Our Old Road Is Rapidly Aging

In a week that saw the sad death of Tim May, I am reminded about how well he predicted the changing world we live in. Just last week I…

Our Old Road Is Rapidly Aging

With the sad recent death of Tim May, I am reminded about how well he predicted the changing world that we live in. Just last week I trading in my car, for a slightly newer one. And so I handed over a large piece of green paper with a bar code at the side — don’t ask me what it was — and the salesperson smiled and ripped a bit off, and told me to sign it and “send it in” (I didn’t like to ask at the time what “send it in” actually meant):

And so I handed my keys to a person that I had only just met once before, and who had sat quietly with me on a test drive. The process of the hand-over involved scribbling on the many pieces of paper that were pushed in front of me, and to which I “drew” a nice wavy line in reply that confirmed that I can scribble something on a piece of paper, and then tried to remember the date without referring to my phone. As a test of scribbling, I am sure I did a good job, as the salesperson seemed impressed with the authority and confidence of my wavy line. I just hoped that I could replicate the line at some time in the future, but I forgot to photograph it (as that would have looked a bit strange).

In the end, I felt slightly satisfied that I had actually remembered my car registration without referring to OneNote. As a backup, too, after I had parked the car, I had even taken a photograph of my old car with its registration. As for my home landline number, that would have taken a complete search of my phone, as I just refuse to remember such useless information.

Luckily, I told the salesperson that I didn’t have a FAX number, so I didn’t have to remember that. I wanted to add “What, I’m a security professor and you really want me to have a FAX?”, but it didn’t fit in the box, so I just added “N/A”, and hoped that there wouldn’t be any comeback from whoever wanted to FAX me something.

I then walked out of the garage and drove home. But, so many questions went through my head as I drove home. Did I really own this new car? Was I still the owner of my previous car? At what point do I legally become the owner of the new car?

After some searching — on the back of the small piece of green paper — I found out that the “sending it in” part was a reference to the DVLA, and I that had to add my scrawl, find an envelope, purchase a stamp (did you know they cost 65p?), locate a post box, and put it in the post. Wow! For a Crypto Professor, that’s a time-consuming job!

I then “hoped” that “they” received my small green form with my wavy line and that I hadn’t just made up the current date, and that no-one carjacked my old car and drove it off a cliff. Did I put the right date on the form? But I didn’t put the time that I handed over the keys?

I appreciate that, as a citizen of the UK, I should know all these things, but I can’t remember the training course which told me about the mechanics of buying and selling a car, and which form did what. While some will tell you that you need the form named Gov-XY-143, I refuse to kick out my precious memory space for cryptography principles for the knowledge of the actual form I need to register a car. To me, it the green form, with a bit of blue at the bottom, and it’s somewhere in my house … hopefully in the special drawer.

While I could probably find an online version of the registration somewhere, there’s something now quite right about this, as it’s all still vague. Who defines that I own a vehicle? Who defines the previous owners? What ties me to a vehicle? How is my ID associated with the vehicle? When did the handover actually happen? It’s a world of untrustworthy IDs and vagueness … my name, my address, the car registration, the date, and so on.

I was asked for my landline number, but never once was I asked about my email address or how I might want to be contacted by the government. I have no real trace of the car I bought and must trust the garage who sold me it to show me its options.

After a week or so, I received back a piece of larger piece of green paper, that I think I need to hand on to someone else when I sell the car. I was so glad it came in the post, as I had actually forgotten about it. And so it was placed in my “junk” drawer, and where I hope to find it when I need it again. I also received back a cheque for a refund of something, which I now wonder if it is worth cashing-in, as I’ve got to go and find a bank which will process a piece of paper for me.

Me and the government don’t really have an extensive social relationship. I vote, I pay my taxes and then tell them when I have some updates that they are interesting it, and that’s about it. There’s no portal to find out if I actually own my home or my car, and there’s no place I can go and make queries, without submitting a form (which isn’t going to be easy to find).

Basically, we have an old world, where the old ways still trying to exist. Our governments pride themselves in developing a digital economy, and where innovation is promoted, but it’s still a 19th Century world. The whole concept of identity and ownership needs to be properly defined for this modern age, and putting a form online is not a proper digital world. Our governments like to keep ledgers on us, and keep them secret. They don’t quite trust us to see them but have an old world where they tally up the assets and control their transfer.

It is the way that governments have transacted since they existed. Replace an SQL database for a paper ledger and a quill pen, and you have the same old ways. “What’s your name and address”, “What is the car registration?”. We give IDs to things, that really have no credibility in this digital world.

Our future, as Tim foresaw it, is to properly digitally sign things. He saw cryptography as the wire-cutters of the barbwire of this old world.

Our new world

Some countries of the world are already laying down a world which properly takes us into the 21st Century, and where we can properly use our wire-cutters. One of the first is Liechtenstein who has drafted a Blockchain Act. This will support a legal infrastructure for blockchain technology, and to also support a token economy. Within tokens, we define applications which trade only with tokens. These tokens can then define costs of effort, and eventually could be “cashed-out” into fiat currency. Economic activity could then be enacted with tokens rather than currency — the creation of the token economy [details]:

The consultation document [here] defines a trusted technology transaction systems (VT systems). For the first time, we see blockchain methods being translated into legal speak, with a token being defined as:

enable the transformation of the ‘real’ world to blockchain systems while ensuring legal certainty, thereby opening up the full application potential of the token economy.

The Act also defines methods which aim to protect client interests from scam agents, and these are at the core of cleaning up the cryptocurrency marketplace. It defines “legal certainty” for blockchain implementation and projects a world where our existing assets are added onto blockchain, and then traded there. Our centralised economic trading models may thus disappear, and a fully distributed and more trusted model replaces old-fashioned practices.

The tokens that are likely to be defined are:

Payment tokens (currency coins). This includes cryptocurrency coins.
Utility tokens. This allows for a spend against a service.
Security tokens (equity and assets). These could define the ownership of an asset.

Overall the Act aims to properly define the key legal consequences of the ownership, possession and transfer of tokens:

The Act defines:

Subject and purpose (Art. 1 VE-VTG): This defines that the main focus is around the protection of users, and to thus build confidence in tokens.
Trusted technologies (Art. 3 VE-VTG): This defines the technology that is required to build a VT.
Definitions (Art. 5 VE-VTG): This defines a token as something that defines claims of a person to the rights to goods.
Rights of disposal (Art. 6 ff. VE-VTG): This defines the rights to transfer tokens, and is normally defined by the owner of a private key signing the transaction. A disposition is defined as the transfer of the disposition authorization on the token. Within the Act, it is defined that a buyer has the rights to dispose of a token, even if the seller was not authorized to dispose of the same token.
Requirements for VT service providers (Art. 13 ff. VE-VTG): This defines the entities who will perform services within the VT. These entities must provide an organisational structure, control mechanisms and a minimum amount of capital.
Basic information on the issuance of tokens (Art. 28 ff. VE-VTG): This defines the assurance in the issuing of tokens and their legal requirements. They must provide a minimum amount of information, such as the technology used, the purpose of the token, and any risks. There should be at least 10 years of issuance, and to also prevent token cloning, along with prevention of a token not being released with the same rights.
Obligation to register (Art. 36 ff. VE-VTG): This defines that service providers must register into the Financial Market Authority (FMA) before starting their commercial operation.
Supervision (Art. 42 ff. VE-VTG): This defines that the FMA implements the Act.
Penal provisions (Art. 49 ff. VE-VTG)

A token protector is defined as someone who holds the token in their own name, and on behalf of the owner. Custodians are then defined as a person who can provide custodial services for the private keys of a third party. Overall the custodian should be able to operate without disruption. They should also provide strong controls against the loss or misuse of private keys, and provide separation between business assets and the private keys of their customer.

In order to clean-up on those to operation within the token economy, the Act requires the following entities to register with the FMA: Token issuers; token service protectors; token service custodians; token service exchange platforms; physical validators; and token service identity service providers.

Buying a car in the future

No, I’m not going to talk about flying cars, but in the way that we should really transact assets in the 21st Century. The registration onto a database within a government department is no real way in a digital world to actually register the transfer of an asset. I have no receipt — apart from a piece of green paper which has some hint towards me — that I actually own something, and have a right to transfer it to someone else.

First, we must register a key pair for all the identities involved, and then for them to place their public keys on a distributed ledger. This is their claim to their identity, and all transactions in the future will rely on the signing of transactions with their private key (and proved by their public key):

When the car is created, the manufacturer then creates a token onto the ledger, and which is signed by themselves. The entity of a car now exists. A government department can then take this entity with its unique digital ID, and then place a token on the ledger to register the car. This will map its ID within the government and its licence plate, and its current owner (Trent). Trent will now have the token to prove that he has ownership of the car.

Next, if Bob purchases the car, Trent will sign a token to prove that Bob now has ownership, and so on. In this way, we have a complete track of the ownership of the car, and we can keep things secret if we want. The tokens can be mapped to the real data through a trusted tokenization server, and where we do not have to put Bob’s address on the ledger.

Our ledger is open to all, and everyone can check. We have almost instant changes of ownership, while our existing system can take days, weeks or months.

Conclusions

Our old ways are finished, the public sector and our legal infrastructure needs to transform at scale, otherwise, countries who fail to adapt will fail both their citizens and in their economy. Thank you to Tim May is seeing this world before anyone else.

Cryptography is the wire-cutter for the barb-wired world we have produced, and in a decade’s time, we will look back on our old ways in the way we look back on the stand-alone PC of the 1970s.

Our Old Road Is Rapidly Aging

In a week that saw the sad death of Tim May, I am reminded about how well he predicted the changing world that we live in. Just last week I trading in my car, for a slightly newer one. And so I handed over a large piece of green paper with a bar code at the side— don’t ask me what it was — and the sales person smiled and ripped a bit off, and told me to sign it and “send it in” (I didn’t like to ask at the time what “send it in” actually meant):

And so I handed my keys to a person that I had only just met once before, and who had sat quietly with me on a test drive. The process of the hand-over involved scribbling on the many pieces of paper that were pushed in front of me, and to which I “drew” a nice wavy line in reply that confirmed that I can scribble something on a piece of paper, and then tried to remember the date without referring to my phone. As a test of scribbling, I am sure I did a good job, as the sales person seemed impressed with the authority and confidence of my wavy line. I just hoped that I could replicate the line at some time in the future, but I forgot to photograph it (as that would have looked a bit strange).

In the end, I felt slightly satisfied that I had actually remembered my car registration without referring to OneNote. As a backup, too, after I had parked the car, I had even took a photograph of my old car with its registration. As for my home landline number, that would have taken a complete search of my phone, as I just refuse to remember such useless information.

Luckily, I told the sales person that I didn’t have a FAX number, so I didn’t have to remember that. I wanted to add “What, I’m a security professor and you really want me to have a FAX?”, but it didn’t fit in the box, so I just added “N/A”, and hoped that there wouldn’t be any comeback from whoever wanted to FAX me something.

I then walked out the garage, and drove home. But, so many questions went through my head as I drove home. Did I really own this new car? Was I still the owner of my previous car? At what point do I legally become the owner of the new car?

While I could probably find an on-line version of the registration somewhere, there’s something now quite right about this, as it’s all still vague. Who defines that I own a vehicle? Who defines the previous owners? What ties me to a vehicle? How is my ID associated with the vehicle? When did the handover actually happen? It’s a world of untrustworthy IDs and vagueness … my name, my address, the car registration, the date, and so on.

I was asked for my landline number, but never once was I asked about my email address or how I might want to be contacted by government. I have no real trace of the car I bought, and must trust the garage who sold me it to show me its options.

Me and the government don’t really have an extensive social relationship. I vote, I pay my taxes, and then tell them when I have some updates that they are interesting it, and that’s about it. There’s no portal to find out if I actually own my home or my car, and there’s no place I can go and make queries, without submitting a form (which isn’t going to be easy to find).

Basically we have an old world, where the old ways still trying to exist. Our governments pride themselves in developing a digital economy, and where innovation is promoted, but it’s still a 19th Century world. The whole concept of identity and ownership needs to be properly defined for this modern age, and putting a form on-line is not a proper digital world. Our governments like to keep ledgers on us, and keep them secret. They don’t quite trust us to see them, but have an old world where they tally up the assets and control their transfer.

Basically it is the way that governments have transacted since they existed. Replace an SQL database for a paper ledger and a quill pen, and you have the same old ways. “What’s your name and address”, “What is the car registration?”. We give IDs to things, that really have no credibility in this digital world.

Our future, as Tim foresaw it, is to properly digitally sign things. He saw cryptography as the wire-cutters of the barbwire of this old world.

Our new world

Some countries of the world are already laying down a world which properly takes us into the 21st Century, and where we can properly use our wire-cutters. One of the first is Liechtenstein who have drafted a Blockchain Act. This will support a legal infrastructure for blockchain technology, and to also support a token economy. Within tokens, we define applications which trade only with tokens. These tokens can then define costs of effort, and eventually could be “cashed-out” into fiat currency. Economic activity could then be enacted with tokens rather than currency — the creation of the token economy [details]:

enable the transformation of the ‘real’ world to blockchain systems while ensuring legal certainty, thereby opening up the full application potential of the token economy.

The Act also defines methods which aim to protect client interests from scam agents, and these are at the core of cleaning up the cryptocurrency market place. It defines “legal certainty” for blockchain implementation and projects a world where our existing assets are added onto blockchain, and then traded there. Our centralised economic trading models may thus disappear, and a fully distributed and more trusted model replaces old fashioned practices.

The tokens that are likely to be defined are:

Payment tokens (currency coins). This includes cryptocurrency coins.
Utility tokens. This allows for a spend against a service.
Security tokens (equity and assets). These could define the ownership of an asset.

Overall the Act aims to properly define the key legal consequences of the ownership, possession and transfer of tokens:

The Act defines:

Subject and purpose (Art. 1 VE-VTG): This defines that the main focus is around the protection of users, and to thus build confidence in tokens.
Trusted technologies (Art. 3 VE-VTG): This defines the technology that is required to build a VT.
Definitions (Art. 5 VE-VTG): This defines a token as something that defines claims of a person to the rights to goods.
Rights of disposal (Art. 6 ff. VE-VTG): This defines the rights to transfer tokens, and is normally defined by the owner of a private key signing the transaction. A disposition is defined as the transfer of the disposition authorization on the token. Within the Act, it is defined that a buyer has the rights to dispose of a token, even if the seller was not authorized to dispose of the same token.
Requirements for VT service providers (Art. 13 ff. VE-VTG): This defines the entities who will perform services within the VT. These entities must provide an organisational structure, control mechanisms and a minimum amount of capital.
Basic information on the issuance of tokens (Art. 28 ff. VE-VTG): This defines the assurance in the issuing of tokens and their legal requirements. They must provide a minimum amount of information, such as the technology used, the purpose of the token, and any risks. There should be at least 10 years of issuance, and to also prevent token cloning, along with prevention of a token not being released with the same rights.
Obligation to register (Art. 36 ff. VE-VTG): This defines that service providers must register into the Financial Market Authority (FMA) before starting their commercial operation.
Supervision (Art. 42 ff. VE-VTG): This defines that the FMA implements the Act.
Penal provisions (Art. 49 ff. VE-VTG)

Buying a car in the future

First we must register a key pair for all the identities involved, and then for them to place their public keys on a distributed ledger. This is their claim to their identity, and all transactions in the future will rely on the signing of transactions with their private key (and proved by their public key):

When the car is created the manufacturer then creates a token onto the ledger, and which is signed by themselves. The entity of a car now exists. A government department can then take this entity with its unique digital ID, and then place a token on the ledger to register the car. This will map its ID within the government and its licence plate, and its current owner (Trent). Trent will now have the token to prove that he has ownership of the car.

Next, if Bob purchase the car, Trent will sign a token to prove that Bob now has ownership, and so on. In this way we have a complete track of the ownership of the car, and we can keep things secret if we want. The tokens can be mapped to the real data through a trusted tokenization server, and where we do not have to put Bob’s address on the ledger.

Our ledger is open to all, and everyone can check. We have almost instance changes of ownership, while our existing system can take days, weeks or months.

Conclusions

Our old ways are finished, the public sector and our legal infrastructure needs to transform at scale, otherwise countries who fail to adapt will fail both their citizens and in their economy. Thank you to Tim May is seeing this world before anyone else.

Cryptography is the wire-cutter for the barb-wired world we have produced, and in a decade’s time we will look back on our old ways in the way we look back on the stand-alone PC of the 1970s.