A library of snippets
xxx
AI governance requires a constructive conversation between AI developers, firms, consumer rights activists and governmental entities to recognize emerging risks and build shared resources. Algorithmic auditing also requires credentialing, impact assessments, training and risk mitigation practices. Initiatives such as regulatory sandboxes allow authorities to engage firms to test innovative products or services that challenge existing legal frameworks.
xxx
xxx
Today, we open sourced our Zero-Knowledge Proof (ZKP) libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance.
Open sourcing these powerful cryptographic tools will make it much easier for private and public sector developers to build their own privacy-enhancing applications and digital ID solutions, meeting an urgent need.
In layperson’s terms, ZKP makes it possible for people to prove that something about them is true without exchanging any other data. So, for example, a person visiting a website can verifiably prove he or she is over 18, without sharing anything else at all.From: Now open source: our Zero-Knowledge Proof (ZKP) libraries for age assurance.
xxx
xxx
The US has a critical mass of financial skill and available capital at almost any level. This has a complicated relationship with the dollar’s status as a reserve currency; if your career revolves around doing interesting things with money, you’ll have more things to do if the money you choose is the dollar.
xxx
xxx
“Banknotes are more than just an important means of payment. They serve as a symbolic representation of our collective national identity and an opportunity to celebrate the UK,” said Victoria Cleland, the Bank’s chief cashier, whose signature appears on notes.
From: Bank of England to redesign banknotes – and wants your help – BBC News.
xxx
xxx
The face on our banknotes should be Sir Thomas Gresham, banker to Queen Elizabeth I and the father of the modern City of London.
xxx
xxx
Gresham was a man who truly understood money. He encouraged Elizabeth I to rebase the coinage (that had been debased by her father) by melting it down and reissuing it with a higher base metal content and to pay down her debts and to balance her books. While Royal Agent in the Low Countries he came up with some financial engineering around government debt that would put modern masters of the universe to shame. He managed to up the value of the pound sterling from 16 to 22 Flemish shillings to assist with the repayment of the Crown’s debts. Later, when Carols V placed a ban on the export of bullion from the Netherlands, Gresham adroitly managed the necessary bullion smuggling operations (he’d be all about using Bitcoin to evade exchange controls today).
xxx
xxx
We’ve spent two decades exploring what advertising can do for online media. Some of the results inspire awe: trillion-dollar companies, individuals with audiences larger than countries, and some of the most entertaining content ever made. But that world, represented by the early summer swarms on Cannes’s rocky beaches, has limitations. It concentrates power in the hands of a few platform rulers, puts the audience’s needs below the advertiser’s, and strips creators of ownership.
In any case, that world is starting to look old, and a new world is emerging. While it will have its own imperfections, it offers so much promise. What will it look like when we’ve spent two decades exploring what direct payments can do for art and media?
From: Beyond Cannes – by Hamish McKenzie – The Substack Post.
xxx
xxx
A robotics laboratory at the National University of Defence Technology (NUDT) in central China’s Hunan province has developed a mosquito-sized drone for covert military operations.
xxx
The Economic Governance and EMU Scrutiny Unit of the European Parliament were asked by the Parliament’s Committee on Economic and Monetary Aafairs to prepare a report on the potential impact of stablecoins. This report on “Stablecoins and digital euro: friends or foes of European monetary policy?” makes for interesting reading. I rather liked their categorisation of “established”, “aspiring” and :”proposed” payments infrastructure, the latter category including the digital euro. The report notes that a digital euro issued by the European Central Bank (ECB) can be a “credible” alternative to stablecoins but that “the present vision of the digital euro threatens to fall short of its potential”. The authors highlight paricular issues around security and privacy, pricing and low holding limits that will make it difficult to compete with other aspiring private payment instruments and go on to conclude that as currrently envisaged “the digital euro might prove to be underwhelming to European consumers”.
That point about holding limits caught my eye. The authors’ view that low limits might hamstring user adoption and ultimately reduce the chances of success of the new instrument say that it is not clear why a central bank would provide a physical currency that could be held in (in principle) unlimited amounts, whereas a digital version of it could not, while there is no limit to stablecoin holdings. This calls into question the notion that holding limits are needed for financial stability, since it is not at all obvious the ECB (or any other central bank) would prefer that consumers run from commercial bank deposits into private stablecoins instead of a public central bank digital currency (CBDC) such as the digital euro.
But would consumers do this? At a time of crisis, surely the rush would be from commercial bank accounts and private stablecoins into some form of central bank money, such as a digital euro.
I call these the “4Ws”: whistleblowing, witness protection, well-being and adult services.
Here, then, is most definitely a problem looking for a solution and we already know what the solution is: verifiable credentials (VCs).
Why VCs? Well, there was a post on Twitter in the midst of the coronavirus COV-19 pandemic that explains this perfectly. It quoted an emergency room doctor in Los Angeles asking for help from the technology community, saying “we need a platform for frontline doctors to share information quickly and anonymously”. It went on to state the obvious requirement that “I need a platform where doctors can join, have their credentials (my emphasis) validated and then ask questions of other frontline doctors”.
Who the person on that platform is does not matter. What the person is, however, is fundamental. The credentials, not the identity, are the key.
Mass Market Credentials
It should be quite straightforward. You walk into the doctor’s surgery and there is a certificate on the wall. You tap the certificate with your phone (or scan a QR code on the certificate) and your phone either shows you a picture of the doctor, if the qualification is valid, or a big red cross if it is not valid. If the process is anything more complex than that, it cannot help the general public.
Given the evolution of smartphones, contactless interfaces and verifiable credential standards, this takes us beyond the familiar tap-to-pay world that people already seem very comfortable with and towards what Jerry Fishenden calls the “tap-to-prove” world, which I think we need to get to as soon as possible. We are undoubtedly making some steps in the right direction here: For example, The Post Office and Yoti have become the first government-approved digital ID providers, allowing UK citizens to prove their identities with an app instead of physical documents for the specific purposes of applying for a job or renting a property.
I rather like this tap-to-prove idea, because it introduces the possibility of a standardised mechanism for demonstrating credentials not only at the technological level but also at the human level. It makes for a recognisable “ceremony” of making a claim.
Identity experts often talk about the need for a ceremony. It’s a concept I rather like: It means that the actions that two people need to take in order to engage are well-known to both of them so that the ritual is familiar and provides confidence in the outcome. If you have to do something different in the bank, in the supermarket, in the sports stadium, on the web and everywhere else then fraudsters can take advantage of the uncertainty. If, on the other hand, the same ritual is applied in all circumstances, then not only do you being to do it automatically but if someone asks you to do something out of the ordinary, your suspicions are aroused.
This is what I mean by ceremony: something simple and familiar and repetitive and satisfying. If you go into the bar, you tap your phone on the doorman’s phone and the doorman gets confirmation that you are over 21 and you get confirmation that the doorman is licensed by the city to perform such a function. If you go to see a doctor when you are on holiday, you tap your phone on the doorman’s phone and the doctor gets your insurance details and you get confirmation that the doctor is licensed to practice. If you go to watch a soccer game, you tap your phone on the turnstile and the gate gets confirmation you have a ticket and are not banned from ground while you get confirmation that your loyalty points have been awarded.
In all of these cases the familiar “dance” results in actual security, with keys and certificates under the hood so that consumers never have to deal with them. If something is out of the ordinary — a qualification shows up red when it should be green, or whatever — both parties will notice immediately.
Things are definitely changing in the world of spies. For one thing, three out of the four directors-general of the British secret intelligence services, each of whom reports to the current “C”, are women and they include the head of technology (known as “Q”, after James Bond’s gadget man) who will soon be taking over as the first female head of the servics. One of these women was quoted in the Financial Times saying that it had been an exciting career during “the days before biometrics”, when she was making her way unnoticed from one country to another, often on foot, and changing disguises en route.
Ah, the days before biometrics.
Biometrics ruins the spy business. Imagine that James Bond dons a suit and grabs a fake passport in the name of Dave Birch, heads off to a casino for an evening of intelligence gathering with suspicious oligarchs and arms dealers. He heads through the main entrance, with his glamorous companion who is a corrupt foreign offical that he will pump for information later in the evening. His face is scanned at the door fed into the age verification system that is connected to the open banking “safe to spend” service and the police criminal records information system and the casino loyalty scheme before a screen flashes up “Welcome Back Mr. Bond, only another half a million to lose and your gold membership will be extended for another year”.
Oops.
Biometric identification seems convenient, but biometric authentication is a much better way forward and this should be our “default” way of thinking about security. So the biometrics used to ascertain uniqueness (eg, an iris database) should be the same biometrics used to authenticate credentials. James Bond heads into the casino and waves his smartphone over a scanner. The smartphone (or watch, hat, bracelet, pendant etc.) gives up a Verifiable Credential (VC) that is a casino loyalty card in the name of Dave Birch. This is immediately checked in the casino’s back end system to see that Dave Birch has not been barred from the premises and presents a picture of James’ face to the doorman (since James would have registered with his face but a fake passport in the name of Dave Birch). This is why the Anglosphere should converge not on National Identity Schemes, but National Entitlement Schemes that keep identity out of transactions that do not need it (i.e., almost all transactions).
Whatever we as a society might think about privacy in normal circumstances, it makes complete sense to me that in exceptional circumstances the government should be able to track the location of infectious people and warn others in their vicinity to take whatever might be the appropriate action. Stopping the spread of the virus clearly saves lives and none of us (with a few exceptions, I’m sure) would be against temporarily giving up some of our privacy for this purpose. In fact, in general, I am sure that most people would not object at all to opening their kimonos, as I believe the saying goes, in society’s wider interests. If the police are tracking down a murderer and they ask Transport for London to hand over the identities of everybody who went through a ticket barrier a certain time in order to solve the crime, I would not object at all.
It seems to me that the same is true of mobile location data. In the general case, the data should be held for a reasonable time and then anonymized. And it’s not only location data. In the US, there is already evidence that smart (ie, IoT) thermometers can spot the outbreak of an epidemic more effectively than conventional Center for Disease Control (CDC) tracking that replies on reports coming back from medical facilities. Massively distributed sensor network produce vast quantities of data that they can deliver to the public good.
It is very interesting to think how these kinds of technologies might help in managing the relationship between identity, attributes (such as location) and reputation in such a way as to simultaneously deliver the levels of privacy that we expect in Western democracies and the levels of security that we expect from our governments. Mobile is a good case study. At a very basic level, of course, there is no need for a mobile operator to know who you are at all. They don’t need to know who you are to send a text message to your phone that tells you you were in close contact to a coronavirus character carrier and that you should take precautions or get tested or whatever. Or to take another example, Bill Gates has been talking about issuing digital certificates to show “who has recovered or been tested recently or when we have a vaccine who has received it”. But there’s no reason why your certificate to show you are recovered from COV-19 should give up any other personal information.
Xxx
With these “4Ws” in place, my general reaction to any new proposal for a national or international digital identity infrastructure is then “tell me how your solution is going to deal with whistleblowers, witness protection, wellbeing and adult service and only then I will listen to how it will help me pay my taxes or give third-party access to my bank account or whatever.
xxx
Buterin proposes pluralistic IDs
To achieve a flexible approach, Buterin proposed pluralistic identity systems, where no single authority controls identity issuance, as the “best realistic solution.”
He explained these could be explicit, using social-graph-based verification like Circles, or implicit, relying on multiple ID providers — government documents, social platforms, and others — so no one ID gains near-total market share.
xxx
The idea that a person might half a dozen digital identities much as they have half a dozen credit cards has always seemed right to me.
xxx
That’s why agents need a single, portable “passport”. Without one, there’s no way to know how to pay the agent, verify its version, query its capabilities, know who the agent is working on behalf of, or trace its reputation across apps and platforms. An agent’s identity needs to act as wallet, API registry, changelog, and social proof — so any interface (email, Slack, another agent) can resolve and speak to it the same way. Without the shared primitive of “identity”, every integration needs to rebuild this plumbing from scratch, discovery remains ad-hoc, and users lose context each time they switch channels or platforms.
xxx
Snippings