RE: Could Jevons Paradox take digital credentials in the wrong direction?

Hi Adrian,

You are definitely not alone in your fears for VCs as repressive “dual-use technology”. Ample of essays have been written about this (e.g. https://www.tno.nl/en/newsroom/insights/2020/10/verify-verifier-anti-coercion-design/, https://blog.xot.nl/2022/01/31/civil-liberties-aspects-of-the-european-digital-identity-framework/index.html, https://wiki.trustoverip.org/display/HOME/SSI+Harms+%28BGBU%29+Task+Force), and the issue has been discussed in European Parliament in the context of the European Digital Identity (EUDI) wallet.

A necessary (although not sufficient) requirement is non-repudiable verifier authentication/authorization. Key word is “verifiable verifiers”, see https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/verifiable-issuers-and-verifiers.md. This work has been brought as proposed work item<https://lists.w3.org/Archives/Public/public-credentials/2022Dec/0105.html> into W3C-CCG by Manu Sporny and Isaac Henderson. Let’s put more energy into that work item!

Like you, I strongly believe that “self-sovereign citizens” need technology-supported protection against coercive “800-pound gorillas”.

Oskar


From: Adrian Gropper <agropper@healthurl.com>
Sent: zaterdag 24 juni 2023 04:54
To: Brent Zundel <Brent.Zundel@gendigital.com>
Cc: Kyle Den Hartog <kyle@pryvit.tech>; W3C Credentials Community Group <public-credentials@w3.org>
Subject: Re: [EXT] Could Jevons Paradox take digital credentials in the wrong direction?

I have written specifically about this issue for about three years and have been firmly asked by various chairs and others to desist.

In particular, I have argued that VCs are a dual use technology and we need to recognize and actively discuss the harmful consequence of standardizing digital credentials. The potential harm comes from vastly more efficient surveillance and the burden of asking subjects to spend more time and know-how to exercise finer grained consent.

On the flip side, we have few if any legal limits on surveillance (especially in the US) and we have ample evidence that people will grant vast power over data use to platform operators in return for subsidized services and convenience.

Sadly, I've pretty much given up on W3C WGs taking any of this seriously.

Adrian

On Fri, Jun 23, 2023 at 6:58 PM Brent Zundel <Brent.Zundel@gendigital.com<mailto:Brent.Zundel@gendigital.com>> wrote:
Kyle,

the concerns you raise contributed directly to the formation of the (now unfortunately completely dormant) Generative Identity effort: https://generative-identity.org/


I also used to have regular chats with Nathan George at Sovrin on the topic of “How do we avoid contributing directly to a dystopian nightmare future, and even avoid one if possible?”

All that to say, I’d love to talk more about the potential negative impact of our technologies on the human lives most of us are actively trying to improve.


From: Kyle Den Hartog <kyle@pryvit.tech<mailto:kyle@pryvit.tech>>
Sent: Friday, June 23, 2023 3:27 PM
To: W3C Credentials Community Group <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: [EXT] Could Jevons Paradox take digital credentials in the wrong direction?

I’ve been thinking of expanding on my thoughts laid out in this issue[1] about the potential harmful impact our work may lead to on the web. I know traditionally the answer to this has been governance frameworks, but I’m concerned that some governments and later the market due to Jevons Paradox[2] are actually taking this technology in the wrong direction which could lead to harmful effects. Particularly as more and more credentials become available. Is this a view that concerns others within this community and is there something we believe that should be done here or do others think this work is justified and a net gain overall? I’d love to get more people weighing in on that issue given this community’s involvement in the credentials space. Where do you all land in this topic?

[1]: https://github.com/WICG/mobile-document-request-api/issues/6

[2]: https://en.wikipedia.org/wiki/Jevons_paradox


This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.