[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]


                 BEYOND BITCOIN: EMERGING APPLICATIONS
                        FOR BLOCKCHAIN TECHNOLOGY

=======================================================================

                              JOINT HEARING

                               BEFORE THE

                      SUBCOMMITTEE ON OVERSIGHT &
                SUBCOMMITTEE ON RESEARCH AND TECHNOLOGY

              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           FEBRUARY 14, 2018

                               __________

                           Serial No. 115-47

                               __________

 Printed for the use of the Committee on Science, Space, and Technology
 
 
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT] 


       Available via the World Wide Web: http://science.house.gov
       
       
                                __________
                               

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
28-934PDF                  WASHINGTON : 2018                     
          
----------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, 
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). 
E-mail, [email protected].        
       
       

              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY

                   HON. LAMAR S. SMITH, Texas, Chair
FRANK D. LUCAS, Oklahoma             EDDIE BERNICE JOHNSON, Texas
DANA ROHRABACHER, California         ZOE LOFGREN, California
MO BROOKS, Alabama                   DANIEL LIPINSKI, Illinois
RANDY HULTGREN, Illinois             SUZANNE BONAMICI, Oregon
BILL POSEY, Florida                  AMI BERA, California
THOMAS MASSIE, Kentucky              ELIZABETH H. ESTY, Connecticut
JIM BRIDENSTINE, Oklahoma            MARC A. VEASEY, Texas
RANDY K. WEBER, Texas                DONALD S. BEYER, JR., Virginia
STEPHEN KNIGHT, California           JACKY ROSEN, Nevada
BRIAN BABIN, Texas                   JERRY McNERNEY, California
BARBARA COMSTOCK, Virginia           ED PERLMUTTER, Colorado
BARRY LOUDERMILK, Georgia            PAUL TONKO, New York
RALPH LEE ABRAHAM, Louisiana         BILL FOSTER, Illinois
DANIEL WEBSTER, Florida              MARK TAKANO, California
JIM BANKS, Indiana                   COLLEEN HANABUSA, Hawaii
ANDY BIGGS, Arizona                  CHARLIE CRIST, Florida
ROGER W. MARSHALL, Kansas
NEAL P. DUNN, Florida
CLAY HIGGINS, Louisiana
RALPH NORMAN, South Carolina
                                 ------                                

                       Subcommittee on Oversight


                  RALPH LEE ABRAHAM, Louisiana, Chair
FRANK D. LUCAS, Oklahoma             DONALD S. BEYER, Jr., Virginia
BILL POSEY, Florida                  JERRY McNERNEY, California
THOMAS MASSIE, Kentucky              ED PERLMUTTER, Colorado
BARRY LOUDERMILK, Georgia            EDDIE BERNICE JOHNSON, Texas
ROGER W. MARSHALL, Kansas
CLAY HIGGINS, Louisiana
RALPH NORMAN, South Carolina
LAMAR S. SMITH, Texas
                                 ------                                

                Subcommittee on Research and Technology

                 HON. BARBARA COMSTOCK, Virginia, Chair
FRANK D. LUCAS, Oklahoma             DANIEL LIPINSKI, Illinois
RANDY HULTGREN, Illinois             ELIZABETH H. ESTY, Connecticut
STEPHEN KNIGHT, California           JACKY ROSEN, Nevada
RALPH LEE ABRAHAM, Louisiana         SUZANNE BONAMICI, Oregon
DANIEL WEBSTER, Florida              AMI BERA, California
JIM BANKS, Indiana                   DONALD S. BEYER, JR., Virginia
ROGER W. MARSHALL, Kansas            EDDIE BERNICE JOHNSON, Texas
LAMAR S. SMITH, Texas
                            
                            C O N T E N T S

                           February 14, 2018

                                                                   Page
Witness List.....................................................     2

Hearing Charter..................................................     3

                           Opening Statements

Statement by Representative Ralph Lee Abraham, Chairman, 
  Subcommittee on Oversight, Committee on Science, Space, and 
  Technology, U.S. House of Representatives......................     4
    Written Statement............................................     6

Statement by Representative Donald S. Beyer, Jr., Ranking Member, 
  Subcommittee on Oversight, Committee on Science, Space, and 
  Technology, U.S. House of Representatives......................     8
    Written Statement............................................    10

Statement by Representative Barbara Comstock, Chairwoman, 
  Subcommittee on Research and Technology, Committee on Science, 
  Space, and Technology, U.S. House of Representatives...........    12
    Written Statement............................................    13

Written Statement by Representative Eddie Bernice Johnson, 
  Ranking Member, Committee on Science, Space, and Technology, 
  U.S. House of Representatives..................................    15

Written Statement by Representative Daniel Lipinski, Ranking 
  Member, Subcommittee on Research and Technology, Committee on 
  Science, Space, and Technology, U.S. House of Representatives..    16

                               Witnesses:

Mr. Chris A. Jaikaran, Analyst in Cybersecurity Policy, 
  Government and Finance Division, Congressional Research Service
    Oral Statement...............................................    17
    Written Statement............................................    20

Dr. Charles H. Romine, Director, Information Technology 
  Laboratory, National Institute of Standards and Technology
    Oral Statement...............................................    31
    Written Statement............................................    33

Mr. Gennaro ``Jerry'' Cuomo, IBM Fellow and Vice President 
  Blockchain Technologies, IBM Cloud
    Oral Statement...............................................    41
    Written Statement............................................    43

Mr. Frank Yiannas, Vice President of Food Safety, Walmart
    Oral Statement...............................................    52
    Written Statement............................................    54

Mr. Aaron Wright, Associate Clinical Professor and Co-Director of 
  the Blockchain Project, Benjamin N. Cardozo School of Law
    Oral Statement...............................................    64
    Written Statement............................................    67

Discussion.......................................................    74


             Appendix I: Additional Material for the Record

Letter submitted by Representative Representative Donald S. 
  Beyer, Jr., Ranking Member, Subcommittee on Oversight, 
  Committee on Science, Space, and Technology, U.S. House of 
  Representatives................................................   104

 
                 BEYOND BITCOIN: EMERGING APPLICATIONS
                       FOR BLOCKCHAIN TECHNOLOGY

                              ----------                              


                      WEDNESDAY, FEBRUARY 14, 2018

                  House of Representatives,
                      Subcommittee on Oversight and
            Subcommittee on Research and Technology
               Committee on Science, Space, and Technology,
                                                   Washington, D.C.

    The Subcommittees met, pursuant to call, at 10:03 a.m., in 
Room 2318 of the Rayburn House Office Building, Hon. Ralph 
Abraham [Chairman of the Subcommittee on Oversight] presiding.
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

    Chairman Abraham. The Subcommittee on Oversight and 
Research and Technology will come to order.
    Without objection, the Chair is authorized to declare 
recess of the Subcommittee at any time.
    Good morning. Welcome to today's hearing entitled ``Beyond 
Bitcoin: Emerging Applications for Blockchain Technology.'' I'm 
going to recognize myself for five minutes for an opening 
statement.
    Again, good morning, and welcome to the panelists--I think 
I've met most of you--to this joint Oversight and Research and 
Technology Subcommittee hearing. And again, the title is 
``Beyond Bitcoin: Emerging Applications for Blockchain 
Technology.''
    The purpose of this hearing is to explore blockchain 
technology, its potential, and emerging applications beyond 
cryptocurrency and financial technology. Today, we will hear 
from government and private-sector experts about the basics of 
blockchain technology and the ways this emerging technology can 
be leveraged to improve the provision of products and services 
for government and industry alike.
    Historically, the Science Committee has engaged in vigorous 
oversight of emerging forms of research and technology, 
especially those that stand to directly benefit business and 
government by ensuring their reliability, increasing their 
productivity, and securing systems and data.
    This hearing is an opportunity to learn more about the 
standards, guidelines, and best practices that may be necessary 
to ensure the effective and appropriate implementation of 
blockchain technology to those emerging applications, and I 
look forward to hearing from the witnesses today about 
improving certainly our government efficiency and private-
sector successes with this technology.
    And while there has been much discussion throughout 
Congress regarding the cryptocurrencies, this hearing is not 
intended to discuss those directly such as Bitcoin, and the 
numerous reported security, regulatory, and environmental 
issues associated with them. And although Bitcoin and other 
cryptocurrencies are popular and eye-catching examples of the 
use of blockchain technology, we will learn today that there 
are many emerging applications with much potential that could 
eventually provide substantial benefits to businesses and 
taxpayers.
    The Committee hopes to highlight this often underreported 
use of blockchain technology without getting caught up in the 
topic of the recently volatile and unsecure cryptocurrencies. 
We are also interested in the ongoing, proactive efforts and 
the coordination among private industries utilizing blockchain 
technology in different areas of their business models.
    I wish to thank Mr. Cuomo for being here to represent IBM, 
Mr. Yiannas is representing Walmart, and we look forward to 
hearing about the specific actions of IBM and Walmart have 
taken to utilize and harness the strength of this technology, 
especially in the supply chain and data management domains.
    Beyond an interest in the application of blockchain 
technology, the Science Committee will continue to address 
cybersecurity and how incorporation of blockchain technology 
could potentially bolster private companies' and the federal 
government's cybersecurity weaknesses. Cybersecurity is a 
complex and evolving issue that affects U.S. national and 
economic security, and we must consider the appropriate role 
for blockchain technology. All departments and agencies must 
remain diligent in their efforts to strengthen and secure our 
federal systems, and our approaches to addressing cybersecurity 
issues must evolve to keep pace with the everchanging threats.
    Bolstering the cybersecurity of federal information systems 
is among the Committee's top priorities, and I'm hopeful that 
our efforts here today will take us one step closer to 
achieving this objective.
    Dr. Romine, we appreciate NIST being here, and thank you 
for the--continuing to provide the guidance on this emerging 
technology. I know it's an evolving and very rapidly changing 
field. NIST is in a unique position to provide valuable 
standards and guidelines for blockchain with their extensive 
involvement with cryptography, the mathematical tools at the 
heart of blockchain technology. NIST has the ability to 
effectively ensure current standards--that current standards 
are sufficient in addressing potential for blockchain 
technology being utilized on a broader and a more intensive 
scale.
    And additionally, NIST can serve a useful role in providing 
a greater understanding of how the technology could lead to 
solutions that help secure data and ultimately enhance our 
national security, which is critical.
    I look forward to the insight of our witnesses today--they 
will provide, which will help resolve these important questions 
and hopefully help us better understand the next steps that 
must be taken to ensure the integrity, the resilience, and the 
security of systems and industries that could and do benefit 
from the application of this technology.
    [The prepared statement of Chairman Abraham follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Abraham. Next, Mr. Beyer. I now recognize the 
Ranking Member of the Oversight Subcommittee, the gentleman 
from Virginia, Mr. Beyer, for an opening statement.
    Mr. Beyer. Thank you, Mr. Chairman, very much. 
Congratulations on your new chairmanship----
    Chairman Abraham. Thank you. I appreciate that.
    Mr. Beyer. --of this Oversight. And I want to thank you and 
Chairwoman Comstock for putting on this hearing. It's a 
fascinating topic. I've been asking everyone I know in the last 
week to explain blockchain technology to me. No one can. People 
can spell it; that's about all. So I'm hoping that after we get 
finished today, you guys will also explain special relativity 
and quantum mechanics to the rest of the team, too.
    But this really is incredibly important. I just came back 
from the World Economic Forum where it seemed like every other 
forum was about blockchain technology. So entrepreneurs, 
innovators, big business, small businesses, small enterprises, 
everyone seems to be scrambling to understand the applications 
of blockchain technology. And as the hearing title suggests, it 
seems to be quickly moved past Bitcoin and past 
cryptocurrencies into supply chain industry, health care, clean 
energy field, legal/financial markets, election infrastructure. 
I read a great article last week about how it could affect 
education in the years to come.
    So this--potential blockchains offer better security, 
enhanced privacy, transactional transparency. But it's also 
obviously a disruptive technology, and so government and law 
enforcement agencies are trying to start to figure out the 
ramifications of blockchain services and applications. We know 
they have a difficult task ahead of them. As a nation, I 
believe that all of us want to ensure that these blockchain-
based technologies are used appropriately, that government 
regulations are not disregarded or intentionally circumvented, 
but at the same time that they aren't burdensome, that we are 
encouraging innovation and broad-based applications when 
appropriate and advantageous.
    So I'm particularly interested in hearing all that you have 
to say and the specific steps that you believe the U.S. 
Government, particularly our science-based agencies--NIST, 
National Science Foundation, Department of Energy, and Homeland 
Security--should be taking to foster innovation in this field 
and to help ensure that America is the hub for blockchain 
research development and discovery.
    By the way, Chairman Abraham, I believe the Science 
Committee can play an important oversight role in providing a 
public forum to address these and many other issues, so I'm 
hoping that past blockchain will look at the ethical issues 
surrounding artificial intelligence and mimicking software 
where we draw the limits and regulate such technology; that we 
think about the security consequences of deploying autonomous 
vehicles, drones, and other similar technologies; what are the 
technical challenges and the ethical implications of 
implantable medical devices and brain computer interfaces; and 
how can we or should we keep a closer eye on the deployment of 
commercially owned and operated biometric and other 
surveillance technologies both online, in the streets, and in 
the retail stores across America?
    This is a very fun committee to be on because we're dealing 
with so many things that are absolute--you know, that we 
wouldn't have predicted three years ago, maybe last year. So 
thank you very much for coming and educating us. We hope to ask 
intelligent questions. We hope to be a lot smarter at the end 
of this. Mr. Chairman, I yield back.
    [The prepared statement of Mr. Beyer follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Abraham. Thank you, Mr. Beyer.
    And I now recognize the Chair of the Research and 
Technology Subcommittee, Mrs. Comstock, for an opening 
statement.
    Mrs. Comstock. Thank you, Chairman Abraham, for putting 
together this hearing on such an important topic, and 
congratulations on your new position as Chairman of the 
Oversight Subcommittee.
    Today's hearing topic is of great interest to me and my 
constituents in the Commonwealth of Virginia. The 10th District 
attracts many of the leading internet, high-tech, health and 
defense companies in the world, and the northern Virginia 
region is home to many research and technology companies on the 
forefront of innovation.
    A recent overview by the National Institute of Standards 
and Technology describes blockchains as, quote, ``a significant 
new avenue for technological advancements, enabling secure 
transactions without the need for a central authority,'' end 
quote. While many of my more technologically inclined 
constituents may grasp the cryptocurrency benefits of 
blockchain technology, today's hearing will provide some 
insights into blockchain's applications beyond cryptocurrency.
    Blockchains have a myriad of applications in areas such as 
cybersecurity, identity authentication and verification, supply 
chain risk management and digital rights management, among 
others. These applications have potential implications and 
benefits for the federal government. A recent Department of 
Transportation report notes that there are ``several proposed, 
ongoing, and theoretical ways of applying blockchains in 
government.'' This includes the State Department's exploration 
of ways to use blockchain to improve efficiency, as well as 
research by the Postal Service and Department of Homeland 
Security on how blockchains may help in the establishment of 
secure identity management. I am pleased to hear about such 
efforts.
    In the previous session of Congress, the Research and 
Technology Subcommittee held a hearing following the many data 
breaches at the Office of Personnel Management. Like thousands 
of my constituents, I, too, received a letter from OPM 
informing me that my personal information may have been 
compromised or stolen by the criminals behind this attack. I 
also received a letter from the IRS on the same, and--I think I 
got three letters. I think I hit the trifecta on letters and 
information being compromised.
    So I look forward to hearing more about the potential and 
emerging applications of blockchain technology today, 
particularly if the technology can help with securing people's 
private and sensitive information. Thank you, and I yield back.
    [The prepared statement of Mrs. Comstock follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    [The prepared statement of Ranking Member Johnson follows:]

    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    [The prepared statement of Mr. Lipinski follows:]

    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Abraham. Thank you, Mrs. Comstock.
    I'm going to introduce our witnesses now. Our first witness 
today is Mr. Chris Jaikaran, an Analyst in Cybersecurity Policy 
with the Congressional Research Service. Mr. Jaikaran 
previously worked for the Department of Homeland Security 
starting in 2005 as a Program Analyst before being promoted in 
2008 to Planner. He holds a bachelor of arts degree from 
Syracuse University, a master's degree in public policy from 
George Mason University, and a graduate certificate in 
cybersecurity fundamentals from the Naval Postgraduate School.
    Dr. Charles Romine, our second witness, is a Director of 
Information Technology at NIST. Dr. Romine joined NIST in 2009 
as an Associate Director for Program Implementation. In 
November 2011, Dr. Romine became the Director of Information 
Technology Laboratory at NIST. Dr. Romine received both his 
bachelor's of arts degree in mathematics and a Ph.D. in applied 
mathematics from the University of Virginia.
    Mr. Jerry Cuomo, our next witness, is an IBM Fellow and a 
Vice President of Blockchain Technologies at IBM. Mr. Cuomo has 
worked with IBM since 1987 as an engineer with IBM Research. He 
was promoted in 2001 to an IBM Distinguished Engineer, and in 
2006 he became an IBM Fellow. He received a master's degree in 
computer science from New York University Polytechnic School of 
Engineering.
    Mr. Frank Yiannas, our fourth witness, is Vice President of 
Food Safety at Walmart. Mr. Yiannas previously worked for Walt 
Disney World as Director of Safety Health from 1989 to 2008. He 
holds a bachelor's degree of science and microbiology from the 
University of Central Florida and a master's degree in public 
health from the University of South Florida.
    Our last witness, Mr. Aaron Wright, is an Associate 
Clinical Professor and Co-Director of the Blockchain Project at 
the Benjamin N. Cardozo School of Law. Mr. Wright holds a 
bachelor's of arts degree from Tufts University and a juris 
doctor from the Benjamin N. Cardozo School of Law.
    I now recognize Mr. Jaikaran for five minutes to present 
his testimony.

              TESTIMONY OF MR. CHRIS A. JAIKARAN,

                ANALYST IN CYBERSECURITY POLICY,

                GOVERNMENT AND FINANCE DIVISION,

                 CONGRESSIONAL RESEARCH SERVICE

    Mr. Jaikaran. Thank you. Chairs Abraham and Comstock, 
Ranking Members Beyer and Lipinski, and Members of the 
Committee, thank you for the opportunity to testify today on 
blockchain. My name is Chris Jaikaran, and I'm an Analyst in 
Cybersecurity Policy at the Congressional Research Service. In 
this role I research and analyze a variety of informational 
technology issues to include blockchain. My testimony today 
includes an explanation of blockchain, potential applications 
for it, limitations and concerns in using it, and potential 
considerations for Congress.
    Blockchain is not a new technology. Rather, it is an 
innovative way of using technologies we already have. The 
technology allows parties that may not trust each other to 
agree on the current distribution of assets, who has those 
assets--and who has those assets so they may conduct new 
business.
    But while there has been hype surrounding blockchain, it 
also has certain pitfalls that may inhibit its utility. 
Blockchain is a digital ledger that allows parties to transact 
without the use of a central authority. In this ledger, 
transactions are grouped together in blocks, which are 
cryptographically tamperproof, and those blocks are 
cryptographically chained together in a way that creates an 
indisputable history. With blockchain, the use of a third-party 
can be avoided because, as transactions are added, the 
identities of the parties conducting those transactions are 
verified and the transactions themselves are verifiable by 
other users.
    The strong relationship between identities, transactions, 
and the ledger enables parties that may not trust each other to 
agree on the state of resources as logged in that ledger. With 
that agreement, they may conduct a new transaction with a 
common understanding of who has which resource and their 
ability to trade that resource.
    Blockchain is not a new single technology. Rather, it uses 
existing technologies in a novel way. Blockchain is enabled by 
asymmetric key encryption, pass values, Merkle trees, and peer-
to-peer networks. My written statement goes further into these.
    Blockchain is not a panacea technology. A blockchain 
records events as transactions when they happen, in the order 
they happen, and in an add-on-only manner. Previous data on the 
blockchain cannot be altered, and users of the blockchain have 
access to the data on the blockchain in order to validate the 
distribution of resources. Some advocate the use of blockchain 
when a combination of off-the-shelf database, cloud, and 
identity management technology would likely be more 
appropriate. An advantage to blockchain emerges when the users 
want the ledger to be undeniable and traceable.
    Though there are benefits to blockchain, there are also 
pitfalls and unsolved conditions which may inhibit blockchain 
use. Some of those concerns are data portability, ill-defined 
requirements, key security, user collusion, and user safety. My 
written statement elaborates on these further.
    As with adopting any technology, users must examine 
business, legal, and technical aspects of that technology. What 
is the business case for the technology? Do customers demand 
attributes which it provides? Or will employees benefit from 
them? What are the legal implications for using the new 
technology? Will adhering to compliance regimes be made easier 
or more difficult through using it? Will data help the new 
technology be accessible to auditors for review, or will it 
inhibit regulated transparency? Finally, what are the specific 
technologies that will be adopted? What are the attributes of 
that technology and how will it affect current business 
practices and how will they adapt over time? Blockchain is 
currently being tested by industry but at this time does not 
appear to be a complete replacement for existing systems.
    My written statement provides a few examples of how 
blockchain is being employed, piloted, or proposed. One such 
example is to manage electronic health records. In this 
example, actual medical records are retained on provider 
systems, but a record of that record is published to the 
blockchain. As identities are cryptographically signed to 
include those of patients, providers, payers, and other 
parties, the patient can manage who has access to those records 
by publishing access rights to specific identities on the 
blockchain. This is designed to shift the control of these 
records toward the patient. While technically feasible, this 
proposal would likely still face federal and state privacy 
laws, as well as a lack of standards, data processing, and 
storage, which may inhibit its adoption.
    Through the adoption of blockchain--though the adoption of 
blockchain is in its early stages, Congress may have a role to 
play in several areas, including providing oversight of federal 
agencies seeking to use blockchain for government business or 
regulating industries using blockchain. Some federal agencies 
are seeking to better manage identities, assets, data, and 
contracts through the adoption of blockchain technology. In 
addition, some of--federal agencies are issuing guidance on 
industry use of blockchain and whether or not the current legal 
framework governs blockchain use.
    Thank you for the opportunity to testify today and I look 
forward to your questions.
    [The prepared statement of Mr. Jaikaran follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Abraham. Thank you, Doctor.
    I now recognize Dr. Romine for five minutes to present his 
testimony.

         TESTIMONY OF DR. CHARLES H. ROMINE, DIRECTOR,

               INFORMATION TECHNOLOGY LABORATORY,

         NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

    Dr. Romine. Chairman Abraham, Ranking Member Beyer, 
Chairwoman Comstock, and Ranking Member Lipinski, and Members 
of the Subcommittees, I'm Chuck Romine, the Director of the 
Information Technology Laboratory at the Department of 
Commerce's National Institute of Standards and Technology, also 
known as NIST. Thank you for the opportunity to appear before 
you today to discuss NIST's role in blockchain technologies.
    Blockchains are defined as immutable digital ledger systems 
implemented in a distributed fashion that is without a central 
repository. At their most basic level, they enable a community 
of users to record transactions in a ledger that is public to 
that community so that transactions cannot be changed once 
published without the community knowing.
    The core ideas behind blockchain technology emerged in 
1991, and this technology became widely known in 2008 when the 
blockchain idea was combined with several other technologies 
and computing concepts to enable the creation of modern 
cryptocurrencies. Cryptocurrencies such as Bitcoin are 
electronic money protected through cryptographic mechanisms or 
blockchains for secure funds transfer. Blockchains are often 
viewed as synonymous with Bitcoin, but its applications are 
broader than fund transfer security. Its use cases vary from 
banking to secure supply chains to insurance and, as you've 
heard, health care.
    The use of blockchain technology, however, is not a silver 
bullet. Some issues must be considered such as how to deal with 
malicious users, how controls are applied, and the limitations 
of any blockchain implementation. NIST has a strong research 
program in advancing key components of the blockchain such as 
measurement science for computer security, cryptography, and 
cryptographic key management, creating solutions to real-world 
problems.
    In January 2018 NIST published a draft report ``Blockchain 
Technology Overview,'' which is now out for public comment. The 
report introduces the concept of blockchain, discusses its use 
in electronic currency, and shows its broader applications.
    NIST has conducted extensive research on asymmetric key 
cryptography, also referred to as public-private key 
cryptography, which is a fundamental technology to secure 
blockchain technologies. NIST develops, maintains, and tests 
implementations that meet NIST's standards and guidelines for 
key generation and derivation, key establishment, and key 
exchanges.
    Because blockchains are not centralized, users must manage 
their own private keys, meaning if one is lost, anything 
related to that private key, such as digital assets, is lost. 
If a private key is stolen, the attacker will have full access 
to all assets controlled by that private key. Therefore, 
security of private keys is critical. When the news media 
reports that Bitcoin was stolen from, it almost certainly means 
that the private keys were found and used to sign a transaction 
sending the money to a new account, not that the system itself 
was compromised.
    Looking forward, quantum computers will be a threat to 
blockchain technologies because they will be able to break the 
code and crack the public key cryptosystems. NIST is leading 
the global effort to ensure new encryption is available to 
industry and built into products before quantum computers 
emerge.
    Research at NIST to more generally use blockchain platforms 
is ongoing via the NIST blockchain workbench, which provides 
flexible testbeds that NIST researchers can use to implement 
theoretical solutions. This hands-on experience is essential to 
complement NIST interactions with industry and documentary 
standards research when NIST issues papers, guidance, tools, 
and references.
    Blockchains are a new and exciting technology that have the 
potential to address real corporate and consumer needs, but 
much work still needs to be done to understand this technology, 
to bring out its potential, and let markets reward usable and 
secure implementations that meet real customer needs.
    NIST will continue its research and development in the 
foundational cryptography that blockchains use. We will 
continue to learn from our research and continue to build 
collaborations with industry in the publication of guidelines. 
NIST also continues to work with international standards bodies 
that have started study groups and technical committees to 
initiate standards work for blockchains. This is an exciting 
time for blockchain technology as it emerges into markets and 
sectors.
    Thank you for the opportunity to testify on NIST's work 
regarding blockchain, and I'll be happy to answer any questions 
that you may have.
    [The prepared statement of Dr. Romine follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Abraham. Thank you, Dr. Romine.
    I now recognize Mr. Cuomo for five minutes to present his 
testimony.

     TESTIMONY OF MR. GENNARO ``JERRY'' CUOMO, IBM FELLOW,

       VICE PRESIDENT BLOCKCHAIN TECHNOLOGIES, IBM CLOUD

    Mr. Cuomo. Good morning, Chairman Abraham, Chairwoman 
Comstock, Ranking Members Beyer and Lipinski, and Members of 
the Subcommittee. My name is Jerry Cuomo, and I'm the Vice 
President for IBM Blockchain Technologies. And thank you very 
much for the opportunity to testify this morning.
    Most people who've heard of blockchain associate it with 
the cryptocurrency Bitcoin. While they're related, it's 
important to understand that they're not the same. The 
potential uses for blockchain are far broader than 
cryptocurrency. We've engaged in more than 400 blockchain 
projects across supply chain, government, health care, 
transportation, insurance, chemical petroleum, and more. And 
from those experiences, we've developed three key benefits.
    First, we believe that blockchain is a transformative 
technology that could radically change the way businesses and 
government interact. At the center of a blockchain is a shared 
immutable ledger. Each member of a blockchain network has an 
exact copy of the ledger as it updates over time. Transactions, 
once entered, cannot be changed. With this shared copy of the 
truth, time is saved because multiparty transactions could be 
now settled in real time. Cost is reduced because overhead is 
eliminated with businesses interacting directly. Risk is 
mitigated because the ledger acts as an immutable audit trail.
    IBM and Maersk recently announced a joint venture to create 
an industrywide trading platform for ocean freight. Currently, 
a shipment of goods between ports can generate a sea of 
paperwork. Blockchain helps in real time track millions of 
shipping containers across the world with the potential to save 
billions of dollars and transform the shipping industry.
    Our second belief is that blockchain must be open to 
encourage broad adoption, innovation, and interoperability. And 
for this reason, IBM is participating with over 180 industry 
players in the Hyperledger organization led by the Lennox 
Foundation. Only with openness will blockchain be widely 
adopted and spur innovation. IBM's collaborating with companies 
like SecureKey and the Sovrin Foundation on blockchain-based 
digital identity. Together, we are working to create a global 
ecosystem of blockchain identity networks backed by open 
standards where only the information that needs to be shared is 
shared with only those parties that have a need to know.
    And we finally believe that blockchain is ready for 
business and government use today. A new breed of blockchain 
technology is now available. It meets four key requirements. 
First, it supports accountability, which is gained by known 
parties identified by cryptographic membership keys, entrusted 
data from an immutable ledger.
    Next is privacy. While members are known to the network, 
transactions are only shared with those that have a need to 
know.
    Third is scalability, handling an immense volume of 
transaction. A recent research paper demonstrated best of class 
and blockchain performance of more than 3,500 transactions per 
second.
    And last but not least is security. With fault-tolerant 
algorithms, a network continues to operate even in the presence 
of bad actors or carelessness.
    IBM is working with 12 major food companies, including 
Walmart, Unilever, and Nestle, applying our enterprise 
blockchain to rapidly trace food as it moves from farm to 
table, making it possible to quickly pinpoint the sources of 
contamination, reduce the impact of food recalls, and limit the 
number of people who get sick or die from foodborne illnesses.
    Now, with those beliefs in mind, let me now turn to our 
recommendations to Congress. First, let's focus efforts on 
projects that can positively impact U.S. citizens and economic 
competitiveness. The Congressional Blockchain Caucus has 
already begun critical work on blockchain topics, including 
identity payments and supply chain. I recommend we use this 
work as the base to explore blockchain adoption, then use the 
knowledge gained to inform policy.
    The second recommendation is to thoughtfully insert 
blockchain into projects already funded. Look for opportunities 
to fuel innovation in the broad ecosystem of U.S. businesses by 
encouraging blockchain projects as part of initiatives like the 
Small Business Innovation Research program.
    And finally, we urge Congress and the Trump Administration, 
when considering regulatory policy, to recognize the difference 
between blockchain's use in new forms of currency from broader 
uses of blockchain to avoid consequences that stymie 
innovation. And please remember, blockchain is not Bitcoin.
    Blockchain is ready for government. Now, let's get 
government ready for blockchain. I look forward to answering 
your questions and continuing the discussion. Thank you very 
much.
    [The prepared statement of Mr. Cuomo follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Abraham. Thank you, Mr. Cuomo.
    Mr. Yiannas, I recognize you now for five minutes for your 
testimony.

                TESTIMONY OF MR. FRANK YIANNAS,

             VICE PRESIDENT OF FOOD SAFETY, WALMART

    Mr. Yiannas. Chairman Abraham, Comstock, and Members of the 
Committee, on behalf of Walmart, I want to thank you for the 
invitation to testify here today on the use of blockchain 
technology and its potential applications beyond cryptocurrency 
and finance. My name is Frank Yiannas, Vice President of Food 
Safety for Walmart, the world's largest retailer.
    Walmart helps people around the world save money so they 
can live better. Each week, more than 260 million customers 
visit our nearly 12,000 stores in 28 countries or shop with us 
on our e-commerce platforms. With fiscal revenue in 2017 of 
$485.9 billion, grocery sales accounted for approximately 56 
percent of those revenues in our U.S. formats. Operating in 
that many formats and in so many countries presents us with a 
daunting challenge and an important responsibility. Our 
customers rely on Walmart as their trusted buying agent.
    Too often people talk about a food chain, but it's not a 
linear chain at all. Today, the way we get our food from farm 
to table is a food system, and it's a complex network of many 
interdependent entities. While today's food system provides 
consumers with benefits, it also can present challenges. For 
example, the output of one contaminated ingredient could end up 
in thousands of products. We saw evidence of this during the 
peanut butter outbreak in 2008 and more recently with flour in 
2016.
    Blockchain is the distributed decentralized digital ledger 
that makes it possible to store and share data across complex 
networks in a more secure, effective, and democratic way. 
Features of immutability, consensus, and a complex network 
without a single authority allow the blockchain system to 
create one version of the truth and to rapidly scale trust, 
which is good for business.
    Today, many involved with food still use paper-based 
systems to manage records, and even if they capture that 
information in digital form, that data is often in disparate 
systems that don't speak with each other. Being able to track 
how food flows from farm to table can be a very difficult and 
lengthy task. Each participant discloses their products path 
one step forward and one step back. Regulators and retailers 
have to take that data and piece it together to find or 
manually determine the origin of a problem. For example, in 
2006 in a nationwide outbreak of E. coli here in the United 
States, it took regulators two weeks to conduct the traceback 
and determine the exact source of the contamination. We've seen 
similar timelines and outcomes in more recent food safety 
squares.
    In 2017, Walmart and IBM conducted two proof-of-concepts 
using blockchain for food traceability. For one pilot here in 
the United States, we decided to track the journey of mangoes 
from farm to store. That journey includes several stops along 
the way before they arrive in our stores as packages of sliced 
mangoes. For the test, we work with supplier and their supply 
chain to capture food traceability attributes onto the 
blockchain. We captured information about the mangoes, where 
were they grown, how were they harvested, how did the travel, 
and so on. At the conclusion of that pilot, we demonstrated 
that we could accelerate tracing the origin of sliced mangoes 
back from our stores to a farm down from 7 days to 2.2 seconds. 
That's food traceability at the speed of thought.
    As the food system is global in nature, we also conducted a 
second pilot in China, and it involved pork, one of the 
region's most important animal proteins. With the use of 
blockchain technology, at the store a case of pork could be 
scanned with a simple QR code and tracked back to the farm from 
which it came. We were also able to pull up digitized authentic 
veterinary records, increasing our confidence in the 
authenticity of that product.
    After our successful pilot with IBM, we rapidly mobilized 
with a group of influential companies to share our results, and 
we invited them to participate in additional testing. Today, we 
have a coalition of 11 foundation partners comprised of Walmart 
suppliers and peers in retail, all working together to further 
test blockchain. We seek a collaborative solution rather than 
each company trying to create one on their own. We're also 
placing emphasis on the importance of blockchain systems being 
interoperable and based on existing industry standards. Walmart 
and IBM the foundation partners have moved rapidly to scale, 
test, and learn, and Walmart is now testing blockchain on 
dozens of selected food items.
    While we've been working on food traceability, we believe 
blockchain could lay the groundwork for other benefits beyond 
food traceability such as optimizing supply chains and reducing 
food waste. Our ultimate goal is food transparency. By getting 
rid of the anonymity that exists in the food system today, we 
believe the blockchain could help shine a light on every step 
of how that food is produced and travels. This enhanced 
transparency will result in a safer, more efficient, and 
sustainable food system so that people can live better.
    Thank you for the opportunity to share our thoughts on 
blockchain applications in food, and we look forward to 
answering any of your questions.
    [The prepared statement of Mr. Yiannas follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Abraham. Thank you, Mr. Yiannas.
    Mr. Wright, you have five minutes, sir.

                 TESTIMONY OF MR. AARON WRIGHT,

                  ASSOCIATE CLINICAL PROFESSOR

           AND CO-DIRECTOR OF THE BLOCKCHAIN PROJECT,

               BENJAMIN N. CARDOZO SCHOOL OF LAW

    Mr. Wright. Chairman Abraham, Ranking Member Beyer, 
Chairwoman Comstock, Ranking Member Lipinski, and Members of 
the Subcommittees, thank you for the opportunity to testify 
before you today. I hope my testimony will provide further 
insight on the potential and risks of blockchain technology, 
particularly with respect to next-generation public and open 
blockchains such as Ethereum. I also hope my testimony will 
spur these committees to support policies to continue to 
position the United States as a global leader in this 
technology.
    My name is Aaron Wright, and I am a law professor, writing 
and teaching primarily in the area of technology law. Over the 
past four years, I've dedicated my academic efforts to 
researching and developing blockchain technology, writing about 
policy issues associated with blockchain technology, and 
counseling blockchain technology projects. As part of those 
efforts, I'm developing a project called OpenLaw, in 
conjunction with ConsenSys, which allows anyone to create smart 
legal agreements that leverage blockchain technology; serving 
as an advisor to an early seed company BlockApps; chairing the 
Legal Industry Working Group of the Enterprise Ethereum 
Alliance; and helping to organize the Brooklyn Project, a 
collaborative industry effort to develop sensible regulatory 
standards for blockchain technology.
    As you've heard from the other witnesses, blockchains are 
useful for far more than just virtual currencies like Bitcoin. 
They're underpinning an array of online services that seek to 
use the technology to store information. However, I also wanted 
to emphasize that they're also being used to run potentially 
autonomous computer processes called smart contracts. Both 
blockchains and smart contract could potentially impact a range 
of industries in the United States, improving commercial 
activity.
    As we've seen over the past two years, blockchains are 
poised to transform capital markets. Blockchain technology is 
being explored to improve the efficiency of traditional 
financial services, creating digitized financial agreements 
that are settled and cleared on a bilateral basis with less of 
a need for third-party administration.
    Perhaps of greater long-term importance, blockchains are 
securing scarce digital assets, often referred to as tokens, 
which parties transfer using smart contracts in a secure and 
largely irreversible way, with less of a need for centralized 
intermediaries. These tokens are powering new forms of 
crowdfunding, often referred to as token sales, and serve as a 
potentially potent new tool for entrepreneurs to build powerful 
new network-based technology platforms. The sale of these 
tokens ultimately could democratize access to capital and help 
spur innovation throughout the United States, building a fairer 
society.
    The impact of blockchain technology is spreading to the 
legal industry and other industries heavily reliant on 
contractual arrangements to structure business activity. By 
using blockchain-based smart contracts to memorialize payment 
and performance obligations and recording agreements on a 
blockchain, we may move soon beyond an era with contracts 
written in natural language to an era where we have agreements 
written in code.
    Outside of the private sector, governments across the 
globe, including China, Japan, and the E.U. are exploring 
blockchain technology in more detail and looking to see whether 
the technology can secure and manage critical public records 
and exploring whether blockchains can improve government 
procurement and taxation processes. Through these efforts, it's 
conceivable that blockchains could anchor global and 
transnational systems, including university-accessible secure 
identification systems that could prevent abuses like human 
trafficking, secure voting systems, transnational land and IP 
registries, and global marketplaces available to all.
    Extending beyond governmental services, blockchains are 
increasingly being explored to control devices and machines in 
a secure manner. If these attempts prove successful, 
blockchains could foster a new era of machine-to-machine and 
machine-to-person interactions and commerce.
    Despite these opportunities, however, blockchains have a 
number of risks. The disintermediated and transnational nature 
of public blockchains makes them difficult to govern and 
change, and they can be used to coordinate socially 
unacceptable and criminal conduct. Of greatest present concern, 
a slate of more anonymous new digital currencies are making it 
progressively easier to avoid anti-money laundering and other 
financial rules related to payment systems. Entrepreneurs are 
using blockchain technology to sell tokens in ways that avoid 
security law requirements, often with the aid of complicit 
lawyers that emphasize form over substance.
    Cryptocurrency exchanges for these digital goods, 
particularly those located abroad, appear to have implemented 
weak measures to prevent abusive trading practices, and new 
decentralized marketplaces and exchanges are emerging, which 
could operate without any centralized operator policing the 
network for illegal activity.
    Due to the nascent nature of blockchains, the U.S. 
Government has a unique ability to shape the development of the 
technology going forward. As the guiding principle, however, 
it's my hope that the United States proceeds with thoughtful 
technology-neutral regulation that permits the exchange of 
blockchain-based assets, particularly those that are consumer-
focused without undue regulation that enables parties to build 
blockchain-based protocols to address some of the technical 
limitations described by the other witnesses without fear of 
regulatory scrutiny and provides a predicable and simple legal 
environment that protects consumers without insulating 
entrenched market participants.
    To support these research and policy goals, I'd encourage 
Congress to contemplate commissioning a National Blockchain 
Commission that would aim to cement America's technological 
standing and increase economic growth and innovation. The 
commission could explore ways to invest in blockchain-based 
research through prizes or otherwise, devise common principles 
to guide the federal approach for regulating blockchain 
technology, hold hearings, conduct research, and make 
recommendations to industry, the executive branch, and 
Congress. Through the above approach, we can ensure that the 
United States remains the best place to develop, launch, and 
grow blockchain-based projects, and we can implement sensible 
and necessary guardrails to guide blockchain's development.
    Thank you very much for the opportunity to testify, and I 
look forward to any questions you may have.
    [The prepared statement of Mr. Wright follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Abraham. I thank the witnesses.
    If I understand the blockchain technology, then it is going 
to be transformational. We're going to go to questions, and I'm 
going to recognize myself for the first five minutes.
    And your testimony has helped. Being a physician that has 
used electronic medical records in the past and to see their 
advantages but certainly their disadvantages--I have got a 
hospital down the road six miles that I can't talk to with an 
EMR. This technology could certainly be eye-opening and 
certainly great for patient care.
    As a farm guy, I do believe that national security is food 
security and vice versa. And, Mr. Yiannas, your testimony as to 
the supply chain is very eye-opening for me. You know, I 
consider our farmers and ranchers our thin green line, and I 
think that maybe our Achilles' heel in this nation as far as 
our national security is concerned is if we have a breach in 
our food security.
    I took some notes during your testimony, and I'm going to 
just going to ask a couple of questions. Mr. Jaikaran and then 
Dr. Romine and Mr. Cuomo referenced that this system is 
tamperproof, that it's immutable, that it can still continue to 
operate if bad actors are in place, that there has to be a 
private key, that quantum computers are doing all this fancy 
and lightspeed stuff. But I'm still concerned. How is 
anything--I mean, we know what happened with Bitcoin and how it 
was breached. How is it tamperproof? And I'll go to you, Mr. 
Jaikaran, first.
    Mr. Jaikaran. Yes, thank you for the question. When we 
discuss the tamperproof attributes of blockchain, we're 
focusing on the mathematics behind it, that cryptographically 
we can trust that the identities that are saying they are 
conducting those transactions are and that those transactions 
are being validated by other users on the blockchain.
    Additionally, once it is added to that ledger, it cannot be 
changed from that point forward without the other users of the 
blockchain knowing that it was so that someone couldn't go back 
in time and alter a transaction and expect that to be reported 
as the truth.
    Chairman Abraham. Well, let me interrupt you. Could there 
be collusion between a group of users that could change the 
dynamics of the program?
    Mr. Jaikaran. Yes, sir. That is one of the risks that a 
large group of users on the blockchain agree to conduct 
illegitimate transactions and they have legitimate identities, 
so now they are manipulating what one may want to consider to 
be that one truth to benefit their transactions going forward. 
This is significantly easier on blockchains that are new, a 
little bit harder on blockchains that are already established 
just because of the amount of data that would have to be 
manipulated.
    Chairman Abraham. So, Dr. Romine, is there any standards in 
place at this time that can prevent a collusion type of event 
from occurring or for private keys being breached in a manner 
where more than one could be breached?
    Dr. Romine. Let me take those questions separately. The 
issue of subversion and changing of records, as Mr. Jaikaran 
correctly states, would require in most cases the collusion of 
a majority of the participants involved, and that's going to be 
extremely difficult.
    Chairman Abraham. While I can see where in a Walmart 
situation where you have literally millions of people involved 
that would be, but if you had a smaller group, I can see a 
potential issue there.
    Dr. Romine. If you do have a smaller group, it is easier to 
do but still likely to be visible to the entire community that 
a fork took place and that an activity that went back in time 
in essence to change previous records took place. So it would 
be difficult to do it without detection even in that case.
    Chairman Abraham. And I want to get to one more question 
and this is to Mr. Yiannas. Are Walmart's efforts utilizing 
blockchain technology and supply chain and data--are very 
promising. I think they're on the cutting edge. With your 
success, do you see other industries or large corporations 
taking advantage of this technology?
    Mr. Yiannas. Yes. The response to our pilots have been 
really interesting. We've had companies from all over the world 
contact us with an interest in what we're doing, wanting to 
learn more, and actually wanting to participate, and so there's 
a growing body of interest certainly within the food sector. 
It's really, really large. We also see other industries having 
an interest--for example, it has implications for 
sustainability, it has implications for food waste, and so we 
think it just has applications for supply chains in general.
    Chairman Abraham. Okay. And I'm out of time.
    Mr. Beyer, you're recognized for five minutes.
    Mr. Beyer. Thank you. Thank you, Mr. Chairman. I'd like to 
first begin and ask unanimous consent to introduce a letter 
from Congressman Polis for the record, who----
    Chairman Abraham. Without objection.
    Mr. Beyer. --co-chairs the Blockchain Technology--thank 
you.
    Dr. Romine, you talked about immutable, distributed, 
resilient, so I assume that this--the blockchain will exist in 
clouds throughout the world and computers throughout the world?
    Dr. Romine. That's right.
    Mr. Beyer. So is the only thing that could disrupt it then 
is an electromagnetic pulse or----
    Dr. Romine. That's certainly one catastrophic scenario that 
could jeopardize large segments, but in many cases certainly 
for the public blockchains are currently being used, the 
distribution would be difficult to track down geographically I 
think. It might be difficult to determine exactly where the 
entirety of the copies of the blockchain exist, and so finding 
a way to target the entire blockchain would be very, very 
difficult.
    Mr. Beyer. Is it likely to exist in more than one place at 
a time then also----
    Dr. Romine. For----
    Mr. Beyer. --for a variety----
    Dr. Romine. For public chains, absolutely. This distributed 
nature is one of the strengths of the resilience of 
blockchains.
    Mr. Beyer. So as long as we have electricity, we're 
probably okay?
    Dr. Romine. We probably are.
    Mr. Beyer. Okay. Good. Mr. Jaikaran, the--you wrote about 
mining and how people--you have to create incentives and the 
different ways that mining can go on. It conflicts a little bit 
with later testimony that there was a need for mining on it. Is 
there going to be a continuous need for people to be going to 
Iceland and spending lots of electricity and computer resources 
to develop the next block in the blockchain?
    Mr. Jaikaran. The use of--users mining for blockchain 
applies in a certain consensus model, particularly proof of 
work, if they have to solve a really difficult problem to show 
that this is a valid block in the chain. Other proofs of work 
may not require that proof of stake, a round-robin system where 
different users on the chain--it's just their turn to produce a 
block. These are based partially on the trust model that the 
users have amongst themselves apart from the blockchain, so if 
I'm in a business community, I already--I may already have a 
business relationship with other users and I may be able to use 
some other proof-of-work model to develop that next block. 
Those other models take less power and maybe even be faster to 
post that next block. So partly it depends on the users 
involved, as well as how they've developed the blockchain, what 
specific technologies they are choosing to use.
    Mr. Beyer. So the logical next question is are blockchains 
infinite potentially?
    Mr. Jaikaran. I think the limitation to the blockchain 
would be the computational power you have to devote to it, how 
much storage you have, your bandwidth, your processing power.
    Mr. Beyer. They get ever longer, correct?
    Mr. Jaikaran. They can continue to grow, yes.
    Mr. Beyer. And does it then require evermore power to 
decrypt them, to read them, to----
    Mr. Jaikaran. Only--to read them, no. Once it's posted, any 
user on the blockchain should have access depending on the 
rules of the blockchain that was developed. To develop the next 
block, it should follow the same consensus model. If someone 
were on it to attack a much larger blockchain, though, that 
does get much more difficult.
    Mr. Beyer. Okay. Dr. Romine, you mentioned that the 
development of quantum computing and the ability to break up 
these--can quantum computing be integrated into blockchain to 
make it ever more secure?
    Dr. Romine. That's a fascinating question. I think one of 
the things that we are pursuing publicly--several months ago, 
we announced a competition essentially for what we call the 
post-quantum cryptography that is cryptographic algorithms that 
are secure even in the face of quantum computing and 
traditional computing. Once those algorithms are developed and 
promulgated, then yes, those algorithms would be able to 
replace the current public-key encryption systems that are 
securing the blockchain and be more secure in a quantum world.
    Mr. Beyer. Okay. Very cool.
    Mr. Wright, you talked about market-based or game 
theoretical mechanisms for reaching consensus. This is a very 
cool phrase but what does it mean?
    Mr. Wright. Yes, I think it means the way that various 
different parties on the network decide that there's a valid 
block and that they want to add it to this underlying chain 
link of transactions. So, for example, for proof of work, you 
have to run this complex mathematical computation in order to 
prove that this is a valid block and it gets added to the 
chain, but you also have to pay fees that are related to it, so 
it's this dynamic between the mechanism with which you add 
information to the blockchain along with the fees that are 
charged by members particularly on public blockchains.
    Mr. Beyer. So they're not really reaching consensus on 
areas of disagreement; they're reaching consensus on the fact 
that this given block is valid----
    Mr. Wright. Exactly.
    Mr. Beyer. --or true or----
    Mr. Wright. That it follows the protocol.
    Mr. Beyer. Okay. My time is up, but thank you very much.
    Chairman Abraham. Thank you. Great questions.
    Mrs. Comstock, five minutes.
    Mrs. Comstock. Thank you, Mr. Chairman. Really this has 
really been a fascinating hearing and topic, and thank you for 
holding this hearing.
    I was meeting with some folks last week on this about the 
caucus, so they did highlight they needed more diversity in the 
caucus, so I do plan on joining it. And thank you for 
highlighting the caucus, too.
    In my opening statement I referenced the Office of 
Personnel Management data breach and, you know, the OPM 
notifying us, and I was wondering if you could go into some 
more detail on how we could use that technology to better 
protect personal and sensitive data stored by the government? 
Sure.
    Mr. Cuomo. So, Chairwoman Comstock, we are working with 
companies, as I referenced. One is SecureKey in Canada, and I 
think that's probably the furthest along to proving out digital 
identity blockchain, as well as working with the Sovrin 
Foundation, who's working on digital identity protocol 
standards on blockchain.
    In the case in Canada, they've gathered an ecosystem of all 
the major banks, Province of Ontario, British Columbia, and 
others to form a digital rights management system is probably 
the best way I can word it where citizens are the rightful 
owners of their data, and they basically in a very simple 
interface that's not much more complicated than your Facebook 
app give permission--for example, if I go to a real estate 
company to rent an apartment, I'll give my bank and my DMV 
permission to answer any of the questions, almost like it's a 
music license. I'm giving them license to answer my question 
and vice versa. I'm giving the folks answering the question the 
right to answer the question.
    And there are stipulations even in NIST talking about 
avoiding honeypots of data, and I think a lot of the major 
security breaches--it's a good idea not to put all your eggs in 
one basket. And one of the misnomers about using blockchain for 
identity is that you actually put personal identity information 
on the ledger. You don't. You put proofs of permission. You put 
the digital rights on it. And, you know, it becomes almost a 
routing system for how you can have people interact with 
accountability on your identity information and making it far 
less visible.
    And last but not least, it's much harder to track your 
identity and usage, so there's stipulations about these things 
called triple blind data exchange where the requester doesn't 
know who the provider is, the provider doesn't know who the 
requester is, and the network provider doesn't know either. And 
that makes it, again, very thorough to know so that only the 
parties who need to know actually get to know.
    Mrs. Comstock. Okay. Dr. Romine?
    Dr. Romine. Yes, from my perspective I think the important 
issue here is that, as Mr. Cuomo mentioned, storing PII in the 
blockchain itself is not recommended. This is not something 
that you want to do. In the example that Mr. Jaikaran used for 
access to medical records points that out. The medical records 
themselves still are retained on the private servers of the 
medical provider, but access management, access control, and 
auditability of access is provided through blockchain. So there 
are opportunities here to do some really interesting things in 
this space.
    Mrs. Comstock. Okay. Mr. Jaikaran?
    Mr. Jaikaran. Yes, ma'am. What may be particularly 
interesting is not the use of blockchain technology itself to 
protect sensitive data but some of the technologies that 
underpin blockchain, so public-private key encryption, hashing, 
and particularly loggings, that we know when data is being 
used, we know who is accessing that data, and we know when 
access--when data is being changed. Those technologies, 
particularly for very sensitive information that's not 
published to the blockchain, can certainly help protect data 
that we have today.
    Mrs. Comstock. Thank you. I yield back, Mr. Chairman.
    Chairman Abraham. Thank you, Mrs. Comstock.
    Mr. Lipinski, five minutes, sir.
    Mr. Lipinski. Thank you, Mr. Chairman.
    There's so much to really cover here and talk about and try 
to understand, but I think I want to get down to sort of 
whatever we can do in five minutes, get down to the question 
for us here. Is Congress doing enough to foster a coherent 
strategy regarding, you know, blockchain research and 
development and a unified regulatory strategy where appropriate 
government guidelines on dealing with blockchain-based 
technologies? So I know we can't cover that in five minutes, 
but let me start with Professor Wright because I know you've 
suggested that Congress initiate a National Blockchain 
Commission to address some of these issues. Can you just 
briefly expand a little bit on that? And then I want to get 
some reaction to what you have to say.
    Mr. Wright. Sure. So the idea with the blockchain 
commission would be to provide a degree of uniformity and a 
unified approach with regard to various different regulatory 
challenges that have emerged with regard to blockchain 
technology. You know, just from the statements from----
    Mr. Lipinski. Unifying across the government or----
    Mr. Wright. Right, across the federal government.
    Mr. Lipinski. Across--okay.
    Mr. Wright. So, you know, just some issues just raised by 
the witnesses' testimony today, there's privacy issues, 
identity management issues, key management issues, consumer 
protection. There's issues related to securities laws, 
commodities laws, and also issues related to the use of 
blockchain technology for currencies. And there's competing 
interpretations that have been issued already by various 
different federal agencies, so the thought would be to explore 
if we can have a common and unified guiding principles in order 
to ensure that the technology can develop in a mature way.
    We did this in part with the internet where we just 
distilled down a couple guiding principles and, in part some 
have commented that this is one of the reasons why so much 
internet-related innovation occurred here. I think it could be 
an opportunity again to look back to what we did when it came 
to internet policy back in the mid-1990s and apply that same 
idea to blockchain technology.
    And in addition, the other witnesses mentioned a number of 
different technological issues related to it, and a number of 
members in the private sector are trying to solve those issues, 
but any government support to address issues like scalability, 
issues related to developing quantum-resilient blockchains, 
issues related to other technical limitations that are 
currently present with blockchains would be helpful and I think 
encouraged.
    Mr. Lipinski. And I ask our other witnesses: Do you 
generally agree with that or is there anything that you would 
disagree with in terms of what the federal government should be 
doing? Mr. Jaikaran?
    Mr. Jaikaran. Sir, so what we see the federal government 
doing today is a variety of activities under the authority of 
that agency. So Mr. Romine talked about the NIST blockchain 
workshop, which is developing some use cases. We see that the 
Government Services Administration, GSA, is hosting other 
federal agencies to talk about potential applications of 
blockchain for government uses. Also, the Department of 
Homeland Security is issuing grants to try to overcome some of 
the issues surrounding blockchain to private industry to come 
up with solutions.
    Where we see this today is still in this testbed, trying to 
develop an understanding of technology, develop an 
understanding of how it can be applied, and then trying to 
develop a consensus amongst these tests. We have not yet seen a 
common federal ``this is our path forward.''
    Mr. Lipinski. Mr. Cuomo?
    Mr. Cuomo. Yes. And I would also like to reiterate that 
there is some really good work being done by the Congressional 
Blockchain Caucus, right, and that's Representatives Polis and 
Schweikert. And we've had already one workshop around digital 
identity and had some really good outcomes. Next week, we have 
one on payments and one to follow later with on supply chain. 
And particularly, what that's doing--in introducing members 
from NIST, IBM was really informed by what the government was 
doing and actually helped us on policy and interactions working 
with our clients like with SecureKey in Canada, as well as 
that's where we met members from the Sovrin Foundation that 
really turned us on to some of the emerging standards. So those 
types of interactions are paying off by bringing government 
agencies and industry players together, so I want to encourage 
that.
    Mr. Lipinski. Mr. Yiannas?
    Mr. Yiannas. The only thing I wanted to add, I don't have 
specific advice, but just conceptually, you heard that we're 
scaling, testing, and learning together, so there's a lot of 
learning that's going on. And a lot of this is happening in the 
private sector. There's collaboration happening with a lot of 
private entities. The notion that maybe the public sector could 
participate in some of these tests I think would be very 
beneficial. One of the things we like to say is that blockchain 
truly democratizes the benefits. Everybody benefits. So if you 
think of the food examples I gave, not only will suppliers 
benefit but regulators will, too, being able to conduct 
tracebacks. Consumers will. And so I would just recommend that 
they get involved in some--pick out the right agency to get 
involved in some of these pilots that are testing, scaling, and 
learning together.
    Mr. Lipinski. Thank you. I'm out of time. I'll yield back.
    Chairman Abraham. Thank you. A fellow Louisianan, Mr. 
Higgins.
    Mr. Higgins. Thank you, Mr. Chairman. I thank the witnesses 
today. This is fascinating testimony.
    We certainly recognize the tremendous promise of blockchain 
technology and supply chains and--throughout the private 
sector. I also recognize the great threat, potential threat in 
the government sector. I think we need to move forward very 
cautiously as we explore the broadened use of blockchain 
technology.
    The precise tracking of valuable items and inventory at the 
Walmart level is great. Everyone is within that sphere. There's 
a financial benefit for everyone involved within the 
blockchain. But to expand that technology into the government 
sector, you're dealing with bad actors across the world that 
could perhaps infiltrate that blockchain--this occurs to me--
and know precisely because of the accuracy--because of the very 
accuracy that you referred to, sir, in the Walmart example for 
tracking the mango slices in 2.2 seconds versus 7 days, that 
same technology would allow a bad actor tracking government-
secured inventories like weapons or uranium, et cetera, to the 
exact location.
    So I'm concerned about the verification. Mr. Jaikaran, you 
referred to authorized entities. How do we--how would we know--
explained to us--help us grasp how the digital or virtual 
identity versus actual identity of a blockchain user is 
verified. How do we know that a bad actor does not have 
possession of a private key? How do we know a private key has 
been stolen until the damage is done--been done?
    Mr. Jaikaran. Thank you, sir. As Mr. Romine has discussed 
earlier, many of the cases that we hear of Bitcoin being stolen 
is because a private key has been taken and used, so in many 
examples we've seen to date, we do not know if a private key 
has been stolen and used. We find out about the transaction 
after it has posted.
    For some of the more sensitive supply-chain concerns, the 
implementations of blockchain that may be used for that are 
permissioned and private, meaning that not anyone can join that 
blockchain and not every person on that blockchain will have 
access to all the rights on that blockchain. So there's a level 
of control that then governs who has access to the data, who 
can publish the data, and who then can transact that data.
    Mr. Higgins. That's very promising, I believe, for the 
private sector and potentially for the government sector. I see 
a public-private partnership emerging as this technology 
emerges. I'm concerned about quantum computing.
    Dr. Romine, you referred to in your submitted testimony a 
public key and a private key. They're mathematically related to 
each other and that the Federal Information Systems Processing 
Standards specifies elliptic curve digital signature 
algorithms, which is a common algorithm for digital signing 
using blockchain technologies, and yet we're concerned about 
protecting that algorithm from quantum computing. And you 
referred to--that NIST is leading the global effort to ensure 
that this--that encryption is available to industry prior to 
the emergence of quantum computing, but how would we know that 
quantum computing has emerged until we have observed its 
interaction with blockchain technologies?
    Dr. Romine. That's a very good question, Congressman. I 
think the issue here is there's a general recognition that 
there's a lot of investment around the world in the attempt to 
develop quantum computing. I think the general consensus here 
is that it is still a significant number of years away from 
maturity until we reach what we call a cryptographically 
relevant computer--quantum computer. The day that that happens, 
I agree with you; I doubt that there's going to be--at least 
potentially there may not be a headline around the world that 
says we've now crossed from a non-quantum computer state into a 
quantum computer state. It may be that some of the people 
developing that technology would like to use it before it 
becomes public. But our goal is to try to move with alacrity in 
the development of quantum-resistant cryptography so that we 
are ready in the event that that day occurs.
    Mr. Higgins. You stated a number of years. Can you give us 
an idea of a window, sir?
    Dr. Romine. The estimates vary. Publicly available 
estimates vary anywhere from 15 to 30 years. I don't really 
know. It could be shorter than that if there are dramatic 
improvements in technological advance that we can't really 
predict right now.
    Mr. Higgins. I thank you for that answer, sir, and thank 
you all for testifying today.
    Chairman Abraham. Thank you, Mr. Higgins.
    Mr. McNerney, five minutes.
    Mr. McNerney. Well, I thank the Chairman for holding the 
hearing and I thank the witnesses.
    Back to the present, Mr. Jaikaran, in your testimony you 
raise the issue of how an attacker has the ability to 
compromise a user's private encryption keys. Have there been 
any instances of blockchain compromising?
    Mr. Jaikaran. Yes, sir. When you hear cases of someone 
stealing Bitcoin or other cryptocurrencies, what likely happens 
is that that user's computer that hosted that private key was 
compromised or that private key was somehow taken from that 
user so that they could--the bad guy could perform a 
transaction transferring that digital asset to themselves.
    Mr. McNerney. So it's a matter of data hygiene. Is there 
some way to protect yourself from those kind of losses?
    Mr. Jaikaran. The risk here is similar to any kind of data 
loss. You want to ensure that you are--your machine or the 
network that you're hosting that information on has proper 
security measures in place.
    Mr. McNerney. Well, thank you.
    Mr. Romine, could you give us an update on the--on 
developing blockchain technology standards and having those 
standards adopted by industry?
    Dr. Romine. Sure. The first effort that we did was to 
publish a general guideline to blockchain that I alluded to my 
testimony. That isn't so much a standards development activity 
as it is a means of providing a common vocabulary for people to 
use when they talk about blockchain. Our engagement, as you 
know in the United States, in general, standards development 
occurs in the private sector.
    We at NIST--as the nation's standards organization for the 
federal government, we participate vigorously in many of those 
activities, and the ones that we're participating in now 
include work that's going on with the International 
Organization for standardization and the insights committee 
that we use in that effort, OASIS, IEEE the Institute of 
Electrical and Electronics Engineers, our ANSI colleagues, and 
others as well. So we're participating in technical committees 
and subcommittees in the blockchain arena today.
    Mr. McNerney. Well, I know that Walmart's developing 
standards for its own use. Is there any chance that those 
standards would be--because Walmart is a big organization, 
their standards would be adopted, you know, over a broad range 
of applications before standards have been accepted in the 
government?
    Dr. Romine. Certainly, one of the things that can happen 
is, as de facto standards emerge or a substantial part of the 
private sector begins to adopt a specific standard, those 
standards can ultimately be brought to these standards bodies 
and either adopted or modified as needed.
    Mr. McNerney. Sir, thank you.
    Mr. Cuomo, in your testimony you noted that there are 
currently trusted digital identity projects underway in Canada. 
Could you give us a little more about those projects? Are they 
government-led, and exactly what do they entail?
    Mr. Cuomo. So in Canada there's a company called SecureKey 
that we're working with, and they're a small company that 
offered a service for citizens to use any of their bank IDs, 
user IDs and passwords to log into government services like 
motor vehicle, you know, taxation department, et cetera, so 
eliminating propagation of user ID and password. However, based 
on further examination, they thought they can do better, and 
with encouragement from all parties involved decided to try 
blockchain, and not just any blockchain but I mentioned in my 
testimony a new breed of blockchain, which is what we call a 
permission blockchain, which brings accountability and ability 
to surface and surf through regulations and be able to adhere 
to existing regulations.
    So we worked with them, the banks and the government 
agencies, to implement a system called to VerifyMe. It was the 
mobile application that I mentioned before. It is about to go 
into pilot right now. Banks are building applications on it for 
increasing the efficiency of onboarding clients while doing 
their KYC and AML processes and streamlining those. And in 
general, giving citizens back the rightful control of their 
identity but also using established companies and institutions 
to kind of be their friends like in Facebook when you would 
friend someone. So you can turn to any of the existing 
relationships you have like with your DMV and you can allow 
them to attest to your identity, right?
    So this is underway. We are about to enter pilot into that 
system. There are companies in the United States to--looking at 
that as well. It's been heavily influenced by many of the 
standards that my friend to the right of me have helped bring 
forward around data privacy.
    Mr. McNerney. Thank you. I yield back.
    Chairman Abraham. Thank you, Mr. McNerney.
    Mr. Banks.
    Mr. Banks. Thank you, Mr. Chairman.
    I think what is most incredible to me is how much of this 
is developed without overregulation from the federal 
government. And I guess I would direct my questions to Mr. 
Cuomo and Mr. Yiannas. What are you most--from a--more of a 
broader perspective, what are you most concerned about? Where 
can the government really screw this up, the continued 
development of this technology? Mr. Yiannas?
    Mr. Yiannas. My initial impressions of that question is 
maybe becoming overly prescriptive. There's a lot of innovation 
that's happening right now, and I think we ought to let the 
innovation play out. As I mentioned, I think there's 
opportunities for the public and private sector to do this 
testing and scaling and learning together, but if we start 
getting too prescriptive early, I think we'll stifle 
innovation.
    Mr. Banks. Have you seen specific examples?
    Mr. Yiannas. I have not seen any examples of that. In fact, 
in contrast what we've heard is from some of our federal 
partners, CDC, FDA, with an interest in what we're doing and 
learning how they might play a role or benefit, so I haven't 
experienced that in the area of food.
    Mr. Banks. Mr. Cuomo?
    Mr. Cuomo. I'd further add to that that, as I mentioned, 
there is a new form of blockchain that is more suitable for 
business and government applications around permission 
blockchain versus with Bitcoin where you have open networks 
that are self-governed. With a permission blockchain, while the 
networks could be open, they are governed by steering committee 
members, right? So it's--again, I think it's more controlled. 
It's working in a more controlled environment.
    So again, distancing any regulations and policy that are 
being levied against, you know, currency-oriented blockchain to 
this new breed I think is important to keep that separation 
because there's an immense amount of innovation that can and 
will happen beyond cryptocurrency, so we really want to 
encourage the look at that, A.
    And B, there are many governments who are indulging in I 
would say less risky blockchain projects whether it's digital 
driver's license, land registry, things of that nature. So you 
got to be in it to win it, and I think trying out some low-risk 
projects, learning from those, and participating more I would 
say with more tempo once you get those under your belt is what 
we'd recommend.
    Mr. Banks. So both of you would agree I think what this 
hearing is all about, that we've benefited from the development 
of this technology without government overreach, without 
regulation, and you in the private sector especially seeing the 
benefit of that. Both of you would agree with that?
    Mr. Yiannas. I would agree with that.
    Mr. Cuomo. Yes, sir.
    Mr. Banks. Okay. Thank you. I yield back.
    Chairman Abraham. Thank you.
    Mr. Perlmutter, you have five minutes.
    Mr. Perlmutter. Thank you.
    And to the panelists, this is great. You're--Mr. Yiannas, I 
want to start with you. Your little example which isn't so 
little of 7 days to 2.2 seconds on your supply chain on the 
mangoes, just the possibilities for government but other 
industries are tremendous, so I was just thinking about in 
Colorado. So we've had a lot of oil and gas development. Now 
we've got real estate, suburban--the suburbs growing into what 
were old oil and gas fields, and we're not quite sure where all 
the pipes are.
    Mining, you know, what's coming out of the mine, to be able 
to go back from an environmental standard or from a real estate 
standard and track this in a--you know, such an expeditious 
manner----
    Mr. Yiannas. Right.
    Mr. Perlmutter. --is so--what other industries are you guys 
working with besides the food industry? I know that's your 
specialty, but are there other parts, other industries in your 
collaboration----
    Mr. Yiannas. Yes----
    Mr. Perlmutter. --or your consortium?
    Mr. Yiannas. In our consortium there is not. This is a food 
consortium. But let me just real briefly if I could say the 
difference between 7 days and 2.2 seconds, it's a big 
difference. On the one hand--not just speed. On the one hand, 
imagine if you just put all of the mangoes--if there were--you 
know, associated with an event because you don't know the 
source, that's 7 days of lost sales, 7 days of food waste, 7 
days of small farmers' livelihoods being destroyed. You 
eventually say, oops, your mangoes weren't affected. On the 
other hand, if you don't pull them, that's a lot of potential 
illnesses, hospitalizations, even deaths.
    But we know that there are other areas of interest within 
Walmart and outside of Walmart. We see interest in the 
pharmaceutical industry obviously, anything that's supply-chain 
related. We see interest in sustainability sectors. You know, 
how can we manage supply chains so that they're more 
sustainable, health and wellness so, you know, I think it's 
endless the people that----
    Mr. Perlmutter. I really--the possibilities are endless 
here, and that's what's so exciting about this.
    Dr. Romine, I want to thank you and NIST for being engaged 
in this and for--you know, it's a frontier. It's the Wild West 
in some respects, which is great. And to ultimately have some 
standards which kind of rein in the Wild West nature of it a 
little bit.
    I'm kind of coming where Mr. Higgins was coming from, 
though. I serve on another committee which is Terrorism and 
Illicit Finance, and, you know, I--maybe I've watched too many 
Mission Impossible's, but when I hear words tamperproof, 
immutable, can't be hacked, I'm thinking, you know, Tom Cruise 
is out there someplace, and he's coming up with a way to do it.
    So talk to us a little bit more about this--the quantum 
computing element of this. And Mr.--I'm sorry--Jaikaran--you 
know, for both of you because, you know, that's something I 
need to understand because we deal with a lot of hacking and 
cybersecurity issues in my other committee.
    Dr. Romine. So I'll start just by saying the backbone of 
everything that we're talking about here is cryptography, and 
NIST has been involved in cryptographic standards for more than 
45 years. It's the backbone of our cybersecurity program and 
something about which we are fiercely proud, the track record 
that we have there.
    The idea that we would sit back and wait for the advent of 
quantum computing to render our public-key infrastructure 
impotent is something we can't live with, and so some years ago 
we initiated, and much more recently announced, the competition 
that I alluded to for quantum resistance so that we will be 
prepared in the event that quantum computing does render our 
current cryptosystems ineffective. Long before that happens, we 
will have replacements available so that we can continue to use 
cryptography to underpin a trustworthy information technology 
environment.
    Mr. Jaikaran. Thank you for the question, sir. So when we 
talk about the data on a blockchain being immutable and 
auditable, we're really saying that we trust the math, not 
necessarily the data that a user entered. So in a supply chain 
example----
    Mr. Perlmutter. But information's required to----
    Mr. Jaikaran. Information is required to input, but it's 
that cryptography that we trust, that we say, ah, yes, this 
must be valid. There are pitfalls there, so I discussed earlier 
a user collusion. You could have a user physically tamper with 
a tracker in the supply chain and other users agree that that's 
going to be tampered so that what appears in the record appears 
to be true but it is actually somehow altered, and that might 
inhibit our ability to track it going forward.
    With quantum, I talked about business, legal, and 
technology that would be applied. If you're using weak crypto 
as one of the specific technologies that's being applied, that 
can be overcome by high-performance computing or quantum 
computing, and that's one of the risks that those choosing to 
implement blockchain or any technology really must consider 
before they move forward.
    Mr. Perlmutter. Well, I want to thank you all. I've got a 
million questions about cryptocurrencies, but this is really an 
outstanding panel. Thank you.
    Chairman Abraham. Thank you, Mr. Perlmutter.
    Ms. Bonamici, five minutes, please.
    Ms. Bonamici. Thank you very much, Mr. Chairman. This is a 
fascinating discussion, and I really appreciate all the 
witnesses who are here today. I know that this technology and 
its applications are clearly evolving very rapidly, and I 
appreciate the opportunity to learn more and to hear from you 
and some of the--about some of the opportunities and the 
challenges.
    I'm curious about a couple of things, first of all, the 
potential applications of blockchain technology in voting 
systems. Could any of you--maybe Professor Wright and Mr.--is 
it Jaikaran? Am I close? Could you elaborate on how a 
blockchain might play a role in making our elections more 
secure and trustworthy? I had the opportunity a couple of years 
ago to visit Estonia with the then-Chairman of the Education 
Committee Chairman Kline, and we had some interesting 
conversations about what they're--you know, what can we learn 
from Estonia because they have of course e-voting, i-Voting. 
They've done some pilots even with shareholder voting. So what 
are the potentials there and how could blockchain make our 
elections more secure and trustworthy? Mr. Wright?
    Mr. Wright. Thank you very much for the question. So the 
idea here is blockchains can store many different types of 
data, including potentially data related to voting. And there's 
been a significant amount of research over the past couple 
years thinking about whether or not blockchains can actually be 
used as a way to improve voting in a couple different 
capacities. For public voting systems the anonymity that's 
probably required for these systems to operate is not there 
yet, but at least for votes and voting mechanisms where the 
parties do not need to be anonymous, there's been some strides 
that have been made from researchers.
    So, for example, the thought would be in the corporate 
setting where shareholders don't necessarily need to keep their 
identity anonymous, they can record their votes on a 
blockchain, and then you can use more of these autonomous 
processes called smart contracts in order to just tally them up 
automatically so you have an auditable trail of all the votes, 
and then you can use additional logic in order to improve the 
efficiencies of these voting processes. So----
    Ms. Bonamici. I don't mean to interrupt, but with regard to 
anonymity, a significant portion of the population and Estonia 
does vote by i-Voting, and it is anonymous, so does anybody 
know how they do that then if you're concerned about anonymity?
    Mr. Jaikaran. Ma'am, so one way of implementing a 
blockchain--remember, this is just a ledger of transactions--
it's to not record the vote itself but record the identity of a 
voter having taken that action. So you could use the public-
private key encryption to say this person, this identity has 
voted today at this place, but then the vote itself is not 
stored on the blockchain at all. The vote itself is held in 
some other secure system. So the voter voting is registered in 
the same way we would in a poll book, but the vote of that 
voter is still anonymous.
    Ms. Bonamici. Thank you, fascinating. Can you talk a little 
bit about what we are--how we in the United States compare both 
in terms of--and I appreciate the work of NIST. I know you're 
still open for public comment on your report. But how do we 
compare with other countries in our advancements in this field 
and in developing a workforce that is--will be required to work 
in blockchain technologies? Dr. Romine?
    Dr. Romine. I don't have specifics about other countries' 
activities with respect to blockchain specifically. We do know 
that there's a lot of activity in the area of cryptography 
around the world, and we are a leader in the United States. 
We're a leader in cryptography as a result of the activities of 
at least in part my organization. I'm very proud of that.
    As I alluded to in my testimony, we're leading the world in 
the development of quantum-resistant cryptography as a result 
of this global competition that we've launched, and we've 
gotten a lot of interest and participation around the world.
    Ms. Bonamici. And can I ask before my time expires, could 
you talk a little bit about the possibility of--with the 
testbeds that are available with NIST, the possibility of the 
federal government hosting other testbeds and the ability for 
other researchers to use those testbeds, federally funded 
researchers?
    Dr. Romine. Sure. We are not really operating so much as a 
user facility in this particular case, but we're always happy 
to talk to anyone about collaboration with us. If there are 
people who are interested in working with us on the development 
of mechanisms for testing out blockchain technologies, we're 
happy to discuss that with anyone who would like to reach out 
to us.
    Ms. Bonamici. Thank you. And as I yield back, I want to 
thank Mr. Cuomo for inventing the someone-is-typing indicator, 
which I find very useful. Thank you, Mr. Chairman, and I yield 
back.
    Chairman Abraham. Thank you.
    Dr. Marshall, five minutes.
    Mr. Marshall. Yes, thank you, Chairman.
    I'll start with Mr. Yiannas.
    Mr. Yiannas, I represent an agriculture district, and one 
of the big advantages that Kansas farmers, American farmers 
have--well, actually, there's several. One is their ingenuity 
and their hard work. Number two is our infrastructure allows us 
to get our goods to market as efficient as anybody, but the 
third thing is I think we have an incredible food safety and 
quality that would compete with anybody in the world, so we're 
excited to hear how you're using this technology.
    And I think it would even give our farmers an even bigger 
advantage if you knew that we had consistent better quality. So 
as you're making this transition to this, how do you see--is, 
you know, food quality going to influence the purchase where 
Walmart's going to be purchasing its goods from?
    Mr. Yiannas. Well, it's just allowing us to be much more 
informed where the product's coming from and how it's being 
produced and how it flows. The benefits could be from increased 
assurances that the product's been produced safely, 
authenticity, the ability to track and trace products. It's the 
anonymity that often----
    Mr. Marshall. Exactly.
    Mr. Yiannas. --allow some people to do unscrupulous 
behaviors in the supply chain with things such as economically 
motivated adulteration. But we've talked to farmers, and in 
terms of the stakeholder groups in the food system, farmers are 
probably one of the most important stakeholder groups that we 
want to hear from. And the initial read that we're getting is 
very positive. Farmers, when there is a food scare, are often 
falsely incriminated, and their crops----
    Mr. Marshall. Exactly.
    Mr. Yiannas. --are damaged, and so----
    Mr. Marshall. Collateral damage.
    Mr. Yiannas. --this allows them to clear their good name 
faster. Farmers take a lot of pride in how they produce 
products. It gives them the ability potentially to have a voice 
or a face with the customer, and so we are going to try to 
design a solution that's very sensitive to the farmers' needs.
    Mr. Marshall. Anybody else want to comment on food safety? 
Mr. Cuomo, go ahead.
    Mr. Cuomo. Yes, one of the things that I think is important 
is the convergence of technologies. Blockchain is certainly, 
you know, I think a--you know, a transformative technology but 
there are other I would say cousins out there like Internet of 
Things and AI. And especially in like supply chain taking the 
physical good and digitizing it on an immutable ledger I think 
is really important.
    In my written testimony I talk about some research that IBM 
is doing in a snap-on to an iPhone camera lens that does a 
spectral analysis so, for example, if you take a picture of a 
vial of oil coming out of a Shell Oil plant at the origin of 
the plant versus the--at the pump, let's say, you can actually 
see the digital fingerprint as it was originally at the factory 
versus what you're seeing, and maybe you might find out that it 
has been watered down a little bit.
    So you can imagine physically digitizing an important 
complementary technology to blockchain that--and similar to AI, 
you know, we're doing things with our Watson technology, for 
example, in diamond provenance with a company called Everledger 
to interpret and ingest the obligations of a very thick piece 
of regulation called the Kimberley Act, which is here to 
protect us all around proper processes around diamond mining. 
And what they're doing is is they're using a smart contract to 
ensure that the diamond certificates all follow the rules of 
the Kimberley Act. So these cousins I think are also very 
important to supply chain. They can work very well together.
    Mr. Marshall. And we're excited to see the continued 
advancements in AI that you're having without us regulating 
you, overregulating that process. Yes, we're excited about 
that.
    I want to turn to health records. I'm a physician as well, 
and one of my biggest struggles as we went through meaningful 
use for the hospital as well as physician practices is I 
explained it like this. I felt like the hospital had a Chevy. I 
had a Ford. The doctor, the orthopods across town had a 
Cadillac, and they wouldn't talk to each other or maybe one was 
in Spanish and one was in French and one was Greek or 
something. How do you all see this--solving that dilemma where 
maybe--I would love to hear more about the patients having 
control of their own records. Is it going to help solve this 
problem where we have 10, 20 different computer systems out 
there that speak different languages? I'm not sure who's our 
health care specialist. Go ahead.
    Mr. Jaikaran. Thank you for the question. In this example, 
the--and I speak about it in my testimony as well--providers 
maintain that health record in a manner that is consistent with 
federal and state law----
    Mr. Marshall. Sure.
    Mr. Jaikaran. --so there's still a variety of systems in 
use. What the blockchain may publish is permission to that 
record. So rather than a patient having to drive across town to 
pick up a disc of that health records to take over to their 
next provider, providers could see that a permission for access 
to that record has been published to this blockchain, and then 
providers can then talk amongst themselves to transfer that 
record.
    This still comes with some pitfalls. One, all the providers 
have to be on the same blockchain so they all have some kind of 
identity, a public and private key, and users have to take a 
more active role in managing that record for themselves.
    Mr. Marshall. But do you think this solves--right now, 
what's happening in doctor's offices, I literally have to send 
it to them, they print it and copy it, and then they paste it 
into the record. You think this will solve that problem?
    Mr. Jaikaran. It is a potential technology that can be 
applied to that problem. Whether or not it solves it, it 
depends to be seen on specific application.
    Mr. Marshall. Okay. Thank you. Mr. Chairman, I yield back.
    Chairman Abraham. I thank you, Dr. Marshall.
    Ms. Esty?
    Ms. Esty. Thank you, Mr. Chairman. And my apologies. This 
is one of those multi-hearing days and meeting days. But I did 
appreciate that question on health records because I just came 
from a meeting with Secretary Shulkin at the VA, and one of the 
topics we were discussing is exactly how do we deal with 
medical records and do we have a better way of dealing with 
that. So I'll be interested to follow up.
    Blockchain technology has the potential to make game-
changing transformations to our digital economy and financial 
security. We're seeing countries like China and Switzerland, 
who are front and center in developing an innovative hub for 
blockchain technology. Switzerland, known as Crypto Valley, is 
home to an institution that targets the development of 
blockchain and virtual currency startups. Last year, China 
launched the Trusted Blockchain Open Lab to support the 
application of blockchain technology across various sectors.
    Mr. Wright, in your testimony you recommended to Congress 
to establish a National Blockchain Commission in order to drive 
blockchain innovation through prizes or otherwise in the United 
States. Can you point to current innovative hubs or economies 
that favor blockchain development, and what are the 
characteristic that makes those hubs favorable to blockchain 
development, and how could a national commission replicate 
those best practices?
    Mr. Wright. Thank you very much for the question. So the 
innovation hubs are fortunately still in the United States, so 
there's a tremendous amount of activity in New York. There's a 
tremendous amount of activity obviously in the bay area. And 
that's really being driven by the private sector. So I do think 
that we're actually on great ground when it comes to the 
innovation occurring here, but I do think that there's a number 
of technical and legal limitations that could either enhance or 
inhibit the technology going forward. And the idea would be to 
pinpoint areas where we need to shore up and provide additional 
research, so one area that hasn't been addressed yet is for 
these autonomous computer processes known as smart contracts. 
They have a number of different bugs and different problems 
emerging with them. It would be great to provide research for 
formal verification so that we can understand this new 
computing paradigm, issues related to quantum computing, et 
cetera. I think if we can provide that research, we can ensure 
that the private sector then can take the learnings from that 
research and bring it to the public.
    Ms. Esty. And who do you think is best positioned to be 
conducting that? Where do you see--who do you see as overseeing 
that? Obviously, there's an enormous demand for talent and we 
don't have the talent pool to fill all those demands, so we're 
going to be having to compete with other--with agencies that 
are already trying to recruit these same researchers from this 
same talent pool.
    Mr. Wright. Yes, I think that's a great question. And, you 
know, blockchain technology--and some have analogized it to 
being as impactful if not more impactful than the internet, so 
it hits a number of different industries, it hits a number of 
different sectors, so I think if we were to take this approach, 
it would require multiple stakeholders to become involved, to 
think about it. Academia obviously could play a huge role here 
as well through grants or other ways to fund innovation.
    Ms. Esty. I mean, you mentioned prizes. Do you see this as 
grants or prizes? Obviously, there's--again, you may have 
noticed our budgets are a little tight here. The research 
budgets in the President's proposal are being cut across many 
different agencies. There are very few they're getting plussed 
up, VA and Defense Department about the only ones. Does that 
suggest it ought to be in DARPA? I mean, where do we actually--
where would we park such an initiative practically? Who's got 
the expertise and where do we think they would be best 
positioned to move forward?
    Mr. Wright. So with regard to prizes, that was mentioned 
because it actually complements what's organically happening in 
the private sector. A number of different projects that are 
examining and exploring blockchain technology in the private 
sector have already implemented bounty programs or different 
ways to try to solve some of the technical issues. So I think 
the government would complement what's already emerging in the 
private sector.
    With regard to where it's housed, I would defer to the 
wisdom of these subcommittees in order to determine that 
appropriately.
    Ms. Esty. Anyone else want to weigh in on that? Yes, Mr. 
Cuomo.
    Mr. Cuomo. Yes, just reflecting on one of the 
recommendations, which was to thoughtfully insert blockchain 
into projects already funded, and I think there's good funding 
going on today and we can leverage that. And I pointed out in 
my testimony the Small Business Innovation Research program I 
think, so I think tacking onto and encouraging within the 
context of already funded I think is a great idea, as well as 
the National Blockchain Commission.
    Ms. Esty. Anyone else with other thoughts? Yes.
    Mr. Jaikaran. Something Congress may want to consider when 
thinking about where to park blockchain is to divide a 
blockchain for its intended use. Are you interested in supply 
chain management for food safety? That might lend itself to one 
agency versus the international shipping of blockchain and 
something coming into our ports. That may make it appropriate 
for another agency. So rather than look at the technology 
itself, the application of the agency and the expertise of that 
agency may drive where that particular implementation would 
reside.
    Ms. Esty. Thank you. I appreciate--although I will note 
with that the shortage of the workforce makes that hard to do 
because then you're going to have to have that capacity in lots 
of different agencies, and frankly, right now, with our efforts 
to support a STEM workforce, we know we don't have what we need 
right now and we've got cybersecurity issues, defense as well 
as offense, that we're also trying to recruit for, so that is 
aspirational but perhaps not realistic right now to be able to 
park this in each of the agencies, although I think it does 
make a great deal of sense.
    Thank you and I yield back.
    Chairman Abraham. Dr. Foster.
    Mr. Foster. Thank you, Mr. Chairman. I appreciate the 
ability--my ability to sit in on this committee. So now 
actually you've had the opportunity to be questioned not only 
by the only Ph.D. mathematician but also the only Ph.D. 
physicist in the U.S. Congress, so I won't go too deeply into 
the nuts and bolts of quantum computing in the interest of 
time, but I guess my question is probably mostly for Mr. 
Wright.
    Digital contracts seem like they're really an area where 
this could be transformative. And it seems to me there are two 
classes of these, one where you need a governing body that can 
break the contracts under some circumstances and one where 
you're comfortable just letting, you know, the digital process 
play out. And I was wondering if you've thought about, you 
know, the classes of problems that can be solved by those two.
    Mr. Wright. Sure. So thank you for the question. One of the 
emerging-use cases for blockchain technology is to memorialize 
parts of legal agreements in code, in software, so instead of 
having a natural language agreement, you would have all or 
portions of that agreement memorialized in some sort of 
software-based system. Smart contracts are unique, particularly 
on public blockchains and their ability to run autonomously 
across a number of different computers at the same time, so 
that means you could potentially preclude them from terminating 
at some point in time. But at the same time they're software, 
so you can program them in different ways, including ways to 
halt or terminate them.
    The real fundamental value for these smart contracts when 
it comes to legal arrangements is that blockchains have proven 
at least in the public setting to be pretty exemplary and 
exceptional in securing digital assets of different various 
stripes, including virtual currencies and representations of 
physical and/or other digital assets, and you can use these 
programs to seamlessly transfer them.
    So, for example, in the project that I mentioned that I'm 
working on called OpenLaw, we were able to model out an 
employee offer letter, and the employee offer letter, instead 
of it--it articulated a payment schedule, and instead of 
getting paid every two weeks. you could get paid every minute, 
right? And we can plug into that a smart contract that could 
actually remit tax payments automatically, assuming that the 
government was willing to accept tax payments and virtual 
currency. And that obviously is a proof of concept but I think 
it points to a future where our commercial relationships are 
much more dynamic and it is a--represents a really new frontier 
for how we think about commercial arrangements.
    Mr. Foster. And yet if you found that the employee made 
fraudulent presentations in their application for the job, you 
need something like a court that has to go back and be able to 
digitally break this digital contract so the payments don't 
happen.
    Mr. Wright. Yes, absolutely. So I think the consensus is 
emerging that we will have agreements that are written in 
natural language that only reference these smart contract 
programs, and of course courts would be able to administer them 
if there's a dispute. And on top of that there will be 
technical safeguards that would be put in place so that the 
parties could terminate the performance obligation during the 
course of performance.
    Mr. Foster. Okay. So these sound like quite complex things 
even to accomplish something simple.
    Mr. Wright. Yes. I think they're complex but over time they 
should simplify and then could have a broad range of impact.
    Mr. Foster. Yes, or perhaps standardized, remain complex 
but have the standardized boilerplate and the small amount of 
customized--but it's fascinating.
    There are a couple of near-term things. Land registries 
using blockchain are being pursued by a handful of countries 
that I'm familiar with. And the other--and several countries 
are talking about issuing fiat currencies, so these are not 
like, you know, Bitcoin where it just floats and has no 
intrinsic value. This would be something where the government 
treasury would guarantee to accept them for payment of taxes or 
give you a real cash dollar back and so that they wouldn't--you 
know, they'd be solid. And I was wondering what your--what are 
the near-term status of either of those whoever is most 
familiar with land registry efforts, for example? Mr. Wright?
    Mr. Wright. This is a great question. So the idea here 
again is to record information related to title to property or 
deeds to property on a blockchain. In the United States 
obviously the land title recordation system is quite fractured, 
so it would require a lot of coordination between various 
different state- and county-level officials in order to build 
these types of systems. But that's the promise. The promise is 
we can begin to record evidence of ownership on a blockchain 
and potentially develop a set of technologies that could become 
standardized not just here but across the globe.
    So imagine a possibility of actually being able to transfer 
property regardless of jurisdictional boundaries in much the 
same way when it comes to digital fiat currencies or digitized 
fiat currencies. There's been a number of efforts in order to 
explore this plane. There's been efforts by Singapore. I think 
recently there was an effort announced by Israel----
    Mr. Foster. So they're actually----
    Mr. Wright. --to do it.
    Mr. Foster. --functioning fiat currencies----
    Mr. Wright. I think it's in the proof-of-concept stage, but 
the thought is to represent traditional fiat currency in a 
digitized form and to replicate some of the innovations that 
we've seen with cryptocurrencies.
    Mr. Foster. In terms of the supply chain application, it 
seems like the big beneficiary may be offshore places where the 
supply chain is sort of shaky and that there's a--we currently 
have a competitive advantage in the United States is that we 
have, you know, USDA and so on monitoring the egg supply chain. 
And I was wondering if that's something that you agree with or 
think that----
    Mr. Yiannas. I think there's opportunities in very 
developed supply chains. We see food safety scares happening in 
very developed nations, and so the benefits there apply. We 
know that very small tweaks or improvements in supply chains 
result in big benefits, and so we think the idea of a digitized 
food system, coupled with artificial intelligence and the 
Internet of Things, will allow us to run smarter, more 
efficient supply chains. So I think the benefits are for the 
entire--the food system is global in nature. I think the entire 
food system can benefit.
    Mr. Foster. All right. Thank you. And yield back.
    Chairman Abraham. Thank you, Dr. Foster.
    We've got a couple members that want follow-up questions, 
so we're going to be concise so--we've got limited time. Mr. 
Higgins, you're recognized.
    Mr. Higgins. Thank you, Mr. Chairman.
    Mr. Jaikaran, in your testimony you describe blockchain as 
not being a panacea technology or not appropriate solution for 
every industry or company in its management of data. Other than 
the ability to edit--inability to edit transactions--and I'm 
going to ask you, is that correct? It's----
    Mr. Jaikaran. Well, that might be one way, but yes, 
blockchains----
    Mr. Higgins. Other than the ability to edit transactions, 
what are some of the risks to using a blockchain to record 
vital information and data? And I'm thinking within the 
governmental sector specifically.
    Mr. Jaikaran. Sure. Thank you for the question, sir. So in 
a government implementation, one of the big challenges with 
government is the user base. The user base is dispersed, unlike 
private sector that users and businesses might align. And in 
this particular example on technical savviness, government 
doesn't get to choose the technical savviness of its user base. 
So one of the bigger risks here is something we've already 
discussed, that a user loses their key and their ability to 
then transact on that public identity becomes a challenge.
    So in addition to data not being able to be edited 
previously in the chain of a record was inserted 
inappropriately or inaccurately, the ability for a user to then 
conduct a new transaction might be difficult. Those are just 
two and briefly explaining it.
    Mr. Higgins. What's your opinion regarding the inability to 
edit--it occurs to me for--for instance, regarding the Freedom 
of Information Act or public records request at the state or 
local level, if a blockchain--if the data within a blockchain 
cannot be edited, how can it be redacted?
    Mr. Jaikaran. That could be a potential problem. This goes 
back to--I discussed three attributes: business, legal, and 
technical. This might be both a legal and a business case when 
one is considering applying blockchain technology. Does that 
entity absolutely need an un-editable ledger of transactions?
    The other side to that is maybe there's data that they do 
not publish to that blockchain, but that data is actually held 
on some other system that can be edited, but the record of that 
transaction, the record of that document being made or whatever 
that transaction might be--not all these transactions are 
financial--that that is then published to the blockchain so 
that there's----
    Mr. Higgins. Okay. I don't think we've touched on that yet 
in this hearing. So there can be a marriage between a more 
secured system that's isolated from a blockchain and a 
blockchain system.
    Mr. Cuomo, would you comment on that, sir?
    Mr. Cuomo. Yes. We've implemented several systems that 
enable ``right to be forgotten'' by marrying exactly what you 
said together, two systems. One is a secure data store where a 
document or a piece of information is encrypted, and then a 
fingerprint or digital hash of that document is then placed on 
the blockchain. So what is being redacted is not the 
information but the cookie crumb that you put on the blockchain 
stays, right, so there's still evidence that something 
happened----
    Mr. Higgins. So potentially----
    Mr. Cuomo. --but the information to be deleted outside, 
yes.
    Mr. Higgins. So potentially, a government system could be 
developed that would allow for the dissemination of public data 
through public information requests or Freedom of Information 
requests and still allow that government entity at the local, 
state, or federal level to redact data?
    Mr. Cuomo. Yes.
    Mr. Higgins. All right. Mr. Cuomo, you stated in your 
written testimony that an enterprise blockchain network is 
fault-tolerant. Can you briefly elaborate for us on that, 
please?
    Mr. Cuomo. So in an enterprise blockchain like the 
Hyperledger Fabric, it's a modular architecture that supports a 
variety of consensus algorithms. And modern computer science 
supports a number of such algorithms that are fault-tolerant, 
and one of them is the Byzantine fault-tolerant algorithm that 
is emulated from the Byzantine general problem, which is back 
in the day I guess a general couldn't trust all his messengers, 
so he had to ensure that his orders were carried out even in 
the presence of bad actors. So MIT and others formulated 
algorithms that allow the operation of a general order to occur 
even in the presence of some carriers that may be, you know, 
bad actors.
    Mr. Higgins. Fascinating. Mr. Chairman, I yield back. Thank 
you.
    Chairman Abraham. Thank you, Mr. Chairman.
    Mr. Beyer.
    Mr. Beyer. Thank you, Mr. Chairman.
    Mr. Jaikaran? How do you pronounce that? We've been--
we've----
    Mr. Jaikaran. Jaikaran.
    Mr. Beyer. Jaikaran, yes. In your written testimony you 
say, quote, ``Under key security, if the user's hard drive 
fails,'' which mine failed last year so--``or they forget or 
otherwise lose their private key''--just describing my wife--
``they effectively lock the resource tied to the public key 
forever, inhibiting any other transaction with that asset.'' Is 
there not a danger if you've built up this blockchain that's 
gone on for years and is very long and somebody loses the 
private key?
    Mr. Jaikaran. Yes, that's precisely the example that I'm 
trying to articulate in my written testimony, yes, that there 
is a danger there.
    Mr. Beyer. It sounds like a big danger. I just--I'm trying 
to think about how--if in my business I've spent years building 
a blockchain to record this immutable ledger of certain asset 
transfers, and all of a sudden, it's lost forever.
    Mr. Cuomo?
    Mr. Cuomo. Yes, nothing is foolproof. However, there are 
things you can do. For example, on the IBM blockchain is a 
service that implements this enterprise blockchain. We allow 
members of that block participating in that blockchain to store 
their keys in a crypto vault, right? Also, we enable governance 
to happen around, so you may you may choose not to join a 
network where one of the other members are not using such a 
vault, right? If they're just storing their keys on a laptop 
you may not say--you say, well, that--the risk is too high for 
me to join.
    So governors of an enterprise blockchain could set the 
rules that can help mitigate sloppiness or carelessness like 
that. It won't eliminate but can help set a set of standards 
that would, you know, eliminate those sorts of problems.
    Mr. Beyer. If you and I had a blockchain that we had built 
together for years and I lost my key, does that--my private 
key, does that then deny you access to it also?
    Mr. Cuomo. Transactions that you and I are involved with 
are in jeopardy because whoever has your key can now see the 
transactions that you and I had conducted.
    Mr. Beyer. Okay. All right. Thank you very much.
    Mr. Cuomo. You're welcome.
    Chairman Abraham. Mr. Loudermilk?
    Mr. Loudermilk. Thank you, Mr. Chairman. And I apologize 
for coming in late. I actually was in another committee hearing 
dealing with data security and financial services, and they 
just happen to be two areas of key interest of mine are going 
on at the same time.
    I've often said recently that blockchain technology in my 
opinion of having 30 years in the IT industry is a potential 
solution to our cybersecurity risk that we have, which are 
significant and real. My concern is that the federal 
government, especially from the regulatory side, is always 
afraid of adopting something new because they don't understand 
it. And I'm seeing a lot of fear even among some of my 
colleagues because they're equating the technology behind 
cryptocurrency as the cryptocurrency itself, and I think this 
is something that we need to look at, we need to consider as a 
potential solution to our cybersecurity challenges we have 
right now.
    Mr. Cuomo, am I off base with that or do you think that 
this is a potential solution, the technology, the blockchain 
technology is a solution?
    Mr. Cuomo. I mean, it's not a silver bullet, but it 
certainly, if used in the right places, could help in a 
significant way. We talked about digital identity, and I think 
that's core to so many industries and government. So getting a 
handle in the right areas, not having honeypots of data--
    Mr. Loudermilk. Right.
    Mr. Cuomo. --doing digital rights management where end-
users can actually manage their own data versus keeping it 
under one house, one honeypot, I think that will go a long way. 
We want to eliminate the problem, but it'll change the attack 
surface.
    Mr. Loudermilk. Well, the way I've always looked at 
cybersecurity is it's impossible--as I think you said earlier, 
it's impossible to have an ultimately secured system. In fact, 
I remember when I was in the military and intelligence, a set 
of standards were set out. The standards were so stringent that 
once the system was built to actually meet the security 
standards, it was unusable because it was so slow.
    I mean, there's two aspects of cybersecurity I've looked 
at. When I was--had my private business in the IT realm, we 
looked at security in the way of--it's--you can't ultimately 
secure yourself, it's to make it harder for the bad guy to get 
your data. It was like the two Georgians who went hiking in 
Alaska and a grizzly bear started chasing them. One of them sat 
down and put on his tennis shoes. The other one said, ``You 
can't outrun the bear.'' He said, ``I don't have to; I just 
have to outrun you.'' That's kind of the way cybersecurity is, 
to make you harder than the other guy.
    And that's where I see the blockchain is it isn't the 
silver bullet, but it does make it much more difficult to find 
the honeypot. And in our environment today--and I have issues 
with the honeypots as well. Not only is there a honeypot, but 
because of our interest in data backup, we have multiple 
honeypots sitting out in clouds. And if you get into one, it's 
not that hard to backdoor to get in to another one somewhere.
    The other aspect of cybersecurity--and anybody is welcome 
to weigh in on this one--is one of the areas we overlook is a 
key principle we had when I was in the military, which was you 
do not have to secure what you don't have. It's the amount of 
data that we are keeping sometimes that the government, through 
regulation, forcing businesses to keep data that isn't that 
valuable, they don't need to keep, or the government forcing 
industry to report data to the government, which in my opinion 
the government's the highest risk of anybody out there. Is that 
something that we should be addressing is the amount of data 
that we're requiring businesses to--and entities to keep on 
individuals? Anybody could weigh in on that one.
    Dr. Romine. Well, from the NIST perspective, our 
cybersecurity approach has always been management of risk, 
something I know from your background you understand very well. 
And in this case, what you alluded to, this idea of data 
minimization is one aspect of managing risk. There's no 
question that that is an appropriate tool.
    Other tools involve management of privacy risk, the idea of 
trying to ensure that you've satisfied the five functions that 
we talk about in the cybersecurity framework, the--identify 
your assets, protect them, detect when they've been compromised 
or attacked, respond to that, and then have a plan for recovery 
in the event that a breach actually occurs. Risk management is 
our approach.
    Mr. Loudermilk. Well, I think to get to where we need to be 
is going to take a culmination of a lot of things, but I 
continue to see that the blockchain technology, because of how 
it disperses the data--I know there's some challenge, 
especially when it comes to law enforcement and some other 
aspects, but I think we do not need to be afraid of the new 
technology but figure out how to adopt it. And with that, Mr. 
Chairman, I yield back.
    Chairman Abraham. Thank you.
    I recognize Mr. Perlmutter, who I understand is yielding to 
Dr. Foster?
    Mr. Perlmutter. Yes, I am.
    Mr. Foster. Yes. Thank you. I appreciate that, Mr. 
Perlmutter.
    Let's see. The--one of the claims that's made about 
blockchain is that it's going to really solve a lot of the 
privacy problems, and probably the most direct--one of the 
biggest worries there are individual medical records. And could 
you walk me through how that might work? It seems to me that, 
you know, if you--even if you authenticate yourself to a doctor 
and he pulls your medical record, they exist in plaintext, 
unencrypted on his computer. If his computer is hacked, it's 
kind of game over and that your medical records will be for 
sale on the dark web in short order. And is there any 
blockchain-based solution to that fundamental problem of, you 
know, having your endpoint machine hacked, your cell phone 
hacked at the point that the user actually pulls up the clear 
direct data?
    Mr. Jaikaran. Thank you for the question, sir. So in the 
example that I talk about in my testimony of the provider 
maintaining that record, the record itself is still relying on 
the security measures of the provider, so if the provider's not 
implementing defense in depth, there's some other security 
strategies and an attacker, instead of attacking the 
blockchain, attacks the datastore of the provider, the record 
is still vulnerable. That would be the case today.
    Mr. Foster. Yes. But there's no potential blockchain-based 
solution to that problem? If you're--if the terminal that 
you're displaying the data on has been hacked, you're sunk?
    Mr. Jaikaran. Not in any of the blockchain examples that 
I've seen implemented to date.
    Mr. Foster. Okay. Yes, so that's--let's see. This is a 
question I guess related to NIST and all of the classified 
activity that we put a lot of taxpayer money into. Is there 
anything you can say about the level at which you communicate 
say the state of the art of quantum computing, which is very 
relevant? You're doing all this work, making assumptions about 
where quantum computing will be. You know, not all of the work 
in quantum computing is visible to everyone. Do you communicate 
at the very highest classified level or do you maintain a 
wall----
    Dr. Romine. So in my laboratory--we don't do classified 
work on our campus. We're not involved in that at all. We do 
have people who have access to information that can help inform 
us about the threat environment, and therefore give us tools 
where we can prioritize the kind of work that we do to have 
maximum impact.
    In the area of quantum computing, I don't have any direct 
information that I have available to me in the classified 
setting--I can't divulge anything because I don't know 
anything----
    Mr. Foster. All right. So you literally and your coworkers 
have no classified information? You can tell us everything you 
know? Or is there a repository inside NIST of, you know, secret 
stuff, state of the art of----
    Dr. Romine. We have conversations with the folks in the 
intelligence community at classified levels periodically when 
there is threat information in the cybersecurity case, for 
example. If there's threat information that exists at the 
classified level that we may need to know to prioritize some of 
the work that we do, but the work that we do is entirely in the 
open and unclassified.
    Mr. Foster. It's a tough--you know, a very tough thing to 
think through how you--we want to get this right. You know, I 
know that in my district, at Fermilab they're building qubits 
that will actually last more than a fraction of a millisecond 
because we lead the world in hi-Q superconducting resonators, 
which is one of the promising strategies, but, you know, this 
could immediately have big national security implications sort 
of instantaneously at the point that there's some breakthrough. 
And trying to understand, you know, how we handle that is tough 
and--okay.
    So--and I guess that was the main question. I'll yield back 
my time.
    Chairman Abraham. Thank you, Dr. Foster.
    Mr. Loudermilk?
    Mr. Loudermilk. Thank you for the second round there, Mr. 
Chairman.
    Mr. Cuomo, in your written testimony you discussed that we 
could thoughtfully insert blockchain in some appropriate 
projects already funded that would I believe you said ``help 
ensure that we stay on the forefront of this transformative 
technology.'' Can you elaborate on what some of those already-
funded projects may be and also where they wouldn't be 
appropriate to use blockchain?
    Mr. Cuomo. Well, yes. I mean, I mentioned in my testimony 
the small--the SBIR, and that's basically the American seed 
funding. It's kind of their tagline. And I think there are many 
agencies from NIST to NASA that are getting funding for that, 
so I think stipulating as part of the funding and encouraging 
blockchain usage across whether it's sandbox development or, 
you know, land registries, I think going where there's already 
funding seems like a logical place to start.
    Mr. Loudermilk. Okay. Thank you.
    Chairman Abraham. Mr. Perlmutter.
    Mr. Perlmutter. Thank you.
    And two quick questions to Mr. Wright and to Mr. Cuomo. 
First, could there be an infinite number of virtual currencies, 
question number one? Question number two, going back to my 
committee that I serve on in financial services, Terrorism and 
Illicit Finance, so how do we deal with circumventing sanctions 
by use of some sort of opaque currency? I mean, I don't want to 
be the--I want to have a light touch, as you were talking 
about, Mr. Wright, but also I don't want to see al-Qaida or 
somebody else paid in cryptocurrencies and we can't find it. So 
I'll just--it's an open-ended question to the two of you.
    Mr. Wright. Thank you for the question. So with regard to 
the first question, can there be an infinite number of virtual 
currencies? I think the answer theoretically is yes. We've 
already seen an explosion in the number of virtual currencies 
that have been issued over the past four years. I think at last 
count there's at least 1,200 of them. In part that's because 
people just take existing virtual currency, the code base for 
it, and they just create a new version of it and make a couple 
tweaks and then release it.
    With regard to illicit finance, on most current popular 
blockchains, they're actually highly traceable, so you can 
discern activity that's going on in the network because they 
rely on a peer-to-peer network so you actually have to convey 
information to all the members on the network. And so there's 
data that's leaked, and there's different analytics companies 
that have emerged that actually enable you to trace them.
    There's a new generation of more anonymous virtual 
currencies that are now coming to the fore that rely on more 
advanced cryptography, and those present significant concerns, 
particularly with regard to the Bank Secrecy Act and the know-
your-customer requirements, and other laws and regulations 
related to our payment systems.
    In terms of how you regulate them, I think it actually 
raises a number of tricky and complex issues. One approach 
could actually be to try to steer activity towards regulated 
centralized intermediaries and exchanges where we can begin to 
uncover and collect some information about some of that 
activity in order to do more advanced network analysis to try 
to de-anonymize some of the activity on the network.
    There's also been research that's been done with these more 
anonymous digital currencies in order to poke holes and see if 
there's any vulnerabilities, putting on your Tom Cruise hat 
from before, so I think that it's going to be a problem and 
it's going to continue to be a problem going forward.
    Mr. Perlmutter. And just quickly, Mr. Cuomo.
    Mr. Cuomo. And just quickly, while I like to believe that 
I'm a blockchain subject matter expert, I'm not a 
cryptocurrency expert, so I yield to Mr. Wright's comments.
    Mr. Perlmutter. Okay. Thank you. I yield back. Thanks, Mr. 
Chairman.
    Chairman Abraham. Thank you, Mr. Perlmutter.
    A very informative and important discussion today, very 
good. And moving forward, I'm going to ask a final question.
    Oh, go ahead, Ms. Esty.
    Ms. Esty. Thank you very much. With a question about the 
personal keys, could you do biometric keys? Is that something 
that could be--which presumably is much harder to lose your own 
biometric key. If you've lost that, then you probably don't 
need to worry about blockchain.
    Mr. Jaikaran. Yes, while it would be possible to use a 
biometric identifier as a way to generate a key in the same way 
that your iPhone does for unlocking your phone, you would then 
need some kind of biometric reader, so whatever computational 
device you're using would then have to do that. So I think that 
would be one of the limitations there is the hardware, not 
necessarily the crypto.
    Chairman Abraham. Thank you. So one final question. I'm 
going to kind of go back to Ms. Esty's first line of 
questioning. So moving forward with the continued utilization 
of blockchain technology, what do each of you see as the most 
significant or transformative application for business or the 
public sector, and how can this committee play a role in 
providing that support? Mr. Jaikaran, we'll start with you and 
then it's down the line.
    Mr. Jaikaran. So my research here in CRS hasn't really 
looked at what may be the most significant. I think there are 
some potential applications that may benefit particularly 
government applications and anything that can speed the 
efficiency of one transaction being validated from another. 
Unfortunately, the swath of available projects for that is just 
very wide at this point. So as the private sector, as 
researchers, and as agencies such as NIST continue to 
investigate this, as with internet technology, maybe something 
useful will bubble up that may be most applicable for 
government use.
    Dr. Romine. We're just in the beginning stages, I think, of 
building our testbed to take a look at many different 
applications. If I were a betting man, I would say the 
application that really resonates is one that we haven't 
thought of yet.
    Chairman Abraham. Dr. Cuomo?
    Mr. Cuomo. And I have to go back to digital identity. I 
think our digital lives in many cases are a mess. We are 
leaving parts of our digital life all over the place----
    Chairman Abraham. I would agree.
    Mr. Cuomo. --and I think cleaning it up with some standards 
like what's happening with Sovrin Foundation I think could go a 
very long way and be an equal opportunity employer across 
government, industry, education, and more.
    Chairman Abraham. Mr. Yiannas?
    Mr. Yiannas. I don't know if it'll be the most but I think 
food is a very important----
    Chairman Abraham. I have to agree with that.
    Mr. Yiannas. --thing for society, and the idea that we 
could digitize food, it's one of the frontiers that hasn't been 
digitized, the learnings that we can get from that, the 
transparency that we can give to consumers, consumers 
increasingly concerned about food and where it comes from, we 
think will be important for society.
    Chairman Abraham. Thank you. Mr. Wright?
    Mr. Wright. I think public open blockchains are actually 
the major use case that will emerge, and they'll serve as a 
spine and a backbone for a number of different open protocols 
that transform a range of industries. And I think in terms of 
how we can encourage that here, I think regulatory clarity 
would be welcomed and helpful.
    Chairman Abraham. Okay. Well, look, thanks for a truly 
great discussion, from the Members' great questions, too.
    So the record will remain open for two weeks for additional 
comments and written questions from Members. This hearing is 
adjourned. Thank you, gentlemen.
    [Whereupon, at 12:09 p.m., the Subcommittees were 
adjourned.

                               Appendix I

                              ----------                              
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 [all]