So nice to have you with us. I know it's late in the afternoon, the later the day, the more difficult is it with this discipline, but I'm the moderator. I have to look at the clock and we now have an very interesting last panel here where we talk about FinTech, InsureTech, supply chain automotive use cases where blockchain meets IOT and identity. As far as I know, and at the beginning, I would like to hand over to Catarina and start with the introduction of the, yeah.
Of the, of the off the panel, please. Yes.
So I ly ask you to introduce yourself quickly. Each of you, please tell us what
You do here.
My name's Dave Miller. I work for CIN. We provide connectivity services for automotive healthcare, many other places, and I'm the chief security officer.
Hi, my name's Emma Linley. I'm the CEO of a small consultancy called innovate identity. Everything as the name suggests is to do with identity we're independent consultant company. We work with banks. We work with governments, looking at use cases in identity and helping them through with them.
Hi, I'm Hans. I'm a consultant at Everett, also an I am consultancy company, and I'm also part of the knowledge management team. So that's how I got involved with blockchain.
Hey, I'm Andrew Nash. I work for a company called confirm that provides fraud alerts and digital identity systems. My background is I used to work for RSA security, so strong crypto kind of background. And I've been playing an identity with people like Tony Nalan from all years. And I can remember, could somebody remove him by the way, cuz we'd have a much
Nicer time.
Hi there, I'm Andy Tobin. I'm a technology strategist. I'm currently helping out various companies, but TeleSign which is a mobile identity company.
I've been advising them on long term identity strategy for a couple of years now, previous experience, really in very large scale transaction processing systems for payments, for banking, for mobile, and also no identity. So that's a bit of me.
And finally I'm Adam Cooper, I'm lead technical architect from the identity assurance program in the UK cabinet office. I'm an identity expert involved in working on the UK's national ID schemes, but also internationally as well and across Europe.
So USSU we have a gorgeous panel.
Yeah, absolutely. Yeah. Catarina.
So yeah, I may introduce
The first question. So today's panel is where needs identity and IOT. And my first question would be for Adam because we've seen that UK government is managing the advent of blockchain.
It's like, like a real business thing and it is quite impressive actually. Quite frankly, it's very, very, from my point of view, it's very, very impressive. So I'd like to have a first overview on, on what UK government and probably your personal feeling is about on blockchain. I UT identity and where those spots meets.
Are you sure you want my personal view?
Absolutely. That's why you're here.
Okay. Let's just talk about the UK government for a moment UK, before we get to my personal act.
Yeah.
So the UK government at the moment is at the stage where it's trying to understand what blockchain actually means. There's a lot of research going on. There's a lot of activity we've done. There's been some sessions run. There are research projects popping up, but at the moment, it's really the case of asking the question, what is this thing? What can it do? How does it fit? What could we do with it for standards?
All, all these questions being thrown around because many cases, the people who are looking at it just don't understand. And there's a big problem there because it's very easy for them to pick up on themes amongst what's happening in the community, talking about blockchain, inverted commerce, and suddenly it can be misconstrued as being a solution without first figuring out what the question is.
So I'm, I'm trying very hard to work with everybody who keeps asking those questions to pull them back to.
I, I live very much in the world of, I wanna understand what the problem is first and although I am, and I'll get into my personal views a little bit.
Now, I, I have some deep reservations about blockchain because it is very immature. There are lots of questions around it that need to be solved. We need to look at certain security aspects. It needs to grow as a technology and it may get to be something that's actually very useful, but at the moment it's not something I would point to and say, I'm gonna build a production system with, and that that's where I have to be because I have to build production systems. I have to design them.
And it's very hard to pull people back sometimes when we're on such a hype curve from what they should be thinking about rather than trying to jump to a conclusion. Sorry, that was a mixture of,
That was absolutely
Government and myself
Very politically correct. You didn't any mistake.
Yes. But perhaps we should give it also to the others. Perhaps some, some statement to what's the maturity of blockchain for real life implementations.
Yeah. Sorry.
That's actually one of the things that, that bothered me a bit when I dove into the topic, because it seems like, I think on Monday it was called the power tool. So it's like, it's one of the tools in the toolbox and it's the latest one. So we all want to use it. So we're looking at it from the bottoms up.
And, and instead of if you would do a workshop, you would also start with the business requirements and it doesn't look like we're doing that at the moment. We're just focusing on, oh, this is so cool without really looking at if this is the right tool for the job. And that's really, yeah, that's really frustrating. If you look at all these great solutions, it's acting like a catalyst to make people think outside the box.
And that's really good because legacy thinking is also not very helpful, but I think we should have our reservations and indeed look at the whole package of all the solutions that we have available somewhere in this way. Yeah.
So I think one of the use cases that I've seen people talking about a lot is in the banking use case of KYC. So going back to our, our last panel, that's not looking at, you know, the kind of refugee type use case, but in, you know, perhaps somewhere like the UK. And I think we can all agree.
You know, there's a lot of costs in relation to doing KYC by the banks.
And I think that, you know, there are ways that cost could be cut out to look at, you know, looking at KYC and looking at ID in relation to the banks around identities that could be federated. But if we look at blockchain, for example, and we look at the issue that particular use case of KYC and banking. So let's just say, I'm gonna pick Andrew and Adam's bank and Emma's bank.
So we've got kind of three banks there and say, we agreed that we were gonna set up some kind of, you know, distributed ledger between us to share KYC information. Well, we could potentially do that. We could potentially do that today, but the question for me would be well, how does, so Adam KYC, somebody, and then that gets shared on a ledger to me, Emma's bank. How do I trust Adam's bank that he's actually done that KYC correctly?
Well, that's a liability issue. That's not a technology or blockchain issue. The other thing is, you know, Andrew KYC, somebody and puts him on the blockchain. He takes all of the cost of that KYC. And then he passes that over to Emma's bank.
Well, who pays for that? How do I, you know, how does Andrew's bank get enumerated? And that's a commercial issue. And I think what we, what I see a lot with the kind of the, the talk about blockchain is, well, it's gonna be this all encompassing solution. And I think within the identity community, you know, there are a lot of more complex issues that we need to solve around liabilities, around commercial models. These are the things that, you know, we need to solve and blockchain doesn't necessarily solve those.
Okay. If you want
Dave. Sure.
Except I wanna come edit it from a little bit different aspect. The interesting point, which is we have to have business problems that are solved and what's, what's, what's very interesting is, but was actually built to solve an actual business. The business problem was I want to be able to have a digital currency that works like a regular currency is completely anonymous, authenticates itself, right.
Is, is, is hard to replicate difficult or impossible. And so the technology works very, very well in a, in the case where what you're talking about is, is fungible assets that you want to be able to move around. There's a lot of discussion that says, but this will work in IOT too. Right? So if you look at vehicles, right? So this ability that problem doesn't exist, right. This idea that says I would like my vehicle to be completely anonymous and allow it to control things on its own, right.
In a quick and simple and easy non replicatable way. There's not a business use case for that. Right.
The business use case normally is I don't want my vehicle to be completely anonymous. I would like the folks, if my car crashes, I'd like them to know where I am and who I am so they can send the police or the, or the fire department. Right. So I think in some cases, the, the concept of using a technology for the point of using a technology as was mentioned before, sometimes I think we do this because it's cool and there's gotta be a way we can use it in other places. I don't necessarily see the same kind of use case that I see in other sorts of verticals.
Yes, please. But I would like to hand over to, to, to, to you, sorry. I have just Andrew. Yeah. Two Andrews.
So, so I can quote it to both. No. What do you think it's a little bit late.
Are we, are we in the situation that we talk about technology and we should talk different things and how do you manage with other projects perhaps you can adapt from other projects.
Yeah. I think you've hit the nail on the head with the hype around blockchain. It tends to be very technologically based and other people have, have talked about framing a business problem.
And I, if I just articulate how I've come to the conclusion, I've come to so far, I've been looking at the identity space for a number of years now and, and recognize that it's vastly inefficient in the way it works. It and the slide from the E M guys I thought was very good that had Amazon in the middle. And then just that there were these centralized entities spending lots and lots of effort pulling lots and lots of data into a big central repository, and then either charging an individual to, to look at that or charging other entities to, to get access to that.
And that seems very, very inefficient. And they, they pay quite a lot of money to, to gather the data.
And it's, it's a big industry to do that.
So where there's inefficiency and that's combined with very high computing power and very high bandwidth, you tend to then get efficiency from that.
So you, you, once you have a, a very ineffective problem, the sort of normal natural laws of that people work out ways using various computing technologies to, to remove that inefficiency. And I think that's where we are getting to with blockchain kind of technology, being an answer to this inefficiency. And what I'm getting at here is the ability for me as an individual to rather than have centralized databases all over the place that I lose track of that have my data in a selling it and doing things that I'm not in control of me being in control of that data.
And for me to be in control of it, the previous approaches have been around creating personal data stores and personal data stores are centralized places where the data goes, but they give you a dashboard to allow you to theoretically control that data. The, the leap that you make with distributed ledger capability is allowing many separate entities to write to a personal data store without having to know who each other are and that data store to be distributed and way decentralized away from a, a single central entity. And that brings a whole number of advantages.
So, so the, the answer that distributed ledger brings to this, this issue of inefficiency is allowing for the first time, many, many separate entities to write identity proofing information to a place that you as an individual can control.
Yes. But to be honest, I, I thought, or I would like to know if you are in your consultancies bringing big organizations to handle problems, how do you solve the problem with this more business questions in the beginning, and then perhaps address blockchain as one of those solutions.
Yeah. Settlement, how much it costs them.
And if they could save 10% by doing a thing, then that is a very big prize for them to go after. And the thing on that they're looking at is using a distributed capability to, to do clearing settlement for them. So the they've identified a very large price to go after. And as a result, they're moving very quickly. The identity market is very fragmented and it's multi-sector, and you know, lots of different sectors have lots of different pieces of skin in the game. So identifying a single large prize to go after is a bit more difficult, I think.
But if you look at say that the UK government verify program, the UK government is paying third party identity providers to give them identity proofing. And they're, let's, let's say it's 10 pound per identity that you're paying a lot of that, that 10 pounds is probably taken up in the identity provider, pulling information from lots and lots of different places. If the identity provider could do that for 10 pens instead of eight pounds, there's a huge amount of saving to be made there.
So, so I think you've gotta be able to frame a, an economic benefit and a prize to go after, to get things moving.
I have a question here. Yeah. So you wanna say something actually, could I I'm so sorry. Andrew was also addressed.
I'm sorry, please. It's late. It's late.
I totally get it.
So, so here's the interesting challenge with blockchain. It's like, it's an interesting little technology and it addresses some interesting problems. I grew up basically in the space dealing with a really interesting technology called the RSA public key tech protocol, technology, whatever wanna call it, which is in fact, much more fundamental than blockchain has ever been. We've been playing with that for 50 years, trying to work out actually how to build business solutions and actually solve things.
And we are just getting to grips with how do we create a mechanism that actually does something that protects us when we wanna share our information in a privacy preserving fashion after 50 years of dealing with this great little technology, but building from that to a solution is an entirely different problem. And one of the things that drives me crazy about these conversations is they kind of go like this. We install blockchain. Step two is we get people to write to it. And step three is we're all billionaires. Part of the question here is
Almost thank you.
I'll have, I'll try harder. Alright. Give me a minute.
So, so part of the question here though, is, so how many of you, I mean, I, most of us have actually seen interesting technologies introduced in all kinds of ways. The big question, whenever you are trying to deploy something new in this kind of space, is, is it a feature or is it a product?
And I think that's the fundamental question we have to address here, which is we have this really interesting little technology and it does great stuff, but then you get into these interesting conversations say, well, you know, the blockchain actually has some real interesting scaling issues and performance problems and you know, a bunch of other stuff they say, no, no, no, you don't understand. We mean, we mean a private group that doesn't have those overheads associated with it.
Oh, oh, well, but I wanna store information. That's fundamentally private.
Oh, well, you can actually have a version of the blockchain. That's not public. That's just private for some people to read, not others. And it's like, wait a minute.
Like, and then you get through the whole question. It's like, so which block chain are we talking about now? And what's the real set of value propositions. So what it really likes to have is actually to clarify some of the thinking we have in this space, it's way too muddy. And we actually don't do a very good job of like sticking to the actual questions. It looks way too much like inventor, blockchain, get people to write to it and we'll work on billionaires. There's actually an awful lot to build in between.
And while I think blockchain has great potential, if I actually have to go and spend a thousand man years to go and build the system that actually does the real stuff, I'm not sure that the blockchain can be credited with the solution
Might be seen different. Yes. Might be so different.
It might also.
So, so I've been struggling for the last couple of days, trying to think about how to cast this in some way that we can actually think about how we address the problem in some sensible way. Here's an example. It doesn't work particularly well. But imagine in the 1980s, if you said, look, we've got this thing called a relational database and it is actually going to totally transform the way the banking industry works. Well.
I mean, you might make, in fact, Pam quite reasonably suggested that that might have meant exactly what was said about relational databases at that point in time. Nobody actually believes that because fundamentally what our issues are about is it's really hard to do some kinds of stuff. Like for example, the KYC example, guess what? Having validated an identity as a bank, the people that gave me the data don't allow me to reuse, I can't publish it. Would banks like to cut the cost of KYC? Absolutely. Why aren't they doing it today?
Cuz I could just send out, I could send out a, a flat file with a bunch of data associated with KYC. So the real questions are, what do we think we're actually solving is a large part of the business case. I think it's important here.
So thank you. That would've been my question. I'm just gonna cut down on time. Wonderful.
But may I, then if this question is already addressed, I, I would like to have the answer of the other kind Analyst Sue. So it's like, because the question I asked myself over and over again is like, is blockchain. Why blockchain? Why not? Any other technology?
I mean, could have could for many use cases, it could be any other technology actually personally, I didn't figure out yet like why blockchain is the one and only thing to use despite, I mean it has advantages and disadvantages, but I don't personally, I don't even succeed in scaling it economically actually. So I'd like to have an opinion about this. Okay. Yeah.
Well it's, it's nice that you look at me, but I actually have
I'm sorry. Same feeling.
Every time I was looking at possible use cases as they were described by other people.
If you start then looking and talking to colleagues and other people, you find out that there are already solutions like the showing only parts only selected attributes of my identity. When I want to buy alcohol. For example, there is actually already a solution on the development at universities that I review my identity card, for example, that's a great piece of development that's going on and that is long before we even talked about blockchain.
So yeah, I totally agree with you. I don't know if there's a
Yeah.
I mean, I think, I think one of the other challenges that we have with the work that's being done around this is it's all commercially done. So there's not a lot of open projects there going. Absolutely.
Hey, we did this piece of research and look what we found out. Everybody really transparently. And I think that's one of the challenges. So all we get is marketing information of PE and people going well, we're doing this stuff now.
You know, I, you know, because I'm interested, go and speak to, to a lot of these organizations and you kind of go, yeah, it's actually quite a long way off actually where the, the marketing information might say it is. And so I think, you know, I mean, I know there's a project that's being proposed in the open identity exchange at the moment. And the great thing about that stuff is that it's all open. I think that's what we need to see more of.
We need to see the nuts and bolts of an actual use case where we've, you know, where this technology's been implied in identity and what the results have been, you know, not from a commercial perspective because that it holds too much back. And that creates a challenge for all of us.
Now I'm, I'm completely with you on this point, although it is an interesting technology,
But, but a, a point was brought up here, which, and so let's just make the assumption, right. You know, you know, if, when we're talking about blockchain, we're talking about distributed ledgers, right? So what is it that distributed ledgers give us?
One of the points that was made is, which is one of the things that a distributed ledger would solve, but it's, but one of the things you said is the reason why it won't be solved is Amazon has the central repository of a whole bunch of information that they use to sell to other folks and make money on the big guys. Their thing is, I don't want, I don't want distributed anything. Right? So for connected vehicle, general motors wants to know where every single vehicle is. And so does, you know, so does VW and so does BMW, right?
This whole idea that says we can anonymize our vehicles in such a way that we don't know where they are, what they're doing. They have no interest in that. They have an interest in having it centralized and be able to manage it centrally and do whatever they want to centrally. This is probably why it has to come from a more grassroots area, right?
The, the, the concept that I've always thought is the only person who doesn't make any money on my identity is me. Everyone else makes money on my identity. So true. I just don't make any money on my identity. And so maybe the business model, which is so antis, Silicon valley is actually to sell.
I saw
That I did is to actually sell, to build something that you sell to individuals and use, right?
So maybe this is a case where blockchain would work is create a methodology that allows me to traffic on my information and let blockchain basically be our distributed ledgers, be the place where I can go to Amazon and say, yeah, for 20 bucks a month, you can know all of this information about me.
Yeah. Would be the opposite to the existing situation at the moment. May I come? I'm sorry.
I was just gonna say, yeah, just thinking about identity, that could actually be one potential use of distributed ledgers is if I can prove something about myself using a distributed ledger, then that might help me get an identity. It doesn't necessarily mean it is my identity. It's just evidence and we can use it in the proofing process. That's what governments are looking for that can trust in the evidence,
But sorry to interrupt, but do we need blockchain for that?
Well, no, come on.
Okay.
I, I think it's a really good,
I think we can cause this panel now what's now the
Next question. I think it's a really good point though.
That, yeah, so it is just a technology and there's other technologies out there that, that can do a similar thing or, or something like it or that could work. So you back to identity again, personal data stores are out there that haven't been there. There's not been massive take up of personal data stores. And part of the reason for that is people don't really understand what they are or why they would use them. And maybe people aren't that bothered that Amazon has all their stuff because they can buy stuff more cheaply and more effectively and quicker.
But possibly there's a, there's a groundswell of privacy awareness coming along that is gonna start triggering people to care more about it. So that, that I call this sort of spookiness level. So how spooky is it that suddenly you're being recommended things and because you looked at some other website somewhere and that spookiness level is increasing, increasing, I think, especially in, you know, this sort of developed world that we're in.
And I think another trigger factor coming along, that's gonna be really interesting is the whole European general data protection regs that have been mentioned a few times. And the it'll be interesting to see how the onus that gets put upon organizations who keep large amounts of data, how expensive that becomes when they realize that they've got to respond to subject access requests within electronic format at no cost to the individual who submits the subject access request at the moment they, you know, in the UK, you can charge 10 pounds. I think it is.
So suddenly you get a subject access request, aggregator Springs up, which is an interesting business model that you, as an individual can go along and say, submit to these 200 organizations a request saying, give me all the data you've got on me. You've got to do it. You've gotta reply in the electronic format. And I'm not gonna give you any money for doing that. And if you have millions and millions of those happening, that's gonna be a significant impact on those organizations. Go on it.
I've got point on that. So another point on that is, is, is also the right to be forgotten as well.
So I think, you know, that's the sorry, if I stolen your thunder, I have. So, you know, I think you're absolutely right. I think it's, it's one of the things we need to consider, but then if you think about a distributed ledger, how do you do right. To be forgotten with a distributed ledger?
You know, I, as a consumer go, well, I wanna do pardon. Be forgotten
From who
That's that and where would I go to, to actually go, well, I wanna make this, I wanna have my right to be forgotten. You know? And if it's distributed across, you know, a myriad of companies then who actually then actions that, so that's a question
You own it. If you own that data, right. What you're telling is the organizations who you've given permission to use it, but they can't use it more.
So, so let's, let's try to like, this is, this is part of the muddy thinking that goes on here. I'm sorry. For example, I've been looking for pragmatic, right?
I've
Been looking for pragmatic use cases in this space, like assiduously, kinda like my search for the ultimate CRE.
Well, one, one of the ones I really like is actually dealing with conflict diamonds, for example, I think it's a wonderful way to actually deal with a problem where you want published something like the fact that the diamonds I'm dealing with are actually good. I don't actually necessarily think as a B diamond buyer. I want the fact that I've purchased that diamond to turn up, but as a starting point, there's an interesting kind of location.
So, but this shows the difference between what I think is validly public information versus informational transactions. I wanna be private.
And in, in this search, I've had other kind of examples. Like, do you realize that blockchain will eliminate the fraudulent transfer of real estate in countries where governments are like bad?
You know?
And, and, you know, there are bureaucrats that can take advantage of you and I stopped and thought about it as like, well, here's the problem. The consensus model identifies that a transaction was validly entered onto the blockchain. It does not tell me whether it was good or not. And so if I, as a, if I'm actually a bureaucrat who wants to deprive someone of their property and I can still get into the front end of the system, that's built to do this and substitute a transfer in there. The rest of the blockchain environment will happily agree that this is now a good transaction.
So there's a distinction here about what it is we are actually voting on in a blockchain context. And it's not about the semantic goodness of transactions, it's that a transaction took place. And that is not actually a statement all about whether it's good or not. Now is the system that actually allowed the in bad or whatever possibly. But that's actually external to the blockchain context. That's part of the system I have to build in order to make this effective. And I think there's some greats for blockchain.
I think for clearing houses, they're actually potentially really efficient Merkel cash trees have been for a long time. Do I need a set of independent peer-to-peer validators of that? Possibly. Possibly not.
But again, remember what's going on here is that we're validating, the transaction was entered correctly. Nothing about the transaction.
I would like to give it to Adam, please,
Just to pick up on a couple of points,
Not
Too long to go, to go back to my, my previous theme about saying that it could be something useful as an evidence chain for identity. It could. And I know I said, dismissively, no, you don't have to use it.
Well, you don't what we have to remember here is that blockchain isn't gonna suddenly replace everything else cuz everything else isn't necessarily broken. So there could be a mixture of, as Andy was saying, Andrew was saying, in some places it might be absolutely appropriate to use. We don't know yet. It might be, we need to do the work on that. So I think that's important. Emma interestingly mentioned, right? To be forgotten. There's also some interesting legislation to remember as well. I mean a nameless consultant came to talk to me not so long ago about it.
Wasn't you actually, cuz that would make you named, but to talk about how blockchain could be the answer fortor digitizing, all of the UK's passport information sounds interesting. Then I pointed out that if by law I changed my gender. I actually have the right to have all of the records expunged that had my previous gender on them. How'd you do that in an immutable ledger? So his answer was, oh, well just change it. So you can do that. Okay.
Then
Not perhaps I won't go for that solution. So it has to be appropriate is my point for the actual requirements.
So I'm bringing it back again to let's understand what the real need is. And in some cases there might be
Sorry. I actually also
Wanted she's she's in the role.
I actually also wanted to respond to your, your level of creepiness. I found it the very
Believe
Speaker 10 00:32:27 Me, you
Creeping creepy.
Speaker 10 00:32:29 I'm not happy sitting this.
Oops, sorry.
But I found it the very interesting comment because that's actually one of the, one of the description I had back at home. Because if you talk about blockchain, one of the often used comments is it's so you can be very private on it. Anonymous. Even the interesting thing there is that it really depends on a generation. You talk about if privacy is even relevant. And if I look at my grandparents who are, who experienced the war, they are really, really careful about anything they share because they always believe the government will misuse it or something will happen.
And if you look at my parents, they started to learn how to use the internet. And they are sometimes ordering something from China, but that's about it. And I'm pretty careful about what I share, but that's maybe because of my computer science background. But if I then look at the current teenagers like this 15, 16 year olds, they share everything online. So why be private about even your internet of things? Why be private about that? You own blend there. If you already showed a picture on Instagram with everyone knows you have a new Blendr.
So I think that that that level, you really discuss privacy, but we also need to keep in mind who we are targeting and, and that's something that I'm, I'm missing in most of the discussions, because if you make something very private, but I decide to open up the doors and show everything. Yeah.
Could I just come back on something you said not, not about this thing, about some like records being expunged.
I, I think there's the thinking we need to, to have here is that the, if you have a, a chain of proofs that you, as an individual control, then you can control which of those are revealed or not revealed. So if you changed gender, for example, you might decide not to reveal anything previous to that point.
You could,
That's not actually what the legislation says though. Legislation says I can have the records expunged I removed. So if you have a record of the change in there, that's actually a record of the previous gender, right?
Yeah, exactly. So, so the question is, is where is it? So I think you're assuming that the, the record is in a centralized database rather than in something that I it's in, that I may be in charge of and can reveal or not reveal.
So, you know, it's a good point about editability of a supposedly unable ledger and also the consequences of information on there. That's wrong. How do you handle that? And you know, this is very embryonic. We need to work out what the answers would be to those. But Andrew has the, so
I'd like your, you bring up a good question. That's not a blockchain question, but it really is.
Is, does inaccessibility mean that it no longer exists? We deal with this all the time with backups, right? I have backup tapes that are all over or even worse. My storage area network where they say delete the data.
Well, is it really deleted? Is it not deleted? It's it's there, but you can't access it. Right. The other thing though, is immutable. And I don't know if anyone's thought about this for a blockchain implementation. So one of the things that we have that needs to be immutable, right? Certainly in the systems that we run are audit logs of access and things, right? So stuff that says you logged in at this time and you consumed this resource and in some of our implementations, I have to make that immutable. I have to prove that it can't be fudged. It can't be, that could be in really interesting.
And oh, by the way, we're talking millions and millions of records a day that two years from now I may have to go back on. Right. That could be an interesting implementation to be able to say, I know that nobody can change it. And even if I have a bad guy in one of the organizations that, so he can't do anything because there's five others, right. That will see anything that happens there.
So I, I mean, I really like your examples, right? Cause they're actually entirely pertinent to the value propositions and the design center for blockchain. Your example has actually got nothing to do with blockchain. It's about how do I actually store staff in ways that's under my control and blockchain at best as a publication mechanism that's associated with this right mechanism, which is, which is great.
I mean, I, I fully support, you know, personal data stores and controls of that sort of stuff. But you know, there, there is this distinction though, right?
Which is, there are validly places that you actually need to keep stuff. But one of the things we discovered with PKI is that we often, as technologists assume a bunch of requirements around stuff like non, how many of you know, what non-repudiation is some of you? How do you know how many of you know that there are at least four types of non-repudiation?
So the stuff we learned from P I, a bunch of us have already forgotten about in this whole space, how many realized, in fact, it turns out we were almost entirely wrong about how many places non-repudiation was actually going to be required in like digital signing. It's like, we assume that everybody would wanna sign their email and, and believe me, I know I was an evangelist for this stuff. Guess what turns out that if you sign it at the corporate level, apart from a few of your executive offices, you don't actually need a key for everybody in your organization.
So there's a bunch of the kind of appropriate aspects of this, which is we can imagine like, and I think your example is a really pertinent one. There's clearly stuff that needs to actually be immutable signed content that you can actually demonstrate over time.
It's a great example. I think Kim Cameron had one about similar kinds of stuff in the context of the cloud. That makes great sense.
But then, you know, there's this other stuff, which is like, well, you know, how, how do I deal with revocation of information in some form? And the design center says you can't that's the design center. So we keep like, we often poke at this stuff around blockchain and say, oh, well, you know, we can have all of the, we can eliminate, we can still have it public and we can eliminate the overheads associated with this by what, you know, cause we still have to do proof of work to actually make the thing. Cause guess what?
The thing is actually designed to be a potentially attackable, if you can't slow down a group of people that want to actually vote on the contents and actually subvert whether or not it's good content, there are very real design aspects that are built into this, that we keep waving our hands over and we'll just like, say, oh, well we'll just have a private group do this. Well, you know, then we don't have real peer to peer interactions. Right?
So again, it's like in all of this stuff trying to like, just keep directly to the point, which is what do I actually get out of it as opposed to what are the changes I'd like to imagine the world could be, is really important part of this conversation.
Okay. But I would like to come back to one of those Resk remarks because we are now really, again, speaking very generally. And what you pointed to as, as far as I understood, is that we are talking about different target groups.
And if we have this modern stuff, method, methodologies in it and whatever we talk about user experience, and we always have this personas and special personal interests of groups we address.
And we shouldn't forget that the new generations think differently,
But I'm sorry, this is actually fundamentally one of the muddy pieces of thinking, what you just described is nothing to do with blockchain, nor does it deal with the fact that if I change my attitude at age 30 to what I have at age 14, if I've built this onto a blockchain that's immutable, you've actually removed the ability for me to actually take advantage of that in the future.
And the reason we have privacy laws about this is we actually often at age 14, 16, 18, 20, or even as old as I am, don't actually kind of know what the implications are. This is not a blockchain question.
Okay. But I would like to, to, to, to, to ask back then than to the panel, because I know there should be some of you thinking perhaps a little bit differently about this, how much should this then solve before we are using blockchain? Because this is very fundamentally Andrew, like you pose it now.
And I think we had, in the, in the whole day we had some examples where perhaps some of those federated or portions of identity might help doing things with blockchain. For example, in the IOT area, I think there was addressed something like supply chain automotive and things. Yes.
You address a very important thing regarding ID, but let's come a little bit to, to the focus of this, this panel two, is there perhaps if you are thinking of your 16, 18 ones or let it be 25th ones, some cases where it makes sense to go for, or would you say from your personal experience then no, don't go for it because it's not clear it's not finished yet.
Yeah. I guess all I was pointing out was what you were referring to as a privacy question, not actually a technology question associated with blockchain. And so that's kind of, that was kind of where we were going with that. Right.
Which is there are different attitudes to privacy. Well, which is totally valid nor we need to solve. But you know, given the context here is actually about blockchain. I think that's what I was trying to bring it back to, which is those are all perfectly valid considerations.
Well, we have to be really, really careful of is we, if we use a technology implementation that is immutable, we actually cut off some of the opportunities to deal with how to solve some of these issues in the future.
Speaker 11 00:42:36 Just so use cases that my suit would not change instead of discussing the ones that won't
To be fair. I think we already
Very, very
Good comment.
So, so we've actually conflict. Diamonds were one we've talked about clearing houses, another, you know, they're actually, we actually talked about a range of these, but what I think most of us have pointed to is the fact that while there were useful use cases, there are limitations about what the expectations should be about that. I think it's part of what the conversation's been.
I'd like to have the feedback. Anyone wants to talk on the right hand of me, if you happy to get some input
Again, I think if we look at use cases, one that is interesting is, is a use case related to voting.
So online voting. Now there's an immutable thing. Once I vote, that should be my vote. That's a transaction. Right? I would love to know that it can't ever be changed.
I, I don't, you know, what's, what's funny is that in again, this is, this goes back to the point of unintended consequences sort of thing. 20 years ago, if this technology had existed, we could say, well, we can all agree that there are some things that are immutable about a person. So those things we could put in a blockchain, like his sex and now we would go, all right, that didn't work out. So right. So we have to be careful about what is immutable and what isn't right to the point of, of things change. Right. But I do believe there are things so, so voting records, right?
How he voted right? Or no.
Speaker 11 00:44:18 No.
Okay. Perhaps
Speaker 11 00:44:21 Voting voting is supposed to be anonymous. This is public blockchain. There is no anonymity. Yeah. There are places in the world where you were killed for
Voting.
Well, alright, can't do it. That is a good point. All right. We gonna leave this panel, figuring out that blockchain is unusable actually
I'm, I'm not, I don't think that's actually what we said.
No,
I don't. I I'm
Just kidding.
Don't figure out what's the case.
Yeah.
I mean, so I've, I've got a question. So who in the room has cash on them today?
Okay. And who in the room has got cards on them? Credit cards. Okay. So when credit cards were kind of invented, it was like cash is dead. No one's ever gonna use cash. And I kind of look at it and go, do you know, it's kind of similar to that because what we end up with generally with things is we go through this hype cycle and then we end up with, you know, it norming out people going, well, actually there are some use cases here, but we end up with a fragmentation of how these things are used.
So our data is blockchain gonna kill databases, probably not, you know, will there be some use cases where, you know, we look at distributed, I don't wanna use the word blockchain, but you know, we use distributed later in the future probably, but we need to see a more evidence scientific based approach to actually understanding what those use cases are and understanding the context in identity. That's kind of what I think.
Absolutely.
I, I do actually think there might be one identity.
Okay.
If, if we, for those of us who saw one, the previous sessions about refugees and proving identity, my view on all of that is that one of the things you need to do for individuals like that is in the first place, give them some kind of footholds that they can coalesce evidence around. You're not gonna give them an identity immediately, but there are biometrics about me. There are things that are possibly immutable about me that just exist. So you can give me some kind of credential and then around that create a chain of evidence that could well be based on distributed ledge technology.
And that would be useful then to take forward and to use, to get other things in life, to start the process of applying for asylum, to start the process of gaining a passport, whatever it might be and a building on that. So yes, there may be parts of the evidence chain that suits that kind of technology. As Emma said, it's, it's a database technology, let's be fair. It's a particularly specialized type of database technology, but that's what it is. And as architects and technologists and business people, we have to look at, well, actually, what's the problem we're trying to solve.
And does that thing fit part of that problem? Yes, it might do.
And that's where we need to go with this.
That's exactly what I've also noticed when you read about the, I saw presentation of a venture capitalist and he was really talking about all the blockchain companies he was investing in. But the interesting thing is that they all seem to mention blockchain without really explaining what they're going to do.
They, they mention a problem, they mention blockchain and then they get, well, a lot of money. They get a lot of money to, to start developing something.
And, and, and a lot of those company websites are empty shells that promise something for, for next year. So I'll be looking forward to a situation where we will be talking about use cases like the refugee use case, which is really interesting, but then talk about it from that point of view and leave the DLT. Like maybe that's part of it, but then just mention it as a side note and not as one of the main topics.
Yeah.
I, I think I completely agree with that. I think you've hit the nail on the head there about some sort of chain of proof that I, I, if you look at some, a vision of the future, which might be that people are getting much, much more concerned about their online privacy, the regulation around data access and consent increases, you end up with a situation where people want to be in charge of their own data possibly to monetize it, but definitely to be in charge of it and be able to track who's using it and stop them using it.
If they want to do that, if you think that might be 10 years out or, or, or even further out, and you, you say, well, how would we get to that situation? And there could be many mechanisms to do that, or which, you know, the existing personal data stores could perfectly well be one of them, but where you have the power of having a, a chain of proof built up with many different organizations or entities or people writing to that, that becomes a really powerful thing.
Because once you have that, you can, as a, an individual use that in the way you want to use it and decide to monetize it or not monetize it, reveal bits, not reveal bits. And that I think becomes a very powerful vision. What the technology is that makes that work is, is kind of almost irrelevant. It just so happens that we've, we've got a technology that gives you what, in, in the old days used to be. I used to call a link list when I was programming in PL one bit of Cobal, but so it is just a list that linked together. Okay.
But it can become quite powerful in the identity ecosystem when, when you have a, a vision that, that involves a clamp down on a regulated clamp down and control over privacy and consent.
So actually on the end of the list, whenever you ask a question,
Get around, I want to ask you something because now we have 10 minutes left and would you agree that we should try to involve our panel or our audience?
Absolutely. I'm actually dying to hear from, but I have a last, I have a last comment on this one that I just
Wanted.
We have some comments and there are some wonderful,
So, so let me just let, just finish on this, this one last point,
Cause here's first and then your,
So one of the things that's really interesting about all this space is we, we way too quickly end up in new technologies, talking about what I call a happy path. It's like everything works really well. Assuming that everything went well, issues like in real payment systems, I have to deal with the fact that I have to do.
I have chargeback that occur 120 days after I've actually put a transaction through where I actually need to reverse payments, or I need to deal with some set of implications of what the payout was, or even in a case of dealing with refugee identity, that in a really horrible case, a wall or took advantage of the biometric scanner and now actually knows how to identify me. These are all really, these are all kinds of the issues that we need to be dealing with in this space.
And part of the reason why I think some of us are pushing back on whole blockchain, you know, it's like, it's just, well, it's an obvious solution. Is that turns out that it's actually takes a lot of thought to think about what the implications are in this space over to you.
Go
Speaker 12 00:51:37 Ahead. Okay. So I guess I like the, the concept of, you know, solving real problems and then figuring out whether blockchain works for it.
I mean, we talked about, you know, writing attributes to distributed lever ledger for proof of things, but oftentimes the valuable attributes aren't necessarily owned by the user. Right. Right. If I use a particular service and I use it over 10 years and they've built up a very strong reputation about me, I don't know that I own that reputation, the company that calculated it owns the reputation. Do
You know one of those?
Speaker 12 00:52:11 Maybe.
So, so in that context, right? I mean, why is a comp, why from a company perspective, would I ever write that back to the distributed ledger? Right.
So that I, as a user could then use that reputation in, you know, a more distributed context. So to me, those are the problems that get, we, we have to address and we figure that out. And then we look, as you guys have said at whether an underlying distributed ledger technology works,
Maybe they would write to that ledger so they can read other entries that might help them in their business. So sort of quid pro quo.
Thank you.
Some, I think
I like the fact you came all the
Way to the front. Yeah. That was very nice. Yes. That was very, very polite.
Speaker 13 00:53:02 Mike Jones, Microsoft, not so much in this panel, but in some of the other blockchain discussions that I've been present for part of what drives me nuts is that people just take certain properties for granted as if they're free. Right. And I'll just pick on one that one being persistence in order to have, you know, the benefits of immutability, people are assuming that this thing is persistent.
Well, data is actually only persistent if it remains present in data centers and is being served, but running those data centers costs somebody money. And so unless there's an economic incentive for there to be replicas of data, be it in any data structure, eventually it will stop being available.
And, you know, I know that there's a particular data structure that's being served by Bitcoin miners, which is an ecologically horrible thing. But you know, if you're, for instance, postulating that well, that one will continue to exist forever. You better think about whether to base your business on that or not.
I,
I think the bank clearinghouse, sorry. I think the bank clearinghouse one is a, is I think one of the clearest examples here, right? Ignoring all, you know, all of the expectations of will drive the cost of banking to zero, which don't quite work, but actually having a way to deal with more efficient recording of the fact that clearing house actions took place. You're absolutely right. They're all gonna have their own versions. They still have to store as part of the way this works, but they're incented just the way their business works to actually ensure that they keep that.
So I think there are models that do make sense, but a lot of them are private at the moment as far as I can tell.
Speaker 13 00:55:10 Yeah. And you know, Azure might host a service that, you know, we would keep running just because we're trying to keep Azure running as part of a larger business. And if you run it there or if you run it in somebody else's public cloud, maybe it continues to persist, but somebody's still gonna pay the tenant's subscription fees or not. Right.
This is like a case of does mu does immutability actually mean
Forever? Anybody else?
Speaker 14 00:55:42 Question.
Sorry.
No, that was, as you like, yes.
Speaker 14 00:55:44 You like all Andrew, I love what you said. It is hard.
It's not, it's not easy. And the implications are not easy. It's
Like my relationships
Speaker 14 00:55:55 Say again, I didn't hear, sorry. It's
Like my relationship.
Speaker 14 00:55:59 Right, right. It's complicated.
But I, I do feel like it's a little bit like we're seeing an early car or an early airplane and we're looking at this thing. We're saying, man, there's some incredible implications and possibilities with this, but then there's a lot of reasons why the early cars and airplanes were not suited. And so I think there's an evolution here. There's a lot of IP being created right now in this space.
I, I do feel like, like the ability to be private, but also have accountability possible. And, and I think what we are looking at in a lot of cases is, is we've kind of learned a lot of what we know about blockchain from Bitcoin and we carried those forward. And I'm just, I'm here to tell you that, that the, the future is bright and I'm excited for where it's
Going.
So, so, so let me tell you, let me tell you why he addressed the addressed question to me. So I'm actually, can I get the,
I'm not able to, to moderate him?
No,
No, you it's an Australian on the thing. You're like, what the hell?
So, so I completely agree. Here's the reason why I care and why I'm assiduously looking for real use cases. I have seen hype destroy too many technologies by overplaying what the expectations are and creating too much disappointment. So what I want to do is keep the conversation real and focused on what's actually deliverable, not one to billionaire.
Okay. I take other questions, but not for Andrew. No offense. No. We have to take also the time into condition.
We have one minute left, but I would like to ask Beck, perhaps if we shouldn't address some of those, perhaps the last question from my side is a little bit provoking. You said the, the guy who asked the last question asked, said some of those blockchain fans take many things for granted, but to look in our world, if we do not think that blockchain will replace everything, aren't there cloud solutions available. And so there is storage nearly to be there.
And in, in business cases, of course, presented and then can be used. Additionally. So is this so wrong to take some things for granted and then plan business case or blockchain additionally, or do we think blockchain is then replacing everything? Yeah.
I think if you're looking at storage or look at Bitcoin as, as, as the example that is massively massively inefficient, so it clearly wouldn't work in a, in a large scale, thousands of transactions, a second scenario. I think what the gentleman was asking about is, is the, the there's an equation here about the replication of data.
So at the moment, my data's replicated amongst, you know, Amazon, Facebook, Google, Yahoo, and innumerable places I've even forgotten about. Is that gonna be more or less efficient than my data being replicated in a smaller number of places that say nodes that are running this magical distributed ledger, maybe there are fewer of those. And it's actually, when you add up the number of bites used and the amount of electricity to, to run and store those bites, that could be massively less, or it could be more, I don't know, but that's more the equation. I think that we need to look at.
And the design of the ledger mechanism needs to be such that it is more efficient. Otherwise it won't work.
You know, it won't be feasible,
But we have to be fair then too. We heard already that there are some other blockchain versions trying to focus, especially this, and then try to cope, cope with those difficulties to make it better.
Yeah, exactly. It's clear that you can't use the Bitcoin blockchain for vast quantities of transactions. So you need something different. And there are lots of people working on highly efficient, distributed ledger, consensus mechanisms to process transactions very, very fast.
So just to be fair to Mike, Mike raised a really valid point, which is we, we state immutability, but is immutability forever. If your system shut down, what's your expectation about what happens? So have very strong belief in identity systems.
For example, if you can't actually create a business model, that makes sense is not ethically reasonable for you to be in that space. Cuz if you go out of business, there's a whole bunch of stuff that disappears and people have put a disadvantage.
So, you know, if, if AWS goes away or Asia goes away, there's nothing immutable about what they stored. It's gone, you know, and it won't be there forever. So there's some examination of the underlying expectations here that really do have it's like, just because it's distributed doesn't mean it will last forever.
Okay. Can I follow just a quick, a quick follow up on that?
So if, if I've got my data with one of the government IDPs and, and they go down, then I've lost that. Okay. But if my data is distributed across a wide magical network, and one of those goes down, I know it's replicated across a number of other ones. So that could be a benefit.
You,
You have no way of knowing if that's
Gonna stay true for the next 50 years. Of course.
Yeah, exactly. But what I'm saying is you've like just, you've got one in one chance of, of a single essential data store guys, one in 50 chance distributed,
Unless this get too informal. Now I think it's a good, good time to take a beer on something and to proceed with this discussion because I think this is the right mood. We all bit tired after this long day. Thank you very much. Thank you so much that you stood here. Thank you so much. Thank you. Thank.
