Blockchain Workshop Position Statement

Authors: Jon Geater, Marta Piekarska

Jon Geater

While the organizers are understandably keen to avoid too much discussion of payment technologies at the workshop, my experience with building and deploying web payments systems is highly relevant to the task at hand. I was lead architect and software developer of the nCipher payShield HSM which was built specifically to service the emerging 3DSecure/SecureCode market, a standard aimed at bringing physical cards onto the web. In designing and building this product I discovered serious flaws in the card schemes’ original cryptographic protocol designs which were fine in the context of the EMV walled garden but fatally vulnerable in the web context.

Later in my career as Chief Technology Officer at Trustonic I brought security to large-scale natively online applications in a variety of use cases including sensitive online identities, multi-party trust, bitcoin wallets and blockchain platform companies. Practical issues in the areas of standardization, deployment and usability are legion and in order to get something to market compromises have to be made at almost all levels of the stack.

Now in my current role I am actively handling many projects and products in a wide range of industries at all stages of ‘digital transformation’ as they transition security-sensitive operations to the cloud, to web, and more. Blockchain is high on the agenda for many of these conversations, and the requirements vis-à-vis permissioning, form factors, confidentiality and legals are highly varied.

Appreciation of cryptography ‘in context’ is going to be essential in making web-accessible general blockchain standards practical. I intend to bring this experience to the workshop.

Marta Piekarska

I am a Bachelor of Electrical and Computer Engineering from Warsaw University of Technology and a double Master from Computer Science and Informatics at Technical University of Berlin and Warsaw University of Technology. I did my thesis on Voice Encryption on Android Platform and GPU-aided Payload Delivery on Linux Kernel. Currently finishing my PhD thesis on User-Centric Privacy on Mobile Devices, while working for one of the hottest Silicon Valley startups, Blockstream as their Security Architect. Previously, I was the Lead Architect at Deutsche Telekom on the Future of Mobile Privacy, a collaboration with Mozilla and Deutsche Telekom improving Firefox OS.

Position Statement.

Blockchain allows us to guarantee the origin of information, the prove of existence and prove of ownership. We believe that applications of these features towards medical records and data stored outside of trusted environments is extremely interesting. A problem we have today is that data, once it leaves the computer cannot be controlled by its owner. It no longer belongs to the creator. It is tempting to use the blockchain technology as a method to watermark ones own data, in order to verify who and how altered it. This way we could have full control over who and how manipulated the information. How this can be realized, what would be the mechanism - these are great topics to work on. In the world of Web browsers, the trace users leave on the web, browser fingerprinting, blockchain could be a solution. Today we have no way to control what is left behind, what is seen by the search engines, and how this data is later passed to the third party companies. However, with the blockchain we could have a method of seeing where the data came from originally, who it passed through and who was the source of leakage. We could start holding companies accountable for selling or not protecting the databases sufficiently. Moreover we can explore the models of charging for access to personal data on single access basis, creating a truly self sovereign identity.

It is important however to first discuss what identity is. Who are we without an ID? Is it obligatory or even desirable to have one? Are there situations when having an identity is counter-interest? While with paper documents we can achieve effective anonymity by leaving them at home, digital identity follows us around and renders us identifiable wherever we go. What follows: are there ways to provide temporary anonymity even in the world of digital identity?

What is an identity? In psychology identity or self-concept is not connected to anything physical. According to Encyclopedia Brittanica “it has to do with what the truth of judgments of personal identity consists of and how it can be known. Equivalently, it has to do with the nature of the persistence of persons through time and their awareness of such persistence”. It is liberating: cogito ergo sum. I think therefore I am.

Sticking only to this definition is a double edged sword, however: no one can deny me who I am. In these terms the government can deny me my documents but not my identity. But from a practical standpoint, my cogito may not help the authorities protect or verify my sum. The fact I make judgment, may help

me by making a choice not to take up a shady job. It will not help the police find me when I am kidnapped. What binds identity to paperwork is society: being an undocumented individual is fine so long as one is content and able to exist as an island, but society is bigger than one person, it exists outside of a single ego, and as soon as one wishes to participate in society or needs to take some benefit from it one needs extant proof of identity that can be used to validate the interaction.

Socialization, or becoming a citizen, means that we give up an amount anonymity and agency (though ideally not privacy!) by providing some personally identifiable information to a trusted institution - like the government - and in return receive a document that guarantees that we are who we claim we are. Because this authority holds a copy of my data, they have methods of identifying me, even if I lose all my paper document. That is a truly double edged sword, again: once delegating the power to grant me the proof of identity I also agree to delegation of the power to deny that proof. And I need to trust they will not abuse that power. Consider paper documents. If I want to be anonymous I simply leave my passport and driver’s license at home. Most countries today do not generally require that people produce their papers on the street so I have agency over my identity. I choose whether to prove or not. But what if the authority took my ID away? What would I become?

What then is an online identity? How does it differ from the traditional issued paper document? A critical angle to understand about living a digital connected life is that online identity is emergent, created over time and from every activity we undertake on the web. It is at once persistent and non volatile (since we can’t reliably erase any history) yet also highly dynamic (because each use of the identity adds to it, and what it says about us). No longer can one actively choose exactly what Personally Identifiable Information comprises their Identity. If we are not careful what follows is that in order to receive an online identity we need to give up both anonymity AND privacy, and we don’t even trust the third parties anymore. In extremis a rogue (or simply incompetent) ‘authority’ can not only deny me proof of my existence. They can deny me access to my data, control and forge my communications and make statements on my behalf. By taking agency over my identity they don’t only fraudulently prove they are me. They become me.

Unlike with paper documents, I cannot leave behind my online identity. Complete anonymity and privacy are no longer a realistic possibility. I am always connected to who I am, where I have been, and what I have done. However we have the right to be private, it is a freedom just like the freedom of speech or religion that should be guaranteed to every person. The decision to reveal what and who I am should be mine and mine alone. Right?

Unfortunately it’s not quite that simple. What happens when I transgress or hurt someone? An argument often used by the social and legal authorities is that privacy should not be granted to individuals, because affording privacy to ‘bad guys’ represents an unacceptable threat to security of the masses and the safe functioning of society. This is a common argument but it is not one to be accepted. We have no control over what is being done with our data, and thus we cannot delegate control over our privacy to a third party.

Finally, most users do not realize that they have only one identity online, that many user names does not mean many identities. They create various accounts – one for Facebook, one for Twitter - and don’t have the technical knowledge to understand that their IP address, their browser fingerprint and, increasingly, their typical location is something that will follow them wherever they go rendering all their supposedly separate IDs linkable. This is somewhat dangerous because users have a false sense of security and privacy which encourages unreasonably risky behavior.

It is our responsibility to create a world where we understand the challenges of communicating when a person is anonymous and when they are not, how they can choose and how social protocols can develop online that clearly define what degree of disclosure is needed in order to participate.

Having an identity is a double edged sword. We need one to be part of society, but we need agency over when we participate with society lest society try to participate too much with us. Identity issued by central authorities has let us down in this respect (by design, and by broad public agreement) so we need to think about things in a new way that leads to a useful decentralized identity. We propose that defining what digital identity is starts by defining what identity is not, and so suggest the following actions that need to be taken as first steps:

  1. Defining what ‘society’ is in an online context, and how that informs a re-definition of what would traditionally have been ‘authorities’ and ‘social contract’ into relevant online concepts
  2. Defining what is the minimum set of Personally Identifiable Information as the basis for an online ID.
  3. Defining a protocol that is a consensus that no other information is collected.
  4. Finding means of communication what comprises online ID today - “what the Internet knows about you”.
  5. Introducing legally acceptable mechanisms to be anonymous online on a wide scale.

Our second interest is defining out of scope topics for blockchain. What don’t we want to use blockchain for? It is an amazing, wide and very tempting technology. It has many applications and it is tempting to use it virtually for anything. However in order to maintain focus we need to define priorities. What are the applications that will benefit from blockchain and what are not. This requires us to come up with a set of definitions - what is blockchain, what is web in the time of blockchain, how does the blockchain change the web. Which of the BIPs can be converted into interesting standards, which should be left out of scope. For instance, Mnemonic code for generating deterministic keys/BIP 39, Hierarchical Deterministic keys/Bip 32 or confidential transactions seem like solutions that should be supported and converted into a web standards, while standardizing a consensus algorithm is impossible and should not be a scope of our interest.