The Money Reimagined Podcast
After reading this newsletter, make sure you check out the latest edition of our podcast.
This week, Sheila Warren and I talk to Hyperledger Executive Director Brian Behlendorf about self-sovereign identity, the topic of the column below. A developer whose three-decade career has seen him deeply involved in efforts to foster a more open internet, Brian grasps, like few others, the nuances of how human beings should live within a rapidly changing digital economy.
Getting internet identity right, 30 years on
We tend to think of governments, with the data they collect on births, drivers licenses, tax returns and passports, as humanity’s primary identity managers.
Arguably, internet platforms have usurped that role. Some store more identifying records than China – Facebook has 2.7 billion active users; Google manages 1.5 billion email accounts. Just as important, they can tie those records to our online behavior and gather immense predictive power. Facebook’s algorithm even knows if you are going to break up with your partner – before you do.
This isn’t another Facebook-bashing column. It’s just that its all-knowing power highlights how the fundamental human question of identity has changed in the internet age.
It also illustrates why we need a new “self-sovereign” model of identity to match our digital existence and why the latest moves toward that deserve widespread support.
Flawed from the start
An original sin was committed at the internet’s conception: its underlying, decentralized architecture was built without an identity layer.
The internet’s founders had good intentions. To ensure universal availability, the system controlled access by assigning addresses to computers but was agnostic about the identities of the people, companies and devices using them. As a famous New Yorker cartoon quipped in 1993, “On the internet, nobody knows you’re a dog.”
This became a problem when entrepreneurs started building e-commerce businesses in the 1990s. Users needed to trust the person on the other side of a transaction, which, according to offline practices, meant identifying them to hold them accountable.
So a jury-rigged solution was installed at the internet’s application layer. Certification powers were introduced, allowing web-based companies to gather and verify users’ identifying information. Over time, this gave rise to a new class of immensely powerful gatekeepers.
We ended up with the worst of both worlds. On the one hand, end users still don’t know who’s controlling disinformation bots. On the other, as CoinDesk’s Ben Powers put it in a great contribution to our “Internet 2030” series, the centralized data gatherers “not only know you’re a dog, but also what breed you are, what your favorite kibble is and whether you’ve been microchipped.”
This power asymmetry has fueled a severe deterioration in societal trust, and solutions have been hamstrung by a pre-internet mindset. We’ve placed responsibility for policing behavior with intermediaries, which has further empowered centralized data gatherers.
This contradicts the internet’s decentralized, identity-free base layer, creating unique opportunities for abuse. Web sites accumulate giant honeypots of personal identifying information (PII), which are constantly breached by unidentified hackers.
Meanwhile, even though companies complain about the liability in storing user data, they find it hard to resist surveillance capitalism, the data-exploitation practice that has become the core business model of the internet.
We need a new mindset. Because the internet’s underlying architecture is decentralized, the identity solution must also be decentralized. Control over PII must reside with those to whom it refers – with you and me, in other words. This is the principle behind the “self-sovereign identity” (SSI) movement.
Controlling attributes, not identity
Let’s be clear: This isn’t easy. Identity is an extremely complex concept.
In the metaphysical sense of “who I am,” identity is at once highly personal and completely social. We value a unique selfhood, but it’s meaningless without reference to the society within which that self exists.
It’s also fluid and multilayered. We occupy – or “perform”– different versions of our identity, or personas, depending on context. We all play a different persona in job interviews than the one we play at home with family.
And in the wider economy, where proofs of identity solve the deep-seated challenge of trust, allowing us to transact, what matters is not our selfhood but the distinct attributes that comprise it. Do you have a degree? A driver’s license? A credit score over 740? These are isolated attributes. They are not our identity per se.
With SSI, sophisticated cryptography allows individuals, as sole custodians of their data, to prove they have the credentials that describe their attributes and selectively reveal them in an encrypted form to service providers.
In an oft-cited example conceived by identity expert David Birch, you could legitimately enter a bar after furnishing a cryptographic proof that answers one question: Are you over the designated drinking age? The bar owner doesn’t need to know all the other information displayed on your driver’s license: not your name, your address, your license number or even your actual birthday.
A host of entities are working on SSI, from big players like IBM and Microsoft to startups such as Gataca and Hyland Credentials. Some governments, including the Canadian province of British Columbia, are supporting special ID apps for their constituents.
Still, standardization across the internet will be critical. An important piece is the decentralized digital identifier, or DID, being developed within the world wide web consortium, or WC3. Groups of tech and finance heavyweights have also formed associations to promote open-source collaboration, including the Digital Identity Foundation and the Trust Over IP Foundation.
Within the standard SSI model, blockchain technology plays an important but minor role currently. Some SSI projects have dabbled in tokenization to raise funds and incentivize stakeholders such as credential providers. But the troubles caused by the Sovrin Foundation’s token sale have quelled enthusiasm for that.
A blockchain is not used for storing identifying data. That’s up to the individual data owner, who could choose to store it on a hard drive, for example, or with a cloud account he or she controls. Rather, a blockchain is used as a public key registry and management system to prove the private keys with which a user enables access to encrypted credentials are associated with the right person or company. In this way, a hospital can decode and validate medical records shared by a patient, while keeping its privacy compliance officer satisfied the patient is indeed authorized to do so.
More important is how SSI could help other blockchain applications. If decentralized finance (DeFi) applications are to spread to traditional finance, for example, there must be a way to identify market participants without inserting a centralized authority into a necessarily decentralized environment.
The most important use case for SSI lies in protecting our humanity. In an age when data leads to economic domination, shifting control to those who generate it is a really impactful way to empower individuals.
Instead of thinking of digital data as a sinister threat to our privacy, SSI could turn it into an asset sold or used to get credit or obtain other services. Think of people who live without credit cards and can’t generate credit scores but whose trail of internet connections – their so-called web of trust – show a history of fulfilling commitments.
Within an SSI framework, we can use our data to safely connect our identity to the society with which it is intrinsically associated. We could map and measure our social connections, capture that data as an attribute and then communicate it to others so they’ll trust us enough to transact.
Courtesy of COVID-19 and the public interest in contact tracing, there’s now an immediate use case for this kind of controlled measurement of social activity. It’s why Hyperledger Executive Director Brian Behlendorf, appearing in this week’s Money Reimagined podcast, argues the first prominent deployment of SSI would come next year in the form of a “digital yellow card” for vaccination records.
Whether we like it or not, society is digitalized and decentralized. We need an identity system that aligns with that.
DeFi’s Mini and Maxi Bubbles
The “phssssssttttt” sound you hear? It’s the DeFi bubble deflating.
After a stunningly buzzy summer for decentralized finance, when new wild-idea projects were being announced on a daily basis, bringing new speculative money surging into the DeFi ecosystem, the once-soaring prices for those projects’ tokens have fallen sharply and deeply. This chart of DeFi-wide market capitalization over the past six months, produced by CoinDesk’s Shuai Hao, tells the story.
It shouldn’t come as a huge surprise. This had all the hallmarks of a bubble, with some parallels to the initial coin offering (ICO) mania of 2017. (Though there was nowhere near the kind of speculative investment by retail crypto “newbies” that we saw three years ago, partly because this is an inherently more complicated space.)
But I for one think the DeFi bubble contained something very exciting, more so than the ICO bubble, though both are important for reasons that are lost when people dismissively focus on investors’ crazy excesses. (I subscribe to Carlota Perez’s theory of technological revolution, where excessive speculation is treated as a fundamental, unavoidable and even necessary element of how new technology is introduced to society, how it breeds innovation “waves” and “surges.”)
Among the most interesting aspects of it was how DeFi’s composability enabled “lego” innovation, where one new protocol became a building block for a new developer to build their next new innovation on top of it and how that new idea breeds its own new surge of speculation. In the process, an entirely new decentralized financial system is being organically created and incentivized.
That effect plays out if you look underneath the overall market DeFi bubble at the trends shown by individual governance tokens. In this second chart from Shuai, we zero in on the “DeFi summer” that began in mid-June and on two governance tokens in particular, Compound’s COMP and Yearn.Finance’s YFI. You can spot quite separate mini bubbles within the one maxi DeFi bubble. By the end of June, COMP had already peaked, before YFI had even been launched. Both are now down, but the chart shows that the timing of their respective mini-bubbles isn’t very correlated.
Will there be a revival of the DeFi? I think so. Hopefully in a more orderly way, through the long-tail consolidation phase. You can’t stop innovation. And who doesn’t like playing with Legos?
Global town hall
FCA FAIL. Crypto regulators might mean well. But sometimes they can be extremely out of touch with the realities of a market that’s global, nimble and easily enables entirely legal workarounds against the rules those regulators put in place. As commentator Ajit Tripathi points out, the U.K. Financial Conduct Authority’s move to ban crypto derivatives seems to be an overzealous effort to save British residents from themselves – a rather pointless one, at that, because it will just drive them into unregulated overseas markets, where they can harm themselves to their hearts’ content.
As with the DeFI craze described above, it’s very hard to stop people from speculating in a way that’s more or less the same thing as gambling. And as Triphati observes from his home in the U.K., it seems to go against a British way of life. “We live in the country of racehorses and epic sports betting,” he writes. “We are legendary gamblers, and it’s one of the traits that made Britannia rule the seas for at least four centuries, and then run global investment banking for at least one. When asked to stop, we tend to simply gamble elsewhere (e.g., in shadow banking instead of banking).”
While derivatives in general have a reputation for being, as Warren Buffett said, “weapons of financial destruction,” they do ultimately serve a real purpose in fueling overall liquidity and enabling sophisticated risk management. If you believe, as I do, that blockchains, tokens, smart contracts and decentralized exchanges will eventually evolve to a point that they form the foundation of a new financial system, the emergence of that more mature derivative market structure will benefit everyone, not just crypto speculators. Since crypto markets are still in their infancy, the speculative part naturally gets more attention than that market structure aspect right now. But the only way to get to the latter is through the former. Banning it isn’t constructive.
MONEY MAXIGELISTS. It’s not uncommon for people to describe crypto believers as members of a cult. Typically, that reference just refers to their fanaticism. But this piece by a fan of the privacy coin zcash, who uses the name Sixten Hodler, takes it to an entirely different level. The writer coins the term “maxigelism” – a portmanteau of “maximalism” and “evangelism” – to describe the zealotry of early Christian missionaries, who combined an insistence on their being only one true God with the claim that any disbelievers would go to hell, and compares it with a logic that will eventually deliver mass adoption of zcash, or “HyperZcashization.” Whether you swallow the argument or not, it’s a wild read.
Sixten Hodler claims that Bitcoin’s protocol – and the most fervent supporters – are like Judaism, which the writer describes as a solely maximalist position. (And indeed, Bitcoin maximalism, which rejects the legitimacy of all other cryptocurrencies, is a term used by many diehard bitcoin believers to describe themselves.) Both are exclusionary in that they have no room for other gods or currencies yet, Sixten Hodler maintains, both are also “missing the terrifying incentive that made Christianity evangelist.”
It’s zcash, which establishes the value of its privacy features as protection against the impending threat of the “surveillance state,” that best captures that early expansion in Christianity after it was created as a “fork of Judaism,” a nod to the idea that zcash is a fork of bitcoin. Bitcoin maximalists, with their belief in “radical transparency,” do not want their religion/currency community to grow too far, as that would expose users to the encroachment of the surveillance state, much as the Hebrews were always eager not to give imperialists an excuse to oppress them.
Square Puts 1% of Total Assets in Bitcoin in Surprise $50M Investment. Square is now the second mainstream, public company to decide that a decent chunk of the excess cash on its books should be held in bitcoin, the other being Microstrategy. This is an interesting trend. Not a big surprise that bitcoin rose on the news Friday. Here’s how CoinDesk’s Danny Nelson reported it.
Stablecoin Growth Knocks Silvergate Exchange Network Volume Over $100B. Silvergate is profiting from its status as the most crypto-friendly bank and taking advantage of the growing use of dollar-pegged stablecoins as a fluid way to move money around and into and out of other cryptocurrencies. Now that banks have been greenlighted by the Office of the Comptroller of the Currency to provide digital asset services, will others follow suit? Nathan DiCamillo reports.
The Top Universities for Blockchain. Education is vital if blockchain technology is to scale to the extent that it can be relevant to all of the world’s 8 billion. So CoinDesk is proud to reveal its rankings of the top U.S. universities servicing this sector, a selection based on the most comprehensive and rigorous process applied to date. (Full disclosure: The top-ranking university was MIT, where I was previously on staff within its Digital Currency Initiative and remain as an unpaid adviser. I had no involvement in the selection process.)