- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 09 Sep 2014 21:18:32 -0400
- To: Kingsley Idehen <kidehen@openlinksw.com>, Credentials Community Group <public-credentials@w3.org>
Moving this discussion to Credentials Community Group, bcc Web Payments. Origin of thread is here: http://lists.w3.org/Archives/Public/public-webpayments/2014Aug/0077.html On 09/02/2014 11:25 AM, Kingsley Idehen wrote: >> The main purpose of this Web Payments work is to provide options >> for citizens, governments, and commercial enterprises. > > Yes, and Nigeria isn't a good example. In short, its ID system is > the antithesis of what I believe you are seeking. I seem to have miscommunicated my point, let me clarify. I'm not arguing that we should model anything after the Nigerian/MasterCard government ID system. You're right, Kingsley, it is the antithesis of what we want. That said, technology can only go so far, and if a government mandates that an identity solution must, for example, report back to the government whenever a passport is requested from any identity system used in the country, then there is not much we can do to prevent that from happening (other that providing solid choices for Nigerian citizens outside of their country). Our technology will be used in ways that we don't want it to be used and we have to accept that as a truth. The question is, and this is a philosophical one (and should probably not be discussed on this mailing list, so I apologize in advance for bringing it up): Is it better for a non-privacy protecting government that has been put in place by its citizens to use the identity system we're creating here in a way that we don't approve of, or to build a proprietary one? I'm arguing that the former is preferable. We shouldn't make value judgements wrt. the use of a corrupted version of our technology as long as it is a citizenship that has approved of the use of that technology through a democratic means. I was just having this discussion with an Argentinian friend that thought many US citizens push against a national ID card system was strange. He said that many Argentinians don't think twice about having the government play a major role in their identity. Even looking at the differences between Hong Kong and China wrt. identity and privacy issues is illuminating. What some citizens allow, others detest. >> If some government and their banks want to track their citizens >> movements and expenditures, it would be better for them to use a >> world standard to do it (at least there are efficiencies gained / >> money not wasted there) than build something proprietary. > > They SHOULD never be surreptitiously violating the privacy of > citizens. Period! Sure, but some citizens openly push for this sort of violation of privacy. Case in point, the USA post-9/11. A government is only as good as what its citizens tolerate. My point is that we can't go in and tell a nation how they should be using our technology. What we should be doing is giving them options, and they will pick what works for them. It's a double-edged sword. None of us want our technology to be used for "evil" purposes, but even that term is highly dependent on your perspective. >> As much as it makes my skin crawl to say that, this is more or less >> the deal with the devil that the HTTP Encrypted Media Extensions >> (EME) work had do. > > I don't buy that. > > The issue is that Privacy != Secrecy. It is simply about one's > ability to calibrate one's vulnerability. In the Nigerian case, the > govt., for all the usual corrupt reasons has sold out to Master Card > and really put our citizens in a broken situation. > > Please note, for most of Nigeria's history, military oppression and > dictatorships have been the norm. And when the military aren't doing > it you have a corrupt civilian governments doing much of the same, > albeit in different ways. Yes, and in the Nigerian government case, I'm completely in agreement with you. This decision was most likely not made or supported by the citizens. >> For those governments/corporation initiatives, they should be able >> to use the same set of standards as the non-privacy protecting >> governments. I think we'll be more successful enabling choice >> rather than mandating solutions based on our particular idealism. > > Privacy is a non negotiable idealism. Please, don't take your > privacy lightly, many before us expended blood to get us where we are > today. We should never ever forget this fact of human history. Let's > not make the Web our nightmare!! I don't think those of us that are committed to this work take our privacy lightly. Saying that privacy is a non-negotiable idealism is going a bit too far, it is for some of us (myself included). Some don't value their privacy, some do. We should provide options for both, and in the case of Identity Credentials, the option that we provide is with the identity provider you choose (do you choose your government, a private off-shore corporation, or one that you run?). >> If we are successful, the US, EU, Nigeria, China, Hong Kong, and >> Singapore would use the same base financial Web standards with >> differing values on the privacy/tracking/market-based dials. > > I wish, but it really isn't going to be that straight forward. What > the W3C MUST do is devise open standards that do not compromise the > privacy of Web users. Anything less defeats its mission. I agree with the end goal, I just think that there is a ton of money out there trying to make the opposite happen. We plug one hole and 10 more open up. I don't mean to sound defeatist, quite the contrary, we should strive to create the best, privacy protecting identity and payment system out there. We have the right people involved to make it happen, but that doesn't mean that corporations and governments that are obsessed about defeating the privacy-protecting measures we create won't find a way around what we're doing here. Safeguarding privacy, just like security, is a constant struggle. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Wednesday, 10 September 2014 01:19:05 UTC