Removing the honesty box from the economy with an ANVIL

Toby Simpson
10 min readMar 20, 2019

--

Identity and claims made against it are important. Norman, for example, is a real fan of honey but may not, in fact, be a bee. (From ‘The Bumblebear’, by Nadia Shireen)

Trusted identity is important. Is Alice, your new Facebook friend in France, really a 24 year old account manager, or is she Steve, who is extracting your identity information piece by piece until he can lift the contents of your bank account? And talking about Steve, your LinkedIn connection who is a VP of Research and Development at an upcoming technology company in San Francisco, how do you know he isn’t Simon, a 18 year old from Doncaster in the UK who hates you for some reason and is biding his time before making a move? Then there are the claims made against your identity. How do you prove you have a job, what your salary is, your age, whether you are insured, whether you have a driving licence or if you do indeed have the university degree your resume claims that you have? That’s a lot of paperwork to find, store and produce when it is needed. Furthermore, lots of it is easy to forge and exists as a one shot wonder.

When you hand your driving licence to a car rental company in another country, how do they establish if it is valid and not revoked? They’ve got a lot to do: they have to prove your identity and that the claims you make are both true, and attached to you, before giving you the keys to the car. Of course, in the end, they simply don’t aim for perfection, they have insurance against things going wrong so they just have to make best efforts. In the meanwhile, if you are trustworthy, you are handing over a lot of personal information, most of which they didn’t need, to a third party that you know neither personally nor professionally. Who’s to say that this information will be stored securely and used wisely? In Europe, GDPR provides (Which I’ve heard referred to as “Good Data Practice Rules”, an endearing alternative wording for the acronym) regulation to protect your data, but as I’ve often heard, red traffic lights don’t stop cars and mistakes, as well as “mistakes”, do happen.

Your life is full of cases where you have to prove who you are and then make claims against that identity that themselves have to be proved. None of these claims are owned or controlled by you which is why you have to do so many checks at the bank when you open a bank account, and then do them again at the bank next door when you pop over there to open a savings account. There’s also the mysterious case of providing too much information. When you rent a property, there’s a huge gap between what the renter needs to know and what you have to provide to prove that. The renter needs to know that a) you are employed and have been for at least six months, b) your salary is at least, say, £2000 a month, c) you are at least 18 years of age and d) you are entitled to live in this country. That is four simple things. What they get, though, is a) your full employment information, b) your actual salary from payslips including tax identity, social security or national ID numbers, c) your date of birth and d) your passport with any relevant visas. In short, they now have the keys to your digital life. Which is worrying for you, but also a massive pain for them, as they have to check each and every piece of information you give them because there is no trivial way of knowing whether the claims you made are complete fiction or not. Payslips and employer information, fine, but you might have been fired that morning. The utility bills to prove you’ve been in the country and are a responsible citizen are, yeah, pretty easy to fake: there are websites for that. Identity information? There’s a bloke at the pub who’ll… well, “help you out”, for a few hundred pounds. Checking presented credentials and claims takes time, costs money, and involves effort from lots of people and entities — both those that charge a fee and those who feel obliged but really do have better things to do than respond to constant reference and verification requests.

A decentralised, machine-readable solution

There are problems on all sides of the fence. Identity has to be proved. Claims against it have to be checked to see if they are true, have not been revoked and are indeed against that identity and not another one (who’s to say if the degree certificate is yours, and not someone else’s?). Couple this with the vast amount of over-information provided to prove one small thing and we have a mess, which is hugely expensive, inconvenient in your day to day real-life and generally just a massive pain for everyone involved.

Imagine, though, if instead of relying on easily forged, hard to check documents, or third parties outside your control for such things, that these certificates were owned by you: machine-verifiable and trivially easy to check by those to who you presented them that they were true, unmodified and not expired. If blockchain could be combined with other technologies to provide a decentralised trust system that was owned by no single company or government where individuals became their own record keepers and are empowered to deliver claims made against their identity.

This is about trust through verifiable credentials built using a cryptographic technology called zero-knowledge proofs. When you say you have something, are something, or are entitled to something then when you make those claims, the person or entity hearing them should be able to independently verify them and do so by machine, without human involvement. If those claims involve a temporal component (e.g., they can expire, change or be withdrawn) then they should be revocable. This includes insurance, your five star food hygiene rating with a local authority or the fact that you have a clean driving licence. In short, when someone makes a claim, you need to be able to establish for sure that the claim is valid at this precise moment and applies to the identity making it. This also solves the promiscuous nature in which we are obliged to share considerably more data than we’d like to, or indeed need to, in order to prove such things. Now you can prove you are at least 18 without disclosing your age or date of birth, or that you earn at least £2000 a month without providing the actual value, or that you hold a valid EU passport with at least six months left to run without providing it. In short, you can now prove something without revealing the details of the claim you are making. Neat, eh?

Lubricating the digital economy

When you’re able to do such things, then a massive block in the digital economy is removed. When such claims can be attached to digital identities as well as human ones, then something else happens: you enable autonomous agents to get trusted work done on behalf of what they represent — independent of human interaction. When all this is mixed together in an architecture like Fetch.AI, it enables decentralised applications that were simply not possible before. Let’s take a decentralised Uber: you, as a passenger, can verify that the driver is authorised by the local authority to pick you up and that the car you’ll be picked up by is insured, taxed and serviced. As the driver of the car, you can verify that the person meets age restrictions, is where they say they are and can afford to pay for the journey. Agents representing the driver and the person work together to validate these claims before the pickup is chosen. Collectively, they have worked to optimally connect driver to passenger and have planned the best route for achieving an efficient journey. When the same network is also taking advantage of journeys to move packages and food around, multiple verticals are seamlessly integrated improving utilisation, efficiency and putting control over earnings into the individual’s hands. This is an absolutely vast change enabled by autonomous economic agents in a world driven by AI, structured for machines and supported by verifiable credentials that can cross the boundaries between markets in real-time. It is a disintermediation of the economy, one that returns control to the individual and removes some of the middlemen that have shoe-horned themselves into the world in recent years.

Such claims will be passed around between autonomous agents continuously. When using synergetic computing to optimise the connection of electric vehicles and charging points, a vehicle will be able to prove it is serviced, is compatible and is where it says it is. In the meanwhile, the charging station can prove it exists and is approved by the manufacturer to be used with that vehicle. This creates a world based on trust, where it is not possible to assert a claim that has been made up. Removing the need for human checks or involvement of third parties makes this work for machines, autonomous economic agents, that can get on in this new, trusted world by themselves. With the global ledger used for certificates and logging transactions, there is increased information available for machine learning to present trust values directly into the digital world: you can cut out all agents representing charging stations that are not officially certified to charge your car, or remove any food provider which does not have at least a four star hygiene rating.

Taking the mystery out of who you can trust

So let’s be frank on a truly grand scale: the whole point of true decentralisation is self-service trust. You should be able to transact without a centralised source of information to tell you that it is safe to do so. Behaving well over a period of time provides reputation, and working with other parties with a long, established reputation of trustworthy operations lets you work free of fear. How you deliver this trust and reputation, though, is where it gets a touch more difficult. How many of those transacting on bitcoin or ethereum check their facts on the ledger? They could, but do they? What happens if it is not just people, but machines, too? How does anyone (machine or human) get access to the trust information that they need in timely, and of course, trustworthy way? There are a lot of questions there and none are trivial to answer.

Many decentralised protocols, such as Fetch.AI, have built systems specifically to ensure that digital entities have the information necessary to work safely whilst keeping their risk exposure to a level that they were satisfied with. Part of this is enabling the construction, delivery and use of verifiable credentials: you are who you say you are, you have what you say you have and you’re qualified to do what you say you’re doing, for example. Then there’s friction-free access to reputation and other key network trust figures: what’s the risk of connecting to this node, or talking to this agent? Agents that wish to work in a more trusted environment can refine their view on the digital world not just semantically, economically, temporally or geographically but by risk level — effectively making poorly behaving parts of the network invisible to them.

Enabling a high-performance machine-to-machine economy where billions of agents can do business in a trusted environment without human supervision or intervention is supported and achieved with many technologies. Some of these are at the protocol level, some at the higher level and in some cases, the integration of other technologies that bring in expertise and experience from outside can make a significant difference to the level of service that agents have.

Sovrin, Outlier and Fetch.AI: friends in high places

And this is why Outlier Ventures have built ANVIL: a bridge between Sovrin and Fetch.AI to allow agents to assert a claim and for those claims to be verified. This example of integration between the two systems enables a range of very, very cool things. Now, agents can change what they deliver according to the credentials of the buyer. Think of being able to provide the red-carpet service to those that are qualified to receive it: travel agents being able to assert that the person they represent is a silver member of the frequent flyer club without disclosing the membership number, hotels offering discounts to regular customers or special rates for elderly people, students or healthcare workers. It deals with an electric car charger provider verifying that the car attached is compatible, and also the car can verify that the charger is real and approved for them to use. All the agents involved can prove what they need to prove in order to get things done and do so without any of the pain and agony that is usually associated with such things, such as over-disclosure or the painful, slow requirement to verify each thing individually with centralised third parties.

Verifiable interaction with the ANVIL API in just 8 lines of Python. Yup, you heard me, 8 lines of Python

From the 28th March, you’ll be able to get the code, see it work, and adapt it to your own requirements. ANVIL further enables Fetch.AI’s economic Internet by delivering Sovrin’s self-sovereign identity technology as an additional tool in the box: giving people and things the ability to collect and hold their own digital credentials. Watch the live demonstration of ANVIL.

This is a major achievement in demonstrating the economic Internet of the future and how straightforward it can be. Here, we provide one glimpse of how trust, identity and proof-of-claims can be handled in Fetch.AI. It’s not just an idea, or some thoughts, it’s real, it works, and you can use it to let Fetch.AI agents on the testnet get things done in a trusted, leak-free, decentralised environment where the agents and those they represent own and control their own digital credentials. Get involved, take a look, and let’s BUIDL.

--

--

Toby Simpson

Opinions my own, yours may be different, and that’s cool.