Re: [EXT] Re: Could Jevons Paradox take digital credentials in the wrong direction? from Drummond Reed on 2023-06-25 (public-credentials@w3.org from June 2023)

From: Drummond Reed <Drummond.Reed@gendigital.com>
Date: Sun, 25 Jun 2023 21:59:58 +0000
To: Anders Rundgren <anders.rundgren.net@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <DM6PR13MB31315BE6FCB2489CB920D4139D21A@DM6PR13MB3131.namprd13.prod.outlook.com>

First, I want to underscore Anders point that mobile phone numbers, followed by email addresses, have already become the must ubiquitous “tracking cookies” in human history. What’s worse is that there’s nothing we can do to prevent it, because the communications networks for which those addresses were designed to give us—the addressees—nearly zero control over the use of those addresses.

We have the power to change that with verifiable credentials—to start to assert addresses over which we DO have control—both control over tracking (by using non-correlate-able identifiers) and control usage (by using digital watermarking of our data and personal agents to block unauthorized usage).

Second, while I certainly welcome verify-the-verifier regulations, I disagree they are the only solution to prevent “papers please”. I believe non-implementers are not considering the public availability of verifiable presentation requests (the technical name for when a verifier asks a holder to present a proof of some data). In short, if a verifier is overreaching in a verifiable presentation request, any holder in the world encountering such a request will be able to expose it to the world (including regulators).

I believe this is going to create greater public and regulatory pressure towards data minimization, not the opposite. I can attest that 100% of the verifiable credential ecosystems that Gen is currently working on developing with our customers are keenly aware of this and are being very carefully designed for data minimization (in fact some of our customers are thrilled that they will not need to collect as much personal data as it is steadily becoming as much of a liability as an asset).

Net net: short of repressive regimes which can already dictate “papers please” (which we can’t do anything about), in the rest of the free world the adoption of digital wallet and credentials has greater potential to increase privacy and user control than to harm it.

=Drummond

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sunday, June 25, 2023 at 6:43 AM
To: W3C Credentials Community Group <public-credentials@w3.org>
Subject: [EXT] Re: Could Jevons Paradox take digital credentials in the wrong direction?
The #1 privacy issue remains unaddressed: the ubiquitous use of mobile phone numbers and e-mail addresses effectively constitute of a GLOBAL "SSN" registry.

Anders

Received on Sunday, 25 June 2023 22:00:12 UTC