I keep on hearing about how blockchain is the future of everything but am yet to hear even a single use case which could not have been implemented in a traditional DB. I suppose blockchain has some advantages in its zero-trust distributed nature but that's just implementation.
In this case, the previous problem wasn't technological, it was a bad actor subverting the system - and they would be able to subvert this system in the exact same way. What, is the blockchain going to reach up out of the ether and hold the guy back from pouring melamine into the mixing vat, then saying he didn't?
I don't know how journalists fall for this nonsense. You don't even need to be technically literate to see the problem. I didn't even have to read the article to know what the fatal flaw was going to be. And this is the BBC! It's infuriating.
Now I'm not arguing against you that this seems a bit weird and not gonna solve the problem in itself, but humor me here.
As I understand it from the article, the blockchain is suppose to prevent people from wanting to tamper with the product, since every logistical-step from production to delivery is stamped and you can easily trace where the product is coming from.
So once you discover that a product has been tampered with, you'll follow the log and investigate everyone along the way, in the end you'll find who is messing with it.
Not exactly sure why they would need a blockchain for this, but I guess it's because no one in the chain trust each other.
But, all of what I wrote might be wrong, I might misunderstand how it works or why it would work.
The audit log already exists, or else how would China have found and prosecuted those executives?
The problem at hand is ensuring that the information that makes it on the chain is correct, or at least that other members of the chain have a way of noticing and repudiating that contribution. Cryptocurrency blockchains accomplish this via proof of work and forking, which is why everyone is so interested in the technology. But the only reason they work is that the proof of work mechanism is literally what keeps the network running, and if the network isn't running, all of the sunk costs miners have made are effectively worthless, so even though the miners don't have a reason to trust each other, all of their economic incentives are aligned. The only reason to fork is if you think some people have defeated the proof of work mechanism, or if they are pushing a different version of the blockchain software, which wouldn't be allowed in any real-world application anyway.
Proof of work uses inherently useless calculations to determine that one isn't flooding the network with transactions, because every transaction with a correct key is just assumed to be correct. What real-world application does that map to? Certainly none of the ones in the article, which is why these companies don't use proof of work, they use permissioned blockchains. But a permissioned blockchain is effectively like a standard write-only database with an audit log that each individual in the production line has a password to, which is trivial to accomplish with existing tech. The only way other actors can verify if their peers' inputs to the system are correct is if they verify the physical results, and now we're right back where we started, where you can't trust the system more than you trust any one individual, but now with a db that's at least an order of magnitude slower than any competitive option.
You make a good point, but smart contracts are not just "write-only databases" as they have built-in logic that can bypass some of the need for "verifying peers' inputs" style consensus. For example, attaching a photo of authentic product and being able to check that it on the receiving end could serve as proof that the consumer gets the real deal.
Representing a physical product as a unique cryptographic hash that the consumer can independently verify is generally a lot harder than attaching a photo. From a comment below:
> Leanne Kemp, an Australian who in 2015 founded a company called Everledger, has now encrypted the distinguishing features of 1.8 million diamonds and their provenance on a blockchain.
> More than 40 features are logged to create a fingerprint for each diamond, logging it from mine to ring.
For this to provide proof of authenticity, I need to be able to visit a jeweler not employed by Everledger, and have them be able to use a rubric to classify my diamond along these 40 features in a way that uniquely describes it in a way no other diamond could be described. I then need to be able to visit a second and a third jeweler and obtain the exact same classification along these 40 features.
When visiting Everledger's site, I can't get any information on the classification process beyond that sentence. The supposed core of the product doesn't even have a white paper.
Diamonds are comparatively easy to classify, as they are supposedly unique in many ways, and don't physically degrade over time. When it comes to tins of milk, I can't think of a secure proof of authenticity process that doesn't involve the consumer verifying the composition of the product with a gas chromatography machine.
I'm not disputing the value of a chain of custody. I'm saying you can do the exact same thing without blockchain - in fact if you've ever tracked a parcel online, you've participated in one.
The only innovation here seems to be implementing a per-product, publicly queryable chain of custody utilising individual RFID tags. Well that actually sounds like a great idea, but it has nothing to do with blockchain! In fact if anything it's the opposite of it, because you need explicitly trusted parties at every step, which would have to be authorised by a central system, which just completes the circle of stupidity.
I'd bet you anything that that final check by the lady in the supermarket is in reality - wait for it - a JSON API request.
The benefits of having it "blockchained" that I see are that:
There's a trend of open sourcing blockchain code and the smart contracts that run upon it, meaning anyone can go and write a client to generate the tags or display the data without relying on a company's proprietary API or private IP. Despite this the guarantees are still there for the consumer.
In addition to that, the whole system is described in code that anyone can audit and is not susceptible to any human error (if done properly).
Ultimately this means that a company can't render all the RFID tags useless by going bust.
You're right, someone could go and host an API for charitable causes, but why do that when smart contracts are open source by default and do not require dedicated servers doing just that one thing.
> open sourcing both blockchains and the smart contracts that run upon them
I agree that the public, replicable nature of the system is attractive, and there's some benefit in reusing known technology. But there still needs to be a central authority to "bless" certain actors in the system, else anyone could sign off on anything.
A good approach might be for a government health authority to issue "coins" to the various trusted entities in a product's chain of supply, and these then used as proof of stake for transactions in a private blockchain run for that purpose by everyone involved. That would keep bad actors out and would be very hard to hack, while remaining quite public for any interested parties. Now that's a cool idea, however very labour intensive to discover the provenance of any one item; certainly consumers in supermarkets would rely on some kind of query service - and there's your single point of failure again. Still, it's a cool idea.
None of this however would have stopped the tampering that launched this whole kerfuffle. Blockchains are excellent at ensuring the perfect reliability of digital data, such as numbers of bitcoins or digital kittens held by whoever owns abc123. They have no such effectiveness on physical products. I mean look at this:
> "You cannot open the can of baby food without breaking the label," he says.
The melamine was put in before the can was even filled!
As I understand it, the central point is that the audit log is tamper proof. E.g. consider what happens in the event that Chinese government officials followed a trail, found the culprits, and discovered a scam orchestrated by a high ranking government official. There is the possibility of conveniently destroying the audit and/or modifying it to implicate some innocent party.
If the audit is hashed and the hashes placed on the/a blockchain, then the audit cannot be modified without it becoming obvious.
Not only is the blockchain tamper proof but it is also a public record. So with traditional audit trails even if there are multiple copies you could still have the government seize or modify all copies. With the blockchain any such attempt at a cover up just isn't possible - once you've chosen to publish data publically and in a tamper prof way that suppresses calls of 'fake news!'.
So in that respect the choice to use the the blockchain can be seen as a genuine attempt to prevent corruption rather than paying lip service.
The only thing the blockchain is certifying here is that you're buying a real product and not a counterfeit, which can be very dangerous for medicine or food.
But of course it doesn't protect you if the real product has been tampered with.
In this case, the previous problem wasn't technological, it was a bad actor subverting the system - and they would be able to subvert this system in the exact same way. What, is the blockchain going to reach up out of the ether and hold the guy back from pouring melamine into the mixing vat, then saying he didn't?
I don't know how journalists fall for this nonsense. You don't even need to be technically literate to see the problem. I didn't even have to read the article to know what the fatal flaw was going to be. And this is the BBC! It's infuriating.