W3C home > Mailing lists > Public > public-credentials@w3.org > September 2021

Re: Principal Authority – new article on Wyoming law defining Digital Identity

From: Adrian Gropper <agropper@healthurl.com>
Date: Thu, 16 Sep 2021 20:30:42 -0400
Message-ID: <CANYRo8hjBU2E=0=vFj+zKokYoAjHJpTR+GhOqqSw6rUMJOnKkA@mail.gmail.com>
To: Christopher Allen <ChristopherA@lifewithalacrity.com>
Cc: Alan Karp <alanhkarp@gmail.com>, Chris Rothfuss <Chris.Rothfuss@wyoleg.gov>, Clare Sullivan <cls268@law.georgetown.edu>, Credentials Community Group <public-credentials@w3.org>, Dazza Greenwood <dazza@civics.com>, Moses Ma <moses.ma@futurelabconsulting.com>
The phrase "a showing of the efficacy of any security procedure" sends
shivers down my spine.

The unintended human rights consequences of a law as broad and
underspecified as this could be huge. Imagine how many things
(surveillance, data aggregation) are limited only by the inefficiency and
inaccuracy of legacy identity. Now, introduce a bunch of techies that make
these things orders of magnitude more "efficacious" without any obvious

I expect the counter-argument to be that efficacious security will
contribute to efficacious privacy as the mitigation. However, hope is not a
strategy and this law says nothing about either privacy or human rights.

A law like this must only be introduced in the context of privacy and human
rights, rather than security. Is this really what we had in mind as a
self-sovereign identity?

- Adrian

On Thu, Sep 16, 2021 at 7:09 PM Christopher Allen <
ChristopherA@lifewithalacrity.com> wrote:

> On Thu, Sep 16, 2021 at 3:29 PM Adrian Gropper <agropper@healthurl.com>
> wrote:
>> Three questions for Chris and our group related to real-word
>> challenges to SSI progress:
>> W1 - Is the Wyoming process concerned only about the identity and
>> authority of natural persons and, if so, does the need for "efficiency" in
>> cases where an identity is about a role or a thing introduce confusion into
>> our work products?
> At this point the Wyoming law is purely foundational, and does not define
> specific roles, rights, duties, or best practices. See the full text at
> https://wyoleg.gov/Legislation/2021/SF0039 — it is quite short.
> It also does not deal with entities that may have identifIERS BUT do not
> have any Principal Authority. However, in addition to personal digital
> identity it also defines corporate digital identity. Corporations in US
> apparent do have “personhood” sufficient that they too can have a basis for
> having the “buck stops here” root aspect of Principle Authority. This may
> not apply in other jurisdictions.
> W2 - How would the Wyoming process apply to biometrics as a component of
>> identity? See https://github.com/w3c-ccg/community/issues/211 for a few
>> specifics.
> I would say that future legislation would present that since natural
> persons have some Principal Authority over their blood, body parts, civil
> rights, image in photographs and recordings of themselves, etc for their
> physical selves, which if delegated (say a tissue sample to a hospital)
> have certain duties of care, and should benefit the natural person.
> Thus natural persons would also have similar rights over their digital
> selves, which if delegated, have certain duties of care, and should benefit
> the natural person.
> W3 - When authority over identity maps into authority over a verifiable
>> credential, would the Wyoming process deal with request and authorization
>> protocols differently as applied to the Issuer vs the Holder of the VC?
> The first key for me when looking at this is to see if a similar right
> exists in the physical world, then it should exists in the digital world.
> Like a police officer with due cause can demand your physical drivers
> license, if there emerge similar “due cause” in the digital world they can
> do so as well. However, like the real world the official has a duty of
> care, and customs & best practices of what they can, or can’t do with that
> license. It is these “Law of Custom” are what need to be defined in future
> legislation & regulation.
> — Christopher Allen
Received on Friday, 17 September 2021 00:31:08 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:22 UTC