Don’t listen to technologists (eg, me) listen to the anthropologists

I thoroughly enjoyed the FS Club discussion with eminent futurologists looking back on their predictions from the year 2000 (and learning from them where they were wrong) and looking forward t0 2040. I especially enjoyed it because one of the speakers was Gill Ringland. Gill is now a Director of Ethical Reading, set up to energise an ethical business climate in the Thames Valley, but in the past was head of strategy at ICL amongst other things. I had the good fortune to meet her way back, at the 2012 Digital Money Forum.  I’d been very impressed by a report that she’d written and asked her to come along and give a presentation about it. She gave a super talk about her exploration of the world of financial services in 2050 from the report “In Safe Hands” (published at Long Finance).

IMFS Scenarios

I wrote at the time that she had used a tried and tested scenario planning technique (the same one that I always use these days) to generate a 2×2 matrix of four scenarios imagined using the “Washington consensus” vs. “Community-based values” on one axis and “mundane” and “virtual” (essentially) on the other axis to reflect the extent to which real or virtual communities come to shape the economy and therefore financial services. Gill explained at the time that in order to create scenarios (i.e., internally-consistent views of possible futures) for a generation from now, she found it useful to look two generations back, and consider the asset classes managed by the financial services industry in 1930. These were broadly commodities, cash, equities and brains. Looking forward, she added a fifth asset class based on demographics for 2050.

Transactions, therefore, become the exchange of these asset classes (but in digital form, of course). This seems to me especially interesting in a city-centric context because, for example, a permit to reside in a desirable city could well become a key tradable commodity. Indeed, this view was reinforced in the FS Club discussion, where the even more expensive view that cities might begin to dictate the policies and trajectories of the nation state was put forward. In this context, Gill’s prescient narrative of the “C50” (the organisation of the 50 richest city-states that will replace the G20 as the mechanism for “managing” the world economy) which came from her “Many Hands” scenario, forms a solid narrative around the future economic organisation of a successful, functional world. As Martin Wolf wrote in the FT around that time “this is the age of cities, not of national economies” (going to say that “it is high time London became a true city state).

(This surely implies that the “cash” of cities will become the most important kind to the average person. In other words, having abandoned Sterling for London Lolly and US Dollars for New York Notes and LA Loonies, will these be sufficient to provide the medium of exchange for the future economy. Right now, almost all transactions are local and even at the national level only 1%-2% of European transactions are cross border. If I live in London and use London Lolly for the train, for lunch and at the supermarket, is it such a big deal to convert it to Moscow Moolah to buy something online? Especially when your phone does it for you?)

A world economy built up from cities and their hinterlands will obviously demand different financial services and institutions from one based on national economies. This was foreseen by the wonderful Jane Jacobs’ work “Cities and the Wealth of Nations” that was published way back in 1984. My Jacobs-influenced city-centric perspective was reinforced when I happened to read a Canvas8 report “The city an an identity anchor” (which echoed Gill’s points about identity, which I’ll return to in a minute) and then the World Economic Forum (WEF) 2017 report “Cities, not nation states, will determine our future survival”.

What this means to me is that the future sense of identity will be city-centric, with people seeing themselves as Londoners and New Yorkers rather than Brits and Yanks, a view that the COVD-19 crisis seems to have reinforced. Their loyalties will be more local than ours and the relationships between cities will replace the relationships between countries as the most important tensions and dynamics. I can’t help but wonder if cities will begin by forming trade pacts and then moving on to form defence alliances, bearing in mind that the wars of the future will be fought in cyberspace. Never mind national identity in the India (Aadhar) model or provincial identities as in Canada. What if these specific city identities are the core of the future digital identity models?

Passports in Pimlico

This leads me to wonder yet again what the model of city-centric identity might be. How will those identities relate to trade, commerce and society as a whole? Which attributes will be the valuable ones (beyond is_a_person, of course) and which will atrophy to form vestigial credentials of no practical value? When discussing the C50 scenarios back in 2012, Gill made a passing but powerful observation on future transactions and it has stayed central to my thinking on the topic. She said that individuals will protect their “personal identity, credit ratings and parking spaces” at all costs and I think this is a powerful and imaginative narrative to group ideas about attributes and credentials.

Personal identity. I might take issue with Gill here and say “personal identities” but I know what she means. An infrastructure that delivers both security and privacy to identity transactions of call kinds will be needed to support the reputation economy of the networked society. There is no possibility of social media and social democracy co-existing in this future scenario without such an infrastructure.

Credit rating. The commercial reputation that means that you can buy or sell, whether an individual or an organisation will be central to economic existence. In a networked society, this is more likely to be something that comes from the social graph than the conventional credit rating of today.

Parking spaces. This means the (tradeable) right to reside in a particular place. These rights will certainly be of critical importance to the individual, since their own identity will be closely related to the city (and hinterland) of residence. There’s no reason why (for example) London and Scotland should have the same immigration rules. If that sounds a little far-fetched, I can tell you that it is happening right now. I came across an interesting case study from Denmark via the social anthropologist Camilla Ida Ravnbol from the University of Copenhagen. Since the COVID-19 crisis has restricted travel, any “permission to work in Copenhagen” document has become a valuable traded commodity in the marginalised Roma community that needs access to the city to earn money (by collecting materials for recycling, for example).

In the language of digital identity, digital money and digital diligence, then, this line of thinking imagines a reputation economy anchored in the mundane which is (as I explored in my book “Before Babylon, Beyond Bitcoin“) a landscape animated by new technology but shaped by physical as well as virtual communities. What does this all mean for transactions? What does it mean for the future of the financial system? Or, more specifically, to answer the question asked at the very beginning, what does it mean for the world in 2040?

Well, I don’t know. But if I wanted to find out, I’d start by talking to social anthropologists. Fortunately, Camilla I will be chairing a session that touches on these issues along with Atreyee Sen at the European Association of Social Anthropologists conference in July. As the conference is now online, you can sign up and log in online to join us here. We are Panel 57, “Digital encounters, cashless cultures: Ethnographic perspectives on the impact of digital finance on economic communities”, so please do pop in and take part in the discussion.

 

What is the point of the “travel rule”?

A couple of years ago, as you may have read in the Financial Times at the time, the Financial Action Task Force (FATF) extended their recommendations to include cryptocurrency exchange and wallet providers and such like, referred to as Virtual Asset Service Providers (VASPs). This meant that all countries must supervise and monitor these, and that they should apply anti-money laundering and anti-terrorist financing controls: that is, customer due diligence (CDD), suspicious transaction reporting (STR) and the “travel rule”.

The decision to apply the same travel rule on VASPs as on traditional financial institutions was greeted with some dismay in the cryptocurrency world, because it means that the service providers must collect and exchange customer information during transactions. The technically non-binding guidance on how member jurisdictions should regulate their ‘virtual asset’ marketplace included the contentious detail that whenever a user of one exchange sends cryptocurrency worth more than 1,000 dollars or euros to a user of a different exchange, the originating exchange must send identifying information about both the sender and the intended recipient to the beneficiary exchange. The information must also be recorded and made available to “appropriate authorities on request”.

This identifying information, according to the FATF Interpretive Note to Recommendation 16, should include name and account number of the originator and benefactor, the originator’s (physical) address, national identity number (or something similar) or date and place of birth. In essence, this means that personal information will be smeared all over the interweb tubes. My good friend Simon Lelieveldt, who is very well-informed and level-headed about such things, said at the time that this is a “disproportional silly measure by regulators who don’t understand blockchain technology”, which may be a little harsh even if not too far from the truth.

Anyway, some folks from the land of crypto have put together a standard for implementing the travel rule in the hope of spurring interoperability and reducing the costs for all involved. The standard, known as IVMS101, defines a uniform model for data that must be exchanged by virtual asset service providers (VASPs) alongside cryptocurrency transactions. The standard (you can download it here) will identify the senders and receivers of crypto payments, with such information “traveling” alongside the cryptocurrency transactions but along a separate path (that is, the IVMS101 messages do not themselves need the blockchain or any other crypto infrastructure).

(If you are wondering why it’s called IVMS101, it’s because the SWIFT MT101 message is the global standard request for the electronic transfer of funds from one account to another. For those of us in the payments world, MT101 is mother’s milk: mandatory Tag 20 Sender Reference, optional Tag 21 Customer Specified Reference and so on and so on. The MT101 message is used throughout the business world to send bulk payment instructions (ie, a header and multiple payment instructions in a single message). There is also the MT103 message that instructs a single transfer but this is mainly used to move funds between banks and other financial institutions such as money transfer companies.)

IVMS101 is pretty thorough and it sets out in detail what messages should be passed from (eg) one Bitcoin exchange to another, along the lines of:

if the originator is a NaturalPerson then either (
     geographicAddress
with an addressType value of GEOG or HOME or BIZZ
     and/or customerNumber
     and/or nationalIdentification
     and/or dateAndPlaceOfBirth )
is required.

This sort of thing is needed because there’s no global standard digital identity that could be attached to messages so market participants have to make do with national solutions or proxies. Nevertheless, it’s a good standard (as you’d expect when you see who wrote it) but uncharitable persons might well be asking what the point of it is because law enforcement agencies can already get this information by presenting a warrant. What the travel rule does is to, essentially, automate mass surveillance without a warrant or any other oversight and force personal information on to marketplace intermediaries (where, in my opinion, it doesn’t belong – my date and place of birth is no business of either intermediary exchanges or, indeed, the destination exchange). What’s more, since the travel rule is for value transfers between exchanges, it seems rather unlikely that it will catch any criminal flows at all.

I, for example, have a Coinbase hosted Bitcoin wallet and a Bitcoin wallet on a USB stick. If I want to send money to criminals, I will transfer it from my Coinbase wallet to my USB wallet and then from my USB wallet off via mixers to the criminal’s USB wallet and the travel rule is irrelevant. The uncharitable people mentioned earlier will undoubtedly observe that since the actual travel rule doesn’t seem to have stopped money laundering which is a massive global industry, there’s no obvious reason why the virtual travel rule will stop electronic money laundering on a similar grand scale.

Writing in this month’s Chartwell “Compass” magazine, Omar Magana hits the nail on the head with respect to the travel rule, asking if “the enforcement of a regulation that was created over 20 years ago for a fast-evolving industry, may not be the best approach”. Note that he is not arguing against regulation, he is arguing (as I do) for a form of regulation more appropriate for our age (for which I use the umbrella term “Digital Due Diligence”, or DDD) using artificial intelligence and machine learning to track, trace and connect the dots to find the bad actors.

I am genuinely curious to learn more about whether the travel rule will make the slightest difference to the money launderers, so please do let me know in the comments whether such scepticism is misguided or whether the travel rule will make the world a safer place.

Some off-the-cuff comments on in-the-cuff payments

It’s amazing what sort of things trendy youngsters in the payments space are getting up to these days. Only today, I read that the UK-based DressCode has released “the ultimate in geek chic“, which turns out to be a shirt with a pocket in the cuff to hold a contactless chip for payments.

The ultimate in geek chic? Sorry dudes. I had a Thomas Pink “Commuter” shirt back in 2006! The Commuter shirt had two features that I really liked at the time. It had a channel running up the inside to carry earphone cables tucked away out of sight. These connected through a hole in a side pocket so that you could keep your iPod snug and out of the way while strolling through London’s fashionable West End listening to the mighty Hawkwind. The shirt also had that second pocket in the cuff to hold a contactless card.

It was designed really for Oyster cards, but we put Visa cards in the pocket to make purchases using standard POS terminals with contactless interfaces. As I recall, we bought a few of them as presents for some of our favourite customers as well! Anyway, I went upstairs and got it out of the wardrobe to model it for you:

Untitled

The point I used to make was that contactless was about more than the interface, it was about form factors and that it would lead to innovation and I used the shirt to show an example of innovation beyond the card itself. Although the shirt was fun and helped to make an interesting demo about contactless payments in conference presentations, I thought it had two design flaws.

First of all, the pocket was behind the cuff on the top of the wrist. This meant you had to lay the back of your forearm across the contactless POS terminal or Oyster card reader. The pocket really should have been on the underneath of the forearm near the wrist to make paying a more natural action.

The second problem was that if you were wearing a suit and coat, it was hard to get the card close enough for the reader. I remember thinking at the time that I wished that the pocket was in my suit rather than in my shirt.

Naturally, being a consultant rather than an entrepreneurial business go-getter my thoughts went no further. I was surprised to see that only eight years later some entrepreneurial Aussies went and did just as I’d thought about, and put the payment card pocket in the suit! I found out that the dynamic and chic (I assume) menswear specialists M.J. Bale and Visa had teamed up to create a suit with a contactless payment chip and antenna woven into the sleeve! Apparently the “power suit will let men pay ‘invisibly’ wherever Visa payWave is accepted”. I expect they were planning something for the ladies too but it’s not mentioned in the article.

 

Anyway, how fun. These days of course I wouldn’t use either the cable run (because I have AirPods – in fact I have AirPods2 which are absolutely awesome) or the card (because I have a smartphone and that’s what I use to pay). Nevertheless, I wish DressCode all the best with their chic project.

Unknown, known and verified

The stain of racism in football is, you will be unsurprised to learn, not confined to Bulgarian stadia. It’s a serious and unpleasant problem on social media too. To the extent that the noted association footballer Mr. Harold Macguire has been talking about it. According to The Daily Telegraph, “Maguire urged Instagram and Twitter to make users identify themselves in the same way as betting apps after his teammate Paul Pogba was subjected to a torrent of ‘disgusting’ racial abuse from anonymous trolls”.

Many other people seem to think that we should do something about this. Following Mr. Macguire’s analysis, the historian Damian Collins MP (chair of the Digital, Culture, Media and Sport select committee in the UK Parliament) said “Account verification should be more widely available and become the norm. I think accounts should be verified, it can’t be right that cowards and racists can hide behind the anonymity of social media to attack people, often using multiple bogus accounts”. This is an interesting observation that jumbles two different issues together: proving the account “David Beckham” points to a specific person, and proving that the specific person it points to is the former Manchester United winger David Beckham. The first is about attaching attributes to a real-world entity, the second about is about the reputation of the real world identity. Thinking these two things through separately is, I think, a key to finding a workable solution to the social media mess, but back to that later.

Another MP, the lawyer Norman Lamb (chair of the Science and Technology select committee) also commented, saying that if social media companies did not act to clean up abuse then the incoming online regulator should take action. It’s not clear to me what he means by “clean up abuse” since it seems implausible that Twitter could monitor billions of messages every day to remove those that cause any offence to anyone (I assume Mr. Lamb doesn’t want them to remove tweets calling for human rights in certain countries, for example).

(In fact it is not at all clear to me what the incoming regulator is going to do at all, but that it is a different matter.)

It’s also not clear to me what MPs and other commentators mean by “bogus accounts”. But from the context, I assume that they mean accounts that cannot be linked to some other identifier that MPs think is a legitimate form of identity, such as the aforementioned passport.

It’s not a new or interesting idea to try to link social media accounts to government-issued identity, as they do in (for example) China. A while back, to pick on one example, the noted entrepreneur Mark Cuban adumbrated Mr. Maguire by saying that “It’s time for @twitter to confirm a real name and real person behind every account, and for @facebook to to get far more stringent on the same. I don’t care what the user name is. But there needs to be a single human behind every individual account”.

Cuban is as wrong about the real names as Macguire and the MPs are, because anyone familiar with the topic of “real” names knows perfectly well that they make online problems worse rather than better. One example that springs to mind to illustrate this is when the dating platform OKCupid announced it would ask users go by their real names when using its service (the idea was to control harassment and promote community on the platform) but after something of a backlash from the users, they had to relent. Forcing the use of real names in a great many circumstances will mean harassment, abuse and perhaps even worse.

You can understand why. Why on Earth would you want people to know your “real” name? That should be for you to disclose when you want to and to whom you want to. In fact the necessity to present a real name will actually prevent transactions from taking place at all, because the transaction enabler isn’t names, it’s reputations. And pretty basic reputations at that. I think that online dating, frankly, provides a useful way of thinking about the general problem of online identity. In this case, just knowing that the object of your affections is actually a real person and not a bot (remember, in the famous case of the Ashley Madison hack, it turned out that almost all of the women on the site were actually bots) is probably the most important element of the reputational calculus central to online introductions, but after that? Your name? Your social media footprint? 

There are plenty of places where I would not want to log in with my “real” name or by using any information that might identify me: the comments section of national newspapers, for example. “Real” names don’t fix any problem because your “real” name is not an identifier, it is just an attribute (refer back to the David Beckham example) and it’s only one of elements that would need to be collected to ascertain the identity of the corresponding real-world legal entity anyway. 

What social media needs, and what will help with Mark Cuban’s actual problem with being sure that there is a “single human” behind an account, is the ability to determine whether you are a known real person or not. The problem with bots on social media is just as serious as the problem of racism. Without commenting on the politics of an individual issue, I could have chosen any of a thousand examples to make this point. Here’s just one, from the UK press yesterday: “Almost all of the ten most active Brexit Party supporters on Twitter appear to be automated bots, according to new research“.

The way forward is surely not for Twitter et al to try and figure out who is a bot and whether they should be banned (after all, there are plenty of good bots out there) but for Twitter et al to give their users the choice. Why can’t I tell Twitter that I only want to see tweets from real people that can be identified? It’s none of my business who the person actually is and it’s none of Twitter’s business either. But if someone knows that @dgwbirch is a real person, that’s enough. Harry Macguire can read my tweets in comfort, knowing that if I commit a criminal offence then the police can go to someone to find out who I am.

So who is that someone who knows whether I am a real person or not? Working out whether I am a person or not is a difficult problem if you are going to go by reverse Turing tests or Captchas. It’s much easier just to ask someone else who already knows whether I’m a bot or not.

There are plenty of candidates. There’s the Post Office I suppose. And the school. And the doctor. In fact, there are lots of people who could testify to my existence. But the obvious place to start is my bank. So, when I go to sign up for internet dating site, then instead of the dating site trying to work out whether I’m real or not, the dating site can bounce me to my bank (where I can be strongly authenticated using existing infrastructure) and then the bank can send back a token that says “yes this person is real and one of my customers”. It won’t say which customer, of course, because that’s none of the dating site’s business and when the dating site gets hacked it won’t have any customer names or addresses: only tokens. This resolves the Cuban paradox: now you can set your preferences against bots if you want to, but the identity of individuals is protected.

What is crucial here is the IS_A_PERSON attribute. Twitter, for example, should mark my account as of unknown origin until it sees this attribute. Of course, Twitter will want to see it in the form of a verifiable credential signed by someone who they can sue if it turns out I’m not a person after all, but you get the point. When I sign up to Twitter I am “unknown”. When they get a valid IS_A_PERSON credential from me, then my status changes to to “known”. Once I am known, then I can go on to be verified if I want to be.

Uknown to Verified - LinkedIn Version

 

Most normal people, I imagine, will leave their Twitter account in the default setting of “known only”. Some people might want to go tighter with “verified only”. If nutters want to post racist abuse about footballers, then they will be posting it to each other and the vast majority of us will never be bothered with them again.

(When I last tried to get my account verified at Twitter, they turned me down. They didn’t say why, but presumably they thought that some of my tweets must have been machine-generated or something.)

Look. This is an important issue that I have been posting about for years, to no avail. Anne Marie Slaughter summed the situation up in the FT last year, saying that “with the decline of traditional trusted intermediaries, and the discovery that social media account holders may well be bots, we will crave verifiability”. This is absolutely spot on, and we need to construct the networks capable of delivering this verifiability or we collapse into a dystopian discourse where no-one believes anything. The knee-jerk “present your passport to use Twitter” is not the way forward. Technology means that we can deliver verifiability in a privacy-enhancing manner, so let’s do it.

SCA and SSCA

We’re seeing a lot about strong customer authentication (SCA) at the moment because of the requirement of the Second Payment Services Directive (PSD2) that comes into force next week on Black Friday (Friday 13th September). That’s because there’s a lot of fraud online, it’s getting worse and the strong authentication of people (in this case, online customers) is seen as being a way to tackle it. PSD2 demands SCA, and this means that European banks and Payment Service Providers (PSPs) have had to up their game.

Strong authentication, in this context, means “two factor authentication” (2FA). What 2FA means is that you must present two “factors” to demonstrate you are who you say you are. The three factors you can choose from are something you have, something you are and something you know (or, in my case, something I had, something I was and something I’ve forgotten). When you buy something in a shop, for example, you present a credit card (something you have) and put in a PIN (something you know). When you enter the country, you present something you have (a passport) and show your face (something you are). SCA is already being implemented by the UK banks, although in an unpredictable manner. Some banks send a code via their mobile banking app, some send a text, some allow you to choose e-mail instead, some will call a landline and some require the use of a card-reader dongle-thingy. As far as I can tell, none of them use a common app such as Microsoft Authenticator.

I’m actually quite surprised to see that some of them are still using text messaging to send a “one time password” (OTP) to customers for authentication. It’s not because, as the British newspapers were quick to point out, people who can’t get a mobile signal or don’t own a mobile phone face, as The Guardian put, it being “frozen out of internet shopping as banks are increasingly insisting that online payments are verified by text”. This is indeed a valid concern, but what I find most disturbing about this report is that anyone is verifying online payments, or indeed any other important online transaction, by insisting that they are authenticated by text messages! With the explosion of “smishing” (ie, phishing attacks via SMS) and the daily tales of account takeover, bitcoin theft and payment fraud carried out via SMS, you really do have to wonder why text messaging is still being used in this context.

This is hardly a new issue. More than a decade ago I wrote about the comments of Charles Brookson, then the head of the GSMA security group who, when talking about the use of SMS for financial services, made the point that SMS has, to all intents and purposes, no security whatsoever. Structurally, it has always seemed to me to be irresponsible for financial institutions to rely for security on something that is not secure and over which they have no control. Given the prevalence of smart phones, you would think that SMS would be long gone, but it is only now that German banks, for example, are giving up on SMS OTP in response to the PSD2 requirements for SCA.

How will this SMS-less strong authentication be implemented? For payments it will be through the new version of the scheme’s “Three Domain Security” (3DS). 3DS version 2 introduces “frictionless authentication” and will be the main card authentication method used to deliver SCA in Europe. It works by allowing retailers and their PSP to send many more data elements with each transaction. These data elements – such as the shipping address, customer’s device identity and their transaction history – mean that the issuer can carry out more sophisticated risk management.to decide whether SCA is needed or not. In most cases, I would guess (since the issuers will use sophisticated risk management platforms with machine learning and all that sort of thing), no further authentication will be needed. But where it will be needed, Barclaycard (for example) can send a message to the Barclaycard app on my phone and ask me to authenticate myself.

(As it happens, Barclaycard have just sent me another “PINsentry” card reader together with an instructional pamphlet, so I will make every effort to use my Barclaycard online just so I can see how it works. Of course it means I’ll will have to carry the card reader and my Barclaycard around with me at all times in case I want to buy something online, but remember I do this so you don’t have to.)

Barclaycard PSD2 SCA 2FA

In my opinion, the best way forward now is through the bank apps themselves. Google found in their research on authentication for account recovery that whereas 2FA SMS stopped three-quarters of targeted attacks, in-app solutions stopped 90% (and 99% of bulk phishing attacks). It would be good if this approach was adopted across the board – not only for retail payments but for logging in to bank accounts, authorising transfers and everything else. But if customers get mixed up between expecting an e-mail or getting a text, seeing an in-app message sometimes but not other times, then fraudsters will be quick to exploit the situation. In which case (as I suspect) the introduction of strong authentication will actually leader to more fraud. We need both a better and more consistent approach to authentication for financial services. We need to standardise on the approach and the execution and the UX so that consumers can be confident that they are communicating with their bank or whoever.

Standard Strong Customer Authentication

My Consult Hyperion colleague Tim Richards recently set out this problem in a very clear way [The Paypers, 27th August 2019]. He asks us to imagine what would have happened if SCA had been mandated for face-to-face commerce but, as with PSD2, no technological solution was provided. In that case, instead of our EMV-standard chip and PIN payment system we would have had each bank creating its own solution. Then, as has happened online, every time a consumer went into a shop to buy something they would face a different authentication depending on their bank! Tim’s good advice is that regulators need to take a step back, “temporarily drop anti-competition laws and insist that banks come up with a minimum standard for SCA” to support growth in online commerce that is accompanied by real security because customers know what to expect and retailers aren’t disadvantaged by variable SCA experiences leading to cart abandonment.

He’s right, of course. And it terms of implementation it has long been clear that the best architecture for what I am now labelling Standard Strong Customer Authentication (or SSCA) is biometric authentication against a revocable token stored in tamper-resistant local storage. We all carry a device capable of implementing this design at a manageable cost: the mobile phone.

(As an aside, since the mobile phone operators control a standard item of tamper-resistant hardware in all phones — the SIM — why we are not all using a standard authentication from our mobile operators already is a mystery, but that’s a different point and I don’t want to get diverted by Mobile ID Connect here.)

This point is that with really strong authentication, your bank shouldn’t be sending you a text message or an e-mail or whatever, it should be using real cryptography to send a message to the bank app on your mobile phone. So, when you ty to buy something online with your Barclaycard your Barclaycard app pops up on your phone and asks you to authenticate.

If the bank (or anyone else) cannot reach the mobile app then there should be a standard fallback across all service providers which would probably be a voice call thus opening up the use of voice recognition and authentication. And if you are online buying something or transferring money to someone or closing an account and you can’t be reached via the mobile app or by a voice call well… then what are you doing buying things online in the first place?

Surely this is the most practical way forward now that the Financial Conduct Authority (FCA) has confirmed that it will not take enforcement action against businesses who do not implement SCA until March 2021, there is now some time to prepare a mobile-centric SSCA pathway for UK banks and businesses.

Posh and Blocks

While flicking through British Vogue magazine for some moisturising tips, I came across a mention of digital identity! I was surprised and delighted that (just as has happened another of my obsessions, Dungeons and Dragons) what was once the province of nerds and outsiders has become fashionable and cool. Hurrah! Vogue says that secure digital identities for luxury goods are crucial, which is great! I could not agree more. Digital identities are not only for people! I have been writing about the need for digital identities for things for many years, and not only for high fashion (a field where, oddly, I have some experience in the use of NFC applications. On mobile phones to scan designer clothes – but that’s another story).

LFW

 

Some years ago I asked if “the blockchain” (put to one side what this might mean for a moment) might be a way to tackle the issue of “ID for the Internet of Things” (#IDIoT). I said at the the time that I had a suspicion that despite some of the nonsense going on, there might be something there. My reason for thinking that is that there is a relationship between blockchain technology and IoT technology, because we need a means to ensure that virtual representations of things in the mundane cannot be duplicated in the virtual. As I saw it, there were three ways to do this: a database, tamper-resistant hardware or blockchain.

If we look at the database idea first, I explored this more than a decade ago using the example of luxury goods such as watches and asking how would you tell a fake Rolex from a real one. It’s a much more complicated problem than it seems at first. For example: why would Rolex care? I can’t afford a Rolex, so if I buy one at a car boot sale or in China, Rolex isn’t losing a sale. But by wearing the fake, I’m presumably advertising the desirability of a Rolex. So surely they should be happy that people want to wear fakes or not? And if I did have a real Rolex, would I want to wear it in dangerous places where expensive watches get stolen in broad daylight by muggers (eg, London, London or London) or where I might just lose it?

Anyway, regardless of the reasons for it, let’s think about how to tell the real thing from the fake thing using technology. Suppose RFID is used to implement Electronic Product Codes (EPCs) for luxury goods. If I see a Gucci handbag on sale in a shop, I will be able to point my Bluetooth EPC-reading pen at it and read the EPC, which is just a number. My mobile phone can decode the number and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me. I could go onto the Gucci-lovers website and find out that product 999 is a particular kind of handbag, but nothing more: I may know that the tag is ‘valid’, but that doesn’t tell much about the bag. For all I know, a bunch tags might have been taken off of real products and attached to fake products.

To know if something is real or not, I need more data. If I wanted to know if the handbag were real or fake, then I would need to obtain its provenance as well as its product details. The provenance might be distributed quite widely. The retailer’s database would know from which distributor the bag came; the distributor’s database would know from which factory the bag came and Gucci’s database should know all of this. I would need access to these data to get the data I would need to decide whether the bag is real or fake.

This is a critical point. The key to all of this is not the product itself but the provenance. A database of provenance (for example) is the core of a system to tell real from fake at scale.

Who should control this database, and who should have access to it, is rather complicated. Even if I could read some identifier from the product, why would the retailer, the distributor or Gucci tell me any about the provenance? How would they know whether I were a retailer, one of their best customers, one of their own ‘brand police’, a counterfeiter (who would love to know which tags are in which shops and so on) or a law enforcement officer with a warrant?

This is where the need for a digital identity comes into the picture. A Gucci brand policeman might have a Bluetooth pen tag reader connected to a mobile. They could then point the pen at a bag and fire off a query: the query would have a digital signature attached (from the SIM or SE) and the Gucci savant could check that signature before processing the query. Gucci could then send a digitally signed and encrypted query to the distributor’s savant which would then send back a digitally signed and encrypted response to be passed back to the brand policeman: ‘No we’ve never heard of this bag’ or ‘We shipped this bag to retailer X on this date’ or ‘We’ve just been queried on this bag in Australia’ or something similar.

The central security issue for brand protection is therefore the protection of (and access to) the provenance data, and this needs a digital identity infrastructure to work properly. If it adds £20 to the price of a Rolex to implement this infrastructure, so what? The kind of people who pay £5,000 for a Rolex wouldn’t hesitate to pay £5,020 for a Rolex that can prove that it is real.

A small brand premium might be rather popular with people who like brands. Imagine the horror of being the host of a dinner party when one of the guests glances at their phone and says “you know those jeans aren’t real Gucci, don’t you?”. Wouldn’t you pay £20 for the satisfaction of knowing that your snooping guest’s Bluetooth pen is steadfastly attesting to all concerned that your Marlboro, Paracetamol and Police sunglasses are all real? Of course you would.

For some goods, we might want to add tamper resistant hardware to the product. I have long been interested in the use of low-cost RFID chips in this context. An example I looked at some years ago was the problem in Korea with the production of counterfeit whiskey. The authentic whiskey producers decided to add an RFID chip to the bottle caps. This chip was coded with a URL and an identifier. When a customer, or a shopkeeper, or a policeman, or in fact anyone else wants to check whether the whiskey is real or not, they touch the cap with their phone and the URL launches a web site that knows the provenance of the identifier and can tell you when and where it was bottled as well as some other information. When a customer opens the bottle, the tag is broken and can no longer be read. That seems to be a cost-effective solution, although it again relies on the provenance database to make it work (otherwise the counterfeiters would just find a way steal the chips).

The mass market IoT, however, amplifier that problem of permission. I have always tried to illustrate this for people in a fun way by using the case study of underwear. It’s one thing for dinner guests to scan my wine bottle to see that it is a real Romanée-Conti and another for them to scan my Rolex to check that it is indeed a first-class far-eastern knock-off, but it’s quite another for them to be able scan my underpants and determine that they date from 1983. How do we turn tags on and off? How do we grant and revoke privileges? How do we allow or deny requests for product or provenance? Once again, we must conclude that not simply digital identity but a full digital infrastructure is needed.

The third approach that I thought worth exploring was that of some form of blockchain. It seemed to me that by using the blockchain to maintain uniqueness, we might find a way to make the IoT a transactional environment. Just as you can’t copy the physical object, but you can transfer it from one owner to another, so you can’t copy a token on a shared ledger, only transfer it from one owner to another. Thus, if you can bind a token to a physical object, you can greatly reduce the cost of managing that object. Hence I was rather interested to read in that Vogue article that Luis Vuitton, Microsoft and Consensus have developed a platform called “Aura” to manage provenance to provide proof of origin and prevent counterfeits using a blockchain. The basic idea is to represent luxury goods as ERC-721 tokens on a private permissioned Quorum blockchain.

Obviously, I don’t have any details about how this will actually work, but LVMH seem to imply that at the time of purchase of one of their brands’ product, the customer can use the brand’s application to receive an “AURA certificate” containing all product information. I assume that if you sell your handbag (or whatever) to a charity shop, you can transfer the certificate to the charity shop’s application. Underlying all of this, there is the token on the blockchain moving from the retailer’s wallet, to your wallet, to the charity shop wallet.

If this works, and it’s simple and convenient for consumers, some sort of app presumably, it will generate an amazing amount of valuable data for brand owners. They will know exactly who has their stuff and how much of it they’ve got. If the app records “fails” as well, then they’ll also know who has the knock-offs too.

Real fakes and fake fakes

My good friend Chris Skinner pointed me at a story about counterfeit art. The art in question, a “Picasso”, is apparently the work of a counterfeiter called Davd Henty. According to The Daily Telegraph, after being exposed as a forger a few years ago, “the publicity led to him being feted on television programmes and his copies – marked clearly as ‘Henty’s’ – now sell for £5,000 and upwards”. This reminded me of something I wrote a decade ago after a visit to Halifax, where I saw an interesting use case for RFID chips that were being bonded into the canvas used for painting. So here’s a picture of such a picture (and me).

RFID_Picture

This caught my eye all those years ago and it’s worth showing it again, because it’s a fascinating case study of using RFID in the real/counterfeit problem space. It’s not just about what’s real and what’s fake.  The picture I am looking at here was painted by John Myatt. If you don’t recognise the name… well, his story  is introduced in The Daily Telegraph this way: “From talented chart-topping songwriter, to Brixton prison for being involved in ‘the biggest art fraud of the 20th century’, John Myatt’s incredible life is now the subject of a Hollywood movie and his artistic talent the focus of a major TV series”.

Interesting guy. Take a look at his “genuine fakes”.

The reason Mr Myatt can make a good living doing genuine fake art, as noted in the Financial Times, is his notoriety as a master forger, which resulted in a six-month prison sentence in 1995. The picture I am looking at has RFID tags bonded to it, but in this case the purpose of the tags is to prove not only that the picture is a fake, rather than real, but that it’s a John Myatt fake and not someone else’s fake. So, basically, the idea is to use a combination of primary and secondary identification technologies to connect product and provenance in such a way as to prove that the picture is a real fake, if you see what I mean. Great stuff.

So if we are going to use technology to create a new identity infrastructure that works for things as well as people, it must not only distinguish real from fake, but fake from fake!

Talking about real fakes, rather than fake fakes, I have an important one at home. I got it after reading about a donation of drawings to Yad Vashem, Israel’s holocaust memorial. The drawings are of the men who worked in the once-secret Nazi operation to produce fake money, a story told in the brilliant film “The Counterfeiters”, which won the 2007 Oscar for best foreign film. It is the true story of Operation Bernhard, which was the Nazi plan to devastate the British economy. The idea, conceived at the very start of the Second World War, was to drop the worthless banknotes over England, thus causing economic instability, inflation and recession. Remember, in 1939 the German people had very recent memory of worthless paper currency devastating the economy, as is well chronicled in Adam Fergusson’s book “When Money Dies”.

The film is based on a memoir written by Adolf Burger, a Jewish Slovak typographer who was imprisoned in 1942 for forging baptismal certificates to save Jews from deportation. The Nazis took Burger and more than a hundred other Jews from a variety of trades—printing, engraving and at least one convicted master counterfeiter, Salomon Smolianoff—and moved them from different death camps to a special unit: “Block 19” in Sachsenhausen concentration camp. There they set about forging first the British and then the American currency. In the end, the prisoners forged around Sterling 132 million, which is about four billion quid in today’s prices.

The Nazis were never able to put their plot into operation. At the end of the war, they packed up all the printers’ plates and counterfeit bills into crates which they dumped into Lake Toplitz in Austria, from which they were subsequently retrieved. Some of the counterfeit notes went to the purchase of war materiel for the nascent Israeli army, some went to collectors. I bought an authenticated Operation Berhard counterfeit “white fiver” from a banknote collector and that is how I came to have a real fake on my wall at home.

Innovation in blockchain innovation

A couple of years ago, I was invited along to the Scottish Blockchain Conference (ScotChain17). I have to say that it was a really enjoyable, well-organised and interesting day out in Edinburgh. Here I am in one of the panel discussions.

Scotchain panel

At this excellent event, I gave a talk about the use of blockchain in supply chains. Professor Angela Walsh kindly commented on my presentation, saying that it had her crying with laughter while learning a lot, a compliment that I treasure. The content was summarised thus by a keen observer…  “The point,” said Birch, “is that people are talking absolute bollocks about blockchain, on an industrial level”. If you at all interested, the talk was filmed and you can see it here:

 

Well, my comments on ideas of using the blockchain to solve supply chain problems being somewhat misguided may have seemed a trifle harsh at the time, but as far as I can tell they were a broadly correct characterisation of the state of the industry and a broadly accurate prediction of the sector’s trajectory. Two years on, I just read that the noted research house Gartner says that nine in ten blockchain-based supply chain projects are “faltering” because they cannot figure out important (or, in my opinion, any) uses for the new technology.

Hence I feel that my somewhat uncharitable remarks were justified and my blockchain crystal ball remains intact, its reputation enhanced. 

My reason for highlighting this Caledonian chronicle, and subsequent validation, is to point you to my forthcoming talk at Vincent Everts’ super Blockchain Innovation conference in Amsterdam. If you are going to the excellent Money2020 in Amsterdam that week – where I will be chairing the Open Banking track – stick around and join me at the ABN Amro headquarters on June 7th for a wide perspective on the state of the blockchain world.

I’ll be making a presentation on the intersection of blockchain and artificial intelligence. This is a space where I have observed an avalanche of absolute bollocks, so I’m going to stick my neck out and make a (well-informed) prediction about the key impact of AI on the blockchain world. It has nothing to do with supply chains, but I think has more significance and will mean big changes in the blockchain ecosystem.

I think have some solid foundations for making this prediction, so come along to cheer or jeer and I’ll be delighted to see you there either way.

Know 2019 Keynote

This time it’s war
Keynote address to Know 2019, Las Vegas, 25h March 2019.

[An edited version of this keynote appeared on Medium, 28th March 2019]

Know 2019 Las Vegas

I’ve said many times that we need an identity infrastructure that deals with the realities of this modern world, the world of the Nth industrial revolution (where N is 4, or 5, or something similar). As things go from bad to worse, we need this infrastructure be a government priority and we need the private and public sectors to come together to deliver it. And if they don’t want to, if you don’t want to, then you should be made to. I’m not standing here flattered to be asked to deliver this keynote because digital identity is about making life easier when you log in to your bank or to do your taxes. I’m here because it is far more important than that. Digital identity is vital national infrastructure

We don’t have long to get our act together and we are starting from scratch. In the UK we have no tradition of identity cards or national identification systems, or anything like it. To the British, national identification is “papers, please”: something associated with authoritarian tyrannies, France and wartime. And even in wartime, the idea of requiring people to hold some form of identification was regarded as so fundamentally incompatible with the customs and practices of Her Majesty’s subjects that the last British identity cards (from the first and second world wars, essentially) drew on what Jon Agar memorably labelled “parasitic vitality” from other systems such as conscription and food rationing. Identity infrastructure was created as a form of mobilisation against the enemies of the Realm and the chosen implementation, the identity card, was not an end in itself, but a means to support those other activities in to aid the war effort.

This dislike of identification as a State function is hardly unique to the United Kingdom. In America there are similarly strong opinions on the topic and the failure of the Australia Card back in 2007 stems, I think, from the same common law roots. These views of course stand in stark contrast to the views of almost all other nations of the world. The majority of people on Earth have some form of state identification and would find it impossible to navigate daily life without it. That doesn’t make the need to be identified by the state at all times either right or proper, by the way, but that’s a different discussion for another day.

If the development of national identity infrastructure is, however, only possible as part of a war effort… well, I have to tell you that we are at war. It’s just that this time we’re in a cyberwar and our identity infrastructure needs to support mobilisation across virtual and mundane realms. World War 3.0 has already started but a lot of people haven’t noticed because it’s in the matrix. There was no specific date when this war broke out and there is no conceivable Armistice Day on which it will end. Rather, as Bruce Schneier put it in his excellent book Click Here to Kill Everybody last year, cyberwar is the new normal.

(This will, unfortunately, make the war movies of the future rather dull. No more Dunkirk or Saving Private Ryan, no more The Dambusters or Enemy at Gate. Instead movies will be about solitary individuals sitting in dimly-lit bedsits typing lines of Perl or Solidity while eating tuna out of a can.)

The advent of cyberspace conflict is not because computers and communications technologies have only just reached the Armed Forces. Far from it: the very first computers were developed to compute ballistic trajectories and part of my young life was spent trying to work out how to use radio and satellite technologies to keep NATO systems connected after a first strike against command and control infrastructure, which is why talk of white noise jamming and direct-sequence spread spectrum transmission still gives me a shiver. But in those far-off days, the reason for knocking out the NATO’s IT infrastructure was so that you could then send tank columns through the Fulda Gap or drop the Spetsnatz into Downing Street. There were cyber aspects to war, but it wasn’t a cyberwar. Now it’s all out cyberwar and as historian Niall Ferguson said in his book The Square and The Tower, it’s war between networks.

(The early British response to this new state of affairs was comfortingly backward-looking. Back in 2013 there was a plan for the creation of a digital Home Guard made up from well-meaning volunteers to stand on the cyber-landing grounds to repel invasion.)

Now, I’m sure that behind the scenes the Department of Defense have been working around the clock to defend our payment systems and water supplies against foreign hackers but I do wonder if the insidious threat from the intersection of post-modernism and social media had as a high a priority? It should have done, because as it turned out the enemy stormed Facebook, not the Fulda Gap. We need a wall right enough, but we need it to around our data.

Marshall McLuhan saw this coming, just as he saw everything else coming. Way back in 1970, when the same Cold War that I played my part in was well under way, he wrote in Culture is our Business that “World War III is a guerrilla information war with no division between military and civilian participation”. Indeed. And as we are now beginning to understand, it is a war where quiet subversion of the enemy’s mental assets is as important as the destruction of their physical assets. Social media are creating entirely new opportunities for what The Economist referred to as “influence operations” (IO) and the manipulation of public opinion. We all understand why! In the future, “fake news” put together with the aid of artificial intelligence will be so realistic that even the best-resourced and most professional news organisation will be hard pressed to tell the difference between the real and the made-up sort.

Smart cyber-rebels will want to take over social media, just as rebel forces set off to capture the radio and TV stations first: not to shut them down, but to control them. The lack of identity infrastructure makes it easy for them: at least you could see when your favourite news reader had been replaced by a colonel in a flak jacket, but you’ve no idea who is feeding the “news” to your social media timeline. It’s probably not even people anymore. While writing these words I read of (yet another) complaint about social media companies doing nothing to control co-ordinated bot attacks. But how are they supposed to know who is a bot and who isn’t? Whether a troll army is controlled by enemies of the state or commercial interests? If an account is really that of a first-hand witness to some event or a spy manufacturing an event that never happened?

The need to tell “us” from “them”, real from fake, insiders from outsiders, attackers from defenders is critical and the lack of an identity infrastructure (as much as the creation of identity infrastructures that are too easy to subvert) leaves us open to manipulation. We need to create an effective infrastructure as a matter of urgency but it should not be framed in the context of a 20th-century bureaucracy responding to the urban anonymity of the industrial revolution by conceiving of people as index cards, but in a 21st-century context based on McLuhan’s notions of identity forged in relationships. We need to create an environment of ambient safety, where both security and privacy are strengthened, twin foundations for the structures we need to build to prevent chaos.

(America may or may not need a Space Force, but it most certainly needs a Cyberspace Force.)

So this is my challenge to you. This is a conference I take very seriously and an audience that I respect. I am looking to you to man the barricades. I want you to begin the process of assembling the infrastructure that we so desperately need, so that I can tell my e-mail package to ignore messages that say they came from bank but didn’t, my web browser to put a red border around “news” that does not come from a reputable, cross-checked source and set my phone to ignore tweets that come from bots rather than people.

If this all sounds over-dramatic: it isn’t. I think it is perfectly reasonable to interpret the current state of cyberspace in these terms because the foreseeable future is one of continuous cyberattack from both state and non-state actors and digital identity is a necessary building block of our key defences. I sincerely hope that over the next couple of days you will find new ideas, new ways of co-operating and perhaps even a new mission to protect and survive in this new era of amazing opportunities, astonishing threats and terrifying risks.

Thank you.

Feedback

Well, I’ve never appeared in a cartoon before (to the best of my knowledge) so my sincere thanks Richard Parry and “The Chaps” for their kind comment on this keynote. I should point out that I am well aware of the market failure around cybersecurity, but that’s a topic for another day!

Know 2019

 

The non-cartoon feedback was pretty good too!

And from the education day that preceeded the keynote…

Thanks y’all!

Actually, I think there is a link between AI and the blockchain

There is a character flaw in some people (eg, me) which means when they see something that is obviously wrong on Twitter they feel compelled to comment. This is why I couldn’t stop myself from posting a few somewhat negative comments about an “infographic” on the connection between AI and the blockchain, even though I could have just ignored the odd combination of cargo cult mystical thinking and a near-random jumble of assorted IT concepts and gone about my day.

When it came down to it though, I just couldn’t. So, naturally, I decided to write a blog post about it instead. The particular graphic made a number of points, none of which are interesting enough to enumerate in this discussion, but at its heart was the basic view set out, here for example, that blockchain and AI are at the opposite ends of a technology spectrum: one fostering centralised intelligence on closed data platforms, the other promoting decentralised applications in an open-data environment. Then, as the infographic “explained”, the technologies come together with AIs using blockchains to share immutable data with other AIs.

Neither of those basic views is true though. Whether an AI is centralised or decentralised is tangential to whether it uses centralised or distributed data, and whether “blockchain” is used by centralised or decentralised applications is tangential to whether those applications use AI. What is important to remember is that decentralised consensus applications running on some form of shared ledger technology can only access consensus data that is stored on that ledger (obviously, otherwise you couldn’t be sure that all of the applications would return the same results). An AI designed to, for example, optimise energy use in your home would requires oracles to read data from all of your devices and place it on the ledger and then another set of factotums to read new settings from the ledger and update the device settings. What’s the point? Why not just have the AI talk to the devices?

There is, however, one part of the shared ledger ecosystem—of consensus applications running on consensus computers—that might benefit considerably from a shift to AI and this is the applications. People are very bad at writing code, by and large, and as the wonderful David Gerard observed in the chapter “Smart contracts, stupid people” in his must-read “Attack of the 50 foot blockchain”, they are particularly bad at writing smart contracts. This is clearly sub-optimal for apps that are supposed to send anonymous and untraceable electronic cash around. As David says, “programs that cannot be allowed to have bugs … can’t be bodged by an average JavaScript programmer used to working in an iterative Agile manner… And you can even deploy fully-audited code that you’ve mathematically proven is correct — and then a bug in a lower layer means you have a security hole anyway. And this has already happened”.

It seems to me that one thing we might expect AIs to do better than people is to write code. Researchers from Oak Ridge National Laboratory in the US foresee AI taking over code creation from humans within a generation. They say that machines, rather than humans, “will write most of their own code by 2040”. As it happens, they’ve started already. AutoML was developed by Google as a solution to the lack of top-notch talent in AI programming. There aren’t enough cutting edge developers to keep up with demand, so the team came up with a machine learning software that can create self-learning code… Even scarier, AutoML is better at coding machine-learning systems than the researchers who made it.

When we’re talking about “smart” “contracts” though we’re not talking superhuman programming feats, we’re really talking about messing around with Java and APIs. Luckily, last year saw the arrival of a new deep learning, software coding application that can help human programmers navigate Java and APIs. The system—called BAYOU—was developed at Rice University with funding from the US Department of Defense’s Defense Advanced Research Projects Agency (DARPA) and Google. It trained itself by studying millions of lines of human-written Java code from GitHub, and drew on what it found to write its own code.

Putting two and two together then, I think I can see that if there is an interesting and special connection between AI and “blockchain” then it’s not about using the blockchain as a glorified Excel spreadsheet that AIs share between themselves, it’s about writing the consensus applications for the consensus computers. They still wouldn’t be contracts, but they would at least work.