Saturday, 23 September 2017

Researchers seek to mimic digital identities by analyzing email, online interactions - One World Identity

xxx

"Research being done at the MIT Media Lab is working on ‘swappable identities’ for AI bots, based on data taken from a person’s digital identity, as detailed by VentureBeat. Personal information is culled from emails, transcribed videos and any other published statements, allowing the system to give expert advice based on human opinions."

Researchers seek to mimic digital identities by analyzing email, online interactions - One World Identity

xxx

Bitcoin accepted here: The tiny family restaurant in India that's embraced virtual currency — Quartz

xxx

"‘There were a lot of people who came and clicked photos (of the sign) but apart from that no transactions,’"

Bitcoin accepted here: The tiny family restaurant in India that's embraced virtual currency — Quartz

xxx

Wednesday, 20 September 2017

Why are more people trying to rob banks? | American Banker

xxx

Violent bank crime has become increasingly less common in the past decade, but the rate of robberies has ticked back up in recent years.

From Why are more people trying to rob banks? | American Banker

xxx

I remember getting into an interesting discussion about bank robbery this at a lunch a while back. We were talking about risk and risk analysis. I was trying to make some points about why proper risk analysis like this is a more cost-effective way to proceed than (for example) panicking about newspaper stories on hacking, and that led to a train of thought around cost-benefit analysis for the robber, not the bank. Are robbers put off by thick doors and barred windows and such like? Are robbers deterred by visible, physical symbols of security?

The security of physical buildings is no longer as important for financial services.

[From CYBER SECURITY WITHIN FINANCIAL SYSTEMS NEEDS TO BE FRONT-OF-MIND | GlobalBankingAndFinance.com]

This is a fair point. So it set me thinking: if you are an amoral sociopath desperate for money, are you better off robbing a bank or working for it? As a responsible father, I want to help my sons chart the best course for life. Right now, they are at University studying socially useful subjects in science and engineering, whereas I am trying to persuade them to become Somali pirates or Wolves of Wall Street. Having myself studied science only to become trapped in mortgage serfdom and forced to work until I drop, I understand that side of the equation, but am less certain of the other. Remember that old paper “The Decision-Making Practices of Armed Robbers” by Morrison and O’Donnell. It’s a study of armed robbery in London and one of my favourite papers. It is based on first-hand research (viz, the analysis of over 1,000 police reports and interviews with 88 incarcerated armed robbers).

(One of the interesting snippets it contains is that a great many of the armed robbers in the UK use imitation firearms even though they have ready access to real ones. I imagine that in the US the use of imitations is vastly less prevalent, since it’s presumably harder to buy an imitation gun than a real one there.)

While it’s about the UK rather than the US, I’m sure the thought processes of the perpetrators must have some similarities. Crucially, the paper notes that “almost all of these robbers evaluated the offence as having been financially worthwhile (aside from the fact that they were eventually caught and punished for their crime)”. So robbing a bank seems like good idea, if you exclude the possibility (in fact, the likelihood) of being caught. I suppose this is standard “Wolf of Wall Street” thinking though isn’t it? Unless people believe they will be caught (and these people don’t) then they only consider the upside.

So, what to do? While glancing back over the paper I note that the authors say that it doesn’t seem practical to “expect financial institutions and commercial properties to reduce counter cash much more than they already have”. That may have been true a few years ago, but it clearly isn’t true now, since both bank branches and businesses in many countries are becoming cash free. And this is a good thing, because as we all know there is a direct and measurable relationship between the amount of cash out there (more on this later) and the amount of crime.

Even when the amount of money obtained was quite small (an element often touted in support of the irrationality of economic criminals), it must be recognised that even apparently small sums may be adequate for the offender’s immediate needs. Hence, gains may be subjectively much larger than they appear

So even thought the rewards of armed robbery seem to me, an educated middle-class professional, to be rather low, they are still sufficient to attract the robbers, because their needs are immediate and limited. They guy in the Nixon mask isn’t robbing a bank to pay his way through college or to obtain seed finance for a brilliant start up idea, he just needs to buy a car or some drugs or whatever. This paper seems, then, to indicate that so long as there is some cash in the till, there will be robberies. This is not an observation confined to banking.

Our results indicate that the EBT program had a negative and significant effect on the overall crime rate as well as burglary, assault, and larceny.

[From Less Cash, Less Crime: Evidence from the Electronic Benefit Transfer Program]

What they are talking about here is the use of Electronic Benefit Transfer (EBT) programmes in the US, whereby benefit recipients are paid electronically and given cards that they can use in shops instead of being given cash. The authors found a 10% drop in crime correlated with the switch to EBT. It seems pretty overwhelming evidence, and even more so if you read the paper, which notes no impact on crimes that do not involve the acquisition of cash. If we can to stop armed robberies, that would surely be an excellent social benefit to the move to cashlessness and would help us to explain the nature of appropriate regulation to legislators.

But back to the specific point about the relationship between bank cash and robberies. With the rewards from robbing banks and businesses falling  armed robbers, like everyone else, follow the money – literally – and so cash-in-transit (CIT) robberies are now the preferred option. We see the same in Europe where countries that have much higher usage of ATMs have much higher CIT robbery rates than countries that have lower ATM usage (see, for example, Sweden and Denmark).

Overall, then, we see another early indication of the emerging post-cash era: Spending on physical bank security is being reduced and spending on virtual bank security is being increased. We do, indeed, live in interesting times.

British supermarket offers 'finger vein' payment in worldwide first

xxx

A UK supermarket has become the first in the world to let shoppers pay for groceries using just the veins in their fingertips.

From British supermarket offers 'finger vein' payment in worldwide first

Wait a moment. Only a couple of months ago few people forwarded me a link from to Time Out, calling attention to a new payment mechanism using a new biometric identification technology to effect retail payments in a new way.

The latest in contactless payment – called Fingopay – uses a bartop scanner and allows customers to introduce their index finger when they’re ready to settle up. The unique patterns of the veins in each customer’s index finger – which need to be linked to their bank account in advance to make a payment possible – are electronically scanned on the spot in the aim of speeding up transactions at the bar.

From You can now pay for a pint using just your finger at a bar in Camden

I’m not sure if my repeated use of the adjective “new” in the introductory paragraph was entirely appropriate and I don’t want to be like all yeah whatever but… the first time that I blogged about this technology was more than a decade back, when I was talking about mass market uses of biometrics and the particular case study of Japanese banking, and it wasn’t new then.

Another group that includes Sumitomo Mitsui Banking Corp., Mizuho Bank and Japan Post use a similar system but it analyses fingertip vein patterns.

From Well, is this the year of biometrics? | Consult Hyperion (April 2007)

The technology has reappeared as a new solution to these same problems a great many times since then. It seems like every couple of years or so some stories about this new technology and new way to pay reappear. For example…

The BBC were kind enough to invite me on to their lunchtime “You and Yours” magazine programme to discuss this innovation. I think they were a tiny bit surprised, to be honest, when I told them that the technology was eight years old! I also told them, in the spirit of openness and integrity that is associated with the good name of Consult Hyperion throughout the civilised world, that we had been retained by Hitachi some years ago to carry out a study on the security of this product and its suitability for certain financial services applications.

From We’ll be giving Barclays the finger next year | Consult Hyperion

The truth is that this specific technology has been around for absolutely ages and the idea of using fingerprints as an alternative to payment cards at retail POS has been around for even longer. This from 2004:

The Piggly Wiggly grocery chain has announced it will begin offering a high-tech payment feature allowing customers in several stores to pay using their fingerprints.

From Grocery store goes to fingerprint payments

You can’t help but wonder what is different this time. Well, for one thing, we have PSD2. My memory of some earlier attempts may well be imperfect, but I have a vague recollection that these previous attempts at finger-based payments worked by tying the stored template to a card-on-file and then processing a card-not-present (CNP) transaction at POS (even though the cardholder was self-evidently present). Since the costs associated with CNP processing were much greater for the merchants, and the US was moving to no-signature stripe programs anyway because all of the terminals were online, the finger payments were slower and more expensive than stripe payments. Hence neither the merchants nor the consumers were greatly interested. Systems like this did make progress in closed environments (such as schools and prisons) but made no inroads into the mass market.

However, things are changing. We have strong customer authentication (SCA) and risk-based authentication at POS, we have interchange regulation and interchange plus acquiring in Europe and soon the retailers will be able to process payments themselves by obtaining payment institution (PI) licences and obtaining consumer consent for direct access to their bank accounts. Thus, putting your finger on a reader in store and having the retailer instruct an immediate instant payment transfer from your account to the retailer account looks like a more promising model this time around (but I have to say I am sceptical about traction in a world where consumers have mobile phones with them all the time and can obtain Internet connectivity even in Camden).

On a related topic, it is important to note that while fingerprints are unique, and all that, they are not without issue. For one thing, you leave your fingerprints everywhere you go. For another, you do not always have complete control over your fingers…

Wife exposed diplomat’s affair by using his thumb to unlock his iPhone while he was sleeping

From Foreign office official ‘assaulted wife when she used thumb print to unlock iPhone’ exposing affair | Daily Mail Online

This is why those of us who understand security use Wickr or Signal to communicate with confidantes and always set a passcode for the application! The point is that fingerprint security has failure modes and those could be exploited by any seven year old. Paging Groucho Marx: someone get me a seven year old…

7-year-old Harrison Green waited for his dad to fall asleep and then hovered his finger over the sensor, thus defeating his strong fingerprint encryption choice.

From 7-Year-Old Boy Uses Sleeping Dad’s Finger To Unlock iPhone

Having had a look through the Fingopay website, I notice a clever use of this particular feature (that is, the ability to use the biometric identifier without the consent of the owner). They say that “we have developed an ‘in-case-of-emergency’ system that can be used to assist in identifying you even if you are unconscious” which might be more of a use case in Camden on a Friday night than a new payment mechanism!

I suggest they also try my alternative solution which is to store a revocable token in tamper-resistant hardware and use the biometric for strong local authentication of that token. If people in Camden really don’t want to take even a card down the boozer, and are worried about waving a phone around because it’ll get half-inched at chucking out time, well, our friends on the continent have a tried and tested alternative.

everyone’s current favourite case study for this sort of thing is the Baja Beach nightclub in Barcelona, where patrons were offered the choice between a card and a chip and some of them chose the chip… The chips are the size of a grain of rice (1.2 millimetres wide and 12 millimetres long) and injected (by a “medically trained” person, according to the New Scientist) under the skin in the upper left arm.

From Chip ’em all | Consult Hyperion

One of my favourite conference jokes a decade ago (first used in a presentation to the International Association for Biometrics in September 2004) was that the chip is better than a card because you really can’t leave home without it. Now, to be honest, I’d prefer an implanted chip like that to biometric identification. Why? Well, the chip contains an ID number and no personally-identifiable information (PII). If some unauthorised person scans the chip, all they get is an ID number. If I use an app on my phone to allow a particular retailer the ability to charge against that ID number at specific times, or only with strong authentication (e.g., a PIN or a fingerprint or whatever), that seems both convenient and secure. If you’re too squeamish to have a chip implantedthen there’s an alternative I can suggest. One of my favourite conference jokes right now is that you can always have a QR code tattooed on to some part of your body. Private key vs. privates key* (geddit!).

biometric payments

* If you know a better PKI-related joke I am literally all ears.

Tuesday, 19 September 2017

Adults

One of my all time favourite television shows is “Greg the Bunny”, which ran for only one season in the Unites States many years ago. One of my favourite jokes is when a female character called Dottie tells the eponymous lead that she has been caught on camera in an adult situation. “Sexual situation?” he asks. “No," she replies sarcastically, “it’s a picture of me voting”.

You’ll see why I started with that joke a little later on, but first I must tell you why my home town of Woking is in the news. It is at the forefront of the UK’s non-existent identity non-strategy to not introduce digital identity, because it is one of the five areas in England where voters will be asked to take identification to polling stations at local elections next year as part of a pilot scheme. The BBC report on the pilot scheme that I saw didn't mention just how the entitlement to vote is to be established but we already know what array of high technology machine-learning AI super-robot world-brain systems are to be deployed since, when the pilot was originally announced, we were told that local authorities would be invited to apply to trial different types of identification, including forms of photo ID such as driving licences and passports, or formal correspondence such as a utilities bill

Wait, what? A utilities bill? It’s pointless enough showing a trivially counterfeitable physical identity document like a driving license to someone who can’t verify it anyway, such as a volunteer at a polling station, but come on… a utilities bill? That’s where we are in 2017 in the fifth richest country in the world? Shouldn’t we be just a little more ambitious and set the bar just a little bit higher?

In Scott Corfe’s recent report for the Social Market Foundation (called A Verifiable Success—The future of identity in the UK) he highlights what he calls the “democratic opportunity” for electronic identity verification to facilitate internet voting thereby increasing civic engagement. I am very much in favour of electronic voting of some kind, although I must say that I’m very much against internet voting, because I think that in a functioning democracy voting must remain a public act. If voting is allowed in certain remote conditions then we cannot be sure that a voter’s ballot is either secret or uncoerced. I think it is possible to imagine services where trusted third parties or electoral observers of some kind use mobile phones to go out and allow the infirm or otherwise housebound to vote, but that’s not the same thing as just allowing people to vote using mobile phones.

While I think internet voting is therefore a bad idea, I take Scott’s point about the need for electronic identity. However, since we don’t have one and I don’t see any prospect of Government producing a robust one in the foreseeable future, we’re stuck with gas bills until someone gets to grip with issue. I should explain here for any baffled overseas readers that the United Kingdom has no national identification scheme or identity card or any other such symbol of continental tyranny, so our gold standard identity document is the gas bill. The gas bill is a uniquely trusted document, and the obvious choice for a government concerned about fraud. As an aside, if for some reason you do not have a gas bill to attest to your suitability for some purpose or other, you can buy one here for theatrical or novelty use only.

Woking Polling Station 

Why is it that the government never ask me about this sort of thing? Since they don’t have an identity infrastructure  (local authorities were invited to use the national “Gov.UK Verify” scheme but didn’t) why don’t they use other people’s? I would have thought that for a great majority of the population, especially the more transient and younger portion of the electorate (e.g., my sons) social media would provide a far better means to manage this entitlement. I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill  so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you that it isn’t me) then they may as well let me vote.

None of this will make the slightest different to the central problem, of course, because the main source of electoral fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots, a situation that led one British judge to call it “a system that would disgrace a banana republic”. Indeed, this is precisely what has been going on in my own dear Woking, where four people were jailed recently for electoral fraud. As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the main problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can’t see how the situation will improve because while it is not beyond the wit of man to come up with alternatives to the postal vote, that’s not what is being proposed in the pilot schemes. The government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a rudimentary test of entitlement at the polling station.

When this scheme was originally announced, the minister in charge of voting (Chris Skidmore) was quoted by the BBC as saying that “in many transactions you need a proof of ID” which is not, strictly speaking, true. In almost all transactions that we  take part in on a daily basis we are not proving our identity, we are proving that we are authorised to do something whether it is to charge money to a line of credit in a shop, ride a bus or open the door to an office. In these cases we are using ID as a proxy because we don’t have a proper infrastructure in place for allowing us to keep our identities safely under lock and key while we go about our business by presenting credentials where necessary.

What you should really be presenting at the polling station is an anonymised entitlement to vote that you can authenticate to demonstrate your right to use it. It is nobody at the polling station’s business who you are and, in common with many other circumstances, if you are required to present your identity to enable a transaction then we have created another place where identity can be stolen from. So: you turn up in the polling polling station with your smartphone and scan a QR code, an app pops up and asks you for your fingerprint, PIN, face or whatever. Sorted. A list of candidates appears on your screen and you choose and hit “Vote Now”. Your vote is then cast in a cryptographically secure form and you go home happy. You can come back and vote again later on if you change your mind, by the way, because only the last choice will count.

The real solution is not about using gas bills or indeed special-purpose election ID cards, but about introducing a general-purpose National Entitlement Scheme (NES), which I wrote about before (“A Better Class of ID Card” in Prospect, 17th March 2005), but that requires some knowledge of technology and some vision for the future, both of which seem in short supply. We need to obtain some parasitic vitality for such a vital improvement to our national infrastructure and I don’t think voting (or doing taxes, the other usual case study) will cut it. What we need to do is to find some mass market, everyday application of credentials and use that to get the NES underway.

We need to find something that people want to do, where privacy is important, where we need good authentication of individuals, where people will willingly sign up for something that we can then use for other purposes (such as improving the quality of our democracy). The answer is staring us in the face, hence the joke at the beginning: adult services. If we can fix the identity problem for adult services we are simultaneously fixing it for voting and many other things. Now is the time, because the government has passed a law requiring age verification for access to adult services (which I’m sure we would all agree is a good idea) without any idea of how this might happen.

Ofcom’s guidance on age checks for online video content suggest a range of options including from confirmation of credit card ownership and cross-checking a user’s details with information on the electoral register, both of which a terrible ideas that will inevitably lead to disaster because both of them require the adult service provider to know who you are. This means that when they get hacked, as they inevitably will be, the personal details of the customers will be available to all. And, as actually happened in the case of the Ashley Madison hack, people will die. It’s not funny. Whether it is adult web sites, or counselling services, or gay dating, or drug addiction helplines or whatever, where I go online is my business. We need a better solution than some dumb mandate to accelerate identity theft and foist its consequences on everybody.

Now, we already know what to do (that is, to have a functional identity privacy-enhancing infrastructure implemented as a NES) but as yet there’s no sign of it coming into being. Therefore in the shorter term we have to come up with some workable alternative. It seems to me that a rather obvious way forward would be for banks, who have invested zillions in tokenisation services, to issue “John Doe" tokens to customers over 18. So, I can load my Barclays debit card into my Apple / Samsung / Android (* delete where applicable) wallet for free, but for £5 per annum I get an additional Privacy-Enhancing Token (a PET name). This stealth token would have the name of “John Barleycorn” and the address (for AVS purposes) of “Nowhere”.

Now, I can go online to the UK Adult Gateway Service or whatever it ends up being called and use the PET name to obtain an adult passport and pay for services. Suppose I can use this adult passport to go and log in to Lovelies in Leather Trousers (which I only read for the gardening tips). Now:

  1. Lovelies in Leather Trousers know that I am adult passport “John Barleycorn" and that they can charge to that passport (when they do, Apple Pay pops up on my phone and asks for authorisation).
  2. When Lovelies in Leather Trousers gets hacked, the hackers find the adult passport John Barleycorn but they can’t use it to find out who I am. Even if they could log in to the Adult Gateway Service, it only knows that I am John Barleycorn and that the token comes from Barclays. Since there are tens of thousands of Barclays PETs with the name John Barleycorn, who cares.
  3. If the hackers get into Barclays and discover that the particular PET name belongs to me, then Barclays have a far more to worry about than the £100,000 compensation they will be paying me for breaching my privacy.
  4. Meanwhile, if the adult passport John Barleycorn is used in some criminal activity, the police can simply go to Barclays with a warrant and Barclays will tell them it is me.

Simple. Incidentally, there’s another aspect to all which means that the networks and the banks might want to invest in this kind of infrastructure. Since adult payments are lucrative, and since an effective privacy-enhancing age check would increase the use of such services, and since a tokenised approach would also reduce fraud and chargebacks, there are real incentives for the stakeholders to get out their and put something in place.

I really don’t like the idea of using the payment system as a policeman, but it makes sense as an interim solution until such time as we actually have a working identity infrastructure with pseudonymous virtual identities that can be used for adult transactions, just as they will be used for all other transactions. Once there are a few million people using the NES for adult services, then it becomes much easier to being using the NES for other purposes, such as voting. I can go to the UK Adult Gateway to obtain a porn identity, a gambling identity, a Dungeons & Dragons identity, a comments in the MaiL Online identity and, of course, a voting identity.

Sunday, 17 September 2017

The gold standard for voting OLD DRAFT

Electoral fraud isn’t a huge problem in the United Kingdom but it does happen, and it looks as if it’s been happening with increasing frequency in certain areas. So the government has decided to do something about it and they are going to introduce an “voter ID” scheme that will require people to provide some evidence of their identity when they go to vote, initially in local elections but presumably in general elections downstream.

The voter ID scheme will be trialed in 18 areas which have been identified by police and the Electoral Commission as being "vulnerable" to voting fraud, including Bradford, Birmingham.

From Voters will have to show passports to combat voter fraud in 'vulnerable' areas with large Muslim populations

And, as it happens, in my own dear Woking. But that is not the reason for my interest in the topic. My particular interest in electronic voting because it is one of the hard cases for digital identity. If we can figure out how digital identity can support something as complicated as electronic voting (complicated because of the requirements for secrecy, privacy, auditability) that shows it can be used for a wide variety of other applications. I’ve written before that I am in favour of electronic voting of some kind but I’m very much against remote voting, because I think that in a functioning democracy voting must remain a public act and if it is allowed in certain remote conditions then we cannot be sure that a voter’s ballot is either secret or uncoerced.

I think it is possible to imagine services where trusted third parties or electoral observers of some kind use mobile phones to go out and allow the infirm or otherwise housebound to vote, but that’s not the same thing as just allowing people to vote using mobile phones, which is a really bad idea as I’ve pointed before.

We live in a Venmo world now, so if the under-30s want to vote using an app that tells their friends that they voted, or perhaps even how they voted, or perhaps allows them to add a funny picture or an acute comment, well so be it. But make it secure, and make them go down to the polling station to use it.

From Yes, we should make voting social, mobile and local | Consult Hyperion

So: it is not beyond the wit of man to come up with alternatives to the postal vote. But that’s not what is being proposed. The UK government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a basic test of entitlement at the ballot box. How will this identity be established and the entitlement authenticated? Well…

Local authorities will be invited to apply to trial different types of identification, including forms of photo ID such as driving licences and passports, or formal correspondence such as a utilities bill

From Voters in local elections will be required to show ID in anti-fraud trials | Politics | The Guardian

Wait, what? A utilities bill?

I should explain here for any baffled overseas readers of this blog that the United Kingdom has no national identification scheme or identity card or any other such symbol of continental tyranny, so our gold standard identity document is the gas bill. The gas bill is a uniquely trusted document, and the obvious choice for a government concerned about fraud.

(By the way, if for some reason you do not have a gas bill to attest to your suitability for some purpose or other, you can buy one here, for theatrical or novelty use only).

Why is it that the government never ask me about this sort of thing? Since they don’t have an identity infrastructure, why don’t they use other people’s? I would have thought that for a great majority of the population, especially the more transient and younger portion of the electorate (e.g., my sons) social media would provide a far better means to manage this entitlement.

I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill, so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you it isn’t me) then they may as well let me vote.

From Special Feature: Electronic voting, electronic identity and electronic entitlement | Consult Hyperion

None of this will help, of course, because the main source of electoral fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots. Indeed, this is precisely what has been going on in my own dear Woking, where four people were jailed for electoral fraud last year. As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the main problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can’t see how the situation will improve. I notice that the minister in charge of voting was quoted on the BBC today:

Constitution minister Chris Skidmore said  “…In many transactions you need a proof of ID."

From Electoral fraud: Voters will have to show ID in pilot scheme - BBC News

This is not, strictly speaking, true. In almost all transactions that we  take part in on a daily basis we are not proving our identity, we are proving that we are authorised to do something whether it is to charge money to a line of credit in a shop, ride a bus or open the door to an office. In these cases we are using ID as a proxy because we don’t have a proper infrastructure in place for allowing us to keep our identities safely under lock and key while we go about our business. What you should really be presenting at the polling station is an anonymised entitlement to vote that you can authenticate your right to use. It is nobody at the polling station's business who you are and, in common with many other circumstances, if you are required to present your identity to enable a transaction then we have created another place where identity can be stolen from.

The real solution is, of course, not using Railcards or football supporter’s cards, or indeed special-purpose election ID cards, but a general-purpose National Entitlement Scheme (NES).

From Special Feature: Electronic voting, electronic identity and electronic entitlement | Consult Hyperion

If memory serves, I think this is what my colleagues at consult Hyperion and I first proposed in response to a government consultation paper on a national identity scheme around 15 years ago. Oh well.

Cornell Researchers Highlight Ethical Lapses in Recent Cybersecurity Failures | The Cornell Daily Sun

xxx

Wicker acknowledges that it is obviously important to continue security surveillance, for example, to prevent terror attacks, but the tradeoffs need to be properly considered.

“There are other ways to do police work, in my opinion,” Wicker said.

From Cornell Researchers Highlight Ethical Lapses in Recent Cybersecurity Failures | The Cornell Daily Sun

xxx

Saturday, 16 September 2017

Consumers spend £57.8bn on cards - Credit cards - News | moneyfacts.co.uk

xxx

consumers spent a whopping £57.8bn on cards in July, an increase of 7.4% from July 2016, when £54.2bn was spent.

From Consumers spend £57.8bn on cards - Credit cards - News | moneyfacts.co.uk

xxx

POST Voter ID is back, and this time it's in Woking

Well, Woking is in the news. It is going to be part of a pilot scheme at the forefront of the UK’s non-existent identity non-strategy to not introduce digital identity.

Voters in five areas in England will be asked to take identification to polling stations at local elections next year as part of a pilot scheme.

From Five areas in England to pilot voter ID checks - BBC News

This BBC report doesn’t mention just how the entitlement to vote is to be established but we already know what array of high technology machine learning AI super robot world brain systems are to be deployed…

Local authorities will be invited to apply to trial different types of identification, including forms of photo ID such as driving licences and passports, or formal correspondence such as a utilities bill

From Voters in local elections will be required to show ID in anti-fraud trials | Politics | The Guardian

Wait, what? It’s pointless enough showing a trivially counterfeitable physical identity document to someone who can’t verify it anyway, but come on… a utilities bill? That’s where we are in 2017 in the fifth richest country in the world? In Scott Corfe's recent Social Market Foundation report A Verifiable Success--The future of identity in the UK he highlights what he calls the "democratic opportunity" for electronic identity verification to facilitate internet voting thereby increasing civic engagement.

And what does ‘local authorities will be invited to apply’ really mean anyway?  They’ve already been ‘invited’ to adopt the national Gov.UK Verify identity service. Very few did, and fewer still continue, so five might be ambitious. And where they do, are we disenfranchising voters who don’t feel like forging documents if they don’t come from the mainstream demographic (a point also made in the SMF report).  

Now, I’ve written before that I am in favour of electronic voting of some kind but I’m very much against internet voting, because I think that in a functioning democracy voting must remain a public act and if it is allowed in certain remote conditions then we cannot be sure that a voter’s ballot is either secret or uncoerced. I think it is possible to imagine services where trusted third parties or electoral observers of some kind use mobile phones to go out and allow the infirm or otherwise housebound to vote, but that’s not the same thing as just allowing people to vote using mobile phones. I think internet voting is a really bad idea, but I take Scott's point about the need for digital identity. However, since we don’t have one and I don’t see any prospect of Government producing a robust one in the foreseeable future, we’re stuck with gas bills until someone gets to grip with issue.

(I should explain here for any baffled overseas readers of this blog that the United Kingdom has no national identification scheme or identity card or any other such symbol of continental tyranny, so our gold standard identity document is the gas bill. The gas bill is a uniquely trusted document, and the obvious choice for a government concerned about fraud. By the way, if for some reason you do not have a gas bill to attest to your suitability for some purpose or other, you can buy one here for theatrical or novelty use only.)

Woking Polling Station

Why is it that the government never ask me about this sort of thing? Since they don’t have an identity infrastructure, why don’t they use other people’s? I would have thought that for a great majority of the population, especially the more transient and younger portion of the electorate (e.g., my sons) social media would provide a far better means to manage this entitlement.

I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill, so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you that it isn’t me) then they may as well let me vote.

From Special Feature: Electronic voting, electronic identity and electronic entitlement | Consult Hyperion

None of this will make the slightest different to the central problem, of course, because the main source of electoral fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots, a situation that led one British judge to call it “a system that would disgrace a banana republic”. Indeed, this is precisely what has been going on in my own dear Woking, where four people were jailed recently for electoral fraud. As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the main problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can’t see how the situation will improve. So: it is not beyond the wit of man to come up with alternatives to the postal vote. But that’s not what is being proposed. The UK government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a basic test of entitlement at the ballot box.

When this scheme was originally announced, the minister in charge of voting (Chris Skidmore) was quoted by the BBC as saying that “in many transactions you need a proof of ID” which is not, strictly speaking, true. In almost all transactions that we  take part in on a daily basis we are not proving our identity, we are proving that we are authorised to do something whether it is to charge money to a line of credit in a shop, ride a bus or open the door to an office. In these cases we are using ID as a proxy because we don’t have a proper infrastructure in place for allowing us to keep our identities safely under lock and key while we go about our business.

What you should really be presenting at the polling station is an anonymised entitlement to vote that you can authenticate your right to use. It is nobody at the polling station’s business who you are and, in common with many other circumstances, if you are required to present your identity to enable a transaction then we have created another place where identity can be stolen from. The real solution is, of course, not about using gas bills or indeed special-purpose election ID cards, but about introducing a general-purpose National Entitlement Scheme (NES). If memory serves, I think this is what my colleagues at Consult Hyperion and I first proposed in response to a government consultation paper on a national identity scheme a couple of decades ago. Oh well.

Less than half of Canadians expected to use cash by 2020, says research

xxx

51 percent of Canadian consumers are expected to do away with using cash entirely by 2020.

Paysafe also found that 56 percent of Canadian consumers visit an ATM only once a month, while 19 percent said they rarely carry cash at all.

From Less than half of Canadians expected to use cash by 2020, says research

xxx

Beyond blockchain: what are the technology requirements for a Central Bank Digital Currency? – Bank Underground

Writing in the Bank of England’s “Bank Underground” blog, Simon Scorer from the Digital Currencies Division, makes a number of very interesting points about the requirement for some form of Central Bank Digital Currency (CBDC). He remarks on the transition from dumb money to smart money, and the consequent potential for the implementation of digital fiat to become a platform for innovation (something I strongly agree with), saying that:

Other possible areas of innovation relate to the potential programmability of payments; for instance, it might be possible to automate some tax payments (e.g. when buying a coffee, the net amount could be paid directly to the coffee shop, with a 20% VAT payment routed directly to HMRC), or parents may be able to set limits on their children’s spending or restrict them to trusted stores or websites.

From Beyond blockchain: what are the technology requirements for a Central Bank Digital Currency? – Bank Underground

If digital fiat were to be managed via some form of shared ledger, then Simon’s insight here suggests that it is not the shared ledger but the shared ledger applications (what some people still, annoyingly, insist on calling “smart contracts”) that will become the nexus for radical innovation.

Monday, 11 September 2017

Myhrvold

Look, it’s not just nobodies like me who say this. Nathan Myrvold is XXX and a pretty smart (and pretty rich) guy. Here’s what he said about this a couple of decades ago when the first attempts at electronic cash were [Levy, S. E-money (That’s What I want) in Wired (December 1994)].

<p

 

Nathan Myhrvold of Microsoft concurs. "There's a role for untraceable transactions. But it's not a panacea. Some people get very worked up about it. But there's been a very steady trend away from untraceable cash. There are cases where explicit traceability is a good thing. Like in my business expenses. I want them to trace it! All these things are there for a reason. They're not there as part of a plan by nefarious Big Brother. Look, I understand Chaum's concern to a certain degree. There's a lot of concern for privacy today. But I do worry about the idea of saving people from themselves. Just because I sign up for a traceable form of money doesn't mean I want my next-door neighbor to see my transactions."

Sunday, 3 September 2017

Barbarians at the Gates: Consumer tech companies will eat banks' lunch - The Economic Times

xxx

"The banking customer today is being wooed by the richest men in top four economies of the world - USA (Jeff Bezos - Amazon Pay), China (Jack Ma - PayTM), India (Mukesh Ambani - Jio Money), and Japan (Masayoshi Son - Flipkart/PhonePe). "

Barbarians at the Gates: Consumer tech companies will eat banks' lunch - The Economic Times

xxx

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency - NYTimes.com

xxx

In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim’s phone number to a device under the control of the hackers.

From Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency - NYTimes.com

xxx

Saturday, 2 September 2017

POST Age verifcation and intelligence verification

xxx

"'Age verification could lead to porn companies building databases of the UK's porn habits, which could be vulnerable to Ashley Madison style hacks,' argued Open Rights Group director Jim Killock."

UK to implement age-verification system for porn sites | Ars Technica

This is indeed the case, and the inevitable outcome of the government’s “plan” as it stands. But it may not be the porn companies building the database of who prefers spanking to and prefers foot fetishism (hint: MPs). It may be the government. I heard the “Digital Minister” Matt Hancock interviewed on the BBC’s Today programme about his half-baked ideas. He said that people visiting porn sites could show their passports to gain access. This is one of the stupidest things I’ve ever heard a Minister say (and that’s against some pretty stiff competition) for two reasons: first off all it would lead to a massive increase in crime (identity theft, blackmail and so on) and it would also give the Home Office a treasure trove of personal data that they would find irresistible.

Suppose I decide to visit “The Honourable Members”. The web site operator, let’s call them “Filthy Fun” (registered in Mozambique), asks for my passport. Now, the only organisation that can verify whether a passport is valid or not is the Home Office. So, Filthy Fun sends my passport details to the Home Office and the Home Office checks them and tells Filthy Fun that the passport is valid. I’m logged. (Of course, Filthy Fun have no idea whether it’s me at the keyboard or not, but whatever.)

Note though that the Home Office now knows which porn sites I’m visiting.

I’ve written so many times 

HSBC, Barclays Join Settlement Coin as Bank Blockchain Test Enters Final Phase - CoinDesk

xxx

"The head of fintech partnerships and strategy at HSBC, Kaushalya Somasundaram, reiterated Jaffrey's belief that USC could help delineate a path forward for central bank digital currencies, one of the reasons HSBC  joined to begin with.

Explaining how she sees the the token eventually working, Somasundaram told CoinDesk:

'The settlement coin will be a collateralized digital currency, backed by cash assets at a central bank, which allows us to transfer ownership easily through the exchange of USCs, thus reducing process complexity and the time taken for settlement.'"

HSBC, Barclays Join Settlement Coin as Bank Blockchain Test Enters Final Phase - CoinDesk

xxx

Inside the black market where people pay thousands of dollars for Instagram verification

xxx

This is a guy who knows a guy, a middleman in the black market for Instagram verification, where anyone from a seasoned publicist to a 22-year-old digital marketer will offer to verify an account—for a price. The fee is anywhere from a bottle of wine to $15,000

From Inside the black market where people pay thousands of dollars for Instagram verification

xxx

Friday, 1 September 2017

Wells Fargo fake bank account scam gets bigger » Banking Technology

xxx

The expanded analysis reviewed more than 165 million retail banking accounts opened over a nearly eight-year period – from January 2009 through September 2016 – and identified a new total of approximately 3.5 million potentially unauthorised consumer and small business accounts.

From Wells Fargo fake bank account scam gets bigger » Banking Technology

xxx

Wednesday, 30 August 2017

Major Payment Processor Files Patent for Blockchain-based ATM Network

xxx

"Under the concept, a group of ATMs serves as nodes within a Blockchain-powered network. There they share transactions via a distributed database, maintaining a high degree of security and uptime."

Major Payment Processor Files Patent for Blockchain-based ATM Network

xxx

China’s Future is Definitely Cashless - The News Lens International Edition

xxx

"Alipay, WeChat Wallet, and other Chinese third party payment platforms use financial incentives to encourage users to take money out of their bank accounts and temporarily store it on the platform itself."

China’s Future is Definitely Cashless - The News Lens International Edition

xxx

Facebook and Twitter Are Too Big to Allow Fake Users

xxx

"Social networks should be obliged to ban anonymous accounts. If they refuse to do so voluntarily, government regulators should force the issue."

Facebook and Twitter Are Too Big to Allow Fake Users

xxx

The “free” economy comes at a cost

xxx

Researchers talk of the “privacy paradox”: when asked, people say that they care much more about their privacy than their actions would suggest.

From The “free” economy comes at a cost

xxx

The Deeper Meaning of Money | Carey OConnor Kolaja | Pulse | LinkedIn

The Global Chief Product Officer at Citi Fintech said earlier this year that…

Money will always be emotional – Each money exchange represents a need, a want, a desire, a belief, a commitment. The value we place on money has always been driven by our emotions.

From The Deeper Meaning of Money | Carey OConnor Kolaja | Pulse | LinkedIn

This is why I harbour the deep-seated suspicion that there is a strong link between the many forms of money that will be forged in the digital revolution and the communities that they serve. In an industrial age, it was simply not possible to have a thousand different currencies circulating in a city. But in the very near future, their may be millions, each of them addressing different emotional niches.

Dark web finds bitcoin increasingly more of a problem than a help, tries other digital currencies

xxx

Bitcoin is based on a public record of transactions known as the blockchain. Law enforcement has gotten better at analyzing the data and catching criminals. As a result, criminals are starting to use other digital currencies such as monero, which is built specifically for increased user privacy.

From Dark web finds bitcoin increasingly more of a problem than a help, tries other digital currencies

xxx

Chinese social media users face harsh new rules on digital identity | Mobile Marketing Magazine

xxx

Web users in China are facing a series of new rules from the Cyberspace Administration of China that will take effect from 1 October… with digital platforms potentially having to scan identity cards before allowing users to post online.

From Chinese social media users face harsh new rules on digital identity | Mobile Marketing Magazine

xxx

Thursday, 24 August 2017

Facebook wants to kill the password - Apr. 19, 2017

xxx

Facebook's F8 developer conference on Tuesday brought the launch of the beta version of Delegated Account Recovery, a way for the social network to be the backup security key in case you forget your password on different, non-Facebook services.

From Facebook wants to kill the password - Apr. 19, 2017

xxx

Indian court rules privacy a 'fundamental right' in battle over national ID cards | World news | The Guardian

xxx

View more sharing options Shares 42 Michael Safi in Delhi @safimichael Thursday 24 August 2017 10.01 BST First published on Thursday 24 August 2017 07.15 BST India’s top court has unanimously declared that privacy is a fundamental right, in a landmark judgment that could derail the world’s largest biometric identity card scheme.

From Indian court rules privacy a 'fundamental right' in battle over national ID cards | World news | The Guardian

xxx

Wednesday, 23 August 2017

Huobi and OKCoin, China’s two biggest bitcoin (BTC) exchanges, helped themselves to $150 million in idle client funds — Quartz

xxx

China’s two biggest bitcoin exchanges, Huobi and OKCoin, collectively invested around 1 billion yuan ($150 million) of idle client funds into “wealth management products“—which are often high-yielding and risky—for their own gain

From Huobi and OKCoin, China’s two biggest bitcoin (BTC) exchanges, helped themselves to $150 million in idle client funds — Quartz

xxx

Tuesday, 22 August 2017

Facebook and Twitter Are Too Big to Allow Fake Users

xxx

"Facebook, unlike Twitter, has a strict policy against multiple personal accounts and pseudonyms -- which it doesn't enforce"

Facebook and Twitter Are Too Big to Allow Fake Users

Since I have pseudonymous accounts of both Facebook and Twitter, I know that neither of them enforce this rule because, apart from any ethical considerations, they can’t. If I create a Twitter account as Lord Tantamount Horseposture, who are Twitter to say that it isn’t my name (especially in the UK, where it is a freeborn Englishman’s right to call himself whatever he pleases).

Forcing women fleeing domestic violence, political dissidents and people with beliefs different from their employers’ to post under their “real” names gets us nowhere, as a moment’s thought about the topic will reveal.

xxx

"Social networks should be obliged to ban anonymous accounts. "

Facebook and Twitter Are Too Big to Allow Fake Users

If anything they should be forced to ban verified accounts, since I for one couldn’t care less about what Russell Brand or any other sleb thinks about absolutely anything at all, but that’s a different point. The author has stumbled across what I labelled some time ago as the “Clinton Paradox”. I chose this name after Hilary Clinton gave a speech that I reasonably paraphrase as “we want free speech on the internet, except for people we disagree with”.

Facebook and Twitter Are Too Big to Allow Fake Users

xxx

"Social networks should be obliged to ban anonymous accounts. "

Facebook and Twitter Are Too Big to Allow Fake Users

xxx

Tech firms like Amazon (AMZN), Facebook (FB), and Google (GOOGL) are the biggest competitive threats to the banking industry — Quartz

xxx

Much has been made of the rise of fintech [but] according to a report by the World Economic Forum (WEF), traditional banks are more vulnerable to competition from another source: tech giants like Amazon, Facebook, and Google.

From Tech firms like Amazon (AMZN), Facebook (FB), and Google (GOOGL) are the biggest competitive threats to the banking industry — Quartz

As I have said for some time, it is not all obvious to me that what we refer to as the “challenger” banks in the UK (i.e., the new banks who have obtained licences in recent years) are not really challengers at all.

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency - The New York Times

xxx

“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a Bitcoin entrepreneur.

Mr. Weeks lost his phone number and about a million dollars’ worth of virtual currency late last year, despite having asked his mobile phone provider for additional security after his wife and parents lost control of their phone numbers.

From Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency - The New York Times

xxx

Rabobank builds 3D model of its own IT landscape » Banking Technology

xxx

Mapping the IT landscape of a large organisation is probably not an easy task and Rabobank is attempting to resolve this via the construction of a 3D model of its own structure and supporting IT systems.

From Rabobank builds 3D model of its own IT landscape » Banking Technology

xxx

xxx

How TD Ameritrade tackles security in Facebook Messenger chatbot | American Banker

xxx

Another aspect of working with a chatbot in Facebook Messenger that makes bankers nervous is allowing Facebook itself to see customer data.

From How TD Ameritrade tackles security in Facebook Messenger chatbot | American Banker

xxx

Study: What inspires innovators on Twitter | Articles | Home

xxx

The top 10 accounts that innovators follow are:

1. Richard Branson (@richardbranson), founder of Virgin Group

2. Marc Andreessen (@pmarca), entrepreneur, investor and software engineer

3. Benedict Evans (@benedictevans), partner at Andreessen Horowitz

4. Glen Gilmore (@GlenGilmore), attorney and principle of Gilmore Business Network

5. Scott Kirsner (@ScottKirsner), Boston Globe columnist, and editor of Innovation Leader

6. Henry Blodget (@hblodget), editor, founder and CEO of Business Insider

7. Bill Gates (@BillGates), co-founder of Microsoft

8. Andrew McAfee (@amcafee), director of the Center for Digital Business at MIT’s Sloan School of Management

9. Sam Maule (@sammaule), manager at Carlisle & Gallagher Consulting Group and chief inspiration officer at Digital Finance Institute

10. David Birch (@dgwbirch), author and Consult Hyperion’s director

The top 10 publications from which innovators share content include YouTube, Forbes, Harvard Business Review, TechCrunch, The New York Times, Instagram, LinkedIn, The Wall Street Journal, Fast Company and Twitter.

From Study: What inspires innovators on Twitter | Articles | Home

xxx

FBI Says ISIS Used eBay to Send Terror Cash to U.S. - WSJ

xxx

U.S. investigators uncovered a global financial network run by a senior Islamic State official that funneled money to an alleged ISIS operative in the U.S. through fake eBay transactions, according to a recently unsealed FBI affidavit.

From FBI Says ISIS Used eBay to Send Terror Cash to U.S. - WSJ

xxx

Saturday, 19 August 2017

What actually is money? A new book examines early civilisations to find out | Prospect Magazine

xxx

When a book comes along with glowing praise on its sleeve from Kenneth Rogoff and an introduction by Andrew Haldane, Chief Economist at the Bank of England, you know you’ve got something hot on your hands. This analysis of money by one of the world’s leading experts on the subject does not disappoint…

Birch is brilliant at bringing together these disparate historical strands, through the birth of the great European trading centres, up to the present day. The central insight of all this is that money is essentially a technology, just like any other and that technologies change—and improve—over time. In other words, money is not fixed. And it is certainly not just coins and notes.

And what of the future of money—will it be characterised by a drive towards a small number of unified currencies, or towards a multitude? Birch opts for the latter. In future, communities will develop their own stores of value, Birch says, independent of governments and central banks. The growing popularity of crypto-currencies such as Bitcoin suggests that he may have as good a handle on the future as he does on the past.

From What actually is money? A new book examines early civilisations to find out | Prospect Magazine

xxx

Thursday, 17 August 2017

Visa applies for direct bank-card clearing access in China

xxx

According to the People’s Bank of China, at the end of the first quarter, China had 6.3 billion bank cards in circulation, up 11% from a year earlier.

In that first quarter, the value of swiping plastic rose to 15.2 trillion yuan, up 14%.

From Visa applies for direct bank-card clearing access in China

xxx

Tuesday, 15 August 2017

UK enjoys Summer of Love for contactless cards | Euromoney

xxx

There were just under 1.4 billion card payments in the UK in June, a monthly record. And with the number of card transactions up 12% in 12 months, UK cards have enjoyed their highest annual rate of growth since June 2008… [a significant] factor was the increase in the use of contactless card payments, which soared by 143%. Contactless payments accounted for 34% of all card transactions

From UK enjoys Summer of Love for contactless cards | Euromoney

xxx

Monday, 14 August 2017

Uneasy sits the crown as cash use continues decline

xxx

Consumers and businesses made 15.4 billion cash payments in 2016 - down from 17.2 billion in 2015, according to figures released by UK Finance. However despite the decline, cash was still used 25% more often than the second most frequently-used method; debit cards (11.6 billion).

During 2016, cash represented almost half (44%) of all payments made by consumers - the second year in a row where consumers used cash for fewer than 50% of all payments. During the same period, cash payments reached £240 billion, accounting for 15% of the total value of consumer spending, a decline of five percent compared to the previous year.

More than one in four (26%) consumer cash payments were for a value of £1 or less, and more than three in five (61%) were for a value of £5 or less.

From Uneasy sits the crown as cash use continues decline

xxx

Saturday, 12 August 2017

Here’s the Biggest Security Threat to the World’s Third-Largest Cryptocurrency - MIT Technology Review

xxx

"In that time, the network structure has remained remarkably constant. In 2013 each wallet was connected on average to 3.12 others. In 2016 that number was 3.53."

Here’s the Biggest Security Threat to the World’s Third-Largest Cryptocurrency - MIT Technology Review

xxx

POST What would a Chinese digital currency look like?

The Chinese were first with the great transition from commodity money to paper money. They had the necessary technologies (you can’t have paper money without paper and you can’t do it at scale without printing) and, more importantly, they had the bureaucracy.

"In 1260, Genghis’ grandson Kublai Khan became Emporer and determined that it was a burden to commerce and taxation to have all sorts of currencies in use, ranging from copper ‘cash’ to iron bars, to pearls to salt to specie, so he decided to implement a new currency. The Khan decided to replace copper, iron, commodity and specie cash with a paper currency. A paper currency! Imagine how crazy that must have sounded! Replacing stuff with printing!"

Introducing a new currency is easy – dgwbirch – Medium

Just as Marco Polo and other medieval travellers returned along the Silk Road breathless with astonishing tales of paper money, so commentators (e.g., me) are tumbling off of flights from Shanghai with equally astonishing tales of a land of mobile payments, where paper money is vanishing and consumers pay for everything with smartphones. China is well on the way to becoming a cashless society, with the end of its thousand year experiment with paper money in sight.

"14% of China’s population relies on mobile payments to get around, carrying no cash, according to a survey conducted by (link in Chinese) Renmin University of China"

Alibaba's (BABA) "cashless week" to boost mobile payments is angering China's central bank — Quartz

The natural step from here is to create digital currency so that settlement is in central bank money and there are no credit risks. Last year, the Governor of the People’s Bank of China (PBOC), Zhou Xiaochuan, set out their thinking about digital currency. He said:

[Zhou] said that “it is an irresistible trend that paper money will be replaced by new products and new technologies.”

From Chinese Central Bank Goes Full Steam Ahead with its Own Cryptocurrency | Finance Magnates

He went on to say that as a legal tender, digital currency should be issued by the central bank and after noting that he thought it would take a decade or so for digital currency to completely replace cash in cash went to state clearly that “he has plans how to gradually phase out paper money”. As I have written before, I don’t think a “cashless society” means a society in which notes and coins are outlawed, but a society in which they are irrelevant. Under this definition the PBOC could easily achieve this goal for China. But should they do this? Yao Qian, from the PBOC technology department wrote on the subject earlier this year.

To offset the shock to the current banking system imposed by an independent digital currency system (and to protect the investment made by commercial banks on infrastructure), it is possible to incorporate digital currency wallet attributes into the existing commercial bank account system so that electronic currency and digital currency are managed under the same account.

PBOC Researcher: Can Cryptocurrency & Central Banks Coexist? - Bitcoin Magnates

I understand the rationale completely. The Chinese central bank wants the efficiencies that come from having a digital currency but also understands the implications of removing the exorbitant privilege of money creation from the commercial banks. If the commercial banks cannot create money by creating credit, then they can only provide loans from their deposits. Imagine if Bitcoin were the only currency in the world: I’d still need to borrow a few of them to buy a new car, but since Barclays can’t create Bitcoins they can only lend me Bitcoins that they have taken in deposit from other people. Fair enough. But here, as in so many other things, China is a window into the future.

Alipay, WeChat Wallet, and other Chinese third party payment platforms use financial incentives to encourage users to take money out of their bank accounts and temporarily store it on the platform itself.

China’s Future is Definitely Cashless - The News Lens International Edition

You can see the potential problem with digital currency created by the central bank. If commercial banks lose deposits and the privilege of creating money, then their functionality and role in the economy is much reduced. Whether you think that is a good idea or not, you can see that it’s a big step to take and therefore understand the PBOC position.

In summary, then, central banks are not going to issue cryptocurrencies and they are not going to issue digital currencies either (at least in the foreseeable future). But what they might do is to allow commercial banks to create digital currency under central bank control. You could have the central bank provide commercial banks with some sort of tamper-resistant smart chip that would mint commercial bank money under the control of the central bank. Wait a moment, that reminds me of something…

Would a central bank go for this? Some form of digital cash that can be passed directly from person to person like Bitcoin rather than some form of digital money like M-PESA, using hardware rather than proof of work to prevent double spending? Well…

“It’s not that you use the phone to order money transfers, as is done today, but having bills in the cellular and being able to pass them on from one user to another,” he said.

From Latin American Herald Tribune - Uruguayan Central Bank to Test Digital Currency

So here’s a “what if” and I’m genuinely curious as to your comments…

What if we dust off the old Mondex specifications but this time implement it in SIMs and Secure Elements instead of contactless smart cards? Then we would have genuine digital currency that could work online and offline, work for inter-personal transactions as well as business transactions and allow things to pay other things. With the 20th anniversary of Multos just gone, maybe Mondex’s time has finally come!

Ant Financial seen becoming world's top consumer bank- Nikkei Asian Review

xxx

"Alipay now controls 70% of China's mobile payment market, while Yu'e Bao, which serves as a repository for cash leftover from online spending, emerged as the world's largest money market fund this year with $165.6 billion of assets under management."

Ant Financial seen becoming world's top consumer bank- Nikkei Asian Review

xxx

Fake negative reviews are a cheap way to screw up darknet drug marketplaces / Boing Boing

xxx

"once they found a seller they trusted, only 30 percent shopped around"

Fake negative reviews are a cheap way to screw up darknet drug marketplaces / Boing Boing

xxx

Wednesday, 9 August 2017

New Tesco Clubcards cause nightmares for shoppers - AOL UK Money

xxx

"Other users assumed that because the roll-out of the new cards introduced contactless technology, the key fobs would too. However, the key fobs don't have any contactless functionality, so those who have tried to use them as contactless cards, assumed they were broken, and missed out on the points."

New Tesco Clubcards cause nightmares for shoppers - AOL UK Money

xxx

Bitcoin vs Venmo: Lessons Learned from ‘Craigslist Jeff’ | Bank Innovation

xxx

"Scams of this type are becoming fairly common on the ‘killer’ P2P payments app, leading others on Twitter to question its reliability as a payment method, especially when other online transaction routes exist—like cryptocurrencies such as bitcoin, for instance."

Bitcoin vs Venmo: Lessons Learned from ‘Craigslist Jeff’ | Bank Innovation

xxx

Court: Dead daughter’s parents have no right to access her Facebook account | Ars Technica

xxx

"A German appeals court on Wednesday rejected the pleas from a dead girl's parents who wanted access to the 15-year-old's Facebook account. The social networking site fought the parents, claiming that opening the account would breach the privacy of the girl's contacts."

Court: Dead daughter’s parents have no right to access her Facebook account | Ars Technica

xxx

Alibaba's (BABA) "cashless week" to boost mobile payments is angering China's central bank — Quartz

xxx

"14% of China’s population relies on mobile payments to get around, carrying no cash, according to a survey conducted by (link in Chinese) Renmin University of China"

Alibaba's (BABA) "cashless week" to boost mobile payments is angering China's central bank — Quartz

xxx

Why are Britain’s banks blaming customers for online banking fraud? | Miles Brignall | Opinion | The Guardian

xxx

"A year 8 student was bragging to her friends that she's been earning money by opening bank accounts at all the high street banks and given £25 to give the details and send internet banking login details/key pads to someone."

Why are Britain’s banks blaming customers for online banking fraud? | Miles Brignall | Opinion | The Guardian

xxx

Hero who tracked bank fraudsters to win back £20k | Daily Mail Online

xxx

"The judge agreed and Gideon sent the documents to Santander's court orders team, which faxed over the fraudster's bank statements, postal addresses, email addresses and phone numbers."

Hero who tracked bank fraudsters to win back £20k | Daily Mail Online

Unfortunately, there’s nothing in the story to suggest that the police were able to use these details to collar the fraudsters.

August • Future of Retail - Credit card payment fees to be scrapped

xxx

"‘These small charges can really add up and this change will mean shoppers across the country have that bit of extra cash to spend on the things that matter to them.’"

August • Future of Retail - Credit card payment fees to be scrapped

xxx

POST When the revolution comes, it will be about parking

xxx

"The motoring organisation's survey of 16,000 members suggests seven out of 10 would look for parking elsewhere rather than use the 'pay by phone' meters."

via Drivers avoid pay-by-phone parking bays, says the AA - BBC News

Who are these people? I sign with relief when I pull into a car park and see the signs that I can pay with my phone instead of rummaging around on my hands in knees to try to find a couple of quid in coins.

I love RingGo. It works great. One minor plea though: even Arriva buses have managed to add ApplePay to their in-app payment options, so please can you? I forget my CVV about one in every three times I use the app and I’d like to be able to switch between personal and business cards on the fly.

Tuesday, 8 August 2017

Their invention is valued at $250 million. Here’s why they’re not satisfied - The Boston Globe

xxx

"Data on Sia are broken into pieces and stored on multiple computers, a method intended to keep data accessible even when some hosts are offline."

Their invention is valued at $250 million. Here’s why they’re not satisfied - The Boston Globe

I remember writing about “eternity servers” a couple of decades ago (approvingly, as I thought it was a good idea).

Countess claims art dealer shortchanged her: suit | New York Post

xxx

"She was shocked to learn in 2014 that Sammons had sold the painting to a Liechtenstein gallery for the ‘egregiously low price’ of $650,000, her suit says."

Countess claims art dealer shortchanged her: suit | New York Post

This is the sort of thing that can happen when you have a market that is as opaque as, say, Bitcoin trading.

Some old observations on reputation and social networks

The Talmud also deals with identity in the context of reputation and social networks See Tractate Sanhedrin – folio 23a https://www.sefaria.org/Sanhedrin.23a.22?lang=bi As Rav Yehuda says that Rav says: Witnesses do not sign a document unless they know who is signing with them. One does not sign a document unless he recognizes that those signing with him are fit to bear witness.

Returning to the matter itself, Rav Yehuda says that Rav says: Witnesses do not sign a document unless they know who is signing with them. That is also taught in a baraita: This is what the scrupulous people of Jerusalem would do: They would not sign a document unless they knew who was signing with them, and they would not sit in judgment unless they knew who was sitting with them, and they would not join a meal unless they knew who was reclining, i.e., eating, with them.

The medieval scholar Rashi (1040-1105) explains that one needs to know one’s co-witness, because of the potential reputational damage to oneself of countersigning a document which is invalidated because of character defects of one’s co-signatory. The concern is that third parties will hear that the document has been rendered invalid and may assume that you are the cause (no smoke without fire).

eHarmony boss Grant Langston reveals the mantra for daters | This is Money

xxx

"Tales of lonely hearts who believe they have found their match, only to be ripped off by money-grabbing crooks are legion. And according to Grant Langston, chief executive of one of the leading global dating and relationship sites eHarmony, many cases are down to organised crime."

eHarmony boss Grant Langston reveals the mantra for daters | This is Money

xxx

Deutsche Bank backs pan-industry online identity platform

xxx

"Deutsche Bank and partners Allianz, Axel Springer, Daimler and Postbank [will] work on a standard access procedure for online activities, with customers using a 'master key' for registration and identification across industries."

Deutsche Bank backs pan-industry online identity platform

xxx

How liability stands in way of banks’ digital ID ambitions | American Banker

xxx

...if banks were allowed to rely on the work other organizations have done to identify customers they could eliminate redundant paperwork and spare the customer a branch visit to open another account… But banks would need a lot to change before they would partake in this sort of outsourcing of identity provision. At the moment, they are clearly liable, under anti-money-laundering and know-your-customer rules, if they provide accounts to bad actors, wittingly or not."

How liability stands in way of banks’ digital ID ambitions | American Banker

xxx

How liability stands in way of banks’ digital ID ambitions | American Banker

xxx

...if banks were allowed to rely on the work other organizations have done to identify customers they could eliminate redundant paperwork and spare the customer a branch visit to open another account… But banks would need a lot to change before they would partake in this sort of outsourcing of identity provision. At the moment, they are clearly liable, under anti-money-laundering and know-your-customer rules, if they provide accounts to bad actors, wittingly or not."

How liability stands in way of banks’ digital ID ambitions | American Banker

xxx

Monday, 7 August 2017

Cash no longer king as contactless payments soar in UK stores | Money | The Guardian

xxx

"For years, cards have accounted for the majority of retail spending by value, but 2016 was the first year they also accounted for more than 50% of all transactions. It is also the first time that debit cards have overtaken cash. They now account for 42.6% of all transactions, putting them a whisker ahead of notes and coins, which fell almost five percentage points to 42.3%."

Cash no longer king as contactless payments soar in UK stores | Money | The Guardian

xxx

Cash no longer king as contactless payments soar in UK stores | Money | The Guardian

xxx

"For the first time, notes and coins have been toppled from their position as the UK’s number one payment method. Cards now account for more than half of all retail purchases, according to the main body representing shops."

Cash no longer king as contactless payments soar in UK stores | Money | The Guardian

xxx

RBS boss says customers are to blame if they're defrauded | Daily Mail Online

xxx

"‘Banks are still placing too much responsibility on consumers to spot and protect themselves from sophisticated online scams. We’ve heard from many people who have lost life-changing amounts of money through bank transfer fraud, through no fault of their own, who are unlikely to get their money back from the banks involved.’"

RBS boss says customers are to blame if they're defrauded | Daily Mail Online

xxx

Friday, 4 August 2017

NSPCC's contactless face-to-face trial raised three times as much as cash | Third Sector

xxx

In a trial with 10 other charities, it raised an average donation of £3.07, compared with £1 for cash

From NSPCC's contactless face-to-face trial raised three times as much as cash | Third Sector

xxx

As Goldman Embraces Automation, Even the Masters of the Universe Are Threatened - MIT Technology Review

xxx

At its height back in 2000, the U.S. cash equities trading desk at Goldman Sachs’s New York headquarters employed 600 traders, buying and selling stock on the orders of the investment bank’s large clients. Today there are just two equity traders left.

Automated trading programs have taken over the rest of the work, supported by 200 computer engineers.

From As Goldman Embraces Automation, Even the Masters of the Universe Are Threatened - MIT Technology Review

xxx

SEPA INSTANT CREDIT TRANSFERS ARRIVE - Payments Cards & Mobile

The SEPA Instant Payments scheme goes live in November. 

The EPC’s SCT Inst scheme will enable interoperable euro credit transfers in SEPA for transactions of up to €15,000 initially to be available on the payee’s account within ten seconds.

From SEPA INSTANT CREDIT TRANSFERS ARRIVE - Payments Cards & Mobile

xxx

Wednesday, 2 August 2017

UK home secretary Amber Rudd says 'real people' don't need end-to-end encryption | Business Insider

xxx

UK home secretary Amber Rudd has called on messaging apps like WhatsApp to ditch end-to-end encryption, arguing that it aids terrorists. [She] said that “real people” don’t need the feature and that tech companies should do more to help the authorities deal with security threats.

From UK home secretary Amber Rudd says 'real people' don't need end-to-end encryption | Business Insider

I am not privy to this level of decision making in the body politics, but I suppose that Amber’s plan is to make everyone else’s communications as vulnerable to hackers, pranksters and agents of foreign powers as MPs’ communications are.

Parliament has been hit by a “sustained and determined” cyber-attack by hackers attempting to gain access to MPs’ and their staffers’ email accounts… Fewer than 90 email accounts were compromised during the cyber attack on Westminster, sources told the Press Association.

From Cyber-attack on parliament leaves MPs unable to access emails | Politics | The Guardian

Why this is considered a good idea by the Home Secretary is entirely unclear. Presumably she thinks that if everyone can read everyone else’s messages then it will not only add to the gaiety of the nation but will render terrorists unable to communicate. How wrong can you be? If you make it against the law to send encrypted messages, then the terrorists will simply switch to encryption schemes that don’t look like encrypted messages. Surely a noted historian such as Amber is aware of  

Sunday, 30 July 2017

Shayne Elliott's revolution at ANZ | afr.com

xxx

The long overdue migration of intangible financial services, which are purpose-built for digital distribution, away from pens and paper will be facilitated by digital ID verification

From Shayne Elliott's revolution at ANZ | afr.com

xxx

Shayne Elliott's revolution at ANZ | afr.com

xxx

Within a year or so, the rangy New Zealander hopes to introduce what could be the most profound change in modern Australian banking – a move away from conventional fixed pricing of deposits and loans (in which most people pay or receive the same interest rate) towards granular “risk-based pricing” in which everyone can in theory capture a unique interest rate depending on their propensities… Risk-based pricing requires massive amounts of historical data coupled with outstanding predictive modelling capabilities

From Shayne Elliott's revolution at ANZ | afr.com

xxx

In the online dating jungle, unverified by Twitter doesn’t mean undesirable | Sam Diss | Opinion | The Guardian

xxx

That’s the world in which Blue, the new Twitter-verified-users-only offering from dating app Loveflutter, is claiming to operate in. “In an era of catfishing and fake identities, authenticity is key,” says the accompanying press release, “which is why we’re leveraging Twitter’s world-class verification system to make dating safer.”

From In the online dating jungle, unverified by Twitter doesn’t mean undesirable | Sam Diss | Opinion | The Guardian

xxx

The sharing economy is failing for one simple reason – people can’t be trusted | The Independent

xxx

The sharing economy is gargantuan. A recent research report published by Bank of America Merrill Lynch estimates the value of it is about $250bn (£190bn) and it’s growing rapidly.

From The sharing economy is failing for one simple reason – people can’t be trusted | The Independent

xxx

Blueprint for KYC data sharing in the UK

xxx

The UK's Payment Strategy Forum has delivered a blueprint for the future of the nation's payment system, setting out design and implementation approaches for the construction of a new 'National Payments Architecture'.

From PSF lays down blueprint for new UK payments architecture

xxx

Since publishing our Strategy, we have reviewed the approach and agreed on the following detriments as focus areas for the proposed data sharing framework:

  1. Inclusion of bad actors: Obtaining sufficient KYC information to identify bad actors requires the use of multiple external data sources and systems during on-boarding and ongoing due diligence. Incomplete, in-accurate or out-of-date SME customer data hinders the detection of bad actors.

  2. Poor customer experience for good actors: Limited data sharing among the PSPs and other sectors such as utilities and telecommunication providers lead to significant duplication of effort if a customer moves to another provider or extends their products. data hinders the detection of bad actors.

  3. Barrier for small PSPs: Privileged access to SME data can be viewed as a barrier for small and new entrants, narrowing access and weakening competition. data hinders the detection of bad actors.

  4. Inefficiency in the SME KYC process: Customer identification processes can be complex, protracted, and expensive, despite not being a key competitive differentiator for PSPs and providers in other sectors. data hinders the detection of bad actors.

  5. Lack of trust: The fear of fraudulent actors potentially being able to penetrate the digital environment and get access to customer data leads to an erosion of trust in society.data hinders the detection of bad actors.

The plan is to start with SMEs.