Presentation at the Consumer Identity World 2017 EU in Paris, France
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Presentation at the Consumer Identity World 2017 EU in Paris, France
Presentation at the Consumer Identity World 2017 EU in Paris, France
So who owns our identity? This is a fundamental question that I want to address today by this presentation. And this is the beginning and the end of this presentation. Introduce myself. Thank you very much. Wrong. My name is Dan wo. I am a train capital markets. Lawyer was the British funds. Simmonds Simmonds in Frankford and I'm dealing probably more on the security transaction side, blockchain based solutions for clearing and settlement, especially rather not identity. But today I'm going to focus on a fundamental question, digital identity.
I have to tell you that after hearing the knowledge of Canan and the question of the audience, I'm pretty certain that I cannot provide you with more information on the technology side than you already have heard by Canan or you think you know about Tony there. I, but I, I, I would be, I think this presentation would be for my society beneficial to you. If I can give you a glimpse, how the law and how lawyers would view blockchain and digital identity and impact to digital identity.
So the, to starting with is each technology. Innovation starts with a issue that it wants to address. And this issue can already told us is the indications of data breaches. And when we sum this up in terms of quantity, and we look at data breaches of at home Depot, then more than 50 million people affected by a data breach. When we look at AFAX data breach at AFAX more than 140 million people have been affected. And when we look at who the data breach idea who more than 3 trillion people have been affected, one of them myself. So the issue lies in the centralized database.
The centralized structure that I for myself know about in central bank system, it is a centralized or at least a, in many cases, very centralized structural. And the issue is that it is a single point of, and I come to why we use this centralized. The proposal that blockchain makes is basically comes down to distributing information, meaning we address the issue of single point of failure, distribute all the information through a peer to peer network and encrypt the content of this database.
So although we make information available on a peer to peer network, not each of the notes in this network can actually read the content of the database. So it is designed by design. Blockchain is very capable to certify copies of identity documents, biometric test results, health data, or academic and training sort of that are again, are made available at all times, but safe on the level of the access of the private key. So we talk about basically two terms, blockchain and identity, and from a legal perspective, legal aspects are always about regulation and about power.
So it comes basically down to control control of the platform, control of the application and actually control of the activities that you perform on a blockchain system. Cool.
Again, I don't think that I show you something that you don't already know blockchain from a legal perspective has several aspects that were very important for us, for the regulators, as well as for lawyers, but the main issue or the main topic that blockchain addresses is a having a chronological record of rights, things and ownership. And this is a generic interest of human beings all over the history. And when you look back ancient China, for instance, I could find some simple illustration of a blockchain.
When we look back 300, 400 years back when the emperor transferred a masterpiece or a piece of art to a third person, and this receiver of this, this present order, the purchase of the present has basic has the right to put the stamp of the ownership on, on the masterpiece. This has something to do with the art history because Chinese people or Chinese culture value the stamp for itself being a piece of art for itself, but it shows the basic human interest to distinguish one's ownership of the ownership of the, of other people.
And to read this blockchain, this early blockchain, you would read this one, the top to the bottom on the right to left. And so including you would see on the top left corner, the most recent owner of course, blockchain today is similar but different. It is distributed. And so the record is distributed on a peer 2:00 PM network.
And this is basically the concept of digitalization and peer to peer concept of structure that confronts with an analog way to, to view relationships I'm ager lawyer, and the analog civil code that we use has the perception or the view of a, of a bilateral contractual relationship. And this bilateral contractual relationship, as you can see here does not really fit into a network system such as blockchain. And this is the starting point.
If, if I may say of the conflict between and code or network And in absence of a generic and universal definition of blockchain, what is blockchain? I give you one that is, has been combined from, to supervisory authorities in the states, as well as here in Europe. It's basically blockchain understood by the supervisor. Authorities is a combination of three technological innovations advances starting with peer P network cryptography and consensus algorithm. And from a legal perspective, it is most important to understand what functions are going to be fulfilled by this.
This is motorization and verification. So the database that is being saved, kept and utilized on the blockchain fulfills always in any case of all the applications that we are looking into, these basic functions. The second wave as this car had described in the blockchain area is the wave of smart contracts. Self-executing and self-reinforcing script language that is executed on the blockchain.
And just to be complete on the presentation of blockchain basics, coming from blockchain to identity, the concept of identity is state based, meaning that all the most countries have legal identity issued by a governmental party. So whatever you can have is actually received by a government body.
And one, I did a very thorough research for my presentation. I was very surprised as I found the fact that I did not know, actually I found an it of James Bond and he supposed to be born in Paris, citizenship. I didn't know this, but because I found this on their internet, I believe, but it's, it demonstrates basically the state based modern.
Again, it's originated the status. Isely linked to the identification that you receive from the government, another aspect of digital identity devices on private companies that gives you certain aspects of your identity in your username and password with which you can identify yourself to use. So to have access to certain information, and again, K YC and requirements stipulate that a private company, such as banks needs to transmit this information that they get from you as an individual to the, to the governmental body. And the question posed in the beginning is who actually owns identity.
And we can state coming from Germany and looking over to India in China as well, also in the states, it's actually not the individual itself it's I can speak of, of Germany, of course, but the ID card that I have from this ment is just abroad from the government. It's I don't own this certification. And this is quite interesting because when we look at the data breaches at various companies, there is no much control. When you give out your personal data. If they lose this data, then they actually don't have to compensate about this.
It's very, it's very difficult to, to get back control as an individual. So the proposal that blockchain does is basically that it views your, it tries to give back the identity to the users, to the individual, by defining identity, as different layers of personas ID, as different aspects of your identification. And so it's, it enables you as a user on the blockchain to give private companies only certain layers of your, of your identity. Can you give a perfect example to that is if I open account or if I go to a hotel, this, this service provider only needs certain layers of my identity.
And with this multi ID theory that we, as an individual are owner of our identity, we should have control over who get access to our personal data. And then when they, this personal data get lost, then only this layer of identity and transforming this peer to P network system to digital identity like this, all of the, not would have the record of your are you status or, or the layer of the identity that you will view. So the benefits of block blockchain based model, again, this is only high level from ad perspective.
We view this as free forward, that blockchain based model of self-sovereign identities are more diverse because you can have multiple there's more granular because attributes determine what it represents in, in the network. And it is more istic, meaning that it can be backed from a range of information. For instance, when I check in, in the hotel, in, in, in Paris, then the probability that this is actually me who uses this hotel room, because I, I, I am giving a speech here, could bring a code.
Then you have a certain range of information that would back up the, the identity that is given away And coming from a legal perspective, of course, I have to talk about regulation and not to dive too deep into the various directors is to simplify. This is each directive and each body of floor, you can summarize this up into different levels of perspectives. So when we start talking about blockchain and we usually, I usually distinguish between the, the ones areas that still are in proof of concept and the other would actually deploy applications.
But when we look at the proof of concepts and to demonstrators, then usually this is a discussion about the system. It's a discussion about the platform, how to organize the, the production platform for the data that is being recorded. When we talk about applications such as open ID, then we would look at the perspective of the interaction who is interacting with who, on what basis, conceptually, this would come down to the question who owns your identity. How should we understand identity in a digital world, such as blockchain?
And yes, and right now I'm establishing a blockchain department in my, my own company for the German market. And what we see is, again, we have this two forward, the one that talk about proof of contents, thinking about structuring and blockchain structures and the other one actually deploying applications where deploying applications is not as, as far reaching as the, as the hype is, is, is suggesting at least not for the financial services market.
So regulation by design, when it looks on blockchain, what we can tell is that the implications of blockchain technology is meaning that when we look at blockchain platforms, but also smart contracts, it's always, whenever you give consent to searching to certain provisions, these provisions self execute themselves, you give them way, and there's an automatic execution element in it. And this is similar to what has been opposed by less transmitted this or the transfer to the idea of cyberspace as something like architecture that S and opposed to the law that regulates exposed.
But the distinction between exposed and exe is very important for us lawyers, because whenever the law steps in it is basically the enforcement of trust. And it basically opposed to the idea of smart contract as something that you can define ex a pre.
And the reason why that is, is that when I look back into the history of, for instance, German, civil current, the human beings seems to be very prone to the idea that there is a affect system and the German civil, for instance, derived from the idea that we can provide and create a structure that, that has all the tools that can represent whatever happens in the real world. And a German lawyers have been very disillusioned by this idea, because the first draft of the German GB, the John civic reveal that you cannot do this cause real reality world is too complex.
And it is still a living product law by itself cannot be perfect and all itself needs to be optimized each and every day. So going back to the, to the distinction between the perfect structure of blockchain or smart contract structure and comparing this with the, what we know about the history in law, then when we try to combine this, there's always this element of, we need to optimize in just way, which whichever structure we are working on. So then I come down to my first question who owns identity. And the simple question that is simple answer to that is can only be like yourself.
This can only be the individual that represents that this identity represents and how we do this. Depends on the structure that we utilizing. And blockchain is one possibility, a proposal to the problem to solve the problem of centralized databases.
And, but the legal implications of that is first thing we have to change to look identity as, as just a accumulation of data, identity is something unique and this uniqueness element needs to be returned to its audience, and this would be the individual. So the structural question that we, as a lawyer ask and regulators as well, ask who manage the information who manage this token of identity and who validates the, the data that is combined in this, this token of identity.
And the last question of course, is always who would be responsible for data breaches and the, it comes always down to a cluster of gig questions that I try to fit here in one, on one slide. And it's a variety of a full bunch of questions that derive from such terms. But when we look a little bit further, step back and look further, then it really is the bottom. It is controlled in the sense that we need to establish a system as just for the consumer. And we need to balance the, the benefits of a technology innovation with the principles that derive from our society.
So when you look at this, for instance, KYC and L requirements, these requirements derived from a, from a protection purpose where the government steps in to help individuals or to enforce certain principles. But this means, again, that you would have the, the opposing elements of the perfect system and something that is, comes from a living organism that is structured by one central entity that we trust, which would be the government. So all of these clusters of legal implications, where there be supervising law or contract law, these elements always remain the same.
So when you look into additional identity, we have always to ask, where do we want to put control to? And this is not very simple to answer this question, although it is very simple to, to say that identity belongs to each of the individuals. The following question would be who do we trust to control these data?
The, the ones we technology, the techn technologists would suggest that we should trust in math, in our movement. We lawyers would say, we don't understand math. So we would trust principles, but has a, this has a principle. The principle itself has a generic idea of just, it has been developed over years. And it would be, it would be recommendable that although we trust in objective aspects of the math, we need to have some human elements in, in this math. So asked me to talk only 20 to 25 minutes. It's yes. Thank you.
I, I think I would be happy to open up the, the question part, because this is a sharing economy. This is a sharing. How do you say sharing area? When we talk about blockchain, this is always to reconcile information, to distribute and to look at the information that we use. And from a legal perspective, as a, as a lawyer, we are also looking into blockchain, blockchain technology that might exchange our, our jobs, but that's fine. Cause we will find some new areas that we can advise to, but it, it, deriv basically from communication from answering question that disrupt poses.
So therefore I don't go to too much detail of the firm slides. I just wanted to highlight the conclusion of this presentation coming back to the beginning question of who owns your identity and who owns your identity, basically as two elements. The one that I think we, we all upon is that the, the own individual should own this identity.
The following question would be who controls this and this controlling of data controlling of information is something that we need to decide whether we trust in the math or we trust in the principles and it comes, it, it is very apparent to me that this is not in either our question, that this might be property and as well as well, some that we have to look into the math that we can trust into, but also implement elements where we can step in as a human.
So digital identity blockchain has as has diverse ground probabilities, elements and benefits that are, that are not doubtful and decentralization by concept is very different to the traditional regulation that we look in driving from centralized point of view. So new technologies such as blockchain raises fundamental questions, also on identity. And we have to look at identity as a whole, as an asset by itself.
And it is to behold that the new structures, as well as regulations that follow these structures will return the value of personal data to the individual Questions, please, Questions, it's coffee or a topic. But clearly this notion of cell sovereignty is opening. A lot of question.
You know, some people argue that actually this collective notion of identities and everybody should control their own data, but I guess this is another discussion. Thank you very much.