Colorado is set to become one of just a handful of states adopting blockchain technology in government systems and programs, after a bipartisan group of lawmakers introduced a groundbreaking bill Jan. 17.
The Senate bill, Cyber Coding Cryptology for State Records (SB 18-086), sponsored by Sen. Angela Williams and Sen. Kent Lambert with Rep. Joann Ginal and Rep. Bob Rankin, aims to spur research into uses for blockchain in state government and make Colorado an early adopter of the revolutionary technology that underpins bitcoin.
Blockchain is a distributed database that verifies transactions in chronological order, using a unique cryptographic signature for each record. It forms a permanent ledger that is openly distributed among multiple parties in a peer-to-peer network. The blockchain is immutable: Once information is stored, no one can revise or tamper with it.
“I think this is just a brilliant move by the state,” said Dan Likarish, director of the Regis University Center for Information Assurance Studies and associate professor in the College of Computer and Information Sciences.
“It’s exactly the right move for the state to investigate this technology, because it has great promise to secure citizens’ data. … Frankly I’m just shocked, because I thought it would be years — but no, it’s here today because of this bill Sen. Lambert and others have sponsored. It’s good times for Colorado.”
In 2016, Lambert and Rep. Millie Hamner co-sponsored the Colorado Cybersecurity Initiative (HB 16-1453), which created the Governor’s Cybersecurity Council and the National Cybersecurity Center. With SB 18-086, Lambert said, blockchain can be used to reduce fraud and cybercrime, secure data and public records, and boost accountability.
“We have a lot of government processes that have vulnerable data, both in transmitting the data … making sure we’re guarding against fraud, and the storage of data according to a strict protocol,” Lambert said.
The bill gives the Office of Information Technology “more specific authority and encouragement to go into all state agencies and collect information, which we’re hoping will lead to a pretty comprehensive look at security risks and those opportunities where we can use some blockchain technologies for a variety of purposes,” he said.
SB 18-086 doesn’t focus on any one specific use case, Lambert said.
“We’re guessing there may be at least 100 different use cases, just off the top of our heads,” he said.
An important distinction: For bitcoin, verified transactions on the blockchain involve cryptocurrency; but blockchain can also be used to verify contracts, identity, records and other information.
“Blockchain allows for descriptions; it’s not just finances,” Likarish said.
New York, Delaware, Arizona and Illinois currently have bills or laws relating to blockchain or distributed ledger technology, “but probably nothing as comprehensive as what we’re trying to do here,” Lambert said.
“We’re doing everything we can to jumpstart this technology,” he added. “And it’s not just this technology — this could actually start whole new industries because it’s new … and it certainly hasn’t been consistently applied to state government or federal government.”
“Cybersecurity is a growing concern for lawmakers,” Williams said in an email. “Security breaches have large implications for government security, economic prosperity and public safety. It is critical that we invest in strong cyber defenses.
“Blockchain is a new approach that enhances security and transparency. It improves record-keeping by allowing users to record data and transactions in a way that is unable to be hacked. With this system, important information can be shared widely.
“This leads to increases in transparency, security, and trust between government and citizens.”
The bill “strongly encourages” OIT, the Department of State and the Department of Regulatory Agencies, to review use cases for blockchain and encryption technologies throughout the state, Lambert said, and encourages higher education institutions and the NCC to include blockchain and distributed ledger technologies in their curricula.
NCC interim CEO Vance Brown is a strong proponent of blockchain technology, describing it as “a revolution not just economically but in everything — in terms of the way government could work, our medical systems, every system out there.”
“This is just a brilliant move by the state.”
— Dan Likarish
Colorado Secretary of Technology and Chief Information Officer Suma Nallapati said there are “very good use cases” for blockchain and related technologies to improve integrity and efficiency.
“OIT is excited to partner with state agencies to investigate these opportunities,” Nallapati said in an email. “OIT sees opportunities in managing data security and anything dealing with financial transactions.
“The industry is so new, and the potential so vast, we welcome the bill’s forward thinking in how we can investigate and leverage blockchain technologies.”
Williams said by using blockchain, the bill will protect important state records containing trusted sensitive and confidential information from criminal, unauthorized or inadvertent manipulation, or theft.
“I am sponsoring this bill to safeguard state information, increase transparency and minimize the threat of security breaches,” she said. “Blockchain improves government services by transforming the relationship between government-to-citizen (G2C), government-to-government (G2G) and government-to-vendor (G2V). By being an early [adopter] of this technology, Colorado is leading the way in clear and secure governing.”
Nallapati said the Colorado Department of State and Department of Regulatory Agencies have specific use cases that are being investigated related to business licensing, ownership and stock ownership. OIT will partner with other agencies, she said, “to identify additional use cases that may be a good fit for distributed ledger technologies, where transaction integrity is critical and must also include transparency and privacy.
“We have found the industry is still fleshing out good and bad use cases, so we will keep a careful watch,” she added.
Likarish said probably the most tangible way in which blockchain can save the state money is through reduced legal risk.
“It’s not immediate savings on … people and equipment and all that,” he said. “I’ve never really seen that happen in IT — it just sort of squeezes the money around. But there should be tangible results in other areas.”
As an example of potential cost savings, Lambert cited a Jan. 11 Department of Health Care Policy and Financing supplemental request for $278,356 for information security upgrades in the wake of a phishing attack the department suffered in April. Blockchain should be considered to prevent such breaches, he said.
“The important thing about insuring or mitigating the risk and liability to the state is in demonstrating how we’ve tried to protect the data,” he said. “If this is unprotected data and we have taken no action to protect it … it creates a moral hazard that’s really unacceptable when you’re dealing with medical records and vital statistics records and ownership records of stock, corporations and things like that.”
Phishing attempts happen everywhere, he said, “and if you’re out on your own email and [answer] an email from Nigeria asking you to send money, shame on you. But when it’s government organizations that might send out government money, that’s no good. That’s not OK.
“We cannot afford — knowing that there’s the threat out there — to do nothing.”