Embed Size (px)
Citation preview
Forging Self-Sovereign Identitiesin the Age of the Blockchain
Milan Bitcoin Meetup (April 11, 2017)#RebootingWebOfTrust
Christopher Allen• The Past: Cryptographic Trust & Internet Privacy Pioneer
– Enabled PGP, Digicash, Red Hat, etc. with cryptographic tools– Co-author Consensus Development’s SSL 3.0 reference implementation– Co-editor of IETF TLS 1.0, world’s broadest deployed security standard– CTO Certicom, early smart contracts work– VP Developer Relations, Blackphone / Silent Circle
• The Present: Blockchain & Identity Architect– ID 2020 Board Advisor, United Nations Summit on Digital Identity– #RebootingWebOfTrust Design Workshop (semi-annual, next in Paris in April)– Principal Architect, Blockstream
PGP: FDA6C78E
Blockstream• We believe in trustless and permissionless systems
– “Liquid” sidechain for capital efficiency & liquidity in Bitcoin exchanges• Supports Confidential Transactions (CT) between parties• Alpha testing now
– Open source “Elements” sidechain project• New release supports both CT and new Confidential Assets (CA)
– Green Address Wallet / LibWally supports Bitcoin, CT & CA
• We believe in fairness and accountability– Interoperable markets and many blockchains– Trustable and secure fiduciary transactions across multiple blockchains
Trustless & Permissionless• “We believe in trustless and permissionless systems”
– Trustless does not mean “No Trust”• Instead trust in people isn’t required — trust is inherent to system
– Permissionless means censorship-resistant • No one can be denied the ability to participate
• Why? These support freedom of association & anti-coercion
“Economic freedom is an essential requisite for political freedom. By enabling people to cooperate without coercion or central direction, it reduces the area over which political power is exercised.” — Milton & Rose Friedman
Blockstream & Fungibility• “Trustless & Permissionless” means Blockstream cares deeply about
fungibility– “Fungibility—the property of a good or a commodity whose individual units are
capable of being substituted in place of one another.”• Bitcoin currently has fungibility issues
– Bitcoin is a public ledger: fingerprinting & metadata can allow tracing– Some exchanges and wallets are using tracing services to track four hops– Other people’s actions, through no fault of your own, could result in loss of
access to funds, thus your coerce against your freedom to associate• Blockstream is actively supporting efforts to increase fungibility
– Coinjoin, Lighting Networks, Ring Signatures, MimbleWimble, more.
Blockstream & Fairness• “We believe in fairness and accountability”
– Marketplaces need to be equitable & just — all parties treated equally– All should be defended against undue financial risks & non-financial losses– Those in positions of authority have fiduciary responsibility and thus are
accountable for their actions to those that whom they have authority over– Technology doesn’t coerce the powerful to be accountable, the economic
majority are attracted to those who offer accountability– The tools for fairness and accountability include openness, transparency, and
consent
“Freedom is a rare and delicate plant. Our minds tell us, and history confirms, that the great threat to freedom is the concentration of power.” – Milton Friedman
Balancing Act• Fungibility vs. Accountability
– We desire to balance need for fairness and accountability against the need to prevent human rights abuses and the right to be able to freely associate
• When these needs conflict, we err to preserve the freedom and rights of the individual over the needs of the group. Put another way, we believe in accountability for the powerful, and privacy for everyone else.
“Absolute freedom mocks at justice. Absolute justice denies freedom. To be fruitful, the two ideas must find their limits in each other.” – Albert Camus
Bitcoin• I chose to work with Bitcoin & Blockstream because of this balance
• Bitcoin is trustless & permissionless, leading to non-coercion• Bitcoin is censorship-resistant, supporting freedom of association• Bitcoin supports coercion-less accountability
• Parties cannot be forced to reveal personal or confidential information• Parties can choose to reveal information without hurting security• Parties can offer zero-knowledge proofs to support fairness
• There are existing & emerging threats to this balance • Fungibility 👆• KYC / AML and duplication of personal KYC info• Walled Gardens (Coinbase, Vulcan, etc.)• Identity on the Blockchain 👉
Identity on the Blockchain• Identity of the Blockchain is a two-edged sword
– Best: Hold the powerful accountable for their actions– Worst: We weaponize identity as a tool against the powerless
• Blockstream has no identity product– However, we have privacy & confidentiality enabling crypto tools, including:
• Confidential transactions; zero-knowledge transactions; crypto blinding• We wish to be part of the growing dialogue about Identity on the Blockchain
– For if we do not speak, solutions may emerge that don't meet our high standards
– We wish to learn together how to better create appropriate solutions
Why now? Human Rights• United Nations goal 16.9. targets legal identity for all by 2030
– Estimated 1.5bn people without a legal identity, 230m children under 5 yrs– 60m stateless people and refugees
• Aadhaar Card Registered ~1bn Indian citizens– Violates some best practices of over a decade of first-world identity work– Few laws against profiling, discrimination, abuse by law enforcement, etc.– Biometric abuses — you can’t revoke a fingerprint
• In WW II, more Jews died as % of population in Holland than in Germany• The same tools we use to protect a buyer, seller, trader, auctioneer, or a make
a marketplace fair & transparent can also be use to defend the helpless!
Why now? GDPR (European General Data Protection Regulation)
• Begins May 2018, fines up to the greater of €20M & 4% worldwide annual turnover, reduced to 2% for “appropriate measures”
• Privacy– Any data on identified or identifiable natural persons
• Including reversible pseudoanonymous data• Consent
– A record of clear & affirmative consent, specific & unambiguous, no defaults– Consent and data available to subjects, free, correctable & reversible– Subjects have the right to port data for themselves or to a new service
• The same confidentiality tech for blockchains can be used for data privacy
Why now? The Rise of Xenophobic Right
• Many countries today are experiencing pressures from xenophobic right parties– Turkey (Erdoğan)– Poland (Kaczyński)– Great Britain, (May)– USA (Trump)– Hungary, Greece, France, Italy & many more!
• Once some groups have succeeded in gaining power, actions have been taken that “normalize” discrimination or encourage followers to abuse human rights
• Some have begun changing laws to allow more authoritarian practices– Trump in USA has attempted executive orders to discriminate against Muslims– Erdoğan in Turkey has been arresting journalists, academics & critics. Next
week’s constitutional referendum vote decreases role of parliament
Self-Sovereign IdentityEvery individual human being is the original source of their own identity
Identity is not an administrative mechanism for others to control
No one may charge rent or be able revoke another’s identity
Each individual is the root of their own identity, and central to its administration
The role of names, citizenship, licenses & other credentials should be distinct as “verified claims” offered by their issuers, not as identifiers of a human being
Self-Sovereign Identity PrinciplesExistence: Users have an independent
existence — they are never wholly digital
Control: Users must control their identities, privacy or celebrity as they prefer
Access: Users must have access to their own data — no gatekeepers, nothing hidden
Transparency: Systems and algorithms must be open and transparent
Persistence: Identities must be long-lived — for as long as the user wishes
Portability: Information and services about identity must be transportable by the user
Interoperability: Identities should be as widely usable as possible; e.g. cross borders
Consent: Users must freely agree to how their identity information will be used
Minimalization: Disclosure of claims about an identity must be as few as possible
Protection: The rights of individual users must be protected against the powerful
#RebootingWebOfTrustDecentralized Identity
Design Workshops& Community
GOAL: Create the next generation of Web-of-Trust“To influence the future of decentralized trust and self-sovereign identity through the establishment & promotion of decentralized identity technology. This is done via the collaborative creation of white papers and specifications & by public presentations of these ideas.”
November 2015 — 1st Design Workshop
November 2015 — 1st Design Workshop
5 White Papers
A plan for the community
May 2016 — #ID2020 United Nations
May 2016 — #ID2020 United Nations
#ID2020 Takeaways & Requirements
May 2016 — 2nd Design Workshop
May 2016 — 2nd Design Workshop
#ID2030 White Papers
October 2016 — Third Design Shop
October 2016 — Third Design Shop
April 19th 2017 — Paris Design Shop!
#RebootingWebOfTrustSeeking Sponsors!
$25K Platinum SponsorshipYour logo at the top of sponsor logosAbility to nominate two technology participants to Design Workshop
(cryptographic and/or fintech experience required!)Opportunity to speak to public during post-workshop briefings on results
$10K Gold Level SponsorsLogo on all materialsAbility to nominate one technology participant
$2K Silver SponsorshipSame as Gold, but limited to pre-revenue or pre-VC entrepreneurial startups
#RebootingWebOfTrustSeeking Volunteers!
Identity ProfessionalsParticipate in our online community & events to establish decentralize identity
Editorial & DocumentationHelp us make our resources more accessible to the broader community
Event MarketingWe need help with reaching out to sponsors and attendees
Event FacilitationOur events are highly facilitated, we can use writers, graphic recorders, etc.
How to Participate in Community
Website: WebOfTrust.info
GitHub: github.com/WebOfTrustInfo
Slack: WebOfTrustInfo.slack.com
More Info: [email protected] or [email protected]
Submit Advance Reading Topics (1 or 2 pages) for:Next Event: April 21st, 22th & 23th at Microsoft in Paris, France
(before IEEE Security & Privacy and Security & Blockchains)
Following: October 3rd, 4th & 5th, 2017 at IDEO in Boston, MA, USA
