[DG-BSC] blockchain for identity
koen.vingerhoets at telenet.be
Tue Jan 31 22:03:41 CST 2017
I’ve been involved in a KYC on blockchain project for some months now. It’s a collaboration between KBC, SWIFT & Euroclear.
I’m not a compliance/KYC specialist (but I hold a LL.M), which gave me some room for additional thoughts.
Your concerns are not new – I have the same issue with blind faith in DLT as a solution for everything.
I named the recursive trust issue you describe the “Adam & Eve problem”: who’s the first person you have to put blind faith in?
https://www.eggsplore.eu/news-full/2016/10/17/bagbv91o7l4v1yadmk5gehccp01ogr (my blogpost on this topic)
In bitcoin… it’s Satoshi Nakamoto. The one who started it all and (probably?) mined the first block.
In identity issues, it’s a tad more complex. I don’t buy the “village approves” stories : people nowadays hardly know their neighbours.
They do seem to have some faith in financial institutions (they stash their cash there) and most governements.
It seems the easiest way forward to rely on their services to have something that comes close to a true unique identity: through KYC, through issuing a new smart contract with a national registry number when a person is born,… but also through adding proof after proof after proof. Everytime you use your CC, the payment passes all checks Mastercard/VISA does. Every month you pay your electricity bill for electricity being delivered at the place known as your house, you add proof of your existence and home address. Hence it seems better to rely on B2C approval of identity.
The starting point of your identity, should be established by a legal entity having no interest in establishing your identity. A government for example. A bank maybe. Two banks, a utility provider and a telecom provider, combined with a fingerprint and facial recognition: yes. You still have to put trust somewhere, but at least it’s not one party or humans.
The added value of blockchain is imho in the 1-to-1 relation an individual can built with other individuals or companies through sharing of data. When you own your smart contract and add evidence of your identity, approved by a myriad of legal entities (their details are disclosed in legal documents), you start building a complex body of evidence that you are you. That’s a core identity.
But it’s not enough. Terrorists have a core identity too. You need to add reputation on top of it, and usage details. An identity issued by a government, used once, is… limited. Be careful. But when you receive a “nice guy” scoring from your friends, a “pays bills” from the bank,… it becomes a valuable something.
Especially when these details are exposed. It reverses the process: rather than trying to fill a box with all decent identity approval, the job is to keep the box of identity disprovals empty.
Van: dg-bsc-bounces at kantarainitiative.org [mailto:dg-bsc-bounces at kantarainitiative.org] Namens j stollman
Verzonden: dinsdag 31 januari 2017 18:36
Aan: dg-bsc at kantarainitiative.org
Onderwerp: [DG-BSC] blockchain for identity
I am seeking some insight from this group on the viability of blockchain for identity.
The notion of a user-controlled, distributed identity mechanism strikes me as the holy grail in identity. But, like the holy grail, I am finding it difficult to believe that it is real.
In particular, I don't see what the blockchain can add to identity.
Yes, I recognize that blockchain does offer distributed consensus. And I while I am not persuaded that proof-of-work and/or proof-of-stake are as bulletproof as most people accept, I am not focused on these concerns.
My concerns stem from what value add the blockchain provides to the inscrutable problem of identity. We can use blockchain to confirm that a particular transaction too place at a particular point in time. For example, we can use it to confirm that Alice paid Bob the $1000 he owed her within the terms of their agreement. This verification may be valuable in a subsequent credit transaction. And we can use blockchain to confirm that someone claiming to be Alice passed a background check by Bob at a fixed point in time where the background check attests to aspects of her health, home address, financial stability, national loyalty, trustworthiness with confidential data, or some combination of these. But even this information is only useful to someone who believes that Bob is trustworthy and thorough in his checking. And since Bob can never be absolutely certain that the Alice who sat in front of his desk is the Alice she claims to be, Bob's assessment -- no matter how trustworthy and thorough he is -- is always subject to some doubt. And how are we certain that it was really Bob who is asserting the claim on behalf of Alice and not an impostor Bob? Do we believe that merely possessing his private key is sufficient proof to an organized attempt to create a false Alice? I don't see anything about the blockchain that addresses these concerns which are - and always have been - at the root of identity and trust.
So many people seem excited because blockchain offers a distributed governance model that uses economic incentives to encourage good behavior of vetting parties (e.g., miners). But tracking a single crypto-currency is a much more simple task that vetting identifies and the vast array of attributes of interest to relying parties - depending on their business. And unlike measuring crypto currency transactions which either do or do not take place, identify attributes are not 0/1 transactions. They are a collection of probabilities. And using blockchain does not change this.
If I have a bad credit rating using one self-managed identity, why don't I just create a new identity and seek credit for it? As a newbie, I might not have a high rating, but it would likely be better than a bad rating.
What am I missing here?
stollman.j at gmail.com <mailto:stollman.j at gmail.com>
Truth never triumphs — its opponents just die out.
Science advances one funeral at a time.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the DG-BSC