Javier Castro - Fotolia

IoT smart contracts bring opportunities and challenges

Smart contracts for IoT are the talk of the town. But whether they're all ready for action -- legally or otherwise -- can be debated.

For most organizations, IoT has been mostly about more and better widgets connected in more and better ways to produce more and better data and decisions. But IoT is also implicitly about automating everything. And that implies bringing a lot of business concepts along for the ride -- including the idea of a contract to govern business transactions by.

Contract law has a rich history, with several centuries of common law practice and legislation. So, when forward thinkers propose to make "smart" contracts on blockchain, it's both exciting and daunting. How the concept actually evolves has a lot to do with future IoT initiatives. There are legal complexities to be considered, as well as potential problems such as unanticipated bugs in both the code and the contracts themselves.

IoT, smart contracts and blockchain intersect

"One of the biggest issues in IoT is knowing who you are connecting to. That requirement for trust mechanisms across millions or billions of sensors is what makes a distributed system like a blockchain vital," said Richard Mark Soley, Ph.D., executive director of the Industrial Internet Consortium, based in Needham, Mass.

But marrying contracts and IoT -- "smart contracts" -- may be a different matter.

Where blockchain distributes a ledger system, the "contract" concept extends the function of the ledger to include a language for terms of agreement and measurements to determine if certain conditions have been met. "A smart contract can be designed to execute automatically when both the buyer and the seller conditions are met," said Bill Fearnley Jr., a research director of worldwide compliance, fraud and risk analytics strategies and blockchain at IDC. Those conditions could include that the price of a commodity and the required delivery date all match with what a person is willing to pay and when they require delivery. In other words, a smart contract could potentially work across a blockchain to facilitate business activity and commerce.

Fearnley said there are already automated buy-sell contracts, but, with blockchain, you can take code and contract terms and put them in a ledger that is shared by multiple parties.

"The advantage is the buy-sell contract is executed and then the payment contract is executed, too," Fearnley said. "The reason smart contracts get so much attention is that, while buy-sell can be done very quickly, post-trade settlement after the fact is often very messy and expensive. But, with blockchain, all of that paperwork flow is now automated and those records are put in the blockchain."

The buy-sell contract can be set up in advance, records can be logged automatically for traceability and records can be used to trace provenance for concerns, such as ingredient purity, Fearnley noted.

The trouble with smart contracts for IoT

The so-called decentralized autonomous organization (DAO) hack of 2016 has set some on edge regarding blockchain. In that incident, the DAO was trying to provide a kind of participatory venture capital fund, which was launched through the Ethereum blockchain and crowdfunded via token sale in May 2016.

But in June 2016, parties unknown exploited an unnoticed code vulnerability and rerouted one-third of the funds. Reversing the theft prompted a controversial "fork" of the Ethereum blockchain. A new fork rolled back the ledger, resetting it so it appeared the event never happened and nominally restoring the funding to the DAO. However, those who disagreed with the move maintained an unforked blockchain known as Ethereum Classic.

While blockchain may be transformative, it isn't necessarily transforming the law.
Jason EpsteinAttorney, Nelson Mullins

The ledger itself was never actually "hacked," rather a mistake in the code simply allowed unlimited withdrawals; but nonetheless, the event underscored the complexity of smart contracts. "As a result, companies, financial institutions and regulators are increasingly diligent about smart contracts to avoid similar mishaps in the future," Fearnley said.

"Call me a smart contract Cassandra, if you will; I think it is an interesting concept, but one to be approached with care," said analyst Martha Bennett, a principal analyst at Forrester Research. "For one thing, they are neither smart nor contracts." Bennett added that her simple way of describing smart contracts is as a species of business process automation. "If you strip away all the aspirational language, it is a set of business rules encoded in software," she said. "If calling them business rules is too much because you are libertarian-inclined, then call it a set of governance principles.

"Headlines are asserting that this new environment of code is law, but it isn't -- you still need a separate legal agreement in order to have something that is enforceable," Bennett added. "If you are looking at the wider blockchain environment, if those activities cross boundaries, you may need binding agreements regarding whose jurisdiction will be the governing law; it's something that will keep lawyers busy for years."

Jason Epstein, an attorney with Nelson Mullins, agreed. "While blockchain may be transformative, it isn't necessarily transforming the law." However, he noted, there are many existing legal principles that can be applied to blockchain. "A smart contract is just computer code that self-executes based on input and output, which is just like day trading," Epstein said. "In a blockchain smart contract, the agreement states that the code is the contract and neither party can repudiate it."

Beyond the semantics of whether a smart contract is really "smart," in Epstein's view, it can potentially be used for almost anything. However, he said, whether that is wise is another question. For instance, he noted if a situation might involve healthcare providers, one would want to make sure that terms and conditions protected you from Health Insurance Portability and Accountability Act privacy issues. "If you are talking about a complex negotiation or agreement, a smart contract becomes more and more challenging if you are going to try to cover all the legal issues," Epstein added.

The future of IoT, smart contracts and blockchain

In Soley's view, there is no doubt smart contracts for IoT will be beneficial in industrial use cases. And, to that end, the Object Management Group, with which the Industrial Internet Consortium is affiliated, is looking at possible standardization of distributed contract mechanisms.

"It is early," Soley said, as of 2016. "At present, there are no standards, but we understand what the standards would do." Likewise, while Soley said he does know of some projects that are experimenting with IoT smart contracts, they are not yet in an approved test bed within the Consortium. But he expects that day is not far away.

"Things are moving faster than you would think," Soley said. "This year, we expect to see some interesting test beds with cognitive systems, [artificial intelligence] and machine learning. I think we will see the first blockchain standards in the next year and a distributed contract test bed this year."

Changing times and newer views

While nothing drastic has happened since the first publishing of this article in 2016, there have been some updates to the state of smart contracts for IoT.

In early 2018, Fearnley, who since passed away, continued to see accelerated interest and investment in blockchain and distributed ledger technology (DLT). The main driver he saw was enterprises seeking to aggregate data into secure, sequential and immutable blockchain ledgers. Standards were on his mind, too. "Many technology vendors and service providers are collaborating and working with consortiums, such as the Enterprise Ethereum Alliance and the Hyperledger projects, to develop innovative solutions that improve processes such as post-trade processing, tracking and tracing shipments in the supply chain, and transaction records for auditing and compliance," he explained in a press statement.

In 2019, Soley sounded some similar notes. While he previously said everyone was excited and all the talk was of blockchain, blockchain, blockchain, he noted that most of what was available at the time turned out to be "garbage" and didn't really end up supporting any transactions. One of the problems, he concluded, was the lack of standards -- and the other was lack of throughput.

Since then, Soley has been part of a development that makes him excited again. He is pinning much of his hope on the work of the IOTA Foundation, where he sits on the board. While IOTA has a broad mission, its central focus is to help support the development of new DLTs, including IOTA Tangle, and then to promote standards.

Blockchain has had two meanings, Soley explained. The first is the well-known bitcoin blockchain, "which is terrible," and the other is as another descriptor for DLTs in general. While the traditional bitcoin blockchain had a maximum throughput of seven transactions per second, Soley said the Tangle DLT can support rates in excess of 1 million transactions per second.

In terms of its potential deployment, the foundation describes it as an open source protocol that helps underpin IoT with all kinds of machine-to-machine interactions.

Soley said it may still be some years before there is significant deployment of Tangle in support of transactions -- let alone IoT smart contracts. However, he said test beds are in the planning stage involving tier 1 automotive suppliers.

While Soley's optimism has grown, Bennett remains much the same skeptic as before. To be sure, she pointed out that the "forks" that worried observers of public blockchains and led to the DAO controversy mentioned above, are only an issue on public blockchains. "Enterprise blockchain developments today are focused on permissioned environments, which can, of course, leverage open source code from a public blockchain, like Ethereum, but aren't subject to the same risks," she said.

Regarding the specific application of blockchain or DLT to smart contracts for IoT, Bennett still sees problems. Indeed, she said, while the concept hasn't changed, "there is much greater awareness now of what a smart contract is -- that is, neither smart nor a contract in the legal sense." She also said there is more awareness around what it actually does, namely execute automated business rules in a multiparty environment.

What has changed, in Bennett's view, has been largely on the tools front. Some are focused on Solidity, an object-oriented programming language for writing smart contracts, as she has defined them. Companies have also learned that certain use cases require formal verification of the IoT smart contract -- something that's currently especially difficult for Solidity, for example. "That's why we now see smart contract modeling languages that are deliberately not Turing-complete," she said -- for example, Digital Asset's Modeling Language and Kadena's Pact.

The good news is that IoT smart contracts are starting to happen. "There are now quite a lot of smart contracts running live in enterprise blockchain deployments, on different platforms," Bennett said. Some smart contracts fulfill simple checking functions, for example, whether data is within permissible parameters, and some reflect the actual features of complex contractual agreements. A key issue, she noted, remains ensuring the integrity of incoming data in terms of validity and accuracy and also that nobody has tampered with it in transit. Bennett noted that she knows of one startup focusing exclusively on it and expects more to emerge to address this issue in the coming years.

Next Steps

The combo of blockchain, IoT and smart contracts could solve enterprise scalability and security issues

Can smart contracts better the supply chain? Learn more here

Learn how smart contracts for IoT fit into the pay-as-you-go insurance model

Blockchain terminology: A glossary for beginners

Dig Deeper on Internet of things platform

CIO
Security
Networking
Data Center
Data Management
Close