Op-ed: Blockchain for ID and data security: Right place, right time
The world is keen on blockchain-based decentralised data management. But it could still go too far.
"We were having trouble moving money out of Brazil into China," Bruce Silcoff explained. "I was explaining my problem, and one guy say "you've got to meet this guy Joseph Weinberg, who's using bitcoin to move money across borders.""
By itself, using bitcoin to send money from B to C was easy and efficient. The slow and expensive part of the entire process was complying with anti money-laundering (AML) and know your customer (KYC) laws. The entrepreneurs quickly realised that easing open that AML/KYC bottleneck would be one of the most valuable things they could do if they wanted to move money better.
And they also realised that the same blockchain architecture that bitcoin and other cryptocurrencies used was very well suited to identity management.
Today Bruce Silcoff is the CEO of Shyft Network, Joseph Weinberg is the chairman, and they're aiming to solve data so to speak.
The problem with data
"Putting it simply, we're using blockchain technology to build a distributed network for the secure sharing of trusted data," Silcoff explained. "What we thought was originally going to be built to handle the KYC/AML issue, we quickly realised could be used to handle any form of data. We're providing a more efficient and more secure network for sharing that data."
"One, it's encrypted. Two, it's decentralised."
Decentralisation might be a blockchain buzzword, but it's also a very real and practical way of storing sensitive data such as people's identities.
And with the value of data now being more apparent than ever, the financial risks of holding compromisable data troves being scarier than ever, and the general level of public interest in each new data breach being higher than ever, now is the perfect time for redesigning data management as we know it. In this respect, blockchain and its decentralisation paradigm is the right thing in the right place at the right time.
"Every day 7.2 million data records are compromised, 69% of which are personal data," Silcoff said. "We've got a problem... we realised the way we store and share data is broken. It's an epidemic, and blockchain presented a way to cure that."
"Equifax happened... and that was the best marketing I could ask for," he noted. "Part of the problem with Equifax is all their data was siloed in one location. If you decentralise data you make it less attractive and harder for thieves to steal."
If you don't decentralise data, you create honeypots that are begging to be broken into. And given the tendency of data, especially valuable personal data, to be replicated and stored on a variety of honeypots around the Internet, it's generally only a matter of time until one poorly-secured, or entirely unsecured, honeypot gets broken into.
Decentralising the actual holding of data helps solve this problem on two fronts. Firstly, it helps prevent the formation of these giant data troves. Secondly, it creates a paradigm for handing control of that data to the actual owners of that data.
"We need to and should be owning our data," Silcoff said. "Any time our data is shared, it should be permission or consent based. Why are Facebook and other companies making big money off our data without permission? One, it should be permission based. Two, I should be benefiting from it."
Self-sovereign identity (SSI) is the name of this idea that everyone should have control over their own personal identity data. People can monetise it as desired, or keep it secret if preferred. Just like bitcoin was based on the idea of everyone being their own bank, self-sovereign identity is the idea of everyone having control over their own data without needing to entrust it to third parties.
But whether the world really needs or wants bitcoin is still debatable, while the need and desire for SSI is much more apparent, especially as holding data becomes increasingly commercially risky on the one hand, but the importance of being able to access data in the growing Internet of things (IOT) becomes more important on the other.
SSI is a commercially effective paradigm for data management, as well as an ethically correct one. Data is valuable, and now it's time to decide who actually owns that data. The most obviously correct answer is for everyone to personally own the data that they produce.
Commercial and ethical correctness
Right now is an excellent time to start solving the problem of data ownership, with information-gathering devices making their way into every facet of life.
How do you feel, for example, about a medical device that monitors your sleep data and sends it to insurers? Should insurers be able to withdraw benefits if you aren't tucked in by your medically-advised bedtime?
Or how about your bank's life insurance division monitoring your purchases through the payments division to see if you're putting more than the medically-advisable amount of alcohol in your shopping cart? Or maybe a smart garbage can that checks what you throw away and sells the information to marketers, and automatically alerts law enforcement if anything illicit is suspected?
Taken to its tenuous extremes, it's easy to imagine the rapidly advancing technology of today, without appropriate attention to data privacy, leading to an unpleasant place.
The most obvious paradigm for managing this information, satisfying all parties and not unduly infringing on innovation or individual rights, is to give everyone complete ownership and informed consent. If someone wants to sell their SmartTrash™ bin data to advertisers, they can choose to do so if the price is right, and can choose to dispose of anything potentially embarrassing or incriminating in a different way.
Self-sovereign data might be both commercially and ethically correct. Although it can be difficult to separate the two, Silcoff observes.
"Lets ask an ethical question. Whose data? Who owns the asset? I think data is the most valuable asset in the world," Silcoff says. "Look at the valuations places on companies like Google and Facebook."
That valuation is based largely on the value of the data they collect and leverage – the data that's being produced by you and billions of other people.
"Right now, its scary almost how much more people like Facebook or Google know about us than we even know about ourselves. We give data only when we’re using applications to try to help us. As these breaches become more and more rampant and visible in the public eye, we start to question what's right and what's wrong. We will take back ownership of our own data, and make companies more accountable for the way they use our data."
"The question is who has the rights to sell it? Who owns that data and should it be sold without your permission? I think the days of claiming ownership of our data is coming to and end quickly. Let's face it, over the years social movement has changed the way we do things. Crypto and blockchain emanated out of Satoshi's whitepaper which came about 10 years ago. It started out as a social movement which brought about change. And now looking at it as an evolution."
Viva la (r)evolution
It's not a revolution, Silcoff says. Rather, decentralised blockchain self-sovereign data is an evolution, and a natural extension of how the world will use that ever-valuable data. And on the whole, it's not an especially controversial idea.
Political parties will vacillate on questions like whether Apple should unlock the phones of alleged terrorists, or whether indiscriminately monitoring and storing the communications of millions of citizens without any real way of sorting through the data, somehow makes America safer in a vague, ephemeral way.
But questions of privacy as a national security issue are very much couched in an "us vs them" attitude, and inevitably leads to the phrase "if you've done nothing wrong you have nothing to hide".
By contrast, questions of data privacy in the IOT age – a garbage can that records your trash, a bed that monitors your sleep, a fridge that keeps track of its contents and so on – affects everyone. The question authorities and lawmakers have to ask themselves is not whether they are happy to spy on someone else, but whether they are personally okay with being spied on. And as precedent shows, people stop saying "if you've done nothing wrong you have nothing to hide" the instant they go under the spotlight, even if they don't actually have anything to hide.
And so, discussions about self-sovereign identity and privacy in the IOT age might be unlikely to ever be as controversial as most similar topics to date. It's something almost everyone can agree on.
Silcoff sees the self-sovereign identity enjoying a good deal of support from the establishment.
"It's not rising up against the establishment," he said. "It's the establishment saying "you have a point, let's cooperate"."
This essence of cooperation – between governments, businesses, competitors, non-profits, individuals and all other stakeholders – is very distinctive, Silcoff observes and might be the biggest difference between the blockchain revolution and the dotcom years.
"The big difference with blockchain [compared to the dotcom boom] is [blockchain] is all about collaboration," Silcoff said. "We're working with regulators, governments, institutions to make sure we are compliant, that we dot all the I's and cross the T's."
This level of cooperation and global compliance is essential for Shyft, which aims to be a global data layer used around the world, and the definitive answer to the question of how we should be managing data in this new age. Without compliance and wide acceptance from a wide range of stakeholders, there's no standardisation or interoperability. And without that level of standardisation you can't fully leverage the benefits of this kind of system.
Fortunately, there's been a lot of buy-in. Not only is everyone answering "no" when they ask themselves whether they want their personal data to be strewn across the Internet, but for the people who are motivated by humanitarian issues (the majority, fortunately), it's hard to ignore the potential of a better ID solution, one of Shyft's immediate goals.
For the better
"We're past the point of questioning whether blockchain will change things for the better," Silcoff asserts. "We're past it. It has positive implications in every aspect of the way we do things. It's our ability to adapt and adopt change. It takes progressive thinking. It takes the forward thinking of politicians, regulators and leaders in jurisdictions around the world to enable the innovation that entrepreneurs like us have what it takes to make happen."
And fortunately, the entrepreneurs at Shyft have been enjoying a solid amount of support from these parties.
"We were at the World Economic Forum (WEF) in Davos (Switzerland), where we met with a lot of leaders," Silcoff described. "[Bermuda] Premier David Burton, who has an IT background, said "I have a situation where my children are going to university, leaving the country and not coming back until they retire." I want to instill them with the tools that will enable them, to create businesses and build money within Bermuda. Unlike oil or diamonds, technology is borderless. If we were to educate and tool his young people with the technology that's sellable around the world, he can reverse that brain drain."
Burton understood blockchain, Silcoff said, and is making it happen.
"By the middle of next year we will be transitioning the country from an analog or paper ID system, that is not very user friendly, to an interoperable digital ID system," Silcoff said. "It's something every jurisdiction in this world wants to do, but not everyone has had the progressive thinking to do. Bermuda is being a sandbox for the planet. The rest of the world is watching. The obvious choice will be to follow."
"If I'm a patient in New York city and I go to London and get hit by a bus, I want to know my patient information is shareable across terminals. That's what Shyft is really good at - building an interoperable global ecosystem."
"I was dealing with a guy - a senior executive saying he moved from Ireland to Canada and had great credit, but when he came to Canada it's like he had to start from ground zero because his history wasn't interoperable. That's ridiculous in this day and age! It's electronic, its easy to share data! You just need the right network.
"That [credit rating] data isn't even accurate," Silcoff adds. "I don't know how I can get credit scores - that aren't even accurate - without them having access to my data, that I didn't give them."
ID for social impact
"It will have tremendous social impact," Silcoff said of decentralised digital ID. "There are 1.1 billion people without legal ID. "Without a legal ID they have no access to central services, like the right to vote, the right to healthcare and services. ID should be a right you’re born with. We need to have an interoperable digital ID system and network to solve this problem. We can do it, and Bermuda will be a leader in that space."
This lack of ID has big impacts in a changing world, and it's a problem that might be well worth getting in front of ahead of other potential mass migrations such as might follow climate change, and future economic or political upheavals.
Silcoff points at the work being done with blockchain ID for Syrian refugees.
"Over 10% of their paper IDs were fake," he explains, in part because IDs are valuable and someone who has fled with nothing but their paper ID and whatever else they can carry might find themselves needing to sell that ID for essentials like food and water.
Elsewhere, a lack of ID is getting in the way of even the most organised and best-intentioned aid efforts.
"There are refugee camps in Africa filled with people who can't get out of there," Silcoff said. "They just don't have an ID that's recognised anywhere. There are organisations likes the Gates Foundation, but they have no idea how to reach the population because they have no idea who's there. We're trying to do good, but we have to use all the tools and resources to enable these things to happen as quickly as possible."
It's been quite a journey for Silcoff. He just wanted to send money from Brazil to China, then ended up trying to bring digital ID to the world.
"As much as I wake up in the morning and am thrilled to be solving business problems, it's the social impact problems that I really am passionate about," he says. "The ability to have this kind of legacy and leave this kind of impact is gratifying. And to make personal sacrifices, like not being with my family often... this is too big to ignore."
Beyond ID data
Digital ID might be a good place to start. It's one of the most vital initial use cases from both a humanitarian and commercial perspective. Plus, as Silcoff points out, once you have the infrastructure for securely storing, handling and sorting people's identities, you can leverage that infrastructure for a whole lot more, including further humanitarian efforts aimed at the root of existing problems.
For example, targeting illicit weapons flows with the hope of preventing conflicts in the first place, or getting medicine to where it's most needed, or better ensuring election integrity, maintaining healthcare records, tracking the results of clinical trials, facilitating P2P lending and much more.
It also presents the means for creating new systems of presenting information.
"We're working with a team out of MIT, a company called Distilled Analytics. They're using biometrics on the way you use your phone to track up to 400 data points to provide reputational risk scores. If you're underbanked, you now have enough data points to provide decision-making criteria for banks to provide lending to you. That's important."
The irony of this kind of solution rolling out on a system focused on data privacy isn't lost on Silcoff, and he emphasises that the control of these kinds of applications is in the hands of the users.
"Ours is all permission-based, and in the hands of the owner and the consumer, as opposed to governments and third parties," he says.
With great power come greatly troubling application use cases
There are a lot of ways this kind of data can be utilised to make for a more harmonious world.
"If I have a good reputation and always pay my bills on time, and live in a good neighborhood, and good family, I go to church, synagogue, mosque, etc, I should benefit from my good reputation. Why not enable people, like in the loyalty space, to enable positive scores for their good reputation?" Silcoff asks.
Indeed, this kind of system has already started rolling out in China, where irresponsible dog owners, sellers of fake goods and scammers are now being penalised with social credit score deductions in certain places. Although what exactly qualifies as an infringement depends in part on the mood of local authorities.
This is the kind of power that can reshape societies. You can prevent scammers from preying on the victims, keep the streets clean, and create a more peaceful society by rewarding loyalty and punishing dissidence.
And rewarding people for going to church could crank up religiosity, rewarding people for living in a good neighbourhood could effectively penalise those who don't and permanently deepen class divides.
But those examples were just hypothetical figures of speech, Silcoff emphasised. Which might in some ways highlight how difficult it is to describe what makes a person a good person.
"We want to find benchmarks that are universally accepted," Silcoff said. "Good behaviours, and... what is a good behaviour? I guess we have to come up with universal standards. Maybe not skewed or biased towards differentiation, but common good."
On the one hand, this kind of system could be immensely useful and of great benefit to millions of underbanked people, while making for a safer, successful and more harmonious world.
On the other hand, on a sufficiently large scale no individual, group or entity of any kind can ever be trusted to decide what kind of behaviour should constitute "common good", and even some of the safest-seeming "common good" behaviours might have undesirable consequences when rewarded on a large scale.
It would be a strange circumstance indeed if Silcoff's blockchain rabbit-hole, which started with him trying to send money from Brazil to China, ended up ushering in a new striated world order based on reputation points.
But that's tech for you. If you believe The Social Network, Facebook got its start as a kind of Harvard hot-or-not and then ended up becoming one of the world's most influential data harvesters and potentially influencing the outcomes of the US elections.
"Our solution analyzes a person's facial image and automatically reveals his personality, enabling security companies/agencies to more efficiently detect, focus and apprehend potential terrorists or criminals before they have the opportunity to do harm", it promises.
It's not that unique though.
The United States is ahead of the curve here. Its courts already regularly use a piece of proprietary software called Compas to supposedly identify a suspect's recidivism risk. It's opaque, and not publicly known how exactly its algorithms work, but it's being used to determine how long people's prison sentences are, whether they should get bail and similar. Compas also seems to have it in for black people. All else being equal, the Compas AI will peg black defendants as being 77% more likely to commit a violent crime in the future, and 45% more likely to predict a future crime of any kind than other races.
That's not the future – that's something being used right now. Similarly, your purchasing behaviour is being used somewhere without your express consent to assign you a credit score, no-fly lists are opaquely assembled and unintentionally barring people with similar names as those on the list, and other big data cogs are grinding away behind the scenes everywhere.
Ready or not, here the future comes. As scary as it might be, if blockchain systems transparently bring the kinds of debates about what technology should and should not be used to do into the public – rather than just letting people unilaterally impose bad decisions on entire populations – it's still a giant step forward, even if there are some troubling implications.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, XLM, BTC
- Phil Wilson: Satoshi Nakamoto was Craig Wright, Dave Kleiman and I
- Hybrid public-private blockchains in the real world – Part 2
- eToro launches 8 brand new stablecoins with eToroX exchange
- Bitcoin SV melts under the spotlight. Delistings, lawsuits and fraud accusations
- 23 highlights from the Ethereum core developer Q&A at EDCON 2019