Smart Contracts and Internet of Things: A Qualitative Content Analysis using the Technology-Organization-Environment Framework to Identify Key-Determinants

Available online at www.sciencedirect.com

ScienceDirect ScienceDirect

Procedia Computer Science 00 (2019) 000–000 Procedia Computer Science 00 (2019) 000–000

Available online at www.sciencedirect.com

ScienceDirect

www.elsevier.com/locate/procedia www.elsevier.com/locate/procedia

Procedia Computer Science 160 (2019) 189–196

The 10th International Conference on Emerging Ubiquitous Systems and Pervasive Networks The 10th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN 2019) (EUSPN 2019) November 4-7, 2019, Coimbra, Portugal November 4-7, 2019, Coimbra, Portugal

Smart Contracts and Internet of Things: A Qualitative Content Smart Contracts and Internet of Things: A Qualitative Content Analysis using the Technology-Organization-Environment Analysis using the Technology-Organization-Environment Framework to Identify Key-Determinants Framework to Identify Key-Determinants

Gregor Schmitt, Andreas Mladenow*, Christine Strauss, Michaela Schaffhauser-Linzatti Gregor Schmitt, Andreas Mladenow*, Christine Strauss, Michaela Schaffhauser-Linzatti Faculty of Business, Economics and Statistics, University of Vienna, Vienna, Austria Faculty of Business, Economics and Statistics, University of Vienna, Vienna, Austria

Abstract Abstract The spread and success of Internet of Things (IoT) is based on the rapidly growing number of applications, and smart contracts The success of IoT. Internet of Things (IoT) based on rapidly growingofnumber of applications, contracts may spread play a and pivotal role in In this paper, we (i) isidentify thethe key-determinants smart contracts in IoT, and smart (ii) analyze the may play a pivotal role in IoT. In this paper, we (i) identify the of smart contracts in IoT, (ii)the analyze the opportunities and challenges from a management viewpoint. We key-determinants performed a qualitative content analysis, andand used structure of the Technology-Organization-Environment framework as We categorization Out of four expert-interviews able opportunities and challenges from a management viewpoint. performed scheme. a qualitative content analysis, and usedwe thewere structure of the Technology-Organization-Environment as categorization scheme. Out of four expert-interviews we were able to extract 84 statements, which provided the framework basis for the identification of 13 key-determinants for the integration of smart to extractand 84 IoT. statements, whichthe provided basis for 13two key-determinants for the integration of smart contracts Furthermore, findingsthe revealed thatthe the identification combination ofofthe technological concepts promises significant opportunities, however, some technical and environmental challenges need of to the be overcome. contracts and IoT. Furthermore, the findings revealed that the combination two technological concepts promises significant opportunities, however, some technical and environmental challenges need to be overcome. © 2019 The Authors. Published by Elsevier B.V. © 2019 The Authors. Published by Elsevier B.V. This is an open accessPublished article under the CC B.V. BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) © 2019 The Authors. by Elsevier This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Conference Program Chairs. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Conference Program Chairs. Peer-review under responsibility of the Conference Program Chairs.

Keywords: Smart Contracts, Internet of Things, IoT, Technology-Organization-Environment framework, TOE, Qualitative Content Analysis, QCA. Keywords: Smart Contracts, Internet of Things, IoT, Technology-Organization-Environment framework, TOE, Qualitative Content Analysis, QCA.

1. Introduction 1. Introduction The Internet of Things (IoT) may be interpreted as a conceptual framework that uses data collected from devices Internet of Things base (IoT)tomay be interpreted a conceptual that uses data collected from that devices as The a shared information build applicationsas[1]. Followingframework this definition, it may be concluded the as a sharednumber information base to build applications Following definition, it maypotential be concluded the increasing of devices collecting data leads [1]. to an increasedthis variety and higher impact that of IoT increasing number of devices collecting data leads to an increased variety and higher potential impact of IoT * Corresponding author. Tel.: ++43 1 4277 38090. E-mail address: [email protected] * Corresponding author. Tel.: ++43 1 4277 38090. E-mail address: [email protected] 1877-0509 © 2019 The Authors. Published by Elsevier B.V. This is an open access under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) 1877-0509 © 2019 Thearticle Authors. Published by Elsevier B.V. Peer-review under responsibility of the Conference Program Chairs. This is an open access article under CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Conference Program Chairs.

1877-0509 © 2019 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Conference Program Chairs. 10.1016/j.procs.2019.09.460

2 190

Author name / Procedia Computer Science 00 (2018) 000–000 Gregor Schmitt et al. / Procedia Computer Science 160 (2019) 189–196

applications. According to Porter and Heppelmann [2], these novel applications yield enormous potential as industry incumbents may expand their presence in the value chain with solutions based on collected data from their traditional products. Forecasted 75 billion of connected devices by 2025 (compared to forecasted 26 billion devices in 2019) provide a rough insight into the dimensions of the vast amount of information that may be gathered and processed [3]. While IoT is mainly associated with collecting, aggregating and analyzing data, less emphasis seems to be placed on automating interactions between things. As smart contracts are executable code enabling the automation of multi-step activities [4], in the context of IoT, smart contracts could form the basis for novel solutions based on automated transactions originating from or triggered by things. While extensive scientific literature on IoT [1,5,6,7,8,9] and on smart contracts [10,11] exists, only few contributions address the combination of the two concepts. This paper seeks to systematically identify and analyze opportunities and challenges of smart contracts in the context of IoT, based on scientific literature and four interviews with experts. Section 2 provides basics of IoT and smart contracts. The research methodology is outlined in Section 3. The Technology-Organization-Environment (TOE) framework forming the basis for the four guided interviews and the analysis is introduced in Subsection 3.1. In Subsection 3.2 the application of the qualitative content analysis is described. Section 4 contains the main contribution, i.e. the identification of 13 key-determinants following the TOE framework and highlights emerging opportunities and challenges. Section 5 provides a conclusion. 2. Internet of Things and Smart Contracts As the domain of IoT evolves, it rather moves towards fragmentation and exclusiveness, but not towards homogenization and collaboration [12]. This could be the reason why a variety of approaches and definitions have emerged in the literature so far. While most approaches either emphasize the network orientation or focus on objects integrated in a common framework, Ng and Wakenshaw “propose a formal and integrative definition of the IoT as a system of uniquely identifiable and connected constituents (termed as Internet-connected constituents) capable of virtual representation and virtual accessibility leading to an Internet-like structure for remote locating, sensing, and/or operating the constituents with real-time data/information flows between them, thus resulting in the system as a whole being able to be augmented to achieve a greater variety of outcomes in a dynamic and agile manner” [7]. When the term IoT was coined in 1999 it was closely associated with radio-frequency identification (RFID) technology [1]. Since then, sensor networks, low-power wide area networks, mobile internet and cloud computing have enabled new applications of IoT [1,8,13]. Smart contracts could be the next enabling technology for novel IoT solutions. The idea of smart contracts was first described by Szabo as a digital formalization of a business relationship [11]. In contrast to paper-based contracts, a smart contract is a set of commitments specified in electronic form, including protocols within which the involved parties perform these commitment [11]. The protocol where smart contracts reside is very often a blockchain. The blockchain is a distributed peer-to-peer network in which nontrusting members are able to interact without a trusted intermediary. A decentralized consensus mechanism, called “proof of work”, creates public agreement on the order of transactions and incentivizes honest, trustworthy behavior [10]. Located on a blockchain, smart contracts benefit from properties inherent to blockchain’s nature: (i) tolerance of adding and removing devices, (ii) convergence towards a shared view of events, (iii) transparency and verifiability of network activities, (iv) a method for identifying information with association to participants, and (v) a network for transactions between distrustful devices [4]. The paper at hand covers blockchain only to an extent necessary to grasp its implications for smart contracts (for a comprehensive, non-technical introduction to blockchain cf. Drescher [14]). Within the context of blockchain, smart contracts may be defined as self-executing code enabling automated multi-step processes. According to Christidis and Devetsikiotis, smart contracts may be described via certain properties [4]: • a smart contract is a way to express business logic in code. • the smart contract code can be inspected by all network participants.

Author name / Procedia Computer Science 00 (2018) 000–000

Gregor Schmitt et al. / Procedia Computer Science 160 (2019) 189–196

• • • •

3 191

the smart contract executes independently and automatically on every network node when triggered by a transaction sent to its address. all network participants get a verifiable trace of the smart contract’s activities. a smart contract needs to be deterministic, meaning that identical inputs will always result in the same output. Non-deterministic smart contracts with random outputs hinder the network from reaching consensus about the contract’s result. once the code is written, smart contracts can be seen as independent agents with entirely predictable behavior.

Within the framework of IoT, the fact that a smart contract is triggered by a transaction on the blockchain may be interpreted as an opportunity and as a weakness at the same time. Striving for consensus, the transaction and activities of the smart contract inevitably become public knowledge to all participants in the network. However, being started by a transaction (i.e. a data flow in the network) creates synergies between smart contracts and IoT devices that collect as well as communicate data. While causing the execution of a smart contract, data from IoT devices could also indicate that a condition for the execution of a further workflow step is fulfilled or serve as verification that a contractual commitment has been performed. 3. Research Methodology As theoretical foundation, the Technology-Organization-Environment (TOE) framework, is used to comprehend the process of adoption and implementation of technological innovation. In our study the TOE framework not only formed the basis for the guided interviews, but also determined the categories for the qualitative content analysis (QCA). More precisely we used the basic context blocks of the TOE framework and integrated it into QCA by using it as the coding scheme. Once the interview transcripts were produced, main statements were identified, summarized and assigned to one of the three pre-defined categories, i.e. “technology”, “organization”, and “environment”. This allowed for the extraction of the total of 84 statements and 90 assignments to categories (78 statements were assigned to a single category, whereas six statements referred to two categories). Finally, key-determinants were derived by the use of inductive reasoning within the context of technology, organization and environment. The insights gained from the performed interviews regarding opportunities and challenges of smart contracts and IoT are identified, extracted, and presented together with a discussion in the following subsections. 3.1. Technology-Organization-Environment Framework The TOE framework recognizes three principle contexts influencing the adoption and implementation of a technological innovation within a firm: (i) The technological context; (ii) the organizational context; and (iii) the environmental context [15]. When applied, the TOE framework can be used to identify characteristics of innovative concepts affecting their implementation. While the technology acceptance model [16] and the unified theory of acceptance and use of technology [17] are suitable for predicting adoption on an individual level, they assume perfect information and create an illusion of accumulated adoption [18]. To our best knowledge, only two models, namely the diffusion on innovation (DOI) theory postulated by Rogers [19] and the TOE framework from Tornatzky and Fleischer [15] study technology adoption at firm level. The TOE framework is consistent with the DOI theory and has gained considerable empirical support since its emergence [18,20]. However, the TOE framework was preferred over the DOI theory as a theoretical foundation for this paper because it includes an essential component that the DOI theory misses, i.e. the environmental context that presents opportunities and challenges for adoption. Since this paper attempts to identify opportunities and challenges of smart contracts in combination with IoT, the environmental context is of utmost importance. The TOE framework was originally proposed by Tornatzky and Fleischer [15]. Oliveira and Martins highlight that the TOE framework has a solid theoretical basis and provides a useful analytical tool when determinants within the three contexts are adapted to the examined technology [18]. For example, Pan and Jang kept only three of the

Author name / Procedia Computer Science 00 (2018) 000–000

4

Gregor Schmitt et al. / Procedia Computer Science 160 (2019) 189–196

192

original determinants and introduced five new antecedents to study the adoption of enterprise relationship planning systems [21]. In the series of interviews conducted, the three principle contexts of the TOE framework were used to identify determinants that relate to the adoption and implementation of smart contracts. 3.2. Qualitative Content Analysis To explore opportunities and challenges of smart contracts in connection with IoT, a series of four expert interviews was conducted. The experts were either applied practitioners or researchers in the field of IoT, blockchain and smart contracts. The interviews lasted between 20 and 30 minutes and consisted of open-ended questions designed in accordance with the TOE framework. As suggested by Froschauer and Lueger, the interview guide proved helpful to ensure a level of standardization throughout the interviews while the open-ended questions allowed to capture heterogeneous knowledge from versatile experiences and diverse thoughts [22]. All interviewees agreed to the recording of the respective conversations for the purpose of this paper. This made it possible to produce verbatim transcripts. The methodology used to extract and structure information from the interviews is the qualitative content analysis (QCA) by Mayring [23]. QCA was developed to interpret complex artefacts, such as interview transcripts, following analytical rule [23]. The strength of the approach lies in its step-by-step procedure, which makes it a strictly controlled methodology and allows results to be reproduced. For Kohlbacher, the category system used to label the object of analysis is central to the process of analysis [24]. 4. Opportunities and Challenges of applying Smart Contracts The findings from performing the QCA feedback into the TOE framework as determinants for smart contract implementation in combination with IoT. Once the overall picture is explained using the TOE framework, it will be highlighted which determinants represent opportunities or challenges of applying smart contracts to IoT.

Fig. 1. Results - 13 key-determinants for smart contracts and IoT following the TOE framework

The determinants depicted in Figure 1 emerged as common points throughout the entire set of interviews. From the 13 adoption antecedents identified, six match with the original framework proposed by Tornatzky and Fleischer [15]. Legal uncertainty, consumer perception, attitude towards change, perceived technical capability, security concerns, performance expectance and perceived compatibility have been added to reflect the insights gained from

Author name / Procedia Computer Science 00 (2018) 000–000

Gregor Schmitt et al. / Procedia Computer Science 160 (2019) 189–196

5 193

analyzing the interview transcripts. In the following, all adoption antecedents will be introduced and it will be assessed whether they impose an opportunity or challenge to firms. 4.1. Technological Context The technology context describes both the internal and external variables relevant to individual firms and industries, including legacy systems and current practices [18]. Three determinants are differentiated for smart contract implementation. Performance expectancy refers to the extent to which a technology innovation is considered superior to the technology currently in use. Since smart contracts reside on the blockchain, benefits inherent to the blockchain’s distributed nature can be realized by firms. Hence, transparency, immutability and fast transaction handling are potential benefits that can be realized compared to legacy technologies. The possibility to embed business logic in smart contracts is of utmost importance to automate manual processes. While all experts acknowledged that smart contracts may facilitate IoT solutions, it was noted that there is a trade-off between scalability, costs and security. Despite this trade-off, the expected performance can be considered an opportunity for firms. In particular, the use of smart contracts can lead to a decisive competitive advantage over rivals. Technology maturity stands for the degree to which a technological architecture is ready to be deployed within a firm. While smart contracts and its underlying technological concept, the blockchain, have not yet reached the desired degree of maturity, some firms are already experimenting with potential use cases. However, until fundamental constraints including but not limited to scalability issues and network latency have not been addressed further adoption might be slow. With today’s maturity, smart contracts can only facilitate certain IoT use cases in limited IT environments. Technology maturity is a challenge and risk for early adopters that should not be underestimated [19]. In order to move beyond pilot projects and proof of concepts towards broader adoption across industries, a higher degree of technology maturity is needed. Perceived compatibility is a construct describing the level to which an innovative technology meets technical standards and requirements of existing IT infrastructure. While interviewees consider smart contracts, blockchain and IoT to be compatible in general, a conclusive assessment can only be done case-by-case. When solutions, e.g. optimized processes, empowered by smart contracts and blockchain, are implemented, parts of legacy IT systems will be replaced by the new technology. Overall, this determinant is neither an opportunity, nor a significant challenge. 4.2. Organizational Context Organizational context refers to inherent characteristics and resources to a firm itself. From the QCA five determinants have become apparent in this context, i.e. firm size, attitude towards change, organizational slack, perceived technical capability, and security concerns. Firm size, often operationalized as the number of employees, is an import antecedent for technology-adoption [18]. Zhu and Kraemer suggest that larger firms show a higher adoption of innovative technology due to their ability to absorb more risk and greater flexibility [25]. This is in line with a statement made during an interview that large companies simply have the budgets to experiment with smart contracts and blockchain. However, compared to their revenues, large firms invest rather small amounts and some innovative small- and medium-sized businesses are also among early adopters. The attitude towards change is an indicator of a firm’s willingness and ability to implement technological changes or transform its organization. Smart contracts, blockchain and IoT can be disruptive for processes, products, business models and even for entire industries. Organizations can be divided into departments, which often represent information silos. The transparency that blockchain imposes on these information silos requires organizations to rethink their approach to information handling. It is natural that employees prefer the status quo and show resistance to change [26]. Managing change during the adoption will be a challenge for firms. With top management support, incentives and a clearly communicated vision as success factors for change, this challenge can be overcome [27]. Organizational slack refers to the availability of uncommitted resources to an organization and is among the

6 194

Author name / Procedia Computer Science 00 (2018) 000–000 Gregor Schmitt et al. / Procedia Computer Science 160 (2019) 189–196

most frequently discussed factors within organizational context [18]. While the interviews indicate that the availability of budget is necessary, Tornatzky and Fleischer note that slack is desirable and helpful but “neither necessary nor sufficient for innovation to occur” [15]. Perceived technical capability can be described as the ability to manage technical resources to establish a competitive advantage in the market [27,28]. First, organizations need to grasp the concept of blockchain and smart contracts in order to understand how it can be used for IoT. In addition, programming smart contracts can be complex and organizations have to trust developers to write secure code according to their specifications. Access to experienced and trustworthy developers might be challenging. Firms with strong technical capabilities are more likely and faster to exploit the complexities of innovative technologies and hence obtain a relative advantage over competitors [25]. Security concerns arise when firms are uncertain if their assets are exposed to threats in the digital world [29]. Sybil attacks, network congestions, physical manipulation of the IoT devices or poorly written smart contracts pose considerable vulnerabilities and risks to firms. The image of an organization may be damaged if vulnerabilities become obvious. Controls and security measures are to be implemented and maintained. It is a challenging task for companies to assess vulnerabilities, to implement controls efficiently, to keep the remaining risk as small as possible, and to perform regular re-evaluation and monitoring. 4.3. Environmental Context The environmental context is the setting in which a company does business. For Tornatzky and Fleischer “environmental context” includes competitors, the industry, agreements and dealings with the government as well as society [15]. Five determinants have been identified in the QCA for environmental context. Regulatory policy was at the top of each interviewees mind in the environmental context with the EU General Data Protection Regulation (GDPR) being applicable since May 2018 [30]. Interviewees unanimously stated that the GDPR was not designed with blockchain in mind, and that it conflicts with fundamental properties of blockchain (e.g., the right to be forgotten clashes with blockchain’s distributed and immutable nature). However, one interviewee added that the GDPR is not hindering smart contract or blockchain adoption, but it requires a good data management concept and additional time and effort to comply with the regulation. While regulation is important to create a legal framework, it may be challenging to ensure compliance. Competitive pressure within an industry incentivizes a firm to implement innovative technologies. Smart contracts and blockchains have the potential to disintermediate markets and thereby fundamentally change market structures. Especially in liberalized markets with limited or no governmental leverage, smart contracts and blockchains could create significant pressure for adoption. Interviewees all agreed and predicted competitive pressure to be significant in finance, energy, insurance, logistics, mobility and healthcare industries. While these industries may yield the greatest opportunities, the substantial competitive pressure will make it difficult to establish and maintain an advantage over competitors. Legal uncertainty is present when regulation is non-existing or very vaguely existing [31]. Law and regulatory specifications are to be followed when using smart contracts. In general, legal requirements for smart contracts are similar to requirements for paper-based contracts. However, a disadvantage of smart contracts is that deliberate ambiguity is not possible. Soft legal language, e.g. ‘using best efforts’ or ‘to the extent possible’, cannot be translated into code because smart contracts need to be deterministic. It is still unclear how to deal with void contracts. Since a once executed smart contract cannot be legally reversed, both parties would need to agree on another transaction reversing the result of the void transaction. The alignment of the legal and technical layer of smart contracts is an open issue. This puts the legal enforceability of a smart contract in question [4]. According to Christidis and Devetsikiotis developing protocols and predefined procedures to enable dual integration is a pressing issue [4]. Dual integration refers to smart contracts which contain a reference to a paper-based contract and vice versa. Overall, legal uncertainty can be seen as a significant challenge for firms that slows adoption down at the time being. Consumer perception stands for the attitude of end users towards innovative technologies. If consumer perception is negative, the acceptance of products using the relevant technology will decrease. In current (limited) public perception, smart contracts and blockchain are almost inseparably associated with Ethereum and Bitcoin as

Author name / Procedia Computer Science 00 (2018) 000–000

7

Gregor Schmitt et al. / Procedia Computer Science 160 (2019) 189–196

195

its most prominent implementations. This implicit interpretation is problematic for two reasons: firstly, tokens of both aforementioned blockchains are traded on exchanges, and uninformed observers do not differentiate between token price fluctuation and technological maturity [32]. Secondly, smart contracts and blockchain are currently riding a wave of enthusiastic support but once security issues in Ethereum or Bitcoin are evident it might backfire on the concept at large. In the past, flaws in Ethereum smart contracts have led to substantial financial losses [33]. Firms should be aware of challenges that come along with consumer perception. External data refers to oracles, that trigger an event or the execution of a smart contract, outside an organization. Oracles are third parties that publish information such as weather data, flight statistics or data collected by IoT devices. When using smart contracts, both parties have to trust that the oracle publishes accurate data because it can influence the outcome of the smart contract. Firms might prefer to rely on oracles within the organization to have control over data quality. Since smart contracts are final and cannot be reversed once executed, corrupted data is a major challenge for firms. 5. Conclusion In the performed study we have analyzed the opportunities and challenges for firms when smart contracts are available as integrated functions of IoT. Our analysis is based on in-depth-interviews with four experts from industry and research; methodologically the questions and structure of the interviews followed the TOE framework by Tornatzky and Fleischer [15], whereas for the actual evaluation and interpretation of results a qualitative content analysis following Mayring [23] was applied. As a result, we identified 13 key-determinants of adoption within the three categories of the TOE framework, as well as opportunities and challenges. Further empirical research needs to be undertaken in order to find evidence for the identified determinants and to fully exploit the potential and synergies of the two technologies in combination. References [1] Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54, 2787–2805. https://doi.org/10.1016/j.comnet.2010.05.010 [2] Porter, M. E., & Heppelmann, J. E. (2014). How smart, connected products are transforming competition. Hardvard Business Review, 92, 64– 88. [3] Statista (2016). Retrieved from https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/ [4] Christidis, K., & Devetsikiotis, M. (2016). Blockchains and Smart Contracts for the Internet of Things. IEEE Access, 4, 2292–2303. https://doi.org/10.1109/ACCESS.2016.2566339 [5] Kryvinska, N, & Strauss, C. (2013). Conceptual Model of Business Services Availability vs. Interoperability on Collaborative IoT-enabled eBusiness Platforms, in the “Internet of Things and Inter-cooperative Computational Technologies for Collective Intelligence”, book Ed.: N. Bessis and F. Xhafa, D. Varvarigou, R. Hill, and M. Li, the book series “Studies in Computational Intelligence”, (SCI-460), Springer-Verlag Berlin Heidelberg, 2013, ISBN: 978-3-642-34951-5, pp. 167-187. [6]

Krotov, V. (2017). The Internet of https://doi.org/10.1016/j.bushor.2017.07.009

Things

and

new

business

opportunities.

Business

Horizons,

60,

831–841.

[7] Ng, I. C. L., & Wakenshaw, S. Y. L. (2017). The Internet-of-Things: Review and research directions. International Journal of Research in Marketing, 34, 3–21. https://doi.org/10.1016/j.ijresmar.2016.11.003 [8] Saarikko, T., Westergren, U. H., & Blomquist, T. (2017). The Internet of Things: Are you ready for what’s coming? Business Horizons, 60, 667–676. https://doi.org/10.1016/j.bushor.2017.05.010 [9] Mladenow, A., Novak, N. M., & Strauss, C. (2016, December). Internet of things integration in supply chains–an Austrian business case of a collaborative closed-loop implementation. In International Conference on Research and Practical Issues of Enterprise Information Systems (pp. 166-176). Springer, Cham. [10] Buterin, V. (2014). A next-generation smart contract and decentralized application platform (white paper). Retrieved from https://whitepapertracker.com/wp/Ethereum/Ethereum_white_paper.pdf [11] Szabo, N. (1997). Formalizing and Securing Relationships on Public Networks. First Monday, 2. https://doi.org/10.5210/fm.v2i9.548 [12] Nicolescu, R., Huth, M., Radanliev, P., & Roure, D. de. (2018). Mapping the values of IoT. Journal of Information Technology, 33, 345–360. https://doi.org/10.1057/s41265-018-0054-1

8 196

Author name / Procedia Computer Science 00 (2018) 000–000 Gregor Schmitt et al. / Procedia Computer Science 160 (2019) 189–196

[13] Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29, 1645–1660. https://doi.org/10.1016/j.future.2013.01.010 [14] Drescher, D. (2017). Blockchain Basics: A Non-Technical Introduction in 25 Steps. Frankfurt am Main, Germany: Apress. [15] Tornatzky, L. G., & Fleischer, M. (1990). The processes of technological innovation. Issues in organization and management series. Lexington, MA: Lexington Books. [16] Davis, F. D. (1989). Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology. MIS Quarterly, 13, 319. https://doi.org/10.2307/249008 [17] Venkatesh, V., Davis, F., & Morris, M. (2007). Dead Or Alive? The Development, Trajectory And Future Of Technology Adoption Research. Journal of the Association for Information Systems, 8, 267–286. https://doi.org/10.17705/1jais.00120 [18] Oliveira, T., & Martins, M. F. (2011). Literature Review of Information Technology Adoption Models at Firm Level. The Electronic Journal Information Systems Evaluation, 14, 110–121. [ [19] Rogers, E. M. (1995). Diffusion of innovations (4th). New York, NY: Free Press. [20] Awa, H. O., Ukoha, O., & Igwe, S. R. (2017). Revisiting technology-organization-environment (T-O-E) theory for enriched applicability. The Bottom Line, 30, 2–22. https://doi.org/10.1108/BL-12-2016-0044 [21] Pan, M.-J., & Jang, W.-Y. (2008). Determinants of the Adoption of Enterprise Resource Planning within the Technology-OrganizationEnvironment Framework: Taiwan's Communications Industry. Journal of Computer Information Systems, 48, 94–102. [22] Froschauer, U., & Lueger, M. (2003). Das qualitative Interview: Zur Praxis interpretativer Analyse sozialer Systeme. UTB Soziologie: Vol. 2418. Wien, Austria: WUV. Retrieved from http://www.utb-studi-e-book.de/9783838524184 [23] Mayring, P. (2010). Qualitative Inhaltsanalyse. In G. Mey & K. Mruck (Eds.), Handbuch qualitative Forschung in der Psychologie (1st ed., pp. 601–613). Wiesbaden, Germany: VS Verlag für Sozialwissenschaften. https://doi.org/10.1007/978-3-531-92052-8_42 [24] Kohlbacher, F. (2006). The Use of Qualitative Content Analysis in Case Study Research. Qualitative Social Research, 7. https://doi.org/10.17169/FQS-7.1.75 [25] Zhu, K., & Kraemer, K. L. (2005). Post-Adoption Variations in Usage and Value of E-Business by Organizations: Cross-Country Evidence from the Retail Industry. Information Systems Research, 16, 61–84. https://doi.org/10.1287/isre.1050.0045 [26] Hiatt, J. (2006). ADKAR: A model for change in business, government, and our community (1st ed). Loveland, CO: Prosci Learning Center Publications. [27] Grant, R. M. (1996). Prospering in Dynamically-Competitive Environments: Organizational Capability as Knowledge Integration. Organization Science, 7, 375–387. https://doi.org/10.1287/orsc.7.4.375 [28] Wernerfelt, B. (1984). A resource-based https://doi.org/10.1002/smj.4250050207

view

of

the

firm.

Strategic

Management

Journal,

5,

171–180.

[29] Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24, 2799–2816. https://doi.org/10.1016/j.chb.2008.04.005 [30] European Commission. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, 59, 1–88. Retrieved from https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=OJ:L:2016:119:TOC [31] Sutton, J. R., & Dobbin, F. (1996). The Two Faces of Governance: Responses to Legal Uncertainty in U.S. Firms, 1955 to 1985. American Sociological Review, 61, 794. https://doi.org/10.2307/2096454 [32] Corbet, S., Lucey, B., & Yarovaya, L. (2018). Datestamping the Bitcoin and Ethereum bubbles. Finance Research Letters, 26, 81–88. https://doi.org/10.1016/j.frl.2017.12.006 [33] Atzei, N., Bartoletti, M., & Cimoli, T. (2017). A Survey of Attacks on Ethereum Smart Contracts (SoK). In M. Maffei & M. Ryan (Eds.), Lecture notes in computer science, 0302-9743: Vol. 10204. Principles of security and trust: 6th International Conference, POST 2017, held as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, proceedings / Matteo Maffei, Mark Ryan (Eds.) (Vol. 10204, pp. 164–186). Berlin, Germany: Springer. https://doi.org/10.1007/978-3-66254455-6_8