At the end of April 2021, a 50-page white paper on possible application scenarios of SSI (Self-Sovereign Identity) was published, to which mgm contributed. The experts of the research group looked into the specific question of how traders on marketplaces on the Internet can provide the obligatory proof of taxation using blockchain technology. One of the results is a prototype that uses the well-known ELSTER certificate.

This is the transcript of a German language podcast. A conversation with Ansgar Knipschild, who is working at mgm on innovation topics besides marketing, about the study (only in German), the prototypes and especially about the concept SSI in general. Length: 38 minutes.

Daniel Rasch: Hello and welcome to a new episode of the mgm podcast. Today we have a topic with hype factor, I would say. It is about Blockchain. More precisely, it is about a “Feasibility study on the use of Blockchain in tax administration”, as the title suggests. And this much is revealed, it is about SSI, Self-Sovereign Identity, i.e. self-determined identities in the digital world. A comprehensive study is currently available on this subject. Ansgar Knipschild contributed to the study on the part of mgm. I am now connected to him via audio software. Of course we want to talk about the study, especially about the results and the technology. Hello Ansgar.

Ansgar Knipschild: Hi Daniel, hello.

Let’s get right in. What was the subject of this research project?

The official title of the study is SSI@LfSt, Self-Sovereign Identity in the context of the State Tax Office of Bavaria. And small is underneath: “Use of Blockchain technology in the tax administration”. Sounds relatively bulky now. Perhaps we should briefly mention the technical use case under which the whole thing started. It is about the proof of tax registration of marketplace traders. Since 2019, merchants who trade on digital marketplaces – everyone immediately thinks of Amazon or Ebay – are obliged to provide proof of tax registration. Strictly speaking, even the marketplace operator is obliged to do so. And of course the marketplace operator then contacts the corresponding marketplace participants, the traders.

This is of course an issue of concern to the authorities: How do you get it organised? First and foremost, because we also travel internationally. We’re not just talking about German traders who are active on Amazon, Ebay and the like, but anyone can register to trade in Germany. Of course, there can also be traders from China, South America, wherever they are from. And here the point is to examine this part of their identity, their identity feature “tax registration”, how this could be done digitally. Apart from classic direct interfaces between the various parties, for example from tax authorities to the marketplaces, the idea then emerged: Human beings, especially with an increasing number of participants, even worldwide, can’t the topic of block chain help us? And that was the trigger why we got together.

Was the tax issue and the proof of the tax issue the origin of the research project or block chain in itself and then the “tax” case was added?

Yes, the case really was the trigger for it. In addition, the traditional technique of turning to a digital system, so to speak, to obtain proof centrally. And then we wanted to investigate in parallel how the whole thing then works with the block chain technology, because we spontaneously found at least a few interesting points that could speak for it. And this should then be examined more closely in the course of the study. But, as it happens, in the course of the study it turned out that there could be many other starting points or points of contact, because there is a lot of evidence at company level. So that the scope was subsequently broadened a little bit, not just this one particular case. And because then also this somewhat more generic title “Use of block chain technology in the tax administration”.

Who was involved in the project?

There were four parties in total. The Bavarian State Office for Taxes was in charge of the project and ultimately coordinated the whole thing. And then mgm and our colleagues from Fraunhofer-FIT and the Friedrich-Alexander-University in Nuremberg-Erlangen pushed the project forward together.

Let’s go directly to SSI. In the study, other scenarios are also briefly described and rejected with good reason, and SSI is then examined further. Can you briefly summarise what SSI is and what it is not?

I think I’m really free now and switch to Wikipedia here in my browser. Officially it is only one sentence: SSI Self-Sovereign Identity. This allows a person or organisation to create and fully control a digital identity without the permission of an intermediary or central authority. So, if you let that sink in, that means you Daniel, I Ansgar can simply create my own identity …

In the case of dealers. That was the case under consideration, wasn’t it?

Exactly, the dealer. To then prove it to third parties. And now, of course, we come to the funnel relatively quickly: even if this can be done technically without a central authority, that is the decentralised aspect of the whole thing – why should I believe Daniel to be Daniel? And believe the Ansgar that he is the Ansgar? Or believe the merchant that he is the merchant? And then there is the issue that proof from third parties is very often required here. That is, one can of course think the game of decentralised identities in such a way that they are really completely new self-generated identities. Or you can also say: I place a copy of an already existing identity there and have it operated by a third party, the issuer of the actual identity, and then use this technology only as a means of transport.

A concrete example: I take my identity card, deposit the information, name, street, date of birth, if I like, also the number there and then have it confirmed by the issuing authority in this technology. Although the authority itself has nothing to do with this in the company, it is then reduced to the role of the certifier, who practically stamps the whole thing, the certified copy, as we know it on paper.

And in the case of traders and the case under investigation, is it now the VAT liability of traders?

Yes, or rather the tax registration. That is what it says in concrete terms. That is ultimately clear, we are very close to the VAT number. There has also been a legal, purely technical discussion as to whether a separate serial number should be introduced for this. But that was rejected. Is, I think, still a bit under discussion as to why we then moved away from the use case a bit later on. But it is nevertheless a very good example to work out again: Especially in the context of public authorities, we do not see SSI as a competitor to other central identification systems, such as the traditional ID card or trade register where companies are registered, but rather as a transport medium for the elegant decentralised distribution of evidence.

And what advantage does this have over the previous analogue version?

Let’s play through very briefly which possibilities there are and which ones are also lived today, because the topic is even legally binding since 1.1.2019. I think we are still in some kind of transitional period. But the current situation is that the trader who registers with, let’s take the example of Amazon Marketplace, is obliged to submit a document, a piece of paper, which shows that he is registered for tax purposes. This is really done on paper, perhaps even by scanning. Of course, the problem now arises again with the scan: Has it been falsified? Especially if someone from abroad submits the whole thing. If the postal address is not 100 per cent explained and comprehensible, this is where the pitfalls lie. Paper receipts, media discontinuity, forgeries, just like with any other thing, for example, as far as I’m concerned, I’ll take the example of a copy of his diploma or doctoral thesis from his personal environment.

The next stage, which we have also briefly touched on, would of course be the next step: An electronic form is now being created on Amazon. But of course that would have to be set up on every marketplace, Ebay and so on. There the merchant would then enter his data during onboarding and then type in his VAT number, for example. This only shifts the problem a little bit, because anyone can enter their number as they wish. If in doubt, the marketplace operator would have to check with the relevant authorities each time: is this correct, do the company name, registered office and number match? And the interfaces must be built accordingly. Third variant: You take a real identity provider in the middle in between, where the trader only once digitally deposits this proof, for example, and then distributes the whole thing to the marketplaces from there.

But then you have the third one in again.

Yes, then there is a third party. And there are a number of initiatives that are driven by industry and, in some cases, by the authorities. Elster, for example, also has the possibility with the NEZO procedure to pass on data from taxpayers to third parties. However, these procedures have the disadvantage, let me put it this way, that they are relatively rigid in their data structure and cannot be adapted so easily. These are centrally maintained interfaces to which many systems are attached. And if you say for such a technical case that I need one more field, I will put it in a more casual way, or maybe even a few more, then correspondingly complex updates and similar procedures are necessary. And of course the whole thing then grows more and more.

In our investigations, this led us to say: What would happen if this data could be stored on a block chain in a secure, encrypted procedure? If we now trust that this type of technology will perhaps establish itself to a certain extent in the next few years, we can then rely on open standards and could now say: If the various parties involved, both the issuers or those who practically put their stamp on it and the recipients, the marketplaces, accept this technology and perhaps use it for completely different purposes, the interface effort will be less because everything can be handled on a general standard.

But traders still need an identity with which they can say: yes, I am and I am subject to VAT or registered for VAT?

Exactly, correctly identified. That’s actually two steps. First stage: I am who I am, the classical identity. And when that has been confirmed, then: I have the proof of my registration. And when we tried that on Blockchain, we relatively quickly came to the point that it is probably not a good idea to really write the real net data in the Blockchain. Because of course you also have the issue of non-changeability of block chain data, a classic feature of the block chain. Then of course data protection is also an issue. I cannot delete data either. I have to put a lot of effort into appropriate architectures, that they are at least encrypted and, and, and. Very complex.

But then we came to the conclusion that there is already something that many others have thought about, namely under the name SSI. And there it is solved in such a way that not the data itself, in our example company name, street, postcode and so on and also the number, is stored on the block chain, this database, but only the, I say, stamps, the test procedures on it. But that means that even if I read natively in this block chain what kind of evidence is even desired, I can’t figure it out, because there are only references and encrypted references to the original data, which are located somewhere else.

And what does the retailer show as a unique selling point? There must still be something.

Yeah. Let’s play it out. We have developed a prototype for it, after which we have set up the architecture and the process. And it looks like this: Since every company is liable to tax, it usually has a corresponding Elster tax access. I can register there in my tax online portal. And can now perhaps click on a new menu item called: “Please send me a certified copy of my tax registration in digital form to the block chain.

Here it is now the case that we are already securely authenticated by logging into the Elster-Steuer online portal and with the associated certificate. This is the basis for logging in to Elster. And we can now store this information, the dealer is authenticated, the pure date, company, street, postcode validated in the block chain, as the first data package accordingly. The copy of the Elster certificate with which I registered with Elster would be stored in the block chain. Or better still: the encrypted reference to it would be stored on the block chain. And in the second step, the “is registered for tax purposes” indicator would also be stored separately on the block chain with the corresponding encryption. Not the data itself is stored, as explained, but only a hash, a kind of checksum, a cross sum, on the block chain, which, together with the original data, ensures that one can look: is it the original data or not?

How does the dealer ultimately prove this? There is probably an employee sitting there somehow to deal with the tax aspects. Are there then tokens, an e-mail, a file? Or what should that look like?

In order to be able to keep these certified copies, it is important to understand that with the SSI approach they are with the user himself. Similar to how you keep certified copies at home in your paper folder. There you might have a photocopy of your school leaving certificate or whatever. And maybe even the very valuable copy certified by an official authority. You also have to keep these digital copies at home. And only the stamp to prove that they are genuine is on the block chain.

That means, to come back to your question, the dealer who does this needs a wallet. That’s what it’s called in the jargon. So in the end a tool in which he now saves his data and also the corresponding cross-reference to the stamp in the block chain. We implemented the whole thing on a mobile phone in the prototype. Firstly, because there are already relatively many wallets that support these open standards. On the one hand, there is the portal, in our example here Elster, which outputs the copy of the identity and also the tax registration here. And on the other hand, we have physically separated these wallets, which then contain the copied data.

Of course, in the enterprise context, it is inconceivable in the long term that all people in companies do this on their mobile phones. In other words, the enterprise rollout would then use web technology and build a web wallet. But then you always get into this predicament a little bit. Where is the data stored now? Actually, you now have to save it in a central location, in a web application, on a server.

Via a cloud solution with access restrictions and access rules.

Exactly. And where is the data now? And of course, here again public providers, such as the computer centres of the tax authorities, Elster and Co. So perhaps this relatively small solution might go round in circles at the beginning because people say: this could also have been solved directly via the native access to Elster. But this is certainly a bit like the hen-and-egg problem you have at the very beginning.

If you understand that this technology, i.e. both the block chain and the wallet are completely independent of the use case, can also record any other things, it is actually only a matter of providing one or more such block chains and of course these wallets. Mobile phone users know this from the iPhone faction, for example, through the Apple wallet. This is partly central, but also partly local. Everyone who stores their flight tickets and co. in it knows this. They are really only stored locally at my place, and in part they are synchronised via cloud for those who have worked with them.

But here, too, the point is that the infrastructure must be in place at some point, both on the customer side and on the issuer side. And then, of course, various applications can be set up on it.

If the trader has now, let’s stick to the example of the prototype wallet on the Elster smartphone, obtained verification, would this also apply to other tax aspects that use it? Or would one proof have to be deposited for VAT, another proof for the next tax and a third proof for customs?

B: The nice thing about the SSI is that you can pick up the certificates individually from the broadcasters. I was at the example of the Elster. One could imagine that the company might also have the proof of registration with the Chamber of Industry and Commerce certified accordingly, or, for example, if it is an architect, it might have the Chamber give it the entry, and, and, and. There is a lot to think about now. And everything, the really physical data, is collected in this wallet. It’s really like the smartphone wallet, to stick with the example. But with the huge difference that they all have a link to a corresponding block chain entry and can be checked to make sure that they have not been manipulated. And I can now play them back to third parties, other authorities you asked, or perhaps companies or I have an application for funding to make, in any combination.

In other words, this is exactly where the advantage of the technology comes in. A few minutes ago I told you that classic interfaces are often relatively rigid and not so easy to adapt. Simply because so much appropriate implementation is involved and the migration effort is high. SSI is actually exactly the opposite. It is extremely flexible. For example, if you go to another authority and they say: “I need from you a) a confirmation about the location of your company, b) about your VAT registration and c) maybe even that you are really registered with the Chamber. Then you can check this in one go via the wallet.

But then in the example with three different proofs, which you then click on?

Yes, it is a very strong principle at SSI that practically the person who is interested in the data, let’s assume it would be a funding application to a public authority, who really asks the user, the company, what data he would like to have. Then he says: I would like to know your name, company, street and postcode. I then see these in my wallet as a request. Attention, request, the company would like to have these and these and the data. And then you really confirm this by clicking. And then the wallet collects the information from your own wallet and sends it back in one go.

This means that transparency is important at SSI. This brings us back to the sovereignty, the sovereign aspect. Every contact with a new authority in general, where one either obtains new certificates or identifies them to others, is made transparent. I must confirm this. You can then also automate a little bit, as you know it from software, with a cross like this. And at the initial first contact, the question is always asked: “Now please, Authority A would like to talk to you. Will you allow this? Yes, check mark. And b.) every data transaction is really requested individually and only those are returned.

So it’s not the black box like the third one in the middle. When you think of an extreme antipole like Google, Facebook, Amazon and Co., which also offer registration for online services, you don’t know what is happening in the background. It is precisely this transparency that is missing. And that is a completely different important component. That is why the aspect of data protection and transparency for the user was a very important feature of the study and was also evaluated very positively.

Personally, I get confused when I make my entries in the wallet. In addition, everyone probably knows hundreds of different passwords. And this is where I imagine myself right now with a view to Enterprise: There must be this cloud wallet somewhere with one to n identities that have to be managed. That does involve a risk, doesn’t it?

Yes, but the risk lies with the user, which can be seen as an advantage and actually also as a disadvantage. Important for understanding: The data is only available in the cloud on the server in web-based solutions. And then you certainly have to find trustworthy partners where the data is stored accordingly, no question about it. But if I really do store it locally, which is quite conceivable with this technology, then this point of attack no longer exists, because it is located locally. Or at least it is much more difficult.

I didn’t just mean the cloud, but the danger of confusion in general and of course employees coming and going to manage it. So in the analogue world, if in doubt, I have proof of, for example, the Chamber of Commerce in the good old Leitz folder. I copy it once, send it away and put the Leitz folder away again. And then the next employee can take it. That means, of course, that the security staff must look at it in such a way that all employees have their rights revoked.

I see a big market in the future when the technology for such enterprise wallet solutions, where exactly what you are describing can be depicted, will prevail. Once a company gets the relevant data, it can be certified and can then independently say which employee has access to it, which can then be withdrawn again with SSI. Maybe you could then really even use your mobile phone to make such a chain.

There are at the blocking point of the whole thing, especially in the case of technology companies, which use it to make all their login traffic to the computer in the morning. They say: I save this classic central administration by using passwords, but I put it on a wallet and if I lose it as an employee, like any other key, then I can set the key to invalid. This is also provided for in the standard. That was also something we investigated in the study, by sending a second stamp on the block chain after it, which negates the first one. The first one is still there. The first one is still there, which says that it was originally found to be okay, but at the same time it is always checked to see if there is another one that practically overrides it. But this would create a chain: it is the first step for the employee to authenticate and log in. And then there is the second step at company level for the corresponding proofs.

Are there other risks beyond data protection? Perhaps in the block chain itself, because decentralised power can fail? I’m going crazy now.

From a technical point of view, the advantages of a decentralised technology outweigh the disadvantages: There are several servers that are operated there. And if they are really physically distributed across several data centres or perhaps even by completely different operators. And the technology supports easy scaling, i.e. simply adding more servers without central administration. Even the legendary Bitcoin example shows this quite clearly. Independent of the crypto-currency discussion, that something like this can really scale at this point.

How well it is scaled is really still a question mark, which we want to examine more closely in the follow-up project, where we will then run the corresponding load tests. Especially now in the context of SSI, to see what limits it reaches there. And this is indeed a weak point, which we have to see and check and where we have to look how much hardware capacity is needed and how it is distributed. It was again quite interesting that not necessarily a block chain is suitable for the topic, but that you can run several in parallel.

If you look a little bit at what is happening in Europe at the moment, you can see various initiatives emerging from the ground to deal with this issue. Even at EU level. It is planned to provide a corresponding block chain infrastructure with the EBSI projects by the end of 2022. Really in the sense of hardware and network and that you can access it as a citizen. Right up to block chains organised by the private sector. And these are then separate networks, but all accessible from a wallet.

Again, the analogy I had at the beginning of the e-mail, I can have an e-mail client that I use to check several mailboxes, but I see them in a message stream. That’s how you have to imagine it with multi- or multiple blockchains in parallel. It does not have to be the one block chain that you scale. You can also simply go over several block chains and then the traffic is distributed accordingly.

But that sounds like the initial spark for many productive systems probably comes from the economy and then spills over into the private sphere, because you just said citizen, rather than the other way round, doesn’t it?

Now that really is a glass ball. I believe that it simply, yes, probably needs some use cases to create acceptance for this hen and egg problem. I believe that the demand for such digital certificates is simply growing exponentially in companies, given the increasing digitalisation. This is not just an issue for the authorities. This is also true in the intercompany sector, from waybills to order confirmations etc.

supply chain…

Yes, supply chain, even IoT. When you say to yourself: Devices should transmit data securely and it should be verifiable that it really happened. This can be done, yes, everything about these or related technologies. And if, of course, the concept and perhaps also the technology that is a bit more broadly accepted, then trust is created. And then perhaps it will spill over into the private sector. But perhaps there is also the killer application in the private sector that says: “Hey, we have already virtualised credit cards, Apple-Pay, Samsung-Pay for example, but they can only do that. In theory, you can do exactly the same thing with this technology. In the end, a credit card is just a stream of numbers, the number, checksum, that’s all I need. Everyone who has filled out a credit card form online knows this. And if I can now make sure that I don’t just type in the data, but that it really comes from an unaltered digital source, from an SSI wallet, you are even safer than before.

With this example I only want to show if something like this should become generally accepted, perhaps also for other payment methods, loyalty methods. Because I believe that at a certain point, citizens or users, or rather users, will probably be tired of having their own app for all their digital collections, points and so on everywhere.

Definitely!

SSI can be an exciting point. And it is really decoupled from the providers. This must be emphasised again and again. Just like e-mail, without anyone really understanding.

How complex is it to install such a system? In principle, it is also part of the hen-egg principle. Does a supplier have an advantage? Dependent on the amount of investment and to achieve a return on investment at some point in the future?

I would like to illuminate two levels. Firstly, the infrastructure, the Blockchain itself. We deliberately decided not to build one ourselves, for example, as part of the pilot project. And we went to publicly accessible areas that are available and easy to use. Some of them are even free, because they are provided by universities or research institutions. And that’s what can be done, that’s the interesting thing again, because the idea is not to store the original data, but only the corresponding keys and links that are not critical.

That is why you can save your information on any publicly accessible SSI block chain without any risk, provided you trust the basic mechanism. Then, if you like, the costs are zero. Of course, if you want to have the appropriate performance, or perhaps even be fail-safe yourself, then you need appropriate data centres, servers or simply connect to a network. But let’s assume that the issue is perhaps solved in the future, then the question remains, above all for companies: How do I bind to my application side? For example, my SAP or other ERP system that wants to connect to it. How can I connect it to the block chain? And there I am with classic interface topics, interface projects, where I think I can get there relatively easily with reasonable effort.

Yeah, I hear you’re at least convinced of that. That would have been a question. Hence the other question: Do you think it will become the standard, you said crystal ball sight, for such detection processes? After all, it is obviously a good digital solution.

I must say quite clearly that we are currently talking about an absolute niche. I would also deliberately call it that, a nerd technology. Comparable to certain digital payment methods. I don’t even want to talk about Bitcoin now. But I think that even classic digital payment has probably reached 0.X percent of the population. Credit cards or contactless payment are coming so slowly. So I really don’t dare to make any predictions. But I do indeed believe that there is a lot to be said for this solution in terms of technology and design. The standards that are already in it, that are approved by the W3C, which is also responsible for many Internet standards, open source packages that already have a certain degree of maturity, hyperledger must be mentioned as a product on which our pilot is based, which is also widely used in the industry. Not only in the SSI blockchain context, but also elsewhere.

These are all arguments that would argue in favour of taking this forward. But I think everyone who is at home in the digital industry knows that rational arguments or logic is one thing. The other, of course, is politics. And politics, simply in the sense of identity management, is of course a topic that is played out through the old lens of “whoever has the data wins”. And that is why the battle is still being fought so that as many people as possible try to keep their data together centrally. And whether this will be cracked, perhaps also by stronger regulation, which of course is going into it more and more, DSGVO and Folgen, I actually imagine that these are the main catalysts that might lead to an acceleration for SSI.

Whether it is exactly this technology or something similar, that remains to be seen. But I believe that the trend towards users and citizens being given a little more responsibility, while at the same time gaining more transparency, has a lot to offer. And I believe that things will go in that direction.

Do you have a rough time horizon? I’m not nailing you to it.

Okay, thanks. The initiatives that are to be rolled out, both in the private sector and, as I mentioned the EU initiative for example, have a time horizon of 2022/23. Add another year, because there may be a delay here and there, then the technology will be there. Then I would say that the use cases will grow to cover another two or three years. In other words, logically, we are talking about five to ten years here, that something can make a significant difference at all. Everything before that would be, I think, luck, or in certain niches, where things can perhaps go faster, indeed, by the way, perhaps even as an outlook and sidenote on the topic of corona, the technology was discussed. The topic: How can I manage to anonymously log where I was and when under the control of, for example, a citizen? This means that such external influences can of course always accelerate such technologies, but we all do not want to hope so. And so I think that the five to ten years are perhaps rather an optimistic outlook.

Yeah, but it might fit. Our electronic identity card or the one with the electronic verification function was just ten years old. And the discussion was always based on the chicken-and-egg principle. Nobody does it because there are only 100 or a little more applications. It started ten years ago. That was a different digital world than today. We shall see.

Yeah, well, and we have two sides. On the one hand, a good example is with the ID card, what kind of procedures does that support? And on the other side, the customer side: how easy it is to use. Ten years ago, we had this monstrous …

…card reader.

Yeah, the card readers.

A showstopper!

Showstopper. The iPhone can do it, I think, Pi times thumb only since one year. Before that it was only available via Samsung. Now the virtualisation of the ID card? I think that only Samsung phones will be able to do this in the first stage of development for 2021, so I don’t always want to have the ID card as well. And actually, this is virtualisation.

Then it can really get started.

But it is SSI again. It’s exactly the same again. I take the original and store it locally so securely that I can use it again when providing proof to third parties, at least up to a certain level of confidentiality. And maybe one or the other manufacturer will come up with the idea: “Gee, instead of the same thing for every case, sometimes it’s the ID card, sometimes the health card, it’s more likely to be a standard, because the rollout is of course, as the ID card shows, really expensive and means apps and the like every time. And for the citizen and user, of course, the corresponding diversity and chaos.

Well, we’ll see. All right, thank you very much. Of course we link the study in the show notes. The participating partners as well and further information. Then everything is at the podcast location. Thank you very much for the exciting insights, Ansgar. And let’s see, you said in the half-sentence times, follow-up project or follow-up research project, what results. And then maybe we will talk again. Thank you very much.

 

Project partner together with mgm:

Share