Welcome to the United Nations | Department of Economic and Social Affairs


WS 69



This is the output of the real‑time captioning taken during the IGF 2014 Istanbul, Turkey, meetings.  Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors.  It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.  
>> MODERATOR:  Hello, good morning.  This is workshop 69, the payment‑privacy‑policing paradox.  We would like to begin on time, and my name is Pindar Wong, I'm Chairman of Verify Hong Kong.  Trust by verify, trust is the foundation between human relationships and the foundation of commerce, examine if we're going to move the digital economy and payment through digital currencies, then there are going to be a whole host of issues that will evolve and this session is designed to explore those issues through role play.
Can I have my first slide, please?  Slides?  Sorry, some technical ‑‑ could I have my first slide, please?  Thank you.  So workshop 69, the payment privacy policing paradox in Web payments systems, we're going to explore, there's a natural paradox between the desire to determine who sees what when you see something and the policing of a system, and we're trying to explore that through the new technologies involved with Web payment.  This is a no presentations group work and this presentation is just purely to give you an orientation.
Next slide, please.  So this is actually stage 2 of a 3‑stage process.  Last year I made the mistake of not ‑‑ we had too many formal presentations, so how many people here managed to watch the online videos, the briefing videos before coming?  Okay.  So what we're going to try to do is a summary.  We have half an hour of briefing videos.  Please look at that, it tries to set the context so that we can have an intense deliberation, which is really the bulk of this session.  So we're right now in stage 2 whereby we're going to have a deliberation, and stage 3 is after the IGF whereby for those of you that want to supply written questions, written submissions, there's a survey.  Now, this process, we'll take the output of today's session and the results of the written survey and we'll feed that into next month's W3C technical plenary TPAC meeting in Santa Clara,California, so we'll move from the monologue to the dialogue in the workshop.  As you know the agenda is on the Web, we'll quickly go through some introductions and move directly into the use cases.  So in alphabetical order, we have Dr. Louise Bennett, Working Group Chair and security for the  chartered institute in the UK, Dr. Mary Bold, Executive Vice President and chief research officer of a credit process.  Mr. Norbert Bollow is the co‑founder of the coalition.  Jeremy Malcolm to my right, senior policy analyst for the electronic foundation, better known   as the EFF.  Mr. Manu Sporny, are technical community W3C web payments community group and myself.  Can we just move into position statements and your points of view and work top to bottom starting with Dr. Louise Bennett, over to you.
>> LOUISE BENNETT:  Good morning.  I'm sorry that none of you managed to look at the videos, but there are two things that I think we really need to consider in this context.  The first is can personal views and legal requirements about liability, security, traceability, privacy and anonymity actually be reconciled?  And the second is can you distill a really simple core identity and payment requirement specification?  Because that's what's needed.  Now, I would say that in online commerce you need to be able to prove that you're able to honour a transaction and pay for it.  However, for legal compliance reasons, in most countries, some organisations you're doing business with may need to know who you really are.  So the focus of all transactions involving online payments needs to be about building trust between parties and ensuring that contractual liabilities are clear and the means of redress are effective.  Now, that is very important, and to do this, particularly for the last thing, for redress to be effective, I would submit that the norm should be that individuals and businesses in transactions involving payments need to be identified and not anonymous.
In my video presentation, which you can look at later, I suggested that all transactions at high‑medium level, payments were really covered by things that the banks already did and it was really the low‑level payments between small companies and individuals and peer‑to‑peer that ought to be the focus of standards on the net.  And I think we have to accept that as in the physical world, in all financial transactions, you can be cheated.  So we need to start with a very simple system that everyone can understand and that minimizes the chance of being cheated.
The identity standard on the Internet has also got to allow for multiple identities, so while you don't have anonymity, all the research that's been done by many people shows that practically everyone wants several identities on the Internet.  They want a Paypal identity, they want a Facebook identity, they want to use different credit cards and different payment mechanisms in different situations.  And that is very important because that is what gives you the ability to reduce your risk in certain areas.  Most of us probably use one card for online payments with companies we don't really know.
So if we accept you can't have 100% security, you've got to then consider the balance between usability and security and the risks involved in the transactions you're doing.  This can be improved in online transactions through trusted third parties, and Alipay is a good example of that in Alibaba, they hold the goods in escrow for you.  PayPals and banks do the same thing.  The real thing is in the physical world most of us know how to get redress if something goes wrong in a financial transaction.  We know our consumer rights in our home country.  The trouble is in the online world, we face much, much more uncertainty, and the standards are needed to reduce that uncertainty.  Thank you.
>> PINDAR WONG:  Thank you.  Mary?
>> MARY BOLD:  Thank you very much.  With appreciate to Pindar and Manu for bringing this panel together, obviously we are bringing different views today, and by the time you hear all of us speak, you'll hear some contrasting views.  I come with a view of looking for other things to do with the technology around payments.  I'm interested in how that may play out for the world of credentials, digital credentials, and specifically education credentials such as proof of your education, your college degree, et cetera, and perhaps professional licenses, another set of credentials which certainly have high value and that word matches a word that we bring from the Web payments world, high value payments.
I will break just a second to make the same point I made in my video, which is that when I say high value credentials, I should immediately change my language to high stakes.  High stakes credentials would refer to those things which probably have very high value to me as well as to other people, perhaps an employer, perhaps a client.  That does not mean that low stakes credentials cannot utilize he same technology and, in fact, probably will.  So for my purpose, I come as part of the multistakeholders approach that we see throughout this conference, which is to see what else is involved whenever we talk about any technology, and in this case I'm looking for the broader application of Web payments technology across credentialing.
Pin pun thank you, Mary.  Norbert, over to you.
>> NORBERT BOLLOW:  Thank you.  My interest in this technology comes also from a slightly different perspective, that of handling the spam problem in a way that would be not discriminatory, that would not be problematic from the aspect of privacy because content based spam filtering, you can put your staff on gmail, but you obviously sacrifice a lot of privacy for that.  There's a general problem with match of the approaches to content‑based filtering that we have, so my view is that a much better approach is to guarantee communications between people who don't know each other yet, I can send you an e‑mail with a financial guarantee, you can take like $1 from me if you think it's spam, and that way I would differentiate myself from other spammers who don't want to risk a dollar.  I mean, sending a real e‑mail to somebody who doesn't know me yet, it takes me so much time, a dollar is nothing in comparison.
The problem in relation to that is of course we need a useful peer to peer payments technology that can include this kind of guarantee and that payment staff and at the very least the guarantees, which is not the same thing as an actual payment, the guarantees master very strong privacy properties in order for this to have some benefit.
I would just quickly add a report that is in the report on the UN commissioner of Human Rights who said that the honours of demonstrating that surveillance technology or surveillance framework is necessary and proportionate to the aims is on the state who wants to use it.  So this I think must also be applied to any potential surveillance related to policing for payments.  Thank you.
>> PINDAR WONG:  Thank you, Norbert.  Over to you, Jeremy.
>> JEREMY MALCOLM:  Thanks very much, and I also have a very specific perspective to offer today.
But before I go into that, I really am glad that the community group, that developing the standard has decide to do bring it to the IGF because I think what often happens is the technical standards are developed in sort of a bubble, and there's not enough thought given to the social impacts of this and the example that I always give of that is the Guy that worked at Netscape back this day, he developed cookies, he probably thought that was a brilliant idea and he had no idea that it would subsequently be misused in all the egregious ways that it was so I think it's a fantastic idea that we can pick the tires of this Web payments standard proposal and work out the kinks before it gets set in stone, so I think that's brilliant.
From working at EFF, we have lots of technologists who actually know the nuts and bolts of standards.  I'm not one of those.  I'm a policy analyst, whatever that means, but it does mean that I don't know so much of the technical details, but I do know the policies that EFF's members and supporters are concerned about and one of those is the ability to transact anonymously.  In fact, we support anonymous use of the Web in general, not just payments.  Technology can help with that, standards can help with that, we have a number of technologies that we recommend for anonymous use of the Web such as Tor and likewise anonymous payments are also important.  One of the misconceptions that I address in the row is often that if you want to do things anonymously, you must have something to hide, you must be a criminal or money launder error something like that, but actually there are many people who have legitimate reasons for wanting to transact anonymously.  Sometimes they may be dissidents or when I say blowers but other times they're ordinary people.  The example I give in the video is that there was the story that broke a couple of years ago of a young girl who was shopping at Target, a teenage girl, a school girl, who did they are shopping at Target and Target was tracking the payments that she made and the products that she bought and they plugged these transaction details into their computer and the computer spat out certain information based on the fact that she had been purchasing unscented lotions and cotton balls and things like this, and they determined that she was pregnant.  So they sent some offers to her home address containing baby products and her father found these, and he did not know that she was pregnant.  So Target really abused her privacy by breaking the news of her pregnancy to her family in that way, and that's an example of why it's very important that we have the ability to transact anonymously and not be tracked either by corporations or by governments to find out what purchases we're making online.
So the EFF's position is simply that we want this to be honoured as an important principle in the development of the Web payments standard.  Thank you.
>> PINDAR WONG:  Thank you.  Jeremy Malcolm will be staying for a few more moments, we've been very fortunate to have him this morning, he's actually double booked.  Thank you for that.
He'll be doing a live demonstration with me just after Manu introduces the technology that we've been hearing about.  What is this Web payments standard?  And thank you.
>> MANU SPORNY:  Sure.  Thanks, Pindar.  So we have a set of technology that we've been working on in this Web payments community group at the World Wide Web Consortium, and we're trying to share that technology with a larger audience, a multistakeholder audience.  So last year at the 2013 IGF we started talking about taxation of virtual goods and payments and how we basically route money over the Internet, and we took the input from that, took it into last year's W3C technical plenary and the outcome from that was the world's first Web payments workshop.  So this is a demonstration that this multistakeholder approach that we have here at the IGF feeds into other technical groups which then create exploratory groups in the technical world, and what we find out in those exploratory groups we feedback into the IGF creating this kind of nice virtuous cycle of feedback between the technology, people that are creating the technology and the people that do policy and regulation around the technology.
So we have a set of technologies around Web payments.  It touches quite a bit on identity, on privacy, on digital receipts, on payment initiation, and what we're trying to do is we're trying to build payments into the core architecture of the Web.  The core architecture of the Internet.  Right?  So there's a lot of responsibility placed on the groups and organisations that are building this technology to ensure that we do not create something that violates people's privacy, that we do not create something that makes it very easy to launder money, and just creates something that is of benefit to the world at large.  For those of you that don't know the World Wide Web Consortium, they create many of the technology standards that you use every day.  If you open a Web browser, you're using their technology.  In fact, 2.4 billion people around the world use the technical standards that this group creates.  So it's very important that we get this technology right.
So what we're going to try to do today, Pindar is going to go into the exercise here, but we don't want this to be a panel‑audience interaction.  We want to get as much feedback from the IGF community to make sure that we're doing the right thing.  Thanks, Pindar.
>> PINDAR WONG:  So at this moment, I will move into we're going to reorganize the stage, if I can ask everyone but Malcolm to leave the stage, and your seats are assigned, I was just going to get set up for the workshop.
Now, you heard Louise mention that in physical space, when we buy something, we have the metrics to understand to understand a transaction.  I'm going to start, this is a Web payments transaction.  Jeremy wrote an excellent book which I all encourage you to read, it's actually also available online, called Multistakeholder Governance at the Internet Governance Forum.  How apt.  Now, I'm going to buy this physical book from him.  He is the vendor.  I'm going to give him $100 as the buyer, I give him something of value, and he gives me his book.  Everyone is clear, right?  So we're going to do that process by going through and explaining the Web protocol.  Now, I've seen his face before.  In fact, the book introduced us, there's an identity issue, he sees me, I've given him a piece of paper with some ink on it, there Hong Kong dollars, he can't spend it here in Istanbul, this is the kind of exchange we have but the issue is identity, there's no intermediary.  However, if I use my credit card or if I use my USD stick with bitcoin, then what   happens?  These are the issues that we're trying to surface ‑‑ sorry, I'm going to sell it back to you now.  You keep this as a deposit and I'll give this, and you'll need to leave at some point.  But thank you very much.
So let me just also try and set some context.  This whole area of financial technology is hot.  Okay?  How many of you have a Smartphone?  Okay.  Right.  There are over 400 ‑‑ if you look at angel.co, there are over 800 new start‑up companies investing their time, effort and energy in mobility payments alone and mobile payments in some sense is a subset of the issue.  Why?  Because all these mobile phones these days have access to the Internet.
Now, the next one and a half billion people to come online in Asia, Africa and et cetera, they'll probably also be accessing the Internet itself for the first time through their Smartphone so there's a lot of effort right now to bank the unbanked, people where they don't have any financial infrastructure, so there's huge social motivation to get this technology right, so we have only one objective and that is for you today to ask questions.  Every single question you ask, we will record, anonymously if you wish, and we'll go through that, and the questions we've already posed on the website, and we're hoping through this dialogue that we generate some insight, that we don't replicate the problem with spam in the payments area.
If the guys who designed the e‑mail protocol envisioned the problems of spam, what were you thinking at the time when you invented e‑mail?  Okay.  So what we're trying to do is we're trying to avoid creating unintended consequences for all this new technology, which is very different.  It's the most different thing that probably the world has seen.  I look at it as follows.  The last 15 years we've been talking about Telecom liberalization, right, the Internet.  I believe this whole fin tech area, financial technologies, next ten years is all going to be about financial liberalization so today we'll illustrate some of the technology by grounding it in use cases which explains how the technology works and so if you give me a moment, we'll set up the stage.  Now, we mentioned anonymity, so for those of you who want to participate in anonymity, there's a chat, there's another stage after this, Britain submissions and this will all be wrapped up and packaged for next month's technical plenary.  Last but not least there is a session evaluation form.
So let me explain how this role play is going to work, and after Manu sets up, I'll need a wireless mic.  We're going to explore this issue through role play, just as Jeremy was the seller and I was the buyer, we're going to do exactly the same, but we're going to start not in payments, we're going to start with Web identity because that's really the simple context to understand, and we're going to then ground the discussion with a specific Web payment example which I hope you can start to kick the tires and you identify, hey, that's not right.  Let me give you an example.
I think last week Nigeria introduced a new ID card.  Has anyone heard of this?  It is an ID card, it is a credit card, and it is a debit card.  Now, in China technical innovation is right, we have life insurance companies who want you to wear a device and depending on how much you exercise, your premium goes up or down.  Your Smartphones these days have various biometric devices, fingerprint, facial scan, voice scan, voice print, these are ways that they can combine and form your identity.  If these companies ‑‑ it's not clear who will aggregate your payment data.  If they can calculate, for example, if they know what I'm buying in the supermarket, they may know my total saturated fat intake.  These are the unintended consequences.  So in summary, we're trying to surface the unintended social consequences and political consequences from the technology.  Why?  Because we are not qualified ‑‑ I mean, we can think of all the different cases, but any technology has, as Norbert mentioned, unintended consequences.  So with that, let's get going.  I use this mic?  All right.
We have three parties instead of two in a typical Web identity transaction.  And the three parties, let me just explain how this is going to work.  All of you understand that to access the Web, you use a browser, right?  Orange browser.  Name me the orange browser.  Chrome, Firefox, they're all browsers and we also have another party which is the website that you're trying to buy from.  So before Malcolm was like the website and I was the browser, but with Web identity we have a new party, a third party which was mentioned, which was the identity provider.  What Manu is going to do next, I'm going to give the mic to him and he's going to explain through the use of specific use cases how this flow is going to work.  Now, we use use cases and technology to help focus our thinking, to be very specific and precise about exactly what we're talking about.  Now, notwithstanding that, this is a greater conceptual simplification of the details.
So Manu, can you please take us through the first example?
>> MANU SPORNY:  Sure.  Absolutely.  As Pindar said, we're going to start out very simple.  This is how the technology is designed today.  It's certainly not set in stone.  The feedback that we get from this group is going to feedback into how we change the next iteration of the technology.  So everyone probably had to buy a plane ticket to get here, right?  And you gave over a number of pieces of information in the purchase of that plane ticket.  You gave over some passport information most likely or some kind of name information, you gave over your e‑mail address so they could contact you, and maybe you could have also given them some Visa information when you bought that plane ticket.
So the idea here is that you were at a website buying the plane ticket, right, you used your browser to get there, you're now viewing the website.  The way it works now is you have to enter in all this information.  You have to do it for every single website.  And we're trying to automate this process to make it much more easy and make it more verifiable so that the information that you give the website is proveable.  They don't have to trust you, they can trust someone else.  For example, a Government.  They can trust the Government that the digital passion port that you're giving them is in fact a valid passport.
So using your browser, you go to the website, the website says I need these credentials from you, I need an e‑mail address credential, I need a Government‑issued passport, and I need a visa because I just want to make sure that you can get to the country that you need to and you have a visa when you get there, right?  So those are the three pieces of information that I need from you.
Now, your browser is going to detect that the website has requested that information, and it's going to go back and go to your identity provider.  Now, your identity provider is someone that you have picked previously.  It's someone that you trust with your credential information, you trust them to store your digital passport, you trust them to keep that information safe and protected.  And the identity provider basically has these credentials stored on there.  So three credentials here, e‑mail address, passport and Visa stored here.  All right?
Your browser is going to fetch these credentials examine then deliver them back to the site that asks for them.  Right?  It's going on give it to the website.  Now, that website, how does that website know whether or not those are valid credentials at all, right?  Right now we're depending on digital signatures on those credentials, so there is a cryptography component to this, but basically once those credentials are delivered to the website, the website can then verify that those credentials are, in fact, real.  Right?  It can check the signature, the signature is from, for example, the Government of France or the United States Government or the Canadian Government, and it knows that those are valid credentials.  It doesn't have to trust you, it trusts other parties for that digital signature.
So at the most basic level, that's how we're envisioning this new identity mechanism working.  This is how you're going to be able to prove who you are on the Web.
>> PINDAR WONG:  Have we lost everyone?  Any questions at this point?  Name, rank and serial number.
>> AUDIENCE:  My name is Peter and I'm from Australia, I'm trying to understand, I go to an Internet cafe now and I go to the website, how does it link up with the identity provider in do I have to put in a code?  I'm a bit lost.
>> MANU SPORNY:  We're going to try not to delve too deeply into the technical how, but your browser is capable of sending out a query to the general Internet and this query is a distributed query, it can find your identity provider.  I'm going to wave my hands and say that it's a protocol called telehash, it's a new protocol but one of the capabilities of that protocol is that you've gone into an Internet cafe, that computer knows absolutely nothing about you and using only your e‑mail address, you type in your e‑mail address into the browser, it can create a query that goes out to the Internet and discovers who your identity provider is.
Now, that identity provider might be in the U.S., it might be in Canada, the telehash protocol is in fact so sophisticated that you could be wearing your identity provider around your wrist on a smart watch, it could be in your cell phone, and it will find that identity provider and request the credentials from that identity provider.  Did that ‑‑ sorry.  Did that answer your question?
>> AUDIENCE:  (Off microphone).
>> PINDAR WONG:  Questions are good.  That's why we're here.  Over to you, sir.
>> AUDIENCE:  How is different the identity provider to the certification entity of the electronic signature?
>> MANU SPORNY:  Right.  So it's very important to keep the identity provider completely separate from the organisations that are creating the digital certificates or the digital signatures on these credentials.
>> AUDIENCE:  Why?
>> MANU SPORNY:  Well, for example, if you wanted to run your own identity provider, let's say that you had a home Internet server and you wanted to run your own identity provider on that, who is going to trust that identity provider?  Google is not going to trust them, Facebook is not going to trust them, Paypal is not going to trust them.  So you need some third party to issue a credential to you that's trustworthy.  This is just a storage space for your credentials.  The trust comes from a third party, so for example, more than likely a website is going to trust, for example, the Belgian Government over you.  Right?  So if they see a digital signature from the Belgian Government, they'll trust it more likely over just you.  But it is really up to the website on who they trust.
>> PINDAR WONG:  Let's illustrate that.
You're from which country?
>> AUDIENCE:  Ecuador.
>> PINDAR WONG:  So the Ecuador Government, again, his signature is specific to himself, it has nothing to do with the Ecuador provider, but somehow if it ends up here, this website says, oh, I know that this signature is from the Ecuadorian Government, I can check it with the Ecuadorian Government, I go with you.  Is this your signature?  Yes, okay, I believe you.  And it can do so through all the different credentials.
Now, right now we're talking at the identity, from the Web identity perspective.  Are there any other questions here?  Because we can move on now to a payment example to really surface the intricacies between privacy and policing.  If there are no other questions, Manu, can I move on?
>> MANU SPORNY:  Absolutely.
>> PINDAR WONG:  We'll do a bit of magic here, the website changes and becomes the seller, the merchant if you will, the browser stays the same, right, and instead of an identity provider, the same role is played by the payment processor.  So Manu, can you take us again through this process?
>> MANU SPORNY:  Sure.  So the general ‑‑ what we're trying to demonstrate here is that this same flow works for approving your identity and the exact same flow, almost the exact same flow, works for making purchases online.  It's the same general technology that we're using to prove your identity and perform a payment online.
So we start out with the same basic process.  You are in a browser, you go to the seller website, they ask for some kind of proof of credential.  So are you clear to buy this good that you're buying?  So for example, if you're buying let's say that book, all they would really probably want from you is an e‑mail address credential so that they could communicate with you after the fact.
But if you're buying, for example, toxic chemicals or if you're buying a weapon or surgical gear, they might ask you for a license, such as license to practice medicine, license to handle hazard us chemicals, so you would provide those credentials to the seller.  And one of the credentials that the seller is going to ask for is who is your payment processor?  Is your payment processor Visa, mast card, Paypal, Google Wallet, is it some third party, is it a bitcoin wallet?  Who is the payment processor?  So all of that can be asked in one go.  If you think about today in our buying process online, you have to go to the website and you have to fill out all that information for every website that you visit.  There is no standard process for proving certain details about yourself.  So the first step usually if you want to buy something online is sign up for an account, verify your e‑mail address, right?  Then once you've done that, verify that you live in a particular country, verify that you have a particular type of credit card.  We're trying to get rid of all of that so that you just go to a website, you see what you want, you click buy, and the purchase happens.
So basically the seller has got all of your credentials now and is providing what we call an offer for sale.  I am selling this book, the seller is going to mark this information up, I am selling this information for 100 Hong Kong dollars or 20 U.S. dollars or, you know, the offer contains all of the ‑‑ basically the details of the offer.  Licensing information, copyright information, the color of the book, the preface of the book, all of this information is expressed in machine‑readable data.  Right?  We are using a technology called link data.  It's specifically called Jason LT and we express all these credentials and offers in a machine‑readable way and that's important because it allows search engines to come across the website and understand what's for sale on that website and the terms and conditions that that offer represents.
So the browser is going to use the same exact metadata to execute the transaction.  They're going to go to ‑‑ you're going to click buy on a particular item in the browser, it's going to create an offer.  The browser is then going to take that offer and give it to the payment processor, and the payment processor is going to ask you, you're giving me an offer for a book, it's 100 Hong Kong dollars, do you want to pay that?  This is very different from the current payment process that you do today, right?  Normally you go to the seller can give them your credit card information.  They're pulling the money from your bank account, and credit card numbers are incredibly dangerous, it's like giving this merchant a password into your bank account, they can pull whatever they want to out of that account.  That's a pull base payment.  What we're talking about here is a push base payment.  You are getting an offer from the seller and the payment processor is asking you do you want to push $100 to that seller?  And if you say yes, then at that point the payment processor gives you a digital receipt, which operates very much like a credential, you get the digital receipt, it goes back to your browser, back to the seller, the seller checks the digital signature, it knows that the funds got through, and then it gives you access to the book.
>> PINDAR WONG:  Stop.  Now, there's a very important difference there between push and pull.  Did you catch that?  Well, that's great.  Oh, question?
>> AUDIENCE:  The question I come to for explanation, but if I have an identifier like an e‑mail address from someone, if I'm a seller, I run an e commerce business, I can send out 100 pushes and offers to whatever e‑mail address I catch?
>> MANU SPORNY:  Sorry, can you clarify a bit?
>> AUDIENCE:  Spam e‑mail addresses for money, is that right?  
>> PINDAR WONG:  I can spam an offer and with just one click, they get everything, that transaction is being made?
>> MANU SPORNY:  No, so there are a number of things that prevent that from happening.  One, the offer is opt in, so you have to actually click on the offer to initiate any kind of purchase process.  The second part of that is if you click on that, if you click on this, there is still a chance for you to stop the payment by going to your payment ‑‑ the payment process is going to ask you, are you sure you want to send this money?  And at that point you can say no.  Now, you're right, there's always the danger that people are going to just create random links around the Web that make it easy to accidentally trigger these payments, but what we're hoping is that the browser vendors are going to create a special type of button, it's going to be styled in a very specific kind of way so you know you're initiating a payment.
>> PINDAR WONG:  Do you want to follow up, and then we can move around.
>> AUDIENCE:  Then again, if I build a browser myself which is just a crawler that inputs e‑mail addresses or accounts and make these calls for everyone, because actually this is applicable for any browser like Internet cafe where I've never signed in, I enter my e‑mail address, this handles the request this push to the payment provider, right, so if this browser is some automatic spider or crawler, then it can fire off a lot of push requests to the payment provider?
>> MANU SPORNY:  So there's another thing that's protecting that from happening.  They need to know some kind of password, they need to know some kind of cryptographic token to do that to push that.  Right.  So we specifically protect against that.  We have a remote participant question, and then let's go back.
>> AUDIENCE:  I'm from Australia.  You spoke about how this assists merchants.  How does this assist people who may be interested in selling digital goods or information to a website?  And also say the website asks me for credentials.  Do I need to use my legal identity?  How is a person supported anonymity?  Can you demonstrate?
>> MANU SPORNY:  So I guess the general question was how do we support anonymity in the system if you don't want to use your real identity to purchase something?  Maybe.
>> PINDAR WONG:  Let me reinterpret it, I think he was talking about a dating site and using pseudoanonymous dating for a dating site.  I'm not sure how that makes it different.
It might be a general question around anonymity, so I'm just going to take it ‑‑ okay.  Back there?  
>> AUDIENCE:  My name is Russell Chandwic, CEO of Hope,  we have hotlines around the world that take down child sexual abuse material, we get 1.2 million reports a year that we pass to police around the world and police work with payment providers to be able to track suspected pedophiles.  How would this enhance that?  Because we do need to be able to track commercial worst of the worst activity on the Internet and increasingly we see it going through the commercial route.  So it's not just pedophiles exchanging images of child abuse, but it's pedophiles selling those.  So how would this help law enforcement track those transactions?
>> MANU SPORNY:  Right.  Anonymity and privacy is a big concern of ours, meaning that when you buy something, you might not want to know ‑‑ you might not want the seller to know who you are, but law enforcement certainly wants some kind of mechanism to discover someone selling illegal substances or child pornography online, either buying or selling, right?  So that's an open question here.  We want to build in regulatory hooks into this technology.  It's a design consideration that we have.  So we're giving hooks in here to regulators, so for example, if you do a transaction over 10,000 U.S. dollars in the United States, you have to automatically report that to FINSEN, we want to   build that into the standard because that's what the regulation basically says you have to do.  So there's a question here.  Should we allow completely anonymous identity providers?  Is that even legal?  It depends on which state we're talking about.  And that's really why we're here at the IGF.  We have certain biases that we bring to the creation of technology, and I really don't think policing of pedophiles or, you know, illegal content like that has really been raised as an issue.  We talk about it in very high level terms in terms of policing and regulatory stuff, we believe that the identity provider or at least the payment processor, so the identity provider might hide your identity from everyone else, you might run an identity provider yourself, but the payment processor has to be able to know exactly who you are.  They know your customer regulations in a variety of countries that we have to also be aware of.
So I believe the answer to your question is most likely you can do pseudoanonymous transactions online, fully anonymous transactions are kind of up in the air because, one, we don't actually know if the technology is capable of doing that.  When we say fully anonymous, we mean completely untraceable.  We don't know if there's technology to do that, that's kind of a new thing.  And two, if you're talking pseudoanonymous, we can certainly protect your identity from the seller, but law enforcement is going to probably come down pretty hard on the payment processors and say you need to know your customer.
>> AUDIENCE:  So just on a follow‑up, if I may, so at the moment if you have your own car, you have a registration number, a registration plate on that car, so if you break the law, the police can track you because they look up that number and it gives you a good idea who owns that vehicle.  So if you're saying that there will be some sort of hook in the system for police to be able to do that, then I think that's acceptable.  If you're saying there isn't, you have to think about the worst of the worst and the activity of the Internet that we they would to be able to police because why would the Internet be any different than our normal day‑to‑day life?  You know?
>> LOUISE BENNETT:  It's precisely the kind of case that you're talking about that made me say, because I do quite a lot of work with Child Online Protection that we shouldn't include complete anonymity in the standards.  I'm saying that people should be allowed to have different identities, because if you go back to the Target case that was mentioned, that was a privacy issue, and it was a failure of the company processing the big data to follow proper data protection standards.  But I think you're absolutely right, we shouldn't have complete anonymity, but you can have several identities because you might want different identities to do different things.  I mean, I use two names and I use lots of different identities and probably other people who are security and privacy people do that here.  One of the key things when you look at surveys on why people distrust e‑commerce, it's because they are frightened of losing their identity and they're also frightened of the fact that they don't have redress.  And part of redress ultimately is the criminal prosecution, but you also want redress in that you want the consumer laws to protect you from poor goods, from shoddy goods, from nondelivery.  So I think it's vital that we don't have anonymity.
>> PINDAR WONG:  Okay, this is great, stop.  We've got about six, seven questions in the queue which we'll get to.  What I want to do, this is a role play, so this side, just using this as an example, I want you to now, everyone on this side of the room, consider the optics from the policing side.  Okay?  So you are all on the policing side.  You have got a problem that you need to solve, a case, there's been some crime, there's been some incidents, you're the police, I want you to use that primary perspective for generating your questions.  If you don't want to take that perspective, you can move to the other side of the room, okay?
So this side, you are the ones who have been violated.  Okay?  It's not cops and robbers, these are the cops, you aren't the robbers, you are the ones who have actually lost the private data or are about to lose private data.  So through this side, we have one change on the room, Norbert, your primary optic is to raise questions after the six or seven questions from the view of, hey, where is my personal data, my blood type, my sexual orientation, whatever, and I hope you can generate questions from this perspective.  Okay?  So with that, I think you were first.
>> AUDIENCE:  Yeah, my question is, the only part of the transaction that should be controlled and monitored is the legality of the goods and services that are being sold.  If the goods and services are legal, why should I as a buyer give my data?  Besides, you know, the credit card or whatever, but I can keep my anonymity, because provided that the goods and services are legal.  There's no reason why I should give any sort of information if I don't want to besides my payment information.
>> PINDAR WONG:  But right now in the current model, in the old model, the seller has all that payment information, and furthermore, when you start trading virtual goods, not just books but virtual goods, the shipment has to know where to arrive.  So if you're anonymous online, where does that go?  So Manu, do you want to add anything?
>> MANU SPORNY:  Sure.  You're absolutely right.  I think the position of the consensus position of the community group right now is you should not have to give up any private information if it's not necessary for the transaction, and that actually includes things like shipping information.  It is possible for you to give the seller a digital receipt saying that payment was made and encrypt the shipping information so that only the shipper can view that.  So the seller actually has no idea where they're shipping the information ‑‑ shipping the good.  Now, that raises a number of questionable things, like, for example, if they're shipping a controlled substance and they don't know where they're shipping it to, they should probably not ship it, right?  There are corner cases in here that are very important to think about, but in general, no, you should not have to give up all your private information if all you want to do is for example buy a 50‑cent addition to a video game online.  Right?
>> NORBERT BOLLOW:  I would like to bring up the case of a photo journalist in a dangerous place reporting about war crimes, for example.  Now, we want to make sure that child abuse, publishers of child abuse pictures get caught, I would assert we also want to also make sure that this photo journalist does not get caught, and one way to do this, I would propose, is to use the credentialing mechanism and have, for example, credentialing provider, I could assure that this photo is something that is worthy of publication, I guarantee that it is not the kind of thing that violates rights of children, and if I with my identity issue of this, I'm not the photo journalist, I'm not in the dangerous place, that I think should be enough.
>> PINDAR WONG:  Thank you.  Can we move to an online question from Pakistan?  The first question, we have about six questions here, but let me just move back to an earlier one.  This is Ifca from Pakistan.  What is the role of the regulatory framework in national e‑payments and who is the key stakeholders, banks controlling authority, Ministry of Finance or service provider?  Who is in charge?
>> MANU SPORNY:  I think the short answer to that, I mean, we've gone to IGF, we've gone to U.S. Federal Reserve meetings, we've gone to World Wide Web Consortium and it's not clear right now.  We're in unchartered territory, we're creating a universal payment system for the Web, 2.4 billion people could benefit from this technology.  This has never been done before.  So everyone wants to be involved in the dialogue.  That's why we're at IGF, that's why we show up to U.S. Federal Reserve meetings, that's why we've been talking with the European Commission, but we don't know.
>> PINDAR WONG:  We don't know.  With that we just want to take a stop.  I see you, I see you, in terms of role of order.  On every table there is a yellow sticky note and some pens.  If you wish to write your question down, please do, and I will gather that up, if you want to be anonymous, it we can't get to it in the mic, I'm create a queue, as it were.
There was a question at the back.
>> AUDIENCE:  Thank you, Pindar.  I have a couple of questions.  I wanted to just make an initial comment.  At the moment when you want to make a transaction, sometimes you've got to jump through all these hoops, and at the moment that's a good thing.  The system that you're proposing is you hand over these digital identification and I don't know what it is, is it a number, is it a serial, is it a fingerprint, I have no idea yet.  If people get hold of that, then it's easier for them to start to make transactions with it.  But when you go to a website and it asks you forgive us, you know, answer this question and what's your password and what's your e‑mail address and can you send for your passport, that makes it a lot more difficult for someone else to come along and steal your identity.  So there's benefits with the system now.  I don't know how your system is going to get around that.
>> MANU SPORNY:  So the credentialing mechanism, the assumption that we're making here is that we're going to start off with from what cryptographers view as a fairly weak mechanism to protect your identity.  So e‑mail address, password, and a long password, fairly secure password, right?  Everyone is used to doing that today.  There are a number of technologies that are coming down the pipeline in the next one or two years called ‑‑ it's a group of technologies called two factor authentication devices, so these are devices that you can basically buy for $2 or $3 and it is a physical token that anyone wanting to steal your identity has to also have that physical token.  We have soft token devices today which are our mobile phones, right, you can type in a PIN number and unlock your credentials that way.  These hard tokens ‑‑ the problem with the phone is it can be broken into and people can steal your identity like that.  These hardware tokens are specially designed, the only thing they do is verify that a physical person has access to that hardware token.  So in the future when you go to a website, in order to transmit your credential, you're not only going to need to know your user name and password, but you're going to also have to click on that physical token device, you're going to have to say I have this physical token, and only at that point will your identity provider release that information for transmission elsewhere.
>> PINDAR WONG:  I have another question for online, if I can toggle between the two.  Timothy Hallborn from Australia.  How will a user be able to use this technology to define how their information is used beyond the specific needs of carrying out the transaction?
>> MANU SPORNY:  Sorry, repeat the question.
>> PINDAR WONG:  Sorry, the question is how will a user be able to use this technology to define how their information is used beyond the specific needs of carrying out the transaction?
>> MANU SPORNY:  Right.  So this has to do with is the seller able to then retransmit the information to someone else?  For example, if they wanted to sell all your information, if they wanted to sell your Government‑issued ID, if they want to sell marking data on you, are they allowed to do that?  In general, we want to prevent that from happening by putting information in the credential that also covers the use of that credential.  So for example, you may only use my Government‑issued ID to verify my identity on this website.  You're not allowed to retransmit it to anyone else, you're not allowed to store it, you're not allowed to derive aggregate data from it.  So being able to add that information in the credential itself when it's delivered sets out the rights that the seller has to that data, the rights that you're asserting to the data.  And we want to do it in a Forum where you are effectively executing a contract with a seller when you do that.  So when they receive that data, they are in contract with you, and if they violate that contract, you have a legal remedy.  That's the hope.
We have no language to express that right now.  We have no policy input on that.  So while we want to do that, we don't have the right people involved to make that a successful process.
>> AUDIENCE:  So when you buy offline, the store clerk or the store manager know who you are by seeing your face, what age you are, what sex you are, and that kind of helps to feedback in your product and improve the service and I think there's a certain benefit to society for it.  So should transaction online be completely private and anonymous and how does your system allow for reasonable data to feedback into data innovation?
>> MANU SPORNY:  Right.  That's a negotiation between the buyer and the seller.  If the buyer is okay with, for example, showing their physical image or sharing their date of birth or sharing their gender information with the seller, the seller can ask for it and can tag it as this is an optional thing.  I would like to know your gender.  I would like to know X, Y and Z.  And when this request comes through the browser to the identity provider, the identity provider can say, by the way, the seller really needs to know who your payment processor is, but they're also asking information about where you live, your gender, things of that nature.  And at that point you can say I'm okay with the seller knowing my gender, I don't want them to know my date of birth, I don't want them to know where I live.  There are ways to optionally ask for information.  The seller can say I must know this information and can say I would like to know this other information.
>> AUDIENCE:  Just to clarify, are you expecting granular control for each transaction?
>> MANU SPORNY:  Yes.  That's the hope.
>> PINDAR WONG:  Data point yes, granular, and also the change is who is in control.  Can you explain who is in control?
>> MANU SPORNY:  Right.  So we want the person whose data it is, they are in control.  They decide when to transmit their information.  They decide what rights are associated with that data.  They're in control.  We do not want to put the seller in control.  We do not want to put the identity provider in control of that information.
>> PINDAR WONG:  Okay.  We've got four, five, six questions in the room and two online, so I'm just going to toggle to an earlier question, which is the following.  This is the dating website question again, which is, if I'm on a dating website and it asks me for credentials, do I need to use my legal identity, and how does persona support pseudoanonymity?  Can you demonstrate pseudoanonymity in your example?
>> MANU SPORNY:  So what was the first part of the question?
>> PINDAR WONG:  Just demo pseudoanonymity in a dating application.  I'm on a dating site, I want to subscribe to a dating site, obviously they wanted to know who I am supposedly.  How can I have pseudoanonymity?
>> MANU SPORNY:  So maybe a better example on pseudoanonymity is when you go to had, for example, buy alcohol online, this is actually ‑‑ this was actually a shocking statistic to me.  In the United States, it used to be that you had your friends buy alcohol if you were underage.  Now most teenagers buy their alcohol online because a lot of the websites, websites that sell alcohol are required to check age but they actually don't do that at all.  They just ask you, how old are you?  And of course the teenager is going to respond I'm over the age of 21.
So all the liquor store, online liquor store really wants is they just want to prove your age and they want payment.  That's all they want.  So that's a pseudoanonymous transaction.  There are ways of issuing credentials that are just a proof of age.  So this is very different from a date of birth.  A date of birth specifies exactly which date you were born on.  A proof of age specifies that you're over the age of 15 or over the age of 18 or over the age of 21.  You could be 65 or 70 years old, but the only credential that you're sending over is a pseudoanonymous credential saying I'm over the age of 21, I am legally allowed to buy alcohol.  So that's hopefully a demonstration of how these credentials can be used to do pseudoanonymous identification of the person.
>> AUDIENCE:  Hello, I'm Desiree Zacharia.  Going back to verifying credentials, what happens if you lose your hardware token, and how would you go about recovering from that?  The second part of my question is are we expecting all governments to buy into a system of verifying credentials as well?   
>> MANU SPORNY:  What if you lose your hardware token?  It's up to the identity provider on whether or not you can recover.  There are multiple ways of recovering your information if you lose your hardware token.  For example, you can tell your identity provider if I use my hardware token, send a special SMS text to this phone and I can set up a new token or you can say I trust these three family members to be able to reset my hardware token to a new hardware token.  But that is completely outside of the standard.  It's a value add that an identity provider supports.  So an identity provider could support one, they could support both, they could support neither, and people are going to make their decision on whether or not they want to use an identity provider based on features like that.
What was the second part of your question again?
>> PINDAR WONG:  Government says.  Are we expecting governments to buy into the standard?  Is that correct?
>> MANU SPORNY:  No.  No.  We have specifically designed these technologies so that we do not require buy‑in from any Government, any technology provider in order for the technologies to be successful.  So while the browser is there in the middle, we have implementations of the technology that does not require any browser manufacturer to agree to implement these specifications, and that's very important because the browser manufacturers move very, very slowly, they want to see very strong uptake, but what we do have is a way for the browser manufacturers to migrate to this mechanism.  So for example, they could add screens to make it more obvious that you're being asked for a credential, they could add elements to the user interface on the browser to make it easier for you to do credential selection and credential authorization.  But by design, we do not require any Government to buy into this.
Now, we want all the governments to buy into this because it's a standard way of expressing identity, it's a standard way of expressing passport information or citizenship information, but it's really up to the Government on whether or not each specific Government to decide whether or not they want to roll their own solution or they want to reuse something that already exists out there.  We're hoping they pick this mechanism.  We have one question here.
>> PINDAR WONG:  Can we just move from physical space, in fairness to those online?  You're next in line.  The online question here, there are several here, one is the importance of awareness in the campaign for online transaction systems for the local community and the standard ways adapted for that awareness.  I'm not quite sure what that means.  Lady in red?
>> AUDIENCE:  Hi, I just had a quick question.  You've talked with respect to IDP's and age attributes, and I would just like to highlight that again because there are young people under the age of 18 and we need to think about their financial literacy, we need to enable them so when they're buying transport tickets and stuff and they get eligibility for reduced costs and also they want to buy games and age‑related stuff, so I would just like to put that on the table, think of those below 18 as well.
>> PINDAR WONG:  Thank you very much.  We'll do so.  Gentleman in the blue?
>> AUDIENCE:  One little question.  Since you touched on the example with buying alcohol, is it possible through the standard to talk back and forth with the information provider, the payment provider, to do checks, first check the age and then we can proceed the transaction, or is it going to happen in one step in and a second question to go in more detail with that, if I am an e‑commercial provider, I may be interested in offering discount for people giving me more optional information, and this means I have to initiate a transaction but once I get more information, I might give a discount and need to initiate the second transaction.  This is something that's possible through the standard?
>> MANU SPORNY:  Yes.  So the credential verification process is separate from the payment process.  They can be coupled together certainly, but you can do what you say.  It's a multistage process.  Are you over the age of 18?  Oh, then I'll show you the form that you have to fill out for purchasing this alcohol.
>> AUDIENCE:  Are you a student, you get a discount.
>> MANU SPORNY:  Exactly.
>> AUDIENCE:  I just have a final question and I think it's already been answered partly but some more clarification.  I've got 13 accounts which belong to me, so when it comes to making a payment and I put my identification in, how is that identification going to know which account I want to make the payment from?
>> MANU SPORNY:  So you're going to get a selection dialogue that ‑‑ it's a negotiation between the seller and you, right?  The seller has a number of different payment mechanisms that they accept.  For example, Visa, MasterCard, Paypal, bitcoin.  You may only have, for example, a bitcoin account and a visa account.  So the browser software is going to say, okay, what's the intersection of these two payment sets, so there are really only two choices:  The credit card and bitcoin.  So the view that you're going to see is which one do you want?  Do you want to pay with your credit card or do you want to pay with bitcoin?
>> AUDIENCE:  But I have like six different credit cards.
>> MANU SPORNY:  Then you are going to have ‑‑ the credit card payment mechanism is unified.  It doesn't really matter if you have six different credit cards.  When you select I want to pay with a credit card, it will say okay, which one of these credit cards that you have do you want to pay with, right?  So it's kind of a tree.  It's do you want to pay ‑‑ it's based on what kind of payment mechanism do you want to use and then once you select the payment mechanism, it's, okay, what are the details associated with that payment mechanism?  If you have three bitcoin wallets, which of the three bitcoin wallets do you want to use?  If you have six credit cards, which one of the credit cards do you want to use?
>> PINDAR WONG:  Stop.  At this point I want us to swap roles.  You guys if you can be the cops and you guys can be the ones whose personal data has been violated, just use that for your questions, the last 15 minutes, this is great, questions are coming, and we have a question from the lady at the back.
>> AUDIENCE:  I was so ready to be a cop.
No, that's okay, I'll move to the other side.  My name is Betsy Broder, and I'm with the U.S. Federal Trade Commission, we're a Consumer Protection enforcement agency and my question is this.  If there is a diffuse set of identity providers, so it's not out of the central bank, it is an independent function, what is the procedure or the oversight to ensure that those entities are acting responsibly in compliance with all regulations and are providing the mother load of data with appropriate protections?
>> MANU SPORNY:  That's an excellent question.  Right now there is no oversight mechanism that we're looking at.  We're hoping to have a dialogue with folks like the FTC, we're talking to the U.S. Federal Reserve, you know, in the banking sector, but there's nothing stopping ‑‑ in this system there is nothing stopping anyone from digitally signing any piece of information and assigning it to someone.
Now, it's up to the seller to determine which one of those pieces of ‑‑ which one of those digital signatures it trusts.  So the seller could say, you know what?  I only trust Google and Facebook and the U.S. Government to authorize, you know, the name of a person or to digitally sign the name of a person.  The reason we want to do that is because different countries are going to have ‑‑ different countries and different merchants in different countries are going to have a different set of needs out of that digital signature, so what we absolutely cannot do is create a global white list and say these are the only people that can verify identity in the world, there is no one else.  It depends wholly on your community.  We want there to be small communities that issue credentials and just use them locally, and in order to enable that to happen, we can't lock it down and say only these Government mandated services can be used for identity verification.
>> PINDAR WONG:  Okay, so stop.  I'm going to pass around a sign‑up sheet.  If you don't want to sign it, it has name and e‑mail address, just take the box because we want to know how many people were here.  That's just an administrative thing.  The online question from Pakistan was how are we creating awareness about this technology?
>> MANU SPORNY:  Coming to IGF, going to the W3C, going to the U.S. Federal Reserve.  If any of you would like us to come and speak at your organisation or your specific trade group, we would love to do that.  Evangelization, we're having a vote this month at the World Wide Web Consortium to start the official technical work on this.  We had a workshop in Paris earlier this year and the outcome was we believe we can do something about this, and by we I mean the organisations that were at the workshop were Bloomberg, Microsoft, Google, U.S. Federal Reserve, AT&T, ING Bank, big, big organisations.  So we're trying to get as much awareness as possible and in places that are not necessarily technology communities, places like policy and regulatory.
>> AUDIENCE:  Actually my question is about the topics we just touched.  Could you give a use case example for a case where the payment processor or the identity provider comes from a region with certain types of regulatory rules and the seller is coming from another one, another country maybe?  And let's make it difficult and I'm living in a separate country and trying to buy something.  So could you please give an example for this?  For example, in Turkey, buying alcohol, you have to be over 18.  In the states it's 21.  So I'm just trying to understand.
>> MANU SPORNY:  Sure.  And that's fantastic, that's a great use case because we want to make sure that this technology is cross‑border, right?  Usually what ends up happening is we create our payment systems within the border examine doing a payment outside of the border is very, very difficult, if not very expensive.  So I don't know what alcohol regulations are, I don't know if you can actually ship something from the U.S. to Turkey, but let's assume that you could, right?  The first thing that you would have to do is let's say that you were buying alcohol from the United States and shipping it to Turkey.  You would need ‑‑ in the U.S. I'm assuming that their regulation says that you have to be above the age of 21, right?  It doesn't matter if you're in the country or out of the country, they're not going to check what the regulations across all the world is, so what they're going to do is they're going to ask for proof of verification that you're over the age of 21, and if you're between the age of 18 and 21, you don't have that, but let's say that you're 22 years old, you can send that credential over along with your shipping address and that would be enough to clear the payment, clear the regulatory burden on the liquor provider and then ship that over to Turkey.
>> PINDAR WONG:  Okay.  There's another.
>> AUDIENCE:  Just a follow‑up question.  You said that in order to protect the privacy, I don't want my age, specific age or date of birth to be transmitted, so how can my payment processor know that in the states, for the states, it has to say if I'm over 21 or not?  Maybe this is going into the technical details, but just, you know, it was confused in my mind.
>> MANU SPORNY:  So what you would have to deliver is something from, for example, your Government that they gave you that proves that you're over a specific age.  So that credential, imagine a piece of paper and written on that paper is I certify that the person in control of this piece of paper is over the age of 21, signed the Government of Turkey, right?
>> AUDIENCE:  (Off microphone).
>> MANU SPORNY:  The query is, give me a credential that proves that this person is over the age of 21.  It's given to your identity provider and the identity provider sends that back.
>> PINDAR WONG:  Right.  You've got the flow exactly.  We didn't have a question online, it was a statement from Pakistan that the developing payment gateways and would like us to collaborate.  That's that.  Number two at the back?
>> AUDIENCE:  First a compliment, this session has gone really well.  Two questions, what's the roadmap planning for the standard and how are you planning on launching this worldwide, and the second question is of course a Web standard but I imagine this is a very powerful mechanism.  It's also really well applicable to mobile and apps and how are you planning on allowing this and are you working together with, for example, Apple and Android to include this in their STK's?
>> MANU SPORNY:  Right.  Fantastic questions.  The time line is last year, let me rewind a bit, last year in IGF 2013 we raised this topic, we took that into the W3C, they decided we needed to create a Web payments workshop, we had that Web payments workshop March of this year.  Now we're at IGF again getting information from everyone, we're going to take that information, feed it into W3C TPAC which happens at the end of October and the technical Working Group is going to start thereafter.  It usually takes between three to four years to get a worldwide standard.  There are a number of them we're working on.  We're working on credentials, so the credentials work there's a big question mark over it, should we actually create a technical Working Group to work on credentials?  Many people say no, put that to the side.  We say that it is an absolute requirement.  If you're going to have high stakes payments, you need high stakes credentials, right?  So we're trying to make that case that we need this high stakes credentialing mechanism.
The payment initial takes and digital receipts we feel have a strong support from the W3C so the votes are happening at the end of this month, and after that we'll know whether or not we have the technical Working Group.  So we're hoping that by the end of three to four years from now, we'll see stamped approved standards, worldwide standards.  That doesn't mean that we won't see the technology deployed before.  It usually happens before.  So in two to three years we should start seeing this technology deployed.
>> PINDAR WONG:  And this prototype code you can go and download this already, you can build on that, so that's the standardization process, but how industry deploys it, as you know, it may happen before then.  This is we have 7 minutes left, this is the last question and then I'll sum.
>> AUDIENCE:  What would happen with payment systems, like credit cards or debit cards?  The seller will keep complying with whatever the bank requests, and this is like a new standard coming in.  What would happen with the Paypal for instance or ‑‑
>> MANU SPORNY:  It's designed to layer on top so the entire banking and financial system doesn't need to change at all to adopt this changer, it's another payment option besides Paypal and the banks and credit cards now.  Paypal and Google wallet and the banks could choose to adopt this standard and unify the way that we pay online, but we all know that there are very powerful financial interests in making sure that that doesn't happen.  So we are not ‑‑ we don't think that it is a prudent strategy to assume that the banks are going to want to adopt this immediately or the credit cards are going to want to adopt this immediately, but we do know that there are a number of banks that want to compete, want to have a better way of interacting with their customer, and using this Web payment standard, for example, if you could pay via Paypal or pay via this Web payments standard, there's an incentive here for the banks to implement this standard, because if they do it, they own the customer relationship more directly, people won't have to go through Paypal to pay, they could go through, for example, their bank directly to pay.  So there's an incentive here for the banks.  There's also incentive for Paypal.  Making it so that it's easier to pay online, Paypal has a really good brand name, they have a very good brand image, so if Paypal implements this, they kind of leapfrog the banks.  Right?  They can ‑‑ it makes it much easier for you to use Paypal to pay at any venue online.
>> PINDAR WONG:  This brings us to a very key point of financial technology that I alluded to earlier, you have the   infrastructure guys primarily the bank companies and so who that's unclear at this point this time.  What the global standard will try to do, since we know there's all these innovations, is try to unify it where it makes sense without killing the innovation and the investment.  That's a very fine balance.
So thank you for the last question.  We have four minutes left.  You've just participated in the first guinea pig, I guess, case of taking something which is very technical, which has lots of bits flowing, we try to keep the emphasis of the technology for your input.  So I would like to take the original panel for any final words starting with Dr. Louise Bennett.
>> LOUISE BENNETT:  My final plea from all things we've been hearing is we have a phrase in English called keep it simple, stupid, and I think that's what we've got to keep on reminding ourselves.  We need to keep payment identity standards simple so that it's workable, understandable, and it minimizes the chance of things going wrong and allows people to have redress.  Thank you.
>> PINDAR WONG:  Mary?
>> MARY BOLD:  Thank you.  I would like to make a comment that the range of questions that emerged today certainly demonstrate the value in bringing this sort of technical conversation to this Forum.  So thank you very much for your participation.  I think your questions will be recorded and dealt with going forward with this initiative.  Thank you.
>> PINDAR WONG:  Norbert?
>> NORBERT BOLLOW:  I would say, okay, making it as simple as possible, but please let's not make it simpler as again the example of the simple mail transport protocol demonstrates that was too simple.
>> PINDAR WONG:  Since Jeremy is not here, again, read his book, a lot of his views are in here.  Then Manu, your final words.
>> MANU SPORNY:  Just to say that we're going to have a follow‑up lunch.  Well, these are my final words.  We're going to have a follow‑up lunch if you want to join us upstairs at the restaurant to continue the discussion, please join us.  We would love to kind of keep this discussion rolling.  We don't want to just engage here and then leave for a year and come back.  We want to continue the conversation with everyone that's been raising fantastic questions throughout the day today.
>> PINDAR WONG:  Right.  On that, where is the sign‑up sheet?  Is it back here at the front in can I collect that again?  Thank you.  Can I collect that?  And we have a comment from the gentleman from Pakistan who wants to share our details with him, for those of you watching online, thank you again for these people online who have been participating, we know there have been some Web broadcasting issues.  I would love to finish early to make another precedent.  With that again, we'll host a lunch and please sign up or just drawing finally to the post IGF, again, it's a three stage process, for those of you who didn't watch the videos, which is most of you, please do that, then follow up by completing two questionnaires, one, please give us a good ranking in terms of the IGF for their own survey, as well as our own written submissions.  This is the start of a dialogue and we look forward to keeping in touch with you for those of you who wish to do so, and thank you very much.
(The session ended at 12:29)  

This is the output of the real‑time captioning taken during the IGF 2014 Istanbul, Turkey, meetings.  Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors.  It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.