I don’t know whether we need a real names system but we do need a real reputation system. Maybe this is where banks can find a role in the new economy.
The kind people at Barclays invited me along to their “Distributed Banking” workshop to explore some new possibilities around the blockchain, cryptocurrency, digital identity, cloud computing and such like. A lot of the workshop discussions were fun, but the highlight of the day was, for me, getting to argue with John Clippinger. I’ve followed John’s work for years, and his 2007 book “A Crowd of One” greatly influenced the evolution of my thinking around digital identity. We agree on a great many things, including the key role of pseudonymity in workable, scalable digital identity proportions for the mass market but we found a few things to disagree on as well. I learned more about the future of identity debating with John at the workshop than I would have learned in a month of reading papers and magazine articles.
So what could a bank do in this space?
Well, a couple of years ago I saw a presentation on the IRMA project (IRMA = “I reveal my attributes”), a research project underway at the Rabboud University Nijmegen. The goal of the project was to implement attribute-based credentials (along the lines of U-Prove or Idemix) but optimised for implementation in smart cards. Having the keys stored in tamper-resistant hardware simplifies, as I understand it, the cryptography needed to implement what they refer to as “self-blinded” credentials. The reason for doing this is, of course, to implement pseudonymous credentials that can be used in transactional environments which is why I was paying attention to the work.
Now that Apple have put their seal of approval on the use of tamper-resistant hardware, in the form of the Secure Element (SE) inside the iPhone6, I think it might be time to revisit this kind of attribute-based approach that depends on having cryptographic processing inside tamper-resistant hardware.
To see what I mean, consider this practical example. The bank generates a key pair and loads the private key down into the SE of my mobile phone (there is, by the way, an alternative vision whereby it is the mobile operators that generates a key pair and loads the private key into the SIM). The bank puts the corresponding public key into a directory that anyone can now use to find the key and send secure, encrypted messages to me. The bank keeps the private key safe and sound so that if I drop my phone down a toilet they can reload the private key into my new phone.
Now, an obvious first use of this technology is for the bank itself since the bank will often want to send secure messages to an app on the phone. When the app receives such a message it sends it off to the SE to get the session key decrypted using the private key and then the app uses the session key to read the message. These are tried and tested cryptographic techniques and the implementations are well-known and well understood.
But we can go further. The bank can attest to any number of attributes on my behalf and then create public key certificates (certs) that it can either download to the phone or keep in its cloud and download pointers to the phone. A simple example might be a cert that says that I am over 18. So to use the traditional example in these cases, I go to create an account at an online gambling site and when I am asked to demonstrate that I’m old enough to play I send the cert (or, more likely, under hood and invisible to me, a pointer to the cert in the bank cloud) to the gambling site. The gambling site retrieves the certificate from the bank cloud and encrypts a challenge using the public key it found inside that certificate which it then sends to the bank app on my mobile phone (or of course it might send it to a gambling app on my mobile phone). Now the only way that that challenge can be answered is if it can be decrypted using the private key that is stored inside my SE so the app sends the challenge down to be SE that which point I am asked to authenticate myself to the app, using TouchID let’s say. I put my finger on the sensor to authenticate then the challenge is decoded and answered. Now, the gambling site knows for certain that the person at the keyboard or tablet or smartphone has control of the private key (which we might, for sake of argument, call the digital identity) of a person known to the bank, even if they don’t know who the person and even if the bank doesn’t know that the gambling app has used the key.
Now, you wouldn’t use a system like this to launch nuclear missiles. Here’s are examples that shows why. A parent in modern Britain might well lend their iPhone and fingerprint to their pre-teenage son or daughter in order to let them stick a few quid on Manchester city to get a draw at Roma tonight egged on by Ray “‘ave a bang on that” Winstone. Agents of a foreign power might steal your phone and obtain your fingerprint from the case and use it make a pretend finger and… you get the point. It is not perfect security, but generally speaking authenticated control of the private key should be good enough to allow a retailer, bank, government department or other service provider to depend on the attributes provided in the certificate from the bank. Here’s another example.
A reader wondering whether or not to make a purchase might be convinced by this breathless praise: the only problem is, Jelly Bean and Nicodemus Jones are both the pseudonyms of Ellory himself, who was outed this week by fellow crime writer Jeremy Duns as the author of 12 glowingly positive writeups of his own books on Amazon, as well as two reviews critical of his fellow crime authors Mark Billingham and Stuart MacBride.[From Sock puppetry and fake reviews: publish and be damned | Books | The Guardian]
Now, as an author myself (oh yes) I might be very tempted to log in on Amazon under a false name and give myself a rave review. I would never do this, of course, because I am a gentleman and could not live with the same, but if I did, it might be nice for Amazon to ask for a cert that says that I am over 18 and live in the UK. Then, if it sees the same public key being used to complete reviews under other names, it can not-name but shame me and block my reviews. (Of course, if I’m dedicated, I might open 12 different bank accounts and get 12 different keys, but sooner or later I’d trip up and get found out – look what happened to the Dread Pirate Roberts.) I might even want my “review identity” to be out there on a blockchain with all of my reviews so that my “review reputation” can be independently verified across lots of different sites, not only Amazon. I want my reviews to be given more weight and to be taken more seriously, so I want my reputation to public even if I don’t want my real name to be public.
Keeping my real identity tidy locked away at the bank while I navigate my way around the new economy using attributes seems most appealing to me. The more you are required to give up your real identity on the web, the more likely it is to be compromised. I saw an example of this just the other day.
Police are investigating after internet hacking group Anonymous “compromised” the security of a web forum and obtained the private email addresses of officers.[From News – Latest breaking UK news – Telegraph]
This an absolutely text book example of the case in point. First of all, I strongly doubt whether either the “web forum” or “Anonymous” have any idea whether any of the e-mail addresses belong to officers or not, since there’s no way for the web forum to have people prove that they are police officers before joining and, secondly, unless the police officers involved had not the slightest notion of how the interweb tubes work, none of them would have used identifiable e-mail addresses.
If were to log on to a web forum for disgruntled Consult Hyperion employees to complain about the antics of their Global Ambassador then I would do it as email@example.com, not firstname.lastname@example.org. You get my point: if I we had a working identity infrastructure then the web forum mentioned in the above example would be able to demand the IS_A_POLICE_OFFICER attribute and this attribute would be a linked to a conditionally-anonymous identity (i.e., a pseudonym).
This overall approach might be summarised as “real reputations not real names” and this is where the blockchain could be a breakthrough. If reputations are committed to the blockchain and cannot be changed (after all, once I’m over 18 I’ll always be over 18 – no “right to be forgotten” applies here) then I can keep attributes in a wallet to use them as and when. My name, my address, my favourite hobby and my inside leg measurement could all be there (attested to by trusted sources) ready for me to use. Here I am convincing Marco Crispini from Matrix Vision that this is the right approach.
I see this shift to a reputation-based approach as being a crucial component of such scalable identity management system and so (I think) does John. Your name and other personally identifiable information are, in this model, just more attributes and are not privileged in any way. If you want to tell the gambling site who you are, that’s up to you, but they won’t get it as a byproduct of age verification. It’s easy to construct examples where this could be the major selling point of such a system. If I log onto an online dating service then potential mates might well expect to see attributes from third parties that they trust to attest to the fact that I am a real person, I am over 18 and I am resident in the UK. I might want to save my real name for the first date though.
Anyway, the point of this post is to say thank you to Barclays for arranging such a stimulating event and to announce that by way of celebrating, I have a spare copy of “A Crowd of One” on my desk at work and I will cheerfully dispatch it post-haste to the first person to comment on this post (remember to include a mailing address).