Re: "Apple launches the first driver’s license and state ID in Wallet with Arizona” from Oliver Terbu on 2022-03-24 (public-credentials@w3.org from March 2022)

From: Oliver Terbu <o.terbu@gmail.com>
Date: Thu, 24 Mar 2022 09:09:42 +0100
To: Heather Vescent <heathervescent@gmail.com>
Cc: Credentials Community Group <public-credentials@w3.org>, Kaliya Identity Woman <kaliya@identitywoman.net>, Kim Hamilton <kimdhamilton@gmail.com>, Liam McCarty <liam@unumid.co>
Message-ID: <CAJdc_Gkcp0CKQ3EvZR+kmrm8pQ-Dpr2wdZtreuYXK_m-1HwUPw@mail.gmail.com>

Regarding provisioning, other ISO WG are working on that as well:
https://www.iso.org/standard/79125.html (ISO 23220-3). So, I don't think
re-inventing a spec makes sense.


On Thu, 24 Mar 2022 at 05:24, Heather Vescent <heathervescent@gmail.com>
wrote:

> A few months ago, I wrote a balanced (IMO) piece about the situation:
> https://www.biometricupdate.com/202201/apples-promised-mobile-drivers-license-and-the-fear-of-vendor-lock-in
>
> Also +100 to Andrew's comment.
> (Andrew, shall we pick up the CCG-ISO liaison ball again?)
> And bonus points to anyone who has read the ISO spec and understands
> what's covered and what's still undefined. Fun reading!
> Or participated in the mDL conversations a few months ago & the list
> conversations.
>
> Also, who is down to have a conversation about provisioning? Or shall we
> re-invent provisioning?? I know how fun it is to re-invent something just
> because it's been a few years or a decade since it was invented in some
> other community.
>
> -Heather "culture eats the technologically superior solution for
> breakfast" Vescent
>
> On Wed, Mar 23, 2022 at 8:40 PM Kim Hamilton <kimdhamilton@gmail.com>
> wrote:
>
>> Other articles describing the risks of this rollout:
>>
>>    - https://www.wired.com/story/apple-wallet-drivers-license-digital-id/
>>    -
>>    https://fintechbusinessweekly.substack.com/p/what-apples-secret-dmv-contracts?s=r
>>
>> Hoo boy
>>
>> On Wed, Mar 23, 2022 at 8:03 PM Kaliya Identity Woman <
>> kaliya@identitywoman.net> wrote:
>>
>>> Yep
>>>
>>> Sent from my iPhone
>>>
>>> On Mar 23, 2022, at 7:32 PM, Liam McCarty <liam@unumid.co> wrote:
>>>
>>> 
>>> *From Apple Newsroom: "Apple launches the first driver’s license and
>>> state ID in Wallet with Arizona”
>>> <https://www.apple.com/newsroom/2022/03/apple-launches-the-first-drivers-license-and-state-id-in-wallet-with-arizona/>*
>>> "Additional states to follow, including Colorado, Hawaii, Mississippi,
>>> Ohio, and the territory of Puerto Rico"
>>>
>>> It’s sad and frustrating that this isn’t based on verifiable
>>> credentials… it appears vendor lock in is going to be hard to prevent.
>>>
>>> For anyone who missed the November coverage about this, here’s a pretty
>>> outrageous CNBC article: "Apple is sticking taxpayers with part of the
>>> bill for rollout of tech giant's digital ID card”
>>> <https://www.cnbc.com/2021/11/14/apple-sticking-taxpayers-with-part-of-the-bill-for-digital-id-rollout.html>.
>>> Some choice quotes:
>>>
>>>    - *Apple has “sole discretion” for key aspects of the program,
>>>    including what types of devices will be compatible with the digital IDs,
>>>    how states are required to report on the performance of the effort, and
>>>    when the program is launched, according to the documents. Apple even gets
>>>    to review and approve the marketing that states are required to do.*
>>>    - *The dynamic is similar to the way Apple typically deals with
>>>    vendors, although instead of getting paid by Apple, the states have to
>>>    shoulder the financial burden of administering the programs*
>>>    - *All these efforts are paid for by states. The contract says that
>>>    “except as otherwise agreed upon between the Parties, neither Party shall
>>>    owe the other Party any fees under this Agreement.”*
>>>    - *The agreements are also notable for what is missing, in terms of
>>>    constraints or guard rails on how Apple can use the powerful capability of
>>>    identity verification, according to Mikula. That raises questions about
>>>    whether the company can restrict access to the new capability for
>>>    competitors’ products.*
>>>
>>>
>>> This strikes me as the exact opposite of what we in this community are
>>> trying to achieve. Do others agree? What, if anything, can we do about this?
>>>
>>> *Liam McCarty*
>>> CEO, Founder of Unum ID <https://www.unumid.co/>
>>> Forbes 30 Under 30 ||| Stanford Physics
>>> www.LiamHaleMcCarty.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
> --
> Heather Vescent <http://www.heathervescent.com/>
> Co-Chair, Credentials Community Group @W3C
> <https://www.w3.org/community/credentials/>
> President, The Purple Tornado, Inc <https://thepurpletornado.com/>
> Author, The Secret of Spies <https://amzn.to/2GfJpXH>
> Author, The Cyber Attack Survival Manual
> <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/>
> Author, A Comprehensive Guide to Self Sovereign Identity
> <https://ssiscoop.com/>
>
> @heathervescent <https://twitter.com/heathervescent> | Film Futures
> <https://vimeo.com/heathervescent> | Medium
> <https://medium.com/@heathervescent/> | LinkedIn
> <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates
> <https://app.convertkit.com/landing_pages/325779/>
>

Received on Thursday, 24 March 2022 08:11:07 UTC