How Blockchains and Master Keys Could be the Future of Identity

Bitcoin, the blockchain, and identity are among the most important technology opportunities and challenges today. ESRA recently gathered two industry experts together to discuss the implications of these currencies and tech today and in the near future.

The panel participants included:

Michael Casey, Senior Advisor for the Digital Currency Initiative at MIT’s Media Lab

Muneeb Ali: Co-Founder, Onename

Patrick Deegan: CTO, Personal BlackBox

The first question, of course, is what is Bitcoin and the blockchain?

“The blockchain is a decentralized ledger maintained by a community of computers in a way that reaches consensus around the authenticity and integrity of the data,” answers Casey. “It’s a distributed ledger that resides among those computers, which gives it stability, so it’s unlikely to be hacked and it’s hard for one person to make a mistake that causes serious problems. All those things make it very hard to counterfeit the currency.”

Then the question becomes how to layer in other solutions.

“At MIT, we’re very interested in social projects that involve financial inclusion,” Casey explains. “One thing we’re thinking about doing is how to maintain property registries for land and other assets in the developing world, where there have been no reliable records in the past. If you can embed in blockchain transactions other attributes, you can transfer that.”

He added that one area that MIT is very interested in is identity. “It’s never been properly resolved,” Casey said. “The more complex the regulatory environment becomes, the harder it becomes to squeeze in the identity component. The various aspects of how to insert an identity into a blockchain transaction gives it an immutable quality. One example is the crisis around refugees right now and who was the owner of that passport in Paris. We’re looking for a way to solve the question of who someone is – We don’t have to trust the Assad regime, we can trust the blockchain.”

Building Consensus With the Blockchain

Casey then turned the floor over to Ali, who talked about his company, Onename, which is focused on building applications on top of the blockchain. It’s one of many, he noted, that are building an open source stack on top of the blockchain and trying to solve a common problem. He likened it to building apps on top of the Internet.

“The blockchain and Bitcoin gives us the first layer and gives us consensus,” Ali said. “If you think about a system like Twitter, they have a database where they maintain a database that says who owns what user name and what operations are allowed. Twitter maintains that database, and now we’re creating a similar system where there’s no one company in control. There’s a global system where you own your identity, which is a tough computer science problem to solve.”

He continued: “Extending the Twitter analogy, imagine that we are relying on the blockchain for consensus and we build a naming system on top. The only thing we need to figure out is if I’m trying to register my user name, for example, is if I’m the first person doing it. If it’s a global system, whoever gets it first gets it. Once you have these name spaces, they don’t have to be for humans, so we have them for IDs and you can have name spaces for Internet of Things devices or things you’re selling in a product marketplace.

“So we’re moving to a world where instead of a few companies maintaining control, like Twitter, Facebook, and others control all the social media, you start moving into a space where everything is decentralized and users can seamlessly move from one service provider to another because they own their own identity. Onename is doing a lot of development of this open source software, which acts as a registrar and gives tools to users for their blockchain IDs.”

The Immutable Ledger

It was then Deegan’s turn. He said, “Imagine we have this immutable ledger and we can establish identities in a way that lets people prove who they are without having to go through Facebook or Twitter. When we can transact with entities in a peer-to-peer way, there’s a great reduction in fees and friction in those transactions.

“When we shift more applications to blockchain, we see  lot of the same benefits. When we go into transactions that require trust, like an eBay-like transaction where you depend on eBay’s system to ensure that people who are they say they are and you can trust their reputation, everything is great if you stay in the eBay environment.

“What the blockchain does is port that identity to other environments, which thwarts exploits where someone will establish an identity with a good reputation in one environment and then move to other systems and propagate fraud without bad reputation following them. By consolidating identity into one place, you can avoid a lot of that.

“We’re also concerned with how the data is being generated in the first place. What about the data I’m collecting and the opportunity for it to have value? What if other entities want to know about my behavioral patterns? For example, cities could plan better if they understood the movement of their citizens, but their decisions fall short because of the data silos on the Internet that don’t share information. A blockchain lets those silos share information freely.”

He added that his company, BlackBox, is trying to create a universal model to do that. They’re developing metrics that would be accepted by various entities, allowing commonalities so when someone goes into a transaction, it’s clear to everyone that they are who they say they are. And the system can be audited and achieve a real-time compliance.

The ‘Uber Identifier’ is Broken

Casey noted that the current paradigm where there’s an “uber identifier,” the government issuing a passport, driver’s license or other documentation, is broken because it’s easy to steal that information and copy those documents. In addition, that data is sensitive because it can be misused, so when one thinks about it, there’s no reason to share an entire driver’s license with a bartender to prove someone is over 21 when the data of birth is the only thing they care about.

He then went on to talk about data attributes that can be parceled out selectively in certain circumstances, so a bank only gets certain information, for example. Casey wondered how Ali and Deegan look at that situation.

“That’s an important subject,” Ali said. “A lot of people we’ve talked to, the conversations usually boil down to the idea of selective disclosure, such as the example of going into a bar and only having to prove you’re over 21. To that end, we’ve developed a blockchain ID with a profile schema, and now we have over 35,000 users who can be their own registrar and not depend on a company.

“We deal with this by using what are known as hierarchical deterministic keys. You have a master key that you can derive multiple child keys from. You can sign something with a  child key, which can’t be tracked back to the master key unless you allow it. Let’s say we do a block check to prove you’re over 21 to enter the bar, that is associated with a child key. So if you’re signing into a website like Heineken.com, you can do so just with that block check. That allows you to reveal your main identity if you want to.”

Casey wondered if you can then vouch for the integrity of the entire chain of keys if you control the master one. “Exactly,” Ali said. “That pushes us into the concept of selective disclosure. We’re building up profile data with selective disclosure built in, so you can build up your master identity and disclose what you want when you want.”

Building an Identity

“That allows you to build up your credit score and other areas of your identity,” Casey noted. He turned to Deegan to ask about big data as a construct, particularly in the developing world.

“That’s a great use case,” Deegan said. “Financial inclusion is an important topic facing the world. One way that happens is to allow people to collect information about themselves and establish their own reputation metrics, for example with a smartphone. I could walk about sub-Saharan Africa with a smartphone and let it collect my GPS data, the child keys of the people I interact with, and allow me to establish that later people can offset the risk of dealing with me because of all those previous transactions.

“It’s an immutable record that’s visible and verifiable to anyone, but it also has a layer of privacy because I don’t have to reveal the path to my master key. The various child keys can accumulate profiles about me with regard to my activity on eBay and other places, for example. Because we’re dealing with the blockchain, we can distribute that information globally and make it transparent.

“It also reduces the ability to propagate fraud or identity theft because there isn’t enough information in those child keys for someone else to impersonate me. As long as I control the path to the master key, that’s all I need for others to trust me.”

The Blockchain: A Control Channel, Not a Database

However, Casey wondered, banks don’t want their own position revealed, for example, so there are questions about Bitcoin being used to settle securities and exposing banks’ positions. “How do you get the immutability of the data along with enough privacy to make people comfortable to transact?” he asked. “Especially since the blockchain can provide a back door entrance into an identity?”

Deegan addressed that issue and gave an example: “Let’s say two banks are transacting and need to ensure both are doing the right thing without revealing everything. A blockchain allows a bank to maintain its private blockchain with its own ledger, and when they transact with another bank, they can have a shared ledger with selective disclosure. That lets them verify each other’s transactions and know they’ve been handled appropriately.”

He added: “With another layer on top of that called smart contracts, there can be contracts in place that are executed automatically on the blockchain, so that all three ledgers can be maintained consistently and in a synchronized manner. As long as the public visible ledger between the banks is correct, it can be assumed that those banks’ internal ledgers are correct.”

Ali had two things to add to that: “When people talk about the blockchain, many people assume the blockchain is a database, which isn’t true. The system we’ve designed is one where only access control information is handled on the blockchain, so only the hashes are there. That lets anyone check the integrity of the data by checking the hashes. The blockchain isn’t a database: It’s a control channel that gives you security and the data can be somewhere else.

“The second point is one with this analogy: Just like there’s a global internet, there will be a global bockchain. All signs point to it being the Bitcoin blockchain. We migrated our system to that blockchain because of security reasons. There’s been so much investment, about a billion dollars worth, into the Bitcoin infrastructure that it’s the leader. But there can be private blockchains, whether it’s one entity, such as a single bank, or a group, like multiple banks, and the private blockchain can be pegged to the public one. So you can do sensitive communication, like a VPN, but do the public one.”

How Do We End Up With a Public Blockchain?

Casey then said there’s still some question about whether private blockchains would be pegged to a public one or not. “Couldn’t banks creating their own blockchains be a threat to Bitcoin’s blockchain?” he wondered.

Ali responded: “It boils down to access controls. If only seven banks have access to that network, it’s like a federated network that doesn’t necessarily have to be a blockchain. But would people trust that federated network? I think people would prefer to trust the public one.”

Casey said that was a good point and he noted how much power Facebook, Twitter, and so forth have, much more so than most countries. “Facebook is the biggest manager of identities in the world, which is a big problem,” he said. “How do we end up with a public blockchain?”

Deegan said he doubted that Bitcoin’s blockchain would be the one in use in a decade. He said: “I would offer that it’s rather that it’s too early to tell. If I was a teleco or a large organization like Facebook or Twitter, I would consider ways I could push my own blockchain out, but releasing hardware that could boot strap a blockchain. I think Bitcoin and other blockchains will adopt something similar.

“Points-of-sale would be an ideal place to establish something like that. Maybe Bitcoin blockchain is great for digital currency but it has some limitations, so it needs to be hashed before the data is stored somewhere else. Maybe there are other blockchains for use for other things, so they don’t clog up the network. They could turn on a new blockchain network with millions of end points, which would be enough to secure it, and they could offer services, such as point-of-sale, and write transactional data that would establish an immutable record.”

But Casey wondered how one ensures that blockchain isn’t controlled by, for example, a teleco, as opposed to being a public one. Deegan said they would be an authenticator to the public blockchain.

What About the Regulators?

“Where are regulators on this?” Casey then asked. “What needs to happen to bring society around to accepting these methods?”

Ali answered, “Our view is that they are more interested in regulating currency, so they’re more understanding of other applications on top of the blockchain. For example, there was BitLicense, and many of the suggested changes were incorporated. If the transaction is clearly non-financial, then it shouldn’t have to be regulated – It should just need the BitLicense.”

He added, “One view of adoption is that it will start with users, then companies, then states, then federal governments. There are people who are very optimistic about this because governments’ own identity systems are broken.”

Casey used that view to point out that when Somali terrorism becomes a problem, for example, the response is to shut down corridors to Mogadishu, which creates other problems. Fixing that problem in a country like Somalia, where there are no IDs, is a difficult one. “There’s a roadblock,” he said. “People insist that you have to rely on governments to issue IDs. How do you get past that?”

Deegan replied that it’s a “chicken before the egg” situation. “We have a new way of thinking about these problems, one that’s more secure than present systems,” he said. “We could develop a system with internal audits and controls that could determine in real-time that transactions don’t violate regulations. That’s much better than the current system, where we can only audit a few things and explore where there are flags.

“It will be on the technologists to find the right use cases and prove that the technology will work at a large scale to show regulators it can be done. That will be a watershed moment.”

Casey said that MIT is looking for those use cases now. He then opened the floor to questions.

Time For Q&A

The first question concerned selective disclosure and whether that solves a major problem if it works. “But what’s the source of the information being delivered, and how do I know it’s valid?” the person asked. “Does it tie back to a government database or something else?”

Ali responded, “The way we’re looking at it is that goes to the party that signed the statement. A company that does such checks could sign off, and in a few years it could be, for example, the DMV of New York.”

Deegan added, “There’s a duality here. There’s a sovereign identity, where someone does that themselves, such as using GPS data to establish where I live, as opposed to a utility bill, especially if a device is biometrically tied to me. But there are other cases where it’s necessary that attributes are issued, such as access control to a building. I can’t provide that access to myself, for example. A single blockchain ID could have my attributes as well as information provided by other trusted entities. A marketplace will come up around this.”

Casey noted that banks could become identity providers, since they have so much information.

Ali said, “We’re thinking about this in terms of probabilistic identity. Your master identity is on the blockchain, and other things could link to that, such as a tweet on Twitter or your domain name. Those are different proofs for identity. And then you can add third parties that can sign proofs for your identity too.”

Someone else then brought up the question of mortgage transactions and how they’re handled electronically. That is something that could tie into the idea of the blockchain and how it could handle the data involved in something like that.

Ali said that is something that’s possible. “You could start your own registry service that’s decentralized,” he said. “You could start importing your centralized registry into it and start handling things like mortgage transactions.”

Deegan added, “I’ve heard of that described as ‘unwrapping the counter party risk.’ So if you have the history of the securities in these packages in a manner that can be traced back to a global immutable ledger, and you can then trace it back to the originals, you can then validate them. As an example of that today, NASDAQ allows a start-up to begin documenting themselves in their blockchain, which makes due diligence much easier if you want to invest in that start-up later.”

Casey added to that last point: “They still have four people inside Twitter that are still trying to reconcile the shares that were distributed at the company before it went public. If you have that information in a public blockchain, you can easily verify it. Twitter has had to pay astronomical legal compliance fees because of that problem.

“The other point I would make is, what better market is there to handle this than the mortgage one, since what happened in 2008 is still fresh in our minds?”

Another question concerned the unintended consequence that a human has to interact with a blockchain’s master key, which could drive criminal behavior where someone could take control of a master key and do terrible things.

Ali replied, “That’s a very good question. There are two things: There’s the UX layer where a lot of work is being done. The second thing is that you can look at the cross-relationships in real life and model it the same way in this technology. As an example, let’s say there’s a start-up and they require board approval for certain actions. You can have an address that’s on a multi-sig wallet and four out of five board members have to sign on it to approve it. Their master keys can be held by a bank.

“And so in my personal life, I can assign three other people I trust access to my master key, and two out of three of them have to approve a request to reset it.”

Casey added that a lot of innovation going into dealing with this potential problem and brought Deegan into the question. He said, “That’s a good point because you’re now centralizing access where before it was decentralized. If we make it so the user has to hold the master key and put it in some kind of vault, that won’t work for most of us. There are ways we can manage that, for example, by using multi-sig, as just described, or by bringing in hardware and use biometrics or a black box that would make it very hard to impersonate someone. So if you need to reset your master key by using the latter example, you could do so by accumulating new data that would match previous data.”