Toggle navigation

In God We Trust; Everything Else We Verify

Episode Description

Natwarlal (not the Amitabh Bachan type) is best known for selling the Taj Mahal, The Red Fort and the Rashtrapati Bhavan. Frank Abagnale (Catch Me If You Can fame) impersonated a doctor, a lawyer, and a pilot. He even logged 2 million miles of flying and cleared the bar exam. Are these cases for better crime detection? Or just the correct use cases for verifiable credentials? Join us as we talk with our favourite guest, Pramod Varma and unravel the complexities behind this new need of the digital era. If you have anything interesting to share, do write in to us at 3TB@unblox.com

Transcript

Natwarlal (not the Amitabh Bachan type) is best known for selling the Taj Mahal, The Red Fort and the Rashtrapati Bhavan. Frank Abagnale (Catch Me If You Can fame) impersonated a doctor, a lawyer, and a pilot. He even logged 2 million miles of flying and cleared the bar exam. Are these cases for better crime detection? Or just the correct use cases for verifiable credentials? Join us as we talk with our favourite guest, Pramod Varma and unravel the complexities behind this new need of the digital era. If you have anything interesting to share, do write in to us at 3TB@unblox.com

Which changing privacy regulation identity theft and online anonymity on the rise, I think we all want to understand the new trend in technology which is called self-sovereign identity and verified credentials and all 3 of us are keen on this, I know that one of the pillar on self-sovereign identity is Nilesh and Samiran love which is Block chain but focus today we want to keep on Pramod is something you have done lot of work in India which is really verified credentials so I was wondering that when you were building India stag at what point did you start thinking that now we need to get into Verify credential?

Wonderful speaking with all of you. The term verifiable credentials, came in pretty late in the game. When WTC start working, law in credential was existing and use as a common term and very often. But verifiable credential as a phrase came in very recently, so obviously we have not thought about verifiable credential in latest or greatest way of thinking. But the idea of making digital certificate, any proof verifiable came literally after Aadhar, because Aadhar was the 1st identical verification. We used quite a lot of concepts that is used in today in terms of insuring, verifiability, digital signature, QR codes from early days we adopted and now it is all signed QR codes, latest QR codes even have the sign and face within the QR codes so person can do a face matching actually, completely offline without talking to the server so it is a decent way of verifying authenticity and verifying the identity is possible with latest. So, the idea of verifiability and verifiable credential literally came after Aadhar, so Aadhar became the identity credential. But subsequently in 2013 I end up writing on the first note on converting certificates, because it was very simple thinking, our cost of Trust as we call it and cost comes because lack of trust, transaction cost, travel cost, convenience cost, cost of time running around, because nobody even believes that it is even valid and couple do get quite of fake certificates because India is still land of certificate, we have to proof lot of things. Hence because of the demand of such certificate is of Fake and fake degree so I wrote the first note on converting certificate into some sort of verified platforms in 2013. In 2014 when I got the formal opportunity to submit the note to Minister of IT and that became the first Note and then began the Digi Locker Journey. Digi locker concept was original my concept when I wrote the paper, it was not proposed as an app, it was proposed as an network or an construct that you can have many wallets and Digi locker apps, all driven by standard and specifications, Each domain will have their own credentials. We ended up launching Digi locker app in portal, I think it takes time for a society to come around and say it is not a one app play and more of specification, it is the construct, policy play and it is eco-system play, really not one app play. To answer your question, it may think to very hard in 2013, 2014 and in 2015 during digital India launch, new Prime Minister launched new digital India Initiatives and Digi Locker found the Initiatives. Now we have about 6 billion documents in Digi Locker, but we are aggressively looking at Digi Locker 2.0 during today’s topic.

So, 6 billion documents, I can understand but how many millions of people are using the Digi Locker and things like that?

135million users in Digi Locker.

I think lot of it to do the fact is basically your Aadhar and Pan just came into the Digi Locker default and then everything else got added on after that.

CBSE certificates because it was the 1st one to aggressively adopt certificates and now 10th-12th everything is by default in Digi Locker. I don’t think we are still early in the game, frankly speaking it is a multiple decade journey for True acceptance of verified credentials, issuance is easy to get, like CBSE issues millions of children who writes 10th and 12th, everyone digitally gets verified and digital sign and marksheet is ON, but when you go college, they will ask for original paper of CBSE because acceptance is still early. Digi Locker is accepted for very interestingly road transport that was another thing that came in, Digi Locker is also push when police and transport department, RTO, License, RC book, and you almost forget licence and RC Book. Airport enter, train journey and all Digi Locker comes handy. That is why the earlier adoption is pretty good, issuance is pretty good but now it is about primary push we are trying. 1. Going all out into machine readable verifiable credentials not just PDF which has digital signed which is good as the first step but not enough for us to reduce the cost of processing, if human being have to process it is still costly, so we need machine to process and it needs machine readability document which is Docs, html, formats. 2. Really acceptance, I think we have to do much more in our acceptance, so I have proposed in our Digi Locker 2.0 discussion because sometime you need re-initiating the journey and then you always have Election, which you can use it to push for it.

Push for Election card on Digi Locker, and there is the only way to get acceptance so maybe you suddenly have an adoption.

When it comes to acceptance it is one of those things, it changes workflow and that only comes from digitalisation and little bit of policy, what we are trying to do is use some policy push and see there is a large scale acceptance, in a school admission we are really active and skilling industry have all come together under India under national digitalisation, a constructive push to credential. Hopefully another 5yrs we look back and there would be some change, but it is a quite a while before we see acceptance.

I think there is a point, what you think will be the set of moments and I am interested to figure out in the process of the journey of Digi Locker what are the funny and antidotally thing, law of unintended consequences, you did something and something else happen, is it election, is it delivery the subsidy, what is it that both parties will want to come that one depositary, because you will issue but why would somebody use?

First of all we are looking at the development sector, economic improvement, better opportunity and while doing that we have to reduce the cost of transaction and increase the trust, that is the real push for us. But frankly speaking it is been up and down journey, good thing is Digi Locker as an initiative is not losing momentum, so we always worry after sometime momentum is gone then you have to re-create, but I think Digi Locker like Abhishek Singh who is looking after Digital India Initiative, is well aware of what needs to be done. Ministry of IT recent publish India 2.0 architects it is like a blue print for Govt System, has a chapter on credentials and identity, it seems to be everyone wants it but we are waiting for big plus 1. One of the real good thing happen is the COVID vaccination certificate, brilliantly all working around. The only 2 things in the country today billion people have in their house, with QR code verify one is Aadhar and other one is COVID certificate, everyone has it, so we are thinking and in one of the discussions we get new ideas. Other one we are exploring for sure is Salary Certificate so it is one of those things that everybody seems to get it and want it, need it for something. The way we are saying word Verifying Credentials, cryptography is too techie, so the way we are actually articulating is put a QR code if you are not putting than probably it is fake, that identity we have to push. Now that has put lot of Fomo in people by saying my Certificates all look fake, so we are also set to get a market place atleast some of you are quick in creating Market offerings that allow any entity instantly start issuing QR code into their Certificate. Now you cannot reach in their habits and routine, today people type Certificate To whomsoever concern so we can get embedded QR code into word document, every Certificate will have Signed QR code, you can select Adobe on site for signing the document but embedded QR code, Digi Locker compliance QR code for Indians. If that is available cheap enough like printing a paper of 1rs and today proof of work, proof of earnings, proof of training, education, reputation, or ratings everything can be converted and we believe. Your Question is about when it becomes acceptable? Is when Human are conducting transactions and they might only need PDF and might look at QR code as good to have, not having Logo, UID logo, Aadhar is saying it is just a number you can verify anytime but we look for colour logo, so as long as lot of transaction that is happening by human being accepting paper we will have tough time getting digital acceptance because the workflow have not yet changed, so we are also looking at where does the transaction becoming digital naturally, lending is going all digital. Lending group of earning that is why Salary certificate is one of the critical ones to go, if they start coming and which is account aggregating for our financial data, given account aggregation in the play, given protection, given transaction MOIM at like healthcare transaction, lending transaction or ONBC they going to push time of merging credentials, merging products, there is some random logo showing up, there is no quality verified. So we are looking at quality counsel, commerce, convey, convert. The real trick has 2 points. 1̣ Making sure that we have to watch out for the transaction, so Sheetal even though we get Election Card with QR code other side who is accepting the card human being sitting across the desk. Once we have QR code verifiability we are asking Digi locker to also open up, verify any document as a free app because everybody have a Digi Locker and then Election commission people can have Digi Locker or IRCTC can have an app instead of getting converted their apps, work flow there would be IT cost it is not going to be easy to convert but you can give a free app that might can be the next big bet, human being looking beyond the PDF. 2 Next is Digi Locker app can Cam scanner any India compliance.

The other one I was thinking is as you mention transaction, one thing I was thinking is PPF and PF there is huge human interest in that where is my PF, if I change Jobs where it goes, you have to send the form and it has to be accepted and there is lot of money for people and credential is good. Other thing is LIC, I was trying to put all my policy online but LIC is not part of camps and it is 50% of the market, old relatives and all everybody takes out the policy but there is no way to track LIC with PAN or anything and it is a big livelihood thing so if they are push to adopt there is enough of the moment, LIC, PPF, PF is livelihood and touches large part of people.

Yes, we are definitely looking at lending Insurance vs Insurance going, with strong identity because nomination is very weak there is writing mistake, spelling, nominee gets tricky, but lot of this have become portal base, people can login to appropriate portal and put nominee, OTP will come, that’s starting to happen but again those document that I receive the real trick is the issuer and the accepting party, if they are the same then the value is less because I can also verify it against my own portal, when Issuance is different and accepting is different, I think that’s when real power of credential come in, I can take Salary certificate from the Banker, can take statement from the Bank and go at another place and get lending and they can do instant, fast, low-cost, high trust engagement with me, that would be very powerful. Other thing is in Job Market huge resume, experience certificate, almost everything is fake, LinkedIn people write random crap anywhere.

The more complicated it is the less likely the person is doing it.

Also we have put stuff like stand and when you dig up you will say I have done online, so I think Job market is huge to convert.

So, Pramod, the way I saw it is 2 parts.

I suddenly remember one of the big pushes was Salary certificate QR code, in Marriage Industry.

I was coming to that.

Yes, I can believe it as Aadhar is the real name and real photo, Aadhar is huge usage because people don’t trust the profile whether it is genuine, second is proof of earning, so it will be very funny Matrimonial site largest acceptance.

I was exactly going to say that, there are 2 parts to adoption one is Job and all as you and one is default adoption so for me India which is very large market and lot of kids are born everyday so the Birth certificate should be the first thing for QR code because if that happens, so you kid has put on the journey of Digi Locker, so for me that was the 1. Second one is we have youngest for us, so the marriage becomes the very large thing so Marriage certificate becomes the second tapping point, because these areas where you still going to do it, so if it is given to you with the QR code as a verified document, so the tapping point is what do I have to do actively vs what passively gets done but I desperately need it, I cannot do anything without my child Birth Certificate and if a school does not accept the Birth Certificate which is not QR code or verified, in the story which means every parent is going to do it so for me it becomes the adoption pieces.

I am already not done Marriage Certificate and Birth certificate, we will make sure we upload it.

I do not want to make Brain storming session, Nilesh all yours.

Acceptance and adoption are another key area and Pramod as you tell on it that how many people will make changes to their own portals and stuff, so the simplicity of the work flow will be extremely important and you mention the construct of issuer and acceptor, I was thinking that if you decentralised and make it issuer verifier and acceptor, so the issuer and verification does not tie closely so the issuer does not need to make lot of changes. So, I think simplicity of the workflow should be extremely simple, if it is complex no one is going to make changes.

People have been asking question, we have been asking Market place to think about opportunity here, so this is one of the things that we signed by itself, if we are the only issuer of credential, so it is going to be a specification play and some policy push, if that is the case I mean it is as good, I mean people have been thinking that how much money you can make really, there are 2 companies, we are very keen to get SaaS tech place who can provide Digi place, E-plays, in UPI world also we had good SDK play you don’t see them everywhere but they are everywhere because their SDKs are used. We are really keen to get some good Market place, acceptance in SDK and issue in SDK and it can be simple portal base issuance tool as well, where there is designer template, logo, upload your SCV and we will issue credential, we will push to Digi locker and SMS them or notify them to take care of issuer. The cost will be 25 paise per certificate, 50 paise, but by itself we are not very sure that it is exciting enough to market place, it is a very good value add but we were thinking independent market rule or it will be one of the guys who is already there, HR tech company who can easily embed this, Fintech can easily embed this, how it is going to happen with some just dial who just gives you SDKs and everybody gets growing, SDK guys making tiny money but it is the good money and it is very tech play, or like Razor play, Payment Gateway is bigger than SDKs so that is under the approach today that any work flows wants to accept SDK that goes to Payment Gateway, verification Gateway. We should see interesting market modelling we can push for because as we do Digi Locker 2.0 strategy and open specific strategy across Health, Finance, Skilling, Governance certificates like Marriage certificate, Birth Certificate, Trade, Govt Issue tons of certificate, so we trying to do that as well, these 3 areas we can also look at how would Market place brain storm that will be nice because without market place, adoption will remain one of the system integrated and kind of change their work flow and it will not be as easy as putting SDK, JAVA, that’s easy it should be.

It was very interesting as you mention Payment Gateway because we also brain storm and thought when you have Rupay and Master Visa, actually there can be identity network in between, so in a 4-party paying system you have network playing kind of Gateway role, switching transaction there could be such play network.

I do differentiate between the identity play vs Credential play it is looked more as an asset play more than Identity play because asset can be conflating as it is a huge set-up, you can get trap into identity play, it is good to have but you should have independent Credential play.

So, I just gone ask that this is something which is not solved even globally, we were doing some study for job market and specially when we were trying to fix some ideas there. Since you mention LinkedIn so me and Samiran found out interesting hack what people do is when you look at LinkedIn Page, the last education comes first so everyone has Harvard 2-day courses which comes on the top so when you look it so that market is huge, any thoughts on how you have seen global adoption or constructs that can be looked at India prospective. 2 things happen that changed the Global narrative with respect to verify credential: 1. Covid itself, I think COVID have definitely woke in terms of Vaccine Credential, certificate although US continue to handwrite, Africa has done pretty good Job, Australia have done a good job with digital verifiable and even they have come with good standards, even there are 3-4 global standard that are from the Vaccine side that has work really well, that was big turning point. 2. WTC finally putting 1.0 as they do take time, timing was also perfect we both coming together so the idea of Credentialing is very hot and it is happening in hell, Economic opportunity is in Finance and I also see in Education degree certificates it is a huge area, this area you see credential talk about. But if I see there is a significance confusion in Europe, US, they usually come around huge players, tech company or new age blocking company who just show up and confuse the hell out of everyone, all are doing double sided market play, I won’t be able to issue and not able to bring everyone in my network, whether I store in block chain, we are actually doing 2-sided play and some polices to make it easy. So, I think because of the capitalistic, entrepreneur discussion in US that I don’t see moving, but I do see huge effort in Aisa, South Asia, huge discussion going on across system, Africa is also ahead, they are into paper world, tech is high, so need for it is more here in developing nation. Europe seems to be moving.

I remember funny story on marriage and in 10th standard our accounts Professor he said the best way to identity the suitable candidate or suitable for your girl, is how many times he has declared bankrupt, the more he has declared bankrupt that means more he have saved money and he is still in the days of not declaring money and this business community that is how they find the right boys, it is like you are bankrupt so you would be rich. Second one is Marriage certification I remember we got married, my father sends to marriage bureau and he said it is a long queue and they are asking for signature of Pandit and father said now where you will get pandit so better come out sign it and give the form so my marriage certificate got signed by peon as Pandit.

It is so funny and so crazy in this country that we have to take a signature, some random sealed and actually digital signed document, anyone can sign anything.

I don’t know if you had this experience in Mumbai when we use to come out from Airport, for cab they use to stop and ask name, number and go, I give random name it is just some security major.

It is amazing that there are always timings, as in 2013-14 writing a literally note, Digi Locker we should not be talking about Fake certificate in this country at all, experience tells you that it takes 2 decades before everything starts happening, so we are in that journey. Next push would be very commonly accepted documents, again we will look at entrepreneur energy very easiest decades.

I personally thinks it usually takes a very big scandal, basically you need a systemic thing, like seat belt at the back unfortunately Cyrus Mistry passed away so everybody is talking about seat belt it was there from decades and everyone use to think why this buckle hanging through, so one good scandal in credential space that is all we need and it will be one plus moment I think.

We look for window opportunity, what is our demon moment for VCs, if something happens then we will leverage it.

The moment back you were talking about don’t confuse identity with credential and currently if you read everything on the net it actually seems going hand in glove, it is about self-sovereign identity and credentialling, it seems to be inter-lock but I am just trying to understand what is your prospective?

Everything is credentials, now identity is a proof of who I am, not proof of what I did and not how much I earned, where do I work, so proof of who I am is an identity and identity is credential can be converted, but on the lighter side the confusion when you read self-sovereign is completely adapted by web tree, block chain crowd, young guys which I have not seen from decades same shit repeating every time. Block chain allowed is decentralised money making that is the only reason that choose and become popular otherwise it has gone dead and gone long time, but there is something good in it and hidden and you have to wait for the 1st wave of collapse and 1st wave of failure to get the best out of the real tech same as the early days of internet, everybody goes to random stuff. Because of the narrative recreated by them the identity, block chain, credential all stuff is mix up, none of them are actually need to be mix up, but all these are completely independent construct, so the way we proof the ability of your claim, did you make lot of claim as an individual or as a company, we did claim is what that makes next opportunity because any next opportunity to leverage, I need able to make claims average balance in the last 6months, where do I work it is necessary. My ability to proof that claim trusted low cost manner is all about credential. It is good to rely behind large standard because it gives you the momentum, other than that if someone says I had created excel document, digital signed it and you as an accepting party can verified in a machine, your algorithm can verified without in a trusted manner, everything has been taken down. Let’s talk about degree certificate that says someone call Pramod Verma has earned this degree from this college in this year or in this subject, so when you verify that credential that accepting party is only assuring themselves that indeed this is a genuine certificate issue in so and so University, I also indeed ensure that this is valid document and read the content but I don’t know whether you the person as presenting is actually Pramod Verma so that is where identity connection comes in, it is loosely cover that means every credential is proving something but little points to that noun co-participated in that proof, Pramod Verma owns this property has 2 noun Pramod Verma as a person and property which is the place, so both have to be verified independently, that is where the loose connection comes so every credential will have a pointer to the identities, now 1 is identity of the holder and other identity which is embedded for example, Pramod Verma earned from IIT Delhi now IIT delhi is also an institutional identity so you need strongly verifiable identities linked to any credential, any asset, you would have downward pointers for various identities beyond the holder itself, now if the identity is papered will the value of credentials be digital because you can verify the certificates but I can’t verify the individual, now still I have to call it and show the licence card but I don’t know whether you are same Pramod Verma as it is common name so I could have taken somebody else certificate because the identity is also digital and credential is digital and if they are linked then the ability to verify both the holder and the identities as well as the authenticity of the proof becomes completely problematic and becomes very low cost, so digitalise identity was very keen so that is why Aadhar is very much keen. Now in the block chain world it has to be BID it is all completely bull, for me whether it is Web 2 identity or Web 3 identity is irrelevant as long as it is digital authenticate identity, otherwise it becomes paper identity, again one more fake player, I can take your certificate, so it is important that we digitalise identity we make them authenticable and issue those credential against those identities whether it is property, vehicle.

So, Pramod when we spoke regarding UPI and Aadhar, especially UPI have a very strong road map, Digi locker have started sometime back and even not lost the stream, latest one is my licence on Digi Locker, so is there a strong Road Map for verifiable?

There is a road map for Digi locker for sure and that team is very much addict and we have recently launched an issuing site tool for Govt to use it, but my system have to change it to issue, small projects very difficult of Govt, but issuing is decent it is not central authority, most document is at panchayat level so it is verified certificate, but it is difficult to get marriage certificate at decent life level, that is making it difficult, so Digi Locker currently launched an issuer portal so they can simply signed up and upload documents and choose Marriage certificate as an template and issue, so they have done some tooling. So we were talking formally Digi Locker 2.O we are looking at some key documents to put QR codes and as simple I think narrative is not about QR code, anyone who gets the certificate in this country should ask QR code is not there what happen, while Vaccine certificate I have seen 2 construction labourer going down to the basement in shop shoes and taking print out and taking mobile for scanning QR code as they all know they will get cheated and in Job world they issue fake recruitment letters that is so common and people get cheated so it is very important policy narratively to create Digi Locker 2.O and pushing the agenda that everyone have signed QR code and when issuing site get saturated we can pick up some plus one on the acceptance side with good SDKs, Job company who is recruitment can start saying one click. Finance world can also accept it for lending purpose, account aggregator is getting easy and all converting Digital workflow so hopefully we will get acceptance, but I don’t think we will get saturation at issuing side and that is when QR code strategy come and with Aadhar and Covid certificate we are good.

I can just imagine the panic that is going to happen because No driving license is going to have a QR code, none of our certificate have QR code, if you going to implement it so I am going to watch it with the fun.

There are lot of other aspect and lot of push for market forces and issuing chip, smart cards, no1 have every use my certificate, driving license with the chip because there is no chip reader, it is money making business and procurement game that one of them play. We never put pressure of smart card, even security attack from UK we just said QR code is good enough, when you see the future card are passing.

That brings us end on the special episode on Verifiable credential with Pramod Verma and like we started the Podcast with an anecdote, this is again from my favourite source LinkedIn, 1st I talked about work and this one is about education and I came across this profile where educations says MIT, Harvard, Stanford, but when you look into the fine prints it is MIT ended lunch for MBA candidate, never apply Harvard 60mints campus store and 45mints campus store also ended a football game. The credential market is a sizeable one and poses sizeable challenge, I was going some of the numbers and there are about 20,000 university out there, 5-6 certificate per year, 13 millions companies, 18 certificate per employee, GOVT own documents, 3billion people online and their own documents, so it is a sizeable document and credential creating machinery out there but I think what we need to bring is the fact that can these things be machine read, can be trusted, can people interact with each other and institute with steam line manner, I think that is what Pramod and its team folks in are trying to laid the foundation for, how do we systemize the process of verifiable credentials, how we make commerce and economics easier with it, how we apply right tech to it. If you have some suggestions do feel free to drop. Thank you for tuning in and listening to us, will be back with some more special episode before we launch season 3. Thank you.