November 2, 2016
Few would disagree that for IoT to live up to its promises, devices will sooner or later need to communicate directly, autonomously and securely with each other. Well-architected blockchain-based systems can help deliver those requirements, but they’re not available or even feasible today. In many ways, that’s a good thing, because it opens up great opportunities to get things right.
So let's start by looking at the challenges that IoT and blockchain ecosystems participants must address. They fall into three broad categories:
- Technology. IoT solutions need technology that scales, is secure, and behaves predictably (at least to the degree required by the individual use case). All of these characteristics comprise many different elements. On the security front, for example, there’s the security of the device itself, the security of the actual blockchain, and the security of any interfaces between the devices and the chain, the chain and any other systems, etc. One only needs to look at the incidents such as The DAO debacle of early summer 2016, the Bitfinex hack in August, and the DDoS attacks mounted by IoT devices in October to realize that this remains work in progress. And that’s just security; there are plenty of other issues, including, but not limited to, exception handling, ensuring confidentiality, or dealing with devices that may not be connected all the time, and likely have little on-board compute power or storage.
- Operational challenges. For many, if not most, of the currently proposed IoT & blockchain solutions, it’s not clear what the business model is going to be, or whether organizations are willing and able potentially to redesign entire business processes, or agree on common data definitions. Another much-neglected area is the interface between the world of atoms and the world of bits: how do you verify that off-chain objects haven’t been tampered with, or that the person who’s turned up to fix an IoT device is who they claim to be?
- Legal and compliance issues. These can easily derail even the most promising project. For example, who has to take responsibility if a device takes action based on a rule that's been automatically executed by a blockchain-based program triggered by another blockchain-based program, but that action turns out to cause damage or financial loss? The cross-border nature of many permissioned and all nonpermissioned blockchains raises the question about which jurisdiction should apply. And then there’s the “smart contract” myth: the outcome can only ever be as good as the original capture of the rules and the quality of the programming; and without the involvement of real-world lawyers at their inception, they’re unlikely to be accepted in a court of law.
Taking into consideration all of these issues, and bearing in mind how intertwined they are, it’s easy to understand why so many blockchain & IoT projects are essentially purely technical endeavours, in particular when there’s pressure to show quickly that it can be made to work (whatever the “it” may be). But there are exceptions to the “we’ll sort out all that other stuff later” approach. One is Project SmartLog in Finland, a three-year effort that started in September 2016. Led by Kouvola Innovation, and with European Union funding, this project is focused on developing an IoT blockchain solution for the logistics industry. The difference in approach: based on a detailed up-front analysis of the use case, each aspect is thoroughly researched to make sure that the eventual solution is fit for purpose, legally compliant, and meets participants’ security and confidentiality requirements; this includes a strong focus on processes and governance mechanisms.
If the above makes it look like all too much effort, read my colleague Dan Bieler’s blog post on the benefits of pairing blockchain and IoT. And for even more detail, there’s the report Dan and I co-authored: Disentangle Hype From Reality: Blockchain's Potential For IoT Solutions.