Last week Coinbase floated on the NASDAQ and this week, UK Fintech Week, started with the Chancellor’s announcement of a joint Bank of England and Treasury taskforce on Central Bank Digital Currencies (CBDC), so it seems sane to stop and consider whether
we are at a bit of a moment. Are we accelerating towards that digitally enabled, underpinned future, certainly in finance, that Fintech has so talked? It’s certainly a moment and probably a reasonably big one but, at this stage, it is similarly certainly
an acceleration of crypto assets rather than currencies.
As with almost everything, it’s best to take the long view. Everything is novel ‘til it becomes everyday, just read some of the early reporters views on the railways and the rise of crypto fraud is an area of concern. However, I guess the key learning from
Coinbase et al is that this stuff matters. It has such potential for public and private benefit, it is no separate world and we must all get involved and play our part.
It is for this reason and more that I am taking the opportunity of the
Financial Services Bill to put forward a number of amendments in the digital space. If we want start-ups, and scale-ups, to flourish and fly, hopefully, to unicorn, in the UK, perhaps the most important play that Government can make is to get all of the
architecture, the underpins, the standards, the stage so well set. In support of this goal my amendments include a mandatory regime for open finance, modernisation of UK law to allow financial market infrastructure to process digital instruments, a review
of access to digital payments and several deals with digital identification (digital ID).
One of the most important pieces has to be that of digital ID, well thought through, distributed, digital ID. I understand all of the significant, often totemic issues in this area, how quickly it triggers the deep distrust and anxiety around ID cards and
all of the associated concerns around freedom, trust and privacy. But the reality is, we need to really grapple with, deploy and deliver a distributed digital ID system. There have been what can probably be best described as a number of false starts when it
comes to digital ID, but this is such an underpin to so much of the potential which fintech can deliver, and it is vital that we start to move at pace on it.
In thinking about identification requirements the first question should always be, “What do you want? You asked for my date of birth, but do you want my date of birth, do you need my date of birth, or do you just need to know that I am over 18? Do you just
need to know that I am over 18 in a certain circumstance for a certain period?” Similarly, asking for an address or a utility bill is almost quaint in its antiquity, as if somehow to gain a utility service you have gone through a sophisticated ‘know your customer’(KYC)
process. You haven’t, it’s high time to stop wadding ourselves in woeful over reliance on the gas bill. It’s all so disappointingly papery.
My amendment to the Financial Services Bill, suggests that the digital ID needs to be scalable; it needs to be flexible so that it can evolve — when and if quantum computing comes in, there will be a need to rehash all the keys for identity through quantum
rather than current means. Crucially, it needs to be inclusive, not just in respect of all the protected characteristics but inclusive in its broadest, brightest, brilliant sense.
The Government would also be well advised to undertake a large piece of public engagement around digital ID. As I said, as with all of these things, we must take a view. For understandable reasons, there is extraordinary fear and uncertainty about the concept.
That is not unfounded; if it goes wrong, it goes badly wrong. We need to get the public engagement right, as was the case with Lady Warnock’s commission on fertility treatment. At first blush, nothing could be seen as more alien than test-tube babies, but
it became incredibly well understood and popular through that public engagement. If we get that engagement right with distributed ID, I believe that there will be similar support for it across the nation.
There are twelve guiding principles of self-sovereign identity [SSI] that help to explain how a distributed digital ID could work in all our interests; secure, decentralised, transparent, embedding equity and inclusion and protecting our privacy. A practical,
functional solution. The twelve principles in full:
1. Representation. An SSI ecosystem shall provide the means for any entity—human, legal, natural, physical or digital—to be represented by any number of digital identities.
2. Interoperability. An SSI ecosystem shall enable digital identity data for an entity to be represented, exchanged, secured, protected, and verified interoperably using open, public, and royalty-free standards.
3. Decentralisation. An SSI ecosystem shall not require reliance on a centralised system to represent, control, or verify an entity’s digital identity data.
4. Control & Agency. An SSI ecosystem shall empower entities who have natural, human, or legal rights in relation to their identity (“Identity Rights Holders”) to control usage of their digital identity data and exert this control by employing
and/or delegating to agents and guardians of their choice, including individuals, organizations, devices, and software.
5. Participation. An SSI ecosystem shall not require an identity rights holder to participate.
6. Equity and Inclusion. An SSI ecosystem shall not exclude or discriminate against identity rights holders within its governance scope.
7. Usability, Accessibility, and Consistency. An SSI ecosystem shall maximise usability and accessibility of agents and other SSI components for identity rights holders, including consistency of user experience.
8. Portability. An SSI ecosystem shall not restrict the ability of identity rights holders to move or transfer a copy of their digital identity data to the agents or systems of their choice.
9. Security. An SSI ecosystem shall empower identity rights holders to secure their digital identity data at rest and in motion, to control their own identifiers and encryption keys, and to employ end-to-end encryption for all interactions.
10. Verifiability and Authenticity. An SSI ecosystem shall empower identity rights holders to provide verifiable proof of the authenticity of their digital identity data.
11. Privacy and Minimal Disclosure. An SSI ecosystem shall empower identity rights holders to protect the privacy of their digital identity data and to share the minimum digital identity data required for any particular interaction.
12. Transparency. An SSI ecosystem shall empower identity rights holders and all other stakeholders to easily access and verify information necessary to understand the incentives, rules, policies, and algorithms under which agents and other components
of SSI ecosystems operate.
We know what we don’t want - centralised and cumbersome systems, risking censorship and costs across the piece, or at best, a single point of failure.
The Department for Digital, Culture, Media and Sport (DCMS) are undertaking a deal of work on ID right now. It will be essential for that work to not only be underpinned by the twelve guiding principles but also to swiftly ‘sand box’, stand up parallel
proofs in specific sectors and proceed with pace. There is a real prize for the UK here, for us as individuals, corporate and all entities, to trade, to trust, to claim and verify, to lead when it comes to distributed digital ID. Alongside Government, we
need to make it, we need to take it.