Currently there is an intense discussion about personal data and ownership. Although the assumption of exposing data is inherently dangerous, the opposite may be true as well. The key question focusses more on access control to manage data exposure in order to avoid risks while still getting the benefits. Or maybe it is more about establishing broad ethical standards as data availability is neither good or bad on its own – the way it is used makes the difference.
Let’s look at some use cases which illustrate the challenge. Let’s assume you feel an unusual pressure in your chest and decide to visit a doctor. He does an electrocardiogram (ECG) which looks normal. What does this mean – although it maybe normal in relation to a statistical sample but may be very unusual for you. The doctor does not have the necessary data to determine this.
Let’s assume now that you have a wearable which collects data of key body functions on an ongoing base. Many others do this as well and the gathered data can be analysed leading to algorithms which can detect anomalies like an indication of an increased risk of a heart attack on a personal level. Your data is now used in two ways – to build up the algorithm and to detect health issues for you. Please note that just doing some data gathering when you feel bad has not the same effect. The power comes from the availability of longer term data.
Let’s now assume that the new way to identify potential heart attacks reduces the perspective costs substantially. Especially in the long-term, trends and indicators can be used to influence the behavior e.g. towards more physical activity.
The data gathered could also be used to derive further information which could be used for unethical purposes.
You might say that it is always possible to switch data gathering on and off – depending on the type of data such ‘white spots’ may finally be problematic and will not help to better protect privacy. If gathering data is the norm, then switching it off could easily seen as an indicator that somebody tries to hide something may actually attract attention.
Such data could be pseudonomized – but needs to have some sort of tag to allow correlations to power the analytics or it may even by identifying itself like the ECG which is also being used for authentication.
There are many such examples – if you share your GPS position, somebody may take advantage that you are far away from home or use the data to rescue you after an accident.
I think that collecting data will be the norm. Protecting data will be key – but even more important is the need to establish ethical standards on how to deal with such data and information derived from it.
The ongoing digitization of our environment makes us loosing our direct contact to it. We cannot digest the wealth of information anymore because our capabilities are restricted, to slow, or the relevant ones are even not available at all.
Life, the environment we are living in, is being transformed, is being enhanced into a digital dimension. And we are already part of it. The information about us and thus our personality and how others perceive it is also enhanced and accessible in this new digital space.
Are we aware of these facts? Do we still have the overview of what others can and do see from us? Are we still in control, can we still intervene and action as effective as we could in the physical world?
In the same way as our world is being enhanced it is necessary for us to also enhance our capabilities and learn new tricks so we can persist in this changing environment with its new opportunities and requirements and regain control. For this we need help. We cannot access the digital world directly, we need new senses, the mass of information extends our processing capabilities, we need helpers. And these helpers are already underway. They help us organize our emails, capture appointments, translate web sites, remind us to leave on time in order to catch the train, tag our pictures, and so on. This is only the beginning. They learn about our taste and preferences while they are watching us and currently only carefully and subtle provide their advice and proposals. While interacting with them and being surprised by the accuracy and convenience of their services we are building up the trust that is necessary to also consciously delegate tasks to them. First small distinctive tasks then more and more complex and entangled issues to solve that require to ‘know’ us and our behaviors.
There are (at least) two perspectives regarding the ‘digital self’ to consider: We sense our amplified capabilities to act in the digital space and cope with the demand and rules valid there. We experience the ‘amplified me’, our extended powers. That’s one side. On the other side, there are the other actors on that stage who interact with us – be it other people, their digital selves, companies, robots, devices in the IoT, whoever and whatever is connected – and their perception of us. Like in real life there is sense of self and awareness of others and both of them comprise the digital world.
The digital self is much more than just an avatar that we can shape and present to others. It is the result of all our actions, the product of our history in the digital world. Our traces are like footprints in the sand but they get never washed away. The net cannot forget.
It is more than just a funny game. Digital is part of the real life. Be aware: The digital self is precious, it must be developed and needs protection. You have to care for it as if it was really a part of you. Because it is really part of you!
Banks used to be the place where you could store your valuables, the things that need protection beyond your own abilities. Few things are more precious than your reputation emanating from your digital self. It will soon be part of the master key to unlock the services you want and need. How to protect it? A vault will not do, that’s for sure! Do you have a solution?
We think that Self Sovereign Digital Identity is one of the key elements in the shift towards a distributed decentralized financial system (see also FINthinker’s Predictions for 2018). Below are examples of organizations which engage on this topic each with a different approach:
- Synacts – an identity layer for the Internet, protocol, ETH spin-off
- Selfkey – blockchain, non-proft foundation, Asia focus (whitepaper)
- Val:ID – blockchain, smart contracts, wallet, non-profit foundation (whitepaper)
- uPort – Ethereum and smart contracts based (whitepaper)
There are more … comments with links welcome.
2018 will bring …
2017 was an interesting year where many developments started to get real traction. Just think about blockchain, bitcoin and artificial intellgence.
2018 will be even more interesting and substantially more challenging. A few predictions for 2018 are as follows:
There will be three core changes for financial services:
- Tokens (see Towards a digital barter economy?)
- Self Sovereign Identity (see Self Sovereign Digital Identity)
All three aspects levitates a shift towards a distributed decentralized financial system. This affects the core and challenges legacy status quo and its existence in the future.
In addition fueled by the increasing tokenization and availability of blockchain based systems there will be a shift towards
- Mobile Payments
- Holistic mobile wallets
- Global Solutions
There will be no other options for incumbents to integrate into the evolving mesh than to provide API’s to access information and services and to start to rely on others to provide crucial information. Self contained and closed financial services companies as well as local solutions will increasingly face headwinds.
- Open Banking / API’s
- Global solutions
Last but not least – user interfaces will become much more natural and transparent. The users will be amplified with new sense and access to information supported by intelligent agents.
- Natural interfaces, Voice (see Noisy Channel(s) to Channel-less )
- Artificial intelligence, Smart Assistants
Regulators will start to come up to speed with the changes. They will find ways to agree with business changes but also ethical standards across borders acknowledging the global nature of digital eco systems. A big challenge will be on the very old tax systems which are not ready yet for the shaping economy.
- Tax System
These changes are fundamental – there is a ongoing paradigm change where inherent distributed digital approaches start to outperform the automated legacy processes. There are two big dangers out there
- Underestimating the ongoing change (see Noisy Channel(s) to Channel-less)
- Overestimating the achievements made (see Digital Tur Tur)
Many of the current developments seem to turn time back and bring up systems again which were used in the past but difficult to apply as physical distance was a limiting factor. Digital changes this – the world becomes some sort of a global village. Have a look at Yap, The Island Of Stone Money – the first productive blockchain system.
Barter is a system, used since many centuries ago, of exchange where goods or services are directly exchanged for other goods or services without using a medium of exchange, such as money.<
Thus a barter economy is one where money does not exist or has ceased to be functional. It means consumers have to gain goods or services through exchange. Limitations introduced are:
- Difficulty to produce or find the demand of specialised goods only wanted by a proportion of the population
- Indivisibility of some goods/services
- Seasonal; perishable
- Subjective means to judge how much good and services actually are
Then came the development of using commodity money whose value comes from a commodity of which it is made (e.g. cigarettes, gasoline, precious metal, etc). The system of commodity money eventually evolved into a system of representative money as gold/silver merchants or banks would issue receipts to their depositors – redeemable for the commodity money deposited. Eventually these receipts became generally accepted as a means of payment and were used as money. To date most countries adopted fiat currencies that were initially fixed to the U.S. dollar as it was fixed to gold. However in 1971, the U.S. government suspended the client convertibility of the U.S. dollar to gold and many countries have thus de-pegged their currencies from the U.S. dollar. In our current state most of the world’s currencies became unbacked by anything except the government’s fiat or legal tender and the ability to convert the money into goods via payment.
Can the use of fiat currencies continue to sustain in the forthcoming digital ecosystems? Would money evolve to become cryotofiatcurrencies? There is the notion of “private money” set out by the noted Maltese “lateral thinker” Dr Edward de Bono which he argues that companies could raise money just as governments now do – by creating it from thin air. The idea of private currency was treated as a claim on products or services producers by the issuer. An example is company x can issue “ Company x currency” that would be redeemable for its products and services but also tradable for other companies’ currency or for other assets in a liquid market. According to Dr de Bono, to make such a scheme work, the company needs to learn to manage the supply of money to ensure that the monetary base and its capacity to deliver are matched and that inflation does not destroy the value of their creations.
This will introduce a new financial market where companies instead of issuing equities, it issues money that is redeemable against future services. In the case of startups, this money would trade at significant discount to take into consideration the risks inherent in the venture. But once it passes this state, the value of the money will rise provided products/services are available and more importantly used and preferred by consumers. With potential tens of millions of such currencies in circulation either being traded on futures, options, foreign exchange markets this leads to the question of usability and extremely complex transactions that people can not comprehend. The notion is that an individual’s “digital me” will be conducting these transactions with other digital representation of the physical individuals.
“Digital me” (see Be your digital self …) will be entirely capable of handling complex transactions and/or negotiations with other such as matching demands and supplies of financial assets, determine prices, or make settlements. Communications will be in real time and activities take place instantenously.
Will digital tokens be the form of “private money” described above to be the defacto in the marketplace? There will not be any centralisation to manage new forms of money. Tokens won’t only be issued by companies and tokens that implement on the values of communities will become prominent in the transactional space.
“Every day, in every way, the future of money looks very much more like its past” – Dave Birch
- “Bitcoin isn’t the future of money, but tokens might well be” (http://blog.dgwbirch.com/?p=199)
Asking questions is a way of getting in and out of your box at will and to develop new concepts, thoughts and ideas. Asking yourself (and others) many questions every time is a form of gym to workout your brain. Martin Gaedt explores this in “Rock your ideas” (available in German only). Look around and start to challenge yourself and others – rock your ideas!
How will Artificial Intelligence affect crime, war, justice, jobs, society and our very sense of being human? Max Tegmark provides a fascinating perspective into different forms of life, its evolution and physical limits in Life 3.0. The book defines basic terms like intelligence and busts common myths. Max raises many questions, provides answers and stresses the importance of having accepted ethical standards in the rise of AI.
Can humans overcome death? Should they? Homo Deus by Yuval Noah Harari looks into a world where more people die from eating too much then from having nothing to eat and where more people commit suicide then there are victims of soldiers, terrorists and criminals together.
Do you believe what you can see? Can you only see what you believe? The Internet of Us: Knowing More and Understanding Less in the Age of Big Data by Michael P. Lynch explores this paradox.
What is money? What is currency? What if companies issue their own money? Before Babylon, Beyond Bitcoin: From Money that We Understand to Money that Understands Us by David Birch s a fascinating book exploring how technology is changing money.
Do you know what work is? Do you work in the office or are you just busy playing roles without producing value? Lars Vollmer provides answers in his book Zurück an die Arbeit: Wie aus Business-Theatern wieder echte Unternehmen werden. The book is available in German only.
What is important? What is true? Is it important, that it is true? Gunter Dueck explores these questions in his book Flachsinn: Ich habe Hirn, ich will hier raus. The book is available in German only. How can one escape from the growing shallowness? Maybe by listening to these books and by challenging yourself …
The publications above made me think … What books made you think? How have they influence “your box”?
A good time to “workout” our brain and reflect on “our box” during the holiday season.
Before we explain what is self sovereign digital identity, let us first define identity, then elaborate on digital identity which inherently leads to the final form of digital identity management where each user controls their own digital identity.
- Identity is a uniquely human concept. It is that ineffable “I” of self-consciousness.
- We all have a Social identity – the qualities, beliefs, personality, looks and/or expressions that make us a person
But how do we proof our identity when interacting with others? Lets look at an example:
You interact with a person who claims to be John Smith and wants to do some transactions with you. John gives you his passport (or a in some countries his driver’s license) as a proof of his identity claim. You attest John’s claim by looking at the passport, determining whether that it is authentic and then comparing attributes captured in the passport with the person in front of you.
This process includes the following concepts:
- claim – a claim that an actor would like to consider true
- proof(s)- evidence that something is true, often based on a trusted certificate
- attestation – verification by an independent party that a claim is true
You may now create a record in your system with a customer identifier, a copy of the passport and additional attributes such as address, date of birth by further verification either through utility bills or other formalized evidences. This record is a digital identity and represents relevant aspects of the social identity and is now the basis for your business interactions with John.
This may all sound simple and rather straight forward, but
- Attestation is typically a manual process where unstructured data is captured and verified against the available proofs which must be collected and stored
- Only a subset of the captured information is constant. The captured attributes may get out of sync with reality
- The presented proofs may be faked, and the quality of the attestation depends on your skills to identify such issues
- Wherever John wants to have additional interactions, a similar process is required leading to the creation and attestation of another digital identity
- Whenever information changes, John must provide updates to all relevant parties
- John has no control what happens with his data and who is accessing it
Juridical persons and things can also have a digital identity – however in this post, we will continue to only focus on natural persons and look at ways such digital identities can be managed.
Digital Identity Management started with centrally managed approaches. The authority, of such approach, that manages the digital identity data becomes the guardian and qualifies the digital identities. As networks evolved, federated approaches were adopted where multiple authorities jointly manage digital identities. User-centric identity is expanding where a user has more control over his digital identity and decides whether to share an identity from one service to another. Such sharing capability is based on standards like OpenID (2005), OpenID 2.0 (2006), OpenID Connect (2014), OAuth (2010), and FIDO (2013). It’s important to note that all these approaches are centralised but the user has more influence as to how the information is shared.
The concept behind self-sovereign digital identity is to give the user full control over his/her digital identity. It is a distributed identity management approach where a person creates a unique identifier for their digital identity, places claims and asks others in the network to perform attestation. Claims and attestations can be secured using cryptography with the public and private keys of the involved parties.
- An actor can encrypt a claim with his private key
- The actor can use the public key of the attestation authority to keep attestation private
- The attestation authority can decrypt the message with its private and the users public key
- The attestation authority can verify the presented proof and sign if using its own private key
- The attestation is then sent securely back to the user
The user now has an attribute with a digitally secured attestation and with proof of a verified authority claim(s). Over time network of users builds up, where identities are maintained and trusted through attestation of proofs given by others in the network. Attestation authorities can be official authorities, organizations and other users. The quality of an identity in such a system depends on the quality of the involved authorities. Ideally this approach will introduce a single user-managed digital identity which can be used in the network when required and becomes the core of the genuine digital self (please see Be your digital self)
Christopher Allen has defined ten principles to ensure the user control that’s at the heart of self-sovereign identity
- Existence – users must have an independent existence
- Control – users must control their identities
- Access – Users must have access to their own data
- Transparency – Systems and algorithms must be transparent
- Persistence – Identities must be long-lived, ideally last forever
- Portability- Information and services about identity must be transportable
- Interoperability – Identities should be as widely usable as possible
- Consent – Users must agree to the use of their identity
- Minimalization- Disclosure of claims must be minimized
- Protection – the rights of users must be protected
It is important that the private keys need to be well protected as they grant full control of the digital identity.
So far, this post discusses the creation of a digital identity. In a future post we will look at how do we bridge between the real and the digital world. How can a system verify the user is who they claim to be?
As the world becomes hyperconnected (please see “No ‘OFF’ Switch“), digital identity and security will continuously gain importance. As there will be, in the foreseeable future, no worldwide authority to manage digital identities, the world will converge towards a self-sovereign identity system where users own their data and various actors perform attestation in a mutual way. The system, in its nature, follows paradigms of earlier times where trust was the result of a social network. The introduction of Digital changes the proximity requirements allowing applicability of such system on a global scale.