Mark Carney (and me) and digital ID

The governor of the Bank of England, the Canadian ex-Goldman Sachs economist Mr. Mark Carney, recently suggested that digital ID cards “would make it safer for people to access money online”. He is sort-of-correct. We do indeed need to do something to stop the relentless increase in identity-related fraud and scams (such as, for example, “man receives surprise message purporting to be from Mark Carney offering multimillion-dollar sum”) because we need to make substantial improvements in both the security and privacy of online financial services, as well as a step-change in convenience) and we need it urgently. 

I don’t think that a digital ID card is quite the solution though, because I prefer a more sophisticated solution that is based on digital identities for everything and multiple personae for transactional purposes, but that’s splitting hairs at high level. I am right behind Mr. Carney on the need for a solution, although I think he was wrong when he went on to say that such a scheme could also prove controversial and could “only be introduced by the Government rather than the Bank of England”. In my opinion he is mixing up the controversial idea of a national digital identity card of some kind (and he may well be unaware of the government’s decision to stop funding their gov.verify online identity scheme) with the uncontroversial notion of a some form of secure and convenient identity management for the purposes of interacting with regulated financial institutions.

Only a day after Mr. Carney’s remarks, the Emerging Payments Association (EPA) released its report on money laundering and payments-related financial crime, calling for UK financial institutions and payment processors to create a “national digital identity scheme to tackle these threats”. So let’s take this national digital identity for financial services and digital ID card for online identity checking in Mr. Carney’s terms and call the concept, for sake of brevity, the Financial Services Passport, or FSP.

I don’t know if Mr. Carney has read my 2014 book Identity is the New Money (still available from all good bookshops and Amazon), but in there I wrote that one very specific use of a digital identity infrastructure “should be to greatly reduce the cost and complexity of executing transactions in the UK by explicitly recognising that reputation will be the basis of trust and therefore transaction costs. The regulators should therefore set in motion plans for a Financial Services Passport”.

A few year ago, I spent some time as co-chair (with Ian Jenkins of Deloitte) of the techUK Financial Services Passport Working Group, I was working on the concept of a financial services passport with a bunch of smart people and no-one took the slightest interest in this obviously sensible concept and I do not remember observing any inclination by the UK’s banks to work together on it.

That techUK Working Group, incidentally, was created because of recommendations of an earlier techUK report “Towards a New Financial Services” developed through 2013. Section 3 of this report is actually called “Identity and Authentication: Time for a Digital Financial Services Passport”. The conclusion of that section was: 

There is clearly a need to look again at identity authentication in financial services. In addition to creating inconvenience for consumers, the current approach is expensive to maintain and inadequate in serving an increasingly digital financial services industry. As trusted authenticators of identity, a new standardised approach by financial services organisation could enable wider societal benefits, while also unlocking new opportunities for the industry. However, moving from the current fragmented identity infrastructure to a standardised financial services passport would require overcoming several challenges; from the competitive dynamics in financial services, to the extent and scope of liability, whilst simultaneously maintaining KYC and AML compliance.

In the first instance, the scope of a financial services passport needs to be more clearly defined. This requires a technology roadmap that can match objectives and requirements in managing digital identities in financial services with technical solutions and provide a feel for how trends may already be shaping the market in this space.

So what would a practical financial services passport actually look like? In the techUK discussions, we explored three broad architectures using the technology roadmap referred to above. 

  1. A centralised solution, some sort of KYC utility funded by the banks. This was seen as being the cheapest solution, but with some problems of governance and control. It could also be a single point of failure for the financial system and therefore unwise given that we are now in a cyberwar without end.

  2. A decentralised “blockchain” (it wouldn’t really be a blockchain, of course, it would be some form of shared ledger) where financial institutions (and regulators) would operate the nodes and all of the identity crud (“create, read, update and delete”) would be recorded permanently.

  3. A federated solution where each bank would be responsible for managing the identities of its own customers and providing relevant information to other banks as and when required. 

At the time, I thought that the third option was probably best but I’m open to rational debate around the topic. The way that I envisage this working was straightforward: my bank creates a financial services passport using the KYC data that it already has and “stamps” the passport with a minimum set of attributes needed to enable transactions. So Barclays would create an FSP for me. Then, when I go to Nationwide to apply for a mortgage, I could present that FSP to Nationwide and save them (and me) the time, trouble and cost of KYC. Instead of asking me for my bank account details, home address and inside leg measurement, Nationwide can use the stamps in my passport.

As I recall, the technology bit of this was easy but there were two discussions about this that were difficult. One was about liability (I advocate the “Identrust model” of transaction liability) and the other was about payment (I advocate an interchange model where the organisation using the passport pays the passport originator).

Let’s just say for sake of argument though that in response to Mr. Carney’s comments, the FCA decided on a federated solution using the three-domain identity (3DID) model. It would look like this:

3DID Bank Framework

 

All of the standards and technologies needed to make this happen already exist except in one area. The banks already do the KYC in the Identification Domain, we have FIDO and biometrics and mandatory Secure Customer Authentication (SCA) in the Authentication Domain and the tools that we need in the Authorisation Domain.

Let’s imagine that the digital identity is, basically, a key pair. In this case, the virtual identity is then a public key certificate that carries the attributes – the data about a person – that is necessary to enable transactions, as shown below. The attributes are digitally-signed by organisations that are trusted. This is where we need some standardisation to define attributes (eg, IS_A_PERSON, IS_OVER_18, HAS_OVERDRAFT_AGREEMENT or whatever). Were the Bank of England to make the banks get their act together and start doing something about this, maybe they could do what they did for Open Banking and set up an Financial Passport Implementation Entity (FPIE) to draw up the formats and standards for Persona that can be used by developers to start work right away.

Virtual Financial Services

Note that this special case, where the virtual identity is the same as the “real” identity is only one case. Barclays and others might well give me (or charge me for) other virtual identities, with the most obvious example being an “adult” identity that does not contain any personally-identifiable information for use in internet dating and so on.

In 2014, I wrote “what about a financial services passport?”. It is a testament to the power of my writing and my great influence in the financial services community that it has taken a mere five years for this idea to reach the governor and for him to put it forward as a way to “harmonise the various different systems of online identity checking”. Let’s hope that more people listen to him than listened to me.

Friday thought experiment: Mac-PESA

I”m very wary of promulgating the “political correctness gone mad” meme, as it is so often a lazy reactionary knee-jerk response to changing times, but I could not resist tweeting about the news that a British police force launched an investigation after a man claimed he had been the victim of a “hate crime” when… a branch of the Post Office refused to accept his Scottish banknote. This incident has now indeed entered our official statistics as a hate crime.

Frankly, this is mental. Scottish banknotes are not legal tender, even in Scotland, as I have explained before. The Post Office is no more obliged to accept a Scottish Fiver than it is to accept Euros, gold or cowrie shells. The story did, however, cause me to reflect on what will happen when, post-Brexit, Scotland votes to leave the UK. Will Scotland then join the euro or create its own currency?

As supporters of Scottish independence insist, once Scotland becomes an independent country, it will be responsible for managing its currency in the same way that every other country that has its own currency is responsible for managing. But how should the Scots go about creating this currency? Surely messing around with notes and coins, other than for post-functional symbolic purposes, is a total waste of time and money.

A much better idea would be to go straight to the modern age and create Mac-PESA, which would be a digital money system rather like Kenya’s M-PESA with with a few crucial enhancements to take advantage of new technology. M-PESA, as a post on the Harvard Business School blog says, is “the protagonist in a tale of global prosperity to which we all can look for lessons on the impact of market-creating innovations”, going on to say that its “roots are far more humble”. They are indeed, and if you are interested in learning more about them, I wrote a detailed post about the origins of M-PESA (and Consult Hyperion’s role in the shaping of this amazing scheme) and the success factors.

The most important of these was the role of regulator: the Central Bank of Kenya (CBK) didn’t ban it. Conversely, one of the reason for the slow take-up of mobile payments (and the related slow improvement in financial inclusion) in other countries was the regulators’ insistence that banks be involved in the development and delivery of mobile payment schemes. The results were predictable. (Here’s a post from a few years ago looking at the situation in India, for example).

Anyway, back to M-PESA. It is an amazing success. But it is not perfect. In recent times it has gone down, leaving millions of customers unable to receive or send money. These failures cost the economy significant sums (billions of shillings), which not not surprising when you remember that M-PESA moves around 16 billion Kenyan shillings per day. So when it drops out, it leaves customers hanging, it leaves agents losing revenue and it leaves the banks unable to transact.

It is now vital national infrastructure, just as Mac-PESA would be.

So what if there were no system in the middle to go down any more? What if the telco, regulator and banks were to co-operate on a Enterprise Shared Ledger (ESL) solution where the nodes all have a copy of the ledger and take part in a consensus process to commit transactions to that ledger?

Do the math, as our American cousins say. Suppose there are 10,000 agents across Scotland with 100 “super agents” (network aggregators) managing 100 agents each. Suppose there are 10m customers (there are currently around 20m in Kenya, which has ten times the population of Scotland). Suppose a customer’s Mac-PESA balance and associated flags/status are 100 bytes.

So that’s 10^2 bytes * 10^6 customers, which is 10^8 bytes, or 10^5 kilobytes or 10^2 megabytes. In computer terms, this is nothing. 100Mbytes? My phone can store multiples of this, no problem.

In other other words, you could imagine a distributed Mac-PESA where every agent could store every balance. You could even imagine, thanks to the miracles of homomorphic encryption, that every agent’s node could store every customers’ balance without actually being able to read those balances. So when Alice sends Bob 10 Thistles (the currency of the independent Scotland), Alice connect to any agent node (the phone would have a random list of agents – if it can’t connect to one, it just connects to another) which then decrements her encrypted balance by 10 and increments Bob’s encrypted balance by 10, then sends the transaction off into the network so that everyone’s ledger gets updated.

You can have a 24/7 365 scheme without having a Mac-PESA system in the middle. When you make a transaction with your handset, it gets routed to a superagent who decrements your balance, increments your payee’s balance, and then transmits the new balances (all digitally-signed of course) to the other superagents.

 

It would be a bit like making an ATM network where every ATM knows the balance of every debit card. No switch or authorisation server to go down. And if an ATM goes down, so what? When it comes back up, it can resynch itself.

So please, someone challenge me on this. As a thought experiment, why not have Scotland grab a world-leading position by shifting to a Central Bank Digital Currency (CBDC) based on a shared ledger. I very much agree with the Bank of England’s view of such a thing, which is that the real innovation might come from the programmability of such a currency. This would be money with apps and an API, and I would hope that innovators across Scotland and beyond would use it create great new products and services.

Ten more years

We’ve just had Bitcoin’s tenth birthday, so like most other electronic payment aficionados I’ve been mulling over the trajectory of the noted peer-to-peer electronic cash system. My interest in it goes back long way. I was  invited to speak to the first European Bitcoin conference in Prague back in 2011 having previously given perspectives on the project — in blogs, magazines and even on BBC radio — that were not especially enthusiastic. As an example, in Prospect Magazine back in 2011 I wrote “while many of us would like currency management taken away from governments, that doesn’t mean an unmanaged solution will be any better”.

That Prague conference was therefore an opportunity for me to learn more about Bitcoin and the Bitcoin community as well as to test my arguments with an informed crowd. My views didn’t change – I still didn’t think Bitcoin would crack the mass market – but looking back on it now is a fascinating slice of early Bitcoin life.

In the first presentation, Sergey Kurtsev from IMCEX said that anonymity is misunderstood and that the public don’t need it. I was upset about this, not because he was absolutely correct about it, but because it was going to be the subject of my talk in the afternoon. So it led to some emergency last-minute Keynote acrobatics on my part!

Amir Taaki from the Bitcoin Consultancy gave a presentation that was quite wide-ranging so I will use that presentation as a peg to hang a few comments on. He said, essentially, that there were three problems with Bitcoin: the marketplace, the technology and finance.

  1. Marketplace. Amir said that consumers had no reason to use Bitcoin because attributes that Bitcoin projects (such as that anonymity) are not valued by consumers and the merchants obviously don’t see enough value to drive consumers towards it. I don’t see that anything has changed in the last decade. As I pointed out in 2015, if there’s no demand for Bitcoin for porn, then there’s no future for it as a means of exchange!

  2. Technology. There were scale issues, as people much cleverer than me (e.g., Ben Laurie) pointed out at the very beginning, but the key technology issue was that it was hard to use. Now it’s a bit easier because you have a variety of Bitcoin wallets to choose from.

  3. Finance. Amir made a point about “compromising events”. He said that if you want people to hold Bitcoins instead of dollars or gold, they have to have real faith. Every time they read about exchanges crashing and money vanishing that becomes more unlikely. As I have posted with wearying repetition on Twitter across the last decade “help I want my anonymous, untraceable digital cash back!”.

When it came to my talk (which you can see below), I did try to make constructive criticism. I tried to highlight some areas of commerce where the existing mass market solutions might be vulnerable to well-crafted alternatives (e.g., social networking, games, kids) or where a significant improvement in security would generate value.

 

( I also emphasis, as I recall, that any realistic mass-market solution must be mobile-centric.)

Overall, as I’d previously written, I was unconvinced that Bitcoin would make a good currency or scale into the mainstream economy, mainly because the anonymity that was the attractive feature to the early-adopting bitcoiners was not attractive to the mass market. I still don’t see any traction for Bitcoin in the mass market. Back in 2015, I set off to visit Swindon on the 20th anniversary of the launch of the UK Mondex scheme (an offline, smartcard-based form of electronic cash) and discovered a shop advertising that they accepted Bitcoin. But when I attempted to pay with Mr. Nakamoto’s peer-to-peer electronic cash system, no-one could remember the password and when I asked to speak to the manager, he told me that no customer had ever asked to pay with Bitcoin anyway. 

Bitcoin at POS in Swindon

 

(Swindon, once twinned with Disney World, is the epicentre and bellwether of the transition to new forms of money. In two decades it went from a place where no-one used Mondex to a place where no-one used Bitcoin.)

More interestingly, with the perspective of hindsight, a couple of the speakers at the event suggested creating a scheme on top of Bitcoin rather than use Bitcoin itself, which to my mind adumbrates the evolution of the token, which I do think has more chance of success. I wrote about this last year, saying that I see Bitcoin and its cousins not as prototypes but as a base layer that will be used by some, but not by most, people to make real transactions in the future. I think most transactions will take place at the token layer, exchanging bearer assets over an efficient (no clearing or settlement) transaction layer.

So the blockchain is new and so on… and yet… the idea of a trading “money like” instruments without clearing and settlement is hugely appealing. This not on idealogical grounds but on economic ones: it’s cheaper.

Whether the transaction layer underneath will be Bitcoin or not is anyone’s guess, although I suspect it will not. If the function of the transaction layer is to be a global, shared resource for security infrastructure then the protocol will surely need to be optimised in that direction and the operations will surely need to be organised in such a way as to prevent any well-funded (at the National State level) attacker from being able to control sufficient of the necessary resources to subvert or disrupt that infrastructure. No-one is going to move their stock market over to a platform where trading might be disrupted by crypto-kitties.

Brexit, Dr. Who and Digital Identity

You are probably all sick of reading, hearing and dreaming about Brexit by now and I certainly do not propose to comment on whether no deal is better than a bad deal or whether the blockchain can create a virtual hard border for Northern Ireland, but there is one potential implication of Brexit that I do want to flag up here for discussion. Brexit may restart the discussion about ID cards.

To give just one instance of this meme, The Independent looked at a report from the think-tank Policy Exchange and said that “the UK should consider introducing ID cards after Brexit… it argues that Brexit marks a natural point at which to reform the UK’s immigration system”.

(The think tank Global Future went even further, saying that “the introduction of electronic identity cards would address many voters’ concerns about immigration without the need for Brexit.)

The Policy Exchange report was written by David Goodhart and Richard Norrie, and what they actually called for in the report is the creation of (essentially) a population register, giving everyone a unique number to facilitate interaction with the state. They say explicitly that the system “should not require a physical ID card, let alone the obligation to carry one”. In that newspaper article on the report, David goes on to say that they want to reopen the debate about ID management to “reassure people that we know who is in the country, for how long, and what their entitlements are”. It’s my emphasis on that word “entitlements”, and I’ll come back to it in a moment.

I wrote an article about identity cards for David when he was the editor of Prospect magazine, way back in 2005, in which I said that some form of citizen register “is clearly a good idea”. I wrote another article for him back in 2007, in which I said that the (then Labour) government should radically rethink its ID scheme, moving away from the obsession with ID cards and “focus instead on allocating a unique national identity number, backed by biometrics, to each citizen—that is all that needs to be held in a national register”. Nobody listened to me (except David!) and I do not recall ever being consulted on the topic by the government.

Anyway, the point of my writing all those years ago (and I also covered the topic in my book Identity is the New Money in 2014) was to separate the register that is used to determine uniqueness from the scheme that is used to determine entitlements. I think my general point and about moving to entitlements and leaving personally-identifiable information (PII) out of transactions has been not only borne out but reinforced by GDPR and subsequent developments in the world of social media.

Brexit bootstrap

If Brexit means an opportunity to rethink at the national level, but this time involve some expert opinion, I’m all for it. As I have written before at tedious length, we do not need a national identity scheme, we need a national entitlement scheme. And now is the time to starting thinking about what it might look like. So here go. As David touches on with his comment, the real solution is to our 21st-century identity crisis not an Indian-style Aadhar identity number or a Chinese social score, but a general-purpose National Entitlement System (NES). Very few people reading either the Policy Exchange report or this blog will remember the long ago days before the last Labour government’s attempts to introduce a national identity card, but there was a time when there were consultations afoot around a much better idea, which was a national entitlement card. As my colleague Neil McEvoy and I pointed out in Consult Hyperion’s response to that consultation, the “card” is only one mechanism for storing and transporting entitlements and in the modern age there might be better ones, such as mobile phones for example, that can not only present credentials but, crucially, also validate them (a subject I will return to).

Suppose that the vision for national identity (based on the concepts of social graph, mobile authentication, pseudonyms and so on) focused on the entitlements rather than on either the transport mechanism or biographical details? Then, as a user of the scheme, I might have an entitlement to (for example) health care, Wetherspoons or access to the Wall Street Journal online. I might have these entitlements on my phone (so that’s the overwhelming majority of the population taken care of) or stored somewhere safe (eg, in my bank) or out on a blockchain somewhere. Remember, these entitlements would attest to my ability to do something: they would prove that I am entitled to do something (access the NHS, drink in the pub, read about Donald Trump), not who I am. They are about entitlement, not identity as a proxy for entitlement.

It can be done

A decade ago I set out a vision for a 21st-century identity card. I tried to make it a vision that the public and the government and journalists and think tanks and everyone else could understand. It was a vision with genuine innovation and potential that subsequent technological developments have served only to sharpen. I tried to build a narrative founded in mass media because that’s where MPs and their spads get their science and technology education from (they are all arts graduates, so their knowledge of STEM is limited). This led me to suggest that in this matter, as in so many other things, Dr. Who should be the guide.

Just as Motorola famously created the flip phone around the Star Trek communicator, I created a vision of an entitlement service around Dr. Who’s psychic paper. As any devotee of the BBC’s wonderful series knows, the psychic paper shows the “inspector” whatever it is that they need to see. If the border guard is looking for a British passport, the psychic paper looks like a British passport. If the customs officer on Alpha Centuri wants to see a Betelguesian quarantine certificate, the psychic paper looks like a Betelguesian quarantine certificate. It the bouncer is looking for a party invite (as shown in the picture below), the psychic paper looks like a party invite.

200806171440.jpg

Christopher Ecclestone flashes psychic paper.

(I remain completely serious using Dr. Who to frame the narrative. It may seem a little odd to base a major piece of national infrastructure on a children’s TV series, but as it turned out I was not the only person to look in this direction because the BBC fan forum the no-longer-online “Torchwood Think Tank” had the suggestion back in January 2007, noting “dialogue joke about wish fulfillment of Doctor Who’s Psychic I.D. card he flashes in Season 3, and how that’s the future of ID cards…”.)

We all grew up with Dr. Who, and the show engenders warm nostalgia. Now, obviously, there’s an age-related component to this. My favourite monsters were the cybermen and I always wanted to work for Brigadier-General Lethbridge-Stewart, so that gives my age away, but my kids enjoyed the show just as much and I’m sure the current generation are enjoying our new lady doctor just as much. Dr. Who is the perfect mechanism for explaining technology the public and to MPs and Ministers. However, “a national entitlement scheme” sounds a bit 1950s and a “psychic paper scheme” sounds too much like science-fiction, so I’ve decided to re-label it: welcome to the Brexit Bona Fides scheme.

Brexit bona fides

This is how the Brexit Bona Fides scheme works. Unlike Dr. Who’s psychic paper, this post-Brexit version of psychic paper only shows the viewer what he or she wants to see if the holder has the relevant credential. If you are trying to get into a nightclub, you need to prove to the bouncer that you are over 18. The bouncer is looking for a credential that proves you are over 18. You show your psychic paper to the bouncer and all it reveals to the bouncer is whether you are over 18 or not. All the bouncer sees is that you are old enough to drink. Provided you are over 18, of course. If you are not, the psychic paper remains blank, as shown below

nightclub

You cannot forge this credential because it is digitally-signed by the issuer. If a 16-year old copies an 18-year old’s certificate into their psychic paper, it won’t work, because the incoming messages will be encrypted using the 18-year old’s public key, but the 16-year old lacks the corresponding private key (which can’t be copied because it’s never given up by the psychic paper — sorry, iPhone secure element). Since transmitting the photograph and appropriate credentials directly into the brain of the nightclub bouncer isn’t possible, we will of course need to use some kind of clever communication device instead. Luckily, just such a device already exists: the mobile phone.

My mobile phone would be able to check the entitlements that it is allowed to when presented by your phone, so none of us would need special equipment. I show up with my phone and claim that I am entitled to vote: my phone presents a QR code that is read by the polling clerk’s phone which flashes up my picture if I am entitled to vote or a red cross if I am not. I walk up to Wetherspoons and the pub requests an IS_OVER_18 credential. My Apple Watch (or phone or whatever) presents a list of virtual identities that have such a credential digitally-signed by an authority acceptable to Wetherspoons (ie, one that they can sue if I’m under 18) and, assuming that I’ve chosen one that is valid, my picture pops up on the bouncer’s Apple Watch. If I don’t have such a credential, the bouncer sees a skulls and crossbones or something. The customer never sees any of the jiggery-pokery hiding their personally identifiable information (PII). In 99 out of 100 cases, displaying your photograph is the only authentication required: There’s no need for the supermarket to check your fingerprints, for the doctor to demand a PIN or for the pub to take a DNA sample.

Watch Narrative Graphic

This isn’t really magic, or even that complicated. It’s all done using standard contactless communications, standard cryptography, standard protocols, standard chips, cards, phones and photos. Incidentally, after writing many year ago about how we could implement a psychic ID card using the same contactless technology as is used in Oyster cards, I literally fell off my sofa after settling down to watch a long ago Dr. Who Easter special only to see the BBC steal my idea! Yes, Dr. Who got on a London bus using his psychic ID card (see video here), clearly demonstrating that it has an ISO 14443 interface that can fool machinery as well as the psychic interface that can fool people.

Meanwhile, back in the real world… note that when using Brexit Bona Fides, no-one can read your psychic paper — no-one can check your Bona Fides* — unless they are allowed to and when they are allowed to, and all they can see is what they are allowed to see. No more showing the guy in the pub your name, date and place of birth and goodness knows what else just to prove you are 18. Under the hood, it’s all done using keys and certificates, credentials and local authentication: The nightclub bouncer has had to obtain a digital certificate that allows him to interrogate your ID card. His phone sends the certificate to your ID card. The ID card checks it, sees that it is asking for a proof of age. It sends back your photograph, digitally-signed (that’s how his phone knows it’s a real ID card, because it can check this signature). If you’re not old enough to drink, it sends back a digitally-signed red cross (or whatever).

Bona Fides will show the GP your health service number but only if you have the right to NHS healthcare, otherwise it will be blank. Bona Fides will show the employer your national insurance number (but only if you have the right to work in the U.K.). Bona Fides will show the pub absolutely nothing except your photograph (but only if you are old enough to drink). So this is a user-friendly way to implement all of the privacy-enhancing technologies that we would like to see incorporated in a modern national identity card scheme: sector-specific identifiers, pseudonyms, mutual authentication.

 

Now, this may have sounded far-fetched back in 2005, but let me point you to the new Louisiana smart driving licence. As a couple my LinkedIn contacts pointed out, this implements some of the key psychic ID concepts.

  • The smart driving licence app means that a holder can authenticate another person’s Louisiana digital driver’s license.

  • In the bar case study, it allows the customer to select which information she would like to reveal to the bartender—such as that she is over 21. That information is displayed on the phone with a photo and embedded QR code. The bartender scans the code with her app, which tells her that the woman seated on the other side of the bar is indeed over 21. None of the customer’s personal information, such as her name, birth date, or address, is displayed or stored on the bartender’s phone.

Given the the need exists, the vision exists and the implementation is demonstrably feasible, perhaps the trigger of Brexit can give us the digital identity infrastructure that our nation so desperately needs and the lack of which is such a source of friction and inefficiency.

Security and privacy

This is a way to deliver an identity scheme that provides both more security and more privacy. It does not need a big database with everyone’s details and it does not need expensive, custom-built, specialist equipment. In that 2005 piece for Prospect magazine I argued that that the government’s vision for the proposed ID card scheme was tragically out of date and backward-looking. Even the pressure group No2ID were nice about me, saying that that I was someone in favour of an ID scheme who actually knew what I was talking about but “unfortunately his preferred scheme is incompatible with the Government’s plans”. Indeed it was, but that didn’t matter because the scheme was scrapped by the next government anyway.

Writing about this kind of entitlement scheme a few years ago, I thought that a national plan to finally do something useful about identity might obtain “parasitic vitality” (to use one of my favourite ID phrases) from the specific issue of voter ID. Maybe electronic voting could have been a focus to get the gov.verify scheme a flagship project  and get the public and private sector working together to deliver an infrastructure that will be of benefit to all. None of this ever happened and gov.verify has gone, essentially, nowhere. So why am I still going on about this! Well, David Goodhart’s new report and other media comment has set me thinking that Brexit might finally provide the stimulus needed to develop the world’s first 21st century identity scheme. Not digitised identity, but real digital identity. Implemented correctly, it could make the UK a better place to work and play in a relatively short time.

* Bona Fides, for those of you who went to state schools as I did, is a Latin phrase meaning “good faith”. My dictionary definition says that bona fides documentary evidence showing that a person is what they claim to be. Note not who they claim to be, but what they claim to be. It gives the usage “credentials, as in he set about checking Loretta’s bona fides”. I’ll go and register the domain “bonafid.es” right now.

CBDC is a black and white issue

I was reading J.P. Koning’s excellent paper [PDF] on Central Bank Digital Currency (CDBC) for Brazil and came across his reference in passing to Narayana Kocherlakota, former CEO of the Federal Reserve Bank of Minneapolis, who wrote (in 2016) that economists do not know very much about the topic of anonymity and “calls for the profession to model it more systematically”. I think this is a really critical point, because the decision about where to set the anonymity dial for a cash replacement product is an important one, and not one that should be left to technologists.

This decision is discussed in the context of implementing a digital fiat currency of one form or another. The paper explores three ways to implement a CBDC for Brazil.

  1. MoedaElectronico (Electronic Cash): this is the most cash-like of the three CBDCs. It pays neither positive interest nor docks negative interest and is anonymous. Like cash, it is a bearer token.

  2. ContaBCB (BCBAccounts): this is the most account-based of the three templates. Ac- counts are non-anonymous and pay interest, like a normal bank account.

  3. MoedaHíbrida (Hybridcoins): provides a mix of cash and account-like features, including the ability to pay a varying positive and negative interest rate, while offering users the choice between anonymity or not. 

Now, the first two are well-known and well-understood. I wrote about them again last month (I’ve discussed “BritCoin” and “BritPESA” several times before), in a comment on Christine Lagarde’s speech [15Mb: Central banks, tokens and privacy] and I don’t propose to look at them further here. It’s that last example that interests me.

Let’s go back to that point about anonymity. In the paper J.P. says that the case can also be made for a permanently negative interest rate on anonymous CBDC. Why? Well, since we all understand that criminality and tax evasion impose costs on society, it may be worthwhile to design anonymous payments systems in a way that recoups some of the costs these activities impose.

In other words, construct a cash replacement in which anonymous transactions cost more than non-anonymous transactions. One way to do this, which is referenced by J.P. in his paper, was the “Crime Pays System” or CPS as conceived by the artist Austin Houldsworth. Austin is most well-known for designing the cover of my book “Before Babylon, Beyond Bitcoin” of course, but he also ran the Future of Money Design Award for Consult Hyperion’s annual Tomorrow’s Transactions Forum for many years. Oh, and he was awarded a Ph.D by the Royal College of Art (RCA). It was his idea to have me present CPS at the British Computer Society (BCS). We had my alter ego set out the new payment system to an unsuspecting audience who, I have to say, were excellent sports about the whole thing! It turned out to be an entertaining and enlightening experience (you can read more and see the video here).

Cps bcs

In CPS, digital payments would be either “light” or “dark”. The default transaction type would be light and free to the end users. All transaction histories would be uploaded to a public space (we were, of course, thinking about the Bitcoin blockchain here) which would allow anybody anywhere to view the transaction details. The alternative transaction type would be dark. With this option advanced cryptographic techniques would make the payment completely invisible with a small levy in the region of 10% to 20% would be paid per transaction.

The system would therefore offer privacy for your finances at a reasonable price. The revenue generated from the use of this system would be taken by the government to substitute for the loss of taxes in the dark economy.

What a cool idea.

Now, at the time it was just a concept. We didn’t spend much time thinking about how it would actually work (I was basing the pretend implementation for the BCS presentation on Chaumian blinding a la Digicash, hence this gratuitous picture of me influencing David in Vegas.)

David Chaum las vegas 2018

That was then. In the meantime, however, along came ZCash and the mechanism of shielded and unshielded transactions that J.P. has used as the basis for MoedaHíbrida’s two different modes. If the user decides to hold shielded (ie, dark) MoedaHíbrida tokens, then all transactions made with those tokens are completely anonymous and untrackable. The user can decide to unshield his or her MoedaHíbrida tokens so that all transactions can be seen (ie, light).

Offering users the choice of anonymity but making them pay for is a radical solution but I’m with J.P. in thinking that it deserves attention. What I think is very clever about using negative interest rates (which had never occurred to me) is that it allows for anonymous transactions without imposing a transaction friction, thus providing the cash substitute in the marketplace, but it penalises the stashing of anonymous cash. The negative interest rate means that dark tokens will be subject to a negative interest rate of, say -5% per annum, while light tokens will receive a competitive SELIC-linked interest rate.

Whether or not this is the way forward I or not, it is a line of thought that deserves serious examination in the context of CBDC design. If it is considered important to society to provide anonymous means of exchange, then the “tax” on the anonymous store of value seems a reasonable way to distribute the costs and benefits for society as whole.

We need to go cashless, not drift into cashlessness

Having just been to China for Money2020 and having experienced at first hand the operation of a cashless society, I’ve even thinking (again) about the design of cash-replacement payment systems for a range of perspectives, using China as a case study. The first point to make is that people in China are well aware of what happens to when society switches from anonymous cash to not-anonymous (I can’t think of a suitable antonym) electronic payments. As observed in the Financial Times, “that scale of data accumulation is beyond our imagination”. The Chinese woman making this comment (while observing that despite her concerns about privacy, mobile payments are too convenient to opt out of) goes on to say (somewhat poetically, in my opinion) that she cannot tell whether her compatriots are “constructing a futurist society or a cage for ourselves”

Not everyone in China is part of this revolution, of course. The World Bank Global Findex database, which measures financial inclusion, estimates that as of lat year some some 200 million Chinese rural citizens remain unbanked, or outside of the formal financial system. As in Sweden, the shift toward cashless is raising issues around exclusion and marginalisation.

There are, for example, supermarkets with different lanes for cash or cashless payments that act as physical manifestation of social stratification between, as Foreign Policy notes, the young and the old and between the urban middle class and those left behind (between, as David Goodhart would put it, the “anywhere” and the “somewheres”). I’ve written before that we will see the same in the UK as cash vanishes from middle class life to become the preserve of the rich and the poor who will use it for tax evasion and budgeting respectively. A “Which” survey found that over 75% of low-income households rely on cash, as well as over 80% of elderly households. The shift to cashless society must be planned to help these groups so that they share in the benefits of cashlessness.

Woking going cashless

Cash is vanishing even in Woking.

I think we should start to plan for this now. In China, as in Sweden (where the New York Times observes that “cash is disappearing in the country faster than anyone thought it would“), we are beginning to see what happens to societies that slide into cashlessness. I am against this. That is, I am in favour of cashlessness, but I am in favour of it as a policy decision by society that is implemented to meet society’s goals. I couldn’t disagree more with the Wall Street Journal’s view that the move to cashless society “should be left to technological advancement”. No, it should not. This is a matter of great importance and with significant implications for society. The strategy should therefore be set by society, not by technologists.

Now, clearly, technological advances deliver new possibilities to policymakers and it is good for technologists to explore these possibilities. But, as they say, just because something can be done does not mean it should be done. We need a proper debate and a regulatory envelope set out to move forward. I wonder if we might seize the opportunity and set down a technological marker for post-Brexit Britain by declaring that cash will be irrelevant in the UK in a a decade. That is, anyone who needs to pay for anything will be able to do so electronically and that anyone who does not want to pay electronically will be presented with a method for paying in cash, albeit one that they have to pay for like (like cheques).

This must mean that in parallel we must set a national goal to provide a free at the point of use electronic payments infrastructure for everyone. Otherwise we’ll end up where they are in America, where jurisdictions are trying to ban cashlessness (and thus keep the cost of the payment system high, especially for the poor) in the name of social justice. In New York, Congressman Ritchie Torres has put forward proposals to force businesses to accept cash and called them a a “new frontier” of anti-discrimination law that is needed to prevent a “gentrification of the marketplace”. Similarly, as the Washington Post reports, lawmakers in the nation’s capital have introduced a similar bill. A council member there said that by refusing cash businesses are “effectively telling lower-income and younger patrons that they are not welcome”. Maybe, but if so it’s only because those demographics don’t spend enough to provide the margin needed to cover the cost of cash.

It’s time to start thinking about what the requirements for that infrastructure are and consulting consumer organisations, businesses and government departments on their needs. We need to make a cashless Britain, not simply allow a cashless Britain.

Davo Polo

I set off for Hangzhou  and Money2020 China as a modern-day Marco Polo, intent on coming back home to regale the subjects of Her Majesty with fanciful tales of a far-away place where people use their mobile phones to pay for things and nobody uses paper money any more, much as Marco Polo himself would have regaled the inhabitants of Venice with his tales of (as it happens, the same) far-away place where people used paper money to pay for things and nobody used copper bars, cowrie shells or coins any more.

Money2020 China 18 - 22 of 28

Hanging with Tracey Davies, the President of Money2020.

My travels were a lot easier than Marco’s because for one thing I was able to fly directly to Shanghai whereas it took him years to get there and for another thing because everyone (and I mean everyone) has a smartphone, and their smartphones all have translation applications that convert spoken English to written Chinese and spoken Chinese to written English. My first experience of this was at Shanghai airport when the driver meeting me spoke into his phone and then presented me with a screen saying “do you know this person?” and holding up a sign with “Chris Skinner” on it. Naturally, I took the phone and said into the microphone “no, I’ve never heard of him and I’ve never read any of his books either” but it was too late as the driver had just seen him in arrivals.

Money2020 China 18 - 3 of 28

 

Flying the flag for Brexit Britain

My first step on the road to amazing my peers back home was to get a working AliPay or WeChat account. I’d forgotten my AliPay password so I decided to sign up for a new account. Unfortunately you can’t get an AliPay account with a UK phone number. An American phone number, yes. An Australian phone number, no problem. A Burkina Faso phone number, Bob’s your uncle.

Money2020 China 18 - 2 of 28

 

Alipay options

As it seemed like a UK phone number was beyond the pale, I decided to get WeChat instead. I activated my WeChat money function by linking my account to a couple of my credit cards.

Money2020 China 18 - 9 of 28

Activiating WeChat Money

None of my cards worked in this context, but it didn’t matter because once the money function is activated you can just give people cash and ask them to send the same amount via WeChat, thus topping up via a system of human Qiwi terminals. One of the women that kindly agreed to do this for me, on being handed a couple of RMB 100 notes, told me that it was the first time she’d touched paper money for at least a year.

Money2020 China 18 - 5 of 28

Woot! You can pay me using WeChat right now if you want to.

(China was the first in to printed means of exchange and they are close to being first out, close to being the first nation-state where notes and coins are economically irrelevant and post-functional cash will be the only kind most people ever possess. It looks as if China’s 800 year experiment with paper money will soon be over.)

Actually, it turns out that my stories of mobile phone payments are almost completely uninteresting – I wish you’d told me before, frankly – because everyone has now heard about WeChat and AliPay, everyone understands the transformational nature of their payments platforms and everyone has seen the ubiquity of QR  codes. The one time we tried to use NFC, ApplePay and that totem of Western Civilisation, the iPhone (which is, of course, made in China) to pay for something, it didn’t work. App and pay, frankly, is beating tap and pay.

Money2020 China 18 - 20 of 28

A payment expert witnesses the failure of tap-and-pay

(China was early into NFC, with China Mobile doing plenty of experiments in the field. Further back, Hong Kong was the birthplace of the contactless mass transit card, the Octopus scheme. I note that the Hong Kong MTA has just awarded a contract for QR code ticketing. It looks as if China’s 25 year experiment with contactless will soon be over.)

Money2020 China 18 - 14 of 28

Ron Kalifa talking about value-added merchant services

As for the conference itself, I particularly enjoyed Worldpay vice-chairman Ron Kalifa’s fireside chat. He said that in general people were underestimating the impact of open banking and I am certain that he is right. He also presented Worldpay’s annual report on payment trends worldwide, which was very interesting as you might expect.

One of the factors central to the evolution of payments is security and so I always enjoy presentations around fraud. In China, these have scary large numbers attached to them, but you have to take into account the size of the Chinese economy. According to the back of my envelope, Chinese cybercrime losses are lower than in many other countries.

Money2020 China 18 - 26 of 28

Real, and scary, fraud numbers

Given the widespread use of scores of one form or another to determine trustworthiness it is no coincidence that China sees a rise in frauds relating to the manipulation of these scores. Without commenting on the benefits or otherwise of such models (most Brits, myself included, can only think of Black Mirror when social scores are discussed) it is worth making the point that preventing “gaming” of these scores while preserving individual privacy means dealing with paradoxes that might well be resolved through the use of cryptographic techniques that have no conventional analogues and are therefore difficult for policymakers to bear in mind.

Money2020 China 18 - 27 of 28

Reputation fraud in action

Most of what I found thought-provoking, both in the presentations and the water cooler discussions, was to do with business models rather than new technologies. The new technology that fascinated me most was the toilet in my hotel room. The lid opens automatically when you walk into the smallest room and once you have settled onto the warmed and padded seat you are faced with a control panel (shown below) that gives access to a variety of functions, all of them wonderful. Next time someone tells you that a cashless economy is as likely as a paperless bathroom, tell them that I’ve experienced both, and they are both awesome.

Money2020 China 18 - 1 of 28

Toilet 2.0

The new business models emerging in a regulated, platform-centric, dynamic market are what we should be studying. We might choose to implement some of these models in a slightly different way taking into account the varying cultural norms around security and privacy, but the idea of separating payments from banking and then turning payments into platforms, and then using these platforms to acquire customers at scale for other businesses is certainly very interesting.

Money2020 China 18 - 18 of 28  

This is what a smartphone-centric platform looks like

These new models, of course, centre on data and value-adding using that data. When people pay for everything with their mobile phone, they lay down a seam of data that is waiting to be mined. Despite this, the convenience of the mobile-centre platforms is so great that people are clearly willing to put privacy concerns to one side. I chaired a great session on privacy with CashShield, Symphony and eCreditPal with, I think, gave out a very comforting message: if you build services with privacy in the first place, then actually complying with GDPR and other global regulations is actually not that much of a problem.

Money2020 China 18 - 25 of 28

 

One more thing that struck me about the context for these developments that it seems to me that China is making its e-money regulation more like the EU’s. With an EU electronic money licence, the organisations holding the funds must keep them in Tier 1 capital and are not allowed to gamble the customer’s money, whereas in China there was no such restriction. Now the People’s Bank has said that from January 2019 the Chinese operators will have to hold a 100% reserve in non-interest bearing deposits at a commercial banks, a decision that will likely cost the main players (Tencent and Alipay) a billion dollars or so in revenue.

Anyway, a big thank you to the Money2020 for giving me the opportunity to take part in this event! It was lovely to meet so many new people and see so many new perspectives, even if I did have to spend some of the time in a jazz bar.

Money2020 China 18 - 21 of 28

 

All in all, I wouldn’t change my job for all the tea in China, much of which you can see in this picture of the plantations outside Hangzhou.

Money2020 China 18 - 28 of 28

Looking forward to next year already.

“Do you want a shot of novocain? / No, I want a shot of you getting a diploma.”

There’s been yet another story about fake medical qualifications in the news. A woman from New Zealand spent a couple of decades working as a consultant psychiatrist in our National Health Service (NHS) before it was discovered that she had made up her medical degree and forged a bogus letter of recommendation from Pakistan. The deception only came to light after she had been convicted of trying to defraud an elderly patient.

Now, I rather imagine that if I were a hospital or a medical centre or a GP practice employing a new doctor, I might be tempted to at least look them up on LinkedIn or something before I let them get their hands on a patient but I suppose that under the NHS it’s considered ungentlemanly or discriminatory or just plain rude to ask a prospective clinical employee for verifiable evidence of any valid qualifications. We are English, so we take people at their word. Unfortunately, dictum meum pactum. May not survive the 

While fake doctors seem to be something of an issue, as I have written before, I am English and therefore far more concerned about the epidemic of deceptive dentists across our green and pleasant land.

When I read that a “bogus dentist with no qualifications managed to fool her employers at NHS hospitals for nine years before being discovered” it makes me shiver.

When I see a woman convicted at Birmingham Magistrates’ Court on two charges of carrying out dentistry work without holding any dentistry qualifications, I get twitchy.

When I find out that Manchester Magistrates Court convicted a man who had no dentist qualifications, used a false name and was fraudulently using the registration number of a genuine dentist, I begin to think about leaving the country for good.

When I discover that a bogus dentist (an asylum seeker who told immigration officers he had a dental practice in Iran) took a dead dentist’s identity, drilled without a local anaesthetic and did expensive fillings that crumbled within days, I have trouble sleeping.

(Which again reminds me of the late lamented Robert Schimmel’s joke about visiting the dentist: “Do you want a shot of novocain? / No, I want a shot of you getting a diploma.”)

How can this happen, you might wonder, in a world where the blockchain exists? As Don and Alex Tapscott remind us in “Blockchain Revolution”, the “blockchain can hold any legal document, from deeds and marriage licenses to educational degrees and birth certificates”. And indeed managing educational qualifications seems to be one of those things I hear about at conferences where the magical properties of the blockchain are going to transform the sector and bring about a new era of peace and prosperity.

But how?

Suppose there was some global educational qualifications blockchain. That wouldn’t by itself fix anything as far as I can see. How exactly would the blockchain stop fake dentists from fixing my teeth with superglue and polyfilla?

I happened to look at a couple of projects in this space earlier in the year, and I can tell you that much of the wishful thinking projected onto the blockchain is really nothing about consensus or immutability but, as in so many other cases, really all about interoperability. There is no global standard for education qualifications, there is no global trust framework for organisations able to create qualifications (and their regulators) and there is no global infrastructure for digital signatures in that framework.

Think about it. If you present me with a Ph.D in Quantum Philosophy from the University of Woking, I need to be able to establish a trust chain that tells that there is a WokingU, that WokingU was authorised to award Ph.Ds at the time that you’re Ph.D was awarded, that the Ph.D you are presenting is real and signed by WokingU and that you are indeed the subject of the Ph.D award.

All of these problems have to be solved before we get near to figuring out whether a global blockchain might or might not be a better place to store such qualifications that either a global database of qualifications or a scheme for federating qualification repositories.

Insurance and outsurance

A couple of years ago, the World Economic Forum (WEF) put out their report on “The Future of Financial Services” [PDF]. This report (for which I was subject matter expert, as it happens) said that while it is natural to focus on the imminent disruption of banking because of new technology, the biggest disruption caused by that new technology will be in insurance. For all of the talk of open banking and contactless payments, your life is not going to be fundamentally changed by having Goldman Sachs lend you money via your Amazon app. The advent of “insuretech”, on the other hand, will almost certainly mean that you will change your day-to-day life.

Here’s why. When you insure your teenager’s car you have the insurance company install a “black box” in the vehicle to encourage them to drive within appropriate parameters to the dual ends of keeping them alive and reducing the cost of their comprehensive cover. So why not do the same for people? After all, a third of US consumers have adopted wearable devices, such as smartwatches and fitness trackers, to help themselves to better health. In turn insurers (and employers) are of course looking at ways to benefit from the massive quantities of data that people are therefore generating about themselves, whether consciously or not.

This will completely change the relationship between insurers, health care and individuals. It’s in the life insurers’ interest to have you stay alive and paying premiums for as long as possible! It might seem odd that when you go to renew your health insurance you find the premium raised because you didn’t go to the gym enough, or went to the pub too much, but I’m sure we would soon get used to having the additional data and the feedback that goes with it. (Although it would spoil a great many detective shows, since the first thing the police will do after the jogger has discovered the body in the park will be to download the bio-telemetry data so that their companion coroner-bot can instantly tell them the time and cause of death.)

This isn’t some internet-of-things (IoT) future hype. John Hancock, one of the oldest and largest North American life insurers, has said that is going to stop selling traditional life insurance and instead sell only “interactive” policies that track fitness and health data through wearable devices and smartphones. Apparently, nearly half of its customers are already part of such as scheme and they check in with company a couple of times every day!

Such initiatives are certain to spread. Accenture says that three-quarters of US consumers are willing to share data from wearable devices with their insurance company, and with Apple launching their new watch with all sorts of health monitoring facilities built in to it, the normalisation of the personal black box is advancing to the point where I can easily forsee scenarios in which consumers will be required to have such devices into order to obtain insurance at all.

Now, this may all sound (as Vox rather memorably put it) like a cross between Nectar points and the Hunger Games, but there is no getting away from it. Big data is all around us and its most voracious consumer, machine learning, is preparing the ground for artificial intelligence (AI) to step in and manufacture wisdom from that raw material. In many industries this may well lead to great efficiencies and amazing new products. Your insurer could, potentially, know everything about you. And I mean everything. From your data exhaust they will know where you are and what you are doing. Never mind counting your steps, they will know whether you are walking or riding the bus, sleeping or having sex.

All good stuff. There is, however, an elephant in the room. Society is going to have to decide the regulatory envelope for insurers’ strategies. Do we want a society where individuals are given affordable access? Will we allow people to be divided into insurable and uninsurable groups? Given the knowledge generated by the additional data at their disposal, which will serve to reduce the number of “average” risks (as shown in the picture), what will we do about the growing numbers for whom insurance will become an unaffordable luxury? While it seems reasonable to give you a better deal on life insurance if you are going to live longer, it seems unreasonable that you are not going to be able to afford health insurance if your genes indicate a tendency to expensive illnesses! We might all think it’s a bit rich to have the NHS pick up the tab because you are stuffing your face when you might otherwise eat sensibly, but what if it turns out that your genes have given you no option?

As it happens, my good friends at the Centre for the Study of Financial Innovation CSFI) are hosting a (free!) lunchtime roundtable on InsureTech on 6th December 2018 in London. I’ll be on a panel there as the Technology Fellow at the CSFI, along with my no.1 RegTech go-to person Jo Ann Barefoot, Matt Cullen of the Association of British Insurers (ABI) and an informed audience that may well include you if you get over to the CSFI and register a place now. See you there.

Central banks, tokens and privacy

Christine Lagarde, the Managing Director of the International Monetary Fund (IMF) and therefore to a first approximation the person in charge of money, gave a speech in Singapore on 14th November 2018 in which she asked…

Should central banks issue a new digital form of money? A state-backed token, or perhaps an account held directly at the central bank, available to people and firms for retail payments?

This is a question that, of course, interests me greatly. The IMF Staff Discussion Note (18/08) on which her speech is based sets out these two options clearly:

  1. Token-based CBDC—with payments that involve the transfer of an object (namely, a digital token)—could extend some of the attributes of cash to the digital world. CBDC could provide varying degrees of anonymity and immediate settlement. It could thus curtail the development of private forms of anonymous payment but could increase risks to financial integrity. Design features such as size limits on payments in, and holdings of, CBDC would reduce but not eliminate these concerns.

  2. Account-based CBDC—with payments through the transfer of claims recorded on an account— could increase risks to financial intermediation. It would raise funding costs for deposit-taking institutions and facilitate bank runs during periods of distress. Again, careful design and accompanying policies should reduce, but not eliminate, these risks. 

 Or, as I said a few years ago, should the Bank of England create BritCoin or BritPESA?

I’ve written before about the advantages and disadvantages of moving to digital currencies and don’t want to go over these arguments again here. Ms. Lagarde has also spoken about them before, specifically noting that digital currencies “could be issued one-for-one for dollars, or a stable basket of currencies”. Why her new speech was reported in some outlets as being somewhat supportive of cryptocurrencies is puzzling, especially since in this speech she specifically said she remained unconvinced about the “trust = technology” (“code is law”) view of cryptocurrencies. But the key point of her speech is that the IMF is taking digital currency seriously and treating it as something that might actually happen.

(Note that the IMF position seems different to the position of European Central Bank, where President Mario Draghi recently said that they have “no plan to issue a digital currency because the underlying technology is still fragile and the use of physical cash still high in the euro zone”.)

The reason for this comment on her speech is to re-iterate my view on the BritCoin approach. I think Ms. Lagarde is right to mention a state-backed token as an option. The idea of using token technology to implement cryptoassets of any kind, which I have labelled digital bearer instruments, is feasible and deserves detailed exploration. What we might call “digital fiat”* is simply a particular kind of cryptoasset, as shown in the diagram below, a particular kind that happens to be create digital money based on an institutional binding (where the institution is central bank) to national currency.

Cryptomarket Model

 

Now, nothing in this formulation makes the use of cryptoassets (rather than a central database) inevitable. There are, however, other arguments in favour of using there newer and potentially more radical technologies to implement digital money. One of them is privacy.

(As The Economist noted on this topic, people might well be “uncomfortable with accounts that give governments detailed information about transactions, particularly if they hasten the decline of good old anonymous cash”.)

In her speech, Ms. Lagarde said that…

Central banks might design digital currency so that users’ identities would be authenticated through customer due diligence procedures and transactions recorded. But identities would not be disclosed to third parties or governments unless required by law.

As a fan of practical pseudonymity as a means to raise the bar on both privacy and security, I am very much in favour of exploring this line of thinking. Technology gives us ways to deliver appropriate levels of privacy into this kind of transactional system and to do it securely and efficiently within a democratic framework. In particular, new cryptographic technology gives us the apparently paradoxical ability to keep private data on a public leader, which I think will form the basis on new financial institutions (the “glass bank” that I am fond of using as the key image) that work in new kinds of markets.

* I happened to sit in on the panel discussion on digital fiat at Money2020 China. The discussion was chaired by Carolyn MacMahon from the San Francisco-based Digital Fiat Institute, which I must confess I’d not heard of until today, but intend to visit next time I’m over on the West Coast. In the Q&A I was going to ask about the anonymity issue but go sidetracked with the impact on commercial banks. Next time.