- From: Daniel Hardman <daniel.hardman@evernym.com>
- Date: Sat, 28 Mar 2020 12:11:45 -0600
- To: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAFBYrUoEwAWtzJkhqAoYA1tOoMKrg7VxciNvOKKU1d91FHnQQg@mail.gmail.com>
Perhaps this is a case where verifiable encryption + escrow is appropriate? Alice encrypts some useful PII (e.g., phone number, name, address, etc). She deposits the decryption key for this encrypted data with an escrow service. In each interaction, she gives an encrypted copy of the data to the other party or parties. (This giving-of-encrypted data could happen via gossip over bluetooth, via link to cell phone geodata, etc.) If, somewhere in the interaction chain, someone learns that Alice may have been exposed, or may have been a carrier of infection, they go to the escrow service and make a formal request for Alice's contact info to be unlocked. The "verifiable" in "verifiable encryption" means that Alice's data can have provable attributes, both at the time it's given to the escrow service and at the time it's given to other parties -- even though the value of the attributes is not known. Of course, this requires an escrow service to be trusted, and that's a risk worth pondering. However, the escrow service isn't accumulating a record of Alice's interactions -- the only piece of data it knows is her decryption key. And its release of such a key could be audited and surrounded with safeguards.
Received on Saturday, 28 March 2020 18:12:11 UTC