Hacker News new | comments | show | ask | jobs | submit login
Verifying the safety of infant formula using the blockchain (bbc.com)
33 points by teknologist 11 months ago | hide | past | web | favorite | 36 comments

I keep on hearing about how blockchain is the future of everything but am yet to hear even a single use case which could not have been implemented in a traditional DB. I suppose blockchain has some advantages in its zero-trust distributed nature but that's just implementation.

In this case, the previous problem wasn't technological, it was a bad actor subverting the system - and they would be able to subvert this system in the exact same way. What, is the blockchain going to reach up out of the ether and hold the guy back from pouring melamine into the mixing vat, then saying he didn't?

I don't know how journalists fall for this nonsense. You don't even need to be technically literate to see the problem. I didn't even have to read the article to know what the fatal flaw was going to be. And this is the BBC! It's infuriating.

Now I'm not arguing against you that this seems a bit weird and not gonna solve the problem in itself, but humor me here.

As I understand it from the article, the blockchain is suppose to prevent people from wanting to tamper with the product, since every logistical-step from production to delivery is stamped and you can easily trace where the product is coming from.

So once you discover that a product has been tampered with, you'll follow the log and investigate everyone along the way, in the end you'll find who is messing with it.

Not exactly sure why they would need a blockchain for this, but I guess it's because no one in the chain trust each other.

But, all of what I wrote might be wrong, I might misunderstand how it works or why it would work.

The audit log already exists, or else how would China have found and prosecuted those executives?

The problem at hand is ensuring that the information that makes it on the chain is correct, or at least that other members of the chain have a way of noticing and repudiating that contribution. Cryptocurrency blockchains accomplish this via proof of work and forking, which is why everyone is so interested in the technology. But the only reason they work is that the proof of work mechanism is literally what keeps the network running, and if the network isn't running, all of the sunk costs miners have made are effectively worthless, so even though the miners don't have a reason to trust each other, all of their economic incentives are aligned. The only reason to fork is if you think some people have defeated the proof of work mechanism, or if they are pushing a different version of the blockchain software, which wouldn't be allowed in any real-world application anyway.

Proof of work uses inherently useless calculations to determine that one isn't flooding the network with transactions, because every transaction with a correct key is just assumed to be correct. What real-world application does that map to? Certainly none of the ones in the article, which is why these companies don't use proof of work, they use permissioned blockchains. But a permissioned blockchain is effectively like a standard write-only database with an audit log that each individual in the production line has a password to, which is trivial to accomplish with existing tech. The only way other actors can verify if their peers' inputs to the system are correct is if they verify the physical results, and now we're right back where we started, where you can't trust the system more than you trust any one individual, but now with a db that's at least an order of magnitude slower than any competitive option.

I think you explained what I wanted to say better than I said it. Thanks!

You make a good point, but smart contracts are not just "write-only databases" as they have built-in logic that can bypass some of the need for "verifying peers' inputs" style consensus. For example, attaching a photo of authentic product and being able to check that it on the receiving end could serve as proof that the consumer gets the real deal.

Representing a physical product as a unique cryptographic hash that the consumer can independently verify is generally a lot harder than attaching a photo. From a comment below: > Leanne Kemp, an Australian who in 2015 founded a company called Everledger, has now encrypted the distinguishing features of 1.8 million diamonds and their provenance on a blockchain. > More than 40 features are logged to create a fingerprint for each diamond, logging it from mine to ring.

For this to provide proof of authenticity, I need to be able to visit a jeweler not employed by Everledger, and have them be able to use a rubric to classify my diamond along these 40 features in a way that uniquely describes it in a way no other diamond could be described. I then need to be able to visit a second and a third jeweler and obtain the exact same classification along these 40 features.

When visiting Everledger's site, I can't get any information on the classification process beyond that sentence. The supposed core of the product doesn't even have a white paper.

Diamonds are comparatively easy to classify, as they are supposedly unique in many ways, and don't physically degrade over time. When it comes to tins of milk, I can't think of a secure proof of authenticity process that doesn't involve the consumer verifying the composition of the product with a gas chromatography machine.

Yes, I should have attached a disclaimer that I do not claim that a photograph would be enough to verify the safety of infant formula. Fair points.

I'm not disputing the value of a chain of custody. I'm saying you can do the exact same thing without blockchain - in fact if you've ever tracked a parcel online, you've participated in one.

The only innovation here seems to be implementing a per-product, publicly queryable chain of custody utilising individual RFID tags. Well that actually sounds like a great idea, but it has nothing to do with blockchain! In fact if anything it's the opposite of it, because you need explicitly trusted parties at every step, which would have to be authorised by a central system, which just completes the circle of stupidity.

I'd bet you anything that that final check by the lady in the supermarket is in reality - wait for it - a JSON API request.

The benefits of having it "blockchained" that I see are that:

There's a trend of open sourcing blockchain code and the smart contracts that run upon it, meaning anyone can go and write a client to generate the tags or display the data without relying on a company's proprietary API or private IP. Despite this the guarantees are still there for the consumer.

In addition to that, the whole system is described in code that anyone can audit and is not susceptible to any human error (if done properly).

Ultimately this means that a company can't render all the RFID tags useless by going bust.

You're right, someone could go and host an API for charitable causes, but why do that when smart contracts are open source by default and do not require dedicated servers doing just that one thing.

> open sourcing both blockchains and the smart contracts that run upon them

I agree that the public, replicable nature of the system is attractive, and there's some benefit in reusing known technology. But there still needs to be a central authority to "bless" certain actors in the system, else anyone could sign off on anything.

A good approach might be for a government health authority to issue "coins" to the various trusted entities in a product's chain of supply, and these then used as proof of stake for transactions in a private blockchain run for that purpose by everyone involved. That would keep bad actors out and would be very hard to hack, while remaining quite public for any interested parties. Now that's a cool idea, however very labour intensive to discover the provenance of any one item; certainly consumers in supermarkets would rely on some kind of query service - and there's your single point of failure again. Still, it's a cool idea.

None of this however would have stopped the tampering that launched this whole kerfuffle. Blockchains are excellent at ensuring the perfect reliability of digital data, such as numbers of bitcoins or digital kittens held by whoever owns abc123. They have no such effectiveness on physical products. I mean look at this:

> "You cannot open the can of baby food without breaking the label," he says.

The melamine was put in before the can was even filled!

If only we could take a SHA digest of a tin of infant formula. Potential startup idea.

All we need is a mass spectrometer in every cell phone.

As I understand it, the central point is that the audit log is tamper proof. E.g. consider what happens in the event that Chinese government officials followed a trail, found the culprits, and discovered a scam orchestrated by a high ranking government official. There is the possibility of conveniently destroying the audit and/or modifying it to implicate some innocent party.

If the audit is hashed and the hashes placed on the/a blockchain, then the audit cannot be modified without it becoming obvious.

Is tamper proof that much better than just being auditable? If you can detect tampering don't you achieve the same thing?

Depends what you mean by auditable.

Not only is the blockchain tamper proof but it is also a public record. So with traditional audit trails even if there are multiple copies you could still have the government seize or modify all copies. With the blockchain any such attempt at a cover up just isn't possible - once you've chosen to publish data publically and in a tamper prof way that suppresses calls of 'fake news!'.

So in that respect the choice to use the the blockchain can be seen as a genuine attempt to prevent corruption rather than paying lip service.

A public git repository can provide all of these things.

The only thing the blockchain is certifying here is that you're buying a real product and not a counterfeit, which can be very dangerous for medicine or food.

But of course it doesn't protect you if the real product has been tampered with.

In 2009, China had a very serious problem dealing with tainted milk, leading to infants dying and getting sick. People had sold more than 900 tonnes of tainted milk. It eventually executed two involved with the production process: https://www.theguardian.com/world/2009/nov/24/china-executes...

The blockchain solution presented here wouldn't have verified safety in that case, although the author did mention the case which makes the article misleading. Melamine was added to the formula to fool a protein test. The chemical was added by trusted members of the supply chain. Since the members were trusted, they would pass the authenticity test of the blockchain.

Yeah, unfortunately you cant do a checksum on physical ingredients.

Actually, from the article, it mentions this:

> Leanne Kemp, an Australian who in 2015 founded a company called Everledger, has now encrypted the distinguishing features of 1.8 million diamonds and their provenance on a blockchain.

> More than 40 features are logged to create a fingerprint for each diamond, logging it from mine to ring.

So it seems, in the case of diamonds, they are unique enough to create a fingerprint. I'm no expert on diamonds, so that might not really work in reality.

I can't find very much information on Everledger's features process, just on the blockchain aspect, which doesn't inspire confidence. It's not enough for them to create 40 features you can fingerprint a diamond by, they have to be 40 features that are independently and consistently verifiable.

If I have to send my diamond to Everledger to verify it, I'm effectively just trusting them. Representing a physical object as a cryptographic hash for security doesn't work if the consumer can't independently verify the hash.

Surely you wouldn't hash a car?

Today we can't.

Actually I think we could. It just hasn't been implemented. (not to say it's practical).


Can't say I have a problem with that.

The pharmaceutical companies are basically using blockchain as a data store. The only benefit of blockchain here is availability and security (hacking is more difficult), but they could use exactly the same mechanism and use a traditional database.

People still need the technology in there phone to scan the product, and we need to ensure that those proofs can't be tampered directly on the products. That also seems hard.

The author and editor of this article apparently made no attempt to comprehend what a blockchain is or what it can do, and there's no detail in the article that tells me how using a blockchain solves the authenticity problems described. Paperwork can be bought for a bribe? Why couldn't a blockchain record?

A theoretical solution is a gadget that can read the chemical composition of a powder placed in front of its sensor, and digitally sign it... obviously there's a MITM attack there, if I can go between the sensor and the CPU, I can tell the CPU "the sensors read these values..."

Consumers would need the ability to easily verify that the chemical composition of the product they purchased matches the manufacturers claim.

I'm afraid I don't get any of this.

"A small wire in the formula label wraps around the container, explains Alexander Busarov, chief executive of blockchain startup WaLiMai. "You cannot open the can of baby food without breaking the label," he says.

"The wire acts as an antenna for a signal from an RFID chip, which a smartphone can read. The chip, like some bank cards, generates a new code each time it is scanned. Authenticating takes about two seconds, says Mr Busarov, then you get the result, the logistics details, a picture of the product and where it was labelled."

They're using magic encryption technology and remote servers to ensure that someone hasn't opened the can and replaced the contents?

I kinda see the diamond example, although I'm not sure what the block chain adds over a simple database. But the problems with the other products invoice a worker dumpling a bag of melamine powder into the mixer with the other ingredients and then lying about it. How does this, or any other, technology stop that?

The article gets some technical details wrong but does point the way of what I think are blockchains big use cases.

I took the edX blockchain for business class that covers these use cases and has some hands on exercises - not much programming, but experimenting with Hyperledge projects. I am interested in a different use case http://hyperledgerai.com but I have not made much progress yet.

I think a good idea would be for the brands to "sign" each product they're selling, so that you could verify the signature in a very simple way (scanning a qr code? ).

I think the blockchain is not really necessary here, and it solves a problem that's not very likely to happen (someone hacking the pharmaceutical's database to remove evidence of tampering).

What actually makes this a blockchain? That it uses a Merkle Tree?

Is a CT log a blockchain?

A blockchain is a just a linear merkle tree.

Put differently, it's like a branching DAG with economic incentives to always treat the longest path as "master."

Quite a lot like a Git repository: you usually want to follow the branch with the most cumulative work on it.

It's more of a tree than a DAG : you'll never have merging in a blockchain.

A tree where the longest path is considered the real branch.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact