FaceCoin or FacePESA, Zuckbucks are a winner

Around a decade ago my son was, as is rather the fashion with teenagers, in a band. With some friends of his, he arranged a “gig” (as I believe they are called) at a local venue. There were five bands involved and the paying public arrived in droves, ensuring a good time was had by all. All of this was arranged through Facebook. All of the organisation and all of the coordination was efficient and effective so that the youngsters were able to self-organise in an impressive way. Everything worked perfectly. Except the payments.

eden_first_gig

When it came to reckoning up the gig wonga (as my old friend Paul Pike of Intelligent Venues would call it), we we had a couple of weeks worth of “can you send PayPal to Simon’s dad” and “he gave me a cheque what I do with it?” and “Andy paid me in cash but I need to send it to Steve“ and so on. Some of them had bank accounts, some of them didn’t. Some of them had bank accounts that you could use online and others didn’t. Some of them had mobile payments of one form or another and others didn’t. I can remember that at one point my son turned to me and asked “why can’t just send them the money on Facebook?”.

As I wrote at the time, I didn’t have a good answer to this because I thought that sending the money through Facebook would be an extremely good idea and I can remember discussing with some clients at the time what sort of services they might be able to offer to Facebook or other social networks that were empowered through an Electronic Money Issuing (ELMI) license and Payments Institution (PI) licence. The rudimentary business modelling was quite positive, and so I naturally assumed that there would be some sort of Facebook money fairly soon, especially because I am something of a proponent of community monies of one form or another.

I also wrote at the time that Facebook money, or Zuckbucks ($ZUC), could easily become the biggest virtual currency in the world given that there are so many people with Facebook accounts and the ability to send value instantly from one account to another via Facebook would be so attractive. You’ll remember that Facebook launched “Facebook Credits” so time ago but they weren’t really a currency, just a way of prepaying for virtual goods with the service. A virtual currency is something more, it’s true electronic money that you can send from one person to another. Well, it looks as if this is coming, as I read in the crypto press that Facebook “is talking to exchanges about potentially listing a cryptocurrency” [CoinDesk]. It looks as $ZUC might be just around the corner, and people are getting excited.

As I understand things, Mr. Zuckerberg has already decided integrate the social network’s three different messaging services — WhatsApp, Instagram and Facebook Messenger — on a single unified messaging platform and, according to the New York Times, have that platform implement end-to-end encryption. This would naturally be an ideal platform for a universal currency so it’s no surprise to hear that the company is now looking at just such an enterprise. Even if Facebook couldn’t read the details of a transaction, it would know that I just paid a car insurance company and might find some use for the data in the future.

My suspicions that a Facebook money might me rather successful were further strengthened while listening to one of my favourite podcasts, Pivot with Kara Swisher and Scott Galloway, on a plane last week. Scott said that his biggest friction in the physical world is charging (I couldn’t agree more – battery life is the bane of my road warrior existence) and that his biggest friction in the virtual world is payment. He cited the example of trying to buy wifi on a flight and having to mess around typing in card numbers like it was 1995 and pointed out just how much Facebook could gain by adding payments to their platform. Scott is surely right, and since the people at Facebook are smart, they must be looking at the potential to develop a new revenue stream that is separate from advertising with some enthusiasm.

Barclays equity research note on the subject (Ross Sandler and Ramsey El-Assal, 11th March 2019) reckon that a successful micro-payment service could add some $19 billion to Facebook’s revenues, so clearly I’m not the only one who is a little surprised that they haven’t already leveraged the technologies of strong authentication to get something off the ground already. It also notes that one of the problems with the original Facebook Credits business was the cost of interchange, a problem that has a very different shape now with interchange caps in place in various parts of the world and open banking giving the potential for direct access to consumer bank accounts (so that exchanges between fiat bank accounts and $ZUC would be free).

Facebook Marketplace has just added card payments [91Mobiles], as shown in the screenshot below, so that marketplace users can pay for goods directly without having to come out of Facebook. I think this is, frankly, a window into a one possible future for financial services!

These are boring old Visa and Mastercard payments, but presumably $ZUC can’t be far behind. Unfortunately, since there are no details that I can find on what exactly “Facebook Coin” is going to be, I can’t really offer any informed comment on the chosen implementation. If, however, it is something along the lines of JPM Coin then it will be a form of electronic money and governed by the appropriate rules and regulations (which is good, and since they have very smart people at Facebook I’m sure they’ve already spotted the advantages of providing a trusted, regulated global payment service). You can kind of see the idea: your Facebook account sprouts an automatic, opt-out, wallet. You can buy coins for this wallet using a debit card and then send them to anyone else with a wallet (why this needs the blockchain is not entirely clear, by the way, but that’s another discussion).

Wallets that have been KYC’d (put to one side what exactly this might entail) could store up to say $ZUC 10,000, wallets without KYC would be limited to say $ZUC 150. I think this might be a great opportunity for banks to use their federated and standardised digital identity infrastructure* to provide an attractive service to Facebook that might relieve them of onerous regulatory burdens. All Facebook has to do is get me log in to my bank and have them return some cryptographic token (with no personal information in it) to Facebook to indicate that the bank has done KYC and knows who I am. A bit of a win win.

This, at a stroke, would provide teenagers with a means to settle gig wonga, provide online retailers with instant payment across borders and provide brands a mean to reward consumer behaviour. If Facebook make it free to buy ZUC$ and guarantee to redeem at par for consumers, they could be on to a real winner. In Europe, if the Facebook wallet is combined with PSD2 to deliver instant load and instant payout, it delivers a serious play that will give people are reason to use the Facebook platform to organise their gigs, lay out their online wares and promote their brands instead of messing around with Snapchat or Youtube or email or blogs or whatever else they are using now.

* Note: does not exist. Images not from actual gameplay. 

Actually, I think there is a link between AI and the blockchain

There is a character flaw in some people (eg, me) which means when they see something that is obviously wrong on Twitter they feel compelled to comment. This is why I couldn’t stop myself from posting a few somewhat negative comments about an “infographic” on the connection between AI and the blockchain, even though I could have just ignored the odd combination of cargo cult mystical thinking and a near-random jumble of assorted IT concepts and gone about my day.

When it came down to it though, I just couldn’t. So, naturally, I decided to write a blog post about it instead. The particular graphic made a number of points, none of which are interesting enough to enumerate in this discussion, but at its heart was the basic view set out, here for example, that blockchain and AI are at the opposite ends of a technology spectrum: one fostering centralised intelligence on closed data platforms, the other promoting decentralised applications in an open-data environment. Then, as the infographic “explained”, the technologies come together with AIs using blockchains to share immutable data with other AIs.

Neither of those basic views is true though. Whether an AI is centralised or decentralised is tangential to whether it uses centralised or distributed data, and whether “blockchain” is used by centralised or decentralised applications is tangential to whether those applications use AI. What is important to remember is that decentralised consensus applications running on some form of shared ledger technology can only access consensus data that is stored on that ledger (obviously, otherwise you couldn’t be sure that all of the applications would return the same results). An AI designed to, for example, optimise energy use in your home would requires oracles to read data from all of your devices and place it on the ledger and then another set of factotums to read new settings from the ledger and update the device settings. What’s the point? Why not just have the AI talk to the devices?

There is, however, one part of the shared ledger ecosystem—of consensus applications running on consensus computers—that might benefit considerably from a shift to AI and this is the applications. People are very bad at writing code, by and large, and as the wonderful David Gerard observed in the chapter “Smart contracts, stupid people” in his must-read “Attack of the 50 foot blockchain”, they are particularly bad at writing smart contracts. This is clearly sub-optimal for apps that are supposed to send anonymous and untraceable electronic cash around. As David says, “programs that cannot be allowed to have bugs … can’t be bodged by an average JavaScript programmer used to working in an iterative Agile manner… And you can even deploy fully-audited code that you’ve mathematically proven is correct — and then a bug in a lower layer means you have a security hole anyway. And this has already happened”.

It seems to me that one thing we might expect AIs to do better than people is to write code. Researchers from Oak Ridge National Laboratory in the US foresee AI taking over code creation from humans within a generation. They say that machines, rather than humans, “will write most of their own code by 2040”. As it happens, they’ve started already. AutoML was developed by Google as a solution to the lack of top-notch talent in AI programming. There aren’t enough cutting edge developers to keep up with demand, so the team came up with a machine learning software that can create self-learning code… Even scarier, AutoML is better at coding machine-learning systems than the researchers who made it.

When we’re talking about “smart” “contracts” though we’re not talking superhuman programming feats, we’re really talking about messing around with Java and APIs. Luckily, last year saw the arrival of a new deep learning, software coding application that can help human programmers navigate Java and APIs. The system—called BAYOU—was developed at Rice University with funding from the US Department of Defense’s Defense Advanced Research Projects Agency (DARPA) and Google. It trained itself by studying millions of lines of human-written Java code from GitHub, and drew on what it found to write its own code.

Putting two and two together then, I think I can see that if there is an interesting and special connection between AI and “blockchain” then it’s not about using the blockchain as a glorified Excel spreadsheet that AIs share between themselves, it’s about writing the consensus applications for the consensus computers. They still wouldn’t be contracts, but they would at least work.

Not a cryptocurrency. End of.

The media recently reported, somewhat breathlessly (eg, CNBC), that JP Morgan Chase (JPMC)is launching a “cryptocurrency to transform the payments business”. This sounded amazing so I was very excited to learn more about this great leap forward in the future history of money.

As CNBC reported, it seems to herald new forms of business. Umar Farooq, the head of JPMC’s blockchain projects, sets put this vision clearly, saying that the applications for this innovative use of new transaction technology “are frankly quite endless; anything where you have a distributed ledger which involves corporations or institutions can use this.

Wow.

Now, many people took a look at this and pointed out that it is simply JPMC deposits by another name, and uncharitable persons (of whom I am not one) therefore dismissed it as a marketing gimmick. But it is more interesting than that. Here is the problem that it is trying to solve…

Suppose I am running apps (referred to by less well-informed media commentators as “smart” “contracts” when they are neither) on JPMC’s Quorum blockchain. Quorum is, in the terminology that I developed along with Richard Brown (CTO of R3) and my colleague Salome Parulava, their double-permissioned Ethereum fork (that is, it requires permission to access it and a further permission to take part in the consensus-forming process). I’m quite partial to Quorum (this is what I wrote about it back in 2017) and am always interested to see how it is developing and helping to define what I call the Enterprise Shared Ledger (ESL) software category.

Now suppose my Quorum app wants to make a payment – not in imaginary internet play money, but in US dollars – in return for some service. How can it do this? Remember that our apps can’t send a wire transfer or use a credit card because they can only access data on the blockchain. If the app has to pay using a credit card, and that app could be executing on a thousand nodes in the blockchain network, then you would have a thousand credit card payments all being fired off within a few seconds! You can see why this can’t work.

One way to solve this problem would be to have “oracles” reporting on the state of bank accounts to the blockchain and “watchers”  (or “custom executors” as Darius calls them here) looking for state changes in the blockchain bank accounts that they could then instruct in the actual bank accounts. But that would mean putting the safe-to-spend limits for millions of bank accounts on to the blockchain. Another more practical solution would be to add tokens to Quorum and allow the apps to send these tokens to one another. This is, as far as I can tell from a distance, is what JPM Coins are for.

I have to say that this is a fairly standard way of approaching this problem. A couple of months ago, Signature Bank of New York, launched just such a service for corporate customers — with a minimum $250,000 balance — using another permissioned Ethereum fork, similarly converting Uncle Sam’s dollars into ERC-20 tokens. If you’re interested, I gave a presentation to the Dutch Blockchain Innovation Conference last year on this approach and why I think it will grow and the video is online [23 minutes].)

Animal, vegetable or mineral?

These JPM Coins (I simply cannot resist calling them Dimon Dollars, or $Dimon, for obvious reasons) have attracted considerable discussion but I thought I might contribute something different to the debate by trying to reason my way through to a categorisation. I talked about this on the panel in the “Blockchain and Cryptocurrencies” session at Merchant Payments Ecosystem in Berlin today, and you can see my slides here:

 

On the panel, I said that the $Dimon is e-money. Here’s why…

Is it “money”? No it isn’t. It is certainly a cryptoasset – a digital asset that has an institutional binding to a real-world asset – that in certain circumstances exhibits money-like behaviour. Personally, I am happy to classify such assets as forms of digital money, the logical reason that they are bearer instruments that can be traded without clearing or settlement. 

Is it a “cryptocurrency”? No, it isn’t. A cryptocurrency has a value determined, essentially, by mathematics in that the algorithm to produce the currency is known and the value of the cryptocurrency depends only that known supply and the unknown demand (and, of course, market manipulation of various kinds). It is not set by an institution, government or otherwise.

Is it a “stablecoin”? No, it is isn’t. A stablecoin has its value maintained at a certain level with reference to a fiat currency by managing the supply of the coins. But the value of the $Dimon is maintained by the institution of JP Morgan irrespective of the demand for it.

Is it a “currency board”? No, it isn’t. A currency board maintains the value of one currency using a reserve in another currency. So, for example, you might have a Zimbabwean currency board that issues Zim Dollars against a 100% reserve of South African Rand.

In fact, as far as I can tell, the $Dimon is e-money, which is one particular kind of digital money. There are two main reasons for this:

First, according to the EU Directive 2009/110/EC, “Electronic money” is defined as “electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions […], and which is accepted by a natural or legal person other than the electronic money issuer”. This sounds awfully like, as Bloomberg put it, the $Dimon is “a digital coin representing United States Dollars held in designated accounts at JPMorgan Chase N.A.”. It is a bearer instrument (so “coin” is a reasonable appellation) that entitles the holder to obtain a US dollar from that bank and therefore seems to fall within that EU definition since people other than JPMC, albeit customers of JPMC, accept it in payment. (I would pull back from calling it digital cash because of this need to establish an account with JPMC in order to hold it.)

Second, because my good friend Simon Lelieveldt, who knows more about electronic money than almost anyone else, says so. Simon and I have long agreed that the trading of digital assets in the form of tokens is the most interesting aspect of current developments in cryptocurrency, a point I made more than once in my MPE talk.


Following my logic then, in European regulatory terms then, the $Dimon is “e-money” and I think that is a quite reasonable definition. Case closed.

Today we celebrate Saint Valentine, the patron saint of customer verification methods

It’s one of my favourite days of the year today! I am a payments romantic, so you will undoubtedly know why! Today across the civilised world, we celebrate Saint Valentine, the patron saint of customer verification methods (CVMs). We buy flowers and eat chocolates on this day every year cto commemorate the introduction of chip and PIN. Yes, chip and PIN was launched in the UK on 14th February 2006. 

Yes, it’s lovely St. Valentine’s Day. Was it really thirteen years ago? The beautiful day, the day unromantically dubbed “chip and PIN day”, when we stopped pretending that anyone was looking at cardholders’ signatures on the backs of cards and instead mechanised the “computer says no” alternative. It really was! Thirteen years!

We English, we love out heritage. We still write our laws on vellum, we still say “what an interesting idea” when somebody says something that is transparently insane and, for now at least, we still use cards to buy things in shops. We cling to tradition. And chip and PIN is a tradition. Or at least it was.

I’m sorry to say that in Merrie England, chip and PIN is on the wane. The majority of card transactions are contactless and, according to Worldpay (who should know), they have been for a few months now. Fraud is manageable because most transactions are authorised online now and would be whether we had chip and PIN or not. The offline PIN and “floor limit” world has gone. The world’s first optimised-for-offline payment system was launched after the world had already got online. This is why you see  Brian Rommele writing that “by the time the UK implemented chip & PIN, the base concept and much of the technology was already almost 40 years old”.

Early chip and PIN focus group.

It is time to remind people what Saint Valentine stood for and reiterate why we are using chip and PIN at all. In ancient times, when European retailers could not go online to verify PINs due to the anticompetitive pricing of the monopoly public telephone providers, it made sense to verify the PIN locally (ie, offline). But this is 2019. We have smart phones and laser beams and holiday snaps of Ultima Thule. We can probably think about verifying PINs online again, or even replacing PINs with fingerprints or DNA or whatever.

Smart phone in particular mean change and, as I have bored people on Twitter senseless by repeatedly tagging “#appandpay rather than #tapandpay”, this will take us forward to a new retail payment environment in which the retail payment experience will converge across channels to the app. As payments shift in-app so the whole dynamic of the industry will change. Introducing a new payment mechanism faces the well-known “two-sided market” problem: retailers won’t implement the new payment mechanism until lots of consumers use it, consumers won’t use it until they see lots of retailers accepting it. This gives EMV a huge lock-in, since the cost of adding new terminals is too great to justify speculative investment.

When you go in-app, however, the economics change vastly. For Tesco to accept DavePay in store is a big investment in terminals, staff training, management and so on. But for the Tesco app to accept DavePay is… nothing, really. Just a bit of software. However traditional we might be, the marginal cost of adding new payment mechanisms is falling (particularly direct-to-account mechanisms because of open banking) and our industry needs to think about what that means.

I’m not saying that cards and PINs are going to go away any time soon, but what I am saying is that it’s time to start thinking about what might come next. Right now, that looks like smartphones with biometric authentication, but who knows what technologies are lurking around to corner to link identification and continuous passive authentication to create an ambient payments environment in which cards (and for the matter, terminals) are present only in a very limited number of use cases.

Break them up? No, open them up!

The Paris FinTech Forum this year was a superb event. I take my hat off to Laurent Nizri for pulling it all together and especially for his terrific first day panel with Christine Lagarde (who is Managing Director of the IMF and is therefore the woman in charge of money), Stefan Ingves (the governor of the Bank of Sweden), Carlos Torres Vila (Group Executive Chairman BBVA) and Kathryn Petralia (President of Kabbage) [video]. 

PFF Panel 1024

At one point, the conversation shifts to data. Carlos said that we should treat ownership of data as a human right, which I have to say I am not entirely sure about, and that “we should have regulation that forces data to flow” rather than the limited prescriptions of the 2nd Payment Services Directive (PSD2) “so that all sectors have to share their data, with consent, as banks have to do”.

(The reason that I’m not sure about the data ownership thing is that, as discussed in the MIT Technology Review recently, it may be a counterproductive way of thinking that “not only does not fix existing problems; it creates new ones”. Instead, was that article says, we need a framework that gives people the ability to stipulate how their data is used without requiring them to take ownership of it.)

That is a very interesting perspective on a very important issue.

What Carlos was talking about is the asymmetry at the heart of PSD2, an asymmetry that the regulators created and which if left to its own devices means an uncomfortable future for banks. I wrote about this back in 2017 for Wired, pointing out that the winner in this new environment will not be innovative startups across Europe but the people who already have all the data in world and can use data from the financial system to obtain even greater leverage from it. In other words, the GAFA-BAT data-industrial complex.

In Prospect (August 2018) there was a debate between Vince Cable, the former chief economist at Shell, and the economist John Kay. The issue was whether the internet giants should be broken up. Mr. Cable felt that the new data-industrial complexes (the DICs, as I call them, of course) need regulatory taming and that competition authorities should take a wider view of social welfare rather than focus solely on price, while Mr. Kay felt that regulators should focus elsewhere on higher priorities and let internet competition sort itself out. He has a point, because regulators have so far failed in this respect. As The Economist (Antitrust theatre, 21st July 2018) noted, despite headline grabbing fines and other antitrust actions, the European Commission has done little to strengthen competition.

So what to do? Do we sit back and allow the DICs to form unassailable oligarchies or should there be, as Carlos clearly thinks, a regulatory response? And if so, what response?

With Scott Galloway in DC.

Mr. Cable’s call for some form of regulatory response is hardly unique. Last year I had the honour of chairing Professor Scott Galloway at a conference in Washington, DC. Scott is the author of “The Four”, a book about the power of internet giants (specifically Google, Apple, Facebook and Amazon). In his speech, and his book, he sets out a convincing case for regulatory intervention to manage the power of these platform businesses. Just as the US government had to step in with the anti-trust act in the late 19th century and deal with AT&T in the late 20th century, so Scott argues that they will have to step in again to save capitalism. His argument centres on the breaking up of the internet giants, as Mr. Cable called for, but I cannot help but wonder if this is an already outdated response to changing economic dynamics in a world where data is the new oil (and personal data is the new toxic waste). Perhaps there is a post-industrial alternative to replace that industrial age regulatory recipe for healthy competition in a future capitalist framework. As Viktor Mayer-Schönberger and Thomas Range note in Foreign Affairs (A Big Choice for Big Tech, Sep. 2018), a better solution is a “progressive data sharing mandate”. They suggest sharing anonymised subsets of data to boost competition, but I think there might be an alternative.

The Banking Example

To see what this might look like, consider the example of the UK’s banking sector where regulation at both the UK and European levels has turned it into a laboratory for what is called “open banking”. Here, a “perfect storm” of the combination of the Competition and Markets Authority (CMA) “remedies”, the European Commission’s Second Payment Services Directive (PSD2) “XS2A” (weird euro-shorthand for access to accounts) provisions and the Treasury’s push for competition in retail banking mean that new business models, never mind new product and services, will be developed and explored here first.

(The rest of Europe will move to open banking in September 2019, when PSD2 comes into force, and other jurisdictions such as Australia are bringing in similar regimes — more on this later.)

Under the open banking regime, the banks are required by the regulator to install sockets in customer accounts so that anyone can plug in and access those accounts (with the customers’ permission, of course). Who knows what new businesses will be created by companies using these standard plugs to access your bank account? Who knows what new services will be delivered through the wires? It is an earthquake in the finance world and no-one can be completely sure as to what the competitive landscape will look like when the shocks have settled.

At the heart of the new regime, which began in January of this year, is the requirement for banks to implement these sockets, technically known as Application Programming Interfaces (APIs), for third-parties to obtain direct access to bank accounts. Just as apps on your smartphone can use map data through the Google Maps API or post to your Twitter stream using the Twitter API, open banking means that apps will be able to pull your statement out through an HSBC API and tell my bank to send money through a Barclays API.

Thus there is a genuinely new financial services environment coming into existence. But who will take maximum advantage of it? The incumbent banks or fintech startups? Financial services innovators or entrepreneurs who want to harness the banking infrastructure for social good? Customers taking control or challenger banks able to deliver better services to them?

I don’t think it’s any of these. Deutsche Bank Research published a note PSD 2, open banking and the value of personal data (June 2018) noting that while the new, free interfaces open up opportunities with respect to payment services, retail financing and other tailored products for fintechs who can “seamlessly attach their innovative services to the existing (banking) infrastructure”, there are others who can similarly take advantage. Retailers with a large customer bases, for example. And of course the internet giants and, somewhat surprisingly perhaps, the existing retail banks. As Deutsche Bank point out, the incumbents could also benefit and act as third-party providers “vis-à-vis other account servicing banks” and offer an array of new or extended services to their customers, which will intensify competition among all providers.

IMG 2692My Barclays mobile app can now see all of my UK bank accounts.

We already see these responses out in the market. Deutsche Bank themselves have announced a project with IATA and there is great work being done by other incumbents (see for example, my Barclays mobile app) as well as challengers. Of particular interest I think is Starling Bank’s strategy to create a platform for new players. But… as I have said before, I think the regulators have made a miscalculation in their entirely laudable effort to increase competition in the banking sector. In brief, forcing the banks to open up their treasure trove of customer transaction data to third parties is not going to mean a thousand fintech flowers blooming, precisely because of the advantages it affords the incumbents vs. incomers. And while some big retailers will take advantage, the overall impact will be to tip the balance of power to a new, different and potentially more problematic oligarchy (to use Vince’s label).

What is going wrong?

Back in 2016, I said about the regulators demanding that banks open up their APIs that “if this argument applies to banks, that they are required to open up their APIs because they have a special responsibility to society, then why shouldn’t this principle also apply to Facebook?”. My point was, I thought, rather obvious. If regulators think that banks hoarding of customers’ data gives them an unfair advantage in the marketplace and undermines competition then why isn’t it true for other organisations in general and the “internet giants” in particular? As the Diane Coyle, Bennett Professor of Public Policy at the University of Cambridge, pointed out in the Financial Times a year ago (Digital platforms force a rethink in competition policy, 17th Aug. 2017), economies of scale and insurmountable network effects mean that it will be very difficult for fintech startups to obtain significant market traction when they are competing with these giants.

Now, of course, when I wrote about this last year for the Wired magazine Wired World in 2018, no-one paid any attention because I’m just some tech guy. But when someone like Ana Botin (Executive Chairman of Santander) started talking about it, the regulators, law makers and policy wonks began to sit up and pay notice. In the Financial Times earlier this year (Santander chair calls EU rules on payments unfair, 16th April 2018) she remarked on precisely that asymmetry in the new regulatory landscape. In short, the banks are required to open up their customer data to the internet giants but there is no reciprocal requirement for those giants to open up their customer data to the banks. Amazon gets Santander’s data, but Santander doesn’t get Amazon data. Therefore, as Ana (and many others) suspect, the banks will be pushed into being heavily regulated, low-margin pipes while the power and control of the giants will become entrenched (broadly speaking, the distribution of financial services has a better return on equity than the manufacturing of them).

It boils down to this: If Facebook can persuade me that it’s in my interest to give them access to my bank account, I can press the button to give it to them and that’s that. They can use the PSD2 APIs to get to my data. On the other hand, if a financial services provider can persuade me to give them access to my Facebook data… well, hard luck. Carlos said, rather elegantly, that one of the nice things about data as a resource is that it doesn’t get used up.

What is to be done?

Ms. Botin suggested that organisations holding the accounts of more than (for example) 50,000 people ought to be subject to some regulation to give API access to the consumer data. Not only banks, but everyone else should provide open APIs for access to customer data with the customer’s permission. This is what is being planned in Australia, where open banking is part of a wider approach to consumer data rights and there will indeed be a form of symmetry imposed by rules that prevent organisations from taking banking data without sharing their own data. If a social media company (for example) wants access to Australian’s banking data it must make its data available in a format determined by a Consumer Data Standards Body. (Note that these standards do not yet exist, and as I understand things the hope is that the industry will come forward with candidates.)

This sharing approach creates more of a level playing field by making it possible for banks to access the customer social graph but it would also encourage alternatives to services such as Instagram and Facebook to emerge. If I decide I like another chat service better than WhatApp but all of my friends are on WhatsApp, it will never get off the ground. On the other hand, if I can give it access to my WhatsApp contacts and messages then WhatsApp will have real competition.

This is approach would not stop Facebook and Google and the other from storing my data but it would stop them from hoarding it to the exclusion of competitors. As Jeni Tennison wrote for the ODI in June, a good outcome would be for “data portability to encourage and facilitate competition at a layer above these data stewards, amongst the applications that provide direct value to people”, just as the regulators hope customer-focused fintechs will do using the resource of data from the banks (who are, I think, a good example of data stewards). Making this data accessible via API would be an excellent way to obtain such an outcome.

It seems to me that this might kill two birds with one stone: it would make it easier for competitors to the internet giants to emerge and might lead to a creative rebalancing of the relationship between the financial sector and the internet sector. Instead of turning back to the 19th and 20th century anti-trust remedies against monopolies in railroads and steel and telecoms, perhaps open banking adumbrates a model for the 21st century anti-trust remedy against all oligopolies in data, relationships and reputation.

Mark Carney (and me) and digital ID

The governor of the Bank of England, the Canadian ex-Goldman Sachs economist Mr. Mark Carney, recently suggested that digital ID cards “would make it safer for people to access money online”. He is sort-of-correct. We do indeed need to do something to stop the relentless increase in identity-related fraud and scams (such as, for example, “man receives surprise message purporting to be from Mark Carney offering multimillion-dollar sum”) because we need to make substantial improvements in both the security and privacy of online financial services, as well as a step-change in convenience) and we need it urgently. 

I don’t think that a digital ID card is quite the solution though, because I prefer a more sophisticated solution that is based on digital identities for everything and multiple personae for transactional purposes, but that’s splitting hairs at high level. I am right behind Mr. Carney on the need for a solution, although I think he was wrong when he went on to say that such a scheme could also prove controversial and could “only be introduced by the Government rather than the Bank of England”. In my opinion he is mixing up the controversial idea of a national digital identity card of some kind (and he may well be unaware of the government’s decision to stop funding their gov.verify online identity scheme) with the uncontroversial notion of a some form of secure and convenient identity management for the purposes of interacting with regulated financial institutions.

Only a day after Mr. Carney’s remarks, the Emerging Payments Association (EPA) released its report on money laundering and payments-related financial crime, calling for UK financial institutions and payment processors to create a “national digital identity scheme to tackle these threats”. So let’s take this national digital identity for financial services and digital ID card for online identity checking in Mr. Carney’s terms and call the concept, for sake of brevity, the Financial Services Passport, or FSP.

I don’t know if Mr. Carney has read my 2014 book Identity is the New Money (still available from all good bookshops and Amazon), but in there I wrote that one very specific use of a digital identity infrastructure “should be to greatly reduce the cost and complexity of executing transactions in the UK by explicitly recognising that reputation will be the basis of trust and therefore transaction costs. The regulators should therefore set in motion plans for a Financial Services Passport”.

A few year ago, I spent some time as co-chair (with Ian Jenkins of Deloitte) of the techUK Financial Services Passport Working Group, I was working on the concept of a financial services passport with a bunch of smart people and no-one took the slightest interest in this obviously sensible concept and I do not remember observing any inclination by the UK’s banks to work together on it.

That techUK Working Group, incidentally, was created because of recommendations of an earlier techUK report “Towards a New Financial Services” developed through 2013. Section 3 of this report is actually called “Identity and Authentication: Time for a Digital Financial Services Passport”. The conclusion of that section was: 

There is clearly a need to look again at identity authentication in financial services. In addition to creating inconvenience for consumers, the current approach is expensive to maintain and inadequate in serving an increasingly digital financial services industry. As trusted authenticators of identity, a new standardised approach by financial services organisation could enable wider societal benefits, while also unlocking new opportunities for the industry. However, moving from the current fragmented identity infrastructure to a standardised financial services passport would require overcoming several challenges; from the competitive dynamics in financial services, to the extent and scope of liability, whilst simultaneously maintaining KYC and AML compliance.

In the first instance, the scope of a financial services passport needs to be more clearly defined. This requires a technology roadmap that can match objectives and requirements in managing digital identities in financial services with technical solutions and provide a feel for how trends may already be shaping the market in this space.

So what would a practical financial services passport actually look like? In the techUK discussions, we explored three broad architectures using the technology roadmap referred to above. 

  1. A centralised solution, some sort of KYC utility funded by the banks. This was seen as being the cheapest solution, but with some problems of governance and control. It could also be a single point of failure for the financial system and therefore unwise given that we are now in a cyberwar without end.

  2. A decentralised “blockchain” (it wouldn’t really be a blockchain, of course, it would be some form of shared ledger) where financial institutions (and regulators) would operate the nodes and all of the identity crud (“create, read, update and delete”) would be recorded permanently.

  3. A federated solution where each bank would be responsible for managing the identities of its own customers and providing relevant information to other banks as and when required. 

At the time, I thought that the third option was probably best but I’m open to rational debate around the topic. The way that I envisage this working was straightforward: my bank creates a financial services passport using the KYC data that it already has and “stamps” the passport with a minimum set of attributes needed to enable transactions. So Barclays would create an FSP for me. Then, when I go to Nationwide to apply for a mortgage, I could present that FSP to Nationwide and save them (and me) the time, trouble and cost of KYC. Instead of asking me for my bank account details, home address and inside leg measurement, Nationwide can use the stamps in my passport.

As I recall, the technology bit of this was easy but there were two discussions about this that were difficult. One was about liability (I advocate the “Identrust model” of transaction liability) and the other was about payment (I advocate an interchange model where the organisation using the passport pays the passport originator).

Let’s just say for sake of argument though that in response to Mr. Carney’s comments, the FCA decided on a federated solution using the three-domain identity (3DID) model. It would look like this:

3DID Bank Framework

 

All of the standards and technologies needed to make this happen already exist except in one area. The banks already do the KYC in the Identification Domain, we have FIDO and biometrics and mandatory Secure Customer Authentication (SCA) in the Authentication Domain and the tools that we need in the Authorisation Domain.

Let’s imagine that the digital identity is, basically, a key pair. In this case, the virtual identity is then a public key certificate that carries the attributes – the data about a person – that is necessary to enable transactions, as shown below. The attributes are digitally-signed by organisations that are trusted. This is where we need some standardisation to define attributes (eg, IS_A_PERSON, IS_OVER_18, HAS_OVERDRAFT_AGREEMENT or whatever). Were the Bank of England to make the banks get their act together and start doing something about this, maybe they could do what they did for Open Banking and set up an Financial Passport Implementation Entity (FPIE) to draw up the formats and standards for Persona that can be used by developers to start work right away.

Virtual Financial Services

Note that this special case, where the virtual identity is the same as the “real” identity is only one case. Barclays and others might well give me (or charge me for) other virtual identities, with the most obvious example being an “adult” identity that does not contain any personally-identifiable information for use in internet dating and so on.

In 2014, I wrote “what about a financial services passport?”. It is a testament to the power of my writing and my great influence in the financial services community that it has taken a mere five years for this idea to reach the governor and for him to put it forward as a way to “harmonise the various different systems of online identity checking”. Let’s hope that more people listen to him than listened to me.

Friday thought experiment: Mac-PESA

I”m very wary of promulgating the “political correctness gone mad” meme, as it is so often a lazy reactionary knee-jerk response to changing times, but I could not resist tweeting about the news that a British police force launched an investigation after a man claimed he had been the victim of a “hate crime” when… a branch of the Post Office refused to accept his Scottish banknote. This incident has now indeed entered our official statistics as a hate crime.

Frankly, this is mental. Scottish banknotes are not legal tender, even in Scotland, as I have explained before. The Post Office is no more obliged to accept a Scottish Fiver than it is to accept Euros, gold or cowrie shells. The story did, however, cause me to reflect on what will happen when, post-Brexit, Scotland votes to leave the UK. Will Scotland then join the euro or create its own currency?

As supporters of Scottish independence insist, once Scotland becomes an independent country, it will be responsible for managing its currency in the same way that every other country that has its own currency is responsible for managing. But how should the Scots go about creating this currency? Surely messing around with notes and coins, other than for post-functional symbolic purposes, is a total waste of time and money.

A much better idea would be to go straight to the modern age and create Mac-PESA, which would be a digital money system rather like Kenya’s M-PESA with with a few crucial enhancements to take advantage of new technology. M-PESA, as a post on the Harvard Business School blog says, is “the protagonist in a tale of global prosperity to which we all can look for lessons on the impact of market-creating innovations”, going on to say that its “roots are far more humble”. They are indeed, and if you are interested in learning more about them, I wrote a detailed post about the origins of M-PESA (and Consult Hyperion’s role in the shaping of this amazing scheme) and the success factors.

The most important of these was the role of regulator: the Central Bank of Kenya (CBK) didn’t ban it. Conversely, one of the reason for the slow take-up of mobile payments (and the related slow improvement in financial inclusion) in other countries was the regulators’ insistence that banks be involved in the development and delivery of mobile payment schemes. The results were predictable. (Here’s a post from a few years ago looking at the situation in India, for example).

Anyway, back to M-PESA. It is an amazing success. But it is not perfect. In recent times it has gone down, leaving millions of customers unable to receive or send money. These failures cost the economy significant sums (billions of shillings), which not not surprising when you remember that M-PESA moves around 16 billion Kenyan shillings per day. So when it drops out, it leaves customers hanging, it leaves agents losing revenue and it leaves the banks unable to transact.

It is now vital national infrastructure, just as Mac-PESA would be.

So what if there were no system in the middle to go down any more? What if the telco, regulator and banks were to co-operate on a Enterprise Shared Ledger (ESL) solution where the nodes all have a copy of the ledger and take part in a consensus process to commit transactions to that ledger?

Do the math, as our American cousins say. Suppose there are 10,000 agents across Scotland with 100 “super agents” (network aggregators) managing 100 agents each. Suppose there are 10m customers (there are currently around 20m in Kenya, which has ten times the population of Scotland). Suppose a customer’s Mac-PESA balance and associated flags/status are 100 bytes.

So that’s 10^2 bytes * 10^6 customers, which is 10^8 bytes, or 10^5 kilobytes or 10^2 megabytes. In computer terms, this is nothing. 100Mbytes? My phone can store multiples of this, no problem.

In other other words, you could imagine a distributed Mac-PESA where every agent could store every balance. You could even imagine, thanks to the miracles of homomorphic encryption, that every agent’s node could store every customers’ balance without actually being able to read those balances. So when Alice sends Bob 10 Thistles (the currency of the independent Scotland), Alice connect to any agent node (the phone would have a random list of agents – if it can’t connect to one, it just connects to another) which then decrements her encrypted balance by 10 and increments Bob’s encrypted balance by 10, then sends the transaction off into the network so that everyone’s ledger gets updated.

You can have a 24/7 365 scheme without having a Mac-PESA system in the middle. When you make a transaction with your handset, it gets routed to a superagent who decrements your balance, increments your payee’s balance, and then transmits the new balances (all digitally-signed of course) to the other superagents.

 

It would be a bit like making an ATM network where every ATM knows the balance of every debit card. No switch or authorisation server to go down. And if an ATM goes down, so what? When it comes back up, it can resynch itself.

So please, someone challenge me on this. As a thought experiment, why not have Scotland grab a world-leading position by shifting to a Central Bank Digital Currency (CBDC) based on a shared ledger. I very much agree with the Bank of England’s view of such a thing, which is that the real innovation might come from the programmability of such a currency. This would be money with apps and an API, and I would hope that innovators across Scotland and beyond would use it create great new products and services.

Ten more years

We’ve just had Bitcoin’s tenth birthday, so like most other electronic payment aficionados I’ve been mulling over the trajectory of the noted peer-to-peer electronic cash system. My interest in it goes back long way. I was  invited to speak to the first European Bitcoin conference in Prague back in 2011 having previously given perspectives on the project — in blogs, magazines and even on BBC radio — that were not especially enthusiastic. As an example, in Prospect Magazine back in 2011 I wrote “while many of us would like currency management taken away from governments, that doesn’t mean an unmanaged solution will be any better”.

That Prague conference was therefore an opportunity for me to learn more about Bitcoin and the Bitcoin community as well as to test my arguments with an informed crowd. My views didn’t change – I still didn’t think Bitcoin would crack the mass market – but looking back on it now is a fascinating slice of early Bitcoin life.

In the first presentation, Sergey Kurtsev from IMCEX said that anonymity is misunderstood and that the public don’t need it. I was upset about this, not because he was absolutely correct about it, but because it was going to be the subject of my talk in the afternoon. So it led to some emergency last-minute Keynote acrobatics on my part!

Amir Taaki from the Bitcoin Consultancy gave a presentation that was quite wide-ranging so I will use that presentation as a peg to hang a few comments on. He said, essentially, that there were three problems with Bitcoin: the marketplace, the technology and finance.

  1. Marketplace. Amir said that consumers had no reason to use Bitcoin because attributes that Bitcoin projects (such as that anonymity) are not valued by consumers and the merchants obviously don’t see enough value to drive consumers towards it. I don’t see that anything has changed in the last decade. As I pointed out in 2015, if there’s no demand for Bitcoin for porn, then there’s no future for it as a means of exchange!

  2. Technology. There were scale issues, as people much cleverer than me (e.g., Ben Laurie) pointed out at the very beginning, but the key technology issue was that it was hard to use. Now it’s a bit easier because you have a variety of Bitcoin wallets to choose from.

  3. Finance. Amir made a point about “compromising events”. He said that if you want people to hold Bitcoins instead of dollars or gold, they have to have real faith. Every time they read about exchanges crashing and money vanishing that becomes more unlikely. As I have posted with wearying repetition on Twitter across the last decade “help I want my anonymous, untraceable digital cash back!”.

When it came to my talk (which you can see below), I did try to make constructive criticism. I tried to highlight some areas of commerce where the existing mass market solutions might be vulnerable to well-crafted alternatives (e.g., social networking, games, kids) or where a significant improvement in security would generate value.

 

( I also emphasis, as I recall, that any realistic mass-market solution must be mobile-centric.)

Overall, as I’d previously written, I was unconvinced that Bitcoin would make a good currency or scale into the mainstream economy, mainly because the anonymity that was the attractive feature to the early-adopting bitcoiners was not attractive to the mass market. I still don’t see any traction for Bitcoin in the mass market. Back in 2015, I set off to visit Swindon on the 20th anniversary of the launch of the UK Mondex scheme (an offline, smartcard-based form of electronic cash) and discovered a shop advertising that they accepted Bitcoin. But when I attempted to pay with Mr. Nakamoto’s peer-to-peer electronic cash system, no-one could remember the password and when I asked to speak to the manager, he told me that no customer had ever asked to pay with Bitcoin anyway. 

Bitcoin at POS in Swindon

 

(Swindon, once twinned with Disney World, is the epicentre and bellwether of the transition to new forms of money. In two decades it went from a place where no-one used Mondex to a place where no-one used Bitcoin.)

More interestingly, with the perspective of hindsight, a couple of the speakers at the event suggested creating a scheme on top of Bitcoin rather than use Bitcoin itself, which to my mind adumbrates the evolution of the token, which I do think has more chance of success. I wrote about this last year, saying that I see Bitcoin and its cousins not as prototypes but as a base layer that will be used by some, but not by most, people to make real transactions in the future. I think most transactions will take place at the token layer, exchanging bearer assets over an efficient (no clearing or settlement) transaction layer.

So the blockchain is new and so on… and yet… the idea of a trading “money like” instruments without clearing and settlement is hugely appealing. This not on idealogical grounds but on economic ones: it’s cheaper.

Whether the transaction layer underneath will be Bitcoin or not is anyone’s guess, although I suspect it will not. If the function of the transaction layer is to be a global, shared resource for security infrastructure then the protocol will surely need to be optimised in that direction and the operations will surely need to be organised in such a way as to prevent any well-funded (at the National State level) attacker from being able to control sufficient of the necessary resources to subvert or disrupt that infrastructure. No-one is going to move their stock market over to a platform where trading might be disrupted by crypto-kitties.

Brexit, Dr. Who and Digital Identity

You are probably all sick of reading, hearing and dreaming about Brexit by now and I certainly do not propose to comment on whether no deal is better than a bad deal or whether the blockchain can create a virtual hard border for Northern Ireland, but there is one potential implication of Brexit that I do want to flag up here for discussion. Brexit may restart the discussion about ID cards.

To give just one instance of this meme, The Independent looked at a report from the think-tank Policy Exchange and said that “the UK should consider introducing ID cards after Brexit… it argues that Brexit marks a natural point at which to reform the UK’s immigration system”.

(The think tank Global Future went even further, saying that “the introduction of electronic identity cards would address many voters’ concerns about immigration without the need for Brexit.)

The Policy Exchange report was written by David Goodhart and Richard Norrie, and what they actually called for in the report is the creation of (essentially) a population register, giving everyone a unique number to facilitate interaction with the state. They say explicitly that the system “should not require a physical ID card, let alone the obligation to carry one”. In that newspaper article on the report, David goes on to say that they want to reopen the debate about ID management to “reassure people that we know who is in the country, for how long, and what their entitlements are”. It’s my emphasis on that word “entitlements”, and I’ll come back to it in a moment.

I wrote an article about identity cards for David when he was the editor of Prospect magazine, way back in 2005, in which I said that some form of citizen register “is clearly a good idea”. I wrote another article for him back in 2007, in which I said that the (then Labour) government should radically rethink its ID scheme, moving away from the obsession with ID cards and “focus instead on allocating a unique national identity number, backed by biometrics, to each citizen—that is all that needs to be held in a national register”. Nobody listened to me (except David!) and I do not recall ever being consulted on the topic by the government.

Anyway, the point of my writing all those years ago (and I also covered the topic in my book Identity is the New Money in 2014) was to separate the register that is used to determine uniqueness from the scheme that is used to determine entitlements. I think my general point and about moving to entitlements and leaving personally-identifiable information (PII) out of transactions has been not only borne out but reinforced by GDPR and subsequent developments in the world of social media.

Brexit bootstrap

If Brexit means an opportunity to rethink at the national level, but this time involve some expert opinion, I’m all for it. As I have written before at tedious length, we do not need a national identity scheme, we need a national entitlement scheme. And now is the time to starting thinking about what it might look like. So here go. As David touches on with his comment, the real solution is to our 21st-century identity crisis not an Indian-style Aadhar identity number or a Chinese social score, but a general-purpose National Entitlement System (NES). Very few people reading either the Policy Exchange report or this blog will remember the long ago days before the last Labour government’s attempts to introduce a national identity card, but there was a time when there were consultations afoot around a much better idea, which was a national entitlement card. As my colleague Neil McEvoy and I pointed out in Consult Hyperion’s response to that consultation, the “card” is only one mechanism for storing and transporting entitlements and in the modern age there might be better ones, such as mobile phones for example, that can not only present credentials but, crucially, also validate them (a subject I will return to).

Suppose that the vision for national identity (based on the concepts of social graph, mobile authentication, pseudonyms and so on) focused on the entitlements rather than on either the transport mechanism or biographical details? Then, as a user of the scheme, I might have an entitlement to (for example) health care, Wetherspoons or access to the Wall Street Journal online. I might have these entitlements on my phone (so that’s the overwhelming majority of the population taken care of) or stored somewhere safe (eg, in my bank) or out on a blockchain somewhere. Remember, these entitlements would attest to my ability to do something: they would prove that I am entitled to do something (access the NHS, drink in the pub, read about Donald Trump), not who I am. They are about entitlement, not identity as a proxy for entitlement.

It can be done

A decade ago I set out a vision for a 21st-century identity card. I tried to make it a vision that the public and the government and journalists and think tanks and everyone else could understand. It was a vision with genuine innovation and potential that subsequent technological developments have served only to sharpen. I tried to build a narrative founded in mass media because that’s where MPs and their spads get their science and technology education from (they are all arts graduates, so their knowledge of STEM is limited). This led me to suggest that in this matter, as in so many other things, Dr. Who should be the guide.

Just as Motorola famously created the flip phone around the Star Trek communicator, I created a vision of an entitlement service around Dr. Who’s psychic paper. As any devotee of the BBC’s wonderful series knows, the psychic paper shows the “inspector” whatever it is that they need to see. If the border guard is looking for a British passport, the psychic paper looks like a British passport. If the customs officer on Alpha Centuri wants to see a Betelguesian quarantine certificate, the psychic paper looks like a Betelguesian quarantine certificate. It the bouncer is looking for a party invite (as shown in the picture below), the psychic paper looks like a party invite.

200806171440.jpg

Christopher Ecclestone flashes psychic paper.

(I remain completely serious using Dr. Who to frame the narrative. It may seem a little odd to base a major piece of national infrastructure on a children’s TV series, but as it turned out I was not the only person to look in this direction because the BBC fan forum the no-longer-online “Torchwood Think Tank” had the suggestion back in January 2007, noting “dialogue joke about wish fulfillment of Doctor Who’s Psychic I.D. card he flashes in Season 3, and how that’s the future of ID cards…”.)

We all grew up with Dr. Who, and the show engenders warm nostalgia. Now, obviously, there’s an age-related component to this. My favourite monsters were the cybermen and I always wanted to work for Brigadier-General Lethbridge-Stewart, so that gives my age away, but my kids enjoyed the show just as much and I’m sure the current generation are enjoying our new lady doctor just as much. Dr. Who is the perfect mechanism for explaining technology the public and to MPs and Ministers. However, “a national entitlement scheme” sounds a bit 1950s and a “psychic paper scheme” sounds too much like science-fiction, so I’ve decided to re-label it: welcome to the Brexit Bona Fides scheme.

Brexit bona fides

This is how the Brexit Bona Fides scheme works. Unlike Dr. Who’s psychic paper, this post-Brexit version of psychic paper only shows the viewer what he or she wants to see if the holder has the relevant credential. If you are trying to get into a nightclub, you need to prove to the bouncer that you are over 18. The bouncer is looking for a credential that proves you are over 18. You show your psychic paper to the bouncer and all it reveals to the bouncer is whether you are over 18 or not. All the bouncer sees is that you are old enough to drink. Provided you are over 18, of course. If you are not, the psychic paper remains blank, as shown below

nightclub

You cannot forge this credential because it is digitally-signed by the issuer. If a 16-year old copies an 18-year old’s certificate into their psychic paper, it won’t work, because the incoming messages will be encrypted using the 18-year old’s public key, but the 16-year old lacks the corresponding private key (which can’t be copied because it’s never given up by the psychic paper — sorry, iPhone secure element). Since transmitting the photograph and appropriate credentials directly into the brain of the nightclub bouncer isn’t possible, we will of course need to use some kind of clever communication device instead. Luckily, just such a device already exists: the mobile phone.

My mobile phone would be able to check the entitlements that it is allowed to when presented by your phone, so none of us would need special equipment. I show up with my phone and claim that I am entitled to vote: my phone presents a QR code that is read by the polling clerk’s phone which flashes up my picture if I am entitled to vote or a red cross if I am not. I walk up to Wetherspoons and the pub requests an IS_OVER_18 credential. My Apple Watch (or phone or whatever) presents a list of virtual identities that have such a credential digitally-signed by an authority acceptable to Wetherspoons (ie, one that they can sue if I’m under 18) and, assuming that I’ve chosen one that is valid, my picture pops up on the bouncer’s Apple Watch. If I don’t have such a credential, the bouncer sees a skulls and crossbones or something. The customer never sees any of the jiggery-pokery hiding their personally identifiable information (PII). In 99 out of 100 cases, displaying your photograph is the only authentication required: There’s no need for the supermarket to check your fingerprints, for the doctor to demand a PIN or for the pub to take a DNA sample.

Watch Narrative Graphic

This isn’t really magic, or even that complicated. It’s all done using standard contactless communications, standard cryptography, standard protocols, standard chips, cards, phones and photos. Incidentally, after writing many year ago about how we could implement a psychic ID card using the same contactless technology as is used in Oyster cards, I literally fell off my sofa after settling down to watch a long ago Dr. Who Easter special only to see the BBC steal my idea! Yes, Dr. Who got on a London bus using his psychic ID card (see video here), clearly demonstrating that it has an ISO 14443 interface that can fool machinery as well as the psychic interface that can fool people.

Meanwhile, back in the real world… note that when using Brexit Bona Fides, no-one can read your psychic paper — no-one can check your Bona Fides* — unless they are allowed to and when they are allowed to, and all they can see is what they are allowed to see. No more showing the guy in the pub your name, date and place of birth and goodness knows what else just to prove you are 18. Under the hood, it’s all done using keys and certificates, credentials and local authentication: The nightclub bouncer has had to obtain a digital certificate that allows him to interrogate your ID card. His phone sends the certificate to your ID card. The ID card checks it, sees that it is asking for a proof of age. It sends back your photograph, digitally-signed (that’s how his phone knows it’s a real ID card, because it can check this signature). If you’re not old enough to drink, it sends back a digitally-signed red cross (or whatever).

Bona Fides will show the GP your health service number but only if you have the right to NHS healthcare, otherwise it will be blank. Bona Fides will show the employer your national insurance number (but only if you have the right to work in the U.K.). Bona Fides will show the pub absolutely nothing except your photograph (but only if you are old enough to drink). So this is a user-friendly way to implement all of the privacy-enhancing technologies that we would like to see incorporated in a modern national identity card scheme: sector-specific identifiers, pseudonyms, mutual authentication.

 

Now, this may have sounded far-fetched back in 2005, but let me point you to the new Louisiana smart driving licence. As a couple my LinkedIn contacts pointed out, this implements some of the key psychic ID concepts.

  • The smart driving licence app means that a holder can authenticate another person’s Louisiana digital driver’s license.

  • In the bar case study, it allows the customer to select which information she would like to reveal to the bartender—such as that she is over 21. That information is displayed on the phone with a photo and embedded QR code. The bartender scans the code with her app, which tells her that the woman seated on the other side of the bar is indeed over 21. None of the customer’s personal information, such as her name, birth date, or address, is displayed or stored on the bartender’s phone.

Given the the need exists, the vision exists and the implementation is demonstrably feasible, perhaps the trigger of Brexit can give us the digital identity infrastructure that our nation so desperately needs and the lack of which is such a source of friction and inefficiency.

Security and privacy

This is a way to deliver an identity scheme that provides both more security and more privacy. It does not need a big database with everyone’s details and it does not need expensive, custom-built, specialist equipment. In that 2005 piece for Prospect magazine I argued that that the government’s vision for the proposed ID card scheme was tragically out of date and backward-looking. Even the pressure group No2ID were nice about me, saying that that I was someone in favour of an ID scheme who actually knew what I was talking about but “unfortunately his preferred scheme is incompatible with the Government’s plans”. Indeed it was, but that didn’t matter because the scheme was scrapped by the next government anyway.

Writing about this kind of entitlement scheme a few years ago, I thought that a national plan to finally do something useful about identity might obtain “parasitic vitality” (to use one of my favourite ID phrases) from the specific issue of voter ID. Maybe electronic voting could have been a focus to get the gov.verify scheme a flagship project  and get the public and private sector working together to deliver an infrastructure that will be of benefit to all. None of this ever happened and gov.verify has gone, essentially, nowhere. So why am I still going on about this! Well, David Goodhart’s new report and other media comment has set me thinking that Brexit might finally provide the stimulus needed to develop the world’s first 21st century identity scheme. Not digitised identity, but real digital identity. Implemented correctly, it could make the UK a better place to work and play in a relatively short time.

* Bona Fides, for those of you who went to state schools as I did, is a Latin phrase meaning “good faith”. My dictionary definition says that bona fides documentary evidence showing that a person is what they claim to be. Note not who they claim to be, but what they claim to be. It gives the usage “credentials, as in he set about checking Loretta’s bona fides”. I’ll go and register the domain “bonafid.es” right now.

CBDC is a black and white issue

I was reading J.P. Koning’s excellent paper [PDF] on Central Bank Digital Currency (CDBC) for Brazil and came across his reference in passing to Narayana Kocherlakota, former CEO of the Federal Reserve Bank of Minneapolis, who wrote (in 2016) that economists do not know very much about the topic of anonymity and “calls for the profession to model it more systematically”. I think this is a really critical point, because the decision about where to set the anonymity dial for a cash replacement product is an important one, and not one that should be left to technologists.

This decision is discussed in the context of implementing a digital fiat currency of one form or another. The paper explores three ways to implement a CBDC for Brazil.

  1. MoedaElectronico (Electronic Cash): this is the most cash-like of the three CBDCs. It pays neither positive interest nor docks negative interest and is anonymous. Like cash, it is a bearer token.

  2. ContaBCB (BCBAccounts): this is the most account-based of the three templates. Ac- counts are non-anonymous and pay interest, like a normal bank account.

  3. MoedaHíbrida (Hybridcoins): provides a mix of cash and account-like features, including the ability to pay a varying positive and negative interest rate, while offering users the choice between anonymity or not. 

Now, the first two are well-known and well-understood. I wrote about them again last month (I’ve discussed “BritCoin” and “BritPESA” several times before), in a comment on Christine Lagarde’s speech [15Mb: Central banks, tokens and privacy] and I don’t propose to look at them further here. It’s that last example that interests me.

Let’s go back to that point about anonymity. In the paper J.P. says that the case can also be made for a permanently negative interest rate on anonymous CBDC. Why? Well, since we all understand that criminality and tax evasion impose costs on society, it may be worthwhile to design anonymous payments systems in a way that recoups some of the costs these activities impose.

In other words, construct a cash replacement in which anonymous transactions cost more than non-anonymous transactions. One way to do this, which is referenced by J.P. in his paper, was the “Crime Pays System” or CPS as conceived by the artist Austin Houldsworth. Austin is most well-known for designing the cover of my book “Before Babylon, Beyond Bitcoin” of course, but he also ran the Future of Money Design Award for Consult Hyperion’s annual Tomorrow’s Transactions Forum for many years. Oh, and he was awarded a Ph.D by the Royal College of Art (RCA). It was his idea to have me present CPS at the British Computer Society (BCS). We had my alter ego set out the new payment system to an unsuspecting audience who, I have to say, were excellent sports about the whole thing! It turned out to be an entertaining and enlightening experience (you can read more and see the video here).

Cps bcs

In CPS, digital payments would be either “light” or “dark”. The default transaction type would be light and free to the end users. All transaction histories would be uploaded to a public space (we were, of course, thinking about the Bitcoin blockchain here) which would allow anybody anywhere to view the transaction details. The alternative transaction type would be dark. With this option advanced cryptographic techniques would make the payment completely invisible with a small levy in the region of 10% to 20% would be paid per transaction.

The system would therefore offer privacy for your finances at a reasonable price. The revenue generated from the use of this system would be taken by the government to substitute for the loss of taxes in the dark economy.

What a cool idea.

Now, at the time it was just a concept. We didn’t spend much time thinking about how it would actually work (I was basing the pretend implementation for the BCS presentation on Chaumian blinding a la Digicash, hence this gratuitous picture of me influencing David in Vegas.)

David Chaum las vegas 2018

That was then. In the meantime, however, along came ZCash and the mechanism of shielded and unshielded transactions that J.P. has used as the basis for MoedaHíbrida’s two different modes. If the user decides to hold shielded (ie, dark) MoedaHíbrida tokens, then all transactions made with those tokens are completely anonymous and untrackable. The user can decide to unshield his or her MoedaHíbrida tokens so that all transactions can be seen (ie, light).

Offering users the choice of anonymity but making them pay for is a radical solution but I’m with J.P. in thinking that it deserves attention. What I think is very clever about using negative interest rates (which had never occurred to me) is that it allows for anonymous transactions without imposing a transaction friction, thus providing the cash substitute in the marketplace, but it penalises the stashing of anonymous cash. The negative interest rate means that dark tokens will be subject to a negative interest rate of, say -5% per annum, while light tokens will receive a competitive SELIC-linked interest rate.

Whether or not this is the way forward I or not, it is a line of thought that deserves serious examination in the context of CBDC design. If it is considered important to society to provide anonymous means of exchange, then the “tax” on the anonymous store of value seems a reasonable way to distribute the costs and benefits for society as whole.