‘We really have to stop living in this untrusted world’

Professor Bill Buchanan, from the School of Computing, has been recognised with an OBE for his services to cyber security and innovation.

“Sun Microsystems got it right many years ago when they said the network is the computer, and they were spot on,” says Bill Buchanan, Scotland’s preeminent cryptographer, as he tries to make himself  heard against the backdrop of a string recital during the launch of the new Blockpass Identity Lab at Edinburgh Napier University.

“They knew what the future was. We run too many things locally on our machines and really the network has the answer to every single piece of knowledge that’s ever been created. That’s knowledge, and we’ve cracked that, but now we need to put every single artifact onto the blockchain.”

When Buchanan OBE, Professor of Computing at Napier, speaks he is one of the technology industry’s loudest voices in Scotland, even if the violins are tempering his reach somewhat on this occasion. Over the course of the last decade, spurred on by the ‘cyberpunks’ who created Bitcoin, a mass movement has begun to wrest control of the internet back from the tech behemoths, whose centralised servers control the world’s data.

It is not sustainable, according to Buchanan, who is happy to provide a home for Blockpass IDN, a commercial entity, at his computing school, which this evening has brought out the new Digital Economy Minister, KateForbes, to support a significant £600,000 foreign direct investment into the Merchiston campus; the lab will explore ways in which blockchain technology can protect personal data from online scammers and hackers. When I ask a company executive why the Singaporean-based outfit has chosen to locate itself at Edinburgh Napier, he responds, matter of fact, “because Bill Buchanan is the best in the world.”

It is a huge compliment and Buchanan is undeniably an influential critical thinker and innovator, not only in Scotland, but across the world; each time a high-profile hack targets a Talk-Talk, a British Airways or an NHS, public trust erodes further and Buchanan is commonly the figure the media seeks out to highlight the cybersecurity flaws that led to the exposure. It helps, too, that he is also a fan of decentralised ledger technologies (DLTs) – of which the Bitcoin-based blockchain is the most widely known – and he firmly believes that they can offer the solution to rebuilding confidence in an internet that has been too heavily centralised.

For all the difficulties in grasping what blockchain actually is, Buchanan prefers to focus on the end goals. “I’d like every Scottish citizen to have a unique, sovereign identity which is owned by themselves,” he says. “So if there’s an interaction with a public service you will have one identity that will then connect into many different services.”

 Blockchain is a ledger that holds the “complete history of every-thing”, he says, expanding on the concept. It is an inherently more secure way to communicate, as individuals keep ownership of their data – rather than depending on third party servers (the tech giants) to store it, instead communicating directly. And if you decimate the whole of the infrastructure, as long as there’s one little node that’s left on the network, you can rebuild the whole architecture, unlike a centralised server-based version of the world (what we currently have), where if one bit is hacked, all data is jeopardised.

Creating a unique identity, which is stored on a local machine, will also mean there is no longer any need for multiple pass-words to access multiple services online, some of which you might only ever use once. Passwords, as a concept, “will go”, says Buchanan; a single digital identifier, which provides complete anonymity, will instead deliver access to all internet-based services.

He adds: “That’s a scary world for some. For law enforcement, for banks and money laundering, that’s a really difficult world, because you can’t trace money anymore. But the opportunity to make sure that you can make transactions without anybody tracing them back to you and finding out what they are is a world that doesn’t have hacks and banks. If we trusted our banks and our transactions that we make online then everything would be fine. But we’re giving away our CVV number and cyber-criminals are picking that up.”

Buchanan says resilience must be built into data infrastructure, so that it is part of the “core design”. Critical national infrastructure is largely getting it right, he adds, but there are still too many fault lines that are being exposed, which can create havoc. He references a recent hack at Bristol Airport, which took down the arrivals and departures screens following a ransomware attack. “Just imagine if that had jumped over into the air traffic control systemand then affected all of the air traffic control systems,” he says.

There is a great deal of interest in blockchain in both the commercial world, and in the public sector; the Scottish Government is no exception, and it commissioned the blockchain company Wallet.Services to produce a report, Distributed Ledger Technologies in Public Services, earlier this year. Unsurprisingly, it concluded: “This research found an overwhelming international consensus that DLT will have a significant role in underpinning future digital government.”

Buchanan agrees, though: “Scotland needs to be more pro-risk, and have far superior visions rather than short-term objectives of getting us past the next election; in 2025 every public sector contract should be run on smart contracts. I think we should have a grand vision for what the country should look like and for social change, because small countries can do this well.”

He adds: “I think we see Blockchain version one as the Bitcoinworld; but storing data on a blockchain isn’t really building a new world. Blockchain of the future will be built on smart contracts and we will implement those. If you have a GP appointment then the smart contract that runs within an NHS network will automatically trigger when you are over 65 years old; you will be able to walk onto a bus in Edinburgh which will identify you and you automatically get free bus travel without filling in forms.

“There’s a number of things that we do – we give our date of birth on forms, but why can’t we just store what our date of birth is once, and that will prove our identity? The core of it is much better trust; when I sign a parcel from Amazon, I draw a little line across the screen and that is seen as my identity. I think what we have is old methods and what we’re finding in this information age is that we really have to stop living in this untrusted world.”

Join the cybercecurity debate at Digital Scotland, FutureScot’s annual conference on 30 May 2019 –visit ffuturescotevents.com