Presentation by Christopher Allen of Blockstream on self-sovereign decentralized identity, confidentiality, privacy, and human rights at Milan Bitcoin Meetup on April 11, 2017. Video at https://www.youtube.com/watch?v=p0-oXpp6yrM&t=5m7s
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Allen (Milan Blockchain Meetup, April 2017)
1. Forging Self-Sovereign Identities
in the Age of the Blockchain
Milan Bitcoin Meetup (April 11, 2017)
#RebootingWebOfTrust
ChristopherA@Blockstream.com
2. Christopher Allen
• The Past: Cryptographic Trust & Internet Privacy Pioneer
– Enabled PGP, Digicash, Red Hat, etc. with cryptographic tools
– Co-author Consensus Development’s SSL 3.0 reference implementation
– Co-editor of IETF TLS 1.0, world’s broadest deployed security standard
– CTO Certicom, early smart contracts work
– VP Developer Relations, Blackphone / Silent Circle
• The Present: Blockchain & Identity Architect
– ID 2020 Board Advisor, United Nations Summit on Digital Identity
– #RebootingWebOfTrust Design Workshop (semi-annual, next in Paris in April)
– Principal Architect, Blockstream
PGP: FDA6C78E
3. Blockstream
• We believe in trustless and permissionless systems
– “Liquid” sidechain for capital efficiency & liquidity in Bitcoin exchanges
• Supports Confidential Transactions (CT) between parties
• Alpha testing now
– Open source “Elements” sidechain project
• New release supports both CT and new Confidential Assets (CA)
– Green Address Wallet / LibWally supports Bitcoin, CT & CA
• We believe in fairness and accountability
– Interoperable markets and many blockchains
– Trustable and secure fiduciary transactions across multiple blockchains
4. Trustless & Permissionless
• “We believe in trustless and permissionless systems”
– Trustless does not mean “No Trust”
• Instead trust in people isn’t required — trust is inherent to system
– Permissionless means censorship-resistant
• No one can be denied the ability to participate
• Why? These support freedom of association & anti-coercion
“Economic freedom is an essential requisite for political freedom. By enabling people to
cooperate without coercion or central direction, it reduces the area over which political
power is exercised.” — Milton & Rose Friedman
5. Blockstream & Fungibility
• “Trustless & Permissionless” means Blockstream cares deeply about
fungibility
– “Fungibility—the property of a good or a commodity whose individual units are
capable of being substituted in place of one another.”
• Bitcoin currently has fungibility issues
– Bitcoin is a public ledger: fingerprinting & metadata can allow tracing
– Some exchanges and wallets are using tracing services to track four hops
– Other people’s actions, through no fault of your own, could result in loss of
access to funds, thus your coerce against your freedom to associate
• Blockstream is actively supporting efforts to increase fungibility
– Coinjoin, Lighting Networks, Ring Signatures, MimbleWimble, more.
6. Blockstream & Fairness
• “We believe in fairness and accountability”
– Marketplaces need to be equitable & just — all parties treated equally
– All should be defended against undue financial risks & non-financial losses
– Those in positions of authority have fiduciary responsibility and thus are
accountable for their actions to those that whom they have authority over
– Technology doesn’t coerce the powerful to be accountable, the economic
majority are attracted to those who offer accountability
– The tools for fairness and accountability include openness, transparency, and
consent
“Freedom is a rare and delicate plant. Our minds tell us, and history confirms, that the
great threat to freedom is the concentration of power.” – Milton Friedman
7. Balancing Act
• Fungibility vs. Accountability
– We desire to balance need for fairness and accountability against the need to
prevent human rights abuses and the right to be able to freely associate
• When these needs conflict, we err to preserve the freedom and rights of
the individual over the needs of the group. Put another way, we believe in
accountability for the powerful, and privacy for everyone else.
“Absolute freedom mocks at justice. Absolute justice denies freedom. To be fruitful, the
two ideas must find their limits in each other.” – Albert Camus
8. Bitcoin
• I chose to work with Bitcoin & Blockstream because of this balance
• Bitcoin is trustless & permissionless, leading to non-coercion
• Bitcoin is censorship-resistant, supporting freedom of association
• Bitcoin supports coercion-less accountability
• Parties cannot be forced to reveal personal or confidential information
• Parties can choose to reveal information without hurting security
• Parties can offer zero-knowledge proofs to support fairness
• There are existing & emerging threats to this balance
• Fungibility 👆
• KYC / AML and duplication of personal KYC info
• Walled Gardens (Coinbase, Vulcan, etc.)
• Identity on the Blockchain 👉
9. Identity on the Blockchain
• Identity of the Blockchain is a two-edged sword
– Best: Hold the powerful accountable for their actions
– Worst: We weaponize identity as a tool against the powerless
• Blockstream has no identity product
– However, we have privacy & confidentiality enabling crypto tools, including:
• Confidential transactions; zero-knowledge transactions; crypto blinding
• We wish to be part of the growing dialogue about Identity on the Blockchain
– For if we do not speak, solutions may emerge that don't meet our high
standards
– We wish to learn together how to better create appropriate solutions
10. Why now? Human Rights
• United Nations goal 16.9. targets legal identity for all by 2030
– Estimated 1.5bn people without a legal identity, 230m children under 5 yrs
– 60m stateless people and refugees
• Aadhaar Card Registered ~1bn Indian citizens
– Violates some best practices of over a decade of first-world identity work
– Few laws against profiling, discrimination, abuse by law enforcement, etc.
– Biometric abuses — you can’t revoke a fingerprint
• In WW II, more Jews died as % of population in Holland than in Germany
• The same tools we use to protect a buyer, seller, trader, auctioneer, or a make
a marketplace fair & transparent can also be use to defend the helpless!
11. Why now? GDPR
(European General Data Protection Regulation)
• Begins May 2018, fines up to the greater of €20M & 4% worldwide annual turnover,
reduced to 2% for “appropriate measures”
• Privacy
– Any data on identified or identifiable natural persons
• Including reversible pseudoanonymous data
• Consent
– A record of clear & affirmative consent, specific & unambiguous, no defaults
– Consent and data available to subjects, free, correctable & reversible
– Subjects have the right to port data for themselves or to a new service
• The same confidentiality tech for blockchains can be used for data privacy
12. Why now? The Rise of Xenophobic Right
• Many countries today are experiencing pressures from xenophobic right parties
– Turkey (Erdoğan)
– Poland (Kaczyński)
– Great Britain, (May)
– USA (Trump)
– Hungary, Greece, France, Italy & many more!
• Once some groups have succeeded in gaining power, actions have been taken
that “normalize” discrimination or encourage followers to abuse human rights
• Some have begun changing laws to allow more authoritarian practices
– Trump in USA has attempted executive orders to discriminate against Muslims
– Erdoğan in Turkey has been arresting journalists, academics & critics. Next
week’s constitutional referendum vote decreases role of parliament
14. Self-Sovereign Identity
Every individual human being is the original source of their own identity
Identity is not an administrative mechanism for others to control
No one may charge rent or be able revoke another’s identity
Each individual is the root of their own identity, and central to its
administration
The role of names, citizenship, licenses & other credentials should be
distinct as “verified claims” offered by their issuers, not as identifiers
of a human being
15.
16. Self-Sovereign Identity Principles
Existence: Users have an independent
existence — they are never wholly
digital
Control: Users must control their
identities, privacy or celebrity as they
prefer
Access: Users must have access to their
own data — no gatekeepers, nothing
hidden
Transparency: Systems and algorithms
must be open and transparent
Persistence: Identities must be long-lived
— for as long as the user wishes
Portability: Information and services
about identity must be transportable by
the user
Interoperability: Identities should be as
widely usable as possible; e.g. cross
borders
Consent: Users must freely agree to how
their identity information will be used
Minimalization: Disclosure of claims
about an identity must be as few as
possible
Protection: The rights of individual users
must be protected against the powerful
18. GOAL: Create the next
generation of Web-of-Trust
“To influence the future of decentralized trust and self-
sovereign identity through the establishment & promotion of
decentralized identity technology. This is done via the
collaborative creation of white papers and specifications &
by public presentations of these ideas.”
34. #RebootingWebOfTrust
Seeking Sponsors!
$25K Platinum Sponsorship
Your logo at the top of sponsor logos
Ability to nominate two technology participants to Design Workshop
(cryptographic and/or fintech experience required!)
Opportunity to speak to public during post-workshop briefings on results
$10K Gold Level Sponsors
Logo on all materials
Ability to nominate one technology participant
$2K Silver Sponsorship
Same as Gold, but limited to pre-revenue or pre-VC entrepreneurial startups
35. #RebootingWebOfTrust
Seeking Volunteers!
Identity Professionals
Participate in our online community & events to establish decentralize identity
Editorial & Documentation
Help us make our resources more accessible to the broader community
Event Marketing
We need help with reaching out to sponsors and attendees
Event Facilitation
Our events are highly facilitated, we can use writers, graphic recorders, etc.
36. How to Participate in Community
Website: WebOfTrust.info
GitHub: github.com/WebOfTrustInfo
Slack: WebOfTrustInfo.slack.com
More Info: ChristopherA@LifeWithAlacrity.com or
ChristopherA@Blockstream.com
Submit Advance Reading Topics (1 or 2 pages) for:
Next Event: April 21st, 22th & 23th at Microsoft in Paris, France
(before IEEE Security & Privacy and Security & Blockchains)
Following: October 3rd, 4th & 5th, 2017 at IDEO in Boston, MA, USA