[MUSIC PLAYING] Welcome back. A little concern going on after a break, but most of you are back. So who are you? If somebody ever asked you, who are you, how do you answer that? How do you show who you are? Well, it really depends on who's asking, right? Because who you are is a lot of different things to different people. So you can imagine at the border, if you're coming in the country, they want to know who you are. Handing them your driver's license isn't enough, right? They want to see a passport. If you get pulled over by the police and you pull out a credit card, that's probably not what they want to see unless it's in Alabama. But otherwise it's not. They're going want to see your driver's license.
So we all have identities to identify who we are dependent on what we want. But they're endless. We get them. Every day we have more. You want to watch Netflix, you want to watch Hulu, another ID, another ID. At work you have at least one, if not multiple that you deal with at work. Within government we have it, within the commercial space we have it. We have this endless properties of me. Now there's only one me, but yet that one me is the cause of hundreds, maybe thousands of identities. And so this is the challenge that we have. Why can't we solve this?
Well, there are programs or processes, work in place to solve this on a global scale. It was referenced this morning in Martin Kuppinger's presentation. He talked about this idea of a decentralized digital identity. Now there are really three key goals behind this program that's being looked at. One is to create something that's portable and verifiable everywhere. It doesn't require one entity or different agencies or governments or anybody to be involved. It really is universal.
It needs to be able to be accessed or used across multiple applications without requiring a single centralized identity store. No more having large entities having all the information about us stored somewhere in a database that can be hacked. That needs to go away. And control needs to be given to the person who owns the identity to when information is shared, withheld, and when it is forgotten. The United Nations had a recent program called the ID 2020 that is focused on this and views this idea of a digital Identity as a basic human right. Well that sounds fantastic, doesn't it?
And this is? Leila Dallas Multipass. Leila.
She knows it's Multipass. Leila Dallas, my wife. We're newlyweds. Just met. You know how it is. Bump into each other, sparks happen. Yeah, she knows it's a Multipass. Yeah, anyway we're in love.
So this idea of universal identities is not new. This has been a thing of science fiction for years, the idea from The Fifth Element of the Multipass. Other ones you've seen things that are injected under the skin or the movies where they have things tattooed on the side of you somewhere that provides your identity digital. So that's been around for a long time, this concept, but now science fiction is actually moving into the realm of reality. We are on the cusp of having this global digital identity.
Gartner estimates that by 2024, just a couple more years, we will have established standards that will emerge in the market to support this capability. And we can see the work going on right now. The World Economic Forum made the point that every person should have a unique digital identity to access everything, whether it's economic, social, or political, in the world. Of course, I mentioned the United Nations and their program viewing it as a key human right.
A couple of things going on here within the EU. The European Commission has the once-only EID, trying to establish a digital Identity within the EU. You may be familiar with that. And even in China they're in a process right now to transition all of their identities for their citizens from physical to digital identities over the process. And this is just a touching base, but you can look at almost any large organization, whether government or commercial, and they're looking at this concept of establishing more of a centralized identity.
But now let's take a step back. OK, we got this idea. What does it mean? What is a decentralized digital Identity? What does it look like? How does it work, Technically so we'll break it apart. The first element of this process is a digital wallet. It is where you store, secure, and manage your digital identity information. Typically today what it is, it's an app on your phone. That's what it looks like. Now, the thing about the wallet is it's not tied to any commercial organization. It's something that's unique to you. You own the wallet and the information that goes in it. But it's a lot like a physical wallet, so you control what goes in it, you control what you share out of your wallet, but you actually don't own the credentials in your wallet, right?
You may have a driver's license your wallet, but you really don't own that, the government agency that gave it to you loans it to you but can revoke it from you any time they want. And so many of the things you have. If you have a credit card, that's something that's loaned to you but can be revoked any time they want. So it's the same thing with the digital wallet. You will have credentials that you will store in it that are on loan to you, but the agency that provided you that can revoke it if they have reason to. And so that's kind of the basic element.
Now, all of us have probably seen or maybe even are using today a prime example of a simple digital wallet being used in commercial aspects for a lot of parties, the Apple Wallet. I don't know if you've ever begin to use this, but it's more than just putting your credit card in there. Your Apple Wallet today supports obviously credit cards and banking information. In my state, in Maryland, we can put our digital driver's license now in our Apple Wallet. You can use it for employee, student IDs to authenticate, loyalty cards, public transit.
How many of you used your Apple phone for airplane tickets? that's. What I use now. I go in there, I just provide that. I put it in my digital wallet and provide that here. So that's an example of the beginning of using a digital wallet to store credentials and digital information unique to me that I control. And then I can issue out to people or show them as it needs to be. So that's the first concept. We already see the digital wallet process is already in play.
The second element to it is these three types of entities, users, if you will. You have issuers, holders, and verifiers. It's a basic concept. So the world of a decentralized digital identity and issuer is someone who provides a digitally signed credential. It could be a government agency providing you a license. It could be a financial institution providing you some sort of credit or banking information. That's an issuer. The holder is you. It's the person who holds the credentials and uses that as part of their wallet and their digital identity. And then the verifier is the third party that we would present our credentials to when they need to see something related to us, some aspect of our identity.
So those are the three key elements that make up this decentralized digital identity. What's the next piece? Well, a next key element is blockchain. Now I'm not going to go into-- if you don't know what blockchain is, that's a whole other-- We had a session a couple of years ago on it. That's a whole session of itself. But you are familiar with it to some extent. That's the backbone of cryptocurrency. And the key thing's a blockchain. While blockchain is kind of key to cryptocurrency, it's also a key technology used here in this idea of decentralized digital identities. Because what is it? Well, it kind of becomes a growing list of records called blocks that are used to store information securely.
And the beauty of it is it's readily available everywhere, any time. It's not like a database that you have to go and authenticate to get the information from. That's what we're kind of traditionally used to. But instead, it's an openly accessible digital piece of code that we can have anywhere with us at all times. We can have it in our wallet. We can have it anywhere. It's accessible all over the place.
So that becomes the basis the database, if you will, where we're going to store the basic information required to do transactions with digital identities to do that. And the beauty is it's tamper proof. Because each block is tied to other blocks. If you tamper with one, it becomes readily evident, so you can't really tamper it or hack it.
Now the other thing is, OK, so that's the blockchain is the database, if you will, that we're using behind this. What do we put on the blockchain? Well, what you don't put on the blockchain is private information. You don't put your credentials on the blockchain. You don't put any personal information about yourself on the blockchain. That's not what its purpose is. The blockchain's purpose is you have those three entities: you have the holder, the issuer, and the verifiers. And what they store on it is each one creates a digital ID number, kind of like your own unique ID number that you sign with a private key that links it to you. And then you have your public key, which is used in the encryption process, that you then publish on the blockchain. So you basically have your ID and your public key for encryption on there.
And everybody does. The verifiers have them, you've got yours, the credential providers, the issuers they have theirs. We're all putting it on there. So this blockchain becomes this huge, universal, easily accessible database that has everybody's ID on it. Just an ID. Not any personal information, just your number and your key used for cryptography. And it's all stored on there. So we can all interact by looking at that.
Now, how do we pull all this together? So here's a real simple example of how it would work. A common transaction. So you have some government agency, maybe in the States the Department of Motor Vehicles, and they issue a driver's license. And they issue it digitally to me. So in Maryland I get this digital driver's license and I put it inside my wallet. So now I've got this credential from the state identifying who I am and that I can drive. Some basic information.
And so I'm the holder. I take my credential with me and I go to purchase alcohol. Now although this doesn't happen to me very much, I purchase alcohol, they never asked for an ID. My wife all the time still. She looks way too young to be purchasing alcohol. I just say that because she's sitting in the front row and I have to get some brownie points. But no. So you go to purchase alcohol and now the store there, the verifier, wants me to verify my age. In the States it's 21. I know here in Europe it's what, eight? But you have to verify your age in order to purchase alcohol.
And so what I do in the digital world is I present my digital driver's license to the verifier. They go on the blockchain, and what they look at is they look at my ID. Yep, there's Bruce. He's on the blockchain and he says he gave me this credential. Yes, a credential is signed by the state of Maryland and the blockchain on there validates that it is correct. So the information he's given me is valid and then I can verify my age. And once I do that, I then go and say, yep, he's able to purchase alcohol. All in a simple process. Not much unlike today with a physical driver's license, but I do it all digitally.
And the way I verify that the information I'm giving them is correct, if they go on the blockchain to look that I'm correct and the information I'm getting has been validated as correct too. They can do that by using the cryptography information on the blockchain. And so that's the way we do it. And I can do it with any transaction to do this between two individuals.
Now there's a couple other key things about-- That's the simplistic part so far, but there are some other key elements of this type of digital identity. It's the concept of zero-knowledge proof and self-sovereign identity. So what are these things? So self-sovereign identity is the idea that a person's digital identity should be yours and yours alone. You control it. This is not something that a credit card company controls, or a credit agency controls, or even a government entity controls. You have full sovereignty over your information, which means you control who you share it with, when you share it, how much you share, and most importantly, when you can demand that it be forgotten. So it's no longer kept in some customer database somewhere.
Contextual integrity. This is the concept that I only give the needed information I have to based on the context. If I have to go to a hospital or medical provider, they need to know maybe my age and my weight, but they don't need to know my financial records probably. Although in the States they probably do. But if I go to a financial institution, a bank, to get a loan, they probably don't necessarily need to know my weight. So I don't need to give everything to everybody. I just need to share what is related to you. So contextual integrity says I only give you the bit of information you need based on the context.
This ties into this idea of zero-knowledge proof. Zero-knowledge proof says I should only have to be able to give you the absolute minimum information in a simple way without giving you all the information. So an example of how this pulls it together. That transaction I did, I'm going and purchasing alcohol and I go and I share today what I'm sharing, my driver's license. And the person looks at my driver's license and they're going they see my weight and my age and my home address and all this information about me. Do I wear glasses or contacts? They don't need to know that information. And most time they could care less.
But the thing is, I'm sharing way too much with this person behind the counter. All they need to know is, in the case of the United States, am I 21? They don't even need to know my birthday. And half the time they're looking at it, they don't know how to calculate the birthday off of it anyways. They're trying to figure it out. All they want to know is, can you prove to me you're 21?
So that's where the zero-knowledge proof comes in. In a digital world, the way that transaction would work is I would have a token, an element tied to me, maybe established by the same Department of Motor Vehicles that gave my driver's license that has a token that says yes or no I'm over 21. And so then when I do that digital transaction, all I do is show them the token that says yes, I'm 21 or over 21, and they verify that. That's all they care about. I don't share any other information. I don't share my name, my birth date, or anything with that. And so that's a big advantage of digital identities versus today the paper ones we have is we can really limit exactly what we share to who and when.
[GUNSHOT]
[MUSIC - "THEME FROM THE GOOD, THE BAD AND THE UGLY"]
The good. The bad, the ugly.
[MUSIC - "THEME FROM THE GOOD, THE BAD AND THE UGLY"]
So the good, the bad, and the ugly of digital identities. And that's what we're going to talk about here. So we understand the concept. It's pretty straightforward about how it all is going to work, right? But let's talk about the good, the bad, and the ugly of it. Let's start with the good. It's actually being used on very large scale today very successfully. The UN World Food Program has a program called Building Blocks that uses it to assist over a million refugees. And it's a really successful program. They've created this concept using blockchain and digital identities to provide services through the United Nations.
Now a specific example of it is through refugee camps. One of the challenges the United Nations faces when they establish a refugee camp is identity. They have hundreds, maybe hundreds of thousands of people coming into a refugee camp, often with nothing more than the clothes on their back. They don't have any way to create or bring with them identities, digital or otherwise, to the camp to prove who they are. But yet now once they're in the camp the United Nations takes on, well, how do we provide services to each Individual how do we keep and identify each person and provide services, medical? And one of the things they do is how do I provide the ability to give them money so they can use that to purchase essentials, food, and other essentials they may need?
So what they've done is they've used this whole process using blockchain technology and digital identities. When they come into the camp, if they have no other form of identity, they establish one for them. They record the information about the person and they establish it based on biometrics-- their fingerprint, their retinal scan-- and that's how they tie in and create in the blockchain a digital identity that ties to that. Then they also create a digital wallet. And so the UN will put in the camp funds into the digital wallet that they can then go use at the refugee camp store.
And all they need to do, and they're able to do it on their own with full dignity and of self-ability, go to the store. They can purchase what they want. All they have to use is a fingerprint or their retinal scan. It automatically looks up and knows how much they have on their account and they're able to make purchases. They don't have to fear somebody losing their money, having somebody steal their money, or having somebody somehow extort them. And so this has been very successful. It's fast, it's efficient, it's secure, it's reliable. It's an excellent example of how a digital identity could be deployed and helped in a global scale.
So that's a good example. Now let's talk about the bad and some failures we've seen. One country establish a National Digital Identity, but the problem they ran into was the ability to get the digital identity. So what they created was initially it was a combination of physical and digital. They created a digital card, has a 13-digit unique ID number on it, and on there would have a photograph and their signature, but also had a microchip that would have their biometrics on it, their scans of fingerprints and their digital information on that. And that's what they would use for all their citizens.
Now, the challenge was-- this was critical, they had to have this. They moved to this and this is what you're going to use if you want to go vote, access government benefits, public schools, health care, open a bank account, even apply for a job you've got to have one of these within this country. The challenge was, when they initially established it, in order to get this initial card that you have to do to do anything, you had to prove your identity. And the way you proved it was by presenting your father's identity.
Well, there are millions of people in this country raised by single moms who don't know or have access to their father's identity. So what happened to them? Nothing. They had no ability to get access to one of these identities, which blocked them out of all the services and they were stranded. So that was a huge issue that they need to work through.
There's even a worse in another country. This one is the world's largest digital identity program today. Over 1.3 billion identities are managed by this government. Now it is successful in many ways and it's actually really elevated a lot of the technology. But the challenge has been is that while people are able to get a digital identity, sometimes the systems fail and their access has failed. And there are several key ones that are recently reported. One was a man reportedly died of starvation because his family went to go get rations of food but the system that was used for the biometrics wasn't working. They weren't able to get their food rations. He ended up starving to death
Another case was 11-year-old girl who starved to death because in this case, the family had a ration card but they had to tie it into this new digital identity to use it. And they missed the deadline and it was no longer valid. They couldn't get their rations. And the worst, most egregious one was a woman and an 11-month-old infant that went to multiple hospitals seeking out health care but each time was refused because they lacked an identity card and subsequently they both died. Now that's a worst-case scenario. But it does show that a system that relies too much on the digital identity, if it fails, what happens to the people that are relying on the digital identity? It can have very bad results.
Then there's the ugly. The ugly or what are the potential abuses of a digital identity? Well, there's a couple examples of things that are being questioned today. One was a municipality that was very high tech. They have cameras throughout the whole city tied to an AI system and are able to do facial recognition on any person that walks around the city. Well, they had a problem. They thought it was rude for individuals, and I guess it was common there, to walk around the city in their pajamas.
And so what they did was tied the digital identities, they had on their citizens with this facial recognition and AI and would identify any citizen in their pajamas out on the streets and then publish it publicly for everyone to see who the person's name was, their address, and a picture of them in their pajamas. Again, the goal was to shame them to stop them of the practice, but again, what are the privacy concerns? What would you think if that was being done with your digital identity?
And this is another interesting one. And this is a two headed coin, if you will, about good and bad or risky. It's the Central Bank Digital Currency, CBDC. You may have heard of it. If not, you will hear of it. The G7, those countries are the ones that are initially pursuing this program here. Now, what is it? It's a government backed digital currency linked to a digital identity via blockchain. Now the goal is pretty cool. The goal is to make payments faster, cheaper, and safer. It's kind of like you have here in the EU you have the euro, which makes it so much easier now to do commerce when you're going between countries.
But imagine the euro concept but on a global scale and digital. So now you could literally go anywhere in the world at any time and have access to finance to do financial transactions without having to worry about currency conversions or what the local currency is or anything. The transactions can all be done globally through a digital identity tied to you very easily and safely. So that's pretty good. 9 countries are involved in the development of it today and have programs where they're actually working on this and deploying it. There are 80-plus others that already have initiatives. And probably every country here probably has an initiative, I know the United States does, to begin looking at how they're going to implement this.
Now this is all pretty interesting. It's pretty exciting. But there's one thing, they talked about it and the Bank of England mentioned here, is that programmability is a potential feature of the CBDC. Oh, that's interesting. What's programmability? Well, they defined it there. It tells you what programmability is, and they gave examples. Programmability is allowing a party in a transaction, such as the state or an employer, to control how the money is spent by the recipient.
How might that be used? Well, it could be used. We're working on global warming, climate change. How can we interact with that? Well, an agency or state might decide that you've got a really nice house, you've got some great cars, and I know you're looking to buy that boat, but you with all that stuff and now that boat, you have a little too much that you're affecting the climate, so we're not going to let you buy that boat. That's too much for you.
Your employer might be concerned about your health. They want the best health care for their workers. Healthy workers work better, sick less days, less impact on it. So they're worried about what you eat. And Bruce, you've been eating at Burger King too much this month. We're not going to let you get Burger King next week. It's too unhealthy for you. Now you can see that those are altruistic goals, right, and they look like viable ways to help deal with some problems. But it comes back into where is our privacy? Everything I'm doing financially in this system is now monitored and controlled. They know everything, and every way you might want to spend your money, someone's going to know about it.
And they also have the ability to impact or control and determine how you choose to spend your money or not. So what are the privacy concerns? What are the terms of freedom here? So again, these are issues that aren't worked out yet. These are just the ugly of could it be abused? So this is what we're looking at in the grand scheme of digital identities.
[MUSIC - "THEME FROM THE GOOD, THE BAD AND THE UGLY"]
[GUNSHOT]
So that's the good, the bad, and the ugly of digital identities. What's going to happen? Well, we hope the good is going to take out the ugly and stop the bad from getting any worse, right? That's what we hope. And hopefully that will. We've looked at what these things are. The good of the systems are pretty obvious. It's a portable, verifiable way to everywhere to control information, how it's shared, withheld and forgotten. And we've been talking about this on a global scale, but even in an enterprise scale. Imagine again with a global digital identity you can use the same identity whatever job you go to. If you go from one job to another, you use the same identity that's used to log in and authenticate at work to access any resource.
In the personal life, everywhere you go, every website, everywhere you have, you don't have to memorize or have separate types of logins or authentication. You have a single digital identity across that, as well as government agencies. And wherever you travel in the world, everything tied to a single you. That would make life so much easier and more powerful, and that's the good it brings.
The bad? Well, we know probably better than most people, being in the world of IT, digital systems can and will fail. So systems that rely upon a universal digital identity, what happens when that system fails? Are there safeguards in place? We saw some egregious examples of where it can actually cost people their lives. And the ugly. Technology can be used to limit privacy and freedoms. That can be a concern. Policies need to be considered and put in place before this is fully implemented.
So now is the time to begin thinking about our own identity. We need to resist the idea that we must give any information to any authority that requests it from us. We need to push for changes within the system that will protect your and my identity. And we need to go back to the basic freedom that was obvious before the modern age of technology is that we personally own our own Identity. Thank you.
[MUSIC PLAYING]
25:13