IdentityTech and the role of identity in economic, political and social transactions
Alastair Berg is from the RMIT Blockchain Innovation Hub, the world’s first social science research centre into the economics, politics, sociology, and law of blockchain technology.
Identity is a crucial part of all but the most trivial economic, political and social exchange.
Any exchange is reliant on having some level of assurance over the identity of the person, thing or firm you are dealing with. Many transactions are identity-reliant. You wouldn’t agree to lend just anyone money. You need to know who you are dealing with.
The level of assurance — trust — required between buyer and seller at a cash bar, compared to buying a new car on credit varies considerably. In the first instance the exchange of goods happens simultaneous to the exchange of money. In the second, full repayment may not occur for years, and perhaps not at all.
Different transactions have very different identity requirements.
Identity is not just necessary for the transacting of goods and services. Governments have a clear interest in ensuring those who vote are eligible. They must also be able to determine who owes them tax, as well as who is eligible for welfare payments and other benefits. Trademarks, logos and intellectual property also serve identity functions in complex markets. These can signal quality and other characteristics to consumers.
The coordination mechanism that identity provides is not free. More complex markets and institutions arrangements require identity technologies that allow us to coordinate across distance, often with people we haven’t met.
As societies grow, by conquest or trade, an increase in population is associated with a growth in the use of identity technologies. Surnames, useful to distinguish between Tom who lives by the river, and Tom who is really tall, don’t really cut it when you are selling goods across borders. Passports, driver licenses, social security numbers, and now service like Facebook Connect and Google Sign-In facilitate and delineate the transactions and interactions individuals have with other entities.
These identity technologies refer back to ledgers of authority, responsibility and access. Who has access to rights of citizenship, who may drive a car, who is eligible for welfare benefits, who can post under what username?
Ronald Coase, 1991 Nobel laureate in economics, first determined that relative transaction costs allow us to examine the cost of exchange, and the institutions — legal, political and social — which in turn impact on the performance of an economy.
What Coase and those who built upon his work did not separate out was the identity costs of exchange. While John Wallis and Douglass North determined in 1986 that the costs of transactions in the American economy was almost 50 per cent of GDP, the identity component of those costs has not yet been addressed.
Economic, social and political transactions consist of both a value, as well as an identity, component. This is so because there are frictions, costs and other impediments involved in establishing the identity of a counterparty, the item of value to be exchanged, and the medium of exchange used as part of the transaction. Where little to no information asymmetry exists between buyer and seller, identity costs will be close to zero. Yet such a case would seem to be rare.
These identity costs are the cost of coordination across and within markets, firms and government. And now, blockchains.
In many exchanges, and certainly within some industries, identity costs can comprise a substantial part of the cost of doing business. Banks and financial institutions have significant commercial incentive to understand — in great detail — the identity and financial attributes of their current and potential customers.
A standard framework used by a lender is that of the ‘5 Cs of Credit’, which uses the metrics of capacity, character, capital, collateral and condition. In utilising such a framework, lenders will typically require potential borrowers to supply substantial documentation to attest to their claims, such as proof of income. This is a time consuming and costly process — still largely manual — which determines whether a lender is willing to enter into a credit transaction with a borrower. The cost of this process is that of an identity cost.
Similarly, customers place great importance on the provenance of what they buy — particularly food, medicinal products and luxury goods. After tainted milk powder killed six babies and made up to 300,000 sick, Chinese consumers were willing to pay up to AUD100 for a tin of Australian made baby formula. After this incident, Chinese consumers paid a premium on what ordinarily would cost AUD25. They paid this substantial premium — based on brand names and ‘Made in Australia’ logos — to reassure themselves what they were purchasing was safe for their children. For this reassurance, they were willing to pay four times the original price.
Compliance requirements also add to the identity costs of economic coordination. Banks must satisfy legislative and regulatory requirements to fulfil ‘Know Your Customer’ (KYC) obligations. These requirements oblige a bank to identify their customers prior to entering a financial relationship, their ability to pay at the origination of a mortgage, and monitor a customer’s behaviour and circumstances on an ongoing basis. Some financial institutions spend USD500 million a year on KYC compliance.
Similarly, customs and border agents have an interest in establishing the provenance of goods — and people — which cross their borders. Domestic regulations as well as international sanctions compliance both need to be addressed. The vast bureaucratic apparatus which are customs agencies around the world are dedicated to identifying the people and things which cross their borders, and ensuring they are eligible to. This line item of any governments budget is an identity cost.
Commercial and compliance considerations incur significant identity costs in many transactions.
Identity technology, the state, and you
In small societies, biometric identifiers are used to distinguish between individuals. The average person is more than capable of recognising facial features, voice and other characteristics of a few hundred people and associating that with a name.
Small scale societies also rely on a primitive form of the ‘web of trust’ model of digital identity. Here the relevant identity technology is nothing more complex than an analogue social network. Reputational information circulates, and individuals prove their identity biometrically and by reference to people who know them.
Yet the web of trust model of identity does not scale. First, scalability issues mean that frequent transactions become inefficient. Taking a friend or relative to the bank every time you make a withdrawal in unfeasible. Second, a web of trust model is not robust enough to deal with frequent changes of members in the social network. There are onboarding issues for new members who take time to prove their identity and utilise the social network.
As societies grow, by conquest or trade, an increase in population is associated with a growth in the use of identity technologies.
Take surnames for instance. Very small societies just relied on first names, as their size made a second identifying attribute unnecessary. Yet the growth of societies and trade networks made the likelihood of a collision between two Tom’s more and more likely. Job specific names like Baker and Smith, or geographically descriptive ones like Lee (from the meadow) and Corleone facilitated market interactions and reduced confusion for participants. Surnames also formed part of the economic infrastructure of society in more subtle ways. Hereditary patronyms became part of the way in which male children could claim their father’s estate.
The state also required a way to track and maintain control over their populations, and surnames proved a very efficient way to do this in pre-modern society. Governments maintain an interest in having administrative control over their populations. The need to tax and conscript necessitate a unique identifier for everyone under their control. What James Scott called ‘legibility’, John Torpey referred to as the ‘embrace’ of the state.
Identity technologies became more complex along with society. Surnames, and then public registries of births and deaths allowed for more efficient administrative control through taxation and conscription.
Other technologies which people would more commonly associate with identity emerged from the origins of surnames as the state became entrenched in more and more aspects of people’s lives. Birth certificates, driver licenses and passports, while still used to register births, allow one to drive, and permit cross border travel, have now become such an established part of our economic infrastructure that to exist without them would be practically impossible, or socially, economically and politically crippling. Opening a bank account, or establishing any sort of relationship with a firm or government institution requires some form of government issued identification.
Firms now piggy-back off these forms of government issued identification to establish relationships with customers. Establishing a new phone connection with Australian telecommunications provider Telstra requires customers follow the defunct, but still widely used, Australian government’s 100 points of identification standard. All of the primary documents, like a driver license or passport are government issued, while many of the eligible privately issued documents, like a credit card or student card are the lowest ranked. Indeed, obtaining a credit card or student card would require the presentation of one of those primary documents in the first place. This illustrates the monopoly that government issued identification has in identify issuance and verification.
If you consider taxation, the state has an obvious interest in ensuring that every citizen has one, and no more than one, identity. The progressive tax system used in countries like the United States and Australia relies on this. It would be trivially easy to game the system if you could split your income between multiple legal identities.
The state’s interest in maintaining a ledger of unique legal identities also extends to programs like welfare and conscription. Maintaining the integrity of the welfare state relies on ensuring that as much as possible, only those who are eligible receive disability support. Similarly, states who still maintain conscription need to know who they can enlist.
Yet the unique, uniform and stable identity governments desire contrasts with those maintained by individuals. Fields outside of economics have long acknowledged that individuals maintain a raft of coexisting identities. Mary from Accounts Receivable may also be Mary who enters stand-up comedy competitions. She could also be Mary the daughter, sister, property owner, or Mary who enjoys online gaming.
While these multiple Marys coexist within her physical form, she may choose which of these identities and attributes to present to the world, depending on the circumstances. She probably gains no value revealing herself as working in Accounts Receivable when she interacts with people gaming online. Neither does she necessarily want her work colleagues to know about her attempts to establish herself as a stand-up comic. Privacy is a big concern, and is one of the reasons why the maintenance of multiple identities and control over attributes can be so valuable to the individual.
Her identities can also change over time. Over time she may become Mary the CEO, or Mary the mother and later Mary the grandmother.
Therefore, we can see two distinct preferences for the supply of identity by the government and the individual. Governments desire a unique, uniform and stable identity. Individuals desire a wide range of identities to satisfy their work, family and social commitments, while maintaining privacy.
Identity as property rights
Identity also has some interesting properties when considered as a form of property rights. You can add to it, say in professional and social contexts. You can graduate from medical school, allowing you to make the ‘claim’ to be a doctor which counterparties, like a hospital, can verify. Similarly, you could help a friend move house, allowing you to make another ‘claim’ which paints you as someone who is generous with their time. Yet unlike rights over most forms of property, others can also add to your identity, even without your knowledge or consent.
While others cannot build an extension to your house without your permission or knowledge, they can add certain claims to your identity. That is, they can affect your ability to conduct yourself socially, politically or economically. Those who are socially ostracised, disenfranchised minorities who lack voting rights, as well as the unbanked all have identity origins.
Closely related to identity as a form of property rights is the way in which it is produced. Identity and associated attributes are what we can describe as co-produced goods. Some attributes are produced by you, while others are produced externally. You don’t always know what others think of you.
Identity technologies and the economic institutions that support them are subject to change. Technological innovation has driven much of this change. Rising rates of literacy and methods of record keeping allowed for parish churches to keep detailed registers of births, deaths and marriages. Distributed ledger technology like blockchain may disrupt identity governance in coming years.
It is also important to realise that the importance of establishing identity underpins much of the new information technology applications which are emerging. RegTech and TradeTech, which use information technology to reduce the costs of compliance and the costs of international trade respectively, involve applications of IdentityTech.
IdentityTech is the application of information technology in the reduction of identity costs. RegTech allows firms to reduce the costs of identifying their customers for the purposes of KYC compliance, while TradeTech can increase the transparency over the goods which cross borders, for both consumers and regulators.
Take TradeTech, which as demonstrated by IBM and Maersk can apply blockchain technology to track the provenance and progress of goods through a supply chain. Such a system, combined with IoT devices could feasibly provide real-time data on an item’s temperature, geo-location and a myriad of other metrics. High-risk items, such as medicines, can be tracked through the supply chain, with information about temperature and humidity shared amongst trading partners and regulators with no need for each party to trust each other. Any deviation from acceptable norms might be then used to notify regulators and end consumers, with insurance claims triggered in real time if necessary. This is especially important for certain medicines which can be permanently degraded if they are incorrectly stored during transit.
Self-sovereign identity, which sees individuals as having full ownership and control over all aspects of their identity, is another such possibility in a blockchain economy. As one’s identity, and all claims related to it, are owned by the individual, no third-party can take it away. In addition, identity is truly portable in this instance. You can take your claim of an attribute, such as a university certification along with you as you move to a new country, even if your university along with its records has been destroyed during war.
The blockchain, a type of digital, decentralised, distributed ledger, does this as the integrity of the data does not rely on a trusted third-party like a bank or a government. Elegant incentives and game theory which underpin blockchain design — cryptoeconomics — allow for trustless interactions between individuals and entities. While we may still rely on traditional third parties to initially attest to our university certifications, our ability to drive, or our citizenship, we will not need them to attest to those claims on an ongoing basis.
All of this means that individuals, firms and even things can make claims about their identity, and counterparties can verify those claims with probabilistic certainty. A cryptographically secure blockchain can also remove the need for centralised authorities (firms or governments) to hold virtual honey-pots of personally identifiable information. The immutability of the ledger, achieved through public key cryptography and clever consensus mechanisms mean that counterparties can quickly, cheaply and reliably verify claims while being unable to tamper with or delete them.
In addition, the need for privacy can be satisfied through zero-knowledge proofs, and data stored off-chain allow for a claim to be verified without ever sharing the nature of that claim with a counterparty.
The innovation in blockchain technology and digital identity management comes when regulatory bodies are attempting to address concerns about the collection and storage of personally identifiable information (PII) and the privacy protections afforded to that data. The EU General Data Protection Regulation (GDPR) which is due to come into effect in May of 2018, provides requirements such as privacy ‘by design’, consent to data collection, the right to access and erasure of personal data, and notification requirements in the event of a data breach. Other similar, yet less onerous regulations exist, such as in most US states which require firms to notify customers when their personal information has been breached.
Regulations like the GDPR may in the long run provide an impetus for firms to reconsider the way in which they store PII. Fines of up to EUR20 million, or 4% of worldwide turnover, whichever is higher, in the event of an infringement, may create a financial and regulatory imperative for firms to offload some of the risk associated with storing such data. This may create a commercial incentive for a world where individuals have control and ownership over more aspects of their identity.
In the light of recent data breaches — Yahoo and Equifax included — firms will need to evaluate the costs associated with obtaining and storing data*. Especially sensitive data — financial and health related — may prove to have too high of a risk profile to justify central storage, and could be passed back to consumers as they ‘de-risk’.
All this of course presupposes that large data gatherers like Facebook and Google will suddenly become too risk averse to hold PII. The idea of these companies suddenly relinquishing their ability to monetise such data through advertising seems unlikely, at least in the short to medium term.
However, the combination of these wide-reaching regulations, in addition to technology which allows for the distributed, cryptographically secure management and selective sharing of personal data is one such possible eventuality, albeit with a few roadblocks in the way.
How the right to erasure would be satisfied is one roadblock which blockchain technology would need to overcome in respect to GDPR. Permissioned blockchains, or even ‘editable’ blockchains may provide solutions.
In a future where self-sovereign identity is reality, individuals could choose which claims or attributes to broadcast to other entities, and for how long. Context would determine which aspects of one’s self to broadcast to the world.
This could have broad societal and economic consequences.
Institutional cryptoeconomics studies the institutions consequences of immutable, cryptographically secure distributed ledgers.
While self-sovereign identity is only one possible eventuality, the economic consequences of blockchain on the governance of identity, and other economic institutions will be disruptive. Perhaps a form of federated identity facilitated through blockchain technology, would allow users or citizens of one system or country to access services or facilities of another within a federation. This is analogous to single sign on (SSO) functionality, and reduces the cost to firms and governments of verifying the identity and attributes of individuals.
Blockchain technology could equally be used by government or firms to impose a single uniform identity on all citizens. If technology is morally neutral, then the libertarian future Satoshi Nakamoto and the other cypherpunks envisioned is equally possible to a world in which governments use blockchain technology to further centralise identity governance.
*Cambridge Analytica harvested an apparent 50 million Facebook accounts for their voter targeting products used in the last US election. Representatives of the company said that this was not a data breach and “no systems were infiltrated”.