In control of personal data - exclusive interview with Cambridge Blockchain

What is Cambridge Blockchain for those who do not know it yet? Could you name some of your business partners, services and target markets?

Founded in 2015 by Alex Oberhauser, Alok Bhargava, and Matthew Commons, Cambridge Blockchain provides digital identity software for financial institutions. Our company explicitly incorporates GDPR standards for consent, data minimization, the right to be forgotten, data controllership, and data security. The software solutions that we provide can also be applied in other markets in the health, travel or education industry.

Together with our partner LuxTrust, we will be going live in 2018 with over half a million end users in Luxembourg. LuxTrust is a trust services provider, owned by the government and other six major banks in Luxembourg, which issues digital certificates and digital signature. These can be used for a common authentication or access token, enabling all Luxembourg residents access their bank accounts, government services or pay their taxes. Thus, later in 2018, everyone that has a LuxTrust authentication service will also have a Cambridge Blockchain personal data service that stores all of their structured identity data.

We also signed a strategic partnership with IHS Markit through their subsidiary kyc.com. Cambridge Blockchain will complement IHS Markit’s existing services around KYC and AML checks by offering integrated reference data, operations, and software to support utilities for the collection and management of KYC information.

In January 2017, Cambridge Blockchain closed its first institutional funding round raising USD 2 million, followed by an additional round of USD 1 million, in February 2018. We also won several competitions including the New York Fintech Innovation Lab, the BBVA Open Talent Competition, and the Santander Distributed Ledger Challenge, among others.

Since there are already several digital identity companies on the market using blockchain, why should a financial institution/bank consider choosing Cambridge Blockchain’s services and what are the advantages it would bring?

Most blockchain competitors are B2C focused and not designed for bank-grade security standards (e.g. authentication and hosting). In addition, Cambridge Blockchain has explicitly incorporated GDPR standards for consent, data minimization, right to be forgotten, data security and data controllership. We have had an extensive amount of regulatory engagement, certainly in the US but most notably in the EU with the Bundesbank, the European Commission and data privacy regulators in multiple jurisdictions. Our high degree of regulatory engagement has been really critical for the design of our system.

Other blockchain identity architectures store personal data on-chain or use unproven / computationally intensive cryptography whereas we only store attestations or cryptographic proofs of the attributes on the blockchain. The plain text data is stored in a secured database.

Competitors who do have a B2B focus are frequently attempting to build new bank consortiums, whereas Cambridge Blockchain focuses on existing multi-bank technology providers.

How can blockchain tech enable banks and other financial institutions and companies to meet regulation (KYC, AML, GDPR) requirements? How does portable identity data work within Cambridge Blockchain?

Blockchain technology plays a role in allowing Financial Service providers to reuse data that has already been validated by Trusted Parties. It’s a distributed system: instead of having one central agency that provides the validation of identity data, you can have multiple different ones (different banks, government agencies, 3rd parties like kyc.com, integrators). So it’s this distributed model that sets up a digital identity ecosystem. We do not use the blockchain to store personal identity data itself, but attestations that take the form of a cryptographic proof or cryptographic hash.

The FI can compare the documents sent by the client to the attestation and validate that some other trusted entity has signed off on that. However, financial institutions still need to do their own KYC and AML checks. Using this blockchain based ecosystem will allow them to begin this process with substantially more validated data which allows them to save costs and time, and improve their customer onboarding process, while complying with GDPR, KYC / AML rules, and other regulations.

Our approach is one that has more user control of identity. We’ve developed a Personal Data Service or PDS that is hosted in a bank-grade data centre and interfaces with a mobile application. The customer uploads personal data and attributes to the PDS, enabling user-controlled identity and sharing of only the minimum required data for a particular service. From a data privacy perspective, it is always easier for customers to directly share their own identity data as opposed to having one bank share it with another, or to rely on a centrally-managed database that attempts to move data across multiple institutions and geographies.

As digital identity starts embracing the concept of self-sovereignty and the blockchain space helms towards fast developments in the near future, where do you see your company positioning itself in the next 5 to 10 years?

In the near term, the market is still absorbing this new technology and we will encourage a bank-grade cloud-based strategy as well as the use of Microsoft’s Coco framework for blockchain governance.

Our future strategy focuses on tracking and incorporating newer technologies into the product that address privacy and data sharing. We want to transform our company from a technology developer to a service provider and move up into application stack organically or via acquisition. Our first focus is on identity applications: KY-party services that include authentication and verification of a party.

We are working on identify and developing other applications in the Internet of Things, health, personal data acquired via personal devices, like health monitoring, for example. This opens up a larger market with direct to consumer services that can be monetized on per consumer or per transaction basis.

We are also exploring the extension of trusted identities to smart devices and IoT unlocking their potential for shared applications. Associating strong and unique identities with devices just like with other entities and ensuring these devices are known and accepted participants (KY-Device) in a data ecosystem.

About Nadim Takchi

Nadim is the Director of Business Development of Cambridge Blockchain. Entrepreneur with a background in finance and business, Nadim managed a Blockchain consulting and training company for financial institutions based in Paris. Prior to that he co-founded and developed a crowdlending company for SMEs in France. Nadim holds a BA in economics from the USJ in Beirut. He also graduated from the Grande Ecole program at HEC Paris and from Babson College in Boston.