Listen to this Episode about the Economics of Self-Sovereign Identity on Spotify
Introduction & Web Evolution
Mathieu: Stepan, thank you for joining me today.
Stepan: Thanks for having me.
Mathieu: I’ve been very much looking forward to this conversation! The times we’ve spoken before have been quite interesting; we both come from the crypto space, and we’ve moved to the SSI space. We share similar visions for the decentralized future and the decentralized tech stack. So, I’ve been very much looking forward to this conversation on the podcast today, and maybe we could geek out a little bit or push ourselves more into the future.
I think these are fun conversations to have! At the same time, I’m hoping we could also focus on topics around go-to-market and near-term things that we think are interesting with SSI to keep pushing the adoption forward.
Where I want to start is, we hear a lot about web 3.0. It’s this space, or the umbrella, that we fall into: how do you look at the evolution of Web 1.0 through 2.0 to 3.0? My thinking is that we are still in Web 2.0. We’ve come to realize that in the Web 2.0 version, it resulted in significant centralization and censorship and other restrictions. Is Web 3 taking back the ethos of Web 1? How do you look at that?
Stepan: First of all, thanks a lot for inviting me. I’ve listened to some of the previous episodes. I really enjoyed the podcast, and some of the guests are just great. In my opinion, Web 3 is only one of the terms; it might not be the one that we eventually settle on. Previously, there were a few things that were called Web 3, and none of them actually became Web 3: That includes the Ethereum library and the Javascript library, which are given this name today. Some people call this the metaverse; there’s the decentralized web, different names. But it’s the same thing, I think; it’s not a replacement; it’s all an evolution.
Web 1.0 was an amazing invention. If you look at the initial Arpanet, to what then became the worldwide web, it took a lot of great minds and a lot of time to develop. Then, Web 2 was the best way to scale it, because you cannot go from a few thousand people online to 3.5 billion and at the same time, make sure that it’s all privacy-preserving, and decentralized, and fully compliant with all the ethical and technical requirements. I believe that Web 3 is the next layer up the spiral. For me, it’s more about fixing; it’s all about taking what works well and then fixing the things that were created through this natural evolution. I think the reason Web 2 exists as it is today, it’s not some deliberate decision — it’s more about economic trends.
Companies that were created in the 90s or later: Facebook, Twitter, Google: they had to find a business model. Especially in the early 90s, there was no way to make payments online. That naturally led to advertisement-based business models. Therefore, if you’re doing advertising, it’s all about collecting data. Basically, companies compete in terms of who has better targeting and more audience. So, they need to lock people in, and they need to collect as much data as possible to provide better service to their advertisers. Generally, I think most of the users are fine with this. Google is not forcing anyone to use their service, or Facebook is not blocking you from not using it, if you don’t want to share any data or if you don’t want the data to be collected. The good thing about Facebook, is it provides an ability to communicate with your friends and the whole world. That is a positive thing, and it should be definitely should exist in Web 3 and in different services.
You can do the same and actually provide the companies who build this an ability to make money and the ability to have a business model. But, with the new technology, it can be done more correctly by taking into account user preferences and the different risks that exist. As we’re speaking, a few days ago, Facebook was hacked, or I don’t know exactly what happened. Somehow, they lost personal data on 500 million users, which is definitely not a good sign. In the SSI world, this couldn’t happen. There are a lot of economic, ethical, and regulatory trends, which force internet companies to start thinking about decentralization in order to provide the same or better level of customer experience, while giving users more autonomy or sovereignty.
Mathieu: Yes. Many of the companies that spun up and built business models on top of Web 2.0 are amazing. You alluded to that with Facebook; you can connect to literally anyone in the world, and that’s phenomenal. With Amazon’s services, it’s ridiculous to think that you could order anything you want for so cheap, and the next day it’s on your doorstep — it’s magic, right?
Many of these companies are built on advertising models: you had explained that there were no payment options, so the model became a data mining model, and selling that for advertising. For these companies that today have business models built on top of all these Web 2.0 methods; what’s the transition for them to Web 3.0? And perhaps we could talk a bit more about the business models of Web 3.0?
I think we see that Twitter is a good example of this. I believe that Twitter realizes where the world is going. It’s quite clear that their CEO is a big advocate of decentralization: is it replacing the plumbing? From your point of view, how does a company think about transitioning and building new protocols to take them from Web 2 to Web 3?
Stepan: The common trend is that great companies such as Amazon, or Twitter, or Apple, or Google, they do think about their customers first. For example, if we think about who might be one of the largest competitors for some of the SSI products, I think Apple comes to mind. That’s not because it’s decentralized; Apple has not released any blockchain-based product, or anything by product. However, at some point a few years ago, they realized that being privacy-conscious, and advertising that, is important for the users. Now, they mention it at any convenient moment. For most of Apple’s products, you always have these privacy settings; they always highlight it, they always show how they care, and they can do it because their business model does not depend on advertising at all. They have the app store, and they have hardware. There is probably some value for Apple to get more insights into their customer behaviour, but it’s not their core business model.
In terms of transitioning, I think there are maybe two different schools of thought. One is that there will be a new decentralized Facebook, decentralized Youtube, decentralized Twitter, and they will replace the existing companies. In some verticals, that is definitely the case. However, most IT companies are not like Blockbuster when faced with Netflix; they’re not discarding this technology. I think that some people at Google or Twitter; at those larger corporations, they do understand decentralized technology quite well. They understand blockchain; I don’t know what they’re thinking, but maybe they feel it’s too early. Facebook tried to launch their Libra currency, but if you’re large, you are faced with this regulatory pushback.
It’s not as easy to launch decentralized products, but it is still important from a product standpoint. As Jack Dorsey has mentioned, there are a lot of scandals and discussions around, “Should social media be blocking or banning some of their users? Is it ethical? Should they comply with government regulation.?” In some countries, governments are actually forcing social media to ban people who simply don’t like the political situation. In other situations, it’s the companies themselves who are deciding that something is inappropriate, even if it’s not purely illegal. I think that the reasons are that it’s not that those companies are taking too much initiative; it’s because there’s no good framework. Government, or most of the governments, cannot provide feedback because governments don’t understand the internet as well as those companies.
Decentralized technology can be a solution, because it creates a flexible system where all opinions can be present. So, for example, for social media, you can have a layer with decentralized identifiers and people posting their tweets as verifiable credentials. Then, you can have multiple UI’s that are connected to the same underlying protocol. The protocol with the data is decentralized, and it’s completely permission-less, but then you can build a kid-friendly Twitter on top of that, that filters out any content that is not good for kids. So, that is kind of self-regulating, and I think this is very similar to how the internet looked in the beginning. I think initially; the transition would happen in those areas where this is a real problem for the customers. You don’t want to risk your business just to try something. On the other hand, there are many experiments, and the whole crypto space, which is simply one big experiment. I think for me, it’s still the fact that bitcoin works, and every ten minutes, you get a new block; it’s still a miracle.
Privacy, Anonymity and Pseudonymity
Mathieu: I’m with you on that one. There’s a lot to unpack in what you said there. The Apple privacy positioning is quite evident, and is a very good indicator. I’ve always thought that the biggest feature of the 2020s is going to be privacy, and Apple is really driving that forward in their marketing. They’re also making things happen in the product, where they’re trying to be transparent, and they’re trying to give control to people that are using their products. Apple posted billboards across big cities about it; I remember a massive one in Toronto, where we are.
I do find it interesting: In the crypto space, there are a lot of projects where they’re taking an approach that the existing world is wrong, and we’re going to rebuild. But, on the other side people think that that’s perhaps not the best way to adoption either; when there are already network effects, there are already so many benefits and so much value that these companies are providing today. They have the distribution, they have the scale, and they have the client base. So, if privacy is inherently important to them, and moving towards a more decentralized model is important to them, then I think that there are steps that they could take.
The Twitter one is interesting to me. I think this whole cancel culture, as you described; it’s political, at the end of the day. You could think one way or another about the President of the United States being removed from social media platforms; you could think one way or another about an app like Parler being removed, where the server’s not running it anymore. But, it comes down to this: if you want to move that forward, and you want to look into some of these issues such as the cancel culture and all these things that are happening, there’s something interesting about pseudonymous identities online. I’m interested in what your thoughts are on pseudonymous identities; SSI enables that to some extent. SSI, or having trusted digital credentials, enables you to conduct business transactions or to access products and services according to their rules, or their terms and their conditions. You could prove that, but your identity as Stepan or as Mathieu — we don’t necessarily need to have attributes such as our names that we’re given. Our legal names are attributes that are potentially outdated for Web 3.0. There’s a lot of risk associated with that, and the fact that our online lives are attributed to our names or these attributes. So, when you see a hack like the Facebook hack happen, it’s not great. Similarly, when your browsing and chat histories get exposed, it’s going to cause a lot of issues for people. Is that something you think about; of being able to use credentials where you’re still able to be compliant; conduct business transactions, and follow terms and conditions, while being pseudonymous?
Stepan: Yes, and I want to unpack this a little. I do agree that the decentralized web is not happening just because it’s decentralized; it has to solve some problems, and has to bring some value. From a very high level, I think there are two clusters of reasons why these technologies are getting traction. The first one, we could call it ‘boring SSI,’ but in reality, it’s not boring. In fact, it delivers very clear economic benefits. The first bucket of why decentralized technologies are getting adoption, is because they’re really solving some pricing problem today. For example, you have paper-based credentials, or documents, or attestations, and then you replace those with digital ones. They’re decentralized; they can also be exchanged in a peer-to-peer manner. That means that a lot of companies don’t have to be integrated into a single database, so it’s cheaper to maintain. Those are purely economic benefits.
Basically, what happens is that moving a trusted data exchange system onto verifiable credentials or SSI rails reduces the transaction costs, and those transaction costs are present in any economic activity. So, blockchain does the same if you want perhaps to reduce legal costs; you can use a smart contract because it’s automatically enforced. Or, you can use a blockchain to reduce supply and chain management costs, or in verifiable credentials — this is clear. Most of the applications of verifiable credentials today are focused on this transaction cost reduction, and that can be huge. It can be tens of times reduction, because you not only make it cheaper, but you also make it less prone to fraud. It’s possible to fake paper certificates or paper documents; it’s much harder with digital signatures. You reduce the single point of failure, because there’s no database. You increase privacy, and you get mathematical compliance. If you build an SSI system, it’s already GDPR (General Data Protection Regulation) or CCPA (California Consumer Privacy Act) compliant from Day One, because there’s no centralized company that is storing everything. It comes down to ‘Issuers and Holders,’ and they have the right to do it. I think the same can be said about every layer of the decentralized stack. This works for decentralized storage, verifiable credentials, blockchain, cryptocurrencies and so on.
Then, there’s the second bucket, which is more future-looking. It’s still not about the idea that we will have a new world that’s better; it has to be about creating a new paradigm of trust or a new paradigm of interaction. Before the internet, it was not possible to have anonymous communication at all. With the internet, we now have anonymous communication; we have all the problems associated with that, because we have scum, we have fraud, or we have people pretending to be other people, or we have people getting angry, and other problems. Then, we can apply decentralized technology to that. So, we can have pseudonyms on the internet that are not revealing your real-world identity, yet you can still prove something about yourself.
For example, I recently was reading about Gitcoin Grants in Vitalik Buterin’s blog, and he wrote about the recent Gitcoin program they have. Gitcoin is a system where companies come together, and they have a fund that is used to fund some ‘public goods.’ Those are educational programs, or open-source development that benefits the whole industry. The problem that they started having, is that because everything is anonymized, people use their DIDs from their cryptocurrency wallets to identify themselves. Now, they’re seeing SAML attacks, such as one person pretending to be multiple users. SSI can solve this problem, because you can have a completely anonymous DID, but yet you can have several verifiable credentials attached to it that prove your personhood, or prove that you have a social media account, or a phone number, or that you met someone in person, all without revealing your name. In reality, this can go even further; you can have the whole professional identity. So, you can be an anonymous developer, someone like Satoshi, and yet you can prove that here’s your cryptocurrency wallet, and you have money, or you received money from someone. You can prove that you contributed to this code base; you can prove that you have this skill or competency, or that you participated in some public work. So, now you can be anonymous, and this is going to be as efficient as a not-anonymous approach.
To sum it up: the first bucket is about finding economic inefficiencies or customer problems in the world today; in government, in the public sector, in enterprises, or in different economic interactions. For example, for SSI, it’s usually establishing trust: How do I trust that this parking ticket is valid, or is issued by the right person? Or, how do I know that this diploma, issued in another country, can be accepted here in my country? So, we can use SSI in all those problems, because those things can be solved today. It takes time: I need to call the university, I need to get an apostille, I need to spend a lot of money. In fact, I recently went through the problem of notarizing my diploma. I have a diploma from the United States, and I had to present it to German authorities. It cost me 500 euros in total, for shipment and authorization and all different costs. With SSI, this can be done — maybe it should cost one dollar.
Then, there’s the second part, which is thinking about a new paradigm of trust, a new paradigm of social interaction, that can be enabled through decentralized technologies. Now we can have decentralized money, which is uncensorable. We can have decentralized storage, which, at a minimum, is not controlled by Amazon. It can still be based on the Amazon infrastructure, but it’s encrypted and it’s distributed. That means that I can have my data in a decentralized, accessible way. I can have my personal identity, which is anonymous. If I want, I can generate a zero-knowledge proof, or not disclose some of the parameters or some of the attributes, and I can even have the programmatic governance through decentralized autonomous organizations.
I can have a complete business built in this new paradigm, but from a go-to-market standpoint, realistically, I think it’s still mostly the first part that presents real current market problems. That is huge, because, if we take world GDP and we calculate what percentage of it represents the transaction costs associated with establishing trust; that is, in my opinion, trillions of dollars. So, there’s a lot of work to do there. We have this new market which is completely ‘blue ocean,’ and even hard to predict how deep it can be.
Supply Chain & Crypto-economics
Mathieu: I agree; the new paradigm activity is super interesting, and these are topics that I always felt haven’t been figured out yet. Obviously, it’s stuff that, when you build and do more experiments, you start seeing what is newly possible. A nice comparison to that, is that with the rise of the internet, people were trying to send faxes over the internet. You don’t want to redo things the same way; you could do something completely different. I agree with that.
Stepping back, and looking at the first bucket you illustrated; where you’re able to solve the problems today of economic inefficiencies; I think that’s when I got into the crypto, blockchain, decentralized space. With many projects that we worked on or saw, we were trying to use a blockchain or distributed ledger to solve some of these economic inefficiencies. You’ve mentioned supply chains: how could you use a supply chain to lower the cost throughout the chain, to create more transparency or traceability in the supply chain, as well?
We were going after a number of benefits with that. It was interesting, because, since the start of crypto, there’s been this on-and-off trend of people being excited about public blockchains and public crypto. Every now and then, there’s all this excitement about these permissioned or “enterprise-suited” systems. Many of these “enterprise-suited” blockchain systems haven’t really taken off as people would have liked to see them take off. We don’t have to name any specific projects; we all know them.
One of the things we always faced being deep inside of that world, was that if you’re trying to achieve some of the properties that you get from decentralized technology, such as verifiability, or immutability, or traceability; there are different elements to the decentralized stack that need to be deployed. It’s not one solution that fits all. What we saw, is that people are trying to throw everything on the blockchain, but, at that moment, it didn’t really make sense. We always felt like there was a big missing piece, which had to do with credentialing and identity. So, if you want to build a system to achieve some benefits, you’re making a decision to use a private blockchain or consortium environment, because maybe you need performance, or privacy, or whatever the reasons are.
I think that the big piece that we noticed was missing, is this SSI piece. It’s the credentialing piece to it. Another piece that we felt was missing from the enterprise blockchain space, and is a space that you know quite well, is crypto-economics. What’s the point of creating a consortium, when there’s no incentive for people to run these things? That’s where you see a lot of projects die. So, I think it’s clear that verifiable credentials and the SSI stack fit in nicely to this model with these projects, and it fits nicely into public blockchains as well, if you’re using it for specific purposes. How do you view crypto-economics fitting into this whole thing? How does it play with SSI?
Stepan: Yes. Let me address the first part first: In my opinion, I think that I’m not a huge fan of permission blockchains. I think that idea was quickly proven not to work economically. The reason there were still a lot of companies that kept trying, was the ICO (Initial Coin Offering) boom. So, I think it overlapped because there was a lot of excitement about enterprise blockchain. Then, people realized that for several companies, if they have a centralized database with cryptographically signed data, they don’t need blocks; they don’t need this type of complex solution; they only need a way to track authenticated data, and you can do that in PostgreSQL or MySQL. But then, because blockchain was a new technology, not everybody fully understood what it is. As bitcoin was growing and a lot of ICOs popped up, I think that that was a positive feedback loop.
I had a few projects that were trying to put coal mines, or gold mines, or oil drilling on the blockchain — that was the permission blockchain, but they had tokens, and they were trying to sell those tokens. I think it doesn’t make sense. I believe that the problem that enterprises are trying to solve, is best addressed by the SSI stack, especially today. I don’t believe that crypto-economic incentives are necessary; I think it’s more about a governance system that is missing. Some of the key areas of innovation for SSI today are actually creating better governance mechanisms that are not economically incentivized, but they are compliant, and they’re transparent. Ideally, they are at least somehow connected to government frameworks; for example, the European Union self-sovereign identity framework.
It’s a good way for enterprises to start using these systems, because it’s not merely blockchain; you have your data off-chain. It’s not as if your competitors can access all your customers’ data. That’s good, but it’s important to think about what Trust over IP is doing, and in general, the governance approach. In other words, how do I trust Issuers or Verifiers, and at the same time, do it in a way that is recognizable by the government or by the legal system? I think it’s important for wider adoption.
The crypto-economics part; that one is necessary when you actually don’t have enterprises. The reason for that, is that you can have superior economic efficiency by removing intermediaries. So, you need crypto-economics to replace intermediaries that are enforcing trust in the system. I can build on the example of professional identity: you can have a centralized university that you pay a hundred thousand dollars. You get your degree, and you get your diploma; it might be a verifiable credential, or a referral credential. At the same time, you can go to Youtube and watch the same lectures. Stanford or Harvard: they have great Youtube channels. You can go and practice, you can do a coding project on GitHub, or meet with someone.
So, the internet allows access to education, and it’s virtually free in a lot of cases. However, you don’t get that degree, that official diploma. We can imagine a system that is, in reality, decentralized, but which can afford you the recognizable educational credentials. For example, if you are a software engineer; you taught yourself, you did a bunch of projects, but then you go on this website, or you have a smart contract. In that event, you have someone who is a Verifier who checks your knowledge. They might run a paired programming session with you and award you with the degree of Software Engineer, Layer Level 3, in TypeScript or something like that. Because the system is prone to fraud — you could collude or bribe that person — we can use crypto-economic mechanisms in order to protect the system. Similar to what OGRE is doing for the prediction market, we could have a staking mechanism. For example, as a verifier, you have a stake of, let’s say, a thousand dollars; you assess different people who come to you, and then this assessment is public. If someone can find that you’ve assessed someone incorrectly, or they think that there was collusion, they can open up a dispute. If this dispute passes, you would have some portion of your deposit removed.
Obviously, this is a very rudimentary idea; it has to be tested, it has to be evaluated in the real world because crypto-economics are hard algorithmic economic mechanisms. It’s more about experimentation and iteration than simply creating a great initial idea, but this shows that you can actually have some type of credential that is received through a decentralized mechanism. In that case, you don’t have the intermediary who awards that credential, and in the end, it’s cheaper. So, you can get the same degree or the same credential as a Computer Science Bachelor’s degree, but instead of spending a hundred thousand dollars, maybe you spend a hundred dollars for that assessment.
Mathieu: If you talk about working talent as an example; I totally agree with you. If you have the motivation and the curiosity to learn; if you have access to a computer and to the internet, you could pick up anything. It potentially could lower the value of a university degree, because you could look at this as,” Why am I spending tens of thousands of dollars every year to get this degree? And, when I do get the degree, it proves that you could read, you could write, you could do certain things, but it doesn’t really prove your skills at that point. Whereas, with the internet and access to so many different tools, you could think of an even better micro-transaction-driven skills model. In that model, you could get credentials for smaller things that actually showcase your skillset and suitability for a job, better than if you’re coming at it with a degree. In many cases, it could be: “Okay, it’s cool that you have a degree, but are you actually able to add value to what I’m trying to do?”
If I’m understanding where you’re going here, and going back to one of your comments earlier, there are two approaches. One is that existing institutions and organizations could innovate, and continue to drive down costs and solve economic inefficiencies. But, in your second model, this future-facing new paradigm model, this is where something like crypto-economics is interesting, because you could think of a proper incentive mechanism being put in place that will inherently increase the value of a credential that will come out of an ecosystem.
Stepan: Yes. Maybe to put it in a different format, we can think of different business models. You can get the same results or the same service by different business models. First, it is pipelining a business model, when you have a supplier that fits with a producer, and you have this production chain. At each step, you have some portion of transaction costs that are covering the trust problem, and connecting those different companies in that business model. Something like manufacturing is usually a pipeline business model, and you saw this through economies of scale. So, you build a larger factory, and you have vertical integration, and it works.
What’s happening more and more, especially online, is that we see platform business models. That’s when the platform is not actually producing the product or the service; it’s acting as a facilitator. It connects producers with sellers and with buyers, and the value creation is happening outside the platform. The platform business model is more efficient, because you have a direct relationship between the buyer and the seller. The platform takes a small cut on each transaction, because they provide some guarantee that those sellers are valid or licensed or whatever. If we continue this model, the next step would be a decentralized business model.
That business model is also a peer-to-peer connection, but in that case, the platform is not existent anymore. Instead of a platform, we have a decentralized service. What that does economically, is that the fee that Uber, or the App Store was taking is reduced to the marginal cost of providing or running that smart contract, if it’s a smart contract that connects drivers with a decentralized Uber, as an example.
That model might not make sense for Uber or for other types of business. For example, you wouldn’t build a decentralized steel mill; it wouldn’t work, or it wouldn’t be more efficient than the traditional one. For Uber, it might not be the best example because of a lot of regulation, and it’s still a real-world business. However, it makes sense for anything that is done purely online. Maybe for Uber, an example would be that drivers have their own DIDs, and they have verifiable credentials that prove that they have a car; and its technical status — that it’s operational and working fine. It could include their driving license, their criminal history, Know Your Customer information, and so on. Then, it could be a smart contract; it could be your own chain; it could be a purely SSI system that is working off-chain; you might have multiple user interfaces or apps that allow you, as a passenger, to find the driver. In that system, instead of Uber’s fixed fee, or however much they charge, the marginal cost of each ride can be reduced to, let’s say, half of that, because you only need to essentially fund the gas for that smart contract. Put simply; if it’s an open-source development and maybe a UI or an app that provides a user interface, that might take a small cut. But, it’s definitely much lower than Uber, because it’s a much more competitive market: the protocol and the underlying data are public, and anyone can build an app that uses the same underlying data.
Another way to look at these crypto-economic mechanisms is in terms of how they enable either better service or the same kind of service, but at a lower price through this change of the business model — essentially, through disintermediation.
Mathieu: That’s super interesting. I’m quite a fan of being able to properly understand the pipe versus platform, the business models, and the differentiations. When you’re starting a business or looking at your own business — and I am — I love some of the writing that Sam Smith has done on the platform business models, as well; it’s all about reducing transaction costs. That leads to more of a network of networks effect, and you’re reducing trust costs; you’re able to leverage each other’s networks. I think for both of us, that is what’s super exciting, and how we’re trying to build the foundation to strive towards that.
SSI Momentum
I think it’s clear to say that we see significant momentum in the SSI space. There’s a lot of activity happening; there’s more money going into it. This week, there was an announcement from Microsoft that they’re going to be leveraging ID proofing companies’ technologies in order to then issue a verifiable credential inside of their authenticator app. There are clear efficiencies in that too, and that’s an example of what’s happening right now. What’s your view on the space right now? What’s exciting?
I know there are many projects that you’re familiar with; whether it’s the US Department of Homeland Security, or activity that’s happened through MIT, or the Canadian government is doing interesting stuff. What’s your view on that space right now?
I’ll add a second question on top of that; who absorbs the cost for these ecosystem solutions?
That’s kind of a big theme. We could go one at a time here, but this is another thought: if you are developing these ecosystem solutions, whether it’s government or private sector. Who’s benefiting from this? Who absorbs the costs? I would love to hear your thinking around that.
Stepan: Yes. I agree that the momentum is picking up. I’ve been involved in the SSI industrial market for about three years at this point, and I think the growth that has been happening in the last three to six months is accelerating. The pandemic was definitely a catalyst for some of those changes. One of the products that we developed is called ‘Safe Travel,’ and it’s something that a lot of companies are doing, but I think we have quite a good momentum. It allows people to travel internationally with digital credentials. The main customers for those, are immigration authorities and airline companies, because they are the first players who demand people to have their vaccination records and pre-departure tests. They are the ones who are losing money, or creating public health problems if people are coming with fraudulent documents. It’s also an operational problem, because, for an airline company, it might take a few minutes to verify paper-based documents. This is especially true if it’s in a foreign language, or from some laboratory that you’re not even sure whether it exists. So, verifiable credentials are solving most of these issues.
I think that more and more countries, over the course of this and the next year, will be demanding digital healthcare documents for international travel. For example, in 2019, there were 1.5 billion people traveling internationally, and many of them were doing this multiple times a year. That means that most of those people, in a couple of years, will be users and customers of verifiable credentials or SSI products, and that is a huge adoption. That will happen much faster than some of the blockchain technologies, because cryptocurrency is probably more popular today, but it won’t be growing as fast. If your bank, and your visa card, and your mobile Fintech app work fine for you, then you don’t really need Bitcoin if you’re not an investor and don’t want to risk too much.
SSI can really grow quickly into every aspect of life. Every time you open a bank account, you’ll be giving a KYC document in the form of a credential. Every time you apply for a job, you will have a resume, or previous working history, or your education. For public credentials, you can have pretty much any kind of government documents, from parking tickets, to business licenses, to customs documents, or healthcare. There are a lot of applications; we could spend a full hour discussing those.
So, the potential is there. I think that things like the desire, and the need to open up international trade and travel, but at the same time doing that safely, are some of the important catalysts to spark this growth. It was happening organically. I remember at the last IIW (Internet Identity Workshop), people were talking about use cases; we need more use cases. Everyone talks about technology, and technology is not as hard. It’s much harder to get the business model right and to get adoption. Now, we see much better solutions to that problem, but it’s obviously still in the early stages.
To address your second point about the costs; in my opinion, it depends, but usually, it’s the Verifier who’s benefiting the most. Therefore, they are the one who is paying for the system, but not always. You can think of the SSI system as a closed system: you have a platform or an application, and you have Issuers, Holders, and Verifiers. In that case, usually, it’s the Verifier who’s paying, but not always. They are getting the most value out of the system in most cases, because it’s an optimization and increasing transparency for their business process.
The second option is to have a network approach, where it’s not necessarily one of those three who’s paying for the system. Rather, it’s a network, and the network of networks of different verifiable credentials.
We’re having a few discussions on this topic at DIF (Decentralized Identity Foundation), and we started this group called VC Marketplace. The idea is, how can we design a system that allows different Issuers and Verifiers who are not familiar with each other to participate in the same network. To build on the same example of what Microsoft is doing: let’s say, I’m a bank in Canada, and I want to verify the identity of a new customer. I don’t want to build the system for people to acquire those KYC credentials; in fact, I can accept anything that fits certain criteria. That means that this bank can publish a record in that marketplace, saying that we are paying one dollar to any KYC provider who creates a KYC-VC. Then, as a customer, I go to the marketplace, I choose the one that I like the most out of the list, and they can be part of the same network. They can be all partners of Microsoft, or they can be completely independent companies that have some decision capabilities. They’re not necessarily connected because of the niche, but because of the openness and interoperability of the protocol, this would work. Therefore, there’s no need for direct interactions, and then those marketplaces can be decentralized, and they can also have a reputation system within them.
So, you can have 100 different KYC providers, but as a bank, you can say that I’m only trusting the top 50 because there’s been a lot of issuance and verification, and there’s no problem with that data. As a result, we will probably see the cost of a KYC credential going down. Today, we have companies such as Onfido, who are huge and almost have a monopoly. They can set prices for issuance, even though it costs them nothing. The first time they do KYC, they need to verify, but the second time, it’s almost free for them. They still charge, but as the competition increases and the market becomes more efficient, that would drive the cost of issuance down. That’s one example.
Mathieu: That’s where, for your verifiable credential marketplace idea, it comes back to governance. You mentioned governance earlier as being one of the areas that perhaps requires a little more innovation, and a little more thinking and investment to allow these types of things to happen. I do agree with you on KYC or ID proofing: it’s logical that as these solutions become more and more commoditized, the price keeps going down. Although, it would be nice to be in that space today, and raise 300 million dollars on a crazy valuation. It will be interesting to see how they adapt as things are changing. From my perspective, a lot of the use cases are compliance-driven today. When you talk about the COVID credentials, or the basic ID credentials such as KYC; it’s all compliance-driven.
The interesting thing once you’ve been able to solve a compliance problem is, “Now, how do I extend that, and how do I start tying this original identity credential to further transactions and create traceability in the value chain?” I think that’s an area where there was innovation, or a lot of trial-and-error that was happening with blockchain. But, that’s where I think that traceability is an issue that, for me, SSI is the solution for that property.
Stepan: Yes, and I think the reason it is starting with compliance is that we need to change the perception of what verifiable credentials are today. For most people, it’s blockchain; it’s some technology that no one understands how it works, but you need to invest in this. From the average corporation standpoint (not an IT corporation), it’s something that we need to do, but we don’t understand. As a bank, it will possibly somehow solve our business problems, but we’re not sure. The problem is that the very public credentials are addressing the notion of trust, and trust is such a basic concept that it’s existed for millennia. When the first item, maybe a document that was signed by the king, or some other type of official document; that was the first trust transmission systems. You had people on horses who were distributing different orders from monarchs, and it was hard to change. Today, most people believe that you can trust information either if it’s nice-looking paper; it has a stamp and a wet signature, or if it’s coming from an official email address.
The notion of a cryptographic signature is a little complicated. If we start with compliance use cases, and if this is accepted by someone big, like a government, or immigration authorities, or banks, that would change this perception. I think what we want to achieve as an industry is this equality between a legally valid document and a verifiable credential. It’s maybe not 100 percent correct, but that’s a good starting point. After that, the main positive property that verifiable credentials have, and also other decentralized technologies such as DeFi (Decentralized Finance), or NFT (Non-Fungible Tokens), or blockchains have, is that you can stack those one on top of another. So, if someone develops an MD5 protocol like Uniswap, because it’s open-source someone else can go and develop a yearn.finance which helps you to be more efficient in providing liquidity. Then, someone can build something on top of that, which makes it easier to work with a specific asset. It’s the same for verifiable credentials, because it’s intrinsically interoperable. Once you have those KYC documents, then you have a scoring of different KYC providers. You can have a different zero knowledge or a partial disclosure system that allows you to, for example, buy alcohol without revealing your name. The stacking property of decentralized technology is, ultimately, what in the long term will be differentiated from centralized KYC or a trusted data records system.
Mathieu: Stepan, I think we could go all day on that subject, and it would be something interesting to discuss in some forum. I want to thank you for doing this today. I think it was quite a deep and very interesting conversation. I really appreciate you sharing your thinking and your opinion on the space, and on all of this stuff. My last question is: when is this Clubhouse session happening? Let’s do something!
Stepan: Great Question! We need to have some active discussions happening, outside of conferences. There’s an IIW (Internet Identity Workshop) conference coming up. That would be a great community event. I’m very interested in organizing, or at least attending, a Clubhouse event on SSI. Moving forward, it could be an even split because SSI is actually quite a big area. There are more nuanced areas that deserve discussion and sharing of expertise.
Mathieu: Yes, I look forward to making that happen. We’ll try to move that forward. Thanks once again for doing this; this was phenomenal.
Stepan: Thanks a lot.