The hype over NFTs and collectibles is blinding us to their true usefulness as trustworthy persistent data objects. How do they sit in the landscape with verifiable credentials and picos?

Colorful Shipping Containers

Listening to this Reality 2.0 podcast about NFTs with Doc Searls, Katherine Druckman, and their guest Greg Bledsoe got me thinking about NFTs. I first wrote about NFTs in 2018 regarding what was perhaps the first popular NFT: Cryptokitties. I bought a few and played with them, examined the contract code, and was thinking about how they might enable self-sovereignty, or not. I wrote:

[E]ach kitty has some interesting properties:

  • Each Kitty is distinguishable from all the rest and has a unique identity and existence
  • Each kitty is owned by someone. Specifically, it is controlled by whoever has the private keys associated with the address that the kitty is tied to.

This is a good description of the properties of NFTs in general. Notice that nothing here says that NFTs have to be about art, or collectibles, although that's the primary use case right now that's generating so much hype. Cryptokitties were more interesting than most of the NFT use cases right now because the smart contract allowed them to be remixed to produce new kitties (for a fee).

Suppose I rewrote the quote from my post on Cryptokitties like this:

[E]ach verifiable credential (VC) has some interesting properties:

  • Each VC is distinguishable from all the rest and has a unique identity and existence
  • Each VC is owned by someone. Specifically, it is controlled by whoever has the private keys associated with the address that the VC was issued to.

Interesting, no? So, if these properties are true for both NFTs and verifiable credentials, what's the difference? The primary difference is that right now, we envision VC issuers to be institutions, like the DMV, your bank, or employer. And institutions are centralized. In contrast, because NFTs are created using a smart contract on the Ethereum blockchain, we think of them as decentralized. But, not so fast. As I noted in my post on Cryptokitties, you can't assume an NFT is decentralized without examining the smart contract.

There is one problem with CryptoKitties as a model of self-sovereignty: the CryptoKitty smart contract has a "pause" function that can be executed by certain addresses. This is probably a protection against bugs—no one wants to be the next theDAO—but it does provide someone besides the owner with a way to shut it all down.

I have no idea who that someone is and can't hold them responsible for their behavior—I'd guess it's someone connected with CryptoKitties. Whoever has control of these special addresses could shutdown the entire enterprise. I do not believe, based on the contract structure, that they could take away individual kitties; it's an all or nothing proposition. Since they charged money for setting this up, there's likely some contract law that could be used for recourse.

So, without looking at the code for the smart contract, it's hard to say that a particular NFT is decentralized or not. They may be just as centralized as your bank1.

To examine this more closely, let's look at a property title, like a car title, as an example. The DMV could decide to issue car titles as verifiable credentials tomorrow. And the infrastructure to support it is all there: well-supported open source code, companies to provide issuing software and wallets, and specifications and protocols for interoperability2. Nothing has to change politically for that to happen.

The DMV could also issue car titles as NFTs. With an NFT, I'd prove I own the car by exercising control over the private key that controls the NFT representing the car title. The state might do this to provide more automation for car transfers. Here too, they'd have to find an infrastructure provider to help them, ensure they had a usable wallet to store the title, and interact with the smart contract. I don't know how interoperable this would be.

One of the key features of an NFT is that they can be transfered between owners or controllers. Verifiable credentials, because of their core use cases are not designed to be transferred, rather they are revoked and reissued.

Suppose I want to sell the car. With a verifiable credential, the state would still be there, revoking the VC representing my title to the car and issuing a new VC to the buyer when the title transfers. The record of who owns what is still the database at the DMV. With NFTs we can get rid of that database. So, selling my car now becomes something that might happen in a decentralized way, without the state as an intermediary. Note that they could do this and still retain a regulatory interest in car titling if they control the smart contract.

But, the real value of issuing a car title as an NFT would be if it were done using a smart contract in a way that decentralized car titles. If you imagine a world of self-driving cars that own and sell themselves, then that's interesting. You could also imagine that we want to remove the DMV from the business of titling cars altogether. That's a big political lift, but if you dream of a world with much smaller government, then NFT-based car titles might be a way to do that. But I think it's a ways off. So, we could use NFTs for car titles, but right now there's not much point besides the automation.

You can also imagine a much more decentralized future for verifiable credentials. There's no reason a smart contract couldn't issue and revoke verifiable credentials according to rules embodied in the code. Sphereon has an integration between verifiable credentials and the Digital Assets Markup Language (DAML), a smart contract language. Again, how decentralized the application is depends on the smart contract, but decentralized, institution-independent verifiable credentials are possible.

A decade ago, Lucas, Ballay, and McManus wrote Trillions: Thriving in the Emerging Information Ecology. One of the ideas they talked about was something they called a persistent data object (PDO). I was intrigued by persistent data objects because of the work we'd been doing at Kynetx on personal clouds. In applying the idea of PDOs, I quickly realized that what we were doing was much more than data because our persistent data objects also encapsulated code and the name persistent compute objects, or picos was born.

An NFT is one possible realization of Trillion's PDOs. So are verifiable credentials. Both are persistent containers for data. They are both capable of inspiring confidence that the data they contain has fidelity and, perhaps, a trustworthy provenance. A pico is an agent. Picos can:

  • have a wallet that holds and exchanges NFTs and credentials according to the rules encapsulated in the pico.
  • be programmed to interact with the smart contract for an NFT to perform the legal operations.
  • be programmed to receive, hold, and present verifiable credentials according to the proper DIDCommm protocols.3

Relationship between NFTs, verifiable credentials, and picos
Relationship between NFTs, verifiable credentials, and picos (click to enlarge)

NFTs are currently in their awkward, stage. Way too much hype and many myopic use cases. But I think they'll grow to have valuable uses in creating more decentralized, trustworthy data objects. If you listen to the reality 2.0 podcast starting about 56 minutes, Greg, Katherine, and Doc get into some of those. Greg's starting with games—a good place, I think. Supply chain is another promising area. If you need decentralized, automated, trustworthy, persistent data containers, then NFTs fit the bill.

People who live in a country with a strong commitment to the rule of law, might ask why decentralizing things like titles and supply chains is a good idea. But that's not everyone's reality. Blockchains and NFTs can inspire confidence in systems that would otherwise be too costly or untrustworthy otherwise. Picos are a great way to create distributed systems of entity-oriented compute nodes that are capable of using PDOs.


  1. Note that I'm not saying that Cryptokitties is as centralized as your bank. Just that without looking at the code, you can't tell.
  2. Yeah, I know that interop is still a work in progress. But at least it's in progress, not ignored.
  3. These are not capabilities that picos presently have, but they do support DIDComm messaging. Want to help add these to picos? Contact me.

Photo Credit: Colorful Shipping Containers from frank mckenna (CC0)

Please leave comments using the sidebar.

Last modified: Wed Nov 17 14:28:41 2021.