It is September 28, 2014. A year and a half after purchasing the domain name “lightco.in,” a website has found it’s home here. Welcome! A special thank you to INRegistry and NIXI for letting me be here. One day I’ll get an uncensorable domain name a la Namecoin, but that day is not today. Namecoin is a really interesting concept, but I think it is likely to be overtaken in adoption by superior technology. The problems that prevent me from using Namecoin right now are problems I would like to work on and am actively interested in. In terms of technology, I’m mainly interested in two distinct yet related areas: Identity and value transfer. Identity is a tool used to socially interact with others, and value transfer tools are used to economically interact with others. Conceptually these are both deeply powerful and inherent to human nature, yet in practice the tools used for Identity and value transfer end up being deeply disempowering.
Identity in the modern world consists of two primary experiences: one in which our Identity is chosen for us, is attached to us foreveri, and we have to tell our secrets to everyoneii, and another in which we choose what Identities we want to assume but we’re told we have to remember different secrets for every context and these secrets must be hard (for a computer) to guess but easy (for a human) to remember. I am referring here to Legal Identity and Self Identity. Legal Identity can be the Identity people are given by their parents, and registered with the State, often in exchange for a unique number for purposes of identifying oneself as a unique Person in the State system; it can also be the Identity given to people by an organization they opt-in to later in life, like a school, business, NGO, etc, which is often linked to the State Identity. The Self Identity is an Identity people choose for themselves, often in online communities where a reputation can be built around a self-chosen name. Both Identity experiences are useful in theory, but in practice can often seem like more work than they’re worth. This is a serious, critical pain point in complex technological societies, and there is an urgent sense that there must be a better way.
Value transfer technology has been historically flawed as well, ranging from pieces of metal and paper whose value are easy to dilute, to slow and expensive electronic systems run by centralized, monolithic institutions. Then in 2009, the Bitcoin software was released and everything changed. Suddenly value of any amount could be transferred anywhere there was an internet connection as fast as email and for less than the cost of a postage stamp. The underlying technology which made this possible, the block chain, is a public ledger that is synchronized worldwide by a network of computers that run high-energy computations to secure and store each entry in the ledger. These computers compete to add new transactions to the block chain and are rewarded with tokens called “bitcoins” that are needed to make additional entries to the block chain. Only a limited amount of these tokens exist: 25 are awarded approximately every ten minutes (this amount halves approximately every 4 years), with a hard cap of approximately 21 million total bitcoins that will ever exist. Once that total is reached, the only incentive for the computers to participate in the security of the Bitcoin block chain will be transaction fees, which a computer earns each time it adds new transactions to the block chain. The invention of this system made the secure transfer of value across an open network possible for the first time, and has spawned a wave of innovation and a new class of technology that is broadly referred to as “cryptocurrency” (though the ledger is as much a star of the show as the token or “currency”).
The problem with Identity today is that it is centrally controlled and too easy to copy, like the currency of old. Now, cryptocurrency technology has decentralized control over currency and made it much more difficult to copy, and this technology can do the same for Identity. Combining these two concepts, cryptocurrency and Identity, could give us a system where Identity is controlled by the individual and easily verifiable using a public ledger system without revealing private information. The problem I see holding back that vision is the insecurity of hardware and software that most people are using right now. While cryptocurrency is really hard to compromise in theory, in practice it can be relatively trivial due to the insecurity of everything. Any attempts to make the technology more secure will inevitably make it less convenient to use. However, I believe that technologists are making the gap between security and convenience smaller all the time, and there will come a time when the security of hardware, firmware, and software are improved to the point that physical security will be the only concern. When this is achieved, then it will be possible to trust our devices with our Identity.
Efforts are being made to secure cryptocurrency at the hardware level. Trezor was the first commercially produced, dedicated hardware device for the purposes of storing Bitcoin private keys and signing messages with them. Just as Bitcoin private keys authorize the transfer of value from one person to another, so too could private keys authorize access to remote and local systems the way Identity does today. Identity can give you access to a driver’s license, financial services, vices, firearms, entertainment venues, online accounts, and more. It’s a challenge/response system: is this person eligible for access to this good or service? Identity answers that question. Usually the challenge is very specific: what is the person’s birth date? What is the person’s username and password? What is the person’s name and social security number? Instead, the questions could be much less invasive, reducible to: can the person produce a valid signature for this public key? To trust the answer to that question, people must be able to trust the source of the answer: the hardware, firmware, and software. This gets us back to trust in the security of technology.
For us to make the leap from analogue to digital, from centralized to decentralized, we must trust the security of our technology. Trezor is an excellent first step for technology designed for protecting cryptocurrency private keys, and I think similar devices will be produced for digital Identity. In fact, since both kinds of devices would simply be used for storing private keys and signing messages, one device could serve both purposes. With such a device, the number of accounts one could create would be limited only by computer memory. One account could be for a State Identity, another a Professional Identity, another a Hobby Identity, and on and on. These accounts could be stored on separate devices for better security (since risk is decentralized). With such a device, Identity and value transfer can be managed easily by everyone, with full control in the hands of the individual.
Right now my main focus is increasing awareness and adoption of cryptocurrency and other p2p technology, but my next focus will definitely be in the production and distribution of hardware designed to protect private keys and enable convenient cryptographic message signing. Such devices would have a multitude of uses, but value transfer and Identity are easy market entry points. Probably Identity first, since many people are already comfortable with digital Identity in one form or another, then cryptocurrency once that technology gains broader adoption. Perhaps such devices will be the catalyst for widespread cryptocurrency adoption, since it will make the technology more secure and user-friendly. Either way, if you’re interested in working on the problems discussed in this post, do get in touch.
State of Mind is a blog series about various topics that are on my mind. Current events, discoveries, questions, stories, and insights will be shared here.
iThere are often processes for getting a new government-issued Identity, but they are not exactly convenient.
iiConsider how many times you’ve been asked for your name, address, and social security number, and then consider that every time you complied, you gave the other person (and anyone else who could access that information) everything they would need to steal your Legal Identity.