In this case, the previous problem wasn't technological, it was a bad actor subverting the system - and they would be able to subvert this system in the exact same way. What, is the blockchain going to reach up out of the ether and hold the guy back from pouring melamine into the mixing vat, then saying he didn't?
I don't know how journalists fall for this nonsense. You don't even need to be technically literate to see the problem. I didn't even have to read the article to know what the fatal flaw was going to be. And this is the BBC! It's infuriating.
As I understand it from the article, the blockchain is suppose to prevent people from wanting to tamper with the product, since every logistical-step from production to delivery is stamped and you can easily trace where the product is coming from.
So once you discover that a product has been tampered with, you'll follow the log and investigate everyone along the way, in the end you'll find who is messing with it.
Not exactly sure why they would need a blockchain for this, but I guess it's because no one in the chain trust each other.
But, all of what I wrote might be wrong, I might misunderstand how it works or why it would work.
The problem at hand is ensuring that the information that makes it on the chain is correct, or at least that other members of the chain have a way of noticing and repudiating that contribution. Cryptocurrency blockchains accomplish this via proof of work and forking, which is why everyone is so interested in the technology. But the only reason they work is that the proof of work mechanism is literally what keeps the network running, and if the network isn't running, all of the sunk costs miners have made are effectively worthless, so even though the miners don't have a reason to trust each other, all of their economic incentives are aligned. The only reason to fork is if you think some people have defeated the proof of work mechanism, or if they are pushing a different version of the blockchain software, which wouldn't be allowed in any real-world application anyway.
Proof of work uses inherently useless calculations to determine that one isn't flooding the network with transactions, because every transaction with a correct key is just assumed to be correct. What real-world application does that map to? Certainly none of the ones in the article, which is why these companies don't use proof of work, they use permissioned blockchains. But a permissioned blockchain is effectively like a standard write-only database with an audit log that each individual in the production line has a password to, which is trivial to accomplish with existing tech. The only way other actors can verify if their peers' inputs to the system are correct is if they verify the physical results, and now we're right back where we started, where you can't trust the system more than you trust any one individual, but now with a db that's at least an order of magnitude slower than any competitive option.
For this to provide proof of authenticity, I need to be able to visit a jeweler not employed by Everledger, and have them be able to use a rubric to classify my diamond along these 40 features in a way that uniquely describes it in a way no other diamond could be described. I then need to be able to visit a second and a third jeweler and obtain the exact same classification along these 40 features.
When visiting Everledger's site, I can't get any information on the classification process beyond that sentence. The supposed core of the product doesn't even have a white paper.
Diamonds are comparatively easy to classify, as they are supposedly unique in many ways, and don't physically degrade over time. When it comes to tins of milk, I can't think of a secure proof of authenticity process that doesn't involve the consumer verifying the composition of the product with a gas chromatography machine.
The only innovation here seems to be implementing a per-product, publicly queryable chain of custody utilising individual RFID tags. Well that actually sounds like a great idea, but it has nothing to do with blockchain! In fact if anything it's the opposite of it, because you need explicitly trusted parties at every step, which would have to be authorised by a central system, which just completes the circle of stupidity.
I'd bet you anything that that final check by the lady in the supermarket is in reality - wait for it - a JSON API request.
There's a trend of open sourcing blockchain code and the smart contracts that run upon it, meaning anyone can go and write a client to generate the tags or display the data without relying on a company's proprietary API or private IP. Despite this the guarantees are still there for the consumer.
In addition to that, the whole system is described in code that anyone can audit and is not susceptible to any human error (if done properly).
Ultimately this means that a company can't render all the RFID tags useless by going bust.
You're right, someone could go and host an API for charitable causes, but why do that when smart contracts are open source by default and do not require dedicated servers doing just that one thing.
I agree that the public, replicable nature of the system is attractive, and there's some benefit in reusing known technology. But there still needs to be a central authority to "bless" certain actors in the system, else anyone could sign off on anything.
A good approach might be for a government health authority to issue "coins" to the various trusted entities in a product's chain of supply, and these then used as proof of stake for transactions in a private blockchain run for that purpose by everyone involved. That would keep bad actors out and would be very hard to hack, while remaining quite public for any interested parties. Now that's a cool idea, however very labour intensive to discover the provenance of any one item; certainly consumers in supermarkets would rely on some kind of query service - and there's your single point of failure again. Still, it's a cool idea.
None of this however would have stopped the tampering that launched this whole kerfuffle. Blockchains are excellent at ensuring the perfect reliability of digital data, such as numbers of bitcoins or digital kittens held by whoever owns abc123. They have no such effectiveness on physical products. I mean look at this:
> "You cannot open the can of baby food without breaking the label," he says.
The melamine was put in before the can was even filled!
If the audit is hashed and the hashes placed on the/a blockchain, then the audit cannot be modified without it becoming obvious.
Not only is the blockchain tamper proof but it is also a public record. So with traditional audit trails even if there are multiple copies you could still have the government seize or modify all copies. With the blockchain any such attempt at a cover up just isn't possible - once you've chosen to publish data publically and in a tamper prof way that suppresses calls of 'fake news!'.
So in that respect the choice to use the the blockchain can be seen as a genuine attempt to prevent corruption rather than paying lip service.
But of course it doesn't protect you if the real product has been tampered with.
The blockchain solution presented here wouldn't have verified safety in that case, although the author did mention the case which makes the article misleading. Melamine was added to the formula to fool a protein test. The chemical was added by trusted members of the supply chain. Since the members were trusted, they would pass the authenticity test of the blockchain.
> Leanne Kemp, an Australian who in 2015 founded a company called Everledger, has now encrypted the distinguishing features of 1.8 million diamonds and their provenance on a blockchain.
> More than 40 features are logged to create a fingerprint for each diamond, logging it from mine to ring.
So it seems, in the case of diamonds, they are unique enough to create a fingerprint. I'm no expert on diamonds, so that might not really work in reality.
If I have to send my diamond to Everledger to verify it, I'm effectively just trusting them. Representing a physical object as a cryptographic hash for security doesn't work if the consumer can't independently verify the hash.
Can't say I have a problem with that.
People still need the technology in there phone to scan the product, and we need to ensure that those proofs can't be tampered directly on the products. That also seems hard.
"A small wire in the formula label wraps around the container, explains Alexander Busarov, chief executive of blockchain startup WaLiMai. "You cannot open the can of baby food without breaking the label," he says.
"The wire acts as an antenna for a signal from an RFID chip, which a smartphone can read. The chip, like some bank cards, generates a new code each time it is scanned. Authenticating takes about two seconds, says Mr Busarov, then you get the result, the logistics details, a picture of the product and where it was labelled."
They're using magic encryption technology and remote servers to ensure that someone hasn't opened the can and replaced the contents?
I kinda see the diamond example, although I'm not sure what the block chain adds over a simple database. But the problems with the other products invoice a worker dumpling a bag of melamine powder into the mixer with the other ingredients and then lying about it. How does this, or any other, technology stop that?
I took the edX blockchain for business class that covers these use cases and has some hands on exercises - not much programming, but experimenting with Hyperledge projects. I am interested in a different use case http://hyperledgerai.com but I have not made much progress yet.
I think the blockchain is not really necessary here, and it solves a problem that's not very likely to happen (someone hacking the pharmaceutical's database to remove evidence of tampering).
Is a CT log a blockchain?
Quite a lot like a Git repository: you usually want to follow the branch with the most cumulative work on it.
A tree where the longest path is considered the real branch.