W3C home > Mailing lists > Public > public-credentials@w3.org > February 2016

Re: Rule of law

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 20 Feb 2016 14:41:03 +1100
Message-ID: <CAM1Sok1GHXJtWrzcYZaWaWuWg-anzjnbqmFQFESw=dD_JHBd0Q@mail.gmail.com>
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
On 19 February 2016 at 05:29, Dave Longley <dlongley@digitalbazaar.com>

> On 02/18/2016 12:50 PM, Timothy Holborn wrote:
>> So,
>> I assume apple[1] can decrypt it.
> I think that's a big assumption. Have they said that? I don't know how
> they do their encryption, but if they are using symmetric encryption
> where the key is derived from a password only the user knows, then, no,
> they can't decrypt it. Unless the password is easily guessable, it's not
> feasible to brute force attack the encryption.
> So, the issue is how to trust gov? Locally or internationally?
>> Couldn't a bunch of approved credentials be used to present something
>> at the phone that in-turn allows that device to say, recognise the
>> president said - executive orders - open it.
> You could do two forms of encryption: one for the user and one using a
> public key owned and protected by the government. Of course, then the
> government can read everyone's private data.
> I suppose you could require a credential from a court (signed by the
> court's public key) indicating a court order was granted to the
> government in order to use their key to read the data ... but it's all a
> little unclear as to whether or not these protections would actually be
> followed, or rather, if they weren't, that a violation of them could be
> easily detected.
> ​Wouldn't a 'pingback' like mechanism be possible for the use of RDF
marked-up documents, perhaps using a mechanic that provides a unique
ontological reference for that document, referenced in relation to
signatures?  In effect, produce a private ledger associated to the use of
credential instruments for specified purposes, et.al.
Also noting the packaging of 'signed claims' and related capabilities.  ​

I believe some areas of law-enforcement require means in which the subject
is unaware of an 'active case' (as i think it's called) relating to them.
Yet, I think an argument to say that save particular circumstances, the
citizen has the right to know ​/ accountability systems, seems to be a far
better concept than to say 'no access under any circumstances'.  I also
envisage these sorts of considerations to be a driver for much of the
functionality provided by BlockChain technologies.

​We won't be able to have a meaningful conversation that aids those in the
business of law; unless we get away from the 'all or nothing' styled
arguments.  At the end of the day, we couldn't promise 100% anonymity nor
are we able to claim 100% secure.

> --
> Dave Longley
> Digital Bazaar, Inc.
> http://digitalbazaar.com
Received on Saturday, 20 February 2016 03:42:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:27 UTC