Civic ICO Aside, Here's Their Bigger Challenge

Civic is one of the most interesting projects in Cryptocurrency today, but it will need to figure out an extremely efficient consumer acquisition model that pairs with particular businesses.

The Civic ICO is going to make a splash

Civic is ICO'ing this week, after selling out it's pre-sale last week. The founding team is strong. CEO Vinny Lingham is a serial entrepreneur, having already built and sold a crypto-startup that enabled buying gift cards with bitcoin, Gyft. I predict we'll see another hysterical BAT-like episode that grinds the Ethereum network to a halt. There may be financial upside to participating in the ICO, but that's not what this post is about.

A brief explainer on Civic

Civic is building a decentralized clearinghouse for identity (who someone is). For example, you can setup a Civic and use it to store your social security number, a sensitive piece of data. Whenever you need to prove your identity to a business that also works with Civic e.g. a bank to open an account, you can automatically share your SSN with the bank who instantly trusts it. That's because when you setup your Civic, it stored an attestation on the blockchain (read: proof as independently verified by lots of miners that the SSN is yours). This can also apply to other identifiers like drivers licenses, passports, birth certificates, phone, email, credit cards, etc. All sensitive data that is:

  • Encrypted on your phone (like Apple Pay)
  • Unlockable only via your fingerprint, when you want to share it
  • Proven to be yours without having to reveal it
  • Independently verified by a network of validators

Instead of a public ledger of payments like the Bitcoin blockchain, Civic stores a public ledger of identity validations.

The cost of repetitive validation

Many businesses we interact with require us to provide lots of information about ourselves over and over. When you open a bank account or sign up for a mobile data plan, you provide lots of the same information over and over again. This is a consumer tax and the sheer process prevents some people from going through to completion. It's also a cost center for businesses who have backoffices that each receive and independently validate all the information. Credit checks, for example, provide your most recent addresses and businesses use that to validate your identity. KYC rules require some businesses to request not just a copy of your passport but also a photo of you with your passport. All of this is friction, deadweight loss. But it's built into many business models and not something they're actively figuring out how to resolve. It's just the cost of doing business.

A three sided market is really hard to start from scratch

Civic wants to solve this by being the trusted safe for all of a consumers identity and the system that businesses use to validate all this identity. That's a tall order, and one that questions how important a decentralized blockchain is to making this work. It's not clear that you need decentralized verification for market participants to trust. We certainly have lots of centralized, trusted systems today.

One precedent here is OpenID. Years before Facebook Connect, Google Accounts, and Twitter Digits, OpenID wanted to be the system that both consumers and businesses would use to trust identity. Instead of creating an account with each website you wanted to register on, you created one OpenID account and used that to log in to every website (so long as they partnered with OpenID). I remember signing up in 2008 and using it a bunch with Yahoo.

The challenge that OpenID faced was that it had no consumer footprint. It had the chicken and egg problem that it needed businesses to enable it and consumers to sign up at the same time. Who starts first?

Civic has this same dynamic but a decade later. Not only do the identity systems above work really well for consumers and businesses for most things (aside from deep identity like financial services), but Civic adds an additional layer of complexity in attesting to the blockchain via a set of validators. Validation behavior is something that doesn't exist today, and while some disruptive identity providers will be interested in providing attestations, most will have no immediate interest.

Two-sided markets are difficult to get started, but a three-sided market is even harder. Civic attempts to spur this hen (business) and egg (consumer) and rooster (validator) dynamic by using the CVC token. 1/3 will be sold in their ICO and another 1/3 are held back to fund the service providers that will validate identity.

Start with the consumer first

Like many multi-sided projects that are coming out this year, Civic will succeed based on its ability to offer differentiated value to consumers and cheaply acquire them. People have to say “whoa, this will make my life better” and not because I'm receiving some cryptotoken that I can exchange for cash on some obscure cryptoexchange as a referral. And Identity isn't something that people actively think about. Nobody says “man, I want to upgrade to that new driver's license that the DMV just released”. OpenID struggled with this exact concept in addition to others. Civic has started a consumer proposition with some identity protection products, but is there enough alignment with their vision?

Similar to BAT, the most scalable way to do this is by finding points of leverage. Marketing to consumers 1:1 is really expensive and creates a heterogeneity problem. You need a bunch of consumers who are all relevant to a single business (homogenous). If you end up with a bunch of different people who want to work with a bunch of different businesses, you're too randomized. Either way, if you expect to spend $5 to get someone to download your app and add all their information to it, the $33mm that Civic is planning to raise gets you 6.6mm, which is not that much considering they have other costs as well.

Organic scale will be the key to success

The most scalable method is at the governmental level. A huge example would be like Estonia, who recently took steps in this direction. A country that wants to digitize all of its identity. It has to get beyond the point of failure that OpenID experienced with consumer value. But national identity is extreme and not something that changes quickly. Figuring out an approach via organizations that's several clicks down is likely quicker.

Take universities. Imagine student ID cards going away, instead using the Civic smartphone app to authenticate yourself for student e-mail, the student gym, registering for classes, signing up for services. Also consider that certain types of businesses aggressively market to students because that's an age where people lock in to subscription services like insurance and mobile phones. A 20,000 strong student population that's comfortable with digital-only identity starts to get interesting for marketers. Traditional businesses that need identity verification would then begin to lean into this. Universities (at least some of them) are progressive in their thinking and willingness to experiment, not profit-seeking, and can receive differentiated value in the form of lower identity management costs.

Regardless of how, Civic will have to start with consumers, signing them up at scale, and offering something beyond what today's social login services offer. We'll see lots of cryptocurrency companies embrace technologies built by other similar startups. This echo chamber won't matter. The needle won't move until traditional businesses begin.

Orwellian Concerns

There are some frightening aspects to this as well. Imagine a world where lots of people use Civic and it's well known. Some people store all their information in the app. This concentrated identity nectar is that much more at risk for theft. Not electronic, but physical as in a thief or adversariel customs agent threatening one to unlock their Civic app. The keys to the castle. Similar to a password manager. Sure, there are ways to build in a security model to deceive such situations.

Behavior is missing, but maybe that's a good thing. It's not just who you are that matters, but also what you do. Credit reports touch more on the latter than the former, but are often not representative of that person's character. Sure, you might be able to verify who someone is easily and feel good about it, but they could be a terrible customer for you. Is the bigger cost the “application processing” or the “lifetime management” of a customer? My gut says the former is used to filter out bad actors of the latter, but is only so good. A system that covers only identifiers but not behavior might not be valuable enough for the businesses to join. Adding behavior and corresponding attestations sounds technically possible, but there's huge subjectivity and a moral component.

Closing out

I'm really excited to see what happens here. The ambitions are huge! Vinny is a strong leader, with a solid team and lots of capital. While there are obvious operational efficiencies from Civic, it's not clear that today's businesses or consumers are going to extract meaningful value relative to the status quo. Civic will find its niches but will have to turnover some huge boulders to capture meaningful scale.

Disclosure: This is not investment advice. All views are my own. I do not own any CVC. I do not plan to participate in the ICO.

Originally posted at http://www.scottshapiro.com/civic-ico-aside-heres-bigger-challenge/

Sort:  

I hope you are right, but I'm skeptical about the identification system being touted as "already built" on the Civic website. I downloaded it, it's just phone, email, and finger verification....everyone already does that including google, yahoo, coinbase, etc.

Thank you for the article.

I imagine that ID is something that you can expose in parts. You don't need to expose your education to get a driver's license. You don't need to expose your DL to get a credit card, etc. However, it is all your ID. You can expose it at will for whatever you need.

You should also be able to revoke your data, so that people only have access to it for a short period of time. Why should credit card companies have eternal access to your data?