David1d ago

RE: https://mastodon.social/@veit/116329490658171867

A new law I’d like to see in #Canada, #California, the #EU, and other #privacy jurisdictions:
• Require any entity accepting images of ID documents as proof of identity to accept instead cryptographic attestation (without identity document images) from the country or state government, designated internal jurisdictions (such as provinces), private notaries public, or private law firms, at the user’s choice.
• Require any entity requiring only proof of age, where actual identity is not strictly necessary, to accept instead ZKP-based attestation of age exceeding a given minimum (again without identity document images) from the same attestors.

Qualified government or private attestors must be required to use hardened and minimalist systems with strict network isolation and phishing-resistant hardware 2FA, and to retain only the information strictly necessary for the attestation.

A company cannot possibly disclose or leak information it never possesses.

#cdnpoli #eupol

Show threadAmgine23h ago

@deFractal

But none of these elements of data are necessary, nor do they work as claimed.

Making laws and rules which enable surveillance for no social benefit is not a good thing to do, so don't.

That's it, that's the message.

Show threadDavid23h ago

@Amgine It's better that the information not be collected in the first place. However, sometimes that can't be prevented, or at least not without adverse consequences: For example, LinkedIn is a #California corporation, and the #EU and #Canada cannot prevent its offering "verification." They could prohibit offering "verification" to citizens or residents of the EU or Canada, but that would only disadvantage those residents relative to others when, for example, applying internationally for a job.

Thus my recommendation: Require that, if you're going to let people verify their identity or age on your service, then instead of doing that internally or through a company such as "Persona Identities," you must accept attestation with no additional information from, for example, Service Canada, Service BC, Service Alberta (etc., across the country), or any suitably equipped lawyer or notary public in good standing across the country, at the user's option. LinkedIn, in this situation, still gets the guarantee that a user is who they claim to be, but the #surveillance capitalist firm to whom they currently contract that task gets nothing.

Show threadAmgine23h ago

@deFractal

But that is not why they are insisting on verification.

They are collecting id for surveillance. If you provide them attestation, then you are simply making the government itself a target.

And they have already created corporations to provide this service to governments, so they can be *paid* to engage in exactly the same surveillance.

Show threadDavid23h ago

@Amgine I get it. And they're not going to stop offering verification. So, given the possible options, requiring that, if they do, they must accept the form that doesn't provide copies of ID documents, is an improvement. If users don't want to use either, they can go without verification, but if they want to use it, they should have an option which does not disclose anything they have not already disclosed.

For example, users already disclose their name and photo on LinkedIn. Having a digital attestation from an attestor that person chooses to trust that the name and face are accurate provides no new additional reduction in the user's privacy, while eliminating the possibility of data third-party leak of identity documents. A digital attestation means "I met with this person, and their name and face matched their government-issued ID," not "I have a copy of the person's ID."

Meanwhile, as for the government being a target: they are the issuer of the ID. They already have all the data on it. Having the same entity as issued the ID also issue a cryptographic statement that the person in possession of the ID is the person it identifies adds no new disclosure (other than the fact that the physical ID card hasn't been stolen).

Show threadAmgine

@deFractal

Mmm, good point on the government already vulnerable (and compromised, imo.)

But I think refusing to play along would be more effective. Somewhere I have a LinkedIn account which never had my real name, or real e-mail, and long before they had images. It's about time for them to try to delete it again.

Apr 6 at 6:46pmWeb
Show threadDavid22h ago

@Amgine I'm only talking about people opting to have the "blue-check" type verification. For example, if one wants use a verified account when applying for a job (say, at a company that's been burned one too many times by North Korean infiltrators impersonating locals), or if one wants to get, say, Coursera courses onto a LinkedIn profile, then LinkedIn (and Coursera) should be required to take one's government's word for it (or the word of a lawyer or notary in one's jurisdiction, if one doesn't feel comfortable discussing one's LinkedIn or Coursera account with one's government) that one is who one says one is, with no other information.

Meanwhile, if a company in a jurisdiction which puts delegates the parental duty of age gaiting service access to the supplier, rather than the parent, wants to do business with someone in a privacy jurisdiction, that company should be required to take the word for the customer's government (or notary or lawyer, if they so choose) that the customer—or rather, the person whose pre-verification authentication session yields a given token, which itself contains no information about to which service they're authenticating—is a legal adult.

Show threadAmgine22h ago

@deFractal

It won't end with that. It will become a de facto standard, everywhere, to prove who you are, your age, etc. That is its purpose.

Enabling it in any way will likely simply accelerate the adoption, imo.

Show threadDavid22h ago

@Amgine I think the more effective place to counteract the trend towards ID everywhere is through privacy laws prohibiting requiring ID where unnecessary (with some detail about what's necessary).

Requiring proof or attestation of ID to attain verification that one has the name and face one claims to have is necessary: otherwise, LinkedIn (etc.) would be complicit in impersonation, fraud, libel, etc.

Requiring proof or attestation of ID is unnecessary to, for example, sell alcohol online, but anonymous proof or attestation of age is necessary.

Requiring proof or attestation of ID or age to, for example, read a factual article should be prohibited under privacy law.

The benefits and harms can be balanced, and doing so—explicitly allowing the claimed legitimate purpose on the condition of accomplishing that purpose in a manner which defeats the unstated and unjust purpose—would be more effective than delegating it to foreign jurisdictions. For example, it would be much harder to sell digital ID laws to voters if proven systems are already in place for anonymous proof-of-age.

The privacy jurisdictions could protect citizens and residents by beating the surveillance jurisdictions to it: providing exactly the claimed purpose (e.g., preventing children accessing porn) in a manner which defeats the unstated purpose (e.g., tracking which adult looks at what). It becomes politically untenable to sell the privacy violating mechanism to voters once they see a privacy preserving one in use: especially when one breach leaks ID documents, and the other breach leaks useless and inconsequential digital signatures of random one-time tokens.

It's kinda like if, in #rightToRepair discussions, legislators were to pretend to believe #Apple (etc.) that parts pairing is an anti-theft measure, and to require them to authorize any pairing, free of charge, upon presentation of proof of ownership to Apple or to any regulatorily required designated attestor.

Pretend to believe them about the purpose of a proof of ID or age requirement, provide a means to prove nothing more than strictly necessary, and require they accept it.