21I/ We're building digital gates to keep people out. Why identity *cannot* be an input to verification's.

From IIW

We’re Building Digital Gates to Keep People Out. Why Identity Cannot Be An Input To Verification

Thursday 21I

Convener: Dave Huseby

Notes-taker(s): N/A

Tags for the session - technology discussed/ideas considered:

  1. ssi #covidcredentials #freedom #liberty #cryptography

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

We are Building Digital Gates to Keep People Out

[[File:./output/media/image1.png|624x350px]]

Figure 1 - Holders present zero-knowledge proofs (P) and leak identifying information (I). The verifier uses the identifying information to de-anonymize the holder and then applies policies based on the identity information instead of the provided proofs. The only way to prevent this is to entirely eliminate the identifying information (I) from the presentation.

  • SSI originally promised user sovereignty and privacy and decentralization.

  • The manifestation of that has materialized into digital gates designed to keep people out of everything.

  • Up until very recently, access to resources (e.g. food, water, shelter) has been a concern of humans everywhere.

    • Large amounts of money and effort has been expended in the past to increase access and increase the stability of access to these resources.

    • Access to these resources has generally been considered a human right.

  • Now that we have digital <whatever> passports, the idea is that we will have physical/digital gates that will block some people from accessing these resources.

    • This is a fundamental sea change in the “human community standards”

  • WE are responsible for this. SSI is the way the passports and gates are being constructed.

  • Right now, despite our best efforts, the implementation using the W3C standards does very little to protect privacy and what it does do, doesn’t really preserve privacy.

  • Theory: as long as the identity of the holder/presenter can be ascertained by the verifier—by any possible means—then the gating/verification function can, and probably will, expand it into all of the associated personal data available in online databases. This means that digital credential checks can, and will, operate on our identity despite all of the privacy preservation we employ.

  • It is critical that it is impossible for the verifier to correlate and identify the presenter in all credential checks.

  • What we have built is a tool that can be used to create real-world consequences—even violate our human rights by blocking access to basic needs—for having “incorrect” personal attributes (e.g. the wrong politics, the wrong skin color, the wrong social class, etc).

    • This is how political dissent will be punished.

    • This will eliminate all peaceful approaches to resolving our political differences.

    • History teaches us that individualized control and lack of peaceful political resolution always leads to violence.

  • The information theory model for online de-anonymization is based on gathering enough observable traits during online interactions to uniquely identify the participants.

  • Social media/Tech companies have been doing this for more than a decade and have used the observations to create empirical models that make de-anonymizing us extremely easy and are so accurate it is scary.

  • “Perfect privacy” is when interaction happens but the identifiable information exchanged is absent or so little that de-anonymization is impossible.

  • To achieve perfect privacy we need a system that allows for business logic to operate upon our private data but the data sent is so little that de-anonymization is impossible.

  • One model for doing this is to combine authentic private data with a verifiable computation run by the holder of the authentic private data and combined into a 1-bit answer (e.g. yes or no) with proofs of authenticity of the inputs and the correctness of the computation. The combined result with proofs is called a Qualification (e.g. I am qualified to enter this grocery store).

  • Conclusion: If the good health pass or other similar digital credential systems gate access to food/shelter/work/travel and are able to operate on our identities/biometrics then it will immediately become a social credit system and we will descend into a collectivist dictatorship overnight, enforced by the digital gates we have built to keep people out.

  • If we don’t build for perfect privacy, posterity will blame us.

  • The DIF Applied Crypto working group is the place to hang out if you want to talk about and/or work on this.

References / Reading

ZOOM Chat:

10:03:37 From Alan Karp to Everyone:

https://youtu.be/t-OKL7cKarA

10:10:17 From Vic Cooper to Everyone:

Anyone have links to those articles?

10:12:20 From Mark Scott to Everyone:

https://dwhuseby.medium.com/

10:13:09 From Mark Scott to Everyone:

Nine articles going back to July, 2020.

10:13:10 From Vic Cooper to Everyone:

thanks

10:22:11 From Shannon Wells to Everyone:

fact

10:22:27 From Marc Davis to Everyone:

+1 Shannon

10:23:39 From Alan Karp to Everyone:

There’s a Chrome extension that changes your browser fingerprint for each site. Someone showed that you cans till be identified with high probability.

10:24:07 From Marc Davis to Everyone:

Home Zipcodes are used to predict a huge number of data points about the individuals that live in them

10:24:47 From Jeff O to Everyone:

Indeed Marc!

10:26:32 From Zorigt Baz to Everyone:

But you’re right

10:26:33 From Jeff O to Everyone:

Great optics David. Absolutely formative truths of the matter.

10:26:50 From Henk van Cann1 to Everyone:

+1 Zorigt

10:27:28 From Shannon Wells to Everyone:

But you also have to consider —all— the implications and there needs to be a recourse, no matter what you build

10:27:48 From Alan Karp to Everyone:

Unintended consequences

10:28:14 From Shannon Wells to Everyone:

^^ there will always be these, you can’t predict what they are, which is why there must be recourse for everything

10:28:57 From Vic Cooper to Everyone:

I’m not sure the problem is access. The end result of surveillance capitalism is manipulation/behaviour modification based on how much more the algorithms knows about us compare to what we know

10:29:29 From Marc Davis to Everyone:

+1 Vic

10:30:26 From Vic Cooper to Everyone:

And if the algorithm knows what we are afraid of then it knows how to manipulate us

10:30:32 From Jeff O to Everyone:

Social Scoring

10:31:27 From Jeff O to Everyone:

Boundless level of metrics with boundless implications.

10:31:50 From Zorigt Baz to Everyone:

So 1984 scenario is very real

10:31:53 From Marc Davis to Everyone:

Jeff Orgel:

10:32:10 From Shannon Wells to Everyone:

it’s here already

10:32:14 From Marc Davis to Everyone:

Sorry Jeff! Mistyped.

10:33:40 From Henk van Cann1 to Everyone:

@Zorigt What we already have today, was Orwell’s worst nightmare?

10:34:19 From Trent Larson to Everyone:

Is there any controversy in his statements? FYI: I believe he’s spot on, and it’s driven by the simplistic desire to have “teeth” to chase down bad players for any governance problem proactively, as opposed to allowing nuance and even potential low-level threats to happen… all because of the false lure of enforceability.

10:35:48 From Brian Richter to Everyone:

If we succeed in only sending 1 bit its almost impossible to create multi user interactive applications is it not?

10:36:12 From Jeff O to Everyone:

Teeth well sunk into the "fabric" David. I'vve been watching & feeling "IT" for well over a decade.

10:36:37 From Shannon Wells to Everyone:

it’s not possible to be apolitical

10:36:38 From Steve McCown to Everyone:

So we send the required 1-bit … and then sign it with a public DID (or key)?

10:36:51 From Shannon Wells to Everyone:

you can just opt out of making a specific political statemnt

10:39:13 From NickyHickman to Everyone:

context= moment

10:39:17 From Alan Karp to Everyone:

How do I get personalization?

10:39:18 From Marc Davis to Everyone:

+1 Shannon

10:39:20 From NickyHickman to Everyone:

identity is a function of that context

10:39:38 From Vic Cooper to Everyone:

It’s not 1984 it’s Brave New World. Orwell vs Hexly. Big Brother vs Big Other

10:39:39 From Marc Davis to Everyone:

@Shannon Architecture is politics.

10:39:41 From Kent Bull to Everyone:

Jumping in a little late. What are the cryptographic primitives that support such privacy? I want to use them in my app.

10:40:26 From Shannon Wells to Everyone:

human rights is political… but anyway, I don’t see anything controversial just points I hadn’t considered, but I”m not sure about a “simplistic” need for teeth to chase down bad players so much as a way to opt out of it and to establish technical protections

10:40:27 From Kent Bull to Everyone:

@Marc totally. This is because governments have defined themselves in a way that violates proper civilized boundaries. It’s time to architect things in a way that rebalances power one internet packet at a time.

10:40:33 From Zorigt Baz to Everyone:

there are uses cases for personal verification and authorization. How do we do those with single use key?

10:43:06 From Steve McCown to Everyone:

This makes me think of “Strong Anonymity”. (https://venturebeat.com/2016/10/08/how-strong-anonymity-will-finally-fix-the-privacy-problem/)

10:43:25 From Marc Davis to Everyone:

@KentBull Totally agree and I love your phrasing: “It’s time to architect things in a way that rebalances power one internet packet at a time.”

10:44:08 From Henk van Cann1 to Everyone:

@Vic: Huxley nails our present-day society on the head https://youtu.be/alasBxZsb40, he did this more than 60 yrs ago.

10:44:31 From NickyHickman to Everyone:

Your point about web vs internet is very important. We call it web 3.0 and that's a problem, because as you say it's not about the web it's about the sub-structure of the Internet. I think that Doc and Customer Commons Intentron plays directly to this

10:44:55 From Joyce Searls to Everyone:

+1 Nicky

10:45:33 From Shannon Wells to Everyone:

Not everyone can “start a company” to solve their problems, that’s not a good answer

10:46:11 From Alan Karp to Everyone:

Get a loan from your parents to start a business. — Mitt Romney

10:46:26 From Shannon Wells to Everyone:

I mean I realize David was being a bit flippant

10:46:30 From Joyce Searls to Everyone:

YES. Beyond the Web

10:47:31 From Alan Karp to Everyone:

The authorization token system we built used a different key pair for each certificate.

10:47:32 From NickyHickman to Everyone:

🙌 for joyce

10:47:52 From David Huseby1 to Everyone:

Ohhhh!

10:48:04 From David Huseby1 to Everyone:

I always thought “buy” + “my way”

10:48:26 From Shannon Wells to Everyone:

for people who don’t know though, “apps” often just are using a browser under the hood, aka “web view”

10:48:36 From David Huseby1 to Everyone:

I was being flippant about “build it yourself”

10:49:04 From Alan Karp to Everyone:

I know. Just poking you.

10:49:13 From Shannon Wells to Everyone:

I suspected you weren’t serious, it’s just a common response

10:49:39 From Vic Cooper to Everyone:

Isn’t a lot of this about moving the software we use over to our side of the fence?

10:49:41 From Jeff O to Everyone:

@Alan - to your point of being able to do what you want to do, you likely may find that you simply have to things differently. Security is nice when it can be made convenient, yet look at how firemen, doctors, military, police, etc. wear to work. They probably would like to successfully do their thing less effortfully.

10:49:45 From Brent Zundel to Everyone:

I love "intentron" but feel like it is demanding an additional number, a'la "Intentron 9000"

10:49:52 From NickyHickman to Everyone:

Even Tim BL says "“We demonstrated that the Web had failed instead of served humanity, as it was supposed to have done, and failed in many places,” he told me. The increasing centralization of the Web, he says, has “ended up producing—with no deliberate action of the people who designed the platform—a large-scale emergent phenomenon which is anti-human.” https://www.vanityfair.com/news/2018/07/the-man-who-created-the-world-wide-web-has-some-regrets

10:50:36 From Joyce Searls to Everyone:

interesting, Nicky. Thanks for that quote.

10:52:00 From NickyHickman to Everyone:

@Dave - can you speak to the idea of no individual identity, only 'dividual' identity - we are a number in a group.

10:52:24 From Trent Larson to Everyone:

I want to give a small ray of hope despite today’s toxic and totalitarian atmosphere: the web has connected people directly, to each other as well as to the real sources of information. It’s a stepping stone, and people are realizing their individual power & discerning abilities, and we’re having the right discussions for next steps. 👏

10:52:26 From Alan Karp to Everyone:

@JeffO: People will always choose the easy way. The trick is to make that the secure, privacy preserving way. Unfortunately, there’s no incentive for companies to make that so.

10:52:38 From Joyce Searls to Everyone:

RIGHT Dave!

10:53:15 From Jeff O to Everyone:

People's past (yearbook pictures) are showing up from 40-50+ years ago from analog real world. The data scape of mining is leaking into digital implication - reputationally.

10:53:20 From Joyce Searls to Everyone:

Human memory is designed to degrade. “Time heals all wounds”

10:53:39 From Jeff O to Everyone:

That's the song...

10:53:50 From Joyce Searls to Everyone:

But, digitally memory lives forever.

10:53:50 From NickyHickman to Everyone:

encoded often in models that predict a homogenous kind of behaviour framed w/ western and white models of expected behaviour and incentives … it's deeply wrong but not too late to pull back

10:56:58 From Jeff O to Everyone:

Tech centric cultural/governmental control are turning their societies into ants and bees. That is where this stuff works in nature - but not so common in human nature.

10:59:26 From Marc Davis to Everyone:

@Dave The very nature of the Sovereign is hat it has the power of permissible and necessary violence against its subjects. That is true in the US as well.

10:59:59 From NickyHickman to Everyone:

Yes @Jeff - it's always about power and politics, but understanding as a socio-technical system requiring a socio-technical solution - no tech is the full solution no matter how brilliant... create space play GO not chess

11:00:51 From Brent Zundel to Everyone:

I've heard there's a CBDC effort that will be happening at the LF

11:01:39 From Kent Bull to Everyone:

@Brent That’s awesome. I’d love to learn more about that.

11:01:58 From Marc Davis to Everyone:

+1 @Nicky

11:02:25 From Jeff O to Everyone:

@Nicky: Yes. Giving breathing room for the HumanOS (human nature) to be in the sorts of real world communal space with near others is often bypassed. Tech is an important (more or less per person) side channel of hopefully respectful function.

11:03:10 From Marc Davis to Everyone:

+1 @Vic

11:03:21 From NickyHickman to Everyone:

Read this to understand distorted realities https://en.wikipedia.org/wiki/The_Magus_(novel) +1 Vic

11:03:31 From Jeff O to Everyone:

ya

11:03:33 From NickyHickman to Everyone:

Completely agree

11:04:42 From Jeff O to Everyone:

We are well served to learn to stand, or move away from, this fire without burning away.

11:05:15 From Marc Davis to Everyone:

@Vic: “The best possible prediction is the ability to manipulate someone’s behavior.” Brilliant!

11:05:28 From David Huseby1 to Everyone:

+1

11:07:22 From Kent Bull to Everyone:

What is the expiration date of a part of a reputation?

11:07:35 From NickyHickman to Everyone:

You call for policy but that is governance - what does self-sovereign governance look like - self asserted terms and policies - community based - bottom up policies

11:07:36 From Kent Bull to Everyone:

In the words of Steve Jobs: “Death is the single best invention of life.”

11:07:39 From Neil Thomson to Everyone:

aka Twitter is trial and conviction by social media

11:07:51 From Joyce Searls to Everyone:

These are not technical problems, they are spiritual ones.

11:08:15 From Zorigt Baz to Everyone:

Policies on federal level is very bad, it’s mostly dependent on who gets contract on policy enforcement like private prisons.

11:08:56 From Neil Thomson to Everyone:

Influence on behavior is directly related to the closeness of personal relationships.

11:09:27 From Neil Thomson to Everyone:

We - the usual suspects

11:09:59 From Henk van Cann1 to Everyone:

+1 David

11:10:05 From Zorigt Baz to Everyone:

My tv is 29 inches, I only use it for DVDs that I borrow from the library.

11:10:07 From NickyHickman to Everyone:

+1 dave - group hug🤗

11:10:14 From Vic Cooper to Everyone:

Hard to imagine Dave being boring at a party

11:10:33 From NickyHickman to Everyone:

that's because we like the same kind of parties @ Vic

11:10:43 From Steve McCown to Everyone:

Dang it, I just bought a TV…. ;-)

11:10:50 From Shannon Wells to Everyone:

fwiw I don’t use social media either

11:10:51 From Jeff O to Everyone:

lol

11:10:59 From Zorigt Baz to Everyone:

Steve, I hope you at least bought OLED

11:11:12 From Alan Karp to Everyone:

I’m a twit who doesn’t tweet.

11:11:14 From NickyHickman to Everyone:

LOL Steve

11:11:56 From Jeff O to Everyone:

Broomsticks

11:12:02 From Shannon Wells to Everyone:

bananas!

11:15:58 From Alan Karp to Everyone:

Croquet decided to use capabilities to manage permissions.

11:16:04 From Henk van Cann1 to Everyone:

@shannon maybe we should not underestimate the effect of tv, radio and other #MSM and lastly the web on our behaviour. “They” are manipulation our subconscious, especially when it’s done in a multichannel way?

11:16:30 From Shannon Wells to Everyone:

I think we should ensure that we accurately measure it, not estimate it.

11:16:32 From Zorigt Baz to Everyone:

Social media made “cancel” culture possible.

11:17:00 From NickyHickman to Everyone:

Interestingly in the history of the interplay between politics and religion, everything has always been about social control and organisation think about Calvin and the duty to resist, think about the adoption of Christianity by the Roman empire, think about the catholic city states in France post the angovian empire

11:17:33 From Alan Karp to Everyone:

There was panic a number of years ago about subliminal images influencing our behavior. It never came to pass. (I don’t think, but how would I know?)

11:17:39 From Henk van Cann1 to Everyone:

+ 1 Dave

11:17:47 From Jeff O to Everyone:

quiet nod

11:17:51 From Zorigt Baz to Everyone:

Collective dictatorship

11:17:56 From Shannon Wells to Everyone:

I think it’s an oversimplification to suggest that people can be controlled by “the media” in whatever instantiation you think that is. People’s behavior is determined by a complex network of factors

11:17:58 From Trent Larson to Everyone:

Collectivism is OK. Totalitarian Collectivism is scary.

11:18:28 From NickyHickman to Everyone:

the bald tradeoff of freedoms for information

11:18:39 From Shannon Wells to Everyone:

Subliminal messaging’s power to influence was way overstated but people can be primed to make subtle associations, and that’s used experimentally all the time.

11:19:19 From NickyHickman to Everyone:

"hearts & minds" - at home as abroad

11:20:22 From Zorigt Baz to Everyone:

As tax paying citizen

11:21:10 From Zorigt Baz to Everyone:

maybe we should get tax rebates if we’re denied services

11:21:33 From Joyce Searls to Everyone:

gotta’ run. Thanks, Dave.

11:21:39 From Henk van Cann1 to Everyone:

@shannon I beg to differ. What I’ve seen happening in Europe with Govs politically controlling the MSM and censoring critics…

11:22:40 From Shannon Wells to Everyone:

@Henk I suspect we may actually agree more than you realize. Too difficult to work out in a Zoom chat 🙂

11:23:11 From Henk van Cann1 to Everyone:

@Shannon true :-D

11:23:49 From Zorigt Baz to Everyone:

DID is started with United States Department of Homeland Security's (US DHS)

11:24:09 From NickyHickman to Everyone:

have to jump, thanks Dave

11:28:10 From Vic Cooper to Everyone:

I’m curious how the model works with shared data? Data about us when we are apart of a group.

11:28:28 From Marc Davis to Everyone:

+1 Vic

11:29:19 From Shannon Wells to Everyone:

Wow

11:31:08 From Shannon Wells to Everyone:

How very enlightening and my heart goes out to you for what you’ve gone through dude.

11:31:20 From Trent Larson to Everyone:

It’s crazy that we’re allowing the NSA to gather and store all communications. It’s crazy that US feds are currently discussing forcing all banks to send all transactions (> $600) directly to the IRS.

11:32:35 From Shannon Wells to Everyone:

yep

11:33:19 From Laura Jaurequi to Everyone:

Thank you!

11:33:21 From Jeff O to Everyone:

agree David. Better and better...

11:33:23 From Shannon Wells to Everyone:

Thank you Ken for sharing your important experience

11:33:28 From Brent Zundel to Everyone:

You too Dave

11:33:52 From Neil Thomson to Everyone:

Gotta drop - next time.....

11:33:59 From David Huseby1 to Everyone:

Thanks for coming Neil!

11:34:14 From Shannon Wells to Everyone:

^Kent

11:34:27 From David Huseby1 to Everyone:

Thank you Kent for your story

11:34:49 From Jeff O to Everyone:

Well put Vic.

11:34:52 From Kent Bull to Everyone:

I’m glad to share it. Let it serve as a lesson on the consequences of getting SSI wrong.

11:35:01 From David Huseby1 to Everyone:

+1

11:36:09 From evanwolf to Everyone:

SSI vs. deep fakes

11:36:21 From Marc Davis to Everyone:

+1 @EvanWolf

11:37:47 From Mark Lizar2 to Everyone:

Providence at the outset is 100% the point - what we are calling consent by default

11:38:06 From Zorigt Baz to Everyone:

SSI could be used for making government more transparent and accountable? Or, de-construct the notion of having representatives in congress to make it less corruptible.

11:38:32 From Brent Zundel to Everyone:

Reminds me of this: https://englishwotd.wordpress.com/2014/02/17/artificial-inanity-systems/

11:39:24 From Jeff O to Everyone:

The velocity of socio-politics over digital can be tectonic. Can be Fast and far too.

11:39:38 From Mark Lizar2 to Everyone:

LOL

11:39:40 From evanwolf to Everyone:

In a world of pervasive computing, where our bodies, our persons, the spaces around us, and the metaverse are one thing, the ability to trust your senses is everything.

11:41:11 From evanwolf to Everyone:

Provenance from the sensor/hardware on up is part of this.

11:42:01 From Brian Richter to Everyone:

@David is there a link to the latest provenance log spec or somewhere to read more?

11:43:19 From Brent Zundel to Everyone:

adding correlation is easy

11:44:27 From Jeff O to Everyone:

A data version of "evergreen"?

11:44:43 From Vic Cooper to Everyone:

Seems like this all points to a web of trust model but one that works

11:45:10 From Kent Bull to Everyone:

Gotta make a call. Be back in a few

11:46:20 From Marc Davis to Everyone:

@Brent cryptographically? Please elaborate…

11:47:09 From Brian Richter to Everyone:

Answering my own question it might be this PR? https://github.com/decentralized-identity/crypto-wg/pull/8/files

11:50:27 From Shannon Wells to Everyone:

oh my god

11:51:35 From Marc Davis to Everyone:

@MarkLizar, is it this: https://www.ohchr.org/EN/HRBodies/CRC/Pages/GCChildrensRightsRelationDigitalEnvironment.aspx

11:52:29 From Shannon Wells to Everyone:

I wish we would eliminate all advertising in children’s content entirely

11:55:04 From Jeff O to Everyone:

Thx Dave!

11:56:35 From David Huseby1 to Everyone:

You’re welcome Jeff

11:56:41 From David Huseby1 to Everyone:

I wan’t to work with all of you BTW

11:56:55 From David Huseby1 to Everyone:

Dave@cryptid.tech

11:59:19 From Vic Cooper to Everyone:

Thanks for the session Dave. Great work and discussion!

11:59:51 From David Huseby1 to Everyone:

My pleasure. Thank you Vic for coming. I always love to hear your thoughts on things

12:06:05 From Kent Bull to Everyone:

Headed out to a meeting for a bit. I’ll see you all in the other sessions. Really enjoyed the convo and thoughts here.

12:09:46 From Jeff O to Everyone:

Yay for anti-fragile.

12:11:53 From Zorigt Baz to Everyone:

Cartel = monopoly

12:11:54 From Marc Davis to Everyone:

I have to head out, and thank you all so much for a fabulous, thought-provoking, and even hopeful session.

12:12:14 From Jeff O to Everyone:

Throttling commodities - ugh...

12:14:03 From Jeff O to Everyone:

Amazon is getting pretty stripped too...

12:14:13 From Vic Cooper to Everyone:

A fascinating book on economics is actually a SciFi book, “The Ministry of the Future” Kim Stanley Robinson. The is a concept of a carbon currency and a decentralized social network called U-lock. They finally come to fruition when the other systems fall apart. The revolution happens because these ideas were ready as a plan B when the shit hits the fan

12:14:42 From David Huseby1 to Everyone:

The mars series from KSR is awesome too

12:14:43 From Jeff O to Everyone:

Thx All!