Microsoft’s Digital IDs on Bitcoin

Open-source development has always enjoyed a little juice from the private sector.
One of the most notable examples is Red Hat Software, a multibillion dollar corporation that has built open-source software for the international community. It was purchased by IBM in 2019 but still carries out its original function.
Microsoft is another example of a highly profitable private company that releases open-source software. The computer monolith has helped to maintain the Linux source code for some time. It supported the software on its Azure cloud program and eventually integrated the Linux kernel into its own OS.
The company also has an affinity for Bitcoin, apparently. As we covered in the spring of 2019, Microsoft has tasked a development team to build a decentralized identity system on top of Bitcoin. Dubbed ION, the second layer network, like Bitcoin’s Lightning Network, will feature its own node structure to complement Bitcoin’s own and will be completely open source.
Project lead Daniel Buchner believes that this system could unlock a radical new methodology for digital ownership and online credentials. Bitcoin Magazine sat down with Buchner to discuss the project, what prompted Microsoft to pursue it and what the future of the internet with digital IDs will look like.
Selling Microsoft on Bitcoin
Microsoft has had a longstanding tradition with open-source projects. So how did ION become part of that legacy? Was it a hard sell to get Microsoft building on Bitcoin?
I started the group that works on decentralized IDs (DIDs) at Microsoft. There are some tactical things we had to do. For the DIDs to really be a reality, you have to make them capable of standing up to the volumes that you expected. So often when you see this piloted, it’s [with] a few hundred participants [and] it works fine. But when you start thinking about having to deploy it on the scale that we want to — 1.5 billion people — you crunch the calculations and you realize it’s not going to work. 
So, for us, Bitcoin was a necessary condition for success. The reason it wasn’t a super hard sell was that it was something we had to have and we knew we couldn’t own it. We wanted something that was differentiated and decentralized — because otherwise we could do this with a database like Azure.
So it’s actually a business problem. We currently can’t issue digital IDs that are owned by the user and not a company. It’s not just because we want to do the right thing but it’s right from a business perspective. 
With Bitcoin, one of the biggest elements of this — and this did take some understanding — was security. All of those other use cases being possible is actually a symptom of no one controlling it. What we really made our decision based on was the decentralized nature plus the security. It’s the cost of attack and how you order transactions that’s important. When we started crunching the numbers, we realized that Bitcoin was the only chain that would probably be too costly to attack.
So was Microsoft pretty ready to support this when it realized it could leave all the rest of Bitcoin’s use cases behind and just focus on the base layer’s security and timestamping?
It became easier when it got down to dollars and cents — we said, “Here are the attack vectors within the realm of possibility, here are all the different technologies in the stack. Look, if you take away all of what the news media or what people say about how these technologies are used, you have empirical data.” 
The options and choices became pretty clear because it’s just about hard numbers. There are still subjective fears, but at the end of the day, security is security is security.
What does Microsoft get out of building open-source software?
It’s not selfless. I mean, we’re doing it for the right reasons, but we have to have a scalable system for DIDs that is viable at the implementation scale we require. We looked around and that just wasn’t there. It’s kind of like a secondary benefit because this exists, we can do a credential use case. Something like LinkedIn could have credentials that back it so you don’t have a bunch of fake accounts. We will not actually derive any economic benefit. Operational costs are low enough that it will be very a small cost compared to other identity services we run.
The Importance of Bitcoin-Based Decentralized IDs
With that example in mind, could you speak to the importance of DIDs for the internet and its users?
Everything in the world you see around you today, there are few cases of true digital identity. People are used to accounts, but that’s not really identity — that’s a password to get into someone’s server somewhere. Your accounts are not yours, your email is not yours — if those companies disappear, those are gone. The issue becomes, you can’t have legal, personal and business assurance of the continuity of anything tied to those accounts. 
Imagine the moral hazard if I had an email address tied to something like an important benefit, like a UN food allotment or a bank. If the company in the middle of that went away or even just didn’t like me, they could sever me from the important proofs in my life that could attest to those accounts. Bitcoin is important; but decentralized ID could be more important. Who needs decentralized money if, with the stroke of a pen, they can cut you off from the proofs you need to board an airplane?
So, we did it for a business purpose to create IDs that could have things like legal documents attached to them. So, LinkedIn is one example. A lot of fakes are set up, especially with Bitcoin and cryptocurrency people. So you could imagine the practical benefit if they are able to get nonhuman proofs to prove that you are a human. 
That’s radical. That’s an incredible thing for businesses. If you’re a recruiter, wouldn’t you rather search through job listings where people are verified, so you don’t have to wait two weeks for background checks?
I think if you look back in 20 years, you’re going to think that it’s absolutely nuts that we carried around all these papers and IDs with us.
This opens up a new use case for Bitcoin that some of the shrewder observers may have seen from the beginning. Does this have the potential to transform how people see Bitcoin and its use cases?
My personal feeling is absolutely. It’s easy to take potshots at Bitcoin. They look at the subset of criminality and cast that as the only use case. And then there’s the energy FUD: ”It’s destroying the planet!”
I think this protocol is a public good. When you have a public good that’s being supported by more people and they see the benefits of it, all of that starts turning the tides of perception.
As for electricity in ION’s case, I crunched the numbers and you can pack something like 10,000 operations into a single transaction. The cost of that transaction in terms of energy is like $18. If you spread that across 10,000 operations at 1,000 OPs per person (this would be someone’s total operations over their lifespan), it would cost something like $2 [to use this DID system]. That’s five loads of laundry in the washer. That same amount of money gives you a DID that can circumvent surveillance capitalism, that you can send encrypted messages and that you can use as your digital identity for your entire life.
Once ION goes live, what’s the next step for this to take off?
There are a few things. We have gotten some interest from folks who want to run the network. You could run it yourself — it’s just Bitcoin plus IPFS and some processing. I think other people will drive it, but we have an authenticator app like Google’s for 2FA. But we’re going to add this capability and it will mint ION IDs and credentials. Wallet providers might end up using it. But to start, we will be driving credentials traffic through our servers.
Any other plans for Microsoft to build on Bitcoin?
Not at the moment — it’s all centered around ION.