 We're heading into where we're headed now and where this is to set you up for tomorrow's session. So now, Dad, I got to call on you. We're a little bit over time, so we're going to have to sort of synthesize many thoughts into about a half an hour. I didn't bring my synthesizer. And as I mentioned, we're going to, immediately after, we can go down the stairs to a restaurant called Joyce. If that interests you, we're just facilitating that. It's not required. It's not part of the opportunity for you that you can take advantage of. I'm going to get it back to you to talk about identity, some sovereignty, and just to really bring the day together. We reinforce sort of the different threads that we've seen introduced before we get into a more regulatory approach to work. Great. Thank you. All right. So the title that I noticed on the program involved sovereignty and, specifically, it was some fireside chat sovereignty in a blockchain world. And then I think we added in integration of the use case, so just to use that again to have something that we can, that's familiar that we can apply. So when I think of the word sovereignty in a blockchain context, the first thing that comes to mind is identity as Amy foreshadowed. So just a quick show of hands. Who here has heard the phrase self sovereign identity, but a small minority. So who here has heard people talk about or you read something to the effect that blockchain can be used not only as a ledger, a distributed ledger for cryptocurrency, but also for digital identity for identity somehow. That's more a little bit under half. So I want to talk about that a little bit to take the sovereignty box. The basic thinking here is that the fact that blockchains are built upon addresses for all the participants that contain public keys for a key pair that the participant has themselves generated like on their own software. And that the participant, let's say owns and controls, so they only control that private key that's part of the gestalt of his vision that the Satoshi vision of self organizing. They're free people in free markets that can self organize and govern themselves. Part of the technical expression of that is the key generation occurs on your phone or on your laptop, for example, as opposed to say something like maybe in other financial services like home banking or other encrypted sessions on the web. So if cryptography isn't involved, public key cryptography is involved, but it's happening really kind of server to server or business to business layer and keys are sort of allocated session by session and frequently. Maybe there's a server certificate, but individuals are not expected to or not even enable to generate their own public private key pair, manage their private key and be known by that as an address or be able to sign things on their own behalf. Like a contract or to a consent. It's a different paradigm and you can use services online like we can use DocuSign. It's a perfectly good way to generate a digital signature or an electronic signature. We can do other things, but in a sense the highest bar of individual user centered identity is when the state of the art of technology today is when an individual has generated their own public private key bear and has made the public keep public in some ways so that people can communicate with them and can authenticate that they're the party at the other side of a transaction. So, based on that starting point, a number of people realize that the key pairs that anybody can generate and manage using a blockchain wallet for cryptocurrency like Bitcoin or Ethereum can also serve not just to identify them as the equivalent of an account holder conducting a financial transaction, but also as an individual person. And so, part of applying that idea to see how far you can go with that was that prototype I showed with a mock trial of seeing what could we sign a run of the day contract for sale of a car. Could I sign a papers with my local city council, I wanted to run for city council as my signature, you know, on my own behalf. Could I provide a consent to some kind. I think the answer fundamentally is yes, it's technically an elegant solution. It's there we have this sort of globally accessible, massively distributed research that acts almost like a meta enterprise layer to do key management distribution. That's one of the core capabilities. Some of the core functionality of the blockchain. We never had that before. The worst technology for cryptography that individuals could use has been for decades. Remember in the 90s, we use PGP a lot at MIT PGP pretty good privacy. And it's uses some you can generate a key pair. We had wallets, which we call key chains and the way we exchange keys with one another is we went to parties, not the Hollywood kind. No, no. I'd say even in some ways even more fun because we super get down and it was great and we could securely authenticate with each other the next morning if we wanted to. I shouldn't push that. Anyway, and at the key party, the big thing we would do what we have fun and just be ridiculous, but then we would also exchange keys. So I would know that Sally, that's John, that's David, that's Jane, I bought his or her key and I put it in my address book. I am quite certain that this key corresponds to the private key by that person because we did an in-person key exchange. It's a really good way to do it. And then thereafter they could be on all sorts of very insecure networks on the internet or worse yet the MIT network were just hacked to bits by freshmen every year. And I know whatever else happened if I got a message from that person and I could verify it with their corresponding public key, it came from that person. And conversely, if I wanted to make sure something got to that person, I could encrypt it with their public key and only they could decrypt it. Only the corresponding key can decrypt something encrypted with one key. That's the whole stick with public key cryptography. So that doesn't scale. And number one, PGP and other things. No one has figured out how to make that easy. PGP was hard. There's been any number of other startups and open source projects that have tried to make it possible for individuals to generate key pairs and to manage them. No one's figured it out. And the first thing that struck me when people were going on an automobile blockchain and how great it was for currency, when I finally sat down and, you know, got a wallet and did something, the first thing that struck me that I thought the big, big news was, hey, these people made it dead easy. They just click a couple of buttons and whiz bang, I've generated a key pair and it works pretty well. You know, it's not like they're the most secure things in the world, but you know, by the current information security standards for mobile phones and for laptops, it's pretty good to protect the private key material. We call it, like, you have to, someone has to concentrate some resources to go after you in order to get that. And so it's purport, I would call it purport, way better than anything that came before. Let me put it like that. And really usable, which is the most important thing for key management. It can be very complicated to make things secure, very costly. This stuff was neither costly nor complicated. So fast forward a little bit in another year or two. And now people with more philosophical and political agendas, maybe, and that may not be a bad way necessarily, who were more kind of libertarian or something like that felt that we could really lean upon blockchains and their key management capability to be a source of identity of free people, fundamental. I don't think I'm overstating that. So then in the digital world, we could create and maintain our own identities. In the fiscal world, you know, thinking back some of the border to revolutionary times in the United States, you know, we would use paper signatures. So if I think about the Declaration of Independence and I think about my own town, I grew up mostly in Lexington, Massachusetts, outside of Boston. We've had a continuous town meeting where if you pay taxes, excuse me, if you live in the town and are registered to vote, you can show up to like the gymnasium or the city hall, the town hall once a year and have an equal vote for how we'll be allocating local taxes and fire police and what are we doing with the reservoir, roads, that kind of thing. It's an open town meeting, not so different from how it's been done for a long time. It relies upon identity, but it's implied. So if a person shows up and you can look them in the eye and if they've signed something and we can sort of eyeball the signatures, is it similar to the tax assessment or similar to the voter registration? These are the ways that we've done authentication in the past, impliedly. You can, you know, push it in terms of like signature and forgery and like, there's deeper science to it, but fundamentally society-wide. What I'm saying probably rings true for people that are not very, very young where some of this is actually not, you may not be familiar with when talking about where everything's been digital, born digital, younger people. But we don't have a way to express our own individual identities in this born digital world. You know, we have identity, but they're not ours. I have an identity when I go to MIT. It's an Athena account. I log into the network. I have an identity at General Electric. I've got an identity at various governments and various terminals and I kind of sit down and I log in. The identity was allocated to me. Or sometimes I'm on the other side of the transaction. I'm not getting an X500 directory or a Windows Active Directory or something like that and I create an account for the first day of a new hire or for a partner or whatever. We give people identity and we receive identity from others. We receive it from Google. We receive it from Facebook. We receive it from government agencies. We receive it from banks. We receive it from our employers. But where I ask you is our own identity in the digital world. On the one hand, everything we do is going digital. We're paying our taxes online. We're being educated online. Some of you out there in internet land. Where's the camera? Wherever you are in internet land. Oh, there you are. You are online. So you're getting educated online. Oh, and there you are. You're everywhere. And we are doing commerce online. We're doing healthcare, increasingly medical online. Every facet of the economy, banking, every aspect of our lives are increasingly occurring online, like the authoritative actions and behaviors are occurring online. I don't have any problem with that. I like that for many things. But it does where it should trigger some questions. Like how about our identity? Are we also kind of transcoding that online in a way that supports and reflects the basic social compact of what we could expect from our own identities up to now in history, up to this point in history. So here's going to give a couple of specific examples of things that might be possible with an identity that's digital that people own and control, which could be afforded by blockchain, that could be legitimate, people own and control them, but may be insufficient if the identity is allocated to us by others. So the basic social compact, I think, kind of post-enlightenment, actually, this is a little funny because you still sort of have the Queen as a sovereign if I'm not mistaken. So adjusting for that, if you'll go with me that far for a moment, is that people consent to be governed. And it is from that consent that the legitimacy of the government derives that's kind of the cromwell, the enlightenment to just block those kind of people. And we say in the United States, at least, that the sovereignty derives from people, from the individuals in the aggregate are the sovereign, and the government is not just born with the right to govern. And we can change the government. This is explicit. But how do you provide consent? So that's the big case, but you could have smaller cases. Like the government really has a need to check some new drugs out. You know, it's important public health. And we'd like to check them out on you and you and you. Okay, so do we need a consent for human subject experimentation? Yeah, we do. You know, post-Nuremberg and some fourth, human rights. So when you have a consent based on human rights, from whence are you consenting? There's something a little funny when you go to a doctor and they provide you the mechanism to provide consent back to them. You go to a government and they provide you the mechanism to provide consent back to them. You go to a commercial merchant, they provide you the mechanism of the identity mechanism and authorization service to provide consent back to them. This is actually a little bit weird when you think of it. Consent, fundamentally, I'm speaking like putting my lawyer hat on now, just imagine, and I'm sure I brought two hats, is a two-party transaction. One cannot consent to oneself. It's a different kind of thing. You can decide something for yourself, but consent requires two or more parties. Does that make sense? So there's something hinky about one party holding all the cards and being able to basically, for all intents and purposes, generate or in the bad day concoct what had happened after the fact about with consents and server logs. When it's supposed to be, when the consent's supposed to be coming at an arm's length, they're away from an external party. Somehow we need to have a meeting between parties and each party needs to be responsible and accountable for, but also have the right to utilize their own method to come to that party and their own method to provide consent. You could agree, you know, what flavor. We're going to do this with digital signatures or maybe we're going to do it with biometrics. Like, that's fine. But what I'm talking about fundamentally is having a capability individually to sign something on your own behalf and that you completely own and control. This is kind of core to the post-enlightenment age. There's a big gaping hole in technology where that, I would say, those design requirements are supposed to be fulfilled as we're doing more and more important stuff online. Maybe some people think that blockchain could be utilized like the key pair of blockchain could be utilized as a mechanism for people to express their identity in a way that's usable for online transactions and for other times when you need to express an identity and you need to log in, you need to authorize an integration between the service and that service like my Dropbox to my Outlook or what have you or when you need to provide consent up in the ante a little bit. So that's the idea of so-called self-sovereign identity. In the media lab, at least in the research group that I'm in in the last couple-ish years, we've been using a less charged, almost political slogan from the self-sovereign identity and we're calling it self-sourced identity and just trying to keep it a little more, you know, a little less hyperbolic, I guess, and talk about identity that sources from the person identified. I think that's more accurate, I think, and less dramatic way to talk about it. But self-sovereign identity, if you Google that and encourage it, go all to Google that at some point. You'll see there's a whole body and there's a bunch of startups and a bunch of people looking at that. It's a good thing to be looking at. You know, I think we're generations of a way of maturity model, sort of grand-arc technology adoption in the sky from having this stuff really ready for things like I signed my affidavit and I attested this tax statement or I, you know, consent to medical procedures or to be governed. Like, we're going to have to, this stuff will have to be even better than the blockchain one. Good, though, that may be. But that's the vision of sovereignty from blockchain. I want to show you one other thing. Can I click? I don't know why I can't click links here. I'm great at computers. Oh, it's on time. Let's have a moment of reflection to quiet contemplation of our own identities and the nature of sovereignty. Maybe two moments. Cleansing breath. Identity is very complicated. It's been processing right now. Anywho, what you're about to see, I think, is a notepad document where some friends are starting to put together a bit of an article on the nature of sovereignty. Woo, this is something. Sovereignty is like a blank slate in many ways. I'm talking to Larasa. You know, it comes from nothingness and we assert it into existence one fine day. See, I'm worried if I start talking about it and then it shows up and it's different, it'll catch me. So I feel like I really need to have this rendered before I start pretending. Okay, here we go. Thank you. Okay, so this is something that some of you will be familiar with. Kings and queens. Okay, that's the way we typically did. And also, you know, emperors and warlords. So that's the typical model of sovereignty. No surprises there. Fast forward a little bit and sprinkle some of the enlightenment on and we've got a new kind of a concept. What is this thing of a person? We have some links to just some of the basics of the enlightenment there and there's some interesting cases. So I remember when I was a government lawyer way back in early 90s, mid 90s, there was something I really depended on and I loved with sovereign immunity a lot. It was my good, good friend. So every time a government worker ran someone over in a government car in a government errand or blew something up or did some amazing thing that caused harm. In the fullness of dispute resolution, being able to lean back on an absolute limit of our damages was real handy, especially when I was still formulating my legal skills. Just, you know, having sovereign immunity is terrific. Why do we have sovereign immunity? Well, actually, okay, so who here, who knows about sovereign immunity? Has anyone else depended on it like me or has anyone been on the other side? Why do we have it? Mike, this is from a policing background. The Police Service Act and other immunity that the police have for certain actions. It's a policy depended on white hats trying to do good and can't have certain things thrown in their way to impede their ability. It's the balancing of public versus private interests. Got it. So basically the victim just said, it's basically public policy. The white hats are trying to do their job, they want them to do their job, and in order to make it work, an allocation of loss is necessary. You can think of good Samaritan statutes, not so very different. In the big scheme of things, if you balance everything out, it's not that no harm is done, and could it sound negligence or something like that? It could. Is that the result we want? There's a basic concept that we like to live in civilization, and we like to overall have government, and we don't want to bankrupt the government, and we don't want to drain its coffers 100%, and the certain public functions. I mean, one of the big things that comes to my mind is, at least around here, government has an exclusive monopoly on the use of lethal force and on the use of violence. Police, you mentioned, military, paramilitary. So, that means that none of us should have to go to war against the other province, or to defend our households against the siege, like the old days before modern governance. And so, in order to provide these kinds of capabilities, sovereignty is a mechanism to make sure that we keep having the government and that they can plan and manage what the reserve fund for litigation should be next year. I mean, having no clue whatsoever is difficult for a slow-moving government. There's other reasons as well. But when you kind of go a little bit deeper... I can't really click this. I'll give you the link to this, and we're actually doing a public drafting process on this sovereignty article. When you go a little bit deeper, one of the things you discover is that there's people who have been trying to extend and even bend concepts of sovereignty to see whether they might adhere outside of a classic national government. In the United States, it's somewhat radical when I think about it, freshly, sovereignty is explicitly recognized as something that the states have and the equivalence of the provinces or the people, respectively, unless it's related to an explicit power that's been allocated to the federal government in the Constitution, which was originally a small list and we couldn't interpret that rather broadly now. So we've actually said that it's going to sub-national governments or to people, respectively. There's other cases where vessels under maritime law have been held to have a morsel of sovereignty. There's some interesting cases there that we're digging up. And there's cases where there's new sovereign nations sometimes come into existence based on the agreement of a lot of people. There's been a great example of an oil platform that was abandoned, which a bunch of techie people kind of populated and put a bunch of servers on and wanted to turn it into basically a sovereign entity on its own right. And so now with blockchain, there's a lot of interest in this very niche, all but forgotten corner of the law, injurious prudence. And people are wondering about the possibility of creating organizations that have sovereignty and that literally exist and conduct themselves solely on blockchains. You heard earlier today this weird acronym DAO, Distributed Autonomous Organization. This is a real good example of what I'm talking about. So I'm going to say you put two building blocks together and people think maybe there's an opportunity to start exploring sovereign entities on a blockchain. One of those building blocks is identity that I just somewhat belabor at some point, the individuals that have their own identity. The other one is smart contracts. The ability to write some code that does some things like in escrow funds and release them upon a certain condition can listen for certain triggers and take certain actions to basically write a smart contract that people consent to using their blockchain identities that doesn't just do an escrow fund or maintain and preserve the books of a corporation or other types of things that these dApps are doing. But there's actually a full organization that fills out all of the functions and the flows that we'd expect from an organization. So we have membership lists and roles of parties and maybe types of things that the organization can do, can hold property and it can absorb other organizations. It can split parts of itself off. These are the types of things that people have coded into fairly complicated, like solid and smart contracts and other contract languages. I'm sorry, I just stopped here for a particular reason, probably because I couldn't control that they built into these so-called autonomous organizations where the Constitution and the functions of the organization are instantiated or inscribed in the smart contract code. So this so far I'm going to say is way over the horizon. It was somewhat surprising to think about it because I thought, well, do people need to know this for their jobs now? Absolutely not. You totally don't need to know this in my view, but do you need to know it just to be aware of what's happening and what are the conversations people are having and what's bubbling up? I agree with Amy. I'm glad you did ask me to talk about this because there is something happening for sure. There's a fair amount of money and there's a lot of effort and there's a lot of smart people and autonomous, I'm going to call it a DAC, actually Distributed Autonomous Corporation is much more modest than the big goal of almost like a nation state is how it sounds to me when some people talk about it, the dows, but creating an autonomous maybe like a shoe store that just kind of does one or two transactions online that can keep track of everything, can keep track of its tax requirements, can keep track of the annual filing to maintain its corporate status, can keep track of its inventory, can keep track of its website, can keep track of its customer segmentation list and kind of roll it together with a single authoritative source of data that would be not bad at all. Don't necessarily block chain for that. I mean, you could just decide to have your company utilize in a single authoritative source of data, but the truth is when I've been involved in startups which is quite a few of them sometimes if it's a bunch of geeks that are starting up we swear solemn oaths to each other that we're going to have a single authoritative source of data for a company and then you know, it starts expanding or there's pressure and then we're like except for this we'll put in sales for except for that it's going to be quick books obviously because we make all these compromises and before you know it's a raptured mess and we don't know our own organization we can't track things all the way through and we're just, you know, like everybody else just trying to survive day by day and quarter by quarter so there's something interesting about this idea of using block chains where a lot of assumptions are questions to start with and it is an opportunity to have a fresh start to maybe take one more whack at a very prudent vision for the management of business with technology and that is just specifically encoding all the things that it does and all the data that it has in a single architecture and with a single authoritative source of truth not totally fractured across a bunch of systems it's not unreasonable so there's actually a start up that I don't have to mention this to you say it now there's a new project that we're I'm going to do in January and February in Tel Aviv with a couple of start ups and some US people that were calling CorpBot corpbot.com CorpBot.com don't bother looking yet because they need to maybe end the plane right back to finish the website but it's a it's a concept to basically create a completely integrated simplest possible corporation the USA would probably be like an S corp it might be a one-member LLC something like that and to run it through a corporation with a secretary of state maybe Kansas because it has an API for that maybe maybe another state and to create a website basically like unpack itself to do a few simple transactions and to maintain its legal operations and that everything that occurs be on a single log and make sure the log is auditable and be able to look at all the activity and then the idea is to basically use some simple data analytics like eigenvectors and Markov chains and there are various ways to measure the behaviors of the company and to see the deep patterns of it and to basically be able to manage our own organization all the way through by having everything that it ever does capable of being computationally addressed let me put it like that because we have all the data and we have all the activities and all the state changes that have ever happened so that's emerging and that's maybe one day in the future like a township or a county or an entity like that will express itself not across 275 different systems that can never it's like empty-dumpty you can never put it back together again start to see unified data processes of entities that already are sovereign that's one way you can get there or of new types of entities that may be emerging as we move into the digital age what was the other topic was sovereignty in a blockchain world okay well those are some ruminations on sovereignty in a blockchain world was there anything else you wanted me to address in there okay so similar time okay it's almost time should we take a few moments to yeah for discussion yeah for discussion okay and that's great five minutes of anything goes time so anybody who's put in an SAP system or an Oracle system there's always that promise of one version of the truth which you're talking about it's a lie it never happens and whether it's because of the laws of entropy anybody who's ever put in an SAP system or an Oracle system knows that there's always the promise of one version of the truth and it never happens whether it's the laws of entropy or something invariably human element or great forces of the universe conspired to make that not happen and it sounds like just what you were just talking about runs hard against that and I'm just curious if those if those human elements or those factors that are somehow intervening in all these practical expressions we've historically seen that run against one version of the truth with one system of of of record it's like the matrix doesn't it at some point fall apart for reasons and how do you address that in the things that you're developing what a great question did everybody kind of get the question did you get it so the short answer is I don't know that's partly why I want to spend time this January and February actually creating something that has for real a single source of truth for everything in the entity and then let it run in lab conditions first and do that however many times it's necessary before it is in the total failure working and then eventually kind of let it off the leash a little bit and be able to measure and see how it does doing some low cost not sensitive hard to the mission critical kind of trivial things and kind of see how it goes and then I think I'll have a better idea speculation right now about some of the problems with this are included number one the main issue so you mentioned SAP and other so called DRP systems the main thing with those my experience it can create a single source of truth within its scope and domain so it's like human resources and compensation management DRP system you can pretty much force everything you know it didn't happen if it doesn't appear in the system if it's like a supply chain or a purchasing system like you can kind of force things there to operate a check unless it shows up here even if you have to go back and do it again but the issue that we're trying to solve is a little bit different even what I just said is herculean to get everything to actually happen in the system when there's a really urgent deal and the CEO or the governor or someone is like saying just make it happen it's really hard to not just kind of make it happen but you can do that like I think MIT has done a great job at making all our purchasing and some of our other stuff happen in a system and it took a long time a lot of cultural change to make that happen some of it falls down is how do you know how many systems there are that when you add them all up there's nothing else that is here entity well is it my email is it my visitor log book is it my every change on every website is it I don't know every network state and every server like is it I don't know and then all the back office stuff is it every memo that every you know what attorney ever did and is it every web search they did so just knowing like what is what does everything even mean is one sort of existential question that we're going to try to tackle in an honest way and make everything that's a that's important somehow to that company exist in a unified data structure and then I think the other thing and you know I think honestly like the way these things go I'll probably be dead if I live a long time before this ever happens but if we could do it and then you kind of look way into the future some people worry already that we'll have another problem which is over reliance on this did you mention the matrix so it's very savvy some people are very up in arms already including our collaborators here we're our partners for Corkbop that you know this is a bad idea because the malevolent robot overwords will crush us obviously immediately as soon as you know we write the first line of code I don't really foresee that happening anytime soon but it does it's a legit human instinct question about it goes back to what we were talking about earlier it's been a theme throughout the day which is what is appropriate for human review with judgments and what's appropriate to happen in an automated way or on a chain or even an AWS and some service that you made and you know I think these questions might be seen part of the reason we're doing this through MIT this Corkbot exercise is in order to try to get a little bit more real about what the possibilities and capabilities are but also perhaps the risks and dangers we can kind of take a clear eye view of them and you know add to the knowledge of that you know so going forward maybe we can make better decisions and target investment better I believe and I suspect that there is a lot of good value on the table to be had for people running businesses they want to manage them more efficiently and be more agile and be able to adapt to the environment and change their own organization faster for government for sure for regulators for partners and supply chain for everybody you can the whole value chain if we could just agree to not make that you know original sin compromise is fracturing the systems of a single entity and just try to play it through all the way with all the official important data if not a single authoritative source like an identified and manageable set of sources so that proper data management and application and like infrastructure management that is unified so that we can know what's happening and get real time monitoring and we can go back and do historical analysis better predictive analytics and roll out changes in a rational way as opposed to the painful ways to change everything now and even wonder what the implications would be for changing things or how much it would cost or how long it would take to evolve what connections would be breaking and all those kind of things so anyway there's some ruminations on sovereignty okay and that's probably way more time than you said I had so I want to just say it's been great being here I always loved doing things with Amy but it's been terrific talking to the few of you that I've had a chance to connect with and I appreciate the questions I really like the other speakers I just want to thank you all for being so thank you so much Dada for being here and supporting the whole initiative and being a real voice of wisdom and like in every way so thank you three things, your journal