In a prior post, I commented on how cybersecurity risk scoring would be a fundamental component of any sufficiently sophisticated cryptosystem of economics. This belief is partly because market forces favor measured risk over uncertainty. In any such system, being able to identify all parties in a transaction is fundamental to trust.
To explore this idea further, we need to discuss Micro Identities and Risk Anchors. They are fundamental aspects to our current and future economic system. In fact, many of the current solutions which provide the most friction in our current economic system are improved by the use of a blockchain system.
The last post proposed that your bank was just a web service. The idea behind this is to think of the traditional purposes of a bank and deconstruct what value they provide in a new crypto-economic system. There is no bank vault. No secret room where the physical currency is secured and maintained. Because cryptocurrency is electronic in form, the primary security control is not physical in nature, but around the identity that is needed to control the movement of the currency.
In that same article, it is proposed that there isn’t a single account, but that any consumer of these services could have thousands of accounts built for different purposes. Each one, potentially with different rules for how the owner wants transactions to be handled. This inherent flexibility is what we’ll refer to as a micro identity. That is, to the parties of the transaction, the account number is unique and attributed to a specific purpose. For example, if two parties to a contract wanted to transfer money between them, the account number provided by each party would be specific to that transaction. This would provide specific, transparent accountability which would forever be attributed to the transactions against that contract within the blockchain. While this is typical for the receiver of money to attribute it to a specific contract, it is less common for the payer.
The proliferation of these accounts leads to the original attribution problem discussed. Pragmatically, participants in the system need sophisticated tools for managing these accounts, including creating the business rules that result in the frictionless transactions promised by crypto-economics. We see the underpinning protocols for this in the Ethereum system of smart contracts, but more sophisticated tools need to emerge for the creation and management of these contracts.
Cyber reputational risk scoring assumes that there is the potential for less than adequate attribution and builds a system of inferences that can be derived from transactions. At some point, participants in a transaction will desire the ability to know and trust the identity of the account holders for the transaction they are entering into. For this purpose, micro identities provide a more flexible system of creating persistent and trusted identification.
In its initial conception, Micro Identities were an answer to instantiating unique identities for web services that could be individually and uniquely secured, and therefore not shared. Cyber reputational risk scoring is inherent in this system because the micro identities are signed by a macro identity that takes on reputational identity by the number of micro identities it issues and is recognized. Risk weighting for these is based on a series of attributions made by a protocol for walking the macro identity chain to the micro identity uses. This attribution model allows users to create unique micro identities and attribute them to a common or unique macro identity. The privacy control of the user to associate these identities to a macro identity provides a level of control unseen in today’s federated models.
For example, if a user goes to a social media site to create an account, they would automatically create a new micro identity. This micro identity could be signed and therefore attributed to an existing macro identity or a new one could be created. This would allow the user to keep a key chain of macro and micro identities that could be used. Attribution of multiple micro identities to a specific, more trusted, macro identity provides an inherent cyber risk reputational score capability.
This system of inherent trust models can be easily applied to cyber economics by using planned systems for creating and maintaining macro identities and their micro identity component accounts. This, in fact, mirrors and expands on some of the services provided by legacy banks today. For example, know your customer laws presently require bank customers to provide state-provided identity verification before a local account can be created.
In this case, rather than providing a centralized source of identity, the macro identity risk score simply provides a risk anchor to determine if the user is ‘invested’ in maintaining this identity. Their ‘at stake’ investment in maintaining a specific macro identity provides risk anchoring to determine if transactions conducted by this account have associated levels of risk. Risk, in this regard, can be quantified by an algorithm and priced by actuarial analysis.
This proposes that the cyber reputational risk scoring model benefits from a system of macro and micro identity protocols and that these be included in a standard smart contract form for creating and attributing transactions. This also provides for pseudo-anonymous activities for non-attributed micro identities that a less accurate inference model could be used.
While the terms and approach for this can be negotiated and done in phases, the adoption of this type of system is a certainty as market forces will accelerate solutions that reduce uncertainty and favor priced risk.
In such a model, well established macro identities become trust or risk anchors and provide a type of credit scoring system that would displace proprietary and non-transparent systems today, while providing the flexibility to move to a no-fault system in where establishing new credit is a matter of future attribution and not past indiscretions.
While this no-fault system would inherently be priced and bound by service providers, it provides a simple model for reputational risk scoring that could be widely adopted for both web service identity models and crypto-economic transactions.