Facebook’s Libra Lacks Foundational Components for Crypto Key Security
Recently, Facebook launched Libra with the stated goal of “transforming the global economy.”
It’s a lofty aim. However, after a review of the technical documentation describing the Libra protocol and its planned ecosystem, I believe the company left out the foundational components of user security.
- Protection of the private key
- Proof of user consent
- Decentralized compliance
- Global privacy
It is our job as technical leaders to provide a vision and an architecture for integrating real protections and evidence into the consumer experience; to deliver a new model for provable compliance that reduces cost and sets the stage for global automation.
The “Internet of Money” must support a primary goal of ensuring all transactions on the Libra network are purposeful, intended and compliant. I envision a future where the quality of recorded intent for an online transaction is just as strong, if not stronger, than the quality of physical in-store purchases.
The Internet of Money should be cross-border, open and global. It should carry transactions from everyone and everything. In order for this to be possible, groups or communities will need to be formed around the compliance and controls required. Proof that these controls were in place should be part of every instruction sent to a chain and forever be recorded by the math of the blockchain. Those who need to know can then be provided the evidence for proof of compliance.
The new model for consumer compliance should operate like a doctor’s note does today. A trusted third party parses my child’s real-time health data and provides a compliance result to the school, resulting in my child having an excused absence for being sick. If schools used the same model of compliance that the internet does, they would have direct real-time access to childrens’ medical data and use AI to decide if your child should stay home or not. The decentralized model of permission slips enables a global market to flourish with privacy built in.
I believe the permission slip on the blockchain is a hash of the manifest of controls executed before an instruction is sent to the chain. The manifest is a Merkle tree of controls, assuring every step is provable with just the evidence of the hash. The power of the Merkle tree reduces the evidence to just a few bytes, easily packaged within a transaction.
The manifest can then be securely shared to the receiving party or to those who need to know the full evidence of required controls.
Global money, group-based compliance
Whether or not Libra succeeds in its mission to deliver the “Internet of Money,” cryptocurrency represents the ability to have borderless money that can rely on real-time transaction-based compliance.
There may ultimately be only a few global currencies with immutable transactions, however, there will be an infinite number of groups built around compliance at differing levels, establishing global cross-border commercial virtual networks built to conduct secure and provable business in a specific market.
The privacy and auditability of commercial networks are important, and the “Internet of Money” needs to provide an open platform that can meet everyone’s needs. The use of a smart instruction to provide provable evidence of identity, compliance, and controls, offers a flexible and scalable model.
The evidence of compliance can be securely shared.
Decentralized controls are in the hands of the owner of the private key, offering multiple isolated services to meet the market and regulatory requirements. By separating the identity controls and compliance, it provides the marketplace with the choice and competition needed to drive innovations. The cornerstone is then laid for automation and AI-based systems to provide monitoring and evidence-based compliance with reduced need for any real personal identifiable information or data leakage.
Governments and regulators will still maintain the access they need to enforce the rules and reporting requirements in place.
Who really controls your keys?
In cryptocurrency, we can sometimes lose our way. In an attempt to make services easier to use, we put the user’s keys in a server or other centralized storage system to allow for an easier experience.
However, in the spirit of innovation, I believe we have to throw away the old forms of customer protections in order to revolutionize a desperately outdated system.
Storing the keys locally and creating opportunities for any consumer to use multiple devices to backup, recover, and assert their keys, is the first step toward progress.
In Libra’s proposal, what struck me also was the lack of redundancy for the storage of the private key. It is our job to minimize the risks created by the supply chain. In order to maximize user protections, private keys should be stored and used in a manner which minimizes the impact of security subsystem failures.
I believe the consumer will require multiple redundant protections for the private key.
As an example, Rivetz has partnered with Telefonica to develop the C.L.I.P. program which defines and promotes a method of cryptographically combining multiple hardware elements to offer separate supply chains for protections that are used cooperatively to secure the consumer’s private key.
A call for safety
The future is decentralized and the technologies of blockchain will usher in the “Internet of Money.” Secure devices and trustworthy computing will provide users with the protection, compliance, control, privacy and freedom they need for the digital future. Private compliance communities will provide digital evidence on a need to know basis.
As an industry, I hope that we can come together to deliver true consumer protections to every digital citizen. Great security is invisible, and we can deliver a simpler and safer experience for all.