Libra and Calibra… Tired: KYC. Wired: KYZ.

As Ed Conway noted in The Times recently, Mark Zuckerberg once observed that “in a lot of ways, Facebook is more like a government than a traditional company”. Indeed it is. And in fact it just got a lot more like a government. Companies have loyalty points, but governments have currencies, which are like loyalty points but with standing armies. You can hardly have failed to notice that Mr. Zuckerberg’s highly successful advertising company Facebook is now planning to have a currency of its own. 

The currency is called Libra and the media has been full of commentary about it the new blockchain that will support it (created by the Libra Network) and the new wallets that it will be stored in (created by Calibra, a Facebook subsidiary). Whatever you think about Facebook, or social media in general, or Bitcoin and its ilk, there’s no getting around that this is a big deal and it was unsurprising that it attracted such wide media coverage.

Now, putting to one side whether it is a currency or not or a blockchain or not (Central Banking magazine said that it’s “neither a true currency nor bearing all the hallmarks of a typical crypto asset, Libra will run on a system similar to a blockchain”) and actually I kind of agree with the economist Taylor Nelms that “the crypto angle does seem like a sideshow”,  the fact that it exists is nonetheless rather interesting, although not necessarily for reasons that are anything to do with money although it is a payment system of a potentially large scale, as I will explain later.

What is the purpose of this new payment system though? Libra says that hope to offer services such as “paying bills with the push of a button, buying a cup of coffee with the scan of a code or riding your local public transit without needing to carry cash or a metro pass”. But as numerous internet commentators have pointed out, if you live in London or Nairobi or Beijing or Sydney you can already do all of these things. It’s only in San Francisco where such things appear to be special effects from Bladerunner, an incredible vision of a future where people don’t write cheques to pay their rent and can ride the bus without a pocket full of quarters.

Nevertheless, I’ve written before that a Facebook payment system would be beneficial and I stand by that. The ability to send money around on the internet is clearly useful and there are all sorts of new products and services that it might support. A currency, however, has more far reaching implications. As the brilliant J.P. Koenig points out, Libra is more than a means of exchange. The Libra “will be similar to other unit of account baskets like the IMF’s special drawing right (SDR), the Asian Monetary Unit (AMU), or the European Currency Unit (ECU), the predecessor to the euro” in that it is a kind of currency board where each of  units is a “cocktail” of other currency units. This should, unlike Bitcoin, provide a reasonably stable currency for international trade.

This has significant implications. What if, for example, the inhabitants of some countries abandon their failing inflationary fiat currency and begin to use Libra instead? The ability of central banks to manage the economy would then surely be subverted and this must have political implication. This has not gone unnoticed by the people who understand such things, an example being Mark Carney, quoted in the Financial Times saying that if Libra does become successful then “it would instantly become systemic and will have to be subject to the highest standards of regulation”. Unsurprisingly,  both the international Financial Stability Board and the UK’s Financial Conduct Authority have said they will not allow the world’s largest social network to launch its planned digital currency without “close scrutiny“.

Yes, But…

So there are all kinds of reasons to be sceptical about whether Libra will ever launch and whether it will reach any of the goals set out by its founders. And yet…

There’s something interesting in Libra. I’ve long written about the inevitability of new technology being used for new payments systems that will in turn be used to create new forms of money. More than two decades ago I wrote about the advent of private currencies and I covered the nature of corporate currencies more recently (and in some detail) in my book “Before Babylon, Beyond Bitcoin”.

(Although I have to note than in my “5Cs” taxonomy of the future of money, I would classify Libra as a community currency rather than a corporate currency, but that’s not the point of this discussion.)

Now, using the model that I set out in the book to help general business readers understand what the likely trajectory of digital assets will be, I look at the two institutional bindings needed to turn the cryptographic level o. These are the binding of values on the ledger to real-world assets and the binding of the wallets to real-word entities.

Digital and Crypto Layers Revised Colour Pic

 

The binding of a wallet address to an actual person is difficult and costly. Here’s what Calibra say about it: “Calibra will ensure compliance with AML/CFT requirements and best practices when it comes to
identifying Calibra customers (know your customer [KYC] requirements) by taking the following steps

  • Require ID verification (documentary and non-documentary).

  • Conduct due diligence on customers commensurate with their risk profile.

  • Apply the latest technologies and techniques, such as machine learning, to enhance our KYC and
    AML/CFT program.

  • Report suspicious activity to designated jurisdictional authorities.”

I thought it was worth reproducing this in full.  So if  we put together what the Libra white paper says with what Calibra say about their wallet, you get this specific version of the model from my book. I think it describes the overall proposition quite well.

Digital and Crypto Layers in Colour with Libra pic

All well and good. Now, while I was reading through the Libra description, I didn’t find anything remarkable. Until the last part. On page nine of the Libra white paper, just at the very end, I notice that “an additional goal of the association is to develop and promote an open identity standard. We believe that a decentralized and portable digital identity is a prerequisite to financial inclusion and competition”.

Well, well. An “open identity standard”.

Identity is at the heart of the proposition, if you ask me. One one first questions that Congress had for the Libra hearing with David Marcus was “how parties will ensure that the user or beneficial owner of a currency or wallet is accurately identified”. Now, you can’t know who the beneficial owner of the currency is any more than you can know who the beneficial owner of a $100 bill is, but you can know who the owner of a wallet is. This question has already been answered, by the way. Kevin Weil, Facebook’s VP of product for Calibra was clear that users will  have to “submit government-issued ID to buy Libra” as you would expect. People without IDs will still be able to buy Libra through third-party vendors, of course, but that’s a different point.

Put a pin in “government-issued ID” as we’ll come back to it later.

Its clear that the wallet addresses in a transaction (as shown in my diagram above), a timestamp and the transaction amount will be public because they are on a shared ledger, but as Facebook have made clear, any KYC/AML (ie, the binding shown in my diagram above) will be stored by the wallet providers, including Calibra. Since, as David Marcus has repeatedly pointed out, Libra is open and anyone will be able to connect to the network and create a wallet, there could be many, many wallets. But you’d have to suspect that Facebook’s own Calibra will be in pole position in the race for population scale. Hence Calibra’s approach to identity is really, really, important.

Now, if Calibra provides a standard way to convert a variety of government-issued IDs into a standard, interoperable ID then that will be of great value. Lots of other people (eg, banks) may well want to use the same standard. In the UK, for example, this would be a way to deliver the new Digital Identity Unit (DIU) goal set out by the Minister for Implementation, Oliver Dowden, of one login for your bank and your pension. But it isn’t only the ID that needs interoperability, it’s the credentials that go with it. This is how your build a reputation economy. Your Calibra wallet can store your IS_OVER_18 credential, your Uber rating and your airline loyalty card in such a way as to make them useful. Now, if you want to register for a dating side, you can log in using Calibra and it will automatically either present the relevant credential or tell you how to get it from a Libra partner (eg, MasterCard).

It seems to me that this may, in time, turn out to be the most important aspect of the “Facebucks” (as I cannot resist calling it) initiative. What if a Calibra wallet turns out to be a crucial asset for many of the world’s population not because it contains money but because it contains identity?

Government Issue

Now back to that idea of a government-issued ID. One of the other things that governments do is issue a passports as a form of formal identity. If I obtain a Calibra wallet by presenting my passport, that’s fine. But suppose I live in a developing country and I have no passport or formal ID of any kind?

Well I think Facebook can make a good argument that your Facebook profile is a more than adequate substitute, especially for the purposes of law enforcement. After all, Facebook knows who I message, my WhatsApp address book, who I hang out with, where I go… Facebook can tell real profiles from fake and they kill off fake “identities” all the time. My guess is that if you have had a Facebook profile for (let’s say) a year, then that identity is more than good enough to be able to open an account to hold Libra up to $10,000 or so and, frankly, it’s beneficial for society as a whole to get those transactions on to an immutable shared ledger.

Frankly, in large part of the world Know-Your-Customer (KYC) could be replaced by Known-bY-Zuck (KYZ) to the great benefit of society as a whole.

Digital identity in the UK – Will big banks or big techs deliver it?

The opening keynote at this year’s London Identity Week was given by Oliver Dowden, the Minister for Implementation at the Cabinet Office. Mr. Dowden is the Minister in charge of the digital transformation of government. To people like me, digital identity is central to digital transformation of government (and the digital transformation of everything else, for that matter) so I was looking forward to hearing the UK government’s vision for digital identity.  In his keynote, the Minister said that the UK is seen as being at the cutting edge of digital identity and that GOV.UK Verify is at the heart of that success. 

(On 9th October 2016, Mr. Dowden gave written statement HCWS978 to Parliament, announcing that the government was going to stop funding GOV.UK Verify after 18 months with the private sector responsible for funding after that.)

Right now you can’t use a GOV.UK Verify identity provider to log into your bank or any other private sector service provider. But in his speech the Minister said that he looks forward to a time when people can use a single login to “access their state pension and the savings account”. This, in my opinion, is quite distinct from the single identifier that the Parliamentary Select Committee on Science and Technology called for in their report this week. The Right Honourable Norman Lamb MP, Chair of the Committee, observing that “the current digital service offered by the Government has lost momentum” called for the introduction of a single unique identifier for access to public services.

 

I have to say that I sort of agree with the Science and Technology Committee on the efficient delivery of public services as well as what the Minister said about a single login across both public and private services. Obviously you’d want the same login scheme but a different persona (an identifier plus credentials) for pensions, pornography and other purchases, but that’s a another issue and not the focus on this discussion.

Identity Week Minister

Back to the Minister’s point though. Yes, it would be nice to have some sort of ID app on my phone (I happen to sit on the advisory board of Biid, who provide just such an app) and it would be great if my bank and Her Majesty’s Revenue and Customs (HMRC) and Woking Council and LinkedIn would all let me log in with this ID. The interesting question is who will provide such a login given that the government does not seem able to. Put a pin in that and we’ll return to it later. Meanwhile, back to the Minister, who made three substantive points in his speech. He talked about:

  • The creation of a new Digital Identity Unit, which is a collaboration between DCMS and Cabinet Office. The Unit will help foster co-operation between the public and private sector, ensure the adoption of interoperable standards, specification and schemes, and deliver on the outcome of the consultation.

  • A consultation to be issued in the coming weeks on how to deliver the effective organisation of the digital identity market. Through this consultation the government will work with industry, particularly with sectors who have frequent user identity interactions, to ensure interoperable ‘rules of the road’ for identity. To me, this sounds like a call for a trust framework of some kind but the Minister did not use those words.

  • The start of engagement on the commercial framework for consuming digital identities from the private sector for the period from April 2020 to ensure the continued delivery of public services. The Government Digital Service will continue to ensure alignment of commercial models that are adopted by the developing identity market to build a flourishing ecosystem that delivers value for everyone.

The Minister had a tight schedule was therefore unable to stay for my subsequent speech. I suggested that the idea of a general-purpose digital identity might be ambitious and a preferable strategy might be to look at who else could deliver the “digital identities from the private sector” used for the delivery of public services, which means delivering inclusive identity services with appropriate security at population scale. Perhaps DCMS has ensured that the UK taken a lead in this respect since, according to Sky News, “thanks to its ill-conceived porn block, the government has quietly blundered into the creation of a digital passport – then outsourced its development to private firms”. One of these firms runs the world’s largest pornography site, Pornhub, so I imagine they know a thing or two about population-scale identity management.

Identity Week Keynote

Assuming that the GOV.UK Verify identities fail to gain traction in the private sector, then I think there are two obvious private sector coalitions that might step in to do this for the government: the big banks and the big techs.

Big Banks

For a variety of reasons, I hope that the big banks are able to come together to  respond to the comments of Mark Carney, the Governor of the Bank of England, on the necessity for a digital identity in the finance sector to work with the banks to develop some sort of financial services passport. I made some practical suggestions about this earlier in the year and have continued to discuss the concept with potential stakeholders. I think it stacks up, but we’ll have to see how things develop. 

The reason why I’m so keen on this approach is that banks already do the hard work of establishing customer identities for know-your-customer (KYC) purposes but they don’t then do anything with it. So identity is a cost centre, when there is an opportunity for it to be a platform for new products and services. I’m not the only person who thought that the DCMS age verification legislation would be the trigger for a sophisticated federated privacy-enhancing bank-centric ID.

Modifications to open banking could allow bank customers to share data on their identity and their date of birth with third parties in a double-blind way that stops their bank from knowing the site they want to visit, or the site they’re visiting from knowing their identity.

From Don’t let the government’s porn block create a monopoly – 1828.

Well, whether it’s used for age verification or a pensions dashboard, I would have thought that what the European Commission Expert Group on Electronic Identification and Remote KYC Processes calls an “attribute-based LoA-rated KYC framework for the financial sector (ie, a financial services passport) would make a perfect post-Brexit stake-in-the-ground initiative to define the new era by boosting efficiency in the crucial Big Bank sector as well as providing a platform for new products and services for the Big Techs to develop. Talking of which…

Big Techs

I had the good fortune to attend more recent breakfast session with the Minister organised by the Cicero PR people. I have to say that the subject of digital identity came up more than once. There was considerable discussion (under the Chatham House rule) of both the priority of a UK digital identity infrastructure and the means by which it might come into existence. While I voiced my usual opinion that it should be the banks taking the lead, there were other people talking about alternative private sector providers.

It is clear, then, that if the banks can’t get it together then the big techs will  come knocking on the government’s door. I’ll readily admit that when the Minister said “private sector identities” in his speech, the first thought to flash across my brain was “Apple”. The public,  as well has civil servants in other departments who don’t really know or care about digital ID might be saying to themselves, “why can’t we just use ‘sign in with Apple’ to do our taxes?”, and this is a good point. Even if they are not saying it right now, they’ll be saying it soon as they get used to Apple’s mandate that all iOS apps that allow third-party sign-in must support it.

How would you use your Apple ID to log into HMRC? Easy: you log in as you do now after sending off for the password and waiting for it to come in the post and that sort of thing and then once you are connected tell them the Apple ID that you want to use in the future. If you want to be “jackdaniels@me.com” or whatever, it doesn’t matter. It’s just an identifier for the Revenue to recognise you. Then next time you go to log in to the Revenue, you log in as jackdaniels@me.com, something pops up on your iPhone and you put your thumb on it or look at it, and bingo you are logged in to fill out your PAYE without ever having to remember your taxpayer ID or government gateway passport ever again.

 

Incidentally, you could use this to log in at Pornhub too, because Apple have implemented a form of the persistent pseudonymity that I have long advocated as the core of a practical “privacy settlement”. So, as Wired magazine puts it, Apple’s universal login will let you hide your email address from third-party services. Unlike Facebook, Google and other services, Apple will randomly generate an email address on your behalf, and it then forward communications from the services that you sign up to on to your actual Apple ID address. I’m not joking about Apple delivering an infrastructure for the mass market instead of the government, it’s just that I thought that our forward-thinking innovation-centric banks would be the people to build on it. A couple of years ago I asked “Why doesn’t my bank put a token in my Apple Pay that doesn’t disclose my name or any other personal information… Keep my real identity safe in the vault, give me blank card to top shopping with”

The banks have a chance to to do this if the government, the Bank of England and industry bodies get together and work with them on it. But I wouldn’t be at all surprised to go over to the HMRC web site fairly soon to see “log in with Amazon” and “log in with Apple” next a button with some incomprehensible waffle about eIDAS that I, and most other normal consumers I’m sure, will simply ignore.