|
|
|
|
|
|
by noodlesUK
918 days ago
|
|
|
I’m enthusiastic about the longer term future of solutions like this. Current IDs can’t do data minimization very easily, but phone-based solutions can. You should be able to get a permission prompt saying “drug store wants to know your >18/21 status” and not hand over any other data. Of course this requires regulatory oversight to ensure that the stores don’t just ask for all the perms available. However, does this implement the ISO spec for drivers licenses in Apple/google wallet, or is this some home grown thing? |
|
|
Unfortunately, history proves relying on regulatory oversight is likely to fail, be subverted or captured by special interests, possibly catastrophically, or worse, silently. This is especially true in rapidly evolving tech domains.
While I can understand that from a purely technical architecture design perspective standardization and centralization can seem like the correct approach, from a risk analysis perspective the downsides are simply too costly. It's really a case of being a reasonable choice "in a perfect world" but a terrible choice "in the real world."
The data and individual rights at stake are too important and too valuable to centralize into one juicy target certain to attract well-funded, highly motivated adversaries ranging from hostile governments, commercial interests and law enforcement overreach to some DMV clerk using a system design flaw to stalk women. None of those examples are theoretical since all of them (and worse) have already actually happened multiple times in different systems carefully designed with the best intentions and substantial legal, procedural and technical safeguards. Arguing "But this time the system won't fail" isn't persuasive when the risks are so high and track-record so clear. While I agree the current situation is far from optimal, we need to be incredibly cautious about jumping from the pan into the fire.