Identity is the New Money
Matt Harris, a partner at Bain Capital Ventures, wrote about this recently in Forbes highlighting that for the world of decentralised and embedded financial services (and, in fact, everything else) to reach its full potential, individuals and organisations must be able to establish the identity of counterparties on a per transaction basis “even if pseudonymous”. That caveat is crucial because, as I wrote in my 2014 book “Identity is the New Money”, pseudonymity is the sword the cuts the Gordian knot entangling security and privacy in a stultifying embrace.
In this new world, we don’t want society to have to trade-off security and privacy with each other, we want both security and privacy at all times and without consumers having to assume responsibility for their own protection. We want it to be part of the infrastructure, like the seat belts and crumple zones in cars.
What the ability to work with persistent pseudonyms, and thus build up a history of the credentials associated with pseudonyms over time (ie, reputations) means in practice is that when you come to engage in a transaction your counterparty can be certain that while they do not who you are (and may have no feasible way of determining who you are, thanks to the miracles of modern cryptography knows who you are. In other words, as the recently-issued G7 document on the principles for a retail central bank digital currency puts it, it is not necessary for everyone to know who you so long as someone knows who you are.
A rather obvious “someone” in the case of financial services is your bank. Apart from anything else, they already know who you are. Or at least they should do if they are obeying the law about knowing their customers, monitoring them for anti-money laundering purposes, checking on their status as politically-expose persons, knowing what their business as and watching for terrorist behaviour and so forth. So identity is currently a cost centre, when there is an opportunity for it to be a platform for new products and services. I’m not the only person who thought that age verification legislation would be the trigger for a sophisticated federated privacy-enhancing bank-centric ID. Here, for example, is an eminently practical suggestion for moving forward:
Modifications to open banking could allow bank customers to share data on their identity and their date of birth with third parties in a double-blind way that stops their bank from knowing the site they want to visit, or the site they’re visiting from knowing their identity.
Well, whether it’s used for age verification for adult sevices or a pensions dashboard for financial health, I would have thought that what the European Commission Expert Group on Electronic Identification and Remote KYC Processes calls an “attribute-based LoA-rated KYC framework for the financial sector” (or what I would lazily label a “financial services passport”) would boost efficiency across many sectors as well as delivering solid foundations for the next-generation financial sector that Matt Harris is predicting.
Now, whether we call it a Financial Services Passport, a Moolah Monicker, a Payment Persona or a Finance Face doesn’t matter: the object is to create a persistent pseudonym that can be used for transactional purposes without disclosing any personally-identified information (PII).
Pseudo
The idea of pseudonyms is hardly
John Herrman, writing in the New York Times, frame the issue succinctly: there is scant evidence that “real name” policies mitigate abuse but there is plenty of evidence suggesting that forcing people to expose more private information can intensify it.
What followed early, credentialed online spaces was, in retrospect, an accidental golden era of online identity construction — a widely accessible web where people adopted handles and chose email addresses, logged into chat rooms and chose their own web domains.
Today, it’s hard to overstate just how thoroughly connected a typical internet user’s various identities — legal, chosen, assigned — have become. There are obvious examples in services like LinkedIn, where one’s public-facing, searchable professional identity is associated with their social identities elsewhere. Platforms that ask for legal names are woven through countless other social networks, shopping sites and commenting systems through unified login features. Facial-recognition technologythreatens to tie together all of our identities, everywhere and always.
Snippings 