How do you represent a company on a blockchain?

via @kjameslubin on Medium

There’s a famous story about a San Francisco software developer named Stefan Thomas, who owns a few hundred million dollars worth of Bitcoin, but can’t access it because he forgot his password. Another early Bitcoin owner, a Welshman named James Howells, lost even more when he accidentally threw out his hard drive containing the private key to 8000 bitcoin.

Both men are part of an esteemed group of mostly early Bitcoin adopters who have been locked out of massive fortunes by losing access to their private keys. In 2018, crypto firm Chainalysis estimated roughly 20% of the supply of Bitcoin had been permanently lost due to such errors.

These unhappy mistakes highlight a fundamental challenge at the heart of blockchain: how do you robustly tie blockchain identity to real-world identity? How do you represent a company or person on a blockchain, and ensure that if they lose their private key, they don’t also lose their savings? At the heart of the challenge are various tradeoffs between privacy, redundancy, secrecy, and control.

As the use cases for blockchain have changed, so have people’s views about what tradeoffs are appropriate. Many of the earliest pioneers prioritized anonymity and did not believe any appropriate trade off could be made that would allow for easier recovery of private keys. Satoshi once wrote, “lost coins only make everyone else’s coins worth slightly more,” and that users should, “think of it as a donation to everyone.”

Since Satoshi’s comments were first published and the use of crypto has dramatically expanded, many have come to view reliance on a single public key as a fixable weakness. Ethereum’s popularization of smart contracts expanded the possibilities of what could be practically done on a blockchain, including how identity and access could be managed. The use of multi-signature and social recovery wallets have gained popularity thanks to developers working on tools that make them easier to use.

Our company, BlockApps, has always been interested in the use of blockchain to transact in real-world assets. Most of these transactions involve at least one company, which poses a key question: how do you represent a company on the blockchain?

When we sat down to design STRATO Mercata, we needed an identity system that would allow us to comply with identity verification and anti-money laundering requirements, would support conditional, revocable permissions, and would support wallet recovery in the event of a user or company losing their private key.

Our solution: x509 certificates

An x509 cert is a signed wrapper around a public key with some metadata about the identity of the private key holder. The signer in this case is some trusted central authority in charge of conducting identity verification of certificate holders. These certificates have been used since the late 80s for verification of identity on the internet. They are already used in other blockchains including Avalanche, Corda, IBM Fabric, and STRATO.

The tie between x509 certificates and real identity is an important feature of identity on STRATO Mercata, and one that we get a lot of questions about. Neither Bitcoin nor Ethereum require this kind of tie between blockchain identity and real identity, so it is worth explaining why we think such a tie is important.

To start with, they allow a signing authority to revoke certificates. An employee whose job involves transacting with other businesses on behalf of the company may have their certificate revoked if they decide to seek employment elsewhere. This can be done without the need to trust the employee to delete the certificate from their device, or the need to contact the company with which the employee was transacting.

Another benefit is the built-in identity recovery process. If a company were to lose their private key, they can re-verify their identity to a signing authority to receive a new certificate without any interruption to their business workflow. The same process can be used for normal users as well.

For these reasons and more, identity verification is a near-universal requirement for B2B transactions, especially those handling commerce. Alibaba, one of the world’s largest platforms for B2B eCommerce, requires buyers and sellers to provide a name, address, email, phone number, tax registration info about the business, and corporate registration details. eBay and Amazon also collect similar information about both buyers and sellers. Businesses expect to know who they are working with when they sign contracts in case a legal dispute arises. This is impossible if the companies with whom they transact are anonymous.

What’s the problem with anonymous companies?

Our choice to require verification via x509 certs is not just a case of following standard practice for no reason. Without mandatory verification, STRATO Mercata would be enabling use of anonymous companies, which have a long history of use and abuse by people engaged in unethical behavior. The leak of the Panama Papers in 2016 exposed how anonymous shell companies have been used for decades to enable “corruption, fraud and tax evasion.” We are not interested in supporting this kind of behavior, even if it were to benefit us financially

To give a few concrete examples of how anonymous companies have been used, here is a list of abuses compiled by TheFactCoalition.org:

1. A government contractor’s employee tried to scam his employer’s subcontractors by using shell companies to bill them for services his employer delivered. He then tried to use a bank account in the name of his anonymously owned company in Alabama to steal $650,000 from his employer and other family-owned subcontractors.[1]
2. After a large multinational company was fined $30 million for fulfilling contracts with shoddy bulletproof vests, it used a wholly owned subsidiary, registered as an anonymous LLC, to meet the requirements to bid on U.S. contracts. Then, over 5 years, paid bribes in order to gain insider information allowing them to underbid competitors. The company subsequently won defense contracts worth $7.1 million and, once again, sold defective bulletproof vests to federal, state, and local governments.[2]
3. Keith Hedman recruited Dawn Hamilton to set up an anonymous company in Virginia. They successfully deceived the Small Business Administration and were able to fraudulently secure federal government contracts worth $31 million from NASA and other agencies. Hedman then illegally passed the majority of the work to a larger company. The scam generated almost $7 million in salary and payments for the conspirators that they should not have received.[3]

We think anonymous companies encourage unethical and often illegal behavior, allow the extremely wealthy to take more than their fair share, and make bad governments even worse by enabling corruption. Without requiring STRATO Mercata users to have a public identity, all companies transacting on the network would be anonymous by default.

Not only would this cause all of the problems listed above, it may also be illegal under US law. Large ecommerce platforms like Alibaba, Amazon, and eBay all require verification of buyers and sellers on their platforms to comply with anti-money laundering and anti-terrorism financing regulations. Though the extent to which those laws apply to crypto platforms is not entirely clear, our approach has always been one of proactive compliance, even in cases where enforcement of said laws has been lacking. By doing so, we ensure that we will be in the clear if enforcement changes, and that our customers have the tools to comply with their own regulatory requirements.

Lastly, it is important to note that regular users will be able to read public data on STRATO Mercata without going through identity verification. Only users that want to write to the chain will be required to identify themselves.

How do other platforms handle identity?

STRATO Mercata’s approach to identity is far from unique in the broader world. The mere existence of services like Uber and Lyft is a testament to the efficacy of their systems for assigning reputations to drivers and passengers, which are fundamentally reliant on tying driver and passenger profiles to real-world identities.

Getting into a car with a stranger is not an inherently safe activity. Ridesharing companies have managed to make it safe by tying the reputation of drivers to their ability to earn a living through the service, and by preventing passengers from using the service if they are bad customers. Companies also collect enough data on each party to ensure that if any serious criminal activity takes place, the perpetrators will have a hard time escaping.

For all the benefits they provide, the reputation systems are relatively light weight. They don’t impose a large cost on either riders or drivers. The simplest form of review – a star rating – takes only a few seconds, though app users can also leave more detailed feedback.

Reputation systems like these can be built on top of STRATO Mercata, but they only work if bad actors can’t get away with repeat offenses by creating a new pseudonym after providing a bad product or scamming someone out of their money.

That is why STRATO Mercata enforces mandatory verification for businesses operating on the platform — to prevent money laundering, to enable businesses to work with each other, to protect consumers from disreputable businesses, and to prevent bad actors from becoming repeat offenders.

The market is choosing identity over pseudonymity

Decentralized systems often move towards adopting systems of reputation and identity to deal with bad actors abusing open systems. This happened with the web in the 90s when TLS and later HTTPS was developed to allow for secure transfer of data over the internet. It is happening again in crypto, with most exchanges and custodial wallet services choosing to implement verification rules.

BlockApps is simply taking the next logical step and implementing verification at the level of the blockchain rather than the application, and at the level of the organization rather than the individual. We hope for this to be a lightweight addition to the onboarding process, on top of which companies can build reputation systems like those at Uber and Lyft. With fewer distractions from serial bad actors, we hope users will be able to better focus on their core business, and on transacting real-world assets with the benefits of security and availability that come from our blockchain technology.