Daniel Gasteiger — CEO of VALID on the Project, E-ID and Personal Data Sovereignty
Disclaimer: This article is for educational purposes only and does not provide financial or investment advice. The reader is aware that there are special risks involved in dealing with blockchain and cryptocurrency assets.
With the upcoming ITO (Initial Token Offering) on February 24 of VALID there will be a new player in the field of electronic identity (E-ID). The Swiss company Procivis already has a working MVP called eID+ that is currently in a public beta in the canton of Schaffhausen, Switzerland. I had the chance to talk to their founder and CEO Daniel Gasteiger.
Yannick Zehnder: Danny, first of all, thank you very much for taking the time to answer some questions about your project VALID.
I have followed the development of the concept of electronic ID (E-ID) in Switzerland. After Zug established a first mover project bringing a E-ID solution on Ethereum shortly after the Swiss Federal Council announced that they will work on a law on E-ID. A big scale alliance involving parastatal enterprises such as the Swiss Federal Railways (SBB) and a group of financial institutions such as UBS and CS formed to offer an E-ID solution.
Shorty after your company Procivis announced a MVP test for eID+ with the Swiss Canton of Schaffhausen (new on the Procivis website). Now you are trying go scale an E-ID solution globally with VALID. I would be very interested in your general view of the current situation of development, the competitors and how you position yourself in the market for E-ID with VALID.
Daniel Gasteiger: Obviously, a lot is happening — lots of initiatives nationally, but also more and more international consortiums looking at the topic of digital identities. At Procivis, we are promoting emerging standards like Sovrin and ERC725 in the blockchain space, as Procivis itself is not an identity provider. In the case of eID+, our integrated government identity and services platform, the identity provider is always a government or a supranational body. VALID, on the other hand, is designed as a truly self-sovereign identity solution where the identity owner is the ultimate manager of their own identity data. In either case, Procivis will never be directly exposed to individual identity details and will also never attest them.
For Switzerland, we plan to support the national initiative SwissID, since it doesn’t make sense to develop competing technological solutions for a small country like Switzerland. We are in discussions with SwissSign, the company that is developing the SwissID and aim to integrate its protocol with our eID+ platform.
Of course you are at a very early stage of trial, but do you already have first experiences with the eID+ solution implemented for the canton of Schaffhausen you are able to share? And if so, what are your learnings for VALID?
Even though eID+ and VALID can and will benefit from each other, they must be seen as two separate solutions, fulfilling different needs. eID+ is aimed at governments and supranational organisations looking for a solution to deliver identity or other high-trust services, like the handling of patient files or visa processes, in a secure electronic environment. These are very specific use cases that are not necessarily relevant for VALID users. The typical future VALID user, however, wants to really own their digital identity and personal data, and manage it in a fully self-sovereign fashion. Plus, they want to have the power to monetize their own data via the VALID marketplace whenever they choose to do so. We believe that, over time, these two solutions will converge. But it won’t happen any time soon. We will, though, be able to build on our experience with eID+ and the underlying technology when developing VALID.
With eID+ we have had good initial success with more than 200 people downloading the Schaffhausen eID+ app. The solution is running stably, and as we make more and more services accessible through eID+, this number will continue to grow. The Zurich University of Applied Sciences (ZHAW) is currently performing a review of our solution. Taking the end user perspective, they are making sure usability and user processes are state-of-the-art.
The solution for E-ID presented by the above mentioned consortium called SwissID is centralized. I interviewed Swiss National Councillor Marcel Dobler on the project and he said that in his view, for the moment, a centralized solution would be fine. He does not exclude shifting to a decentralized solution later on. You on the other hand chose to adopt bleeding edge technology for VALID. What is your take on centralization in regard to highly sensitive personal data and do you think by being an early adopter you can gain knowledge and experience that will put you one step ahead of the competing centralized projects.
I definitely think that SwissID should be built using technology that anticipates what we already know about where digital trends are heading. To me, this includes the use of blockchain technology. By the time SwissID is fully operational, blockchain technology will be well established and a fully centralized system will no longer be considered state-of-the-art. But that’s my personal view and it isn’t my role to advise SwissSign on the architecture of their solution. There may be reasons I’m not aware of why a centralized approach makes sense.
Adding to the last question I would also be interested in your view on other E-ID projects from around the world. How important is government collaboration?
It makes sense to define transnational standards, like the eIDAS regulation in the EU, which will help establish the Digital Single Market in Europe. But I also believe it’s an illusion to think that we will ever have a global standard for digital identity. I personally own two passports, and the content of my key personal information differs even between two countries as close as Switzerland and Italy. I believe the key lies in starting on a regional level and delivering real solutions, rather than spending years trying to establish global standards through complex international consortiums that will probably eventually fail to deliver anything practical.
By collaborating with governmental bodies you enter a very difficult situation. On one hand you gain legitimacy and on the other hand you are developing a technology that is highly disruptive to these governments. How do you aim to solve this paradox?
I don’t see a paradox here. Society is moving from paper to digital solutions. Citizens are doing more via their mobile devices. A government that does not follow the people’s preferences will soon appear out of touch. We should also bear in mind that eID+, which is aimed at governments, isn’t immediately disrupting the way they operate. It rather solves some key issues around the safe digitization of government services and can be deployed today. VALID, which has the potential to fundamentally change the way we look at identities, needs some time to establish itself and gain trust before governments will embrace it. We may look at a time frame of a decade or so for these two solutions to really start converging.
The European Union issued a privacy regulation (GDPR) — here again you are supported by government regulation and, on the other hand, disrupting their monopoly on issuing IDs for the citizens. What is more important to you being the disruptor or having good government policy on your side?
Again, I don’t see a conflict here. Society is changing. We are helping citizens and their government connect in new ways.
Besides the highly developed first world/western countries there are an estimated 1.1bn people not able to prove their identity. Adding to that there is an estimated 2bn people with no access to the traditional banking system. Do you think VALID has the capability of providing proof of identity to these people as well as giving them a chance to capitalize on their data without having access to government issued identity proof and/or a bank account? This makes you also very dependent on technological infrastructure. Do you plan to release super low res versions of VALID to make it accessible to people that are not in possession of high end ICT infrastructure?
I think we are already seeing a quantum leap when it comes to technological infrastructure in developing countries. I was in India recently where they are jumping from 3G networks directly to 5G this year and have super cheap smart phones available to their citizens, as cheap as 10 USD per device. These developments, in combination with our relatively simple app, which can be tailored to the local situation, will help us to deliver value to citizens in developing countries as well. In fact, we believe it’s an area where VALID can bring tremendous value.
As you mention in your whitepaper “[…] under GDPR, individuals will have the right to obtain confirmation from companies as to whether or not personal data concerning them is being processed, where and for what purpose.” (VALID Whitepaper, 2017) Do you think this is a realistic scenario whereas big data was largely built on ignoring individual rights to data owning? Besides that it is extremely difficult to bring a company collecting massive amounts of data (known search engines or social media services) to justice, as they evade jurisdiction.
We see more and more collective initiatives that will help bring companies to justice that don’t respect the basic privacy rights of individuals. In Austria, we have the famous case of Maximilam Schrems who is taking Facebook to court on various levels because of infringements of European privacy law and is supported by the noyb.eu initiative, which aims to bring people together to enforce privacy rights in Europe. And with every case of user data being hacked, we will see increasing pressure from official bodies to make sure companies take GDPR and other personal data regulation very seriously. We have reached the tipping point with such issues and everybody seems to be waking up to the risks involved when there is a lack of taking privacy rights seriously. Of course, the hefty fines that might hit a company in certain jurisdictions if they don’t protect their clients’ data properly are also a big factor in forcing companies to tackle data privacy issues.
Privacy is a big issue — some feel big data is a breach of it, some argue it’s not. The counter argument often is, that you as a single user are not interesting enough to put in the effort and analyze your personal data. It is only the accumulation of data that makes big data interesting. What do you counter to this argument?
I think technology will, for the first time, make it very easy to collect data individually and combine it in a self-sovereign, transparent and secure fashion, so it becomes valuable on an individual basis to data consumers. If, say, you combine your basic identity data with your set of financial data, your interest and hobbies and your health data, you create a highly interesting data set. Now, if you can make this data available to marketers or research companies in an anonymized fashion and at the same time guarantee the accuracy of the information and that the transaction is compliant with all privacy laws, you will have a very powerful value proposition in the palm of your hand thanks to your VALID wallet app.
I want to switch topics and now focus on the advertising part of VALID.
Your whitepaper states that only a fraction of every dollar spent is actually paid to the advertisers (44 cents). This of course is a very unsatisfying situation for advertisers and publishers alike (excluding the SOM behemoths that make large sums of money). Adding to that there is a large amount of scam being conducted in advertising with the use of bots.
How does VALID protect itself from being a platform that is targeted by spammers and how do you aim to attract publishers and advertisers to use your platform specifically?
Indeed, our White Paper refers to studies pointing to the fact that for every advertising dollar spent, advertisers only get 44 cent of value for their buck, the rest being “wasted” on intermediaries, such as data brokers, “optimization” platforms and so on. With VALID, advertisers — companies who sell products and services — are guaranteed direct access to a pool of users that perfectly match their audience filters. The fact that this access must be deliberately granted by the user will make it nearly impossible for spammers to abuse the system. As a user, you simply wouldn’t allow spammers to access any of your data.
As to your question relating to the demand side of the equation, we’ll make sure we have a platform that’s attractive to publishers and advertisers. We’ll address this using a three-pronged approach. Firstly, by the time VALID is fully released in about two years’ time, we can expect our core eID+ solution to have been rolled out to a significant number of users, not just here in Switzerland, but also internationally, creating a pool of potential VALID users. Secondly, thanks to our ITO-related marketing efforts and other initiatives, we have already built up a sizeable community of people from around the world who believe in our vision to design a solution that swings the balance back to the ordinary citizen. These early adopters, whether coming from our eID+ solution or from our growing VALID community, will constitute a healthy user base and a corresponding supply of data. With this alone, we hope to be able to convince data consumers of the merits of our proposition: transparency and fairness for both the demand and supply side, and a very efficient way of obtaining targeted, high-quality data. To further boost the use of VALID, we have a third way to attract paying data consumers. We have allocated a significant portion of VALID tokens (thirty percent) to incentivise data consumers to use the platform at an early stage. It will give us the means to let data consumers test our solution at lower rates, while still making sure the users are being adequately compensated.
So by eliminating the middlemen in the trade of personal data (for advertising and other uses) you really empower the user. On the other hand by attaching a monetary value to it (in the form of rewards) don’t you run the risk of getting those really in need to kind of “prostitute” themselves and maybe make decisions that are biased by monetary rewards?
I look at it this way: technology is making it easier for ordinary people to access a market that did not exist before. This represents democratization. Some people will access this market solely for monetary gain, that may happen, I agree with you. But that’s the essence of a market place. VALID will, however, create transparency and fair transactions. If you’re a twenty-year-old male, you won’t be able to participate in market research for middle-aged women purely for financial gain. A reputation-based system will further help identify, sanction and even suspend potential abusers.
In your use cases you mention a case where the described subject takes place in a pilot project by a health insurance company. He provides fitness tracker data to them and gets a reduced monthly insurance premium. The model of providing health data from trackers to determine insurance premiums is already on the threshold — at least in Switzerland — but besides unsolicited data collection this leads to a de-socialisation of the insurance industry. Even when you enable customers to opt in voluntary that might have the consequence of insurances expecting customers to provide this kind of health data. What is your answer to that problem? Do you think VALID might be the lesser of two evils?
The use case you are referring to, with the insurance premiums tailored to the individual based on user-generated health metrics, is not something we are necessarily advocating, but we use it to illustrate how our platform works. VALID will make this use case possible, but we won’t define or limit the specific use cases the platform can be used for as long as they are in line with the rules of the VALID market place and comply with data privacy regulations.
Finally I have a question about VALID being established on the Ethereum blockchain (and using a ERC20 compliant token for the ITO). What were your reasons for choosing Ethereum (and not NEM or Cardano for example)? Do you think scalability will be granted by development of the blockchain even if there is another wave of CryptoKitties or worse?
We have chosen Ethereum because this technology has proven to be both safe and scalable in a large number of ITOs. At the same time, it offers a variety of other features, such as smart contracts that are crucial for our project. No other smart contract platform has sustained similar levels of traffic as Ethereum and with the introduction of proof of stake and sharding we expect that most of the issues can be solved. Furthermore, the ERC-20 standard allows developers of wallets, exchanges and other smart contracts to know in advance how any new token based on the standard will behave. But we consider this as our starting point and we are ready to adapt to emerging standards in the future if they prove to be suitable for our use case.
Last but not least — and on the less serious side — when moon?
Seeing our project becoming successful is obviously our ultimate goal. VALID is a non-profit initiative, aiming to give back the control over personal data to the individuals who are using it, which can be all of us. As our solution spreads across the world onto people’s smartphones, we’d love to see the VALID token appreciate in value. But our primary motivation is to solve a real issue here on earth, rather than engage in space travel. We’re quite happy to stay on this amazing planet for now.
Dear Danny thank you very much for taking the time and answering my questions! I wish you all the best for your project — I will follow your progress closely. Your data your asset!
Thank you for reading — if you liked what you read, feel free to share, comment and follow me. Also feel free to suggest any improvements and corrections to the article in the answers below! This article is work in progress and might be altered within the following days and weeks.
For extra “thank yous” here are my donation addresses, buy me a coffee:
- XEM: NDYKAE-YR3YCV-NOO36B-KSH5OC-N6KFV2-CLABPX-LBS6
- ETH: 0x762bd7dcd23aec62d1a5bd3e3b2b57bb1b64026d
- BTC: 1HKjfeVFHzLKUR2THCecTrvcedF9czKxtC
