1 00:00:01,150 --> 00:00:03,520 The following content is provided under a Creative 2 00:00:03,520 --> 00:00:04,910 Commons license. 3 00:00:04,910 --> 00:00:07,120 Your support will help MIT OpenCourseWare 4 00:00:07,120 --> 00:00:11,210 continue to offer high quality educational resources for free. 5 00:00:11,210 --> 00:00:13,780 To make a donation or to view additional materials 6 00:00:13,780 --> 00:00:17,740 from hundreds of MIT courses, visit MIT OpenCourseWare 7 00:00:17,740 --> 00:00:18,626 at ocw.mit.edu. 8 00:00:21,931 --> 00:00:25,370 GARY GENSLER: So this is the last use case day. 9 00:00:25,370 --> 00:00:27,020 And then Tuesday we'll wrap up. 10 00:00:27,020 --> 00:00:29,420 And I know that you all are preparing for finals 11 00:00:29,420 --> 00:00:32,189 and writing final projects. 12 00:00:32,189 --> 00:00:33,890 So it thins out at the end. 13 00:00:33,890 --> 00:00:36,720 So I thank you all for showing up, 14 00:00:36,720 --> 00:00:40,460 those of you that are still here. 15 00:00:40,460 --> 00:00:42,830 I also want to compliment. 16 00:00:42,830 --> 00:00:46,610 I didn't get through all of the papers seriously. 17 00:00:46,610 --> 00:00:49,775 But I did my best to read them quickly last night 18 00:00:49,775 --> 00:00:52,280 and today, that were submitted for today. 19 00:00:52,280 --> 00:00:55,040 And just like the ones on trade finance, they're really good. 20 00:00:57,860 --> 00:01:00,740 And if there was anything that was kind of the learning 21 00:01:00,740 --> 00:01:03,170 objective of this-- 22 00:01:03,170 --> 00:01:05,260 don't get too happy, James. 23 00:01:05,260 --> 00:01:06,807 AUDIENCE: I submitted mine just now. 24 00:01:06,807 --> 00:01:07,890 GARY GENSLER: What's that? 25 00:01:07,890 --> 00:01:08,990 Yeah. 26 00:01:08,990 --> 00:01:10,510 I read it. 27 00:01:10,510 --> 00:01:12,950 It was like two hours ago, you put it in. 28 00:01:12,950 --> 00:01:15,320 AUDIENCE: I've got a slightly improved version. 29 00:01:15,320 --> 00:01:17,760 GARY GENSLER: Oh, I don't think Canvas let's that. 30 00:01:17,760 --> 00:01:21,480 That's going to be a double spend wouldn't it? 31 00:01:21,480 --> 00:01:21,980 Sure. 32 00:01:21,980 --> 00:01:22,630 Send it in. 33 00:01:22,630 --> 00:01:23,260 Send it in. 34 00:01:26,630 --> 00:01:28,490 It's to show critical reasoning skills. 35 00:01:28,490 --> 00:01:29,880 What is this new technology? 36 00:01:29,880 --> 00:01:32,000 Why does blockchain technology make sense? 37 00:01:32,000 --> 00:01:35,860 And just like in trade finance and identity management, 38 00:01:35,860 --> 00:01:40,617 there's data that really matters. 39 00:01:40,617 --> 00:01:41,950 And we'll talk about this a bit. 40 00:01:41,950 --> 00:01:48,260 But the data really does matter, our identity and so forth. 41 00:01:48,260 --> 00:01:51,650 But I wanted to turn back to trade finance, 42 00:01:51,650 --> 00:01:55,190 just for a minute, because James had challenged the whole group 43 00:01:55,190 --> 00:01:57,920 about supply chain management. 44 00:01:57,920 --> 00:02:00,140 And Lauren was a little quiet. 45 00:02:00,140 --> 00:02:02,090 But she knows I'm going to call on her. 46 00:02:02,090 --> 00:02:03,920 So this isn't a cold call. 47 00:02:03,920 --> 00:02:07,560 But Lauren, you want to give your view on this a little bit? 48 00:02:07,560 --> 00:02:11,240 Lauren who worked in supply chain management 49 00:02:11,240 --> 00:02:12,620 for four or five years. 50 00:02:12,620 --> 00:02:13,330 AUDIENCE: Yeah. 51 00:02:13,330 --> 00:02:18,140 So the big thing, I worked in supply chain sustainability, 52 00:02:18,140 --> 00:02:20,810 and there's been a huge push. 53 00:02:20,810 --> 00:02:22,700 The De Beers thing touched on this. 54 00:02:22,700 --> 00:02:25,430 There's been a huge push over the past five to 10 years 55 00:02:25,430 --> 00:02:28,610 to just increase traceability and transparency through supply 56 00:02:28,610 --> 00:02:31,340 chains to make sure conflict minerals going to make sure 57 00:02:31,340 --> 00:02:33,770 that things aren't using a lot of water 58 00:02:33,770 --> 00:02:35,890 in water stressed areas and things. 59 00:02:35,890 --> 00:02:38,282 There's been a huge push for transparency 60 00:02:38,282 --> 00:02:39,740 through the supply chain and trying 61 00:02:39,740 --> 00:02:42,290 to figure out how companies can basically 62 00:02:42,290 --> 00:02:46,490 like audit and assess their suppliers, can take it 63 00:02:46,490 --> 00:02:47,720 layers back. 64 00:02:47,720 --> 00:02:51,380 And so one big thing now is it's all done through-- 65 00:02:51,380 --> 00:02:53,510 most companies do it through assessments. 66 00:02:53,510 --> 00:02:56,540 So annually, companies assess their suppliers 67 00:02:56,540 --> 00:02:58,970 and hope that they submit all this accurate information 68 00:02:58,970 --> 00:03:01,640 and hope that their suppliers are doing the same things 69 00:03:01,640 --> 00:03:03,510 throughout the supply chain. 70 00:03:03,510 --> 00:03:07,880 But there is very little transparency into it. 71 00:03:07,880 --> 00:03:10,220 It's very hard to verify. 72 00:03:10,220 --> 00:03:14,390 And there's really asymmetrical information on all sides. 73 00:03:14,390 --> 00:03:16,520 So block chain would be, I think, 74 00:03:16,520 --> 00:03:17,907 for sustainability purposes. 75 00:03:17,907 --> 00:03:20,240 Because right now you're just like hoping that companies 76 00:03:20,240 --> 00:03:23,030 are allocating the proper time and resources 77 00:03:23,030 --> 00:03:28,560 to go through and track their raw materials and suppliers 78 00:03:28,560 --> 00:03:29,780 and things. 79 00:03:29,780 --> 00:03:33,530 But there's no real verifiable or transparent way 80 00:03:33,530 --> 00:03:35,170 for it to be done. 81 00:03:35,170 --> 00:03:39,050 And so right now, a lot of customers 82 00:03:39,050 --> 00:03:41,233 are hoping that their suppliers, they're taking them 83 00:03:41,233 --> 00:03:42,650 at face value when they say things 84 00:03:42,650 --> 00:03:44,067 like, we don't use child labor, we 85 00:03:44,067 --> 00:03:47,660 don't source from these certain regions. 86 00:03:47,660 --> 00:03:49,880 But there's really no way to verify it. 87 00:03:49,880 --> 00:03:53,810 So I think a big opportunity for blockchain and supply chain 88 00:03:53,810 --> 00:03:55,986 is helping increase that traceability so that you 89 00:03:55,986 --> 00:03:59,840 know you're not coming from places where child labor is OK. 90 00:03:59,840 --> 00:04:02,540 Ideally, you're coming from places with good safety 91 00:04:02,540 --> 00:04:04,940 standards and things like that. 92 00:04:04,940 --> 00:04:06,920 GARY GENSLER: Have we gotten at least-- 93 00:04:06,920 --> 00:04:09,350 are you still on the rock bottom minimalist side 94 00:04:09,350 --> 00:04:12,070 of supply chain blockchain management, blockchain 95 00:04:12,070 --> 00:04:12,893 technology? 96 00:04:12,893 --> 00:04:14,060 AUDIENCE: Marginally better. 97 00:04:14,060 --> 00:04:15,920 GARY GENSLER: Marginally better. 98 00:04:15,920 --> 00:04:18,110 But that's what's wonderful about this class. 99 00:04:18,110 --> 00:04:21,230 And even the eight or 10 papers that I 100 00:04:21,230 --> 00:04:26,330 read about identity management, identity and access management 101 00:04:26,330 --> 00:04:29,750 systems and blockchain technology, ranged. 102 00:04:29,750 --> 00:04:32,150 I don't think I read any that were at a zero. 103 00:04:32,150 --> 00:04:33,853 There were no absolute minimalists. 104 00:04:33,853 --> 00:04:35,270 But there were some of your papers 105 00:04:35,270 --> 00:04:37,460 that veered towards that. 106 00:04:37,460 --> 00:04:42,050 And Alin, who's going to talk to us probably sometime 107 00:04:42,050 --> 00:04:44,180 during the day, I'd say your paper veered 108 00:04:44,180 --> 00:04:51,268 towards the most maximalist side I'd seen yet in 23 classes. 109 00:04:51,268 --> 00:04:53,185 AUDIENCE: With respect to a certain definition 110 00:04:53,185 --> 00:04:55,460 of digital identity, which is probably 111 00:04:55,460 --> 00:04:58,390 different than what most people think about. 112 00:04:58,390 --> 00:04:59,390 GARY GENSLER: All right. 113 00:04:59,390 --> 00:05:01,760 So we're going to hear from Alin maybe 114 00:05:01,760 --> 00:05:03,100 in 20 minutes or something. 115 00:05:03,100 --> 00:05:06,410 But mind you, that's the surprise of the class. 116 00:05:06,410 --> 00:05:09,590 He's moved to the maximalist side, at least 117 00:05:09,590 --> 00:05:13,760 on one application for blockchain technology, which 118 00:05:13,760 --> 00:05:17,930 is also, I think, the right place to be. 119 00:05:17,930 --> 00:05:21,140 This is a technology that might have use cases that work 120 00:05:21,140 --> 00:05:24,760 and others that are just hype. 121 00:05:24,760 --> 00:05:28,030 There might even be some digital native tokens 122 00:05:28,030 --> 00:05:29,630 that will survive. 123 00:05:29,630 --> 00:05:33,160 And most, in my thought, won't. 124 00:05:33,160 --> 00:05:35,680 But there might be some that make 125 00:05:35,680 --> 00:05:40,330 sense, probably more blockchain technology 126 00:05:40,330 --> 00:05:44,500 applications than tokens. 127 00:05:44,500 --> 00:05:47,770 But we'll start going through identity. 128 00:05:50,455 --> 00:05:52,330 Again, we'll talk a little bit about identity 129 00:05:52,330 --> 00:05:56,200 before we get into it, identity and access management systems. 130 00:05:56,200 --> 00:05:58,840 But what is identity? 131 00:05:58,840 --> 00:06:00,610 Then, the sort of management of them, 132 00:06:00,610 --> 00:06:02,750 particularly in a digital age. 133 00:06:02,750 --> 00:06:08,020 Some state projects in India and Estonia. 134 00:06:08,020 --> 00:06:09,670 And then some blockchain technology 135 00:06:09,670 --> 00:06:13,330 projects, private sector in essence. 136 00:06:13,330 --> 00:06:15,540 And then, of course, some of you might be graduating. 137 00:06:15,540 --> 00:06:17,770 And we'll talk about MITs. 138 00:06:17,770 --> 00:06:19,240 It is MIT, had to do that. 139 00:06:21,750 --> 00:06:25,780 And the study questions were, what are the trade offs. 140 00:06:25,780 --> 00:06:28,180 What does it mean to be self-sovereign identity? 141 00:06:28,180 --> 00:06:31,610 And how might blockchain technology address that? 142 00:06:31,610 --> 00:06:36,760 And we'll see a show of hands later how many of you 143 00:06:36,760 --> 00:06:40,970 plan to get your MIT diploma on blockchain. 144 00:06:40,970 --> 00:06:43,622 I hope, by the way, that all of you plan to get an MIT diploma. 145 00:06:43,622 --> 00:06:45,580 But there are some of you that are from Harvard 146 00:06:45,580 --> 00:06:47,170 here and from other schools. 147 00:06:47,170 --> 00:06:49,760 So maybe you'll come back to MIT. 148 00:06:52,960 --> 00:06:54,820 And then there was a handful of readings 149 00:06:54,820 --> 00:06:58,000 which, at least from the write ups, 150 00:06:58,000 --> 00:07:01,420 seem like they reasonably did its job. 151 00:07:01,420 --> 00:07:02,740 So what is identity? 152 00:07:02,740 --> 00:07:03,910 This is an open question. 153 00:07:06,860 --> 00:07:07,380 Tom. 154 00:07:07,380 --> 00:07:07,880 What's identity? 155 00:07:07,880 --> 00:07:09,150 AUDIENCE: I was going to defer to someone 156 00:07:09,150 --> 00:07:10,233 who wrote the paper today. 157 00:07:10,233 --> 00:07:12,540 GARY GENSLER: You were going to defer to somebody. 158 00:07:12,540 --> 00:07:13,170 I see. 159 00:07:13,170 --> 00:07:14,490 I see. 160 00:07:14,490 --> 00:07:16,470 Who wants to say what identity is? 161 00:07:16,470 --> 00:07:18,000 James, you wrote a paper for today. 162 00:07:18,000 --> 00:07:20,070 AUDIENCE: You have a birth certificate, 163 00:07:20,070 --> 00:07:21,590 identifies you as an individual. 164 00:07:21,590 --> 00:07:22,590 GARY GENSLER: All right. 165 00:07:22,590 --> 00:07:25,682 So is a birth certificate identity? 166 00:07:25,682 --> 00:07:27,955 AUDIENCE: No. 167 00:07:27,955 --> 00:07:30,172 GARY GENSLER: Who's saying no? 168 00:07:30,172 --> 00:07:32,380 AUDIENCE: I don't think that the birth certificate is 169 00:07:32,380 --> 00:07:34,000 an identity because you can also be 170 00:07:34,000 --> 00:07:37,580 identified, for example, biometrically 171 00:07:37,580 --> 00:07:39,380 or with your fingerprint. 172 00:07:39,380 --> 00:07:41,738 So it is not only for birth certificate. 173 00:07:44,546 --> 00:07:46,240 AUDIENCE: But it is an identity. 174 00:07:46,240 --> 00:07:48,740 Like if you go to the DMV and you're going to get a license, 175 00:07:48,740 --> 00:07:50,282 you need a birth certificate to show. 176 00:07:50,282 --> 00:07:51,282 GARY GENSLER: All right. 177 00:07:51,282 --> 00:07:52,930 But is the birth certificate identity? 178 00:07:52,930 --> 00:07:54,472 AUDIENCE: It is not what identifies-- 179 00:07:54,472 --> 00:07:56,770 AUDIENCE: It is like an identifier for [INAUDIBLE] 180 00:07:56,770 --> 00:07:58,620 GARY GENSLER: Identifier. 181 00:07:58,620 --> 00:07:59,620 It's a certificate. 182 00:07:59,620 --> 00:08:00,220 Right? 183 00:08:00,220 --> 00:08:01,000 Hugo? 184 00:08:01,000 --> 00:08:01,630 AUDIENCE: Yeah. 185 00:08:01,630 --> 00:08:05,227 I mean, I feel like this is super philosophical question. 186 00:08:05,227 --> 00:08:06,600 GARY GENSLER: Well, maybe. 187 00:08:06,600 --> 00:08:08,278 Do you feeling uncomfortable with that? 188 00:08:08,278 --> 00:08:08,820 AUDIENCE: No. 189 00:08:08,820 --> 00:08:09,820 GARY GENSLER: All right. 190 00:08:09,820 --> 00:08:11,180 Good. 191 00:08:11,180 --> 00:08:14,380 AUDIENCE: Like identity is basically like who you are. 192 00:08:14,380 --> 00:08:16,990 And all of the things that prove your identity currently 193 00:08:16,990 --> 00:08:20,980 are government issued documents or like school issue documents 194 00:08:20,980 --> 00:08:24,130 that prove that somebody else has already done a background 195 00:08:24,130 --> 00:08:27,061 check to make sure that you are who you say you are. 196 00:08:27,061 --> 00:08:28,970 GARY GENSLER: Brotish. 197 00:08:28,970 --> 00:08:31,600 AUDIENCE: I think identity is kind of contextual. 198 00:08:31,600 --> 00:08:33,340 So sometimes it can be a date of birth. 199 00:08:33,340 --> 00:08:34,620 Sometimes it can be your nationality. 200 00:08:34,620 --> 00:08:35,919 Sometimes it can be your face. 201 00:08:35,919 --> 00:08:39,394 It depends on the context what identity is. 202 00:08:39,394 --> 00:08:40,330 GARY GENSLER: Eric. 203 00:08:40,330 --> 00:08:42,610 AUDIENCE: It should be identity is-- 204 00:08:42,610 --> 00:08:46,380 going back to the philosophical domain. 205 00:08:46,380 --> 00:08:49,780 Identity is what defines you as a unique individual 206 00:08:49,780 --> 00:08:52,000 and differentiates you from anybody else. 207 00:08:52,000 --> 00:08:53,046 Right? 208 00:08:53,046 --> 00:08:58,720 And use additional instruments to serve 209 00:08:58,720 --> 00:09:05,410 the purpose of identifying you as an individual 210 00:09:05,410 --> 00:09:11,050 to certain contexts, as Brotish mentioned, that the identity is 211 00:09:11,050 --> 00:09:14,360 inherent to a person, not an additional artifact, 212 00:09:14,360 --> 00:09:16,780 in my understanding. 213 00:09:16,780 --> 00:09:19,410 GARY GENSLER: So how many people agree with Eric? 214 00:09:19,410 --> 00:09:22,195 It's something unique that identifies. 215 00:09:22,195 --> 00:09:23,180 AUDIENCE: I agree. 216 00:09:23,180 --> 00:09:24,180 GARY GENSLER: You agree. 217 00:09:24,180 --> 00:09:26,600 AUDIENCE: I think it has to be something that you can 218 00:09:26,600 --> 00:09:29,140 verify in order to be identity. 219 00:09:29,140 --> 00:09:31,125 Otherwise it's just a piece of paper. 220 00:09:31,125 --> 00:09:32,500 GARY GENSLER: Wait, you think you 221 00:09:32,500 --> 00:09:34,720 have to be able to verify it. 222 00:09:34,720 --> 00:09:36,820 But Eric was saying that it's unique. 223 00:09:36,820 --> 00:09:38,593 It's something about our humanity. 224 00:09:38,593 --> 00:09:39,510 It's about who we are. 225 00:09:42,160 --> 00:09:45,120 AUDIENCE: I think, as Hugo said, I 226 00:09:45,120 --> 00:09:46,480 think it's very philosophical. 227 00:09:46,480 --> 00:09:47,630 I think it's who I am. 228 00:09:47,630 --> 00:09:52,170 So like my identity is like what my name, what date of birth, 229 00:09:52,170 --> 00:09:56,598 and my iris, and my finger, this is who I am. 230 00:09:56,598 --> 00:09:58,140 And I think what you're talking about 231 00:09:58,140 --> 00:10:02,730 is more like how can the society verify that you are 232 00:10:02,730 --> 00:10:05,286 the one who you claim to be. 233 00:10:05,286 --> 00:10:07,130 So I think there's different kind of layers 234 00:10:07,130 --> 00:10:08,000 that we're talking sense. 235 00:10:08,000 --> 00:10:08,490 GARY GENSLER: Alexis. 236 00:10:08,490 --> 00:10:10,532 AUDIENCE: I think it's like not unique in a sense 237 00:10:10,532 --> 00:10:15,300 that it's like characteristics that someone has. 238 00:10:15,300 --> 00:10:18,960 But like maybe someone else will have the same characteristics. 239 00:10:18,960 --> 00:10:24,030 But it's more, Jahib just said, like basically someone 240 00:10:24,030 --> 00:10:26,490 can verify that what you say is true. 241 00:10:26,490 --> 00:10:28,340 Like if you have these characteristics, 242 00:10:28,340 --> 00:10:30,360 that's part of your identity. 243 00:10:30,360 --> 00:10:33,615 But it's not like unique in the sense that it's just-- 244 00:10:33,615 --> 00:10:36,090 GARY GENSLER: So, Alexis, are you saying your identity 245 00:10:36,090 --> 00:10:37,060 is not unique? 246 00:10:37,060 --> 00:10:39,060 Or are you saying certain attributes [INAUDIBLE] 247 00:10:39,060 --> 00:10:40,268 AUDIENCE: It's unique for me. 248 00:10:40,268 --> 00:10:44,310 But it's just like aggregation of characteristics. 249 00:10:44,310 --> 00:10:46,320 GARY GENSLER: Aggregation of characteristics. 250 00:10:46,320 --> 00:10:47,770 We are going to get philosophical. 251 00:10:47,770 --> 00:10:48,340 This is good. 252 00:10:48,340 --> 00:10:50,132 AUDIENCE: If you want to get philosophical, 253 00:10:50,132 --> 00:10:53,010 you can say that the identity is what 254 00:10:53,010 --> 00:10:58,140 the society imposes upon you, or what the society makes up 255 00:10:58,140 --> 00:10:58,830 of you. 256 00:10:58,830 --> 00:11:01,170 Because, for instance, a name itself 257 00:11:01,170 --> 00:11:03,100 is not [INAUDIBLE] itself. 258 00:11:03,100 --> 00:11:09,840 It's something that the society or common culture construct. 259 00:11:09,840 --> 00:11:12,480 GARY GENSLER: So you're saying it's not just who you are, 260 00:11:12,480 --> 00:11:15,390 but how society accepts you. 261 00:11:15,390 --> 00:11:19,170 In a commercial sense, in an economic sense, 262 00:11:19,170 --> 00:11:21,290 identity is used for so many things. 263 00:11:21,290 --> 00:11:24,400 I do believe-- and maybe it is philosophical. 264 00:11:24,400 --> 00:11:28,290 I do believe that we are each unique souls. 265 00:11:28,290 --> 00:11:31,020 And so that's a belief system, maybe. 266 00:11:31,020 --> 00:11:35,580 But in an economic sense, we have various attributes. 267 00:11:35,580 --> 00:11:38,510 So those attributes might be shared. 268 00:11:38,510 --> 00:11:41,890 I know, in fact, yeah. 269 00:11:41,890 --> 00:11:42,690 Woo. 270 00:11:42,690 --> 00:11:45,550 So what is identity? 271 00:11:45,550 --> 00:11:48,330 There is a dude up there that I share DNA 272 00:11:48,330 --> 00:11:54,960 with, exact replicable genetic material. 273 00:11:54,960 --> 00:11:57,200 But I, for one, think that I'm unique from him 274 00:11:57,200 --> 00:11:59,210 and I have a different identity. 275 00:11:59,210 --> 00:12:02,450 And you can be guessing, while you pull this down from Canvas, 276 00:12:02,450 --> 00:12:04,510 who's who. 277 00:12:04,510 --> 00:12:06,910 It's not a test. 278 00:12:06,910 --> 00:12:07,988 What's that, James? 279 00:12:07,988 --> 00:12:09,405 AUDIENCE: You're on the left side. 280 00:12:09,405 --> 00:12:11,530 GARY GENSLER: I don't know which side you're pointing to. 281 00:12:11,530 --> 00:12:13,870 AUDIENCE: Technically, the left side of the photograph. 282 00:12:13,870 --> 00:12:15,140 AUDIENCE: You're on the-- 283 00:12:15,140 --> 00:12:16,240 [INTERPOSING VOICES] 284 00:12:16,240 --> 00:12:18,820 AUDIENCE: As we see it, on the left side of the photograph. 285 00:12:18,820 --> 00:12:19,910 GARY GENSLER: I see. 286 00:12:19,910 --> 00:12:20,410 Yeah. 287 00:12:20,410 --> 00:12:20,910 Yeah. 288 00:12:20,910 --> 00:12:22,020 You're correct. 289 00:12:22,020 --> 00:12:23,740 But see, we're unique. 290 00:12:23,740 --> 00:12:25,810 Different identities. 291 00:12:25,810 --> 00:12:28,300 Same DNA. 292 00:12:28,300 --> 00:12:33,210 Who has an iPhone with face recognition? 293 00:12:33,210 --> 00:12:37,770 So on Thanksgiving, Rob hands me his iPhone. 294 00:12:37,770 --> 00:12:39,600 He says, what do you see? 295 00:12:39,600 --> 00:12:42,170 He says, just look at it. 296 00:12:42,170 --> 00:12:45,060 And I look at it and I say, I see a bunch of text messages. 297 00:12:45,060 --> 00:12:46,290 Why? 298 00:12:46,290 --> 00:12:48,120 And he cursed. 299 00:12:48,120 --> 00:12:54,630 And he said, I handed you my locked phone. 300 00:12:54,630 --> 00:13:00,270 So whatever you think about biometrics and iPhones, 301 00:13:00,270 --> 00:13:01,890 it didn't work. 302 00:13:01,890 --> 00:13:02,850 Or it does work. 303 00:13:02,850 --> 00:13:04,050 I don't know. 304 00:13:04,050 --> 00:13:07,260 So I handed him back my iPhone, which a little older. 305 00:13:07,260 --> 00:13:10,170 And I said, could you open it for me with your thumb print. 306 00:13:10,170 --> 00:13:12,080 And he couldn't. 307 00:13:12,080 --> 00:13:15,320 So just for now, we have a number 308 00:13:15,320 --> 00:13:19,530 of sets of identical twins in my father's family and so forth. 309 00:13:19,530 --> 00:13:25,880 So he tried it with two of our identical twin cousins, two 310 00:13:25,880 --> 00:13:26,780 women. 311 00:13:26,780 --> 00:13:30,110 And they, too, can open each other's phones. 312 00:13:30,110 --> 00:13:31,301 AUDIENCE: With fingerprints? 313 00:13:31,301 --> 00:13:34,460 GARY GENSLER: No, with their face recognition. 314 00:13:34,460 --> 00:13:37,430 Not with fingerprints but with face recognition. 315 00:13:37,430 --> 00:13:43,080 So it just is a little side story about identity. 316 00:13:43,080 --> 00:13:44,150 Eric. 317 00:13:44,150 --> 00:13:47,000 AUDIENCE: Just a comment that there's a function in Facebook 318 00:13:47,000 --> 00:13:50,210 that shows you a list of photographs 319 00:13:50,210 --> 00:13:54,860 that you potentially can be identified and tag you. 320 00:13:54,860 --> 00:13:57,790 So I keep getting pictures of my twin brother, too. 321 00:13:57,790 --> 00:13:59,110 So, yeah. 322 00:13:59,110 --> 00:14:02,238 Very poor face recognition today. 323 00:14:02,238 --> 00:14:03,530 GARY GENSLER: You're identical? 324 00:14:03,530 --> 00:14:05,340 AUDIENCE: Yeah. 325 00:14:05,340 --> 00:14:06,400 GARY GENSLER: OK. 326 00:14:06,400 --> 00:14:07,940 When I hear fraternal, then I have 327 00:14:07,940 --> 00:14:10,620 another thing about Facebook. 328 00:14:10,620 --> 00:14:13,130 AUDIENCE: But there is actually a much simpler way 329 00:14:13,130 --> 00:14:14,540 to define identity. 330 00:14:14,540 --> 00:14:18,130 Philosophy aside, there is this physical human being, 331 00:14:18,130 --> 00:14:20,540 and there's billions of them on the planet. 332 00:14:20,540 --> 00:14:23,720 And one simple way to think about it is you 333 00:14:23,720 --> 00:14:26,200 want to hash each person. 334 00:14:26,200 --> 00:14:27,200 GARY GENSLER: All right. 335 00:14:27,200 --> 00:14:27,770 We're back. 336 00:14:27,770 --> 00:14:29,360 We're back to the hash functions. 337 00:14:29,360 --> 00:14:30,277 This is good. 338 00:14:30,277 --> 00:14:32,360 AUDIENCE: But that's actually what you want to do. 339 00:14:32,360 --> 00:14:34,910 You want to hash each person and get a number. 340 00:14:34,910 --> 00:14:37,370 And the property of that is that if you come to me 341 00:14:37,370 --> 00:14:39,000 and I hash you, I get some number. 342 00:14:39,000 --> 00:14:40,875 And if you come again, I get the same number. 343 00:14:40,875 --> 00:14:42,680 So I know I'm dealing with the same person. 344 00:14:42,680 --> 00:14:44,120 GARY GENSLER: Even if I put weight? 345 00:14:44,120 --> 00:14:45,620 AUDIENCE: Even if you put on weight. 346 00:14:45,620 --> 00:14:48,295 I can hash because I can use your iris, let's say. 347 00:14:48,295 --> 00:14:49,670 Then your twin brother presumably 348 00:14:49,670 --> 00:14:50,712 won't have the same iris. 349 00:14:50,712 --> 00:14:54,270 I'm actually not sure, but I don't think you will. 350 00:14:54,270 --> 00:14:56,000 So now a hash you, I get the same number, 351 00:14:56,000 --> 00:14:56,990 I know who I'm dealing with, and this 352 00:14:56,990 --> 00:14:59,115 solves a lot of the problems in the business world. 353 00:14:59,115 --> 00:15:03,750 Like KYC, getting a credit card at a bank, stuff like that. 354 00:15:03,750 --> 00:15:06,200 And it also solves the problem, are you a new customer. 355 00:15:06,200 --> 00:15:10,120 Well, is your hash one of the new hashes that I-- 356 00:15:10,120 --> 00:15:13,070 is your hash a hash that I've seen in the past? 357 00:15:13,070 --> 00:15:15,250 So that's a very simple way to think of identity. 358 00:15:15,250 --> 00:15:16,750 And you put philosophy aside and you 359 00:15:16,750 --> 00:15:19,900 assume that there is some physicality of human beings 360 00:15:19,900 --> 00:15:21,520 that you can distinguish between using 361 00:15:21,520 --> 00:15:22,580 a hash function of some sort. 362 00:15:22,580 --> 00:15:24,038 So the question is like, how do you 363 00:15:24,038 --> 00:15:27,190 implement this hash function. 364 00:15:27,190 --> 00:15:30,080 GARY GENSLER: So you're not really 365 00:15:30,080 --> 00:15:31,670 putting philosophy to the side. 366 00:15:31,670 --> 00:15:35,940 You're saying, that may be all well and good, 367 00:15:35,940 --> 00:15:40,020 but you can also take a physical object, a human, 368 00:15:40,020 --> 00:15:43,140 apply a hash function, a cryptographic means, 369 00:15:43,140 --> 00:15:47,535 and get a unique identifier for that individual. 370 00:15:47,535 --> 00:15:49,650 AUDIENCE: I have a counter question to that. 371 00:15:49,650 --> 00:15:52,110 So let's say you hash everything. 372 00:15:52,110 --> 00:15:55,520 I can have a counter feed of like five things that can 373 00:15:55,520 --> 00:15:56,770 essentially be the same thing. 374 00:15:56,770 --> 00:15:58,853 And you'll just have five different hashes for it. 375 00:15:58,853 --> 00:15:59,380 Right? 376 00:15:59,380 --> 00:16:03,060 It will still have to come from a non-blockchain source for you 377 00:16:03,060 --> 00:16:04,570 to be able to-- 378 00:16:04,570 --> 00:16:05,910 AUDIENCE: Well, it's not things. 379 00:16:05,910 --> 00:16:06,660 It's human beings. 380 00:16:06,660 --> 00:16:07,450 AUDIENCE: OK. 381 00:16:07,450 --> 00:16:11,280 But for you to be able to hash one person, 382 00:16:11,280 --> 00:16:14,490 you can still reproduce five other fake people 383 00:16:14,490 --> 00:16:16,873 and have five different fake identities 384 00:16:16,873 --> 00:16:17,790 with a different hash. 385 00:16:17,790 --> 00:16:20,160 AUDIENCE: So that's the difficulty, right? 386 00:16:20,160 --> 00:16:23,945 You can't actually-- if I hash myself and I get a hash, 387 00:16:23,945 --> 00:16:25,320 you will have a lot of difficulty 388 00:16:25,320 --> 00:16:27,312 producing another human being. 389 00:16:27,312 --> 00:16:29,520 It's like finding the collision in the hash function. 390 00:16:29,520 --> 00:16:32,400 You have a lot of difficulty producing a human being that 391 00:16:32,400 --> 00:16:33,870 has the same hash as mine. 392 00:16:33,870 --> 00:16:35,912 Because the hash function is collision resistant. 393 00:16:35,912 --> 00:16:38,820 And it's hard to come up to clone me 100%. 394 00:16:38,820 --> 00:16:40,980 For example, my retina, even if I give you 395 00:16:40,980 --> 00:16:44,490 all the data behind my retina and you have it, 396 00:16:44,490 --> 00:16:47,520 it's very hard to produce a retina in your own eye 397 00:16:47,520 --> 00:16:49,870 that you can scan and pretend to be me, for example. 398 00:16:49,870 --> 00:16:51,703 That's one way to think of hashing somebody. 399 00:16:51,703 --> 00:16:52,880 You just scan the retina. 400 00:16:52,880 --> 00:16:54,830 And even though you know the full retina, 401 00:16:54,830 --> 00:16:57,330 it's of no use to you because you have to put it in your eye 402 00:16:57,330 --> 00:16:58,800 and go there and get scanned. 403 00:16:58,800 --> 00:16:59,830 And it's like, OK, fine. 404 00:16:59,830 --> 00:17:03,087 Well, our medical technology is not there yet. 405 00:17:03,087 --> 00:17:05,504 GARY GENSLER: [INAUDIBLE] And then we're going to move on. 406 00:17:05,504 --> 00:17:07,230 AUDIENCE: I'm just going to say, if you want to take it-- 407 00:17:07,230 --> 00:17:08,640 it's not even your physical representation. 408 00:17:08,640 --> 00:17:09,140 Right? 409 00:17:09,140 --> 00:17:11,730 Because you can change what you are physically nowadays. 410 00:17:11,730 --> 00:17:15,210 And so it's like what you know, what you are, 411 00:17:15,210 --> 00:17:17,880 and what you have, the three things that you can 412 00:17:17,880 --> 00:17:20,249 put into this hash function. 413 00:17:20,249 --> 00:17:23,260 AUDIENCE: Well, it should be-- 414 00:17:23,260 --> 00:17:24,158 it should be. 415 00:17:24,158 --> 00:17:24,700 You're right. 416 00:17:24,700 --> 00:17:25,783 It's not the whole of you. 417 00:17:25,783 --> 00:17:27,190 You have to do it very carefully. 418 00:17:27,190 --> 00:17:29,273 So the question is, how do you [INAUDIBLE] person. 419 00:17:29,273 --> 00:17:32,055 Because if you go by weight, let's say the hash function 420 00:17:32,055 --> 00:17:32,680 is your weight. 421 00:17:32,680 --> 00:17:33,388 Well, that's bad. 422 00:17:33,388 --> 00:17:34,930 Because you get collisions. 423 00:17:34,930 --> 00:17:37,520 So you have to do it very carefully, for sure. 424 00:17:37,520 --> 00:17:39,770 GARY GENSLER: So, Eric, did you have something to add? 425 00:17:39,770 --> 00:17:43,670 AUDIENCE: [INAUDIBLE] But actually, 426 00:17:43,670 --> 00:17:46,840 the main point of your elaboration is the biometrics 427 00:17:46,840 --> 00:17:49,810 behind the whole-- 428 00:17:49,810 --> 00:17:53,550 because it's not the hashing that's making this possible. 429 00:17:53,550 --> 00:17:54,760 It's the biometrics. 430 00:17:54,760 --> 00:17:58,150 Because you have to actually hash something. 431 00:17:58,150 --> 00:18:01,840 When you come from the abstract construct of saying, 432 00:18:01,840 --> 00:18:03,850 hash somebody, you're actually saying, 433 00:18:03,850 --> 00:18:06,660 you're hashing some biometric attribute 434 00:18:06,660 --> 00:18:09,895 that has to be unique to get the hash. 435 00:18:09,895 --> 00:18:12,850 AUDIENCE: I'm sure hashing a person is an abstraction 436 00:18:12,850 --> 00:18:14,643 for, let's say, take a biometric, 437 00:18:14,643 --> 00:18:16,060 it's actually collision resistant. 438 00:18:16,060 --> 00:18:19,110 AUDIENCE: The point, the really important point, 439 00:18:19,110 --> 00:18:20,142 it comes to biometrics. 440 00:18:20,142 --> 00:18:21,100 AUDIENCE: That's right. 441 00:18:21,100 --> 00:18:21,450 That's right. 442 00:18:21,450 --> 00:18:23,770 And then the question is, well, biometrics get stolen. 443 00:18:23,770 --> 00:18:24,530 How do you deal with that? 444 00:18:24,530 --> 00:18:26,230 Then you have to be very careful with it. 445 00:18:26,230 --> 00:18:27,360 There's nowadays, you can actually, 446 00:18:27,360 --> 00:18:29,068 if you aren't careful, it can get stolen. 447 00:18:29,068 --> 00:18:30,537 GARY GENSLER: [INAUDIBLE] 448 00:18:30,537 --> 00:18:31,120 AUDIENCE: Yes. 449 00:18:31,120 --> 00:18:35,320 So to Eric's point, I think that's still an identifier. 450 00:18:35,320 --> 00:18:37,210 It's not really your identity. 451 00:18:37,210 --> 00:18:39,160 Because like you guys are saying, 452 00:18:39,160 --> 00:18:43,620 you can replicate somebody's retina, let's say, 453 00:18:43,620 --> 00:18:46,510 1,000 years or 10 years down line, I don't know. 454 00:18:46,510 --> 00:18:47,260 AUDIENCE: Perhaps. 455 00:18:47,260 --> 00:18:47,680 That's right. 456 00:18:47,680 --> 00:18:48,040 That's right. 457 00:18:48,040 --> 00:18:50,082 AUDIENCE: Or they replicate somebody's fingertip. 458 00:18:50,082 --> 00:18:52,780 But that doesn't mean that you're replicating 459 00:18:52,780 --> 00:18:54,680 their entire identity. 460 00:18:54,680 --> 00:18:57,620 So I like the idea of hash somebody's identity, 461 00:18:57,620 --> 00:18:59,210 hashing a person. 462 00:18:59,210 --> 00:19:01,570 But I don't think it's just hashing their eye 463 00:19:01,570 --> 00:19:02,830 or just hashing their-- 464 00:19:02,830 --> 00:19:03,340 AUDIENCE: That's right. 465 00:19:03,340 --> 00:19:04,570 But I think you're getting philosophical. 466 00:19:04,570 --> 00:19:06,028 I'm looking through the perspective 467 00:19:06,028 --> 00:19:07,080 of a bank, a verifier. 468 00:19:07,080 --> 00:19:08,622 What does a bank actually need to do? 469 00:19:08,622 --> 00:19:10,540 It just needs to map everybody to some number. 470 00:19:10,540 --> 00:19:12,430 And when you come back, it needs to figure out 471 00:19:12,430 --> 00:19:14,260 which number you are or if you're a new number. 472 00:19:14,260 --> 00:19:15,130 That's all you need. 473 00:19:15,130 --> 00:19:16,453 And then, problem solved. 474 00:19:16,453 --> 00:19:18,370 And then by the way, personal data attributes, 475 00:19:18,370 --> 00:19:19,952 you just link those to those numbers. 476 00:19:19,952 --> 00:19:21,160 It's not a difficult problem. 477 00:19:21,160 --> 00:19:23,050 It's an orthogonal problem. 478 00:19:23,050 --> 00:19:24,320 You solve that [INAUDIBLE] 479 00:19:24,320 --> 00:19:26,620 GARY GENSLER: So let's agree that-- 480 00:19:26,620 --> 00:19:28,840 what Alin is saying is he's not talking 481 00:19:28,840 --> 00:19:32,720 about our soul or our unique identity. 482 00:19:32,720 --> 00:19:35,650 He's talking about something that a verifier or a bank 483 00:19:35,650 --> 00:19:36,650 might be able to do. 484 00:19:36,650 --> 00:19:40,280 And then you could say here's 7 billion people on the planet 485 00:19:40,280 --> 00:19:40,780 now. 486 00:19:40,780 --> 00:19:43,270 And there'll be 10 or 12 billion one day. 487 00:19:43,270 --> 00:19:44,890 But you could take each one of them 488 00:19:44,890 --> 00:19:49,390 and somehow have a unique identifier, a hash function, 489 00:19:49,390 --> 00:19:51,640 that has each of those. 490 00:19:51,640 --> 00:19:54,690 Don't do it off of DNA though. 491 00:19:54,690 --> 00:19:57,450 Because Eric and I, you know, and hundreds 492 00:19:57,450 --> 00:19:59,250 of millions of others would-- 493 00:19:59,250 --> 00:20:05,100 so DNA is not a unique identifier for true identity. 494 00:20:05,100 --> 00:20:10,110 So the concepts of identity for things 495 00:20:10,110 --> 00:20:12,252 that I think about sometimes, some of the papers 496 00:20:12,252 --> 00:20:12,960 were about three. 497 00:20:12,960 --> 00:20:18,450 But there's attributes, a claim, a credential, an attestation. 498 00:20:18,450 --> 00:20:19,920 What would be an attribute? 499 00:20:19,920 --> 00:20:23,803 Just any old attribute of a-- 500 00:20:23,803 --> 00:20:24,745 anybody? 501 00:20:27,262 --> 00:20:28,197 AUDIENCE: Your retina. 502 00:20:28,197 --> 00:20:29,280 GARY GENSLER: Your retina. 503 00:20:29,280 --> 00:20:34,180 Or it could be your age, address, citizenship, name. 504 00:20:34,180 --> 00:20:37,140 A claim is, my name is Gary. 505 00:20:37,140 --> 00:20:39,900 Or a claim might be, I am so old. 506 00:20:39,900 --> 00:20:44,440 Or I am a US citizen. 507 00:20:44,440 --> 00:20:51,670 Or a claim might even be, I have $5,000 in my bank account. 508 00:20:51,670 --> 00:20:53,560 There are other forms of claims. 509 00:20:53,560 --> 00:20:57,310 Or I do have a bank account at Bank of America. 510 00:20:59,830 --> 00:21:02,140 I don't think I have $5,000 in it right now. 511 00:21:02,140 --> 00:21:03,790 No. 512 00:21:03,790 --> 00:21:08,330 A credential is what we started with. 513 00:21:08,330 --> 00:21:13,300 I think James mentioned it, a driver's license, an ID card, 514 00:21:13,300 --> 00:21:15,730 a utility bill sometimes. 515 00:21:15,730 --> 00:21:18,640 I mean there's hundreds of forms of credentials. 516 00:21:18,640 --> 00:21:23,170 We think of the governmental credentials. 517 00:21:23,170 --> 00:21:27,570 The history of credentials is interesting. 518 00:21:27,570 --> 00:21:30,730 The first tens of thousands of years of human kind 519 00:21:30,730 --> 00:21:33,460 didn't have any. 520 00:21:33,460 --> 00:21:35,410 And we started to have them. 521 00:21:35,410 --> 00:21:42,430 Passports really aren't even that old of an invention. 522 00:21:42,430 --> 00:21:46,150 In the 16th century, the King of England had some pass boarding. 523 00:21:46,150 --> 00:21:48,940 But it was so that his citizens could be 524 00:21:48,940 --> 00:21:50,740 recognized in other countries. 525 00:21:50,740 --> 00:21:52,990 It was so that their rights would be respected 526 00:21:52,990 --> 00:21:57,690 and somebody would not be messed with. 527 00:21:57,690 --> 00:22:02,510 I'm under that sovereign, don't mess with me. 528 00:22:02,510 --> 00:22:05,350 But in terms of a true permitting system, 529 00:22:05,350 --> 00:22:08,560 it was largely implemented about 100 years ago. 530 00:22:08,560 --> 00:22:10,660 Anywhere between 100 and 150 years ago. 531 00:22:10,660 --> 00:22:12,910 It's not that old a system. 532 00:22:12,910 --> 00:22:15,220 But it was all paperwork. 533 00:22:15,220 --> 00:22:17,260 And I don't know if any of you have ever 534 00:22:17,260 --> 00:22:19,465 asked to see a grandparent's or great grandparent's 535 00:22:19,465 --> 00:22:22,550 or an ancestor's passport or those documents, 536 00:22:22,550 --> 00:22:23,500 if you have them. 537 00:22:23,500 --> 00:22:26,170 But they're intensely paper. 538 00:22:26,170 --> 00:22:28,240 In fact, if they're from the late 19th century, 539 00:22:28,240 --> 00:22:29,690 there's no photographs. 540 00:22:29,690 --> 00:22:32,155 They started to have photographs in the early 20th century. 541 00:22:35,730 --> 00:22:37,040 And so it's a big change. 542 00:22:37,040 --> 00:22:41,330 And the last 30 or 40 years of digitisation of this 543 00:22:41,330 --> 00:22:45,020 has actually made it a little harder, in some ways. 544 00:22:45,020 --> 00:22:46,190 I mean there's efficiencies. 545 00:22:46,190 --> 00:22:47,780 But it makes it harder. 546 00:22:47,780 --> 00:22:53,090 And then attestation is that third party verifying it. 547 00:22:53,090 --> 00:22:54,770 And that's what Alin was talking about. 548 00:22:54,770 --> 00:22:59,030 If somebody can verify your identity, they're basically-- 549 00:22:59,030 --> 00:22:59,810 I make a claim. 550 00:22:59,810 --> 00:23:01,280 My name's Gary. 551 00:23:01,280 --> 00:23:03,980 I might give a credential, my passport to show it. 552 00:23:03,980 --> 00:23:05,570 The picture looks like me. 553 00:23:05,570 --> 00:23:07,220 A human looks at it. 554 00:23:07,220 --> 00:23:08,900 Lines it up. 555 00:23:08,900 --> 00:23:10,220 Says all right. 556 00:23:10,220 --> 00:23:13,730 You can enter the country of Germany 557 00:23:13,730 --> 00:23:17,670 or wherever I'm traveling. 558 00:23:17,670 --> 00:23:19,810 They don't actually know that I'm really-- 559 00:23:19,810 --> 00:23:24,930 but they do some verification. 560 00:23:24,930 --> 00:23:28,350 So those are the big kind of pieces. 561 00:23:28,350 --> 00:23:32,650 Identity and access management systems, the functions-- 562 00:23:32,650 --> 00:23:34,770 and these are just taken from a bunch 563 00:23:34,770 --> 00:23:44,290 of readings-- authentication and then authorization. 564 00:23:44,290 --> 00:23:47,230 Authenticating that I have the bank account. 565 00:23:47,230 --> 00:23:48,850 Authorization, I can use it. 566 00:23:48,850 --> 00:23:52,240 Or authentication I'm a US citizen. 567 00:23:52,240 --> 00:23:56,700 Authorization, I can come into the country of Germany. 568 00:23:56,700 --> 00:24:04,870 So based upon some attribute, somebody authorizes me. 569 00:24:04,870 --> 00:24:07,060 Or something that maybe some of you 570 00:24:07,060 --> 00:24:12,190 have dealt with at some stage of your life, 571 00:24:12,190 --> 00:24:15,160 that first time you went in and handed 572 00:24:15,160 --> 00:24:20,034 a driver's license in so you could take a drink at a bar. 573 00:24:20,034 --> 00:24:23,360 Let me make it tangible. 574 00:24:23,360 --> 00:24:28,530 That's like authenticating, do you look like that person. 575 00:24:28,530 --> 00:24:31,060 And then who are the parties in this system? 576 00:24:31,060 --> 00:24:36,420 Users, service providers, identity providers. 577 00:24:36,420 --> 00:24:38,970 Anybody want to tell me about this ecosystem at all? 578 00:24:42,442 --> 00:24:43,400 Alfa, you didn't write. 579 00:24:43,400 --> 00:24:45,300 You wrote last time. 580 00:24:45,300 --> 00:24:45,800 Tom. 581 00:24:45,800 --> 00:24:47,133 AUDIENCE: Again, I didn't write. 582 00:24:47,133 --> 00:24:50,352 But the idea of identity provider is interesting. 583 00:24:50,352 --> 00:24:51,810 It fits in our conversation, right? 584 00:24:51,810 --> 00:24:55,360 If we're talking about your identity being who you are, 585 00:24:55,360 --> 00:24:57,750 it's really identity verification provider. 586 00:24:57,750 --> 00:25:01,665 They're providing the documents. 587 00:25:01,665 --> 00:25:03,230 GARY GENSLER: I think that's right. 588 00:25:03,230 --> 00:25:04,090 I mean, in a sense. 589 00:25:06,700 --> 00:25:11,360 Though identity, in a more philosophic way, 590 00:25:11,360 --> 00:25:12,890 is who you are. 591 00:25:12,890 --> 00:25:15,110 But yes, the identity provider can 592 00:25:15,110 --> 00:25:19,740 be somebody like the state of New York 593 00:25:19,740 --> 00:25:22,730 or the Commonwealth of Massachusetts, 594 00:25:22,730 --> 00:25:25,310 birth certificates, death certificates, marriage 595 00:25:25,310 --> 00:25:26,512 certificates. 596 00:25:29,680 --> 00:25:33,490 Attribute authorities, like certificate authorities, 597 00:25:33,490 --> 00:25:42,850 are kind of a more recent invention. 598 00:25:42,850 --> 00:25:46,210 I don't know that they existed 100 or 200 years ago. 599 00:25:46,210 --> 00:25:50,160 But an attribute authority says, these attributes, 600 00:25:50,160 --> 00:25:51,940 we'll validate them. 601 00:25:51,940 --> 00:25:56,950 They're central authorities that say, yes, this is correct. 602 00:25:56,950 --> 00:26:00,130 And certificate authorities are particularly an invention of, 603 00:26:00,130 --> 00:26:02,200 what, 40 years maybe. 604 00:26:02,200 --> 00:26:04,450 The internet, 30 years. 605 00:26:04,450 --> 00:26:08,500 AUDIENCE: I think the thesis was an MIT thesis in 1976. 606 00:26:08,500 --> 00:26:10,610 GARY GENSLER: 1976 thesis at MIT. 607 00:26:10,610 --> 00:26:14,818 AUDIENCE: If I remember correctly. 608 00:26:14,818 --> 00:26:16,360 GARY GENSLER: Did anybody want to say 609 00:26:16,360 --> 00:26:17,693 what a certificate authority is? 610 00:26:17,693 --> 00:26:19,930 Because they're in the middle of all of that. 611 00:26:19,930 --> 00:26:23,370 By the way, every time that you go to the internet today, 612 00:26:23,370 --> 00:26:25,390 a certificate authority is involved 613 00:26:25,390 --> 00:26:30,580 in that transaction, probably 100 billion times a day 614 00:26:30,580 --> 00:26:31,440 around the globe. 615 00:26:34,140 --> 00:26:36,850 Yeah, that's probably the order of magnitude. 616 00:26:36,850 --> 00:26:38,650 Probably 100 billion times a day, 617 00:26:38,650 --> 00:26:41,015 a certificate authority is used. 618 00:26:44,630 --> 00:26:45,430 Alin, you want to-- 619 00:26:45,430 --> 00:26:46,636 AUDIENCE: Sure, yeah. 620 00:26:46,636 --> 00:26:48,270 GARY GENSLER: Certificate authorities 621 00:26:48,270 --> 00:26:51,515 are how we access the internet all day long. 622 00:26:51,515 --> 00:26:52,972 AUDIENCE: You want an explanation 623 00:26:52,972 --> 00:26:54,180 for what they are on the web? 624 00:26:54,180 --> 00:26:54,740 GARY GENSLER: Yeah. 625 00:26:54,740 --> 00:26:55,530 AUDIENCE: Right. 626 00:26:55,530 --> 00:26:57,415 So on the web, you have a bunch of websites. 627 00:26:57,415 --> 00:26:59,040 Let's say you have facebook.com and you 628 00:26:59,040 --> 00:27:01,630 want to visit it and give it your password. 629 00:27:01,630 --> 00:27:03,540 So if you have evil people like me, 630 00:27:03,540 --> 00:27:06,090 I might set up a fake server and pretend 631 00:27:06,090 --> 00:27:08,670 to be facebook.com, mess with the DNS records, 632 00:27:08,670 --> 00:27:10,500 get you to visit my server. 633 00:27:10,500 --> 00:27:12,768 When you type www.facebook.com, you visit my server. 634 00:27:12,768 --> 00:27:13,560 But you can't tell. 635 00:27:13,560 --> 00:27:16,010 GARY GENSLER: DNS is Domain Name Server. 636 00:27:19,775 --> 00:27:21,150 AUDIENCE: But anyway, the idea is 637 00:27:21,150 --> 00:27:22,640 that when you actually do a look up 638 00:27:22,640 --> 00:27:24,270 from facebook.com from an IP address, 639 00:27:24,270 --> 00:27:25,630 that's actually very insecure. 640 00:27:25,630 --> 00:27:27,672 And attackers can mess with that and redirect you 641 00:27:27,672 --> 00:27:28,770 to their servers. 642 00:27:28,770 --> 00:27:31,603 And they might completely replicate the Facebook page 643 00:27:31,603 --> 00:27:33,770 so you might think you're interacting with Facebook. 644 00:27:33,770 --> 00:27:34,220 But you're not. 645 00:27:34,220 --> 00:27:35,660 You're interacting with an attacker website. 646 00:27:35,660 --> 00:27:37,830 And you type in your password and your user name, 647 00:27:37,830 --> 00:27:39,000 and then the attacker steals it. 648 00:27:39,000 --> 00:27:40,740 And then he just redirects you to the real Facebook 649 00:27:40,740 --> 00:27:42,680 and you won't notice the attack at all. 650 00:27:42,680 --> 00:27:43,722 Does that make sense? 651 00:27:43,722 --> 00:27:45,722 GARY GENSLER: And it all happens in nanoseconds. 652 00:27:45,722 --> 00:27:46,870 AUDIENCE: Right. 653 00:27:46,870 --> 00:27:48,930 And it's called the man in the middle attack. 654 00:27:48,930 --> 00:27:51,420 So what you do is you use public key cryptography 655 00:27:51,420 --> 00:27:52,590 to solve that problem. 656 00:27:52,590 --> 00:27:55,030 You say, OK, let's give each website a key pair. 657 00:27:55,030 --> 00:27:57,330 So facebook.com will have a key pair, a secret key 658 00:27:57,330 --> 00:27:58,560 and a public key. 659 00:27:58,560 --> 00:28:00,300 So now, the question is, well, there's 660 00:28:00,300 --> 00:28:01,900 a public key for facebook.com, but how 661 00:28:01,900 --> 00:28:04,358 do you know you have the right public key for facebook.com. 662 00:28:04,358 --> 00:28:07,680 Because an attacker could also give you their public key 663 00:28:07,680 --> 00:28:08,878 their fake facebook.com. 664 00:28:08,878 --> 00:28:10,920 So now, how do you distinguish between those two? 665 00:28:10,920 --> 00:28:12,920 That's where the certificate authority comes in. 666 00:28:12,920 --> 00:28:16,800 So the certificate authority signs these public keys. 667 00:28:16,800 --> 00:28:19,380 And you have the public key of the certificate authority. 668 00:28:19,380 --> 00:28:21,600 You have a signature from the certificate authority 669 00:28:21,600 --> 00:28:23,250 on the public key of facebook.com. 670 00:28:23,250 --> 00:28:24,510 You're now ready to trust that you're 671 00:28:24,510 --> 00:28:25,950 dealing with the real facebook.com 672 00:28:25,950 --> 00:28:28,110 and you can encrypt your password 673 00:28:28,110 --> 00:28:30,210 to facebook.com using your public key. 674 00:28:30,210 --> 00:28:31,710 There's a lot of public keys around. 675 00:28:31,710 --> 00:28:32,630 I know. 676 00:28:32,630 --> 00:28:34,625 I'm not sure if that made any sense. 677 00:28:34,625 --> 00:28:37,290 GARY GENSLER: So we earlier learned 678 00:28:37,290 --> 00:28:40,350 about public key and private keys 679 00:28:40,350 --> 00:28:43,080 as part of blockchain technology. 680 00:28:43,080 --> 00:28:47,310 But know that when Satoshi Nakamoto wrote that paper, 681 00:28:47,310 --> 00:28:53,340 she was just using asymmetric cryptography, 682 00:28:53,340 --> 00:28:56,460 public-private key cryptography, that had been invented really 683 00:28:56,460 --> 00:28:58,470 in the 1970s. 684 00:28:58,470 --> 00:29:00,450 And then it adopted, as the internet 685 00:29:00,450 --> 00:29:06,920 came along, and took off and had a lot of use in the 1990s 686 00:29:06,920 --> 00:29:10,020 to secure the internet by 1996. 687 00:29:10,020 --> 00:29:14,120 And the way that the internet's secured on TSL and SSL 688 00:29:14,120 --> 00:29:17,390 and these various ways it's secured 689 00:29:17,390 --> 00:29:21,410 was public key-private key cryptography, a full 12 years 690 00:29:21,410 --> 00:29:27,050 before Nakamoto wrote the paper, but used for a different case. 691 00:29:27,050 --> 00:29:29,360 But Facebook has a public key. 692 00:29:29,360 --> 00:29:31,700 And all those public keys of all the websites 693 00:29:31,700 --> 00:29:36,220 that you visit every day, there is a central authority 694 00:29:36,220 --> 00:29:37,600 called a certificate authority. 695 00:29:37,600 --> 00:29:40,360 There's actually a 100 plus certificate authorities. 696 00:29:40,360 --> 00:29:44,320 But certificate authorities that say, 697 00:29:44,320 --> 00:29:47,830 this is the Facebook public key. 698 00:29:47,830 --> 00:29:50,740 So that when you go to your Facebook or you go to Google 699 00:29:50,740 --> 00:29:56,440 or you go to shop on Amazon, you know you're actually-- 700 00:29:56,440 --> 00:30:00,370 so that's a corporate or that's another form of identity. 701 00:30:00,370 --> 00:30:04,630 It's not one with soul, I would suggest. 702 00:30:04,630 --> 00:30:07,220 That's not a negative thing about Facebook. 703 00:30:07,220 --> 00:30:10,053 I just don't think websites-- 704 00:30:10,053 --> 00:30:11,970 but you all might have a different philosophy. 705 00:30:11,970 --> 00:30:14,440 I didn't think websites have soul. 706 00:30:14,440 --> 00:30:15,320 Brotish. 707 00:30:15,320 --> 00:30:17,940 AUDIENCE: It's not clear to me how, as a user, 708 00:30:17,940 --> 00:30:19,780 I know that I'm going to the right website. 709 00:30:19,780 --> 00:30:22,000 I understand certification happens [INAUDIBLE] 710 00:30:22,000 --> 00:30:24,840 But how do I know that I have the right website. 711 00:30:24,840 --> 00:30:27,030 GARY GENSLER: I'll try to do it in lay terms. 712 00:30:27,030 --> 00:30:28,470 And then you'll hit it. 713 00:30:28,470 --> 00:30:32,550 There's kind of a handoff that when you send that signal, 714 00:30:32,550 --> 00:30:35,470 you're trying to access-- 715 00:30:35,470 --> 00:30:36,882 is it Facebook? 716 00:30:36,882 --> 00:30:37,965 You're accessing Facebook. 717 00:30:41,000 --> 00:30:44,040 They send you some information, including their public key that 718 00:30:44,040 --> 00:30:44,880 you're-- 719 00:30:44,880 --> 00:30:46,430 in essence, a certificate authority 720 00:30:46,430 --> 00:30:47,880 is automatically checking. 721 00:30:47,880 --> 00:30:50,747 But Alin will give you the more technical. 722 00:30:50,747 --> 00:30:52,330 AUDIENCE: Let's use a simpler example. 723 00:30:52,330 --> 00:30:54,210 Let's say you want to go to New York Times 724 00:30:54,210 --> 00:30:56,070 and you want to read a headline that says something 725 00:30:56,070 --> 00:30:58,153 about some important things, like tomorrow there's 726 00:30:58,153 --> 00:31:00,057 going to be a snow storm. 727 00:31:00,057 --> 00:31:01,890 Obviously you want to know if you're dealing 728 00:31:01,890 --> 00:31:03,015 with the authentic website. 729 00:31:03,015 --> 00:31:05,012 That seems to me the problem. 730 00:31:05,012 --> 00:31:06,220 So how do you deal with that? 731 00:31:06,220 --> 00:31:08,940 Well, remember the New York Times will have a public key. 732 00:31:08,940 --> 00:31:11,040 It will have a corresponding secret key. 733 00:31:11,040 --> 00:31:13,732 So you visit their website. 734 00:31:13,732 --> 00:31:15,690 It turns out that when you download the website 735 00:31:15,690 --> 00:31:17,670 from the New York Times with that announcement 736 00:31:17,670 --> 00:31:19,800 about the snow storm, that's actually signed 737 00:31:19,800 --> 00:31:24,990 with their secret key to verify the website that you get. 738 00:31:24,990 --> 00:31:27,070 You verify it against their public key. 739 00:31:27,070 --> 00:31:29,070 And you know that only they know the secret key. 740 00:31:29,070 --> 00:31:31,695 So only they could have offered that information and signed it. 741 00:31:31,695 --> 00:31:34,320 So then you know you're dealing with the right website. 742 00:31:34,320 --> 00:31:36,583 It's literally the New York Times sends you 743 00:31:36,583 --> 00:31:39,000 a signature over every piece of information they send you. 744 00:31:39,000 --> 00:31:40,350 And you verify it against their public key, 745 00:31:40,350 --> 00:31:42,410 which in turn you verified it from a certificate authority. 746 00:31:42,410 --> 00:31:44,743 GARY GENSLER: If you remember the little bit of broccoli 747 00:31:44,743 --> 00:31:51,360 we did earlier this year, that asymmetric cryptography 748 00:31:51,360 --> 00:31:53,190 with a public key and a private key 749 00:31:53,190 --> 00:31:56,890 also has digital signatures. 750 00:31:56,890 --> 00:32:00,240 So you have, now, two things. 751 00:32:00,240 --> 00:32:01,770 Let's go back to Bitcoin. 752 00:32:01,770 --> 00:32:05,470 In Bitcoin transactions, you have a public key. 753 00:32:05,470 --> 00:32:08,890 And then somebody signs a transaction. 754 00:32:08,890 --> 00:32:12,370 And the math behind it, the cryptography behind it, 755 00:32:12,370 --> 00:32:15,280 is a signature and a public key that 756 00:32:15,280 --> 00:32:18,740 come from the same private key. 757 00:32:18,740 --> 00:32:20,990 There's a way to do a function to check that they 758 00:32:20,990 --> 00:32:24,390 came from the same private key. 759 00:32:24,390 --> 00:32:28,320 And the heart and soul of what was invented in the 1970s 760 00:32:28,320 --> 00:32:30,900 was not just that there's a public key and a private key, 761 00:32:30,900 --> 00:32:34,230 but also that you can digitally sign it. 762 00:32:34,230 --> 00:32:36,060 And then when the digital signature 763 00:32:36,060 --> 00:32:40,790 is compared to the public key, it's 764 00:32:40,790 --> 00:32:44,660 unique if they came from the same private key. 765 00:32:44,660 --> 00:32:46,280 So going back to the New York Times, 766 00:32:46,280 --> 00:32:49,490 the New York Times you have both their public key and then 767 00:32:49,490 --> 00:32:52,310 each headline, each piece of information 768 00:32:52,310 --> 00:32:54,900 has a digital signature. 769 00:32:54,900 --> 00:32:58,290 And of course, you do have a centralization, 770 00:32:58,290 --> 00:33:00,990 a lot of centralization, on the internet related 771 00:33:00,990 --> 00:33:03,550 to these certificate authorities. 772 00:33:03,550 --> 00:33:04,050 Eric. 773 00:33:04,050 --> 00:33:06,360 AUDIENCE: Just a point maybe to clarify, 774 00:33:06,360 --> 00:33:08,410 this is performed at a protocol level. 775 00:33:08,410 --> 00:33:12,980 That is not the user witnessing any of these interactions. 776 00:33:12,980 --> 00:33:19,120 It's done at the top of the TCP ICP stack, this TLS, which 777 00:33:19,120 --> 00:33:27,210 is the security protocol that works with HTTP, which is web. 778 00:33:27,210 --> 00:33:30,350 And this is where you find that this little lock 779 00:33:30,350 --> 00:33:33,190 in the browser that's guaranteeing that that's 780 00:33:33,190 --> 00:33:34,560 the website you're visiting. 781 00:33:34,560 --> 00:33:39,140 Because the whole exchange of information 782 00:33:39,140 --> 00:33:42,550 that includes the public key from the website 783 00:33:42,550 --> 00:33:45,510 and the verification is done by the browser. 784 00:33:45,510 --> 00:33:47,262 You don't do anything interactive. 785 00:33:47,262 --> 00:33:48,720 GARY GENSLER: We don't do anything. 786 00:33:48,720 --> 00:33:50,340 That little lock has that meaning. 787 00:33:50,340 --> 00:33:52,790 And you could actually see what certificate authority. 788 00:33:52,790 --> 00:33:56,700 I only pause on that to pause not only to tie back 789 00:33:56,700 --> 00:33:59,700 earlier conversations about public and private key, 790 00:33:59,700 --> 00:34:02,760 but the whole internet is reliant on these certificate 791 00:34:02,760 --> 00:34:03,810 authorities. 792 00:34:03,810 --> 00:34:06,540 And blockchain technology might be a way 793 00:34:06,540 --> 00:34:11,300 to step around and have a new paradigm. 794 00:34:11,300 --> 00:34:11,800 Kelly. 795 00:34:11,800 --> 00:34:13,984 AUDIENCE: So for a contextual example, 796 00:34:13,984 --> 00:34:17,800 say I'm trying to access my brokerage account or whatever. 797 00:34:17,800 --> 00:34:19,620 And say I forgot my password. 798 00:34:19,620 --> 00:34:22,409 Or every month, they want you to replace this or that 799 00:34:22,409 --> 00:34:25,110 to protect your account. 800 00:34:25,110 --> 00:34:29,310 How does a person interact with these various parties going 801 00:34:29,310 --> 00:34:33,247 through that process when it's trying to verify that it's you 802 00:34:33,247 --> 00:34:35,330 gaining access? 803 00:34:35,330 --> 00:34:38,840 What are the points of contact for those? 804 00:34:38,840 --> 00:34:41,284 GARY GENSLER: There is an initial layer, 805 00:34:41,284 --> 00:34:42,659 which we were just talking about, 806 00:34:42,659 --> 00:34:45,750 that you're actually dealing with you're-- 807 00:34:45,750 --> 00:34:46,350 I don't know. 808 00:34:46,350 --> 00:34:47,570 I'm going to make it up. 809 00:34:47,570 --> 00:34:48,585 DE Shaw. 810 00:34:48,585 --> 00:34:50,280 Or no, that's a hedge fund. 811 00:34:50,280 --> 00:34:51,420 With-- 812 00:34:51,420 --> 00:34:54,221 AUDIENCE: Bank of America. 813 00:34:54,221 --> 00:34:55,650 GARY GENSLER: Bank of America. 814 00:34:55,650 --> 00:34:56,317 Fine. 815 00:34:56,317 --> 00:34:57,900 That you're really dealing-- so that's 816 00:34:57,900 --> 00:34:59,610 what we were talking about that. 817 00:34:59,610 --> 00:35:01,012 They are Bank of America. 818 00:35:01,012 --> 00:35:02,970 And you're really dealing with Bank of America. 819 00:35:02,970 --> 00:35:05,010 And you don't even participate in that. 820 00:35:05,010 --> 00:35:07,440 But then there's another layer that if you've 821 00:35:07,440 --> 00:35:11,450 forgotten your password, they're going 822 00:35:11,450 --> 00:35:16,590 to ask you a bunch of questions, like the usual questions 823 00:35:16,590 --> 00:35:18,130 about who was your first pet and who 824 00:35:18,130 --> 00:35:20,950 was your first significant other and things like that. 825 00:35:20,950 --> 00:35:24,671 But at some point in time, they'll freeze you out. 826 00:35:24,671 --> 00:35:26,528 AUDIENCE: That's the service provider 827 00:35:26,528 --> 00:35:27,570 that you registered with. 828 00:35:27,570 --> 00:35:29,346 That's Bank of America. 829 00:35:29,346 --> 00:35:31,320 GARY GENSLER: That's Bank of America 830 00:35:31,320 --> 00:35:33,630 has their anti-fraud provisions. 831 00:35:33,630 --> 00:35:35,430 What we were just talking about is really 832 00:35:35,430 --> 00:35:38,670 at the internet browser. 833 00:35:38,670 --> 00:35:40,770 And in essence, Facebook is the one 834 00:35:40,770 --> 00:35:44,190 that's trying to be identified. 835 00:35:44,190 --> 00:35:48,990 100 billion times a day, some human around the globe 836 00:35:48,990 --> 00:35:50,517 is trying to be protected, that they 837 00:35:50,517 --> 00:35:52,350 know they're dealing with the right identity 838 00:35:52,350 --> 00:35:53,220 on the other side. 839 00:35:53,220 --> 00:35:54,970 We were talking about human identity. 840 00:35:54,970 --> 00:35:57,750 There's also the identity of the websites. 841 00:35:57,750 --> 00:36:01,060 And that's what we were just chatting about. 842 00:36:01,060 --> 00:36:02,050 Let me move on. 843 00:36:02,050 --> 00:36:04,680 And then if I've left you confused, 844 00:36:04,680 --> 00:36:06,430 because you were asking about what happens 845 00:36:06,430 --> 00:36:07,653 if you forgot your password-- 846 00:36:07,653 --> 00:36:08,320 AUDIENCE: Right. 847 00:36:08,320 --> 00:36:12,555 Like how do they verify you, not you verifying them. 848 00:36:12,555 --> 00:36:14,995 GARY GENSLER: How did they verify you? 849 00:36:17,830 --> 00:36:21,100 I would contend it's still kind of a little archaic. 850 00:36:21,100 --> 00:36:25,540 I mean, it's a little bit like if you forgot your-- 851 00:36:25,540 --> 00:36:28,270 a couple of times you use a username and password, 852 00:36:28,270 --> 00:36:30,280 and of course if you have dual authentication, 853 00:36:30,280 --> 00:36:34,660 they might send you a notice to another text message 854 00:36:34,660 --> 00:36:35,907 or something. 855 00:36:35,907 --> 00:36:37,490 But if you've forgotten your password, 856 00:36:37,490 --> 00:36:40,890 then it's literally backdoor sort of saying, well, 857 00:36:40,890 --> 00:36:42,260 to remember your question. 858 00:36:42,260 --> 00:36:43,900 I never remember the questions. 859 00:36:43,900 --> 00:36:49,540 I mean who is your first friend in elementary school? 860 00:36:49,540 --> 00:36:53,490 What was the first car you drove? 861 00:36:53,490 --> 00:36:56,670 It's crude. 862 00:36:56,670 --> 00:36:59,550 And then they usually freeze you out for fraud protection 863 00:36:59,550 --> 00:37:03,430 after two or three times of trying that. 864 00:37:03,430 --> 00:37:05,170 And almost always, there's something 865 00:37:05,170 --> 00:37:07,615 where they can send it to you another place. 866 00:37:11,110 --> 00:37:15,440 Identity management, some of the pain points. 867 00:37:15,440 --> 00:37:16,910 What are we trying to solve? 868 00:37:16,910 --> 00:37:22,270 And why would blockchain technology maybe help us out? 869 00:37:22,270 --> 00:37:25,150 Privacy and security is a big one. 870 00:37:28,590 --> 00:37:32,970 There are a lot of thefts, identity theft. 871 00:37:32,970 --> 00:37:36,660 How many people are in the room have had their credit card-- 872 00:37:36,660 --> 00:37:39,660 this year, in 2018, we're 11 months in-- 873 00:37:39,660 --> 00:37:41,790 have had their credit card have to be replaced 874 00:37:41,790 --> 00:37:46,090 because the bank got in touch and said it's compromised? 875 00:37:46,090 --> 00:37:47,880 Only about 20% of us. 876 00:37:47,880 --> 00:37:50,530 I would have thought it was going to be more. 877 00:37:50,530 --> 00:37:56,670 I feel like I get one of those calls every 18 to 24 months. 878 00:37:56,670 --> 00:37:57,990 Maybe I shop too much. 879 00:37:57,990 --> 00:38:00,530 Or my daughters are using my card too much. 880 00:38:00,530 --> 00:38:03,990 AUDIENCE: [INAUDIBLE] big enough to be a target. 881 00:38:03,990 --> 00:38:06,962 Student banks tend to be negative. 882 00:38:06,962 --> 00:38:10,170 GARY GENSLER: You think that's it? 883 00:38:10,170 --> 00:38:14,910 I just assume that some merchant has been hacked again. 884 00:38:14,910 --> 00:38:17,880 I mean, every time a merchant loses 1 million, 885 00:38:17,880 --> 00:38:22,080 or 100,000, or 50 million accounts, 886 00:38:22,080 --> 00:38:27,260 then the banking system needs to send out those notices. 887 00:38:27,260 --> 00:38:31,820 I chair a commission, Financial Consumer Protection Commission 888 00:38:31,820 --> 00:38:32,780 of Maryland. 889 00:38:32,780 --> 00:38:37,510 And the credit union advocates in Maryland 890 00:38:37,510 --> 00:38:41,590 came to our commission and said, we need some help. 891 00:38:41,590 --> 00:38:44,660 We banks and credit unions have to protect a lot of data. 892 00:38:44,660 --> 00:38:47,410 But every time a merchant loses data, 893 00:38:47,410 --> 00:38:49,360 it's us credit unions and banks that 894 00:38:49,360 --> 00:38:52,210 have to replace all the credit cards. 895 00:38:52,210 --> 00:38:54,520 And they feel there's an asymmetry, commercial 896 00:38:54,520 --> 00:38:58,900 asymmetry, that the banking sector is bearing 897 00:38:58,900 --> 00:39:04,400 the brunt of other merchant's, non-financial sectors, data 898 00:39:04,400 --> 00:39:05,590 breaches. 899 00:39:05,590 --> 00:39:08,150 And should the state of Maryland-- this is a live 900 00:39:08,150 --> 00:39:10,280 issue actually in front of our commission. 901 00:39:10,280 --> 00:39:12,350 Should the state of Maryland change its laws 902 00:39:12,350 --> 00:39:16,310 to put higher cybersecurity responsibilities 903 00:39:16,310 --> 00:39:19,580 on non-financial sector actors? 904 00:39:19,580 --> 00:39:21,470 And the financial sector would say, yeah, 905 00:39:21,470 --> 00:39:24,980 that kind of feels you'd be leveling the playing field. 906 00:39:24,980 --> 00:39:26,570 And the merchants are saying, you 907 00:39:26,570 --> 00:39:29,950 can't do that on every grocery store and bar. 908 00:39:29,950 --> 00:39:36,043 It seems like it's a little out of sync. 909 00:39:36,043 --> 00:39:37,460 AUDIENCE: Yeah, I was going to say 910 00:39:37,460 --> 00:39:41,700 that credit card theft like this is a perfect application public 911 00:39:41,700 --> 00:39:42,950 key cryptography. 912 00:39:42,950 --> 00:39:47,870 The [INAUDIBLE] don't give out your credit card number 913 00:39:47,870 --> 00:39:48,693 to these folks. 914 00:39:48,693 --> 00:39:50,360 Your credit card should have a key pair. 915 00:39:50,360 --> 00:39:52,235 It should have a secret key and a public key. 916 00:39:52,235 --> 00:39:54,220 And you give your public key to Amazon. 917 00:39:54,220 --> 00:39:55,820 And then how do you pay Amazon? 918 00:39:55,820 --> 00:39:57,930 Well, you sign with your secret key that's on your credit card. 919 00:39:57,930 --> 00:39:59,210 So nobody knows your secret key. 920 00:39:59,210 --> 00:40:00,170 It's on your damn card. 921 00:40:00,170 --> 00:40:01,550 Never lose that card. 922 00:40:01,550 --> 00:40:02,720 And problem solved. 923 00:40:02,720 --> 00:40:05,215 They can steal as many public keys as they want. 924 00:40:05,215 --> 00:40:05,840 Problem solved. 925 00:40:05,840 --> 00:40:07,070 Same thing with the SSN. 926 00:40:07,070 --> 00:40:08,650 Why would you share that-- 927 00:40:08,650 --> 00:40:10,200 GARY GENSLER: I disclosed to you. 928 00:40:10,200 --> 00:40:12,092 He became a maximalist, almost. 929 00:40:12,092 --> 00:40:14,300 AUDIENCE: [INAUDIBLE] I'm talking about public crypto 930 00:40:14,300 --> 00:40:15,970 here, not without consensus. 931 00:40:15,970 --> 00:40:18,150 Although, consensus can be a very important part 932 00:40:18,150 --> 00:40:18,560 of all of this. 933 00:40:18,560 --> 00:40:19,120 GARY GENSLER: Almost. 934 00:40:19,120 --> 00:40:19,620 Almost. 935 00:40:19,620 --> 00:40:20,200 All right. 936 00:40:20,200 --> 00:40:21,740 So let me just hit. 937 00:40:21,740 --> 00:40:24,860 So in terms of the big pain points-- 938 00:40:24,860 --> 00:40:27,260 privacy and security, a bunch of identity theft, 939 00:40:27,260 --> 00:40:29,900 forged credentials, back to the passport 940 00:40:29,900 --> 00:40:31,610 or the driver's license or the credit 941 00:40:31,610 --> 00:40:36,530 card, a forged credential, whatever that is. 942 00:40:36,530 --> 00:40:40,640 And of course, just how do we update our personal identity 943 00:40:40,640 --> 00:40:42,670 for any time we move? 944 00:40:42,670 --> 00:40:45,830 And this term PII is three letters 945 00:40:45,830 --> 00:40:46,880 you'll learn in business. 946 00:40:46,880 --> 00:40:49,970 Because at some point in time you'll be running a business 947 00:40:49,970 --> 00:40:53,420 and somebody will be coming in, your chief of information 948 00:40:53,420 --> 00:40:55,610 officer, and say, we've had a breach. 949 00:40:55,610 --> 00:40:58,190 And unfortunately we broke some laws, too. 950 00:40:58,190 --> 00:41:02,330 Because in the US and in other countries GDPR, 951 00:41:02,330 --> 00:41:03,740 you have to protect certain data. 952 00:41:03,740 --> 00:41:05,990 And it's usually called PPI. 953 00:41:05,990 --> 00:41:09,890 It's usually the bucket of data you need to protect. 954 00:41:09,890 --> 00:41:13,790 But every time you update your personal information, how do 955 00:41:13,790 --> 00:41:18,185 you how do you keep it updated? 956 00:41:18,185 --> 00:41:19,310 Ross, was there a question? 957 00:41:19,310 --> 00:41:24,145 AUDIENCE: I just had a question back on your Maryland example. 958 00:41:24,145 --> 00:41:25,520 I make the assumption, maybe it's 959 00:41:25,520 --> 00:41:31,332 wrong, that if your commission allows the banks-- 960 00:41:31,332 --> 00:41:32,870 or passes that regulation-- 961 00:41:32,870 --> 00:41:35,180 GARY GENSLER: We're just an advisory. 962 00:41:35,180 --> 00:41:37,152 But if we recommend to the General Assembly. 963 00:41:37,152 --> 00:41:39,110 AUDIENCE: That the banks are not going to lower 964 00:41:39,110 --> 00:41:40,910 their fee to the merchants. 965 00:41:40,910 --> 00:41:44,840 So what's the dollar number that they're trying to push? 966 00:41:44,840 --> 00:41:47,200 In other words, I'm trying to size the pain point. 967 00:41:47,200 --> 00:41:50,210 What's the amount of cost to those banks 968 00:41:50,210 --> 00:41:53,000 that they're trying to move to the merchants 969 00:41:53,000 --> 00:41:56,300 and thus drop from the bank's bottom line? 970 00:41:56,300 --> 00:41:57,800 GARY GENSLER: I don't have a figure. 971 00:41:57,800 --> 00:41:58,883 It's a very good question. 972 00:42:02,420 --> 00:42:08,640 What we know is that the overall statistics on fraud and credit 973 00:42:08,640 --> 00:42:13,620 card is, I think, high teens basis points. 974 00:42:13,620 --> 00:42:18,160 I can't remember, 15 or 18 basis points but less than 20. 975 00:42:18,160 --> 00:42:20,030 And it's more than 10. 976 00:42:20,030 --> 00:42:25,310 So Visa Network charges 270 basis points or so. 977 00:42:25,310 --> 00:42:29,270 And the fraud part of it's 15 or 18 basis points. 978 00:42:29,270 --> 00:42:31,636 AUDIENCE: And the issuing bank gets how much of the 275? 979 00:42:31,636 --> 00:42:34,465 GARY GENSLER: 200 or so. 980 00:42:34,465 --> 00:42:35,090 AUDIENCE: Yeah. 981 00:42:35,090 --> 00:42:36,965 So they want to [INAUDIBLE] whatever that is. 982 00:42:36,965 --> 00:42:39,050 GARY GENSLER: But I don't know-- 983 00:42:39,050 --> 00:42:42,860 and this is particularly credit unions are coming to us 984 00:42:42,860 --> 00:42:47,790 and saying there's an externality, the merchants, 985 00:42:47,790 --> 00:42:48,520 the gas stations. 986 00:42:51,430 --> 00:42:51,930 All right. 987 00:42:51,930 --> 00:42:53,950 So you're saying, I know which way you 988 00:42:53,950 --> 00:42:55,670 would vote on our commission. 989 00:42:58,930 --> 00:43:02,610 So what's going on a little bit about data breaches? 990 00:43:02,610 --> 00:43:05,760 I just tried to sort of list anything 991 00:43:05,760 --> 00:43:07,350 over 100 million customers. 992 00:43:07,350 --> 00:43:10,080 But then I had to put Facebook in because it was 50 million. 993 00:43:10,080 --> 00:43:14,745 But these are just like a dozen or so really big data breaches. 994 00:43:17,860 --> 00:43:20,920 There are so many data breaches in 2018 alone 995 00:43:20,920 --> 00:43:23,230 that you couldn't list them on a page like this. 996 00:43:23,230 --> 00:43:26,950 This is the last five years of 100 million people or more data 997 00:43:26,950 --> 00:43:28,300 breaches. 998 00:43:28,300 --> 00:43:30,810 So there's a problem here in cyber secure. 999 00:43:30,810 --> 00:43:31,810 And this is just the US. 1000 00:43:34,732 --> 00:43:37,600 Brotish, didn't the Indian system-- 1001 00:43:37,600 --> 00:43:40,630 AUDIENCE: [INAUDIBLE] more than a billion. 1002 00:43:40,630 --> 00:43:43,840 GARY GENSLER: 1.1 billion people's IDs 1003 00:43:43,840 --> 00:43:47,390 were hacked in India. 1004 00:43:47,390 --> 00:43:49,420 It was announced in January of this year. 1005 00:43:53,770 --> 00:43:57,007 And so, it's a lot going on. 1006 00:43:57,007 --> 00:43:58,590 And every once in a while, politically 1007 00:43:58,590 --> 00:44:02,850 it captures the attention of particularly Equifax did, 1008 00:44:02,850 --> 00:44:04,470 Facebook does. 1009 00:44:04,470 --> 00:44:07,570 Wells Fargo, I think the breach was 3 million. 1010 00:44:07,570 --> 00:44:10,420 It's not even on this. 1011 00:44:10,420 --> 00:44:16,080 It wouldn't get to the 50th page by size. 1012 00:44:16,080 --> 00:44:18,540 But Wells Fargo had other issues that was 1013 00:44:18,540 --> 00:44:20,455 capturing the public attention. 1014 00:44:20,455 --> 00:44:20,955 Kelly. 1015 00:44:20,955 --> 00:44:22,320 AUDIENCE: Just taking the Marriott one 1016 00:44:22,320 --> 00:44:24,940 as an example, that's been the most recent one in the news, 1017 00:44:24,940 --> 00:44:25,890 I think. 1018 00:44:25,890 --> 00:44:28,680 It's so costly to these corporations. 1019 00:44:28,680 --> 00:44:30,180 I think Marriott even said that they 1020 00:44:30,180 --> 00:44:34,785 would pay the fee to replace passports for those affected. 1021 00:44:37,410 --> 00:44:39,600 I mean, maybe it's a drop in the bucket for them. 1022 00:44:39,600 --> 00:44:45,300 But in terms of the value in pain points, 1023 00:44:45,300 --> 00:44:49,327 sort of like you were talking about, it's a lot. 1024 00:44:49,327 --> 00:44:50,410 GARY GENSLER: It is a lot. 1025 00:44:50,410 --> 00:44:55,050 But one of the challenges that blockchain technology solutions 1026 00:44:55,050 --> 00:44:56,250 is adoption. 1027 00:44:56,250 --> 00:45:02,800 How do you get Marriott to contribute to a new system 1028 00:45:02,800 --> 00:45:07,060 if you come up with a really clever, creative, new system? 1029 00:45:07,060 --> 00:45:10,390 Because there are so many thousands of merchants 1030 00:45:10,390 --> 00:45:15,080 that are trying to deal with their cybersecurity risk. 1031 00:45:15,080 --> 00:45:19,390 And Marriott, all of a sudden, has all these costs. 1032 00:45:19,390 --> 00:45:23,260 But how you get them involved in your new blockchain technology 1033 00:45:23,260 --> 00:45:26,800 solution, I think it's just an adoption issue, which 1034 00:45:26,800 --> 00:45:29,320 somebody might solve. 1035 00:45:29,320 --> 00:45:31,390 Or as Ross says, well, wait a minute. 1036 00:45:31,390 --> 00:45:34,608 If the banks were to just [INAUDIBLE] right? 1037 00:45:34,608 --> 00:45:36,150 AUDIENCE: If they want to cut the fee 1038 00:45:36,150 --> 00:45:38,101 and let everybody else-- then that's fine. 1039 00:45:38,101 --> 00:45:42,237 But the merchants have no bargaining power. 1040 00:45:42,237 --> 00:45:43,320 GARY GENSLER: That's true. 1041 00:45:43,320 --> 00:45:45,382 AUDIENCE: So they cut the fee. 1042 00:45:45,382 --> 00:45:48,660 GARY GENSLER: So a couple of state identity projects. 1043 00:45:48,660 --> 00:45:50,670 Estonia has e-identity. 1044 00:45:50,670 --> 00:45:55,110 They started in 2002, well before blockchain technology. 1045 00:45:55,110 --> 00:45:59,760 And it's run on a software called X-Road software. 1046 00:45:59,760 --> 00:46:03,390 And while some folks might think of Estonia 1047 00:46:03,390 --> 00:46:08,335 as a blockchain friendly nation, does anybody 1048 00:46:08,335 --> 00:46:10,710 want to take a guess whether this software has blockchain 1049 00:46:10,710 --> 00:46:13,720 technology? 1050 00:46:13,720 --> 00:46:15,550 What's the consensus? 1051 00:46:15,550 --> 00:46:16,060 No. 1052 00:46:16,060 --> 00:46:18,640 It's not. 1053 00:46:18,640 --> 00:46:21,090 That doesn't mean it doesn't work. 1054 00:46:21,090 --> 00:46:26,410 But they've sort of wrapped themselves 1055 00:46:26,410 --> 00:46:29,440 in this sort of spirit of we're a blockchain nation. 1056 00:46:29,440 --> 00:46:33,280 And they also have e-health records and many other records 1057 00:46:33,280 --> 00:46:35,380 that are going online. 1058 00:46:35,380 --> 00:46:40,810 And it may be, at some level, inspired by that. 1059 00:46:40,810 --> 00:46:46,770 They have 1.3 million people in Estonia. 1060 00:46:46,770 --> 00:46:50,460 I think a bigger state actor in the challenge-- 1061 00:46:50,460 --> 00:46:53,580 sorry, Brotish-- is Aadhaar. 1062 00:46:53,580 --> 00:46:56,130 So there's a national identification system. 1063 00:46:56,130 --> 00:47:00,630 And it was promoted really for inclusion, financial inclusion, 1064 00:47:00,630 --> 00:47:05,670 and a way to get government assistance and welfare 1065 00:47:05,670 --> 00:47:10,260 to hundreds of millions of poor. 1066 00:47:10,260 --> 00:47:12,270 India at the time that it was rolled out, 1067 00:47:12,270 --> 00:47:17,340 well over half of India did not have a banking account at all. 1068 00:47:17,340 --> 00:47:21,750 12 digit ID and biometrics, being fingerprint and iris 1069 00:47:21,750 --> 00:47:26,040 scan, I think they would deal with the identical twin issue. 1070 00:47:26,040 --> 00:47:34,260 I think, from my little example that my twin brother Rob's 1071 00:47:34,260 --> 00:47:37,710 finger didn't open my iPhone. 1072 00:47:37,710 --> 00:47:39,250 But there's been a lot of problems. 1073 00:47:39,250 --> 00:47:41,610 And that's not a blockchain project either. 1074 00:47:41,610 --> 00:47:46,140 But my read of it is Aadhaar-- 1075 00:47:46,140 --> 00:47:48,000 and maybe Brotish has some views-- 1076 00:47:48,000 --> 00:47:50,850 has done some very positive things in India. 1077 00:47:50,850 --> 00:47:55,110 But it's also come with some very scary things. 1078 00:47:55,110 --> 00:47:57,600 Brotish. 1079 00:47:57,600 --> 00:48:00,210 AUDIENCE: It's a quick nugget of information about Aadhaar. 1080 00:48:00,210 --> 00:48:03,180 It was the fastest system in the world 1081 00:48:03,180 --> 00:48:05,700 to reach 1 billion users, faster than Facebook 1082 00:48:05,700 --> 00:48:08,890 or any other online platform. 1083 00:48:08,890 --> 00:48:12,390 And [INAUDIBLE] optional, I mean it was not a mandatory system 1084 00:48:12,390 --> 00:48:13,560 for people to get it. 1085 00:48:13,560 --> 00:48:14,660 It was optional system. 1086 00:48:14,660 --> 00:48:17,200 But it was the fastest one to reach 1 billion. 1087 00:48:17,200 --> 00:48:19,170 GARY GENSLER: But it's optional. 1088 00:48:19,170 --> 00:48:21,180 But you can't get your government assistance 1089 00:48:21,180 --> 00:48:22,830 any longer if you're not in it, right? 1090 00:48:22,830 --> 00:48:24,360 AUDIENCE: It's not like that. 1091 00:48:24,360 --> 00:48:26,910 So actually, there has been some government efforts 1092 00:48:26,910 --> 00:48:28,410 to make it that way. 1093 00:48:28,410 --> 00:48:30,900 But then the court actually rejected those proposals. 1094 00:48:30,900 --> 00:48:33,930 So they said that you cannot make it mandatory to make 1095 00:48:33,930 --> 00:48:36,360 people receive benefits based on this. 1096 00:48:36,360 --> 00:48:39,370 So whoever has that, they might have some ease 1097 00:48:39,370 --> 00:48:40,840 of obtaining those benefits. 1098 00:48:40,840 --> 00:48:42,780 But it's not like without it, you cannot get [INAUDIBLE].. 1099 00:48:42,780 --> 00:48:44,822 GARY GENSLER: So Brotish is saying it accurately. 1100 00:48:44,822 --> 00:48:48,750 But the court only ruled that this year during 2018 I think. 1101 00:48:48,750 --> 00:48:51,383 And for a while, hundreds of millions of people 1102 00:48:51,383 --> 00:48:53,550 thought that's the only way I can get my assistance. 1103 00:48:53,550 --> 00:48:56,610 But the 12 digit ID and the biometrics 1104 00:48:56,610 --> 00:49:00,690 has produced a system where, along with a payment system 1105 00:49:00,690 --> 00:49:03,480 where you can do a QR code right on your iPhone 1106 00:49:03,480 --> 00:49:08,350 and get goods and services, and it's pretty efficient. 1107 00:49:08,350 --> 00:49:11,660 But it's one national system. 1108 00:49:11,660 --> 00:49:15,230 One national system and there's been a lot of challenges. 1109 00:49:15,230 --> 00:49:19,250 Not just the hack, but also some mistakes sometimes. 1110 00:49:19,250 --> 00:49:21,230 And based on those mistakes, people 1111 00:49:21,230 --> 00:49:24,190 feel like they've lost their identity. 1112 00:49:24,190 --> 00:49:26,440 I mean, they're still this human that they are. 1113 00:49:26,440 --> 00:49:28,570 But they've lost it in a governmental sense. 1114 00:49:28,570 --> 00:49:31,270 And thus they've stopped getting their assistance. 1115 00:49:31,270 --> 00:49:33,760 And there's occasionally reports of suicides, 1116 00:49:33,760 --> 00:49:36,040 and reports of deaths, and things like that 1117 00:49:36,040 --> 00:49:37,870 where people are no longer recognized 1118 00:49:37,870 --> 00:49:41,440 in the system because of their Aadhaar ID. 1119 00:49:41,440 --> 00:49:43,870 So there's a lot of public debate 1120 00:49:43,870 --> 00:49:50,920 in India about the net benefit versus some of the costs. 1121 00:49:50,920 --> 00:49:55,240 Self-sovereign identity, four things I think about. 1122 00:49:55,240 --> 00:50:01,180 People and entities control their identities 1123 00:50:01,180 --> 00:50:02,620 more than we have now. 1124 00:50:02,620 --> 00:50:05,350 This is a concept. 1125 00:50:05,350 --> 00:50:08,770 We have direct access without some intermediary. 1126 00:50:12,110 --> 00:50:14,840 Our identity is transportable. 1127 00:50:14,840 --> 00:50:19,530 But not our human identity, but the attributes of our identity. 1128 00:50:19,530 --> 00:50:22,370 So I use the term more loosely here. 1129 00:50:22,370 --> 00:50:26,900 And then, it's widely usable or interoperable. 1130 00:50:26,900 --> 00:50:29,320 Self-sovereign identity-- what's that? 1131 00:50:29,320 --> 00:50:32,080 AUDIENCE: I was just thinking [INAUDIBLE] 1132 00:50:32,080 --> 00:50:33,000 GARY GENSLER: Yeah. 1133 00:50:33,000 --> 00:50:38,270 I kind of remembered that back and forth. 1134 00:50:38,270 --> 00:50:43,830 Self-sovereign identity does not rely on blockchain technology. 1135 00:50:43,830 --> 00:50:48,650 It's a concept in a debate about should we go back to something 1136 00:50:48,650 --> 00:50:51,380 that we, in a sense, had in the 19th century and even 1137 00:50:51,380 --> 00:50:56,360 early 20th century that we could walk into any store 1138 00:50:56,360 --> 00:50:59,300 and there might be other forms of censorship. 1139 00:50:59,300 --> 00:51:02,570 There are certainly many prejudices and racism 1140 00:51:02,570 --> 00:51:04,610 and all sorts of challenges. 1141 00:51:04,610 --> 00:51:07,970 But we could walk in without a document. 1142 00:51:07,970 --> 00:51:10,610 We weren't walking in. 1143 00:51:10,610 --> 00:51:13,040 We might have some gold, some money in our pocket. 1144 00:51:13,040 --> 00:51:16,310 They would take the gold coin or the silver coin. 1145 00:51:16,310 --> 00:51:22,160 Self-sovereign identity is also thinking about can we 1146 00:51:22,160 --> 00:51:26,960 have the individual hold their credentials as we 1147 00:51:26,960 --> 00:51:29,390 held a physical passport but hold it 1148 00:51:29,390 --> 00:51:31,860 in a wallet in some way. 1149 00:51:31,860 --> 00:51:32,663 Ross. 1150 00:51:32,663 --> 00:51:36,980 AUDIENCE: Just your example of the 19th century ties 1151 00:51:36,980 --> 00:51:39,350 into the question that I had, which 1152 00:51:39,350 --> 00:51:43,880 is doesn't this only work if you also have a decentralized money 1153 00:51:43,880 --> 00:51:44,380 system. 1154 00:51:44,380 --> 00:51:45,980 Like go to your example. 1155 00:51:45,980 --> 00:51:47,810 Only reason that works is because people 1156 00:51:47,810 --> 00:51:50,280 could go in and pay with a completely anonymous form 1157 00:51:50,280 --> 00:51:52,280 of money. 1158 00:51:52,280 --> 00:51:54,170 Unless you have a real broad, say, 1159 00:51:54,170 --> 00:51:58,190 Bitcoin distributive system, your bank 1160 00:51:58,190 --> 00:52:00,300 will require you to waive this. 1161 00:52:00,300 --> 00:52:02,630 When you sign up for a bank account, 1162 00:52:02,630 --> 00:52:04,800 you will have to waive this. 1163 00:52:04,800 --> 00:52:07,435 And it's gone. 1164 00:52:07,435 --> 00:52:08,060 They just will. 1165 00:52:08,060 --> 00:52:12,170 GARY GENSLER: So Ross is raising, well, will this even 1166 00:52:12,170 --> 00:52:18,320 work unless you have a truly decentralized money system. 1167 00:52:18,320 --> 00:52:21,420 I don't think it's reliant on a decentralized money system. 1168 00:52:21,420 --> 00:52:24,200 I can see your point that it's benefited by a decentralized. 1169 00:52:24,200 --> 00:52:26,420 AUDIENCE: Any commercial transaction you have, 1170 00:52:26,420 --> 00:52:27,610 the counterparty-- 1171 00:52:27,610 --> 00:52:30,740 Facebook will make you waive. 1172 00:52:30,740 --> 00:52:35,730 Because they want the information. 1173 00:52:35,730 --> 00:52:38,930 And Google, that's right you could cut yourself off 1174 00:52:38,930 --> 00:52:39,980 from all those things. 1175 00:52:39,980 --> 00:52:42,230 But they'll just make it as part of the contract, part 1176 00:52:42,230 --> 00:52:44,090 of the access, that you waive. 1177 00:52:44,090 --> 00:52:45,830 GARY GENSLER: So self-sovereign identity, 1178 00:52:45,830 --> 00:52:50,510 concept that all of us humans could control our identity, not 1179 00:52:50,510 --> 00:52:53,690 just our birth and our nationality, but maybe even 1180 00:52:53,690 --> 00:52:58,910 our digital footprint, our spending patterns, 1181 00:52:58,910 --> 00:53:00,170 and so forth. 1182 00:53:00,170 --> 00:53:02,780 And Ross is raising, well, maybe Facebook and Google 1183 00:53:02,780 --> 00:53:05,930 wouldn't transact with us as a commercial reality. 1184 00:53:05,930 --> 00:53:10,490 You're saying their market power, they might cut us out. 1185 00:53:10,490 --> 00:53:12,320 I think some might try. 1186 00:53:12,320 --> 00:53:13,520 And that will be-- 1187 00:53:13,520 --> 00:53:16,100 this hasn't been really adopted, self-sovereign identity. 1188 00:53:16,100 --> 00:53:17,330 AUDIENCE: Hell of a question for you 1189 00:53:17,330 --> 00:53:18,622 Consumer Protection Commission. 1190 00:53:18,622 --> 00:53:19,480 GARY GENSLER: Yeah. 1191 00:53:19,480 --> 00:53:24,380 Maryland probably won't be able to weigh into that too much. 1192 00:53:24,380 --> 00:53:29,690 The benefits of taking identity access management systems 1193 00:53:29,690 --> 00:53:35,170 onto the blockchain technology, and eight or 10 of you 1194 00:53:35,170 --> 00:53:36,310 wrote papers on this. 1195 00:53:36,310 --> 00:53:40,360 Does anybody want to comment on-- 1196 00:53:40,360 --> 00:53:44,860 this is like, my summary, some of the benefits. 1197 00:53:44,860 --> 00:53:47,820 You can address verification costs and fraud. 1198 00:53:47,820 --> 00:53:51,610 You could potentially lower some of the cost and fraud. 1199 00:53:51,610 --> 00:53:54,120 I think you can trace provenance. 1200 00:53:54,120 --> 00:53:58,090 You deal with censorship and so forth. 1201 00:53:58,090 --> 00:54:02,530 And truly, I think you can help on privacy. 1202 00:54:02,530 --> 00:54:03,840 But the challenge is-- 1203 00:54:06,910 --> 00:54:10,690 the real challenge is that if you're 1204 00:54:10,690 --> 00:54:18,220 storing personal identifiable information on a blockchain, 1205 00:54:18,220 --> 00:54:20,200 blockchain technology works by distributing 1206 00:54:20,200 --> 00:54:23,170 the data to all the nodes. 1207 00:54:23,170 --> 00:54:26,650 And so the initial write ups, three and four and five years 1208 00:54:26,650 --> 00:54:31,150 ago, were, like, well, could you put self-sovereign identity 1209 00:54:31,150 --> 00:54:32,920 in essence in a blockchain and store it? 1210 00:54:32,920 --> 00:54:34,295 And everybody started to say, no. 1211 00:54:34,295 --> 00:54:36,220 You really can't do that. 1212 00:54:36,220 --> 00:54:42,460 Because you're not going to put all my personal stuff on 10,000 1213 00:54:42,460 --> 00:54:44,720 nodes. 1214 00:54:44,720 --> 00:54:47,320 AUDIENCE: So I mean, the first benefit there, I think, 1215 00:54:47,320 --> 00:54:50,200 should be prevent identity theft. 1216 00:54:50,200 --> 00:54:53,210 Because the main security goal of any identity scheme, 1217 00:54:53,210 --> 00:54:54,850 including the one I described, is 1218 00:54:54,850 --> 00:54:56,490 you want to prevent identity theft, 1219 00:54:56,490 --> 00:54:57,720 to prevent impersonation-- 1220 00:54:57,720 --> 00:54:58,720 GARY GENSLER: I'm sorry. 1221 00:54:58,720 --> 00:54:59,360 I'm going back. 1222 00:54:59,360 --> 00:55:04,283 I just chose not to read through this page. 1223 00:55:04,283 --> 00:55:05,200 I'm agreeing with you. 1224 00:55:08,160 --> 00:55:10,895 I mean, these are the pain points it would all address. 1225 00:55:10,895 --> 00:55:12,330 AUDIENCE: And in general, I think, 1226 00:55:12,330 --> 00:55:15,090 when you think about identity, you 1227 00:55:15,090 --> 00:55:16,755 have to look at it through that lens. 1228 00:55:16,755 --> 00:55:18,630 Because what else is identity for if it's not 1229 00:55:18,630 --> 00:55:21,150 for preventing people to claim they're someone else? 1230 00:55:21,150 --> 00:55:22,980 That's what an identity scheme does. 1231 00:55:22,980 --> 00:55:25,620 If your scheme doesn't address that fundamental problem-- 1232 00:55:25,620 --> 00:55:28,550 like by the way, all of these startups don't. 1233 00:55:28,550 --> 00:55:30,330 Because SSN numbers are still out there 1234 00:55:30,330 --> 00:55:31,360 and require [INAUDIBLE]. 1235 00:55:31,360 --> 00:55:32,220 So as long as that's-- 1236 00:55:32,220 --> 00:55:33,450 GARY GENSLER: Social Security Numbers. 1237 00:55:33,450 --> 00:55:34,075 AUDIENCE: Yeah. 1238 00:55:34,075 --> 00:55:36,960 Say goodbye to prevent identity theft. 1239 00:55:36,960 --> 00:55:39,227 What are you doing then? 1240 00:55:39,227 --> 00:55:41,310 GARY GENSLER: I think, I'll go here and then Hugo. 1241 00:55:41,310 --> 00:55:41,935 AUDIENCE: Yeah. 1242 00:55:41,935 --> 00:55:45,330 And something that was not very much addressed in the readings, 1243 00:55:45,330 --> 00:55:48,660 I thought, was also the fact that if you used a blockchain 1244 00:55:48,660 --> 00:55:50,820 technology, so evidently not. 1245 00:55:50,820 --> 00:55:51,810 It's immutable. 1246 00:55:51,810 --> 00:55:54,220 So it's often seen as a good thing. 1247 00:55:54,220 --> 00:55:57,030 But here in this case, normally, like for example in Europe, 1248 00:55:57,030 --> 00:55:59,400 normally in the internet, you can 1249 00:55:59,400 --> 00:56:02,300 request to delete information you have 1250 00:56:02,300 --> 00:56:06,840 if Google has a link which mentions you for instance. 1251 00:56:06,840 --> 00:56:09,720 But here, you wouldn't be able to do it. 1252 00:56:09,720 --> 00:56:11,430 Because the information is there. 1253 00:56:11,430 --> 00:56:14,850 If someone steals or even if you want it deleted it, 1254 00:56:14,850 --> 00:56:18,240 somehow you can't because it's immutable. 1255 00:56:18,240 --> 00:56:20,330 So how can we deal with this? 1256 00:56:20,330 --> 00:56:23,270 GARY GENSLER: So you're raising a point that in Europe 1257 00:56:23,270 --> 00:56:27,290 under the new privacy law, the GDPR, 1258 00:56:27,290 --> 00:56:31,270 you have a right to be forgotten or right to be deleted. 1259 00:56:31,270 --> 00:56:35,160 And so how can blockchain technology interact and work 1260 00:56:35,160 --> 00:56:38,370 within that framework? 1261 00:56:38,370 --> 00:56:43,900 If your actual information is on the blockchain, 1262 00:56:43,900 --> 00:56:44,810 I think you're right. 1263 00:56:44,810 --> 00:56:46,510 I think it's very hard. 1264 00:56:46,510 --> 00:56:49,870 But I do think there are solutions if it's just 1265 00:56:49,870 --> 00:56:51,880 a hash of your information that's 1266 00:56:51,880 --> 00:56:53,480 being stored on the blockchain. 1267 00:56:53,480 --> 00:56:55,510 AUDIENCE: Yes, but they were mentioning 1268 00:56:55,510 --> 00:56:58,160 in the reading as well the fact that you 1269 00:56:58,160 --> 00:57:01,390 can store all the data, basically, of the blockchain. 1270 00:57:01,390 --> 00:57:03,220 And then when you transfer it, you just 1271 00:57:03,220 --> 00:57:06,435 say like as a certification, oh, yeah, this is my information. 1272 00:57:06,435 --> 00:57:07,060 And it is true. 1273 00:57:07,060 --> 00:57:08,880 You can verify it is true. 1274 00:57:08,880 --> 00:57:10,190 But you cannot have like-- 1275 00:57:10,190 --> 00:57:12,190 GARY GENSLER: The actual information 1276 00:57:12,190 --> 00:57:15,805 on a distributed network. 1277 00:57:15,805 --> 00:57:17,043 Kelly. 1278 00:57:17,043 --> 00:57:19,210 AUDIENCE: I think that's a really interesting point. 1279 00:57:19,210 --> 00:57:21,640 One of the sort of use cases I think of 1280 00:57:21,640 --> 00:57:23,262 goes back to the original attributes 1281 00:57:23,262 --> 00:57:24,220 you were talking about. 1282 00:57:24,220 --> 00:57:27,390 So for example, what about citizenship? 1283 00:57:30,040 --> 00:57:33,460 If in your digital identity it says 1284 00:57:33,460 --> 00:57:36,700 you're a United States citizen and that changes, 1285 00:57:36,700 --> 00:57:42,280 can that be changed if it's immutable, A. And then B, what 1286 00:57:42,280 --> 00:57:47,520 about those privacy issues? 1287 00:57:47,520 --> 00:57:52,420 For people that do not have, maybe it's 1288 00:57:52,420 --> 00:57:55,380 not a fully verifiable citizenship, 1289 00:57:55,380 --> 00:57:58,140 then we have a whole host of problems there as well. 1290 00:57:58,140 --> 00:58:00,870 GARY GENSLER: So I think you raise a good question. 1291 00:58:00,870 --> 00:58:05,460 But this is one of the challenges of any identity 1292 00:58:05,460 --> 00:58:06,140 database. 1293 00:58:06,140 --> 00:58:10,290 But it's also a challenge of a money database called Bitcoin. 1294 00:58:10,290 --> 00:58:12,780 You have ownership today. 1295 00:58:12,780 --> 00:58:16,560 And tomorrow you might no longer have the coin. 1296 00:58:16,560 --> 00:58:22,980 Today, you might live in Massachusetts. 1297 00:58:22,980 --> 00:58:26,010 But a year from now when you get your fancy job 1298 00:58:26,010 --> 00:58:28,470 and wherever you are, you might not 1299 00:58:28,470 --> 00:58:30,330 live in the Commonwealth of Massachusetts. 1300 00:58:32,910 --> 00:58:34,620 So I don't think it's just citizenship. 1301 00:58:34,620 --> 00:58:36,600 It's just the updating the records 1302 00:58:36,600 --> 00:58:41,490 and the attributes, that you no longer can vote here, 1303 00:58:41,490 --> 00:58:43,075 can no longer-- 1304 00:58:43,075 --> 00:58:44,950 AUDIENCE: It just goes back to the trade offs 1305 00:58:44,950 --> 00:58:46,950 that we were originally talking about. 1306 00:58:46,950 --> 00:58:48,383 There's a lot of-- 1307 00:58:48,383 --> 00:58:49,800 it certainly helps a lot of things 1308 00:58:49,800 --> 00:58:51,165 like preventing identity theft. 1309 00:58:51,165 --> 00:58:53,040 But there's also a lot of other [INAUDIBLE].. 1310 00:58:53,040 --> 00:58:54,415 GARY GENSLER: They're challenges. 1311 00:58:54,415 --> 00:58:58,015 But I think that challenges is surmountable. 1312 00:58:58,015 --> 00:59:00,360 AUDIENCE: But even though it's immutable, 1313 00:59:00,360 --> 00:59:03,700 you can append new information. 1314 00:59:03,700 --> 00:59:06,900 So isn't that the whole purpose of blockchain. 1315 00:59:06,900 --> 00:59:10,650 Your citizenship may change, but then you append new information 1316 00:59:10,650 --> 00:59:13,530 saying that your citizenship has been updated. 1317 00:59:13,530 --> 00:59:17,220 And that becomes the source of truth now. 1318 00:59:17,220 --> 00:59:19,780 GARY GENSLER: I'm agreeing with that. 1319 00:59:19,780 --> 00:59:21,000 I think that's correct. 1320 00:59:21,000 --> 00:59:25,290 I think that's a solvable challenge. 1321 00:59:28,600 --> 00:59:29,620 Hugo had his hand up. 1322 00:59:29,620 --> 00:59:31,578 And then we're going to go on just to-- 1323 00:59:31,578 --> 00:59:33,370 AUDIENCE: So I'm going to question the idea 1324 00:59:33,370 --> 00:59:36,640 that having a blockchain means identity theft is 1325 00:59:36,640 --> 00:59:37,930 no longer an issue. 1326 00:59:37,930 --> 00:59:40,742 I think it makes it a bigger issue. 1327 00:59:40,742 --> 00:59:42,450 What happens if you lose your private key 1328 00:59:42,450 --> 00:59:45,100 or if somebody finds a private key or somebody 1329 00:59:45,100 --> 00:59:46,808 cuts your eye out or whatever? 1330 00:59:50,620 --> 00:59:53,965 But really, if somebody steals your identity, then it's gone. 1331 00:59:53,965 --> 00:59:55,090 You're not getting it back. 1332 00:59:55,090 --> 00:59:56,840 GARY GENSLER: Oh, steals your private key. 1333 00:59:56,840 --> 00:59:58,930 Your identity identity is stolen. 1334 00:59:58,930 --> 01:00:01,320 AUDIENCE: Steals your private key. 1335 01:00:01,320 --> 01:00:04,425 If you don't protect that with your life, 1336 01:00:04,425 --> 01:00:06,848 then your life is gone. 1337 01:00:06,848 --> 01:00:08,080 GARY GENSLER: Right. 1338 01:00:08,080 --> 01:00:09,910 I think Hugo's raising the right question. 1339 01:00:09,910 --> 01:00:12,250 But that just means that's not the right solution. 1340 01:00:12,250 --> 01:00:18,075 You can't pin it all on just one private key that's lost. 1341 01:00:18,075 --> 01:00:22,070 AUDIENCE: Well, the answer is also use multiple biometrics. 1342 01:00:22,070 --> 01:00:25,030 And yes, sure, if you lose your hand, your eye, your retina 1343 01:00:25,030 --> 01:00:27,220 and you go to the DMV, maybe they'll 1344 01:00:27,220 --> 01:00:29,250 make an exception for you. 1345 01:00:29,250 --> 01:00:32,260 Hopefully like 10 people ever show up that way. 1346 01:00:32,260 --> 01:00:34,810 GARY GENSLER: Let me try this-- 1347 01:00:34,810 --> 01:00:37,010 plow in for a second of what are the projects. 1348 01:00:37,010 --> 01:00:40,960 And this is a short representation. 1349 01:00:40,960 --> 01:00:45,670 I could have made three more pages of representation. 1350 01:00:45,670 --> 01:00:48,580 I'm going to hit three or four of these just for fun. 1351 01:00:48,580 --> 01:00:50,930 There's three or four that are ICOs. 1352 01:00:50,930 --> 01:00:52,720 I'm going to choose to skip all of those. 1353 01:00:52,720 --> 01:00:57,340 But there are, I want to mention that Civic Secure Identity, 1354 01:00:57,340 --> 01:01:00,565 Existence IC, Sovrin which gets-- 1355 01:01:00,565 --> 01:01:06,310 S-O-V-R-I-N-- but Sovrin that gets a lot of write ups 1356 01:01:06,310 --> 01:01:11,320 in other papers were all ICOs, Initial Coin Offerings, 1357 01:01:11,320 --> 01:01:16,420 to use a token to incentivize a system of, usually, 1358 01:01:16,420 --> 01:01:19,610 self-sovereign identity at some point. 1359 01:01:19,610 --> 01:01:22,090 None are up and running yet. 1360 01:01:22,090 --> 01:01:26,080 And I have my doubts about some initial coin offerings. 1361 01:01:26,080 --> 01:01:27,310 But there are three or four. 1362 01:01:27,310 --> 01:01:29,260 And there were probably six or 10 others 1363 01:01:29,260 --> 01:01:30,655 that I didn't quickly find. 1364 01:01:34,090 --> 01:01:36,130 Bitnation's an interesting project 1365 01:01:36,130 --> 01:01:38,620 that literally you can voluntarily 1366 01:01:38,620 --> 01:01:41,080 get a citizenship in Bitnation. 1367 01:01:41,080 --> 01:01:45,980 It is a decentralized borderless voluntary nation. 1368 01:01:45,980 --> 01:01:48,130 But the keyword is voluntary. 1369 01:01:48,130 --> 01:01:50,200 They don't have a UN membership. 1370 01:01:50,200 --> 01:01:52,480 They're not part of the World Trade Organization. 1371 01:01:52,480 --> 01:01:55,300 They have no geography. 1372 01:01:55,300 --> 01:01:58,510 But the concept is, you can get a Bitnation passport. 1373 01:01:58,510 --> 01:02:01,090 And you can get some authentication 1374 01:02:01,090 --> 01:02:05,020 through that about some attributes about your birth 1375 01:02:05,020 --> 01:02:08,040 and things like that. 1376 01:02:08,040 --> 01:02:12,490 There is a standard setting group, Distributed Identity 1377 01:02:12,490 --> 01:02:14,740 Foundation that we're going to talk about in a minute, 1378 01:02:14,740 --> 01:02:16,450 and I'm going to show a slide, which 1379 01:02:16,450 --> 01:02:19,010 is just a whole bunch of efforts coming together and saying, 1380 01:02:19,010 --> 01:02:24,220 well, maybe we can do some standards around this. 1381 01:02:24,220 --> 01:02:28,960 And then there's Rebooting Web-of-Trust that runs events. 1382 01:02:28,960 --> 01:02:30,505 I think their only economic model 1383 01:02:30,505 --> 01:02:33,400 is to make money on the events. 1384 01:02:33,400 --> 01:02:36,070 But some of their research and some of their papers 1385 01:02:36,070 --> 01:02:42,070 are very interesting, that you can read about this. 1386 01:02:42,070 --> 01:02:46,420 And not listed on this, one area that's spending a lot of time 1387 01:02:46,420 --> 01:02:52,880 on self-sovereign identity is the World Wide Web Consortium, 1388 01:02:52,880 --> 01:02:53,380 W3C. 1389 01:02:56,770 --> 01:03:00,760 You can go and on GitHub you can read all sorts of information 1390 01:03:00,760 --> 01:03:05,470 from W3C about self-sovereign identity. 1391 01:03:05,470 --> 01:03:08,680 And they're promoting ways to do digital ID, 1392 01:03:08,680 --> 01:03:10,840 and trying to form standards. 1393 01:03:10,840 --> 01:03:15,490 So I think W3C, which is not really a blockchain project, 1394 01:03:15,490 --> 01:03:18,130 and this Distributed Identity Foundation, 1395 01:03:18,130 --> 01:03:20,830 for any of you that are actually interested in pursuing 1396 01:03:20,830 --> 01:03:23,020 some of this, you want to stay abreast of it. 1397 01:03:23,020 --> 01:03:26,380 Because it's the standard setting also that I think 1398 01:03:26,380 --> 01:03:29,530 will be relevant. 1399 01:03:29,530 --> 01:03:31,420 But questions or thoughts for those 1400 01:03:31,420 --> 01:03:35,070 who have done research on some of these? 1401 01:03:35,070 --> 01:03:38,260 Other than Alin who we've heard from a bunch. 1402 01:03:38,260 --> 01:03:38,760 All right. 1403 01:03:38,760 --> 01:03:40,195 What's your question? 1404 01:03:40,195 --> 01:03:42,295 AUDIENCE: Well, my first thought is 1405 01:03:42,295 --> 01:03:44,550 they don't solve identity theft in the United States. 1406 01:03:44,550 --> 01:03:46,030 GARY GENSLER: They don't solve identity theft 1407 01:03:46,030 --> 01:03:47,010 in the United States. 1408 01:03:47,010 --> 01:03:47,700 AUDIENCE: Why? 1409 01:03:47,700 --> 01:03:50,490 Because there's a certain policy by the US government 1410 01:03:50,490 --> 01:03:52,960 that asks everyone to accept SSNs. 1411 01:03:52,960 --> 01:03:55,290 And if James has my SSN, then James 1412 01:03:55,290 --> 01:03:57,140 is me for all intents and purposes. 1413 01:03:57,140 --> 01:03:58,840 So that is a policy issue. 1414 01:03:58,840 --> 01:04:01,260 So these companies are basically a very inefficient way 1415 01:04:01,260 --> 01:04:03,108 to change the policy. 1416 01:04:03,108 --> 01:04:04,650 Hundreds of millions of dollars being 1417 01:04:04,650 --> 01:04:05,700 invested in all of these guys. 1418 01:04:05,700 --> 01:04:07,742 And by the way, all of them do public key crypto. 1419 01:04:07,742 --> 01:04:10,572 It's not like something revolutionary here. 1420 01:04:10,572 --> 01:04:13,030 But at some point, some of them will get some market share, 1421 01:04:13,030 --> 01:04:14,550 maybe convince a few banks. 1422 01:04:14,550 --> 01:04:16,663 And maybe those banks will convince the government 1423 01:04:16,663 --> 01:04:17,330 to start doing-- 1424 01:04:17,330 --> 01:04:20,880 GARY GENSLER: So you're saying that an underlying challenge, 1425 01:04:20,880 --> 01:04:23,040 at least in this country, is that we 1426 01:04:23,040 --> 01:04:28,140 have an antiquated public policy related to a tax 1427 01:04:28,140 --> 01:04:30,440 ID called social security number. 1428 01:04:30,440 --> 01:04:34,980 And initially, social security numbers were not even a tax ID. 1429 01:04:34,980 --> 01:04:39,360 Initially, they were to participate in a retirement 1430 01:04:39,360 --> 01:04:42,090 program called social security. 1431 01:04:42,090 --> 01:04:43,800 And you were not legally required 1432 01:04:43,800 --> 01:04:50,070 to have a number in the 1930s or '40s when it first came about. 1433 01:04:50,070 --> 01:04:56,100 I didn't get my social security number until I was 14, I think. 1434 01:04:56,100 --> 01:05:01,380 Now you pretty much get them at birth in this country. 1435 01:05:01,380 --> 01:05:02,970 You can't use it for much. 1436 01:05:02,970 --> 01:05:04,750 You're not working. 1437 01:05:04,750 --> 01:05:09,420 But you're saying it's a public policy challenge, 1438 01:05:09,420 --> 01:05:10,128 at least here. 1439 01:05:10,128 --> 01:05:11,670 I would say in every country, there's 1440 01:05:11,670 --> 01:05:14,010 some public policy challenges that 1441 01:05:14,010 --> 01:05:19,590 are very real around how attributes of identity 1442 01:05:19,590 --> 01:05:22,770 are measured, whether it's off of taxes or birth records 1443 01:05:22,770 --> 01:05:23,470 and so forth. 1444 01:05:23,470 --> 01:05:23,970 Can I hold? 1445 01:05:23,970 --> 01:05:27,510 Because I want to just hit two other things. 1446 01:05:27,510 --> 01:05:30,480 This Foundation, these are all the people in this Foundation 1447 01:05:30,480 --> 01:05:32,460 doing all of this work. 1448 01:05:32,460 --> 01:05:35,250 It's just a list that you can look at later. 1449 01:05:35,250 --> 01:05:37,170 And they've set up-- 1450 01:05:37,170 --> 01:05:40,170 and I apologize-- they set up sort of this whole idea 1451 01:05:40,170 --> 01:05:43,250 about decentralized ID and server. 1452 01:05:43,250 --> 01:05:45,480 So they have a whole program. 1453 01:05:45,480 --> 01:05:49,800 It's not a small effort that they are investing in this. 1454 01:05:49,800 --> 01:05:53,130 And I only put it up to say, there is a lot of energy. 1455 01:05:53,130 --> 01:05:57,270 And Alin might be right, it's all fraught with some risk 1456 01:05:57,270 --> 01:06:00,810 because it's on the backs of government ID systems, 1457 01:06:00,810 --> 01:06:01,740 not just in the US. 1458 01:06:05,010 --> 01:06:11,080 Public key infrastructure could change. 1459 01:06:11,080 --> 01:06:15,900 And a lot of these concepts are on decentralized public key 1460 01:06:15,900 --> 01:06:16,950 infrastructure. 1461 01:06:16,950 --> 01:06:19,420 Basically, where are these public keys? 1462 01:06:19,420 --> 01:06:23,400 Whether it's Facebook public key or any public key, 1463 01:06:23,400 --> 01:06:25,950 where is it stored? 1464 01:06:25,950 --> 01:06:28,740 I suspect, Alin, that you'd say this is at least going 1465 01:06:28,740 --> 01:06:33,010 in a little better direction. 1466 01:06:33,010 --> 01:06:35,950 This is a key part of just saying, 1467 01:06:35,950 --> 01:06:38,770 instead of the public key and having these certificate 1468 01:06:38,770 --> 01:06:41,470 authorities, to have a secure way 1469 01:06:41,470 --> 01:06:44,860 to store the public keys in a decentralized, 1470 01:06:44,860 --> 01:06:49,900 hashed, using hash functions and blockchain technology. 1471 01:06:49,900 --> 01:06:51,400 And I think all of them have this 1472 01:06:51,400 --> 01:06:53,030 in the middle of it somewhere. 1473 01:06:53,030 --> 01:06:54,600 AUDIENCE: It's a consensus problem. 1474 01:06:54,600 --> 01:06:55,500 You want to agree. 1475 01:06:55,500 --> 01:06:57,950 Everybody needs to agree with Facebook's public keys 1476 01:06:57,950 --> 01:06:59,170 otherwise we're in trouble. 1477 01:06:59,170 --> 01:07:00,910 Because you might use my fake Facebook server. 1478 01:07:00,910 --> 01:07:02,577 So it's really just a consensus problem. 1479 01:07:02,577 --> 01:07:04,120 It's not about hashes, security. 1480 01:07:04,120 --> 01:07:04,870 Forget about that. 1481 01:07:04,870 --> 01:07:07,780 Everybody has to agree what Facebook public key is. 1482 01:07:07,780 --> 01:07:10,077 And that's where the blockchain comes in. 1483 01:07:10,077 --> 01:07:10,910 GARY GENSLER: Sorry. 1484 01:07:10,910 --> 01:07:11,410 Shawn. 1485 01:07:11,410 --> 01:07:17,110 AUDIENCE: I just wanted to answer Alin's question. 1486 01:07:17,110 --> 01:07:20,130 I don't think that's a public policy problem. 1487 01:07:20,130 --> 01:07:22,870 If you want to change the SSN system, 1488 01:07:22,870 --> 01:07:24,730 you have to change the entire system 1489 01:07:24,730 --> 01:07:27,490 of how the banks operate, how the insurance companies 1490 01:07:27,490 --> 01:07:28,040 operate. 1491 01:07:28,040 --> 01:07:30,130 And the cost, the social cost, is 1492 01:07:30,130 --> 01:07:33,580 much greater than just changing the [INAUDIBLE] key itself. 1493 01:07:33,580 --> 01:07:36,790 I think he's entirely coming from the point of view 1494 01:07:36,790 --> 01:07:40,900 for the implementation of [INAUDIBLE] consideration 1495 01:07:40,900 --> 01:07:45,215 of the hidden economic cost of such implementation. 1496 01:07:45,215 --> 01:07:46,840 AUDIENCE: But there is the Patriot Act, 1497 01:07:46,840 --> 01:07:49,360 which says banks have to send your SSN to the government, 1498 01:07:49,360 --> 01:07:53,768 which basically means banks need to continue using SSNs. 1499 01:07:53,768 --> 01:07:55,060 So in some sense, you're right. 1500 01:07:55,060 --> 01:07:57,155 But also, government has to do something. 1501 01:07:57,155 --> 01:07:59,540 GARY GENSLER: So let's move on. 1502 01:07:59,540 --> 01:08:01,270 I don't think it's just here in the US. 1503 01:08:01,270 --> 01:08:06,777 What's happened is the attributes of our identity, 1504 01:08:06,777 --> 01:08:09,360 or our credentials of identity-- whether it's for tax systems, 1505 01:08:09,360 --> 01:08:11,340 for banking systems-- 1506 01:08:11,340 --> 01:08:16,649 in the last 30-odd years, as we've digitized, and also post 1507 01:08:16,649 --> 01:08:20,609 9/11 and terrorists, we started to use 1508 01:08:20,609 --> 01:08:22,800 all of these things for anti-money laundering, 1509 01:08:22,800 --> 01:08:24,390 know your customer. 1510 01:08:24,390 --> 01:08:28,439 So the financial system, the tax system, 1511 01:08:28,439 --> 01:08:30,779 and our identity systems have now all 1512 01:08:30,779 --> 01:08:37,106 been kind of linked up, and not always with the best intent. 1513 01:08:37,106 --> 01:08:38,939 I mean, maybe they were the good intentions. 1514 01:08:38,939 --> 01:08:42,850 But with not with the best results. 1515 01:08:42,850 --> 01:08:45,090 And it's part of why I thought, if we were going 1516 01:08:45,090 --> 01:08:49,890 to cover blockchain technology in the financial sector, 1517 01:08:49,890 --> 01:08:53,310 identification systems were really important as well. 1518 01:08:53,310 --> 01:08:58,729 Because it's so linked up with banking and finance. 1519 01:08:58,729 --> 01:09:02,040 And that wouldn't have been the case 1520 01:09:02,040 --> 01:09:05,670 before the digital revolution and the internet and so forth. 1521 01:09:08,300 --> 01:09:10,050 I think this is the last cover slide. 1522 01:09:10,050 --> 01:09:14,149 But this is self-sovereign identity platforms. 1523 01:09:14,149 --> 01:09:20,210 Basically right now, if we want to keep our identity, 1524 01:09:20,210 --> 01:09:23,810 if we want to keep our identity and only give it up, 1525 01:09:23,810 --> 01:09:26,029 a platform could create and enforce rules 1526 01:09:26,029 --> 01:09:27,470 governing the workflow. 1527 01:09:27,470 --> 01:09:31,640 This is a little thing called bitsonblocks.net. 1528 01:09:34,970 --> 01:09:38,000 But pretty much most of the startups 1529 01:09:38,000 --> 01:09:40,740 are using an architecture around this. 1530 01:09:40,740 --> 01:09:44,029 This happens to be Bits on Block's view of it. 1531 01:09:44,029 --> 01:09:49,220 But it's basically, I'm going to keep my attributes of identity. 1532 01:09:49,220 --> 01:09:51,840 And I choose when I can give it up 1533 01:09:51,840 --> 01:09:57,790 and when it's used, authorities, and issuers. 1534 01:10:00,310 --> 01:10:06,230 So I think I have hopefully-- 1535 01:10:06,230 --> 01:10:06,910 oh, yes. 1536 01:10:06,910 --> 01:10:07,550 MIT. 1537 01:10:07,550 --> 01:10:10,130 That's where I wanted to go. 1538 01:10:10,130 --> 01:10:11,420 So what did you all think? 1539 01:10:11,420 --> 01:10:13,940 You read the little article about your own-- 1540 01:10:17,868 --> 01:10:19,390 you going to get in it? 1541 01:10:19,390 --> 01:10:23,165 James, you going to get your blockchain blockchain diploma? 1542 01:10:23,165 --> 01:10:23,960 AUDIENCE: Yep. 1543 01:10:23,960 --> 01:10:25,570 [INAUDIBLE] I have some experience. 1544 01:10:25,570 --> 01:10:28,840 I started trying to get hold of my diploma 1545 01:10:28,840 --> 01:10:36,190 back in 2012 for a degree that I got in 2007. 1546 01:10:36,190 --> 01:10:38,950 My university was declared independent 1547 01:10:38,950 --> 01:10:40,930 from the University of London. 1548 01:10:40,930 --> 01:10:42,910 There was a whole record messup. 1549 01:10:42,910 --> 01:10:46,900 I'm trying to get a copy of my transcript. 1550 01:10:46,900 --> 01:10:48,430 GARY GENSLER: And you can't get it? 1551 01:10:48,430 --> 01:10:51,140 AUDIENCE: I had to go through many different people, say, oh, 1552 01:10:51,140 --> 01:10:51,740 can I get it? 1553 01:10:51,740 --> 01:10:54,115 And they'd say, oh, we have to contact the old university 1554 01:10:54,115 --> 01:10:55,470 because we were part of them. 1555 01:10:55,470 --> 01:10:57,178 GARY GENSLER: I'm going to shorten your-- 1556 01:10:57,178 --> 01:11:02,440 so how many of you are going to get a blockchain backed diploma 1557 01:11:02,440 --> 01:11:03,690 when you graduate MIT? 1558 01:11:06,940 --> 01:11:08,060 All right. 1559 01:11:08,060 --> 01:11:10,690 A quarter of you. 1560 01:11:10,690 --> 01:11:17,435 And those that aren't, who didn't raise their hand? 1561 01:11:17,435 --> 01:11:20,880 AUDIENCE: [INAUDIBLE] 1562 01:11:20,880 --> 01:11:22,100 GARY GENSLER: Oh, you will. 1563 01:11:22,100 --> 01:11:22,360 Wait a minute. 1564 01:11:22,360 --> 01:11:23,650 I didn't see any hands go up over here. 1565 01:11:23,650 --> 01:11:24,280 So you're not? 1566 01:11:24,280 --> 01:11:26,115 I don't care really. 1567 01:11:26,115 --> 01:11:26,990 AUDIENCE: [INAUDIBLE] 1568 01:11:26,990 --> 01:11:30,040 GARY GENSLER: Oh, you did? 1569 01:11:30,040 --> 01:11:31,968 I want somebody who didn't raise their hand. 1570 01:11:31,968 --> 01:11:33,260 Why aren't you going to get it? 1571 01:11:33,260 --> 01:11:35,140 AUDIENCE: For me, it's just pure lack of information 1572 01:11:35,140 --> 01:11:35,890 about the process. 1573 01:11:35,890 --> 01:11:37,900 How to get it, what I have to do. 1574 01:11:37,900 --> 01:11:41,432 So I don't know yet if I will or not. 1575 01:11:41,432 --> 01:11:44,130 GARY GENSLER: So you're just saying 1576 01:11:44,130 --> 01:11:48,645 there is an information curve you have to learn about it. 1577 01:11:48,645 --> 01:11:51,020 The people that raised their hands and said you'd get it, 1578 01:11:51,020 --> 01:11:53,310 how many of you will also get a paper diploma? 1579 01:11:57,050 --> 01:12:01,650 You want something for the wall or for the significant other 1580 01:12:01,650 --> 01:12:04,490 or for the children or the parents. 1581 01:12:04,490 --> 01:12:05,540 Right? 1582 01:12:05,540 --> 01:12:07,550 Right? 1583 01:12:07,550 --> 01:12:09,560 There's still something about that. 1584 01:12:09,560 --> 01:12:12,740 I don't even know where my college diploma is, by the way. 1585 01:12:15,500 --> 01:12:17,210 But you still want that piece of paper. 1586 01:12:17,210 --> 01:12:19,230 Was there anybody who was only going 1587 01:12:19,230 --> 01:12:20,495 to get a blockchain diploma? 1588 01:12:25,050 --> 01:12:27,250 And any of you that go to a different university, 1589 01:12:27,250 --> 01:12:29,690 do you wish your university had a blockchain diploma? 1590 01:12:32,650 --> 01:12:35,560 Nobody's going to speak up. 1591 01:12:35,560 --> 01:12:37,210 Maybe not. 1592 01:12:37,210 --> 01:12:37,710 All right. 1593 01:12:37,710 --> 01:12:38,830 So it's a novelty. 1594 01:12:38,830 --> 01:12:39,420 It's MIT. 1595 01:12:39,420 --> 01:12:40,200 We're innovative. 1596 01:12:40,200 --> 01:12:42,760 We have it. 1597 01:12:42,760 --> 01:12:44,335 I hope you all do come next Tuesday. 1598 01:12:44,335 --> 01:12:46,110 It will be our last time together. 1599 01:12:46,110 --> 01:12:48,960 I'm going to try to wrap up with some ground truth 1600 01:12:48,960 --> 01:12:53,580 as to what I think the whole topic and this subject is. 1601 01:12:53,580 --> 01:12:56,400 This was meant to be about the business of blockchain 1602 01:12:56,400 --> 01:12:59,950 technology, getting through at least enough of the details, 1603 01:12:59,950 --> 01:13:02,550 knowing those details, and then saying, well, how 1604 01:13:02,550 --> 01:13:06,870 does that apply to the markets. 1605 01:13:06,870 --> 01:13:09,570 Hopefully, you feel that you've gotten, 1606 01:13:09,570 --> 01:13:13,200 and Tuesday we'll summarize it all, some critical reasoning 1607 01:13:13,200 --> 01:13:17,430 skills that you can sort through the hype and the reality. 1608 01:13:17,430 --> 01:13:21,510 And those of you that came in maximalist, 1609 01:13:21,510 --> 01:13:23,020 you're probably more in the middle. 1610 01:13:23,020 --> 01:13:25,770 Some of you that were minimalist maybe came-- 1611 01:13:25,770 --> 01:13:28,440 well, maybe you're still, but you came a little-- 1612 01:13:28,440 --> 01:13:31,740 because I thought that was the right place to teach. 1613 01:13:31,740 --> 01:13:35,780 And you've all given me tremendous feedback. 1614 01:13:35,780 --> 01:13:37,280 And I've learned a lot from you all. 1615 01:13:37,280 --> 01:13:39,340 But let's keep it going. 1616 01:13:39,340 --> 01:13:41,180 See you on Tuesday.