I had the privilege to chair a discussion about identity in the metaverse at the Identiverse conference in Denver in June 2022, and had great fun discussing the new landscape for identity with Heather Vescent, Jonathan Howle, Katryna Dow and Gopal Padinjaruveetil. In order to frame my thoughts and get the discussion about identity and privacy going, I needed a mental model.
I thought it might be a good approach to think from first principles what the metaverse is and therefore what corporate strategies around it will be important. To do this I went ahead and created a model of the metaverse as a framework for this discussion. Using this model did, I think help to frame a useful (and, I have to say, entertaining) discussion and lead to some actual learning (to judge from the very positive feedback on that panel, at least) so I thought I’d expand on it here.
Real But Virtual
It seems to me that the obvious starting point for any metaverse model is virtual worlds. Banks, as others, are already experimenting with more immersive experiences. Accenture say that almost half of bankers believe that customers will use augmented reality (AR) / virtual reality (VR) as an alternative channel for transactions by 2030. They point to early experiments from BNP Paribas, which has launched an app that allows customers to use VR in their banking transactions, and Citi, which has tested holographic workstations for financial trading. Furthermore, according to the 2021 edition of the Digital Banking Report, a third of bankers believed that around a fifthof their customers will use this alternative channel in that timeframe.
These virtual worlds and experiences have been around for many years and financial services organisation have been experimenting with them for a generation (remember those virtual bank branches in Second Life). Therefore it is reasonable to wonder what it is that will transform these virtual worlds into a metaverse? It is not simply VR headsets or AR spectacles. I could use them to play World of Warcraft and it would be a lot of fun, but it would still be nothing more than a virtual world. A metaverse is more than Second Light UHD.
The Financial Times defined the metaverse as a collection of shared virtual worlds which are interoperable in the sense that people can navigate them while taking with them their digital identity and their digital assets. Now this strikes me as a very straightforward and practical description and I like it very much. This is a world where transactions take place between what Jaron Lanier called “economic avatars” (that is, digital identities that can own digital assets) and reputation is the fundamental transaction enabler.
But what are digital assets?Digital assets are tokens and the protocols for moving these tokens around is what is known as decentralised finance (or “defi”). Digital assets and decentralised finance are together loosely known as “web3”. Frances Zelazny of Anonybit set out the relationship between the two plainly when she wrote “the metaverse is dependent on [web3]“, going on to say that users can expect “increased democratisation, inclusion and user control, instead of having big tech and centralized gatekeepers”.
So you might say that the metaverse is made up of virtual worlds and web3. Now we are getting somewhere.
A checkpoint back to the Financial Times. The metaverse is virtual worlds plus digital assets (ie, web3) plus digital identity. That’s what’s missing and that’s where we need some new thinking. In essence there are two ways forward: we can take things that already exist in web3 (ie, tokens) and repurpose them to handle identity — and, indeed, this is what Vitalik Buterin and others set out in their proposal for “soulbound tokens” — or we take digital identity things that exist outside of web3 and bring them into the metaverse: this is the approach that we at Consult Hyperion favour.
The VC Way
Professor Bill Buchanan OBE from the School of Computing at Edinburgh Napier University is a leading expert on cryptography and cyber security (and also an excellent speaker, by the way). I always take what he has to say about things very seriously and I couldn’t agree more with him on his comments about the nature of the infrastructure that we need for the online economy. As Bill writes, we joined together a set of interweb tubes with very little trust built in to them and then we patched them up with what he calls “simple methods” but what I might call string and sealing wax. He says that “our digital future must be towards an infrastructure that properly integrates trust” and that when it comes down to it, web3 means the digital signing of transactions to support the true integration of the digital identity of the citizen into the digital world.
That is, web3 plus digital identity gives us the trust infrastructure that we need. We already have the tools and techniques needed to do implement digital identities that work in this context. We have private keys and digital signatures and computers and all of the other components. We already have smartphones that contain Trusted Execution Environments (TEEs) capable of handling advanced cryptography yet we send them completely insecure text messages and call them “security”. What we need is a way of using them and this where credentials come into play.
Verifiable credentials (VCs) have a crucial role in resolving the “clash of the titans” between the emerging metaverse and the growing demands for data privacy. The metaverse wants to harvest new, uncharted personal information, even to the point of noting and analysing where your eyes go on a screen and how long you gaze at certain products. Data privacy, on the other hand, wants to protect consumers from this incessant cherry-picking.
When you put all this together — virtual worlds where people want to do business, decentralised finance moving tokens around and persistent pseudonymous identifiers with verifiable credentials — I think you can see a clear and consistent definition of the metaverse as well as the strategic outline for the financial services sector’s response: managing the customer’s digital assets and digital identity.