Know 2019 Keynote

This time it’s war
Keynote address to Know 2019, Las Vegas, 25h March 2019.

[An edited version of this keynote appeared on Medium, 28th March 2019]

Know 2019 Las Vegas

I’ve said many times that we need an identity infrastructure that deals with the realities of this modern world, the world of the Nth industrial revolution (where N is 4, or 5, or something similar). As things go from bad to worse, we need this infrastructure be a government priority and we need the private and public sectors to come together to deliver it. And if they don’t want to, if you don’t want to, then you should be made to. I’m not standing here flattered to be asked to deliver this keynote because digital identity is about making life easier when you log in to your bank or to do your taxes. I’m here because it is far more important than that. Digital identity is vital national infrastructure

We don’t have long to get our act together and we are starting from scratch. In the UK we have no tradition of identity cards or national identification systems, or anything like it. To the British, national identification is “papers, please”: something associated with authoritarian tyrannies, France and wartime. And even in wartime, the idea of requiring people to hold some form of identification was regarded as so fundamentally incompatible with the customs and practices of Her Majesty’s subjects that the last British identity cards (from the first and second world wars, essentially) drew on what Jon Agar memorably labelled “parasitic vitality” from other systems such as conscription and food rationing. Identity infrastructure was created as a form of mobilisation against the enemies of the Realm and the chosen implementation, the identity card, was not an end in itself, but a means to support those other activities in to aid the war effort.

This dislike of identification as a State function is hardly unique to the United Kingdom. In America there are similarly strong opinions on the topic and the failure of the Australia Card back in 2007 stems, I think, from the same common law roots. These views of course stand in stark contrast to the views of almost all other nations of the world. The majority of people on Earth have some form of state identification and would find it impossible to navigate daily life without it. That doesn’t make the need to be identified by the state at all times either right or proper, by the way, but that’s a different discussion for another day.

If the development of national identity infrastructure is, however, only possible as part of a war effort… well, I have to tell you that we are at war. It’s just that this time we’re in a cyberwar and our identity infrastructure needs to support mobilisation across virtual and mundane realms. World War 3.0 has already started but a lot of people haven’t noticed because it’s in the matrix. There was no specific date when this war broke out and there is no conceivable Armistice Day on which it will end. Rather, as Bruce Schneier put it in his excellent book Click Here to Kill Everybody last year, cyberwar is the new normal.

(This will, unfortunately, make the war movies of the future rather dull. No more Dunkirk or Saving Private Ryan, no more The Dambusters or Enemy at Gate. Instead movies will be about solitary individuals sitting in dimly-lit bedsits typing lines of Perl or Solidity while eating tuna out of a can.)

The advent of cyberspace conflict is not because computers and communications technologies have only just reached the Armed Forces. Far from it: the very first computers were developed to compute ballistic trajectories and part of my young life was spent trying to work out how to use radio and satellite technologies to keep NATO systems connected after a first strike against command and control infrastructure, which is why talk of white noise jamming and direct-sequence spread spectrum transmission still gives me a shiver. But in those far-off days, the reason for knocking out the NATO’s IT infrastructure was so that you could then send tank columns through the Fulda Gap or drop the Spetsnatz into Downing Street. There were cyber aspects to war, but it wasn’t a cyberwar. Now it’s all out cyberwar and as historian Niall Ferguson said in his book The Square and The Tower, it’s war between networks.

(The early British response to this new state of affairs was comfortingly backward-looking. Back in 2013 there was a plan for the creation of a digital Home Guard made up from well-meaning volunteers to stand on the cyber-landing grounds to repel invasion.)

Now, I’m sure that behind the scenes the Department of Defense have been working around the clock to defend our payment systems and water supplies against foreign hackers but I do wonder if the insidious threat from the intersection of post-modernism and social media had as a high a priority? It should have done, because as it turned out the enemy stormed Facebook, not the Fulda Gap. We need a wall right enough, but we need it to around our data.

Marshall McLuhan saw this coming, just as he saw everything else coming. Way back in 1970, when the same Cold War that I played my part in was well under way, he wrote in Culture is our Business that “World War III is a guerrilla information war with no division between military and civilian participation”. Indeed. And as we are now beginning to understand, it is a war where quiet subversion of the enemy’s mental assets is as important as the destruction of their physical assets. Social media are creating entirely new opportunities for what The Economist referred to as “influence operations” (IO) and the manipulation of public opinion. We all understand why! In the future, “fake news” put together with the aid of artificial intelligence will be so realistic that even the best-resourced and most professional news organisation will be hard pressed to tell the difference between the real and the made-up sort.

Smart cyber-rebels will want to take over social media, just as rebel forces set off to capture the radio and TV stations first: not to shut them down, but to control them. The lack of identity infrastructure makes it easy for them: at least you could see when your favourite news reader had been replaced by a colonel in a flak jacket, but you’ve no idea who is feeding the “news” to your social media timeline. It’s probably not even people anymore. While writing these words I read of (yet another) complaint about social media companies doing nothing to control co-ordinated bot attacks. But how are they supposed to know who is a bot and who isn’t? Whether a troll army is controlled by enemies of the state or commercial interests? If an account is really that of a first-hand witness to some event or a spy manufacturing an event that never happened?

The need to tell “us” from “them”, real from fake, insiders from outsiders, attackers from defenders is critical and the lack of an identity infrastructure (as much as the creation of identity infrastructures that are too easy to subvert) leaves us open to manipulation. We need to create an effective infrastructure as a matter of urgency but it should not be framed in the context of a 20th-century bureaucracy responding to the urban anonymity of the industrial revolution by conceiving of people as index cards, but in a 21st-century context based on McLuhan’s notions of identity forged in relationships. We need to create an environment of ambient safety, where both security and privacy are strengthened, twin foundations for the structures we need to build to prevent chaos.

(America may or may not need a Space Force, but it most certainly needs a Cyberspace Force.)

So this is my challenge to you. This is a conference I take very seriously and an audience that I respect. I am looking to you to man the barricades. I want you to begin the process of assembling the infrastructure that we so desperately need, so that I can tell my e-mail package to ignore messages that say they came from bank but didn’t, my web browser to put a red border around “news” that does not come from a reputable, cross-checked source and set my phone to ignore tweets that come from bots rather than people.

If this all sounds over-dramatic: it isn’t. I think it is perfectly reasonable to interpret the current state of cyberspace in these terms because the foreseeable future is one of continuous cyberattack from both state and non-state actors and digital identity is a necessary building block of our key defences. I sincerely hope that over the next couple of days you will find new ideas, new ways of co-operating and perhaps even a new mission to protect and survive in this new era of amazing opportunities, astonishing threats and terrifying risks.

Thank you.

Feedback

Well, I’ve never appeared in a cartoon before (to the best of my knowledge) so my sincere thanks Richard Parry and “The Chaps” for their kind comment on this keynote. I should point out that I am well aware of the market failure around cybersecurity, but that’s a topic for another day!

Know 2019

 

The non-cartoon feedback was pretty good too!

And from the education day that preceeded the keynote…

Thanks y’all!

Actually, I think there is a link between AI and the blockchain

There is a character flaw in some people (eg, me) which means when they see something that is obviously wrong on Twitter they feel compelled to comment. This is why I couldn’t stop myself from posting a few somewhat negative comments about an “infographic” on the connection between AI and the blockchain, even though I could have just ignored the odd combination of cargo cult mystical thinking and a near-random jumble of assorted IT concepts and gone about my day.

When it came down to it though, I just couldn’t. So, naturally, I decided to write a blog post about it instead. The particular graphic made a number of points, none of which are interesting enough to enumerate in this discussion, but at its heart was the basic view set out, here for example, that blockchain and AI are at the opposite ends of a technology spectrum: one fostering centralised intelligence on closed data platforms, the other promoting decentralised applications in an open-data environment. Then, as the infographic “explained”, the technologies come together with AIs using blockchains to share immutable data with other AIs.

Neither of those basic views is true though. Whether an AI is centralised or decentralised is tangential to whether it uses centralised or distributed data, and whether “blockchain” is used by centralised or decentralised applications is tangential to whether those applications use AI. What is important to remember is that decentralised consensus applications running on some form of shared ledger technology can only access consensus data that is stored on that ledger (obviously, otherwise you couldn’t be sure that all of the applications would return the same results). An AI designed to, for example, optimise energy use in your home would requires oracles to read data from all of your devices and place it on the ledger and then another set of factotums to read new settings from the ledger and update the device settings. What’s the point? Why not just have the AI talk to the devices?

There is, however, one part of the shared ledger ecosystem—of consensus applications running on consensus computers—that might benefit considerably from a shift to AI and this is the applications. People are very bad at writing code, by and large, and as the wonderful David Gerard observed in the chapter “Smart contracts, stupid people” in his must-read “Attack of the 50 foot blockchain”, they are particularly bad at writing smart contracts. This is clearly sub-optimal for apps that are supposed to send anonymous and untraceable electronic cash around. As David says, “programs that cannot be allowed to have bugs … can’t be bodged by an average JavaScript programmer used to working in an iterative Agile manner… And you can even deploy fully-audited code that you’ve mathematically proven is correct — and then a bug in a lower layer means you have a security hole anyway. And this has already happened”.

It seems to me that one thing we might expect AIs to do better than people is to write code. Researchers from Oak Ridge National Laboratory in the US foresee AI taking over code creation from humans within a generation. They say that machines, rather than humans, “will write most of their own code by 2040”. As it happens, they’ve started already. AutoML was developed by Google as a solution to the lack of top-notch talent in AI programming. There aren’t enough cutting edge developers to keep up with demand, so the team came up with a machine learning software that can create self-learning code… Even scarier, AutoML is better at coding machine-learning systems than the researchers who made it.

When we’re talking about “smart” “contracts” though we’re not talking superhuman programming feats, we’re really talking about messing around with Java and APIs. Luckily, last year saw the arrival of a new deep learning, software coding application that can help human programmers navigate Java and APIs. The system—called BAYOU—was developed at Rice University with funding from the US Department of Defense’s Defense Advanced Research Projects Agency (DARPA) and Google. It trained itself by studying millions of lines of human-written Java code from GitHub, and drew on what it found to write its own code.

Putting two and two together then, I think I can see that if there is an interesting and special connection between AI and “blockchain” then it’s not about using the blockchain as a glorified Excel spreadsheet that AIs share between themselves, it’s about writing the consensus applications for the consensus computers. They still wouldn’t be contracts, but they would at least work.

Not a cryptocurrency. End of.

The media recently reported, somewhat breathlessly (eg, CNBC), that JP Morgan Chase (JPMC)is launching a “cryptocurrency to transform the payments business”. This sounded amazing so I was very excited to learn more about this great leap forward in the future history of money.

As CNBC reported, it seems to herald new forms of business. Umar Farooq, the head of JPMC’s blockchain projects, sets put this vision clearly, saying that the applications for this innovative use of new transaction technology “are frankly quite endless; anything where you have a distributed ledger which involves corporations or institutions can use this.

Wow.

Now, many people took a look at this and pointed out that it is simply JPMC deposits by another name, and uncharitable persons (of whom I am not one) therefore dismissed it as a marketing gimmick. But it is more interesting than that. Here is the problem that it is trying to solve…

Suppose I am running apps (referred to by less well-informed media commentators as “smart” “contracts” when they are neither) on JPMC’s Quorum blockchain. Quorum is, in the terminology that I developed along with Richard Brown (CTO of R3) and my colleague Salome Parulava, their double-permissioned Ethereum fork (that is, it requires permission to access it and a further permission to take part in the consensus-forming process). I’m quite partial to Quorum (this is what I wrote about it back in 2017) and am always interested to see how it is developing and helping to define what I call the Enterprise Shared Ledger (ESL) software category.

Now suppose my Quorum app wants to make a payment – not in imaginary internet play money, but in US dollars – in return for some service. How can it do this? Remember that our apps can’t send a wire transfer or use a credit card because they can only access data on the blockchain. If the app has to pay using a credit card, and that app could be executing on a thousand nodes in the blockchain network, then you would have a thousand credit card payments all being fired off within a few seconds! You can see why this can’t work.

One way to solve this problem would be to have “oracles” reporting on the state of bank accounts to the blockchain and “watchers”  (or “custom executors” as Darius calls them here) looking for state changes in the blockchain bank accounts that they could then instruct in the actual bank accounts. But that would mean putting the safe-to-spend limits for millions of bank accounts on to the blockchain. Another more practical solution would be to add tokens to Quorum and allow the apps to send these tokens to one another. This is, as far as I can tell from a distance, is what JPM Coins are for.

I have to say that this is a fairly standard way of approaching this problem. A couple of months ago, Signature Bank of New York, launched just such a service for corporate customers — with a minimum $250,000 balance — using another permissioned Ethereum fork, similarly converting Uncle Sam’s dollars into ERC-20 tokens. If you’re interested, I gave a presentation to the Dutch Blockchain Innovation Conference last year on this approach and why I think it will grow and the video is online [23 minutes].)

Animal, vegetable or mineral?

These JPM Coins (I simply cannot resist calling them Dimon Dollars, or $Dimon, for obvious reasons) have attracted considerable discussion but I thought I might contribute something different to the debate by trying to reason my way through to a categorisation. I talked about this on the panel in the “Blockchain and Cryptocurrencies” session at Merchant Payments Ecosystem in Berlin today, and you can see my slides here:

 

On the panel, I said that the $Dimon is e-money. Here’s why…

Is it “money”? No it isn’t. It is certainly a cryptoasset – a digital asset that has an institutional binding to a real-world asset – that in certain circumstances exhibits money-like behaviour. Personally, I am happy to classify such assets as forms of digital money, the logical reason that they are bearer instruments that can be traded without clearing or settlement. 

Is it a “cryptocurrency”? No, it isn’t. A cryptocurrency has a value determined, essentially, by mathematics in that the algorithm to produce the currency is known and the value of the cryptocurrency depends only that known supply and the unknown demand (and, of course, market manipulation of various kinds). It is not set by an institution, government or otherwise.

Is it a “stablecoin”? No, it is isn’t. A stablecoin has its value maintained at a certain level with reference to a fiat currency by managing the supply of the coins. But the value of the $Dimon is maintained by the institution of JP Morgan irrespective of the demand for it.

Is it a “currency board”? No, it isn’t. A currency board maintains the value of one currency using a reserve in another currency. So, for example, you might have a Zimbabwean currency board that issues Zim Dollars against a 100% reserve of South African Rand.

In fact, as far as I can tell, the $Dimon is e-money, which is one particular kind of digital money. There are two main reasons for this:

First, according to the EU Directive 2009/110/EC, “Electronic money” is defined as “electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions […], and which is accepted by a natural or legal person other than the electronic money issuer”. This sounds awfully like, as Bloomberg put it, the $Dimon is “a digital coin representing United States Dollars held in designated accounts at JPMorgan Chase N.A.”. It is a bearer instrument (so “coin” is a reasonable appellation) that entitles the holder to obtain a US dollar from that bank and therefore seems to fall within that EU definition since people other than JPMC, albeit customers of JPMC, accept it in payment. (I would pull back from calling it digital cash because of this need to establish an account with JPMC in order to hold it.)

Second, because my good friend Simon Lelieveldt, who knows more about electronic money than almost anyone else, says so. Simon and I have long agreed that the trading of digital assets in the form of tokens is the most interesting aspect of current developments in cryptocurrency, a point I made more than once in my MPE talk.


Following my logic then, in European regulatory terms then, the $Dimon is “e-money” and I think that is a quite reasonable definition. Case closed.

Mark Carney (and me) and digital ID

The governor of the Bank of England, the Canadian ex-Goldman Sachs economist Mr. Mark Carney, recently suggested that digital ID cards “would make it safer for people to access money online”. He is sort-of-correct. We do indeed need to do something to stop the relentless increase in identity-related fraud and scams (such as, for example, “man receives surprise message purporting to be from Mark Carney offering multimillion-dollar sum”) because we need to make substantial improvements in both the security and privacy of online financial services, as well as a step-change in convenience) and we need it urgently. 

I don’t think that a digital ID card is quite the solution though, because I prefer a more sophisticated solution that is based on digital identities for everything and multiple personae for transactional purposes, but that’s splitting hairs at high level. I am right behind Mr. Carney on the need for a solution, although I think he was wrong when he went on to say that such a scheme could also prove controversial and could “only be introduced by the Government rather than the Bank of England”. In my opinion he is mixing up the controversial idea of a national digital identity card of some kind (and he may well be unaware of the government’s decision to stop funding their gov.verify online identity scheme) with the uncontroversial notion of a some form of secure and convenient identity management for the purposes of interacting with regulated financial institutions.

Only a day after Mr. Carney’s remarks, the Emerging Payments Association (EPA) released its report on money laundering and payments-related financial crime, calling for UK financial institutions and payment processors to create a “national digital identity scheme to tackle these threats”. So let’s take this national digital identity for financial services and digital ID card for online identity checking in Mr. Carney’s terms and call the concept, for sake of brevity, the Financial Services Passport, or FSP.

I don’t know if Mr. Carney has read my 2014 book Identity is the New Money (still available from all good bookshops and Amazon), but in there I wrote that one very specific use of a digital identity infrastructure “should be to greatly reduce the cost and complexity of executing transactions in the UK by explicitly recognising that reputation will be the basis of trust and therefore transaction costs. The regulators should therefore set in motion plans for a Financial Services Passport”.

A few year ago, I spent some time as co-chair (with Ian Jenkins of Deloitte) of the techUK Financial Services Passport Working Group, I was working on the concept of a financial services passport with a bunch of smart people and no-one took the slightest interest in this obviously sensible concept and I do not remember observing any inclination by the UK’s banks to work together on it.

That techUK Working Group, incidentally, was created because of recommendations of an earlier techUK report “Towards a New Financial Services” developed through 2013. Section 3 of this report is actually called “Identity and Authentication: Time for a Digital Financial Services Passport”. The conclusion of that section was: 

There is clearly a need to look again at identity authentication in financial services. In addition to creating inconvenience for consumers, the current approach is expensive to maintain and inadequate in serving an increasingly digital financial services industry. As trusted authenticators of identity, a new standardised approach by financial services organisation could enable wider societal benefits, while also unlocking new opportunities for the industry. However, moving from the current fragmented identity infrastructure to a standardised financial services passport would require overcoming several challenges; from the competitive dynamics in financial services, to the extent and scope of liability, whilst simultaneously maintaining KYC and AML compliance.

In the first instance, the scope of a financial services passport needs to be more clearly defined. This requires a technology roadmap that can match objectives and requirements in managing digital identities in financial services with technical solutions and provide a feel for how trends may already be shaping the market in this space.

So what would a practical financial services passport actually look like? In the techUK discussions, we explored three broad architectures using the technology roadmap referred to above. 

  1. A centralised solution, some sort of KYC utility funded by the banks. This was seen as being the cheapest solution, but with some problems of governance and control. It could also be a single point of failure for the financial system and therefore unwise given that we are now in a cyberwar without end.

  2. A decentralised “blockchain” (it wouldn’t really be a blockchain, of course, it would be some form of shared ledger) where financial institutions (and regulators) would operate the nodes and all of the identity crud (“create, read, update and delete”) would be recorded permanently.

  3. A federated solution where each bank would be responsible for managing the identities of its own customers and providing relevant information to other banks as and when required. 

At the time, I thought that the third option was probably best but I’m open to rational debate around the topic. The way that I envisage this working was straightforward: my bank creates a financial services passport using the KYC data that it already has and “stamps” the passport with a minimum set of attributes needed to enable transactions. So Barclays would create an FSP for me. Then, when I go to Nationwide to apply for a mortgage, I could present that FSP to Nationwide and save them (and me) the time, trouble and cost of KYC. Instead of asking me for my bank account details, home address and inside leg measurement, Nationwide can use the stamps in my passport.

As I recall, the technology bit of this was easy but there were two discussions about this that were difficult. One was about liability (I advocate the “Identrust model” of transaction liability) and the other was about payment (I advocate an interchange model where the organisation using the passport pays the passport originator).

Let’s just say for sake of argument though that in response to Mr. Carney’s comments, the FCA decided on a federated solution using the three-domain identity (3DID) model. It would look like this:

3DID Bank Framework

 

All of the standards and technologies needed to make this happen already exist except in one area. The banks already do the KYC in the Identification Domain, we have FIDO and biometrics and mandatory Secure Customer Authentication (SCA) in the Authentication Domain and the tools that we need in the Authorisation Domain.

Let’s imagine that the digital identity is, basically, a key pair. In this case, the virtual identity is then a public key certificate that carries the attributes – the data about a person – that is necessary to enable transactions, as shown below. The attributes are digitally-signed by organisations that are trusted. This is where we need some standardisation to define attributes (eg, IS_A_PERSON, IS_OVER_18, HAS_OVERDRAFT_AGREEMENT or whatever). Were the Bank of England to make the banks get their act together and start doing something about this, maybe they could do what they did for Open Banking and set up an Financial Passport Implementation Entity (FPIE) to draw up the formats and standards for Persona that can be used by developers to start work right away.

Virtual Financial Services

Note that this special case, where the virtual identity is the same as the “real” identity is only one case. Barclays and others might well give me (or charge me for) other virtual identities, with the most obvious example being an “adult” identity that does not contain any personally-identifiable information for use in internet dating and so on.

In 2014, I wrote “what about a financial services passport?”. It is a testament to the power of my writing and my great influence in the financial services community that it has taken a mere five years for this idea to reach the governor and for him to put it forward as a way to “harmonise the various different systems of online identity checking”. Let’s hope that more people listen to him than listened to me.

Ten more years

We’ve just had Bitcoin’s tenth birthday, so like most other electronic payment aficionados I’ve been mulling over the trajectory of the noted peer-to-peer electronic cash system. My interest in it goes back long way. I was  invited to speak to the first European Bitcoin conference in Prague back in 2011 having previously given perspectives on the project — in blogs, magazines and even on BBC radio — that were not especially enthusiastic. As an example, in Prospect Magazine back in 2011 I wrote “while many of us would like currency management taken away from governments, that doesn’t mean an unmanaged solution will be any better”.

That Prague conference was therefore an opportunity for me to learn more about Bitcoin and the Bitcoin community as well as to test my arguments with an informed crowd. My views didn’t change – I still didn’t think Bitcoin would crack the mass market – but looking back on it now is a fascinating slice of early Bitcoin life.

In the first presentation, Sergey Kurtsev from IMCEX said that anonymity is misunderstood and that the public don’t need it. I was upset about this, not because he was absolutely correct about it, but because it was going to be the subject of my talk in the afternoon. So it led to some emergency last-minute Keynote acrobatics on my part!

Amir Taaki from the Bitcoin Consultancy gave a presentation that was quite wide-ranging so I will use that presentation as a peg to hang a few comments on. He said, essentially, that there were three problems with Bitcoin: the marketplace, the technology and finance.

  1. Marketplace. Amir said that consumers had no reason to use Bitcoin because attributes that Bitcoin projects (such as that anonymity) are not valued by consumers and the merchants obviously don’t see enough value to drive consumers towards it. I don’t see that anything has changed in the last decade. As I pointed out in 2015, if there’s no demand for Bitcoin for porn, then there’s no future for it as a means of exchange!

  2. Technology. There were scale issues, as people much cleverer than me (e.g., Ben Laurie) pointed out at the very beginning, but the key technology issue was that it was hard to use. Now it’s a bit easier because you have a variety of Bitcoin wallets to choose from.

  3. Finance. Amir made a point about “compromising events”. He said that if you want people to hold Bitcoins instead of dollars or gold, they have to have real faith. Every time they read about exchanges crashing and money vanishing that becomes more unlikely. As I have posted with wearying repetition on Twitter across the last decade “help I want my anonymous, untraceable digital cash back!”.

When it came to my talk (which you can see below), I did try to make constructive criticism. I tried to highlight some areas of commerce where the existing mass market solutions might be vulnerable to well-crafted alternatives (e.g., social networking, games, kids) or where a significant improvement in security would generate value.

 

( I also emphasis, as I recall, that any realistic mass-market solution must be mobile-centric.)

Overall, as I’d previously written, I was unconvinced that Bitcoin would make a good currency or scale into the mainstream economy, mainly because the anonymity that was the attractive feature to the early-adopting bitcoiners was not attractive to the mass market. I still don’t see any traction for Bitcoin in the mass market. Back in 2015, I set off to visit Swindon on the 20th anniversary of the launch of the UK Mondex scheme (an offline, smartcard-based form of electronic cash) and discovered a shop advertising that they accepted Bitcoin. But when I attempted to pay with Mr. Nakamoto’s peer-to-peer electronic cash system, no-one could remember the password and when I asked to speak to the manager, he told me that no customer had ever asked to pay with Bitcoin anyway. 

Bitcoin at POS in Swindon

 

(Swindon, once twinned with Disney World, is the epicentre and bellwether of the transition to new forms of money. In two decades it went from a place where no-one used Mondex to a place where no-one used Bitcoin.)

More interestingly, with the perspective of hindsight, a couple of the speakers at the event suggested creating a scheme on top of Bitcoin rather than use Bitcoin itself, which to my mind adumbrates the evolution of the token, which I do think has more chance of success. I wrote about this last year, saying that I see Bitcoin and its cousins not as prototypes but as a base layer that will be used by some, but not by most, people to make real transactions in the future. I think most transactions will take place at the token layer, exchanging bearer assets over an efficient (no clearing or settlement) transaction layer.

So the blockchain is new and so on… and yet… the idea of a trading “money like” instruments without clearing and settlement is hugely appealing. This not on idealogical grounds but on economic ones: it’s cheaper.

Whether the transaction layer underneath will be Bitcoin or not is anyone’s guess, although I suspect it will not. If the function of the transaction layer is to be a global, shared resource for security infrastructure then the protocol will surely need to be optimised in that direction and the operations will surely need to be organised in such a way as to prevent any well-funded (at the National State level) attacker from being able to control sufficient of the necessary resources to subvert or disrupt that infrastructure. No-one is going to move their stock market over to a platform where trading might be disrupted by crypto-kitties.

“Do you want a shot of novocain? / No, I want a shot of you getting a diploma.”

There’s been yet another story about fake medical qualifications in the news. A woman from New Zealand spent a couple of decades working as a consultant psychiatrist in our National Health Service (NHS) before it was discovered that she had made up her medical degree and forged a bogus letter of recommendation from Pakistan. The deception only came to light after she had been convicted of trying to defraud an elderly patient.

Now, I rather imagine that if I were a hospital or a medical centre or a GP practice employing a new doctor, I might be tempted to at least look them up on LinkedIn or something before I let them get their hands on a patient but I suppose that under the NHS it’s considered ungentlemanly or discriminatory or just plain rude to ask a prospective clinical employee for verifiable evidence of any valid qualifications. We are English, so we take people at their word. Unfortunately, dictum meum pactum. May not survive the 

While fake doctors seem to be something of an issue, as I have written before, I am English and therefore far more concerned about the epidemic of deceptive dentists across our green and pleasant land.

When I read that a “bogus dentist with no qualifications managed to fool her employers at NHS hospitals for nine years before being discovered” it makes me shiver.

When I see a woman convicted at Birmingham Magistrates’ Court on two charges of carrying out dentistry work without holding any dentistry qualifications, I get twitchy.

When I find out that Manchester Magistrates Court convicted a man who had no dentist qualifications, used a false name and was fraudulently using the registration number of a genuine dentist, I begin to think about leaving the country for good.

When I discover that a bogus dentist (an asylum seeker who told immigration officers he had a dental practice in Iran) took a dead dentist’s identity, drilled without a local anaesthetic and did expensive fillings that crumbled within days, I have trouble sleeping.

(Which again reminds me of the late lamented Robert Schimmel’s joke about visiting the dentist: “Do you want a shot of novocain? / No, I want a shot of you getting a diploma.”)

How can this happen, you might wonder, in a world where the blockchain exists? As Don and Alex Tapscott remind us in “Blockchain Revolution”, the “blockchain can hold any legal document, from deeds and marriage licenses to educational degrees and birth certificates”. And indeed managing educational qualifications seems to be one of those things I hear about at conferences where the magical properties of the blockchain are going to transform the sector and bring about a new era of peace and prosperity.

But how?

Suppose there was some global educational qualifications blockchain. That wouldn’t by itself fix anything as far as I can see. How exactly would the blockchain stop fake dentists from fixing my teeth with superglue and polyfilla?

I happened to look at a couple of projects in this space earlier in the year, and I can tell you that much of the wishful thinking projected onto the blockchain is really nothing about consensus or immutability but, as in so many other cases, really all about interoperability. There is no global standard for education qualifications, there is no global trust framework for organisations able to create qualifications (and their regulators) and there is no global infrastructure for digital signatures in that framework.

Think about it. If you present me with a Ph.D in Quantum Philosophy from the University of Woking, I need to be able to establish a trust chain that tells that there is a WokingU, that WokingU was authorised to award Ph.Ds at the time that you’re Ph.D was awarded, that the Ph.D you are presenting is real and signed by WokingU and that you are indeed the subject of the Ph.D award.

All of these problems have to be solved before we get near to figuring out whether a global blockchain might or might not be a better place to store such qualifications that either a global database of qualifications or a scheme for federating qualification repositories.

Gold cards vs. gold cards

According to a reputable news source (well, the Daily Mail) the Royal Mint is casting (sic) around to find things to do when the Treasury caves to the inevitable and tells them to quit wasting everyone’s time and money by minting coins. They’ve come up with the idea of making a credit card out of real gold. They are apparently working on ways to get 18-carat gold cards to work in ATMs and, of course, at contactless terminals.

The cards will have the owners signature engraved on the back (I’ve no idea why, since the card schemes are discontinuing the use of the pointless signature panels on cards) and will apparently be worth $3,000 each which (as a number of Twitterwags immediately pointed out) will greatly increase the number of fake ATMs in the streets around Belgravia after midnight.

This isn’t the Royal Mint’s idea, of course. They stole it wholesale from 30 Rock a few years ago.

There’s another kind of gold card that is worth considering: not one that is made of gold, but one that is backed by gold. I wrote about this idea more than a decade ago, using the example of an Islamic electronic gold card, saying…

“Given the desire to transact with the convenience of a card but in a non-interest bearing currency, it would seem to be a straightforward proposition to offer a gold card that is actually denominated in gold. An Islamic person tenders their chip & PIN gold card in Oxford Street to buy a pair of shoes: to the system it’s just another foreign currency transaction that is translated into grams of gold on the statement. If, at the end of the month, the person has used more gold than they have in their account then they can use some of the bank’s gold for a time at a fee. Hey presto, no interest. And if said Islamic person wants their gold then they can, in principle, go to the relevant depository and draw it out (minus a handling fee, naturally). Would interested credit card issuers form an orderly queue, please?”

Nowadays you’d implement the gold card as a cryptoasset that is institutionally linked to gold in a depository I suppose, but the idea of a turning store-of-value gold into means-of-exchange e-gold remains interesting: there are a great many people around the world who would prefer to pay and save in gold rather than any more modern medium. As it happens, the Royal Mint were go to have a go at this too with their RMG blockchain-based crypto asset until the spoilsports at the Treasury told them to knock it off and get back to making commemorative Brexit 50p coins.

So gold cards, or cards backed by gold or cards backed by assets backed by gold? My bet is that in the long run regulated token markets will win out but I’m genuinely curious as to your opinions on this.

[updated 29th October 2018 to include the government tell Royal Mint to stop crypto asset development.]

Twenty Years Ago!

………..the second Consult Hyperion seminar on……….

………….. D I G I T A L … M O N E Y …………….

The Tower Thistle Hotel London March 8-9th 1999

………………Confirmed Programme…………………

Day One: Economic & Business Issues

Chair Duncan Goldie-Scot Editor, Financial Times Virtual Finance Report

Keynote Address: European Multiple Currencies Sir Richard Body, M.P.

Digital Money is a Social Issue David Birch, Director, Consult Hyperion.

The European Digital Money Picture Dag Fjortoft, Deputy General Manager, Europay International.

Telecommunication Service Providers as Payment Operators Norman Bishop, Product Manager for Micropayments and E-Cash, BT.

Retailing and Digital Currencies Paul Arnold, Head of Tesco Direct.

The European Mass Market: Digital TV’s Requirements for Digital Money Richard Cass, Transactional Commerce Manager, British Interactive Broadcasting

Digital Money and Digital Phones: Europe’s Advantage Tim Baker, Wireless Marketing Comms. Manager, Gemplus

Transforming Businesses with Digital Money John Noakes, Business Manager for E-Commerce & Supply Chain, Microsoft UK.

Day Two: Regulatory & Technical Issues

Chair Ian Christie Deputy Director, DEMOS

A Legal Pespective on Digital Money in Europe Conor Ward, Partner in Computers, Communications & Media, Lovell White Durrant.

A View from the European Commission Philippe Lefebrve, Head of Sector in Financial Systems, European Commission DGIII.

The Technologies of Digital Money Marcus Hooper, Principal Payments Technologist, IBM United Kingdom.

Visa and Digital Money Jon Prideaux, Executive VP New Products (EU Region), Visa International.

Making Digital Money Work. Tim Jones, Managing Director of Retail Banking, National Westminster Bank plc.

Experiences from an Operational Micropayment Scheme Nigel Moloney, Senior Manager in Emerging Markets Group, Barclays Bank.

Mondex: A Status Report Victoria Mejevitch, Mondex Product Manager, Mondex International.

The Common Electronic Purse Specification (CEPS) Daniel Skala, Executive VP for Sales, Proton World International.

Brazil? Ah, I get it…

I was as alarmed as I am sure all of you were to read a story in Computing telling how EMV cards could be cloned with malware. Now, as you might imagine, were this to be true it would be a matter of the highest priority in the world of card issuers. If EMV cards could be cloned (spoiler alert: they can’t) then the whole world of payment cards would collapse. Since my I spend some of my time in that world, yet hadn’t heard anything about this catastrophic turn of events, I was naturally curious as to the accuracy of the report. Delving further into the “news” story, I found the interesting qualification that the fake cards work “on virtually any Brazilian POS system”.

Brazilian POS systems? What? Ah, wait… Now I know that they are talking about. Sadly, this yonks old hack won’t work in most places any more. But it does work in a few remaining places, and Brazil is one of them. Why? Well because Latin America, an early adopter of EMV, is still heavily reliant on “static data authentication chips”, which allow the criminals exploiting them to create usable new chip cards with the data that they can extract.

Thus problem isn’t that “EMV cards” can be cloned. They can’t. The problem is the use of Static Data Authentication (SDA) in EMV. We all knew about this many years ago. In fact, although lots of people knew about this, at the time we thought it would have been irresponsible to blog about it, so I put it to one side until stimulated by an enquiry from Brazil, I finally wrote about it back in 2014, explaining in detail what the problem was, how it was fixed and why it was no longer a worry.

So, no need to panic. Having put your mind at rest (unless you are a Brazilian card issuer, in which case my colleagues at Consult Hyperion stand ready to answer your call) I cannot resist re-telling the story that explains what the “malware” does…

Many years ago, when my colleague at Consult Hyperion were testing SDA cards in the UK, we used to make our own EMV cards. To do this, we essentially we took valid card data and loaded it onto our own Java cards. These are what we in the business call “white plastic”, because they are a white plastic card with a chip on it but otherwise completely blank. Since our white plastic do-it-yourself EMV cards could not generate the correct cryptogram (because you can’t get the necessary key out of the chip on the real card, which is why you can’t make clones of EMV cards), we just set the cryptogram value to be “SDA ANTICS” or whatever (in hex). This is what the criminals referred to in the story are doing. Now, if the card issuer is checking the cryptograms properly, they will spot the invalid cryptogram and reject the transaction. But if they are not checking the cryptograms, then the transaction will go through.

Untitled

You might call these cards pseudo-clones. They act like clones in that they work correctly in the terminals, but they are not real clones because they don’t have the right keys inside them. Naturally, if you make one of these pseudo-clones, you don’t want to be bothered with PIN management so you make it into what is called a “yes card” – instead of programming the chip to check that the correct PIN is entered, you programme it to respond “yes” to whatever PIN is entered.

We used these pseudo-clone cards in a number of shops in Guildford as part of our testing processes to make sure that issuers were checking the cryptograms properly. Not once did any of the Guildford shopkeepers bat an eyelid about us putting these strange blank white cards into their terminals. But I heard a different story from a Brazilian contact. He discovered that a Brazilian bank was issuing SDA cards and he wanted to find out whether the bank was actually checking cryptograms properly (they weren’t). In order to determine this he made a white plastic pseudo-clone card and went into a shop to try it out.

Untitled

When he put the completely white card into the terminal, the Brazilian shopkeeper stopped him and asked him what he was doing and what this completely blank white card was, clearly suspecting some misbehaviour.

The guy, thinking quickly, told him that it was one of the new Apple credit cards!

Cool” said the shopkeeper, “How can I get one?”.

The Bitcoin rule of thirds, and what Bitcoin tells us about the future of money

In my presentation to Seamless Payments in Australia, I made reference in passing to the nature of the Bitcoin universe and how informs thinking, so I thought I’d take the time to explore that thinking in a little more detail to explain my comments.

I don’t have the exact figures to hand, but as I understand it the Bitcoin coinbase breaks down roughly into thirds…

 A third of them are lost (well, last year 23% but I think it will get worse as more people forget their passwords). This is because (like me) someone wiped their old phone wallet away and forgot to transfer it over to their new phone wallet first or because they accidentally threw away the old hard disk with all the Bitcoins on them or because the dog ate the Bicoin cold wallet or because they died or whatever. As Jonathan Levin of Chainalysis, who I regard as the “go to guy” for tracing Bitcoins, told NPR in January: “For the people that have lost their bitcoins, I say tough luck”.

(These lost Bitcoins, as my good friend Steve Bowbrick rather eloquently observed, are like treasure in sunken galleons waiting to be discovered by an intrepid explorer in the very latest kind of submarine. Which, in this instance, would be a quantum computer. It’s not only Bitcoin tucked away in these sunken galleons, by the way. There’s half a billion dollars in Ethereum stuck in just one Ethereum address: it’s the address “0”, essentially. In July 2016 someone accidentally sent ETH 1,493, currently worth more than a million dollars to that address. And thanks to the magic of the cryptography, it will stay there until the quantum submarine can uncover it.)

Another third of the Bitcoins are in the hands of the .0001%, the cryptoscenti. Bloomberg estimated that a few hundred people at most own these Bitcoins, but I’ve heard estimates that fewer than 50 people have the lion’s share. These are the people who have every interest in driving the value of Bitcoin higher so that they can cash out at a steady rate. If they dump their coins, that will drive the price down (a row has just been going on about the sale of the Mt. Gox assets for this very reason), so they need a rising market where they can convert Bitcoin to one Lambourghini at a time.

Meanwhile the other millions of Bitcoin peasants scrabble for their share of the remaining third. This distribution makes America look like a kibbutz in comparison and stands testimony to the deranged nature of utopian projections around this “digital gold” for the masses. So, to get to the question that I was asked on Sky News a few weeks ago, what does the Bitcoin market tell us about the future of money?

Nothing.

I’m not sure that the state of Bitcoin, or indeed the history of Bitcoin, tells us very much about the future of Bitcoin or money. It’s not anonymous enough for criminal enterprise on a large scale (and there is every evidence that criminals are turning to crypto alternatives) and it’s not functional enough to be a mass-market medium of exchange. If it is to remain a store of value beyond speculation then it must be useful for something and I’m at a loss as to what that something might be, although I’m perfectly prepared to believe that it’s because I grew up in an era of chip and PIN cards and ApplePay.

Does that mean that we should ignore it? No, of course not. There are many different ways to look at Bitcoin and it deserves study as a much as a social and political phenomenon as it does as a technological and economic one. What’s more, it does tell us something about the future. In yesterday’s Financial Times, Benoît Cœuré and Jacqueline Loh from the Bank for International Settlements (BIS) said that “while bitcoin and its cousins are something of a mirage, they might be an early sign of change, just as Palm Pilots paved the way for today’s smartphones“.

Values, Tokens, Accounts

I agree, but in a slightly different way. I see Bitcoin and its cousins not as prototypes but as a base layer — as shown in this “thinking out loud” picture that I’ve been using to explore these ideas — that will be used by some, but not by most, people to make real transactions in the future. I think most transactions will take place at the token layer, exchanging bearer assets over an efficient (no clearing or settlement) transaction layer. And most of those transactions will be pseudonymous, but some will be linked through accounts to people and organisations. 

Seamless Sydney

So what can we guess about the future of money, given what we have learned so far? Well, as I said in my Seamless Payments presentation what we may have learned is that the token economy is a more accurate pointer toward the future of money than the underlying cryptocurrencies are, because the tokens link the values managed on shared ledgers to the “real world”. There’s a logic to this model of “the blockchain” as the security infrastructure for a token economy and I really enjoyed engaging with the good people of Sydney on this view of the emerging cryptoeconomy.