RE: Verifiable Barcodes

• From: Phil Archer <phil.archer@gs1.org>
• Date: Thu, 30 May 2024 08:54:09 +0000
• To: Luis Meijueiro <luis.meijueiro@w3.org>, Manu Sporny <msporny@digitalbazaar.com>
• CC: W3C Credentials CG <public-credentials@w3.org>
• Message-ID: <CO6PR08MB7785C133531F13E69EB91E39B7F32@CO6PR08MB7785.namprd08.prod.outlook.com>

I have made a comment in the GH issue explaining that, whilst the work is very interesting and has clear merit and use cases, the "Verifiable Barcodes" title is misleading and inaccurate. I hope it can be renamed to something a lot closer to what it is, which is encoding VCs in a barcode. Not the same thing at all.

Phil

---

Phil Archer
Web Solutions Director, GS1
https://www.gs1.org


https://philarcher.org

+44 (0)7887 767755
@philarcher1

-----Original Message-----
From: Luis Meijueiro <luis.meijueiro@w3.org>
Sent: Thursday, May 30, 2024 7:53 AM
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
Subject: Re: Verifiable Barcodes

Dear Manu and all,

I find it an interesting piece of work, but one that is done little favours by sensationalist FUD-style statements in the vein of  ‘The result of the lack of barcode security has resulted in a large global market for fraudulent documents, which are then used to open fraudulent lines of credit that fund illicit activity or purchase alcohol for underage individuals". That reminds me a lot of saying that blockchain is a flawed technology, because it is used in bitcoin, which in itself is used to buy drugs, weapons and money laundering (as if most money laundering was not based on fiat currency).

I encourage toning down the argumentative discourse a notch or two. IMHO no single technology is guilty of anything, specially taken out of the context of interaction with other technological and human mechanisms of control in which it is being applied.

Otherwise I support the research.

Cheers,

Luis MEIJUEIRO
luis.meijueiro@w3.org





CTIC Centro Tecnológico
C/ Ada Byron, 39  | 33203 Gijón  |  Asturias  |  España (Spain)
Ph: (+34) 984 291 212  Ext. 810


        El 30 may 2024, a las 0:04, Manu Sporny <msporny@digitalbazaar.com> escribió:

        This is a new work item proposal for the W3C Credentials Community
        Group called "Verifiable Barcodes".

        During last week's DHS Demo Week, it was announced that this
        technology is being integrated into the physical California Driver's
        License (27 million+ people) as well as various U.S. federally issued
        identification documents (14 million+ people) such as the U.S.
        Citizenship and Immigration Services' Permanent Resident Cards,
        Employment Authorization Documents, and Citizenship Certificates. It
        is built on W3C Verifiable Credentials and W3C Data Integrity.

        Please see the proposal here and provide input if you'd like:

        https://github.com/w3c-ccg/community/issues/248


        We are seeking additional Editors for the work item before it is
        adopted by the Credentials Community Group. If you are interested,
        please let us know via the mailing list or the issue tracker link
        (above).

        ## Link to Abstract

        https://digitalbazaar.github.io/verifiable-barcodes/#abstract


        This specification describes a mechanism to protect legacy optical
        barcodes, such as those found on driver's licenses (PDF417) and travel
        documents (MRZ), using W3C Verifiable Credentials. The Verifiable
        Credential representations are compact enough such that they fit in
        under 150 bytes and can thus be integrated with traditional
        two-dimensional barcodes that are printed on physical cards, or paper,
        using legacy printing processes.

        ## List Owners

        * @wes-smith @msporny @dlongley

        ## Work Item Questions



                1. Explain what you are trying to do using no jargon or acronyms.



        We are securing the 2D barcodes found on physical documents such as
        Driver's Licenses, employment authorization documents, and permanent
        resident cards using W3C Verifiable Credential technology.



                2. How is it done today, and what are the limits of the current practice?



        Most 2D barcodes found on physical documents today, such as driver's
        licenses, are not secured using cryptography. This means that anyone
        can generate a fraudulent barcode using commonly available technology
        and no mechanism exists to verify the data encoded on most
        identification documents.

        The result of the lack of barcode security has resulted in a large
        global market for fraudulent documents, which are then used to open
        fraudulent lines of credit that fund illicit activity or purchase
        alcohol for underage individuals. In the United States, over [32% of
        college-aged individuals own a fake
        ID](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2711502/) for the
        purposes of buying alcohol resulting in 24% of all underage deaths
        between the ages of 15-20.



                3. What is new in your approach and why do you think it will be successful?



        We secure the 2D barcode with a digital signature that can be verified
        using a commodity smartphone or other broadly available hardware and
        software. This enables fake documents to be identified far more easily
        than what is possible today.



                5. How are you involving participants from multiple skill sets and global locations in this work item? (Skill sets: technical, design, product, marketing, anthropological, and UX. Global locations: the Americas, APAC, Europe, Middle East.)



        We have involved the retail industry, as well as federal and state
        governments in the work. This includes policy analysis, technical
        analysis, privacy analysis, and accessibility analysis. We continue to
        seek engagement in these areas by making this a W3C CCG work item,
        which has many people, across many industries and countries, involved
        in the vetting of the work items. We do also plan to take this
        standards track to ensure further analysis before the technology
        becomes broadly available to global society.



                6. What actions are you taking to make this work item accessible to a non-technical audience?



        We are providing websites that individuals can use to try out the
        technology and provide feedback. We are presenting the work at
        in-person conferences and teleconferences.

        We'll send a separate email with demo instructions such that anyone on
        the mailing list can take this new technology for a spin.

        If you have any questions on this work item, we'd be happy to answer them. :)

        -- manu

        --
        Manu Sporny - https://www.linkedin.com/in/manusporny/

        Founder/CEO - Digital Bazaar, Inc.
        https://www.digitalbazaar.com/


CONFIDENTIALITY / DISCLAIMER: The contents of this e-mail are  confidential and are not to be regarded as a contractual offer or acceptance from GS1 (registered in Belgium). 
If you are not the addressee, or if this has been copied or sent to you in error, you must not use data herein for any purpose, you must delete it, and should inform the sender. 
GS1 disclaims liability for accuracy or completeness, and opinions expressed are those of the author alone. 
GS1 may monitor communications. 
Third party rights acknowledged. 
(c) 2020.

Received on Thursday, 30 May 2024 08:54:20 UTC