Falsified Medicines and beyond

One of the side conversations at the Mattereum Identity summit on Monday was the idea of tracking individual copies of objects (‘this bottle of Coke’), not just classes of objects, (‘a bottle of Coke’). It is a solution searching for a meaningful problem (in London at least).

The Falsified Medicines Directive is the EU-wide response to fake medicines affecting Africa and China. The Directive places obligations on all parts of the medicine supply chain to keep, publish, and share records on flows of medicines in and out. Relevant parts come into effect in 2019 (pre-Brexit).

The end goal is to allow anyone looking at a pack of pills from a pharmacy in the EU to be able to trace those back through the supply chain to the manufacturer that made them, through every intermediary. Any one customer can keep the entire chain honest.

This will not stop falsified medicines being created, but it will show when and audit where they appear in the supply chain, and give clear reassurances to a patient holding a pack of pills.

It may be a while before a central system can cope with a lot of people seeing a news report of a problem and putting their packet’s barcode into a website, in a manner that is usable and reliable. There are scalability and coordination issues that a single closed system may struggle to overcome.

When the public see something that works (however the NHS system ends up working), there will be increasing demand for a similar audit for other important purchases when the supply chain contains risk or food chain are involved. Options include one real pill being equal to one digital token to represent the pill, with faucets available for anyone who either creates pills or who receives them from an intermediary who doesn’t comply.

For the “but blockchain is just a database” crowd, a form of distributed data structure where everyone can write, where better standards are de facto than de jure, and where no one is really in charge, is a perfect environment for how to do things well in the NHS. Plus, the NHS is a culture that has not had entirely positive experiences instituting databases. But as always, our health and blockchain questions apply.


posted: 13 Apr 2018

(Replacing) Facebook – Part 2

“Leave Facebook” is a luxury that many do not have. Like Google Reader, it has become the ubiquitous solution for a certain class of user needs. But like Google Reader, people will be able to cope without it if they either (a) must, or (b) there is an alternate.

Option (a) is in the hands of Emperor Zuckerberg (who seems to be screwing it up entirely by himself). We’ll know if they’re really considering change if the random inability to block a page goes away for Zuck and his page returns to normal. How many other Zuck specials are coded into the site?

I’m also sitting at the back of the Identity conference from the Internet of Agreements people.


All those people whose job right now is to encourage people to click on yet more ads and sell yet more ads get the option of a new model. Every blockchain currently in existence has a currency built into it (that’s not to say they all will in future), but getting people to pay gets a lot easier. If me wanting a friend to join involves a gift of $1 to sort out the initial keys/personas and account being set up, that should go a long way, and account for a variety of inbuilt business models, not just showing yet more ads to victims.

This wasn’t intended to be a blockchain post. It just ended up there as it’s the big new collective technology since facebook that can have a low barrier to entry with suitable tools. $1 worked for whatsapp. What a distributed ledger offers, for the first time, is a shared commons where the user plays almost no fees, but at scale, is enough to cover the transactions of the network. Together, that keeps the network running. ‘“Proof of work” is terribly inefficient, but it was the bootstrap that showed that this model had some value to people, at a time when that was an untested proposition. Now we have know it does, and with better models, the question now has a default answer, and one that can be built on.

What replaces facebook will not look like Facebook. Facebook is mortally wounded, but until there is something that is demonstrably better, it will survive. When there is something demonstrably better, it also won’t matter what facebook does.

Of course, those who scraped the phone numbers to facebook ids already wanted to harm Facebook. Facebook giving everyone a numeric identifier that they can’t change, and then losing control of the lot of them, might turn out to interact badly with a data structure designed to index purely numerical addresses, written at almost zero transaction costs.

Those identifiers really need changing….


What might something ‘better’ include?

My facebook feed is full of people saying we should more to mastodon instances. But the manner of the suggestion shows it is not going to happen – the ask is already in vain.

Whatever replaces facebook will not look like facebook – it will be the anti-facebook. The pendulum always swings.

What technologies (new or old) could we put together to avoid the worst of facebook? Remembering that facebook was built in a pre-mobile siloed world, with all the life experiences and privacy of a Harvard dorm room.

We now have a communally owned and maintained data structure in the blockchain (ignore the cryptocurrency aspects – assume the value field is permanently set to zero, and concentrate on the other fields in the data structure). It is somewhere that anyone can create a key/persona, and signal to any other address that there is some form of interest. Not in transferring value, but the simple existence of a transaction is the message.

For private groups, or separate personas, separate private keys can be created and managed by the app, so that the joining of the group is primarily subject to social protocols, not technical measures.

For public groups, for institutions, those with well known addresses could leverage existing information: published telephone numbers as the known address. The collective knowledge problem is overcome. Not that that would need to post anything (since the private key for that address would likely not exist), but as the rally point to show, “I’m interested, tell me more”.

Additional services can then be layered on top.

This has the advantage of well known addresses all being based off landline numbers, which are far harder to steal than mobile numbers. The use of a shared resource for signalling locations could make mastodon useful – “this is my faux-twitter feed” until a statement that it is somewhere else. Following the tumblr model, you would not necessarily know how many one person had unless they told you – private keys are easy to generate.

The use of private keys as an origin allows some degree of reputation, while also preserving some degree of anonymity where appropriate. And if you don’t want to see parts of the network where accounts don’t have the criteria you wish, you can mute them; or where posts are only available to someone with an asserted attribute you like (age over 18, or under 18 for a kids site).

With always on smartphones, separated from persona, identity becomes the set of attributes and assertions (with backing not just “this is what someone told facebook”. Communities victimised by “real name” policies can set their own standards, using the same infrastructure as anyone else. The underlying technology fabric does not care – in the same way your mobile phone network doesn’t care which model phone you use. The choices of people are greater, and the burden can be placed on tools to simply do what they wish.

The chain would simply be the lookup service – performing the same foundation that an addressbook performed for whatsapp. Key handling would be done however was found to work – keys can also sign assertions, and act as a statement of reference. It might be “this is my latest key” is a valid assertion to write. Tumblr has the right design here, although needs better support from tools.


This is not the fundamental of a new service, but the foundation for an entire ecosystem of services which try to offer different things. What has really changed about photos since flickr in 2003? We basically went from pink to blue when they mostly moed to facebook walled garden, and then all innovation died. The only other thing is instagram which brought us another walled garden and filters….

Is there really nothing better we can do?

posted: 10 Apr 2018