police asking a thief to stop stealing

Who am I? How Bitcoin and banks live with the problems of identity

There were many fields of knowledge on which the complex design of Bitcoin could have tripped up: Computer Science (obviously), Economics, Law. You might not have put Philosophy on the list. But at the intersection of Bitcoin and life, it turns out that an important issue for digital money is identity—just as it is for other kinds of money.

Defining personal identity isn’t as straightforward as you might have thought. “Who am I?” is a question that most of us brushed aside once we’d passed our teenage years. But Bitcoin forces us to think again: how can I prove who I am?

In almost all ways, the Bitcoin system is a thing of beauty. It’s like a work of art in that what has been created through the design of code perfectly mirrors human actions and motivations. The genius is that it is self-regulating. Instead of central bankers or politicians deciding whether to allow more money to be created, the supply of Bitcoin is pre-programmed and therefore entirely predictable.

And instead of needing commercial institutions to facilitate dealings between users, Bitcoin creates a support network—the mining nodes—to monitor and record transactions. Its creator worked out what the miners and the users would want to do and made those actions, such as joining or leaving the network, supportive of the system design.

The only wrinkle lies on the border between Bitcoin-land and the rest of the world. Because although for all practical purposes the system works fine, there’s no customer service in Bitcoin. In the unlikely event of something going wrong – not so much in the software but in the human behaviour around it—what can you do?

Well, in the White Paper, Satoshi Nakamoto pretty much says ‘bad luck’, there’s nothing you can do; and goes on to tout that as one of the selling points. A problem of the conventional finance system, the White Paper claims, is that “completely non-reversible transactions are not really possible.” In a non-reversible transaction, once money has been spent, it’s spent.

This was new thinking: most people with conventional bank accounts and credit cards assume that, in the end, mistakes are reversible, even if you can only get the problem dealt with after sitting on the phone for hours and telling someone the name of your first pet. One person’s fear of reversible transactions is another person’s confidence that nothing can go too far wrong.

credit cards with a padlock

Banks invite us to set up accounts with passwords, codes, PINs and many other systems that demonstrate to the institution that we are who we say we are and not somebody else trying to get their hands on our account. When we first register an account we have to ground the arrangements in a legally-required KYC (know your customer) process by producing copies of our driver’s licence or passport, and maybe a letter from a utility company showing where we live. We have to give the bank confidence that there’s a solid connection between our online identity and the physical world.

But in Bitcoin identity is “firewalled” from the transactions themselves. Who you are isn’t Bitcoin’s problem, in the way that the banks and payment services have accepted that it is their problem. Bitcoin provides a robust mechanism for owning and transmitting money through private and public key pairs but the question of who is behind those private keys isn’t part of the system design.

In a thoughtful post on Medium recently, Simon Bettison examined the various ways in which the connection between identity and ownership has been demonstrated over the years. He points out that when someone signs a document by hand, it doesn’t matter that their signature is different every time: “it is not the form of the signature, nor its accuracy that matters, but the identity of the person that is producing the signature”.

In the digital world, things are both worse – you can even ‘sign’ using standard fonts—and better—there is more associated evidence around online signing than is carried on a piece of paper.

Similarly, in Bitcoin, the ‘signature’ is only valid when it is made by the rightful owner of the coins in question; otherwise it is part of a fraud. Commenting on Bettison’s post, Dr Craig Wright mentions the historic importance of witnesses to signatures. They are people who, in theory, would be willing to attest to the correct identity of the person signing, reinforcing the idea that it’s not by examining the physical signature itself that the declarations it makes can be confirmed.

For both Bitcoin and conventional money then, validating identity is personal rather than physical (in pre-digital days) or technological (today). For all their elaborate checks and balances, even for banks, identity is a bit fuzzy round the edges. If I have forgotten my passwords, special numbers or whatever, then I’ll probably end up having to remember my volunteered facts—grandmother’s maiden name etc. But what if I can’t remember them either? The process doesn’t just shut down at that point, but it would become more and more demanding, ending up in court.

The British government has a helpful page on its business website about how to prove identity. It offers this definition: “an identity is a combination of ‘attributes’ (characteristics) that belong to a person. A single attribute is not usually enough to tell one person apart from another, but a combination of attributes might be”. It makes the point that knowing someone’s identity is not binary; it’s about “levels of confidence”.

Even the most process-driven organisations have to live with this kind of vagueness. I recently spoke to my broadband provider and wasn’t able to let them check my identity by giving them the figure for my latest bill (because I was calling to tell them the broadband was broken) and I had forgotten my “memorable word”. In the end, they accepted who I was because I could tell them my bank account number, but that only seemed to be at the discretion of the person I was talking to, who happened to be in a good mood.

When you sign up to a Bitcoin wallet, you are urged to write down your twelve seed words, and to make sure not to lose them. That all-or-nothing warning has led people to conclude that if you lose those words, or access to whatever other system more user-friendly wallets may offer, then you have lost your money. And for most practical purposes, that’s true.

But those twelve words are just Bitcoin’s version of quill-pen signatures. They attest to ownership and are the practical means by which the rights of ownership are exercised, but they are not in themselves ownership. A crook may have found your piece of paper with the twelve words on it.

At this point in the argument, it’s usual to bring out the car keys analogy: just because I have the keys to a car, it doesn’t mean I own it. Which is fair enough, but let me put the counter-argument, which is often forgotten but also true and is relevant to the question of identity.

If I am walking down the street with a friend and they claim that a fancy-looking parked car is theirs, if they bring a key out of their pocket, open the door of the car, invite me to get in and drive us away, I’d be 99 percent sure that it was their car. If instead of that, they claimed it was theirs but walked past and then got someone on the phone to assure me that they had witnessed my friend buying the car, I’d be less convinced. Most people are honest and so possession is a pretty good, albeit not infallible, proof of ownership.

Bitcoin was designed to solve the problem of making, as it says in the opening paragraph of the White Paper, “small, casual transactions”. Why not big ones? Well, you can use it for big ones, but then the question of who you are dealing with and what you can do if something goes wrong becomes more important. If I buy something for a couple of pounds in a car boot sale, I don’t mind never being able to find who I bought it from. But I wouldn’t buy a car that way. This was the great insight of Pierre Omidyar, the founder of eBay: most people are honest. If the idea of sending money to someone you can’t trace and hoping they will send back what you have bought from them seems crazy, he said, well, try it and you’ll find it almost always works.

In the Bitcoin world it’s the same. Those carefully-guarded private keys or wallet passwords will, except in edge cases, quite satisfactorily indicate the owner of the coins, just as, for the purposes of ordinary business, my bank believes that if someone logs on with my passwords, then it’s me. Identity is laborious to prove and if we had to do it all the time, ordinary life would grind to a halt. But fortunately criminals are the exception, not the rule.

Dr. Craig Wright on CoinGeek Conversations: On the very start of Bitcoin

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.