On April 4, 2017, Steve Tendon participated at the Digital Identity Management Roundtable hosted by the Malta Stock Exchange and delivered a talk entitled “We All Have Something to Hide”.
Here is the full video of the event (Steve’s talk is between 1:15 and 1:30):
Here is an edited transcript of the talk.
We All Have Something to Hide
Thank you Julie, and thank you everybody for being here today and for you patience waiting for this last speech. I have not prepared anything because I was invited at the very very last minute so I just have a few notes here, and I will try to make some sense of them.
So what about identity? Identity is something we all can recognize, it’s I, it’s I as in individual, it’s me. Identity is a first world problem in many ways. We have problems with the banks. We heard: six weeks for you. It is a new national sports, that of try to open an bank account in less time. We have problems with identity theft; problems with AML, ATF; and all these procedures you have to go through to show who you are.
But identity is also a third world problem. We have the refugees, illegal immigrants. Or legal immigrants. Who know? Because we do not know who they are. Birth-registration. All the unbanked who cannot get financial services because they do not have an ID.
Identity is a global problem. And here in the first world we are having many debates on how we can manage this. We have these identity compliance laws: on the one side, we must have access to information, but it is a conflicting situation, because on the other side we want to protect privacy.
We want to limit access to information and often laws are acting in conflict. The banking system is an example of a business who’s exposed to this. If they try to comply with all the rules they incur in costs in order of 18 billions per year. On the other side if they don’t insure privacy they might have four percent of revenue going away in fines and other expenses. It is a tangible problem.
Now, in this situation we have the intent of tracking down the bad guys. We try to do everything to know the history of the people who interact with us. But there we start to get into a slippery slow because if we have to see the limitation of the access of information to protect privacy, and the “need to know,” often the balance goes in favor of the “need to know.”
Julie was saying the other day:
“Well, if you are a good guy and have nothing to hide you should not fear that.”
This made me reflect on what I will say here today, because there is also a huge risk in having that viewpoint. Why? Because the real conflict we have here is not between the KYC/the need to know and privacy. The real conflict, the deeper conflict is between the need to know and the protection of freedom, innovation, and democracy.
What do we mean with this?
You have something to hide. We all have something to hide. And is not the picture that your friend took of you when you were drunk and posted it on FaceBook. It’s not the privacy part!
Malta has always been very active in history and we can just go around to Rabbat or Naxxar and we see the catacombs. You all know the stories of the catacombs. Christians in the Roman age were persecuted and they hid away there. They hid because they had their belief. They were hiding because of their religious belief.
Now, they were lucky they had a place where to hide.
Go fast forward. World War II. The Jews they had nothing to hide; or so they thought; but from one day to the next, they started to have yellow stars painted on their houses.
Well, because the moral value of the Jews, who believed they had nothing to hide, did not match the moral value of whomever took power. It is in this mismatch of moral valuation that there is a risk in trying to find identity management solutions that track down everything.
The right to hide something is part and parcel of building a functional identity management system. You might know what you think, but you never know, what the next guy who takes power will be thinking. And he might be thinking bad things about you.
Innovation: innovation needs to act in the dark. We all know the story of the Skunkworks at Lockheed, the secret Advanced Development Projects R&D lab that made that great airplane, the SR71 Blackbird spy-plane. Those guys went off, hid away from the rest of the company to be able to elaborate new ideas. This has much more profound significance.
Let’s look at the French revolution. The revolutionaries were thinking out new ideas of social structures… in the cellars, hidden away, because if they had been caught their heads would roll. Luckily they turned the situation around, and got the other heads rolling. The innovation in terms of social structures, or just ideas of social structures, happened hidden, away.
Giving the possibility to hide is essential for the evolution of our society.
The last point, democracy. We all go… every once in a while, and if we care… we go to vote.
Voting is tied to identity. Why?
Because we do not want one people to vote twice. You show your ID-card, you get ticked off; so that you cannot vote again. What is the next thing? You are going to the booth, you pull the curtain, and you put down your vote. You want to be hidden when you vote, when you express your preference, your political preference. If you do not have this guarantee — that your vote is hidden — then bad things might happen.
I remember some ten, fifteen years ago, our neighbors to the North, in Sicily, when the first mobile phones came out that could take pictures… What happened? Well people went to vote. When then they come out, they went around the corner and showed someone a picture of their vote. They got 50 Eur for the “favor;” and the whole thing was rigged. Of course if they did not show the picture they would… “have problems;” and you really do not want to “have problems” over there, in Sicily .
You see: having the ability to hide things is really fundamental for Democracy, Freedom and Innovation.
Now regarding KYC, I think it is based on totally wrong premises. Always in Italy, I do not know why I pick on Italy, perhaps because they are neighbors, and we all love our neighbors. Anyway they have this kind of strange law: that in winter you cannot turn on the heater until a certain date. That does not make sense. It is like using the calendar or the clock to measure the temperature. It is a logical mismatch. They are thinking in a strange way.
Well KYC today works in the same way. They ask a lot of questions: Where have you been? What have you done? What’s your business? They are asking a lot of questions which are just proxies. They are like that calendar. But they should be asking about the temperature. What should they be asking? “Can I trust you?”
That is the key question that any KYC solution should address: Can I trust you?
Now how can you get to that point? We had a few excellent examples here with Miko and Yoti and also Amit was hinting at this.
Who owns the data? It is you!
This is were we get to this idea of self-sovreign identity.
This is were the Blockchain comes in. The Blockchain. Why? Because if you want to be trusted, someone must know if you are trustworthy. How would you do that? If I wanted to be absolutely sure that I could trust, for example Abdalla in the audience, I would sit on his shoulder 24/7 and following him all the time. So the time dimension is of essence, but of course we do not do that. However, we have the Blockchain. I do not know if you are familiar with the Blockchain. I will not go into details, but the Blockchain is an elephant. It remembers everything. So anything that is recorded on the Blockchain can be a trustworthy source of information.
At least you can know that a certain piece of information was written at a certain time. What does this mean? Well, if I have the right to write that information, I can control what gets in there, and if I can give the right to others, third parties, banks, governments, my friends to add information it is still me in control. Then if I, as in the example of Yoti and Miko, can decide which part of that information, not the whole pack, but which parts get released to others, well I can also feel better in different contexts. I can have different “personas” depending on what kind of interaction I have with business partners or society.
Even our habits, for instance my track record (remember we were talking about an elephant) of deliveries from Amazon can be used for instance with a bank to ensure that: Yes, I have been living there for the last ten years, my books have been delivered there, and this is my credit card used for the payments. We start to have the possibility of creating cross-references between different datasets. Which were not available earlier and which can reinforce what your real identity is, and which you control. It is you that decides to whom you want to give it to.
Well, we have not been talking about a thing (I want to change gear for a moment), because we have been talking about identity for the businesses, we have been talking about identity for individuals, peoples, and we heard from Minister Cardona that even regulation and the government has a huge part in this. But there is one aspect that has not been touched on at all in this afternoon, which I think is really of essence.
We all know that we are having the “Internet of Things” coming along. We also see that many of these Things will be quite smart and intelligent, even though they will not be wise as we learned earlier, but they will be very intelligent and they will start negotiating, offering, consuming, and even paying for services in between them.
We have Things that will be transacting value. We also have to address this issue that we don’t only have to manage the identity, of maybe 8-10 billion people going forward, but also the identity of the two hundred billion smart intelligent Things that will be out there.
The solution to that might be a little Thing, literally a little thing that I want to show you. This is a cryptographic chip which you can put on Things literally and it shares its keys via public-private key encryption with the Blockchain. Why is Blockchain important? It is important because it is a global solution, spanning the whole world. So the Things traveling around on their own in the globe can interact with other Things and this little thing (the cryptographic chip) will ensure that that Thing is the right Thing!
So let us expand the notion of Digital Identity Management not only to cover individuals and people, but also this whole new technology that is coming. The Internet of Things.