- From: Joe Andrieu <joe@legreq.com>
- Date: Fri, 27 Mar 2020 14:02:28 -0700
- To: "Credentials Community Group" <public-credentials@w3.org>
- Message-Id: <beb39cf1-1ff5-407c-af00-5e2139599d3d@www.fastmail.com>
On Fri, Mar 27, 2020, at 1:44 PM, Anders Rundgren wrote: > If centralized registers is not an option, how do you envision that taxation is to be carried out? GREAT question. What is needed for things like taxation are unique identifiers that can correlate taxable activities with tax payments. You can design such systems in ways that better protect the privacy of tax payers: 1. Stop (even outlaw) using tax identifiers for non-tax activites (like credit) 2. Separate the identifying records associated with such identifiers, both from each other (they don't need to all be in once place) and from the identifier system. DO NOT store it all in a big single database. 3. Encrypt the link between identifying records and identifiers and require a court order before allowing anyone to get that link decrypted, to enable due process and the rule of law. 4. Separate within the operational system, with a series of circuit breakers so that production systems can only get access to the identifying records with multiple independent actors performing a mutual approval. Treat these keys like those that control nuclear bombs. 5. Allow a myriad of identifiers per taxpayer (tie the legal use of the identifier to payment, not to the person), to defend against service providers who might need to know a given tax identifier. Bring your own ID, using cryptography to proof control of identifiers (DIDs). 6. NEVER associate any identifiers with anyone's age, ethnicity, health, religion, gender, health or any other information that might be used in a manner that could violate their civil or human rights. 7. Limit access, even with crypto keys, to relatively small subsets of the data, so any given compromise can only discover a small set. Set size will directly related to complexity of key management, but isolation reduces the risk of mass abuse of the records. There are other schemes and even this one could be adjusted to meet particular legal requirements, all without a central database that let's the next round of Nazis to round up all of any class of people. -j -- Joe Andrieu, PMP joe@legreq.com LEGENDARY REQUIREMENTS +1(805)705-8651 Do what matters. http://legreq.com <http://www.legendaryrequirements.com/>
Received on Friday, 27 March 2020 21:03:03 UTC