It’s about Trust, Stupid! Why Blockchain-based BlockCerts are the wrong solution to a false problem (2/3)

Are blockchains to credentials what the embalming fluids are to thanatopraxie, a means to keep the appearance of life to the dead?

In the previous post, we examined some of the blockchains shortcomings: over-hype being second to their defective and noxious relationship to trust—and the human race in general. In this post we are looking at one particular application of the blockchain technology in the field of education: Blockcerts1. While an interesting piece of engineering (with still a number of serious issues to be solved) my contention is that it is the wrong solution to a false problem, or to be more specific, it is the exploitation of an immature technology in a attempt to solve a problem with a vision anchored in the past: the [antediluvian] credentialing system, when a credential was for life.

Thanks to the blockchain priests, credentials are not just for life anymore, but eternal life! We will die, for sure, but if we believe in the Blockspell our credentials will survive us, eternally!

Blockchains in education: a “solution” in search of a problem…

The proverbial “tail wagging the dog” is fully appropriate to describe the current level of reflection in blockchains in education, where the main concern is about credentials and their verification — well, a certificate is the tail, not the dog! And as some people understand that talking about the tail might not be enough, attempts at looking for a problem other than credentials to be solved has lead to the production of the most bizarre ideas. Here is one of them:

“From the perspective of teachers, the instruction is sophisticated and artistic so that it is difficult to evaluate. The traditional method based on students’ feedback tends to be one-sidedness, lacking subjectivity and is hardly helpful for teachers’ improvement. A new assessment system can be constructed based on blockchain network and smart contract. First, teachers need to submit pre-planned instructional activities as a smart contract to the schools. During the teaching process, all teaching activities will be recorded in the blockchain network. The smart contract will verify the consistency of the teaching design and practice, which is going to be an important instruction evaluation indicator. What’s more, a smart contract between teachers and schools, as well as the one between teachers and students can be verified and supplemented with each other. Teachers who meet the standards will get digital currency as a reward. It serves as both an appreciation and encouragement for teachers’ teaching skills.

Exploring blockchain technology and its potential applications for education (my highlights).

The authors want to use blockchains to reinvent the teaching machine that B. F. Skinner imagined for humans out of his extensive study of pigeons. But with an interesting twist this time: the positive reinforcement is not for the students, but the teachers; and it is financial! Obviously the authors of this beyond bizarre “idea” have not the slightest understanding of what learning and teaching are about, nor human resource management for that matter. I just hope for them that Springer will not put their article on a blockchain, so that they will have the opportunity in the future to deny ever having written this nonsensical article…

Blockchain based credentials: what for?

So, once blockheadish ideas discarded, what is the problem credentials have that blockchains could solve? Certainly not double spending as you can produce many authentic copies of a credential without diminishing its value. A credential is not fungible, i.e. its ownership can’t be transferred to someone else or transformed into something different, like exchanging a credential for a bowl of lentil stew.

If it’s not to avoid double spending, what else?

David McArthur wrote a well informed article Will Blockchains Revolutionize Education? where he clearly states the limits of public blockchains to advocate “letting communities inexpensively establish their own distributed ledgers with varied membership and consensus policies.”

He also writes: “[ledgers] offer several advantages over the traditional distributed database management systems (DDBMSs).” If the main argument in favour of Blockchains is that they provide “advantages over the traditional distributed database management systems”, then why would we need a distributed database management system in the first place? The need for a database, is something anyone can understand, but why does it need to be distributed? What kind of information is worth being distributed? To do what? Is it to solve an actual problem or to be aligned with blockchain requirements (the tail wagging the dog syndrome)? For example, it makes sense to have multiple copies of DNS data over the world as a single DNS would create not just a single failing point but slow down the transactions to such a level that it would make the Internet useless.

The way blockchains have been used so far in relation to credentials is not to store the credential itself, but an encoded representation, called a hash which is a short string computed from the actual data: different contents lead to different hashes and it is not possible to recreate the original content from its hash value. If the digital credential has been tampered with, the hash will not be the same as the one recorded on the blockchain and should therefore be rejected as a fake.

What is the need for and the advantage of having the hash of a credential (not the credential itself) stored in a distributed database? Does it improve resilience and performances, like in the DNS case?

If we think in terms of database replication, then issuing a credential could be interpreted as creating a shared record between the issuer and the recipient, a ledger distributed between two entities. Then when the credential is endorsed, the ledger could be shared between the issuer, the recipient and the endorsers. And the way to revoke a credential or an endorsement, could be to remove the record from the ledger—although not conform to the canons of the Blockspell. We would then have an ecosystem of interconnected micro-ledgers, something discussed in previous posts (The Advent of the Personal Ledger — #ePortfolios and #OpenBadges Unite!, From #blockchain to #BadgeChain (2) – the chained badge where I wrote “To paraphrase George Bernard Shaw, one could say: Open Badges and blockchains are two technologies separated by a common idea [trust].”

If we think in terms of verification, checking that a credential is valid can be done without having to use a ledger containing its hash. In the (simplified) diagram below, a credential is encrypted using the private key of the issuer to create the signature of the document, i.e. a computed value that is unique and can be deciphered using the matching public key. To verify that the credential is authentic, the signature is deciphered using the public key of the issuer. If the deciphered signature is identical to the content of the original credential, then we can be certain that it is the entity owning the matching private key that has issued the credential.

Simplified diagram about claim issuing and verification (Pr & Pu are public and private keys)

Once the verification has been performed, all we can say is that the credential is valid, i.e. it has not been modified since it was issued. The next step is to authenticate the signature, i.e. verify who the owner of the public key is (and consequently, of the private key used to sign the credential). Where could we find a link between a real entity, e.g. the Open Recognition Alliance and the public key associated to its signature?

—–BEGIN PUBLIC KEY—–
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0
FPqri0cb2JZfXJ/[…]dbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB
—–END PUBLIC KEY—–

We could establish that, by convention, public keys are systematically published at a defined address like https://publickey.institution.xyz, therefore https://publickey.openrecognition.org for the Open Recognition Alliance.

An alternative solution would be to use, at no additional cost, a very effective and inexpensive technology, the one that makes the Internet a World Wide Web: Domain Name Servers (DNS): institutions could publish their public keys in the DNS zone records they control and 24h after publication, at the latest, all the DNS across the world would have their records updated with the public keys associated to their domain names. What would be the advantage of blockchains over DNS? Speed, probably, but as public keys don’t change every day, that would be an extremely high price to pay for not much of a gain.

Then, once the credential has been verified and authenticated, we need to check that it is still current: someone might have got a credential 5 years ago and not practised since. Blockchain-based credentials won’t help with that either.

In summary, the state of a credential can be described as:

  • Valid: a credential is declared valid when the content of the credential is consistent with its signature. There is no need for a distributed database management system to do that. A digital token contains the credential and the signature used to verify the validity of the credential.
  • Authentic: a credential is authentic when it is valid and the signatories are who they claim they are. A distributed database management system “might” be useful to share public keys, and the DNS infrastructure would be perfect for that—all institutions have their own domain names, and if individuals had their own domain, a domain of one’s own, everyone would have a place to publish their public keys.
  • Current: a credential is current if the original issuer of the credential would reissue the same credential at the time it is being verified. A distributed database of old credentials would be of no help.

If there is no real need for a distributed database management system to validate credentials then, to use David McArthur’s words, there is even less of a need for something providing “advantages over the traditional distributed database management systems.” Why improve something you don’t need in the first place?

Moreover, the insistence placed on the validity of credentials to justify the use of Blockchains, distracts us from addressing the issues of authenticity and currency, something that has totally escaped the designers of Blockcerts: “Wouldn’t it be nice to have your alma mater reach out to you because they want to officially issue your achievements from a decade ago (or three decades ago!) in a form that can be immediately used in the world?” a Blockerts advocate writes (link).

Louis Armand, a French industry leader and visionary once expressed a diametrically opposite view:

“if after the age of 30 you still feel the urge to mention your diplomas, it probably means that you have not achieved much in life” .

quoted from memory from Louis Armand, le Savoyard du siècle. Un humaniste en action

We will explore later the benefits of starting from the currency of a claim to address both authenticity and validity, i.e. how to infer that a claim is valid from its currency without being distracted by verifying whether a 30 years old credential is still valid.

Blockcerts, the Botox of credentialing innovation?

Blockcerts are presented as:

“an open standard for creating, issuing, viewing, and verifying blockchain-based certificates. These digital records are registered on a blockchain, cryptographically signed, tamper-proof, and shareable. The goal is to enable a wave of innovation that gives individuals the capacity to possess and share their own official records. We invite feedback, contributions, and general discussion.”

link

If the goal is to “enable a wave of innovation” what kind of innovation could emerge from making credentials “cryptographically signed, tamper-proof, and shareable”? The only innovation here is in using a new technology to improve paper-based credentials. We had a piece of paper, a static piece of information that is now a digital record, just as well a static piece of information, but easier to share and more difficult to tamper with.

There are of course some advantages in digital records and cryptographic signatures but taking something old and trying to make it look young is not exactly a transformative innovation. That’s what in another domain Botox is supposed to do, with disputable achievements…

What are the possible advantages of Blockcerts in relation to validity, authenticity and currency:

  • Validity: Blockcerts are at best redundant with existing technology, and a high price to pay for not much gain2, if any.
  • Authenticity: Blockcerts do not solve the problem of authenticity.
  • Currency: Blockcerts do not solve the problem of currency.

Using blockchains for credentials, is at best limited to the assimilation of a new technology to support old processes, trying to make them more effective. It is far from accommodation (to use Jean Piaget’s vocabulary), i.e. transforming representations on the basis of what is new and consequently the associated actions, processes and tools.

Blockchains, the instrument for a counter-revolution in education?

When combining the old (ledgers) with the old (diplomas) one should not expect a revolution but rather fear a counter-revolution. And it is what might be happening right now: a crypto-counter-revolution.

By focusing on credentials and the insistence on making them more secure and verifiable, something that works already quite well with Open Badges (although that could be improved) and Verifiable Claims (they work perfectly well), an emerging standard designed by the W3C, as written earlier, the focus is on the tail, not the dog that would need to be fed and loved—to trigger a wagging tail!

Let’s start with two questions:

  • Would you trust a doctor who has not practiced during the last 4 to 8 years?
  • Would you reject the application of a software programmer if she is not able to show a diploma?

Would a blockchain-based certificate help with those questions? In the case of the doctor who hasn’t practiced for 8 years, checking the validity of a diploma delivered 20 years ago won’t tell anything in relation to the lack of practice — she might have attended seminars and conferences counting for the mandatory professional development required to keep a licence to practice. But is that enough to trust her?

Conversely, the lack of a blockchain-based certificate from the candidate to the job of software programmer shouldn’t lead to rejection. Looking at recent realisations done for clients, the endorsements received by peers, looking at her presence of Stackoverflow and Github are more valuable indicators —a good reason for Stakeoverflow to grow its own recruitment business!

The validity of a credential is very short lived if the holder is not actively involved in applying what was learned to get it in the first place. Was it 30 years or 30 days ago? Who cares? By asking the question, we have moved the centre of our reflection from verification of a credential to the trust in the individual. And it is where the main flaw in the reasoning of the blockchain-based credentials is: our primary need is to trust a person, not a credential whether it is 30 years or 30 days old. A credential is rarely more than an indicator that needs to be interpreted within an ecosystem of other indicators to make sense. On its own, its value can be close to zero.

So why bother making sure that something, when isolated on its own, could have a value close to zero, is as secure as the anonymous transaction of a human trafficker using Bitcoins? Shouldn’t the effort be placed on increasing its value by taking into account historical and contextual data? A social validation rather than a mathematical validation performed by an automaton?

There are statistics related to doctored CVs and bogus diplomas presented by candidates applying to a job. While it is certainly an issue that could be addressed by technologies like Open Badges and Verifiable Claims, the problem is not just with false claims, but with the recruitment process itself which tends to address individuals as atomic entities rather than nodes within a lively community of peers, customers, colleagues, educators, etc. Superseding ego-recognition with eco-recognition is a direction that will be explored in the next post.

Blockcerts: cui bono?

Who is pushing for blockchain-based Blockcerts? Who has anything to gain? Qui bono? As blockcerts are presented as “the open standard for issuing and verifying student-controlled official records” (link) one might think that it is the student who is the main concern. It is true that getting a certified copy of a diploma yields costs (Yale $30, Harvard $150, Université Paris Descartes €20). But digital certificates are no more “student controlled” than their paper counterpart. They are a more convenient means to share information (email vs. snail mail), and could be used to inform various applications and services, e.g. alumni services, but the locus of control remains the institution—and it should be so, as it has the power to revoke credentials.

But to create innovative services based on digital credentials, all we need is… verifiable digital credentials, something that is possible without any Blockchain (e.g. Open Badges and Verifiable Claims). What kind of services? Precisely those contributing to the emergence of an ecosystem relative to authenticity and currency. It is from the information available in the ecosystem that we could infer the currency of a credential and ultimately its validity. Verifiable credentials could shift the locus of the recognition power from institutions to communities, move a narrative made of a series of discrete snapshots collected in tattered (digital) photo albums to something more akin to 3D movies and virtual reality (metaphorically speaking).

And if the objective of Blockcerts was really “student-control”, how much “control” would students have when a university decides to use a Bitcoin-based blockchain to “secure” (LOL) its credentials? Will the student with high ethical values refusing any association with a global warming technology used by weapon smugglers and enemies of democracy be heard? Using crypto-currency-based blockchains adds insult to injury making students the unwitting accomplices to the hiding in plain sight of criminal activities. Pretending that it is to the benefit of the students is closer to gaslighting than enlightenment.

Moving to blockchains not tainted by criminal activities would be the minimum, minimorum one would expect from educational institutions. But there would still be much thinking to be done on the nature, value and [programmed] obsolescence of traditional credentials whether or not digital. Notwithstanding that blockchains, like any other technology are hackable… Only crooks and blockheads continue pretending otherwise.

A few years ago a professor at a German university was allowed to use Badges as a means to discriminate between successful students: only those who passed a degree with high marks were entitled to receive a badge, not those who got the very same diploma, but with lower marks. Despite being challenged, nobody seemed to mind. Open Badges used to introduce discrimination and now criminals’ cryptocurrency of choice used for “securing” credentials. Where will that stop? Are they isolated incidents or indicators of a more sinister trend, that we are moving into era where trust and ethical values are not just becoming superfluous, but obstacles to “progress”?

The main problem we have to solve is not about trusting credentials, It’s about trusting people. And a technology based on distrust is probably not the best way to address that issue. Said otherwise, the main problem is not about the lack of secured records, it’s about trust, stupid!

  1. I need to state that the criticism of Blockcerts is in no way the slightest criticism of the people working on Blockcerts. I think in particular of Kim Hamilton Duffy, a great professional who is instrumental to the work done on Verifiable Claims, the W3C specification that is the foundation on which Nate Otto et al. were able to direct the work making endorsements a key component of the 2.0 Open Badge specification.
  2. A universal timestamp, as used by SSL protocol, would be sufficient to discriminate fake credentials issued with a compromised private key, but that would be contrary to the Blockspell wisdom: “distrust each other, the way I distrusted you” Satoshi 15:12.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.