Shared ledgers might not disrupt payments, but identity

Thanks to Marc Hochstein from American Banker for pointing me to this video of the Stanford Blockchain Workshop that he chaired in March. If you are interested in the subject of blockchains, identity and reputation then put your feet up get a cup of tea and enjoy watching some really smart people introduce a lot of really interesting concepts.

Panel: Casey Fenton (Sovolve / Couchsurfing), Patrick Deegan (ID3/OMS), Primavera De Filippi (LOVE), Muneeb Ali (Onename)

[From Stanford Blockchain Workshop (March 2015)]

These people are on to something. And they are not the only ones. A similar gathering of the great and good (how come that classification never includes me!) on Richard Branson’s island came to a similar conclusion, highlighting identity as one of their four key application areas for the blockchain.

We discussed that the identity stack is a core application for the blockchain, it’s a critical piece for further development and needed for a trusted information economy system.

[From Richard Branson’s Necker Island And The Blockchain Summit (Part 2) | Vancouvered Weblog]

Bearing in mind that I always interpret the word “the blockchain” in these circumstances to mean “some sort of shared ledger that will probably be permissioned in some way”, I think they may be right.

So our identities could be verified by reference to a series of our blockchain transactions. For privacy and security reasons, each blockchain transaction should be coded so as not to give away much information about the transaction itself.

[From The Fine Print: Of #Blockchains And #MultiFactorAuthentication]

This kind of idea deserves serious examination. The idea that I might demonstrate some attribute to a third party by demonstrating ownership of a transaction output on a blockchain is interesting, especially when combined with smart contract stuff. It’s an exciting field. There are companies like Shocard and OneName already active in the space and new ones coming along all the time. For many of our financial services clients, radical reduction in the costs of identity-related compliance are a much higher priority than some marginal reductions in transaction costs.

I think we can begin to speculate about the use of a permissioned ledger to hold KYC information and the merging of auditing and compliance to replace AML “gates” with permanent monitoring of transactions on a blockchain (more on this tomorrow), the restoration of financial services in accordance with the FATF risk-based approach on a per-transaction basis. This would really be a new world, and would be really a revolutionary use of shared ledger technology.

Is it safe? Is… it… safe?

Someone I know to be an impeccable source and a first-hand witness told me an interesting story about a young female friend who fell ill on holiday in North Africa. When she got home, she claimed for the doctor’s bill on her travel insurance. The claim was rejected because the person who treated her wasn’t actually a doctor. It was, as it transpired, just some guy who worked for the hotel (and presumably examined young women as a hobby). Which led me to think: how would you know? If I got sick in New York and asked the hotel to call a doctor, I’d be reasonably confident that the concierge would call an actual doctor rather than a friend who drives a taxi but has a stethoscope in the trunk. But would I check? Would I have called the New York state medical licensing board (or whatever – I just made this up) to find out?

Maybe a smartphone app that lets you take a picture of the “doctor” and then, after a few seconds, shows you a picture of his diploma would do it. Which reminds me of the old Robert Schimmel joke about going to the dentist: “Do you want a shot of novocaine / No, I want a shot of you getting a diploma”. But, for reasons related to discussions earlier in the week, I’m not sure about “passive” credential services like this. Perhaps a better solution would be that the doctor arrives with a smart card or his or her mobile phone or a badge or something else with NFC or a contactless interfaces, you read it with your phone and your phone displays a blank screen if the person isn’t a doctor and a their picture if they are a doctor with a valid license to practice in the location where you are scanning.

A woman has been charged with fraud after allegedly pretending to be a doctor at GP practices across the country…. The 29-year-old, from Maidstone, in Kent, allegedly had no medical qualifications but was thought to have used a name and registration number with the General Medical Council belonging to a real doctor.

[From ‘Fake locum GP’ who worked in practices across Britain charged with fraud | Daily Mail Online]

Now, if I were a medical practice employing a doctor, I might be tempted to at least look them up on LinkedIn or something before I let them get their hands on a patient but I suppose that under the National Health Service it’s considered ungentlemanly or discriminatory or just plain rude to ask a prospective clinical employee for verifiable evidence of any valid qualifications. We are English, so we take people at their word. Dictum meum pactum.

But then I was thinking that if I go to see a doctor for some antibiotics I don’t care if it’s a real doctor or not so long as they can write me up some amoxicillin. Or if I am expecting intimate examination for my problem, I might not care who Doctor X actually is, but I do care that they are a doctor. That’s a different problem. Anyway, being English, I am far more terrified by fake dentists.

A bogus dentist who earned almost £230,000 by using a fake degree certificate to land work at a string of NHS hospitals was jailed for three years today.

[From Bogus dentist who earned £230,000 operating in NHS hospitals jailed for three years | Daily Mail Online]

Remember, these news stories (and believe me, they are far from unusual in this sceptr’d isle) are telling us about the bogus doctors, dentists, nurses and surgeons who got caught. There simply must be others working here, today, undetected. Aargh!

Since no post on fintech right now is complete without a blockchain reference, here’s a straw man for comment. Hospitals, clinics, GP surgeries and pharmacies around the country are chock full of PCs that are doing nothing for most the time. Make them mine a blockchain of medical professionals that anyone can look up. Then when you graduate medical school you could be given a smart contract that contains your license to practice subject to certain conditions that the contract can check for itself. When I go to see the dentist, I can ask him to whip out his smartphone and demonstrate ownership of the private key that the smart license has been sent to.

Who thinks pseudonymity isn’t important?

OK, at the extreme risk of boring everyone to tears, let’s ask the same old question again: should you be allowed to do things on the Internet without giving away your “real” identity? Remember this was something that was discussed here a little while back, using the simple case of newspaper comments as an example. Someone has come up with an interesting way of solving for two problems simultaneously: paying for news online and making people responsible for their comments…

However, he recently went back and was surprised that, in order to comment you need to hand over your credit card, and the paper will charge you $0.99. Obviously, this is more to prove that you are who you say you are, but it does seem a bit distorted when the newspaper wants to charge people just to comment. Also, once charged, your name and hometown are automatically associated with your comments.

[From Newspaper Wants You To Pay To Comment | Techdirt]

Interesting. I think the idea of paying to comment is very interesting. I might be tempted to do that in some cases. But paying to give up your real name? I’m not so sure. I might well want to comment on something without that kind of disclosure. Back to “real names” again. The discussion goes on and on.

Why does a comment with a real name have so much more value?

[From The Real “Authenticity Killer” (and an aside about how bad the Yahoo brand has gotten) — Scobleizer]

This isn’t always true. A nurse at a hospital, forced to comment with her real name, is highly unlikely to post anything critical of a doctor. There’s a difference between an authenticated persona (so that the web site can be sure she really is a nurse at the hospital) that may be based on a pseduonym (or even a cryptographically strong unconditionally unlinkable anonym) and an authenticated identity. There may be many reasons why the latter is undesirable.

Mexico announced a plan Monday to reward people who report suspected money laundering, under a program that will allow them to get up to one-quarter of any illicit funds or property seized. Under the new plan, people can file reports in person, by telephone or by e-mail. The exact percentage of individual rewards will be determined case by case by a special committee.

[From Mexico sets rewards for reporting money laundering | ajc.com]

Would you e-mail in a tip about a suspected money launderer and expect to pick up the reward? It seems to me that this is a good example of system that demands real names for integrity but real names mean it can never work. (Although, and it’s outside the scope of this piece, it is entirely cryptographically possible to enable the payment of rewards to anonymous people).

Public servants, law enforcement and banking system employees will not be eligible for the rewards, in part because it is already their duty to report suspicious transactions.

[From Mexico sets rewards for reporting money laundering | ajc.com]

Good luck to anyone who decides to report in person, or by telephone. SIM registration is mandatory in Mexico, which means that the money launderers will find you before the police do — don’t forget, they have more money than the police do. Come to that, they have more money than anyone does.

More shocking, and more important, the bank was sanctioned for failing to apply the proper anti-laundering strictures to the transfer of $378.4bn – a sum equivalent to one-third of Mexico’s gross national product – into dollar accounts from so-called casas de cambio (CDCs) in Mexico, currency exchange houses with which the bank did business.

[From How a big US bank laundered billions from Mexico’s murderous drug gangs | World news | The Observer]

Given the stringent anti-money laundering (AML) regulations in place around the globe — which meant it took me 15 minutes to put a few quid on my Travelex prepaid card at Heathrow, something I will never do again — I’m surprised that this could have happened, but there you go. Perhaps instead of hassling people trying to load low-value prepaid payment accounts, the authorities could focus on the counterparties in larger electronic transfers. Hence the discussions about Legal Entity Identifiers (LEIs) that have been going on recently. Many interbank payment messages have account identifiers only — you could send money to my account with the name Carlos Tevez and it would still get to me because it’s only the account stuff that matters — and the some law enforcement agencies want to stop this and have banks validate the names as well (it will help to track funds to and from suspects I guess).

LEI will be assigned at the over all corporate entity level and also at subsidiary levels. Its usage will be standardized Internationally. My immediate thought was, never mind systemic risk, this is the perfect means to route B2B transactions across a myriad of financial systems and payment schemes worldwide!

[From Reflections on NACHA Payments 2011 — Payments Views from Glenbrook Partners]

I’m sure I’d heard somewhere before, possibly at IPS 2010, that the plan was to use the SWIFT business identifier codes (BICs), but apparently that’s no longer the case.

Vandenreydt said SWIFT is changing its tune due to a recent meeting of the International Standardization Organization’s Technical Committee 68, where SWIFT has a seat. At the meeting, participants concluded that developing a new code would help avoid ambiguities that might be involved if existing codes are used. “[The committee] wants a pure number without country or other information,” Vandenreydt added. The BIC is made up of eight to 11 alphanumeric characters with four letters for the bank, two letters for the country, two digits for the location, and three digits for the specific branch.

The utility is still working with ISO on what the identifier would look like. Vandenreydt said that process could take up to three months, though he expects a decision to be made sooner. He noted the proposal also depends on other details about the initiative that haven’t been specified by OFR, such as how long the registration authority would have to ramp up the system, whether IDs will be assigned or requested, and how many codes are expected.

[From SWIFT Retools Legal Entity Identifier Proposal]

So here’s a positive suggestion. Forget about the 1960s notion of an identifier as a unique alphanumeric code and instead make the identifier a pseudonym attested by a bank. So we become consult.hyperion!barclays.co.uk or something similar. It doesn’t matter whether the sender, or anyone else, knows who Consult Hyperon is, because the identifier tells them that Barclays does. And for 99% of real-world transactions, that’s enough. What’s important is that we are always consult.hyperion!barclays.co.uk in all relevant linked transactions. Then, if consult.hyperion!barclays.co.uk is found to be sending money to Osama bin Laden on a regular basis, the appropriate law enforcement agencies can provide Barclays with a warrant and Barclays will disclose. For general commerce, the persistence is the critical foundation. The always-accurate Eve Maler pointed this out a while back:

The neat thing is, we do this all the time already. When you meet someone face-to-face and they say their Skype handle is KoolDood, and later a KoolDood asks to connect with you on Skype and describes the circumstances of your meeting, you have a reasonable expectation it’s the right guy ever after. And it’s precisely the way persistent pseudonyms work in federated identity: as I’ve pointed out before, a relying-party website might not know you’re a dog, but it usually needs to know you’re the same dog as last time.

[From Tofu, online trust, and spiritual wisdom | Pushing String]

Quite. But there’s another point. You don’t need to be a “real” persistent identity to have a reputation, as should be obvious. A useful reminder of this came at the end of 2010, when an anonymous critic was named the Village Voice’s “Music Critic of the Year”.

Twitter spokesperson Matt Graves called it a “milestone”; whether he’s serious or not, (“dead serious,” he later said) @discographies certainly carries a certain seriousness throughout today’s interview in the Village Voice. “Twitter,” the account holder says, “may be the first mass communications system that also functions as a meritocracy: it actively promotes good ideas and good content, regardless of where they come from.”

[From Anonymous Twitter Account Named Music Critic of Year by Village Voice]

I’m not sure that meritocracy is the right word, but I think the sentiment is accurate: you have to earn reputation to attach to your identifier, and once it’s been earned it’s hard to replicate (unlike intellectual property). So I might want to send money to @discographies without knowing or caring whether @discographies is a roomful of students or an internationally-known music critic. (And, over on Digital Money, I will point out that I want to send money to @dgwbirch — which is an entirely unique Twitter identifier — by MasterCard, PayPal, WebMoney, M-PESA or anything else, but that’s another point entirely.) Why can’t @discographies be mutated into discographics!wellsfargo.com or whatever?

It’s an entirely plausible model: banks managing reputation, because it’s more important than money. The presence of banks legitimises the market, so knowing that a bank has carried out some KYC on @discographies means that other players can treat the reputation attached to it seriously without being concerned about the “real” identity.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.