- From: =Drummond Reed <drummond.reed@evernym.com>
- Date: Fri, 27 Mar 2020 15:09:22 -0700
- To: Joe Andrieu <joe@legreq.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAAjunnZy6ntH+KZRu5scSAs5vJT8r-aiarro=Smkq9rs50SPzg@mail.gmail.com>
Joe, beautiful list. As is often the case with your insights, I'd love for you to publish this as a blog post that could be widely referenced when this same question comes up: how can we prevent this from happening again? =Drummond On Fri, Mar 27, 2020 at 2:04 PM Joe Andrieu <joe@legreq.com> wrote: > > > On Fri, Mar 27, 2020, at 1:44 PM, Anders Rundgren wrote: > > If centralized registers is not an option, how do you envision that > taxation is to be carried out? > > > GREAT question. > > What is needed for things like taxation are unique identifiers that can > correlate taxable activities with tax payments. > > You can design such systems in ways that better protect the privacy of tax > payers: > > 1. Stop (even outlaw) using tax identifiers for non-tax activites (like > credit) > > 2. Separate the identifying records associated with such identifiers, both > from each other (they don't need to all be in once place) and from the > identifier system. DO NOT store it all in a big single database. > > 3. Encrypt the link between identifying records and identifiers and > require a court order before allowing anyone to get that link decrypted, to > enable due process and the rule of law. > > 4. Separate within the operational system, with a series of circuit > breakers so that production systems can only get access to the identifying > records with multiple independent actors performing a mutual approval. > Treat these keys like those that control nuclear bombs. > > 5. Allow a myriad of identifiers per taxpayer (tie the legal use of the > identifier to payment, not to the person), to defend against service > providers who might need to know a given tax identifier. Bring your own ID, > using cryptography to proof control of identifiers (DIDs). > > 6. NEVER associate any identifiers with anyone's age, ethnicity, health, > religion, gender, health or any other information that might be used in a > manner that could violate their civil or human rights. > > 7. Limit access, even with crypto keys, to relatively small subsets of the > data, so any given compromise can only discover a small set. Set size will > directly related to complexity of key management, but isolation reduces the > risk of mass abuse of the records. > > There are other schemes and even this one could be adjusted to meet > particular legal requirements, all without a central database that let's > the next round of Nazis to round up all of any class of people. > > -j > > -- > Joe Andrieu, PMP > joe@legreq.com > LEGENDARY REQUIREMENTS > +1(805)705-8651 > Do what matters. > http://legreq.com <http://www.legendaryrequirements.com> > > >
Received on Friday, 27 March 2020 22:09:48 UTC