W3C home > Mailing lists > Public > public-credentials@w3.org > May 2019

Re: Trust in Issuers

From: Carlos Bruguera <carlos@selfkey.org>
Date: Wed, 8 May 2019 11:05:26 +0700
Message-ID: <CAJrRL-GECWwpaR3ZwJnCxVLqiMhZPMN4AH8w=5CBDWq3oug8hA@mail.gmail.com>
To: Adrian Gropper <agropper@healthurl.com>
Cc: Steven Rowat <steven_rowat@sunshine.net>, W3C Credentials Community Group <public-credentials@w3.org>
Understanding the issues and lack of liberty and privacy in many of the
current models, I don't think it's the role of SSID (or decentralization in
general) to "overthrow" current models or try to disallow them in any way
(if that is even possible!), but to offer alternatives where the individual
has more control over their data, and therefore more freedom. I think
verifiable credentials need to allow for a wide range of possible
applications, including schemes where the issuer has some control (either
for business or regulatory purposes). The important is that the model
*allows* full decentralization and self-sovereignty, but it cannot be
enforced IMO. Just enabling the possibility, though, is pretty powerful.

With regard to revocation schemes, I don't think they do much about the
specific case, since there's nothing stopping anyone from issuing "partial
disclosure" credentials, or claims where the full content need to be
retrieved from a centralized source under the issuer's control, regardless
of its revocation status being public or not. I think there're valid use
cases for this type of model, as mentioned before, either for business
(credential monetization schemes) or government/regulatory purposes.

I don't think the capitalist and "predatory" behavior of institutions can
be avoided, but there's the possibility of establishing systems where
control and privacy are shifted towards the individual. If such models are
robust enough, we might also see a shifting of *trust* towards the
decentralized and self-sovereign... I always like to quote Mr. Buckminster
Fuller on this, because I think he's pretty spot on with regard to how
disruption works:

*“You never change things by fighting the existing reality... To change
> something, build a new model that makes the existing model obsolete.” *
>

As to the statement "Only the government should be allowed the power of
surveillance...", not only I don't see a way the tools for decentralized
identity can be made to fit that constraint, but also there's nothing
ruling out the "predatory" and even rights-violating intent of some (many?)
governments. It's my hope that someday even those levels of surveillance
and authority can be made obsolete. Until then, there's nothing left to do
but to build that which enables freedom and self-sovereignty, and keep
moving forward.


Carlos

On Wed, May 8, 2019 at 6:51 AM Adrian Gropper <agropper@healthurl.com>
wrote:

> Thanks for raising the issue, I was overly terse. The government has
> rights to broad surveillance when it comes to law enforcement and public
> health. That includes surveillance across contexts, since, almost by
> definition, the government is not directly involved in most contexts. Each
> society, for better or worse, has its own controls on government action.
> Some of those controls include jury trials and criminal prosecution for
> government agents that break the law.
>
> The problem of self-censorship arises when private, for profit
> corporations take on the surveillance role for profit such as ad targeting,
> education, employment, or insurance eligibility. These corporations are not
> subject to public disclosure laws, criminal prosecution, or, in many cases,
> private right of action (including class-action suits).
>
> Identity theft and other direct privacy harms affect only a fraction of
> people. Self-censorship and loss of liberty a the hands of "platforms"
> affects almost everyone and damages society much more deeply. Legal folks
> say that US FTC is uneasy enforcing our right to liberty.
>
> This is a reason to break up the platforms so they do not operate across
> contexts rather than merely regulating them. Only the government should be
> allowed the power of surveillance and the government should not delegate
> that power to private enterprise unless it's strictly regulated to prevent
> any use of the data by those enterprises.
>
> Adrian
>
> On Tue, May 7, 2019 at 6:57 PM Steven Rowat <steven_rowat@sunshine.net>
> wrote:
>
>> On 2019-05-07 2:34 pm, Adrian Gropper wrote:
>> > The issue of surveillance across contexts boils down to
>> > self-censorship. China's social credit scoring is the extreme example
>> > but Facebook in the US is really no different. Once we allow our
>> > activities in one context to be used in another context then we need
>> > to worry that we will be asked for our Facebook login when we ask for
>> > a visa or seek employment.
>>
>> I'm groping trying to understand this; could you say it in another way?
>>
>> To me, it appears to be saying that the individual has control over
>> what the prospective employer or the government does. That we're
>> "allowing" them to have that control.
>>
>> Is that what you mean?
>>
>> Steven
>>
>>
>> >
>> > Adrian
>> >
>> > On Tue, May 7, 2019 at 2:44 PM Timothy Holborn
>> > <timothy.holborn@gmail.com <mailto:timothy.holborn@gmail.com>> wrote:
>> >
>> >     Why not multimodal?
>> >
>> >     Or did I miss that part of the functional spec, being discussed...?
>> >
>> >     There are use cases where tracking the use of a verifiable claim
>> >     is as important as the claim itself, for various reasons,
>> >     including protection from scope-creep.
>> >
>> >     Noting also, I am.firmly of the view that solid interoperability
>> >     is essential.
>> >
>> >     Timo.
>> >
>> >     On Wed., 8 May 2019, 4:18 am Brent Zundel,
>> >     <brent.zundel@evernym.com <mailto:brent.zundel@evernym.com>> wrote:
>> >
>> >         Carlos,
>> >
>> >         The problem is not that issuers must be trusted (they must).
>> >         The problem with the business model is that it is predatory.
>> >         It allows the worst abuses of surveillance capitalism to
>> >         continue, under the guise of self-sovereign identity.
>> >         As I see it, once a credential has been issued it is not the
>> >         issuer's business how I use that credential. Let's say I have
>> >         been issued a credential asserting my national citizenship
>> >         (such as a passport), then use my credential to prove my
>> >         address so that I can join a local gardening club. Is it the
>> >         passport issuer's business that I like gardening? Let's say my
>> >         bank issues me a credential asserting my account information,
>> >         then I  use that credential to set up automatic donations to
>> >         my church. Is it the bank's business which church I attend?
>> >         A credential revocation scheme that requires the issuer be
>> >         contacted in order to verify the current revocation status of
>> >         the credential allows the issuer to track every use of that
>> >         credential.
>> >         Revocation schemes such as Sovrin's do not require the issuer
>> >         to be contacted to check the revocation status of the
>> >         credential. They also do not require public revocation lists.
>> >         They allow for proofs on non-revocation that reveal nothing
>> >         other than whether a credential has been revoked.
>> >
>> >         On Sun, May 5, 2019 at 8:35 PM Carlos Bruguera
>> >         <carlos@selfkey.org <mailto:carlos@selfkey.org>> wrote:
>> >
>> >             Why is it a problem that credential issuers establish
>> >             business models such as the one described? In what manner
>> >             does it threat self sovereign identity? In the end,
>> >             trusting the issuers is /always/ required as far as I
>> >             know, and DIDs still allow for other types of credentials
>> >             not requiring to rely on these issures... Perhaps I don't
>> >             fully understand the example. In what manner do revocation
>> >             schemes (such as Sovrin's) disallow such use cases? Also,
>> >             shouldn't the credential issuers always be able to set
>> >             arbitrarily long (or perhaps even null) expiration times?
>> >
>> >             Regards,
>> >             Carlos
>> >
>> >             On Wed, Apr 17, 2019 at 4:43 PM Daniel Hardman
>> >             <daniel.hardman@evernym.com
>> >             <mailto:daniel.hardman@evernym.com>> wrote:
>> >
>> >                 Agreed.
>> >
>> >                 On Wed, Apr 17, 2019 at 1:58 AM David Chadwick
>> >                 <D.W.Chadwick@kent.ac.uk
>> >                 <mailto:D.W.Chadwick@kent.ac.uk>> wrote:
>> >
>> >                     But this does not stop others from using the back
>> >                     door! The back door
>> >                     should be bricked up.
>> >
>> >                     On 16/04/2019 18:52, Daniel Hardman wrote:
>> >                      > Right. This is why Sovrin went down the road of
>> >                     testing revocation with
>> >                      > a cryptographic accumulator instead of a
>> >                     conversation back to the issuer.
>> >                      >
>> >                      > On Tue, Apr 16, 2019 at 2:49 AM David Chadwick
>> >                     <D.W.Chadwick@kent.ac.uk
>> >                     <mailto:D.W.Chadwick@kent.ac.uk>
>> >                      > <mailto:D.W.Chadwick@kent.ac.uk
>> >                     <mailto:D.W.Chadwick@kent.ac.uk>>> wrote:
>> >                      >
>> >                      >     The current FIM
>> >                      >     model places the IdP at the centre of the
>> >                     ecosystem, which is ideal for
>> >                      >     Google tracking users and capturing data.
>> >                     VCs do not do this.
>> >                      >
>> >                      >     However, the current VC data model gives
>> >                     Google a back door for this as
>> >                      >     follows:
>> >                      >
>> >
>> >
>> >
>> > --
>> >
>> > Adrian Gropper MD
>> >
>> > PROTECT YOUR FUTURE - RESTORE Health Privacy!
>> > HELP us fight for the right to control personal health data.
>> > DONATE: https://patientprivacyrights.org/donate-3/
>>
>
>
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: https://patientprivacyrights.org/donate-3/
>
Received on Wednesday, 8 May 2019 04:06:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:49 UTC