Firstly, this is NOT a suggestion for a fork/change to Bitcoin itself. It's some thoughts that I've been pondering about an application of Bitcoin that could add legitimacy back to Bitcoin itself and hopefully allow for greater adoption in real world business.
Bitcoin's anonymity - or more accurately pseudonymity - seems to be a central focus of discussion. The pseudonymous transactions are understandably criticised in the press and by politicians. This criticism should be taken seriously by those (such as myself) who would like to see Bitcoin flourish and to become a 'grown-up' currency. It's hard to see large corporations such as Apple, Google or Sony PS3s(!?) accepting payment with a currency that has such strong associations with criminal activity*. In short, Bitcoin needs to grow up, cut its hair and get a job.
One of the ways Bitcoin could grow up is to make it possible to add legitimacy to a Bitcoin account for those who wish to do so. But before anyone jumps down my throat, I'm not suggesting that *every* Bitcoin account itself is legitimised, merely that an owner of an account *may* have a mechanism for attaching their account to an online identity. This post is about the feasibility of such a mechanism, what it may look like and how Bitcoin could give birth to its own saviour.
I've been eagerly anticipating the arrival of two technologies for a number of years: The first - a decentralised electronic currency and hey presto here it is! Although I've been suprised myself how long it took me to discover it (eventually a Reason TV video lead me here). The second - a robust decentralised compounded networked identity that allows us to gain trust based upon the type of peer to peer validation you would get in the real world. I believe that Bitcoin makes the second feasible and that the second could improve the legitimacy of the first.
Why the need for networked identity?I'm based in the UK where the previous Labour government were intending to introduce national identity cards before there was a general backlash against them on the basis of civil liberties, costs and effectiveness. The whole scheme was slowly dismantled before the change in government finally put the stake through it's horribly murky black heart. Had the scheme actually been put into place then I'm sure that fraudulent identity cards would soon surface. I was reminded of this fact by a policeman who said that making some arrests became problematic when a single person could potentially own 5+ driving licences with different names on them but with the same picture. So big agency/government ID schemes are prone to abuse and once you have your hands on a big key - such as a passport - then you can start to open some big locks without you ever needing to revalidate.
Secondly, you don't want to take your passport, driving licence and copy of your birth certificate when you're at the library (Yep. I know. Who uses a library these days.). Don't take a gun to a snowball fight, right? You wan't your identity credentials to scale to the environment.
Thirdly, current methods of portable identification such as OpenID don't include your ranking or some indication of built up trust from multiple sources.
Fourthly,
and this is my key point and where I think Bitcoin comes in - current methods of building up identity, both online and offline, often miss out on the references we get every day and from long term relationships. The very things that really indicate who we are such as:
- friends and family who are willing to vouch for our identity
- sending an email to a friend, client or colleague
- a bank that you've been using for 20 years
- a neighbour
- work colleagues
- a personnel record at work
- doctor, dentist, optician, shop purchase
- an online transaction
Your identity should ideally be built up by the compounding of all these minor transactions and relationships.
What benefit to business?- It's cheaper? You're only requesting the level of identity required to balance with your perceived risk in the event of a an incorrect identification.
- Greater credibility of the identification.
- The opportunity to have very high level identification. The equivalent of passport level (and probably greater) clearance.
- The opportunity to have very low level identification. For example, anti-spam measures for email.
- Attributes such as your bitcoin address, name, telephone and home address may be amalgamated together and presented to a tax office as a method of legitimising bitcoin addresses for business transactions.
- Businesses that wish to keep within the law may only wish to transact with a business that have a bitcoin address registered with a tax office.
Advantages to a Bitcoin account holder - The ability to demostrate that a Bitcoin address is associated to your ident and thus the ability to quickly gain trust with a stranger.
- THe ability to legitimately trade and use bitcoin for business use.
How bitcoin may solve the problemAs I see it, one of the barriers holding networked identity back was that the references given from one peer to another had no value. An analogy would be the low cost of sending emails and the spam email problem that bitcoin supposedly has it's roots in. But bitcoin would appear to solve that problem as it may solve the spam email problem in the future. With Bitcoin we have a mechanism for electronically saying "I really mean this". That's an incredibly powerful tool.
What I've discussed here is a long way from a solution and I've really just laid down my thoughts in the hope that someone else might be add to the discussion and potentially tell me that it's crock or that somebody is already doing it. I feel like I'm looking at a load of tools and material in front of me and thinking "there must be some way to fit all this stuff together to solve two desirable goals of a decentralised currency and networked identity and that maybe the relationship might be symbiotic".
I look forward to hearing your thoughts.
BELOW - Just some initial thoughts on what might work/be desirable.
===========================================
I want to be able to give other people confidence that I am who I say I am.
I only want to disclose the amount of information that I feel the person requesting it needs.
I want access to the information to be flexibly priced so that the person requesting the information has a financial incentive to only request what is needed.
My identity should be easy to piece together from peers who are willing to say "Yes I know that guy/girl" as they would do in real life.
Institutions should be able to vouch for me such as a bank that I've always used since childhood.
Vouching for another should cost the person doing the vouching so that references are not given freely and retain value.
You shouldn't be able to just buy yourself trust.
It must be trivial to vouch for someone else for a very small fee. (e.g. Yes. I'm willing to vouch for this person's email address for 0.01 pence.)
If I vouch for an identity then I should be penalised if that identity is abused. (Note - this is different from the identity being used for nefarious purposes.) Ideally this should discourage a person from giving major positive references to someone who's identity they do not trust.
The system should be amoral.
The strength of my own identity should increase the value of the references I provide.
I should be able to abandon an identity and start a new one.
It should be possible to vouch for an identity attribute or group of attributes. I.e. (I'm his neighbour - yes he does live at X address OR I meet him down the pub and he does have red hair but I have no idea where he lives OR I've had business transactions with him and he does use
[email protected] email address but I know very little else about him.
If an identity is stolen or compromised then it should lose credibility to the extent that it has been compromised. It should be possible to 'mend' - or if a major infiltration 'abandon' - a stolen identity.
A compromised identity should be recoverable with the assistance of peers or referees who are willing to revalidate.
Stolen identities must lose credibility quickly.
There must be an incentive for an entity requesting identification to pick up on stolen identities.
Ideally, identity theft would have sufficient disincentives that it would not exist.
I may wish to attribute a Bitcoin address to my identity to give confidence in business transactions and to allow for taxation, accountability etc.
I may wish to be 99% legit in my business dealing but make the equivalent cash withdrawals for illicit purposes.
Just my thoughts...
Discuss and play nice!
* Leaving aside for the purposes of this discussion whether they should be criminal at all.