BitShares Forum

Main => General Discussion => Topic started by: charleshoskinson on December 18, 2014, 06:02:39 am

Title: Recommended Read and Some Associated Videos
Post by: charleshoskinson on December 18, 2014, 06:02:39 am
I've been a fan of John Clippinger for awhile; however, this book really knocks it out of the ballpark: https://idcubed.org/bitcoin-burning-man-beyond/. It's a collection of more than a dozen essays from 18 authors divided into three sections covering everything from self-organizing societies to DAOs. There's a free pdf on website. Also recommend these videos: https://www.youtube.com/watch?v=nFeHmk7zqKg, https://www.youtube.com/watch?v=fA_3ydUWNEI, https://www.youtube.com/watch?v=HMBl0ttu-Ow .

 
Title: Re: Recommended Read and Some Associated Videos
Post by: Thom on December 18, 2014, 04:50:43 pm
I watched the first video and all but the last 10 minutes of the 3rd video.

I noticed both speakers mentioned but didn't really get into depth about trust. They both seemed to regard trust as important but imo didn't give that aspect much consideration.

I also noticed you seem to have some issues of trust yourself Charles, here in this community. I have absolutely zero knowledge of your past involvements here. I watched your TED talk and thought it was good. I didn't hear anything that raised red flags for me. I'll take this opportunity to congratulate you on a job well done for that effort.

What does concern me and does raise red flags for me is some of the associations to groups both speakers mentioned. Clippinger for example talked about the "EU Data Bill of Rights" and also stated (tho rather quickly and easily missed) that people need to be governed, a perspective I highly disagree with.

The whole blockchain phenomena is a cry for freedom and independence from "governance". I am very leery of both speakers mainly b/c I have no trust relationship with you nor have they themselves said very much that encourages a sense of trust in them.

I don't reject everything they said; much of what I heard was quite interesting and deserves consideration. But it will necessarily be limited by the relationships they mentioned to groups I do not trust. I causes me to ask, is there a hidden agenda at work here?
Title: Re: Recommended Read and Some Associated Videos
Post by: kisa on December 18, 2014, 07:33:31 pm
Charles, would you kindly revive our Book Club thread with your recommendations? ;D

https://bitsharestalk.org/index.php?topic=10638.0 (https://bitsharestalk.org/index.php?topic=10638.0)
Title: Re: Recommended Read and Some Associated Videos
Post by: charleshoskinson on December 18, 2014, 07:52:42 pm
Let me post chapter 2 here. I think it really explains John's core philosophy a bit better than the videos.

Why Self-Sovereignty Matters
By John H. Clippinger


It has been said that “he who enrolls, controls.” Any “authoritative”
party that defines and selectively confers “credentials” to access valued
resources, privileges and rights – e.g., a bank, state, religious
body or social website – exercises enormous power, often with little
democratic oversight. Since such powers are extremely difficult to
oversee and regulate, they eventually become a point of institutional
failure. The old adage Who guards the guards themselves? (Quis custodiet
ipsos custodes?) ultimately rears its ugly head and the “guards” become
the overlords, a clique of self-perpetuating, self-serving beneficiaries.
It is a historically tried dictum that the human oversight of human
frailties inevitably succumbs to human frailties.

The Rise of Self-Correcting, Evolvable Institutions
In the struggle to give people greater dignity and control over
their online lives (which increasingly encompass their offline lives as
well), the classic institutions of authority – financial, educational, enterprise,
religious, governmental – are failing. They are variously too
slow, hierarchical, corrupted or socially disconnected to perform their
assigned tasks as conscientious policymakers and respected guardians
of their segment of the social order.

This failure of authoritative institutions constitutes one of the
biggest challenges to human freedom in the digital era. It is such a
fundamental point of failure across all sectors that it is unlikely to be
resolved within existing institutional structures.[1] Yet growing public
alarm over unchecked governmental and corporate surveillance
and control is spurring the quest for innovative forms of governance
that can effectively protect and express human rights.

A case in point is the “alpha geek” community’s enthusiasm for
Bitcoin, Ripple, digital currencies and encrypted peer-to-peer services.
These services and protocols are instances of what I call The
ODESS Stack (Open-Distributed-Emergent-Secure-Self-Reflexive), a
set of distinctive software endowed with autonomous features. The
fervent popularity of ODESS services arises from the fact that they
do not require external institutional authorities – i.e., corruptible human
third parties – to function. Rather they are “self-reflexive” in that
they contain within themselves the necessary mechanisms to host,
verify and clear transactions, and to audit themselves and self-correct
errors and breaches. By virtue of their inherent design, they cannot
violate their own policies and they are highly fortified against outside
manipulation and intrusion.

In Bitcoin’s case, this means that it will issue no more than 21 million bitcoins and it will have a “block chain”
register that is complete and transparent. To their supporters, these
“algorithmic” “math-based institutions” are more trustworthy than
their flesh-and-blood counterparts, such as Central Banks and governments.
It is tempting to dismiss the interest in ODESS protocols and services
as a simple case of Digital Libertarianism, especially because
there is certainly an Ayn Rand faction within these circles. But the
ODESS approach to authority and legitimacy really transcends the
traditional left/right ideological spectrum. The growing shift to algorithmically
complete and self-contained services represents a more
pragmatic, performance-based approach to governance and institutional
design. In systems that are inherently experimental, empirical
and technologically based, traditional ideological presumptions have
little standing. Pragmatic outcomes and personal empowerment are
the sine qua non.

ODESS protocols and platforms are really outgrowths of a new
generation of communications and control technologies. It turns out
that the convergence of open platforms, social networking, Big Data
and encryption innovations allows us to address many social and economic
problems that simply could not be seen or addressed under the
regnant system of authoritative institutions.
Never before has it been possible to self-consciously design and
test at scale new forms of social technologies with rapid iterations
and innovation. Before it was possible to represent and express human
activities digitally, the social and economic sciences were profoundly
constrained in what they could imagine theoretically or test
experimentally. This is no longer the case. Now it is possible to selfconsciously
design and test at scale new forms of social technologies
with rapid iterations and ongoing improvements. Much of today’s
large-scale social and economic innovation is not being done within
academia or government, but by technologically innovative companies
that have the sophistication to exploit open networks, social networking
and Big Data.

The automation of key control functions in trains, missiles,
planes, boats and cars is already upon us, and fully autonomous terrestrial
and aerial drones are not that far off. The march of autonomous
control and self-organizing technologies is leading to a whole
new class of services and protocols that obviate the need for traditional
“authoritative” institutions for governance and control.

Instead of presuming the need for active human oversight, whether through
physical, regulatory or legal means, the goal that is emerging among
so many ODESS systems is autonomic design: social and economic
control/governance mechanisms that are intended to perform to an
explicit standard and that can correct and improve their performance
when they fail. Self-adaptive machine learning makes it possible for
systems to learn from their mistakes and evolve to improve their performance.
In the face of institutional failures, respectable opinion generally
focuses on reforming traditional “democratic” processes such as voting,
legislation, adjudication, licensing, litigation and regulatory procedures.
But these modes of governance are increasingly ineffective
artifacts of a bygone era. They presume social realities that may not
exist (perfect information, rational consumers) while failing to take
account of ubiquitous new realities such as socially driven behavior
using digital technologies on open networks.

Fortunately, ODESS platforms are pointing the way to entirely
more competent, participatory and trustworthy types of authority
systems and institutions. Self-correcting, evolvable institutional designs
are starting to provide more effective, adaptive and resilient
social and economic institutions. This goal should be the focus of
governance design and innovation in the future.

How Does Self-Sovereign Authentication Work?

Let us circle back for a moment to explain the “atomic foundation”
upon which the new ODESS services and institutions are based:
self-sovereign authentication. As long as some third party – whether
it be a state, a bank or a social media site – is the source of an individual’s
identity credentials, that individual’s freedom and control over
their identity and personal data are limited. If anything should be
inalienable, it should be one’s identity – the right to assert and control
who you are. Relinquish, delegate or appropriate that control, and
what is left but servile dependency.

Yet the big question remains, Can one be self-sovereign? That
sounds like a contradiction. How can one have an identity credential
issued that is authoritative, independent, incorruptible, and universally
accepted by others?

It is vital that no single entity, public or private, should have the
power to issue a global identity credential. But who then should
vouch for a person’s identity if not the state or some “international
agency”? That question has been answered convincingly by the universal
success of the open source software movement. By combining
the norms of autonomy, security and innovation of the open source
movement with the transformative powers of ODESS protocols and
services, a genuinely new environment for institutional and governance
innovation is possible.

The Bitcoin and Ripple algorithms are both open and not owned
by anyone, and yet there are also shared protocols that serve as a type
of social contract among participants in the system. So it shall be
with ODESS platforms and services: algorithms for computing global
identities will be open to review and not owned by any party, and self-organized
communities will be capable of issuing and enforcing their
own identity credentials, independent of states, banks, and other authority
institutions. This will enable a whole new class of institutions
to self-organize and develop organizational capacities and protections
for solutions to fundamental issues of human rights and dignity that
previously were simply not conceivable.

Here is how self-sovereign authentication can work: An algorithm
would have to compute a unique credential for everyone on the planet
based upon something that is uniquely identifying to them. Fortunately,
people have many biological and behavioral markers that are
unique to them, ranging from how they move or shake a phone, to
their daily movements and interactions, to the rhythm and pace of
their typing and speaking. All of these markers can be digitally captured.
Indeed, with recent advances in genomics, the genome itself
is one such “unique identifier” which is digitally captured by default.
While in some cases, a single biological or behavioral marker
may not be uniquely identifying, a combination of such markers can
produce a unique and distinctive marker. Unlike a fingerprint, retina
scan or similar “one time” biological markers that are fixed and
therefore potentially appropriated by third parties, these new markers
change dynamically over time as the behavior and the biology
of the individual changes over time – and they can correspondingly
be verified in real time. By having a dynamic and evolving credential
that changes with the individual, the resulting credential is not only
more credible and perishable, it also makes the individual the living
custodian of the credential. As a living credential, it cannot be easily
appropriated by someone else and it ceases to be valid when the individual
is no longer living. In this sense, it is truly inalienable and is a
living digital representation of an individual.

The approach taken here is a variant of forms of security and
privacy analyses called L-Diversity, k-Anonymity,[2] Trace analysis[3]
and Differential Privacy[4]. In the simplest of terms, the challenge of
creating a unique identifier for a person is the inverse of re-identification
(determining a person’s identity from anonymous data).

In the case of geolocation data gleaned from mobile devices, for instance,
de Montjoye et al. have found that it takes only four unique coor-
dinates from cellular phone data to identify a person with 95% accuracy.[5]
The power of this technique, however, depends upon the
density of the populations and groups being analyzed. For instance,
if there were few people in sparse locations with few roads, then the
opportunity for variability-uniqueness would be more limited, and
hence, the “identity distance” between individuals more limited. If
on the other hand, it were a highly dense and diverse population with
multiple local, regional, national and even international routes, then
the opportunity for identity diversity would be significantly greater.
All this suggests that any algorithm based upon movement and
interactions would also have to consider not just the size and entropy
of the population in which the individual resides or works, but the
richness and diversity (entropy) of roads and modes of interaction.

This measure could be augmented by adding more signature dimensions
in the form of orthogonal behavioral and biological markers
– such as, cardiac, gesture, typing, and voice signatures. It is also possible
to have a “sliding scale” of credential reliability tied to the level
of risk or value in a given transaction. In emerging mobile markets
where transaction volumes and amounts are infrequent and under
$25 in value, the KYC (Know Your Customer) and AML (Anti-Money
Laundering) authentication algorithm could be lighter, but as the volume
and amounts of transactions increase, more rigorous credentials
and real-time authentication methods could be used.

In the near future it is very likely that many people will have their
own sensor platform “bracelets” like the Nike FuelBand, a universal
tool for measuring all sorts of a person’s activities. These sensor
platforms can provide more accurate and unique location, movement
and biometric data than phones alone and could be used for more
secure forms of authentication and sharing in the near future.
Under any circumstances, an individual’s identity signature
would be stored in an encrypted personal cloud that could only be
accessed through a secure API to upgrade the signature and to allow
third-party verification. Moreover, such a root signature could use homographic
encryption so that it could be queried without having to
be decrypted. It would be from this root signature that a “root” pass-
word would be generated by another Open Algorithm, which in turn
would generate an OpenID OAuth 2.0 token to create a secure universal
password. Should an individual lose or change the password,
another could be generated. Since it is generated off the same root
identity signature, it could not be “spoofed” because it would be derived
from the encrypted root credential that only the individual has
access to. This would obviate the problem of individuals forgetting
or losing their password and not being able to recover or use their
data or a service, because they could easily recover and regenerate
a credential based upon their own actions. It may take time for full
authentication to take place so there could be a “watch period” until
the full richness of the credential is (re)created and verified.
Personas and Contextual Identities

In practice, humans have multiple identities; we are many people
to different people; we are parents, spouses, workers, citizens, friends,
patients, learners, buyers, makers, etc. Some of these different worlds
overlap, but in many cases they do not, and in some cases, it is important
that each context not be aware of the other or knows everything
about the other. This compartmentalization of lives and information
is a core component of privacy and essential for both personal and
social freedoms.

Such contextual identities we call personas. They are derived
from one’s root identity but are defined by specific attributes and credentials
that are needed to function in those contexts. For example,
in a family context, the key attribute is relatedness – parent, child,
husband, wife or spouse. These can be biological and socially asserted
roles dependent upon specific social conventions and customs. In either
case, they cannot be asserted by the individual but need to be
asserted and verified by the group defining the context. One person
can have many personas, each contextually defined and each wholly
independent of the other to the outside world. In some cases, a persona
my be legally prescribed by a nation state, such as citizenship
and a passport with required picture, certified birth certificate, and
residency. In other cases, the persona may be based upon some attributes
of mutual interest to everyone in a group or community
such as age, residency, income, education. Whereas there are many
organizations such as banks, credit bureaus, government agencies,
schools, health care organizations and the like which claim to be authorities
for the verification of certain attributes, such as FICO scores
for creditworthiness, many of these services themselves are subject
to manipulation.

Open Algorithms for Personas

Again, there is a significant opportunity to have independent
and open algorithms to calculate persona proxy attributes that can be
derived from behavioral and biometric data to verify certain claims
about people – such as their residence, employment, creditworthiness,
sociality, health, affinities, activities and interest. Such data
would be solely under the control of the individual and be shared
in their personal cloud or Trusted Compute Cell (TCC). Using the
Open Mustard Seed platform (OMS) these personal data could be
shared at the discretion of the individual through their own open
source Trusted Application Bundles.

Personal Data Assets and Exchanges

If individuals were able to collect and verify their own personal
data in their own personal cloud or TCC, then they would have the
opportunity to create asset value out of their own personal data. This
is a new kind of asset class[6] that has been priced and valued in standard
markets such as those formed by data brokers and ad networks.
For example, Acxiom, Experian, and Equifax make billion dollar
markets in relatively low quality and incomplete data and individuals
themselves do not realize value from their own data. Imagine how
valuable fully complete, accurate, timely and consensual personal
data would be. For the less advantaged individuals, it would be a way
of creating social capital and real financial equity for both their data
and their actions, and therefore, would be a powerful means for the
“unbanked” to bootstrap themselves into a global digital economy.
Through the use of data asset exchanges where individuals and
groups could make markets using their data assets, a new business
model for web content and services would be possible. Such a busi-Clippinger
ness model might well displace the current advertising model where
the financial incentives are to trick people out of their data and to
push inappropriate offers at people. Imagine a world where people
got fair value for their data and would be in charge of how they would
be approached by vendors and third parties. That would not only
change the “balance of power” between individuals corporations and
governments, it would unlock new sources of innovation and greater
service efficiencies by making the management of market and security
risk based upon more accurate and complete data analytics.

None of this would be possible, however, if individuals were not
self-sovereign and in charge of their own identities and personal data.
If other parties, governments or corporations, are in charge of the
enrollment process, then the old dictum of Quis custodiet ipsos custodies
would assert itself once again and undermine the very trust and
transparency needed to have a free and open digital ecology.

John H. Clippinger is co-founder and Executive Director of ID3 (Institute for Innovation
& Data Driven Design), a nonprofit organization formed to develop and field
test legal and software trust frameworks for data-driven services, infrastructures and
enterprises. He is also Research Scientist at the M.I.T. Media Lab’s Human Dynamics
Group. Previously, Dr. Clippinger was founder and Co-Director of The Law Lab at the
Berkman Center for Internet & Society at Harvard University. He is the author of A
Crowd of One: The Future of Individual Identity (2007) and The Biology of
Business (1998)
.
Notes
[1] Bollier, David and John H. Clippinger, “The Next Great Internet Disruption: Authority
and Governance,” available at http://idcubed.org/?post_type=home_
page_feature&p=631. See also Clippinger, John H., A Crowd of One, The Future
of Individual Identity (Public Affairs, 2007).
[2] Machanavajjhala, A., Kifer, D., Gehrke, J., and Venkitasubramaniam, M., “Diversity:
Privacy Beyond k-Anonymity,” ACM Trans. Knowl. Discov. Data 1, 1, Article
3 (March 2007) [DOI=10.1145/1217299.1217302], available at http://doi.acm.
org/10.1145/1217299.1217302; see also Lantanya Sweeney, “k-Anonymity: A
Model for Protecting Privacy,” International Journal on Uncertainty, Fuzziness and
Knowledge-based Systems, 10 (5) (2002), pp. 557–570, available at http://dataprivacylab.org/dataprivacy/projects/kanonymity/kanonymity.pdf.
[3] Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen and Vincent D.
Blondel, “Unique in the Crowd: The Privacy Bounds of Human Mobility,” Nature
(March 2013); and Lantanya Sweeney, “Uniqueness of Simple Demograph-20 FROM BITCOIN TO BURNING MAN AND BEYOND
ics in the U.S. Population,” Technical Report LIDAP-WP4 (Pittsburgh, Pa.: Carnegie
Mellon University, 2000), available at http://dataprivacylab.org/projects/
identifiability/index.html.
[4] Ninghui Li, Wahbeh Qardaji, Dong Su, “Provably Private Data Anonymization:
Or, K-Anonymity Meets Differential Privacy,” CERIAS Tech Report 2010-27, Center
for Education and Research, Information Assurance and Security (West Lafayette,
Indiana: Purdue University, 2010).
[5] Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen & Vincent D.
Blondel, “Unique in the Crowd: The Privacy Bounds of Human Mobility.” Nature,
(March 2013).
[6] World Economic Forum, Personal Data: The Emergence of a New Asset Class (2011)