- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Thu, 11 Sep 2014 10:33:02 +1000
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Credentials Community Group <public-credentials@w3.org>
Sent from my iPad > On 11 Sep 2014, at 7:43 am, Kingsley Idehen <kidehen@openlinksw.com> wrote: > >> On 9/9/14 9:18 PM, Manu Sporny wrote: >> Moving this discussion to Credentials Community Group, bcc Web Payments. >> >> Origin of thread is here: >> >> http://lists.w3.org/Archives/Public/public-webpayments/2014Aug/0077.html >> >> On 09/02/2014 11:25 AM, Kingsley Idehen wrote: >>>> The main purpose of this Web Payments work is to provide options >>>> for citizens, governments, and commercial enterprises. >>> Yes, and Nigeria isn't a good example. In short, its ID system is >>> the antithesis of what I believe you are seeking. >> I seem to have miscommunicated my point, let me clarify. I'm not arguing >> that we should model anything after the Nigerian/MasterCard government >> ID system. You're right, Kingsley, it is the antithesis of what we want. >> >> That said, technology can only go so far, and if a government mandates >> that an identity solution must, for example, report back to the >> government whenever a passport is requested from any identity system >> used in the country, then there is not much we can do to prevent that >> from happening (other that providing solid choices for Nigerian citizens >> outside of their country). Our technology will be used in ways that we >> don't want it to be used and we have to accept that as a truth. > > That is an eternal truth, as far as I know, with regards to technology. > >> >> The question is, and this is a philosophical one (and should probably >> not be discussed on this mailing list, so I apologize in advance for >> bringing it up): Is it better for a non-privacy protecting government >> that has been put in place by its citizens to use the identity system >> we're creating here in a way that we don't approve of, or to build a >> proprietary one? > > We have no control over either. What we have control over is the development of standards that make reuse, in regards to privacy very difficult. Put differently, misuse leaks by design. Example, HTTP URIs. These kind of identifier is fluid, so pinning it down isn't that easy, and even when you do, preventing leaks isn't that easy, ultimately you needs acls and logic etc.. > > >> >> I'm arguing that the former is preferable. We shouldn't make value >> judgements wrt. the use of a corrupted version of our technology as long >> as it is a citizenship that has approved of the use of that technology >> through a democratic means. > > I don't have a problem with that point, even when citizens haven't necessarily put the government in power, via open and audit-friendly (transparent) democratic processes :-) > Accountability with gov. / int. is perhaps more important than privacy, where instances warrant lawful / civic use. >> >> I was just having this discussion with an Argentinian friend that >> thought many US citizens push against a national ID card system was >> strange. > > No surprised about reaction. It's a reaction driven my a misunderstanding of what constitutes identity and identification. For instance, you can have a national identity card, but shouldn't have anything to do you finances, club memberships, and other societal relations. It just means the government could require use of the card in relation to specific government services: > > 1. Visas for travel > 2. Passports for travel > 3. National Insurance Cards -- for health services > 4. Driver's licenses -- for driving > 5. etc.. > > Each to its own purpose, with authentication provided by the relevant authentication protocol etc.. > It also relates to culture and structure of laws I think. Some countries have very good health care systems where it costs nothing for unwell people to be cared for by medical services. Some countries have 'fair use' as part of copyright Others do not. >> He said that many Argentinians don't think twice about having >> the government play a major role in their identity. > > Because he doesn't understand how identity, identification, and civil liberties intersect. I think most Nigerians would actually react in similar fashion, at first blush. > > When I was a kid in Nigeria, I was clueless about civil liberties until I returned to England (my place of birth). > >> >> Even looking at the differences between Hong Kong and China wrt. >> identity and privacy issues is illuminating. What some citizens allow, >> others detest. > > Those who don't understand civil liberties do so because its never been palpable to them. That's a major difference between the USA, United Kingdom etc.. and many countries across Africa and Asia. It also depends on the legislation / systems of law in utility, with relation to the use of technology. This will never be simply a web technology solution. Sovereignty is an important support function - because, laws, culture, ideological views and support for legal concepts - like human rights - are different in different places. Yet we still have shared values. Therein, we need to pick the lesser of too weevils. >> >>>> If some government and their banks want to track their citizens >>>> movements and expenditures, it would be better for them to use a >>>> world standard to do it (at least there are efficiencies gained / >>>> money not wasted there) than build something proprietary. >>> They SHOULD never be surreptitiously violating the privacy of >>> citizens. Period! >> Sure, but some citizens openly push for this sort of violation of >> privacy. > > Yes, because they were successfully presented with a false dichotomy in regards to security and privacy. Safety is a key concept. Therein also, the belief of accountability (even if it is the opportunity, for a system supporting accountability to be implemented) "Rule of law" is a meaningful concept to me... > >> Case in point, the USA post-9/11. A government is only as good >> as what its citizens tolerate. > > Always the case. Which is why this issue of privacy ultimately triangulates back to the democratic process i.e., even when citizens make a mistake, there has to be a process the lets then undo said mistake. Thus far, the USA and UK (and most of Europe) have kept this process intact. Not so (at all) in Africa, and its patchy across Asia. > Different places, different laws, different issues. Meanwhile, we've got some big ones, we all share. Others might share those issues, if, for example - they had access to the web. >> >> My point is that we can't go in and tell a nation how they should be >> using our technology. > > Of course we can't. > > My concern is to not make a specification that makes it easy for nations to surreptitiously usurp the privacy of its citizens. Put differently, if we don't tamper with AWWW, in its current form, we don't have a problem. They key is to build atop AWWW rather than inadvertently compromise its dexterous core. > Web science I understand to include the opportunity to discuss some of the concepts within this dichotomy, as to convey at a minimum, where and how you made considerations with respect to a technology standard, which of course - at some level will always implement a form of ideology. I think the argument of pseudo-anon. Vs. anon. Is a very specialised example of an area that may be difficult to explain, given professional histories, etc. > >> What we should be doing is giving them options, >> and they will pick what works for them. > > See my comment above. > >> It's a double-edged sword. > > No. > >> None >> of us want our technology to be used for "evil" purposes, but even that >> term is highly dependent on your perspective. > > Its not about "evil" its about "privacy" i.e., self-calibration of one's vulnerability. > Safety, and data rights. Not all data is content (therefore copyright) and data can be VERY personal. After you've got some rights to your data, then the next thing to think about - is safety. Part of safety of course, are security paradigms, perhaps not at the cost of a persons safety though. > >> >>>> As much as it makes my skin crawl to say that, this is more or less >>>> the deal with the devil that the HTTP Encrypted Media Extensions >>>> (EME) work had do. >>> I don't buy that. >>> >>> The issue is that Privacy != Secrecy. It is simply about one's >>> ability to calibrate one's vulnerability. In the Nigerian case, the >>> govt., for all the usual corrupt reasons has sold out to Master Card >>> and really put our citizens in a broken situation. >>> >>> Please note, for most of Nigeria's history, military oppression and >>> dictatorships have been the norm. And when the military aren't doing >>> it you have a corrupt civilian governments doing much of the same, >>> albeit in different ways. >> Yes, and in the Nigerian government case, I'm completely in agreement >> with you. This decision was most likely not made or supported by the >> citizens. > > I doubt 10% of the citizens even understand that: > > 1. they (all 100 million+ and counting) are now (or will become) Mastercard customers > 2. their ability to live is inextricably linked to data directly accessible to the government, in the most opaque manner > 3. their government traded their privacy for some bizarre arrangement with a commercial entity How many people on Facebook? Tell me about the privacy controls on the apple lifecycle of products, including it's new bio reader thing / watch. The potential linked applications between something that can detect whether your heart rate is elevating and say, Siri - um. > . >> >>>> For those governments/corporation initiatives, they should be able >>>> to use the same set of standards as the non-privacy protecting >>>> governments. I think we'll be more successful enabling choice >>>> rather than mandating solutions based on our particular idealism. >>> Privacy is a non negotiable idealism. Please, don't take your >>> privacy lightly, many before us expended blood to get us where we are >>> today. We should never ever forget this fact of human history. Let's >>> not make the Web our nightmare!! >> I don't think those of us that are committed to this work take our >> privacy lightly. > > Literally, no. But as a consequence of actions, I need to be convinced :) > Very committed to the safety of end-users / natural legal entities. That includes data rights. >> Saying that privacy is a non-negotiable idealism is >> going a bit too far, it is for some of us (myself included). > > It is non-negotiable in democratic society. It isn't possible to be party pregnant. You can't be partially private, and then functional effectively as a democratic society. > Civil society. In other areas (ie: your sovereign gov) systems of accountability is arguably more important, at which point, the identifier is probably useful for when you need to be notified that your information has been used inappropriately and remedy is underway. > >> Some don't >> value their privacy, some do. > > Everyone values their privacy. Not everyone understands privacy. That's the problem. Why do you think privacy freakouts are long-tail affairs across social media spaces? Because, people only realize the nature of privacy when the "opportunity costs" of losing it become palpable. > > Yesterday, Apple announce the Apple Watch, and its utter interest in Health Data. Apple like many of these commercial behemoths doesn't have some genuine desire to compromise the privacy of their customers, the problem is actual protection is a combination of platform, user controls, and mercurial knowledge. Its the mercurial knowledge that lays the foundation for privacy compromises i.e., to be "big brother" (hold on to the "shared secrets") or to let "little brother grow up" (be allowed to own the keys and learn from exprience). > And that set precedents that can be used to justify the actions of others (who may be struggling with ideas in how to put food on the table for their children, etc.) Corporate citizenship, not just of USA, I suspect will become more important for the health of these US bohemoths. Laws are different in different regions. These regions are called states or countries. ;) >> We should provide options for both, and in >> the case of Identity Credentials, the option that we provide is with the >> identity provider you choose (do you choose your government, a private >> off-shore corporation, or one that you run?). > > I don't have a problem with that kind of loose coupling. My only concern is that we don't make standards that aid the antithesis of what we seek. > Um. Who's involved with credentials CG? The more voices, the better... (I understand free speech is not a right all people of the world, enjoy. So, I think we have a duty of care or some such related opportunity, too) >> >>>> If we are successful, the US, EU, Nigeria, China, Hong Kong, and >>>> Singapore would use the same base financial Web standards with >>>> differing values on the privacy/tracking/market-based dials. >>> I wish, but it really isn't going to be that straight forward. What >>> the W3C MUST do is devise open standards that do not compromise the >>> privacy of Web users. Anything less defeats its mission. >> I agree with the end goal, I just think that there is a ton of money out >> there trying to make the opposite happen. > > 20 years ago there must have been something like the combined market capitalization of Google, Facebook, Amazon, Twitter, LinkedIn etc.. looking for a place to park. But 20 years ago, nobody would have believed such a claim. My point here is that "ton of money" is context sensitive, as exemplified by the very World Wide Web (which made Google, Facebook, Amazon, Twitter etc. possible). Thus, money will always follow the people, so people simply need to be actively engaged in the pursuit and protection of their civil liberties (for which privacy sits at the core). People have always had the power, the only problem is that most of the time this isn't obvious to them. > Web 2 systems? I note MySpace wasn't listed..? Web3 can significantly benefit options for knowledge economies, especially in places where these traditional SNS type vendors have found it difficult to find solutions, that fit the needs of end-users. I see these works as significantly benefiting that aspirational goal, at least as a person who seeks to contribute (positively) > >> We plug one hole and 10 more >> open up. > > Not, not if you keep AWWW intact. Basically, you have the opposite effect i.e., just when they think they have you locked-in, you slide out. Look at Web 2.0, a live and contemptuous example of AWWW incomprehension that's driven the masses into mass surveillance. Then enter Web 3.0 (where identity, identification, and logic are cornerstones) still built around the same AWWW, and you have the opposite effect. > >> I don't mean to sound defeatist, quite the contrary, we should >> strive to create the best, privacy protecting identity and payment >> system out there. > > Yes! > > >> We have the right people involved to make it happen, >> but that doesn't mean that corporations and governments that are >> obsessed about defeating the privacy-protecting measures we create won't >> find a way around what we're doing here. > > They found a way to the Web, very reluctantly, then tried to impose their predictable myopia, which simply created their own hell. That's the kind of dexterity built into AWWW (it does Judo very well too!) . Those who seek to control end up relinquishing control because they too become victims of the very controls they seek to impose on others. > >> Safeguarding privacy, just like >> security, is a constant struggle. > > Less of a struggle when the new landscape is built atop solid foundation. In my eyes, the real power of AWWW is yet to fully manifest. Basically, as the struggle relevant aspects of its dexterity will emerge. > > As a wise man once said, "any fool can make a complex system, but it takes true genius to make a simple system, that works". In my experience, with technology, the underlying design of AWWW continues to amaze me, and there's no secret about my not exactly being the easiest person to impress or please -- in regards to technology :) > >> >> -- manu > > > -- > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software > Company Web: http://www.openlinksw.com > Personal Weblog 1: http://kidehen.blogspot.com > Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen > Twitter Profile: https://twitter.com/kidehen > Google+ Profile: https://plus.google.com/+KingsleyIdehen/about > LinkedIn Profile: http://www.linkedin.com/in/kidehen > Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this > > Great discussion. Timh.
Received on Thursday, 11 September 2014 00:33:38 UTC