- From: Adrian Gropper <agropper@healthurl.com>
- Date: Sun, 25 Jun 2023 09:20:06 -0400
- To: "Deventer, M.O. (Oskar) van" <oskar.vandeventer@tno.nl>
- Cc: "Henderson, Isaac" <Isaac-Henderson.Johnson-Jeyakumar@iao.fraunhofer.de>, "Sporny, Manu" <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8is9_q8uVD8qaXoi5MfYtfDMjPgifHHsViKfSOeDiuB0w@mail.gmail.com>
“Papers, please.” can be requested by any verifier once it’s understood that most everyone has a useful credential. Merchants ask for my license to issue a merchandise refund. Verifiable Verifiers would need to be constrained by regulation the way we eventually regulated out trivial uses of Social Security Numbers in the US. Neither of these mitigations for digital credentials is being considered in the US context. Biometric laws may be in the works but would they be extended to prevent presentation requests by a “certified” wallet? Verified Verifiers are a regulatory and legal issue that W3C is i’ll posed to anticipate. I would have more faith in ISO in that domain. Adrian On Sun, Jun 25, 2023 at 9:00 AM Deventer, M.O. (Oskar) van < oskar.vandeventer@tno.nl> wrote: > Hi Adrian, > > > > You are definitely not alone in your fears for VCs as repressive “dual-use > technology”. Ample of essays have been written about this (e.g. > https://www.tno.nl/en/newsroom/insights/2020/10/verify-verifier-anti-coercion-design/, > > https://blog.xot.nl/2022/01/31/civil-liberties-aspects-of-the-european-digital-identity-framework/index.html, > https://wiki.trustoverip.org/display/HOME/SSI+Harms+%28BGBU%29+Task+Force), > and the issue has been discussed in European Parliament in the context of > the European Digital Identity (EUDI) wallet. > > > > A necessary (although not sufficient) requirement is non-repudiable > verifier authentication/authorization. Key word is “verifiable verifiers”, > see > https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/verifiable-issuers-and-verifiers.md. > This work has been brought as proposed work item > <https://lists.w3.org/Archives/Public/public-credentials/2022Dec/0105.html> > into W3C-CCG by Manu Sporny and Isaac Henderson. Let’s put more energy into > that work item! > > > > Like you, I strongly believe that “self-sovereign citizens” need > technology-supported protection against coercive “800-pound gorillas”. > > > > Oskar > > > > > > *From:* Adrian Gropper <agropper@healthurl.com> > *Sent:* zaterdag 24 juni 2023 04:54 > *To:* Brent Zundel <Brent.Zundel@gendigital.com> > *Cc:* Kyle Den Hartog <kyle@pryvit.tech>; W3C Credentials Community Group > <public-credentials@w3.org> > *Subject:* Re: [EXT] Could Jevons Paradox take digital credentials in the > wrong direction? > > > > I have written specifically about this issue for about three years and > have been firmly asked by various chairs and others to desist. > > > > In particular, I have argued that VCs are a dual use technology and we > need to recognize and actively discuss the harmful consequence of > standardizing digital credentials. The potential harm comes from > vastly more efficient surveillance and the burden of asking subjects to > spend more time and know-how to exercise finer grained consent. > > > > On the flip side, we have few if any legal limits on surveillance > (especially in the US) and we have ample evidence that people will grant > vast power over data use to platform operators in return for subsidized > services and convenience. > > > > Sadly, I've pretty much given up on W3C WGs taking any of this seriously. > > > > Adrian > > > > On Fri, Jun 23, 2023 at 6:58 PM Brent Zundel <Brent.Zundel@gendigital.com> > wrote: > > Kyle, > > > > the concerns you raise contributed directly to the formation of the (now > unfortunately completely dormant) Generative Identity effort: > https://generative-identity.org/ > > > > I also used to have regular chats with Nathan George at Sovrin on the > topic of “How do we avoid contributing directly to a dystopian nightmare > future, and even avoid one if possible?” > > > > All that to say, I’d love to talk more about the potential negative impact > of our technologies on the human lives most of us are actively trying to > improve. > > > > > > *From:* Kyle Den Hartog <kyle@pryvit.tech> > *Sent:* Friday, June 23, 2023 3:27 PM > *To:* W3C Credentials Community Group <public-credentials@w3.org> > *Subject:* [EXT] Could Jevons Paradox take digital credentials in the > wrong direction? > > > > I’ve been thinking of expanding on my thoughts laid out in this issue[1] > about the potential harmful impact our work may lead to on the web. I know > traditionally the answer to this has been governance frameworks, but I’m > concerned that some governments and later the market due to Jevons > Paradox[2] are actually taking this technology in the wrong direction which > could lead to harmful effects. Particularly as more and more credentials > become available. Is this a view that concerns others within this community > and is there something we believe that should be done here or do others > think this work is justified and a net gain overall? I’d love to get more > people weighing in on that issue given this community’s involvement in the > credentials space. Where do you all land in this topic? > > > > [1]: https://github.com/WICG/mobile-document-request-api/issues/6 > > [2]: https://en.wikipedia.org/wiki/Jevons_paradox > > > > > > This message may contain information that is not intended for you. If you > are not the addressee or if this message was sent to you by mistake, you > are requested to inform the sender and delete the message. TNO accepts no > liability for the content of this e-mail, for the manner in which you use > it and for damage of any kind resulting from the risks inherent to the > electronic transmission of messages. > >
Received on Sunday, 25 June 2023 13:20:24 UTC