Unemployment Fraud Spreads Across U.S. as Coronavirus Boosts Claims – WSJ

xxx

n one case that officials are investigating, more than three dozen health-care workers’ identities were allegedly stolen, Mr. Dahl said. He said fraudsters allegedly used the stolen identities to file illegitimate unemployment claims in multiple states.

From Unemployment Fraud Spreads Across U.S. as Coronavirus Boosts Claims – WSJ:

xxx

POST Bottom Up

 

First, look at what the conventional, top-down notion of identity means. It means someone (the government, generally speaking) must find some way to assign an identity to everyone who needs one, record who those identities have been assigned to, and check that when the identities are presented they are genuine.

It is almost certain that the government is having difficulties establishing who is a genuine citizen purely on the basis of identification papers produced by the existing system. Some of the illegal immigrants caught in the current security swoop have Kenyan ID cards and passports but their details are not in the national database.

It has been claimed that immigration and provincial administration officials at all levels have enriched themselves by selling these sensitive documents while compromising national security.

[From

KENYA: Kenyans to apply for digital identity cards, says Ruto ]

There are problems with this top down approach. Apart from being expensive, it is also vulnerable. One a false identity has been entered into the system, it is no longer false (if you see what I mean). As a consequence, obtaining such an identity becomes an essential precursor to crime as well as legitimate use and therefore the identities are obtained by all sorts of people who are not supposed to have them and the system is subverted. Managing and protecting the database at the heart of this scheme is complicated and difficult. In a great many emerging markets, in particular, the national identity scheme is soon degraded: sometimes because of corruption, sometimes because of carelessness, sometimes because of errors in the concept and design. This is precisely what has happened with the Aadhar scheme in India.

What was supposed to be a unique identification number providing identification and access to a host of government benefits and services, ‘Aadhaar’ has almost unvaryingly been extended to anybody residing within Indian territories. Almost anyone, be it Indian or an illegal immigrant can get an Aadhaar Card made without any proof of identity. More importantly, they get a numbered identity.

[From

Sting reveals Aadhaar documents forged for Nepal, Bangladesh citizens – IBNLive ]

So how does the alternative, crowdsourced version of identity take us forward? Well, if national identity schemes don’t provide “real” security then why bother with them? Save the money. At a basic level crowdsourced identity means asking everyone who you are rather asking anyone (e.g., the government) who you are. Whereas we are used to the idea of identity as something that is granted to us by a third party, such as the government or a bank, and the idea of an identity based on reputation that grows up through our networks and long-term relationships seems rather different.

Compare the two kinds of identity and their functionality in practice. Crowdsourced identity may seem a poor substitute for national identity at first glance, but it seems to me that Kosta is onto something here for two specific reasons that I have touched on before. The first is that this kind of reputational identity is actually
better than conventional national identity because it is much harder to forge or counterfeit. A good friend of mine told me a story about an industry event he attended recently where he ran into a chap late at night when he was going back to his hotel. The guy was in the hotel lobby and recognised my friend as he had been a speaker at the event. The man explained that he had been tricked by a woman in a bar into following her back to hotel room where he had been drugged and robbed. He had no money and was too embarrassed to call his wife and asked if my friend might loan him some money so that he could get home and would report his wallet lost on the train or something. My friend had never met the man before but asked him his name and who he worked for and then looked him up on LinkedIn. Having established that not only did the fellow have a full LinkedIn profile but was actually connected to my friend via several different people, my friend loaned him the money which was, of course, gratefully returned a couple of days later. Now imagine that the unfortunate chap had instead presented my friend with his Portuguese fishing licence: how would my friend evaluate that and assess the strangers plausibility from that official document?

The second reason is that these crowdsourced identities may well be far
cheaper to establish and this is especially true, and especially valuable, in the developing world where official infrastructure may be unreliable at best and non-existent at worst. Here the particular combination of mobile phones and social networks is especially powerful, because mobile phones tend to deliver not only unique identity but transactional history to go with it and this can be linked through social networking in powerful ways. You might have listened to the podcast I recorded earlier this year with Shivani Siroya and and heard a very good example of this where the transactional histories from mobile payment accounts are slurped up by organisations who provide alternatives to conventional kind of credit reference agencies that we are used to in the developed world.

Shivani Siroya is currently the CEO and Founder of InVenture. InVenture facilitates financial access by providing simple mobile accounting and credit scoring tools for offline and unbanked individuals, the subject of this podcast.

[From

Media – Consult Hyperion ]

Taken together, I think these provide compelling support to Kosta’s intuition and it strikes a that, to use Jaron Lanier’s term in “
Who owns the future? ”, the “economic avatars” that arise at the intersection of the mobile phone and the social network may well prove to be more useful to a great majority of the world’s population than their “official” identities even if they have them and indispensable to them if they do not. And, by the way, if you regard the whole idea of giving people credit on the basis of social capital as ridiculous and fanciful, I guess you didn’t see this:

[Bogota] where Lenddo introduced a “social network” Visa card to 100,000 of its customers yesterday afternoon. By 4:00 p.m. today in New York, where the online lender for developing countries is based, more than 1,000 Colombians had applied for the card. Lenddo CEO and co-founder Jeff Stewart calls it the first time ever, anywhere, that approval for a credit card is based on applicants’ reputations on Facebook, Google, LinkedIn, and Twitter.

[From

This Emerging Markets Credit Card Is Backed by Facebook Friends » Techonomy ]

Identity is the new money, as they say. Well,
as I say .

POST Anonymity again

A few years ago I was involved in a series of Twitter exchanges about the relationship between cash and anonymity that stimulated me to write a blog post on that topic and that debate (see “It doesn’t have to be the handmaid’s tale” from September 2016). Some more recent exchanges on the same topic made me think about revisiting and revising that post and exploring some of the ideas in further in light of recent discussions (eg, Libra and central bank digital currencies).

The root of these debates is, of course, that many in the Bitcoin community see Bitcoin’s sort-of-anonymity as an important characteristic because it defends the individual against state power and they berate me for wanting to replace cash “in circulation” with a digital alternative. Cash, they claim, is freedom, and they are correct about this: as cash is uncensorable, you have the freedom to buy what ever you want with it.

So should we replace cash with an anonymous cryptocurrency or digital currency? There are many people who I greatly respect who think the former. For example, in his presentation on ’The Zero Lower Bound and Anonymity”, Kocherlakota tends toward some form of cryptocurrency to replace fiat currency rather than a central bank digital currency and one of the reasons for this is his (entirely reasonable) concern about anonymity. This point is illustrated by a literary reference to Margaret Attwood’s “Handmaid’s Tale”, in which a theocratic American government (the “Republic of Gilead”) has taken away many of the rights that women currently enjoy. One of the tools that this government uses to control women is a ban on cash. In Gilead, all transactions now routed digitally through the “Compubank”.

The Handmaid's Tale

It was many, many years since I’d read “The Handmaid’s Tale” so I went to my bookshelf to dig it out and re-read that part. The narrator does indeed talk about how the evil junta in charge of that future America took over and says that it would have been harder if there had still been paper money. But the truth is, I don’t see how. North Korea has everyone using paper money and virtually no cards. Denmark has virtually no paper money and everyone uses cards (and phones). To be frank, in the modern world, I don’t think cash is that closely related to dictatorship.

The point I wanted to make here, though, is that it is wrong to present the only two alternatives as total surveillance and anonymity. I simply do not accept that the alternative to the unconditional anonymity of cash and the crime that goes with it is a dystopian, totalitarian nightmare. That’s only one way to design a circulating medium of exchange and it’s not the way that I would design it. I would opt for something along the lines of a universal pseudonymous mechanism capable of supporting an arbitrary number of currencies, a Mondex de nos jours, an M-PESA with go-faster stripes. In a world where there are completely, unconditionally anonymous payment mechanisms in widespread use there’s no way to stop very bad people from using them to do very bad things, so I’d prefer a world in which there are pseudonymous mechanisms that defend against routine surveillance and petty intrusion but allow societies legitimate interests to protect against crime.

Does this mean that anonymous mechanisms should be banned? Probably not, for the good reason that it would be impossible to do so. More likely would be a situation shown in the diagram below where there is an anonymous layer that has a pseudonymous layer on top of it and a absonymous (I made this word up) on top of that. People, governments and businesses would use the pseudonymous layer for the majority of transactions: the anonymous money would be useless for almost all transactions for almost all people since no-one would accept it. I would love to give this kind of anonymous money the generic name zerocash, after the William Gibson novel (“Count Zero”) in which one of my all-time favourite quotes about the future of money appears, a quote that more accurately describes the foreseeable future of payments than anything from IBM or the IMF:

He had his cash money, but you couldn’t pay for food with that. It wasn’t actually illegal to have the stuff, it was just that nobody ever did anything legitimate with it.

(Unfortunately, someone else had already beaten me to the name! See E. Ben-Sasson, A. Chiesa, C. Garman, M. Green,I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin” in IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, pp.459–474 (2014). But I’ll stick to using the all lower-case zerocash to mean generic unconditionally anonymous electronic cash. The wallet that this electronic cash is stored in is an anonymous digital identity. It’s just a string of bits.)

Now, you could imagine some form of zerocash in circulation as a cash alternative but not accepted in polite society (i.e., any attempt to spend it would be regarded as prima facie evidence of money laundering and exchanges would be barred from handling it). Polite society instead decides to protect privacy through managed conditional anonymity, or pseudonymity. A pseudonymous currency that is managed by a central bank but where transactions take place on a distributed ledger is much more like “RSCoin”, the cryptocurrency that was proposed by George Danezis and Sarah Meiklejohn at UCL [Danzis, G. and S. Meiklejohn. “Centrally Banked Cryptocurrencies”, NDSS ’16, 21-24 February 2016, San Diego, CA, USA] using Ben Laurie’s “mintettes” concept. By creating a pseudonym that is bound to the zerocash digital identity, we make it useful (provided that the binding is done by someone who trusted in the relevant transactional use cases).

Why bind it in this way? Well, there is the usual privacy paradox to be dealt with here: I want my transactions to be anonymous, but everyone else’s to be not anonymous in case they turn out to be criminals. I cannot see any way round this other than pseudonymity. There are people out there (e.g., my colleagues at Consult Hyperion) that know how to design systems that work like this, so there’s nothing stop the FATF, Bank of England, or Barclays or anyone else from starting to design the future, privacy-enhancing electronic money system that we need.

In the real world, as the discussions around Facebook’s proposed “Libra” digital currency have shown, regulators will never allow zerocash. In fact, in the light of the recent FATF rules about identification for cryptocurrency transfers, they will not allow any form of transaction that does not provide full details of counterparties. They might, however, as I have suggested many times before, be prepared to allow some form of pseudonymous alternative provided that we can bind the pseudonym to real-world legal entity through trusted institutions.

Bank are of course a good place to form and maintain this binding, since they’ve already done the KYC and know who I am. So I give present my pseudonym to them and they can bind it to my “real” name to form a nym. In the example below, Barclays know who I really am, and I can present my Barclays nym where needed, but most transactions with counterparties take place at the pseudonymous layer and I can present my Vodafone pseudonym “Neuromancer” there if I want to. My counterparty doesn’t know that I am Dave Birch, only that Vodafone know who (and presumably, where) I am. For the overwhelming majority of day-to-day transactions, this is more than adequate. This layered approach (show below) seems to me a viable vision of a working infrastructure. Few transactions in the top layer (for privacy), most transactions in the middle layer, few transactions at the lower layer.

Layered model of cryptomarkets

So in this made-up example, Barclays know my “real” identity and Vodafone knows a persistent pseudonym tied to my phone number. (Of course, I could go to Barclays and choose to bind my Vodafone identity to my Barclays identity, but we don’t need to think about this sort of thing here.) I’m going to reflect on how these bindings might work in practice more in the future, but for now I want to circle back to that opening concern about losing the anonymity of cash. Here’s another version of that meme that I read in Reason magazine (“Cash means freedom”) a while back: “Cash—the familiar, anonymous paper money and metallic coins that most of us grew up using—isn’t just convenient, it’s also a powerful shield for our autonomy and our privacy”

But it really isn’t. Your privacy is being taken away because of social media, people wearing cam-shades and ubiquitous drones, not because of debit cards. And none of this has anything to do with dictatorship. I wouldn’t want to live in the America of the “The Handmaid’s Tale” whether it had anonymous payments or not. I understand the concerns of those concerned with privacy (as I am) that there might be an inevitable tendency for a government to want to trespass on the pseudonymous infrastructure in the name of money laundering or terrorism, but that’s a problem that needs to be dealt with by society, not by technology.

Look, I think we should start to consigning cash to the dustbin of history, beginning with the $100 bill, the £50 note and that affront to law-abiding people everywhere, the Swiss 1,000 franc note. There are an increasing number of people coming around to my way of thinking, including the former chief economist to the International Monetary Fund (IMF) Kenneth Rogoff, who in his book “The Curse of Cash” argued that large value banknotes should be withdrawn not only because of their use in criminal endeavours but because they prevent central banks from using their full range of monetary policy tools. If we are going to start getting rid of cash though, we need to come up with alternatives the provide levels of privacy and security determined by society as a whole, not by a few engineers.

The battle for the future of the internet needs you – CapX

xxx

we need a vehicle to unite liberal democracies in advancing and advocating their own vision of the web, one in which our shared underlying values and interests are articulated. This moment represents a fantastic opportunity for the UK to work with our allies and set the international agenda, adding further flesh to the bones of ‘Global Britain’.

From The battle for the future of the internet needs you – CapX:

xxx

CHYP Omnichannel

Susanne Steidl, the CPO of Wirecard was surely spot on when she recently wrote that a key driver shaping the world of retail payments at the moment is the pressure for omnichannel payments, integrated across channels, personalised and embedded into the customer journey. But crucial to delivering this, as she notes, is the connection of customer data across all sales channels from online to in-store. As we noted in our Live Five for 2020, this connection only be delivered in a sustainable way is consumer privacy is maintained throughout. And it seems to me that the only way to ensure that consumers’ personal information is not mishandled is to treat it as toxic waste and avoid handling it in the first place!

A New Law Makes Bots Identify Themselves—That’s the Problem | WIRED

xxx

On July 1, nine months after being signed into law, California’s SB 1001—the “Bolstering Online Transparency,” or B.O.T. bill—came into effect. The new rule requires all bots that attempt to influence California residents’ voting or purchasing behaviors to conspicuously declare themselves.

From A New Law Makes Bots Identify Themselves—That’s the Problem | WIRED:

xxx

Design a site like this with WordPress.com
Get started