More broadly, how do we manage the notion of readable digital identity? Its use, misuse and maintenance? Now and in the future. Good piece.
Europeans Wary of New Digital Identity By Arnout Jaspers, Commissioned by CACM Staff, March 31, 2022
Europeans now need a digital QR code verifying their coronavirus immunization status in order to cross borders. Critics say the new European Digital Identity (EDI) framework tries to capitalize on that requirement to strangle the privacy of its citizens; others say the EDI could actually benefit privacy, if done right.
To buy alcohol in the European Union (EU), you need to prove that you are at least 18 years old, typically by handing a photo identification card to the cashier. But why should the cashier be able to read your full name, date and place of birth, and Social Security or driver's license number, before selling you a bottle of wine?
Unlike a physical ID, a digital ID can perform selective disclosure: it only shows the relevant attribute (in this case, verifying that the holder is 18 or older) and nothing else.
This is how the European CoronaCheck app is set up: after scanning the QR code, the app displays a green flag if the app confirms the person being tested has been vaccinated, or was infected with the virus and can show proof of recovery, or detects proof of a recent negative PCR-test (or any combination of the three). If none of those three conditions (or combination of them) is detected, the app displays a red flag.
A European Digital Identity, in the vision of the European Commission, would provide every EU citizen with a digital wallet ID that can perform selective disclosure on many more attributes. The wallet will contain personal data like one's fiscal number (in the U.S., this would be a Social Security number; in the Netherlands, it is the BSN number), but also detailed information on health and education; almost anything the owner wants to put in the wallet.
It will typically reside on the owner's smartphone, and the owner has to give permission for it to display specific attributes. A doctor might be allowed to see all the medical information, while a university in Italy would only be allowed to verify whether the owner really received her bachelor's degree from Oxford University.
In February, the European Commission released a call for proposals to develop an app for such a wallet ID. While the Commission does not have the authority to demand that all 27 EU member-states use the same app, it can enforce certain data and privacy standards.
The initiative has caused concern among privacy advocates, and an uproar among more-extreme anti-EU activists, who see the European Digital Identity as a decisive step towards total, CCP-style control of EU citizens. .... '
No comments:
Post a Comment