Hi, my name is De Croo, Alexander De Croo

Hi, my name is De Croo, Alexander De Croo

And I am, whatever you say I am (Eminem)

by Koen Vingerhoets

Identity is a key legal aspect, next to property. As such, it's of course also a key aspect of our daily life. You have an ID card, a driver's license, a badge from your employer, a bank card,... a whole slew of items to proof who you are, or, as some defend: sufficient evidence to avoid being denied your identity

These documents are issued by trusted third parties, usually a government, your employer or any other organisation which has to verify your identity (which often results in checking the genuine origin of documents you already have, issued by other trusted third parties). 

Now, the bitcoin blockchain itself has quite an issue with "trusted third parties". It’s positioned as the ultimate tool to replace trusted third parties in payments… and beyond. Furthermore, in our own tiny bubble it might make sense to have trusted third parties, but what's the value of an ID in Syria? Angola? North-Korea? What if multiple governments claim to be "legal"?  
 

Trust - a rational emotion

It all boils down to the amount of trust you can have in the provided proof of an identity and its issuer. I can print my own visit card with "Alexander De Croo" written all over. I could open a twitter account for "realAlexanderDeCroo". Maybe I can grab a few cards from his political party or a badge he used at a conference,... 

It might get me somewhere in America, but I doubt the impact in Belgium. As soon as someone asks for an ID card to support my claims… busted!

Do you know there's a limit to the amount of people you're able to trust? Research revealed it's around 120 people, the size of a tribe in prehistoric days (and of a centurio in Roman warfare, etc). Our brain seems to have a hard limit just above 100.

Trust is not a binary something that scales, it's the result of a complex process that combines all kinds of info into one emotion. How much do you trust me to be Alexander De Croo, on a scale of 0 to Deputy Prime Minister? 
 

The bitcoin blockchain solution

The bitcoin blockchain solved the trust problem - there is no central party to issue an identity - as follows: everyone issues his/her own identity. You create your wallet, your private & public key and... you're set. Ready to be a unique, identifiable player in the bitcoin ecosystem. 

The downside of this solution is of course that people can make several accounts, issue different account numbers for each transaction and hide behind these. The (almost) anonymous identity on the blockchain is seen as an essential element, while it also causes issues. 
 

Identity on a ledger

Financial institutions (FI) are of course not so keen of "pseudonymous" (= almost anonymous) identities exchanging money. On the other side, FI’s developed a growing interest in blockchain/distributed ledgers.

That's why a whole lot of effort is put into building an online verified and verifiable identity on a (private permissioned) distributed ledger. As soon as a FI knows who accesses the systems, services can be offered. Identity is considered the new gold... but this time it's really hard to dig it up. 

I think we're still looking for a solution. I'll give two recent approaches on how to handle it: 

  • In Eggsplore, we elaborate on the idea of bringing the result of a KYC process back to the customers. As FI, we publish on the users page the hashes of the documents we worked on to check our customer’s identity. That means we don't disclose the information but only the unique fingerprint of these documents. The more often the document is reused, the more companies validate the same hash in their KYC process and the more certain other parties can be about the correct content of the document.
    A FI is legally obliged to do KYC, so let's trust the result of these procedures. But... how is the user page created? Who ensures that a user creates a page for himself?
    At a recent conference, I asked this question on a team of banks who just presented their ID solution. Their (slightly surprising) reply: "we left that out of scope". 
  • A Belgian city has a project in which they rebuilt society after an apocalyptic event, using blockchain technology. In their system, your identity on the blockchain is validated by your peers. That means the more friends you have, the stronger the evidence becomes that you are who you are (or claim to be).
    The loophole in their system: someone has to be the first person, the only one who doesn’t  have anyone approving his/her identity. If this person has no trust... the entire system fails.
    The assumption of the project team was that they would survive the apocalyptic event and start their identity program. 


Adam & Eve

It all boils down to the Adam & Eve problem (ah well, it's how I call it): someone has to be "the first". Somewhere, some person has to be the first to have an identity without proof on the distributed ledger. For financial institutions (and mayhaps for every regulated use of a blockchain), there isn't only a Genesis block, but also a Genesis user

The identity issue is an endless recursive problem. The bitcoin solution with all its genius doesn't work in a world where identity is key. The downside is that somewhere, someone will be the first (and only) person to place trust in him/herself. *fingers crossed*
 

About the author

Koen Vingerhoets combines a Master in Law with a sound passion for IT. He caught an interest in bitcoin early 2013 and currently works in the core blockchain team of KBC. He is often praised for making difficult items understandable through vivid keynotes and clear texts. Citing famous rappers is just an added bonus...

Cover image copyright: http://trusteddigitalidentity.com/