Margaret Attwood, Kenneth Rogoff and William Gibson (and me)

A few years ago I was involved in a series of Twitter exchanges about the relationship between cash and anonymity that stimulated me to write a blog post on that topic and that debate (see “It doesn’t have to be the handmaid’s tale” from September 2016). Some more recent exchanges on the same topic made me think about revisiting and revising that post and exploring some of the ideas in further in light of recent discussions (eg, Libra and central bank digital currencies).

The root of these debates is, of course, that many in the Bitcoin community see Bitcoin’s sort-of-anonymity as an important characteristic because it defends the individual against state power and they berate me for wanting to replace cash “in circulation” with a digital alternative. Cash, they claim, is freedom, and they are correct about this: as cash is uncensorable, you have the freedom to buy what ever you want with it.

So should we replace cash with an anonymous cryptocurrency or digital currency? There are many people who I greatly respect who think the former. For example, in his presentation on ’The Zero Lower Bound and Anonymity”, Kocherlakota tends toward some form of cryptocurrency to replace fiat currency rather than a central bank digital currency and one of the reasons for this is his (entirely reasonable) concern about anonymity. This point is illustrated by a literary reference to Margaret Attwood’s “Handmaid’s Tale”, in which a theocratic American government (the “Republic of Gilead”) has taken away many of the rights that women currently enjoy. One of the tools that this government uses to control women is a ban on cash. In Gilead, all transactions now routed digitally through the “Compubank”.

The Handmaid's Tale

It was many, many years since I’d read “The Handmaid’s Tale” so I went to my bookshelf to dig it out and re-read that part. The narrator does indeed talk about how the evil junta in charge of that future America took over and says that it would have been harder if there had still been paper money. But the truth is, I don’t see how. North Korea has everyone using paper money and virtually no cards. Denmark has virtually no paper money and everyone uses cards (and phones). To be frank, in the modern world, I don’t think cash is that closely related to dictatorship.

The point I wanted to make here, though, is that it is wrong to present the only two alternatives as total surveillance and anonymity. I simply do not accept that the alternative to the unconditional anonymity of cash and the crime that goes with it is a dystopian, totalitarian nightmare. That’s only one way to design a circulating medium of exchange and it’s not the way that I would design it. I would opt for something along the lines of a universal pseudonymous mechanism capable of supporting an arbitrary number of currencies, a Mondex de nos jours, an M-PESA with go-faster stripes. In a world where there are completely, unconditionally anonymous payment mechanisms in widespread use there’s no way to stop very bad people from using them to do very bad things, so I’d prefer a world in which there are pseudonymous mechanisms that defend against routine surveillance and petty intrusion but allow societies legitimate interests to protect against crime.

Does this mean that anonymous mechanisms should be banned? Probably not, for the good reason that it would be impossible to do so. More likely would be a situation shown in the diagram below where there is an anonymous layer that has a pseudonymous layer on top of it and a absonymous (I made this word up) on top of that. People, governments and businesses would use the pseudonymous layer for the majority of transactions: the anonymous money would be useless for almost all transactions for almost all people since no-one would accept it. I would love to give this kind of anonymous money the generic name zerocash, after the William Gibson novel (“Count Zero”) in which one of my all-time favourite quotes about the future of money appears, a quote that more accurately describes the foreseeable future of payments than anything from IBM or the IMF:

He had his cash money, but you couldn’t pay for food with that. It wasn’t actually illegal to have the stuff, it was just that nobody ever did anything legitimate with it.

(Unfortunately, someone else had already beaten me to the name! See E. Ben-Sasson, A. Chiesa, C. Garman, M. Green,I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin” in IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, pp.459–474 (2014). But I’ll stick to using the all lower-case zerocash to mean generic unconditionally anonymous electronic cash. The wallet that this electronic cash is stored in is an anonymous digital identity. It’s just a string of bits.)

Now, you could imagine some form of zerocash in circulation as a cash alternative but not accepted in polite society (i.e., any attempt to spend it would be regarded as prima facie evidence of money laundering and exchanges would be barred from handling it). Polite society instead decides to protect privacy through managed conditional anonymity, or pseudonymity. A pseudonymous currency that is managed by a central bank but where transactions take place on a distributed ledger is much more like “RSCoin”, the cryptocurrency that was proposed by George Danezis and Sarah Meiklejohn at UCL [Danzis, G. and S. Meiklejohn. “Centrally Banked Cryptocurrencies”, NDSS ’16, 21-24 February 2016, San Diego, CA, USA] using Ben Laurie’s “mintettes” concept. By creating a pseudonym that is bound to the zerocash digital identity, we make it useful (provided that the binding is done by someone who trusted in the relevant transactional use cases).

Why bind it in this way? Well, there is the usual privacy paradox to be dealt with here: I want my transactions to be anonymous, but everyone else’s to be not anonymous in case they turn out to be criminals. I cannot see any way round this other than pseudonymity. There are people out there (e.g., my colleagues at Consult Hyperion) that know how to design systems that work like this, so there’s nothing stop the FATF, Bank of England, or Barclays or anyone else from starting to design the future, privacy-enhancing electronic money system that we need.

In the real world, as the discussions around Facebook’s proposed “Libra” digital currency have shown, regulators will never allow zerocash. In fact, in the light of the recent FATF rules about identification for cryptocurrency transfers, they will not allow any form of transaction that does not provide full details of counterparties. They might, however, as I have suggested many times before, be prepared to allow some form of pseudonymous alternative provided that we can bind the pseudonym to real-world legal entity through trusted institutions.

Bank are of course a good place to form and maintain this binding, since they’ve already done the KYC and know who I am. So I give present my pseudonym to them and they can bind it to my “real” name to form a nym. In the example below, Barclays know who I really am, and I can present my Barclays nym where needed, but most transactions with counterparties take place at the pseudonymous layer and I can present my Vodafone pseudonym “Neuromancer” there if I want to. My counterparty doesn’t know that I am Dave Birch, only that Vodafone know who (and presumably, where) I am. For the overwhelming majority of day-to-day transactions, this is more than adequate. This layered approach (show below) seems to me a viable vision of a working infrastructure. Few transactions in the top layer (for privacy), most transactions in the middle layer, few transactions at the lower layer.

Layered model of cryptomarkets

So in this made-up example, Barclays know my “real” identity and Vodafone knows a persistent pseudonym tied to my phone number. (Of course, I could go to Barclays and choose to bind my Vodafone identity to my Barclays identity, but we don’t need to think about this sort of thing here.) I’m going to reflect on how these bindings might work in practice more in the future, but for now I want to circle back to that opening concern about losing the anonymity of cash. Here’s another version of that meme that I read in Reason magazine (“Cash means freedom”) a while back: “Cash—the familiar, anonymous paper money and metallic coins that most of us grew up using—isn’t just convenient, it’s also a powerful shield for our autonomy and our privacy”

But it really isn’t. Your privacy is being taken away because of social media, people wearing cam-shades and ubiquitous drones, not because of debit cards. And none of this has anything to do with dictatorship. I wouldn’t want to live in the America of the “The Handmaid’s Tale” whether it had anonymous payments or not. I understand the concerns of those concerned with privacy (as I am) that there might be an inevitable tendency for a government to want to trespass on the pseudonymous infrastructure in the name of money laundering or terrorism, but that’s a problem that needs to be dealt with by society, not by technology.

Look, I think we should start to consigning cash to the dustbin of history, beginning with the $100 bill, the £50 note and that affront to law-abiding people everywhere, the Swiss 1,000 franc note. There are an increasing number of people coming around to my way of thinking, including the former chief economist to the International Monetary Fund (IMF) Kenneth Rogoff, who in his book “The Curse of Cash” argued that large value banknotes should be withdrawn not only because of their use in criminal endeavours but because they prevent central banks from using their full range of monetary policy tools. If we are going to start getting rid of cash though, we need to come up with alternatives the provide levels of privacy and security determined by society as a whole, not by a few engineers.

Libra and Calibra… Tired: KYC. Wired: KYZ.

As Ed Conway noted in The Times recently, Mark Zuckerberg once observed that “in a lot of ways, Facebook is more like a government than a traditional company”. Indeed it is. And in fact it just got a lot more like a government. Companies have loyalty points, but governments have currencies, which are like loyalty points but with standing armies. You can hardly have failed to notice that Mr. Zuckerberg’s highly successful advertising company Facebook is now planning to have a currency of its own. 

The currency is called Libra and the media has been full of commentary about it the new blockchain that will support it (created by the Libra Network) and the new wallets that it will be stored in (created by Calibra, a Facebook subsidiary). Whatever you think about Facebook, or social media in general, or Bitcoin and its ilk, there’s no getting around that this is a big deal and it was unsurprising that it attracted such wide media coverage.

Now, putting to one side whether it is a currency or not or a blockchain or not (Central Banking magazine said that it’s “neither a true currency nor bearing all the hallmarks of a typical crypto asset, Libra will run on a system similar to a blockchain”) and actually I kind of agree with the economist Taylor Nelms that “the crypto angle does seem like a sideshow”,  the fact that it exists is nonetheless rather interesting, although not necessarily for reasons that are anything to do with money although it is a payment system of a potentially large scale, as I will explain later.

What is the purpose of this new payment system though? Libra says that hope to offer services such as “paying bills with the push of a button, buying a cup of coffee with the scan of a code or riding your local public transit without needing to carry cash or a metro pass”. But as numerous internet commentators have pointed out, if you live in London or Nairobi or Beijing or Sydney you can already do all of these things. It’s only in San Francisco where such things appear to be special effects from Bladerunner, an incredible vision of a future where people don’t write cheques to pay their rent and can ride the bus without a pocket full of quarters.

Nevertheless, I’ve written before that a Facebook payment system would be beneficial and I stand by that. The ability to send money around on the internet is clearly useful and there are all sorts of new products and services that it might support. A currency, however, has more far reaching implications. As the brilliant J.P. Koenig points out, Libra is more than a means of exchange. The Libra “will be similar to other unit of account baskets like the IMF’s special drawing right (SDR), the Asian Monetary Unit (AMU), or the European Currency Unit (ECU), the predecessor to the euro” in that it is a kind of currency board where each of  units is a “cocktail” of other currency units. This should, unlike Bitcoin, provide a reasonably stable currency for international trade.

This has significant implications. What if, for example, the inhabitants of some countries abandon their failing inflationary fiat currency and begin to use Libra instead? The ability of central banks to manage the economy would then surely be subverted and this must have political implication. This has not gone unnoticed by the people who understand such things, an example being Mark Carney, quoted in the Financial Times saying that if Libra does become successful then “it would instantly become systemic and will have to be subject to the highest standards of regulation”. Unsurprisingly,  both the international Financial Stability Board and the UK’s Financial Conduct Authority have said they will not allow the world’s largest social network to launch its planned digital currency without “close scrutiny“.

Yes, But…

So there are all kinds of reasons to be sceptical about whether Libra will ever launch and whether it will reach any of the goals set out by its founders. And yet…

There’s something interesting in Libra. I’ve long written about the inevitability of new technology being used for new payments systems that will in turn be used to create new forms of money. More than two decades ago I wrote about the advent of private currencies and I covered the nature of corporate currencies more recently (and in some detail) in my book “Before Babylon, Beyond Bitcoin”.

(Although I have to note than in my “5Cs” taxonomy of the future of money, I would classify Libra as a community currency rather than a corporate currency, but that’s not the point of this discussion.)

Now, using the model that I set out in the book to help general business readers understand what the likely trajectory of digital assets will be, I look at the two institutional bindings needed to turn the cryptographic level o. These are the binding of values on the ledger to real-world assets and the binding of the wallets to real-word entities.

Digital and Crypto Layers Revised Colour Pic

 

The binding of a wallet address to an actual person is difficult and costly. Here’s what Calibra say about it: “Calibra will ensure compliance with AML/CFT requirements and best practices when it comes to
identifying Calibra customers (know your customer [KYC] requirements) by taking the following steps

  • Require ID verification (documentary and non-documentary).

  • Conduct due diligence on customers commensurate with their risk profile.

  • Apply the latest technologies and techniques, such as machine learning, to enhance our KYC and
    AML/CFT program.

  • Report suspicious activity to designated jurisdictional authorities.”

I thought it was worth reproducing this in full.  So if  we put together what the Libra white paper says with what Calibra say about their wallet, you get this specific version of the model from my book. I think it describes the overall proposition quite well.

Digital and Crypto Layers in Colour with Libra pic

All well and good. Now, while I was reading through the Libra description, I didn’t find anything remarkable. Until the last part. On page nine of the Libra white paper, just at the very end, I notice that “an additional goal of the association is to develop and promote an open identity standard. We believe that a decentralized and portable digital identity is a prerequisite to financial inclusion and competition”.

Well, well. An “open identity standard”.

Identity is at the heart of the proposition, if you ask me. One one first questions that Congress had for the Libra hearing with David Marcus was “how parties will ensure that the user or beneficial owner of a currency or wallet is accurately identified”. Now, you can’t know who the beneficial owner of the currency is any more than you can know who the beneficial owner of a $100 bill is, but you can know who the owner of a wallet is. This question has already been answered, by the way. Kevin Weil, Facebook’s VP of product for Calibra was clear that users will  have to “submit government-issued ID to buy Libra” as you would expect. People without IDs will still be able to buy Libra through third-party vendors, of course, but that’s a different point.

Put a pin in “government-issued ID” as we’ll come back to it later.

Its clear that the wallet addresses in a transaction (as shown in my diagram above), a timestamp and the transaction amount will be public because they are on a shared ledger, but as Facebook have made clear, any KYC/AML (ie, the binding shown in my diagram above) will be stored by the wallet providers, including Calibra. Since, as David Marcus has repeatedly pointed out, Libra is open and anyone will be able to connect to the network and create a wallet, there could be many, many wallets. But you’d have to suspect that Facebook’s own Calibra will be in pole position in the race for population scale. Hence Calibra’s approach to identity is really, really, important.

Now, if Calibra provides a standard way to convert a variety of government-issued IDs into a standard, interoperable ID then that will be of great value. Lots of other people (eg, banks) may well want to use the same standard. In the UK, for example, this would be a way to deliver the new Digital Identity Unit (DIU) goal set out by the Minister for Implementation, Oliver Dowden, of one login for your bank and your pension. But it isn’t only the ID that needs interoperability, it’s the credentials that go with it. This is how your build a reputation economy. Your Calibra wallet can store your IS_OVER_18 credential, your Uber rating and your airline loyalty card in such a way as to make them useful. Now, if you want to register for a dating side, you can log in using Calibra and it will automatically either present the relevant credential or tell you how to get it from a Libra partner (eg, MasterCard).

It seems to me that this may, in time, turn out to be the most important aspect of the “Facebucks” (as I cannot resist calling it) initiative. What if a Calibra wallet turns out to be a crucial asset for many of the world’s population not because it contains money but because it contains identity?

Government Issue

Now back to that idea of a government-issued ID. One of the other things that governments do is issue a passports as a form of formal identity. If I obtain a Calibra wallet by presenting my passport, that’s fine. But suppose I live in a developing country and I have no passport or formal ID of any kind?

Well I think Facebook can make a good argument that your Facebook profile is a more than adequate substitute, especially for the purposes of law enforcement. After all, Facebook knows who I message, my WhatsApp address book, who I hang out with, where I go… Facebook can tell real profiles from fake and they kill off fake “identities” all the time. My guess is that if you have had a Facebook profile for (let’s say) a year, then that identity is more than good enough to be able to open an account to hold Libra up to $10,000 or so and, frankly, it’s beneficial for society as a whole to get those transactions on to an immutable shared ledger.

Frankly, in large part of the world Know-Your-Customer (KYC) could be replaced by Known-bY-Zuck (KYZ) to the great benefit of society as a whole.

Digital identity in the UK – Will big banks or big techs deliver it?

The opening keynote at this year’s London Identity Week was given by Oliver Dowden, the Minister for Implementation at the Cabinet Office. Mr. Dowden is the Minister in charge of the digital transformation of government. To people like me, digital identity is central to digital transformation of government (and the digital transformation of everything else, for that matter) so I was looking forward to hearing the UK government’s vision for digital identity.  In his keynote, the Minister said that the UK is seen as being at the cutting edge of digital identity and that GOV.UK Verify is at the heart of that success. 

(On 9th October 2016, Mr. Dowden gave written statement HCWS978 to Parliament, announcing that the government was going to stop funding GOV.UK Verify after 18 months with the private sector responsible for funding after that.)

Right now you can’t use a GOV.UK Verify identity provider to log into your bank or any other private sector service provider. But in his speech the Minister said that he looks forward to a time when people can use a single login to “access their state pension and the savings account”. This, in my opinion, is quite distinct from the single identifier that the Parliamentary Select Committee on Science and Technology called for in their report this week. The Right Honourable Norman Lamb MP, Chair of the Committee, observing that “the current digital service offered by the Government has lost momentum” called for the introduction of a single unique identifier for access to public services.

 

I have to say that I sort of agree with the Science and Technology Committee on the efficient delivery of public services as well as what the Minister said about a single login across both public and private services. Obviously you’d want the same login scheme but a different persona (an identifier plus credentials) for pensions, pornography and other purchases, but that’s a another issue and not the focus on this discussion.

Identity Week Minister

Back to the Minister’s point though. Yes, it would be nice to have some sort of ID app on my phone (I happen to sit on the advisory board of Biid, who provide just such an app) and it would be great if my bank and Her Majesty’s Revenue and Customs (HMRC) and Woking Council and LinkedIn would all let me log in with this ID. The interesting question is who will provide such a login given that the government does not seem able to. Put a pin in that and we’ll return to it later. Meanwhile, back to the Minister, who made three substantive points in his speech. He talked about:

  • The creation of a new Digital Identity Unit, which is a collaboration between DCMS and Cabinet Office. The Unit will help foster co-operation between the public and private sector, ensure the adoption of interoperable standards, specification and schemes, and deliver on the outcome of the consultation.

  • A consultation to be issued in the coming weeks on how to deliver the effective organisation of the digital identity market. Through this consultation the government will work with industry, particularly with sectors who have frequent user identity interactions, to ensure interoperable ‘rules of the road’ for identity. To me, this sounds like a call for a trust framework of some kind but the Minister did not use those words.

  • The start of engagement on the commercial framework for consuming digital identities from the private sector for the period from April 2020 to ensure the continued delivery of public services. The Government Digital Service will continue to ensure alignment of commercial models that are adopted by the developing identity market to build a flourishing ecosystem that delivers value for everyone.

The Minister had a tight schedule was therefore unable to stay for my subsequent speech. I suggested that the idea of a general-purpose digital identity might be ambitious and a preferable strategy might be to look at who else could deliver the “digital identities from the private sector” used for the delivery of public services, which means delivering inclusive identity services with appropriate security at population scale. Perhaps DCMS has ensured that the UK taken a lead in this respect since, according to Sky News, “thanks to its ill-conceived porn block, the government has quietly blundered into the creation of a digital passport – then outsourced its development to private firms”. One of these firms runs the world’s largest pornography site, Pornhub, so I imagine they know a thing or two about population-scale identity management.

Identity Week Keynote

Assuming that the GOV.UK Verify identities fail to gain traction in the private sector, then I think there are two obvious private sector coalitions that might step in to do this for the government: the big banks and the big techs.

Big Banks

For a variety of reasons, I hope that the big banks are able to come together to  respond to the comments of Mark Carney, the Governor of the Bank of England, on the necessity for a digital identity in the finance sector to work with the banks to develop some sort of financial services passport. I made some practical suggestions about this earlier in the year and have continued to discuss the concept with potential stakeholders. I think it stacks up, but we’ll have to see how things develop. 

The reason why I’m so keen on this approach is that banks already do the hard work of establishing customer identities for know-your-customer (KYC) purposes but they don’t then do anything with it. So identity is a cost centre, when there is an opportunity for it to be a platform for new products and services. I’m not the only person who thought that the DCMS age verification legislation would be the trigger for a sophisticated federated privacy-enhancing bank-centric ID.

Modifications to open banking could allow bank customers to share data on their identity and their date of birth with third parties in a double-blind way that stops their bank from knowing the site they want to visit, or the site they’re visiting from knowing their identity.

From Don’t let the government’s porn block create a monopoly – 1828.

Well, whether it’s used for age verification or a pensions dashboard, I would have thought that what the European Commission Expert Group on Electronic Identification and Remote KYC Processes calls an “attribute-based LoA-rated KYC framework for the financial sector (ie, a financial services passport) would make a perfect post-Brexit stake-in-the-ground initiative to define the new era by boosting efficiency in the crucial Big Bank sector as well as providing a platform for new products and services for the Big Techs to develop. Talking of which…

Big Techs

I had the good fortune to attend more recent breakfast session with the Minister organised by the Cicero PR people. I have to say that the subject of digital identity came up more than once. There was considerable discussion (under the Chatham House rule) of both the priority of a UK digital identity infrastructure and the means by which it might come into existence. While I voiced my usual opinion that it should be the banks taking the lead, there were other people talking about alternative private sector providers.

It is clear, then, that if the banks can’t get it together then the big techs will  come knocking on the government’s door. I’ll readily admit that when the Minister said “private sector identities” in his speech, the first thought to flash across my brain was “Apple”. The public,  as well has civil servants in other departments who don’t really know or care about digital ID might be saying to themselves, “why can’t we just use ‘sign in with Apple’ to do our taxes?”, and this is a good point. Even if they are not saying it right now, they’ll be saying it soon as they get used to Apple’s mandate that all iOS apps that allow third-party sign-in must support it.

How would you use your Apple ID to log into HMRC? Easy: you log in as you do now after sending off for the password and waiting for it to come in the post and that sort of thing and then once you are connected tell them the Apple ID that you want to use in the future. If you want to be “jackdaniels@me.com” or whatever, it doesn’t matter. It’s just an identifier for the Revenue to recognise you. Then next time you go to log in to the Revenue, you log in as jackdaniels@me.com, something pops up on your iPhone and you put your thumb on it or look at it, and bingo you are logged in to fill out your PAYE without ever having to remember your taxpayer ID or government gateway passport ever again.

 

Incidentally, you could use this to log in at Pornhub too, because Apple have implemented a form of the persistent pseudonymity that I have long advocated as the core of a practical “privacy settlement”. So, as Wired magazine puts it, Apple’s universal login will let you hide your email address from third-party services. Unlike Facebook, Google and other services, Apple will randomly generate an email address on your behalf, and it then forward communications from the services that you sign up to on to your actual Apple ID address. I’m not joking about Apple delivering an infrastructure for the mass market instead of the government, it’s just that I thought that our forward-thinking innovation-centric banks would be the people to build on it. A couple of years ago I asked “Why doesn’t my bank put a token in my Apple Pay that doesn’t disclose my name or any other personal information… Keep my real identity safe in the vault, give me blank card to top shopping with”

The banks have a chance to to do this if the government, the Bank of England and industry bodies get together and work with them on it. But I wouldn’t be at all surprised to go over to the HMRC web site fairly soon to see “log in with Amazon” and “log in with Apple” next a button with some incomprehensible waffle about eIDAS that I, and most other normal consumers I’m sure, will simply ignore.

Follow the e-money

A couple of years ago I remember going to see ComplyAdvantage to make a podcast with them. I thought the new category of regtech was interesting and that the potential for new technologies in that space (eg, machine learning) was significant, so I went of off to learn some more about and talk to a few organisations to test some hypotheses. I remember thinking at the time that they were good guys and on a good trajectory and it looks as if my opinion was well-founded (they are doubling in size this year).

Anyway, I was thinking about them because they recently sent me a new white paper “A New Dawn for Compliance” (which notes that an estimated $2 trillion is laundered globally every year and only 1-3% of these funds are identified and possibly stopped) and it nicely encapsulated something that has been touched on in a fair few conversations recently: there’s no way to hire ourselves out of the compliance mess we’re in. Even if financial services and other businesses had infinite compliance budgets, which they most certainly do not, it’s simply not feasible to hire enough people to keep up. Even if there were infinite people with expertise in the space, which there most certainly is not, bringing them on board is too time-consuming, too expensive and too inflexible to create a compliance infrastructure that can respond the new environment.

Technology is the only way out of this.

Using technology to automate the current procedures is, as always, only a small part of the solution. The UK Financial Intelligence Unit (UKFIU) receives more than 460,000 suspicious activity reports (SARs) every year (according to the National Crime Agency), yet fraud continues to rise.

Moreover as Rob Wainwright (head of Europol) pointed out last year, European banks are spending some €20 billion per annum on CDD with very limited results. In fact, he said  specifically that  “professional money launderers — and we have identified 400 at the top, top level in Europe — are running billions of illegal drug and other criminal profits through the banking system with a 99 percent success rate”. This is not even a Red Queen’s Race, it’s a Formula 1 of crime where the bad guys are ahead and we can’t overtake them.

The Fifth Anti-Money  Laundering Directive (AMLDV) which comes into force in 2020 will, I predict, do nothing to change this criminal calculus. AMLDV will cost organisations substantially more than its predecessors and these costs are out of control. According to a 2017 whitepaper written by my colleagues at Consult Hyperion, KYC processes currently cost the average bank $60m (€52.9m) annually, with some larger institutions spending up to $500m (€440.7m) every year on KYC and associated customer due diligence (CDD) compliance. In the AMLDV era we will look back with nostalgia to the time when the cost of compliance were so limited.

It’s time for a rethink.

We need to re-engineer regulators and compliance to stop implementing know-your-customer, anti-money laundering, counter-terrorist financing and the tracking of politcally-exposed persons (let’s lump these all together for the sake off convenience as Customer Due Diligence, or CDD) by building electronic analogues of passport and suspicious transaction reports and so on. In a world of machine learning and artificial intelligence, we need to invert the paradigm: instead of using CDD to keep the bad guys out of the system, we should bring the bad guys into the system and then use artificial intelligence and pattern recognition and analytics to find out what the bad guys are doing and then catch them!

Surely, from a law enforcement point of view, it’s better to know what the bad guys are up to? Following their money should mean that it is easier to detect and infiltrate criminal networks and generate information that the law enforcement community can use to actually do something about the flow of criminal funds. In any other financial services business, a success rate of 1% would call into the question the strategy and the management of the business

Posh and Blocks

While flicking through British Vogue magazine for some moisturising tips, I came across a mention of digital identity! I was surprised and delighted that (just as has happened another of my obsessions, Dungeons and Dragons) what was once the province of nerds and outsiders has become fashionable and cool. Hurrah! Vogue says that secure digital identities for luxury goods are crucial, which is great! I could not agree more. Digital identities are not only for people! I have been writing about the need for digital identities for things for many years, and not only for high fashion (a field where, oddly, I have some experience in the use of NFC applications. On mobile phones to scan designer clothes – but that’s another story).

LFW

 

Some years ago I asked if “the blockchain” (put to one side what this might mean for a moment) might be a way to tackle the issue of “ID for the Internet of Things” (#IDIoT). I said at the the time that I had a suspicion that despite some of the nonsense going on, there might be something there. My reason for thinking that is that there is a relationship between blockchain technology and IoT technology, because we need a means to ensure that virtual representations of things in the mundane cannot be duplicated in the virtual. As I saw it, there were three ways to do this: a database, tamper-resistant hardware or blockchain.

If we look at the database idea first, I explored this more than a decade ago using the example of luxury goods such as watches and asking how would you tell a fake Rolex from a real one. It’s a much more complicated problem than it seems at first. For example: why would Rolex care? I can’t afford a Rolex, so if I buy one at a car boot sale or in China, Rolex isn’t losing a sale. But by wearing the fake, I’m presumably advertising the desirability of a Rolex. So surely they should be happy that people want to wear fakes or not? And if I did have a real Rolex, would I want to wear it in dangerous places where expensive watches get stolen in broad daylight by muggers (eg, London, London or London) or where I might just lose it?

Anyway, regardless of the reasons for it, let’s think about how to tell the real thing from the fake thing using technology. Suppose RFID is used to implement Electronic Product Codes (EPCs) for luxury goods. If I see a Gucci handbag on sale in a shop, I will be able to point my Bluetooth EPC-reading pen at it and read the EPC, which is just a number. My mobile phone can decode the number and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me. I could go onto the Gucci-lovers website and find out that product 999 is a particular kind of handbag, but nothing more: I may know that the tag is ‘valid’, but that doesn’t tell much about the bag. For all I know, a bunch tags might have been taken off of real products and attached to fake products.

To know if something is real or not, I need more data. If I wanted to know if the handbag were real or fake, then I would need to obtain its provenance as well as its product details. The provenance might be distributed quite widely. The retailer’s database would know from which distributor the bag came; the distributor’s database would know from which factory the bag came and Gucci’s database should know all of this. I would need access to these data to get the data I would need to decide whether the bag is real or fake.

This is a critical point. The key to all of this is not the product itself but the provenance. A database of provenance (for example) is the core of a system to tell real from fake at scale.

Who should control this database, and who should have access to it, is rather complicated. Even if I could read some identifier from the product, why would the retailer, the distributor or Gucci tell me any about the provenance? How would they know whether I were a retailer, one of their best customers, one of their own ‘brand police’, a counterfeiter (who would love to know which tags are in which shops and so on) or a law enforcement officer with a warrant?

This is where the need for a digital identity comes into the picture. A Gucci brand policeman might have a Bluetooth pen tag reader connected to a mobile. They could then point the pen at a bag and fire off a query: the query would have a digital signature attached (from the SIM or SE) and the Gucci savant could check that signature before processing the query. Gucci could then send a digitally signed and encrypted query to the distributor’s savant which would then send back a digitally signed and encrypted response to be passed back to the brand policeman: ‘No we’ve never heard of this bag’ or ‘We shipped this bag to retailer X on this date’ or ‘We’ve just been queried on this bag in Australia’ or something similar.

The central security issue for brand protection is therefore the protection of (and access to) the provenance data, and this needs a digital identity infrastructure to work properly. If it adds £20 to the price of a Rolex to implement this infrastructure, so what? The kind of people who pay £5,000 for a Rolex wouldn’t hesitate to pay £5,020 for a Rolex that can prove that it is real.

A small brand premium might be rather popular with people who like brands. Imagine the horror of being the host of a dinner party when one of the guests glances at their phone and says “you know those jeans aren’t real Gucci, don’t you?”. Wouldn’t you pay £20 for the satisfaction of knowing that your snooping guest’s Bluetooth pen is steadfastly attesting to all concerned that your Marlboro, Paracetamol and Police sunglasses are all real? Of course you would.

For some goods, we might want to add tamper resistant hardware to the product. I have long been interested in the use of low-cost RFID chips in this context. An example I looked at some years ago was the problem in Korea with the production of counterfeit whiskey. The authentic whiskey producers decided to add an RFID chip to the bottle caps. This chip was coded with a URL and an identifier. When a customer, or a shopkeeper, or a policeman, or in fact anyone else wants to check whether the whiskey is real or not, they touch the cap with their phone and the URL launches a web site that knows the provenance of the identifier and can tell you when and where it was bottled as well as some other information. When a customer opens the bottle, the tag is broken and can no longer be read. That seems to be a cost-effective solution, although it again relies on the provenance database to make it work (otherwise the counterfeiters would just find a way steal the chips).

The mass market IoT, however, amplifier that problem of permission. I have always tried to illustrate this for people in a fun way by using the case study of underwear. It’s one thing for dinner guests to scan my wine bottle to see that it is a real Romanée-Conti and another for them to scan my Rolex to check that it is indeed a first-class far-eastern knock-off, but it’s quite another for them to be able scan my underpants and determine that they date from 1983. How do we turn tags on and off? How do we grant and revoke privileges? How do we allow or deny requests for product or provenance? Once again, we must conclude that not simply digital identity but a full digital infrastructure is needed.

The third approach that I thought worth exploring was that of some form of blockchain. It seemed to me that by using the blockchain to maintain uniqueness, we might find a way to make the IoT a transactional environment. Just as you can’t copy the physical object, but you can transfer it from one owner to another, so you can’t copy a token on a shared ledger, only transfer it from one owner to another. Thus, if you can bind a token to a physical object, you can greatly reduce the cost of managing that object. Hence I was rather interested to read in that Vogue article that Luis Vuitton, Microsoft and Consensus have developed a platform called “Aura” to manage provenance to provide proof of origin and prevent counterfeits using a blockchain. The basic idea is to represent luxury goods as ERC-721 tokens on a private permissioned Quorum blockchain.

Obviously, I don’t have any details about how this will actually work, but LVMH seem to imply that at the time of purchase of one of their brands’ product, the customer can use the brand’s application to receive an “AURA certificate” containing all product information. I assume that if you sell your handbag (or whatever) to a charity shop, you can transfer the certificate to the charity shop’s application. Underlying all of this, there is the token on the blockchain moving from the retailer’s wallet, to your wallet, to the charity shop wallet.

If this works, and it’s simple and convenient for consumers, some sort of app presumably, it will generate an amazing amount of valuable data for brand owners. They will know exactly who has their stuff and how much of it they’ve got. If the app records “fails” as well, then they’ll also know who has the knock-offs too.

Real fakes and fake fakes

My good friend Chris Skinner pointed me at a story about counterfeit art. The art in question, a “Picasso”, is apparently the work of a counterfeiter called Davd Henty. According to The Daily Telegraph, after being exposed as a forger a few years ago, “the publicity led to him being feted on television programmes and his copies – marked clearly as ‘Henty’s’ – now sell for £5,000 and upwards”. This reminded me of something I wrote a decade ago after a visit to Halifax, where I saw an interesting use case for RFID chips that were being bonded into the canvas used for painting. So here’s a picture of such a picture (and me).

RFID_Picture

This caught my eye all those years ago and it’s worth showing it again, because it’s a fascinating case study of using RFID in the real/counterfeit problem space. It’s not just about what’s real and what’s fake.  The picture I am looking at here was painted by John Myatt. If you don’t recognise the name… well, his story  is introduced in The Daily Telegraph this way: “From talented chart-topping songwriter, to Brixton prison for being involved in ‘the biggest art fraud of the 20th century’, John Myatt’s incredible life is now the subject of a Hollywood movie and his artistic talent the focus of a major TV series”.

Interesting guy. Take a look at his “genuine fakes”.

The reason Mr Myatt can make a good living doing genuine fake art, as noted in the Financial Times, is his notoriety as a master forger, which resulted in a six-month prison sentence in 1995. The picture I am looking at has RFID tags bonded to it, but in this case the purpose of the tags is to prove not only that the picture is a fake, rather than real, but that it’s a John Myatt fake and not someone else’s fake. So, basically, the idea is to use a combination of primary and secondary identification technologies to connect product and provenance in such a way as to prove that the picture is a real fake, if you see what I mean. Great stuff.

So if we are going to use technology to create a new identity infrastructure that works for things as well as people, it must not only distinguish real from fake, but fake from fake!

Talking about real fakes, rather than fake fakes, I have an important one at home. I got it after reading about a donation of drawings to Yad Vashem, Israel’s holocaust memorial. The drawings are of the men who worked in the once-secret Nazi operation to produce fake money, a story told in the brilliant film “The Counterfeiters”, which won the 2007 Oscar for best foreign film. It is the true story of Operation Bernhard, which was the Nazi plan to devastate the British economy. The idea, conceived at the very start of the Second World War, was to drop the worthless banknotes over England, thus causing economic instability, inflation and recession. Remember, in 1939 the German people had very recent memory of worthless paper currency devastating the economy, as is well chronicled in Adam Fergusson’s book “When Money Dies”.

The film is based on a memoir written by Adolf Burger, a Jewish Slovak typographer who was imprisoned in 1942 for forging baptismal certificates to save Jews from deportation. The Nazis took Burger and more than a hundred other Jews from a variety of trades—printing, engraving and at least one convicted master counterfeiter, Salomon Smolianoff—and moved them from different death camps to a special unit: “Block 19” in Sachsenhausen concentration camp. There they set about forging first the British and then the American currency. In the end, the prisoners forged around Sterling 132 million, which is about four billion quid in today’s prices.

The Nazis were never able to put their plot into operation. At the end of the war, they packed up all the printers’ plates and counterfeit bills into crates which they dumped into Lake Toplitz in Austria, from which they were subsequently retrieved. Some of the counterfeit notes went to the purchase of war materiel for the nascent Israeli army, some went to collectors. I bought an authenticated Operation Berhard counterfeit “white fiver” from a banknote collector and that is how I came to have a real fake on my wall at home.

Innovation in blockchain innovation

A couple of years ago, I was invited along to the Scottish Blockchain Conference (ScotChain17). I have to say that it was a really enjoyable, well-organised and interesting day out in Edinburgh. Here I am in one of the panel discussions.

Scotchain panel

At this excellent event, I gave a talk about the use of blockchain in supply chains. Professor Angela Walsh kindly commented on my presentation, saying that it had her crying with laughter while learning a lot, a compliment that I treasure. The content was summarised thus by a keen observer…  “The point,” said Birch, “is that people are talking absolute bollocks about blockchain, on an industrial level”. If you at all interested, the talk was filmed and you can see it here:

 

Well, my comments on ideas of using the blockchain to solve supply chain problems being somewhat misguided may have seemed a trifle harsh at the time, but as far as I can tell they were a broadly correct characterisation of the state of the industry and a broadly accurate prediction of the sector’s trajectory. Two years on, I just read that the noted research house Gartner says that nine in ten blockchain-based supply chain projects are “faltering” because they cannot figure out important (or, in my opinion, any) uses for the new technology.

Hence I feel that my somewhat uncharitable remarks were justified and my blockchain crystal ball remains intact, its reputation enhanced. 

My reason for highlighting this Caledonian chronicle, and subsequent validation, is to point you to my forthcoming talk at Vincent Everts’ super Blockchain Innovation conference in Amsterdam. If you are going to the excellent Money2020 in Amsterdam that week – where I will be chairing the Open Banking track – stick around and join me at the ABN Amro headquarters on June 7th for a wide perspective on the state of the blockchain world.

I’ll be making a presentation on the intersection of blockchain and artificial intelligence. This is a space where I have observed an avalanche of absolute bollocks, so I’m going to stick my neck out and make a (well-informed) prediction about the key impact of AI on the blockchain world. It has nothing to do with supply chains, but I think has more significance and will mean big changes in the blockchain ecosystem.

I think have some solid foundations for making this prediction, so come along to cheer or jeer and I’ll be delighted to see you there either way.

Stablecoins and stable coins

I notice that in the considerable press comment concerning the possible introduction of a Facebook payment system and perhaps even a Facebook currency of some kind, commentators continually refer to a Facebook “stablecoin”. I am certain that they are wrong to use this term, because it does not mean what they think it means. I may well be facing a losing battle about this, but I am stickler for correct currency terminology.

So. Stablecoin. What?

In the Bank of England’s excellent “Bank Underground” blog, there was a post on this topic that said “The chances of a stablecoin keeping a stable price depends on its design. There are generally two designs of stablecoin: those backed by assets, and those that are unbacked or ‘algorithmic’”. They are right, of course, but I would like to present slightly more granular classification of stablecoin currencies. I think there are three kinds:

  1. Algorithmic Currencies, in which algorithms manage supply and demand to obtain stability of the digital currency. This is what a stable cryptocurrency is: since a cryptocurrency is backed by nothing other than mathematics, it is mathematics that manages the money supply to hold the value of the steady against some external benchmark. This is what is meant by stablecoin in the original crypto use of the term.

  2. Assetbacked Currencies, in which an asset or basket of assets are used to back the digital currency. I don’t know why people refer to these a stablecoins, since they are stable only against the specific assets that back them. An asset that is backed by, say, crude oil is stable against crude oil but nothing else.

  3. Fiat-backed (aka Currency Boards), which are similar to a asset-backed currencies but where the assets backing the digital currency are fiat currencies only. There are mundane versions of these already: in Bulgaria, for example, where the local currency (the Lev) is backed by a 100% reserve of Euros

As for that last category, it is effectively what is currently defined as electronic money under the existing EU directives, and therefore already regulated. Those coins backed by fiat currency, such as JPM Coin, simply provide a convenient way to transfer value around the internet without going through banking networks. Now, this may well be an advantage in cost and convenience for some uses cases but it is a long way from an algorithmic currency. If this is indeed what Facebucks turn out to be (ie, actual bucks that you can send around on Facebook, something along the lines of Apple Cash), then I have written before why I think they will be successful.

So will any or all of these catch on?

Predictions are of course difficult, but my general feeling is that it is the asset-backed currencies that are most interesting and most likely to succeed in causing an actual revolution in finance and banking. Algorithmic stablecoins and fiat “stablecoins” exist to serve a demand for value transfer, but this is increasingly served well by conventional means. I notice this week, for example, that Transferwise can now send money from the UK to Hong Kong in 11 seconds, a feat made possible by their direct connection to the payments networks of both countries. Why would I use a fiat token when I can send fiat money faster and cheaper?

Of course, you might argue that a digital currency board might allow people who are excluded from the global financial system to hold and transfer value but I am unconvinced. There plenty of ways to hold and transfer electronic value (eg, M-PESA) without using bank accounts. Generally speaking, people around the world are excluded because of regulation (eg, KYC) and if we want to do something about inclusion we should probably start here. If you are going to require KYC for the electronic wallet needed to hold your digital currency they customers may as well open a bank account, right?

(I’ve written before about how the need for an account hampered Mondex. When it was first launched, I went to a bank branch with £50 expecting to walk out with a Mondex card with £50 on it. What I actually walked out with was a multi-page form to open a bank account so that I could get a Mondex card which arrived some time later. And since I had to put my debit card into the ATM in order to load the Mondex card, I did what most other people did and drew out cash instead.)

I suppose there are some people who think that the anonymity and pseduonymity of cryptocurrencies might make them an attractive alternative to certain sectors, but this is probably a window. If cryptocurrencies were used for crime on a large scale then efforts would be made to police them. Bitcoin, in particular, is not a good choice for criminals since it leaves a public and immutable record of their actions but you can imagine a future in which the mere possession of an anonymous cryptocurrency becomes a prima facie cash of money laundering.

Looking at the “stable” stable, then, I’ll put my money on the middle way. I’ve said it before and I’ll say it again, there is a real marketplace logic to the trading of asset-backed currencies in the form of tokens and I expect to see an explosion of different kinds.

Programming bank accounts

I’ve been reading an interesting paper from Northumbria University called “Recipes from Programmable Money“. The paper looks at what customers of the UK challenger bank Monzo have done with its integration with IFTTT (the “if this, then that” automation software) to draw some early lessons that may have wide applicability to post-PSD2 financial services infrastructure. This is fascinating to me (even though I think the title is wrong, because it’s not the money that is being programmed but the bank accounts) because it is natural to wonder what, once third-parties are free to build on banks’ interfaces because of PSD2, customers will want from the new product and service providers.

The paper goes about examining how real users (albeit savvy early adopters in the UK) used the ability to automate a selection of Monzo account actions. Since these automations are a small window into what users might want from from more general third-party API-based interactions, I think the researchers have uncovered useful insights about just how important XS2A will be. After all the speculation about what API access to accounts might mean for Europe’s banks, there’s no substitute for looking at what consumers actually do with the new technology.

It seems to me that the key finding of the paper is that “some of the most intriguing recipes in our corpus were those that integrated Monzo with applications that ordinarily have little to do with banking”. (“Recipes” are the IFTTT automation scripts.) That is, in general, consumers use banking services as integral to other services, which is what you might expect on reflection because users don’t want to do banking, which is boring, they want to do other more interesting things that happen to be facilitated by banking.

The authors also observe that “this proliferation of financial data across different platforms, and channels, highlights the way in which programmable money may cut across services” and that “we are seeing how money and transactions are potentially just another form of data, to be pushed and pulled around integrated services”. I am sure they are correct about this, which is why it will be so hard for banks to find effective strategies to compete with other providers of those integrated services. It may well be that only the lower margin “‘pipe” services are available to them, in which case they need to focus on operational efficiency to compete.

All very interesting, and wholly congruent with earlier analyses from informed industry observers (eg, me). But it’s another point made in the “programmable money” paper that caught my eye. It’s impossible to disagree with it when it concludes that technologies such as machine learning, AI and smart contracts “foreground the delegation of significant financial power to automated systems and agents”. As I wrote last year, in the context of competition in retail banking, the future choice of banking services provider (the AS-PSP, in the euro-jargon) will be made not by customers, but by bots. It seems to me that the early indications from the real world are that this is correct, and that it has many ramifications.

I’ll give you an example. If you live in the UK and are over the age of around 30, you may have seen an advertisement with a man in a spacesuit in it.

To the Mooooooooon!

No, not that one. I mean an advert on TV, the sort of thing that no-one under 30 ever sees any more. It’s an advert for a bank. It doesn’t matter which one. The point is that it’s about brand and image. But what will be the point of it a world where an AI-powered child-of-IFTTT is doing the heavy lifting? Consumers may neither know nor care who their bank is. This will pose a challenge to those with a career in marketing, but it may have some positives too. For example, I can assure Barclaycard that my bot will pay no attention whatsoever to their advertisement with Simon Cowell in it, whereas like most normal people I would cancel my card because of it.

My bot will chose your bank on the basis of interest rates, response times, jurisdiction, functionality, service uptimes and other such measurable parameters. Your logo? Your sponsorships? Your history? Whatever.

US cashless backlash: why punish retailers?

The US is behind some other parts of the world, perhaps, but it is trending in the same direction. According to recent research, almost a third of American adults use no cash at all for their weekly purchases (it was a quarter back in 2015). Conversely, a fifth of Americans says that make nearly all of their purchases in cash. Against this backdrop, it is no surprise that some retailers, in some locations, are starting to go cash free. Now, as far as I am concerned, that’s up to them. Writing in the CATO Journal last year — “Special Interest Politics Could Save Cash or Kill It” CATO Journal 38(2): 489-502 (Spring 2018) — Norbert Michel said “it seems risky, at best, to give the government so much control over the form of payment citizens choose, but that is exactly what many policymakers are hoping to do”. He was talking about laws to ban cash, but the argument applies both ways. Should regulators care whether you pay in cash or not and, if they do care, what should they do about it?

 

Here’s a specific example. In March, Atlanta’s Mercedes-Benz stadium, home of the Atlanta Falcons, stopped accepting cash for sporting events. Now, I imagine the people who run the Mercedes-Benz to be business persons who operate according to the principles of profit and loss. They’re not making this decision because of some idealogical position about notes and coins. They wouldn’t be doing it unless they thought they would be better off without the costs of cash.

So: should they be allowed to do this, just as Tottenham Hotspur have done with their new stadium at White Hart Lane?

There is no US law on the subject. I see in Payment Law Advisor that the US Treasury Department has guidance on the issue, but it states that refusing cash may be allowable “on a reasonable basis, such as when doing so increases efficiency, prevents incompatibility problems with the equipment employed to accept or count the money, or improves security”. Security and efficiency are precisely the factors causing retailers to shift to cashless operators as far as I can see, so the Treasury guidelines seem to be working.

That does not, however, seem to matter to the State and City legislators who rising to the challenge of dragging America back into the 1950s, when the payment card was a notion restricted to future fiction and the concept of a mobile phone so alien as to be unimaginable. At that level there is a patchwork of regulation. Massachusetts apparently has a little-known 1978 law requiring retail stores to accept both cash and credit although it does not seem to be enforced and the legislature has yet to say whether it applies to restaurants. Food and drink are in the vanguard elsewhere, such as in Pennsylvania, where the head of the Pennsylvania Restaurant and Lodging Association says that there are lots of restaurants (as well as other businesses) that want to go cashless because “places that handle cash are less safe than those that don’t have cash on hand” and that in a cash business “taxes aren’t always paid”.

Yet US legislators seem to be in favour of maintaining this costly and inefficient state of affairs. The New York Times reports that the New Jersey Legislature and the Philadelphia City Council have already passed measures this year that would ban cashless stores and New York City, Washington, San Francisco and Chicago are consider doing something similar. Their objection is that cashlessness marginalises low-income communities. If this is true, and I have no reason to doubt the sincerity of these lawmakers, then it is a problem with the financial system not retailing. Penalising retailers by forcing them to accept cash because the financial system does not make a reliable, secure electronic alternative available to low-income (or, indeed, any other) communities is peverse.

I don’t want to discuss the causes here – that’s for another time – but the specifically US problem around financial inclusion is the root cause of the problem and that’s what should be tackled. If low-income people in Somalia can buy produce in the local market using their mobile phones, you can’t help but wonder why low-income people in Philadelphia can’t do the same, much to the benefit of society as a whole.