Blockchain and The Seven Principles of Digital Identity

Let's Get Back to Productive Work:

The recent and very public departure of Mike Hearn from Bitcoin has temporarily distracted the broader Blockchain community from the three problems that the Fintech community is trying to solve. These are:

1. What are the principles that govern the alleviation of distrust among partially rational actors with competing economic interests, thus permitting them to exchange value (otherwise known as economic activity).
2. How do we prevent the pension of Average Joe and Jane Doe from disappearing into the abyss of the layers upon layers of fees levied by the stack of intermediaries in the investment process (otherwise known as disintermediation).
3. What are the candidate technology & business architectures that'd allow this vision of a more efficient and fair economic architecture to be realised?

Meditate and Witness the Profound Truth...

As Mike clarified in his follow up blog post, R3 and Bitcoin are not competitors. R3 are looking to offer alternate technical architectures for regulated financial markets whereas Bitcoin has been built for censorship resistance in an extreme environment of distrust (otherwise known as the internet).

That begs the question. What does REALLY make Bitcoin unsuitable for regulated financial services. Is it anonymity? Is it censorship resistance? Something else?

The flip question is... what's the ONE thing that underlies the foundation of modern, regulated financial services?

That one thing is DIGITAL IDENTITY and here's why:

Finance = Money = Distrust => It's All About The (Not Yet) Bad Guy

Vinay Gupta of Ethereum has written a fascinating article on digital identity that I recommend everyone should read.

I, however, am a consultant... designed biologically to speak in bullet points whenever such an opportunity presents itself, and here I must let the bullets rain...

Beyond Reasonable Doubt

The harmonizing principle of law in the civilised world is... innocent until proven guilty, beyond reasonable doubt. Why is this principle so important? Does it stop the bad guys from doing bad things? Well it tries to but there's a lot more to it.

In the civilised world we don't punish people for thinking bad things (it's not the Minority Report here Steven) and the only bad guy is one that's done bad things. In fact, the value of this  one principle is that it stops the GOOD guys from doing BAD things, mainly to other GOOD guys.

Indeed, digital identity must meet the conditions that would serve to eliminate reasonable doubt.

The essence of Digital Identity (DI, not DUI) is that it must provide the legal basis for asset ownership, accountability for liabilities and dispute resolution in a civil or criminal court of law. For example:

1. Default: If Jane Doe defaults on her debt obligations, I should be able to claim the money back through an orderly legal process (and not have to send a pack of strong men to Jane's home as some banks in emerging markets actually do!).
2. Fraud: If Joe sells the house that actually belongs to Jane, Jane and the buyer Jade should be able to sue Joe and be made whole.
3. Value Disputes: If Jane sells something to Joe at an unreasonable price, there should be a legal mechanism for Joe to dispute the price in the real world.
4. Transaction Disputes: If Joe says he never gave the money to Joe, there should be a way to show that at least the data shows he did, or someone hacked in and did it as him.
5. Sanctions: International law is not about fairness. It's about balance of power. If Joe sends money to North Korea and POTUS doesn't want him to, POTUS should be able to freeze his bank account, not someone else's bank account by mistake.
6. Money Laundering: If Joe gets naughty and steals in taxes, he should have to apply extreme effort and creativity before he can use that money to buy that swanky villa in Vegas.

Let's Get Physical

Effectively DI is useless until NON-REPUDIABLY mapped to physical identity recognised by the applicable legal framework. 

This is Principle ZERO (being a developer too, my counting starts with zero sometimes).

Non-repudiable means I can't go to a court of law and say... HEY IT WASN'T ME (or in the case of Michael Jackson... THE KID IS NOT MY SON!!!).

Doing Bad Things to The Bad Guys

Maybe when I retire I will dwell upon the existential predicament of real world identity. Until then, let's pretend that Jean Paul Sartre was smoking something and For a person, physical ID simply means, well, that person's person that we can put in jail if necessary; and for a business that means a tax ID, certificate of incorporation etc. etc. that we can rescind, thus shutting the business down and causing the owners great pain... if necessary.

Here 'WE' refers to the government, the regulator, the courts... someone with power granted upon by some kind of a signed CONTRACT (e.g. a constitution or legislation or in the case of North Korea and Libya... by GOD).

The Demands of Non-Repudiability:

Non repudiability of Digital Identity requires the following attributes:

1. Tamper proof storage: Naughty Joe can't overwrite Jane's digital passport and stick his name, date of birth, photo or address in there, for example.
2. Strong Encryption: Joe can see Jane's data only if he is authorised (by some kind of a legal contract e.g. legislation, regulation or a bilateral contract). 
3. Digital Signatures: Jane must ( do i love the term... non-repudiable) authorise all physical evidence that Jane's digital id is mapped to. This gracious act of mapping (association) not to be left to the NSA or GCHQ or Facebook.
4. Data Permissioning: Joe can only see the data they are authorised to see (and not Jane's social security number for example unless Jane shall (non-repudiably) bless it upon him... maybe as a result of a date (or marriage... again a contract).
5. Proportionate Evidence/Transaction Permissioning: Volume and Quality of Physical evidence (documentation, biometrics) supporting digital ID must be proportionate to the financial and nonfinancial risks involved in the relevant service. In other words, if I Joe's trading billions of dollars, you want a lot stronger physical evidence than if poor Joe's posting on instagram... i presume Joe's not posting 'that kind' of really bad stuff.
6. Applicable Jurisdiction/Harmonisation of Standards: The applicable form and content of digital identity must be recognised by the applicable regulator (did I mention something about power...?) in the corresponding jurisdictions. Ie when Joe Yankee trades with Jane Yorkshirewoman, both the FCA and the FINCEN should be able to know who these fellas are and AGREE on what to do with them.

Blockchain for Blockchain

Now if these principles themselves point to something very blockchainy... maybe there's something to it. More on that later.