We've talked about how the wallet is the new bank, but if you look in anyone's wallet, you notice that wallets are for a lot more than money.
Beyond cash, credit and debit cards, you'll also find driver's licenses, employee badges, medical insurance cards, dental insurance cards, prescription cards, library cards, gym membership cards, and the list goes on and on.
A digital wallet that does only money jobs has a huge gap in jobs to be done.
Which brings us to keys. If you drive a Tesla or have doors with smart locks, your phone is already acting as a key. But are keys for these doors the only ones we should be thinking about?
Passwords are digital keys. And passwords are a huge problem. People have hundreds of different passwords for all the online services they use. So many that they can't possibly remember them all. So, they use only one or two passwords across all services. Or they store them insecurely in a notes field of their phone. Or they're constantly resetting them. Or they store them in a browser, or signup for new services specially designed for remembering passwords. If that was not bad enough, some services require changing your password all the time. And others constantly send a one-time passcode by text message.
This is a terrible experience for users.
Increasingly, many companies are outsourcing sign-in to Google, Facebook or other big tech companies. While this might be better for users, it perpetuates hacker honeypots and introduces new business risk related to business model changes or deplatforming. As some find out the hard way, your followers on Twitter and your friends on Facebook do not belong to you. They belong to Twitter and Facebook, and you're a sharecropper working their land.
A common financial services viewpoint is that digital wallets end at money, and identity is a Know Your Customer (KYC) step in onboarding.
But what if this misses the forest for the trees? What if the digital wallets people want are wallets that deliver a 10x experience for all the jobs physical wallets do, not just the money jobs? And what if the market-winning wallets will actually do more jobs than physical wallets, absorbing all the jobs to be done of keys, both physical and digital?
Today we'll take a peak into this future, and talk about an important application of Bitcoin and Ethereum that has nothing to do with money or cryptocurrency.
An example from the City of uPortlandia
One of the first things you might put in your physical wallet is a local identification card. For many people, this is a driver's license―a document issued by the state that identifies a person by name, address and date of birth, and serves as the verified credential to prove this person is authorized to drive a motor vehicle.
The universality of the driver's license has led to it being co-opted for countless general identification purposes, both public and private. To help anyone trying to identify whether you are this person or not, the document includes a photograph of your face, additional descriptive information (hair color, eye color, height, weight and gender), and perhaps even your signature. And to reduce forgery, the document includes multiple security measures.
Using a loose definition of "local", passports, national ID cards and ID cards from other trusted institutions all serve similar purposes.
Let's look at a digital ID and see how it compares.
Get a local ID
In uPortlandia, you need a digital wallet. Once you've downloaded one, you enter your name and accept any terms of service and privacy policies. You now have an empty digital wallet. Keep in mind that, for this example, we are specifically focusing on the non-money jobs to be done of a digital wallet.
The first step is to get an ID from the City of uPortlandia. The process begins with you scanning a QR code from the City of uPortlandia system with your digital wallet. Note that the digital wallet on your mobile phone is acting like a key to interact with the City of uPortlandia system. This could be a web site you browse to on your computer, a physical kiosk, or a system managed by a city employee.
To scan the QR code, you open your digital wallet, press the scan button to open a camera view, and then point your phone's camera at the QR code. This immediately presents a choice to either login to the City of Portlandia (and share your name) or cancel.
Touching login securely logs you in to the City of Portlandia system and reverts your digital wallet to the home screen.
The next step is to enter your name, address and date of birth and click submit. The City of Portlandia then verifies the information, which could be an automated or manual process of any kind.
Upon approval, a digital credential is issued.
Clicking on Receive City ID generates a notification in the user's mobile app. When opened, the user is prompted to accept or decline their new City of Portlandia digital ID. Once accepted, the credential is stored in your wallet and can be used in the future to prove who you are and that you are a resident of the City of uPortlandia.
Get a diploma
A recent survey by Checkster, a reference checking company, showed that 78% of job seekers lied during the hiring process and that as many as 40% of job seekers claimed they had a degree from a prestigious university when in fact they did not.
Despite the efforts of a $2.8 billion background check industry, today it's far too difficult to verify that people have the credentials they say they have. And the evidence suggests that what people say is frequently inflated or wrong. Today, trust in people's credentials is scarce. But the public blockchain can make it abundant.
Your digital wallet can store proof of degrees or certificates you have earned. These credentials allow you to instantly prove you have the credentials you say you have.
Suppose you earned a degree from the University of uPortlandia, and you want to easily prove to others that you hold this degree.
First, you access the University of uPortlandia system online or in-person.
You log in using your digital wallet and your digital local ID to prove who you are. This is as simple as scanning the QR code presented by the University system with the digital wallet on your mobile phone. When you press Login, touch ID or a passcode is required to share the information from your digital local ID that the University is requesting and to verify that you are its owner.
Upon receiving your digital local ID and verifying that the ID is from a trusted ID provider and that the University has a degree for a person associated with your ID, you are given the option to receive a digital credential that verifies your degree.
Clicking Receive your Diploma on the University system presents you a screen with the verified information that you will soon receive as part of the digital credential sent to your digital wallet.
Your mobile phone receives a notification that opens to the verified credential you have just received. If you accept it, a copy is permanently stored in your digital wallet.
Now, proving you have this degree is trivial. Any app receiving this credential from you can instantly verify that the credential issued to the person identified by this local ID was signed by the University of uPortlandia.
Only the University of uPortlandia can create valid signatures for degrees, which can be simply validated using the University's public key. At the same time, the receiving app can verify the validity of your local ID. This demonstrates that the valid degree is in fact yours and not someone else's.
A process that today requires expensive manual verification processes can be made as easy and transparent as your browser displaying a valid lock icon when you browse to a secure website so you can be confident to safely enter your credit card details for a purchase.
Get a job
Let's walk through an example where you use both your digital local ID to prove who you are and your digital degree to prove you earned your diploma.
Many companies issue ID badges to employees. Many companies also do background checks to verify a job applicant's credentials. And all companies collect identification information required by the state for tax purposes.
Instead of today's expensive manual process, imagine that verification could be done instantly online.
If you were the job applicant, here's how it would work.
First, you access the Dream Job, LLC system online or in-person.
You log in using your digital wallet and your digital local ID to prove who you are. This is as simple as scanning the QR code presented by the company system with the digital wallet on your mobile phone. When you press Login, touch ID or a passcode is required to share the information from your digital local ID that the company is requesting and to verify that you are its owner.
Upon receiving your digital local ID and digital degree, verifying that the local ID is from a trusted ID provider and that the digital degree is as claimed and associated with this local ID, you are given the option to receive a digital company ID that verifies your employment.
This example keeps it very simple, but other factors like employment history verification could easily be added to the process.
Clicking Receive your Employment Verification on the company system presents you a screen with the verified information that you will soon receive as part of the digital company ID sent to your digital wallet.
Your mobile phone receives a notification that opens to the verified credential you have just received. If you accept it, a copy is permanently stored in your digital wallet.
Verification of identification, credentials, and employment are just the beginning of what's possible in this new web of trust.
Imagine using your digital identification and employment verification to get digital health insurance verification, making it much easier to obtain care from a doctor's office or in an emergency. No need to carry physical insurance cards. And no need to fill out a form updating your information on every visit.
Imagine being able to fill a prescription immediately at any pharmacy without having to wait for your doctor to call it in. Imagine instantly having access to transit passes or other services because you're a verified city resident or university alumni. Or similar services offered to verified employees.
Like trust Lego blocks, verified credentials in your digital wallet can be assembled in countless combinations to streamline and remove friction in virtually every application.
This vision is often called self sovereign identity.
Timothy Ruff, General Partner at Digital Trust Ventures, does a great job of explaining the principles of self sovereign identity as instantiated in a digital wallet:
- It starts out empty
- The wallet is mine and remains in my possession; no one can see it, change it or take it away without my consent
- I can fill it with the things I choose
- I can add different types of things: ID cards, payment cards, membership cards, loyalty cards, key cards, cash, receipts, photos, and more
- Most things I put in my wallet are issued to me by third parties; they can revoke validity, but I retain control of the artifact
- I choose what I share with whom, without sharing anything else
Wallet contents remain concealed until I choose to reveal something
- If I lose an important credential, I must return to the issuer, prove my identity and ask them to re-issue to me
- My wallet is portable with me everywhere I go
- If I don’t like my wallet I can get a different one and transfer my contents; the contents are portable
- I don’t usually make my own wallet, I obtain it from those who make wallets
- Wallet makers cannot see, change, or take away my wallet contents without my consent
- If my wallet is stolen, the thief can’t drain my entire net worth, there are limits to what thieves can get away with: there’s only so much cash, the cards have limits, they’ll soon be shut off, etc.
- I shouldn’t carry around too many valuables at one time
- I must be careful with my wallet, keep it secure
Is this realistic?
You might be thinking, this is a nice idea, but is it realistic? And does it depend on state or national governments to provide digital identification cards since identification is the foundational layer in this web of trust?
The City of uPortlandia example shows a distant future, but there are many incremental steps along the way.
For example, anyone providing an online service could evolve from using username and password to using a digital ID for sign in. Instead of trying to remember hundreds of different passwords, constantly resetting passwords forgotten, being frustrated by frequent mandatory password changes, and ultimately needing two factor authentication anyway, a digital wallet can make signing in as easy as scanning a QR code. Since this is different to the way people are used to signing in, adoption might follow a familiar exponential path. Gradually, and then suddenly.
This said, you might still be skeptical of the timeframe for a state or national digital identification. But, this is not the only way we might see the emergence of the identification base layer in the uPortlandia example. There are other ways to bootstrap it. For example, a big tech company or financial services company might decide to provide a verified digital identity credential as a service. In many cases, these companies already maintain very robust databases of who people are.
Google and Facebook do this in the context of entity validation. For example, search for your name on Google and you may notice a sidebar on the results page that includes information that Google believes to be authoritative about you. You can "claim" this entity by submitting a copy of your physical ID and by posting specific content to a social profile that Google knows is associated with you.
Financial services companies have even more detailed identification information because they're required to collect it as part of Know Your Customer regulations and because they want to minimize risk of fraud.
Either avenue could bootstrap universal digital identification without requiring government action.
What's under the hood?
While still very much emergent technologies, there are two primary candidates for self sovereign identity solutions: Microsoft's Identity Overlay Network (ION), which is built on top of Bitcoin, and Serto from Consensys, which is built on top of Ethereum and was used to create the uPortlandia example.
There are other solutions, including Sovrin, which is based on Hyperledger Indy, an open source project sponsored by the Linux Foundation. But solutions like Sovrin are based on private permissioned networks, and are less attractive for a number of reasons, including the distinction between strong technologies and weak technologies made by Chris Dixon, a General Partner at Andreessen Horowitz.
What ION and Serto have in common is that they are based on permissionless public blockchains, massively multi-client databases where every user is a root user. How specifically ION and Serto work and the tradeoffs between them are beyond the scope of this article, but both are based on the W3C Decentralized Identifiers specification, the W3C Verifiable Credentials model and a permissionless public blockchain.
Why a blockchain? Here is a good explanation from Self-Sovereign Identity: The Ultimate Beginners Guide:
In identity management, a distributed ledger (a “blockchain”) enables everyone in the network to have the same source of truth about which credentials are valid and who attested to the validity of the data inside the credential, without revealing the actual data.
Through the infrastructure of a blockchain, the verifying parties do not need to check the validity of the actual data in the provided proof but can rather use the blockchain to check the validity of the attestation and attesting party (such as the government) from which they can determine whether to validate the proof.
For example, when an identity owner presents a proof of their date-of-birth, rather than actually checking the truth of the date of birth itself, the verifying party will validate the government’s signature who issued and attested to this credential to then decide whether he trusts the government’s assessment about the accuracy of the data.
Hence, the validation of a proof is based on the verifier’s judgement of the reliability of the attestor.
By leveraging blockchain technology Self-Sovereign Identity establishes trust between the parties and guarantees the authenticity of the data and attestations, without actually storing any personal data on the blockchain.
The wallet as a platform
Today we've talked about how digital wallets will store verified credentials and how these credentials can be combined like Legos to reduce friction and streamline consumer experiences. Separately, we've talked here about the digital wallet's jobs to be done around money.
You might notice, though, that wallets often contain other things we haven't talked about: photos of family and friends, ticket stubs, business cards, loyalty cards, coupons, and countless other items.
Tomorrow's digital wallet will be a platform for building digital versions of everything that lives in today's physical wallets. And much more.
Wallets are bigger than money.
In the same way how you dress, where you live and what you drive are social signals, exposing ownership of scarce non-fungible tokens and scarce verified credentials will make wallets an important part of social signaling. A place where life's exhaust auto-populates a more trustworthy version of Facebook or Linkedin.
The wallet may be the new bank, but the wallet is also who you are.
And the key to prove it.