RE: Could Jevons Paradox take digital credentials in the wrong direction?

Standardisation’s role, whether W3C or ISO, is limited to technological solutions. Neither W3C nor ISO develop regulations or laws.

My point is that politicians can only make laws that require e.g. verifiable-verifier technologies if
1) these technologies exist, i.e. beyond some papers and proposed work item, and
2) politicians know that they exist, i.e. doing some lobbying.

W3C-CCG is perfectly positioned to specify the technology needed for verifiable verifiers, and we already have this first draft from RWOT. I am not aware of any ISO activity related to the “papers, please” issue.

Oskar


From: Adrian Gropper <agropper@healthurl.com>
Sent: zondag 25 juni 2023 15:20
To: Deventer, M.O. (Oskar) van <oskar.vandeventer@tno.nl>
Cc: Henderson, Isaac <Isaac-Henderson.Johnson-Jeyakumar@iao.fraunhofer.de>; Sporny, Manu <msporny@digitalbazaar.com>; W3C Credentials Community Group <public-credentials@w3.org>
Subject: Re: Could Jevons Paradox take digital credentials in the wrong direction?

“Papers, please.” can be requested by any verifier once it’s understood that most everyone has a useful credential. Merchants ask for my license to issue a merchandise refund. Verifiable Verifiers would need to be constrained by regulation the way we eventually regulated out trivial uses of Social Security Numbers in the US.

Neither of these mitigations for digital credentials is being considered in the US context. Biometric laws may be in the works but would they be extended to prevent presentation requests by a “certified” wallet?

Verified Verifiers are a regulatory and legal issue that W3C is i’ll posed to anticipate. I would have more faith in ISO in that domain.

Adrian

On Sun, Jun 25, 2023 at 9:00 AM Deventer, M.O. (Oskar) van <oskar.vandeventer@tno.nl<mailto:oskar.vandeventer@tno.nl>> wrote:
Hi Adrian,

You are definitely not alone in your fears for VCs as repressive “dual-use technology”. Ample of essays have been written about this (e.g. https://www.tno.nl/en/newsroom/insights/2020/10/verify-verifier-anti-coercion-design/, https://blog.xot.nl/2022/01/31/civil-liberties-aspects-of-the-european-digital-identity-framework/index.html, https://wiki.trustoverip.org/display/HOME/SSI+Harms+%28BGBU%29+Task+Force), and the issue has been discussed in European Parliament in the context of the European Digital Identity (EUDI) wallet.

A necessary (although not sufficient) requirement is non-repudiable verifier authentication/authorization. Key word is “verifiable verifiers”, see https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/verifiable-issuers-and-verifiers.md. This work has been brought as proposed work item<https://lists.w3.org/Archives/Public/public-credentials/2022Dec/0105.html> into W3C-CCG by Manu Sporny and Isaac Henderson. Let’s put more energy into that work item!

Like you, I strongly believe that “self-sovereign citizens” need technology-supported protection against coercive “800-pound gorillas”.

Oskar


From: Adrian Gropper <agropper@healthurl.com<mailto:agropper@healthurl.com>>
Sent: zaterdag 24 juni 2023 04:54
To: Brent Zundel <Brent.Zundel@gendigital.com<mailto:Brent.Zundel@gendigital.com>>
Cc: Kyle Den Hartog <kyle@pryvit.tech<mailto:kyle@pryvit.tech>>; W3C Credentials Community Group <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: [EXT] Could Jevons Paradox take digital credentials in the wrong direction?

I have written specifically about this issue for about three years and have been firmly asked by various chairs and others to desist.

In particular, I have argued that VCs are a dual use technology and we need to recognize and actively discuss the harmful consequence of standardizing digital credentials. The potential harm comes from vastly more efficient surveillance and the burden of asking subjects to spend more time and know-how to exercise finer grained consent.

On the flip side, we have few if any legal limits on surveillance (especially in the US) and we have ample evidence that people will grant vast power over data use to platform operators in return for subsidized services and convenience.

Sadly, I've pretty much given up on W3C WGs taking any of this seriously.

Adrian

On Fri, Jun 23, 2023 at 6:58 PM Brent Zundel <Brent.Zundel@gendigital.com<mailto:Brent.Zundel@gendigital.com>> wrote:
Kyle,

the concerns you raise contributed directly to the formation of the (now unfortunately completely dormant) Generative Identity effort: https://generative-identity.org/


I also used to have regular chats with Nathan George at Sovrin on the topic of “How do we avoid contributing directly to a dystopian nightmare future, and even avoid one if possible?”

All that to say, I’d love to talk more about the potential negative impact of our technologies on the human lives most of us are actively trying to improve.


From: Kyle Den Hartog <kyle@pryvit.tech<mailto:kyle@pryvit.tech>>
Sent: Friday, June 23, 2023 3:27 PM
To: W3C Credentials Community Group <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: [EXT] Could Jevons Paradox take digital credentials in the wrong direction?

I’ve been thinking of expanding on my thoughts laid out in this issue[1] about the potential harmful impact our work may lead to on the web. I know traditionally the answer to this has been governance frameworks, but I’m concerned that some governments and later the market due to Jevons Paradox[2] are actually taking this technology in the wrong direction which could lead to harmful effects. Particularly as more and more credentials become available. Is this a view that concerns others within this community and is there something we believe that should be done here or do others think this work is justified and a net gain overall? I’d love to get more people weighing in on that issue given this community’s involvement in the credentials space. Where do you all land in this topic?

[1]: https://github.com/WICG/mobile-document-request-api/issues/6

[2]: https://en.wikipedia.org/wiki/Jevons_paradox



This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.

Received on Sunday, 25 June 2023 13:35:09 UTC