Respond to the Scottish Identity Database Consultation Today

tl;dr Go here, download the Respondent Information Form and submit this before Wednesday 25th February to say that the proposals require primary legislation and should only be put forward after full public debate has taken place around the issues given the fact that the proposals will fundamentally restructure the relationship of citizen to state.

It’s rare that I write something on my blog and ask people to act. But tonight is one of those exceptions.

A national identity card?

For many years, the concept of a national identity card has been put forward by various political parties around the UK. However, each time the topic has proved to be political suicide. Proposals have proved to be unpopular and consistently rejected by the electorate. Increasingly, as more people interact online, it’s become obvious that the risks of building up such a valuable store of information greatly exceed the potential benefits that any such scheme can deliver.

And yet, despite the general resistance to the concept of an identity scheme across the UK over the years, here in Scotland we face the very real risk that minor legislation that has been proposed to extend the functionality of NHS records will, in effect, have exactly the same effect by creating a national identity database.

I spent the evening tonight at an event organised by the Open Rights Group in Scotland who have taken on the important role of coordinating attempts to raise awareness and resistance to this legislation being enacted without appropriate levels of debate. The proposals come in the form of secondary legislation with a consultation period currently running under the slightly innocuous title of the Consultation on proposed amendments to the National Health Service Central Register (Scotland) Regulations 2006.

Legislation that has an impact way beyond your medical records

Before you go any further, I suggest you read ORG’s detailed response to the Consultation. The crux of the matter is this: if you live in Scotland, the chances are that the NHS already holds a record of the fact that you exist. But the problem is that this new legislation would enable the reference number that uniquely identifies you as an individual to be shared freely with another 100-plus Scottish agencies.

Why is this a big deal? The practical reality of the proposal as drafted is that it would create a Scottish identity database. We face a very real possibility that public bodies could then start to mine such data in order to build their intelligence about you in pursuit of ends that may directly conflict your own.

So, to use a simplistic example, seeing your choice of library books used against you when it comes to claiming unemployment benefit (too much fiction, not enough textbooks?) becomes a very real possibility. Or how about the fact that most people who undergo some form of addiction counselling would normally want that information to be restricted rather than being shared widely amongst thousands of employees across different organisations. And it’s not difficult to envisage a situation whereby a victim of domestic violence learns of the increased transparency about her personal details and therefore attempts to remain outside the health system with issues unreported in order to prevent an abusive ex-partner who works for a public body from tracking her down.

The proposed model does of course brings with it certain efficiencies. But the reality is that the risks of potential misuse arising from the collection of such information are huge. By creating a comprehensive list of personal identifiers, we create an environment within which the temptation to use such a treasure trove of information for irrelevant or minor uses will inevitably grow over time.

I’m not going to write more about the privacy debate here. There are plenty of well-rehearsed arguments from plenty of people who are far more eloquent than I can be who have written fantastic pieces detailing the risks of implementing similar systems over the years (I recommend reading Wendy Grossman’s excellent SCRIPT essay on identity cards from 2005). But I did want to point out the following:

The massive risk of centralisation

If there’s one thing I’ve learned from my time spent with decentralised systems around Bitcoin and the blockchain it’s this – design a system to protect value by putting everything within centralised locations and restricting access and you inevitably end up with a system that will always – always – act as a red flag to hackers.

The more valuable that data (whether it’s money or personal information), the greater the incentive to attack it once it’s stored in one location. We’re not there yet but blockchain technologies will solve this problem ultimately I’m convinced.

So we have a database – now what?

The question here isn’t necessarily whether or not we trust our public bodies to use such collected information for good. The question is whether we trust their defences to be 100% secure from any breaches (either internal or external). To save you the effort, I’ll answer that now. No, we can’t.

Whether we believe the future intentions of governments to be noble or not, the problem is that once such information has been handily compiled into a database, it cannot be somehow decompile so it will remain permanently at risk of being accessed by others. If you need an example, consider the fact that centralised security didn’t turn out so well for those world-leading experts in cyber-security the NSA did it?

Is the technology up to scratch?

The general consensus is that the technology systems utilised by the public sector in Scotland are lagging behind those in use down south. Not a good foundation to use for the storage of the crown jewels, as it were. If the NSA weren’t able to protect their own confidential data, I’m not convinced that the powers-that-be at Holyrood will be able to deliver a system that’s more successful in some way.

Have certain politicians changed their minds?

ID cards were rejected by many different politicians when the last serious attempt was made to introduce them a few years ago. That includes the SNP who are currently backing this legislation. Back in 2005, the Scottish Government actually published a paper on Identity Management and Privacy Principles (revised in October 2014) which explicitly stated that public bodies must avoid sharing persistent identifiers when it comes to identity. Yet that is exactly what is proposed in this model. Have certain politicians forgotten their previous position on this issue? Or are people simply not talking to each other?

Respond to the Consultation

This is in no way a comprehensive post that details all the key issues. It is, however, I hope a timely one in the fact that it is important for as many people as possible to both learn about the proposals and the fact that the Consultation itself closes in under a week. Regardless of your views – pro or anti – this is not by any stretch of the imagination legislation that should go through a democratic system without a wider public debate being held. It has the potential to fundamentally redraw the boundaries of citizenship within society and it needs more people to become engaged. This is not simply a Scottish debate. It’s inconceivable that if such a system is introduced in this country that it will somehow not be adopted south of the border at some point down the line.

Please do. You can respond to the consultation here.

Bitcoin and the Trust Web

I always try to share something that I found either valuable or interesting every day on this blog – even if it’s only of interest to me. Today, however, I’m pretty sure it should be of interest to everyone as the standout article was undoubtedly the one by David Cohen and William Mougayar published on Techcrunch entitled, ‘After the Social Web, Here Comes The Trust Web‘. William published one of my favourite articles on Bitcoin last year (here) and it’s great to see Techstar‘s Cohen also co-authoring the piece.

The article does a great job of summarising – and simplifying – the value of Bitcoin and the promise of blockchain-related developments for the newcomer. It frames the innovation that’s taking place as unstoppable force and one that represents a renaissance for technology, computer science and cryptography.

I couldn’t agree more.

It also helpfully distinguishes between the most visible revolution (the new manifestation of money) and the less-visible but even more important revolution that the blockchain is kickstarting, not least by virtue of the fact that the technology creates a new way to write software.

In case you don’t have time to read it (you should), here’s a few key points:-

Focus on new models, not old

If you truly want to see innovation in action, don’t see how Bitcoin fits uncomfortably within the existing paradigms. To understand the real potential, look at how Bitcoin and blockchain technology is forging a brand new path. Tackling regulatory concerns and obstacles placed by incumbents is ultimately futile in their view. Bitcoin does not require permission. Technology is neutral by definition and in this case simply functions as a low-level protocol (a set of rules that govern how a network communicates), just as the Internet relied on the TCP/IP protocol. The real magic happens when clever people build useful things on top of it.

“It’s better to invent new things instead of fighting all things, and it’s easier to create new systems that circumvent the old ones”.

The concept of decentralised consensus

Normal practice over the years has been to rely on one database to confirm whether a transaction is valid or not. With Bitcoin, the authority and trust that would otherwise be in one centralised database has been transferred to many nodes. These nodes record transactions publicly and sequentially, with the technology (cryptography and blockchain) ensuring that no duplication of recording takes place within the decentralised network.

The future of money?

Bitcoin provides a solution for half of the world that remains unbanked, with a simplicity that has been proved to be valuable by well over half of the population in Pakistan and Kenya (in easypaisa and M-Pesa respectively). Whilst legacy banking either can’t or won’t service this demographic, the $400bn + remittance industry will also be disrupted by the cost savings that Bitcoin brings.

In addition, with legacy infrastructure costs making small online payments uneconomic, Bitcoin and cryptocurrencies in general represent a far more cost-effective way of sending small amounts of money – whether that involves tipping or donations.  It’s hard to imagine anyone wanting to pay more over the medium-term when they have an option.

Finally, it’s a fact that when the Internet was created, there was no native currency created that could work in an integrated fashion with it. Bitcoin represents that solution.

Smart Property / Digital Rights

An asset that knows who owns it is known as ‘smart property’. By recording ownership on the blockchain, suddenly you can use your unique cryptographic signature to prove your ownership beyond doubt. Others can then confirm that you own this property by simply checking the blockchain, whilst your explicit consent is required before any such rights of ownership can be removed from you.

It’s not hard to understand just how powerful an auditable database is likely to be that enables you to “establish a persistent link between [your] identity, reputation, a digital file and its meta-data“.

Smart contracts based on proof of work

In one sense, proof of work is simply a right to participate in the blockchain system. Using the technology that underpins Bitcoin, it’s possible to create contracts that are self-executing, relying on the blockchain for verification as opposed to any centralised judge or court, for example.

Decentralised peer-to-peer marketplaces    

These days, semi-centralised businesses such as Amazon, eBay and Uber rule their niches. With Bitcoin and the innovations that are currently being developed within the ecosystem, person-to-person marketplaces are evolving quickly that make the role of middleman redundant. The nature of this technology is such that trust is not required for a transaction to take place between two peers and therefore this cost is saved.

As pointed out in the article, one of the fascinating areas of decentralisation technology comes from the shift that we are collectively starting to experience: we previously relied on the centralised organisation for a wide range of things that are now being delivered by the decentralised marketplace (think of trust, rules, identity, reputation and payment choices).

Cryptoequity and DAO’s

I’ve touched on both before but I’ll save the detailed explanation of the possibilities of issuing a reimagined form of share equity that is recorded permanently on the blockchain or Decentralised Autonomous Organisations (businesses that run autonomously without human involvement according to a strict set of rules enforced by software) for another time given the complexity of both topics. But it’s worth noting that both have the power to completely restructure certain industries.

Decentralised identity

As has been previously noted, we have a problem with online identity. Millions around the world currently rely on centralised institutions to log-in to services, mostly for the simple fact of convenience (Facebook or Twitter log-in’s, for example). But of course, doing so provides such companies with extensive data about our activities and interests that they then monetise. Bitcoin provides the start of a solution – an alternative way in using the blockchain to decentralise (and – crucially – control) our own identities and reputations.

It’s great to see a mainstream website such as Techcrunch put out an informed and detailed article about the potential in the area. Hopefully, there will be many more to follow. There’s no doubt it’s been a bumpy start to 2015 in the court of public opinion when it comes to Bitcoin – but then again, what’s new?

 

LinkedIn “Not Good For Bad Employees” Shocker

I was reading today that LinkedIn are facing a lawsuit from a few individuals who claim that the site has done the opposite of what is was created to do – namely hampered their job prospects.

The proposed class-action lawsuit has been brought by four individuals who claim that the site’s ‘Reference Search’ facility – an option open to paid users which lets them identify individuals who might have worked with someone at a business during a certain time – had resulted in them being turned down for jobs. The implication is that there was some less-than-complimentary feedback about the individuals that was uncovered as part of the research.

Their case is based on a old piece of US legislation from 1970 known as the Fair Credit Reporting Act. This basically says that if you give information about individuals to third parties so that they can carry out pre-employment checks, you have a legal obligation to ensure that the information is accurate – plus the third party has to inform the individual is being denied a job because of such information.

Now, in the absence of a DeLorean, I don’t think anyone’s claiming that the legislators could have reasonably foreseen the internet, let alone the growth of social media platforms when they drafted the Act. But even ignoring that, it seems to me that the plaintiffs’ premise is flawed on a number of fronts – not least, because all of the information about their old work colleagues is freely available on LinkedIn already. All that the ‘Reference Search’ facility does is simplify the search process, by matching up companies and dates of employment with others, as a perk of subscription.

As I understand it, anyone with the same motivation could, if they chose, just sit down and dig into the data to find individuals who were potentially ex-colleagues of job applicants before then making direct approaches with InMail to seek unsolicited references.

Reputation’s an interesting area – and one’s that continues to evolve with the growth of our digital world. Each of us subconsciously reveals a slightly different side to ourselves according to the environment that we find ourselves in during different parts of the same day. But when you gift all of your professional information (and more) somewhere like LinkedIn, surely you should be taking the rough with the smooth. It makes it infinitely much easier for others to find you (and, by extension, to employ you) – but at the same time, the importance of leaving a high-quality trail of experiences in your wake increases also. There’s not many cupboards left for those skeletons to hide in these days.

Part of the issue here I suspect is that people start to believe that as the so-called ‘professional’ platform, LinkedIn is just a virtual land within which you have complete control of the publicity that surrounds your working life. And most of the time, of course, it is exactly that, with its unbalanced  endorsement mechanisms for example. But the reality is that the technology itself is neutral. If you’ve left a wake of bad work experiences in your wake, then you’re probably not in the best position to start complaining.

But what about the malicious ex-colleague who you never got on with? Well, that’s where things do start to get more complicated admittedly. But whether LinkedIn is the method by which someone finds these people or not, it’s hardly the company’s fault that they exist.

Whilst I’m on the topic of identity and reputation, if you’re interested in the topic at all, I recommend you take a listen to great episode of the LetsTalkBitcoin podcast earlier this week. Titled ‘The Philosophy of Identity’, it’s another great discussion on topic on the back of Chris Ellis’ latest project, the ‘World Citizenship Passport’.

 

 

 

Three Key Megatrends In Technology (And Society)

Binoculars
It’s not always that easy to see what’s ahead…

If you’re interested in technology, it’s very easy to be seduced by the hype that surrounds the new, shiny product or service that everyone’s talking about that month. And whilst that’s mostly harmless for the consumer, it can be fatal for a VC. Not only are the companies that you invest in risky but by paying above the odds, you now need your winners to succeed on an even greater scale to have a chance of repaying the people who trusted you with their cash.

So I always find it interesting to hear VC’s explain how they make the decisions about what to invest in given that they focus only on sectors that they believe have tremendous growth potential. Fred Wilson is both a top VC and daily blogger who’s particularly insightful and his recent talk at Le Web on three key megatrends in technology is no exception. You can check out the full talk in the video below.

 

You See Better From Further Out

Fred’s approach is to move one step back from focusing on so-called hot areas in general (such as machine learning and big data) to try to understand the bigger picture. Don’t attempt to guess which technology will be the most important. Look instead at how society is developing and the gaps that are being created. And it’s on this basis that he sees three ‘mega-trends’ driving business over the next few years.

1. Transition from bureaucratic hierarchies to technology-driven networks

Business traditionally functioned from the top down. Management orders filtered down the levels whilst customer feedback would usually go directly to front-line (and often junior) staff. When the system worked, that feedback would have to travel back up through the various layers until management made the decision about whether or not to make changes. Inefficient yes but justified by the high costs of communication.

But now these costs have plummeted, traditional hierarchies are being replaced by technology-driven networks. Think about the disruption to the newspaper industry: vast newsrooms with armies of reporters directed by a publisher with stories being edited to meet deadlines before the publication of a physical daily newspaper. Cue the entry of technology-driven networks (and the advent of Twitter and blogs in particular) and now everyone can be a reporter.

The crowd on each network determines what is popular (by retweets, follower count and the like) and the news that is relevant is delivered to us instantly via our mobiles. The same disruption can be seen in film/television (YouTube) and the music industry (Soundcloud).

Consumers now have the power to clearly signal what they want and find useful. But Fred believes we’re still in the early stages of this process which is only now starting to ripple through other industries like hotels (Airbnb, OneFineStay), creative industries (Kickstarter) and learning (Codecademy). Most industries will be affected by networks over the medium term.

2. Everything is being unbundled

It used to be expensive to get products and services to market. That cost meant that businesses tended to bundle things together that the customers had to pay for, even if they didn’t necessarily want the full selection (think of the Sunday papers with News, Holidays, Finance, Fashion, Classified Ads & Sports sections). Yet technology makes it cheap for new companies to be built to deliver single parts of these products, with the result often being that the bit you actually want is now both cheaper and of a higher quality.

Banking is a great example of an industry that’s being unbundled. It used to be very expensive to open and run a physical branch so the banks offered all types of products, including mortgages, credit cards, small business loans and working capital finance. Yet new businesses are now able to use networks of individuals to provide more efficient, specialised and more effective products – through peer to peer lending for example (Lending Club).

University education is another area where the high costs of traditional delivery – sourcing a building, lecturers, expensive academic books in libraries, face-to-face lectures – are being disrupted by MOOCs and mobile online learning platforms. The network model is also changing the face of research, both with the growth of Open Access publications and by enabling people to collaborate across different locations to enable researchers to share expensive, scarce research resources (such as expensive medical equipment).

3. We are all now a node on the network

The mobile phone has changed the game forever. Whilst those in the developed world still have the option of choosing to use a laptop or desktop rather than our phone, in the developing world, mobile has already won that race for dominance. With the cost of a desk computer too high in such countries for general adoption, people just moved straight to cheap (predominantly Android) smart phones. But regardless of the location, the result is that we are all now connected to each other all the time. Cue a wave of opportunities for businesses who are able to build upon that knowledge of people, locations and photographs across the network – in transport/logistics (Uber), payments (Dwolla, Square) and dating (Tinder).

Where The Three Collide

Fred goes on to identify four key sectors in which each of these three mega-trends are making their presence felt in particular:-

BITCOIN

It’s obvious that we’re heading for major change in the world of money. I agree with Fred’s view that Bitcoin (or similar) is going to be responsible for so much more than just innovation in payments. It has the potential to become the financial and transactional protocol for the internet that has always been missing. As the standard way in which financial value is exchanged across the web and one that is entirely free from the control of any one party, money will be able to flow as freely and easily as content does today. As a protocol, it will also act as a foundation upon which entrepreneurs can build a whole variety of products and services.

HEALTH & WELLNESS

Think of the growth of wearable technology with individuals wearing devices that can report back with details of their vital signs (Fitbit, Fuelband etc). In the future, some of this data will remain personal and private, some will be shared across networks and some will be exchanged solely between you and your doctor, caregiver or family member. Throw gamification into the mix (Fitocracy) and suddenly you’ve got a profound force for good with individuals making positive decisions about how to keep themselves fit and healthy.

DATA LEAKAGE 

When the industrial revolution arrived, the side-effect of such rapid development was the pollution that poured into our environment. By the time we realised and started the clean-up started, almost a century had passed and we faced a far harder task than it could have been had we dealt with it at the time.

Arguably we’re now facing exactly the same problem in the information age – only this time the pollution is data. Every digital activity we carry out leaves data exhaust which is, like it or not, letting other parties observe our activities. Fred’s view is similar to most people that I speak to: most of the time, he’s happy to let the government, Google, Facebook and others spy on him. However, sometimes the services that we’ve used end up recording our activities when we don’t want them to. Therefore, getting some control over this data leakage, both at an individual and a societal level is important.

TRUST & IDENTITY

Currently, many of us sign into services using our identities from other platforms (e.g. Facebook, Google, Twitter etc). Whilst it is extremely handy to use their authentication services, we are essentially giving these companies knowledge about everything that we do. Fred predicts the emergence of a standard protocol that will provide individuals with control over their own identity, trust and data which will be distributed (like Bitcoin, across many thousands of computers), free from any one party’s control and global.

Tick The Boxes

No matter whether you’re a VC, entrepreneur or just a citizen in the modern digital era, Fred’s talk provides plenty of food for thought. Using this framework provides a useful lens through which to watch just how the world will change in the next few years as a result of developments in the tech world.

We’re only just at the starting line: the pace of technological advancement can only accelerate from here on in as networks strengthen and the remaining friction that slows down the voluntary exchange of information between people anywhere across the world disappears completely. So if you’re looking to start up a new business or simply to future-proof the one you have, you could do far worse than take start to consider how to take account of all three.

photo credit: C.P.Storm via cc