W3C home > Mailing lists > Public > public-credentials@w3.org > September 2014

Re: Nigeria launches national electronic ID cards

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 09 Sep 2014 21:18:32 -0400
Message-ID: <540FA6E8.7020206@digitalbazaar.com>
To: Kingsley Idehen <kidehen@openlinksw.com>, Credentials Community Group <public-credentials@w3.org>
Moving this discussion to Credentials Community Group, bcc Web Payments.

Origin of thread is here:

http://lists.w3.org/Archives/Public/public-webpayments/2014Aug/0077.html

On 09/02/2014 11:25 AM, Kingsley Idehen wrote:
>> The main purpose of this Web Payments work is to provide options 
>> for citizens, governments, and commercial enterprises.
> 
> Yes, and Nigeria isn't a good example. In short, its ID system is
> the antithesis of what I believe you are seeking.

I seem to have miscommunicated my point, let me clarify. I'm not arguing
that we should model anything after the Nigerian/MasterCard government
ID system. You're right, Kingsley, it is the antithesis of what we want.

That said, technology can only go so far, and if a government mandates
that an identity solution must, for example, report back to the
government whenever a passport is requested from any identity system
used in the country, then there is not much we can do to prevent that
from happening (other that providing solid choices for Nigerian citizens
outside of their country). Our technology will be used in ways that we
don't want it to be used and we have to accept that as a truth.

The question is, and this is a philosophical one (and should probably
not be discussed on this mailing list, so I apologize in advance for
bringing it up): Is it better for a non-privacy protecting government
that has been put in place by its citizens to use the identity system
we're creating here in a way that we don't approve of, or to build a
proprietary one?

I'm arguing that the former is preferable. We shouldn't make value
judgements wrt. the use of a corrupted version of our technology as long
as it is a citizenship that has approved of the use of that technology
through a democratic means.

I was just having this discussion with an Argentinian friend that
thought many US citizens push against a national ID card system was
strange. He said that many Argentinians don't think twice about having
the government play a major role in their identity.

Even looking at the differences between Hong Kong and China wrt.
identity and privacy issues is illuminating. What some citizens allow,
others detest.

>> If some government and their banks want to track their citizens 
>> movements and expenditures, it would be better for them to use a 
>> world standard to do it (at least there are efficiencies gained / 
>> money not wasted there) than build something proprietary.
> 
> They SHOULD never be surreptitiously violating the privacy of 
> citizens. Period!

Sure, but some citizens openly push for this sort of violation of
privacy. Case in point, the USA post-9/11. A government is only as good
as what its citizens tolerate.

My point is that we can't go in and tell a nation how they should be
using our technology. What we should be doing is giving them options,
and they will pick what works for them. It's a double-edged sword. None
of us want our technology to be used for "evil" purposes, but even that
term is highly dependent on your perspective.

>> As much as it makes my skin crawl to say that, this is more or less
>> the deal with the devil that the HTTP Encrypted Media Extensions
>> (EME) work had do.
> 
> I don't buy that.
> 
> The issue is that Privacy != Secrecy. It is simply about one's 
> ability to calibrate one's vulnerability. In the Nigerian case, the 
> govt., for all the usual corrupt reasons has sold out to Master Card
>  and really put our citizens in a broken situation.
> 
> Please note, for most of Nigeria's history, military oppression and 
> dictatorships have been the norm. And when the military aren't doing
>  it you have a corrupt civilian governments doing much of the same, 
> albeit in different ways.

Yes, and in the Nigerian government case, I'm completely in agreement
with you. This decision was most likely not made or supported by the
citizens.

>> For those governments/corporation initiatives, they should be able
>>  to use the same set of standards as the non-privacy protecting 
>> governments. I think we'll be more successful enabling choice 
>> rather than mandating solutions based on our particular idealism.
> 
> Privacy is a non negotiable idealism. Please, don't take your
> privacy lightly, many before us expended blood to get us where we are
> today. We should never ever forget this fact of human history. Let's
> not make the Web our nightmare!!

I don't think those of us that are committed to this work take our
privacy lightly. Saying that privacy is a non-negotiable idealism is
going a bit too far, it is for some of us (myself included). Some don't
value their privacy, some do. We should provide options for both, and in
the case of Identity Credentials, the option that we provide is with the
identity provider you choose (do you choose your government, a private
off-shore corporation, or one that you run?).

>> If we are successful, the US, EU, Nigeria, China, Hong Kong, and 
>> Singapore would use the same base financial Web standards with 
>> differing values on the privacy/tracking/market-based dials.
> 
> I wish, but it really isn't going to be that straight forward. What 
> the W3C MUST do is devise open standards that do not compromise the 
> privacy of Web users. Anything less defeats its mission.

I agree with the end goal, I just think that there is a ton of money out
there trying to make the opposite happen. We plug one hole and 10 more
open up. I don't mean to sound defeatist, quite the contrary, we should
strive to create the best, privacy protecting identity and payment
system out there. We have the right people involved to make it happen,
but that doesn't mean that corporations and governments that are
obsessed about defeating the privacy-protecting measures we create won't
find a way around what we're doing here. Safeguarding privacy, just like
security, is a constant struggle.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Wednesday, 10 September 2014 01:19:06 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:21 UTC