Adam Cooper: Centralised or decentralised - what’s the real question?

It's a question that really bugs me, so it'd be good to discuss it with you all and see if I can enlighten you a little bit. Centralization or decentralization. Two lovely models, not really great definitions, and that's the real problem here.

First, I just wanna frame this though. This is a technology conference. I'm a technologist, really supposed to be. What I really care about is services. I care about children like Kai here. I want to use digital technologies, digital identities to make people's lives better. So I'm more interested in outcomes than I'm in models and terminologies. I want results. And this is a part of the problem. This is where things get in the way. So what is the problem?

Well, when I talk to governments and experts and we're trying to think about how to implement huge identity systems, centralizations got a real bad name. It's associated with lots of things that are in many ways quite dangerous. Having poor legal ecosystems, having a lack of transparency, poor governance, but all of these things, data breaches the whole lot. They're not actually characteristics of centralization. It just happens to be that centralized systems have fallen victim to them so they get tarred with the same brush.

In truth, these can happen to anything. We also have seen over the years, identity providers grow and grow and grow into being quite monolithic things themselves. And even where we have open, ID connect and we have an I, an open ID identity provider in that kind of a situation, they can still be quite big monolithic things that provide not just identity, but other data as well. And that's not useful either. Really. What we should really do is split these things up into individual components, makes more sense. And there's also been two great, an emphasis in my belief on identity itself.

It's really useful to know that it's Adam here, fine, but if you don't know other stuff about Adam, how can you know if I'm eligible to get that social benefit or whether I can get that treatment that might save my life. Or whether simply I can just apply for something and get a job, you're gonna need to know lots more about me. And that's you. That's something we need to focus on more. So is decentralization, if that's even a thing, if we believe Nat Zamora from the other day, it's just marketing and maybe it is. Is that really the solution? I think it's part of the solution.

I think it's useful that you can empower individuals by giving them the things that they need to get stuff done. Yeah, good. I think it's good that we can get governments to focus on what they do best, which is process and policy and keeping really good registers about us. So it gives us that nice little delineation that I was talking about. But is it really decentralization? There's A lot of confusion. I'm confused. Experts don't agree on what, what this means even. And that's part of the root of the problem.

We have a terminology issue in my opinion, and I think Nat would say that from the other day as well. What do we actually mean when we say this is a decentralized system? Are we talking about the data? Are we talking about the process, the governance? Are we talking about all of them? Some of them, I'm sure everybody in this room and probably everybody at this conference would've a different opinion on what it actually means. And that's the big problem because when you then talk to a client as I do, so I go and talk to a government, they have no idea.

And that's really dangerous because there's so many shiny objects that they could buy to solve the problem, all claiming to be the next best thing. But nobody really can explain to them what on earth that means practically. I also think there's a scope problem.

As I said, what, what are we decentralizing or not? And that's a, that's an issue as well. But I truly believe you don't need to decentralize or centralize everything. I would argue that almost every identity system is a bit of both and will remain to be for a long time. And there's no magic wand here. We're not gonna change the way we use this terminology overnight. But what we need to focus down on are the real problems and the real things that need to be solved.

But we also need to be mindful of that capacity issue I just mentioned where the people who are building identity systems ultimately are those who know the least about what they are and how they're constituted. There's also a massive elephant in the room for me, that's how commercially does decentralization work. If I've got my identity provider and I, I know exactly who's using it to authenticate all the time.

That's real simple from a billing point of view and from a commercial model point of view, the moment we put this out and I've got my wallet and I've got credentials and I can go and interact with a government over here, a commercial organization over here, maybe do something overseas over here, how do we keep tabs on all of that? How do we make sure that those who have issued me with that lovely credential get something out of the equation?

Otherwise, why are they gonna be incentivized to do it in the first place? I think maybe we can look to some existing real world models around this. If I have a passport, usually I pay for it. The difference in most of the decentralized models we're talking about now, e i dusts and the E I E I D wallet is a prime example. It's gonna be free. I get this digital credential for free. Hang on a minute, I haven't put any money in the pot. The model changes. So we need to deal with all of those problems too. And everyone's different.

Singapore, if any of you're aware of Singapore and what they've done with identity systems has something called Sing Pass. They've worked on it for many years. It's fabulous. It really is. It's a great user experience. It's a wonderful little app. There are so many services you can use across public and private sector, but essentially it's centralized. It's based on a single government owned and government run identities. My friends in Indonesia have a wonderful ID card system. Many would say that's incredibly centralized and it probably is. What do they wanna do with it?

They want to create what they would term as a decentralized identity that sits on top of that. What they actually mean is they want to make it easier for their, for the people of Indonesia to actually access digital services. That's their real problem. They really need a decentralized wallet. My friends in the Philippines have been going through an enrollment process at up to, there are over well over 80 million people now that have enrolled biometrically de-duplicated into their identity system. Sounds quite centralized. It's a an island nation of over 7,000 islands.

Logistically it's almost impossible to distribute little cards to them all in time for them to be able to use the that identity to do anything useful. So what, what are we doing? They're introducing a mobile app that allows 'em to utilize the identity, but it's more like the, the kind of mobile app that you would expect for a driving license in that respect. Is that really decentralized? Maybe. And then in the uk, my own country, we have the problem of staff moving around hospitals all the time. You would think the health service is a single entity. It's not.

It's actually very decentralized in that respect. Almost every hospital as its own entity has its own budget.

Spies, its own equipment run has its own staff. But those staff move around the organization all the time. Quarter of a million people do that every day. That's a bit of a problem because we don't want them to be able to have to go through the legal problems of proving that they're able to work in the uk, that they don't have any convictions, that they have the right qualifications, that they are in fact a bonafide doctor or nurse That's hard to do on paper and that's what they're having to do now. So maybe a decentralized solution of a wallet would be useful for that. Hopefully.

You see where I'm going from this is that there's not one single solution to any of these problems. Everyone is different and they're usually a combination of lots of different things. Some central, some not. So where do we go from here? I think we need to focus more on solutions and problems.

I mean, I'm as big an advocate as anyone else in this room or anywhere on verifiable credentials open. Id connect.

I've, I've been invested in it. I've, I've been involved in it for a long time. I think it's a great thing to do and we should do it. But it doesn't work everywhere. It really doesn't. You also need to realize that just because governments have been doing things for a long time doesn't mean it's wrong. The way the passports work is pretty reliable. The way that driving license work, it's pretty reliable. But we have death registers, birth registers, all sorts of things that are useful, very centralized. That's not gonna change. So we need to look at the real needs and the real needs.

Going back to Kai at the very beginning is that end user, the citizen, the child, the mother, the parent, the worker, And the relying parties that they interact with. Anything we do in between that should be as friction free and almost invisible as possible. Having the world's most exciting looking digital wallet is great, but frankly no one wants a digital wallet or a digital identity. They want a better service. So some closing photos. I truly think we're in an access point in our digital history.

We are at the point now where governments are waking up to the idea of the fact that they don't need to hold everything anymore. Yes, they need to manage data because that's how they deliver services. They need to create registers because that's very important because that's how we get things like trust. That's how we know I'm Adam. But They also do other stuff as well. So they manage health services, they, they provide social care that's all linked to Linked. That's not gonna go away.

But what we do have is technology now that can make things a lot better for that end user, for Kai, for his parents, for me, for all of us. The doctors and nurses trying to get to work. And that's where digital wallets verifiable credentials are gonna be play a major part, but they're gonna play a major part in a patchwork solution of many things. So think about this the next time you are involved in designing a system or the next time that you, somebody asks you whether you should be centralized or decentralized or decentralized, focus on the outcome. Don't focus on the model.

Some bits might be really good to be centralized and other bits not. Think about that. Try not to use language that confuses, that was very good to point out the other day. That much of this is just marketing. The real things we're trying to solve here are not what the model's called. And I think decentralization gives the wrong impression. It's probably more about being centered around people, person-centric. Maybe it's about being open, it's probably not about being decentralized. Thank you very much. Thanks Adam. That was that. That was terrific. So I have a question.

I I put my own question in the queue, so I got to to privilege it above and I, because I'm a privacy guy. When you said commu communities and data for social good, that's sort of compressing what you were talking about.

If I, so in Canada we have the first nations governance center and there's a history in Canada of the data First Nations people being misappropriated. Yeah, yeah. Or abused. And a lot of settler countries or other countries will do things with community data. And so the First Nations has created something called the Ocap principles. So centralized, decentralized, I get that. But is there a middle spot that allows groups or communities to have control over influence over their own data? Is that something that you've thought about in your, in your journey?

Yeah, I think those kind of concepts are really important. And this is where when I was trying to highlight that everyone's different, that's a perfect example. Yeah. So we need to look at the needs of those individuals that the problems come when we have, we make sweeping decisions about an identity ecosystem and say, well everybody's gonna get this wonderful thing. And what we're actually doing is designing for, if we're lucky, 80% of those people and we are really gonna hurt 20%. And that's where harms are a problem in things like identity systems.

One of the things I personally focus on and many of my colleagues do as well, is thinking about, well what's gonna happen if we do this thing? Is this going to infringe people's rights? Is it going to cause 'em to be persecuted? Perhaps? Could it be that we may actually disenfranchise part of our community by doing this thing and this, I think this is an example.

So yes, there are hybrid solutions that have to be. I think if we try and do something that's all for one, we will fail.

Yeah, it's really interesting cuz I think in our, okay, I'd like to follow you but I got another question in the room. Okay. And I have to, could you expand a bit on the commercial elephant in the room? Oh my. So if you imagine that I have my wonderful digital wallet and I go to my, maybe my government to get my identity credential. I mean this is the way the, the EU is going, that's gonna, I'm gonna go to my government and get that. So they issue me with this lovely credential. Bear in mind that the law says that's free to me. Okay?

But we all know that there's a cost involved in doing that proofing process. One of the most expensive parts of identity is figuring out that I'm definitely me. Yeah. Using it subsequently is actually quite cheap. Authentication is almost free. Well it's not, but comparatively, so how do we compensate the entity that's created that? Because to be fair, it's probably not actually going to be the government. It'll probably be somebody they employ to do it.

When that credential gets reused in, oh, I go over here and I use it in Estonia and then I use it with Amazon and then I go over here and do, wait a minute, shouldn't they be paying a little bit for what they're getting in the old IDP model? That's easy because I have to go through the IDP to sign in and oh, then we know I'm using it for something. We've lost that now. So how do we work that out? How do we compensate the creator of that identity? Now there are many answers. The problem is nobody's come up with a a coherent story yet for how it's gonna work.

It could be a subscription model for example. It could be that I actually pay something into this ecosystem. So I might pay X euros a year to have my thing because let's face it, we all pay for passports. So it's not a bad concept. And then maybe that gets used over that period of time. Maybe there's some way of actually getting the reliant parties to pay some sort of tariff. So if they want to be part of the ecosystem, they might pay government or whoever's originally paid for the issuance, a fee to be able to consume maybe.

But what we don't want to do is create anything that means there's a barrier. So if we discourage really good services from participating, then don't forget that many of the really good services are the ones that have no money. Think of social care, think of charities, think of the people who do really good in the world. We don't wanna push them out of the equation by making them pay. So there's a lot of thinking still has to be done about the complexity of how we pay for stuff in that decentralized world.

And if anyone's got an answer, please do tell me or one of the guys who are creating credentials cuz no one knows it's not being considered at the EU level. It's not being considered anywhere coherently.

Well, I I, unless there's any questions in the audience, I know I've got a couple, but I'll pick on, pick on you after this cuz I don't want to interfere with break time And we're at 1630 by my my, my clock. So I just want to say thank you very much, Adam.