. GENNARO ``JERRY'' CUOMO, IBM FELLOW,
VICE PRESIDENT BLOCKCHAIN TECHNOLOGIES, IBM CLOUD
Mr. Cuomo. Good morning, Chairman Abraham, Chairwoman
Comstock, Ranking Members Beyer and Lipinski, and Members of
the Subcommittee. My name is Jerry Cuomo, and I'm the Vice
President for IBM Blockchain Technologies. And thank you very
much for the opportunity to testify this morning.
Most people who've heard of blockchain associate it with
the cryptocurrency Bitcoin. While they're related, it's
important to understand that they're not the same. The
potential uses for blockchain are far broader than
cryptocurrency. We've engaged in more than 400 blockchain
projects across supply chain, government, health care,
transportation, insurance, chemical petroleum, and more. And
from those experiences, we've developed three key benefits.
First, we believe that blockchain is a transformative
technology that could radically change the way businesses and
government interact. At the center of a blockchain is a shared
immutable ledger. Each member of a blockchain network has an
exact copy of the ledger as it updates over time. Transactions,
once entered, cannot be changed. With this shared copy of the
truth, time is saved because multiparty transactions could be
now settled in real time. Cost is reduced because overhead is
eliminated with businesses interacting directly. Risk is
mitigated because the ledger acts as an immutable audit trail.
IBM and Maersk recently announced a joint venture to create
an industrywide trading platform for ocean freight. Currently,
a shipment of goods between ports can generate a sea of
paperwork. Blockchain helps in real time track millions of
shipping containers across the world with the potential to save
billions of dollars and transform the shipping industry.
Our second belief is that blockchain must be open to
encourage broad adoption, innovation, and interoperability. And
for this reason, IBM is participating with over 180 industry
players in the Hyperledger organization led by the Lennox
Foundation. Only with openness will blockchain be widely
adopted and spur innovation. IBM's collaborating with companies
like SecureKey and the Sovrin Foundation on blockchain-based
digital identity. Together, we are working to create a global
ecosystem of blockchain identity networks backed by open
standards where only the information that needs to be shared is
shared with only those parties that have a need to know.
And we finally believe that blockchain is ready for
business and government use today. A new breed of blockchain
technology is now available. It meets four key requirements.
First, it supports accountability, which is gained by known
parties identified by cryptographic membership keys, entrusted
data from an immutable ledger.
Next is privacy. While members are known to the network,
transactions are only shared with those that have a need to
know.
Third is scalability, handling an immense volume of
transaction. A recent research paper demonstrated best of class
and blockchain performance of more than 3,500 transactions per
second.
And last but not least is security. With fault-tolerant
algorithms, a network continues to operate even in the presence
of bad actors or carelessness.
IBM is working with 12 major food companies, including
Walmart, Unilever, and Nestle, applying our enterprise
blockchain to rapidly trace food as it moves from farm to
table, making it possible to quickly pinpoint the sources of
contamination, reduce the impact of food recalls, and limit the
number of people who get sick or die from foodborne illnesses.
Now, with those beliefs in mind, let me now turn to our
recommendations to Congress. First, let's focus efforts on
projects that can positively impact U.S. citizens and economic
competitiveness. The Congressional Blockchain Caucus has
already begun critical work on blockchain topics, including
identity payments and supply chain. I recommend we use this
work as the base to explore blockchain adoption, then use the
knowledge gained to inform policy.
The second recommendation is to thoughtfully insert
blockchain into projects already funded. Look for opportunities
to fuel innovation in the broad ecosystem of U.S. businesses by
encouraging blockchain projects as part of initiatives like the
Small Business Innovation Research program.
And finally, we urge Congress and the Trump Administration,
when considering regulatory policy, to recognize the difference
between blockchain's use in new forms of currency from broader
uses of blockchain to avoid consequences that stymie
innovation. And please remember, blockchain is not Bitcoin.
Blockchain is ready for government. Now, let's get
government ready for blockchain. I look forward to answering
your questions and continuing the discussion. Thank you very
much.
[The prepared statement of Mr. Cuomo follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. Thank you, Mr. Cuomo.
Mr. Yiannas, I recognize you now for five minutes for your
testimony.
TESTIMONY OF MR. FRANK YIANNAS,
VICE PRESIDENT OF FOOD SAFETY, WALMART
Mr. Yiannas. Chairman Abraham, Comstock, and Members of the
Committee, on behalf of Walmart, I want to thank you for the
invitation to testify here today on the use of blockchain
technology and its potential applications beyond cryptocurrency
and finance. My name is Frank Yiannas, Vice President of Food
Safety for Walmart, the world's largest retailer.
Walmart helps people around the world save money so they
can live better. Each week, more than 260 million customers
visit our nearly 12,000 stores in 28 countries or shop with us
on our e-commerce platforms. With fiscal revenue in 2017 of
$485.9 billion, grocery sales accounted for approximately 56
percent of those revenues in our U.S. formats. Operating in
that many formats and in so many countries presents us with a
daunting challenge and an important responsibility. Our
customers rely on Walmart as their trusted buying agent.
Too often people talk about a food chain, but it's not a
linear chain at all. Today, the way we get our food from farm
to table is a food system, and it's a complex network of many
interdependent entities. While today's food system provides
consumers with benefits, it also can present challenges. For
example, the output of one contaminated ingredient could end up
in thousands of products. We saw evidence of this during the
peanut butter outbreak in 2008 and more recently with flour in
2016.
Blockchain is the distributed decentralized digital ledger
that makes it possible to store and share data across complex
networks in a more secure, effective, and democratic way.
Features of immutability, consensus, and a complex network
without a single authority allow the blockchain system to
create one version of the truth and to rapidly scale trust,
which is good for business.
Today, many involved with food still use paper-based
systems to manage records, and even if they capture that
information in digital form, that data is often in disparate
systems that don't speak with each other. Being able to track
how food flows from farm to table can be a very difficult and
lengthy task. Each participant discloses their products path
one step forward and one step back. Regulators and retailers
have to take that data and piece it together to find or
manually determine the origin of a problem. For example, in
2006 in a nationwide outbreak of E. coli here in the United
States, it took regulators two weeks to conduct the traceback
and determine the exact source of the contamination. We've seen
similar timelines and outcomes in more recent food safety
squares.
In 2017, Walmart and IBM conducted two proof-of-concepts
using blockchain for food traceability. For one pilot here in
the United States, we decided to track the journey of mangoes
from farm to store. That journey includes several stops along
the way before they arrive in our stores as packages of sliced
mangoes. For the test, we work with supplier and their supply
chain to capture food traceability attributes onto the
blockchain. We captured information about the mangoes, where
were they grown, how were they harvested, how did the travel,
and so on. At the conclusion of that pilot, we demonstrated
that we could accelerate tracing the origin of sliced mangoes
back from our stores to a farm down from 7 days to 2.2 seconds.
That's food traceability at the speed of thought.
As the food system is global in nature, we also conducted a
second pilot in China, and it involved pork, one of the
region's most important animal proteins. With the use of
blockchain technology, at the store a case of pork could be
scanned with a simple QR code and tracked back to the farm from
which it came. We were also able to pull up digitized authentic
veterinary records, increasing our confidence in the
authenticity of that product.
After our successful pilot with IBM, we rapidly mobilized
with a group of influential companies to share our results, and
we invited them to participate in additional testing. Today, we
have a coalition of 11 foundation partners comprised of Walmart
suppliers and peers in retail, all working together to further
test blockchain. We seek a collaborative solution rather than
each company trying to create one on their own. We're also
placing emphasis on the importance of blockchain systems being
interoperable and based on existing industry standards. Walmart
and IBM the foundation partners have moved rapidly to scale,
test, and learn, and Walmart is now testing blockchain on
dozens of selected food items.
While we've been working on food traceability, we believe
blockchain could lay the groundwork for other benefits beyond
food traceability such as optimizing supply chains and reducing
food waste. Our ultimate goal is food transparency. By getting
rid of the anonymity that exists in the food system today, we
believe the blockchain could help shine a light on every step
of how that food is produced and travels. This enhanced
transparency will result in a safer, more efficient, and
sustainable food system so that people can live better.
Thank you for the opportunity to share our thoughts on
blockchain applications in food, and we look forward to
answering any of your questions.
[The prepared statement of Mr. Yiannas follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. Thank you, Mr. Yiannas.
Mr. Wright, you have five minutes, sir.
TESTIMONY OF MR. AARON WRIGHT,
ASSOCIATE CLINICAL PROFESSOR
AND CO-DIRECTOR OF THE BLOCKCHAIN PROJECT,
BENJAMIN N. CARDOZO SCHOOL OF LAW
Mr. Wright. Chairman Abraham, Ranking Member Beyer,
Chairwoman Comstock, Ranking Member Lipinski, and Members of
the Subcommittees, thank you for the opportunity to testify
before you today. I hope my testimony will provide further
insight on the potential and risks of blockchain technology,
particularly with respect to next-generation public and open
blockchains such as Ethereum. I also hope my testimony will
spur these committees to support policies to continue to
position the United States as a global leader in this
technology.
My name is Aaron Wright, and I am a law professor, writing
and teaching primarily in the area of technology law. Over the
past four years, I've dedicated my academic efforts to
researching and developing blockchain technology, writing about
policy issues associated with blockchain technology, and
counseling blockchain technology projects. As part of those
efforts, I'm developing a project called OpenLaw, in
conjunction with ConsenSys, which allows anyone to create smart
legal agreements that leverage blockchain technology; serving
as an advisor to an early seed company BlockApps; chairing the
Legal Industry Working Group of the Enterprise Ethereum
Alliance; and helping to organize the Brooklyn Project, a
collaborative industry effort to develop sensible regulatory
standards for blockchain technology.
As you've heard from the other witnesses, blockchains are
useful for far more than just virtual currencies like Bitcoin.
They're underpinning an array of online services that seek to
use the technology to store information. However, I also wanted
to emphasize that they're also being used to run potentially
autonomous computer processes called smart contracts. Both
blockchains and smart contract could potentially impact a range
of industries in the United States, improving commercial
activity.
As we've seen over the past two years, blockchains are
poised to transform capital markets. Blockchain technology is
being explored to improve the efficiency of traditional
financial services, creating digitized financial agreements
that are settled and cleared on a bilateral basis with less of
a need for third-party administration.
Perhaps of greater long-term importance, blockchains are
securing scarce digital assets, often referred to as tokens,
which parties transfer using smart contracts in a secure and
largely irreversible way, with less of a need for centralized
intermediaries. These tokens are powering new forms of
crowdfunding, often referred to as token sales, and serve as a
potentially potent new tool for entrepreneurs to build powerful
new network-based technology platforms. The sale of these
tokens ultimately could democratize access to capital and help
spur innovation throughout the United States, building a fairer
society.
The impact of blockchain technology is spreading to the
legal industry and other industries heavily reliant on
contractual arrangements to structure business activity. By
using blockchain-based smart contracts to memorialize payment
and performance obligations and recording agreements on a
blockchain, we may move soon beyond an era with contracts
written in natural language to an era where we have agreements
written in code.
Outside of the private sector, governments across the
globe, including China, Japan, and the E.U. are exploring
blockchain technology in more detail and looking to see whether
the technology can secure and manage critical public records
and exploring whether blockchains can improve government
procurement and taxation processes. Through these efforts, it's
conceivable that blockchains could anchor global and
transnational systems, including university-accessible secure
identification systems that could prevent abuses like human
trafficking, secure voting systems, transnational land and IP
registries, and global marketplaces available to all.
Extending beyond governmental services, blockchains are
increasingly being explored to control devices and machines in
a secure manner. If these attempts prove successful,
blockchains could foster a new era of machine-to-machine and
machine-to-person interactions and commerce.
Despite these opportunities, however, blockchains have a
number of risks. The disintermediated and transnational nature
of public blockchains makes them difficult to govern and
change, and they can be used to coordinate socially
unacceptable and criminal conduct. Of greatest present concern,
a slate of more anonymous new digital currencies are making it
progressively easier to avoid anti-money laundering and other
financial rules related to payment systems. Entrepreneurs are
using blockchain technology to sell tokens in ways that avoid
security law requirements, often with the aid of complicit
lawyers that emphasize form over substance.
Cryptocurrency exchanges for these digital goods,
particularly those located abroad, appear to have implemented
weak measures to prevent abusive trading practices, and new
decentralized marketplaces and exchanges are emerging, which
could operate without any centralized operator policing the
network for illegal activity.
Due to the nascent nature of blockchains, the U.S.
Government has a unique ability to shape the development of the
technology going forward. As the guiding principle, however,
it's my hope that the United States proceeds with thoughtful
technology-neutral regulation that permits the exchange of
blockchain-based assets, particularly those that are consumer-
focused without undue regulation that enables parties to build
blockchain-based protocols to address some of the technical
limitations described by the other witnesses without fear of
regulatory scrutiny and provides a predicable and simple legal
environment that protects consumers without insulating
entrenched market participants.
To support these research and policy goals, I'd encourage
Congress to contemplate commissioning a National Blockchain
Commission that would aim to cement America's technological
standing and increase economic growth and innovation. The
commission could explore ways to invest in blockchain-based
research through prizes or otherwise, devise common principles
to guide the federal approach for regulating blockchain
technology, hold hearings, conduct research, and make
recommendations to industry, the executive branch, and
Congress. Through the above approach, we can ensure that the
United States remains the best place to develop, launch, and
grow blockchain-based projects, and we can implement sensible
and necessary guardrails to guide blockchain's development.
Thank you very much for the opportunity to testify, and I
look forward to any questions you may have.
[The prepared statement of Mr. Wright follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairman Abraham. I thank the witnesses.
If I understand the blockchain technology, then it is going
to be transformational. We're going to go to questions, and I'm
going to recognize myself for the first five minutes.
And your testimony has helped. Being a physician that has
used electronic medical records in the past and to see their
advantages but certainly their disadvantages--I have got a
hospital down the road six miles that I can't talk to with an
EMR. This technology could certainly be eye-opening and
certainly great for patient care.
As a farm guy, I do believe that national security is food
security and vice versa. And, Mr. Yiannas, your testimony as to
the supply chain is very eye-opening for me. You know, I
consider our farmers and ranchers our thin green line, and I
think that maybe our Achilles' heel in this nation as far as
our national security is concerned is if we have a breach in
our food security.
I took some notes during your testimony, and I'm going to
just going to ask a couple of questions. Mr. Jaikaran and then
Dr. Romine and Mr. Cuomo referenced that this system is
tamperproof, that it's immutable, that it can still continue to
operate if bad actors are in place, that there has to be a
private key, that quantum computers are doing all this fancy
and lightspeed stuff. But I'm still concerned. How is
anything--I mean, we know what happened with Bitcoin and how it
was breached. How is it tamperproof? And I'll go to you, Mr.
Jaikaran, first.
Mr. Jaikaran. Yes, thank you for the question. When we
discuss the tamperproof attributes of blockchain, we're
focusing on the mathematics behind it, that cryptographically
we can trust that the identities that are saying they are
conducting those transactions are and that those transactions
are being validated by other users on the blockchain.
Additionally, once it is added to that ledger, it cannot be
changed from that point forward without the other users of the
blockchain knowing that it was so that someone couldn't go back
in time and alter a transaction and expect that to be reported
as the truth.
Chairman Abraham. Well, let me interrupt you. Could there
be collusion between a group of users that could change the
dynamics of the program?
Mr. Jaikaran. Yes, sir. That is one of the risks that a
large group of users on the blockchain agree to conduct
illegitimate transactions and they have legitimate identities,
so now they are manipulating what one may want to consider to
be that one truth to benefit their transactions going forward.
This is significantly easier on blockchains that are new, a
little bit harder on blockchains that are already established
just because of the amount of data that would have to be
manipulated.
Chairman Abraham. So, Dr. Romine, is there any standards in
place at this time that can prevent a collusion type of event
from occurring or for private keys being breached in a manner
where more than one could be breached?
Dr. Romine. Let me take those questions separately. The
issue of subversion and changing of records, as Mr. Jaikaran
correctly states, would require in most cases the collusion of
a majority of the participants involved, and that's going to be
extremely difficult.
Chairman Abraham. While I can see where in a Walmart
situation where you have literally millions of people involved
that would be, but if you had a smaller group, I can see a
potential issue there.
Dr. Romine. If you do have a smaller group, it is easier to
do but still likely to be visible to the entire community that
a fork took place and that an activity that went back in time
in essence to change previous records took place. So it would
be difficult to do it without detection even in that case.
Chairman Abraham. And I want to get to one more question
and this is to Mr. Yiannas. Are Walmart's efforts utilizing
blockchain technology and supply chain and data--are very
promising. I think they're on the cutting edge. With your
success, do you see other industries or large corporations
taking advantage of this technology?
Mr. Yiannas. Yes. The response to our pilots have been
really interesting. We've had companies from all over the world
contact us with an interest in what we're doing, wanting to
learn more, and actually wanting to participate, and so there's
a growing body of interest certainly within the food sector.
It's really, really large. We also see other industries having
an interest--for example, it has implications for
sustainability, it has implications for food waste, and so we
think it just has applications for supply chains in general.
Chairman Abraham. Okay. And I'm out of time.
Mr. Beyer, you're recognized for five minutes.
Mr. Beyer. Thank you. Thank you, Mr. Chairman. I'd like to
first begin and ask unanimous consent to introduce a letter
from Congressman Polis for the record, who----
Chairman Abraham. Without objection.
Mr. Beyer. --co-chairs the Blockchain Technology--thank
you.
Dr. Romine, you talked about immutable, distributed,
resilient, so I assume that this--the blockchain will exist in
clouds throughout the world and computers throughout the world?
Dr. Romine. That's right.
Mr. Beyer. So is the only thing that could disrupt it then
is an electromagnetic pulse or----
Dr. Romine. That's certainly one catastrophic scenario that
could jeopardize large segments, but in many cases certainly
for the public blockchains are currently being used, the
distribution would be difficult to track down geographically I
think. It might be difficult to determine exactly where the
entirety of the copies of the blockchain exist, and so finding
a way to target the entire blockchain would be very, very
difficult.
Mr. Beyer. Is it likely to exist in more than one place at
a time then also----
Dr. Romine. For----
Mr. Beyer. --for a variety----
Dr. Romine. For public chains, absolutely. This distributed
nature is one of the strengths of the resilience of
blockchains.
Mr. Beyer. So as long as we have electricity, we're
probably okay?
Dr. Romine. We probably are.
Mr. Beyer. Okay. Good. Mr. Jaikaran, the--you wrote about
mining and how people--you have to create incentives and the
different ways that mining can go on. It conflicts a little bit
with later testimony that there was a need for mining on it. Is
there going to be a continuous need for people to be going to
Iceland and spending lots of electricity and computer resources
to develop the next block in the blockchain?
Mr. Jaikaran. The use of--users mining for blockchain
applies in a certain consensus model, particularly proof of
work, if they have to solve a really difficult problem to show
that this is a valid block in the chain. Other proofs of work
may not require that proof of stake, a round-robin system where
different users on the chain--it's just their turn to produce a
block. These are based partially on the trust model that the
users have amongst themselves apart from the blockchain, so if
I'm in a business community, I already--I may already have a
business relationship with other users and I may be able to use
some other proof-of-work model to develop that next block.
Those other models take less power and maybe even be faster to
post that next block. So partly it depends on the users
involved, as well as how they've developed the blockchain, what
specific technologies they are choosing to use.
Mr. Beyer. So the logical next question is are blockchains
infinite potentially?
Mr. Jaikaran. I think the limitation to the blockchain
would be the computational power you have to devote to it, how
much storage you have, your bandwidth, your processing power.
Mr. Beyer. They get ever longer, correct?
Mr. Jaikaran. They can continue to grow, yes.
Mr. Beyer. And does it then require evermore power to
decrypt them, to read them, to----
Mr. Jaikaran. Only--to read them, no. Once it's posted, any
user on the blockchain should have access depending on the
rules of the blockchain that was developed. To develop the next
block, it should follow the same consensus model. If someone
were on it to attack a much larger blockchain, though, that
does get much more difficult.
Mr. Beyer. Okay. Dr. Romine, you mentioned that the
development of quantum computing and the ability to break up
these--can quantum computing be integrated into blockchain to
make it ever more secure?
Dr. Romine. That's a fascinating question. I think one of
the things that we are pursuing publicly--several months ago,
we announced a competition essentially for what we call the
post-quantum cryptography that is cryptographic algorithms that
are secure even in the face of quantum computing and
traditional computing. Once those algorithms are developed and
promulgated, then yes, those algorithms would be able to
replace the current public-key encryption systems that are
securing the blockchain and be more secure in a quantum world.
Mr. Beyer. Okay. Very cool.
Mr. Wright, you talked about market-based or game
theoretical mechanisms for reaching consensus. This is a very
cool phrase but what does it mean?
Mr. Wright. Yes, I think it means the way that various
different parties on the network decide that there's a valid
block and that they want to add it to this underlying chain
link of transactions. So, for example, for proof of work, you
have to run this complex mathematical computation in order to
prove that this is a valid block and it gets added to the
chain, but you also have to pay fees that are related to it, so
it's this dynamic between the mechanism with which you add
information to the blockchain along with the fees that are
charged by members particularly on public blockchains.
Mr. Beyer. So they're not really reaching consensus on
areas of disagreement; they're reaching consensus on the fact
that this given block is valid----
Mr. Wright. Exactly.
Mr. Beyer. --or true or----
Mr. Wright. That it follows the protocol.
Mr. Beyer. Okay. My time is up, but thank you very much.
Chairman Abraham. Thank you. Great questions.
Mrs. Comstock, five minutes.
Mrs. Comstock. Thank you, Mr. Chairman. Really this has
really been a fascinating hearing and topic, and thank you for
holding this hearing.
I was meeting with some folks last week on this about the
caucus, so they did highlight they needed more diversity in the
caucus, so I do plan on joining it. And thank you for
highlighting the caucus, too.
In my opening statement I referenced the Office of
Personnel Management data breach and, you know, the OPM
notifying us, and I was wondering if you could go into some
more detail on how we could use that technology to better
protect personal and sensitive data stored by the government?
Sure.
Mr. Cuomo. So, Chairwoman Comstock, we are working with
companies, as I referenced. One is SecureKey in Canada, and I
think that's probably the furthest along to proving out digital
identity blockchain, as well as working with the Sovrin
Foundation, who's working on digital identity protocol
standards on blockchain.
In the case in Canada, they've gathered an ecosystem of all
the major banks, Province of Ontario, British Columbia, and
others to form a digital rights management system is probably
the best way I can word it where citizens are the rightful
owners of their data, and they basically in a very simple
interface that's not much more complicated than your Facebook
app give permission--for example, if I go to a real estate
company to rent an apartment, I'll give my bank and my DMV
permission to answer any of the questions, almost like it's a
music license. I'm giving them license to answer my question
and vice versa. I'm giving the folks answering the question the
right to answer the question.
And there are stipulations even in NIST talking about
avoiding honeypots of data, and I think a lot of the major
security breaches--it's a good idea not to put all your eggs in
one basket. And one of the misnomers about using blockchain for
identity is that you actually put personal identity information
on the ledger. You don't. You put proofs of permission. You put
the digital rights on it. And, you know, it becomes almost a
routing system for how you can have people interact with
accountability on your identity information and making it far
less visible.
And last but not least, it's much harder to track your
identity and usage, so there's stipulations about these things
called triple blind data exchange where the requester doesn't
know who the provider is, the provider doesn't know who the
requester is, and the network provider doesn't know either. And
that makes it, again, very thorough to know so that only the
parties who need to know actually get to know.
Mrs. Comstock. Okay. Dr. Romine?
Dr. Romine. Yes, from my perspective I think the important
issue here is that, as Mr. Cuomo mentioned, storing PII in the
blockchain itself is not recommended. This is not something
that you want to do. In the example that Mr. Jaikaran used for
access to medical records points that out. The medical records
themselves still are retained on the private servers of the
medical provider, but access management, access control, and
auditability of access is provided through blockchain. So there
are opportunities here to do some really interesting things in
this space.
Mrs. Comstock. Okay. Mr. Jaikaran?
Mr. Jaikaran. Yes, ma'am. What may be particularly
interesting is not the use of blockchain technology itself to
protect sensitive data but some of the technologies that
underpin blockchain, so public-private key encryption, hashing,
and particularly loggings, that we know when data is being
used, we know who is accessing that data, and we know when
access--when data is being changed. Those technologies,
particularly for very sensitive information that's not
published to the blockchain, can certainly help protect data
that we have today.
Mrs. Comstock. Thank you. I yield back, Mr. Chairman.
Chairman Abraham. Thank you, Mrs. Comstock.
Mr. Lipinski, five minutes, sir.
Mr. Lipinski. Thank you, Mr. Chairman.
There's so much to really cover here and talk about and try
to understand, but I think I want to get down to sort of
whatever we can do in five minutes, get down to the question
for us here. Is Congress doing enough to foster a coherent
strategy regarding, you know, blockchain research and
development and a unified regulatory strategy where appropriate
government guidelines on dealing with blockchain-based
technologies? So I know we can't cover that in five minutes,
but let me start with Professor Wright because I know you've
suggested that Congress initiate a National Blockchain
Commission to address some of these issues. Can you just
briefly expand a little bit on that? And then I want to get
some reaction to what you have to say.
Mr. Wright. Sure. So the idea with the blockchain
commission would be to provide a degree of uniformity and a
unified approach with regard to various different regulatory
challenges that have emerged with regard to blockchain
technology. You know, just from the statements from----
Mr. Lipinski. Unifying across the government or----
Mr. Wright. Right, across the federal government.
Mr. Lipinski. Across--okay.
Mr. Wright. So, you know, just some issues just raised by
the witnesses' testimony today, there's privacy issues,
identity management issues, key management issues, consumer
protection. There's issues related to securities laws,
commodities laws, and also issues related to the use of
blockchain technology for currencies. And there's competing
interpretations that have been issued already by various
different federal agencies, so the thought would be to explore
if we can have a common and unified guiding principles in order
to ensure that the technology can develop in a mature way.
We did this in part with the internet where we just
distilled down a couple guiding principles and, in part some
have commented that this is one of the reasons why so much
internet-related innovation occurred here. I think it could be
an opportunity again to look back to what we did when it came
to internet policy back in the mid-1990s and apply that same
idea to blockchain technology.
And in addition, the other witnesses mentioned a number of
different technological issues related to it, and a number of
members in the private sector are trying to solve those issues,
but any government support to address issues like scalability,
issues related to developing quantum-resilient blockchains,
issues related to other technical limitations that are
currently present with blockchains would be helpful and I think
encouraged.
Mr. Lipinski. And I ask our other witnesses: Do you
generally agree with that or is there anything that you would
disagree with in terms of what the federal government should be
doing? Mr. Jaikaran?
Mr. Jaikaran. Sir, so what we see the federal government
doing today is a variety of activities under the authority of
that agency. So Mr. Romine talked about the NIST blockchain
workshop, which is developing some use cases. We see that the
Government Services Administration, GSA, is hosting other
federal agencies to talk about potential applications of
blockchain for government uses. Also, the Department of
Homeland Security is issuing grants to try to overcome some of
the issues surrounding blockchain to private industry to come
up with solutions.
Where we see this today is still in this testbed, trying to
develop an understanding of technology, develop an
understanding of how it can be applied, and then trying to
develop a consensus amongst these tests. We have not yet seen a
common federal ``this is our path forward.''
Mr. Lipinski. Mr. Cuomo?
Mr. Cuomo. Yes. And I would also like to reiterate that
there is some really good work being done by the Congressional
Blockchain Caucus, right, and that's Representatives Polis and
Schweikert. And we've had already one workshop around digital
identity and had some really good outcomes. Next week, we have
one on payments and one to follow later with on supply chain.
And particularly, what that's doing--in introducing members
from NIST, IBM was really informed by what the government was
doing and actually helped us on policy and interactions working
with our clients like with SecureKey in Canada, as well as
that's where we met members from the Sovrin Foundation that
really turned us on to some of the emerging standards. So those
types of interactions are paying off by bringing government
agencies and industry players together, so I want to encourage
that.
Mr. Lipinski. Mr. Yiannas?
Mr. Yiannas. The only thing I wanted to add, I don't have
specific advice, but just conceptually, you heard that we're
scaling, testing, and learning together, so there's a lot of
learning that's going on. And a lot of this is happening in the
private sector. There's collaboration happening with a lot of
private entities. The notion that maybe the public sector could
participate in some of these tests I think would be very
beneficial. One of the things we like to say is that blockchain
truly democratizes the benefits. Everybody benefits. So if you
think of the food examples I gave, not only will suppliers
benefit but regulators will, too, being able to conduct
tracebacks. Consumers will. And so I would just recommend that
they get involved in some--pick out the right agency to get
involved in some of these pilots that are testing, scaling, and
learning together.
Mr. Lipinski. Thank you. I'm out of time. I'll yield back.
Chairman Abraham. Thank you. A fellow Louisianan, Mr.
Higgins.
Mr. Higgins. Thank you, Mr. Chairman. I thank the witnesses
today. This is fascinating testimony.
We certainly recognize the tremendous promise of blockchain
technology and supply chains and--throughout the private
sector. I also recognize the great threat, potential threat in
the government sector. I think we need to move forward very
cautiously as we explore the broadened use of blockchain
technology.
The precise tracking of valuable items and inventory at the
Walmart level is great. Everyone is within that sphere. There's
a financial benefit for everyone involved within the
blockchain. But to expand that technology into the government
sector, you're dealing with bad actors across the world that
could perhaps infiltrate that blockchain--this occurs to me--
and know precisely because of the accuracy--because of the very
accuracy that you referred to, sir, in the Walmart example for
tracking the mango slices in 2.2 seconds versus 7 days, that
same technology would allow a bad actor tracking government-
secured inventories like weapons or uranium, et cetera, to the
exact location.
So I'm concerned about the verification. Mr. Jaikaran, you
referred to authorized entities. How do we--how would we know--
explained to us--help us grasp how the digital or virtual
identity versus actual identity of a blockchain user is
verified. How do we know that a bad actor does not have
possession of a private key? How do we know a private key has
been stolen until the damage is done--been done?
Mr. Jaikaran. Thank you, sir. As Mr. Romine has discussed
earlier, many of the cases that we hear of Bitcoin being stolen
is because a private key has been taken and used, so in many
examples we've seen to date, we do not know if a private key
has been stolen and used. We find out about the transaction
after it has posted.
For some of the more sensitive supply-chain concerns, the
implementations of blockchain that may be used for that are
permissioned and private, meaning that not anyone can join that
blockchain and not every person on that blockchain will have
access to all the rights on that blockchain. So there's a level
of control that then governs who has access to the data, who
can publish the data, and who then can transact that data.
Mr. Higgins. That's very promising, I believe, for the
private sector and potentially for the government sector. I see
a public-private partnership emerging as this technology
emerges. I'm concerned about quantum computing.
Dr. Romine, you referred to in your submitted testimony a
public key and a private key. They're mathematically related to
each other and that the Federal Information Systems Processing
Standards specifies elliptic curve digital signature
algorithms, which is a common algorithm for digital signing
using blockchain technologies, and yet we're concerned about
protecting that algorithm from quantum computing. And you
referred to--that NIST is leading the global effort to ensure
that this--that encryption is available to industry prior to
the emergence of quantum computing, but how would we know that
quantum computing has emerged until we have observed its
interaction with blockchain technologies?
Dr. Romine. That's a very good question, Congressman. I
think the issue here is there's a general recognition that
there's a lot of investment around the world in the attempt to
develop quantum computing. I think the general consensus here
is that it is still a significant number of years away from
maturity until we reach what we call a cryptographically
relevant computer--quantum computer. The day that that happens,
I agree with you; I doubt that there's going to be--at least
potentially there may not be a headline around the world that
says we've now crossed from a non-quantum computer state into a
quantum computer state. It may be that some of the people
developing that technology would like to use it before it
becomes public. But our goal is to try to move with alacrity in
the development of quantum-resistant cryptography so that we
are ready in the event that that day occurs.
Mr. Higgins. You stated a number of years. Can you give us
an idea of a window, sir?
Dr. Romine. The estimates vary. Publicly available
estimates vary anywhere from 15 to 30 years. I don't really
know. It could be shorter than that if there are dramatic
improvements in technological advance that we can't really
predict right now.
Mr. Higgins. I thank you for that answer, sir, and thank
you all for testifying today.
Chairman Abraham. Thank you, Mr. Higgins.
Mr. McNerney, five minutes.
Mr. McNerney. Well, I thank the Chairman for holding the
hearing and I thank the witnesses.
Back to the present, Mr. Jaikaran, in your testimony you
raise the issue of how an attacker has the ability to
compromise a user's private encryption keys. Have there been
any instances of blockchain compromising?
Mr. Jaikaran. Yes, sir. When you hear cases of someone
stealing Bitcoin or other cryptocurrencies, what likely happens
is that that user's computer that hosted that private key was
compromised or that private key was somehow taken from that
user so that they could--the bad guy could perform a
transaction transferring that digital asset to themselves.
Mr. McNerney. So it's a matter of data hygiene. Is there
some way to protect yourself from those kind of losses?
Mr. Jaikaran. The risk here is similar to any kind of data
loss. You want to ensure that you are--your machine or the
network that you're hosting that information on has proper
security measures in place.
Mr. McNerney. Well, thank you.
Mr. Romine, could you give us an update on the--on
developing blockchain technology standards and having those
standards adopted by industry?
Dr. Romine. Sure. The first effort that we did was to
publish a general guideline to blockchain that I alluded to my
testimony. That isn't so much a standards development activity
as it is a means of providing a common vocabulary for people to
use when they talk about blockchain. Our engagement, as you
know in the United States, in general, standards development
occurs in the private sector.
We at NIST--as the nation's standards organization for the
federal government, we participate vigorously in many of those
activities, and the ones that we're participating in now
include work that's going on with the International
Organization for standardization and the insights committee
that we use in that effort, OASIS, IEEE the Institute of
Electrical and Electronics Engineers, our ANSI colleagues, and
others as well. So we're participating in technical committees
and subcommittees in the blockchain arena today.
Mr. McNerney. Well, I know that Walmart's developing
standards for its own use. Is there any chance that those
standards would be--because Walmart is a big organization,
their standards would be adopted, you know, over a broad range
of applications before standards have been accepted in the
government?
Dr. Romine. Certainly, one of the things that can happen
is, as de facto standards emerge or a substantial part of the
private sector begins to adopt a specific standard, those
standards can ultimately be brought to these standards bodies
and either adopted or modified as needed.
Mr. McNerney. Sir, thank you.
Mr. Cuomo, in your testimony you noted that there are
currently trusted digital identity projects underway in Canada.
Could you give us a little more about those projects? Are they
government-led, and exactly what do they entail?
Mr. Cuomo. So in Canada there's a company called SecureKey
that we're working with, and they're a small company that
offered a service for citizens to use any of their bank IDs,
user IDs and passwords to log into government services like
motor vehicle, you know, taxation department, et cetera, so
eliminating propagation of user ID and password. However, based
on further examination, they thought they can do better, and
with encouragement from all parties involved decided to try
blockchain, and not just any blockchain but I mentioned in my
testimony a new breed of blockchain, which is what we call a
permission blockchain, which brings accountability and ability
to surface and surf through regulations and be able to adhere
to existing regulations.
So we worked with them, the banks and the government
agencies, to implement a system called to VerifyMe. It was the
mobile application that I mentioned before. It is about to go
into pilot right now. Banks are building applications on it for
increasing the efficiency of onboarding clients while doing
their KYC and AML processes and streamlining those. And in
general, giving citizens back the rightful control of their
identity but also using established companies and institutions
to kind of be their friends like in Facebook when you would
friend someone. So you can turn to any of the existing
relationships you have like with your DMV and you can allow
them to attest to your identity, right?
So this is underway. We are about to enter pilot into that
system. There are companies in the United States to--looking at
that as well. It's been heavily influenced by many of the
standards that my friend to the right of me have helped bring
forward around data privacy.
Mr. McNerney. Thank you. I yield back.
Chairman Abraham. Thank you, Mr. McNerney.
Mr. Banks.
Mr. Banks. Thank you, Mr. Chairman.
I think what is most incredible to me is how much of this
is developed without overregulation from the federal
government. And I guess I would direct my questions to Mr.
Cuomo and Mr. Yiannas. What are you most--from a--more of a
broader perspective, what are you most concerned about? Where
can the government really screw this up, the continued
development of this technology? Mr. Yiannas?
Mr. Yiannas. My initial impressions of that question is
maybe becoming overly prescriptive. There's a lot of innovation
that's happening right now, and I think we ought to let the
innovation play out. As I mentioned, I think there's
opportunities for the public and private sector to do this
testing and scaling and learning together, but if we start
getting too prescriptive early, I think we'll stifle
innovation.
Mr. Banks. Have you seen specific examples?
Mr. Yiannas. I have not seen any examples of that. In fact,
in contrast what we've heard is from some of our federal
partners, CDC, FDA, with an interest in what we're doing and
learning how they might play a role or benefit, so I haven't
experienced that in the area of food.
Mr. Banks. Mr. Cuomo?
Mr. Cuomo. I'd further add to that that, as I mentioned,
there is a new form of blockchain that is more suitable for
business and government applications around permission
blockchain versus with Bitcoin where you have open networks
that are self-governed. With a permission blockchain, while the
networks could be open, they are governed by steering committee
members, right? So it's--again, I think it's more controlled.
It's working in a more controlled environment.
So again, distancing any regulations and policy that are
being levied against, you know, currency-oriented blockchain to
this new breed I think is important to keep that separation
because there's an immense amount of innovation that can and
will happen beyond cryptocurrency, so we really want to
encourage the look at that, A.
And B, there are many governments who are indulging in I
would say less risky blockchain projects whether it's digital
driver's license, land registry, things of that nature. So you
got to be in it to win it, and I think trying out some low-risk
projects, learning from those, and participating more I would
say with more tempo once you get those under your belt is what
we'd recommend.
Mr. Banks. So both of you would agree I think what this
hearing is all about, that we've benefited from the development
of this technology without government overreach, without
regulation, and you in the private sector especially seeing the
benefit of that. Both of you would agree with that?
Mr. Yiannas. I would agree with that.
Mr. Cuomo. Yes, sir.
Mr. Banks. Okay. Thank you. I yield back.
Chairman Abraham. Thank you.
Mr. Perlmutter, you have five minutes.
Mr. Perlmutter. Thank you.
And to the panelists, this is great. You're--Mr. Yiannas, I
want to start with you. Your little example which isn't so
little of 7 days to 2.2 seconds on your supply chain on the
mangoes, just the possibilities for government but other
industries are tremendous, so I was just thinking about in
Colorado. So we've had a lot of oil and gas development. Now
we've got real estate, suburban--the suburbs growing into what
were old oil and gas fields, and we're not quite sure where all
the pipes are.
Mining, you know, what's coming out of the mine, to be able
to go back from an environmental standard or from a real estate
standard and track this in a--you know, such an expeditious
manner----
Mr. Yiannas. Right.
Mr. Perlmutter. --is so--what other industries are you guys
working with besides the food industry? I know that's your
specialty, but are there other parts, other industries in your
collaboration----
Mr. Yiannas. Yes----
Mr. Perlmutter. --or your consortium?
Mr. Yiannas. In our consortium there is not. This is a food
consortium. But let me just real briefly if I could say the
difference between 7 days and 2.2 seconds, it's a big
difference. On the one hand--not just speed. On the one hand,
imagine if you just put all of the mangoes--if there were--you
know, associated with an event because you don't know the
source, that's 7 days of lost sales, 7 days of food waste, 7
days of small farmers' livelihoods being destroyed. You
eventually say, oops, your mangoes weren't affected. On the
other hand, if you don't pull them, that's a lot of potential
illnesses, hospitalizations, even deaths.
But we know that there are other areas of interest within
Walmart and outside of Walmart. We see interest in the
pharmaceutical industry obviously, anything that's supply-chain
related. We see interest in sustainability sectors. You know,
how can we manage supply chains so that they're more
sustainable, health and wellness so, you know, I think it's
endless the people that----
Mr. Perlmutter. I really--the possibilities are endless
here, and that's what's so exciting about this.
Dr. Romine, I want to thank you and NIST for being engaged
in this and for--you know, it's a frontier. It's the Wild West
in some respects, which is great. And to ultimately have some
standards which kind of rein in the Wild West nature of it a
little bit.
I'm kind of coming where Mr. Higgins was coming from,
though. I serve on another committee which is Terrorism and
Illicit Finance, and, you know, I--maybe I've watched too many
Mission Impossible's, but when I hear words tamperproof,
immutable, can't be hacked, I'm thinking, you know, Tom Cruise
is out there someplace, and he's coming up with a way to do it.
So talk to us a little bit more about this--the quantum
computing element of this. And Mr.--I'm sorry--Jaikaran--you
know, for both of you because, you know, that's something I
need to understand because we deal with a lot of hacking and
cybersecurity issues in my other committee.
Dr. Romine. So I'll start just by saying the backbone of
everything that we're talking about here is cryptography, and
NIST has been involved in cryptographic standards for more than
45 years. It's the backbone of our cybersecurity program and
something about which we are fiercely proud, the track record
that we have there.
The idea that we would sit back and wait for the advent of
quantum computing to render our public-key infrastructure
impotent is something we can't live with, and so some years ago
we initiated, and much more recently announced, the competition
that I alluded to for quantum resistance so that we will be
prepared in the event that quantum computing does render our
current cryptosystems ineffective. Long before that happens, we
will have replacements available so that we can continue to use
cryptography to underpin a trustworthy information technology
environment.
Mr. Jaikaran. Thank you for the question, sir. So when we
talk about the data on a blockchain being immutable and
auditable, we're really saying that we trust the math, not
necessarily the data that a user entered. So in a supply chain
example----
Mr. Perlmutter. But information's required to----
Mr. Jaikaran. Information is required to input, but it's
that cryptography that we trust, that we say, ah, yes, this
must be valid. There are pitfalls there, so I discussed earlier
a user collusion. You could have a user physically tamper with
a tracker in the supply chain and other users agree that that's
going to be tampered so that what appears in the record appears
to be true but it is actually somehow altered, and that might
inhibit our ability to track it going forward.
With quantum, I talked about business, legal, and
technology that would be applied. If you're using weak crypto
as one of the specific technologies that's being applied, that
can be overcome by high-performance computing or quantum
computing, and that's one of the risks that those choosing to
implement blockchain or any technology really must consider
before they move forward.
Mr. Perlmutter. Well, I want to thank you all. I've got a
million questions about cryptocurrencies, but this is really an
outstanding panel. Thank you.
Chairman Abraham. Thank you, Mr. Perlmutter.
Ms. Bonamici, five minutes, please.
Ms. Bonamici. Thank you very much, Mr. Chairman. This is a
fascinating discussion, and I really appreciate all the
witnesses who are here today. I know that this technology and
its applications are clearly evolving very rapidly, and I
appreciate the opportunity to learn more and to hear from you
and some of the--about some of the opportunities and the
challenges.
I'm curious about a couple of things, first of all, the
potential applications of blockchain technology in voting
systems. Could any of you--maybe Professor Wright and Mr.--is
it Jaikaran? Am I close? Could you elaborate on how a
blockchain might play a role in making our elections more
secure and trustworthy? I had the opportunity a couple of years
ago to visit Estonia with the then-Chairman of the Education
Committee Chairman Kline, and we had some interesting
conversations about what they're--you know, what can we learn
from Estonia because they have of course e-voting, i-Voting.
They've done some pilots even with shareholder voting. So what
are the potentials there and how could blockchain make our
elections more secure and trustworthy? Mr. Wright?
Mr. Wright. Thank you very much for the question. So the
idea here is blockchains can store many different types of
data, including potentially data related to voting. And there's
been a significant amount of research over the past couple
years thinking about whether or not blockchains can actually be
used as a way to improve voting in a couple different
capacities. For public voting systems the anonymity that's
probably required for these systems to operate is not there
yet, but at least for votes and voting mechanisms where the
parties do not need to be anonymous, there's been some strides
that have been made from researchers.
So, for example, the thought would be in the corporate
setting where shareholders don't necessarily need to keep their
identity anonymous, they can record their votes on a
blockchain, and then you can use more of these autonomous
processes called smart contracts in order to just tally them up
automatically so you have an auditable trail of all the votes,
and then you can use additional logic in order to improve the
efficiencies of these voting processes. So----
Ms. Bonamici. I don't mean to interrupt, but with regard to
anonymity, a significant portion of the population and Estonia
does vote by i-Voting, and it is anonymous, so does anybody
know how they do that then if you're concerned about anonymity?
Mr. Jaikaran. Ma'am, so one way of implementing a
blockchain--remember, this is just a ledger of transactions--
it's to not record the vote itself but record the identity of a
voter having taken that action. So you could use the public-
private key encryption to say this person, this identity has
voted today at this place, but then the vote itself is not
stored on the blockchain at all. The vote itself is held in
some other secure system. So the voter voting is registered in
the same way we would in a poll book, but the vote of that
voter is still anonymous.
Ms. Bonamici. Thank you, fascinating. Can you talk a little
bit about what we are--how we in the United States compare both
in terms of--and I appreciate the work of NIST. I know you're
still open for public comment on your report. But how do we
compare with other countries in our advancements in this field
and in developing a workforce that is--will be required to work
in blockchain technologies? Dr. Romine?
Dr. Romine. I don't have specifics about other countries'
activities with respect to blockchain specifically. We do know
that there's a lot of activity in the area of cryptography
around the world, and we are a leader in the United States.
We're a leader in cryptography as a result of the activities of
at least in part my organization. I'm very proud of that.
As I alluded to in my testimony, we're leading the world in
the development of quantum-resistant cryptography as a result
of this global competition that we've launched, and we've
gotten a lot of interest and participation around the world.
Ms. Bonamici. And can I ask before my time expires, could
you talk a little bit about the possibility of--with the
testbeds that are available with NIST, the possibility of the
federal government hosting other testbeds and the ability for
other researchers to use those testbeds, federally funded
researchers?
Dr. Romine. Sure. We are not really operating so much as a
user facility in this particular case, but we're always happy
to talk to anyone about collaboration with us. If there are
people who are interested in working with us on the development
of mechanisms for testing out blockchain technologies, we're
happy to discuss that with anyone who would like to reach out
to us.
Ms. Bonamici. Thank you. And as I yield back, I want to
thank Mr. Cuomo for inventing the someone-is-typing indicator,
which I find very useful. Thank you, Mr. Chairman, and I yield
back.
Chairman Abraham. Thank you.
Dr. Marshall, five minutes.
Mr. Marshall. Yes, thank you, Chairman.
I'll start with Mr. Yiannas.
Mr. Yiannas, I represent an agriculture district, and one
of the big advantages that Kansas farmers, American farmers
have--well, actually, there's several. One is their ingenuity
and their hard work. Number two is our infrastructure allows us
to get our goods to market as efficient as anybody, but the
third thing is I think we have an incredible food safety and
quality that would compete with anybody in the world, so we're
excited to hear how you're using this technology.
And I think it would even give our farmers an even bigger
advantage if you knew that we had consistent better quality. So
as you're making this transition to this, how do you see--is,
you know, food quality going to influence the purchase where
Walmart's going to be purchasing its goods from?
Mr. Yiannas. Well, it's just allowing us to be much more
informed where the product's coming from and how it's being
produced and how it flows. The benefits could be from increased
assurances that the product's been produced safely,
authenticity, the ability to track and trace products. It's the
anonymity that often----
Mr. Marshall. Exactly.
Mr. Yiannas. --allow some people to do unscrupulous
behaviors in the supply chain with things such as economically
motivated adulteration. But we've talked to farmers, and in
terms of the stakeholder groups in the food system, farmers are
probably one of the most important stakeholder groups that we
want to hear from. And the initial read that we're getting is
very positive. Farmers, when there is a food scare, are often
falsely incriminated, and their crops----
Mr. Marshall. Exactly.
Mr. Yiannas. --are damaged, and so----
Mr. Marshall. Collateral damage.
Mr. Yiannas. --this allows them to clear their good name
faster. Farmers take a lot of pride in how they produce
products. It gives them the ability potentially to have a voice
or a face with the customer, and so we are going to try to
design a solution that's very sensitive to the farmers' needs.
Mr. Marshall. Anybody else want to comment on food safety?
Mr. Cuomo, go ahead.
Mr. Cuomo. Yes, one of the things that I think is important
is the convergence of technologies. Blockchain is certainly,
you know, I think a--you know, a transformative technology but
there are other I would say cousins out there like Internet of
Things and AI. And especially in like supply chain taking the
physical good and digitizing it on an immutable ledger I think
is really important.
In my written testimony I talk about some research that IBM
is doing in a snap-on to an iPhone camera lens that does a
spectral analysis so, for example, if you take a picture of a
vial of oil coming out of a Shell Oil plant at the origin of
the plant versus the--at the pump, let's say, you can actually
see the digital fingerprint as it was originally at the factory
versus what you're seeing, and maybe you might find out that it
has been watered down a little bit.
So you can imagine physically digitizing an important
complementary technology to blockchain that--and similar to AI,
you know, we're doing things with our Watson technology, for
example, in diamond provenance with a company called Everledger
to interpret and ingest the obligations of a very thick piece
of regulation called the Kimberley Act, which is here to
protect us all around proper processes around diamond mining.
And what they're doing is is they're using a smart contract to
ensure that the diamond certificates all follow the rules of
the Kimberley Act. So these cousins I think are also very
important to supply chain. They can work very well together.
Mr. Marshall. And we're excited to see the continued
advancements in AI that you're having without us regulating
you, overregulating that process. Yes, we're excited about
that.
I want to turn to health records. I'm a physician as well,
and one of my biggest struggles as we went through meaningful
use for the hospital as well as physician practices is I
explained it like this. I felt like the hospital had a Chevy. I
had a Ford. The doctor, the orthopods across town had a
Cadillac, and they wouldn't talk to each other or maybe one was
in Spanish and one was in French and one was Greek or
something. How do you all see this--solving that dilemma where
maybe--I would love to hear more about the patients having
control of their own records. Is it going to help solve this
problem where we have 10, 20 different computer systems out
there that speak different languages? I'm not sure who's our
health care specialist. Go ahead.
Mr. Jaikaran. Thank you for the question. In this example,
the--and I speak about it in my testimony as well--providers
maintain that health record in a manner that is consistent with
federal and state law----
Mr. Marshall. Sure.
Mr. Jaikaran. --so there's still a variety of systems in
use. What the blockchain may publish is permission to that
record. So rather than a patient having to drive across town to
pick up a disc of that health records to take over to their
next provider, providers could see that a permission for access
to that record has been published to this blockchain, and then
providers can then talk amongst themselves to transfer that
record.
This still comes with some pitfalls. One, all the providers
have to be on the same blockchain so they all have some kind of
identity, a public and private key, and users have to take a
more active role in managing that record for themselves.
Mr. Marshall. But do you think this solves--right now,
what's happening in doctor's offices, I literally have to send
it to them, they print it and copy it, and then they paste it
into the record. You think this will solve that problem?
Mr. Jaikaran. It is a potential technology that can be
applied to that problem. Whether or not it solves it, it
depends to be seen on specific application.
Mr. Marshall. Okay. Thank you. Mr. Chairman, I yield back.
Chairman Abraham. I thank you, Dr. Marshall.
Ms. Esty?
Ms. Esty. Thank you, Mr. Chairman. And my apologies. This
is one of those multi-hearing days and meeting days. But I did
appreciate that question on health records because I just came
from a meeting with Secretary Shulkin at the VA, and one of the
topics we were discussing is exactly how do we deal with
medical records and do we have a better way of dealing with
that. So I'll be interested to follow up.
Blockchain technology has the potential to make game-
changing transformations to our digital economy and financial
security. We're seeing countries like China and Switzerland,
who are front and center in developing an innovative hub for
blockchain technology. Switzerland, known as Crypto Valley, is
home to an institution that targets the development of
blockchain and virtual currency startups. Last year, China
launched the Trusted Blockchain Open Lab to support the
application of blockchain technology across various sectors.
Mr. Wright, in your testimony you recommended to Congress
to establish a National Blockchain Commission in order to drive
blockchain innovation through prizes or otherwise in the United
States. Can you point to current innovative hubs or economies
that favor blockchain development, and what are the
characteristic that makes those hubs favorable to blockchain
development, and how could a national commission replicate
those best practices?
Mr. Wright. Thank you very much for the question. So the
innovation hubs are fortunately still in the United States, so
there's a tremendous amount of activity in New York. There's a
tremendous amount of activity obviously in the bay area. And
that's really being driven by the private sector. So I do think
that we're actually on great ground when it comes to the
innovation occurring here, but I do think that there's a number
of technical and legal limitations that could either enhance or
inhibit the technology going forward. And the idea would be to
pinpoint areas where we need to shore up and provide additional
research, so one area that hasn't been addressed yet is for
these autonomous computer processes known as smart contracts.
They have a number of different bugs and different problems
emerging with them. It would be great to provide research for
formal verification so that we can understand this new
computing paradigm, issues related to quantum computing, et
cetera. I think if we can provide that research, we can ensure
that the private sector then can take the learnings from that
research and bring it to the public.
Ms. Esty. And who do you think is best positioned to be
conducting that? Where do you see--who do you see as overseeing
that? Obviously, there's an enormous demand for talent and we
don't have the talent pool to fill all those demands, so we're
going to be having to compete with other--with agencies that
are already trying to recruit these same researchers from this
same talent pool.
Mr. Wright. Yes, I think that's a great question. And, you
know, blockchain technology--and some have analogized it to
being as impactful if not more impactful than the internet, so
it hits a number of different industries, it hits a number of
different sectors, so I think if we were to take this approach,
it would require multiple stakeholders to become involved, to
think about it. Academia obviously could play a huge role here
as well through grants or other ways to fund innovation.
Ms. Esty. I mean, you mentioned prizes. Do you see this as
grants or prizes? Obviously, there's--again, you may have
noticed our budgets are a little tight here. The research
budgets in the President's proposal are being cut across many
different agencies. There are very few they're getting plussed
up, VA and Defense Department about the only ones. Does that
suggest it ought to be in DARPA? I mean, where do we actually--
where would we park such an initiative practically? Who's got
the expertise and where do we think they would be best
positioned to move forward?
Mr. Wright. So with regard to prizes, that was mentioned
because it actually complements what's organically happening in
the private sector. A number of different projects that are
examining and exploring blockchain technology in the private
sector have already implemented bounty programs or different
ways to try to solve some of the technical issues. So I think
the government would complement what's already emerging in the
private sector.
With regard to where it's housed, I would defer to the
wisdom of these subcommittees in order to determine that
appropriately.
Ms. Esty. Anyone else want to weigh in on that? Yes, Mr.
Cuomo.
Mr. Cuomo. Yes, just reflecting on one of the
recommendations, which was to thoughtfully insert blockchain
into projects already funded, and I think there's good funding
going on today and we can leverage that. And I pointed out in
my testimony the Small Business Innovation Research program I
think, so I think tacking onto and encouraging within the
context of already funded I think is a great idea, as well as
the National Blockchain Commission.
Ms. Esty. Anyone else with other thoughts? Yes.
Mr. Jaikaran. Something Congress may want to consider when
thinking about where to park blockchain is to divide a
blockchain for its intended use. Are you interested in supply
chain management for food safety? That might lend itself to one
agency versus the international shipping of blockchain and
something coming into our ports. That may make it appropriate
for another agency. So rather than look at the technology
itself, the application of the agency and the expertise of that
agency may drive where that particular implementation would
reside.
Ms. Esty. Thank you. I appreciate--although I will note
with that the shortage of the workforce makes that hard to do
because then you're going to have to have that capacity in lots
of different agencies, and frankly, right now, with our efforts
to support a STEM workforce, we know we don't have what we need
right now and we've got cybersecurity issues, defense as well
as offense, that we're also trying to recruit for, so that is
aspirational but perhaps not realistic right now to be able to
park this in each of the agencies, although I think it does
make a great deal of sense.
Thank you and I yield back.
Chairman Abraham. Dr. Foster.
Mr. Foster. Thank you, Mr. Chairman. I appreciate the
ability--my ability to sit in on this committee. So now
actually you've had the opportunity to be questioned not only
by the only Ph.D. mathematician but also the only Ph.D.
physicist in the U.S. Congress, so I won't go too deeply into
the nuts and bolts of quantum computing in the interest of
time, but I guess my question is probably mostly for Mr.
Wright.
Digital contracts seem like they're really an area where
this could be transformative. And it seems to me there are two
classes of these, one where you need a governing body that can
break the contracts under some circumstances and one where
you're comfortable just letting, you know, the digital process
play out. And I was wondering if you've thought about, you
know, the classes of problems that can be solved by those two.
Mr. Wright. Sure. So thank you for the question. One of the
emerging-use cases for blockchain technology is to memorialize
parts of legal agreements in code, in software, so instead of
having a natural language agreement, you would have all or
portions of that agreement memorialized in some sort of
software-based system. Smart contracts are unique, particularly
on public blockchains and their ability to run autonomously
across a number of different computers at the same time, so
that means you could potentially preclude them from terminating
at some point in time. But at the same time they're software,
so you can program them in different ways, including ways to
halt or terminate them.
The real fundamental value for these smart contracts when
it comes to legal arrangements is that blockchains have proven
at least in the public setting to be pretty exemplary and
exceptional in securing digital assets of different various
stripes, including virtual currencies and representations of
physical and/or other digital assets, and you can use these
programs to seamlessly transfer them.
So, for example, in the project that I mentioned that I'm
working on called OpenLaw, we were able to model out an
employee offer letter, and the employee offer letter, instead
of it--it articulated a payment schedule, and instead of
getting paid every two weeks. you could get paid every minute,
right? And we can plug into that a smart contract that could
actually remit tax payments automatically, assuming that the
government was willing to accept tax payments and virtual
currency. And that obviously is a proof of concept but I think
it points to a future where our commercial relationships are
much more dynamic and it is a--represents a really new frontier
for how we think about commercial arrangements.
Mr. Foster. And yet if you found that the employee made
fraudulent presentations in their application for the job, you
need something like a court that has to go back and be able to
digitally break this digital contract so the payments don't
happen.
Mr. Wright. Yes, absolutely. So I think the consensus is
emerging that we will have agreements that are written in
natural language that only reference these smart contract
programs, and of course courts would be able to administer them
if there's a dispute. And on top of that there will be
technical safeguards that would be put in place so that the
parties could terminate the performance obligation during the
course of performance.
Mr. Foster. Okay. So these sound like quite complex things
even to accomplish something simple.
Mr. Wright. Yes. I think they're complex but over time they
should simplify and then could have a broad range of impact.
Mr. Foster. Yes, or perhaps standardized, remain complex
but have the standardized boilerplate and the small amount of
customized--but it's fascinating.
There are a couple of near-term things. Land registries
using blockchain are being pursued by a handful of countries
that I'm familiar with. And the other--and several countries
are talking about issuing fiat currencies, so these are not
like, you know, Bitcoin where it just floats and has no
intrinsic value. This would be something where the government
treasury would guarantee to accept them for payment of taxes or
give you a real cash dollar back and so that they wouldn't--you
know, they'd be solid. And I was wondering what your--what are
the near-term status of either of those whoever is most
familiar with land registry efforts, for example? Mr. Wright?
Mr. Wright. This is a great question. So the idea here
again is to record information related to title to property or
deeds to property on a blockchain. In the United States
obviously the land title recordation system is quite fractured,
so it would require a lot of coordination between various
different state- and county-level officials in order to build
these types of systems. But that's the promise. The promise is
we can begin to record evidence of ownership on a blockchain
and potentially develop a set of technologies that could become
standardized not just here but across the globe.
So imagine a possibility of actually being able to transfer
property regardless of jurisdictional boundaries in much the
same way when it comes to digital fiat currencies or digitized
fiat currencies. There's been a number of efforts in order to
explore this plane. There's been efforts by Singapore. I think
recently there was an effort announced by Israel----
Mr. Foster. So they're actually----
Mr. Wright. --to do it.
Mr. Foster. --functioning fiat currencies----
Mr. Wright. I think it's in the proof-of-concept stage, but
the thought is to represent traditional fiat currency in a
digitized form and to replicate some of the innovations that
we've seen with cryptocurrencies.
Mr. Foster. In terms of the supply chain application, it
seems like the big beneficiary may be offshore places where the
supply chain is sort of shaky and that there's a--we currently
have a competitive advantage in the United States is that we
have, you know, USDA and so on monitoring the egg supply chain.
And I was wondering if that's something that you agree with or
think that----
Mr. Yiannas. I think there's opportunities in very
developed supply chains. We see food safety scares happening in
very developed nations, and so the benefits there apply. We
know that very small tweaks or improvements in supply chains
result in big benefits, and so we think the idea of a digitized
food system, coupled with artificial intelligence and the
Internet of Things, will allow us to run smarter, more
efficient supply chains. So I think the benefits are for the
entire--the food system is global in nature. I think the entire
food system can benefit.
Mr. Foster. All right. Thank you. And yield back.
Chairman Abraham. Thank you, Dr. Foster.
We've got a couple members that want follow-up questions,
so we're going to be concise so--we've got limited time. Mr.
Higgins, you're recognized.
Mr. Higgins. Thank you, Mr. Chairman.
Mr. Jaikaran, in your testimony you describe blockchain as
not being a panacea technology or not appropriate solution for
every industry or company in its management of data. Other than
the ability to edit--inability to edit transactions--and I'm
going to ask you, is that correct? It's----
Mr. Jaikaran. Well, that might be one way, but yes,
blockchains----
Mr. Higgins. Other than the ability to edit transactions,
what are some of the risks to using a blockchain to record
vital information and data? And I'm thinking within the
governmental sector specifically.
Mr. Jaikaran. Sure. Thank you for the question, sir. So in
a government implementation, one of the big challenges with
government is the user base. The user base is dispersed, unlike
private sector that users and businesses might align. And in
this particular example on technical savviness, government
doesn't get to choose the technical savviness of its user base.
So one of the bigger risks here is something we've already
discussed, that a user loses their key and their ability to
then transact on that public identity becomes a challenge.
So in addition to data not being able to be edited
previously in the chain of a record was inserted
inappropriately or inaccurately, the ability for a user to then
conduct a new transaction might be difficult. Those are just
two and briefly explaining it.
Mr. Higgins. What's your opinion regarding the inability to
edit--it occurs to me for--for instance, regarding the Freedom
of Information Act or public records request at the state or
local level, if a blockchain--if the data within a blockchain
cannot be edited, how can it be redacted?
Mr. Jaikaran. That could be a potential problem. This goes
back to--I discussed three attributes: business, legal, and
technical. This might be both a legal and a business case when
one is considering applying blockchain technology. Does that
entity absolutely need an un-editable ledger of transactions?
The other side to that is maybe there's data that they do
not publish to that blockchain, but that data is actually held
on some other system that can be edited, but the record of that
transaction, the record of that document being made or whatever
that transaction might be--not all these transactions are
financial--that that is then published to the blockchain so
that there's----
Mr. Higgins. Okay. I don't think we've touched on that yet
in this hearing. So there can be a marriage between a more
secured system that's isolated from a blockchain and a
blockchain system.
Mr. Cuomo, would you comment on that, sir?
Mr. Cuomo. Yes. We've implemented several systems that
enable ``right to be forgotten'' by marrying exactly what you
said together, two systems. One is a secure data store where a
document or a piece of information is encrypted, and then a
fingerprint or digital hash of that document is then placed on
the blockchain. So what is being redacted is not the
information but the cookie crumb that you put on the blockchain
stays, right, so there's still evidence that something
happened----
Mr. Higgins. So potentially----
Mr. Cuomo. --but the information to be deleted outside,
yes.
Mr. Higgins. So potentially, a government system could be
developed that would allow for the dissemination of public data
through public information requests or Freedom of Information
requests and still allow that government entity at the local,
state, or federal level to redact data?
Mr. Cuomo. Yes.
Mr. Higgins. All right. Mr. Cuomo, you stated in your
written testimony that an enterprise blockchain network is
fault-tolerant. Can you briefly elaborate for us on that,
please?
Mr. Cuomo. So in an enterprise blockchain like the
Hyperledger Fabric, it's a modular architecture that supports a
variety of consensus algorithms. And modern computer science
supports a number of such algorithms that are fault-tolerant,
and one of them is the Byzantine fault-tolerant algorithm that
is emulated from the Byzantine general problem, which is back
in the day I guess a general couldn't trust all his messengers,
so he had to ensure that his orders were carried out even in
the presence of bad actors. So MIT and others formulated
algorithms that allow the operation of a general order to occur
even in the presence of some carriers that may be, you know,
bad actors.
Mr. Higgins. Fascinating. Mr. Chairman, I yield back. Thank
you.
Chairman Abraham. Thank you, Mr. Chairman.
Mr. Beyer.
Mr. Beyer. Thank you, Mr. Chairman.
Mr. Jaikaran? How do you pronounce that? We've been--
we've----
Mr. Jaikaran. Jaikaran.
Mr. Beyer. Jaikaran, yes. In your written testimony you
say, quote, ``Under key security, if the user's hard drive
fails,'' which mine failed last year so--``or they forget or
otherwise lose their private key''--just describing my wife--
``they effectively lock the resource tied to the public key
forever, inhibiting any other transaction with that asset.'' Is
there not a danger if you've built up this blockchain that's
gone on for years and is very long and somebody loses the
private key?
Mr. Jaikaran. Yes, that's precisely the example that I'm
trying to articulate in my written testimony, yes, that there
is a danger there.
Mr. Beyer. It sounds like a big danger. I just--I'm trying
to think about how--if in my business I've spent years building
a blockchain to record this immutable ledger of certain asset
transfers, and all of a sudden, it's lost forever.
Mr. Cuomo?
Mr. Cuomo. Yes, nothing is foolproof. However, there are
things you can do. For example, on the IBM blockchain is a
service that implements this enterprise blockchain. We allow
members of that block participating in that blockchain to store
their keys in a crypto vault, right? Also, we enable governance
to happen around, so you may you may choose not to join a
network where one of the other members are not using such a
vault, right? If they're just storing their keys on a laptop
you may not say--you say, well, that--the risk is too high for
me to join.
So governors of an enterprise blockchain could set the
rules that can help mitigate sloppiness or carelessness like
that. It won't eliminate but can help set a set of standards
that would, you know, eliminate those sorts of problems.
Mr. Beyer. If you and I had a blockchain that we had built
together for years and I lost my key, does that--my private
key, does that then deny you access to it also?
Mr. Cuomo. Transactions that you and I are involved with
are in jeopardy because whoever has your key can now see the
transactions that you and I had conducted.
Mr. Beyer. Okay. All right. Thank you very much.
Mr. Cuomo. You're welcome.
Chairman Abraham. Mr. Loudermilk?
Mr. Loudermilk. Thank you, Mr. Chairman. And I apologize
for coming in late. I actually was in another committee hearing
dealing with data security and financial services, and they
just happen to be two areas of key interest of mine are going
on at the same time.
I've often said recently that blockchain technology in my
opinion of having 30 years in the IT industry is a potential
solution to our cybersecurity risk that we have, which are
significant and real. My concern is that the federal
government, especially from the regulatory side, is always
afraid of adopting something new because they don't understand
it. And I'm seeing a lot of fear even among some of my
colleagues because they're equating the technology behind
cryptocurrency as the cryptocurrency itself, and I think this
is something that we need to look at, we need to consider as a
potential solution to our cybersecurity challenges we have
right now.
Mr. Cuomo, am I off base with that or do you think that
this is a potential solution, the technology, the blockchain
technology is a solution?
Mr. Cuomo. I mean, it's not a silver bullet, but it
certainly, if used in the right places, could help in a
significant way. We talked about digital identity, and I think
that's core to so many industries and government. So getting a
handle in the right areas, not having honeypots of data--
Mr. Loudermilk. Right.
Mr. Cuomo. --doing digital rights management where end-
users can actually manage their own data versus keeping it
under one house, one honeypot, I think that will go a long way.
We want to eliminate the problem, but it'll change the attack
surface.
Mr. Loudermilk. Well, the way I've always looked at
cybersecurity is it's impossible--as I think you said earlier,
it's impossible to have an ultimately secured system. In fact,
I remember when I was in the military and intelligence, a set
of standards were set out. The standards were so stringent that
once the system was built to actually meet the security
standards, it was unusable because it was so slow.
I mean, there's two aspects of cybersecurity I've looked
at. When I was--had my private business in the IT realm, we
looked at security in the way of--it's--you can't ultimately
secure yourself, it's to make it harder for the bad guy to get
your data. It was like the two Georgians who went hiking in
Alaska and a grizzly bear started chasing them. One of them sat
down and put on his tennis shoes. The other one said, ``You
can't outrun the bear.'' He said, ``I don't have to; I just
have to outrun you.'' That's kind of the way cybersecurity is,
to make you harder than the other guy.
And that's where I see the blockchain is it isn't the
silver bullet, but it does make it much more difficult to find
the honeypot. And in our environment today--and I have issues
with the honeypots as well. Not only is there a honeypot, but
because of our interest in data backup, we have multiple
honeypots sitting out in clouds. And if you get into one, it's
not that hard to backdoor to get in to another one somewhere.
The other aspect of cybersecurity--and anybody is welcome
to weigh in on this one--is one of the areas we overlook is a
key principle we had when I was in the military, which was you
do not have to secure what you don't have. It's the amount of
data that we are keeping sometimes that the government, through
regulation, forcing businesses to keep data that isn't that
valuable, they don't need to keep, or the government forcing
industry to report data to the government, which in my opinion
the government's the highest risk of anybody out there. Is that
something that we should be addressing is the amount of data
that we're requiring businesses to--and entities to keep on
individuals? Anybody could weigh in on that one.
Dr. Romine. Well, from the NIST perspective, our
cybersecurity approach has always been management of risk,
something I know from your background you understand very well.
And in this case, what you alluded to, this idea of data
minimization is one aspect of managing risk. There's no
question that that is an appropriate tool.
Other tools involve management of privacy risk, the idea of
trying to ensure that you've satisfied the five functions that
we talk about in the cybersecurity framework, the--identify
your assets, protect them, detect when they've been compromised
or attacked, respond to that, and then have a plan for recovery
in the event that a breach actually occurs. Risk management is
our approach.
Mr. Loudermilk. Well, I think to get to where we need to be
is going to take a culmination of a lot of things, but I
continue to see that the blockchain technology, because of how
it disperses the data--I know there's some challenge,
especially when it comes to law enforcement and some other
aspects, but I think we do not need to be afraid of the new
technology but figure out how to adopt it. And with that, Mr.
Chairman, I yield back.
Chairman Abraham. Thank you.
I recognize Mr. Perlmutter, who I understand is yielding to
Dr. Foster?
Mr. Perlmutter. Yes, I am.
Mr. Foster. Yes. Thank you. I appreciate that, Mr.
Perlmutter.
Let's see. The--one of the claims that's made about
blockchain is that it's going to really solve a lot of the
privacy problems, and probably the most direct--one of the
biggest worries there are individual medical records. And could
you walk me through how that might work? It seems to me that,
you know, if you--even if you authenticate yourself to a doctor
and he pulls your medical record, they exist in plaintext,
unencrypted on his computer. If his computer is hacked, it's
kind of game over and that your medical records will be for
sale on the dark web in short order. And is there any
blockchain-based solution to that fundamental problem of, you
know, having your endpoint machine hacked, your cell phone
hacked at the point that the user actually pulls up the clear
direct data?
Mr. Jaikaran. Thank you for the question, sir. So in the
example that I talk about in my testimony of the provider
maintaining that record, the record itself is still relying on
the security measures of the provider, so if the provider's not
implementing defense in depth, there's some other security
strategies and an attacker, instead of attacking the
blockchain, attacks the datastore of the provider, the record
is still vulnerable. That would be the case today.
Mr. Foster. Yes. But there's no potential blockchain-based
solution to that problem? If you're--if the terminal that
you're displaying the data on has been hacked, you're sunk?
Mr. Jaikaran. Not in any of the blockchain examples that
I've seen implemented to date.
Mr. Foster. Okay. Yes, so that's--let's see. This is a
question I guess related to NIST and all of the classified
activity that we put a lot of taxpayer money into. Is there
anything you can say about the level at which you communicate
say the state of the art of quantum computing, which is very
relevant? You're doing all this work, making assumptions about
where quantum computing will be. You know, not all of the work
in quantum computing is visible to everyone. Do you communicate
at the very highest classified level or do you maintain a
wall----
Dr. Romine. So in my laboratory--we don't do classified
work on our campus. We're not involved in that at all. We do
have people who have access to information that can help inform
us about the threat environment, and therefore give us tools
where we can prioritize the kind of work that we do to have
maximum impact.
In the area of quantum computing, I don't have any direct
information that I have available to me in the classified
setting--I can't divulge anything because I don't know
anything----
Mr. Foster. All right. So you literally and your coworkers
have no classified information? You can tell us everything you
know? Or is there a repository inside NIST of, you know, secret
stuff, state of the art of----
Dr. Romine. We have conversations with the folks in the
intelligence community at classified levels periodically when
there is threat information in the cybersecurity case, for
example. If there's threat information that exists at the
classified level that we may need to know to prioritize some of
the work that we do, but the work that we do is entirely in the
open and unclassified.
Mr. Foster. It's a tough--you know, a very tough thing to
think through how you--we want to get this right. You know, I
know that in my district, at Fermilab they're building qubits
that will actually last more than a fraction of a millisecond
because we lead the world in hi-Q superconducting resonators,
which is one of the promising strategies, but, you know, this
could immediately have big national security implications sort
of instantaneously at the point that there's some breakthrough.
And trying to understand, you know, how we handle that is tough
and--okay.
So--and I guess that was the main question. I'll yield back
my time.
Chairman Abraham. Thank you, Dr. Foster.
Mr. Loudermilk?
Mr. Loudermilk. Thank you for the second round there, Mr.
Chairman.
Mr. Cuomo, in your written testimony you discussed that we
could thoughtfully insert blockchain in some appropriate
projects already funded that would I believe you said ``help
ensure that we stay on the forefront of this transformative
technology.'' Can you elaborate on what some of those already-
funded projects may be and also where they wouldn't be
appropriate to use blockchain?
Mr. Cuomo. Well, yes. I mean, I mentioned in my testimony
the small--the SBIR, and that's basically the American seed
funding. It's kind of their tagline. And I think there are many
agencies from NIST to NASA that are getting funding for that,
so I think stipulating as part of the funding and encouraging
blockchain usage across whether it's sandbox development or,
you know, land registries, I think going where there's already
funding seems like a logical place to start.
Mr. Loudermilk. Okay. Thank you.
Chairman Abraham. Mr. Perlmutter.
Mr. Perlmutter. Thank you.
And two quick questions to Mr. Wright and to Mr. Cuomo.
First, could there be an infinite number of virtual currencies,
question number one? Question number two, going back to my
committee that I serve on in financial services, Terrorism and
Illicit Finance, so how do we deal with circumventing sanctions
by use of some sort of opaque currency? I mean, I don't want to
be the--I want to have a light touch, as you were talking
about, Mr. Wright, but also I don't want to see al-Qaida or
somebody else paid in cryptocurrencies and we can't find it. So
I'll just--it's an open-ended question to the two of you.
Mr. Wright. Thank you for the question. So with regard to
the first question, can there be an infinite number of virtual
currencies? I think the answer theoretically is yes. We've
already seen an explosion in the number of virtual currencies
that have been issued over the past four years. I think at last
count there's at least 1,200 of them. In part that's because
people just take existing virtual currency, the code base for
it, and they just create a new version of it and make a couple
tweaks and then release it.
With regard to illicit finance, on most current popular
blockchains, they're actually highly traceable, so you can
discern activity that's going on in the network because they
rely on a peer-to-peer network so you actually have to convey
information to all the members on the network. And so there's
data that's leaked, and there's different analytics companies
that have emerged that actually enable you to trace them.
There's a new generation of more anonymous virtual
currencies that are now coming to the fore that rely on more
advanced cryptography, and those present significant concerns,
particularly with regard to the Bank Secrecy Act and the know-
your-customer requirements, and other laws and regulations
related to our payment systems.
In terms of how you regulate them, I think it actually
raises a number of tricky and complex issues. One approach
could actually be to try to steer activity towards regulated
centralized intermediaries and exchanges where we can begin to
uncover and collect some information about some of that
activity in order to do more advanced network analysis to try
to de-anonymize some of the activity on the network.
There's also been research that's been done with these more
anonymous digital currencies in order to poke holes and see if
there's any vulnerabilities, putting on your Tom Cruise hat
from before, so I think that it's going to be a problem and
it's going to continue to be a problem going forward.
Mr. Perlmutter. And just quickly, Mr. Cuomo.
Mr. Cuomo. And just quickly, while I like to believe that
I'm a blockchain subject matter expert, I'm not a
cryptocurrency expert, so I yield to Mr. Wright's comments.
Mr. Perlmutter. Okay. Thank you. I yield back. Thanks, Mr.
Chairman.
Chairman Abraham. Thank you, Mr. Perlmutter.
A very informative and important discussion today, very
good. And moving forward, I'm going to ask a final question.
Oh, go ahead, Ms. Esty.
Ms. Esty. Thank you very much. With a question about the
personal keys, could you do biometric keys? Is that something
that could be--which presumably is much harder to lose your own
biometric key. If you've lost that, then you probably don't
need to worry about blockchain.
Mr. Jaikaran. Yes, while it would be possible to use a
biometric identifier as a way to generate a key in the same way
that your iPhone does for unlocking your phone, you would then
need some kind of biometric reader, so whatever computational
device you're using would then have to do that. So I think that
would be one of the limitations there is the hardware, not
necessarily the crypto.
Chairman Abraham. Thank you. So one final question. I'm
going to kind of go back to Ms. Esty's first line of
questioning. So moving forward with the continued utilization
of blockchain technology, what do each of you see as the most
significant or transformative application for business or the
public sector, and how can this committee play a role in
providing that support? Mr. Jaikaran, we'll start with you and
then it's down the line.
Mr. Jaikaran. So my research here in CRS hasn't really
looked at what may be the most significant. I think there are
some potential applications that may benefit particularly
government applications and anything that can speed the
efficiency of one transaction being validated from another.
Unfortunately, the swath of available projects for that is just
very wide at this point. So as the private sector, as
researchers, and as agencies such as NIST continue to
investigate this, as with internet technology, maybe something
useful will bubble up that may be most applicable for
government use.
Dr. Romine. We're just in the beginning stages, I think, of
building our testbed to take a look at many different
applications. If I were a betting man, I would say the
application that really resonates is one that we haven't
thought of yet.
Chairman Abraham. Dr. Cuomo?
Mr. Cuomo. And I have to go back to digital identity. I
think our digital lives in many cases are a mess. We are
leaving parts of our digital life all over the place----
Chairman Abraham. I would agree.
Mr. Cuomo. --and I think cleaning it up with some standards
like what's happening with Sovrin Foundation I think could go a
very long way and be an equal opportunity employer across
government, industry, education, and more.
Chairman Abraham. Mr. Yiannas?
Mr. Yiannas. I don't know if it'll be the most but I think
food is a very important----
Chairman Abraham. I have to agree with that.
Mr. Yiannas. --thing for society, and the idea that we
could digitize food, it's one of the frontiers that hasn't been
digitized, the learnings that we can get from that, the
transparency that we can give to consumers, consumers
increasingly concerned about food and where it comes from, we
think will be important for society.
Chairman Abraham. Thank you. Mr. Wright?
Mr. Wright. I think public open blockchains are actually
the major use case that will emerge, and they'll serve as a
spine and a backbone for a number of different open protocols
that transform a range of industries. And I think in terms of
how we can encourage that here, I think regulatory clarity
would be welcomed and helpful.
Chairman Abraham. Okay. Well, look, thanks for a truly
great discussion, from the Members' great questions, too.
So the record will remain open for two weeks for additional
comments and written questions from Members. This hearing is
adjourned. Thank you, gentlemen.
[Whereupon, at 12:09 p.m., the Subcommittees were
adjourned.
Appendix I
----------
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[all]