Ian Grigg is a financial cryptographer known for his work on triple-entry accounting, Ricardian contracts, and digital cash systems. He is currently a partner at Block.One, working on the EOS project by applying his expertise to the development of a governed blockchain; Principal Architect at ChamaPesa, an app for social savings groups that uses a blockchain to add cryptographically-backed transparency, accountability and reliability to the informal networks which constitute 40% of Africa’s GDP; and Chief Scientist at Mattereum.

As the final talk of the conference, his core message was that the current financial system is locked into a race to the bottom in terms of customer service due to the rising cost of compliance (increasing 20% each year since 2002) and how identity and accountability frameworks sorely need revisiting. He presented the Financial Identity Trilemma Syndrome, which posits that out of three desired goods — regulatory compliance, security of assets, and customer service — only two can be achieved simultaneously, with customer service being the usual casualty. He then framed identity as an edge protocol consisting of collected attestations or facts between individuals as a cheaper approach, and the four qualities that will help provide a solid foundation within this distributed framework. Ian concluded his talk by highlighting the lack of liability surrounding identity providers and certificate authorities, and how implementing a dispute resolution system can help hold all parties to account within a certain system.

Video:

Transcript:

Hi there! I haven’t got any prepared slides or a prepared talk, but I have got some prepared bad news for you: I’m here to tell you it’s not going to work. I’ve been thinking about how is that I can help this process, and the only way I can do this, that I can help, is to tell you it’s not going to work and why it’s not going to work. Maybe once we’ve got past that we can move on to the juicy part of constructing something new.

We heard a lot about AML and KYC and CCD and all that sort of stuff, and it’s interesting, because when I was at R3, this little startup down the road that works for the banks, McKinsey gave us a report which was a private report — you have to buy it or something like that, I’m not sure — and there was a certain number in there, it said 20%. They’d started doing this report back in about 2002, and the report said that since 2002, the cost of compliance has risen 20% per annum year-on-year, and that was a report that was around 2015. Maybe we need to check up on those numbers, but that was a pretty consistent thing, and we read the report over and over to try and figure out if there was a way to misinterpret it, but we could not. Cost to compliance now is about 30% I’ve heard, but you pick your own number. Who works at a bank? Nobody, okay. That’s probably good news. [laughs] Who’s got a bank account? I’ve got bad news: if you do the compounding, in seven years you won’t have a bank accounts, because all the banks will be out of money. If you compound 30% forward by 20%, in seven years all of the money is consumed on compliance.

Does anybody know when compliance started? 1985 was the first time I ever heard about it. It couldn’t have started a year earlier, 1984. It literally started the year after 1984, and it’s been rolling ever since, and the problem is it hasn’t got a particularly good record. It’s been rolling forward, and the solution to failure has always been to double down. Hence, McKinsey correctly reports that 20% year-on-year increase in compliance is FATF and various other authorities discovering that there are problems, running into banks, fining the hell out of them and doubling down on compliance, but what they’re not actually succeeding in doing is changing the problem.

Why is this? There a reason, and I like to call this the Financial Identity Trilemma Syndrome, or FITS, and maybe the bank is suffering from FITS, if you’ve got this problem. The problem is if you look at a bank, as the costs rise, it must take the money away from some other purpose, and there are approximately two things going on in a bank which are interesting I think: one is customer service, providing a good experience to the customer, and the other is providing safety and security of assets. That’s approximately the only two things that are going on in a bank, customer service — great products, great experience — and security of assets. If compliance is eating away at the cost base, it’s got to give way from the other two. Consequently, we have seen over the last 30 years, since 1985, a reduction in customer service. The security of the assets, certainly in the Western world, has not reduced, but the customer service has reduced. How do we bring back the customer service? That is the challenge.

There’s that trilemma, Financial Identity Trilemma Syndrome. We’ve got a choice of three things there, and you’ve kind of got to pick which one you’re going to work with. You can get two out of three, so who are you going to compromise on? What the banks have done to date is to compromise on customer service. How do we bring that back in? It requires a fairly deep dive. This is actually a rant called An Exploration of Identity written for R3. [ http://www.r3cev.com/blog/2017/4/25/an-exploration-of-identity ] The first thing to understand is how do we make decisions? We make decisions through context. This environment is actually pretty safe, I can leave my bag down the back, and it’s all open and there’s bit and pieces falling out, my passport is floating around and so forth, and I feel entirely safe. But if I was in say Kibera, which a huge slum in Nairobi, I wouldn’t be doing this. If I was in some unsafe place I’d be carrying my bag with me; if I was in a really unsafe place, I’d have my bag in my front. Decisions on security are made on the basis of context.

Now, it turns out that this context is really useful in terms of what we heard before about attributes and the W3C and so forth. Identity is an edge protocol, which means that in an IT context, the thing that we can most use with identity is what Alice says about Bob, what Bob says about Carol, what I say about you and what you say about me. Any of those things can be captured into a single statement, and those single statements can then be collected. That’s really useful, because we can now actually build an IT system which catches that information. But the problem we’ve got is what happens if that edge, that attribute, that piece of data happens to be unreliable? Why would anybody bother to say the right thing? Why would I say, “You’re all good people,” why would you say, “I’m a good person.”, why do you care? It turns out, if we talk about facts, there’s a bunch of things that can go wrong.

I particularly like this diagram about the fact of a brick wall. If you think about passports, Amy Bell brought up the notion that passports can be fake, and that’s a bit of a killer, 50 quid down at the right pub. I’ve been following identity fraud for the last probably last eight years or so, since this question came up in CAcert, how much does it cost to have a good fraudulent set? It’s about a thousand: a thousand bucks, a thousand pounds, a thousand euros, whatever, that will get you a good set of fraudulent identity. It might change a little bit with the e-passports coming it, but it still seems to be the case that that’s what it costs, which means in a risk analysis point of view, how much weight can you put on a document? Think about the transaction. You probably can rely on the document for buying a beer, you could rely on the document for buying a computer perhaps, it’s like in the same ballpark, but you wouldn’t buy a house on a document. A hundred thousand, a million, you’re going to put that on a false set of identity? Very dodgy. All sorts of things can go wrong with documents — there’s a list of them, but I’m sure you can imagine.

Where is all this unreliability coming from, all these problems? It turns out that there are approximately four ways we need to improve the game to get back on the identity track. There needs to be skin in the game. Everybody in the business — that’s you, me and everybody — needs to be at risk, which is to say if you’re a relying party on a piece of identity documentation or identity statement, an edge, you need to be at risk for what you’re about to do, and that is actually the case anyway with all identity systems. But also, if I make a statement to you, like I’m a CA and I make a statement that you are who you are, I need to be at risk. Quality control needs to be set, which means we need a standard, because you can’t actually make a statement to a standard and then rely on it without that standard, so that needs to be there. We need redundancy in sources, and this is the notion that web of trust, and that’s because… it kind of becomes obvious later on perhaps. And some facts are owned by certain people, so therefore they are authorities, but these facts are quite limited; the driver’s licence people own the driver’s license, the passport people own the passport, but that doesn’t say enough to be very useful — you just have to have that there in the list.

So we need those things there, but the key thing we’re getting to is that liability, skin in the game. We need to be able to have the liability that says, “If I have checked your passport and I say your passport is who you are,” and somebody comes and relies on that and they lose their house, I am liable for that statement. Now, to perhaps digress here, the problem that has occurred with all identity systems to date is that the liability for the statement that has been made has been dumped typically on the consumer. If you think about CAs, PKI providers, various identity authorities, the passport office, none of them can be sued. The way that the CAs avoid the liability for the statement that they make is through legal clauses buried in their legal contracts, not their CPSs but in their legal contracts, that state that you are on your own, there is no liability, there is no liability to them — if something goes wrong, you’re screwed. This is actually completely deliberate, and was an organised, intended approach, and the reason is because if a CA issues a million statements,, and there’s an expected liability of say 10 bucks on each statement, they’re out of business. The only mathematics that works for a CA or a PKI provider is if there is no liability. But unfortunately, here’s what happens: if there is no liability, the CA, or any provider of statements, enters into a race to the bottom, the quality sinks as they race to charge for certificates, sometimes we call this certificate manufacturing. What has happened with all these systems is the quality goes down — I’m talking about the private sector, maybe not the passport sector for example — the quality goes down to the point where it’s no longer reliable, and the reason it’s no longer reliable is because there’s no skin in the game.

So you need a situation where any provider is liable for the provision of the statement. If you think about banks, let’s say we’ve got Barclays or HSBC or some of these other banks, they issue a statement saying who you are and you’re going to take that statement across to some other provider, maybe it’s the health service or maybe it’s another country. Can you sue Barclays, can they sue Barclays if it goes wrong? No, and this is part of the problem. Whatever statement that these people make cannot be exported out of their business, because they won’t accept the liability. That’s reason A. Reason B as to why they can’t possibly export it is because, and I think Amy Bell hinted on this, risk analysis is done by the relying party, and the risk analysis is a different for every relying party, therefore there is no such thing as standardised KYC, standardised due diligence. In fact, due diligence, the meaning of the term is the diligence due for the business. So you can’t do a standard crosswise system, unless you bring all the players together and accept common liability for everything. This is what some of the Nordic countries have done, basically the central bank has got the banks into a room, and beating their heads together, until they’ve come up with a common system, but it’s also done the trick of saying, “You’re now absolved of the legal liability, if you rely on somebody else’s,” which is something that Amy Bell brought up.

So, how do we make it liable, such that anybody can issue these statements, but somehow we can come to grips with the fact that this person has an incentive, has skin in the game, and therefore does a good job? There’s approximately, as far as I can see, two ways: one is the central bank brings in the banks and forces them to do this, in some fashion or other, and the other is to create a community. This is what we did in CAcert back in the day, and this is what we’re going to do with EOS in the future, we’re going to create this thing called the governed blockchain. Basically, when you join the community, you accept the liabilities of being part of the community. Once you’re inside the community, you can make any statements you like, but you’re liable to arbitration. A formal method of dispute resolution exists, whereby if somebody does rely on your statement, they can come back to the arbitrator and demand that the arbitrator hold you to account. This is a really difficult ask. It can be done with a vertical, it can be done across borders. The question is can you bring all these people into a community? Now, I can say that if you’re trying to bring banks into a community, you can do it within one country; if you’re trying to do it internationally, it becomes a lot more difficult.

But that’s the conundrum: how do you bring people under common dispute resolution, such that they will accept the statements that are made by somebody else in the same community? That’s the bad news. Until you solve that, identity won’t work, in an international, smart contracts, blockchain environment — I’m sorry. And now I have to run [laughter], having given you the bad news I have to run, because I have a flight. There is good news, but that will take another day. [laughter]

All materials from the conference: http://internetofagreements.com/identity/

Learn more:
https://chamapesa.com/

https://www.mattereum.com/

Join the telegram https://t.me/mattereum

Ian Grigg on how the banking system is about to collapse and how to fix it was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

Rouven Heck of uPort, one of the leading self-sovereign identity solutions in the Ethereum ecosystem, talked about uPort’s role within Ethereum accelerator Consensys, notable features of uPort’s identity solution for a public blockchain as well as its permissioned ledger interoperability, and how uPort acts as a secure interface with Ethereum smart contracts, with identity recovery mechanisms in the works.

Rouven was then joined by Vinay Gupta of Mattereum and Jason Law of Evernym. The panel discussion focused on the interoperability of self-sovereign identity solutions and fears of a “balkanized identity infrastructure” that could compromise the viability and rollout of self-sovereign identity systems. After highlighting the commonalities between uPort and Evernym in relation to decentralized identifiers (DIDs), Rouven and Jason mentioned how their respective projects are working together to establish DID standards within the W3C Credentials Community Group.

Video:

Transcript:

Hi! My name is Rouven, I work for a company called ConsenSys, and I’m also here to talk about self-sovereign identity. I haven’t prepared any slides; I usually start with talking about what’s identity, KYC and all of those things, but given that it’s late afternoon and we talked about this all day, I will skip this.

The focus I want to bring into the conversation is the connection with the smart contract world, and that’s part of what we’re doing. A little bit of background on ConsenSys: we are a company focused on Ethereum as an underlying platform, the Founder of ConsenSys is Joseph Lubin, he’s one of the Co-Founders of Ethereum, and he started building an ecosystem for the Ethereum space, tools and applications around this. The company is only three years old and we now have 700 people. The majority of the people are working on different products, we have about 45 different projects already, from the supply chain to poker platforms to energy platforms, music — everything you can think of around use cases, we do it.

We also do consulting, and that was born because the market had lots of questions, so we do consulting as well, we opened an office here around the corner a few months ago, and we do venture investment into ideas which are in the decentralisation space. But then we noticed that there’s just not enough people who really understand how to write smart contracts, so we started our own academy and started to train people, and we already had hundreds of people going through this training, to understand how to write smart contracts. Because identity is so important for all of these use cases, uPort is one of the early companies born in ConsenSys; the uPort team involves 23 people, and we are building all kinds of things around identity in that space.

The way we think about identity and blockchain is there are two challenges. I think everything we talked about here today was mainly around using a blockchain as a trust anchor to build an identity system, what Evernym and others are doing is building an identity solution using the blockchain. But another very important part is you need some form of identity to interact with blockchains. When you think about it, how do you know who the other person is, if you interact with a smart contract? With Bitcoin it doesn’t matter, because you just have an address and a key and you just transfer Bitcoins from A to B, and it doesn’t really matter who the other person is.

But with a lot of the use cases on these platforms, you need to have an understanding of what kind of smart contract you’re about to sign. So the users need to handle private keys, otherwise there’s no blockchain, if you’re unable to give people private keys, and if people are about to sign something which is really immutable on the blockchain, they better understand what they’re about to sign. I think that’s something which often is a detail we need to figure out, but if people don’t really understand that the smart contract they’re about to sign with a key is transferring a certain asset or make an agreement of any kind… I think that’s a key part to get right. Generally there’s friction to use platforms like Ethereum, so one of the other things we’re working on is to make it end user friendly, to interact with blockchain in general.

I think the most important part, where we come in, is we started as a tool to use Ethereum, and now we want to combine this with real-world trust anchors. What Evernym talked about is getting attestations issued from reliable third parties, combining them and being able to prove them in a reliable form to an Ethereum smart contract, and that’s also our focus.

The use cases, whether it’s Airbnb, Uber, all these use cases require some kind of reputation, you need to know that the other person is actually reliable. We have the eBays and the Ubers and others who manage this by building a reputation and solving this for us, but it’s a really key point in order to make a lot of these use cases really useful. We’re working on a journalist platform within ConsenSys, we are doing a real estate tokenisation platform, OpenLaw is one of the other ones which might be interesting for this group here, where you basically connect smart contracts and legal contracts. All of them require knowledge about your counterparty, because otherwise if it’s just an address, there’s always the risk that someone might give you the wrong address or sign-off on something, and how do you prove that’s actually the right person? This combination is where we focus on.

The other part is many companies now explore private chain integration. Big banks, or any other companies with a supply chain, they often say, “Okay, we have private chains, but ultimately who is controlling the keys?” If you want to have a use case where the end users actually hold the keys and actually in control of their assets, then you need to make it really user friendly for them to do this, and I think that’s often a problem. We built is the ability to onboard people onto the uPort identity, and then use this for private chain signatures. At the moment, every company and every bank goes through the process of enrolling users again and again. Imagine that in future you have something which is like your browser, you enrol once, and then you can even use these keys to sign transactions within private chains.

The way we approach this is slightly different than our competitors, we’re going a little bit more bottom-up instead of top-down. We’re not going to governments and big banks to start issuing these attestations; we’re trying to find partners who represent a certain level of trust. We’re focused on the Ethereum market, and in there they basically just need to know that it’s a real person, or that this is not someone coming a thousand times at the same time, so anti-sybil and other things are very simple use cases in the beginning. We’d launched a project in the City of Zug in Switzerland, where they just wanted to experiment with giving people true self-sovereign identity solutions: you create this, there’s nobody else involved other than yourself, you then go to the registration office, they check your passport, and they attest to you that you actually are the person who you claim to be. Then weeks later we noticed lots of projects came to us with “Hey, can we use this as a form of KYC?” Granted it’s not full KYC and I’m not trying to pretend that it is, people here know what KYC is, but at least it’s the first step in a more trustworthy interaction. If you then use it on certain platforms, you can really build some form of reputation with this over time. So we’re really going with the Ethereum market and want to grow with the Ethereum market, rather than immediately getting involved with government and KYC use cases, because I think that’s really hard.

In terms of technical things, at the moment we use the Ethereum blockchain and we use IPFS as the underlying technical solution. Sovrin has a trust framework, its governance model, which has a certain number of stewards to maintain this. At the moment we are using a public blockchain, which has its benefits and weaknesses, having a completely permissionless environment. Because we were designing for a public blockchain from the very beginning, we always tried to minimise the footprint on the blockchain, not only making sure there’s no personal information on the blockchain ever, that’s clear, but also asking where do you really need the blockchain. So I think we have a slightly more simplified approach than some of the competitors, that you have maybe just a handful of identifiers so there is a certain level of correlation possible if you want to, but it makes it way easier for people to actually understand that they might have a legal identity, they might have a gaming identity and maybe others, and it’s up to them to choose this or be completely anonymous. That’s something where we work together with a lot of the partners in the ecosystem, to see what’s the right balance. Interoperability is one of our core objectives.

The other very important part is how do you recover your keys. We’re experimenting with different things, and last year we launched something that’s an identity recovery rather than a key recovery. The main thing we did is we used two smart contracts, one representing an identifier on the blockchain, and the second one was a smart contract which had a certain logic in there, which allowed you to recover, through your social network, not the keys but the access to this identity. How it works is for example the smart contract contains five delegates, and each of them, three out of five or whatever, would need to send a transaction to this smart contract, and then would flip the ownership of this identity to a new private key. That’s just one of these experiments at the moment; there’s some privacy implications, because you can see in the smart contract who the other identities are, but we have some ideas on how to solve it.

The first thing people can see is that we have built a mobile application, but that’s just more or less on the surface. It’s in the App Store, you can download it, you can do this traditional login with Facebook kind of style, you can sign transactions, you can have this private chain, this is already all in there, and lots of other features are coming soon. But our focus at the moment, because we want to make it super easy for applications around us to integrate it, there’s a lot of focus on building libraries, we build services in the background to make it easy for paying gas costs, so the user doesn’t even see that there are keys involved, the user doesn’t see that there’s any Ether paid to create that identity, we stripped all of that away and made it happen in the background. In the future we will likely enable companies, if they want to fund people using their platforms, that these applications can pay the transaction costs for them.

For us, it’s super important to work on open standards, because I think it’s so early stage all of this that we really emphasise a lot of the collaboration here with the community, with W3C and the Decentralised Identity Foundation in the Ethereum space. That was the quick intro, and now we go to Q&A. [applause]

Panel session:

Vinay: There’s so much to talk about on identity, but I wanted to focus on one specific thing, which is identity interoperability. The thing about self-sovereign identity or self-assigned names, however you want to think about it, is theoretically the individual is completely in charge of their stuff. But when you want to use the identity, you need credentials, attestations that somebody else makes that are signed, and in theory these things ought to be property that belong to you, the user, even though they were signed by some third party. My question I wanted to put you guys on the spot about is am I going to be able to take an attested claim from Sovrin-compatible systems to uPort-compatible systems and back again?

Rouven: I think there are multiple components in this whole stack. When you think about it, the first thing you need is an identifier which is cross-blockchain possible. We call it DID, decentralised identifier, which you can register on Ethereum on the Sovrin chain or whatever that’s the same language so that we at least understand who you are.

Vinay: This is essentially a key-payer plus some metadata? Is it any more complicated than that?

Jason: A little bit. It’s going to have an identifier, you’ll have some keys, you can have multiple keys, you can have some service endpoints, but it’s a spec that we’ve been working with uPort and others on, to make… It’s the de facto standard right now for decentralised identifiers.

Rouven: The identifier is the first part, and the second thing is then how do you log in or how do you present this. That’s what we call DID off, that’s where we working on the same thing now. We don’t want to have five more patents on login with Sovrin and uPort and other things; it needs to be hopefully one last thing to replace it. I think that’s something which is easy to standardise, and I think the next level is how do we enable the protocol of the communication, I think that’s where we start.

Vinay: So the hope is that DID is the last name that I need, right?

Jason: Well, you have multiple DIDs… [laughter] But it’s like a phone number though. When you look at your phone, you don’t think of the phone number when you call someone, you see their name, and so who cares what the big, 128-bit number is.

Vinay: Right, here’s your big, scary number. Let’s go back to the pragmatics of interoperability. If we get a set of entities like banks that are willing to sign off on your passport so you could put an image of your passport into your wallet, this kind of stuff, how are we going to make sure that we don’t wind up with 75 different technical standards and the banks just saying, “Sod it,” and winding up with essentially a Microsoft type solution? Because in the long run, if we don’t have a standards-based approach… Google, Microsoft, Oracle, Salesforce, Facebook, SAP, depending on what space you’re in, we might up in a position where we just wind up with a balkanised identity infrastructure rather than interoperability. What are the chokepoints on ensuring that we wind up with global interoperability, and how do we, as the blockchain community, defend those chokepoints?

Jason: There’s a couple of paths. Rouven mentioned DIDs and DID off, that’s a good start. We also have the W3C Verifiable Credentials Working group, which is also a good start, and there’s a number of changes that we’re going to be proposing that will make it easier for people using Sovrin to interop with other people in other ecosystems.

Rouven: I think we’ve now reached, as part of the W3C, the three elements already in terms of the data format; what I think the last missing piece is really how do we communicate between us. We see the W3C as one component. Because of the concern of if we don’t get on the same page, this motivated 50 companies over the last 12 months to come together and form the Decentralised Identity Foundation, where we are both founding members, and we have now not only a bunch of startups who nobody cares about but Accenture, Microsoft, IBM and Intel are the big names in it; everyone except the Facebooks and Googles are interested to build something which could work, so we’re teaming up.

Vinay: The players that don’t have a billion people’s identity on their book are attempting to form something up, so this is the rallying point. Decentralised Identity Foundation is where the action is going to be?

Jason: It’s a meeting place, it’s a starting point, and who knows where it goes from here.

Rouven: There’s a lot of concerns around there’s yet another standards body, but the idea is that that brings us together and we talk about this. If there is another place that is a better suited, W3C or IETF or something else… We don’t want to replicate this,, we’re happy to give this to someone else, and at some stage I think this will be a group coming together, harmonising our thinking, and then we find the right place to really standardise it, that’s the idea.

Vinay: There is something quite interesting here. Back in the day, IETF standards just applied on the Internet, and now we’re getting into a position where whatever is done in terms of standardising blockchain identity is immediately going to smear across into finance and possibly into governance, particularly in poorer countries. If you have things like land registries which have a substantial blockchain component, the obvious expectation is you’re going to wind up with the same identity used for land registry, voting and commerce.

Jason: There is identity and Identity. Identity is where I get to… It’s really everything that I have about me that I get to control…

Vinay: The philosophical identity rather than the transactional identity.

Jason: Right. The identity is a facet of my identity that I share with you, I share with Rouven, that’s identity, and I could use that identity for land records, but I could also leverage the certificates or credentials I get from my land ownership in other contexts.

Vinay: Right, you use the land as the anchor. One of the companies I’m working with is ImpactPPA, and they have this notion of using smart meters as identity verification devices. Because you know exactly where the smart meter is, if you walk up to the smart meter and bang it with your phone, we now know very certainly where you were and when you were there, and that has all kinds of utility.

I want to go back a minute to this notion of the kind of Identity/identity, philosophical identity/transactional identity. Surely the purpose of capitalism is to have transactional identity completely represent philosophical identity — I’ll just leave that there. [laughter] “Is this handbag really me?” Last thoughts on this before we wrap up and hand the stage to the infamous Ian Grigg, who is responsible for far more of this than he’d ever admit to? What happens is a few years, if it all works? Give me some notion of my day-to-day life changes, if the identity revolution that you’re working on succeeds?

Rouven: I think when we talk about the possibilities, we get very philosophical and very crazy. I think once people have the ability to prove who they are and digitally confirm this, I think it will change so many business processes. It would allow not only that you have way less friction in anything, whether it’s boarding an airplane or whatever it is. I think any agreement you want to do if you have a connection to “This is me,” you can just fundamentally change a lot of the interactions with businesses.

Vinay: So it’s a friction-free future, the paperwork goes away and we get back 5% of our lives.

Rouven: That’s one part, and that’s enabled by an identity, the ability to sign something digitally. The other part I think is really the data ownership and the ability to share selectively, and really create a lot of trust in any interaction, peer to peer or with companies.

Vinay: Got it, so much less buying weird, random stuff off eBay and discovering it’s junk when it arrives. [laughter] Well, that’s a future I can believe in. Ian, are you ready to roll? Gentlemen, thank you very much! [applause]

All materials from the conference: http://internetofagreements.com/identity/
Learn more:
https://www.uport.me/
https://www.mattereum.com/

Join the telegram https://t.me/mattereum

Rouven Heck — presentation of uPort and a panel session on identity with Vinay Gupta and Jason Law was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

Amy Bell of Teal Compliance started with an overview of Anti–Money-Laundering (AML), Know Your Customer (KYC), and Customer Due Diligence (CDD), stressing how they are related but different things.

Rob Knight, Mattereum Co-Founder, then opened a discussion on the various types of regulatory compliance in the cryptocurrency space and considerations for customers and firms operating within the industry. Rob’s question on the compatibility of the anonymous/pseudonymous features that have come to define cryptocurrencies with the existing regulatory landscape led to consideration of criminal activities involving these assets and how bad actors will continue to find new ways to maintain secrecy. When Rob proposed a hypothetical scenario of someone unknowingly transacting with a criminal with cryptocurrency, Amy traced where liability lies between the parties, unpacking the notion of “adequate consideration” in financial transactions. The rest of the discussion covered the reach of regulation, the responsibility of the customer versus the service provider, and to what extent the pace of innovation will affect compliance overall.

Video:

Transcript:

Rob: I’m Rob Knight, Co-Founder of Mattereum — you may remember me from such things as the keynote this morning. Joining me on stage is Amy Bell of Teal Compliance, and Amy is going to explain to us essentially the wonderful world of money laundering — not how to do money laundering… well, maybe how to, that would be quite useful — specifically, how to prevent people using your products and services for money laundering purposes, and what your regulatory and compliance requirements in that respect actually are. Amy, if you could just start by giving a background to yourself and your experience in this area, that would be great.

Amy: Perfect — thank you very much. I’m Amy Bell, I’m not a techie person at all, I’m a solicitor — don’t hold that against me, I’m recovering every day — and I’m quite interested in this space, anti-money laundering is my thing. I am the current Chair of the Law Society’s Money Laundering Task Force, which sounds more exciting than it actually is, but what it means is that I represent all of the legal profession in England and Wales, sometimes the whole country: Home Office, Treasury, Europe, FATF… We heard about FATF before and their role in influencing what certainly the UK but actually the global markets have to do in relation to anti-money laundering.

I’m also here with another hat. My business partner Sally, who is at the back, and I have a separate business called Teal Legal, and we are trying to look at legal processes, starting with conveyancing actually and trying to look at how tech can improve that journey. If anyone has bought a house, you will know it’s been an absolute nightmare, and the solicitor didn’t tell you anything and it took much longer than you could possibly imagine, and actually we’re hoping to find some solutions through that.

Rob: Excellent. Coming to this as a tech person, the moment you get into financial services, fintech, these regulated environments, you get hit by this barrage of three-letter acronyms, and I’m sure it must feel much the same going in the opposite direction as well. We hear these terms KYC and AML. Can you just give a brief overview of what these things actually mean, strictly speaking?

Amy: No problem. Anti-money laundering is the prevention of money laundering, and it’s often twinned with KYC, knowing your client, and also partnered with CDD, which is customer due diligence, and these are all separate things actually. The theory is that if we do CDD, customer due diligence, we will get to know our client is part of the calculation — it’s not the whole thing, but it’s part of getting to know our client — and if we get to know our client, then we should be able to spot markers for money laundering, and therefore prevent money laundering, to contribute to anti-money laundering. That’s how they all fit together.

CDD in its purest sense is actually legally much more than identity. When we hear CDD, and I think from what I’ve heard today is we go straight to identity and certainly that’s a very important part of it, and that has two aspects really. The first one is that you identify the person who is your client and you verify their identity by reference, currently to documentation or some other independently held data that confirms that that person is who they say they are, so that’s CDD identity. But CDD is actually a lot wider than that, and the secret to preventing money laundering lies actually in the proper application of CDD outside of identity. Identity is the first part, but after that you get into understanding the purpose and nature of the transaction — why are people doing what they’re doing, where’s the money coming from — and it’s actually that, folks, that disrupts money laundering, because baddies live somewhere. Just knowing their identity doesn’t on its own disrupt money laundering; understanding why they’re doing what they’re doing and the way that they’ve structured themselves, particularly in terms of secrecy, around complex business structures or trusts, understanding that and taking the time to work that out with your client is how you will disrupt money laundering. As I said, the things are kind of interchangeable though.

Rob: Is this normally pursued through… People have the notion of the traditional bank manager relationship, where the bank manager would know who you are and somebody would be able to ask questions about what you were doing. Your bank manager would say, “That’s very strange, a £100,000 transaction in an account that normally only does £5,000 worth of transactions in a month…” One can obviously imagine the historical way that those things were being done, but I presume now this is a very much done automatically, there are systems in place to use machine learning and all kinds of wonderful things to detect strange or unusual patterns. Is that how things tend to get done, or is it much more still human instinct and intuition and a sense of what’s right or wrong?

Amy: A bit of both, actually — it depends which sector you’re in. Anti-money laundering and the law around anti-money laundering, the obligation to comply with anti-money laundering is a lot wider than the financial sector. Obviously the financial sector is at the heart of preventing money laundering, because you can’t really launder money unless you’ve made money, you can’t do that without a financial transaction.

But, there are a whole load of other players in the game outside of financial services: solicitors, accountants, estate agents, high-value dealers, all of these people also have a KYC and a CDD obligation. So whilst the banks do invest very heavily in tech, fintech, regtech, to start to apply some logic to these transactions, their monitoring systems is the IT, the big red light flashing that says, “Go and look at this odd transaction,” that’s very much happening in the financial services space, but the rest of the regulated sector nowhere near, absolutely nowhere near. Sally is a conveyancer by trade, and when she started in the law 20 years ago, she went to do a completion: when you buy your house, you take your money, you give the money to the person who is selling the house, they gave you the title deeds, that’s basically how you do it; 20 years ago Sally had to go and do that in person, cross the road with the cheque, get the title deeds, hope the cheque would cash… And we’re not that much further on from that, if I’m honest; we don’t release the keys until we know the money has hit the bank account of the seller, but it’s in no way systematised.

In order for those regulated sectors to spot money laundering, they actually have to eyeball the stuff: look at bank statements, look at passports… We are still literally looking at passports and deciding whether we think they’re fake or not in the rest of the sector.

Rob: How does that situation get changed by the advent of things like cryptocurrencies? Particularly because in the initial case cryptocurrencies have been described very much as anonymous or pseudonymous systems, where you don’t know necessarily who you’re interacting with by design;; in fact, there is not necessarily any register anywhere that links a specific individual to a Bitcoin address or an Ether address. Does that system present a challenge, or do you think we’re going to have to layer on the same kind of sets of checks that we have in the traditional banking and traditional finance system into cryptocurrencies as well?

Amy: Undoubtedly. How does stuff change in the AML world? We heard FATF, the Financial Action Task Force, mentioned before, they’re a global organisation that set the standards for prevention of money laundering, they issue recommendations to countries that dictate really to the country what measures they have to put in place to prevent money laundering. These are global standards; I accept that the way that they’re interpreted and implemented across the globe can vary. For example, if you want to go and buy a house from a solicitor, you are going to have to do KYC and CDD, but if you want to buy a property in America, you might not have to do it in the same way, and Australia is the same, different processes in place.

FATF go and inspect countries’ compliance. The UK is in the middle of such an inspection at the moment, the inspector has just been on the ground, looking at effectiveness in financial services in the professional services, and they were given an effectiveness rating, and if they think they were not effective will say that and will require us to do certain things to become effective. These are the people that we have to get on board with this, developing technologies, they’re the people who are pulling the strings, really.

AML is an incredibly political space. Anti-money laundering legislation is not necessarily always focused on just AML risk, as in the traditional AML risk of somebody who sells drugs and needs to launder their cash. Actually, anti-money laundering is any sort: criminal property, which is used in anti-money laundering, criminal property comes from any crime at all. What we’re seeing with the Paradise Papers and the Panama Papers, what we’re seeing in there is tax avoidance or tax evasion, and very much the direction of travel in the current legislative thinking is to reduce the risk of people being able to hide their ownership through already established structures, like trusts or very complex business structures where you can’t find who the person is behind it. If you marry that with new technology that brings anonymity, it’s not going to go down well, frankly.

Now, interestingly, the government have to produce a national risk assessment. Europe has to produce a supranational risk assessment of the risks of money laundering, and we had the most recent one in October ’17, where they have started to consider… Well, they started in ’15 to consider digital currencies and the risk. They have in fact said that they consider the risk of money laundering with digital currencies currently to be low, but they say that that may be because law enforcement have intelligence gaps on the ways in which criminals might use it. Just because it’s low at the moment doesn’t mean it will remain low; certainly there are concerns about cross-border movement of funds, or movement of funds in a way that can’t be monitored, or people taking advantage of different regulatory regimes across the world that they can take advantage from, because it’s not constrained by the domestic issues.

Rob: So if I’m running a business using the blockchain and using cryptocurrencies, and I want to accept payments in Bitcoin or payments in Ether, somebody turns up with a certain quantity of Bitcoin and they complete a purchase. Should I be worried, or is there anything that I need to be concerned by in that situation?

Amy: In my day job I get calls all the time from lawyers at the moment who have got people, not quite the same situation, but got people who have benefited/profited from the increasing value of Bitcoin: they’ve sold it, they’ve got the cash back out, they want to buy some property, invest that money, this windfall that they’ve got… And the whole market is very nervous about it, that’s why they’re ringing me, saying, “Oh god, they’ve used Bitcoin! Should I be really worried?” And frankly, in the national risk assessment, one of the things that they point to is these currencies being the currency of choice for criminals, cybercriminals in particular. So it’s going to be that activity I think that drives it.

To answer your question, if someone turns up and wants to use it, the technical legal answer is it depends what your knowledge or suspicion is of those funds. Just to give you a real-life example which you can then extrapolate to that, it works the same way — and for the purpose of the tape, they’re absolutely not — but if Vinay for example was a drug dealer… [laughter] and Rob wanted to buy his house, in Rob’s hands Rob’s cash that he’s got that he’s going to buy the house with is clean. Because Vinay is a drug dealer… He’s not, but…

Vinay: Arms dealer!

Amy: Arms dealer — we’ll have arms dealer, alright. But if he was, his house would be, because he bought it using the profits of his illegal activity, his house would be criminal property. Everyone with me so far?

Rob: So it started off as my house…

Amy: No, you want to buy his house. You’ve got a whole pot of cash, whether you’ve got it in Bitcoin or not doesn’t matter. He’s got a house, his house is dirty money, but your cash is clean. You’re going to give your cash to Vinay, and he’s going to give you the deeds to his house. Now, after that transaction, in your hands the house that was dirty is now clean, and in Vinay’s house the cash that was clean is now dirty. That’s how the law operates, this is called adequate consideration. Now, provided that you don’t know or suspect that Vinay is an arms dealer and you’re helping him liquidate his asset, as long as you don’t know or suspect that, then you’ll be fine, you can have the house, they can’t take the house off you; if you’re in on it with him, then they can.

To answer your question, if someone comes along to you with something that could have been used by criminals, taking advantage of the anonymity to be able to loan the cash, if they come to you, you’ve got to ask yourself, “Do I know or suspect that they’ve actually been up to no good and that’s why they’ve got this cash?” I don’t think that we’re in a place where we think automatically anyone who’s got Bitcoin would be in that category.

Rob: So as long as I don’t have reason to suspect that the cash is proceeds of crime, then it’s reasonable for me to enter into an honest transaction with that person.

Amy: And receive the funds, because they’d be clean with you.

Rob: So if I receive funds in return for goods, the goods now become the proceeds of crime.

Amy: Exactly.

Rob: Because the taint sort of transfers at that point from the money to the goods, because that’s the thing that’s being held by the criminal.

Amy: Exactly, yeah.

Rob: That’s a fairly simple transaction, somebody is simply buying goods, party A buys goods from party B. In an example where you’re issuing a digital asset, let’s say a digital token, or you’re creating something that is a transferrable right… Let’s say the criminal turns up and wants to buy some digital tokens from me. At that point, I am facilitating that activity, and I’m expecting that they’ll buy the tokens from me and then sell the tokens onto another third party. Because I’m facilitating multiple people engaging in that activity, do I have a different level of responsibility? Am I now responsible for protecting the people who are in that trade group that I’m facilitating?

Amy: Again, it’s an important point to unpack the difference between what your obligations are to do due diligence and your obligations are to not get involved in money laundering, they are two separate things. Currently, you’ll know that in many places they have started requiring due diligence in terms of the operation of the exchanges or the issuing, and there’s a piece of legislation, which is on its way in the UK and across the rest of the EU, which is known as the Fifth Money Laundering Directive — it’s not technically right, but that’s what they call it — if you see 5MLD anywhere, that’s this stuff. This is bringing digital currencies into a category of activity that needs to be regulated, and so the regulation actually is what drives the KYC and the CDD activity. So if you are dealing with something which is regulated, you must do the due diligence activity that we talked about before, you must understand the identity, you must understand the purpose and nature, so that’s coming, where people who are dealing in those currencies will need to do that.

However, the Proceeds of Crime Act exists outside of that, the offences in the Proceeds of Crime Act. The one we’ve just talked about there, if you know or suspect that what you’re buying is a drug dealer’s house and you’re helping him to do that is an offence under the Proceeds of Crime Act, and there it doesn’t matter whether you know who they are or not; you’re just involved in money laundering

Again, to answer your question, the responsibility will be coming that you will have to know something about the person that you’re dealing with, to the same standard as you would if you were opening a bank account for them, buying a house for them. But the risk management of “Do I think that they’re using this for crime?” that already exists on you, because the offences already exist.

Rob: In the introductory presentation this morning I talked about the idea of the Internet of Agreements, and a new wave of businesses that are getting involved in moving on from just traditional retail, buying and selling goods, moving into some of these more regulated areas like insurance. We’ve seen examples earlier today already of banking, various aspects of financial services, lending of money, managing supply chains, where the sums of money involved are very much larger than we’d see in a typical ecommerce transaction. It would seem that a lot of these very small, early-stage startup companies, in the ecommerce space thee compliance requirements are fairly minimal, but if you want to get into these kinds of businesses, you do actually need to really take these kinds of things very, very seriously.

Amy: I’ve been reflecting on it today and thinking about what kinds of things you would want to know, and it seems to me that if you’re building solutions for people, you’ve got to think about who is going to use them. That’s why I kind of outlined that the bank of people that have to be concerned about identity, about CDD and KYC is quite a large number of people.

The other thing to say about that is that in ecommerce it’s relatively straightforward, you have a buyer and you have a seller. If you were to take something like conveyancing, there are actually four lots of regulative people in that activity to enable one seller and one buyer to interact: there’s a solicitor, there’s a bank, there’s an estate agent, sometimes a financial advisor, and then on the other side there’s also an estate agent, maybe the estate agent will have to due diligence both parties, and a solicitor on the other side. So there’s loads of people there that have got to solve this problem, and one thing I think we should be mindful of is we solved the problem for say the bank, and the bank is like, “Yeah, got it, we know who that person is, I’m very happy to lend, I’m quite happy to give them a mortgage,” it doesn’t necessarily mean that that solution will be adopted by any of the other players in the market in the activity, and that, folks, is I think around risk appetite.

In those kinds of transactions, when we’re looking at transactions that have these different entities in them, I think we have to recognise when building those solutions that the risk appetite is dramatically different between the banks and the rest of the players that you might come across. Also their spend; banks spend, just in the UK alone, around… I think it’s around £5 billion in anti-money laundering compliance, one billion of which is reporting, and the rest of it is CDD. For them it’s worth investing in cracking this nut, whereas solicitors, estate agents, other part in the chain, they’re still, as I say, asking for a passport and a utility bill,, and they’re allowed to do that.

The other thing you should think about legislation is whilst you might be able to build solutions, the regulator has got to allow the… unless it’s too risky, but the most manual, basic way of doing it, because otherwise you take a whole chunk of the market out because they can’t invest in the tech. So when we’re looking at solutions, I think anything more than an ecommerce buyer and seller, you got all the regulator people that are involved in there, you’ve got to recognise that if you build something that the banks will use, it won’t necessarily mean that the other sectors will use it as well.

Rob: Why would that be?

Amy: Because they won’t trust it. The law says you are allowed to trust somebody else’s due diligence, it’s catered for in the law, but currently the law, at least in the UK, the law… you remain criminally liable, if the person you’re relying on gets it wrong. If I’m a solicitor and I’m told… Sally and I are working on this concept of KYC once, that if you’re going to buy a house, you should just do your ID once and passport it across everybody else; that’ll only work if we can get all the players bought into being confident about the process. And it would be quite helpful if we could convince the government to release people from their criminal liability if it goes wrong, but I’m working on that.

Rob: That sounds like something where a regulatory change could be potentially very helpful, or at least encouragement of that kind of behaviour, where it becomes easier for people to have comfort in the fact that the due diligence has been performed once to a very high standard, rather than everybody potentially being liable for it and as a result having to redo the same process.

Amy: But, the flipside of that is, unfortunately… I’m there, we’re definitely there and we’re definitely pursuing that as an option, because the customer journey is a nightmare for anyone who’s involved in these processes; if you’ve been involved in that process, it adds time and cost unnecessarily. The flipside of that is you would get law enforcement who says, “Actually, we quite like all these people thinking about it individually, from their own lens, in their own separate way.” I’m not saying that’s the right answer; I’m just saying that would be the flipside argument to why do we not just make it one person’s job and everyone else hang off it — that’s why the criminal sanction is still there.

Rob: Even in the environment where it’s necessary for multiple parties to check and to investigate this kind of information, do you see a benefit to digital standards or to increased portability of the information? Even if at the end of the day that still needs to be investigated by each party, the ability to accurately pull up the information about somebody using an identity system of some kind would be the kind of thing that would at least speed that process up.

Amy: From my point of view, there’s a lot of weaknesses in the system. You can go and buy a fake passport, if you know which pub to go in, for 50 quid, and if somebody is relying on that — I’ll give you a list later [laughter] — if somebody is relying on that, that’s not foolproof, is it? I’ve long been an advocate of… In regtech we’re still quite basic. Electronic verification, pulling data from different data sources and saying, “We think this is who they say they are,” solves one problem, but it doesn’t solve the problem that if you go to someone and say, “I’m Amy Bell and she lives at this address,” then the electronic verification will come back and say, “Yes, Amy Bell lives at that address,” and you assume that is me — there’s loads of different things to unpack there.

But, there has to be a better way. I mean, the world has moved on, and the criminals will and have thought of ways around where we currently are. The regulators should be supportive of this; the challenge is very, very strong lobbying from some people who don’t want to embrace this, because there’s lots of… Even in the legal sector, most firms will do things in a certain way, and then we’ll have the big firms who will completely write their own rulebook and do things completely differently, and who will need complete flexibility and autonomy. Just having a standard won’t work for them; they’ll want to have this risk-based approach, where they can make commercial decisions rather than legal ones.

Rob: It sounds like it’s a fast-moving space in the sense that the regulations are changing, they’re evolving over time, new technologies appearing. If you were to take out the crystal ball and look five years into the future, what kind of things do you think would change, based on the current trajectory of both the technology and the regulation? Do you think there’s a big thing that’s going to be very different about how we do this in the future compared to how we do it now?

Amy: No. [laughter]

Rob: I’ve got to say, I really appreciate that answer. Because I was attempting to set you up with some future prognostications, but I think that’s…

Amy: Just because of the inertia of change in this sector. As I said, only 20 years ago… 20 years ago I got my first email account and I got a mobile phone and I could text, and yet Sally was still crossing the road with a cheque. It will only move at a pace of the slowest denominator and adopter, in the AML space anyway. I think that it depends on the politics. In the UK in particular, it is very important to us to remain relevant, especially in a post-Brexit world, when we don’t necessarily have the same influence that we might have had previously. So I do think that in the UK there will be government interest in promoting these things, but the adoption of it and changing the way everyone does it I think is a slow burn, unfortunately.

Rob: Thank you very much, Amy — that was extremely interesting! [applause]

All materials from the conference: http://internetofagreements.com/identity/

Learn more:
https://www.tealcompliance.com/

https://www.mattereum.com/

Join the telegram https://t.me/mattereum

Amy Bell on Compliance in the Cryptocurrency Space. was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

Adjoint VP of Product Darren Tseng gave an overview of key features of Adjoint’s Uplink private ledger and smart contract language FCL (Financial Control Language); with the theme of the conference in mind, he then demonstrated how identity and authentication work within Adjoint’s software.

Next, Mattereum’s US General Counsel Niranjan Sivakumar conducted a discussion with Darren and Adjoint co-founder and CTO Stephen Diehl, covering various topics such as the design principles of Adjoint’s software, how it uses cryptography, its privacy features, and examples of how it can be used in international finance.

Video:

Transcript:

How are you guys doing today? Good? I’m Darren Tseng, I’m the VP of Product and Co-Founder of Adjoint, we have my other Co-Founder in the crowd, Stephen. Today we’re going to talk about identity, but more specifically, we’re going to talk about how identity can be used on our system.

It’s important to define identity in the case that we’re going to talk about today. The textbook definition is the characteristics determining who or what a person or thing is. But when we talk about identity, we also have to talk about authentication: can we prove this person is who they say they are? The definition of authentication is the process or action of proving or something to be true, genuine or valid. In the case of a personhood or an institution, is this person who they say they are?

I’m going to talk a little bit about distributed ledger technology, and this is the general case distributed ledger technologies are a structural layer on top of a traditional database. These elements are all part of it: there’s consensus that might be used in different ways in different ledgers, there’s always hashing involved. Non-repudiation of data is a very important bit, and peer-to-peer messaging protocols so that various nodes can talk to each other, and sometimes smart contracts.

We created our own ledger, it’s for finance. It is a private distributed ledger, permissioned, it’s not meant for the open public world, there’s no mining. The main thing to understand is that there’s accounts, multiple assets being created, transferred, circulated. You can denote them to actual securities, identify them as such, and there are smart contracts in our ledger.

Accounts, going back to identity, is a person, entity or group of people that holds that identifies their interactions with the network, and this is essentially an elliptic-curve public/private key, and the public bit goes on the Net. It’s a multi-asset ledger, so an issuer, if you have an account, can create different kinds of assets, you can create a USD or a Pound let’s say or a stock, and contracts are the logics that define the multiparty workflows between accounts, oftentimes involving assets.

Going back to more details about an account, each of those three elements that I mentioned have a unique identifying address on ledger, especially the account, and each of them are unique. In this case I think it uses an ISO time zone code as part of the address derivation function to derive it as an account, and you have the option of creating your own arbitrary key value store of associated data if you’d like. Again, this is a private permissioned blockchain, this is not something you would use in a public space.

Authenticating documents, who is who they say they are. On the chain you have a private key, the public key goes on that, so the only person that has the private key can be associated with the public key so they know who that person is. Traditional documents, such as a US passport, is issued by the US State Department, and you can see there’s all these security features to make it hard to copy and basically steal someone’s identity. The question is how can you map the physical document to a chain on a ledger let’s say, and I’ll come back to that later.

I’d like to talk to you a little bit about our smart contract language, it’s called FCL, Financial Core Language, and it’s unique compared to what you see out there, because it essentially acts as a state transition machine. This is a simple loan, single term. As I said earlier, you have different accounts or assets on ledger with a unique identifier. You can set certain values, like this is a fixed point number for two decimal places that denote interest. You have a maturity date, this is when the loan has ended and you have to pay back whoever issued the money so to speak. One thing that’s unique about this is a transition graph which maps directly to this, and this is important, because then you know all states of a contract before they actually occur, so they go on ledger, you already know what things can happen and what things can’t happen, because you don’t let it to happen, which is really important, because you don’t really see that out there.

One last thing I’d like to point out is the little bit here, a little defensive type if-then statement. You want to make sure that the person in this state or function is the issuer with that account, which associate to a private key. You have “is UK business day now”. On our ledger you can detect what day it is, to know if it’s a holiday or weekend, and this is important, especially in finance. They have this saying “All error bugs are date/time bugs.”

To give more context, applying this to our ledger in terms of identity, what I talked about earlier about putting a passport on a chain, as well as the conversation before with Vinay and Vishal, this is a contract that you can put on, I wrote this in five minutes and it works. You have two people, let’s say this is the US State Department, the authenticator, this is a person who wants their passport ID let’s say authenticated. Now, this can happen with different types of data, it doesn’t have to be a US passport, it can be a bunch of different identifying documents, let’s say UK biometric card. What ends up happening is you, as the person, can say, “This is my passport ID,” and that immediately transitions to the next step, in which let’s say the State Department has a connection to this chain, and they can see the actual passport ID and make sure that the private key matches up, that that person actually does hold that passport ID that he can authenticate, and that terminates the contract.

The more interesting thing about this is this doesn’t have to be a standalone thing. We have more complicated things that we can do in finance… Sorry if this bores you, if you’re not a developer… I don’t necessarily have to show you the whole detail of everything, but this is what you call a structured product. It’s a capital protection note FC100, this is a contract that we use today in a use case I’ll talk about later, but you could just as easily take the contract that I wrote earlier and attach it to this to authenticate multiple parties before you actually get into a transaction. That concludes the talk for part of my talk, but I wanted to show you the contract working over here.

Just so you guys know, there’s documentation, it’s very comprehensive, any technical questions that you may have you can go into it, it’s very detailed and it goes through pretty much everything in the ledger. You can go to chain.adjoint.io, which I’m going to show you in a second, it’s kind of like a sandbox online, a block explorer. This is Uplink Explorer, and we have different things here. Like I was saying earlier, we have our blocks, you can go to different transactions and look through them all. We also have accounts where you can create a key, we have assets, and we can actually create different kinds of assets, whether they’d be floating point or fixed point, up to six digits of precision. You can have a binary type of asset where that can represent a title — for example, does this person hold a title to this car or not — and then use the message element that I showed earlier to denote the actual document or an image of the document.

Now, this is the fun part. This is the passport authentication contract, I created accounts earlier. This only has one node by the way, but obviously you can have as many as you want. What’s nice about our ledger is you can configure it, to have a certain set of non-validating versus validating nodes, you can set block times, etc. but in this case as the person issuing the contract. Now we have this contract on ledger, and right now you can see the contract logic, you have to be the person acting on it with that account. I’m going to call a method of the contract, set the passport ID, and again I have to call with my account ID, otherwise it will reject the transaction. You can see the passport ID is set. Now what would happen is let’s say somebody in the State Department sees this, they can actually check if their public key lines up with the actual passport, and as the authenticator they can reject or not reject the actual contract. There you go.

I’d like to open this up for Q&A — Stephen and Niranjan, please join me on stage.

Niranjan: I am Niranjan Sivakumar, I am US General Counsel at Mattereum, and I’d like to start off the discussion with some questions, abuse my privilege in the swivelly blue chair before we get going, and then maybe open it up to some questions from the audience later on.

To begin with, I think one of the innovations that we saw in that informative presentation was about the programming language that you guys are using, FCL. You touched on some of the ways in which it maps onto the state machine that you have and some of the affordances that the language has. I think for those of us that are in the development world, in some ways it’s sort of easier than ever to make a programming language and toss it out there, but it’s just as hard, if not harder than before, to do it the right way. So I wonder if I could ask you a little bit more about some of the philosophies that went into the design of the language, and whether you might be able to sort of compare and contrast it with some of the other languages that are out there in this space at this time.

Stephen: Certainly. To give you a little background on what Adjoint does, I’m the CTO of Adjoint, we run the company here in London, and we’ve been doing business here for about a year and a half. We’re a little different than a lot of the other companies you’re going to meet today, because we work primarily on what I would call market infrastructures, we work on rather mundane data reconciliation problems that involve complex multiparty workflows between different institutions, how to automate that and make them more efficient. We happen to use blockchain and distributed ledger in a way that’s probably different from some of the use cases you’ve heard today. But at the end of the day, it’s all about making markets more efficient and making the processing of things like social products, insurance products, loans, derivatives more efficient and more secure.

We started with our distributed ledger solution, we have a ground-up, bespoke solution that we’ve built, it has a custom programming language inside of it that we used to model so-called smart contracts, even though I’m not particularly fond of the term, because, as you’ve probably heard today, they’re not that smart nor contracts, in a general sense. What we’re talking about with smart contracts is secure, multiparty workflows between different entities that need to transact about data, and assert the existence of transactions or cash flow or some data or the transfer of some rights or obligations over time.

We start from the premise that a contract is basically a digital representation of the time-varying rights and obligation allocation between counterparties, and you have a notion of what the counterparties’ identities are, and then you can construct what that kind of language would look like. We think the construction of smart contract languages should be a very, very constrained domain, it should basically be just enough to express the kind of logic that’s necessary to derive these workflows that involve the exchange of rights and obligations over time, and they have to have certain properties. One of those properties is they have to be analysable, you need to know about the states of the contract will be in over time, you need to be able to analyse all possible states that the contract will be in.

This is a property that’s rather difficult in most general Turing-complete languages. FCL for instance is a software and computer language, it is effectively a constrained, strict conditioning graph that allows certain entry points based on identity or cryptographic evidence or certain time constraints, and it allows all of the properties about the contract to be analysed.

Niranjan: Since you introduced the topic of cryptography, as we were discussing the programming language and the architecture of the systems that you make right there, I was wondering if you could say a little bit about the cryptographic protocol design, what went into that, what informs the way in which you implement that, the selection of algorithms, how it is that you think about cryptography at Adjoint and what it is that you do here.

Stephen: One of the major concerns that we have when we work on these market infrastructure projects is around privacy. If you’re working on any one of the public chain technologies, we know that all of the transactions basically happen in the clear, everybody can see everything at all points in time. This is something that’s really cannot stand inside of market infrastructure, where the economic details of specific trades are privileged information and cannot go beyond certain regulatory boundaries. That’s a hard constraint that you have to kind of bake into the language from first principles, so you need to be able to reason about things like does this information flow to a counterparty that it should not flow to.

Then we start getting into the very, very interesting realm of where the contract execution should actually happen. In the public chains contract execution happens whenever a block is mined for instance: you have a blob of bytecode or an EVM bytecode or a Bitcoin script that’s evaluated top-down as part of the transaction that’s submitted and signed by a network participant, and then the miner is able to see all of the economic details of that trade, and to audit or censor it if they wish. When you start looking at distributed ledgers in the private network space, execution should not happen on chain; there should be a verifiable computation in which the counterparties that are privy to the trade are able to prove to each other that they’ve executed the trade with the inputs and outputs that are maybe public or private and both, and that the computation can be verified on both sides of a bilateral claim, and the execution has to be provably correct on both sides, and the assertation of the correct execution is the thing that lives on chain, not the contract itself. So that’s a very non-trivial property.

Darren: Think of it as a receipt that it was executed correctly.

Stephen: Yeah. And that’s a really difficult problem, and it falls into the realm of a computer science field called verifiable computation, and it often involves things which are called secure multiparty workflows, and uses cryptographic protocols, things like zkSNARKS.

Niranjan: Have you encountered any paradigmatic differences in the way that you think about cryptography working in this context than from protocols that have been developed for example in the past for things like authentication, which is something that was mentioned in the course of the talk?

Stephen: How do we think about cryptography differently? For the kind of market infrastructure projects we look at, there’s basically three classes of cryptographic problems, and they’ll have to happen in what’s called zero knowledge, which means that on both sides of the cryptographic protocol the details are not exchanged in the clear, only the proof of some property or some protocol is exchanged. Doing cryptographic assertations of certain facts about certain pieces of data in zero knowledge is a really, really non-trivial thing, and we could see basically three really interesting areas where that could be applied, the first being the assertation of the equality of two pieces of data. How could I prove to the State Department and the Justice Department that they’re talking about the same piece of identity, when they’re not allowed to legally share the data in the clear? This is a well-studied problem actually, there’s a variety of protocols that you can do, either with sophisticated, modern methods like zkSNARKS, or even things like the socialist millionaire protocol for instance is an interesting one, and there’s a variety of ways of proving equality in zero knowledge.

The other one is set membership in zero knowledge, you need to prove the membership of a specific element within a set. A prover have to say, “Okay, I have this value A and it belongs to a set X, without revealing the entire contents of the set X, only the proof of the existence of X in A.” Then the third is the more general form, which is basically being able to do arithmetic operations over cryptotext. There’s a wide variety of techniques by which we can do this, and this is actually a very, very lightweight technique that you can do with modern techniques like zkSNARKS, where you compile a program representation into the circuit and then evaluate the logic in zero knowledge, or you can do it with more simpler methods like partial homomorphic encryption.

And these things have to be baked into the contracting language from first principles; trying to bolt the logic where we do verifiable computation of specific methods of a contract on a public chain world just doesn’t work, because you don’t have enough gas in these kind of computations. You can’t be writing an entire elliptic curve cryptography program inside of Solidity or anything like that; you need to have these as first-class entities, you need to be able to do things like set membership in zero knowledge as part of the protocol.

Niranjan: Right. If we could maybe take a step away from the deeper, technical questions, there were a couple of examples that were provided, you shared the passport verification and how it could sort of be bolted on to another contract. Maybe one of the easiest ways that we could wrap our heads around what you do is if you had some other examples or if you could discuss some other domains in which you’ve been applying this technology.

Darren: Sure. One of the popular use cases I like to talk about is there large, global insurance company, I’m not going to mention them, they have more subsidiaries than countries on the planet, and in every company there’s something called treasury management, it’s about managing the financial liquidity of a firm. Now, that gets tricky when you have a lot of entities doing transactions with each other, because that incurs a transaction fee, and this is traditional currencies and traditional methods of payment. Using our technology they essentially can do treasury management using our multi-asset ledger denoting to real life currencies, so they transfer on ledger between those tokens, and then at the end of the day settle out, and that saves them a lot of money. That’s one use case.

Niranjan: When you’re looking for other use cases or interacting with different sort of institutions and parties out there, are there certain properties that you look for that make particular applications sort of amenable to your approach? How do you find yourself engaging with the broader ecosystem of institutions and regulations and different parties?

Darren: We worked in the financial domain mainly, as well as the insurance space, energy and commodities, those are the main sectors that we focus on. We map FCL to something called ISDA, the standards bodies. There’s a standards body out there that defines something called the Common Domain Model; Stephen can probably talk in depth about that for hours on end, but the point being is that they already have this way of describing their contracts in a standardised way, and when we map to that with our language, then you can describe the financial and legal workflows, not necessarily one to one but just enough of a logic that it makes sense to do so.

Stephen: That also informs quite a bit of the design that went into why we put the ledger in the first place, is that we think smart contracts as they’re expressed in the existing technologies approach contract development from a programming language perspective rather than from the domain model. The domain model says that we’re talking about a class of derivatives products, we’re talking about counterparty obligations over time, and then how do we proceed to model the domain in terms of actions that can occur on ledger, so we start from the domain modelling first.

We look at the ISDA Common Domain Model for instance, which describes a small set of logical building blocks — things like innovations, terminations, events, value flow, value transfer, assertations, litigation, arbitration in your case — and then we start looking at how do we describe the events that have to happen on ledger, what kind of data needs to be transferred on the ledger, and who needs to be notified in the system about specific events, and how do we constrain how these single building blocks compose with each other to give rise to more complex instruments like your standard set of derivatives products, your standard set of insurance products… But we think that starting from… We have arbitrary code, and then how do we build a contract on top of that is the wrong approach; we need to start from the domain, and the domain is: what are the specific terms and what are the specific elements of the workflows, and the build a system in which we can compose those and reason about them over time and prove properties about them, and that should be the premise that we start by developing smart contracts.

Niranjan: I did promise to allow a few questions from the audience.

Question: Have you thought about open sourcing your FCL?

Niranjan: It is open source. If you actually go to our website, you can download the open source version of our ledger today, as well as FCL.

Stephen: Yep, it’s all open source.

Question: Are you thinking about the IETF side as well, to get it standardised?

Stephen: IETF? I don’t think we’re at that stage yet, I think as far as making it an Internet protocol would be about 10 years down the road. But we do take requests for comments on the GitHub Issue Tracker, so if you have an interest or a specific interest in standardising the FCL contract language, we’re happy to get involved with that.

Question: The way that I understood your blockchain working is that the blockchain working is that the transaction is not actually on the chain, you’re just kind of confirming certain parts of it. I’m wondering about scalability and who your validators are.

Stephen: That’s actually a business problem for the most part. We’re looking at creating market infrastructure for a variety of financial institutions, so usually the validators are some subset of the network participants or market participants, or the consortium that creates the network. So in the case of the insurance product, you have a bunch of people who are underwriters who are responsible for doing validation; for the capital markets products we work on, they’re generally a consortium of people who are basically market creators

Question: Are they paid by fees?

Stephen: This is what differentiates the private ledger from the public ledger, is that we’re generally working on replacing existing infrastructure rather than charging a transaction model. We are an IT company, so we basically build services and provide these market creation solutions, and that’s how we we a profit.

Jelle: It seems to me that you are solving a lot of problems that R3 is also solving with Corda for instance. How do you compare yourself in that space?

Stephen: How do we compare ourselves to R3? It’s a good question, I always get that. They are looking at a specifics in the verticals that we are looking at. I would say R3’s approach to contracts is limited/non-existent. [laughs] R3 has taken an approach toward automating payment infrastructure, not toward developing networks by which we can issue complex, structured financial products. If you ask them about what smart contracts are on top of Corda, they’ll generally give some kind of ethereal answer about what exists today, and it’s… R3 is a very different approach to things like privacy and consensus, and they’re looking at what their clients tell them to build, and we have different clients.

Niranjan: Alright, I’d like to thank Darren and Stephen for their time, and wonderful presentation — thank you! [applause]

All materials from the conference: http://internetofagreements.com/identity/

Learn more:
https://insurepal.io/

https://www.adjoint.io/

Join the telegram https://t.me/mattereum

Adjoint: Distributed Ledger Technology and Smart Contracts for Real World Finance was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

Vishal Gupta, Founder of Diro Labs, gave a presentation on the problems of digital identity and Diro Labs’ work in the area, then went into more depth in conversation with Mattereum CEO Vinay Gupta.

Vishal opened his talk with the claim that identity is the biggest problem in the blockchain industry, perhaps even in technology as a whole, followed by a rapid survey of attempts to tackle the problem, starting in the earliest days of the Internet. He highlighted the identity siloes that are currently operational and the alarming $6 trillion cybersecurity problem they have engendered. The rest of his talk consisted of a brief explanation of Diro’s framework as well as two useful diagrams of the limitations and tradeoffs of any identity system.

Vinay joined him in a conversation that covered a broad spectrum of identity considerations including more details on Diro’s identity application, which allows for secure identity via crowdsourced contact directories and social recovery of credentials and keys.

Video:

Trascript:

Identity stuff is absolutely the most critical stuff you can ever imagine in the blockchain world and in the tech world. The Internet was basically a network of devices with storage, started in 1973, you kind of start connecting machines together and that’s what it was.

Decentralisation is a network of private keys and public keys. What blockchain is is you have this network of keys where you can exchange value, you can store value on it, it can be shared as property, anything. So the Internet was a network of data exchange, and ledgers is exchange of value.

This is how IP addresses looked in 1973, and this was how we used to use the Internet back in… I was not there, but still, it was all IP addresses. In 2009, this is how private keys and public keys look like even today.

In 1983, this is when we invented the domain name system and it became human readable, and this is how the blockchain is going to look in the future: it’s going to become aliases, probably similar to your contact database.

It took us another 10 years to realise how to discover these domain names on the Internet. In 1993 we came up with Yahoo! and we started discovering all these domain names. In blockchain there’s a privacy issue, you can’t really put a public database of identities, so most likely it’s going to be a private network and it’s going to be sitting in your contacts book. It could be you’re going to discover these identities based on your school, college, clients, vendors, user directories of office, home, family, stepfamilies — that’s where it’s all going to sit. Maybe it’s Facebook, but they need to decentralise. I don’t think people are going to now accept centralised systems anymore; we’re moving to a different, shared economy, shared communities, community-owned stuff, that’s where we’re headed.

Identity silos, this is how the world exists today. There are too many identity silos, contacts is on silo of the database, the starting point of the database. Then you have social networks which are most of the time disconnected from your contacts, then you have CRM/CIM systems running separately, they have identity systems running in them which are not connected to anything else. You have apps and cloud which ask for permission to get all your contacts, put them on the cloud, and the cloud services have their own identity databases. You have government IDs, AML/KYC stuff running around, which are disconnected again, you have wallets and passwords, you have password managers like LastPass or OnePass where you have all these passwords, and they are technically all identities, which are disconnected again. Then you have employee directories which are active directories, LDAP is mostly what it is. Then you have ERP and payroll systems running on the other side which are sometimes not connected to your active directory.

This broken identity system causes a six-trillion-dollar problem, it’s one of the largest problems we have right now. All the cybersecurity issues we see, where we have no idea where these packets are coming from, we don’t know who hacked your wallet and where the money went, this is because we can’t track those people, there’s no accountability in the system.

This is how we think the blockchain works. Currently there are solutions on blockchain which say they are solving identity problems, and they think that solving KYC and AML is good enough and that probably we’ll have our identity system working on blockchain, and then some of them go forward and solve the authentication problem along with identity, and this is where the whole industry is. Whenever we talk about identities, we have to talk about access management. The use case of identity is actually the access part: it gives you access to different services, systems, processes, and this is where the money is, this is where the industry exists, which we are ignoring today on blockchain. This is what the standard is in the access management, the global standard of. You need to have directories, you have contacts, you can enable services for large groups of people in one go, so you need to have LDAP and you need to have directories running — that’s what all the Fortune 500 companies use.

This is what people understand, this is what our moms and dads and friends and family and kids would understand: contacts is what they are used to in dealing with identities, they don’t deal with other things every day. This is where it’s going to all sit, so all these things will get linked together. When you have these contacts books, they also give you social graphs. When you’re using a phone, you’re calling your mom, dad, friends, family, clients, vendors, it kind of validates your identity every day, and that’s the best place to build an identity system, where it can be trusted and you can actually have a social recovery of your keys, social recovery of your credentials or whatever. That’s the place where validation happens, and it’s decentralised, you don’t need a central authority for that.

And when you are calling these people, Dialer is probably the best place it can sit, because we need human verification. You can’t rely on textual stuff; there has to be a little bit of biometric verification. For example, if I call my mom and talk to her for three minutes, she knows it’s me, and if the devices are signing each other in the background, decentralised, it’s pretty easy to kind of see that it’s a real person. Let’s say my password gets hacked tomorrow and somebody downloads the same app and my identity on another phone, they can’t talk to my friends and family, and therefore the system is going to know who is the real Vishal, you can distinguish and restore, so it makes it resistant in a way.

When you have contacts and phone books, the new standard of thought today… Evernym and Sovrin were here on the stage, they’ve been involved in developing the standard of thought here, which is DIDs. DIDs is the new standard of thought, that’s where identities exists, and all relationships are going to have different identities so that there’s no external correlation. Those DIDs need to sit somewhere, and most likely that’s going to be your phone, and that’s where all these keys are going to be exchanged in the background.

These directories are going to give contextual access in the world. It’s important for let’s say in the future, in the AR/VR world, you go to a restaurant, the system needs to know who the wait staff is and who’s the clients are, who the premium clients are, so the contextual access is driven by directories again. So the directory systems is pretty important for identity to exist and give contextual access.

Let’s talk about problem space, where the problem is. This is my personal thought, it’s not validated yet and I’m proposing it here. Transactions can either be private, or transparent or public. On the other side, identities can be either anonymous or pseudonymous, or on the other side they can be accountable. This kind of limits any decentralised system to one single edge. Any decentralised system will have the problem of privacy versus accountability, that’s where I think the whole government and people are struggling: do we build accountable systems, or do we build privacy? Unless you centralise that a little bit, it’s impossible to solve that problem. That’s what I’m struggling with personally in building our systems.

For example, if if you have privacy/anonymity here, you kind of create a Dark Web in a decentralised system which is censor resistant, and the governments aren’t going to like it, they’ll most likely regulate it out and shut it down eventually, if they can get their hands on it, especially when they’re linked to the financial system. We have this organisation called FATF, the Financial Action Task Force, and they are responsible for dealing with terrorism and money laundering and child trafficking all these things. They have been creating rules, the countries together have been creating rules how to stop the money flow and how to stop organised crime from skipping jurisdictions, and these guys really have the power to cut off fiat supply to for cryptocurrencies. Unless we solve this problem, I think we’re not heading anywhere, we can’t expect mainstream adoption. This is one of the biggest challenges we have in this space.

So transparency and accountability, that’s government stuff, and this is what we prefer: accountability with privacy. But that creates another problem, at least that’s my theory: if you have a decentralised system, you can either have privacy or accountability. If you try and to both, you have to kind of go less decentralised, so you need to kind of build an insurance. This is where indemnity insurance comes in so that there’s somebody who is taking the risk off the table.

Vinay: That covered a lot of ground really, really fast! [laughter]

Vishal: Yeah.

Vinay: And I’m not sure anybody understands what it actually does. So, let us break down what it is that it actually does. You have an app that sits on your phone that pools all of your contacts into a structure that allows you to share address books with other people, and the cryptography keeps the address book sharing controlled.

Vishal: Yes. In a decentralised system you need somebody to manage the trust. We kind of trust the cryptography in the background to do its job so that nobody manipulates the stuff, and there’s no central control from the company side or the community side.

Vinay: So you have a set of protocols which are designed by the company in a central way, the application sits on the phone, and all of your information is only pooled with your friends.

Vishal: Yes, so it kind of creates a shared pool of contacts. We can create multiple pools like that, they can have a private pool.

Vinay: So every time that we have melodrama because somebody doesn’t have somebody else’s phone number inside of the company, like you have a new hire and somebody needs to call them and you don’t have their phone number, I think, “Why the heck are we not using Dira?”

Vishal: Yeah, it makes sense. We have the iOS version ready, and…

Vinay: I know, but we’re on Android. [laughter] So, this is the kind of base layer: that’s the app, that’s what it does. Talk to me a little bit more about the longer-term vision, and specifically how this looks in India as opposed to here, where we’ve got schemes like GOV.UK’s Verify system. Give me some notion for that picture.

Vishal: What we’re really trying to build I think is the equivalent of a domain name system for the Web. You need the identities to be human readable and human useable, and in the background the cryptography can run, but it has to be hidden from the users, so it has to be manageable. That’s one side. And whenever we talk about identity, we have to talk about access management; if you don’t talk about access management, you’re really doing an incomplete job. How I see identity is on one side you have the use case which is the access management, and on the other side you have the concerns, which is privacy and are these entities legal, are they correctly released?

Vinay: When you’re talking about identity here, identity is a word that means different things to different people. What we’re not talking about is hard, legal identities that are bound to passports. What we’re talking about is something which is much softer, closer to say Facebook’s model of identity than the tax office’s model of identity. Is that right?

Vishal: Yeah. We’ve put a different spin on this: I think where the blockchain is going… I agree that there’s different models of identities, but now I think we’ve arrived at a self-sovereign identity model where really it starts with the private key, where you own that private key and you have control of that private key, and you can park your public key on a blockchain which nobody can replace. That is the core seed of identity, and you can keep building layers on top of that.

Vinay: Blockchains are great for doing namespace management, they’re an excellent fit for DNS-shaped problems. If you only have one blockchain and you register a name in that blockchain for what it is that something is going to be or how it’s going to work, that’s a very good use case for blockchain, in the same way that certificate revocation is a good fit for blockchain; when something goes wrong and you lose a key, you publish the revocation to the blockchain and there’s only one place to look for it — they’re good for that.

But when you say identity, you don’t really… There’s a nuance here, which is it’s much more like the kind of InsurePal model of identity where you’re defined by your social relations, than the government’s model which is basically an SKU for humans

Vishal: This is where we are trying to take everybody into the future, where all these identities, you have a 360-degree view of the identity system. Once you have a self-sovereign identity, which is your public key and private key, and you start building things on top of that… One is the social KYC which verifies all the identities, and the second what we’ve built is actually a way to capture… This is a tech we built which is pretty new, and I think it’s pretty transformative. What it does is you can go to any website, we can ask the user to go to any website, you log into your bank account or your utility provider, and you do Ctrl+P and create a PDF. The PDF captures the SSL certificate along with the PDF, and it does a hash of the whole document and puts it on blockchain, not the document but the hash. So now you have this document which can be verified by anybody independently, and now you can insure such documents and you can insure the identity based on that.

Vinay: Let me break this down, because this is a completely magnificent hack, it’s one of the most awful things I’ve ever heard of; I remember the first time we talked about this, it was like an hour of me just going, “Oh no, you did not do that.” [laughter] If you go to a website that has the padlock on it, the padlock has encrypted the connection that you have with the website and you’ve proven that you’re talking to the right website, so there’s a measure of cryptographic security there, to which they basically added a secure screenshotting service that allows you to prove, with a reasonable degree of certainty, that the image that you are looking at on your screen can be shown to somebody else with the padlock in place, so it allows you to prove that you saw something on an encrypted website to third parties. It’s not military grade crypto all the way through, there is still a trust element, but it’s pretty impressive, and it could be built into the browsers in the next generation.

Vishal: We had to build a separate browser for this, because the existing browsers aren’t strong enough.

Vinay: Right, but in the future they could do it.

Vishal: Yeah.

Vinay: That’s an example of taking the public key infrastructure of the Web and extending it in new directions. And the PKI on the Web is at this point 20 years old, so it’s quite surprising that there are any new tricks to discover there.

Vishal: Yeah. I was surprised that nobody figured it out before us.

Vinay: Frankly, it’s such a completely weird idea… It took me a long time to wrap my head around it, like “Wait, you’re just faking the document signature?” Because the Web as a standard could sign all the documents that came off encrypted websites.

Vishal: Yes.

Vinay: We could apply digital signatures, but we just don’t do it, because we, generally speaking, don’t use digital signatures. Part of the reason that there’s such a revolution of blockchain is because we’re just not using digital signatures in the way that we could. Every document you get from a government department, from a utility company, all the rest of that, all of that stuff could be digitally signed so you could prove what you were given when, but we don’t do it.

Vishal: Here’s what I’m dealing with: I think there’s a very, very strong urgency to solve this KYC problem, which is mostly a remote KYC problem, where they have non-face-to-face accounts, we have wallets running around… I think it’s all going to get shut down, if we don’t solve this problem, it’s one of the most hard-pressing problems we have. On the other side, we can’t expect the world to retool itself, so we need to come up with a hack which solves this problem right now and that government can accept, in a reasonable, accountable way.

Vinay: There’s two sides to the KYC problem: there’s the commercial risk, which is doing business with Nigerians is hard because there’s so much Nigerian scam mail, and then there’s the regulatory risk, which is you’re a bank and you lose your license because you took in money that you weren’t supposed to take in, and the regulatory risk is almost entirely defined by regulatory action. You have to lobby the government to change their regulations, if we’re going to change the way we do KYC for regulatory risk. For commercial risk though, it’s a different story; you just need enough information about somebody that you can trade with them.

Vishal: I’m more concerned about the regulatory risk, because if we don’t solve that, the government is going to come down pretty hard on it. I think we are due for an update from FATF, the G20 guys met last month and they deferred to FATF. And FATF already has a view on things, they published in 2013–2014, where they want all these non-face-to-face accounts to have… they’re classified as high risk, and just doing a customer due diligence, CDD and EDD, which everybody is required to do, is not possible today.

Vinay: This is the kind of paradigmatic shift, that while the blockchain was seen as being some weird nerd game, people like that didn’t worry about what was happening on the blockchain. The posterchild for this problem is Monero or Zcash, platforms where it’s impossible to KYC; Bitcoin, you could go through an identify source of funds. In fact, I have this discussion going right now, where I say to people, “Look, suppose that you’re somebody who mines Bitcoin in your bedroom in 2011, holds it for seven years and then sells it to a regulated hedge fund. There’s no doubt at all at this point that this is categorically clean money. In the same way, if the money went backwards and forwards through the Silk Road half a dozen times, it would be categorically dirty money.” What we don’t have is any comprehensive mechanism for cleaning Bitcoin, by verifying that it’s not contaminated by criminal activity. You could kind of see how this begins to look like the incentive structure for KYC in the existing Bitcoin balances, because if you KYC and the state will accept that they are clean, then you can re-onshore those funds. But if we’re in a position where it’s all default dirty and we don’t use the fact that the ledger tracks the transactions to do the audits, then we’re left in a position where all of the money is dirty. It’s not just the KYC process going forward that matters; it’s also the KYC process going backward, to take the existing Bitcoin fortunes and actually render them back into real money.

Vishal: I think we’ll have to do a compromise here, because there’s already too much dirty… I don’t know, we have no stats on this, we don’t know how much dirty money there is. Look, I think it’s definitely better than cash.

Vinay: On the order of 10% of the global economy is dirty money.

Vishal: I think blockchain is far better than using cash in the economy, so this definitely has to go mainstream, we just need to get the systems around it. There’s two things stopping it: one is regulatory risk, which is AML/KYC, and the second one is the user experience, which is we somehow need to hide the private keys and public keys.

Vinay: Yep. Do you think the AML/KYC problem is a lobbying problem? Is it a case of getting new regulations passed, or is there some other approach to it?

Vishal: I think they already have a structure in place called New Payment Methods, NPMs, and they already have a structure in place that they expect people to follow. It’s just that nobody was applying it to cryptocurrencies, and because of the big run-up last year we got the attention now.

Vinay: So you think that basically there’s enough money in the crypto ecosystem that these folks are starting to care.

Vishal: Yeah, everybody cares right now, I think blockchain is making all the big news and it’s going to continue to make bigger news.

Vinay: What do you think the interaction will be between the old political philosophy of the blockchain, which is libertarian and private and all the rest of that, and the incoming KYC/AML regimes? How do you think that interface plays out?

Vishal: We will have to find a way to coexist together. [laughter]

Vinay: With Zcash in play? Does that sound…

Vishal: These Dark Net systems are difficult to shut down, decentralised systems have this problem of accountability, so government needs to kind of… I think government does a good job. Sometimes central power is abused and it needs to be checked, so you need these parallel systems also to kind of stay alive at some point, but at the same time not cause problems for the whole world.

Vinay: This sounds like we’re basically saying that we’re going to muddle through, that it’s a process where the people that want to use the blockchain for real work will develop KYC systems that will kind of sort of work, and the people that are outright black hat crooks are going to wind up using platforms which provide total anonymity, and in between there will be some kind of grey area. Something like that?

Vishal: Yes. I think we don’t have a choice, because these systems are censor resistant, you can’t really shut them down

Vinay: I did some analysis on what the vulnerabilities were of Bitcoin, and yeah, you totally can. But that’s not a technical problem; that’s a regulatory problem. Before we wrap up, I want to go back to the Indian context. Talk a little bit about the interaction between this notion of a kind of phone book-based identity that’s only shared between you and your friends, and the Indian government biometric ID systems. Because it seems like these are…

Vishal: Opposite extremes?

Vinay: Yeah, exactly.

Vishal: Aadhaar has brought a sea change in how India is working today, it’s been a lovely change in terms of the user experience today. For example, last time when I went back to India I lost my SIM card, and all I had to do is just walk into a store, do my thumbprint and I got the SIM card, they didn’t even ask any questions, so it’s a beautiful user experience today.

Vinay: Wow — that’s miraculous!

Vishal: Yeah, it is.

Vinay: I mean, if we had that in London right now, how much better would our lives be?

Vishal: Imagine if you could just walk into a bank account, just do a thumbprint, your bank is open and you can just walk out. So the user experience is beautiful. The problem is 5–10 years from now, when all these Aadhaar numbers are going to be externally correlated and we’re going to get discriminated against, where people are using external data to reject your interviews or reject your insurance.

Vinay: Right, because biometrics plus Facebook’s mass surveillance is a whole different thing than biometrics where it’s only stored on your phone and a few people around you maybe for backups.

Vishal: Right.

Vinay: It seems like there’s an assumption here that biometrics automatically rolls into largescale surveillance databases, either private, commercial databases or public, security databases. It doesn’t actually have to be that way, does it?

Vishal: I’ll tell you the big problem we have in this system: once you give up control to the central body, like Aadhaar or Facebook or the US government, the central state becomes so powerful that they start abusing their power and you have no option but to do it. Even if you vote Trump into power… I don’t know how much power he has today… It’s a good thing right now, but sometimes these powers are abused, and if government starts lying, we…

Vinay: Yeah, there’s certainly a very unfortunate history. The 20th century was one long story about government abuse of databases.

Vishal: If in India the government starts using Aadhaar data to kind of hack the democracy again, we would have a big problem. So decentralising is definitely the way to go in the long run.

Vinay: Okay. The last thing I should probably mention is we’re not related. [laughter] We often get this, and it’s quite funny.

Comment: Show us your phonebook.

Vinay: Yeah. There’s actually another Vinay Gupta who started a company in London called WhipCar, and for about two years after they launched I got emails congratulating me for my transport innovations. [laughter] Anything else you want to say before we wrap up?

Vishal: No. Thank you, thanks for having me here! [applause]

All materials from the conference: http://internetofagreements.com/identity/

Learn more:
https://www.diro.io/

https://www.mattereum.com/

Join the telegram https://t.me/mattereum

Vishal Gupta of Diro Labs was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

InsurePal CEO Matt Peterman presented his project’s approach to reinforcing trust and reducing uncertainty in business transactions through a peer-to-peer insurance platform using blockchain and smart contracts. At the heart of InsurePal’s design is “social proof,” whereby friends and associates can endorse an individual’s credibility, facing reputational or financial penalties if that individual fails to perform. Such a system could be used to increase trust in business deals (endorsing an individual’s trustworthiness), or to lower the cost of motor insurance (endorsing an individual’s driving skills).

Peterman invited Mattereum CEO Vinay Gupta on stage to help provide an overview of the dispute resolution process. A Ricardian contract, a combination of a natural language contract and executable code, forms the basis of a financial agreement over which the parties might come into dispute. A mediator can help the parties resolve the matter amongst themselves in the event of a mere misunderstanding or mistake. If the dispute is not resolved, then the matter goes to binding arbitration. Gupta then elaborated on how a P2P insurance platform would need to scale to keep a sustainable balance between the size of the insurance pool and the cost borne by the individual.

Video:

Transcript:

Matt: How many of you would vouch for your friend with £20, hands up?

Comment: It depends on the friend. [laughter]

Matt: Okay, so we have around 30% of people saying that vouching for others could be a solution for doing identity. I’ll start with a short video, maybe it’s the easiest explanation for what we are trying to do.

On one side, we are trying to move the existing insurance models, where everything is held centralised. As Michael said at the beginning, when Equifax came to UK, the same Equifax that holds most of the data of their clients is centralised. What we are trying to do is to put some of that data away from the insurers.

On this slide we have two ways of let’s say underwriting each person. I can check your Facebook, I can maybe even use Cambridge Analytica to do that [laughter], I can put some gadgets in your car, I can… My background was fraud detection in large insurers, so we usually checked when there was some fraudulent claims, we check their Facebook profiles, we check Google Links, we check any other social media to see the clients. The other way is we could also do it is ask friends whether they would endorse them. I saw that only 30% of people are willing to trust their friends, but that’s still a good amount, and we are trying to build a model based on that.

Here is how it works. If Vinay has car insurance for £1,000, I say, “I know him, I know he’s not a good driver, but I would still vouch for him with around £200 in order to reduce his premium,” and in that sense I am giving additional information to insurers and helping them to… On one side I’m reducing the premium for Vinay, and I am helping to do a better underwriting. You can do the same thing for other things also. We currently have around five clients using this kind of a social proofing for gig economies. For example, we have a client in Switzerland where if you rent an apartment, since they don’t know you, they ask that you put at least three rents in advance in a deposit, which you get back when you return the keys. What we’re offering is that you ask three or four of your friends whether they’d endorse you, whether they’d put their credit cards, we just check their credit cards whether they’re valid, and if the cards are valid then most friends would vouch for the same amount.

On one side that brings cheaper premiums, improved profitability, and it also gives benefits to society.

Blockchain can enable the expansion of that model to a whole network, so a kind of a recursive, transitive deductible which can be used if we have a lot of identities or a lot of clients in a space.

In the case that I vouch for somebody and there’s a dispute, then I always call Vinay to help us, so I would ask maybe to help how we resolve some of the smart contracts which we have, let’s say of the insurer or in gig economies, how to enable them to do it quicker. Vinay, can you help us?

Vinay: Sure. Do you need me to judge something?

Matt: Basically, currently most of the insurers are resolving the contracts in court. Some of the contracts could be also resolved easier through smart contracts. However, as I heard today, up until now only one smart contract has been resolved in the UK courts.

Vinay: Yes, this would be Ian’s contract that you’re referring to, from the 90s. There’s no doubt at all that arbitration is binding, it’s a very old, very stable process, there’s no doubt at all that arbitration works. The tricky part is connecting the smart contract to the arbitrator. Because the smart contract is just a chunk of code that lives on the blockchain, and there’s nothing in that chunk of code which can necessarily even be tied to a legal persona. So if this code is signed with a key, how do we know that that key is your key? Because if you give a copy of that key to somebody else, either one of you could be the person that signed the document. Tracing the necessary chains of legal cause and effect between a smart contract and a nominated individual who can then consent to the arbitration, all of that stuff is the tricky, step-by-step legal procedural work that you have to do, if you want to be able to use binding arbitration to settle these kinds of disputes.

Matt: How would we resolve disputes when people are vouching for each other’s identities?

Vinay: The simple case is that you first take the money; if something goes wrong, the first thing you do is you take the money, and if they decide that they would like their money back, now they’re the one that raises the dispute. You have things that looks like terms of service agreements, which say, “In the event of a dispute being raised, you first talk to a neutral third party that will try and have a dialogue about what went wrong, and that neutral third party will tend to resolve it in a way that everybody consents to,” so you have mediation step, presumably. In most cases the mediation step will resolve the problem, because it will be a simple misunderstanding.

But remember that you are holding onto the money at this point, so if the mediation step doesn’t work, you can basically shrug your shoulders and your customer will be like, Damn it, this is not right, this is just not how it’s going to be,” and at this point they can escalate to a more formal process, at which point the decisions become very binding, they have full legal force, and as a result people tend to do things like bring their lawyers. This is where there may be a mismatch between the sums of money in play and the degree of inconvenience required to have a litigation, and the bridge for this mismatch is of course mutualisation: everybody pays an additional 25 cents on their transaction fee, that money goes into a bucket, and that bucket then pays for the legal expenses of the parties in the event that a formal arbitration occurs.

Matt: So basically for each premium we would add 25 cents for that part?

Vinay: And you wind up with a kind of bucket of money which is like a legal defence fund, which is used to pay the costs of full process to do asset recovery. Because the thing is that the integrity of the process is much more important than the efficiency of the process. We’re all used to completely unaccountable dispute resolution mechanisms like eBay, where if something goes wrong on eBay, your chance of actually sorting it out is pretty low. Theoretically they have mechanisms in place for sorting it out, but practically speaking those mechanisms are kind of weird and opaque and it’s not like you could just talk to somebody and explain what happened; the decision making event tends to favour the buyer, but the procedural knowledge is all with the sellers, so you wind up with two unequal forces contesting.

All of those mechanisms… You just kind of play the odds and think that it will all be okay, and you continue to trade on eBay and once in a while you lose some value, but the general feeling that you get is that eBay is kind of a sketchy environment to do business in. If the alternative was that they had very, very high-quality arbitration, so that when something went wrong it was handled by a really competent authority, even if the transaction fees went a little higher, we would all feel much better about eBay. And this is how it works in high trust societies, everybody pays taxes and the taxes pay for the courts, and there’s been an enormous amount of work in the UK on streamlining the cost of core processes, not just for small claims but further up by doing things like changing the way that case management is done. So rather than having an environment where people could spend an infinite amount of money on lawyers, there are things like caps on legal fees that’ll be awarded if the dispute is ruled against somebody, and all of these mechanisms have been done to try and streamline these processes.

Matt: But isn’t it true that people are let’s say… We see in insurance that for small sums they usually don’t go to court, because they simply say it’s a lost battle.

Vinay: This is why mediation is important. If you have a mediation process where a neutral third party comes in and tries to make it work, in most cases just having a neutral third party there will resolve the problem. Somebody will look at it, and the agreement might be “Oh yeah, we have made a mistake here,” or “Why don’t we split this with you 50–50?” and you can resolve it, because the mediator is backed up by arbitration. If the mediator can’t resolve the problem, there’s always a way of escalating, and because we all know there’s a way of escalating, we know that justice is available, and at that point we are more willing to trust the processes at the lower level. If the mediator’s word is final and there’s no way of going above the mediator’s head, then how do you know if you’re going to get a bad mediator? You tend not to trust the process. But if you know that if the mediator does the wrong thing you have access to a higher-level system that will correct their errors, you come in with an expectation that the mediator will behave more professionally.

So the more rigid, solid process you have at the very top level, that kind of flows down through the rest of the systems. Even the front level technical support folks, if they know that it is technical support, then mediation, then maybe expert determination, then arbitration, you kind of have this tiered response, you know for sure that your technical support people understand that what they’re doing matters, so the first point of contact where something is going to get resolved is dealing with the extension of the authority of the ultimate arbitrators, rather than just the internal processes inside of a company. It’s very, very much like the kind of processes that give us trust in the national courts, and it’s that form of trust, this trust in a central authority that really understands the law and will administer justice fairly, that we want to bring into the blockchain space.

Matt: What we’re seeing is we have a lot of requests from so-called gig economies, where people are saying, “In order to onboard somebody to a renting platform,” they say, “If you bring additional social proof, we will put you on the platform,” but still on top of it, if I rent your car and if I crash it and the cost is 70,000 euros, your friends will vouch for 5,000, but the rest has to be covered by insurance.

Vinay: Yes, absolutely. This is the question about how big is the risk pool. If you have these kind of approaches where the risk pool is basically five people, you can’t get the kind of system performance that you want. You need a much, much larger risk pool, here’s your risk pool; if that network goes out to be 50,000, you would have the size of a typical insurance pool. If it’s five million people, that would be something like house insurance, and when the pools get really large, that extra 25 cents or the $100/year you charge somebody for insurance turns into such a lot of money that it covers almost all risks.

As Michael Mainelli was saying earlier on, there’s a whole question about scale. You need network effects to get these things working, because you have to push over the hump where you don’t really have enough insurance to make it work because the volatility is too large. You need to get lots of people with the same kinds of risks in a bucket, and that’s how you begin to smooth the risk. If you have something like that… If you’re dealing with $70,000 worth of risk, you’re going to need tens of thousands of people before you could split the risk so finely that nobody notices. How much insurance claim can you pay in a year before you feel the pain, maybe $100–200? So a $70,000 risk is going to have to be spread over 350 people, and you can sort of estimate the kind of risk tolerance of each individual and say, “How much is in the buckets?”

Does everybody know how Lloyd’s of London works? You have this kind of social network model, and at the top end of that you have a bunch of people who have yachts and country homes and Rolls Royces, and if something goes badly enough wrong that these people are asked to pay the claims that Lloyd’s is generating, these people begin to have to sell their country homes and their Rolls Royces. There was a famous bloodbath — how long ago was the bloodbath, 15–20 years, something like that? — where there was just a series of unfortunate events, and an enormous number of wealthy English names got hit very, very hard, and that caused a bunch of restructuring of risk at Lloyd’s.

The notion is always that you’re going to have to basically spread the risk thinly enough that each individual could tolerate it, and that applies as much to legal fees as it applies to the actual settlements. Because the difference between you being fined and you having to pay an expensive lawyer, it’s all money coming out of your pocket. So you need to find ways of pooling your risk of access to the expensive lawyers and pooling the risk of the actual payments.

Matt: That’s why in terms of scaling we think that the insurance business is one of the ways to scale. Because to onboard large amount of clients, insurance is one way. We see in the UK that if we offer a client an insurance premium that is at least £80 cheaper, they might consider to go and use the social proof insurance. We also have really good feedback from Dutch insurers, maybe because you had this event in Lloyd’s.

Vinay: Yeah, we’ve been warming them up for a while.

Matt: That’s the concept in short. If there any questions, I would be glad to answer them.

Vinay: I think there’s one thing that we should talk about here a little, which is the sort of notion that we’re up-ramping towards the future, there are a series of small steps: the first insurance product, there will be a bunch of disputes which will happen on the blockchain, and Ricardian contracts and dispute resolution will all kick in… All of these kinds of processes are steps towards a long-term equilibrium, and the long-term equilibrium is that you get a vastly higher quality of life, because you get much less uninsured risk.

All of these little risks, like you drop your cell phone and it breaks: if you had immediate replacement, where somebody will bicycle to you with the exact same phone and when it arrives your backups are restored, suddenly this is no longer a big deal, and the price of that service might only be £15–20/year, as long as it’s spread over a wide enough risk pool. And life is filled with crazy little inconveniences like this that are huge suckers of time and money when they happen to you, but they happen infrequently enough that they’re insurable. I like to think that we’re basically building out, you guys are leading on this process, a world in which basically if you have a little additional money, you can smooth out nearly all of the random little inconveniences, and that’s a combination of payment and service.

Matt: That’s a good point, and that’s also why we have a lot of interest from so-called gig economies, where people are using let’s say tools or cars for a few minutes or for an hour, renting them out, and to smoothen that process of onboarding and insurance, you need to have a different way to approach it.

Question: I have a question about the insurance side of this, because I think traditionally insurers have been very good at taking premiums, and then they’ll often so quick to pay out when an insurable event happens. Underlying insurance is this idea of good faith, because you can’t DD every piece of information, so you rely on the information that you’d been given in good faith. What happens when your third-party endorsement is given by somebody, and it turns out that that is incorrect? Does that affect your ability to pay out on the policy? How are you going to streamline this, to make certain that there’s an indemnity, if the social endorsement is incorrect, but will you still pay out?

Matt: Well, I would start from maybe from a different angle. Today if you pay £100 of insurance, you pay, in motor insurance you pay around £60 for claims, and out of that is 10–15% fraudulent. What we are trying is to reduce that part at least a little. There will still be cases of course when people will be have fake identities or will not pay, but that’s usually… We see that reduction of the claims by using social proof is between 20 and 40 percent. No system is ideal, our system isn’t ideal, but it can bring back some of roots of the insurance, that at the beginning it was mutual insurance among people, people insured among each other.

Vinay: This is where the peer-to-peer nature of the blockchain comes in. Because the overheads in organising an insurance pool peer to peer, where they’re insuring each other for 100,000 people, overwhelm existing approaches and you wind up with a central third party. If you wind up with basically protocol-based projects, you could build very large risk pools with absolutely minimal third party that really just does standards processes and dispute resolution. We do dispute resolution, you do the standards and product design, and you wind up with very, very thin intermediaries. I think that that potentially produces much, much more fluid and elastic and functional insurance markets.

All materials from the conference: http://internetofagreements.com/identity/

Learn more:
https://insurepal.io/

https://www.mattereum.com/

Join the telegram https://t.me/mattereum

Matt Peterman — Social Proof Insurance and Dispute Resolution was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

Mattereum Head of Operations David Salgado sat down with several members of the Evernym team, Elizabeth Renieris (Global Policy Counsel), Andrew Tobin (European Managing Director), and Jason Law (Chief Technology Officer) to discuss the notion of self-sovereign identity, how the Sovrin protocol facilitates identity management, the reasoning behind the design, key considerations for those developing identity solutions using blockchain, and how these solutions coexist with regulation and each other.

Throughout the discussion parallels were drawn between self-sovereign identity and real life interactions involving shared credentials. The question of how revocable credentials and efforts such as the EU’s General Data Protection Regulation can work with immutable ledgers led consideration of what information should actually be written to the blockchain. Jason described the Sovrin approach, in which the blockchain does not store credentials but verifies the claims without disclosing the credential itself or allowing different claims to be correlated by using zero-knowledge proofs. The question of interoperability between these multifarious identity solutions led to the team highlighting the different trust frameworks throughout society and how Sovrin is working with others to standardize best practices around decentralized identifiers. The team then detailed the rollout of Sovrin to different industries and jurisdictions and their open source approach.

Video:

Transcript:

David: I’m David Salgado, Head of Operations at Mattereum.

Elizabeth: Hi, I’m Elizabeth Renieris, Global Policy Counsel at Evernym.

Andy: Hi, I’m Andy Tobin, the European Managing Director for Evernym.

Jason: Jason Law, CTO at Evernym.

David: I’d like to start off with just a quick introduction to what Evernym is, what’s your approach, what problems you’re solving and a little bit about the company.

Andy: Sure, I’ll cover that. Evernym is really all about self-sovereign identity, we’re all about fixing the problem that’s actually being articulated this morning already, which is how do you trust who you’re dealing with online.

We’re probably best-known as the inventors of Sovrin. Sovrin is a global identity network that’s based on something called Hyperledger Indy, which is code that Jason and our technical colleagues at Evernym wrote and open sourced. The network itself is run by trusted parties, the latest ones to be announced are Imperial College, and IBM was actually announced recently as a steward that runs the network as well. What essentially it does is it provides a couple of things: first of all, it provides a — I know we’ve got a fairly technical audience here — a decentralised key registry for public keys, and it provides a protocol on top of that, that allows you to share data in a way that involves no middleman, and allows you as an individual to own and manage your own data, and allows an organisation or a connected thing to do the same.

Essentially, it solves a problem that we have at the moment. In the old way of sharing identity data, if David asks me who I am, I can say, “I’m Andy Tobin,” and he would naturally say, “Well, says who? Who says I am?” and I could get one of these out, I could show it to him, and you could look at it and take it and see it’s got some shiny information on it and some holograms and so on, and David can establish a certain level of trust, because I’ve shown him this thing and he trusts the Passport Office and that it’s probably pretty genuine. But we don’t have the digital equivalent of doing that in a way that’s global and properly open source and standards-based, and Sovrin essentially provides a solution to that problem. Using a standard called Verifiable Credentials or Verifiable Claims, I can be given by the Passport Office a digitised version of this, not a scan of it but a digitised version with all the attributes. I can then present individual attributes to David, and he can verify that that came from the Passport Office, he can verify I haven’t changed it, he can verify it was given only to me, and he can verify, very importantly, that it hasn’t been revoked. So we’re talking about essentially Sovrin being a global utility that allows anyone or anything to do those things.

David: Can you perhaps expand a little bit on the issue of revocation of credentials? Because that’s something that I think in the blockchain space we’re very comfortable now, with the idea that you write it to the blockchain and it’s there forever. In the case of identity issues, that kind of has… not quite a conflict, but I think there’s an interesting balance between “I know who you are, and I know this is true and this is true forever,” versus “What happens if I got it wrong, if a bad actor got into the system?” and increasingly, with the forthcoming GDPR regulation, with the right to be forgotten.

Andy: Yeah, I think we all want to jump in on that one. I’ll just cover the first bit, and then Elizabeth can cover some of the legal side and Jason some of the technical. One of the reasons you don’t have lots of people going around with digital passports is that there is no sensible way to revoke them, until now. What you don’t do is you don’t put this on a blockchain, and you don’t put a hash of it on a blockchain either. You give it to me and I can take it with me anywhere I can, like I can with this thing.

Elizabeth: I think one of my favourite myths about the GDPR and the right to be forgotten is that blockchain is inherently at odds with the right to be forgotten because of its immutability. Exactly to Andy’s point, I think it depends what you’re writing to the ledger, and I think that there are a lot of solutions we’ve seen that make both inherently compatible, because they’re not exactly that, they’re not putting credentials on the ledger. I think there’s also just notions around immutability in general: it depends on the chain, it depends on whether you consider forking and other technical measures to actually introduce changes to the record so to speak. So I think it’s a more nuanced approach.

Jason: Let me just comment about the nuanced part of it, and I will try not to go too deep on this. The credential that a person might have, that they might show that to someone else, the blockchain doesn’t actually hold a reference to the credential in a way that could be identified later; what the blockchain allows us to do is prove that I have a credential, that that credential is not revoked, that it was issued by a certain party, and I can selectively disclose attributes in that credential. I’m using the blockchain to allow the other party to verify that the proof that I’m giving is correct, but it’s not identified; there’s not a hash, there’s not an identifier on the ledger that you could go and point to and correlate across different presentations of that same credential.

David: So the issue of revocation in that sense is you would revoke the authenticity of that verifiable claim on your side?

Jason: There is a bit of… Andy, I think you call this crypto magic?

Andy: Yeah, exotic cryptography.

Jason: Exotic cryptography. We’re actually using cryptographic accumulators that allow us to allow an issuer to be able to update the list of those credentials that are correct, and then I as a credential holder can prove, and we use zero-knowledge proofs for this, I can prove in zero knowledge that I hold a credential that is not revoked, without you being able to see which one is mine.

Elizabeth: I think it’s a little bit like in the real world, where if the DMV could revoke your driver’s license — sorry, it’s a very US example — but you’d still retain the artefact so to speak. The same in the digital world, where you might revoke the credential but you’d still have the artefact controlled in your wallet, so I think there’s some analogues we can draw there.

Andy: Yeah, the issue we’re trying to solve with revocation is the problem of phoning home. Those of you who’ve maybe tried to rent a car, although this doesn’t happen really because it’s so complicated to do, but if you need to prove that you’ve got an unrevoked driving licence, the rental car company needs to get in touch with the UK DVLA to confirm your license is still valid. So there needs to be an API there and all the rental car companies need to connect to it, and you as a driver need to, first of all, go to the DVLA and get a code, and that code is the token that gives permission for them to access your details around the back. It’s very, very complicated, and this is why we see a complete lack of scale and actually rental car companies not even bothering to check if your license is valid. And if you have to replicate that across all the world’s DMVs and DVLA’s and so on, it becomes very complex.

You need this ability for the recipient to check if your credentials are valid, and it could be the fact you’re a doctor and you’re not struck off for example, it could be you’re a driver, maybe you’re on a terror watch list or something, but doing it in such a way that the recipient doesn’t have to phone home, because that’s technically very complex at scale. Also, you need to not put a database somewhere that correlates everybody and breaches privacy. The way that it works on Sovrin is, as Jason says, there’s a one-way accumulator that is created that is put on the ledger that can be used to create zero-knowledge proofs that you are not revoked, and that accumulator can’t be reverse engineered in any way.

David: That sounds like a really interesting and valuable technical approach, which brings me on to another question that I wanted to ask, which is if we have a global marketplace of identity solutions, how do you see this working in terms of interoperability between the various different approaches?

Elizabeth: I think one starting point that is near to my heart is this notion of trust frameworks. I think one of the things that we’re very conscious about is building trust within these systems has to be tailored to the environment or the industry or the jurisdiction so to speak, so sort of a one-size-fits-all approach to trust isn’t going to work. For example, if you’re dealing with a heavily regulated industry, financial services, you have different elements of a trust framework that you’d have to build that would be different from say digital rights management or an entertainment space. We’re trying to build the foundational level, the core elements of enabling trust in these ecosystems, without losing sight of the unique requirements of specific industries or jurisdictions.

Andy: I’ll just give a couple of things on a slightly more technical level. Sovrin is based on open standards and is open source; if Evernym goes away, Sovrin stays, so it is vendor agnostic. A couple of the standards that are very important, and Jason can maybe cover them in a bit more detail, are decentralised identifiers, DIDs, and it’s a standard that came out of work that Evernym was doing on how to ensure you get interoperability. The Sovrin ledger itself contains these identifiers called DIDs, that’s an open standard now that’s being worked on at W3C level, and the way you move the credentials around is… The standard is not yet mature, but there’s various working groups at W3C level — Verifiable Claims Working Group, I think it’s now renamed Verifiable Credentials Working Group is one of those — and Sovereign is the protocol that sits on top of a ledger that allows this transfer to take place is based on these verifiable credentials.

Jason: And there’s a lot of work going on in this space. For example, one of the things that we feel strongly about is the ability for me to get a credential or an attestation from an issuer and to be able to present selectively the pieces that I want to and in a privacy-respecting way, and in order to do that some changes have to happen. One of the things that we’ll be doing over the next few weeks is submitting some proposed changes to W3C Verifiable Credentials Working Group, we’re working with folks in Hyperledger Indy, which is great, because large companies with great capabilities have come together in this project that have allowed for… The contributions are not encumbered from a patent perspective, and so people can really bring their best games, because the companies that they’re with have committed to this effort with Hyperledger, and we can now start to take advantage of all of this great research. So there’s more to come, and I think that over time we’re going to see more extensions of what’s done with DID spec, we’ll start to see that happening more and more up the protocol layers, so I’m excited about what’s going to happen.

David: That’s really interesting. I wanted to pick up a little bit on something that you mentioned briefly, and which is clearly core to your product, it’s even in the name, this notion of self-sovereign identity. I wondered if you could talk for a couple of minutes about what that means to you, not necessarily from a technical point of view but perhaps in a philosophical point of view? What does self-sovereign identity mean to you, as an organisation?

Andy: It’s actually really quite simple. There’s often a mix-up about self-sovereign versus self-attested. Self-attested is where I say I’m Andy Tobin and you can believe that if you want, but self-sovereign identity is slightly different, because it is basically the digital equivalent of what you have now. At the moment, I’ve got a bunch of credentials that I carry around with me, and there’s this sort of feeling that decentralised identity is a brand new thing, but it’s not. The government has given me this, and I can take it and present it anywhere I want, and in my wallet I’ve got a bunch of other credentials that I can take with me, I’ve got a driving license and I can present this anywhere I want.

It’s the digital equivalent of that. I have these things that I own, they’re given to me, this one particularly, by the government, but I can carry it around and I can present it and not be correlated everywhere I go, I can show it to you and nobody else needs to know about that, and I can show you a bit of it, or I can decide not to show it to you. So it’s the digital equivalent to doing that, and that capability has not been possible until the rise of decentralised ledgers essentially. Because the solution has always been let’s put it all in a silo, and then the question is who owns the silo and where does it sit and so on. The big advance that ledgers bring along is the fact that there’s no one organisation in charge. I can be given this, it can be revoked, but I still have the artefact and I could still prove that I’m a British citizen to you, but you can check that it’s revoked. That’s fine, maybe you’re not a British citizen, but I could still prove by my date of birth to you for example. So it’s about being in control and looking after these things myself, rather than relying on a Facebook to do it for me.

Elizabeth: I would agree with Andy that it’s sort of the digital version of the offline world, but I think there are two additional pieces to that, and I think Jason could also speak to this. I think the audit trail and the auditability of the public record is key. I think the other piece is the peer-to-peer nature and the lack of an intermediary. I think one of the differences now is if I wanted to provide my Bar certificate or law school diploma to someone, I’d have to go through either the Bar or my law school, which is very different from the model that we’re looking to build, where I could provide that myself without going to anyone for permission or control. I think it maps quite well to the GDPR and principles of data portability, and the ability for the individual to exercise those pieces in a way that we haven’t seen before. Jason, I don’t know if you want to mention the public ledger as well.

Jason: Yeah. I went on Sunday, I was one of the accelerators at the Blockchaingers hackathon — let me just say, it was as incredible as you saw on the screen, these people that were there. One of the things that I see a lot when people start to think about blockchain, one of the early mistakes that people will make with blockchain is they tend to want to put a bunch of records on this ledger. When you start dealing with personal information, when you start dealing with correlation, you start to think about how can we leverage the power of blockchain, without creating this immutable record that persists forever. And so really understanding, as we’re building solutions in this space, understanding why are we putting it on a ledger, that’s the key critical piece. We’d been very selective I guess, and we’ve learned the hard way, through a lot of trials and doing it wrong, selective about what actually goes on the ledger, and making sure that you’re using it to verify things, not to reference things.

David: I think we’ve got about five minutes left, so I’d like to throw things open to the audience. Do you have any questions?

Question: I guess one of the big questions most of us probably have got is how long do we think this would take to get it sorted?

Andy: It’s a great question actually, and the first speaker was talking about the network effect. The Sovrin ledger is there, it’s live, it’s in what’s called a provisional status now, there’s 29 stewards who are the organisations who run it, and projects have already started. We’re running probably about 15 proof-of-concept projects now, and that’s just Evernym. There’s other people doing all sorts of things with Sovrin at the moment, particularly in Canada, in the Nordics, in Holland as well, and what we’re seeing is use cases where you have an ecosystem which is relatively closed. It could be a company employee identity or employees that are qualified in a certain way, like if they’re able to trade financial instruments, they need to prove that. And other ecosystems, like proving you’re a doctor is a great one we have in the UK now, which has some hospitals, some universities # who do medical degrees, and doctors and other qualifying organisations, and they’re going to create their own ecosystems which will then start to overlap.

Then we’re seeing much larger ecosystems, like the credit unions in the US are all getting together to create something called CUID, Credit Union ID, where they’re going to all give all of their customers self-sovereign identity, which they’re going to primarily use to lock back into the credit union and identify themselves to their own credit union, but obviously every credit union member will have vouched name, address, date of birth from their credit union that they can use anywhere, so there will be a network effect. Early days at the moment, but it’s moving ludicrously quickly now.

Elizabeth: I think some of it is adoption and network effect, I think some of it is what Vinay mentioned earlier this morning about you can’t move faster than the speed of regulation, and I think we still have a lot of laws and regulations that are antithetical to this model of data ownership and the exercise of SSI. For example, there are regulations on record that still require username and password, so there are some that we’re going to have to completely overhaul and have better, smarter regulation before any of this can actually be adopted en masse.

Jason: I’m not an attorney, so I’m going to say something that Elizabeth will promptly correct me, but regulation I think is… Regulators strive not to be overly prescriptive, but they can’t really help it, because they have to identify, they have to put things in terms of what they understand in the world today. Self-sovereign identity changes a paradigm pretty fundamentally from what’s being done in the digital world today, and that paradigm shift is going to take some time to work through. There luckily are enough use cases that would benefit greatly from this that don’t need to wait for regulatory change, but I don’t know. Is that a fair way to say it, or would you correct some of that?

Elizabeth: I think it’s a fair way to say it. I think for broad adoption, they’re still going to need to sync with regulation. I think it’s hard for the regulators to keep up, but, as you say, their consideration is different as well. I think this is where the distinction between things like insurance and indemnity is really interesting. Someone mentioned earlier that a lot of people will conflate commercial risk with the regulatory risk, and I think it’s important to keep those distinct, because one can move faster than the other. One thing you see is the desire to have reasonable KYC in an ICO space; people lose sight of the fact that you can shift the commercial risk, but you can’t always shift the regulatory risk, and when you have something like strict liability offences for an OFAC violation, there’s very little you can do if you outsource those functions.

Andy: I think things are, on the governments’ side, moving quicker than I would have expected actually in a number of areas. We’ve got a couple of DMVs in the US working with the State of Illinois on birth certificates, giving people birth certificates in this way, and there’s work with various government organisations in Holland and in Finland at the moment as well. So it’s going surprisingly quickly, compared to what I thought it would do, on the government side.

Question: Just going back to the global perspective, at the beginning we had a sort of outline of three broad approaches to identity across different jurisdictions, for EU, US, and India and China being given as paradigms. I wonder how you see your approach to identity working with each of those, and does any of them present particular challenges?

Andy: That’s a really good question about trust frameworks, isn’t it?

Elizabeth: Well, I think it’s trust frameworks. I guess the three were the US model of the sort of business as usual, Wild West, the EU model moving from top-down to more of a…. flipping the paradigm, and then sort of the APEC model of top-down, state-controlled. I think we’re pretty squarely in the middle. This is my third week at Evernym, but from having worked in lots of jurisdictions, practiced in both the US and the EU and the Middle East, I think it’s definitely somewhere in the middle. These guys can speak more to that.

Andy: I think the important thing to understand here is that Sovrin is a sort of an infrastructural layer if you like. It’s a bit like the Internet: it’s not owned by any one organisation, and anyone can improve it and use it, and it allows you to do some things that you could never do before, using… My term is exotic crypto, because I’m not a cryptographer, but it allows you to do things like selective disclosure, zero-knowledge proofs, peer-to-peer transfer of information that can be validated and checked that it’s not revoked, without having to speak to anyone else — those are things that you could never really do before.

How that’s then used is a bit like the Internet. You could look at the Internet and say, “Well, how does it vary in different countries? What sort of websites can you do here and can you do there?” and so on, but the Internet itself is an infrastructure that allows you to build websites and exchange information in certain ways. Sovrin is a bit like that, it’s like an Internet for identity is probably the best way to think of it, and it allows you to take advantage of some of the most advanced crypto in the world, to do some things that you couldn’t actually action before, that vastly improve the way identity works. So you can layer on top of that a trust framework for eIDAS for the EU for example, you can layer on top of that something specific to the US, you can layer on top anything you want, just in the same way you can build any sort of websites you want on top of the Internet.

Learn more:

Index - Evernym

All materials from the conference http://internetofagreements.com/identity/

Mattereum https://www.mattereum.com/

Join the telegram https://t.me/mattereum

Andrew Tobin, Jason Law, and Elizabeth Renieris of Evernym on Self-Sovereign Identity was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

Rutger van Zuidam’s talk centered on the Blockchaingers Hackathon, and the philosophy and ideals which inspired it. He began by unpacking the notion of trust-abundant systems, using urban traffic as an example of a collaborative environment whose infrastructure and protocols are built on trust. He then emphasized how the blockchain/DLT space is not only an ecosystem but a movement: projects and initiatives in the space can allow stakeholders and users to reach consensus on purpose and intention. He then outlined three phases of development: the Deep Dive which establishes purpose, the experimental Hackathons and MVPs in which the idea matures, and the Venture phase in which capital enables the work to accelerate and achieve its goal. He then described the structure, development tracks, and rating system of the Hackathon, before inviting the winners of the Identity track on stage to present their project.

Berit Fuss and Jelle van der Ploeg presented their winning project, an application built in 48 hours that provides transparency and provenance to the medicine supply chain. Berit provided some context to the tremendous amounts wasted in the mismanagement of medicine: $30 billion due to counterfeiting, $60–90 billion due to late delivery, and 10% simply lost. Jelle then gave a step-by-step walkthrough of the project and how they simulated various distribution centers in Africa, and laid out the short-term roadmap.

Van Zuidam concluded the presentation with an announcement of the EU Blockathon taking place June 22–25 in Brussels.

Video:

Transcript:

Rutger: Thank you so much for having me here — the reason is probably not just because we just did a hackathon. I think the most important reason is that we had the global digital identity track as one of our global digital identity track. It’s extremely exciting for me to be here, because what we want to do is interconnect all the international networks and ecosystems that are actually building stuff and basically gain momentum.

Quite a few people took part in the hackathon, we had over a thousand visitors throughout the weekend, over 700 participants in seven tracks. I’ll take you through why we are doing this, as part of the largest open ecosystem-driven innovation program in Europe, as well as how the hackathon actually is let’s say an exponential innovation instrument and what came out of it, and then finally we’ll have the winners of the global digital identity track presenting their cutting edge solution here on stage with me.

Let me start by explaining why I think this Internet of Agreements is so important. I really believe that in order to get to the next level, let’s say in international collaboration, we need an abundance of trust in order to solve all the global challenges that we are facing as a global society. If you look at how we coordinate our society, how we coordinate our planet, you could say that we use an operating system to “run” our society, and that operating system is rooted in the past century, where trust is still based on institutions and paper. That’s why we have the lovely IT infrastructures that we have now, where everything is based on databases and the organisations running those. And that’s okay, but we clearly see that we are moving away from that, and that we need a new kind of operating system run by us, that we are going to use to coordinate everything we want to do on this planet in a much better way.

Let me ask you a question: if we talk about trust, can you give me an image of trust? What does trust look like?

Vinay: Seatbelts.

Rutger: Seatbelts.

Vinay: They never fail.

Rutger: Thanks to Volvo for opening up that patent, right? Any more images on… I mean, it is easy to have an image of a tree, but trust, it is so important, it is the crucial thing for any type of human collaboration. What does it look like?

Comment: Stepping off the edge of a cliff.

Rutger: And then?

Comment: And trusting!

Rutger: That you will encounter gravity? [laughs] Yeah, okay. [laughter] Who is in a trust business here? Are you involved in generating trust, facilitating human collaboration? Who here drives a car? Think about this: if you enter a car, you participate in a traffic system. Do you encounter acquaintances, do you meet acquaintances down the road a lot? No.

Trust enables us to collaborate without the need of knowing each other, and this is exactly what we do in the lovely system, in the collaboration we do as humans, which we call traffic. How do we organise trust in the system of traffic? Let’s start with infrastructure: we maintain it, we have a safe infrastructure. Then we have a protocol, it’s the same for everyone, we have rules. Also, if something goes wrong, we need insurance, to make sure that things get fixed. We also have ambulance, we have police governing the rules. We also audit drivers, we audit vehicles, we certify them… There are all kinds of organisations and certificates that are added to the system which allow us to take part in this system of traffic autonomously and trust each other. All you have to do is plug in a key and drive off and then you’re in the system and it works. That’s something to keep in mind when we are designing these new online, collaborative ecosystem I think, is that the trust is not a 1 or a 0; it’s a certain amount of trust we create, in order to make these systems run smoothly and better.

When we say we are moving away from the old operating system, because it is basically failing more in our interconnected world, and we’re moving to networks of trust, [05] we also need a new kind of mindset and a way to approach this. Any good blockchain “project” or initiative that really works is more like an ecosystem, it’s more like a movement. There are all kinds of different values that were important in our past, but in our current operating system moving to other values where we can get this exponential leverage.

Then the question becomes if you want to take everybody with you on your road, because we’re talking about the fabric of our society here, so it’s not like we can just develop something new and have that disrupt our society. Because it’s not just ecommerce, it’s not just information or just media, like we have done up until now with the Internet; this is about our society and every process that is linked to it, this is serious business.

How do we explore new land without maps? That’s where we thought of our open innovation program, which is really ecosystem-driven. You need all players, all stakeholders on board, like Michael and Vinay just discussed. We need to create movements where all stakeholders, including the end user, are involved, and find common ground to be able to get towards understanding, and then get into a collaborative mindset with each other. These connections are forced so to speak, not by just talking and sharing ideas and opinions, although that’s of course still very important, but by actually collaborating with each other and building new stuff. Because this next operating system is not just owned by the government, private businesses; it’s owned by everybody.

This is why we developed a base in the ecosystem: we have a preparative phase, where thousands of people participate, then we have the momentum, and then we have the part where we accelerate. Kind of by accident, we did the largest blockchain hackathon in the world, I expected 200 people and 500 showed up, and that’s when we did it for the first time, and believe me, you learn a lot from an event like this. This year we kicked off the innovation program in the Dutch National Hall of Knights. Vinay was there.

Vinay: It was held in the throne room of the Dutch Crown. Imagine a 600-person blockchain meeting in Buckingham Palace. This is how far things have advanced.

Rutger: Yeah. This also shows how strong the partnership is with the Dutch government, but also I think the willingness of the Dutch government to invite the international community and discuss at this conference what we should do this year together in order to move forward to the next level. What that next level is depends on everybody, so this is really a collective effort to get to a common understanding of that.

Then we are entering the deep dives: on a technical level, on the legal and regulatory level, we did that in collaboration with financial markets, how do you fund initiatives, but also on specific topics. As I said, we had seven tracks, global digital identity is one of them, so we did one of the deep dives on identity at the Ministry of the Interior and Kingdom Relations, and they take it pretty seriously, opened by the Dutch State Secretary. We do that on health, on the future of pensions, on the energy transition, on digital nation infrastructure, the machine-to-machine economy, and I think public safety and security, we do that with the Dutch police, and there you can see all these different parties involved.

What we also do is deep dives with our Members of Parliament. Because, like it or not, you do need some politicians in the movement as well, especially when it’s about trust. You need to connect with the representatives, and the other way around as well: they need to connect with the ecosystems as well.

Last Friday we kicked off the largest blockchain hackathon in the world, and I want have the pleasure to show you the after movie which we edited yesterday, so it’s really, really fresh, it’s not even out on YouTube yet… There you can see Vinay having a lot of fun [laughs], he’s really taking it in.

A little bit about the hackathon: it’s three days, but actually it was four days, because we had 11 masterclasses where everybody could really boost their knowledge, whether it is about Hyperledger or Ethereum or Ocean protocol, one last chance to get the latest knowledge from everybody, we had the pleasure of Mihai Cimpoesu as well doing a masterclass on Ethereum.

Then, what is really important at a hackathon, is that you have a lot of roles that support all the teams. Imagine, there are 20 people from the largest pension fund provider in Europe, managing 400 billion Euros of pension fund money, 20 people from them working with the teams so that it can get all the knowledge from the pension chain and the pension domain they need to create those new solutions. And it’s not just about problems. I think if you only look at solving problems, you miss all the opportunities that arise where you do something new, and just all kinds of new opportunities arise from there, and you will see at least one example of that, where the world completely changes because there’s an introduction of a new building block.

We developed our own canvas, it’s a derivative of course of the business model canvas, because you want to get from idea to prototype really fast, and you need a canvas that helps you in a collaborative space. This is open source, so feel free to use it, we have all the canvasses of all the teams on the website, [18] and we use a really appreciative approach in scoring all the teams. Because it’s all about the solution and the team on one hand, and then of course it’s about the potential of the team and the solution after the hackathon, and also the impact the solution can have.

It’s a second edition, we’ll probably do more. [applause] Thanks for that. I want to invite the winners up here, a big round of applause for the winners of the identity track, ladies and gentlemen, Jelle van der Ploeg and Berit Fuss! [applause] They are part of the acceleration program, and we fit that on each of the winning team, we take them to a lot of international stages and connect them, try to really get them going, because you want to reach from the prototype level towards the first 100 users within a couple of months and see how that would work, and there’s all the funding and support that’s required in the ecosystem.

Berit: Thanks for Rutger’s nice video, which I hadn’t seen myself, so I don’t think I have to a really long introduction. The problem we wanted to solve is the fact that in the distribution of medicine, especially to low and middle income countries, in our case we were specifically looking at African countries, a lot of medicine gets stolen, completely lost, we don’t know where they end up, probably on a black market, but also counterfeit medicine is being put back into the distribution channel. The yearly cost of this is huge, $30 billion a year of medicine gets counterfeited, medicine that gets delivered too late, $60–90 billion wasted because of non-transparency, and on top of that, more than 10% of all medicine gets lost.

Those are monetary problems, but another big part of the problem is the fact that when a patient over there gets a box of medicine, he’s actually not sure whether that medicine will work, because he doesn’t know that it’s real. So what we tried to do is we tried to create not just transparency throughout the whole supply chain, by recording each and every handover moment where a medicine passes hands from one party to the other, but also we created an application that at the end of the track allows you to establish provenance, to tell whether or not there’s real medicine in the box.

I think Jelle will take you through our demo. We were not able to bring everything along in our small suitcases this morning, so Jelle and some of my other colleagues were working up until late last night to at least create a video of the demo, and Jelle can talk you through it.

Jelle: Yeah — thanks Berit. Let me just quickly explain a little bit about the demo scenario that we have set up. Nigeria is where the downstream part of the medical supply chain starts. The upstream part, from the manufacturer of the drugs to the national distribution centre in Lagos, is managed quite well through ERP systems, and there’s not really a lot of lack of trust there.

So the starting point was from the ERP system the medicine arrives to the national distribution centre in Lagos, and there we have de-serialisation data available on the palettes, the boxes, and the boxes inside the boxes of the medicine. In the middle we have the governmental centre of Nigeria, Abuja, in the middle of Nigeria, and a smaller city called Minna, west of Abuja, where a healthcare facility is. What we’re going to mimic here is the supply chain from the national distribution centre to a regional distribution centre to the healthcare facility in Minna. What you see there are four Raspberry Pis, we’ve added NFC readers to the Pis. Pi is just a small microcomputer with an added NFC readers on top of it, the device costs about 20–30 euros so they are rather inexpensive, and if you harden them a bit you could actually apply them in these more rural areas as well.

What we did then is on the medicine boxes we applied these NFC tags, these are reasonably tamperproof NFC tags. Lastly, and this was actually an idea of another team that we kind of made an exchange with: they were allowed to make use of our API and we were allowed to make use of their ID to camouflage the medicine, kind of like they do with secrets but for a completely different purpose. The idea is to not show on the box what is actually inside the medicine, so reducing the incentive to actually steal it out of the supply chain. What is on the box is a QR code with which we can scan the medicine, to see at the end of the supply chain whether it is a counterfeit medicine or not. What happens there is the healthcare professional at the end of the supply chain, or the patient himself, can scan the medicine and can see the whole provenance of the medicine in the chain, and actually make sure that this medicine was also there when it came onto the chain as de-serialisation data into the blockchain.

Like Berit said, last night we set up this demo environment. This is my colleague Sven, he’s going to take the steps to guide the medicine through the supply chain very nicely in a medicine box over there. The first step is to take a palette of medicine, that you see there, now being checked out and now being checked in again in the regional distribution centre, and then we de-serialise it. We go from the big box to the palette to smaller cases, which we check out of the regional distribution centre and we check in again at the healthcare facility, so you see it nicely popping up on the map as well. And then lastly we scan it with just a regular QR code reader and it takes us to a Web address, and this is what the healthcare professional would see if he scans it, and he can see the provenance here, the registration events, check in and check out in which location and which date, and then he can decide to dispatch the medicine to the patient. This is what it looks like, green means it’s not counterfeit medicine. With the registration events and when he dispatches it, we see here the whole provenance that the medicine took up until being checked out at the healthcare station.

That was the demo that we did, and we managed to build this in 48 hours. Of course we did a little bit of prep work mainly around the NFC reader, just to make sure that that would all work, but the whole effect of doing this over the weekend… Like I said, we borrowed an idea from another team, and we got a lot of inspiration from the track sponsors and the track mayors as well, so the environment that we’re in to actually produce this greatly helped.

What we’re going to do next with this is we hopefully will sign on a client soon with which we can bring this into a pilot, and we will harden our solution a bit better, so do a little bit more with the NFC text, do a little bit more with the QR codes, to also make those tamper-proof, which is possible, and hopefully start piloting this in Nigeria. That’s the idea. [applause]

Rutger: Awesome — Jelle and Berit, thanks so much! I want to present one opportunity to you all, because we are also taking this to the EU level — it might be a bit sensitive here in Britain, but I would say let’s keep collaborating. Imagine you could have an intercontinental impact on the entry level in the market, so the EU is basically presenting that opportunity to everybody who wants to make a difference with a team.

Work with manufacturers, work with customs, work with logistics partners, ports, airports, work with retailers, how can Amazon prove that their third-party sellers aren’t selling any fake products, and work with customers. Blockchain or identity by itself isn’t going to change anything; you have to use it, and people will make that change. Therefore, I invite you all to become blockchaingers — thank you very much! [applause]

Rutger van Zuidam of Dutchchain and Winners of the 2018 Blockchaingers Hackathon. was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

Prof. Mainelli began with a brief introduction to modern notions of identity, starting with the pre-First World War passport issued personally by the British Foreign Secretary and moving on to the Nansen passport, an identity document issued to refugees as part of a private venture, which continued to be used into the early 1980s.

Mainelli then explained his enthusiasm for identity systems by referencing Peruvian economist Hernando de Soto’s thesis that granting the poor secure property rights could unlock tremendous value in the economy. Mainelli said that proof of identity is a prerequisite for claiming property rights, and estimated that 2.4 billion people lack proof of identity.

After a brief comparison of the US, EU, and Indian/Chinese approaches to identity, Mainelli concluded his talk by emphasizing the distinction between probabilistic and deterministic identity.

With Gupta, Mainelli explored Z/Yen’s distributed ledger-based identity management solution, IDChainZ, its subject-centric approach to handling personal transferable credentials and documents, and the underlying smart ledger infrastructure, ChainZy. Gupta observed that there is an incredible amount of stranded capital in the cryptocurrency space due to the lack of KYC/AML practices and the current regulatory uncertainty. Mainelli then explained the distinction between insurance and indemnity, which are often conflated. Mainelli concluded the discussion by presenting two possible approaches to developing identity solutions: a top-down, centralized, surveillance-based approach and a probabilistic approach that deals with the risk of misidentification by insurance or indemnity.

Video:

Trascript:

Michael: Rob, that was a great exposition of a lot of the issues. Vinay and I are going to come up and have a bit of a chat really broadly about three areas, but I might touch on them briefly just so Vinay can kind of riff off them.

The first is identity. Have any of you really got a clue about what identity was like before World War One? Hands up, how many people think that there were more than say 50,000 passports in circulation pre-1916 in the United Kingdom? Nobody believes that? Good, thank you Chuan, that was kind of you. [laughter] Alright, 10,000, 10,000 passports in circulation? There we go — you’re onto me! It was about three, by the way, 3,000 passports. Why was that? Well, a friend of mine Martin Lloyd wrote a book called The Passport: The History of Man’s Most Travelled Document, I really recommend it, it’s a slim volume, he is actually a former official for immigration and he really knows his stuff. The point was actually a passport was frighteningly dangerous. Why did you need one? Why were you coming to France and entering France with a British passport, blue or otherwise? This was kind of a scary thing. In fact, the Foreign Secretary had to know you personally, he’d sign off your two daughters or your sons and a few other things, that’s how you get to 3,000, but he actually had to know you personally. So these were very dangerous items to have, at least at a national level, and people were running through all sorts of different identity schemes in many, many different ways.

Anybody here familiar with Nansen passports? World War One ends, we’ve got about six million displaced people. How are we going to deal with it? A Norwegian explorer by the name of Nansen comes up with the idea of a private passport. He does have some support from the League of Nations, it’s not wholly private, but for those of you who think this is just some sort of silly document, it was also a Ponzi scheme, Ponzi in the sense that he was actually using stamps. The idea was that you would go and get a Nansen passport as a displaced worker, and they would really grill you, you’re talking about all the people in Central Europe. Vinay, you claim you’re from this village in Bulgaria. What’s the church? And I don’t know that bit of Bulgaria, but Joe over there, you’re Bulgarian: you go and talk to him, make sure he knows it. Do you know Santamaria? Who was your gym teacher? It was that kind of real grilling, and then they would give Vinay this little yellow document, and the yellow document had a stamp in it which was good for a year, and Vinay had to get it renewed the next year. And the stamp that he paid for wasn’t because Nansen was trying to make a profit, it was so Nansen could run and expand this scheme, and several million Nansen passports were actually issued.

I came across them purely accidentally in the 80s, standing in the immigration line at Heathrow, in the days when you couldn’t get out of the right line. If I can be a little bit honest, I saw a chap with very long locks and a long black coat, and I thought, “This is not going to go well. I’d really like to be in another line,” and he walks up, and sure enough — oh blast, this is just the worst thing that could ever happen — the immigration official starts giving him a bit of hassle, this old grandfather. Suddenly, from by the silver mirror, a guy gets out, cap under his arm, “Excuse me,” turns to his young colleague and pushes him to one side, says to the gentleman, “Terribly sorry, sir. My colleague isn’t familiar with your situation. Welcome to the UK,” and waves him through. And as I came up, I thought, “Well, that was unusual,” so I said to the guy just as he’s turning to go back behind the mirror, “Excuse me, but what was that?” and he said, “That was a Nansen passport,” and he explained it to me. So these things were still in operation certainly up until the early 80s, but they were a private passport system.

So, I think as we’re looking at this area of identity, it’s very important to remember that it sounds like we’re talking about radical, new and wonderful things, and in some ways many of them are, but don’t forget that the current situation is relatively recent. This notion today that we have of where your mother broke her waters suddenly determines everything about the rest of your life — your rights, your privileges, your ability to move into any country or nation or work there or visit it — is actually a bit peculiar. Now, the opposite of that isn’t about rights; it’s about power structures, and a lot of the identity stuff that we’re going to talk about today is about power structures as well. If you look in the United Kingdom, we’re a particularly poor place to look at areas like identity. I think many of you would agree with me that you associate identity with the anti-money laundering and know your customer processes you face every time you go to your local bank or try and take out a financial product, that’s probably most of the time that you hit identity issues as a normal, typical consumer. But the problem here is you’re in a country with a cartel, where five banks control 85% of the industry.

What does that mean? Well, since about 2000, the Cruickshank report in this country, these banks have got a very deliberate strategy… They’ve admitted it, I was on stage with Antony Jenkins last month in Mansion House, in front of 300 people, he’s the former CEO of Barclays, and he admitted it, now that he’s running a challenger bank, that his strategy was to prevent account transfer. That makes a lot of sense: if you’ve got a 20% market share, there’s no way that you’re going to build a better business and attract more customers without winding up with a monopolies investigation, so really your objective has to be to prevent account transfer, that’s the cheaper way to do it, and it’s quite easy as a cartel of five to do that. So we have these horrific, onerous, idiotic processes which are designed to keep us from moving. Again, that’s not a particularly good thing to learn from, and it’s also I think rather recent. I thought those might be some things to open up with.

Why am I excited about identity? Well, I don’t want to sound like an evangelist, but what does excite me is, frankly, Hernando de Soto. Those of you who have read Hernando de Soto, he points out many years ago, famous Peruvian economist, that the biggest thing to get in the world is if you can get people involved in property rights, then everything else moves from there: development occurs, favelas fall down, the whole world is a better place. It sounds good, but I’ve noticed time and time again that the real problem is getting people not to have property rights; it’s to get them the identity rights that allow them to get to the property rights in the first place. Many of you will have seen a number that’s been touted, Sustainable Development Goal 16 from the UN, which says that there’s 2.4 billion people who are unable to have a legally useable identity. This is — personally, in my opinion — a bit high, but you can begin to see where things are moving.

I think we’ve got three interesting blocks here, as we look at the future that Rob was outlining: one is kind of the US view, which is, strangely, a bit more Wild West than you would think in some ways, and I guess, given that the Westerns that I’ve seen, it’s a pretty good location, but it’s always had a bit of a free for all. You can look at the EU, where the nation states largely believe that they can, in some top-down way, actually understand the whole population, but they’re actually breaking and moving in areas like GDPR to somewhat a different structure and a negotiated use of identity systems. If you look of course at China and India, we’ve seen probably some of the greatest implementations of national ID systems in both countries over the last 10 years. So we’ve got three very distinct blocks, with China and India taking the top-down approach, the EU moving towards what would have been traditionally more of a common law approach, and the US sort of leaving things alone.

I saw this most interesting as a psychology study almost when I brought Equifax to this country in the late 1980s. Equifax comes over to the UK, I’m quite interested in it, and they hit a country where it’s believed that you can find everything out about somebody to rent them for example a television, which was what was going on at that time. So Equifax comes over, and Equifax is telling UK retailers, “You’ve got a probability that this is the right person,” and that of course is coming out of the US culture, where they’ve never had any of the ability to guarantee that they had the person with this driver’s license wasn’t the same person as somebody with the same name in a different state, and so on and so on and so on, so you’ve got a probabilistic system meeting a deterministic system. We could go on about the 2006 national ID debacle in this country, but we won’t.

So, I think what I’d like to talk about with Vinay, with that background, is very much the idea that what’s going on in this identity space, and I’d also like to I think touch on — Vinay, if you don’t mind — your ideas on indemnification for it — thank you! [applause]

Vinay: Michael, that was a wonderful introduction!

Michael: Rob took it all.

Vinay: I guess we should start be talking about the identity work that you’re doing right now with ID chains. Would you like to tell us a little bit about what ID chains is and who’s using it?

Michael: Our firm has been working in the distributed ledger space arguably since the mid-90s. About five years ago we became convinced that the field consisted largely, if you left the payments area and the crypto to one side, it was very much identity, documentation and agreement exchange, this to us was the big area. I’m not here to play crypto games or anything like it; it’s just where we decided the efforts would be made. We’ve worked very hard on developing, over 20 years, very, very, very high-speed, extremely low-cost distributed ledger systems, with sprites as we called them, before smart contracts became kind of the trendy phrase.

Last year the National Physical Laboratory tested one of our systems at 25 billion transactions a day, and agreed that the rig could hit a trillion if we felt like it. Why do we want this? It’s not about speed, because we’re not trying to charge a lot; it’s actually about speed, in the sense of being able to handle large volumes of things in this space.

Vinay: So in terms of low latency, or in terms of large throughput?

Michael: Both. Low latency in a sense, roughly, throughput on any particular node, about anywhere from 2,000–10,000 transactions a second, but of course it’s really that huge, large volume thing that you’re after.

Vinay: So what you have is an architecture that has essentially permissioned ledger style performance but parallelism across the ledgers.

Michael: Correct.

Vinay: So it’s kind of a like a sharded permissioned ledger.

Michael: Yeah, there are definitely analogies there, and I know that the terminology is evolving too so I’ll leave it be, but that’s it.

The second thing was we were looking at our thoughts on the evolution of identity, wanted to see if this could do it. So we teamed up with Suncorp in Australia and also with PwC in Europe, and we built something called ID chains, and ID chains was the ability to swap identity documentation. So it’s not about being an identity system; it’s saying that if you’re an individual and you’ve got your own identity documentation, can you swap it with somebody or not. That system was built certainly three years ago, maybe four, and we were doing that just as a proof of concept. We thought it was quite interesting that GDPR allowed you to come into me as PwC for example, I’d be a certifier, I would say your passport is absolutely fine, I would digitally sign it, and I would then give you that data back for you to use your own data with my signature.

Vinay: So I have a set of certified claims. You have essentially notaries, they’re basically acting as notaries: an age claim, a passport claim, a birth certificate claim, documents with signatures. Kind of like a secure Dropbox but with other people’s statements of fact, not just yours.

Michael: That’s right. In fact, you could take this situation where a government documentation arguably ought to come directly to me. Why is it that I go to a notary? Why can’t I have a digitally-signed copy by the DVLA of my own driver’s license?

Vinay: The reluctance of government agencies to put digital signatures on documents is amazing, it’s just amazing. I mean, it’s the forgery-proof credential that everybody wants. When I talked to Dubai about their blockchain strategy, what I said to them was, “Look, all you really want is government documents hashed on a blockchain, you want the ability to recognise your own documents when they go from department to department, it’s all you really need,” and I thought this is kind of simple enough that it’s almost impossible to screw up, and it’s actually survived pretty much intact. Many other things have been added to it, but that core concept of being able to accept your own documents back again seems to have held together pretty well.

So ID chains has this model where all of these identity documents are in a container, you give the container to somebody when they want to verify your identity, and it basically slashes the paperwork for managing new identity claims in the current formal system. Is that roughly it?

Michael: That’s right. And that leads therefore to noticing that there are three different roles here. There’s the subject, me, who has got all of this documentation; there’s a certifier, the PwCs, the notaries, perhaps a government department, so they’re basically saying, “This is a document I’ve added my digital signature to,” and leaving key management and all that to one side and digital certificates. The third bit of course is the interrogator, the person who is saying it. I think this leads to two interesting issues: the first is this type of approach only works if there’s a market, in that the interrogator is prepared to use somebody else’s certification.

Vinay: Right, you have to be willing to accept a third-party claim.

Michael: Correct, and that therefore requires scale. Like so many things on the Internet, you can see the network effect, if it takes off, is very powerful, but it makes it very difficult to take off.

Vinay: Yes. This is one of the joys of the ICO world, is that there’s the potential of applying enough just cash to things to push them up these hills onto the next plateau. There are a lot of folks in the blockchain space running around on these 100-million-dollar war chests, and the hope is that they have enough money to push things through these phase transitions. Although when you start thinking about the loss rate on that, because probably 90% of those projects will fail to get up those cliffs, you can see why we don’t do things that way already.

The paradigm that we’ve looked at is insuring those attestations, getting people to stand behind them. But if there isn’t a strong competitive demand for the attestations in the first place, it’s then very hard to sell insurance on top of that, because it’s an additional cost and an additional barrier to entry.

What do you think are the obstacles to large-scale adoption of these kind of identity practices?

Michael: I think the network effect is the biggest thing, it’s that whole bit of “Well, I can see this all in principle, but if I go to all of this effort, who is going to use it?” There are a host of other things: is my data really secure? Who’s got access? What’s the recovery rate? Because it’s so secure that if you lose all your keys, you’re back to ground zero and you have to start again. And then we move on to where do I get the actuarial data to handle indemnity?

There are a couple of points I’d make. We’ve been waiting for the cryptocurrency boom to kind of move away. We’re now looking at a traditional IPO of our ChainZ systems, of which ID chains is a major component.

Vinay: An actual IPO?

Michael: An actual, just a straight IPO: normal equity rights, the usual boring thing… We’re not asking for hundreds of millions… It’s all that kind of thing.

Vinay: Tens will do? [laughs]

Michael: And none of you can invest, so don’t worry about it. But no, we’re seriously looking at just a nice, boring, straight thing. But when we’re looking at moving ID chains for… The market that we’ve identified is wealth management internationally, but within a single firm.

Vinay: So this is the ultra-high net worth case, where people try to move from one country to another country and they don’t want to spend six weeks in paperwork hell?

Michael: Correct. Further, they’re actually part of a network. If you take some of the larger wealth management firms, St. James’s or UBS or something like that, these large firms have actually got the problem inside themselves.

Vinay: That’s interesting. Say a little more about that.

Michael: Well, kind of for us it’s “Thank god,” because you can actually go to a large firm like that, and they say, “Our problem is we’ve onboarded a Russian in Hong Kong, they come to Switzerland, they say, ‘Hi, I’m here with the same firm,’ and we say, ‘That’s lovely, but you get to start at ground zero. The data that was acquired in Hong Kong wasn’t acquired for the purposes and all this…’”

Vinay: How we use it, and you wind up…

Michael: But if Hong Kong, on the other hand, has said, “Take this, here it is, it’s yours,” and six months later you come to Switzerland and you say, “Oh, that’s funny. They gave me some weird thing on my phone, which is all these documents. Are they any good to you?” and, funnily enough, the Swiss office can accept the Hong Kong sister’s digital signature.

Vinay: So you have PKI inside of the firm which verifies the signatures.

Michael: That’s right, and then move that up.

Vinay: Right now we’ve got umpteen billion floating around on things like cryptocurrency exchanges, you’ve got a bunch more money sitting inside of ICOs. Most of that money is functionally stranded, because it’s lost the KYC, the AML, and all their necessary identity that would go with it, so you can’t really re-onshore that money. It seems like there’s an opportunity there for somebody to go through and build a properly KYC/AML identity-based blockchain. Do you know anybody that’s working in that direction?

Michael: I know of people who claim that they are, but I haven’t seen the effort I would expect. In fact, in some ways almost every ICO is going through the same AML/KYC, it’s almost ideal for sharing on it. But you’ve got to grab them at that time, they’ve got to see how important it is, quite a few of them have got an attitude thing about US regulation, and so it’s quite difficult.

Vinay: There’s two sides to this, in that we’ve got, firstly, an enormous amount of money that needs things like KYC/AML to be safe to handle legally, but we also have an enormous PKI gap in the blockchain space, in that we’re transferring hundreds of millions of dollars of transactions, billions of dollars of transactions, to keys which are really just identified by somebody pasted to the key in an email, and there’d been some instances of viruses that basically come and attack your cut-and-paste mechanism on your laptop, to replace the key that you pasted with their key. So the predictable madness of running a public key-based identity network that handles real value, but without any public key infrastructure to actually secure the keys, is the current situation of the entire cryptocurrency space — it’s jaw-dropping. If you told us that somebody would try and run an economy that way in the 1990s, when all the people really worried about was PKI, people would have laughed until they fell over. Do you have any thoughts on that?

Michael: What surprises me is how little thought has been given to this, and that’s why I support, as you know, Mattereum and what you’re doing. I think one of the things that does bother me in this space — in fact, I had a discussion with Hugo and Fishal yesterday, we were touching on this — is I think a lot of people talk about insurance when they really mean indemnity, and I draw a distinction.

Vinay: Clarify this. Because this was very useful when you explained it to me a couple of weeks ago.

Michael: Strictly speaking, insurance is something where you have to prove the scale of loss and then you get compensated for that. If I digitally sign somebody identity, I don’t use do care and attention, and it turns out they’re a fraudster of some form.. I loved Rob’s point that we’re all here really to give the 419ers a fair, level playing field, I thought that was really good.

Vinay: Yeah, if you’re unfortunate enough to be a Nigerian prince, have real problems getting things done. If you’re the Prince of the Netherlands, that turns out to be a lot easier to ID. [laughter]

Michael: Anyway, when you’re looking at this, you then lose 50 million. Well, I was just certifying something, and maybe I had momentary lapse of attention or something; that doesn’t seem fair. That leads you up to the next level, which is you say, “Alright, alright. Let’s just have a fixed sum, that’s maybe agreed in advance but still a fixed sum, £10,000 if I get it wrong. And that why I’m charging you, by the way, because I’m going to all this effort to certify these things and you’re using them. If you want an indemnity, have it.” There’s a big difference between the two: one is more like a fixed spent, and the other is genuine insurance.

Now, one of the problems we face in this entire space though is that the regulatory and legislative structure for this is based on single error and you’re guilty, you as a financial institution, and so this is rendering cost-benefit analysis in this space moot. Because I’ve got an infinite potential cost, the regulators basically politically deciding what the fines are going to be.

Vinay: Yeah. This is how we basically frame this, between what we talk about as regulatory risk versus commercial risk, that the regulatory risk’s money is not really enough to compensate for regulatory risk; it only covers commercial risk.

Michael: Right. So it would be really nice if we could have an initiated debate over the next six months or so, where we’re able to get regulators to realise that maybe what they should be doing is turning to the institutions and saying, “We’re going to give you a level at which we will fine you per mistake, so it would be £5,000 per mistake.”

Vinay: And now you have insurable risk attached… Yeah.

Michael: So if I’m running an entity with four million customers, I’ll approach that completely differently than you will with 500. Further, the regulator might be able to give different levels. Even with your 500, you’ve not exactly performed brilliantly, so your level is now £50,000, but mine is still running at a lower level.

Vinay: Yeah. I can imagine a sort of exponentially increasing fine which very rapidly takes out the bad actors.

Michael: Exactly. But this would allow the cost-benefit analysis. At the moment, there’s not a lot of pull from the financial institutions for novel solutions, because the first thing they have to do is look over their shoulder and say, “What does the regulator think?”

Vinay: Yeah, and this means you can’t move any faster than the speed of regulation. This is why I think the cryptocurrency space is such an interesting space to make the move, because the negotiation of regulators is just at the beginning of that process. This has been extremely interesting. Any closing thoughts, Michael? What else should people be thinking about?

Michael: I guess the biggest thing in here is… Maybe if you could just take away that idea of is it about power or is it about probability. If this is all about power, that’s one thing, in which case we’re going to have a top-down structure where we have to know everything, and Rob’s point about a surveillance economy, or surveillance society actually, which is somewhat frightening. Or, do we move to a probabilistic-based one, which is what insurance and indemnity have, basically some type of betting or risk in it. If you do that, then you’re looking at what level of certainty. “I’m 95% certain this is the right sort of person, but it’s only a 50-quid deal, and I’m still insured for £500 if it’s wrong, so that’s well worth doing.” This is going to be I think one of the themes in this space.

Vinay: Certainly on that basis business can be done, and if you can stand an economy up and run an economy on that basis, where basically the computers handle the risks that they handle and insurance handles the rest, that seems like the kind of laminate that’s often successful. A system which is almost perfect, plus something to cover the cases where it fails, that’s a real system, the world actually runs on things like that.

Wonderful — thank you very much! [applause]

Learn more:

All materials from the conference http://internetofagreements.com/identity/

Mattereum https://www.mattereum.com/

Join the telegram https://t.me/mattereum

Professor Michael Mainelli of Z/Yen in Conversation with Mattereum CEO Vinay Gupta was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.

On April 10th, Mattereum hosted the third Internet of Agreements® (IoA) conference at the Google Campus in London. IoA® is a vision for global supply chains and logistics, integrating national laws and regulation with international commerce through the application of technology such as blockchains and smart contracts.

To kick off the third IoA 3 conference on the theme of digital identity, Rob set out the background to the conference series and elucidated where the Internet of Agreements fits within the evolution of the Internet in society. He divided its history into three eras — the Internet of Ideas, the Internet of Commerce, and the Internet of Agreements — and briefly described how the underlying technology manifested these changes.

In his explanation of the Internet of Ideas, he emphasized that since the early Internet was only used by specialized organizations to communicate with one another, there was little to no encryption. He then explained how the invention of the World Wide Web caused an exponential increase in users by providing a more intuitive interface to the Internet. Naturally, the “browsing” capabilities combined with the exporting of the credit card system onto the Internet via cryptographically secure channels precipitated a boom in the commercialization of the space which has given birth to the some of the world’s largest companies — the Internet of Commerce.

Regarding the Internet of Agreements, Rob explained that the majority of global trade and finance do not operate on the credit card system but on purchase orders, invoices, and other contractual frameworks involving multiple parties over time. Blockchain is potentially an ideal infrastructure to facilitate this with its long-term storage, recording-keeping of signatures, and capability to program conditions of a deal using smart contracts.

He then concluded by describing the role of identity throughout the evolution of the Internet — notably how the space has been quite “Wild West” since its inception — and suggests a potential solution to the damages of identity fraud and the caveat emptor practice by way of identity insurance. The Identity Insurance Consortium helmed by Mattereum and other projects that were present at IoA 3 is exploring this path.

Video:

Transcript:

Thank you, and thank you very much, Lloyd, for that introduction. I just want to start by saying thank you to everyone who’s turned up. I remember saying at the end of the last conference that everyone should go away, tell their friends what a wonderful time they had at this conference, everyone was amazing and interesting and smart and beautiful and it was the best time they’ve ever had, and that people should definitely come to the next one. I’m glad to see that that worked, and that we now have another bunch of interesting and beautiful and smart and intelligent people to have another day with.

I just want to begin by explaining what we mean by the Internet of Agreements. Because we’ve had two conferences and this is the third conference now on this subject, and I don’t think we’ve ever really spelt it out at the start of any of the conferences, which is probably an oversight on our part, but the concept is really fairly simple. As Lloyd mentioned, we kind of began in 1973 or so with the origins of the Internet: a bunch of universities begin to hook their computer networks up to each other, we get scientists and we get researchers and we get academics all talking to each other, all communicating, and building new services, building new products, building new tools to facilitate that communication. We get things like email, we get things like FTP to be able to send files around, we get newsgroups, and what these things have in common is that they’re unencrypted, for the most part, they’re there for the transfer of information, and they’re there to facilitate the life of the mind.

Towards the end of this period we have a particular researcher at CERN called Tim Berners-Lee who invents the World Wide Web, The World Wide Web is an advance over the previous technologies, because it’s much easier to use, it’s more visual, and it’s something that regular people can kind of understand, and so you get a major new adoption of the Internet by a whole bunch of new people, regular people. If you’re a business, a service like that that has a whole bunch of regular people using it looks an awful lot like a market, it looks like people that you can sell to. So we kind of go through a few years of intense development around things like cryptography, to be able to get just enough encryption in place that you can send your credit card number across the Internet without anybody stealing it. We go from a situation where people were mostly exchanging ideas around, completely in the clear and with no encryption, to a situation where people are conducting commercial activity, this requires cryptography, and this gives rise to the Internet of shopping. You get the World Wide web plus some cryptography, and you can now, as a consumer, go to a website, browse a bunch of products, select the product that you like, add it to a shopping basket, go to the checkout, enter your credit card number, enter your name and address, complete the purchase, and those goods will then be shipped to you.

There’s a kind of technological determinism at work here, because the technology that we had at that time was a very good fit for that kind of experience. If you think about the experience of going to a shop or going into a supermarket or a clothes store, you browse around, you see what’s on the shelves, you see what’s available, you have a look at a few things, you decide the things that you like, you put them in a basket, you take them to the checkout and you pay for them. That kind of browsing around, having a look at things, selecting the thing that you want and going through a checkout process is very well supported by the Web; the Web browser is a browser, it’s for browsing, it’s the same activity that you’d do in a shop. The thing is that this turns out to be a giant chunk of the economy, like huge amounts of what we actually do in city centres and shopping malls and things like that is exactly that experience. So we’ve had the second great age of the Internet, after ideas came shopping, and we’ve done the last 20 years of basically taking anything that you could do with a credit card by going into a store somewhere, we’ve taken that and put it onto the Internet.

Catalogue shopping, the retail experience, has now been kind of replaced with the ecommerce experience. Instead of going to a supermarket or a bookstore, you can go to Amazon; instead of going to Blockbuster, you can go to Netflix; if you want to book a hotel, you can do that through any number of booking sites, or you can even book someone else’s apartment through something like Airbnb. Uber, Netflix, eBay, all of these businesses are enabled by this one fundamental innovation of the World Wide Web, the browsing experience to find the thing that you want, and a little bit of cryptography so that you can send your credit card number to somebody.

It sounds pretty simple, but off the back of this we get several of the world’s largest companies by market cap, they come directly out of that innovation. We also get Google and Facebook coming out of that, because they exist to advertise to that market of people. All of those people sitting at home with a Web browser and a credit card, the Google and Facebook business model is to figure out who those people are, figure out what those people want and advertise to them. This has created multi-multi-billion-dollar companies, and there’s now a race on between the world’s largest technology companies to see which will be the first to get to a trillion-dollar market cap, the current speculation is maybe Amazon will get there first. And it’s worth remembering that Amazon’s entire thing is that they know what your credit card details are, and they have a giant selection of products that you can buy.

What can’t you do inside that paradigm? What things are not a good fit for the Web and a little bit of cryptography that lets you send your credit card details? Well, most businesses don’t actually make their purchases using credit cards; they use purchase orders and invoices. Most finance isn’t done using a credit card. If you want to take out some insurance, if you want to take out a loan, the Web and credit card paradigm isn’t a very good way of doing it. Because the Web is very good at this kind of ephemeral, you look, you see that the product is available and you buy it kind of experience, which mirrors the shopping experience — you see something that you like in the shop, but you come back next week and it might not be there anymore — but for things like invoices, for things like insurance contracts, they live over a much longer time period. An invoice might take 90 days to pay, and it might fall under a contractual framework, a master services agreement or a longer-term contract, that may run for years. If you take out insurance on your home or on your car, it may be years before you make a claim. How many websites can guarantee that a webpage that you see today is still going to be there years from now? There is no real assumption that webpages last for a very long time, or that they make any guarantees that the information you can see today is going to be there tomorrow. We have things like the Wayback Machine and Archive.org which kind of do their best to keep copies of all webpages, but pretty much anything over a certain age is now gone, very few things that were there 20 years ago are still there. But there are definitely people who took mortgages out 20 years ago who still got those mortgages.

So what we need to be able to address other areas of the economy outside of retail is something that is a better fit for those kinds of systems. We need something that can store information for the long term, we need something that has a notion of who are signatories, who are the parties to a contract, or who are the recipient and the sender of an invoice, or who are the parties to an insurance contract or a master services agreement. Many of those things are conditional: with an insurance contract, you don’t know if you’re ever going to make a claim, the best case scenario is you never have to, which is very unlike a credit card payment where you have a very distinct expectation about exactly what’s going to happen and you expect it to happen pretty quickly. So our key criteria are long-term storage, some notion of who the parties are, with some kind of signature system, and some ability to model conditional events that are going to happen based on logic. This sounds an awful lot like a blockchain. If you look at the Ethereum blockchain, it has long-term storage, digital signatures so that every record that appears on the blockchain has originated and had been signed by a private key, and you can model the conditionality in smart contracts; you can write logic in a smart contract, the same way you would write logic into a legal contract.

Our prediction and our view is that this gives rise to what we call the Internet of Agreements. Just as the Web was the perfect technology to bring shopping onto the Internet, the blockchain enables us to bring invoices, it enables us to bring insurance contracts, it enables us to bring supply chains, personal finance, business-to-business, all of those areas of the economy that are quite difficult to model just using the Web become much easier to model when you have things that look a bit like blockchains. This turns out to be a much larger share of the world economy than retail is, so the stakes here are extremely high. We’re just coming to the end I think of a sort of 20-year cycle of moving all of the shopping stuff from the offline world into the online world. There isn’t going to be another Amazon, there isn’t going to be another Uber, there isn’t going to be another eBay, there isn’t going to be another Airbnb; we’ve kind of got our major big brands, our major big institutions of online retail. But we don’t yet have our major online institutions of banking, of insurance, we don’t have the new competitors in a whole series of spaces — in business-to-business, in supply chain — we don’t know who is kind of the Amazon of this new era yet, we don’t know who’s the Google or who’s the Facebook. But if the past is any guide, we are at the beginning of a process that is going to end 10–20 years from now with massive, multibillion-dollar companies being born, huge reworking of how our economies work, how our techno-social systems operate, and it’s going to be in these areas. We’re going to go into finance, we’re going to go into supply chains, we’re going to go into insurance, we’re going to go into all forms of interpersonal and intercompany contracts, because we now have the technological tools that enable us to do it, which we just simply didn’t have 20 years ago.

So when we talk about the Internet of Agreements, this is the process that we are talking about. We are talking about the process of rewiring the world essentially onto a new technological platform, and the reason we’re doing it now rather than doing it 20 years ago is that we didn’t have the technology to do it 20 years ago.

In each of these conferences, we’ve looked at areas where this new technology intersects with other systems. In our first conference we looked at the intersection between this technology and the legal world, in our second conference we looked at world trade, and in this one we want to look at identity. Because if you want to make an agreement with somebody on the Internet using a technical system, you need to know who that person is; specifically, you need to know that if they don’t do what it is that they promised you, that you can get some kind of recourse against them. If we’re completely honest, the Internet has always been pretty bad at this kind of thing. Economists like to talk about high-trust societies and low-trust societies, and in a high-trust society there are good institutions, you can rely on people, if you make an agreement with someone you can expect that they’re going to keep it, because everybody kind of knows that there are rules and those rules tend to be enforced, either by social systems or by the law. The Internet has always had that kind of air of Wild West about it. Generally speaking, if you receive an email with a business proposition and a contract that somebody would like you to sign, you’d be pretty well-advised not to sign it. It’s probably from a Nigerian prince and they’re probably offering you great rewards for conducting this activity, and we don’t have a very good way of allowing that person to prove that they really are a Nigerian prince and that they really do have millions in a vault somewhere, and they just need you, as a specific individual, to help them to recover their money — it’s very hard for them to prove these things.

We have one set of approaches of doing this, which is the kind of Facebook approach, which is to collect a huge amount of self-declared information about people, to look at their social networks. We’re seeing I think right now in the news the downsides of that approach, the fact that it doesn’t work very well for a whole bunch of things. A lot of the people on there are not who they claim to be, they may in fact be paid agents of a state or of an organisation that exists to try and influence you. And if you are a real person, you really don’t want to be disclosing all of your information completely accurately to Facebook simply for the benefit of being allowed to poke people or post on walls or whatever it is that you do.

So we are at a situation where in order to do real business, we need some kind of breakthrough in identity, we need a way of making this work. The traditional tech person’s approach to this kind of thing is to think of one amazingly elegant system that works for all possible use cases, with perfect privacy and perfect security, but also perfect disclosure of information to everybody else where you want to have it, and I think what we’ve learnt from the past is that that perfection is very, very hard to achieve. We could achieve perfect knowledge of who everybody is and what they do and their claims, if we’re willing to accept total surveillance of absolutely everything, everybody’s relationships with everybody else and everybody’s activities, but in reality we don’t want that. So we have to accept that this is a situation where people want to defraud other people, there are bad actors, it’s an adversarial system, it’s the Wild West out there, and the blockchain space is a very good example of this. We see regular scams and frauds, misrepresentations, people posing as other people, people inventing entire other identities, people inventing whole teams — plenty of ICOs have gone out with pictures of Hollywood actors as the team members — fake identities, fake LinkedIn profiles, this stuff happens all the time. I’ve even seen people impersonating me, which is not a thing that I ever expected but it has happened. The first time it happened, I thought it was really flattering, I thought “Wow, I’ve arrived! I’m at the point where now someone thinks it’s worth impersonating me!” but by about the fifth time it happened, it was less amusing.

So, we have this very difficult path that we have to find. If we go down one approach, we have the Wild West, caveat emptor, buyer beware; if we go down another path, we have perfect surveillance, absolutely everybody is being snooped on at all times, in order to make sure that you are who you say you are. We need to find that middle path, which is to allow people to trust each other, or to at least trust the information that they’re being presented, without necessarily requiring scanned copies of everybody’s passports before they’ll even talk to them. We’ve been doing some work, Vinay has been pioneering this idea on an intellectual level, and we’ve begun to put together a consortium, to discuss whether it’s possible to use insurance as a mechanism to bridge this gap, such that rather than having to verify every single aspect of another person’s information before you’ll deal with them, it’s possible for that person to insure that information so they can present a set of insured facts to you, and you at that point are relying on the due diligence of the insurer, rather than having to perform all of that due diligence yourself.

This is one approach, I’m sure we’re going to hear from other people who’ve got other ideas about how these things could be done, but what this event exists for is a forum to bring together people from the tech world, from the world of finance, from the world of law, from the world of government and further afield, to try and get those perspectives out, to try and work out how do we move forward. Throughout the course of today, I think we’re going to hear from people who are building identity products, from people who understand the legal & compliance requirements, from people who are in the insurance world, and they’re going to present their understanding and their perspective, and hopefully in the discussions that happen around the conference, we can try and form that into a cohesive view that everybody understand.

I think I’ve probably run slightly over time so I’m going to conclude here, but I’m greatly looking forward to the conversations today, I’m hoping that I get a chance to speak to pretty much everybody here. Please come and talk to me about what Mattereum is doing or about the identity insurance consortium, and I hope you all have a wonderful and stimulating day — thank you! [applause]

Learn more:

All materials from the conference http://internetofagreements.com/identity/

Mattereum https://www.mattereum.com/

Join the telegram https://t.me/mattereum

Rob Knight — on the Internet of Agreements project was originally published in Mattereum - Humanizing the Singularity on Medium, where people are continuing the conversation by highlighting and responding to this story.