Blockchain and Distributed Ledger Technology (DLT) have been on a downward swing in the hype cycle. The lack of clarity about why some data needs to be on a decentralised network at all remains, as does the suspicion that other ventures may just be offloading energy costs onto customers – no minor concern as prices soar.
Meanwhile some recent NFT releases have made non-fungible tokens seem like a satire on the digital economy – a Situationist joke. (If a tweet like ‘Next time you think you're down bad, just remember that @justinbieber bought a floor ape for 500 ETH’ doesn’t mean anything to you, please don’t worry about it.)
But one area where blockchain may have useful applications is establishing a secure digital identity, according to a techUK seminar this week. The Zoom event brought together four DLT luminaries, from finance, government, agriculture, and digital identity itself.
The intention was to challenge misconceptions and set out a viable route to market, according to Laura Foster, techUK’s Programme Manager for Technology and Innovation. However, she then passed the chair to potentially the most interesting speaker, Genevieve Leveille, key founder and CEO of AgriLedger – a distributed-ledger app for the farming supply chain, who did a good job.
(This had the unfortunate, unintended effect of marginalising Leveille for much of the debate itself, by obliging her to ask the other panellists questions, and they were all men with products to sell. Why Foster didn’t chair and ask Leveille the questions is a mystery.)
AgriLedger is an innovative venture that seeks to bring immutable identity, traceability, and financial services to farmers, while providing them with critical data to help them harvest more effectively, plan, and gain access to markets. A good use of the technology. Check it out.
For a country that is obsessed with its identity, the UK lacks a coherent policy for establishing it digitally for citizens. Paco Garcia is CTO of secure digital identity provider Yoti, whose focus is on customer – or citizen – verification. For him, a passport is a good place to start in explaining the need for DLT (doubtless his company would like to provide it). He said:
Your identity is a collection of attributes, true statements about what you are in a container – in the case of passports, a piece of paper. But obviously that doesn't work very well in today's scenario. This technology is trying to get a lot of those statements in a way that works in an internet world, so you can transfer that trust in this triangle of the issuer, the holder, and the verifier. How do you transfer that trust online?
Obviously we’ve been using digital identities over the past 25 or 30 years, and this is something that, traditionally, has been done in a very centralised infrastructure – a central database with all the statements and collections. This has advantages, but also disadvantages.
DLT technologies can offer some interesting improvements around the resiliency of that infrastructure if one central database or service goes down. How do you ensure that such mission-critical systems are still in place and can operate? There are other things, such as the immutability of the data, of course. How do you ensure with a central point that nobody can change that information?
Facts of life
These are excellent points in a world in which hackers, cyberwarfare, identity theft, and ransomware are facts of life for every organization. But Garcia accepted that DLT is not a simple cure-all: there are challenges in securing data on a blockchain too, in making it accessible to the “intended parties”, and upgrading the security of a distributed network. His words, not mine.
Shiv Aggarwal, EMEA Director of the Government Blockchain Association, and CEO of Earth ID – another start-up in the decentralised identity management space – put it more succinctly. In his view of DLT:
It's about, how do you remove the single point of failure or the single point of ownership? And, when we talk about decentralisation of control, it's about how do you build trust between stakeholders who are trying to access the same information system? And then it's about how do you ensure that that transparency is maintained? That is the key aspect of DLT.
Aggarwal’s comments throughout the event were hampered by this constant repetition of “How do you do x? How do you do y?” In short, by asking questions himself rather than answering any of them. But he made an interesting point:
When we look at existing disliked entities like passports, driver's licences, and the many other identities we get across during the lifecycle of being a human [just say “in our lives”, Shiv!], what we see is that most of them are binary by nature. Either you showcase all your information, or you don't show anything. There is very little control that I have with respect to my information.
Digital identities could be used in elections, he added – a hot-button topic in the UK as voter ID becomes a requirement as it is in the US. But the challenge surely then immediately becomes the 6.3% of British adults (3.4 million people, by my calculations) who have never used the internet, according to figures from the Office for National Statistics (ONS). In the real world, new voter ID requirements would hamper the right to vote, not enable it (see below). Digitizing them when so many people remain offline appears to worsen that problem.
The Electoral Reform Society describes current voter ID plans as an “expensive distraction". Now picture the expense of a national digital identity scheme for the UK, from the same government that brought you Test and Trace (a two-year budget of £37 billion, against the Channel Tunnel’s total cost of £4.65 billion).
But I digress. In Aggarwal’s view, a “distributed, decentralized identity” would give the user more control over their lives and personal information, empowering them with respect to data ownership, privacy, and consent, while helping organisations reduce identity fraud and compliance challenges. All issues that could be equally well served by an alternative technology, such as Sir Tim Berners-Lee’s ‘Solid pods’ concept. Nonetheless, Aggarwal’s point was expanded by Aman Kohli, CTO Banking and Capital Markets UKI at US IT and services multinational DXC Technology. He said:
If we think about ourselves as consumers […] it’s really awkward right now to marry who you are in the real world with who you are in the digital world. And digital identity is there to help bridge that gap. But there are times when you want to know ‘this is Aman doing this transaction’, and other times when you want that to be a little looser. Is this person old enough to buy alcohol? Is this person old enough to gamble or to drive? Sometimes those are the only assertions you want to make against the identity. We need to codify some of those things within the digital space and allow them to happen, while at the same time preserving anonymity.”
Good points, but they still fail to address the big question: why use DLT or blockchain? The answer appears to be that it is harder to pretend to be a particular age, or pretend to be anything, if your verified, distributed ledger entry says otherwise. But if a teenager somewhere isn’t designing a DLT to provide fake IDs I’ll be amazed.
I’m only half joking. Synthetic, black-market IDs already exist in the crypto world, because OF COURSE they do. Why wouldn’t a virtual currency attract virtual people? Money laundering is rife in crypto and digital finance, using the very DLT systems that are supposedly inviolable. Why? Because a system is always gameable, in the same way that the Titanic was always sinkable. So, what’s the iceberg this time?
Arguably, blockchain merely adds new levels of complexity and technical obfuscation, fronted by a veneer of digital authenticity. Meanwhile in the financial world, regulators are more concerned with technical rule violations than they are with preventing wholesale corruption, as this excellent Chatham House piece on Britain’s “kleptocracy problem” (their phrase) explained last year.
Put simply, regulations catch inept accountants and poor administrators, but do nothing to prevent gangsters from laundering billions through legitimate businesses. Indeed, they enable it because gangsters have great accountants. Distributed ledgers will do the same, empowered by blockchain evangelists who will bore the regulator comatose.
So perhaps the most useful approach would be to share some case studies of how DLT is helping in the real world, and Garcia was happy to oblige:
One is the IATA [the US International Air Transport Association], which created a blockchain-based digital identity called Travel Pass. That's the name of the wallet. You can use that to prove your COVID certificates and COVID test. You can use that today to prove your identity in a privacy-preserving manner, that's one of the advantages.
Or perhaps the more intrusive [sic] case is the European COVID certificates. The certificate itself is still not good enough: you need to provide your full passport or your national ID card to prove that the credential is bound to you, and not transferred to someone else.
Another big deployment is the Pan-Canadian Trust Framework [https://diacc.ca/trust-framework/] [a 2020-established framework for verifying people and organisations]. This is a government-driven initiative to use DLT technology and digital identity to interoperate between the different provinces in Canada. So, a citizen can be issued with a particular credential in one province and that can be verified by a different one.
All the participants agreed on one thing: the UK should establish a digital identity scheme as soon as possible, so DLTs can underpin our lives and businesses.
Yet as ever with blockchain events – at least, with every one that I’ve listened to – the debate was among innovators singing from the same hymn sheet, and among themselves. It lacked external perspectives, analysts, and tougher questions.
Make no mistake, verifiable, inviolable, distributed ledgers and decentralised networks have countless uses and do much to counter real problems, such as the vast data fiefdoms and walled gardens owned by Big Tech.
The idea of money that isn’t tied to central banks or greedy conglomerates is also attractive in many ways, and in each of these cases the challenges of energy consumption are at least being debated – proof-of-work vs proof-of-stake – and in some cases solved.
But the problem is, grabbing the ear of policymakers often means amplifying the voices of the least interesting innovators, and attenuating those that might really challenge central power. Remember: accountants keep ledgers. It’s who they work for that counts.