[throwawaymath]

I can see why this is an attractive idea to fund, but in my opinion it's the wrong way to resolve the problems highlighted in the article.

This is not a technical problem, it's a usability problem. We have had the cryptography necessary to technically fix this for a long time. Replace the single human-memorable token (SSN) with a unique public/private key pair. Then you provide safe authentication by signing verification messages with your private key without placing that private key into the hands of a centralized vendor (like Very Good Security).

The obstacle to this solution is 1) buy-in, to either get the government to do this or to bypass it with this solution in private industry, and 2) usability, to abstract as much of the technical signing process away from the user as possible. But this is a better solution. From what I can understand of Very Good Security's website, it's just more of the same. It wants to become the secure gatekeeper of sensitive data instead of developing a novel means of obviating that problem entirely.

The real company to fund is one which takes inspiration from an existing cryptographic protocol - like ApplePay's or AndroidPay's - and expands it to handle identity verification and one-time payment authorization without requiring an SSN or canonical credit card.

[PowerfulWizard]

I think it is an example of great preconditions for starting a company, even though it will be very challenging to make it work well. Basically, our technology is advanced enough to do this, but it so complicated that the percentage of people who can use it, rounding to the nearest, is 0%. I see it as similar to the situation with Dropbox when it was started, where it was possible to accomplish the same thing yourself -- if you have expert level ability in that specific area.

Observing how people get along with cryptocurrency wallet software, key management is a hurdle that many will fail to clear.

[throwawaymath]

What you're saying is precisely why I'm saying it's a usability problem, not a technical one. We have the technology, yes. This company is not that technology. The company we should fund is the one that solves the usability problem, not one which moves the goalposts to a different centralized point of failure.

The ideal solution would look like the ApplePay protocol - there is a PKI and cryptographic authentication, but users (and receiving vendors) never need to know what a digital signature even is. I agree with you that trying to get users to handle their own key management is a complete non-starter.

[amag]

> Replace the single human-memorable token (SSN) with a unique public/private key pair

There are governments that work on solutions to give each citizen a certificate. What I would love to see would be the possibility to issue your own sub-identities that only exhibit as much information as you want/need to share for that specific use case. E.g. if you need to make $20k/yr for a new mobile phone plan, you can issue an identity that makes $20k/yr as long as you make at least that.

[zimmerfrei]

You have just described IRMA (I Reveal My Attributes) which is an experimental non-profit implementation of a subset of Idemix, a type of ABC (attribute-based credentials) system:

https://privacybydesign.foundation/irma-en/

https://privacybydesign.foundation/irma-explanation/

https://petsymposium.org/2017/papers/hotpets/irma-hotpets.pd...

edit: links

[asimpletune]

Not to knock your answer, I agree with you that this is a usability problem, but also to be fair, there’s a lot more to the technical side of this than the use of public/private key crypto as you described.

[JohnJamesRambo]

https://www.civic.com/

What do you think of Vinny Lingham's company that is aiming to do something similar?

[Edmond]

like this?:

https://www.cipheredtrust.com/doc/