Security Expert Joe Carson:
Bank Fraud in Estonia “Almost Non-Existent”

Blockchain, Crime, FinTech, Innovation, Regulation | April 25, 2017 By:

Joe Carson is the Chief Security Scientist at Thycotic and a blockchain expert who has helped the country of Estonia establish some of its technology services. He has spent 25 years in enterprise security and infrastructure and is a frequent speaker at cyber-security conferences.

Block Tribune asked him about the state of the industry.

BLOCK TRIBUNE:  Is there a blockchain or cryptocurrency security issue that keeps you up at night?

JOE CARSON:  I am not concerned at all about security, as blockchain is secure by design. It comes down to the use case in which blockchain is implemented to when security issues are introduced. Cryptocurrencies do have some major security issues, though the biggest risks are with the cryptocurrency wallets, and security is usually left to the owner. So a poorly secured wallet is like leaving your own wallet on the street full of cash for anyone to steal. The risk with cryptocurrency is theft, and cybercriminals are good at exploiting people’s computer systems and scamming them into revealing the cryptocurrency key. This is typically done from the other side of the planet. The more cryptocurrency you keep in a single location, the larger the risk.

My first introduction to the use of blockchain was as far back as 2003, when I arrived in Tallinn, Estonia. Estonia had been using blockchain for notarized documents and, at the time, was looking at many further use cases. It was very intriguing to me to understand why Estonia had begun using blockchain. If the United States wants to be successful in using blockchain for similar uses, it must first solve the key elements of identity, signature, and time. After being heavily involved in blockchain in recent years and helping design a blockchain for industrial Internet use, I do not have any security concerns with the technology. It is key to determine the veracity of data and a level of confidence, though it is important that it does not make the data correct – it just ensures its evidence of time in history.

BLOCK TRIBUNE: What impact will smart phones have on blockchain innovations? 

CARSON:  The impact is huge, since it means that mobile phones could provide proof of existence and time for almost anything, whether it is signing a document, taking a picture or video, or even authentication. Over the years, Estonia has found a lot of use cases in which blockchain has been added. The voting system is an example, because it’s reducing the possibility of voter fraud, and in the healthcare sector, it’s ensured that the integrity of health records is maintained.

BLOCK TRIBUNE:  Do you have any cryptocurrency investments? If not, why not?

CARSON:  No, I don’t have any cryptocurrency investments, as it is heavily unstable and not tied to any monetary assets. Cryptocurrency value is based on Metcalfe’s law – the more people using it or connected to the system, the higher the value – which, for me, is hard to see as an investment. Just because more people are using it does not make the monetary value higher. We have seen this with many startups. Just because the user base is high does not make it profitable. For cryptocurrency to become stable and acceptable, it must first find a fixed valuation and governance to determine the level of consistent quality.

BLOCK TRIBUNE:  Banks are robbed, computers are hacked, firewalls breached. How is that different from security issues in blockchain and cryptocurrency?

CARSON:  This is no difference from cryptocurrency. Though the major difference is that theft of cryptocurrency can be done from anywhere in the world and almost untraceable. Yes, cryptocurrency will be stolen whether it is from the individual computer or the cryptocurrency exchange.

BLOCK TRIBUNE:  Is there an acceptable level of risk in cryptocurrency and blockchain-based transactions? If so, define it. If not, why?

CARSON:  Yes, using cryptocurrency as a payment system is an acceptable risk for payments globally. Though keeping your cash in a cryptocurrency and large amounts of it is a major risk is unacceptable. I will continue to use cryptocurrency as a payment method, though I will only put in the cash I need to make the transaction and not increase my risk by keeping my cash in a cryptocurrency.

BLOCK TRIBUNE:  A lot of companies, governments and institutions are investing blockchain applications. What’s your advice to them?

CARSON:  Since the introduction of blockchain into the Estonian Notary systems, it has then found many uses. For example, it can significantly reduce financial transaction fraud by blockchaining financial transactions,  making it impossible to erase or modify. That has made bank fraud in Estonia almost non-existent. It was also added to security logs, meaning that it was impossible to erase or delete security events, quickly identifying possible fraud within authorized public servants and ultimately driving better behavior from those who have privileged access.

Blockchain is a great technology, though it is important that the purpose of blockchain is to provide proof of existence and time. It does not validate the accuracy of the data, but only the order in which they occurred. It can have many uses in companies, governments and institutions for transactions, intellectual property, voting systems, health records, historical record keeping, digital forensics, auditing, legal, immigration, passport replacements, visa and many more use cases. Again, the importance is time. Bad data-in only results in bad data-out. The only thing you can validate is the order of the data on when it entered the blockchain.