Snippings

Now onto part three of our week of thinking out loud about putting identity on the blockchain. In part one we found a problem that could be solved using some kind of identity infrastructure. In part two we came up with a model of digital identity that we could use to explore a potential solution to this problem. Now, we are going to think about how that model could connect with some kind of shared ledger in general and with a blockchain or, indeed, the blockchain.

Our starting point is to observe, as my colleague StevePannifer said in his presentation at the Cloud Identity Summit in New Orleans this week, a ledger is a record of transactions. Therefore, we must think about the identity transactions implied by the model that we looked at in part two before we start to think about how to store them in a shared ledger. We start by observing that identity transactions are the “CRUD” (that is the Creation, Reading, Updating and Deleting) of identities. Since our model includes three kinds of identities it admits the possibility of three distinct sets of CRUD transactions that might be stored in the shared ledger as shown in the picture below.

 //embedr.flickr.com/assets/client-code.js

The first category relates to the mundane identity CRUD of people, things and organisations. We could take some physical characteristic of these such as a fingerprint, a photograph or a serial number and store these in a shared ledger. This may be a good thing to do, but my first thought about this is that actually we probably want to avoid storing such things in the ledger or at the very minimum storing them in unencrypted form. I have to spend some time thinking this through, but it’s not immediately obvious to me that storing the binding between the digital identity and the mundane identity on the ledger moves us forwards.

The second category relates to the digital identity CRUD. Remember from part two that I am imagining the digital identity as being, essentially, a key pair. We need to store the private key somewhere safe and provide an authentication mechanism so that control over the digital identity can be asserted. Then we need to provide the public key for a variety of uses. Now, a key pair sounds very much like a wallet on a block chain and it is certainly a plausible hypothesis that this could be an implementation of digital identity. However it suffers from the same general category of problem as does cryptocurrency, which is the problem of the storage and protection of the private key. Either you have to look after the private key yourself, which is a degree of responsibility that I for one am most unwilling to accept, or you have to trust somebody else to look after the private key for you (e.g. your bank).

In practice, this would mean that the key pair is held by some third-party and while the idea of having sovereign control of your digital identity in some sort of blockchain is an appealing prospect if you are a 20-year-old computer science major MIT, I remain unconvinced that is a mass-market solution especially in developing countries. Here, I feel that the example of M-PESA (as we were discussing on Twitter yesterday) is illustrative. M-PESA, which was launched remember by a telco not by a bank, stores cryptographic keys in the tamper-resistant SIM in a mobile phone and this strikes me as being the plausible mass-market solution. In an M-PESA-like system, the SIM generates the key pair and gives up the public key but the private key is never disclosed. Uunfortunately this means that if you lose your SIM you may have messages that you can no longer read so we need a more sophisticated mechanism for a workable mass-market infrastructure! 

The third category relates to the virtual identity CRUD. Remember in the model that I sketched out in part two, I made the assumption that all transactions are between virtual identities. Now the transactions associated with a virtual identity, if they were to be stored in a shared ledger, would then provide a record of that virtual identity’s activities. Those virtual identities need not identify the binding between the digital identity and the mundane identity. So, I could have a digital identity that I use for work and one for home and one for play. I use my play identity to obtain an adult identity from some grown-up website and that identity might well contain attributes that it has obtained from other credentials (that I am over 18, for example) but not my name.

Then the history of that virtual identity is in effect a kind of reputation. If you ask me for my reputation on some sharing economy platform, I can point you to a entry in the shared ledger. This gives you a public key. You can do two things with this key right away. First of all, you can use it to encrypt a challenge for me (because in order to answer the challenge I must have control over the corresponding private key). Secondly, you can look through the ledger to find transactions associated with that public key (to find out, for example, when the virtual identity was created) and whether is has been deleted.

You can also check the digital signature on the virtual identity to confirm who created it (i.e., was it really Barclays Bank or AirBnB or whoever).

 The ability to check the reputation of a counterparty in this way seems to me to one of the fundamental benefits of such an identity infrastructure and central to a functioning online economy.

If I find a seller labelled as John Doe, I really have no interest in discovering their underlying identity: that takes time and effort. If there are positive comments about them from people whose opinion I value then I will do business with John Doe. If there are negative comments, then I won’t. And it won’t matter to me whether John Doe has badge from the local council, the government or some other body’s approval. My decision will be based not on what anyone thinks, but on what everyone thinks.

This comes from an article I wrote for “The Guardian” a fair few years ago (“Reputation not Regulation”, 2nd Nov. 2000, sadly longer online but  you can download a PDF here). On this, I don’t think my opinion has changed much. The ideas that I was putting forward back then we constructed to support economic activity with both security and privacy as priorities. If anything, my views about building security and privacy into the identity infrastructure have become more entrenched since then.

In the model we’ve been building up this week, then, reputation can be interpreted as the history of a virtual identity, the complete list of “CRUD” transactions stored in the shared ledger. Does this seem like a reasonable model to proceed? If so, tomorrow I’ll think out loud about how to implement the shared ledger for identity.

xxx

A taxpayer who bought and handed over £15,000 in Apple iTunes gift card vouchers is one of “hundreds” of HMRC customers to be defrauded in the past month, a scam bulletin says.

From Fraudsters posing as HMRC hijack iTunes :: Contractor UK

xxx

xxx

CVS Pharmacy today announced the company will launch digital receipts as a new option for all members of its ExtraCare Rewards program. The new option for digital receipts will roll out in early June and eventually be available in 7,900 retail locations. Customers will have the opportunity to opt-out of receiving paper receipts for all in-store purchases when completing their transactions in the front of the store. Once the one-time process is completed, customers will receive receipts digitally, along with their coupons and rewards, each time they shop at CVS Pharmacy.

From CVS Pharmacy Says “So Long, Long Receipts,” Announces Arrival of Digital Receipts for Customers | CVS Health

xxx

I ignore almost all of the “news” that arrives via my cryptocurrency feeds, but a particular story about Bitcoin in the mass market caught my attention because it appeared to herald an unexpected and significant shift in the mass-market. The announcement was that Starbucks is “working with Microsoft and a leading global exchange on a new digital platform that will allow consumers to use bitcoin and other cryptocurrencies at Starbucks”. This struck me as a little odd, since Howard Schultz, (the executive chairman of Starbucks) said earlier this year that “I don’t believe that bitcoin is going to be a currency today or in the future”. When I read the story in detail in turned out to be untrue, just as I has suspected, and a couple of days later came the further annoucement that “Starbucks has clarified that it will not be accepting Bitcoin (BTC) or other cryptocurrencies as payment”.

Starbucks has no intention of accepting Bitcoin at retail point of sales (and nor, I imagine, does any other Main Street retailer). Starbucks said that they will play a “pivotal role” is developing applications “for consumers to convert their digital assets into US dollars”. Note the specifics: to convert cryptocurrencies into US dollars. What was actually being announced was, essentially, a plan to find a way of loading Starbucks wallets from Bitcoin accounts. Which brings us on to the bigger strategic point.

Now, earlier in the year Jeremy Light, who knows what he is talking about, made the evolution of retailer wallets central to his predictions for change in the payment sector this year. He said that these wallets – for both online and in-store purchases, where I expect to see convergence – will spread “emulating the success of Starbucks and Walmart” by focusing on slick checkout. These retailer wallets are of great strategic importance. It is reasonable to observe that the way most Americans are currently experiencing the new payment revolution “isn’t through Apple or Android Pay, but through proprietary payment apps from chains such as Target, Walmart, and Starbucks”.

In strategic terms, my strawman assumption is that retailers are going to get rid of payments at POS and shift to payments inside their own apps, apps that they use to deliver better customer services. Or, in the bumper-sticker version, “we’re going from check-out to check-in”. Take a look at what the major supermarket chains have been doing in the UK, where Tesco was “the latest grocer to develop its own technology to bypass the costly Android and Apple systems” and Sainsbury’s is trialling its SmartShop app which allows users to create their own shopping lists, navigate stores and make payments at dedicated kiosks. Just as in the US, where Walmart has launched its own system to expand customer payment options and increase the speed of checkouts in its stores, we will see more of these. I already have half a dozen on my phone.

A Comscore survey a couple of years ago found that 55% of American consumers would be happy to have four or more retailer apps on their phone. Now, I don’t remember the figures exactly, and a quick search on my laptop can’t find them, but I remember something I looked at for a UK client a couple of years ago where it turned out that something like 90% of household disposable income in the UK goes to five retailers per household. In my house, for example, a Waitrose app, a BP app, a Martins’ the newsagent app, a Boots app and a Tesco Metro app would pretty much take care of things.

In the in-app vision of the future, consumers wouldn’t have hundreds of apps for every retailer. For the retailers they visit frequently (e.g., Starbucks) they will have the retailer app and use it. In other cases they will just use their bank app or some third-party payment app (e.g., Venmo). Actually, Venmo is a good example, since they have already made it plain that they see in-app payments are the future, saying that they had kill off their developer API to move the resources to their in-app payment service.

This focus on app-and-pay is hardly new and was an obvious strategic focus long before Tim Cook stood up on stage to explains “the benefits of Apple Pay in apps” so I’m hardly reading the tea leaves by saying that tap and paying with mobile phones may not, in the great scheme of things, be that important because, to Jeremy’s point, online and offline will converge to app-and-pay not tap-and-pay.

This may well turn out to be good news for the trading and use of cryptoassets. There is no point trying to extend acceptance of such assets at point-of-sale. That’s not what they were designed for and it makes no sense from a strategic perspective for retailers to mess around with in-store systems, service and acceptance for them. However, having online mechanisms to load the retailer wallets by exchanging these assets for retailer currency is a different proposition, because the point-of-sale systems only need to be modified once (to accept the wallet) and the any number of back-end conversions can be explored without requiring further front-end modifications. In time, the POS will then vanish (except for those retailers who still want to take cash) and the triumph of “invisible payments” will be complete.

xxx

Public transport companies in the Netherlands are planning to abolish cash payment for bus and tram tickets, following a significant rise in robberies. By 2018 it will only be possible to pay for travel using the national OV Chipkaart contactless smartcard, a smartphone, or a contactless bank card.

From Dutch to abolish cash payments for public transport | International Railway Journal

xxx

Eliminating cash payments will require significant investment – each tram and bus will need to be equipped with a payment terminal at an estimated cost of €1500 per vehicle.

From Dutch to abolish cash payments for public transport | International Railway Journal

xxx

xxx

the government said authorities know of no money laundering cases in which the huge bill was a relevant factor

From Cash Is King: Swiss Defend Huge 1,000-Franc Bank Note – ABC News

xxx

xxx

Will instant payments exacerbate existing societal problems? Will they place already vulnerable people in harm’s way? And if so, whose problem is this to address: the bank, the regulator, the operator of a scheme? Or perhaps the onus falls squarely on the consumer alone?

From Should Faster Payments Be, Well, Slower? | Bank Think

xxx

xxx

This puts the FCA in a difficult position as it wants Britain to be “a hostile sector for money launderers” but also to ensure “the unintended consequences of anti-money laundering (AML) regulation are minimised.”

From Banks dump small businesses, charities and fintech firms to save on red tape costs

xxx

xxx

Paying by phone was commonplace [in Stockholm], and I didn’t even get a weird look when I scanned a QR code at a grocery store checkout and wordlessly strolled away with my basket of smoked meats.

From What The Mark Of The Beast Taught Me About The Future Of Money – BuzzFeed News

xxx

xxx

A political battle between the UN-recognised Tripoli government led by Fayez Sarraj and the Tobruk-based parliament loyal to General Khalifa Haftar in the east has led to parallel splits in the country’s financial institutions, with two central banks threatening to circulate rival Libyan dinar banknotes in the country.

From Battle of the banknotes as rival currencies are set to be issued in Libya | World news | The Guardian

Apparently there’s going to be one lot of good old British-sourced banknotes and another lot of dastardly Russian-sourced banknotes duking it out across the desert. Fascinatingly, while I was reading this piece, Benjamin Cohen’s “Currency Power” was on my bedside table!