The campaign against extreme cash is gaining momentum

I’m veery much in favour of getting rid of “extreme cash”. What I mean by this is cash at the extremes of the value range: the small coins and the big notes. In the UK, this means getting rid of the coppers and the largest banknote. So… hurrah! I read that the UK government is considering phasing out 1p and 2p coins, as well as £50 notes, in a bid to tackle tax evasion, money laundering and waste.

Since I’ve been going on about this for more than two decades I’m delighted to see that the government is finally coming around to my way of thinking. I read some newspaper reports that the government is to begin consultations on the subject, but I haven’t heard from them yet and I can’t imagine who else they might consider asking, so I stand ready to answer the nation’s call when as soon as it comes.

The issue of coins is a no-brainer. Back in 2014, I asked whether it is in the interests of the economy as a whole to continue to produce these small coins, saying that “I have no idea why the Royal Mint are messing about wasting our money on making 1p and 2p coins that nobody uses any more. It’s about time we recognised low-value coins for what they are. Scrap metal”. Five years ago I pointed out that in many countries, merchants and consumers alike had simply given up using small coins (such as the one- and two-cent euro coins) whether the mints produced them or not. When Nigel Lawson abolished the old halfpenny in 1984 it had a purchasing power close to the current 2p and there was no contactless. So I fully expect to see the 1p and 2p vanish, and if the government caves to the metals lobby to perpetuate them, which case I will be outraged.

I think the consultation around the £50 note will be more interesting, since there is “a perception among some that £50 notes are used for money laundering, hidden economy activity, and tax evasion”. I’ll say there is. Of the £ billions of notes and coins “in circulation” in the UK, which were in 2016 growing at 5.7% in a year when the economy grew by about 1.8% and the use of cash in retail transactions (retail spending grew 5.2%) was overtaken by the use of electronic payments, a fifth is in the form of £50 notes, which you never see in polite society. As I have discussed exhaustively and on many occasions, only about a quarter of the Bank of England’s notes are used for transactional purposes so these £50 notes must be disproportionately concentrated in the non-transactional (i.e., largely criminal) uses. As everywhere else, high-value banknotes are a major cause for concern. So why not make crime, terrorism, drug dealing, money laundering and bribing corrupt politicians marginally less convenient and marginally more expensive by getting rid of high-value banknotes? It is not only deranged digital money deviants like me who think this is right path to take, by the way. This kind of thinking is beginning to percolate up to the higher echelons of the financial establishment. Mario Draghi, European Central Bank president, told the European Parliament that “we are determined not to make seigniorage a comfort for criminals”. By which he means that the stack of £50 notes underneath the Mafia boss’ pillow are earning interest for the British government. The government is, in a very real sense, living off of the proceeds of crime.

Now, I’m not so stupid that I think that getting rid of the £50 will stop crime! If the government drops the £50, then the criminals will carry on using the $100, €200 and the worst offender, the Swiss Franc. Sooner or later the law-abiding nations of the world will have to institute sanctions against the Swiss. When I last went to Switzerland and I never saw a CHF note or coin: I used cards everywhere, and as far as I could see so did everyone else. Yet Switzerland has a CHF1,000. That’s right: a banknote worth $1,000. And you can spend it, too. Mind you, the Swiss have been cracking down: since 2016, you have had to show ID (how they verify the ID is beyond me) for cash transactions of $100,000 or more (Charles Goodhart, a former Bank of England policy maker, said this limit was so high that it could only be described as a joke).

Am I taking crazy pills? The Bank of England, the Swiss National Bank, the European Central Bank and the Federal Reserve should not be competing to be the currency of choice for Mexican drug lords, Albanian people traffickers and Syrian terrorist groups. So yes, let’s ditch the £50 but let’s also spearhead an international campaign to add morality to the cash issue and reduce the maximum value of the circulating medium of exchange to EUR 50, USD 50 and CHF 50. If the central banks won’t do it, then we should prosecute their governors for conspiracy to support money laundering. 

The Bitcoin rule of thirds, and what Bitcoin tells us about the future of money

In my presentation to Seamless Payments in Australia, I made reference in passing to the nature of the Bitcoin universe and how informs thinking, so I thought I’d take the time to explore that thinking in a little more detail to explain my comments.

I don’t have the exact figures to hand, but as I understand it the Bitcoin coinbase breaks down roughly into thirds…

 A third of them are lost (well, last year 23% but I think it will get worse as more people forget their passwords). This is because (like me) someone wiped their old phone wallet away and forgot to transfer it over to their new phone wallet first or because they accidentally threw away the old hard disk with all the Bitcoins on them or because the dog ate the Bicoin cold wallet or because they died or whatever. As Jonathan Levin of Chainalysis, who I regard as the “go to guy” for tracing Bitcoins, told NPR in January: “For the people that have lost their bitcoins, I say tough luck”.

(These lost Bitcoins, as my good friend Steve Bowbrick rather eloquently observed, are like treasure in sunken galleons waiting to be discovered by an intrepid explorer in the very latest kind of submarine. Which, in this instance, would be a quantum computer. It’s not only Bitcoin tucked away in these sunken galleons, by the way. There’s half a billion dollars in Ethereum stuck in just one Ethereum address: it’s the address “0”, essentially. In July 2016 someone accidentally sent ETH 1,493, currently worth more than a million dollars to that address. And thanks to the magic of the cryptography, it will stay there until the quantum submarine can uncover it.)

Another third of the Bitcoins are in the hands of the .0001%, the cryptoscenti. Bloomberg estimated that a few hundred people at most own these Bitcoins, but I’ve heard estimates that fewer than 50 people have the lion’s share. These are the people who have every interest in driving the value of Bitcoin higher so that they can cash out at a steady rate. If they dump their coins, that will drive the price down (a row has just been going on about the sale of the Mt. Gox assets for this very reason), so they need a rising market where they can convert Bitcoin to one Lambourghini at a time.

Meanwhile the other millions of Bitcoin peasants scrabble for their share of the remaining third. This distribution makes America look like a kibbutz in comparison and stands testimony to the deranged nature of utopian projections around this “digital gold” for the masses. So, to get to the question that I was asked on Sky News a few weeks ago, what does the Bitcoin market tell us about the future of money?

Nothing.

I’m not sure that the state of Bitcoin, or indeed the history of Bitcoin, tells us very much about the future of Bitcoin or money. It’s not anonymous enough for criminal enterprise on a large scale (and there is every evidence that criminals are turning to crypto alternatives) and it’s not functional enough to be a mass-market medium of exchange. If it is to remain a store of value beyond speculation then it must be useful for something and I’m at a loss as to what that something might be, although I’m perfectly prepared to believe that it’s because I grew up in an era of chip and PIN cards and ApplePay.

Does that mean that we should ignore it? No, of course not. There are many different ways to look at Bitcoin and it deserves study as a much as a social and political phenomenon as it does as a technological and economic one. What’s more, it does tell us something about the future. In yesterday’s Financial Times, Benoît Cœuré and Jacqueline Loh from the Bank for International Settlements (BIS) said that “while bitcoin and its cousins are something of a mirage, they might be an early sign of change, just as Palm Pilots paved the way for today’s smartphones“.

Values, Tokens, Accounts

I agree, but in a slightly different way. I see Bitcoin and its cousins not as prototypes but as a base layer — as shown in this “thinking out loud” picture that I’ve been using to explore these ideas — that will be used by some, but not by most, people to make real transactions in the future. I think most transactions will take place at the token layer, exchanging bearer assets over an efficient (no clearing or settlement) transaction layer. And most of those transactions will be pseudonymous, but some will be linked through accounts to people and organisations. 

Seamless Sydney

So what can we guess about the future of money, given what we have learned so far? Well, as I said in my Seamless Payments presentation what we may have learned is that the token economy is a more accurate pointer toward the future of money than the underlying cryptocurrencies are, because the tokens link the values managed on shared ledgers to the “real world”. There’s a logic to this model of “the blockchain” as the security infrastructure for a token economy and I really enjoyed engaging with the good people of Sydney on this view of the emerging cryptoeconomy.

Banks and digital IDs*

In CapGemini’s “Top 10 Trends in Retail Banking 2018”, they highlight “banks leveraging digital IDs beyond authentication” as their third most important trend. As it happens, I was talking about this earlier in the week in Trondheim at Betalingsformidling 2018, where I was asked to give a talk about the open banking era and the potential responses from incumbent banks.

Trondheim 2018

Photo: Betalingsformidling 2018 / Wil Lee-Wright Photography.

Now, I suppose that to a great many of you this really won’t be any surprise, since anybody who thinks about the mechanics of commerce in a connected age must already have come to the conclusion that digital identity is core to the new economy. That’s a superficial and almost trivial point to make, but it masks great complexity because choices that are being made right now about how digital identity is going to work in the future will have a profound impact on the shape and nature of all of society.

Of course, I don’t what identity is going to look like in the future any more than anybody else does (even if I do flatter myself that I’ve made some reasonably well-informed guesses on the topic) but I do think we ought to apply a kind of precautionary principle here. Since we don’t know how digital identity going to work, surely we should want it do develop under the auspices of institutions that society can constrain and influence. This is why I’m so convinced that banks should be the institutions to play the leading role as we evolve the tools, techniques and even the etiquette of a reputation economy.

An obvious first step, and one that has been apparent for many years, is to federate bank identity so that it can be used in multiple places. We have many years of experience now and have seen how schemes ranging from bank ID in the Nordics to Aadhar in India (and our own dear gov.verify) have performed in practice so we can make some informed decisions about how digital identity ought to work. We shouldn’t start from the technology, from blockchains and biometrics, and then work backwards to see what the technologists will allow us to have or what corporations will impose given the technological constraints of the day. Right now we should be discussing what society wants from a digital identities and then working out what the best way to implement them might be.

To do this, we need a model that can help banks, regulators, service providers and suppliers communicate and connect so that they can develop concepts and propositions to make some form of bank-centric, potentially cross-border, privacy-enhancing, secure “Financial ID” a reality.

3DID Basic Colour ID Taxnomy Picture

Let’s start with the basic “three domain identity” (3DID) model to create a straightforward framework for understanding and discussing digital identity. Now let’s look at a real example of bank doing some interesting work in this field. BBVA, for example, use this kind of model to map “real”, virtual and digital identities to identification, authentication and authorisation processes. BBVA describe the domains as follows (I’ve added my interpretation of what they mean with reference to a standard Public Key Cryprography, or PKC, implementation):

  • Identification: definition of the attributes that confirm, beyond any shadow of a doubt, that the user is who they say they are and not someone different pretending to be them. BBVA mean this in terms of Know-Your-Customer (KYC) of course, so what this means in practice is that the private key must be bound to the correct individual(s).

  • Authentication: verification through credentials that the user is the customer they say they are (username and password, OTP, digital certificates and others).  Obviously with PSD2 this means implementation of some form of 2FA to comply with the RTS on SCA.

  • Authorization: the financial service providers (TPP) with a license to operate must be given authorization by the customers before they can access their accounts. They need to have proof of consent, which can be obtained through access tokens. I would generalise this point away from banking, as per the CapGemini comments, to talk about tokens for access to a wider range of services than simply bank accounts.

Earlier this week I posted about digital identities (as opposed to digitised identities) and made the point that we are interested in electronic transactions, transactions that take place between virtual identities (that is, identities that exist only in the imagination of computers) we are primarily interested in the Authorisation Domain. I’ll come back to this in a moment, but for now let us assume that that Authentication Domain is essentially a solved problem and we don’t need to come back it in this discussion. My assumption is, that banks have strong authentication in place and that they use appropriate standards (eg, FIDO) so that they have device independence. In practical terms, in the world as it is now, this means that I can authenticate my bank Digital Identity (that is, I can demonstrate ownership of that private key) using any smartphone.

The problem then all comes to down standardisation and mutual recognition of credentials in the Authorisation Domain. Let’s take a simple example has been discussed many times recently: IS_OVER_18. Suppose I want to log on and join a Wine Club. The wine club needs to know that I am over 18, so it wants to see a virtual identity that includes the IS_OVER_18 credential (that is, an IS_OVER_18 attribute digitally-signed by someone that the Wine Club trusts – and by “trusts” I of course mean “can take legal action against and recover damages from if the credential is incorrect). The Wine Club would obviously trust banks, so this should be straightforward: provided that we have standardised the Virtual Identity (an X.509 certificate, for example, or an Evernym DID) and that we have standardised the attribute (let’s assume there is an XML dictionary somewhere that defines IS_OVER_18) and that can can recognise the digital signature from an organisation that is on our list of trusted organisations.

As I pointed out in Trondheim, this is a way for banks to participate in transactions, providing a useful service that is unrelated to payments or transaction fees. I, of course, understand that this means it will take sector-wide progress in the Identification Domain, practical implementation in the Authentication Domain and some commitment and co-ordination to get a working set of services in the Authorisation Domain. My question is why haven’t banks taken on board what Cap Gemini said in their report (and I’ve been saying with exhausting repetition for more than a decade) to come together to create the standards and definitions to move forward?

Or, to put it another way, where is the MasterCard or Visa for identity (and is it MasterCard or Visa?).

To the Mooooooooon!

 

I’ll be testing my assumptions and asking these kinds of questions in Singapore at Money2020 Asia, by the way, as I’m chairing the session on Exploring Digital Identities on 15th March and welcoming some old and very well-informed friends – including Victoria Richardson from AusPayNet, Shamir Karkal from Omidyar, Teppo Pavlova from BBVA and Andy Tobin from Evernym – who will help me open up the topic for the audience. Do come along to “The Moon” at 11am and join us.

* Again.

Digital identity cards, not digitised identity cards

You all know who Marshall McLuhan was, right? And that he predicted not only the internet but its impact on society

Born in Canada in 1911, McLuhan studied at the University of Manitoba and University of Cambridge before becoming a lecturer at the University of Toronto. He rose to prominence in the 1960s for his work as a media theorist and for coining the term “global village”, which was a prescient vision of the internet age.

Half a century ago, he said of the networked world he predicted that “In the new electric world, where everybody is involved with everybody, where everybody is involved in complex processes, the old identity cards, the old means of finding out who am I, will not work”. I wish that more people would take this on board, give up trying to digitise the old identity systems and start building the new digital identity system we need.

Here’s an example. I notice (via my friends at One World Identity) that the Australian state of New South Wales is soon to provide citizens with “digital driver’s licenses, stored on a user’s smartphone, allowing them to ditch their physical ID card”. I read that article and it seems to me that these aren’t digital driver’s licenses or anything like them. They are digitised driver’s licences, nothing more than virtual shadows of their mundane progenitors. They have no functionality beyond their heritage in industrial age bureaucracy and provide absolutely nothing new to the new economy.

We need digital identity, not digitised identity, a point I intend to make loud and clear in Washington on 26th and 27th March, where I will be chairing the 2nd KnowID conference. And I’ll be talking about McLuhan, because McLuhan had this notion of identity as smeared across entities, depending on the relationships and interactions between identities (what Ian Grigg calls “edge” identity). If this is indeed the correct vision for post-industrial online identity (and since he was right about most other things, I’m certainly not going to call McLuhan out on this one) then what would it mean for the driving licence?

Well, I (and others) have long argued that shifting to an infrastructure where transactions are between virtual identities and enabled by credentials is the way forward. Hence the right way to see a driving licence is as a bundle of credentials. How would we use those credentials? To make claims that we need in order to enable the transactions. In Phil Windley’s “Self-Sovereign Identity and the Legitimacy of Permissioned Ledgers” he says, if I interpret him correctly, that a claim is the process of providing a credential and authenticating its use in order to obtain authorisation. I like the “claims are processes” way of thinking and it seems like a reasonable working definition, so let’s move forward with that, using my favourite Three Domain Identity (3DID) as the framework.

 The Three Domain Identity (3DID) Model

The attributes that are needed in the Authorisation Domain might be very varied, but for sake of the discussion, let’s assume that in the case of the driving licence there are three claims that should be supported:

  • A policeperson might need to know who you are.

  • A car rental company might need to know that you are allowed to drive.

  • A bar might need to know that you are over 18.

Now the digitised driving licence doesn’t know who is asking, what they are asking for, or whether they are allowed to ask for it. So it shows everybody everything and (in the general case) they have no idea whether any of the claims are true or not. But a digital driver’s licence could know all of these things. So when the policeperson asks your digital driving licence who you are, your digital driving licence can check the digital signature of the request and the authorisations that come with them. The digital driving licence knows that the bar can ask if you are over 18, but not who you are because it’s none of their business – although the licence may return a service provider-specific meaningless but unique number (MBUN) that the bar can use for loyalty (and barring). I cannot stress just how much of a new idea this is not. A decade ago John Elliot, Neil McEvoy and I wrote a chapter called “This Is Not Your Father’s ID Card” for the book “Digital Identity Management”. In it, we said that:

Because computers, biometrics and digital signatures can work together to disclose facts about someone without disclosing their full identity. Your ID card could, for example, send a message to a machine confirming that you are over 18 without disclosing who you are or what your citizen number is.

I’m sure we were not the only people to have realised this. The problem then, and now, is that the people in charge of identity cards, and driving licences, and passports and all of the other identity infrastructure, still see these documents only as dumb emulations of paper and not as what they are: nodes in an identity network. They are nodes and our identities, to go with Ian’s formulation, are the edges between them.

All very well, I can hear you saying. All very nice in theory. But what about deployment? How would will you connect up all of the bars and car rental counters and police cars and so on. What would the person in the bar use to interrogate your digital driving licence? Well, their digital driving licence of course! Surely one of the defining characteristics of the digital age driving licence that has a computer in it and is now a node is that… it can talk to other driving licences. There is a beautiful symmetry to this: no digital driving licence is different from any other digital driving licence, nor privileged above any other digital driving licence. No need to for custom equipment. Every has the same digital driving licence – you, the cop, the barman – but these licenses are loaded with different claims.

So this is how Phil Windley’s claims work in practice then: I want to get a drink so in the Authorisation Domain the barman sets his digital driving licence (a smartphone app) to request a claim for IS_OVER_18 and then via NFC, Bluetooth or QR code interrogates my digital driving licence (a smartphone app). My smartphone app sees that his request is signed by a valid licensing authority and has not expired and checks what credentials it has to hand. It discovers two virtual identities containing the relevant IS_OVER_18 attribute: one from the Driving License Authority and from my car insurance company. It selects the first one and sends it to the barman’s app.

(The virtual identity contains a unique identifier, a public key, a number of attributes and a digital signature.)

The barman’s app checks the signature and recognises that it is valid. Since the barman is using his smart driving licence app it either stores or has access to the public keys of the driving licence authorities, car insurance companies, car rental companies and so on. My smart travel app would have similar information for airlines and car rental companies, hotel companies an so on. The barman’s driving licences sends back a message encrypted using the public key. My app can decode this, because it has the corresponding private key, so in the Authentication Domain it asks for me to authenticate myself. I use my fingerprint or PIN or whatever and the app decodes the message. Then it replies to the barman’s app. The barman’s app now knows that I have the corresponding private key and thus it can accept that IS_OVER_18 applies to me.

The claim as process – I want to see a virtual identity that contains a credential that includes this attribute / here is a suitable credential / OK, so prove it is yours / here you go, I decoded your message / Thanks, now I’m happy to serve you – delivers both security and privacy and shows that we use digital identity to create an infrastructure that goes far beyond emulating our broken physical industrial age identity system to provide something so much better,

It’s time to move on from the cardboard age to the communication age, and I hope that you’ll join me at KnowID to discuss all of that latest developments in the digital identity space and to formulate practical strategies for making the long-overdue change to digital identity in the mass market, whether centralised, decentralised, federated or whatever else might work.