Blockchain and the Limits of Trust

Last week I was privileged to be a guest on This Is Imminent, a new form of Web TV hosted by Simon Waller. The given topic was Blockchain and the Limitations of Trust.

For a replay of the Web TV event go here

As regular readers will know, I have been immersed in the world of Blockchain, cryptocurrency and digital assets for over four years – and while I am not a technologist, I think know enough to understand some of the potential impact and implications of Blockchain on distributed networks, decentralization, governance, disintermediation, digital disruption, programmable money, tokenization, and for the purposes of last week’s discussion, human trust.

The point of the discussion was to explore how Blockchain might provide a solution to the absence of trust we currently experience in many areas of our daily lives. Even better, how Blockchain could enhance or expand our existing trusted relationships, especially across remote networks. The complete event can be viewed here, but be warned that it’s not a technical discussion (and wasn’t intended to be), although Simon did find a very amusing video that tries to explain Blockchain with the aid of Spam (the luncheon meat, not the unwanted e-mail).

At a time when our trust in public institutions is being tested all the time, it’s more important than ever to understand the nature of trust (especially trust placed in any new technology), and to navigate how we establish, build and maintain trust in increasingly peer-to-peer, fractured, fragmented, open and remote networks.

To frame the conversation, I think it’s important to lay down a few guiding principles.

First, a network is only as strong as its weakest point of connection.

Second, there are three main components to maintaining the integrity of a “trusted” network:

  • how are network participants verified?
  • how secure is the network against malicious actors?
  • what are the penalties or sanctions for breaking that trust?

Third, “trust” in the context of networks is a proxy for “risk” – how much or how far are we willing to trust a network, and everyone connected to it?

For example, if you and I know each other personally and I trust you as a friend, colleague or acquaintance, does that mean I should automatically trust everyone else you know? (Probably not.) Equally, should I trust you just because you know all the same people as me? (Again, probably not.) Each relationship (or connection) in that type of network has to be evaluated on its own merits. Although we can do a certain amount of due diligence and triangulation, as each network becomes larger, it’s increasingly difficult for us to “know” each and every connection.

Let’s suppose that the verification process is set appropriately high, that the network is maintained securely, and that there are adequate sanctions for abusing the network trust –  then it is possible for each connection to “know” each other, because the network has created the minimum degree of trust for the network to be viable. Consequently, we might conclude that only trustworthy people would want to join a network based on trust where each transaction is observable and traceable (albeit in the case of Blockchain, pseudonymously).

When it comes to trust and risk assessment, it still amazes me the amount of personal (and private) information people are willing to share on social media platforms, just to get a “free” account. We seem to be very comfortable placing an inordinate amount of trust in these highly centralized services both to protect our data and to manage our relationships – which to me is something of an unfair bargain.

Statistically we know we are more likely to be killed in a car accident than in a plane crash – but we attach far more risk to flying than to driving. Whenever we take our vehicle out on to the road, we automatically assume that every other driver is licensed, insured, and competent to drive, and that their car is taxed and roadworthy. We cannot verify this information ourselves, so we have to trust in both the centralized systems (that regulate drivers, cars and roads), and in each and every individual driver – but we know there are so many weak points in that structure.

Blockchain has the ability to verify each and every participant and transaction on the network, enabling all users to trust in the security and reliability of network transactions. In addition, once verified, participants do not have to keep providing verification each time they want to access the network, because the network “knows” enough about each participant that it can create a mutual level of trust without everyone having to have direct knowledge of each other.

In the asymmetric relationships we have created with centralized platforms such as social media, we find ourselves in a very binary situation – once we have provided our e-mail address, date of birth, gender and whatever else is required, we cannot be confident that the platform “forgets” that information when it no longer needs it. It’s a case of “all or nothing” as the price of network entry. Whereas, if we operated under a system of self-sovereign digital identity (which technology like Blockchain can facilitate), then I can be sure that such platforms only have access to the specific personal data points that I am willing to share with them, for the specific purpose I determine, and only for as long as I decide.

Finally, taking control of, and being responsible for managing our own personal information (such as a private key for a digital wallet) is perhaps a step too far for some people. They might not feel they have enough confidence in their own ability to be trusted with this data, so they would rather delegate this responsibility to centralized systems.

Next week: Always Look On The Bright Side…

 

Pitch X’s Winter Solstice

The latest Pitch X event, organised by Academy Xi and hosted by YBF Ventures, was held a few days before the (Southern hemisphere) mid-winter – there may not have been any mulled wine, but there was still a warm atmosphere on a cold and wet Melbourne evening. The judging panel was drawn from YBF, Melbourne Angels, Linfox and Clearpoint Ventures.

The usual format applied: 11 startups were each given 90 seconds to pitch, followed by a 90 second Q&A with the judges. The top three were then brought back for a 5-minute pitch, and 4 minutes of Q&A.

The pitches, in order of presentation were (links in the names where available):

Startup 101

A self-styled online startup school, targeting university students and recent graduates. The core premise is that entrepreneurship is not being taught to undergraduates. The judges asked about the MVP, which was not clear, nor was there a breakeven forecast based on the number of students. The founder is offering a freemium model, based on memberships and services. Looking $500k for software development and marketing in China (a key demographic for this business).

Studio Ninja

This is a cloud and mobile PaaS solution for professional photographers. I first covered Studio Ninja in late 2016, when they pitched at a StartupVic event – and it’s great to see that they have managed to bootstrap themselves this far.

Professional photography is competitive, but margins are low. Studio Ninja offers an end-to-end platform for scheduling, contracts, payments etc. They have now integrated with Xero, QuickBoooks, Google, PayPal and Stripe, and have built a community via their chat app, Facebook group and Instagram account. At a basic $29.95 per month, they now have 4,000 paying subscribers, mainly in Australia, UK and US. but need to reinvest in product development, scaling and building further efficiencies. Users are offered a 30-day free trial, with an average 25% conversion rate, thanks to the hook of discounts for early sign-ups, plus a referral program.

RoamingDuck

Calling itself the “Uber of travel”, RoamingDuck offers travelers access to curated itineraries, based on their personal preferences. Using freelance resources (along the lines of Upwork and Airtaskr), the service uses a travel planning dashboard on which the customer and the curator can collaborate. With a quick turnaround, RoamingDuck can help customers build and review an itinerary within 12 hours. With the ability to consolidate and share, the content is easily accessible to users, who can plan anything – even supporting “self-plan” users with a search function.

Freelance curators come from the ranks of existing travel bloggers and services like Travelo, and are subject to a vetting process. There is also an escrow system, so freelances only get paid when the customer is satisfied. Normal travel agents are quite restricted on what they can access or offer, and services like Skyscanner are great for searching individual fares – RoamingDuck is solving the planning issue, and building the itinerary. Asked whether RoamingDuck can support actual bookings, the founder will likely implement this via APIs.

Wastr

According to the founder, households waste about 20% of the food they buy. Wastr is an AI-powered app that is designed to help consumers use what they purchase, rather than letting to go to waste. The solution allows subscribers to scan their grocery receipts, and in return they will receive recipes, notifications on expiry dates, plus other reminders. The app is offered under a freemium model, with a paid service starting at $2 per month.

VRWalker

Described as “VR for your foot” (or the “mouse” for VR), this is a motorised shoe device that allows wearers to experience”walking” within VR applications, without actually moving.
It’s an idea that has been around for a while, but the founder claims to have filed key patents. The shoes work on the concept of intuitive locomotion (linked to the dantian, or our centre of gravity), and are intended to be much cheaper and much more convenient than existing treadmill-based solutions. The founder hopes to have a working prototype by the end of this year. Likely customers will come from areas like construction, engineering and gaming. The judges asked about how insurance would be handled, and the device could be bundled with existing VR headset devices.

The Nurture Project

The Nurture Project is designed to teach life skills to deal with anxiety issues, which according to the founder, affect 30% of the population. Unlike other solutions, this treats the causes as well as the symptoms, using a well-being model built on 5 core pillars, and delivered via a 12-week online program. It is currently aimed at women in their 30s and 40s.

Natural MedTech

Designed to boost the immune, hormone and nervous system naturally, this has come out of a CSIRO project, with a scientific basis that has been peer-reviewed.

Magicast

This is a decentralised online podcast recording and editing service. Existing podcast software is either too complex, or too expensive. Instead, Magicast uses web-based programme development, publication and distribution, offering a two-sided marketplace for content, sound effects, music etc. The judges asked about international competitors, given that podcasting is very much a cottage industry, with relatively few barriers to entry.

Turtle

Something akin to an Uber courier service, Turtle enables customers to obtain goods from overseas that are not available where they live. Targeting expat and diaspora populations, the platform has an escrow function to provide a level of trust. It was not clear who would be responsible for tax, customs and quarantine issues.

Young Shaman Foundation

Having run a number of leadership development retreats on country for women in indigenous communities, the founder is now seeking funding to develop and extend the program she currently offers.

SecureStack

Helping companies to secure the cloud, with a focus on cyber security, the founder pointed out that key problems are caused by “cloud sprawl” – the uncontrolled proliferation of content, services and applications hosted and running on cloud-based servers. Using a proprietary cloud infrastructure security design, the startup has already secured two clients and $100k in revenues. Now looking to raise $2m, for an 18-month runway, in order to gain 100 clients. The solution is agnostic as to which cloud service clients use. Traditional cloud management and compliance is saturated, whereas SecureStack’s value proposition is in the security layers.

After much deliberation, the winners were:

1. StudioNinja
2. RoamingDuck
3. VR Walker

Next week: The Metaphorical Glass Jaw

Token ring – a digital ID solution

The latest event organized by DIG ID (the Melbourne Digital Identity Meetup) featured a Q&A with Steve Shapiro, CTO of Token, moderated by Alan Tsen, General Manager of Stone & Chalk Melbourne. Given the current level of interest in solutions to address online fraud, ID theft, data protection, privacy and personal security, the discussion covered a lot of conceptual and technical topics in a short space of time, so here are some of the key points.

First off, Steve spoke about his start-up and tech journey, that took him from IM (Digsby, Tagged, Bloomberg IB), to cryptocurrency and digital wallets (Case), to digital ID with the Token ring. The pivot towards an ID solution came about after working on Case, where he realized that most consumers don’t understand private key management and the issue of permanence (as compared to the internet, where password re-sets are relatively easy, and often regularly enforced upon users).

If the goal is to provide fool-proof but highly secure end-user authentication, the solution has to focus on the “signing device”, by making it much easier than the status quo. Hence the combination of two-factor authentication (2FA) and bio-metrics to enable Token ring users to live key-less, card-less and cashless, and without having to constantly remember and update passwords. In short, the Token ring works with anything contactless, as long as the relevant permission/authentication protocol layer (challenge and response process) is compatible with the ring’s circuitry.

In assessing the downside risk, gaining consumer adoption is critical, to ensure that users see the benefits of the convenience combined with the credentialing power. Equally, success will depend on the ability to scale as a hardware manufacturer, and the potential to drive traction through virality.

There is still a lot of design work to do on the hardware itself (to enable assembly, customization and distribution as locally as possible). And the platform needs to bring on more partner protocols, especially in key verticals. At the end of the day, this is still a Blockchain solution, with a UX layer for the cryptographic component.

When asked about the future of ID, Steve felt that in the medium term, consumers will no longer have to carry around multiple cards or have to remember multiple passwords. Longer term, governments will no longer be the central authority on managing ID: unlike today, a driver’s license will no longer be the gold standard – instead, solutions will be based on decentralized, contextualized and user-defined ID.

This led to a discussion about Sovereign IDe-government and digital citizenship (e.g., Dubai and Estonia) – and the break up of big government in favour of more city-states. (Which could result either in a “small is beautiful” approach to self-governing and sustainable communities, or a dystopian nightmare of human geo-blocking, as in a film like “Code 46”).

For the tech buffs, the Token ring’s IC hosts a total of 84 components, including the main secure element (as with mobile phones and other devices), finger print reader, optical scan, Bluetooth, NFC, accelerometer, MCU, Custom inductive charging etc.

Finally, there was a discussion about the risk of cloning, mimicking or breaching the unique and secure ID attributes embedded in each Token ring. While it is possible for users to encrypt other knowledge components as part of their individual access verification and authentication (e.g., hand gestures), there is still a need to rely upon trusted manufacturers not to corrupt or compromise the secure layer. And while the public keys to core protocols (such as credit cards and swipe cards) are maintained by the protocol owners themselves and not stored on the device or on Token’s servers, it will be possible for other third parties to on-board their own protocols via a SDK.

Next week: Startup Vic’s EdTech Pitch Night

 

 

Personal data and digital identity – whose ID is it anyway?

In an earlier blog on privacy in the era of Big Data and Social Media, I explored how our “analog identities” are increasingly embedded in our digital profiles. In particular, the boundaries between personal/private information and public/open data are becoming so blurred that we risk losing sight of what individual, legal and commercial rights we have to protect or exploit our own identity. No wonder that there is so much interest in what blockchain solutions, cyber-security tools and distributed ledger technology can do to establish, manage and protect our digital ID – and to re-balance the near-Faustian pact that the illusion of “free” social media has created.

Exchanging Keys in “Ghostbusters” (“I am Vinz Clortho the Keymaster of Gozer”)

It’s over 20 years since “The Net” was released, and more than 30 since the original “Ghostbusters” film came out. Why do I mention these movies? First, they both pre-date the ubiquity of the internet, so it’s interesting to look back on earlier, pre-social media times. Second, they both reference a “Gatekeeper” – the former in relation to some cyber-security software being hijacked by the mysterious Praetorian organisation; the latter in relation to the “Keymaster”, the physical embodiment or host of the key to unleash the wrath of Gozer upon the Earth. Finally, they both provide a glimpse of what a totally connected world might look like – welcome to the Internet of Things!

Cultural references aside, the use of private and public keys, digital wallets and payment gateways to transact with digital currencies underpins the use of Bitcoin and other alt coins. In addition, blockchain solutions and cyber-security technologies are being deployed to streamline and to secure the transfer of data across both peer-to-peer/decentralised networks, and public/private, permissioned/permissionless blockchain and distributed ledger platforms. Sectors such as banking and finance, government services, the health industry, insurance and supply chain management are all developing proofs of concept to remove friction but increase security throughout their operations.

One of the (false) expectations that social media has created is that by giving away our own personal data and by sharing our own content, we will get something in return – namely, a “free” Facebook account or “free” access to Google’s search engine etc. What happens, of course, is that these tech companies sell advertising and other services by leveraging our use of and engagement with their platforms. As mere users we have few if any rights to decide how our data is being used, or what third-party content we will be subjected to. That might seem OK, in return for “free” social media, but none of the huge advertising revenues are directly shared with us as ordinary end consumers.

But just as Google and Facebook are facing demands to pay for news content, some tech companies are now trying to democratise our relationships with social media, mobile content and financial services, by giving end users financial and other benefits in return for sharing their data and/or being willing to give selected advertisers and content owners access to their personal screens.

Before looking at some interesting examples of these new businesses, here’s an anecdote based on my recent experience:

I had to contact Facebook to ask them to take down my late father’s account. Despite sending Facebook a scanned copy of the order of service from my father’s funeral, and references to two newspaper articles, Facebook insisted on seeing a copy of my father’s death certificate.

Facebook assumes that only close relatives or authorised representatives would have access to the certificate, but in theory anyone can order a copy of a death certificate from the UK’s General Register Office. Further, the copy of the certificate clearly states that “WARNING: A CERTIFICATE IS NOT EVIDENCE OF IDENTITY”. Yet, it appears that Facebook was asking to see the certificate as a way of establishing my own identity.

(Side note: A few years ago, I was doing some work for the publishers of Who’s Who Australia, which is a leading source of biographical data on people prominent in public life – politics, business, the arts, academia, etc. In talking to prospective clients, especially those who have to maintain their own directories of members and alumni, it was clear that “deceased persons” data can be very valuable to keep their records up to date. It can also be helpful in preventing fraud and other deception. Perhaps Facebook needs to think about its role as a “document of record”?)

So, what are some of the new tech businesses that are helping consumers to take control of their own personal data, and to derive some direct benefit from sharing their personal profile and/or their screen time:

  1. Unlockd: this Australian software company enables customers to earn rewards by allowing advertisers and content owners “access” to their mobile device (such as streaming videos from MTV).
  2. SPHRE: this international blockchain company is building digital platforms (such as Air) that will empower consumers to create and manage their own digital ID, then be rewarded for using this ID for online and mobile transactions.
  3. Secco: this UK-based challenger bank is part of a trend for reputation-based solutions (e.g., personal credit scores based on your social media standing), that uses Aura tokens as a form of peer-to-peer or barter currency, within a “social-economic community”.

Linked to these initiatives are increased concerns about identity theft, cyber-security and safety, online trust, digital certification and verification, and user confidence. Anything that places more power and control in the hands of end users as to how, when and by whom their personal data can be used has to be welcome.

Declaration of interest: through my work at Brave New Coin, a FinTech startup active in blockchain and digital assets, I am part of the team working with SPHRE and the Air project. However, all comments here are my own.

Next week: Investor pitch night at the London Startup Leadership Program