- From: Adrian Gropper <agropper@healthurl.com>
- Date: Wed, 23 Mar 2022 17:02:18 -0400
- To: "John, Anil" <anil.john@hq.dhs.gov>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8i5Z_F32cmfXC-_sEgHcUr3_dKfmTC6NgJqrCDq7tu7Eg@mail.gmail.com>
<inline> On Wed, Mar 23, 2022 at 1:14 PM John, Anil <anil.john@hq.dhs.gov> wrote: > > How do we avoid coercion? > > > > What is the current approach to avoiding coercion when it comes to the use > of physical credentials? > Physical credentials are self-contained and, when they include biometrics or the ability to link to a biometric registry, physical credentials do not depend on a chain-of-custody design. Nobody specifies how my driver's license should be handled. I can have multiple passports and choose which one to show at the border without the potential coercion of a certified wallet or wallets. > > > > Another issue involves the temptation to use strong credentials for > trivial transactions. > > > > What is the current approach to avoid the use of strong physical > credentials for trivial transactions? > There are good reasons why CDC vaccine cards are weak credentials. Apologies, but I've lost track of the reference, but getting more people vaccinated is more important than preventing the fraud. For example, at a busy concert entry a few months ago, I was asked to show my biometric strong physical credential along with my weak CDC vaccine card. I asked the bouncer why he picked me. He said they check about one in ten and did not describe any profiling. > > > The point of my questions to your questions is very simple – I acknowledge > that the problem exists, but also that the problem is not specific to > digital credentials. > The problem unique to digital credentials comes the ease with which strong credentials can be abused in trivial situations where the verifier cannot be trusted by the subject to not misuse the credential. The bouncer at the bar does not have a chance to save my license info the way a car license plate reader can. The license plate reader can also combine all sorts of other information such as location and my face without my knowledge or consent, store these forever, and sell access. The individual components are physical credentials and relatively weak. Their combination and digitization is incredibly coercive and difficult to regulate. My lack of control is a form of coercion. But it gets worse. Our work to create standard data models for the digital credentials makes the problem orders of magnitude worse. I call this Ambient Surveillance. https://github.com/w3c/did-use-cases/issues/113 > > > As such, any solutions to both questions will not necessarily have a > technical answer. > With all due respect, necessarily, we will only get mitigation of the coercive aspects of our work if we document the problems and the technical mitigations that we apply. Right now, it is my observation that this issue is considered out of scope for CCG and probably by W3C as a whole. Adrian >
Received on Wednesday, 23 March 2022 21:02:41 UTC