Do We Want our IDs Verified on a Blockchain?

pexels-photo-786801.jpegOne of the use cases most commonly discussed today for Blockchain is identity verification  or authentication. This could come in the form of storing bits of encrypted data on a Blockchain that would facilitate identifying individuals for any number of purposes from buying groceries to making online purchases, validating a state issued ID (like a passport or driver’s license), checking in at a hotel, passing security at an airport, or voting in an election.

The argument, as always with Blockchain, is that by having a distributed database of encrypted and validated entries, you are able to create trusted and secure transactions, avoid fraud, reduce errors, save money, and leave an indelible trace of activities.

Personally, I think that the Blockchain use case for identify verification is fantastic for voting, especially where we can quickly validate a citizen is authorized to vote while avoiding revealing how she voted.

But what about other types of transactions? One area where I am struggling with is whether consumers will be comfortable leaving immutable traces of their movements and activities on a Blockchain, even if their ID is revocable (meaning that the individual could change her passport, ID, or biometric). From a consumer-centric standpoint, one would think that a person would want to be able to remove, not just revoke, her biometric or public ID. Will consumers want the right to have their bad biometric selfies or other transactions “forgotten”?

Just because it can go into a Blockchain, doesn’t automatically mean it should.

What do you think?

Advertisements

The Legal Implications are Not My First Concern

home aloneWhenever I look at a new product, business model or technology, the legal implications are never my first concern. I prefer to focus on whether there is a viable business model, whether we can actually deliver the product or service, and how end users will feel about the product or services.

This short article lists the main legal implications of using Artificial Intelligence:

  • Personal Data
  • IP
  • Liablity

To be honest, for us who are working with these issues every day, this article isn’t particularly informative. Whether we’re talking about AI, Blockchain, Biometrics or some other new service, I would argue that I am much less concerned about those issues than the article is, mainly because I work with very capable privacy and IP specialists and know that both of those issues can be addressed in the product’s design and contract drafting.

For privacy what is very important, is not so much the law, but that if your product involves processing personal data, that the end users’ interests are at the heart of the design (ie, what is called privacy by design).

With regards to liability, we will have worked closely with the business to define our risk profile, factoring it into the business case and then reflecting that in the liability clauses. In other words, the liabilities and indemnities clauses will look pretty much the same as they do in any other IT supply agreement.

What I will be most concerned about is reputation. Will our service actually work? Will end users whose data is being processed through our service feel comfortable with their data being used? Assuming we have leverage, we can draft circles around our contractual risk to protect our intellectual property, limit our liability in case of our service failure, and define our privacy obligations. But what happens if our service doesn’t meet up to expectations or if users find it creepy? Will anyone want to contract with us in the future?

That’s reputation, pure and simple. And nothing you draft in a contract is going to save a bad reputation. So first figure out if you can deliver, put the end user at the center of the product architecture, get your business case in order, and then you can do the easy part which is to put together the contract.