Hacker News new | past | comments | ask | show | jobs | submit login

2020 editorial, https://privacyinternational.org/long-read/4074/looming-disa...

> A digital ID that proves immunity will raise serious human rights issues. And the failure of the digital ID industry to deal with the issues of exclusion, exploitation and discrimination puts the entire industry under question ... The most important message for the industry is, perhaps, that you don't have to provide a solution to every conceivable use-case for identity. This pandemic should form a check on the hubris of the digital identity industry.

2021: Linux Foundation & others launch an interoperable blockchain to unify human identity across all US states and all countries, enabling linking of phones, online wallets, driver's licenses, EU digital ID, offline activity (e.g. travel, entering buildings) and potentially future central bank digital currencies with kill switches (e.g. prevent kids from exceeding monthly quota of sweets/candy purchases, or some cross-border transactions), https://www.zdnet.com/index.php/forums/discussi.com/index.ph...

> For health passes to work globally, helping countries to restart economies and reopen borders, they need to be trusted globally. Through the Global COVID Certificate Network, Linux Foundation Public Health is working to address this challenge by bringing together a network of trusted and interoperable Trust Registries, so that the holder of a certificate can use it whenever they need and wherever they are. IBM is excited to collaborate with Linux Foundation Public Health on this important initiative at this critical time in our history.

In other news, mobile phone numbers can be used to obtain the real-time geolocation of a phone. Both T-Mobile and AT&T recently announced data breaches of customer data, including phone number and other identifying information, for millions of customers.

The US government lost the entire OPM classified database on security-cleared personnel, one of the highest-value information systems on high-value humans.

So who exactly are we going to trust to run this global blockchain of human identity? IBM? What's their historical track record on cybersecurity and governance of protecting humans? And no, many "decentralized" companies enforcing identical policy does not make the resulting system any less centralized and fragile.

We need to collect less data, not more. If the West wants a social credit system, at least have the decency of emulating China by stating explicit public policy goals and owning the societal consequences. If Western countries don't want a China-style social credit system, then new legislation may be needed to encode this societal value, or to clarify Constitutional principles. But it should be a governance and policy decision, not an accidental consequence of "tech" infrastructure.

Let's remember that "Covid Contact Tracing" via phones was not especially successful in adoption or changing of outcomes. Even when tracing data was available, some local governments made decisions which ignored the data. Yet, every phone now carries closed-source binaries to track not only the human user, but neighboring devices belonging to humans. With this track record of non-utility, what is the justification for expanding health surveillance interoperability to every aspect of online, offline and economic life?

https://www.goodhealthpass.org/

https://trustoverip.org/




It seems that the Linux Foundation has overstepped its initial purpose of driving Linux standardization. Is it becoming instead a shell for a wide megacorp[0] coalition, now jumping on the Covid train[1]?

And how about CBDC? It seems that there's a (strong?) link between Hyperledger and the WEF.[2][3]

I doubt Linus would condone such things! Oh, wait...[4]

Gah, conspiracies upon conspiracies :-) .

[0] https://linuxfoundation.org/join/members/ [1] https://www.lfph.io/ [2] https://www.weforum.org/people/brian-behlendorf [3] https://www.hyperledger.org/event/world-economic-forum [4] https://www.weforum.org/people/linus-torvalds


Thanks for the references, which reminded me that IBM was a founding member of the Apache Foundation & Brian was the founding President.

Is there a directory of all "WEF People", other than a web search for the URL fragment? https://duckduckgo.com/?q=site%3Aweforum.org%2Fpeople

WEF has been kind enough to release public media about their visions, e.g. last week's video envisioned people's lives being rebuilt around "neighborhood hubs" that are 15-min walking distance from their home offices, containing gym and bars, but no restaurants since those will be replaced by ghost kitchens. They envision biometric ID of each human by their heartbeat [already specified in the upcoming 2024 IEEE Wi-Fi standard that will allow consumer routers to "see through walls" with doppler imaging], https://twitter.com/wef/status/1427721919483326470

One challenge for those not shopping for what WEF is selling is the lack of institutions to champion alternative visions. E.g. until that WEF video, I had no idea the "15-min city" (smart gulag?) was endorsed by urban planners, https://www.cnu.org/publicsquare/2021/02/08/defining-15-minu.... As a point of comparison, that would be a radius of ~1km, 80% smaller than the 5km home lockdown zones in Victoria, Australia, https://www.theage.com.au/politics/victoria/what-the-new-cor...


There is an index of partner organizations,[0] but I haven't had much luck with their people index,[1] which seems to present just the WEF website template without any content.

Indeed they've been very kind with releasing their agenda. :) Schwab's "The Great Reset" book is a roadmap for the next steps, and the WEF is following up with more media-friendly content regularly.[3]

I suspect that Schwab either is a very productive author who made excellent use of his lockdown time, or the Great Reset manuscript was sitting in his ghostwriter's desk, and just got "COVID-19" prepended to its title.

Also, re: the "neighborhood hubs". Really? These already existed, they were called, eh let me think -- neighborhoods. But yeah, I like your take on it as a "smart gulag", seems to capture the whole idea nicely.

I'm squinting really hard, but can't see any non-dystopian outcome. Sure, we'll put on a smile -- even with a mask on, it's a requirement, and the WiFi routers are ubiquitous, they're looking at us,[4] and they can tell when you're not smiling,[5] so we'll have to.

(OK, perhaps I'm stretching it with SENS being able to detect smiling, though apparently it does detect gestures.)

[0] https://www.weforum.org/partners

[1] https://www.weforum.org/people/

[2] https://www.amazon.com/o/asin/2940631123

[3] https://www.weforum.org/focus/the-great-reset

[4] https://beyondstandards.ieee.org/ieee-802-11bf-aims-to-enabl...

[5] https://www.theregister.com/2021/03/31/wifi_devices_monitori...


A modicum of good news: in a previous HN discussion of SENS, someone posted a couple of EU-funded research papers on technical countermeasures ("CSI murder" based on OpenWiFi), https://news.ycombinator.com/item?id=27133079

If you haven't already seen the historical archives of IIW meetings and the Project VRM mailing list, they sometimes have in-depth discussions by recognizable names in the digital identity industry, including some with leadership roles on upcoming specs: https://cyber.harvard.edu/lists/arc/projectvrm & https://cyber.harvard.edu/projectvrm/Main_Page & https://internetidentityworkshop.com/


We need something like a web of trust system that enables local governments to validate official ID's and cryptographic signatures. We can't do a perfect job, but doing the best we can with current technology and building a rational framework of data protection at the citizen level is the only rational course.

A blockchain system makes sense for a distributed record of a web of trust. Instead of a coin and proof of stake, a proof of population based algorithm would allow nodes to join a network.

Such a network could form the basis of any government function and cryptographically protected personal data. You could add trustless age verification for porn sites, for example. Or it could allow checking the vaccination status for college entry, or so on. In the case of identity theft, it should be possible to allow law enforcement or some official entity the ability to issue a new identity key, and revert or modify any changes in private data, flagging the poisoned entries in the blockchain.

Anyway, the point is : it doesn't have to be perfect, it just has to be better than the shitshow we have now. We can eliminate SSNs and do a pretty good job of implementing cryptographically secured trustless identity. We can build a system that maintains privacy as a fundamental principle instead of trying to tack on post-hoc reactive solutions that are always too little too late.


Keeping our privacy, both digital and otherwise, secure from intrusion isn't and absolutely shouldn't be about simply keeping them secure from "bad governments" and nefarious data thieves. The point should be to rigorously prevent governments of any kind using any supposedly good justification period from easily knowing or tracking certain things. If history should be able to teach us anything it's that good governments can become corrupt and that the data held by any large organization can quickly be stolen or misused by its individual members or others for their own ends. Data like that shouldn't simply be "secured", it should be made extremely difficult to collect in the first place, especially by any large centralized party.


In addition to privacy as a fundamental principle, we also need "separation of powers" as a fundamental democratic governance principle.

Once these systems are deployed, how can we guarantee ongoing transparency of policy debates and citizen-tax-representative governance and admin/config/security changes?

Without ongoing feedback loops that evaluate systems against explicit democratic principles, there is risk of network effects where early policy choices become difficult or impossible to change after many parties have implemented local systems. In that scenario, early system design could become a far-reaching target for lobbyists and techno-regulatory capture.


They should be designed to be interoperable and each functional layer should be completely self sufficient, so that any particular module can be eliminated or modified without affecting underlying data.

Anti-theft and anti-abuse functionality needs to be baked in from the ground up, so that individuals have total control over their data, with governments able to maintain some absolutely minimal necessary baseline of record keeping.

For example: A health department could build a vaccination status verification system, and be provided by the local government with the ability to signa citizen's record. Participation needs to be voluntary and easily reversible. At the same time, the health department should have an ephemeral record from which an accidentally reversed or deleted signature can be recovered. If someone gets their ID stolen, they can go to their local courthouse, get a new ID key, synchronize everything up to the time right before the compromise, sign off on deactivating the old key, and continue on with life.

Not only does it have to be private and secure, it has to allow for human fallibility and malice.

A system like this could be the basis for controlling law enforcement access to biometrics. If you have no criminal record, all fingerprint and DNA and other data could be restricted without a warrant, or voluntary participation, or legally structured access. Things like this would eliminate the practice of fingerprinting children, using facial recognition or DNA dragnets without explicit judicial permissions, meaning law enforcement access has to be baked in. If done right, it could mean every piece of information could be cryptographically segregated, and a record stored within the blockchain, forcing accountability in any government access and use of private data.

Best of all, it would allow secure digital voting. Instead of an election day, you could set a voting week or even month during which every citizen has the opportunity to cast their vote, then verify their selections. People would need to use the extended time frame to ensure their vote is accurate and their keys secure, and only have to go to a polling location if they have been compromised (or simply want to use paper. )

It would need to be wargamed extensively and over the course of at least a year, but we should be leveraging the best technology has to offer. It just needs to be better than what we have, and that's an abysmally low bar.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: