Marketing, micropayments and irony

I found an article called “Why the subscription economy has yet to hit its peak” on Marketing Week. It looked interesting and relevant to the topic of this article, so I clicked on it to read it and was confronted with two subscription options (£7 per week or £18 per week for the “ultimate” package) neither of which I was remotely interested in. I don’t want another subscription to anything. I already have a subscription to the Wall Street Journal, The Economist and MIT Technology Review (and Tabletop Gaming, which is excellent) and I don’t read even a fraction of that content.

If I had the option of paying £1 to read the Marketing Week article, then I would have cheerfully paid it, but without that option neither of us was satisfied: I didn’t get to read the article and they didn’t get my money.

If I could click on one button marked “Pay £1” and then start reading the article, I would do. If I have to click on button marked “Pay” and then type in my credit card details and my personal information and the amount etc etc they I wouldn’t, especially if I had to pay £2 in order to cover the transactions fees imposed by the platform, the acquirer, the scheme and the issuer. I have the £1, and I want to pay, but I can’t. I can go into a store a buy a pack of gum for £1 and pay in a couple of seconds with my contactless card, but I can’t do the same online.

This is hardly a new idea. The noted venture capitalist Marc Andreessen knows more about the web than I will ever do, and back in 2012 he told a Wired magazine conference in New York that “we should have built payments in the browser”. They got half way, because buried in your browser in addition to the familiar error 404 for page not found there is also error 402 for page requires payment. But no payment mechanism was provided and I note that the Collisons (the brothers behind Stripe) were quoted arguing that this is the reason that the web went from being an open environment and opportunity for all to an “oligopoly controlled by five companies now worth more than $3 trillion”.

A couple of years ago, Mance Harmon wrote here in Forbes that “today’s business models were not designed to protect consumers” and talked about the problems of trying to build micropayments on top of the legacy infrastructure. He was right: but what will stimulate the demand for micropayments and what technologies can be used to satisfy that demand? And not only for magazines with an established brand – what about the content creators trying to connect with their audience directly?

Amber Case says that micropayments could become “a new financial interface”, one where creators and consumers are both able to participate in the web economy”, and I agree. The idea of a web based on content rather than advertising is very appealing indeed. But to get there, I think we need a mechanism that is one button that sends a fixed tip (let’s say $1) to the creator of content. But I just don’t see how we can make that happen by building yet another layer on top of the legacy payment network.

Some people will talk about so-called “level 2” solutions built on top of cryptocurrencies and who knows, they may be right in the long term, but not now. Mr. Andressen said years ago that a “fascinating use case for Bitcoin is micropayments”. Observing that it was not cost-effective to run small payments through the existing payments infrastructure, he thought that Bitcoin’s divisibility would make it easy to send a thousandth of penny to anyone in the world for near-free.

A decade on, and we now have Twitter’s “Tip Jar” which does not use Bitcoin or digital currency some clever blockchain application that none of us had thought of before, but adds another layer on top of the creaking payment system to create a means to send someone a buck while simultaneously giving away your Paypal address and paying a transaction fee of one-third. Tip Jar simply sends you to a third-party payment platform (right now PayPal, Venmo, Cash App, Patreon and Bandcamp).

What could deliver the ideal form of micropayments? I’m experimenting with a few different models myself, running a subscription service on Substack and piloting a couple of online content micropayment schemes (including one from a Y Combinator startup that will go live on the 15Mb Ltd. web site shortly) but I’m not sure that any of these are the perfect solution (maybe there isn’t one – maybe it depends on the channel and content) but I have to say I am enjoying the renewed focus on the micropayments opportunity now.

 

TipsHands in the Tip Jar.
NFT available direct from the artist at TheOfficeMuse (CC-BY-ND 4.0)

We are long overdue a working micropayments infrastructure to deliver a different kind of internet, one based on content not advertising. It seems to me that there is now a chance that it will be central bank digital currency of one form or another. Not Bitcoin, not a tip system built on top of Paypal built on top of credit cards built on top of bank accounts built on top of central bank digital money. If Twitter has access to my CBDC wallet, then it can simply transfer £1 from my wallet to the creator’s wallet with the pseudonymity integral to a well-designed CBDC. I never get to see any of the creator’s personal information (unless they want me to) and the creator never gets to see any of my personal information (unless I want them to).

The micropayments dream from the earliest days of the internet may be about to be realised and I am sure that the implications of this are much, much more than helping a few Tik Tok teens get paid for whatever it is they do on Tik Tok.

(This is an edited version of an article first published on Forbes, 16th May 2021.)

The war on money laundering is going the way of the war on (some) drugs

In a study published last year by financial-crime expert Ronald Pol, he concluded that the global AML system could be “the world’s least effective policy experiment”. Personally, I would have guessed that that accolade belonged to the global war on (some) drugs, but perhaps Ronald has a point. He notes that the compliance costs for banks and other businesses could be more than 100 times higher than the amount of laundered loot seized.

Urine

Cash or charge? (CC-BY-ND 4.0)
NFT available direct from the artist at TheOfficeMuse (CC-BY-ND 4.0)

These comments remind me of those of Rob Wainwright, then Director of Europol, when talking about the great success of the continent’s $20 billion per annum anti-money laundering regime. He said that “professional money launderers are running billions of illegal drug and other criminal profits through the banking system with a 99 percent success rate”. This concurs with the figure given in The Economist. Although we are only intercepting a miserable one percent of the dirty money, the costs that the regime impose on the finance sector are staggering. Yet these enormous costs achieve nothing. The Money Laundering/Terrorist Financing (ML/TF) regime is, according to the Journal of Financial Crime 25(2), “almost completely ineffective in disrupting illicit finances and serious crime”. 

Direction of Travel

It’s going to get worse, of course. In the UK, many organisations are not yet compliant with the EU’s Fifth Anti-Money Laundering Directive (5MLD) and there is a Sixth Anti-Money Laundering Directive (6MLD) on the way. And the reach of the Financial Action Task Force (FATF) is being extended into cryptospace, so there’s no way to get round the bureaucracy. A couple of years ago FATF extended their recommendations to include cryptocurrency exchanges and wallet providers (together referred to as Virtual Asset Service Providers, or “VASPs”). This meant that all countries should apply anti-money laundering and anti-terrorist financing controls to these businesses: that is, customer due diligence (CDD), suspicious activity reports (SAR) and, importantly, the “Travel Rule” that aims to prevent money laundering by identifying the parties to a transaction when value over a certain amount are transferred. 

The decision to apply the same travel rule on VASPs as on traditional financial institutions was greeted with some dismay in the cryptocurrency world, because it meant that service providers must collect and exchange customer information during transactions. The technically non-binding guidance on how member jurisdictions should regulate their ‘virtual asset’ marketplace included the contentious detail that whenever a user of one exchange sends cryptocurrency worth more than 1,000 dollars or euros to a user of a different exchange, the originating exchange must send identifying information about both the sender and the intended recipient to the beneficiary exchange. The information must also be recorded and made available to “appropriate authorities on request”.

However, when speaking at the “V20 Virtual Asset Service Providers Summit” in 2020, Carole House from the Financial Crimes Enforcement Network (FinCEN) said that they want to see this threshold reduced to $250 for any transfers that go outside the US because their analysis of SARs filed from 2016 and 2019 showed the mean and median dollar values to be $509 and $255 respectively. Almost all the transactions began or ended outside the U.S.

Note that the information demand is quite extensive. According to the FATF Interpretive Note to Recommendation 16, the information should include name and account number of the originator and benefactor, the originator’s (physical) address, national identity number (or something similar) or date and place of birth. In essence, this means that counterparty’s personal information will sent around the web. Simon Lelieveldt, a former Head of Department on Banking Supervision at the Dutch Central Bank, is very well-informed and level-headed about such things, and even he called this a “disproportional silly measure by regulators who don’t understand blockchain technology”, which may be a little harsh even if not too far from the truth.

Surely the extension of the travel rule signals that it is time for a rethink. We need to begin with the fact that live in a world of data science, machine learning and artificial intelligence (AI) and understand that we cannot tackle crimes such as money laundering without machine brains to help us. This line of AI-centric thinking can be more disruptive than might seem at first glance because it suggests an alternative vision of regulation where we do away with a lot of the expensive barriers to entry to the financial system, those pot holes for criminals but chasms for legitimate users and instead use machine brains to police what is happening inside the system.

AML Isn’t Working

In other words, instead of trying to prevent criminals for getting in to the system, we should instead let them in and monitor what they are up to. If we force them to continue using cash, then we have no idea what they are up to! Whereas if we can persuade them to use electronic transactions of some kind, particularly those that leave an immutable record of criminality, then we would would actually be better off! Since cash cannot be tracked around the economy, we (society) have put in place a whole bunch of complicated and expensive rules about accounting for cash when it enters the financial system. But suppose there wasn’t any cash. Suppose there was only Bitcoin. In that case, as I pointed out some time ago, you wouldn’t need anti-money laundering (AML) regulations at all because you would be able to follow every coin around the blockchain!

Many observers, and Bitcoin fans in particular, say that this is nonsense because there are a variety of ways to jumble up and otherwise obfuscate the sources of value in transactions on the Bitcoin network. I never saw this as a realistic barrier to criminals though, and I noted that a simple rule that required banks to investigate any coins that had originated in anonymous wallets (or mixers) would be sufficient to stop the large-scale use. Also, you will remember that U.S. Department of Justice (DoJ) has already shown its intentions. You will remember they indicted Larry Harmon for creating the Bitcoin mixer “Helix” (in addition, Fincen fined him $60m last year) and have just arrested Roman Sterlingov, the alleged operator of Bitcoin Fog, a custodial bitcoin mixer that it says processed over 1.2 million BTC.

We erect (expensive) KYC barriers and then force institutions to conduct (expensive) AML operations, using computers and laser beams to emulate handwritten index cards and suspicious transaction reports (STRs). But as I have suggested before, suppose that KYC barriers were a lot lower so that more transactions entered the financial system. And suppose the transaction data was fed, perhaps in a pseudonymised form, to a central AML factory, where AI and big data, rather than clerks and STR forms, formed the front line rather than the (duplicated) ranks of footsoldiers in every institution. In this approach, the more data fed in then the more effective the factory would be at learning and spotting the bad boys at work. Network analysis, pattern analysis and other techniques would be very effective because of analysis of transactions occurring over time and involving a set of (not obviously) related real-world entities.

They have already taken a step towards this is in the Netherlands, where ABN Amro, ING, Rabobank, Triodos Bank and de Volksbank formed a consortium (Transaction Monitoring Netherlands, TMNL) to share data and identify unusual patterns in payments traffic that the individual banks cannot spot for themselves. Let’s hope they are successful, because estimates suggest that €16 billion of criminal money is laundered in the Netherlands each year from activities including drugs, human trafficking, child pornography and extortion.

British Opportunity

Michael Harris, director of financial crime compliance at LexisNexis Risk Solutions, commented that the release of the FinCEN files highlighted the “myriad issues” with the UK Anti-money laundering (AML) system – an ineffective suspicious activity report (SAR) regime, the poor use of data and technology and a legal system that inhibits information sharing and a culture that allows companies to hide their beneficial owners through offshore registered entities. There are other related negative impacts too: I remember a discussion with the then-Treasury minister Andrea Leadsom at techUK back in 2015, during which she noted that CDD is itself a friction against a more competitive financial services sector because it serves to create a moat around the larger incumbents.

I think that UKplc should rethink compliance for competitive advantage. As part of a post Brexit project to boost British invisibles, we should take jurisdictional competition seriously and create a compliance regime built on new technology not and industrial age mishmash of shaky identification documentation and millions of suspicious transaction reports. It is time for some new thinking. Omar Magana wrote a very good piece of this for the Chartwell “Compass” magazine. He asked whether “the enforcement of a regulation that was created over 20 years ago for a fast-evolving industry, may not be the best approach”. Note that he is not arguing against regulation, he is arguing (as I do) for a form of regulation more appropriate for our age (for which I use the umbrella term “Digital Due Diligence”, or DDD) using artificial intelligence and machine learning to track, trace and connect the dots to find the bad actors. If you look at the work of Chainalysis and others

The benefits to the wider economy are obvious – more access to financial services as well as more interdiction of actual money launderers, terrorists, corrupt politicians and tax evaders. We all know that COVID-19 is accelerating the evolution of digital onboarding, and that’s great. But we need to move to the next level: DDD! Now that we live in a world where digital identity is becoming a thing (both for people and for organisations) it’s time to plan for a faster, more cost-effective and more transparent approach that is based on the world we are actually living in.

(This is an edited version of an article first published on Forbes, 3rd May 2021.)

Crypto crimes and the risk of anonymity

I have written before that governments will never allow anonymous digital currencies and my comments attracted a certain amount of controversy. And I understand why. But to those who say that uncensorable, untraceable digital cash would be a shield against dictators, a force for the oppressed and a boon to free man everywhere… I say be careful what you wish for. The issue of anonymity in payments is complex and crucial and it deserves informed calm strategic thinking because digital currency touches on so many aspects of society.

One obvious and important aspect is crime. Would digital currency change crime? If I hire thugs to lure a cryptobaron to a hotel room and then beat him up to get $1m in bitcoins from him (as actually happened in Japan), is that a crypto-crime or just boring old extortion? If I use Craigslist to lure a HODLer to a street corner and then pull a gun on him and force him to transfer his bitcoins to me (as actually happened in New York), is that a crypto-crime or just boring old mugging? If I get hold of someone’s login details and transfer their cryptocurrency to myself (as has just happened in Springfield), is that a crypto-crime or just boring old fraud? If I kidnap the CEO of a cryptocurrency exchange and then release him after the payment of a $1 million bitcoin ransom is that, as the Ukrainian interior minister said at the time “bitcoin kidnapping” or just boring old extortion?

Holmes

Cash or charge? (CC-BY-ND 4.0)
NFT available direct from the artist at TheOfficeMuse (CC-BY-ND 4.0)

 These are just crimes, surely? And not very good ones at that, because they are recorded in perpetuity on an immutable public ledger. Personally, if I were to kidnap a cryptocurrency exchange CEO I would ask for the ransom to be paid in some more privacy-protecting cryptocurrency, because as I explained in the FT some years ago, Bitcoin is not a very good choice for this sort of cyber-criminality. It’s just not anonymous enough for really decent crimes or the darkest darknets. Hence my scepticism about claims that Bitcoin’s long term value will be determined by it’s use for crime.

Untraceable

But what if there were an actually untraceable cryptocurrency out there and it wasn’t up to governments to allow it or not? Would an aspiring cryptocriminal mastermind be able to use it for something more innovative than the physically-demanding felony of kidnapping? I’m sure the Mafia would be delighted to have anonymous digital cash to zip around the world, but what would they use it for? Might they come up with some dastardly enterprise that is not a virtual shadow of a crime that has been around since year zero, but a wholly new crime for the virtual world? What if they could find one with the potential to take over from drug dealing (currently approximately 40% of organised crime revenues) as the best option for the criminal entrepreneur?

Ransomware is one interesting candidate. It is certainly a major problem. Criminals seize control of organisations’ computer networks, encrypting their data and demanding payment to deliver the decryption keys. Companies paralyzed by the attacks paid hackers an average of more than $300K in 2020 (triple the average of the year before). A cyber security survey last year revealed that more than two-thirds of organisations in the United States had experienced a ransomware attack and had paid a ransom as a result! That’s a pretty decent business for criminals and it certainly was a driver for Bitcoin, although ransomware operators have been moving away from it for some time.

(Once again demonstrating the impending explicit pricing of privacy, the Sodinokibi payment website last year began charging 10% more for Bitcoin ransoms compared to the more private Monero cryptocurrency.)

On the whole, given the basic nature of most organisation’s cyber-defences (more than half of all ransomware attacks stem from spam e-mails), one might expect the ransomware rewards to continue to grow. Apart from anything else, the ransomware raiders are reinvesting their profits in increasingly efficient operations, making for even bigger and bolder attacks.

Assasinate and Win

So, ransomware. But what about a more sinister candidate for large-scale criminality though? Is it time for the “assassination market”? It’s not a new idea. A few years ago, Andy Greenberg wrote a great piece about this here on Forbes. He was exploring the specific case of “Kuwabatake Sanjuro” who had set up a Bitcoin-powered market for political assassinations, but in general an assassination market is a form prediction market where any party can place a bet on the date of death of a given individual, and collect a payoff if they “guess” the date accurately. This would incentivise the assassination of individuals because the assassin, knowing when the action would take place, could profit by making an accurate bet on the time of the subject’s death.

This idea originated, to the best of my knowledge, with Jim Bell. Way back in 1995 he set it out in an essay on “assassination politics“. I suppose it was inevitable that advent of digital cash would stimulate thought experiments in this area and it was interesting to me then (and now) because it showed the potential for innovation around digital money even in the field of criminality.

Here’s how the market works and why the incentive works, as I explained in my book “Before Babylon, Beyond Bitcoin“. Someone runs a public book on the anticipated death dates of public figures. If I hate some tech CEO (for example), I place a bet on when they will die. When the CEO dies, whoever had the closest guess to their date and time of death wins all of the money staked, less a cut for the house. Let’s say I bet $5 (using anonymous digital cash through the TOR network) that a specific tech CEO is going to die at 9am on April Fool’s Day 2022. Other people hate this person too and they put down bets as well. The more hated the person is, the more bets there will be.

April Fool’s Day 2020 comes around. There’s now ten million dollars staked on this particularly CEO dying at 9am. I pay a hit man five million dollars to murder the CEO. Hurrah! I’ve won the bet, so I get the ten million dollars sent to me in anonymous digital cash and give half to the hit man. No-one can pin the crime on me because I paid the hitman in untraceable anonymous digital cash as well.

I’m just the lucky winner of the lottery.

But better than that is that if I can get enough bets put on someone, then I don’t even have to take the risk of hiring the hitman. If I use some anonymous bots or friendly tolls to coordinate a social media campaign to get a million people to put a $5 bet on the date of the tech CEOs death, then some enterprising hit man will make their own bet and kill them. If the general public had bet five million bucks on 31st March and some enterprising cryptopsycho had murdered the CEO themselves the day before, then it would only have cost me a $5, and I would have regarded that as $5 well spent, as would (presumably) everyone else who bet $5!

(This is an edited version of an article first published on Forbes, 14th April 2021.)

The CBDC privacy paradox

It seems to meet that there is something of a paradox around cash, digital cash and anonymity. The average consumer wants anonymity for their own payments because they are not crooks (and their purchasing decisions are no-one’s business except theirs and the merchant’s). On the other hand, the average consumer (not to mention the average law enforcement agent) doesn’t want anonymity for terrorists, lobbyists or fraudsters.

The Bank of England’s fintech director Tom Mutton said in a speech that privacy was “a non-negotiable” for a retail CBDC. Meanwhile, the Bank of Canada (just to pick one recent example) published a a staff analytical note on the risks associated with CBDCs stating that central banks should mitigate risks such as anonymity present in digital currencies. Note the formulation of anonymity as a “risk”. With stricter rules on the holding and exchange of cryptocurrencies coming into place around the globe. Just to give one example, South Korea’s Financial Services Commission has announced new rules to come into force in 2022, banning all anonymous digital currencies “that possess a high-risk of money laundering” (which, as far as I can see, is all anonymous digital currencies).

There is a payments privacy paradox, and cryptocurrency brings it into sharp relief. Good people should be allowed anonymous cash, but bad people should not. Click To Tweet

How can we resolve this? Well, I think that we can, if we spend a little time to think about what anonymity and privacy actually mean.

The Clinton Paradox

This is a special case of a more general paradox. Let me explain and illustrate. A few years ago, I was invited me along to “an event” in London to enjoy a morning of serious thinking about some key issues in information security. They had some pretty impressive speakers as I recall: Mike Lynch, the founder of Autonomy, was one of them. Alec Ross, who was Senior Advisor for Innovation and Technology to the Secretary of State Hilary Clinton, gave the keynote address on “ The promise and peril of our networked world ”. Alec was a good speaker, as you’d expect from someone with a background in diplomacy, and he gave some entertaining and illustrative examples of using security to help defeat Mexican drug cartels and Syrian assassins. He also spent part of the talk warning against an over-reaction to “Snowden” leading to a web Balakanisation that helps no-one.

A decade back, I wrote about what I called the  “Clinton Paradox”. This came about because I read a piece by Bob Gourley. the former CTO of the U.S. Defense Intelligence Agency, who framed a fundamental and important question about the future identity infrastructure when analysing Hillary Clinton’s noted speech on Internet freedom.

We must have ways to protect anonymity of good people, but not allow anonymity of bad people.

Mrs. Clinton had said that we need an infrastructure that stops crime but allows free assembly. I have no idea how to square that circle, except to say that prevention and detection of crime ought to be feasible even with anonymity, which is the most obvious and basic way to protect free speech, free assembly and whistleblowers: it means doing more police work, naturally, but it can be done. By comparison, “knee jerk” reactions, attempting to force the physical world’s limited and simplistic identity model into cyberspace, will certainly have unintended consequences. Hence, I had suggested, it might be better to develop an infrastructure that uses a persistent pseudonymous identity. I was looking to mobile operators to do this, because they had a mechanism to interact face-t0-face (they had retail shops at the time) and remotely, as well as access to tamper-resistant secure hardware (ie, the SIM) for key storage and authentication. It never happened, of course.

Why am I remembering this. Well, I challenged Alec about the Clinton Paradox —slightly mischievously, to be honest, because I suspected he may have had a hand in the speech that I referred to in that blog post—and he said that people should be free to access the internet but not free to break the law, which is a politician’s non-answer (if “the law” could be written out in predicate calculus, he might have had a point, but until then…). He said that he thought that citizens should be able to communicate in private even if that means that they can send each other unauthorised copies of “Game of Thrones” as well as battle plans for Syrian insurgents.

I think I probably agree, but the key here is the use of the phrase “in private”. I wonder if he meant “anonymously”? I’m a technologist, so “anonymous” and “private” mean entirely different things and each can be implemented in a variety of ways.

The Payments Paradox

How will the Bank of Canada mitigate the risk of anonymity and South Korea maintain a ban on “privacy coins” when faced with a Bank of England digital currency that has non-negotiable privacy? Well, the way to resolve this apparent paradox is to note the distinction above between privacy and anonymity.

In the world of cryptography and cryptocurrency, anonymity is unconditional: it means that it is computationally infeasible to discover the link between a person in the real world and value online. Privacy is conditional: it means that the link is hidden by some third party (eg, a bank) and not disclosed unless certain criteria are met.

Showmethemoney

You can own these cartoons!
NFTs available from the artist Helen Holmes at
TheOfficeMuse
(CC-BY-ND 4.0)

Surveying the landscape as of now, I think we can see these concepts bounding an expanding privacy spectrum. There will undoubtedly be anonymous cryptocurrencies out there, but I think it is fair to observe that they will incur high transaction costs. At the other end of the spectrum, the drive for techfins and embedded finance will mean even less privacy (for the obvious reason, as discussed before, that their payment business models around around data). One might argue, with some justification I think, that central banks are better positioned than banks or other intermediaries when it comes to safeguarding data, because a central bank has no profit motive to exploit payments data.

(I could go further and argue that if the central bank were to place transaction data into some form of data trust that would facilitate data sharing to the benefit of citizens, we might see some real disruption in the retail payments space. In a data trust, structure, data stewards and guardians would look after the data or data rights of groups of individuals with a legal duty to act in the interest of the data subjects or their representatives. In 2017, the UK government first proposed them as a way to make larger data sets available for training artificial intelligence and a European Commission proposal in early 2020 floated data trusts as a way to make more data available for research and innovation. And in July 2020, India’s government came out with a plan that prominently featured them as a mechanism to give communities greater control over their data.)

Digital Currency, Digital Privacy

As The Economist once noted on the topic of central bank digital currency, people might well be “uncomfortable with accounts that give governments detailed information about transactions, particularly if they hasten the decline of good old anonymous cash”. And, indeed, I am. But the corollary, that anonymous digital currency should be allowed because anonymous physical cash is allowed, is plain wrong.

No-one, not the Bank of England nor any other regulator, central bank, financial institution, law enforcement agency, legislator or, for that matter, sane citizen of any democracy, wants anonymous digital currency whether from the central bank or anyone else. The idea of giving criminals and corrupt politicians, child pornographers and conmen a free pass with payments is throughly unappealing. On the other hand, the Bank of England and all responsible legislators should demand privacy.

I think the way forward is obvious, and relies on distinguishing between the currency and the wallets that it is stored in. Some years ago, when head of the IMF, Christine Lagarde spoke about CBDCs, noting that digital currencies “could be issued one-for-one for dollars, or a stable basket of currencies”. Why that speech was reported in some outlets as being somewhat supportive of cryptocurrencies was puzzling, especially since in this speech she specifically said she remained unconvinced about the “trust = technology” (“code is law”) view of cryptocurrencies. But the key point of that speech about digital fiat that I want to highlight is that she said

Central banks might design digital currency so that users’ identities would be authenticated through customer due diligence procedures and transactions recorded. But identities would not be disclosed to third parties or governments unless required by law.

As a fan of practical pseudonymity as a means to raise the bar on both privacy and security, I am very much in favour of exploring this line of thinking. Technology gives us ways to deliver appropriate levels of privacy into this kind of transactional system and to do it securely and efficiently within a democratic framework. In particular, new cryptographic technology gives us the apparently paradoxical ability to keep private data on a shared or public ledger, which I think will form the basis on new financial institutions (the “glass bank” that I am fond of using as the key image) that work in new kinds of markets.

So, if I send ten digital dollars from my digital wallet to your digital wallet, that’s no-one business but ours. If, however, law enforcement agencies obtain a warrant to require the wallet providers to disclose the identity of the owners, then that information should be readily available. There is no paradox around privacy in payments, but there is an imperative for practical pseudonymity.

[An edited version of this article first appeared on Forbes, 6th April 2021.]

Separating the sheepcoins from the goatcoins

Some people mine Bitcoin for profits but some some people mine it for politics. The operator of a Bitcoin mining pool (a group of miners who work together to share the profits) quoted in CoinDesk recently said that some are investing not to convert electricity into cash but for other reasons “such as to avoid capital controls or avoid sanctions”. Indeed. And this has some serious implications. The Foundation for Defense of Democracies (FDD), a Washington think tank, summarised the emerging situation rather well in their position paper “Crypto Rogues“. They noted that “blockchain technology may be the innovation that enables U.S. adversaries for the first time to operate entire economies outside the U.S.-led financial system”. Now, while this may be technically slightly inaccurate (there are ways to create anonymous transactions without a blockchain and, indeed, the Swiss central bank has just published a working paper describing how to do so) it again flags up that the widespread availability of decentralised financial services threatens to bypass the existing infrastructure.

Iran provides an obvious example. They have every incentive to want to try new approaches to skirt the long arm of American law. The country already published a new set of regulations designed to funnel Bitcoin mined by Iranians to the state so that the country can use them to pay for imports. When the Iranian regime, for example, set up a venture to explore Bitcoin payments with a Swedish startup, the Swedish banks refused it a bank account because they themselves did not want to become subject to secondary sanctions. As America’s Treasury Secretary Mnuchin said at the time (talking about Iran), “If you want to participate in the dollar system you abide by US sanctions”.

On the other side of the world, North Korea has been developing a digital currency of its own. According to Alejandro Cao de Benós, President of the Korean Friendship Association, the Democratic People’s Republic of Korea intends to go down the Facebook route by creating an asset-backed digital currency rather than a digital fiat currency and then use some sort of blockchain with “Ethereum-style smart contracts” to do business and avoid sanctions. The regime sees this as a way to enforce deals it makes with foreign counterparties by developing a “token based on something with physical value” (eg, gold) in order to create a stable mechanism for payments in international trade between the regime and “other companies/individuals” (although it will not be available to individuals in the DPRK, who will be stuck with the Korean Won).

Across the Pacific in Venezuela, a country often mentioned by Bitcoin enthusiasts as a living case study of the benefits of decentralised cryptocurrency in the fight against tyranny, we find more mining going on: a video posted on Instagram by the 61st Battalion of the 6th Corps of Engineers of the Venezuelan Army shows military buildings converted into giant cryptocurrency mining centres and a warehouse that appears to be full of specialist Bitcoin mining equipment is labelled the “Center for the Production of Digital Assets”.

(I noted with interest that they do not appear to be mining “The Petro”, the digital currency of the revolution which according to the Bolivarian Council of Mayors’ recent “National Tax Harmonization Agreement” may soon be required for the payment of taxes.)

What… Whatible?

It seems to me that Bitcoin is a pretty poor choice for sanction-busting shenanigans though. Not only is the record of transactions public, but the Bitcoin value is not fungible. This matters. Remember that 2014 IRS Ruling about Bitcoins being a commodity, so that traders would have to track the buying and selling price of each individual Bitcoin in order to assess their tax liability? No? Here’s a reminder : “the real lesson from the IRS Bitcoin ruling is that for a currency-or any payment system-to work, its units must be completely fungible”.

Fungible (from the Latin “to enjoy” via Medieval Latin phrases such as “fungi vice”, meaning “to take the place of”) is one of my favourite adjectives. It means that all tokens are the same and can be substituted one for another. You owe me a quarter. It doesn’t matter _which_ quarter that you give me. Any will do. Any quarter can substitute for any other quarter because they are all the same. The same is true of the Pounds in my bank account, but it isn’t true of bitcoins. They are all different and their history can be tracked through the blockchain which is, as we are often reminded, and immutable public record of all transactions.

As my good friend Marc Hochstein observed about this some time ago, blockchain’s openness could turn out to be a bug for law-abiding citizens. Click To Tweet

The lack of fungibility has major implications for criminals, but also for the rest of us.  In England, the High Court (in the decision of AA v Persons Unknown & Ors, Re Bitcoin [2019]) has already ruled that crypto assets such as bitcoins are a form of property capable of being the subject of injunction. You can see what is going to happen: cryptographic exchanges will be required to identity who owns stolen coins and the owner will then be the subject of legal action to recover them. This owner might be entirely innocent about the origin of the coins and will say that they didn’t know that the bitcoins they bought are the proceeds of a ransonware attack and may ask to the keep them. But, J.P. Koning points out, that’s not how property law works. Even if you accidentally come into possession of stolen property then a judge can still force you to give it back to the rightful owner.

Launderette

You can own these cartoons!
NFTs available from the artist Helen Holmes from at
TheOfficeMuse (CC-BY-ND 4.0)

The UK has been experimenting with the “Unexplained Wealth Order” as a way to combat crime and corruption through the traditional money and finance system, but how would this translate to the world of cryptocurrency? Well, perhaps it doesn’t need to. In the world of Bitcoin, smart criminals may well try to use “mixers” or “tumblrs” that jumble together bitcoins to obfuscate their origin but I don’t think this will help in the long run. Apart from anything else, future consumers might want to know the provenance of their money, an idea explored by the artist Nitipak Samsen a decade ago in the Future of Money Design Awards. Check out the brilliant video he made here.

Have you ever wondered where the money in your pocket had come from? Who was the previous owner? Who was the owner before that? Might it be a famous celebrity?… Smart banknotes work by presenting a readable history of ownership on the note itself, an innovation designed to prevent money laundering

This might work in some interesting ways. People might pay a premium for coins that have an interesting past! Maybe coins that were used by a celebrity to buy drugs or were used to bribe a politician, coins that belonged to a murderer, that kind of thing, might be worth more than coins that belonged to boring people like me.

Clean Money

In the mundane world of dollar, dollar bills we have the concept of “money laundering” to describe what happens when dirty money is mixed with clean money (surely every one of us has touched banknotes that have been involved in some criminal activity!). But this doesn’t work for bitcoins. The “tainted” money stays tainted. Ross Anderson, Ilia Shumailov and Mansoor Ahmed from the Cambridge University Computer Laboratory wrote a terrific paper on this theme a couple of years ago. In “Making Bitcoin Legal” they pose some interesting questions about what to do with tainted cryptocurrency asking, for example, “If an identified customer says ‘Hi, what will you give me for UTXO x?’ and the exchange replies, ‘Sorry, 22% of that was stolen in a robbery last Tuesday, so we’ll only give you 78%’ does the customer then have to turn over the crime proceeds?”. Their idea of a public “taintchain” is an interesting way forward.  This would be a mechanism to make stolen coins visible, in which case they might display a futuristic Gresham’s Law dynamic as good coins drive out bad ones!

Whether by taintchain or some other mechanism, it’s actually pretty each to track dirty bitcoins. You can see where this might lead: if law enforcement agencies go to the biggest miners in the world and tell them that if they continue to confirm easily identifiable mixing transaction outputs, they will be accused of money laundering? This is not difficult to imagine, which suggests to me that Bitcoin’s lack of fungibility has far-reaching implications.

These implications have not gone unnoticed in the United States. Two of the largest Bitcoin mining companies there, Marathon Patent Inc. and DMG Blockchain Solutions Inc. (which together account for about a one-twelfth the power of the Bitcoin networks), recently joined forces to create the Digital Currency Miners of North America (DCMNA). This not-for-profit trade association has come up with pretty interesting idea: their miners will only process transactions that comply with American laws, thus extending the benevolent embrace of the U.S. Government into cryptocurrency. The idea (known as “clean mining“) is that instead of selecting transactions on the basis of which ones will bring the biggest fees, they will mine transactions based on the wallets that they come from.

Along the same lines, the “celebrity investor” (as described by CNBC) Kevin O’Leary announced that he will only buy bitcoins mined sustainably in countries that use clean energy. What’s more, he also said that he will not buy “blood coin” mined in China. Mr. O’Leary was quoted as saying that he sees “two kinds of coin”, which reinforces the point about fungibility and money and suggests to me, at least, that we could well see a strange and interesting twist in the world of cryptocurrency that has no analog in the analogue world of notes and coins: black and white money, or clean and dirty money, or light and dark money (an idea that goes back to the earliest days of cryptocurrency) in which some bitcoins will be worth more than others! Maybe a year or two from now, exchanges will be quoted two BTC-USD pairs: clean BTC at $100,000 and dirty BTC at $75,000. This doesn’t happen for GBP-USD or JPY-GBP, which confirms my feeling that whatever Bitcoin is, it isn’t currency.

[An edited version of this article first appeared on Forbes, 28th February 2021.]

Challenger banks or challenger monies?

When Jamie Dimon, the CEO of JP Morgan Chase, said that his bank should be “scared s***less” about fintech competitors, he identified the fintechs PayPal, Square, Stripe, Ant Financial and the techfins Amazon, Apple and Google as companies that the bank would need to compete with. Since he’s already forgotten more about banking than I will ever learn, I am certain that he is correct. What was interesting to me about this list was, though, that none of the organisations listed as keeping him awake at night began as banks or bank spin-offs.

As I wrote in my first ever column on Forbes, when people talked about “challengers” they should be talking about Microsoft not Monzo. The “challenger banks” are just banks and as my good friend Alessandro Hatami wrote at the time, neither the challengers nor the incumbent banks, despite spending heavily on their own technology, have transformed the financial services sector. But perhaps the real challengers will.

Where are the real challengers then? Mr. Dimon singled out payments as a specific hill for banks to die on. This is because the business models of the future depend on data, and payments are the overwhelming majority of interactions between a bank and its customers. When storming this redoubt (and the walls were breached this week with the news that ChasePay is being shut down) the techfins don’t care about the money, because the margins on payments are going down, but the data. I was quoted in The Economist talking about this impending reshaping of the retail financial services sector a couple of years ago, pointing out that financial products are heavily regulated, as they should be, which is why Big Tech is uninterested are in them. They are more than happy to have banks, for example, do this boring, expensive and risky work with all of the compliance headaches that come with it.

The techfins want the banks to do the manufacturing while they take over the distribution. Click To Tweet

This is an obvious strategy with major implications because if the techfins get between the consumers and their banks, then the banks will end up having to give away margin but, far more seriously, data. BofA Securities, amongst others, have pointed out that there is a “huge and valuable prize for private-sector players” from outside the banking sector if they can get in this business: the “treasure trove” of customer data that is not being fully exploited by the banks.

Plumbers

You might argue that the banks deserve nothing more than being turned into low margin plumbing to support more innovative and efficient techfin plays on top. Nydia Remolina at the Singapore Management University wrote an interesting paper on this last year (saying “financial institutions have access to enormous amounts of data, but due to multiple constraints this data is not yet sufficiently converted into useful insights”) putting forward a “data operating model” to link open banking, cloud computing, machine learning and AI to support digital transformation. I think this model is interesting because the ability for machines obtain insight and take action makes for a very different kind of fully-digital financial services sector based on the movement of data, not money.

Similarly, Dara Hizveren of Garanti BBVA, writing in the most recent Journal of Digital Banking, notes the opportunity for banks to try and build new business on such a model. The idea of “data banks” that manage personal information (and the consents associated with it) is hardly new, but as Dara highlights, the pressures of open banking and competition from Big Tech means that for commercial banks the natural extension of asset management businesses into personal data (the most valuable asset of all) is a priority.

I think we can already see how fintech firms, and particularly data-driven lenders, are demonstrating that this new business model, using payment data (in the form of transaction histories obtained through open banking) as a substitute for conventional credit scores, might be important not only to the sector but to economic recovery itself.

The UK actually looks pretty good in this regard. With a competitive fintech sector and open banking already in place, access to the transaction data has become energy for innovation. I know this at first hand because I was fortunate to be asked to be one of the judges for the Open Banking Innovation Awards for SMEs and I have to say I was pretty impressed by the businesses already taking advantage of this combination of new regulation and new technology. A couple of good examples are Fluidly, which plugs into accounting packages and bank accounts and uses machine learning to intelligently manage SME cashflow, and Swoop which integrates through open banking to simplify access to all kinds of SME finance. More recently Liberis, which provides cash advances to SMEs secure against their payment card transactions and repayments set as an agreed fraction of those transactions struck me as a good idea or all involved, and as I sat down to write these paragraphs I noted that another new player Fintern (with a team from Bank of America and HSBC, among others) opening for business using open banking-led affordability testing to make lending decisions.

Challengers

These are great businesses, but are they keeping Jamie tossing and turning in the small hours? I’m not sure. If they get big enough, he can buy them. We need to look further afield to find the non-banks that are his real nightmares and I think India might give us an indication of which way the wind is blowing. Ram Rastogi, who I always listen to on such matters, notes that Amazon in India is not only launching a digital banking platform to compete with the incumbent banks but is also applying for a licence to run a payments system as well. The Reserve Bank of India has invited companies to create new umbrella entities (NUEs) to build payments networks that offer an alternative to the bank-owned not-for-profit National Payments Council of India (NPCI) and Amazon are doing so in a consortium with Axis Bank and ICICI Bank. Amazon are not the only ones in this game, of course. Facebook and Google are linking with local players Infibeam and Reliance Industries to set up a competing network.

Bezos buck

You can own these cartoons!
NFTs available from the artist Helen Holmes from at
TheOfficeMuse (CC-BY-ND 4.0)

With the bank and the payment network, Amazon will be able offer their sellers a full service, ranging from current accounts and deposits to business loans and payments management, all through their own interface. The customers will never have to go near a conventional bank, a payments application or anything else. Not only are they launching their own banking system in India, they are apparently looking to launch their own money in Mexico. One of the behemoth’s job postings described the product as enabling customers to “convert their cash in to digital currency using which customers can enjoy online services including shopping for goods and/or services like Prime Video”.

It’s one thing to have your own bank. It’s another thing to have your own payment network. It’s another thing still to have your own money. I know nothing about running a bank, but if I was in charge of one then the thing to keep me awake at night is Jeff Bezos’ face on money!

(An edited version of this article first appeared in Forbes, 16th March 2021.)

Objects-as-a-Service (OaaS) and why things need identities

Ann Cairns, Executive Vice Chair at MasterCard, said back in 2018 that it could be the year when (thanks to the incredible speed with which new technologies are adopted) physical wallets could soon be a thing of the past as the world wakes up to wearables. Ann said, correctly, that wearable devices are getting a “new lease of life by becoming payment enabled” and noted forecasts predicting that two-thirds of wearables would have payment functionality by 2020. This didn’t quite happen, for reasons I will return to shortly, but as a baseline note her point that five years ago the global sales of smart wearables were already at $416 billion.

In 2019, Mastercard highlighted that wearables are about fashion as well as function. They pointed out that as the technology that powers wearables gets smarter, fashion brands rather than technologists (or payments geeks) are driving the evolution of the market. Even then, one in five adults in the USA were already wearing a smart watch or fitness strap and they expected the wearable tech market to reach something like $30 billion in 2020.

Wearables Market 2020

Global wearables markets 2020 (Source: IDG, 12/20).

In 2020, as these figures from IDG show, the wearables market (dominated by Apple) continued to grow and is expected to maintain a double-digit rate of growth through 2024. In the US, the wearable device most frequently used for payments is the smartwatch (more than mobile phones or contactless cards). Interestingly, recent research shows that college graduates are more frequent users of smart watches for payments than non-college graduates and that they use their wearables to pay more than 200 times a year, almost double the usage of mobile phones and 50% more than cards.

The market for wearables that can do interesting things (eg, payments) is going to grow more than that though, because the growth of cheap passive wearables (ie, wearables that don’t need batteries, just as contactless cards don’t need batteries) will grow faster because of the new, smaller and more cost-effective chips arriving from suppliers such as Infineon. I wasn’t surprised, therefore, to see an excellent presentation from Discover at the Women in Payments 2021 summit saying that…

Discover Wearables

So what has prevented this market from developing even faster? Well, the process of taking an “empty” microchip and loading secure credentials into it so that it can be used for payments, identity, provenance and other high value applications (the process of what card people call “personalisation”) is complex and costly. Imagine that you are running a pop festival and you want to provide rings or wristbands or badges or whatever than can be used to gain entry, to pay for drinks, to identify someone in an emergency. Taking 20,000 wristbands and loading credentials into them and then making sure each wristband gets to the right person is a logistical challenge hence the technology tends to be applied at the high end of the market. There are companies that make some beautiful wearables that can be used in this way. I love the stuff that Tovi Sorga has and I think this illustrates that Mastercard point about the role of fashion. Amex, to give another example, have just released a Prada leather bracelet with a contactless chip in it for their Centurion cardholders.

Getting the right bracelet with the right payment card into the hand of the right cardholder is complicated though. The logistics are a challenge because the devices must be “personalised” when they are ordered and then correct distributed. As a way of reducing the logistics costs, though, suppose there was a decentralised way to do the personalisation needed to turn nice wearables into secure, smart objects? Imagine that the pop festival organiser sends you a wristband and then you use your own mobile phone to load one of your payment cards into the wristband? Or you use the (eg) Discover app on your phone to create a prepaid card valid for a week and load $100 onto so that you can leave your phone in your pocket while you enjoy the show? Well, this is what Digiseq, a UK start up has done. And this is only one of the reasons why I was flattered to be asked to become their Non-Executive Chair as they go into their next fund-raising round. Amongst their achievements already is the launch of KBC wearables in Belgium, including the Rosan Diamond key fobs that proved popular last year, creating a Lucozade bottle that you could use to pay for travel in London and putting chips into the Golden Globe awards so that their authenticity and provenance could be validated.

Provenance is Forever

Provenance is important. I wrote about it more than a decade ago using the example of luxury goods such as watches and asking how you would tell a fake Rolex from a real one. It’s a much more complicated problem than it seems at first. Suppose an RFID chip is used to implement an ID in luxury goods, authentic parts, original art and so on. If I see a Gucci handbag on sale in a shop, I will be able to wave my phone over it and obtain the ID.  My mobile phone can decode the number and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me. I could go onto the Gucci-lovers website and find out that product 999 is a particular kind of handbag, but nothing more: I may know that the tag is ‘valid’, but that doesn’t tell me much about the bag. For all I know, a bunch of tags might have been taken off real products and attached to fake products.

To know if something is real or not, I need more data. If I wanted to know if the handbag were real or fake, then I would need to obtain its provenance as well as its product details. The provenance might be distributed quite widely. The retailer’s database would know from which distributor the bag came; the distributor’s database would know from which factory the bag came and Gucci’s database should know all of this. I would need access to these data to get the data I would need to decide whether the bag is real or fake.

The key to the business model is not the product itself but the provenance, so delivering a service means linking the personalisation and the provenance under the control of the brands. This is where Digiseq is going. In January, one of the world’s leading chip manufacturers Infineon Technologies AG announced that they will be working Digiseq on their  SECORA™ Blockchain NFC technology to deliver secured identity data. This is an advanced solution that connects the digital data recorded on blockchain to physical items, allowing for just this comprehensive verification of the identity of items, thereby eliminating the challenge of product substitution and heightening supply chain transparency.

cheap chips can turn almost anything into a smart object and with the right provenance service in place turn those smart objects into objects-as-a-service (OaaS). Click To Tweet

The ability for brands to choose whether to give customers high end wearables for select markets or to push into the mass market with wearables that customers can personalise themselves, using the mobile phones to add/remove payment cards, access codes or identities at any time, is a game changer. But it is only the beginning. The secure microchips that are inside the Prada bracelet or the Golden Globes can be inside everything from smart watches to luxury handbags, from aircraft parts to bottles of whiskey. These inexpensive RFID chips turn almost anything into a smart object, and with the appropriate back-end provenance system in place, they can turn those smart objects into objects-as-a-service (OaaS).

Objects-as-a-Service are going to be… well, huge. If you want to learn a little more about this incredible new market and the opportunities that it presents, come and join me at the Digiseq webinar on 22nd April 2021 at 9am UK time. Sign up here.

Monet laundering and a new kind of market

You’ve probably read something about the latest crypto-craze. My good friend Lawrence Wintermeyer wrote a great piece about it here, describing how an anonymous guild of “art digitalists” bought an original Bansky and then set fire to it after digitizing the piece into a non-fungible token (NFT) they sold for $400,000.

NFTs really hit the headlines when the artist Mike Winkelmann (“Beeple”) sold an NFT of a JPEG he had created for $69m at Christies. It’s a lot to pay for nothing since, as my good friend David Gerard eloquently notes, Christie’s 33 page conditions of sale make it clear that the buyer did not obtain copyright or indeed any other rights to the file. The $69m is for nothing more than an albeit uncloneable receipt for the artwork. Not that the buyer minded, because he runs a crypto fund that invests in NFTs and issues tokens that are shares in the portfolio. Beeple owned 2% of these tokens, which went up in value from $0.36 per token to $23 after the Christie’s sale. Nice.

Now, you may think (as I did) that this is more interesting as a piece of performance art about the manipulation of cryptomarkets than a window into a new world that decentralises auction houses out of existence, but it is undeniably interesting. That’s because, trivially-copyable artworks to one side, NFTs could deliver radically more efficient markets.

Slugsy

Slugsy (CC-BY-ND 4.0)
NFT available direct from the artist at TheOfficeMuse (CC-BY-ND 4.0)

To see why, let’s first remind ourselves of what tokens are. Tokens are a cryptographically-secured digital asset (that is, they cannot be counterfeited or duplicated). As I explained in my book Before Babylon, Beyond Bitcoin a few years ago, although tokens are not specific to Ethereum they took off with the development of the ERC-20 standard back in 2015. ERC-20 defined a way to create a standard form of token using consensus applications on the Ethereum blockchain. Such tokens are a simply structured data exchanged between these applications, a practical implementation of digital bearer claims on assets with no clearing or settlement involved in their exchange (and hence a more efficient marketplace for their trading), thus creating a means to make the transfer of fungible value secure without a central authority.

I have written before that fungibility is a critical defining characteristic of money and one of the reasons why Bitcoin isn’t. Click To Tweet

All of the dollars in the world are the same, and any dollar can substitute for any other dollar. But all of the Bitcoins in the world are not the same. Similarly, my excellent stalls ticket to see the mighty Hawkwind play at the London Palladium is unique. So… how do you know that that ticket belongs to me? Right now there are event promoters, and ticketing agencies and credit card acquirers and databases and barcodes to try to figure that out. However, if I am a bad boy and sell a ticket that is nothing more than an e-mailed barcode to two other people and they both show up to watch a band, neither the venue nor the band nor other fans nor anyone else can tell which barcode is authentic and which is a copy.  But what if the ticket isn’t a barcode, but a non-fungible digital asset stored in my digital wallet? An NFT?

Now, non-fungible digital assets are fun and markets for them existed before Bitcoin, the blockchain and Enterprise Shared Ledgers (ESLs). Consider the obvious example of people playing massively-multiplayer games (MMGs) such as World of Warcraft and the like. People buy sell digital assets all the time (one of the first blog posts that I ever wrote was about the mining of digital gold in these games, and that was back in 2006!). If I want a magic sword or a laser cannon or a nicer hat for my avatar, I can buy it with real money. If you could copy magic swords to infinity, then they would have no value. So the number of magic swords is limited, and thus a market arises. So who says who the magic sword belongs to? If I pay you some real dollars for a non-existent virtual sword, who transfers title? Well, in the case of the games, it is obvious: it’s Blizzard or CCP Games or whoever else is in the middle, running the game.

New technology means that I can sell you the magic sword without having anyone in the middle. On Ethereum, for example, there are now a number of different ERC token standards, most notably ERC-721 that defines non-fungible digital assets. ERC-721 hit the headlines (well, for people like me anyway) back in 2017 when CryptoKitties took off. This is game on Ethereum that allows players to purchase, collect, breed and sell virtual cats and it became so popular that caused such congestion on the Ethereum network that is slowed in down significantly. The point is though that we can now exchange unique digital assets in a fully decentralised manner.

I remain unconvinced that buying digital receipts for trivially-cloneable artworks is a sound long-term investment strategy, although I am given to understand that much of the art market is more about money-laundering than Monet (Monet laundering! Why didn’t I think of this headline before!). However, that is not to say that there is no future for NFTs. On the contrary, some of these art market experiments are breaking ground for a new way of working that I think will indeed transform some markets.

Real Connections

These digital assets will very often be a means to control of things in the real world without having anyone in the middle either. Some years ago I asked if shared ledgers and such like might be a way to tackle the issue of “ID for the Internet of Things” (#IDIoT). I said at the time that I had a suspicion that there might be something there. My reason for thinking that was that there is a relationship between digital assets and things, because blockchains and tokens deliver a virtual representations of things in the mundane that, as with their physical counterparts, cannot be duplicated. If we can link the digital asset of a Rolex watch to a physical Rolex watch, we can do some very interesting things.

(As it happens, I am the non-executive Chairman of Digiseq, a UK startup that does this using tamper-resistant microchips).

What all of this means is that we can use the new technologies of cryptoasset trading (the world of decentralised finance, or “defi”) to develop efficient markets in scarce resources, markets that will hinge on the ability to maintain and prove the provenance of real-world objects, whether these are magic swords or designer handbags.

The opportunities for new and disruptive businesses here are real and substantial. Here’s an example, continuing the music theme. A band is going to play a concert. There are 10,000 seats in the venue and 100,000 members of their fan club. So the band randomly distribute the tickets to the members of the fan club who pay $50 each for them (this is all managed through smart contracts). And that’s it. Now, the members of the fan club can decide whether to go to the concert, whether to buy some more tickets for friends, whether to give their ticket to charity or whatever. They can put their tickets onto eBay and the market will clear itself. The tickets cannot be counterfeited or copied for the same reason that a Bitcoin cannot be counterfeited or copies: each of these cryptographic assets belongs to only one cryptographic key (“wallet”) at one time, and whoever has control of that key has control of the ticket.

Not your keys, not your Kings of Leon, as the kids might say.

(An edited version of this piece was first posted on Forbes, 7th March 2021.)

Bitcoins stay dirty, no matter how much you launder them

Some people mine Bitcoin for profits but some some people mine it for politics. The operator of a Bitcoin mining pool (a group of miners who work together to share the profits) quoted in CoinDesk recently says that some are investing not to convert electricity into cash but for other reasons “such as to avoid capital controls or avoid sanctions”. Indeed. And this has some serious implications. The Foundation for Defense of Democracies (FDD), a Washington think tank, summarised the emerging situation rather well in their position paper “Crypto Rogues“. They noted that “blockchain technology may be the innovation that enables U.S. adversaries for the first time to operate entire economies outside the U.S.-led financial system”. Now, while this may be technically slightly inaccurate (there are ways to create anonymous transactions without a blockchain and, indeed, the Swiss central bank has just published a working paper describing how to do so) it again flags up that the widespread availability of decentralised financial services threatens to bypass the existing infrastructure.

Iran provides an obvious example. They have every incentive to want to try new approaches to skirt the long arm of American law. The country already published a new set of regulations designed to funnel Bitcoin mined by Iranians to the state so that the country can use them to pay for imports. When the Iranian regime, for example, set up a venture to explore Bitcoin payments with a Swedish startup, the Swedish banks refused it a bank account because they themselves did not want to become subject to secondary sanctions. As America’s Treasury Secretary Mnuchin said at the time (talking about Iran), “If you want to participate in the dollar system you abide by US sanctions”.

On the other side of the world, North Korea has been developing a digital currency of its own. According to Alejandro Cao de Benós, President of the Korean Friendship Association, the Democratic People’s Republic of Korea intends to go down the Facebook route by creating an asset-backed digital currency rather than a digital fiat currency and then use some sort of blockchain with “Ethereum-style smart contracts” to do business and avoid sanctions. The regime sees this as a way to enforce deals it makes with foreign counterparties by developing a “token based on something with physical value” (eg, gold) in order to create a stable mechanism for payments in international trade between the regime and “other companies/individuals” (although it will not be available to individuals in the DPRK, who will be stuck with the Korean Won).

Across the Pacific in Venezuela, a country often mentioned by Bitcoin enthusiasts as a living case study of the benefits of decentralised cryptocurrency in the fight against tyranny, we find more mining going on: a video posted on Instagram by the 61st Battalion of the 6th Corps of Engineers of the Venezuelan Army shows military buildings converted into giant cryptocurrency mining centres and a warehouse that appears to be full of specialist Bitcoin mining equipment is labelled the “Center for the Production of Digital Assets”.

(I noted with interest that they do not appear to be mining “The Petro”, the digital currency of the revolution which according to the Bolivarian Council of Mayors’ recent “National Tax Harmonization Agreement” may soon be required for the payment of taxes.)

What… Whatible?

It seems to me that Bitcoin is a pretty poor choice for sanction-busting shenanigans though. Not only is the record of transactions public, but the Bitcoin value is not fungible. This matters. Remember that 2014 IRS Ruling about Bitcoins being a commodity, so that traders would have to track the buying and selling price of each individual Bitcoin in order to assess their tax liability? No? Here’s a reminder : “the real lesson from the IRS Bitcoin ruling is that for a currency-or any payment system-to work, its units must be completely fungible”.

Fungible (from the Latin “to enjoy” via Medieval Latin phrases such as “fungi vice”, meaning “to take the place of”) is one of my favourite adjectives. It means that all tokens are the same and can be substituted one for another. You owe me a quarter. It doesn’t matter _which_ quarter that you give me. Any will do. Any quarter can substitute for any other quarter because they are all the same. The same is true of the Pounds in my bank account, but it isn’t true of bitcoins. They are all different and their history can be tracked through the blockchain which is, as we are often reminded, and immutable public record of all transactions. 

The lack of fungibility has major implications for criminals, but also for the rest of us. As my good friend Marc Hochstein observed about this some time ago, blockchain’s openness could turn out to be a bug for law-abiding citizens. In England, the High Court (in the decision of AA v Persons Unknown & Ors, Re Bitcoin [2019]) has already ruled that crypto assets such as bitcoins are a form of property capable of being the subject of injunction. You can see what is going to happen: cryptographic exchanges will be required to identity who owns stolen coins and the owner will then be the subject of legal action to recover them. This owner might be entirely innocent about the origin of the coins and will say that they didn’t know that the bitcoins they bought are the proceeds of a ransonware attack and may ask to the keep them. But, J.P. Koning points out, that’s not how property law works. Even if you accidentally come into possession of stolen property then a judge can still force you to give it back to the rightful owner.

Launderette

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

The UK has been experimenting with the “Unexplained Wealth Order” as a way to combat crime and corruption through the traditional money and finance system, but how would this translate to the world of cryptocurrency? Well, perhaps it doesn’t need to. In the world of Bitcoin, smart criminals may well try to use “mixers” or “tumblrs” that jumble together bitcoins to obfuscate their origin but I don’t think this will help in the long run. Apart from anything else, future consumers might want to know the provenance of their money, an idea explored by the artist Nitipak Samsen a decade ago in the Future of Money Design Awards. Check out the brilliant video he made here.

Have you ever wondered where the money in your pocket had come from? Who was the previous owner? Who was the owner before that? Might it be a famous celebrity?… Smart banknotes work by presenting a readable history of ownership on the note itself, an innovation designed to prevent money laundering

This might work in some interesting ways. People might pay a premium for coins that have an interesting past! Maybe coins that were used by a celebrity to buy drugs or were used to bribe a politician, coins that belonged to a murderer, that kind of thing, might be worth more than coins that belonged to boring people like me.

Clean Money

In the mundane world of dollar, dollar bills we have the concept of “money laundering” to describe what happens when dirty money is mixed with clean money (surely every one of us has touched banknotes that have been involved in some criminal activity!). But this doesn’t work for bitcoins. The “tainted” money stays tainted. Ross Anderson, Ilia Shumailov and Mansoor Ahmed from the Cambridge University Computer Laboratory wrote a terrific paper on this theme a couple of years ago. In “Making Bitcoin Legal” they pose some interesting questions about what to do with tainted cryptocurrency asking, for example, “If an identified customer says ‘Hi, what will you give me for UTXO x?’ and the exchange replies, ‘Sorry, 22% of that was stolen in a robbery last Tuesday, so we’ll only give you 78%’ does the customer then have to turn over the crime proceeds?”. Their idea of a public “taintchain” is an interesting way forward.  This would be a mechanism to make stolen coins visible, in which case they might display a futuristic Gresham’s Law dynamic as good coins drive out bad ones!

Whether by taintchain or some other mechanism, it’s actually pretty each to track dirty bitcoins. You can see where this might lead: if law enforcement agencies go to the biggest miners in the world and tell them that if they continue to confirm easily identifiable mixing transaction outputs, they will be accused of money laundering? This is not difficult to imagine, which suggests to me that Bitcoin’s lack of fungibility has far-reaching implications.

These implications have not gone unnoticed in the United States. Two of the largest Bitcoin mining companies there, Marathon Patent Inc. and DMG Blockchain Solutions Inc. (which together account for about a one-twelfth the power of the Bitcoin networks), recently joined forces to create the Digital Currency Miners of North America (DCMNA). This not-for-profit trade association has come up with pretty interesting idea: their miners will only process transactions that comply with American laws, thus extending the benevolent embrace of the U.S. Government into cryptocurrency. The idea (known as “clean mining“) is that instead of selecting transactions on the basis of which ones will bring the biggest fees, they will mine transactions based on the wallets that they come from.

We could well see a strange and interesting twist in the world of cryptocurrency that has no analog in the analogue world of notes and coins: black and white money, or clean and dirty money, or light and dark money (an idea that goes back to the earliest days of cryptocurrency) in which some bitcoins will be worth more than others! Maybe a year or two from now, exchanges will be quoted two BTC-USD pairs: clean BTC at $100,000 and dirty BTC at $75,000. This doesn’t happen for GBP-USD or JPY-GBP, which confirms my feeling that whatever Bitcoin is, it isn’t currency.

[An edited version of this article first appeared on Forbes, 28th February 2021.]

Right now we need embedded health as much as embedded finance

Embedded finance is great and I love having apps on my phone that take care of the interface to the tedious world of banks and money so that I don’t have to deal with them. But embedded finance doesn’t get me out of the house. And it can’t get me in to watch Manchester City again. It can’t get me on a plane to Singapore. Perhaps to get the post-COVID economy moving again, embedded health APIs will be more important than embedded finance APIs!

What’s the point of having all sorts of clever instant credit, credit transfer and buy on credit mechanisms that I can use to buy a new shirt if I am not allowed to go to meetings? Why bother with fancy QR code contact-free dining experiences if I am not allowed into a restaurant? How do I benefit from sophisticated electronic tickets dropped directly into my phone when there is nowhere to go on the train? What is needed to ease the economy back on track in the recurring pandemic, new normal world is the ability to show a vaccination record as well as a plane ticket and a negative test result along with a restaurant booking.

In fact, so pressing is this need that I might go so far as to predict that the virus shock may well mean a quantum leap in strategy in the world of digital identity: what if it is not finance or government, as most of us had assumed, but travel and hospitality that drives digital identity into the mass market?

Barman

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

It is actually pretty easy to imagine the customer journey with embedded health. I go online to buy ticket to see Hawkwind in concert at the London Palladium in May but in order to check out I must first present a certificate to show that I have been vaccinated against COVID-19 (I’m afraid that the Hawkwind fan demographic renders this necessary) and a certificate to show that I have been vaccinated against Yellow Fever or whatever else the London Palladium demands from would-be patrons. I present the digital certificates and go about my day.

That is quite easy to draw as some boxes and arrows mapping out a customer experience journey on a whiteboard, but what has to happen to make it a reality? That’s where things become a little more complex.

Vaccine Passports

There are some well understood issues around identification and authentication but to my mind these are largely solved. There are plenty of companies that can do digital onboarding pretty efficiently (indeed, I am an advisor to the board of one of them, Au10tix) and there are plenty of companies that can do authentication: If I could have used “sign in with Apple at the London Palladium”, I undoubtedly would have. What’s missing, and where there has to be some progress to bring that smooth customer experience into being, is the standardisation of the creation, presentation and verification of the health-related data.

(Just to divert for a moment to be specific about language: I use claim to mean the process of presenting a credential to be verified and I use credential to mean some attribute that has been attested to by somebody that the verifier can trust. By trust, of course, I mean “can sue for large amounts of money if the data turns out to be incorrect”.)

If a theatre, or more likely a theatre’s merchant services processor (MSP), wants me to show that I have been vaccinated then both the claim process and the claim data have to be in some sort of standard format. Otherwise we will end up in bubbles and make no real progress. It is clear that something has to be done. Ursula von der Leyen, the president of European Commission, recently said that a “Digital Green Pass” would provide proof of inoculation, test results of those not inoculate and antibody status of those who had had the disease. This is inevitable, frankly, in one form or another. But how exactly would it work?

There are some great companies out there who are already working hard to make the transport and display of results as easy as possible.Yoti, for example, have been involved in a number of trials using FRANKD. This is a rapid Point of Care Covid-19 RT-LAMP. People scan a unique QR code on their FRANKD test bag to add their identity to the test. After a testing swab is taken, results are processed and delivered straight to the individuals’ Yoti app within 30 minutes. To scale up, though, we need standards that identity providers can use to interoperate with service providers of all kinds. This is why the foundation of the Vaccination Credential Initiative (VCI) is so important.

VCI is a coalition of public and private partners including Microsoft, Salesforce, Oracle, The Commons Project Foundation, Mayo Clinic and many others working to enable digital access to vaccination records using the open, interoperable SMART Health Cards specification, based on the W3C Verifiable Credential (VC) and HL7 FHIR standards. FHIR stands for Fast Healthcare Interoperability Resources, a standards framework created by Health Level Seven International (HL7) , a not-for-profit, ANSI-accredited organisation developing standards for the exchange, integration, sharing and retrieval of electronic health information. The idea, essentially, is to group a set of FHIR content resources (eg, immunisation or observation) for presentation in the form of a verifiable credential.

The New York Times showed a mock-up (from The Commons Project) of what a digital vaccine credential might look like in practice, using a pretty straightforward QR code interface that passengers are already familiar with for check in.

Travel

Waiting for a globally-interoperable set of standards won’t help to boost the economy today, so it seems to me that it makes sense to link sector-specific identities together with sector-specific credentials that can be later bridged at the back-end. The obvious place to start implementing something like the EU’s Digital Green Pass is in the travel sector and the obvious people to co-ordinate this are the International Air Transport Association (IATA) and, indeed, the COVID-driven need for a such credentials has led IATA and British Airways’ parent company, International Airlines Group (IAG), to starting work together in this direction.

I hope they chose to use open standards for their Travel Pass Initiative (TPI). TPI brings together four interoperable “modules” that combine to deliver a practical solution to get people moving again. These modules are:

  • A up-to-date list of requirements for travel (ie, what vaccines or tests are necessary for travel on specific routes) so that travellers know what they need to do to travel;
  • A registry of health centres that can carry out vaccinations and tests that travellers need;
  • A contactless travel app for travellers so that they can find out what the travel requirements are, where they can get the tests and vaccines and store the results;
  • An application for labs to report results.

Singapore Airlines has been the first carrier to adopt the new standard and begin verification based on the IATA TPI framework. Passengers who receive a negative test or vaccine will be given either a digital or paper QR code to take to the airport. Emirates will implement the first phase in Dubai in April and will use the app for the validation of COVID-19 PCR tests before departure. Using the app, which will automagically post details to the check in system, passengers travelling from Dubai will be able to share their test status directly with the airline before reaching the airport. 

So if this works for getting on planes… why not use the same registries and APIs to power applications for restaurants and pubs to get the economy moving again? I’d be more than happy to be required to show my test status to get into the Etihad to watch the mighty Manchester City via a Travel Pass app, or my British Airways app, or my Man City app or whatever other convenient application was accessing standardised VCI vaccination and test records through the IATA API. And if IATA and VCI together create a global standardised platform then the opportunity for fintechs to exploit the combination of embedded health and embedded finance together in apps will be enormous.

(An edited version of this piece appeared on Forbes, 25th January 2021.)