Unknown, known and verified

The stain of racism in football is, you will be unsurprised to learn, not confined to Bulgarian stadia. It’s a serious and unpleasant problem on social media too. To the extent that the noted association footballer Mr. Harold Macguire has been talking about it. According to The Daily Telegraph, “Maguire urged Instagram and Twitter to make users identify themselves in the same way as betting apps after his teammate Paul Pogba was subjected to a torrent of ‘disgusting’ racial abuse from anonymous trolls”.

Many other people seem to think that we should do something about this. Following Mr. Macguire’s analysis, the historian Damian Collins MP (chair of the Digital, Culture, Media and Sport select committee in the UK Parliament) said “Account verification should be more widely available and become the norm. I think accounts should be verified, it can’t be right that cowards and racists can hide behind the anonymity of social media to attack people, often using multiple bogus accounts”. This is an interesting observation that jumbles two different issues together: proving the account “David Beckham” points to a specific person, and proving that the specific person it points to is the former Manchester United winger David Beckham. The first is about attaching attributes to a real-world entity, the second about is about the reputation of the real world identity. Thinking these two things through separately is, I think, a key to finding a workable solution to the social media mess, but back to that later.

Another MP, the lawyer Norman Lamb (chair of the Science and Technology select committee) also commented, saying that if social media companies did not act to clean up abuse then the incoming online regulator should take action. It’s not clear to me what he means by “clean up abuse” since it seems implausible that Twitter could monitor billions of messages every day to remove those that cause any offence to anyone (I assume Mr. Lamb doesn’t want them to remove tweets calling for human rights in certain countries, for example).

(In fact it is not at all clear to me what the incoming regulator is going to do at all, but that it is a different matter.)

It’s also not clear to me what MPs and other commentators mean by “bogus accounts”. But from the context, I assume that they mean accounts that cannot be linked to some other identifier that MPs think is a legitimate form of identity, such as the aforementioned passport.

It’s not a new or interesting idea to try to link social media accounts to government-issued identity, as they do in (for example) China. A while back, to pick on one example, the noted entrepreneur Mark Cuban adumbrated Mr. Maguire by saying that “It’s time for @twitter to confirm a real name and real person behind every account, and for @facebook to to get far more stringent on the same. I don’t care what the user name is. But there needs to be a single human behind every individual account”.

Cuban is as wrong about the real names as Macguire and the MPs are, because anyone familiar with the topic of “real” names knows perfectly well that they make online problems worse rather than better. One example that springs to mind to illustrate this is when the dating platform OKCupid announced it would ask users go by their real names when using its service (the idea was to control harassment and promote community on the platform) but after something of a backlash from the users, they had to relent. Forcing the use of real names in a great many circumstances will mean harassment, abuse and perhaps even worse.

You can understand why. Why on Earth would you want people to know your “real” name? That should be for you to disclose when you want to and to whom you want to. In fact the necessity to present a real name will actually prevent transactions from taking place at all, because the transaction enabler isn’t names, it’s reputations. And pretty basic reputations at that. I think that online dating, frankly, provides a useful way of thinking about the general problem of online identity. In this case, just knowing that the object of your affections is actually a real person and not a bot (remember, in the famous case of the Ashley Madison hack, it turned out that almost all of the women on the site were actually bots) is probably the most important element of the reputational calculus central to online introductions, but after that? Your name? Your social media footprint? 

There are plenty of places where I would not want to log in with my “real” name or by using any information that might identify me: the comments section of national newspapers, for example. “Real” names don’t fix any problem because your “real” name is not an identifier, it is just an attribute (refer back to the David Beckham example) and it’s only one of elements that would need to be collected to ascertain the identity of the corresponding real-world legal entity anyway. 

What social media needs, and what will help with Mark Cuban’s actual problem with being sure that there is a “single human” behind an account, is the ability to determine whether you are a known real person or not. The problem with bots on social media is just as serious as the problem of racism. Without commenting on the politics of an individual issue, I could have chosen any of a thousand examples to make this point. Here’s just one, from the UK press yesterday: “Almost all of the ten most active Brexit Party supporters on Twitter appear to be automated bots, according to new research“.

The way forward is surely not for Twitter et al to try and figure out who is a bot and whether they should be banned (after all, there are plenty of good bots out there) but for Twitter et al to give their users the choice. Why can’t I tell Twitter that I only want to see tweets from real people that can be identified? It’s none of my business who the person actually is and it’s none of Twitter’s business either. But if someone knows that @dgwbirch is a real person, that’s enough. Harry Macguire can read my tweets in comfort, knowing that if I commit a criminal offence then the police can go to someone to find out who I am.

So who is that someone who knows whether I am a real person or not? Working out whether I am a person or not is a difficult problem if you are going to go by reverse Turing tests or Captchas. It’s much easier just to ask someone else who already knows whether I’m a bot or not.

There are plenty of candidates. There’s the Post Office I suppose. And the school. And the doctor. In fact, there are lots of people who could testify to my existence. But the obvious place to start is my bank. So, when I go to sign up for internet dating site, then instead of the dating site trying to work out whether I’m real or not, the dating site can bounce me to my bank (where I can be strongly authenticated using existing infrastructure) and then the bank can send back a token that says “yes this person is real and one of my customers”. It won’t say which customer, of course, because that’s none of the dating site’s business and when the dating site gets hacked it won’t have any customer names or addresses: only tokens. This resolves the Cuban paradox: now you can set your preferences against bots if you want to, but the identity of individuals is protected.

What is crucial here is the IS_A_PERSON attribute. Twitter, for example, should mark my account as of unknown origin until it sees this attribute. Of course, Twitter will want to see it in the form of a verifiable credential signed by someone who they can sue if it turns out I’m not a person after all, but you get the point. When I sign up to Twitter I am “unknown”. When they get a valid IS_A_PERSON credential from me, then my status changes to to “known”. Once I am known, then I can go on to be verified if I want to be.

Uknown to Verified - LinkedIn Version


Most normal people, I imagine, will leave their Twitter account in the default setting of “known only”. Some people might want to go tighter with “verified only”. If nutters want to post racist abuse about footballers, then they will be posting it to each other and the vast majority of us will never be bothered with them again.

(When I last tried to get my account verified at Twitter, they turned me down. They didn’t say why, but presumably they thought that some of my tweets must have been machine-generated or something.)

Look. This is an important issue that I have been posting about for years, to no avail. Anne Marie Slaughter summed the situation up in the FT last year, saying that “with the decline of traditional trusted intermediaries, and the discovery that social media account holders may well be bots, we will crave verifiability”. This is absolutely spot on, and we need to construct the networks capable of delivering this verifiability or we collapse into a dystopian discourse where no-one believes anything. The knee-jerk “present your passport to use Twitter” is not the way forward. Technology means that we can deliver verifiability in a privacy-enhancing manner, so let’s do it.

Where’s “Sign in with Barclays”?

In my keynote speech at KnowID 2019 in Las Vegas, I said that we needed think about the big picture around digital identity. I said that digital identity should be seen as a fundamental defence in the cyberwar that we are already in and that has no imaginable end. It’s possible that some of the people in the audience felt that I was being hyperbolic and that this piece of conference rhetoric was for entertainment purposes only. In which case I must refer them to the recent comments of General Sir Nick Carter, Britain’s Chief of the Defence Staff, who said that our nation is “at war every day” due to constant cyberattacks. Even more interestingly, he then went on to say in the modern world there is no longer a distinction between war and peace (my emphasis).

This is precisely as the great media theorist Marshall McLuhan predicted. Indeed, I quoted him in my speech. In Culture is our Business, written nearly 50 years ago, he said that “World War III is a guerrilla information war with no division between military and civilian participation”. This is why we need to take digital identity seriously, as strategic infrastructure and as matter of national urgency. It’s not about making it easier for people to log in to The Daily Telegraph or Woking Council, although that should surely be a by-product of a well-designed system, it’s about keeping our people, our institutions and our democracy safe.

(I saw Paul Chichester, the Director of Operations at the UK National Cyber Security Centre, speaking about this at the P20 conference in London. In addition to telling the delegates that “cybercrime paid for that North Korean submarine launch”, he observed that it is the centenary of the Government Communications Headquarters (GCHQ) and that they have special exhibition about this over at the Science Museum. Since I spent formative time in my career working on secure networks for GCHQ, I’m really looking forward taking at look at this when I’m in London next!)

So what should we do?

I don’t think the answer for us it to build a centralised identity service (such as Aadhar in India) or a centralised reputation management system (such as China’s social credit score). I think we need to think about more sophisticated and more flexible federated options. I think we should start building an identity infrastructure for the modern world and that we should probably start with the banks. Citi put out a paper about this last month: it’s called “The Age of Consent” and it discusses the idea of a federated financial sector solution, something along the line of the Scandinavian bank ID services. (I contributed to the paper.)

You can see the author, Tony McLaughlin of Citi, talking about it here on Finextra TV saying that “if we fix digital identity, we fix payments”, and he’s got a point. Banks have an obvious and significant interest in creating the new infrastructure because it’s good for banks. But it’s also good for everyone else, so it’s not only a way for banks to save money, it’s also a way for banks to create new products and services that mean new revenue streams. In fact, it could be that digital identity is not simply an additional revenue stream in the future but that identity is bigger than payments to banks. You can watch Alessandro Baroni, CMO of equensWorldline, saying just this today on another Finextra TV interview.

In the UK, it is time for the regulators to demand action from the banks. When I was last asked to log in to a web site to buy something (last weekend) I was presented with the option to “Log in with Amazon” and “Log in with Facebook” but no option to “Log in with your safe and trusted bank digital identity that is part of a regulatory framework designed to protect you and your personal information and comes with expectations of redress, ombudsman, accountability and, ultimately, a physical presence to resolve issues”. Why not?

SHCs are sick, as the kids say

Now, of course, when techno-determinist mirrorshaded hypester commentators (eg, me) say that the future of money might be somewhat different to the Bretton Woods II structure and that perhaps the decentralising nature of computer, communications and cryptographic (CCC) together mean that there might be currency issuers other than central banks (as, for example, I did in Wired magazine two decades ago), this might be dismissed by scenario planners and strategists as cypherpunk-addled babble.

It seems to me, however, that the reflections of sensible, knowledgable and powerful players is tending int the same direction. Mark Carney, governor of the Bank of England, recently gave a speech at Jackson Hole, Wyoming, in which he said that [Central Banking] a form of global digital currency could be “the answer to the destabilising dominance of the US dollar in today’s global monetary system”.


Mr. Carney went on to talk about the idea of “synthetic hegemonic currency” (abbreviated to SHC by everyone else but abbreviated to SyHC by me so that I can pronounce it “sick”). An obvious example of such a currency would be an electronic version of the IMF’s Special Drawing Right (SDR). In fact the former boss of SDRs has already put forward such a proposal, asking for the IMF to “develop a procedure for issuing and using market SDRs following currency board rules and backed 100% by official SDRs or by an appropriate mix of sovereign debt of the five basket currencies”. This, of course, sounds a little like Facebucks (or “Libra” as they are more properly designated) and, indeed, it is.

So what would be the difference between holding Facebucks and holding eSDRs? Well, for one thing, Facebuck currency board basket will not include Yuan. In responses to questions from a German legislator, Facebook have said (Reuters, September 20th) that their basket will be:

  • One half US dollar,

  • Euro 18%,

  • Yen 14%,

  • Sterling 11% (although why anyone would be this in “stable” basket right now is beyond me), and

  • Singapore Dollar, 7%.

The composition of the SDR varies from time to time, but the current basket (last reviewed in 2015) is:

  • 41.75% US dollar,

  • 30.93% Euro,

  • Yen 8.33%,

  • Sterling 8.09%, and…

  • Yuan, 10.92$%.

So Libra vs. eSDR (or Libra vs. A Chinese digital currency) comes down to the Yuan. I think the Wall Street Journal (September 23rd) is right to characterise the fascinating future of digital currency as a “coming currency war” between digital money and the Dollar, saying that “The U.S. dollar has been the world’s dominant currency since the 1920s. But if national digital currencies allow for faster, cheaper money transfers across borders, viable alternatives to the U.S. dollar could emerge, embraced by nations and monetary officials concerned about the dollar’s outsize influence on the global economy”.

This is about so much more than permissioned vs. permissionless or proof of work vs. proof of state.

SIBOS, Star Trek and the end of Bretton Woods

Here’s a story I came across that I found so interesting that I discussed it in my book about the history and future of money, “Before Babylon, Beyond Bitcoin”. It is a utopian future fiction that happens to have something to interesting to say about money, which is why it caught my eye. This is somewhat unusual for a utopian vision since, as Nigel Dodd observed in his 2014 book “The Social Life of Money“, utopias from Plato’s Republic to Star Trek don’t seem to include money at all, never mind M-PESA or Bitcoin.

Anyhow, the story that interested me has a ‘guy falls asleep under hypnosis and awakes a century later to find a model society, then finds it’s all a dream’ narrative arc that is hard to read with modern eyes, because the perfect society that the author imagines is a communist superstate that looks like Disneyland but run by Stalin. Everyone works for the government, and since government planners can optimize production, the ‘inefficiency’ of the free market is gone.

During his adventures in this new world the narrator, the time travelling protagonist, is told by his host in the modern era (the good Doctor Edward Leete), that cash no longer exists. Instead, the Doctor informs him, the populace use ‘credit cards’ for retail transactions. (He then, as it happens, goes on to describe what are in fact offline pre-authorized debit cards imagined in the technology of the day, but that is by-the-by.)

While the author does not talk about the telephone, laser beams or the knowledge economy, he does make a some insightful predictions about the evolution of money. When talking about an American going to visit Berlin, the good Doctor notes how convenient it is for international travellers to use these ‘credit cards’ instead of foreign currency: ‘An American credit card,’ replied Dr Leete, ‘is just as good as American gold used to be’.

This is an excellent description of our world after the end of the gold standard and the rise of a dominant reserve currency, what economists call the  “Bretton Woods II” era of monetary history. A clever prediction indeed. However, I think that the most fascinating insight into the future of money comes later in the book, when the time traveller asks his twenty-first-century host ‘Are credit cards issued to the women just as to the men?’ and the answer comes back ‘certainly’.

That answer might alert you to the age of the text, which in fact contains the earliest mention of a credit card that I have found anywhere as part of a fictional narrative. The book is by the American author Edward Bellamy and is called “Looking Backward, 2000–1887“. It was written in 1886, a century before the credit card became the iconic representation modern money, and it was one of the best-selling books of its day. I had a 1940s edition in front of me as I wrote my book, so it was still being reprinted sixty years later!

I cannot help but reflect that the discourse on money in that book is a wonderful example of how science fiction is not really about the future at all but about the present: the retort ‘certainly’ is clearly intended to surprise the Victorian reader as much, if not more, than the his prediction of glass tunnels that surround pavements when it rains.  It took a writer, not an economist or a technologist, to ask a simple question about money and get a surprising answer. Hold that thought.

Predictions are hard, especially about the future of money

Now let us have a go at predicting the financial system half a century onwards. Where do we start? Well, a good rule of thumb for futurologists is that if you want to look 50 years forward, you need to look at hundred years back because of the increasing pace of change. A hundred years back we had the telephone and global markets connected by instant, global communications. We had the Bank of England and the Federal Reserve. We had wire transfers. We had the world’s first commercial aviation service, created as it happened to accelerate the clearing of cheques between Chicago and New York.

A century ago we were also coming to the end of the era of the classical gold standard. The demise of that global financial system was brought about by the pressures of global conflict and depression that ultimately led Britain to abandon it permanently in 1931 after a temporary suspension that began in the middle of First World War and lasted until 1925. Some people think we are now coming to the end of the Bretton Woods II era and, as The Economist observed recently (“Into the woods”, 17th August), saying that international trade is complicated because “most countries have their own currencies, which move in idiosyncratic ways and can be held down to boost competitiveness”, it is not at all clear what is coming next!

If this is correct, and it seems likely that it is, then then what will replace the IMF, central banks and commercial banks offering credit when it comes to creating money, facilitating payments and prosperity? The reaction of regulators around the world to one alternative, Facebook’s proposed “Libra” digital currency, seems to indicate that the incumbents are not going to give up with out a fight. Yet given the history of financial markets and institutions, and given that we know that change is inevitable as the structures reshape under social, regulatory and technological pressures, it is not good enough to simply say that the incumbents are wrong. We (ie, the financial industry) must help to create a vision of future banking that helps us all – and I include the regulators in this – to shape strategies that lead to a financial sector that serves society better.

But what vision?

If we set aside both the misplaced view that the status quo will prevail and the Bitcoin maximalists fantasies of a completely decentralised society, where do we look to find believable alternatives? We all hear the speeches of the regulators, read the annual reports from the bankers, see the demos of the technologists and the slide decks of entrepreneurs. But have any of these created a vision in your mind? Perhaps it’s time to return to my opening observations to develop a narrative just as surprising to contemporary audiences Bellamy’s was to a Victorian one.

So. What do we now see a couple of generations from now. The world of Star Wars with a “galactic credit” that is universally accepted. That doesn’t seem right to me. A single currency doesn’t really work between Germany and Greece, so how it would work between Earth and LV-426? Would the use of a Synthetic Hegemonic Currency (SHC), to use Mark Carney’s words in the Financial Times (“Mark Carney calls for global monetary system to replace dollar”, 23rd August 2019), function in these circumstances as a trade currency for the universe?


What about the world of Star Trek with no money at all, save the gold pressed latinum of the Ferengi (shown above), valuable because it’s the only substance that the replicators can’t produce? How about the world of Charles Stross’ “Neptune’s Brood” where there is fast money and slow money that relies on cryptography so it only travels at one-third the speed of light?

How will people transact? Will it be the world in Robert Heinlein’s “Beyond the Horizon” where the government has an “integrated accumulator” (what we would now call a blockchain) to record all transactions and the finance minister has dashboard to see just how the economy is doing? The integrated accumulator sounds very much like the “compubank” in Margaret Attwood’s “The Handmaid’s Tale” which tells what happens if this machinery falls under the influence of fanatics, in that case as theocratic US administration that bans and blocks women’s payment cards? Will cash, indeed, be banned or will it simple be cash as in William Gibson’s “Count Zero” where the protagonist finds himself in a near future where he  “had his cash money, but you couldn’t pay for food with that. It wasn’t actually illegal to have the stuff, it was just that no- body ever did anything legitimate with it”. (Which, frankly, sounds like Sweden rather than some future dystopia.)

What if money as we know it vanishes as a transactional medium of exchange? Will it be the world of Bruce Sterling’s “Distraction” in which distributed servers manage reputation as a currency, a theme also present in Cory Doctorow’s “Down and Out in the Magic Kingdom”. I am naturally attracted to these images of a future in which identity, trust and reputation reconnect us with our neolithic heritage (indeed, a few years ago I wrote a book called “Identity is the New Money”) and dispense with many kinds of intermediaries! Will this free us or will it fulfil the prophecy of the Book Of Revelation 13:16-17 that “no man might buy of sell save that he has the mark, or the name of the beast, or the number of his name” enslave us? Should we begin our scenario planning for these transactional environments now (hint: yes) or should we leave the technologists to choose a future for us?

Next week, for the Innotribe closing keynote of most important global banking conference of the year SIBOS, my good friend Brett King and I will be looking how writers have thought about the future of payments, banking and money to see if their narratives can help us to formulate strategies in this space and to see if we can find the hard question and surprising answer for the world of 50 years from now. I have an idea of what it might be, but let’s see how Brett, me and the Innotrible audience develop our thinking on the day. See you there.

China’s digital currency may set the benchmark, not Libra

As I wrote a while ago, the Chinese were first with the great transition from commodity money to paper money. They had the necessary technologies (you can’t have paper money without paper and you can’t do it at scale without printing) and, more importantly, they had the bureaucracy. In 1260, Kublai Khan became Emporer and determined that it was a burden to commerce and taxation to have all sorts of currencies in use, ranging from copper ‘cash’ to iron bars, to pearls to salt to specie, so he decided to implement a new currency. Then, as now, a new and growing economy needed a new kind of money to support trade and therefore prosperity. The Khan decided to replace copper, iron, commodity and specie cash with a paper currency. A paper currency! Imagine how crazy that must have sounded! Replacing physical, valuable stuff with bits of paper!


Just as Marco Polo and other medieval travellers returned along the Silk Road breathless with astonishing tales of paper money, so commentators (e.g., me) began tumbling off of flights from Beijing and Shanghai with equally astonishing tales of a land of mobile payments, where paper money is vanishing and consumers pay for everything with smartphones. China is well on the way to becoming a cashless society, with the end of its thousand year experiment with paper money in sight. Already a significant proportion of the population rely wholly on mobile payments and carry no cash at all, much as I do when heading into London.

The natural step from here is to create digital currency so that settlement is in central bank money and there are no credit risks. Now, the People’s Bank of China (PBoC) is run by smart people and as you might imagine they have been looking at this strategy since back in 2014. It now looks as if Facebook’s Libra initiative has stimulated or accelerated their tactics. I read in Central Banking [PBoC sounds alarm over Facebook’s Libra] that PBoC officials had “voiced worries” that [Libra] could have destabilising effects on the financial system and further stated that the bank would step up its own efforts to create an e-currency.

This is no knee-jerk reaction. Way back in 2016, the then-Governor of PBoC, Zhou Xiaochuan, very clearly set out their thinking about digital currency, saying that “it is an irresistible trend that paper money will be replaced by new products and new technologies”. He went on to say that as a legal tender, digital currency should be issued by the central bank (my emphasis) and after noting that he thought it would take a decade or so for digital currency to completely replace cash in cash went to state clearly that “he has plans how to gradually phase out paper money”.

(As I have written before, I don’t think a “cashless society” means a society in which notes and coins are outlawed, but a society in which they are irrelevant. Under this definition the PBoC could easily achieve this goal for China.)

What would be the impact of phasing out paper money? Yao Qian, from the PBOC technology department wrote on this subject back in 2017, noting (as I have done) that a central bank digital currency (CBDC) would have some consequences for commercial banks, so that it might be better to keep those banks as part of the new monetary arrangement. He described what has been called the “two tier” approach, noting that to offset the shock to the current banking system imposed by an independent digital currency system (and to protect the investment made by commercial banks on infrastructure), it is possible to incorporate digital currency wallet attributes into the existing commercial bank account system “so that electronic currency and digital currency are managed under the same account“.

I understand the rationale completely. The Chinese central bank wants the efficiencies that come from having a digital currency but also understands the implications of removing the exorbitant privilege of money creation from the commercial banks. If the commercial banks cannot create money by creating credit, then they can only provide loans from their deposits. Imagine if Bitcoin were the only currency in the world: I’d still need to borrow a few of them to buy a new car, but since Barclays can’t create Bitcoins they can only lend me Bitcoins that they have taken in deposit from other people. Fair enough. But here, as in so many other things, China is a window into the future.

Whether you think CBDC is a good idea or not, you can see that it’s a big step to take and therefore understand the PBoC position. There is a significant potential problem with digital currency created by the central bank. If commercial banks lose deposits and the privilege of creating money, then their functionality and role in the economy is much reduced. We already see this happening because “Alipay, WeChat Wallet, and other Chinese third party payment platforms use financial incentives to encourage users to take money out of their bank accounts and temporarily store it on the platform itself” [China’s Future is Definitely Cashless].

In summary, then, a couple of year ago I wrote that the PBoC were not going to issue cryptocurrencies and they were not going to issue digital currencies either (at least in the foreseeable future). What I said was that what they might do is to allow commercial banks to create digital currency under central bank control. And this indeed what seems to be happening. According to the South China Morning Post, the new Chinese digital currency “would be centrally controlled by the PBoC, with commercial banks having to hold reserves at the central bank for assets valued in the digital yuan“.

How will this work? Well, you could have the central bank provide commercial banks with some sort of cryptographic doodah that would allow them swap electronic money for digital currency under the control of the central bank. Wait a moment, that reminds me of something…

Yep, that’s how Mondex was structured 25 years ago. (If you don’t know what Mondex was, here’s something I wrote about it 20 years on.) There was one big different between Mondex and other electronic money schemes of the time, which was that Mondex would allow offline transfers, chip to chip, without bank (or central bank) intermediation. Would a central bank go for this today? Some form of digital cash that can be passed directly from person to person like Bitcoin rather than some form of electronic money like M-PESA, using hardware rather than proof of work to prevent double spending? Well, it was being tried in Uruguay, but I’m not sure how that pilot is going, although is was not quite the same thing as Mondex because the phones would not be exchanging fungible value but tokens that could ultimately be traced and tracked and monitored, but it’s interesting nonetheless.

 Mondex Paraphanalia

When I wrote about this back in 2018, I said that I thought it was unlikely that the PBoC would allow anonymous peer-to-peer transfers, so I was very surprised to see a Reuters report [6th September 2019] quoting Mu Changchun, deputy director of the PBoC’s payments department, saying about the proposed Chinese digital currency that “its ability to be used without an internet connection would also allow transactions to continue in situations in which communications have broken down, such as an earthquake”.

This would seem to mean that the system will allow offline transactions, which means that value can be transferred from one phone to another via local interfaces such as NFC or Bluetooth. If so, this would be truly radical. I wondered if something was mistranslated in the Reuter’s piece so I went to the source speech (albeit via Google Translate!) and I discovered that this is in fact precisely what he said. Talking about the project, which is called the DC/EP (digital currency and electronic payment) tool, he said that it is functionally “exactly the same as paper money, but it is just a digital form” and went on to confirm that

DC/EP can realize value transfer without an account. In the specific scenario, as long as there is a DC/EP digital wallet on the mobile phone, no network is needed, and as long as the two mobile phones touch each other, the transfer function can be realized… “Even Libra can’t do this,” Mu Changchun said”.

Wow. That’s huge. Libra can’t do it, and never will be able to. To understand why, note that there are basically two ways to transfer value between devices and keep the system secure against double-spending. You can do it in hardware (ie, Mondex or the Bank of Canada’s Mintchip) or you can do it in software. If you do it in software you either need a central databse (eg DigiCash) or a decentralised alternative (eg, blockchain). But if you use either of these, you need to be online. I don’t see how to get the offline functionality without hardware security.

If you do have hardware security and can go offline, then we are back to the question of fungibility again. Here the PBoCs principle is both clear and very surprising.

Mu Changchun said that the public has the need for anonymous payment, but today’s payment tools are closely tied to the traditional bank account system, can not meet the consumer’s anonymous payment needs, and can not completely replace the cash payment. The central bank’s digital currency can solve these problems. It can maintain the attributes and main value characteristics of cash and meet the demands of portability and anonymity.

Wow. They are serious. He goes on to say DC/EP will work the same way as banknotes.

Commercial banks open accounts at the central bank, paying 100% of the total amount, and individuals and businesses open digital wallets through commercial banks or commercial organizations. DC/EP is still replaced by M0 and is legally compensated. For users, just download an app to register, you can use a digital wallet, and recharge cash withdrawals need to dock traditional bank accounts.

I wonder if this will bring interoperability? If DC/EP is really to work as banknotes do then the e-RMB in my bank app and my Alipay app and my WeChat app much be interoperable. I must be able to transfer value from my Alipay app to your WeChat app. If PBoC crack that they will be on the way to one of the world’s most efficient electronic payment infrastructures.

There was a final part to the speech which I did not understand at all, so perhaps a Chinese correspondent more familiar with DC/EP can clarify the meaning. The speech covers “smart” “contract” by which I assume PBoC means apps that use the DC/EP to execute on the handset (since there is no blockchain), but this is my assumption.

Mu Changchun said on several occasions that the central bank’s digital currency can load smart contracts. However, if a smart contract that exceeds its monetary function is loaded, it will be degraded into a value-for-money ticket, reducing its usable level, which will adversely affect the internationalization of the RMB. Therefore, digital currencies will load smart contracts that favor the monetary function, but remain cautious about smart contracts that exceed the monetary function.

I am baffled by this, which I am sure reflects my ignorace of advanced electronic money technologies, but I don’t think that this deflects from my overall observation that if the PBoC goes ahead and launches a person-to-person offline capable CBDC then that will be not only a nail in the coffin of cash but an event as significant and momentous in monetary history as the paper notes of the Khan a millennium ago.


We’re seeing a lot about strong customer authentication (SCA) at the moment because of the requirement of the Second Payment Services Directive (PSD2) that comes into force next week on Black Friday (Friday 13th September). That’s because there’s a lot of fraud online, it’s getting worse and the strong authentication of people (in this case, online customers) is seen as being a way to tackle it. PSD2 demands SCA, and this means that European banks and Payment Service Providers (PSPs) have had to up their game.

Strong authentication, in this context, means “two factor authentication” (2FA). What 2FA means is that you must present two “factors” to demonstrate you are who you say you are. The three factors you can choose from are something you have, something you are and something you know (or, in my case, something I had, something I was and something I’ve forgotten). When you buy something in a shop, for example, you present a credit card (something you have) and put in a PIN (something you know). When you enter the country, you present something you have (a passport) and show your face (something you are). SCA is already being implemented by the UK banks, although in an unpredictable manner. Some banks send a code via their mobile banking app, some send a text, some allow you to choose e-mail instead, some will call a landline and some require the use of a card-reader dongle-thingy. As far as I can tell, none of them use a common app such as Microsoft Authenticator.

I’m actually quite surprised to see that some of them are still using text messaging to send a “one time password” (OTP) to customers for authentication. It’s not because, as the British newspapers were quick to point out, people who can’t get a mobile signal or don’t own a mobile phone face, as The Guardian put, it being “frozen out of internet shopping as banks are increasingly insisting that online payments are verified by text”. This is indeed a valid concern, but what I find most disturbing about this report is that anyone is verifying online payments, or indeed any other important online transaction, by insisting that they are authenticated by text messages! With the explosion of “smishing” (ie, phishing attacks via SMS) and the daily tales of account takeover, bitcoin theft and payment fraud carried out via SMS, you really do have to wonder why text messaging is still being used in this context.

This is hardly a new issue. More than a decade ago I wrote about the comments of Charles Brookson, then the head of the GSMA security group who, when talking about the use of SMS for financial services, made the point that SMS has, to all intents and purposes, no security whatsoever. Structurally, it has always seemed to me to be irresponsible for financial institutions to rely for security on something that is not secure and over which they have no control. Given the prevalence of smart phones, you would think that SMS would be long gone, but it is only now that German banks, for example, are giving up on SMS OTP in response to the PSD2 requirements for SCA.

How will this SMS-less strong authentication be implemented? For payments it will be through the new version of the scheme’s “Three Domain Security” (3DS). 3DS version 2 introduces “frictionless authentication” and will be the main card authentication method used to deliver SCA in Europe. It works by allowing retailers and their PSP to send many more data elements with each transaction. These data elements – such as the shipping address, customer’s device identity and their transaction history – mean that the issuer can carry out more sophisticated risk management.to decide whether SCA is needed or not. In most cases, I would guess (since the issuers will use sophisticated risk management platforms with machine learning and all that sort of thing), no further authentication will be needed. But where it will be needed, Barclaycard (for example) can send a message to the Barclaycard app on my phone and ask me to authenticate myself.

(As it happens, Barclaycard have just sent me another “PINsentry” card reader together with an instructional pamphlet, so I will make every effort to use my Barclaycard online just so I can see how it works. Of course it means I’ll will have to carry the card reader and my Barclaycard around with me at all times in case I want to buy something online, but remember I do this so you don’t have to.)

Barclaycard PSD2 SCA 2FA

In my opinion, the best way forward now is through the bank apps themselves. Google found in their research on authentication for account recovery that whereas 2FA SMS stopped three-quarters of targeted attacks, in-app solutions stopped 90% (and 99% of bulk phishing attacks). It would be good if this approach was adopted across the board – not only for retail payments but for logging in to bank accounts, authorising transfers and everything else. But if customers get mixed up between expecting an e-mail or getting a text, seeing an in-app message sometimes but not other times, then fraudsters will be quick to exploit the situation. In which case (as I suspect) the introduction of strong authentication will actually leader to more fraud. We need both a better and more consistent approach to authentication for financial services. We need to standardise on the approach and the execution and the UX so that consumers can be confident that they are communicating with their bank or whoever.

Standard Strong Customer Authentication

My Consult Hyperion colleague Tim Richards recently set out this problem in a very clear way [The Paypers, 27th August 2019]. He asks us to imagine what would have happened if SCA had been mandated for face-to-face commerce but, as with PSD2, no technological solution was provided. In that case, instead of our EMV-standard chip and PIN payment system we would have had each bank creating its own solution. Then, as has happened online, every time a consumer went into a shop to buy something they would face a different authentication depending on their bank! Tim’s good advice is that regulators need to take a step back, “temporarily drop anti-competition laws and insist that banks come up with a minimum standard for SCA” to support growth in online commerce that is accompanied by real security because customers know what to expect and retailers aren’t disadvantaged by variable SCA experiences leading to cart abandonment.

He’s right, of course. And it terms of implementation it has long been clear that the best architecture for what I am now labelling Standard Strong Customer Authentication (or SSCA) is biometric authentication against a revocable token stored in tamper-resistant local storage. We all carry a device capable of implementing this design at a manageable cost: the mobile phone.

(As an aside, since the mobile phone operators control a standard item of tamper-resistant hardware in all phones — the SIM — why we are not all using a standard authentication from our mobile operators already is a mystery, but that’s a different point and I don’t want to get diverted by Mobile ID Connect here.)

This point is that with really strong authentication, your bank shouldn’t be sending you a text message or an e-mail or whatever, it should be using real cryptography to send a message to the bank app on your mobile phone. So, when you ty to buy something online with your Barclaycard your Barclaycard app pops up on your phone and asks you to authenticate.

If the bank (or anyone else) cannot reach the mobile app then there should be a standard fallback across all service providers which would probably be a voice call thus opening up the use of voice recognition and authentication. And if you are online buying something or transferring money to someone or closing an account and you can’t be reached via the mobile app or by a voice call well… then what are you doing buying things online in the first place?

Surely this is the most practical way forward now that the Financial Conduct Authority (FCA) has confirmed that it will not take enforcement action against businesses who do not implement SCA until March 2021, there is now some time to prepare a mobile-centric SSCA pathway for UK banks and businesses.

Margaret Attwood, Kenneth Rogoff and William Gibson (and me)

A few years ago I was involved in a series of Twitter exchanges about the relationship between cash and anonymity that stimulated me to write a blog post on that topic and that debate (see “It doesn’t have to be the handmaid’s tale” from September 2016). Some more recent exchanges on the same topic made me think about revisiting and revising that post and exploring some of the ideas in further in light of recent discussions (eg, Libra and central bank digital currencies).

The root of these debates is, of course, that many in the Bitcoin community see Bitcoin’s sort-of-anonymity as an important characteristic because it defends the individual against state power and they berate me for wanting to replace cash “in circulation” with a digital alternative. Cash, they claim, is freedom, and they are correct about this: as cash is uncensorable, you have the freedom to buy what ever you want with it.

So should we replace cash with an anonymous cryptocurrency or digital currency? There are many people who I greatly respect who think the former. For example, in his presentation on ’The Zero Lower Bound and Anonymity”, Kocherlakota tends toward some form of cryptocurrency to replace fiat currency rather than a central bank digital currency and one of the reasons for this is his (entirely reasonable) concern about anonymity. This point is illustrated by a literary reference to Margaret Attwood’s “Handmaid’s Tale”, in which a theocratic American government (the “Republic of Gilead”) has taken away many of the rights that women currently enjoy. One of the tools that this government uses to control women is a ban on cash. In Gilead, all transactions now routed digitally through the “Compubank”.

The Handmaid's Tale

It was many, many years since I’d read “The Handmaid’s Tale” so I went to my bookshelf to dig it out and re-read that part. The narrator does indeed talk about how the evil junta in charge of that future America took over and says that it would have been harder if there had still been paper money. But the truth is, I don’t see how. North Korea has everyone using paper money and virtually no cards. Denmark has virtually no paper money and everyone uses cards (and phones). To be frank, in the modern world, I don’t think cash is that closely related to dictatorship.

The point I wanted to make here, though, is that it is wrong to present the only two alternatives as total surveillance and anonymity. I simply do not accept that the alternative to the unconditional anonymity of cash and the crime that goes with it is a dystopian, totalitarian nightmare. That’s only one way to design a circulating medium of exchange and it’s not the way that I would design it. I would opt for something along the lines of a universal pseudonymous mechanism capable of supporting an arbitrary number of currencies, a Mondex de nos jours, an M-PESA with go-faster stripes. In a world where there are completely, unconditionally anonymous payment mechanisms in widespread use there’s no way to stop very bad people from using them to do very bad things, so I’d prefer a world in which there are pseudonymous mechanisms that defend against routine surveillance and petty intrusion but allow societies legitimate interests to protect against crime.

Does this mean that anonymous mechanisms should be banned? Probably not, for the good reason that it would be impossible to do so. More likely would be a situation shown in the diagram below where there is an anonymous layer that has a pseudonymous layer on top of it and a absonymous (I made this word up) on top of that. People, governments and businesses would use the pseudonymous layer for the majority of transactions: the anonymous money would be useless for almost all transactions for almost all people since no-one would accept it. I would love to give this kind of anonymous money the generic name zerocash, after the William Gibson novel (“Count Zero”) in which one of my all-time favourite quotes about the future of money appears, a quote that more accurately describes the foreseeable future of payments than anything from IBM or the IMF:

He had his cash money, but you couldn’t pay for food with that. It wasn’t actually illegal to have the stuff, it was just that nobody ever did anything legitimate with it.

(Unfortunately, someone else had already beaten me to the name! See E. Ben-Sasson, A. Chiesa, C. Garman, M. Green,I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin” in IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, pp.459–474 (2014). But I’ll stick to using the all lower-case zerocash to mean generic unconditionally anonymous electronic cash. The wallet that this electronic cash is stored in is an anonymous digital identity. It’s just a string of bits.)

Now, you could imagine some form of zerocash in circulation as a cash alternative but not accepted in polite society (i.e., any attempt to spend it would be regarded as prima facie evidence of money laundering and exchanges would be barred from handling it). Polite society instead decides to protect privacy through managed conditional anonymity, or pseudonymity. A pseudonymous currency that is managed by a central bank but where transactions take place on a distributed ledger is much more like “RSCoin”, the cryptocurrency that was proposed by George Danezis and Sarah Meiklejohn at UCL [Danzis, G. and S. Meiklejohn. “Centrally Banked Cryptocurrencies”, NDSS ’16, 21-24 February 2016, San Diego, CA, USA] using Ben Laurie’s “mintettes” concept. By creating a pseudonym that is bound to the zerocash digital identity, we make it useful (provided that the binding is done by someone who trusted in the relevant transactional use cases).

Why bind it in this way? Well, there is the usual privacy paradox to be dealt with here: I want my transactions to be anonymous, but everyone else’s to be not anonymous in case they turn out to be criminals. I cannot see any way round this other than pseudonymity. There are people out there (e.g., my colleagues at Consult Hyperion) that know how to design systems that work like this, so there’s nothing stop the FATF, Bank of England, or Barclays or anyone else from starting to design the future, privacy-enhancing electronic money system that we need.

In the real world, as the discussions around Facebook’s proposed “Libra” digital currency have shown, regulators will never allow zerocash. In fact, in the light of the recent FATF rules about identification for cryptocurrency transfers, they will not allow any form of transaction that does not provide full details of counterparties. They might, however, as I have suggested many times before, be prepared to allow some form of pseudonymous alternative provided that we can bind the pseudonym to real-world legal entity through trusted institutions.

Bank are of course a good place to form and maintain this binding, since they’ve already done the KYC and know who I am. So I give present my pseudonym to them and they can bind it to my “real” name to form a nym. In the example below, Barclays know who I really am, and I can present my Barclays nym where needed, but most transactions with counterparties take place at the pseudonymous layer and I can present my Vodafone pseudonym “Neuromancer” there if I want to. My counterparty doesn’t know that I am Dave Birch, only that Vodafone know who (and presumably, where) I am. For the overwhelming majority of day-to-day transactions, this is more than adequate. This layered approach (show below) seems to me a viable vision of a working infrastructure. Few transactions in the top layer (for privacy), most transactions in the middle layer, few transactions at the lower layer.

Layered model of cryptomarkets

So in this made-up example, Barclays know my “real” identity and Vodafone knows a persistent pseudonym tied to my phone number. (Of course, I could go to Barclays and choose to bind my Vodafone identity to my Barclays identity, but we don’t need to think about this sort of thing here.) I’m going to reflect on how these bindings might work in practice more in the future, but for now I want to circle back to that opening concern about losing the anonymity of cash. Here’s another version of that meme that I read in Reason magazine (“Cash means freedom”) a while back: “Cash—the familiar, anonymous paper money and metallic coins that most of us grew up using—isn’t just convenient, it’s also a powerful shield for our autonomy and our privacy”

But it really isn’t. Your privacy is being taken away because of social media, people wearing cam-shades and ubiquitous drones, not because of debit cards. And none of this has anything to do with dictatorship. I wouldn’t want to live in the America of the “The Handmaid’s Tale” whether it had anonymous payments or not. I understand the concerns of those concerned with privacy (as I am) that there might be an inevitable tendency for a government to want to trespass on the pseudonymous infrastructure in the name of money laundering or terrorism, but that’s a problem that needs to be dealt with by society, not by technology.

Look, I think we should start to consigning cash to the dustbin of history, beginning with the $100 bill, the £50 note and that affront to law-abiding people everywhere, the Swiss 1,000 franc note. There are an increasing number of people coming around to my way of thinking, including the former chief economist to the International Monetary Fund (IMF) Kenneth Rogoff, who in his book “The Curse of Cash” argued that large value banknotes should be withdrawn not only because of their use in criminal endeavours but because they prevent central banks from using their full range of monetary policy tools. If we are going to start getting rid of cash though, we need to come up with alternatives the provide levels of privacy and security determined by society as a whole, not by a few engineers.

Libra and Calibra… Tired: KYC. Wired: KYZ.

As Ed Conway noted in The Times recently, Mark Zuckerberg once observed that “in a lot of ways, Facebook is more like a government than a traditional company”. Indeed it is. And in fact it just got a lot more like a government. Companies have loyalty points, but governments have currencies, which are like loyalty points but with standing armies. You can hardly have failed to notice that Mr. Zuckerberg’s highly successful advertising company Facebook is now planning to have a currency of its own. 

The currency is called Libra and the media has been full of commentary about it the new blockchain that will support it (created by the Libra Network) and the new wallets that it will be stored in (created by Calibra, a Facebook subsidiary). Whatever you think about Facebook, or social media in general, or Bitcoin and its ilk, there’s no getting around that this is a big deal and it was unsurprising that it attracted such wide media coverage.

Now, putting to one side whether it is a currency or not or a blockchain or not (Central Banking magazine said that it’s “neither a true currency nor bearing all the hallmarks of a typical crypto asset, Libra will run on a system similar to a blockchain”) and actually I kind of agree with the economist Taylor Nelms that “the crypto angle does seem like a sideshow”,  the fact that it exists is nonetheless rather interesting, although not necessarily for reasons that are anything to do with money although it is a payment system of a potentially large scale, as I will explain later.

What is the purpose of this new payment system though? Libra says that hope to offer services such as “paying bills with the push of a button, buying a cup of coffee with the scan of a code or riding your local public transit without needing to carry cash or a metro pass”. But as numerous internet commentators have pointed out, if you live in London or Nairobi or Beijing or Sydney you can already do all of these things. It’s only in San Francisco where such things appear to be special effects from Bladerunner, an incredible vision of a future where people don’t write cheques to pay their rent and can ride the bus without a pocket full of quarters.

Nevertheless, I’ve written before that a Facebook payment system would be beneficial and I stand by that. The ability to send money around on the internet is clearly useful and there are all sorts of new products and services that it might support. A currency, however, has more far reaching implications. As the brilliant J.P. Koenig points out, Libra is more than a means of exchange. The Libra “will be similar to other unit of account baskets like the IMF’s special drawing right (SDR), the Asian Monetary Unit (AMU), or the European Currency Unit (ECU), the predecessor to the euro” in that it is a kind of currency board where each of  units is a “cocktail” of other currency units. This should, unlike Bitcoin, provide a reasonably stable currency for international trade.

This has significant implications. What if, for example, the inhabitants of some countries abandon their failing inflationary fiat currency and begin to use Libra instead? The ability of central banks to manage the economy would then surely be subverted and this must have political implication. This has not gone unnoticed by the people who understand such things, an example being Mark Carney, quoted in the Financial Times saying that if Libra does become successful then “it would instantly become systemic and will have to be subject to the highest standards of regulation”. Unsurprisingly,  both the international Financial Stability Board and the UK’s Financial Conduct Authority have said they will not allow the world’s largest social network to launch its planned digital currency without “close scrutiny“.

Yes, But…

So there are all kinds of reasons to be sceptical about whether Libra will ever launch and whether it will reach any of the goals set out by its founders. And yet…

There’s something interesting in Libra. I’ve long written about the inevitability of new technology being used for new payments systems that will in turn be used to create new forms of money. More than two decades ago I wrote about the advent of private currencies and I covered the nature of corporate currencies more recently (and in some detail) in my book “Before Babylon, Beyond Bitcoin”.

(Although I have to note than in my “5Cs” taxonomy of the future of money, I would classify Libra as a community currency rather than a corporate currency, but that’s not the point of this discussion.)

Now, using the model that I set out in the book to help general business readers understand what the likely trajectory of digital assets will be, I look at the two institutional bindings needed to turn the cryptographic level o. These are the binding of values on the ledger to real-world assets and the binding of the wallets to real-word entities.

Digital and Crypto Layers Revised Colour Pic


The binding of a wallet address to an actual person is difficult and costly. Here’s what Calibra say about it: “Calibra will ensure compliance with AML/CFT requirements and best practices when it comes to
identifying Calibra customers (know your customer [KYC] requirements) by taking the following steps

  • Require ID verification (documentary and non-documentary).

  • Conduct due diligence on customers commensurate with their risk profile.

  • Apply the latest technologies and techniques, such as machine learning, to enhance our KYC and
    AML/CFT program.

  • Report suspicious activity to designated jurisdictional authorities.”

I thought it was worth reproducing this in full.  So if  we put together what the Libra white paper says with what Calibra say about their wallet, you get this specific version of the model from my book. I think it describes the overall proposition quite well.

Digital and Crypto Layers in Colour with Libra pic

All well and good. Now, while I was reading through the Libra description, I didn’t find anything remarkable. Until the last part. On page nine of the Libra white paper, just at the very end, I notice that “an additional goal of the association is to develop and promote an open identity standard. We believe that a decentralized and portable digital identity is a prerequisite to financial inclusion and competition”.

Well, well. An “open identity standard”.

Identity is at the heart of the proposition, if you ask me. One one first questions that Congress had for the Libra hearing with David Marcus was “how parties will ensure that the user or beneficial owner of a currency or wallet is accurately identified”. Now, you can’t know who the beneficial owner of the currency is any more than you can know who the beneficial owner of a $100 bill is, but you can know who the owner of a wallet is. This question has already been answered, by the way. Kevin Weil, Facebook’s VP of product for Calibra was clear that users will  have to “submit government-issued ID to buy Libra” as you would expect. People without IDs will still be able to buy Libra through third-party vendors, of course, but that’s a different point.

Put a pin in “government-issued ID” as we’ll come back to it later.

Its clear that the wallet addresses in a transaction (as shown in my diagram above), a timestamp and the transaction amount will be public because they are on a shared ledger, but as Facebook have made clear, any KYC/AML (ie, the binding shown in my diagram above) will be stored by the wallet providers, including Calibra. Since, as David Marcus has repeatedly pointed out, Libra is open and anyone will be able to connect to the network and create a wallet, there could be many, many wallets. But you’d have to suspect that Facebook’s own Calibra will be in pole position in the race for population scale. Hence Calibra’s approach to identity is really, really, important.

Now, if Calibra provides a standard way to convert a variety of government-issued IDs into a standard, interoperable ID then that will be of great value. Lots of other people (eg, banks) may well want to use the same standard. In the UK, for example, this would be a way to deliver the new Digital Identity Unit (DIU) goal set out by the Minister for Implementation, Oliver Dowden, of one login for your bank and your pension. But it isn’t only the ID that needs interoperability, it’s the credentials that go with it. This is how your build a reputation economy. Your Calibra wallet can store your IS_OVER_18 credential, your Uber rating and your airline loyalty card in such a way as to make them useful. Now, if you want to register for a dating side, you can log in using Calibra and it will automatically either present the relevant credential or tell you how to get it from a Libra partner (eg, MasterCard).

It seems to me that this may, in time, turn out to be the most important aspect of the “Facebucks” (as I cannot resist calling it) initiative. What if a Calibra wallet turns out to be a crucial asset for many of the world’s population not because it contains money but because it contains identity?

Government Issue

Now back to that idea of a government-issued ID. One of the other things that governments do is issue a passports as a form of formal identity. If I obtain a Calibra wallet by presenting my passport, that’s fine. But suppose I live in a developing country and I have no passport or formal ID of any kind?

Well I think Facebook can make a good argument that your Facebook profile is a more than adequate substitute, especially for the purposes of law enforcement. After all, Facebook knows who I message, my WhatsApp address book, who I hang out with, where I go… Facebook can tell real profiles from fake and they kill off fake “identities” all the time. My guess is that if you have had a Facebook profile for (let’s say) a year, then that identity is more than good enough to be able to open an account to hold Libra up to $10,000 or so and, frankly, it’s beneficial for society as a whole to get those transactions on to an immutable shared ledger.

Frankly, in large part of the world Know-Your-Customer (KYC) could be replaced by Known-bY-Zuck (KYZ) to the great benefit of society as a whole.

Digital identity in the UK – Will big banks or big techs deliver it?

The opening keynote at this year’s London Identity Week was given by Oliver Dowden, the Minister for Implementation at the Cabinet Office. Mr. Dowden is the Minister in charge of the digital transformation of government. To people like me, digital identity is central to digital transformation of government (and the digital transformation of everything else, for that matter) so I was looking forward to hearing the UK government’s vision for digital identity.  In his keynote, the Minister said that the UK is seen as being at the cutting edge of digital identity and that GOV.UK Verify is at the heart of that success. 

(On 9th October 2016, Mr. Dowden gave written statement HCWS978 to Parliament, announcing that the government was going to stop funding GOV.UK Verify after 18 months with the private sector responsible for funding after that.)

Right now you can’t use a GOV.UK Verify identity provider to log into your bank or any other private sector service provider. But in his speech the Minister said that he looks forward to a time when people can use a single login to “access their state pension and the savings account”. This, in my opinion, is quite distinct from the single identifier that the Parliamentary Select Committee on Science and Technology called for in their report this week. The Right Honourable Norman Lamb MP, Chair of the Committee, observing that “the current digital service offered by the Government has lost momentum” called for the introduction of a single unique identifier for access to public services.


I have to say that I sort of agree with the Science and Technology Committee on the efficient delivery of public services as well as what the Minister said about a single login across both public and private services. Obviously you’d want the same login scheme but a different persona (an identifier plus credentials) for pensions, pornography and other purchases, but that’s a another issue and not the focus on this discussion.

Identity Week Minister

Back to the Minister’s point though. Yes, it would be nice to have some sort of ID app on my phone (I happen to sit on the advisory board of Biid, who provide just such an app) and it would be great if my bank and Her Majesty’s Revenue and Customs (HMRC) and Woking Council and LinkedIn would all let me log in with this ID. The interesting question is who will provide such a login given that the government does not seem able to. Put a pin in that and we’ll return to it later. Meanwhile, back to the Minister, who made three substantive points in his speech. He talked about:

  • The creation of a new Digital Identity Unit, which is a collaboration between DCMS and Cabinet Office. The Unit will help foster co-operation between the public and private sector, ensure the adoption of interoperable standards, specification and schemes, and deliver on the outcome of the consultation.

  • A consultation to be issued in the coming weeks on how to deliver the effective organisation of the digital identity market. Through this consultation the government will work with industry, particularly with sectors who have frequent user identity interactions, to ensure interoperable ‘rules of the road’ for identity. To me, this sounds like a call for a trust framework of some kind but the Minister did not use those words.

  • The start of engagement on the commercial framework for consuming digital identities from the private sector for the period from April 2020 to ensure the continued delivery of public services. The Government Digital Service will continue to ensure alignment of commercial models that are adopted by the developing identity market to build a flourishing ecosystem that delivers value for everyone.

The Minister had a tight schedule was therefore unable to stay for my subsequent speech. I suggested that the idea of a general-purpose digital identity might be ambitious and a preferable strategy might be to look at who else could deliver the “digital identities from the private sector” used for the delivery of public services, which means delivering inclusive identity services with appropriate security at population scale. Perhaps DCMS has ensured that the UK taken a lead in this respect since, according to Sky News, “thanks to its ill-conceived porn block, the government has quietly blundered into the creation of a digital passport – then outsourced its development to private firms”. One of these firms runs the world’s largest pornography site, Pornhub, so I imagine they know a thing or two about population-scale identity management.

Identity Week Keynote

Assuming that the GOV.UK Verify identities fail to gain traction in the private sector, then I think there are two obvious private sector coalitions that might step in to do this for the government: the big banks and the big techs.

Big Banks

For a variety of reasons, I hope that the big banks are able to come together to  respond to the comments of Mark Carney, the Governor of the Bank of England, on the necessity for a digital identity in the finance sector to work with the banks to develop some sort of financial services passport. I made some practical suggestions about this earlier in the year and have continued to discuss the concept with potential stakeholders. I think it stacks up, but we’ll have to see how things develop. 

The reason why I’m so keen on this approach is that banks already do the hard work of establishing customer identities for know-your-customer (KYC) purposes but they don’t then do anything with it. So identity is a cost centre, when there is an opportunity for it to be a platform for new products and services. I’m not the only person who thought that the DCMS age verification legislation would be the trigger for a sophisticated federated privacy-enhancing bank-centric ID.

Modifications to open banking could allow bank customers to share data on their identity and their date of birth with third parties in a double-blind way that stops their bank from knowing the site they want to visit, or the site they’re visiting from knowing their identity.

From Don’t let the government’s porn block create a monopoly – 1828.

Well, whether it’s used for age verification or a pensions dashboard, I would have thought that what the European Commission Expert Group on Electronic Identification and Remote KYC Processes calls an “attribute-based LoA-rated KYC framework for the financial sector (ie, a financial services passport) would make a perfect post-Brexit stake-in-the-ground initiative to define the new era by boosting efficiency in the crucial Big Bank sector as well as providing a platform for new products and services for the Big Techs to develop. Talking of which…

Big Techs

I had the good fortune to attend more recent breakfast session with the Minister organised by the Cicero PR people. I have to say that the subject of digital identity came up more than once. There was considerable discussion (under the Chatham House rule) of both the priority of a UK digital identity infrastructure and the means by which it might come into existence. While I voiced my usual opinion that it should be the banks taking the lead, there were other people talking about alternative private sector providers.

It is clear, then, that if the banks can’t get it together then the big techs will  come knocking on the government’s door. I’ll readily admit that when the Minister said “private sector identities” in his speech, the first thought to flash across my brain was “Apple”. The public,  as well has civil servants in other departments who don’t really know or care about digital ID might be saying to themselves, “why can’t we just use ‘sign in with Apple’ to do our taxes?”, and this is a good point. Even if they are not saying it right now, they’ll be saying it soon as they get used to Apple’s mandate that all iOS apps that allow third-party sign-in must support it.

How would you use your Apple ID to log into HMRC? Easy: you log in as you do now after sending off for the password and waiting for it to come in the post and that sort of thing and then once you are connected tell them the Apple ID that you want to use in the future. If you want to be “jackdaniels@me.com” or whatever, it doesn’t matter. It’s just an identifier for the Revenue to recognise you. Then next time you go to log in to the Revenue, you log in as jackdaniels@me.com, something pops up on your iPhone and you put your thumb on it or look at it, and bingo you are logged in to fill out your PAYE without ever having to remember your taxpayer ID or government gateway passport ever again.


Incidentally, you could use this to log in at Pornhub too, because Apple have implemented a form of the persistent pseudonymity that I have long advocated as the core of a practical “privacy settlement”. So, as Wired magazine puts it, Apple’s universal login will let you hide your email address from third-party services. Unlike Facebook, Google and other services, Apple will randomly generate an email address on your behalf, and it then forward communications from the services that you sign up to on to your actual Apple ID address. I’m not joking about Apple delivering an infrastructure for the mass market instead of the government, it’s just that I thought that our forward-thinking innovation-centric banks would be the people to build on it. A couple of years ago I asked “Why doesn’t my bank put a token in my Apple Pay that doesn’t disclose my name or any other personal information… Keep my real identity safe in the vault, give me blank card to top shopping with”

The banks have a chance to to do this if the government, the Bank of England and industry bodies get together and work with them on it. But I wouldn’t be at all surprised to go over to the HMRC web site fairly soon to see “log in with Amazon” and “log in with Apple” next a button with some incomprehensible waffle about eIDAS that I, and most other normal consumers I’m sure, will simply ignore.

Follow the e-money

A couple of years ago I remember going to see ComplyAdvantage to make a podcast with them. I thought the new category of regtech was interesting and that the potential for new technologies in that space (eg, machine learning) was significant, so I went of off to learn some more about and talk to a few organisations to test some hypotheses. I remember thinking at the time that they were good guys and on a good trajectory and it looks as if my opinion was well-founded (they are doubling in size this year).

Anyway, I was thinking about them because they recently sent me a new white paper “A New Dawn for Compliance” (which notes that an estimated $2 trillion is laundered globally every year and only 1-3% of these funds are identified and possibly stopped) and it nicely encapsulated something that has been touched on in a fair few conversations recently: there’s no way to hire ourselves out of the compliance mess we’re in. Even if financial services and other businesses had infinite compliance budgets, which they most certainly do not, it’s simply not feasible to hire enough people to keep up. Even if there were infinite people with expertise in the space, which there most certainly is not, bringing them on board is too time-consuming, too expensive and too inflexible to create a compliance infrastructure that can respond the new environment.

Technology is the only way out of this.

Using technology to automate the current procedures is, as always, only a small part of the solution. The UK Financial Intelligence Unit (UKFIU) receives more than 460,000 suspicious activity reports (SARs) every year (according to the National Crime Agency), yet fraud continues to rise.

Moreover as Rob Wainwright (head of Europol) pointed out last year, European banks are spending some €20 billion per annum on CDD with very limited results. In fact, he said  specifically that  “professional money launderers — and we have identified 400 at the top, top level in Europe — are running billions of illegal drug and other criminal profits through the banking system with a 99 percent success rate”. This is not even a Red Queen’s Race, it’s a Formula 1 of crime where the bad guys are ahead and we can’t overtake them.

The Fifth Anti-Money  Laundering Directive (AMLDV) which comes into force in 2020 will, I predict, do nothing to change this criminal calculus. AMLDV will cost organisations substantially more than its predecessors and these costs are out of control. According to a 2017 whitepaper written by my colleagues at Consult Hyperion, KYC processes currently cost the average bank $60m (€52.9m) annually, with some larger institutions spending up to $500m (€440.7m) every year on KYC and associated customer due diligence (CDD) compliance. In the AMLDV era we will look back with nostalgia to the time when the cost of compliance were so limited.

It’s time for a rethink.

We need to re-engineer regulators and compliance to stop implementing know-your-customer, anti-money laundering, counter-terrorist financing and the tracking of politcally-exposed persons (let’s lump these all together for the sake off convenience as Customer Due Diligence, or CDD) by building electronic analogues of passport and suspicious transaction reports and so on. In a world of machine learning and artificial intelligence, we need to invert the paradigm: instead of using CDD to keep the bad guys out of the system, we should bring the bad guys into the system and then use artificial intelligence and pattern recognition and analytics to find out what the bad guys are doing and then catch them!

Surely, from a law enforcement point of view, it’s better to know what the bad guys are up to? Following their money should mean that it is easier to detect and infiltrate criminal networks and generate information that the law enforcement community can use to actually do something about the flow of criminal funds. In any other financial services business, a success rate of 1% would call into the question the strategy and the management of the business