In a packed room Tuesday here at P.S.R. in San Diego, Calif., privacy pros learned about, and discussed, what is perhaps the most hyped, and least understood, technology in the digital world: blockchain. With an internet-of-things ecosystem exploding across the globe, the mathematics and cryptography informing blockchain may well provide a transparent, cohesive formula for solving some of the IoT's privacy and security issues, as well as other obstacles in finance, health care, industrial infrastructure, and beyond. Though there is a hunger to leverage the concept, obstacles clearly remain. 

"It's a lot of hype, first and foremost," admitted Filament Co-founder and CEO Allison Clift-Jennings. Filament uses blockchain concepts that connect physical objects and systems to networks, helping businesses lower costs, bolster efficiency, and make data-based decisions. 

"Blockchain is a data structure designed in code that allows trust in a trustless environment," Clift-Jennings explained. "It incentivizes users to act in cooperative ways to maintain trust for all."  

Broadly speaking, if such a formula is successfully adopted, for one, it could have a significant and positive impact on the security and privacy of information processed by IoT devices. Kilpatrick Townsend & Stockton Partner Amanda Witt said there's clearly a risky landscape in the IoT ecosystem, as was evidenced by the now infamous Dyn attacks in 2016, which used malware to create an army of bots via unsecure IoT devices to leverage an attack on Dyn's centralized servers, the effects of which took down major websites like Twitter and Amazon. 

Witt and NCR Corporation Chief Software and Services Counsel Evan Glover posited that blockchain could potentially change the data exchange model currently used by many IoT devices, which tend to rely on a central server to identify particular devices, since blockchain is distributed and not centralized in nature. 

In other words, blockchain is a distributed ledger. Imagine a spreadsheet on a browser that can be accessed by multiple parties, each of which belong to a network. Each row is, say, a single transaction. Once a row is in there, it can be made immutable - no one can change it (there is some math in there to make it happen) - but, everyone can see it. From a consensus and compliance standpoint, every one who views the spreadsheet (our metaphorical blockchain) becomes a verifier, an observer. 

The longer the chain gets, the more trust and security are built in because each block, Clift-Jennings said, is hashed and connected to the previous block, so the more blocks added means the further back into the row one goes, the more secure and trusted it becomes. Also, each block runs on common rules - a protocol, essentially. For a new transaction, or block, the group within the given network must agree that the transaction is in line with the protocol.

The work that goes into verifying any new block to the chain, however, can be time consuming and costly. In the context of mirco-transactions, for example, the system is not yet efficient enough or scalable. This is partly because "miners" are needed to confirm a new block is applicable, which means some difficult math is needed. Mining also requires a notable amount of computing power and electricity. But, protocols are also built in to incentivize miners. Each time they add a block, they are given newly issued cryptocurrency, an incentivized concept Clift-Jennings described as "proof-of-work." 

The transparency inherent in blockchain, since it is distributed and public in nature, creates some privacy issues because everyone can see the data in the block. Financial and health data are obvious concerns here, but it is possible to encrypt the data in a given block. That said, a missing key would mean the data is lost until that key is found, if ever. There can also be some regulatory burdens here as well, Glover said, particularly if it's financial data under the scope of the Securities and Exchange Commission.

This is where some good old-fashioned risk management comes into play. 

For a non-expert, fully understanding the concepts that inform blockchain may well be difficult to grasp. Rest assured, however, organizations around the world are looking closely at blockchain's potential. No doubt there are significant privacy and security upsides to blockchain, if successfully deployed, but, Clift-Jennings said, there is more work to be done on the technical side of things.