It seems like only yesterday that blockchains were magic pixie dust that would solve all problems and cure all ills. Remember when the Long Island Iced Tea Company changed its name to “Long Blockchain Company” and saw its stock jump almost 300 percent?
The days of irrational exuberance are ending for the simple reason that blockchains are not magic. The technology is incredible — but it also faces significant limitations — as CAS members learned during the CAS Annual Meeting session “An Actuary’s Guide to the Mechanics and Magic of Blockchains.”
The session featured Stephen J. Mildenhall, FCAS, MAAA, CSPA, assistant professor at the School of Risk Management of St. John’s University, and David C. Wright, ACAS, managing director at Beach and Associates, Ltd. Mildenhall, a member of the CAS Board, has conducted extensive research into cryptography and blockchains. Wright experimented with creating his own model insurance company using the Ethereum protocol.
How do blockchains work?
Mildenhall suggested that the reason why so many people believe that blockchains are indistinguishable from magic is because they simply do not understand how blockchains work.
Blockchains are basically ledgers or databases. Like any ledger, they record transactions. But unlike traditional ledgers, blockchains are distributed across networked computer systems. Everyone with an internet connection and access to the blockchain can view and transact on the chain. Transactions are validated (thereby creating a “block”) and cryptographically linked (“chained”) to previous transactions on the ledger — hence “blockchains.”
No central authority needed. Naturally, a transaction needs to be validated before it can be linked to the chain. This is done by the blockchain’s participants in a consensus-based manner — that is, everyone checks for the validity of a transaction. And because a blockchain operates under an established set of rules, it allows conflicts to be resolved automatically and transparently to all participants. This dispenses with the need for a central authority to enforce trust.
Trust is created and rewarded. Many blockchains use a “proof of work” consensus mechanism. Participants (“miners”) compete to solve mathematical problems that, once solved, verify a transaction. Solving these problems is extremely computationally intensive. In bitcoin transactions, to incentivize people to pay the high costs of validating transactions, the miner who solves the puzzle first is rewarded with bitcoin. Everyone is thereby invested in the integrity of the chain. (Global bitcoin mining operations now consume as much electricity as a small country.)
Blockchains are immutable. No one has the power to compromise the blockchain’s integrity. Links between blocks are created using a “cryptographic hash function,” a one-way function that makes it essentially impossible to figure out its input based on its output. To brute force a single input alone would be computationally infeasible. To brute force an entire blockchain would require the brute forcing of every single subsequent input — beyond the realm of the possible. What this means is that no one can change a blockchain.
Digital signatures ensure integrity. The last important piece of a blockchain is a collection of cryptographically signed transactions. Blockchains will use public/private key encryption to create digital signatures for all participants. These signatures ensure three things: the initiating party of a transaction is authentic; the transaction is tamper-evident; and the transaction cannot be repudiated by the initiating party (since only they could sign off with their unique digital signature).
Blockchains are therefore incredibly powerful tools to store and transact data in a trustworthy, transparent way without recourse to a central authority.
Blockchains and insurance
The features of blockchain technology have created quite a bit of excitement in the insurance industry in the areas of automated claims adjustment and settlement, fraud prevention and data auditing and custody.
Wright pointed out that there are already several companies working to develop blockchain insurance applications, including travel insurance, property catastrophe reinsurance, marine insurance and regulatory reporting. And Mildenhall noted that blockchains might theoretically be used for onboarding insureds or enforcing contract commitments.
Blockchains come with significant limitations
But both panelists expressed skepticism that blockchain technology will be a fundamental disruptor of insurance in the near future. As they explained, the very features that make blockchain technology so powerful can limit its usefulness.
Because verification relies on consensus, blockchains are inherently slow. Validating transactions can be incredibly expensive. Solving those math problems requires enormous computing power. And because blockchains lack controlling authorities, it’s exceedingly difficult (if not impossible) to change a blockchain’s underlying protocols if needed.
Blockchains are, in effect, slow databases that are impossible to upgrade. “Why would anyone want that?” asked Wright. He put it bluntly: “By any reasonable computational metrics, blockchain is a horrible technology.”
Mildenhall compared a blockchain to a military tank: Could you drive your kids to school in a tank? Sure, but it would be extremely expensive, slow and inefficient. A minivan would probably be more appropriate. And indeed, for many applications, a simple SQL database would do the job that a blockchain could do, except much more cheaply, quickly and efficiently.
Furthermore, in many contexts the features of a blockchain might not make sense for an organization. For example, if an organization knows and trusts its established business partners, why would a blockchain be needed? The startup costs of creating a blockchain may wildly exceed any benefits it would provide, if any.
Blockchains can ensure that someone’s identity remains permanent, resolvable, cryptographically verifiable and decentralized. If everyone had full possession of their identities in this way, identity theft . . . could become a thing of the past.
Or consider privacy issues. A key component of blockchain verifiability is the openness of the database (particularly in low-trust contexts). This openness could become a significant problem if individuals have an expectation of privacy or if regulators enforce data privacy restrictions. Immutability could also become an issue, particularly with the spread of “right-to-be forgotten” data regulations (think the EU’s General Data Protection Regulation).
Do we even need blockchains for insurance?
Wright suggested that maybe we’ve been thinking about the nature of blockchains the wrong way. Per Wright, blockchains are not just databases. They are tools for governance. They create trust outside traditional institutions — a particularly important feature for people who live under dysfunctional institutions.
But how useful is an alternative-governance mechanism for those of us who live in high-trust societies? Advanced countries have developed institutions to address trust problems.
As Wright pointed out, insurance is itself a product that solves trust problems. Insureds may not trust other insureds in a risk pool not to defraud the system. That is why we have insurers. They act as intermediaries who wield trust-enforcing mechanisms. Instead of cryptographic hashing, proof of work, and digital signatures, insurance has policy wordings, underwriting and claims management, rate filings, regulators and so on. Wright thinks it’s an open question whether blockchains will be fundamentally disruptive tools of the already existing trust mechanisms of insurance, especially given how expensive and cumbersome blockchains now are.
The future of blockchains is anyone’s guess
So are we just stuck with a solution in search of a problem? It’s unclear right now. Both panelists stressed that blockchain technology is still very much in its infancy. “It’s [the] early days,” said Wright. “The hype was a couple years ago; it’s slowed down now,” agreed Mildenhall.
But Mildenhall argued that the real impact of blockchain will be felt in identity management. Blockchains can ensure that someone’s identity remains permanent, resolvable, cryptographically verifiable and decentralized. If everyone had full possession of their identities in this way, identity theft and misuse of personally identifiable information could become a thing of the past.
Wright noted that blockchain technology is improving every day, getting faster and more efficient. Other uses of blockchain will emerge as the cost/benefit relationship becomes more reasonable, though how long that might take, he couldn’t say.
Indeed, Mildenhall compared blockchain today to the internet in 1996. The true potential of the internet wasn’t fully understood then. Many endeavors had to fail and many iterations had to be developed before the internet’s power could be properly appreciated and harnessed. That’s just how technological development happens. Blockchains probably won’t be different.
Lucian McMahon, CPCU, ARM-E, AU-M, is a senior research specialist at the Insurance Information Institute in New York City.