 If you've been here for the past hour, you've heard most of these speakers. I'm going to skip the introductions, because I'm really eager to let you guys talk. But if you want to know more about them, please Google them, everyone's Twitter is up here. So let me just start with the first question. And if there are things you want to share on the introduction level, please add that. But if the panel could please describe a little bit about the place you're coming from for the people who might have not been here for the talks, and also kind of why you choose to work in the identity space. You can all agree this is a pretty accomplished panel they could do, kind of whatever they wanted. But why are you investing your precious working years in identity? And maybe we'll just go start with Elizabeth and go over. Yeah, so for me it's a personal pain point. So I've lived and worked in five countries on three different continents. Every time I've moved, I'd have to reestablish my identity. In my personal background, I have two European parents, I speak five European languages and I cannot get a European passport because my family has no records because borders have changed and things have shifted. So the tremendous friction that I've experienced in my own personal life is what drew me to the idea of self-suffering identity when I first heard about it back at the MIT Media Lab last year. So it's a personal passion of mine and also having been a data protection privacy lawyer for the last eight plus years. So I see the tremendous opportunity for us to decide to correct the data models that exist today. So my background is in economic development and financial inclusion in places like Africa and Asia. And the reason why I came to the identity space is because there are 1.7 billion financial excluded and identity is one of the biggest barriers to financial inclusion because of KYC regulations and so forth. So that's why I'm here. That's really good. I went to school to become an economist. And halfway through trying to become an economist, I fell into technology. I spent a great deal of time building technology companies and making small fortunes for venture capitalists that didn't even money. So four years ago I founded a company that was about using the distributed ledger for healthcare and healthcare records. And two years ago, two and a half years ago, I founded this company pivoting away from the problem of healthcare to the larger problem of identity. Healthcare just scratches the surface of identity. It goes so far down, all the way down to every individual person and how they lead their life. I got into identity to solve a couple of major problems that are near and dear to my heart. The financial inequality that I was speaking of earlier and the cost of capital in the frontier markets hits a lot of my friends. I went to a graduate school that's 70% international students. I've maintained all those relationships and I see how their lives are playing out and it personally impacts me. That's how I got here. I've been working on identity my entire professional career basically and I got started after connecting to a network called Planetwork and they were a community who had done some introspection about how could the internet and the emerging web at the time in the late 1990s serve people on the planet better? They identified a missing gap which was user-centric digital identity. How do people own and control their own identities and they wrote a paper called the augmented social network building identity and trust into the next generation internet and they said if we don't get user-centric digital identity based on open standards, giant corporations and governments will own all our identities and lo and behold 15 years later that prediction is right except we've been continuing to convene and gather to try to solve this challenge and I think we're on the cusp of these new distributed ledger technologies and the open standards around them providing a way for people to own and control their own digital identities and support all the communities of people connecting in a peer to peer way not being intermediated by entities like Facebook or other centralized social networks but by our own own to manage by ourselves in our own communities so it's very exciting. So one of the reasons we wrote this paper is because when you talk to these folks you're both excited by what they're talking about and at least I am generally confused by the very elaborate terms that are used and then people are talking about self-sovereign identity and then they suddenly say user-centric identity and then they throw in federated identity and my head just hurts so what we try to do in this paper is make sure we walk through these things and explain some of these terms and I want to be clear digital identity could be centralized identity you know people use federated and user-centric identity a little bit interchangeably when they talk about Google and not and there's nuance there but we're talking about self-sovereign identity we're talking about identity where you the user owns and controls your data it does not sit on someone else's database you and only you can turn it off and and and I chose to focus my paper on that both because it's the fuzziest and most confusing but also because the work of digital identity has been handled by others so I want to point out the Center for Global Development wrote this incredible book by Alan Gelb and Anna Diafazi Metz and it's an incredible walk through digital identity so that that's a whole thing and we're not talking about that I'm not tackling that whole thing that's been done we're talking about self-sovereign identity this idea that it would be controlled by the user so the question to the panel is with that clarification when is this going to stop being theoretical when is this going to actually happen in the field when are live going to be touched when are people everybody likes to sort of almost fetishize the bottom million we're going to help the poor people one day like when is that going to happen and when is this going to be real and if there are pilots going on this is when I'd love to hear about Brad you want to start sure so rubber is meeting the road this year we've announced a couple of significant partnerships with sovereign governments will be distributing liquid propane gas for the government of Indonesia inside of their TNP2K which is their poverty reduction division of the office of the vice president the pilot will involve 6,000 individuals who are receiving this aid and that'll be happening later this year also we've announced the Cambodian government central province is going to be using ever ID to track healthcare and to track neonatal disbursements of foodstuffs and vitamins for mothers and post birth for the first year of the child's life so that thank you for those examples the tipping point when is this going to go from pilots to oh when we succeed yeah pilots generally in technology are proof points and governments like proof points their point Elizabeth yeah I think there's um there are two things that are happening simultaneously right now that will tip the scales I think the first is the technology coming a long way the mobile device becoming near ubiquitous and having sort of the capabilities that we need to manage the kind of wallets that we need and to have the the um autonomous agent capabilities of of managing your connections and your data I think that coupled with changing attitudes although they're still painfully slow to change around threats posed by GAFA and these large intermediaries I think those two things coming together you know we still don't have enough pain I think we still need more pain I think you know you've seen other countries these delete Facebook days and you've seen some backlash and and I'm very active in in working with governments around the world and you see a lot of governments very aggressively tackling this we don't have nearly enough pain right now I think here to appreciate the gravity of the situation I don't think we have enough transparency and understanding of the risks so I think the technology coming along in tandem with the policy work that you know we're trying to do particularly everyone we're very focused on this policy engineering aspect to illuminate kind of the the scale of the problem have to happen together otherwise our concern in the self-sovereign identity community of course is that a Google or Facebook will come and do this first and that we'll have the same trust problems that we've had all along from our perspective if you want a concrete example we're very close to production level roll out with a credit union consortium of basically creating a new digital credential that will be portable across the credit union industry and globally as well and that's really interesting area because credit unions traditionally have been able to be a little bit more innovative than banks just because of their regulatory environments and a lot of people on this panel have mentioned financial inclusion and so these kind of alternative sources of of credentials and identity are really interesting to us and then of course I think you'll probably mention it later but we've also got some work going on I respond that's pretty much live so so I think that we're we need to be more focused on the policy work I think there's been a lot of emphasis on technology and not enough emphasis on the law and the policy and I think the real catalyst is going to be from the shifting attitudes there yeah so I agree that we're getting closer to the tipping point you're starting to see policy converge with you know the the technology there's definitely more participation in the open source open standards conversations and but I think we still until we have acceptance for your daily transactions like right now I can't go to a liquor store and show my Facebook or LinkedIn profile and you know they'll give me it's just until we see that happening you have not reached the general population and I think we're a ways off on that with self sovereign identity it's going to take a lot of hard work it's going to require adoption by government and I think they are going to banks and governments are the ones credit unions I think are fantastic you know driver of getting this and we don't have enough friction here in the U.S. like those of us was saying or even in the EU I think GDPR is helping push some of this but I think you know in places where there is so much exclusion and the policy is so far behind you'll see the leapfrogging of this technology where there it's just going to happen right one of the the leading early adopters in the space is actually government the province of British Columbia has been actively building tools for their citizens and also for their different government agencies and they're looking at this year rolling out the issuance of verifiable credentials to businesses who are chartered with the province along with the licensing that whatever licensing they have at the provincial level so that the businesses now will have digital versions of all those credentials and can use them to interact with other governments like the government of Canada without having to fax around a bunch of paper so there's there's signs like this year you will see things actually out in the field and that gets to the point of registries right so what that what the BC government did and this that's also mentioned in our paper is have a registry of companies and that was a centralized data registry where they said hey company here we've gone ahead and taken this data I'm using broad strokes here you know we've taken your data we packaged it up come and claim it and move it into a digital wallet for your company so that's this idea of self-sovereign identity applies to organizations but the way I think about it is the identity is how a registry starts to wrestle with and understand what self-sovereign identity means for the future and that's and I'm not asking you to all be like yes Mike you were right but what's what's your thought on this idea of bringing registries in because as a property rights guy the fact that I'm mentioning registries is almost like of course you're it's all property rights people do so I mean when I've said this to you any thoughts or how how your platform would think about its interaction with registries which I think also gets to the a lot of what you've said Shelly of governments in fact you want to well yeah you know actually we we are we just recently launched three box a consensus which is leveraging you port and it's I'm reading something here because this is very new open source data storage solution for web 3.0 that allows users to manage private and public information on decentralized web this so the data there's a registry on IPFS which is the interplanetary filing system and it's managed by the orbit dv so we I think registries are critical to the adoption and so I think there is a little bit of a misconception with self-sovereign identity that it means that we're doing away with all the conventional routes of trust of government central banks you know universities it's quite the opposite actually what it does is self-sovereign identity really enhances those existing sources of authority and roots of trust and brings them into the 21st century so registries are incredibly important I think those of you are familiar with blockchain may have heard of something called an oracle or an oracle function basically takes things that exist in the real world real real world real world assets and translates them into what's recorded on the ledger or a blockchain and so of course we have the problem of garbage in garbage out so registries are incredibly important especially in the property context if you have valid and legitimate and accurate registries that exist in the real world being able to digitize those and leverage blockchain to kind of enhance the verification capabilities is really an incredible improvement enhancement and allows that direct accessibility so that you don't have to go through the land registry office or various you know bureaucratic agencies that might be very slow and particularly in certain you know geographies and areas where some of those institutions are lacking trust and are lacking transparency and accessibility the voting registry is a really good example right so we think about it maybe with we're thinking about real property or land rights but if you think about other registries that are incredibly important to make more accessible and more transparent to individuals in a lot of critical places with vulnerable populations and there's tremendous value there the other thing I would say though is I would caution against as a lawyer I worry about the presumption of you know if something isn't documented it means it doesn't exist I think we have to be very careful about that in the blockchain space we have to be very careful about the fact that registries are not perfect right they're created by humans are a lot of flaws and then further baking those flaws into an immutable record is a very dangerous proposition so we need to be mindful and and sometimes slower than we'd like to be in cautious about that I don't want to live in a world where if something isn't on the ledger it means it doesn't exist and I think that's particularly important from a human rights perspective and intrinsic rights that don't require a deed or a title you know that are that are that exist independent of that record so that's the only caution I would add to it Brad clear I would echo Elizabeth on this I I believe that the registries that exist today are critically important for us the leverage in a self-sovereign identity space the institutional attestations and community attestations I was referring to earlier are exactly that in Bangladesh as an example the community attestation matrix that they use to distribute funds to school-age children has absolutely no root in any identity other than other parents of students vouching that you're you and they sent hundreds of millions of dollars through that capacity just based on the community web of trust clear you you've already applied yeah I mean registries are important and the conversations with governments about how they leverage these new technologies to do what they're already doing but in a more efficient way that's more empowering to their citizens is is really happening and I think it's it's not just how they leverage SSI but how the existence of fssi sort of forces them to evolve right registries need to do you think about what a registry does and we make this we belabor this point in the paper step one is validate that you're you when you walk in and you want your name tied to your car show me your driver's license from your identity if there's a functioning SSI system what does that change so Elizabeth mentioned iris bond and I want to digress and you saw me fumbling with my papers that's because in the past six months of writing this paper I've both everybody has said to me okay so we're doing this really cool thing but I don't know if you could talk about it Brad and his co-founder bob were particularly bad at that but but iris bond really hammered the point home but in the paper I was just checking that we were allowed to publish this in there are Kate there are briefcase studies in East Africa Myanmar and Thailand where they were using this for health records and for human trafficking and you're probably thinking wait who's iris bond why aren't they on stage so I respond as a biometric service provider that is out in the field working hard to bring digital identity uh self-sovereign identity to lots of populations and I just want to share one exceptionally cool example that I respond mentioned to me and he was like gentleman's name is Peter he's the CEO of iris bond and he said you know HIV vaccine studies are happening right now in East Africa and if you're an enterprising young East African if you're anybody anywhere and someone's paying you an incentive you're going to want all the incentives you can get so there's three vaccine studies sign me up I'll take a $50 amazon card from every registry right the trouble is if you have three hiv vaccines in your blood we don't know which one worked so I desperately need to do as many studies as I can as fast as possible on these vaccines and pick a country but once you've signed up for one I it's not okay for you to sign up for any others and how do I do that if if you want the money because there's people to feed you so the way they do that is they take the biometry the raw biometry they put it in a template they hash it and they listed in an anonymized shared directory between these different hiv studies hiv vaccine studies and then once you go to enroll you do an iris scan they check it and if it's already in there it's anonymized it's just a hash of the of the template you sorry you can't enroll in this study you've already been enrolled in this study so that's just one example of like an innovative use of the technology we're talking about in the developing world but what we're talking about here with East Africa and Myanmar and Thailand is how iRespond has been using biometry and self star identity solutions to deliver aid in the manner which Brad alluded to but back to the question I still don't know who iRespond is so iRespond is a biometry provider that works on the sovereign works with sovereign and that and then you were asking the question and this is one of the things we try to elucidate in the paper what's the difference like Brad and they're all they're all doing self sovereign day right so i can use them all and and i've taken the liberty of describing the difference this way if you think about it i was i was driving here today and i saw one of these scooters and it had on the bottom those you know those two logos we all see apple store google play store download the app right these two platforms but if you think about it the google is a big wide android platform that you can use a moto phone an android phone a pixel phone whatever you want but it's a it's a huge platform that you can build different things on whereas apple is an integrated wall garden where all things have an apple logo on them and that is how i with my clumsy non-technical probably wrong perspective think about everest everest an ever name at least you could have chosen names that didn't start with the same letter right so i think of everest as an apple solution they are an integrated fully baked you walk into the everest thing and there's everest everything to meet your needs including biometry it's really fun to talk to brad about biometry and talk to peter about biometry there's conversations going on forever whereas ever name is trying to build this one massive platform that everybody can build different things on and i thought incorrectly that i respond was working on that but then i introduced i respond to brad thinking i would get a good debate out of it and they ended up agreeing to maybe work together because they can also use their biometry solutions so there's a lot of really exciting stuff but i think thinking about the difference between these players the apple model for everest the google model for ever name and then what's what's you port doing well you port's inside of this whole other about it no i mean there's a whole consensus ecosystem so once you dive into the blockchain world and you get into the df world and i realize for some people i'm speaking a foreign language and i apologize then you need an identity inside that space and could that identify port out so this it and we're in the very beginning of a tidal wave the very beginning and i'm not saying anyone's going to win i don't at the end of this paper be like i love ever name the most i don't say that i say that these i'm i wouldn't be surprised if i one day we saw identify yourself with ever name or with everest it wouldn't blow my or with you port you know i wouldn't blow my mind um and that gets us to the to the more exciting part of this panel where we start talking about the differences of how these these things work so one of the differences that comes up in conversation a lot is open standards versus open source and i'm just taking us right to the to the good stuff here can you talk about the difference between open standards and open source elizabeth and why you guys do what you do sure um so we have the open open open approach which is open standards open source code and open governance and i alluded to some of this in my presentation um we think that without all three uh we don't have a sustainable interoperable solution for the for cross border identity management so the open standards that kalia covered really well in her presentation around um the core of it is the did or the the decentralized identifier um so evernim and the sovereign foundation have been very active along with kalia and others in the w3c and the diff as well which shaley mentioned and building out these open standards for effectively how do we speak the same language around our decentralized identity management um so the did is as i said the core of that um but they're and so there are various did methods there's a you know u port method um there's a sovereign method there's a um a bitcoin method there are various kinds um but we want them to ultimately be interoperable because we don't believe in a law of garden approach we believe in this open open open approach the second piece is that open source code as i mentioned so everything that we're doing is built on hyper ledger indy which is part of the linux foundation which is um basically as i mentioned the apache to license um with a few exceptions there so that's all uh open transparent and auditable um and the third piece which is really important which i think a lot of projects are losing sight of is open governance so as i mentioned we have a public uh fully transparent auditable governance framework uh formerly formerly called a trust framework but now a governance framework um which outlines all of our policies and procedures and processes for changing everything from a technical standard to um uh design of the network to how stewards are qualified to participate in the consensus protocol and validate transactions on the ledger um so everything is is out there for everyone to see and inspect and so i we really feel that without as i mentioned that that all three elements uh you don't have a fully uh sustainable solution thank you rat how about ever um that was very well but uh i would characterize our approach um as the apple approach apple is an openly proprietary system manufacturer they take open source tools and create a proprietary attack the stack of those open source tools in a very similar way we take open source tools and make a proprietary stack and the live of that stack the uh open standards are important open source we are uh less religious about because of some of our experiences in the open source community uh for four and a half years i sat next to bram cohen the creator of bit torrent and i've had many many conversations with bram some of them centering around why did you put this in the open source and he has a very standard response it was in fashion at the time in 2003 that's what you did to become a cool coder you put your thing into the open source community i would bet that all of hollywood and all of nashville would argue that this was probably a bad move okay it cratered to entire industries that's just the facts so that open source probably not a great move um similarly apple with fair play takes a proprietary stack of open source tools wraps everything in itunes in fair play and sells it to you why do they not open source fair play because knowing the recipe allows you to attack it once you understand the recipe it's a vector of attack i can just sit here and hammer on this one thing until i figure it out if you obscure the fact that your recipe involves these 75 steps it's much harder to attack so for that simple reason there are components inside of our system that will never be open source other components will be open source and some components will be derived from open source communities which we will be providing back any enhancements to as good members of those communities can you also talk about dids sure um so dids uh are quite important there are multiple competing uh standards around this we are based on a private permissioned ethereum blockchain which means we are not open on mainnet we are operating our own thing the inf that i was alluding to earlier is the actual operator of that underlying blockchain uh inside of ethereum there are known as ethereum improvement projects eip eip 725 and 735 are claims registry and acclims management system so while the ids that are being standardized by the w3c and some of these other organizations exist doesn't necessarily fit directly into my world because we're built on ethereum and there's already a solution natively there yeah i would we use the similar standard the erc eip 725 um this is our proposed identity standard um the way we feel about open source amazing we love it open source is great um open standards we are all for it and i think we're trying to learn from the previous attempts of um you know the it use identity standards and then open id from enterprise id uh for for enterprise id and and but we can't wait so in the meantime we are going to move forward with the erc 725 and just continue to learn so we're both cringy not we're both so what's your perspective on so i just want to say like u port isn't erc 725 in fact the u port team has written a very clear distinction between their entire stack and how it's quite different than erc 725 thank you i don't work for u port i work for consensus i'm supposed to be thank you so much for clarifying that but but this is this is the fun though this is what writing this paper was so much fun right because you talk to kalia and there's an impassioned plea that open standards are the way the truth in life and without them we will not be saved and then you talk to brad and he says this you know he's got the great story about bit tarn and and what's important to understand is what we do believe the future and we have when we have heard that governments are starting to do proofs of concept these ships are these these things the reality is ships are being built as they're starting sail across the ocean and that's really true and i think um i think that um different different projects are starting in different places right so uh brad's companies choices are informed by the market that he's going into first the choices to center around open standards specifically for interoperable verifiable credentials he's really rooted in companies looking at developed world context with significant existing registry systems that are functioning using paper and the question is how do you transfer those multitude of different credentials that individuals carry in their wallet and have on their walls from universities from governments all sorts of places how do they collect those up in a digitally native form that's trustable by other folks when they present that and those are two really different problems and to solve that problem of multiple credentials from multiple sources a really good way to get to interoperability really fast is to have open standards so that a verifiable credential is the verifiable credential and it's easy to read and store in whichever wallet you choose whether it's a veris one one or one produced by the company ever in him or one produced by a different company also working in the sovereign network or one produced by you port right like that i should be able to collect my verifiable credentials from wherever they come from using whatever software and store them in any wallet that accepts these open standard space credentials and then present them right so that you're building a complex ecosystem of service providers who are all able to speak the same language even if they're using different code underneath and i think for us to have this paradigm shift to move what into is truly self sovereign identity has to be vendor agnostic that we want to build it so that if we go away your your identifiers don't go away and they're not now useless and your credentials are still you know accepted elsewhere so i think that's the problem with the wallgarden approach is that um there is that vendor dependency and that really isn't any different from the way it is now so i i really that's why i think kalian i'm passionate about this um is is we want to flip the paradigm we want to take the vendor out of the center we want to put the individual in the center and that means that they have to be able to to take that anywhere that they want to and and and you know for for a long time as well not because someone's around so again ideally if we go away it doesn't change anything you can still go and use your credentials in your dids and um they'll be accepted and you know they'll be compatible with other wallets and other agents and and other pieces of technology as well brad you want to um yeah i mean i'm not trying i'm not trying to get this into a no no no but i just want there's there is an important distinction to make here and and and you're prodding me at the exact right moment so um there's a significant difference between a federated model and a concentrated model uh everest and everidea is a concentrated model we take in all claims and we write them do a central datagram that you carry around with you that datagram contains all of your claims i don't have to go out back to my bank and say am i really me i don't have to go back to a government server and say am i really me and more importantly if my insurance company goes out of business and that server is no longer powered what happened to my claim if my bank gets bought by another bank and the bank that did the acquisition didn't decide that they liked the service and turned off the server what happened to my claim uh i think it's much better for us to concentrate all of that information and allow the user control over that information so that's a little bit of a difference between the way that ebonym sees the world in the way that everest sees it concentrated concentrated exactly there's a lot more nuance there and there's a lot more so one of the things that we worry about is centralization by decentralization so we don't want a decentralized source of truth to now be the central point of failure right so there there still has to be this sort of um multi-source complex layered approach um because you can have you know if you have a full dependency on one ledger or on one provider on one wall then you have the same problems that we have now so i think there's just that the consciousness of but then again it's all very early days that we don't we don't actually know what the best approach will be i think it's a healthy debate no i'm still learning i just started when you peel the onion and you look at what breton coding features and you look at what a look to just explain the parliament and you look at what shaley's working on which is part of a much bigger who does land rights in the field using tech if they were to go forward and do something which platform would they use and that what we attempt to do in this paper because again i'm always selling my latest work which is free by the way i'm just selling it um well try to do in this paper is give you the the the uninitiated a way to start thinking about just the questions you would ask if you walk into the room with any of them as well as it could be a drop some names in their various one moody there are other people in this place who there's a lot of people who say they do self-solving identity and you could suffice up to catch a term and maybe they do self-solving identity maybe they actually do kick i see depends so but that's just a glimpse into some of the internal controversies here so let's take us to one of the external controversies one of my favorite papers the world bank has recently written is an assessment of biometric platforms in the world and they very nobly created a framework they have a great circle saying you know different things you need to think about with biometry and let's go through each of these platforms and then we're going to read yellow green the different slices of these pies and i joke it's the yellow circle paper because even though they wanted to read yellow green everything basically everything in that paper is yellow right it's a big i don't know we'll see um but i mentioned this a little bit i respond but if if if you guys could all talk quickly about biometry both as it's used on device and across your ecosystem and maybe brad do you want to kick this one off sure um so inside of ever id there are currently two forms of biometry we built a backplane which allows us to plug in additional forms of biometry why did we do that because we are concerned about the commercially applicable biometry scanners that are out there what is commercially viable today is a four thousand dollar iris scanner really a great entry point for giving aid to refugees probably not uh is a two hundred and fifty dollar smart phone that's a little bit better a little cheaper a little easier to deal with in the future are we going to plug in alternate forms of identity certainly one of the most exciting that i find is the intrusinus rhythm between the b and the s waves in a heartbeat that's actually four times more specific than a fingerprint okay the apple watch four reads that so we're on the cusp of seeing a new form of biometry come into the marketplace that's why we built a backplane so we can plug everything in as mike was saying at the beginning there's all these challenges of biometry in the field i've spoken at length with some of the folks that are currently deploying iris scanning atms in syria and one of the gentlemen was sharing with b that he tried unsuccessfully for more than 30 minutes to enroll a lady at an atm and the problem is dust it's not something they had factored into their thinking so there's constantly not only dust in the air but dust on the lens and dust in the camera okay so you got problems the reason we start with biometry and build up all of these attestations around biometries that's the only way to make sure that an individual is an individual and it is not creating civil attacks into a system if i know that you're you and you are only you i can give you an identity and start to do really interesting things calio is alluding to the fact that we're starting in the frontier world and that is exactly where we're starting for this exact reason your refugee getting off a boat or walking out of the water what identity do you have you have yourself that's it in security there are three silos what you have who you are what you know in biometry the first two collapse now you have who i am and what i know so inside of inside of our system we have a biometry check and a pin check or a biometry check and a password check always the two um surveillance systems like the one that is currently operated in london doesn't have the second piece they are not getting consent from the user to take their biometry that's in essence what the pin or the password is in our system it's a consent metric i've scanned you but are you allowing me to use your biometry ah you gave me your pin you are okay that's a critical component for all of this the user has to be in control and has to be giving a scent positively to the use of their biometry Elizabeth uh so consent is interesting i i don't think i don't think you have legitimate consent if you don't have choice or you're locked out of a service or you you know um so i think there's a lot to unpack in there i think in terms of biometrics but the reason we need them right now is so much of what we're building is dependent on the mobile device and as i mentioned earlier we need to connect something in the real world to something digitized and so right now the only way that we can really prove control of the device is the use of a biometric so you have you know thumbprint or face scan um it's so far from perfect uh but it's really all that we have right now in um if we're going to use mobile device based wallets and agents to mediate these digital identifiers and the exchange of credentials for us we have to have some way of proving ownership of the device uh so it's really inadequate and it's really imperfect but it's really the best that we have right now and we want it we all i think in the industry are worried about the shortcomings there and we know how imperfect they are so another population that's really interesting to me are they tried to do um the thumbprints uh i think with surfers in the south of portugal and basically their fingerprints have eroded from what they do for for a living so uh so there are a lot of imperfections yes the iris scan as well um so the industry i guess the good news is is that we're aware and we're worried about the shortcomings and we're trying to solve for them um but we're also as shaley mentioned we we're we're not we don't want the perfect to be the enemy of the good and now that's super high risk in certain populations so this is where i go back to you need a governance framework you can't rely upon the technology vendor and what they tell you about the technology they there needs to be a publicly auditable governance framework that governments and policymakers and regulators can look at and can understand what are the assumptions baked into these these technologies how are they deployed what are the protections for individuals if something goes wrong what is the dispute mechanism uh there has to be that piece of that and that's the part that i just see overlooked time and time again in this industry is over emphasis on the technology and the under emphasis on on the governance um so i i think you know especially in in dc and this audience a lot of policymakers and regulators around um that's part of the struggle with the industry is um we haven't been addressing those concerns nearly enough um you know from my perspective it should be really prominent um so again biometrics kind of where we are today but if we think about the results we want to achieve and and the policy ends and objectives um we should just think about biometrics as a tool and not as you know having any inherent value it's about that fungibility problem of uh how do i know it's the double spend problem of the human right this is why blockchain identity are interesting because blockchain is fundamentally it it's solving a double spend problem of this asset hasn't been allocated before so if you think about your identity as a digital asset that has someone is someone else trying to use your identity or someone already used that identity that's the core that's the core of why these two make sense together but you can't it can't really extend it beyond that you have to be mindful of the the context of rights fundamental rights civil rights human rights around that and that's why the governance piece is really critical because the technology can solve that that asset management piece it can't solve everything else of who we are and what we have and as Brad mentioned what you bring and what you know um but i i think that has to be core shaley clear anything i agree on the governance framework um we are it you know consensus is kind of in the midst of or at the beginning of creating a government stack and identity is critical to that government stack and so um you know the governance of identity i love what sovereign trust framework has done in being inclusive of even in the development stages of that framework um and so i we have a long way to go and actually implementing this framework and and in systems but we're at a starting point and on the biometrics i have the official slack message from rubin that biometrics are good for better protecting access to devices like smartphones but um you know we're still there's still imperfections in um the use of biometrics and but they're the best that we have right now but that there's still a lot of challenges there there's a paper that was written um uh probably six months ago and i they were just pushing to get to the final draft um six principles for biometrics use in self sovereign identity and i think one of the most exciting things is that i can actually potentially store my own biometrics in my own personal cloud and then i can authenticate to myself right so that i can show up and say i've enrolled my biometrics some entity you might you know have confidence in to have that happen has signed it but you actually don't need to see it and neither does the entity that enrolled it i store my own biometrics and i can authenticate against my own data store and assert my identity without it landing in a centralized database and i actually think um we need to broaden the conversation and get into the nitty-gritty of how these systems and work with unlikely partners in figuring out how they should work and you know even going to like actually engaging with religious leaders and religious minorities have been at the affect of really bad systems for a while and in fact there's a whole book called IBM in the Holocaust about how IBM's technologies enabled what happened in Nazi Germany to happen and we have to get out in front of this and think how are we actually building a system so bad stuff can't happen to at risk groups and do that now not in 20 25 years after they've been abused and used in really bad ways you know one of the one of the articles i've read in writing this paper i just sort of put my put it down and i will go for a walk afterwards was this horrible wired article about the Rohingya right so in in Bangladesh they've been using biometry to do food distribution in the camps and then the winds have changed and the Bangladeshis now want to send the Rohingya back to Myanmar complete with their biometric profiles you don't need to stop and think more than two seconds about how disturbing that is um so i think just again to bring it up a few levels biometry is as if we just think about the basic idea of a username and a password there are times in our biometries our username is times our biometries our password right and it's it's important to think about like on our on my device on my fingerprint is what gets me into my device there is my password but for some of these platforms we're talking about biometry is the base for your identity and so what does it mean and how do you spoof it and that this this we could go on for hours but i want to get to questions right i didn't give you a chance any um so i do want to make one one and then minor clarification um to Leah's point it's very important that the user is able to enroll themselves and is storing their information in a locker under their control in our system the locker is provided to the user when they enroll um the user's biometry uh inside of the everid platform in evrest is resident in the platform not on the device which is a very big difference so we can address the people without a smartphone we can address a people without technology at all by being able to have the user ascent ascent to allowing their biometry to be used right which is i don't i think correct me if i'm wrong currently not true with u port right you need a device to have a right and with sovereign okay so again this fascinating spectrum okay so i hope there are some questions if there aren't i can keep this going all day long but if you have questions please raise your hand and the mic is in the back and start over here and go over hi it's on hi rory mcmillan um i'm interested in uh where you started which is how do we get to scale yeah how do we get a tipping point shifting and it strikes me that brad you you guys are going after government and that seems like a very obvious kind of way to go after scale i'm thinking of how india's adhar scheme grew at huge pace we're doing work with the world bank on the id4d initiative they have um one of the things that gives me nightmares is the centralized sort of approach uh around some of that um the nightmares are my dreams i don't know whether they're real um what i'm what i'm really interested in is uh whether when you um are looking to scale is the way in here for you effectively to be almost kind of like an outsource almost a procurement part of a centralized government system where you then build on the back of that your client relationships with the individuals who are building their their their data in your in your systems after which you're then able to take that elsewhere if if that's the model and you you know correct me if i'm if i'm getting it wrong um if that's the model what in terms of infrastructure policy and particularly legal and i think this this comes to your point Elizabeth what's needed um to make that really uh possible to to scale out um so that enough people will trust and go with your brand um put themselves into the system and then it'll be interoperable elsewhere what sort of laws do we i'm a lawyer what kind of laws do we need to get governments to adopt so that this sort of thing can can can scale up as opposed to us falling back each time to a government initiated budgeted procured controlled system which is in some cases fine but we were looking at a case in Somalia recently and i don't know which faction of the government would be in charge of that you know so can you just comment on that please an excellent question the um market addressing is the first part of your question which is how do we address the market we're a b2b to c company we make a community management platform okay we partner with governments or non-governmental organizations that have large communities that they need to manage and send value to um almost any entity that you can think of needs to understand who they're sending the value to and needs to account for the value sent uh it is critical in a lot of non-governmental organizations to show the custody of the disbursement all the way down to the individuals so that they can turn back to their donors and say look 97 percent of the dollars you gave us arrived at these individuals and helped them okay that's a critical component so we partner with large organizations that have communities that they need to manage the two examples that i threw out earlier were uh the sovereign governments that we've announced but we're working with non-governmental organizations to manage their communities as well um the second component of that was what laws do we need to put in place to make sure that this is safe for the individual and Somalia is a great example uh there's a lot of flux in Somalia there's a lot of change and it is very rapid and it's not always positive uh and you start to get to the point of uh individuals within the country not trusting certain factions of the government and that rolling up to a sentiment of not trusting the government at all uh as a non-governmental organization and a nonprofit foundation the identity network foundation is actually engineered to sit and straddle over non-governmental organizations and governmental organizations to provide an extra governmental identity system okay and that's important especially when you talk about migration or the refugee crisis uh the government that holds your held your identity when you left the country that you left probably isn't providing that to the country that you arrived at um an example in Indonesia that um cuts me very close because i went out and met with these people um if you get taken in as in as a refugee in Indonesia you get parked in a refugee camp for seven years you're not allowed to work you're not allowed to leave the camp you're not allowed to do anything i met a physician who is a pediatrician from pakistan who's in this camp who cannot help the other refugees she can't practice medicine on the other refugees in the camp and that completely destroyed my brain because that's that's um that's not really helping uh so it's really important that the identity system needs to be in my opinion extra governmental in an overlay it's my data i should choose to give it to a specific entity that i trust the world food program the government of indonesia and i trust that entity to be the one that enrolls me but not to hold my data so the individual is always in control it's about the individual we are helping the individual to gain access to certain uh services that they couldn't access without an identity and that's how we view it it's about this individual gaining something from this social contract that they're working within uh we don't realize it but almost everything that we do every day is a social contract yeah well i think you mentioned b to b to c so i think this idea of selling products and services b to b that are then enhancing the b to c relationship and so i think a lot of business models are structured that way um in terms of the laws you know and the approach there so i think we need if we're going to put the individual at the center and if we're going to expect the individual to take on more responsibility in this which is what we're asking them to do we're asking them to manage these you know these technologies we're understanding asking them to understand what's happening uh kind of under the hood we're asking them to to take on more responsibility that in turn we need more protection so we can't just say you know we're building these platforms we've we've got these products we're not liable for anything now it's all on the user we can't say that because the user doesn't have their information asymmetries there are imbalances of power there's a lack of bargaining power in order to counterbalance these this is individually managed a self-sovereign approach we need to we need to enhance individual rights so things like the gpr obviously are really good start and we see laws around the world they're trying to mirror that in terms of data protection eidust is another interesting one which is the european identity authentication and trust services standard that's really important in the cross-border interoperable context because what we know now is that people are more mobile we change jobs we change countries we change context we can't have identities that are limited and siloed in that way so we need to build so the reason the eidust is particularly interesting is because it's about how do we accept digital signatures and timestamps and other authentication mechanism cross-border and in different contexts how do we modernize them how do we empower the individual who moves from one country to another or changes employers to still be themselves and to have those the proof of that so i think all of the laws that are focused on consumer protection is another area that's really not sufficiently focused on right now but i think is increasingly important its transparency has to become a huge piece of this because there is again there's that big information asymmetry there and people don't understand really how these technologies work and so they don't know what they're authorizing so we can't have any kind of meaningful consent if they they're not fully aware which means we can't have the hundred page privacy policies and lawyers have to take responsibility we can't be enabling these bad business practices right that are obfuscating all this from the individual so i think i think they're and i think that's what the legal profession is also more prominent now i think this idea of legal engineers and policy engineers becoming part of the product design part of this privacy and data protection by design and default you know before it wasn't perhaps as important but now we really can't be arm's length from the tech we have to be in their early building along with the engineers and and those who are the developers who are writing the code and and side by side and that's been our approach and so i think you know their past dependencies that are built into some of this tech that we can't undo so if we're not part of the conversation early on then there are serious concerns raised but i i think that the individually focused individual rights laws that are now like i said sort of graduating to the next level of the digital world are really important right thank you and i just before we go to to micah next and then to the back of the room i just want to say you know we we're always encouraged to have a diverse panel but a diverse panel does not just mean gender balance and racial diversity we have a amazing lawyer technologist economic development professional and i can't really clearly defy subscription but we have this incredible diversity of perspectives and expertise on this panel which i'm so grateful for so to micah and then and then over to alan thank you so much and thank you to all of you for the incredible insights today i'm to micah tillerman with new america as we have looked at these issues we see immense potential and that's why we spend a lot of these of time on these challenges just as mic does but the stumbling block that we keep getting tripped up on is the restoration of lost keys and i know we've had a little bit of discussion about that today but i'd love it if we could dig deeper because ultimately if you're going to have self-sovereign identity you need some mechanism of restoring access to that identity if it is lost for whatever reason and that seems to be a challenge for which nobody that we've encountered has developed a satisfying answer at this point but hopefully one of you has so we look forward to that let's let's let's let's let's plow through it yeah that's easy there's this is a known problem there's a lot of research that's gone into it in fact some of it has been funded by anneal john who's the head of identity and privacy portfolio at department of homeland security science and technology and i think within the next six months we need to have some really focused work amongst all the people working on that problem to move it forward i think the answer will end up being that i store shards of a recovery key with institutions that have a fiduciary duty to me brad five minutes or less preferably two minutes yeah um so a couple of things that are critically important about this um as all ethereum wallets we are a public private key system okay giving the private key to the individual is giving razor blades to a child this is a horrible idea so we make it very difficult for the user to get to their private key intentionally the public key is a different story the public key is not only on the ledger but is many places what's more important is how do i recover my identity not just the key so there's a couple of examples that you know are are near and dear to my heart because they're absolutely the corner cases of of biometry there was a lady that is the non-author she was in an automobile accident she lost both of her hands and she lost both of her eyes so she's not a person as far as the indian government is concerned okay they didn't have a third backup mechanism that's horrible the other side of the coin is there's a immigrant that crossed the border into greece spent 25 years cooking syrian food in greece and went back to syria because he got deported by greece because he didn't have a any documentation you're not supposed to be here so we sent you back to syria he arrived back in syria he has no documentation there either he's a non-person he got deported from one country and accepted back into another country but he can't do anything okay so it's not so much the key pair that i need to recover it's how do i recover my identity uh inside of the everest platform your biometry is you and we have the capacity to take all 10 of your fingerprints and your facial biometry we currently have the corner case problem just like awdheart you're in a deadpool style accident and everything gets burned off what do you do okay to elizabeth's point you need to have a governance model which allows for an individual to go to some oracle to be able to regain their identity inside of our system it's a combination of three factors you have to go through a whole series of knowledge unlocks you have to go through a whole series of transaction unlocks what were the last transactions you did that you know okay so temporal knowledge and the third aspect is your pin and password the knowledge of your system so that's how we do recovery inside of that on you port they're figuring out that i mean they're at the cusp of figuring out the restoration of loskies and i think you know we do need to address this very quickly very soon but to brad's point i mean there are i have been in malawi doing um you know work around uh mobile money acceptance okay and this was the big thing with international development and um you know which kind of led me to the identity piece but there are people where you're like okay four digit pin they they you know they're illiterate they do not they're like i don't know when my birthday was so when you have to say just put in your birthday you know these are the things that and then they go to the phone station i'm just giving you some color to what we're dealing with in a lot of places they go to charge their phones they haven't noted which phone is theirs and then they all come back they get somebody else's phone and they try and put in their pin that they created a number against and they don't it doesn't go through because they have somebody else's phone so that these are real things that a lot of communities are dealing with and we have to design for that the community attestations are amazing i think that is a huge piece that the governance um and and how do you recover your identity um having a transactional identity something that you and these different attestations i mean this is something we need to put a lot of thought behind yeah so evernim has the contract with the department of homeland security to do this decentralized key management or dkms pilot which is we're in the second phase of it now it's one of the hardest problems to solve um but without it you can't have self-sovereign identity and the problem is if it's a fully hosted i appreciate what brad saying about you know the user doesn't access the private key but i think the problem with that approach is you know if you're familiar with for example a coinbase wallet you don't own your cryptocurrency because you don't have access to those keys so if you lose your coinbase account or you're locked out of the service you don't have your crypto anymore right so we're worried about that because again to be truly self-sovereign it has to be a degree of which you have full control over that and it's portable and all the things that we've talked about but it's really hard and that's why i think as the counterbalance to we're going to push that to the user there need to be enhanced protections for them and there needs to be extreme transparency and so the thing that we're trying to do is build out and i think you've been working on something similar as well around social recovery and there's you know or a sharded approach as kalia mentioned where you can kind of distribute pieces of your a composite of your identity to you know different people that you might trust they might be an institution like a bank or you know some other fiduciary you know your attorney probably don't trust your attorney but friends and family and different people and and piece that together to kind of reconstruct who you are and in some ways it's like it is in the real world now you know where if you lost your passport or wallet or you'd have to kind of go through that process of that composite of reestablishing the different pieces and and or achieving some kind of coherent identity but we're so far from it and i i think in the interim we will see a lot of these kind of hosted solutions and i think the risk is that if we accept those as you know enough and don't take it further then again we don't move past the status quo right now we're not fully managing and not fully in control of our own identifiers um thank you very much for a fascinating uh panel you know when i look at this area just an observation of then two questions one of the things i feel would help people is if there was a much clearer delineation between what it was the kind of problem that you're trying to solve and i mean there's a whole set of discussions about getting credentials under the user control generally in pretty data rich and credential rich environments like this uh and relying as you've said on these various databases some of which are public databases government issued databases and that's a very different problem from the problem of trying to establish some kind of identity database in a system that is very credential poor it may be rich in community attestation but that doesn't necessarily help you in terms of a broader thing these are very different kinds of problems and i think it would be a good idea to um and particularly if the emphasis is on the developing world because i i don't know where you start and where you begin so the other thing is two questions one is uh the question of uniqueness i mean uniqueness is a very difficult thing for many purposes you don't need uniqueness for transactional identity you don't actually need uniqueness for most of it right but when you need uniqueness it seems to me very difficult to reconcile that with the prospect that your data is under your own control because if i'm dealing with a biometric type system for uniqueness my data by definition has to be available to check the identity of other people there's no way you can pretend that it's actually under my control for that kind of thing right they have to know my fingerprints they have to be able to access them they have to be able to access my face i see this is a question so how is it possible to do a biometric deduplication and yet keep data under my control that would be a question another question is the credentials um when you're looking at the linkage to credential systems how are you dealing with the updating of those credential systems is it a static or a dynamic updating and i ask because for example i have a south african passport and the value of a south african passport has gone up and down depending on the integrity of their home office right when they start screwing around and giving unauthorized passports the value of my passport goes down i then have to go for visas this is historically what happens so simply saying i have a passport doesn't really solve the question of whether at a particular time i really do have a valid passport or not just a few questions on the last point about the management of exceptions i think this is really important we're doing some field work in india looking at the way in which different states are using the system and it's clear that where you have a very good human accountability mechanism for dealing with problems you actually have a much less difficulties than where you don't so you need a very clear accountability system for the technology failures or the people failures with the technology so thanks very much thank you alan okay who wants to there were there were at least four questions there and i and i want to point out that i don't know if you'll permit me alan i want to recast alan's observation as a question i think i think these platforms do a approach to developing world context very differently and if we could just speak to that uh anyone wanted to start well i want to i want to share um why why was um so i think the technologies and the mathematics behind it are incredibly sophisticated and they allow you to do things that seem impossible but are actually magic so there are mathematical ways to establish uniqueness that um do not involve having a giant database of everybody's fingerprints and biometrics and we're just at the cost of being able to bring those up at scale and in fact i respond establishes uniqueness without storing any of the actual biometric data and that's in fact their value proposition is they take a biometric they generate a 12 digit random number and they throw away the actual data that created it but they could recreate it if they want well if if the person represents the person shows up again the same random number gets generated out of their biometric and you can run it against the thing i think this the the idea that the only way to do uniqueness is with a giant biometric database is false and we actually need more research and more inquiry about how we solve this problem for the people who really need to solve it and we don't have like i can't give you the three word answer right here but we need to it's possible and we need to really push governments that are thinking the only way to do uniqueness is a giant biometric database to rethink that assumption and to work with the technologists who are working on alternative ways to do it it's a we'll keep talking about it yeah so you're talking about encrypting them and as far as i know since the since these are pattern recognitions and they're not exact right uh the same fingerprint will not necessarily generate exactly the same random number so i thought that that technology was not sufficiently accurate for mass and i don't know what you think brad but can you compare your biometrics and encrypted space so it's an excellent question and it's actually uh called a civil attack okay so civil attack is i want to create 75 different facebook accounts to vote up a specific thing on facebook well i shouldn't be able to do that in the real world i should only be me okay so inside of our system one of the first steps that we do is we take your biometry we take all 11 points of biometry your 10 fingers and your face and we take that entire stack of 11 objects and we hash that okay now i have a database that's anonymized of just hashes of 11 objects and the first step at the next enrollment is i take those 11 objects i hash them and i compare them to the said civil database hey is civil in there no great then you can be enrolled okay so we're actually scrubbing people on the enrollment side based upon this superset of their biometry okay um the second component of when we're using biometry inside of the system it's a specific component of the biometry for a specific unlock so if i'm walking up to get food aid taking my facial biometry and me and putting my pin should be a sufficient check for me to receive this food aid going to kalia's point of uniqueness in a mathematical space that is what the the public key is it's a mathematically unique object so by pairing this 11 object array of biometry with a public key now i'm uniquely unique i know those two things and those two things being paired now i'm able to do a biometrically unique individual in the world now i respond has a 12 digit number that's a little problematic in my world 12 digits when you run that all out is about let's sub 500 million objects okay i built my system for 20 billion objects why well you know right now we're at uh two and a half billion people have been born and died on the planet up until 2000 and right now we're sitting on the top of seven and a half billion people so if i can't enroll everyone i can't attack human trafficking i can't attack these problems of cross border migration i can't attack these problems because i simply don't know and that's unacceptable for me i need to be able to enroll everybody that's the only way you can do away with human trafficking for example and you're saying i think ellen was asking those that those fingerprints and face scans is the tech is at a point where you think it is you creating a unique identity that is replicable yes okay in an array of 11 objects yes okay so you're walking in with just a facial scan yeah that is insufficient okay and then shaley and elizabeth just to review how good is your and then i'll come back to you at the end Brett how good is your what is what is your um platform do in the development world context where we have maybe people with no devices the the question about uniqueness and control how do i how if i control all my data how do you check that i'm me so i think you spoke to that a bit about with the hash exception management and dynamic credentials shaley do you want to i'll let her go first okay well i think it's to allen's point you know when do you need this i don't think we ask the question enough what do we need uniqueness there are a lot of situations where we don't again if you go back to government services the government really doesn't need to know that you're you they need to know that you have been accessed this particular public benefit or you haven't spent their money right it shouldn't matter that you're you it shouldn't matter how old you are or anything like that it just matters that you haven't double spent something that's been allocated on the public from public funds right and that's where we get so fixated on an identity world we talk about our data as a proxy for identity we talk about privacy and we talk about our data we don't talk about our privacy so why should for example a particular government agency need to know that you're you to access health care services right they shouldn't they just need to know that they have allocated sufficient funds and that again they haven't been double spent so i think we often we get really in the weeds with this stuff but we don't step back and think when is important to be non-fungible and when is when does it not matter right when does it you just need to be enrolled in school and it shouldn't matter what religion your parents are or you know which district that you live in so i think we approach it again through governance first we approach it through the policy ends and the protections for the individual and and from that from that perspective then you can talk about what's the best technology solution to deploy you don't start from the tech and say we've got really good biometric intake devices right and we're going to deploy those because they're ready and then we'll figure out the rest we start from what are we trying to achieve and then what's the best way to achieve that and i think particularly in developing world we we run the risk in this industry sometimes of experimenting on vulnerable populations and that's not okay right so we have to think about what are the what are the needs there not from how can we deploy the solution quickly because here's a population that doesn't have any rights so we're going to go ahead and just experiment on them no that's absolutely the wrong approach has to be there's a real need here i'd love the the title of the report is it nail nail finds a hammer i mean it's brilliant because that that's exactly right um that's what we all want and i think that also was going to be the tipping point is when the nail finds the hammer right so there have to be um we have to flip that sort of perspective that we're looking at this from and and not start from the tech but start from from what we want to achieve and enable and that's been our perspective yeah i don't work for you port i don't know much about you port because i'm just starting to learn more but i i mean i agree completely that the the zero the work around zero knowledge data stores and governance and and kind of what is the minimum amount of information that we need to share in order to for a transaction to take place is it's going to take a change in our mindset um and and the mindsets of large institutions who deliver those services so there's a lot of work to be done there and i don't have a good answer for you i just want to add one thing about um the question around you know encrypted data and encrypted search we have an expert in the room here you can talk to you later about um new technologies to basically be able to search encrypted information and encrypted data and that will be a huge breakthrough because that has been one of the challenges one of the vulnerabilities is that in order for these systems to ingest those sorts of things you have to expose the data and so if we have that combination of zero knowledge capabilities plus encrypted search then you open up a whole array of things where you can search these encrypted biometric templates that have been hashed and not have to actually go and identify the individual so um there there are some breakthroughs that are happening there tons of open questions let's uh Tim do you have the mic let's go let's bounce off let's take three questions one two three and uh yeah hey um my name is ashita i am a phd student at american university uh thanks mike for bringing up the point about diversity earlier i i think a great addition to the panel might have been someone from a developing country who's working in development in the country addition to identity folks all respect to you um i have a set of questions uh starting with i'll try to keep it brief um you said uh brad you said you work in uh indonesia providing liquid propane etc etc um but i missed your presentation earlier so indulge me if you already talked about this but if your solution is based on mobile phones and is your if your solution is based on uh mobile internet and indonesia has like less than 40 percent of mobile internet penetration how does that how do you how are you not helping further the digital divide and who exactly are you serving i mean this is everyone not just brad my apologies um and who exactly are you serving um and if you're going to push the liability and the responsibility for securing the data onto these people who are just coming on the internet how how is education not a bit how are you promoting education of uh you know security awareness etc among this population and i also want to raise uh kalia mentioned earlier to brad about how you know uh in the ecosystem that everest works in our ready works in uh open source is not you know fundamentally important is that not undemocratic especially if they're working in in partnership with governments and is it not necessary for developing countries to have you know open source technology pushed by the government and also to um elizabeth you mentioned gdpr um i'm wondering how blockchain as like a fund as a source technology would fundamentally work if someone were to register i mean conduct transactions using evernim and they wanted their um you know transaction removed off the internet or off the blockchain how would you do that let's keep taking questions thank you those are good ones so this has been really fascinating and i appreciate all of you in your perspective it's been great my name's amy i'm with cadastra foundation and i wanted to take it back to the property rights piece again um my grace earlier um so we work in property rights and one of the and what we're what we were created to do is to try to um help the one over one billion people in the world who live without secure land tenure um take matters into their own hands by giving them tools to map and document their own property rights property and resource rights at the community level and and we you know that that data is owned by them we store it on our platform etc so there's a lot of parallels here about um establishing um you know a land identity or you know property rights identity using community attestations using you know videos of people agreeing on boundaries or um using any kind of like payments or you know there's all kinds of documentation we can use in addition to geospatial data and all of that kind of stuff so a lot of the issues around you know who owns the data giving the date you know allowing communities to control their own data on their own property rights etc so we're dealing with a lot of same issues including open versus commercial uh uh tools and platforms so been dealing with a lot of same issues i guess one of my one of the reasons i wanted to come here is because you know we're starting to think about um in addition to the issue around property rights and and land ownership and community lands and for indigenous or individuals it can be urban rural anywhere um we're thinking about you know what we are in the essence establishing an identity for people who aren't documented in in any major way many of them don't have identity so is there a way that we can partner on this what can we do together is it too soon for us to think about linking um the community based mapping process and documentation with an i with a digital id process we're thinking about how to scale we're thinking about you know how to work we work b&b but as you said we're also you know b&b focused on on the consumer on the customer and what benefits the consumer and the customer so um we're think we're grappling with a lot of this in terms of scaling and also something that's sustainable something that's you know a platform that's not going to go away five years from now because donor funding runs out or whatever so all of these things we we'd love to be able to do something um around digital id that links to us include and we're also interested in like addressing for people you know these addressing systems that are also trying to create an identity for a location that doesn't have any you know there any any location anywhere so these are things that are floating around with us and i'd really love to continue the conversation but i guess the question is is it too soon for us to think about that what could we do um and then the issue of disincentive by governments there are millions of government workers out there whose worst nightmare is to not have to be the processor of the it's same thing in land rights the reason why cadastra is it even exists at all is because the government systems don't work for vulnerable people and the land registry systems don't work and so by bringing these innovations and these disruptions you know how do we deal with that disincentive of getting getting them on board so before we take this third question please please um i just want to one of the introductory points we make in this is that one of the reasons we think self-sovereign identity is inevitable is as we have learned listening to this panel and hearing passionate debates about dids and biometry and private key recovery this is complicated it's really complicated and amy and her organization is incredible work on land rights and it's unfair in my opinion sorry to pick on you amy to ask amy and her team to now become identity experts much is it's unfair to ask anyone out there doing whatever it is they do well to now identity in a digital age in a world of biometry has become so tricky that it actually makes sense we would see a cadastra partner with a someone on this stage or other provider in in partnership to protect this precious issue of identity while doing the important work of cadastra so that was an awesome question thank you sorry okay thanks mike kevin barthel from global land alliance i i'm really glad i went after amy because it's a good segue to my question we work at your practical level trying to update or modernize land registries property registries and we feel that technology is already there you know you've got global geographic referencing systems or addressing systems you've got web 3.0 you've got the blockchain and now self sovereign identity which is super important to link the object and with with the subject of the parts of the property rights registry my my global question for probably more from mike in new america is why do we even need a government run land registry right okay we have the technology right but then my specific question for the panel and i want to hear how it is addressed with self sovereign identity is our biggest problem in land to try to move the land registry out of the government is that agencies government agencies have administrative processes that they resolve conflicts or it goes to a court okay so if the government agency doesn't accept the information or if the judge the court doesn't accept the information it's not valid okay so the question for the panel is how does self sovereign identity how are you being accepted because i heard the word adoption and i heard the word acceptance and those are very important for our sector to figure out how governments and how courts are going to accept and adopt self sovereign identity thank you okay so we're technically at time um but the audience will indulge us i'm going to let us just plow through answers to that um start at the top brad you mad brad you're exacerbating the digital environment because you need phones correct uh not too much okay okay so um i spent 16 years working in mobile telephony i built a bunch of the technologies that actually make your phones work inside of almost all of the developing world uh two and a half and three g is totally fine four g is coming quickly and in many locations five g is actually being bandied about as a replacement for uh uh cable modems for example um broadband access uh so the mobile infrastructure in indonesia is actually quite good um the one of the things that the indonesian government did in 2002 was they created a system of mobile phone agents so even in rural towns there is an individual who is appointed as the you know phone booth for this town and there is actually service in all of these little rural towns um we don't require the user to possess technology we require our partner's agent to possess technology most of our partners are in specific locations uh for example the tnp2k operates lpg depots in specific locations to distribute the liquid uh propane gas uh those regions are all well covered by mobile thank you uh and then there was a question kalia about open source and and democracies uh yeah i think those are really good questions and you should keep asking them of people developing and deploying these technologies in the developing world critical questions can i answer any questions absolutely i was going to go through them in order but if you want to jump in well yeah so um i think that there is enormous but one of the reasons i've been excited about these technologies is because it kind of it um allows existing governments to do what they're already doing in a digitally native form but it also allows new entrants into the credential market right so an indigenous community that's documenting its land also knows who is in its community and they could pop up a server and issue verifiable credentials to the members of their community totally possible super early but you could totally do that within a year working with this community and the the open use the open standards and leverage open source code that different people are building so it's less expensive you don't have to code it from scratch super experimental or you could just partner with one of these platforms that's totally possible um so yeah just terrifying kylea the who owns the data component of your question i thought was really interesting um um and is a difficult um a difficult question to answer in many locations um when you get to indigenous peoples inside of certain governmental areas inside of certain governments um they are relegated to the margin and they are uh not inclusively accepted into the community the um most significant thing you can do with a land title is associated with the durable identity once you've done that you can bank that land you can create a relationship with another institution around that land so having uh we have a partner that reported uh 35 percent of a country's land titles onto the blockchain before they came to us and said yeah we're we've got all these land titles but we have a couple of problems um we're not really sure who owns the land so the land you know that we've recorded is all of these recordings aren't super valuable and we were like uh-huh because if you don't know you know if the government doesn't understand whose land it is and no one has recorded a change of title you have a big problem um real close to home new orleans in the fourth district where did they store the land titles in the basement of city hall uh what flooded during the hurricane the basement of city hall so there are major tracks of land in the fourth district in new orleans where nobody has an idea of who owns that land unless a bank holds the title transfer that's it that's the only thing and if the bank was still holding that so you have all of these properties where nobody and this is in a first world country nobody knows who actually owns this order yeah so we we're we're we're going over time i apologize to the audience uh i knew this would happen so i should have been ready for it um i'm going to give shaley and elizabeth both a minute and then i'm going to take a minute and then i promise i'm going to stop this okay so please go so turbo tax was not invented by the government it became so popular that government eventually adopted turbo tax right so let's think about that in terms of land registry you got to get to scale and then they'll just adopt that they're gonna the courts will accept it right um so that's number one two it's not too early to be to be thinking about this and i think we should all continue to have this conversation um consensus has a product called tara which is already looking into has done some proofs of concept in india and in southeast asia around decentralized land property registries and um and i think identity is is a core component of that and the um i think the last thing i wanted to say is around the developing countries and um democracy and open source i think it's essential for um organic growth to take place out of these countries we don't want silicon valley driven solutions like we saw in web 2.0 we want things to take place at from bottom up right we want people to create the the solutions for their own problems where it makes sense for them it's very user-centered design and i'll just stop talking now it's a shame thank you i think that's why the open open approach is so important because what we need is we need these alternative registries right we need for example in the context of music right so um a lot of um american artists have basically copyrighted traditional folk songs that belong to communities and to people that originally right authored these works and because they were locked out of these official registries and these systems and these ways for capturing these rights um we've we've basically taken away things that are inherent to a community or to people and we don't we see the same thing happening in the in the real property context so i think that the beauty of it as kalia mentioned is these these communities can now if these things are open their open source or open standards are they're openly uh they have open governance frameworks that are auditable and accessible they can use the tool to build their own alternative sources and their own their own alternative registries and i think what we'll see is a convergence we'll see kind of the existing sources of truth in the places that we you know normally go to the government's essential banks and we'll have we'll have those credentials and those standards you know that are and where they're working they'll continue to work but then we'll see kind of this this this new this organic growth as shaley mentioned coming from sort of alternative sources and we'll see them sort of converge and the beauty of ssi and self sovereign identities that these composite um these permutations these mirrored opportunities to combine different sources to to uh contextualize an identity for a particular use case for a particular purpose and not have to have you know an over sharing in every instance because it's the only mechanism that we have or you know a complete lack of trust because we don't have any mechanism for establishing that trust so i think um this multi-source uh you know diverse approach is really critical um and to the you know to the question about gdpr uh yesterday um i've been part of this uh blockchain observatory that the working group paper on gdpr and blockchain came out so i can share the link with you and we'll probably answer a lot of questions that you have there uh but it's a really important question three things please read my paper new america.org fpr that's number one number two i i love the last question why do we need government anymore this is great we have the tech let's just let's just do this somewhat less provocatively i would say government historically has done registries and if we go back a century there was one place with the resources and the people the educated who could manage this data the tech is radically one with uh an external party saying yes this three words address is occupied by this party and here's the unit right team stop talking about people i think government does have to be different that's the most important thing i'm telling you thank you the panelists for their generosity at their time and knowledge