This document provides an overview of online privacy and identity. It discusses how current online identifiers are controlled by third parties rather than individuals. It then introduces decentralized identifiers (DIDs) as a new type of cryptographically-verifiable identifier that is owned by individuals rather than companies. DIDs allow for portable, privacy-respecting identifiers and verifiable credentials that do not depend on central authorities. The document outlines the potential benefits of this approach for data portability, privacy and security compared to the current internet identifier system.
1. 1
Returning to Online Privacy?
Dr. David Hyland-Wood
david@hyland-wood.org
5 November 2019
2.
3. The people held the government,
but they did not hold the power.
“
4.
5.
6.
7.
8. ”
When the missionaries came to Africa,
they had the Bible and we had the land.
They said “let us close our eyes and
pray.” When we opened them, we had
the Bible, and they had the land.
17. W3C Verifiable Credentials
19
The mission of the W3C Verifiable Claims Working Group:
Express credentials on the Web in a way that is
cryptographically secure, privacy respecting, and
automatically verifiable.
18. The laws of mathematics are very
commendable, but the only law that
applies in Australia is the law of Australia.“
19. The Web’s Identifier Problem
21
To date, every identifier you use online
does not belong to you; it belongs to
someone else.
This results in problems related to cost, data
portability, data privacy, and data security.
20. Why is this a problem?
22
500 Million guests
412 Million users
145 Million users
110 Million shoppers
3,000 Million users
21. Web Identifiers Today
23
Domain Name System
(Identifiers are leased to individuals)
Issuer
(Website)
Government, Employer,
etc.
Verifier
(Website)
Company, Bank, etc.
Holder
(Digital Wallet /
Personal Data Store)
Citizen, Employee, etc.
Issue
Credentials
Present
Profiles
22. What is missing?
24
Many portable identifiers for any person, organisation,
or thing that does not depend on a centralised
authority, are protected by cryptography, and enable
privacy and data portability.
23. Decentralised Identifiers
25
A new type of globally resolvable,
cryptographically-verifiable identifier, registered
directly on a distributed ledger or blockchain
24. What does a DID look like?
26
did:example:123456789abcdefghijk
Schem
e
DID
Method
DID Method Specific String
did:v1:nym:DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD
Example:
25. DIDs Resolve to DID Documents
27
{
"@context": "https://w3id.org/veres-one/v1",
"id": "did:v1:nym:DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD",
"authentication": [{
"type": "Ed25519SignatureAuthentication2018",
"publicKey": [{
"id": "did:v1:test:nym:DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD#authn-key-1",
"type": "Ed25519VerificationKey2018",
"owner": "did:v1:nym:DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD",
"publicKeyBase58": "DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD"
}]
}],
"service": [{
"type": "ExampleMessagingService",
"serviceEndpoint": ”https://example.com/services/messages”
}],
… more DID-specific information here …
}
1. Authentication Mechanisms
3. Service Discovery
2. Public Key Material
26. Decentralized Identifiers
28
Decentralized Identifiers
(Identifiers are owned by individuals)
Blockchains / DHTs
(Decentralized Ledger)
Veres One, Sovrin, Bitcoin, Ethereum, etc.
Issuer
(Website)
Government, Employer,
etc.
Verifier
(Website)
Company, Bank, etc.
Holder
(Digital Wallet /
Personal Data Store)
Citizen, Employee, etc.
Issue
Credentials
Present
Profiles
29. (David) Wheeler’s Law
All problems in computer science can be solved by
another level of indirection, but that will usually
30. (David) Wheeler’s Law
All problems in computer science can be solved by
another level of indirection, but that will usually
create another problem.
32. Acknowledgments
34
● Vintage 1984 movie poster modified from a version by Flikr user “book radio”, CC-BY-2.0 license,
https://www.flickr.com/photos/bookdio/14164592302
● Photo of the bombing of La Moneda (Chilean presidential palace) on 11 Sep 1973 by Biblioteca del Congreso Nacional, CC-BY-3.0-CL
license, https://commons.wikimedia.org/w/index.php?curid=16325488
● Photo of Salvador Allende, CC-BY-3.0-CL license, https://commons.wikimedia.org/wiki/File:Salvador_Allende_1952.JPG
● Salvador Allende quote from United States Congress, House Committee on Foreign Affairs (1789-1975), “Hearings, Reports and Prints of
the House Committee on Foreign Affairs”, U.S. Government Printing Office, 1975, pp 585
● Project Cybersyn operations room photo by Source, fair use due to historical significance (low resolution) for educational purposes,
https://en.wikipedia.org/w/index.php?curid=12937653,
https://en.wikipedia.org/wiki/Project_Cybersyn#/media/File:Cybersyn_control_room.jpg
● Nuremburg Laws illustration German Government (“Entwurf Willi Hackenberger”, “Copyright by Reichsausschuß für
Volksgesundheitsdienst”, government agency apparently part of the Reichs- und Preußisches Ministerium des Innern), in the public domain,
https://commons.wikimedia.org/wiki/File:Nuremberg_laws_Racial_Chart.jpg
● Photo of birth and death records in a family bible by Chuck Coker, CC BY-ND 2.0 license,
https://www.flickr.com/photos/caveman_92223/3288595909
● IDC projections from IDC White Paper, The Digitization of the World - From Edge to Core, Doc# US44413318, November 2018,
https://www.seagate.com/www-content/our-story/trends/files/idc-seagate-dataage-whitepaper.pdf
33. Acknowledgments
35
● Illustration of “Saltbush Bill's Second Fight” by Frank Mahony, The Antipodean, Public Domain,
https://commons.wikimedia.org/w/index.php?curid=37814122
● Illustration of Henry Lawson’s The Team by an unknown artist, The Australian Town and Country Journal, Public
Domain, https://en.wikipedia.org/wiki/The_Teams#/media/File:The_Teams_-_illo.png
● Brisbane City Hall photo by Tanya Dedyukhina, CC-BY-3.0 license,
https://commons.wikimedia.org/wiki/File:Brisbane_City_Hall_-_panoramio.jpg
● Photo of Desmond Tutu provided by Lavinia Browne under the public domain,
https://commons.wikimedia.org/wiki/File:Archbishop-Tutu-medium.jpg
● Desmond Tutu quote from Steven Gish, Desmond Tutu: A Biography, 2004, pp. 101 (although potentially
originally attributable to Rolf Hochhuth, The Deputy, a Christian tragedy, Grove Press, 1964, pp. 144)
● Credit cards photograph by Nick Youngson, CC BY-SA 3.0 license, http://www.picserver.org/c/credit-cards26.html
● Wiretap meme courtesy of Reddit user benjaminikuta, February 2018
● Privacy vs. Anonymity chart used by many, but possibly originally by Adam Ludwin, 20 January 2015,
https://coincenter.org/entry/how-anonymous-is-bitcoin
34. Copyright and Trademark Attribution
36
Corporate logos used in this presentation are the registered trademarks of their
respective companies.
Logos are used for educational purposes only under fair use provisions of
copyright law. The lowest resolution visible to the audience was used.
Editor's Notes
On the 11th of September, warplanes bombed the presidential mansion. Within five hours, the president committed suicide in his office as Army troops supporting the coup stormed the building.
The oldest and most apparently stable democracy in its region was toppled by its own federal police and military.
This was no simple power grab. The culprits were well known: A deadly combination of foreign interference in elections, including from a superpower’s intelligence agencies, and the raw greed of those controlling access to rich mineral deposits combined to create an atmosphere of political bifurcation. Right wing parties controlled the legislature while the left controlled the executive.
The date was the 11th of September 1973. The place was La Moneda the presidential palace of Santiago, Chile.
The president was Salvador Allende, a physician and the first Marxist ever elected to lead a democratic country.
In the three years that followed, the government of dictator General Augusto Pinochet imprisoned 130,000 people in country where 50% of the GDP was controlled by only 300,000.
What, I hear you ask, does this have to do with libraries? Everything, it turns out, because it has to do with data and how we choose to use it in our societies.
Librarians, and a few philosophers, have been the only ones asking questions about data, its organisation, its long term storage and the ethics of its access for many centuries. This has been true across many forms of government since Aristotle first organised his books in a hierarchy and Callimachus of Cyrenae expanded that system in the Pinakes.
Allende’s government had spent three years attempting to remove foreign control of the key mining industries, especially copper. They did that by nationalising those industries, and attempting to run them from the government.
This is not the bridge of the original Star Trek series; it is the operations room of Project Cybersyn, the government control centre of the new economy. Cybersyn collected an unprecedented amount of data from 500 factories via a network of telex machines. Data was collected on individual workers, such as when they did or not show up for work, as well as production schedules.
Data from Cybersyn was used to organise relief supplies coming into Santiago during a truckers strike. The breaking of that strike would be used to justify the following year’s coup.
NB: Cybersyn is a portmanteau of the words "cybernetics" and "synergy".
It was not the first time in history data collection was used to facilitate a coup or the brutal crackdown that followed.
The Nazi Party used census data first collected in 1840s Prussia to perpetrate the Holocaust. A question regarding household religion was added to the census nearly a century before it was used by Nazi eugenicists under the Nuremberg Laws to determine who was allowed to marry, who could be permitted to have children, and finally who was sent to concentration camps for enslavement and execution.
The amount of data involved was tiny: How many people in a house, their ages and gender, what was the family religion? By 1970s Chile, when did they show up for work?
It was not much more than the birth and death listings most often kept in a family Bible.
NB: My own father’s birthday was originally written in such a document, and eventually transferred to county records. But my grandmother was off by a year. It was easy to happen after ten children and while running a family farm, but it was a source of frustration to my father when he went to enlist in World War II, or to acquire his retirement benefits.
These basic forms of data collection were the common experience of Australia’s current culture’s formative years.
It wasn’t that long ago.
We don’t think about how quickly this has changed.
The Brisbane City Hall was built, mostly by hand, just two generations after Patterson and Lawson wrote their most well-known works. Elsewhere, countries were already creating skyscrapers that would require the marriage of people and increasingly capable machinery to build.
NB: Within the living memory of my parents
Brisbane City Hall, started 1920, finished 1930
Empire State Building, started 1930, finished 1931
Last year I watched a house across the street from me being built in St. Lucia by only two men - and some very capable remote controlled robots.
Our machines have moved well beyond their ability to help us physically. They are now helping us create, manipulate, distribute and communicate information.
As our populations grew, it was our Governments who would act as trusted third parties for transactions that would prove situational identity, e.g. library card, door pass, drivers license.
These are all done in advance for later use.
They help us navigate a world full of strangers with whom we must interact.
But those abilities come with a warning label.
Power and greed can change a society very, very quickly.
We are now in a period of time when the data we both produce and collect for use is growing at an unprecedented rate.
Our machines are also creating data for us and about us. 2013 was the first year Internet traffic was created majority by machines. Human Internet traffic has been in the minority ever since.
Our data is also (disproportionally) moving out of our hands.
We are giving this data to others to hold for us, and often for it to be used to advertise to us, sell to us, manipulate our behaviours, and sometimes to control our behaviours.
Our new sources of data come predominately from corporations, not from governments. In most cases, it comes from our actions as we move through our digital world.
Our credit cards are joined by loyalty cards, such as Fly Buys, Velocity, coffee cards, etc. These are all opportunities to give data about your life and your habits to someone.
The key to collecting information is to develop systems where users willingly provide it.
Facebook and other social networks followed the card companies in this business model.
Google performs 2.3M searches per minute, and considers 200 factors to arrive at each search result. That is a staggering amount of data about our personal lives. It is, in short, the greatest tool for authoritarianism ever produced.
We are even inviting these systems into our personal lives, sometimes in very intimate ways.
We have learned this year that Google, Apple and others have been able to distinguish when home users of these technologies have been sleeping, eating, working, and having sex. Of course, they also know when you are home and when you are not.
You might think this is hardly mainstream, but last year Fortune magazine reported “32% of the country already owns a smart speaker and another 16% plan on getting one this holiday season.”
Children, and their habits, are now often tracked from birth.
Starting in 2016, China’s Social Credit System is actively implementing a system based on strong knowledge of identity and reputation to decide who is more valuable for work, housing, social mobility, and travel.
What kind of society do we want?
The Social Credit System has been called, in headlines, a privacy invasion, state innovation, a way to restore trust in society, an Orwellian degree of control.
Which is it? Well, all of them, of course.
What are we to do? Should we go “all in” as China has (and India might), defer entirely to corporations like the U.S., legislate privacy like the E.U.?
We do have hints of other options if we analyse what we mean by privacy.
The Bitcoin and Ethereum blockchains have shown us it is possible to conduct anonymous transactions in plain sight.
The W3C, the organisation that brought you the Web and ensured it was built to be accessed by all of humanity, has taken up this challenge.
However reluctantly.
Let’s have a quick look at a credential. They all have similar characteristics.
We get our credentials from somewhere (e.g. Government, Facebook), they are stored somewhere, and used to prove who we are (and what we should have access to).
Cryptographically secure… could be a problem at the moment.
This is a problem because we cannot trust the people currently doing it for us.
Marriot: 2018
Equifax: 2017
AFF: 2016
Ebay: 2014
Yahoo: 2013
Target: 2013
Australia 2019 (Jan only!):
Nova Entertainment
Victorian Public Servants
Hawthorn Football Club
Big W
Early Warning Network
Marriott (again) and Starwood Hotels
NSW Department of Planning and Environment
First National Real Estate
Fisheries Queensland
Collection #1
Optus
SkoolBag
My Health Records
Facebook
The companies working to implement verifiable credentials generally wish to offer you a service, for a fee. There are currently 13, including some of the big ones, who have committed to an implementation of the upcoming standard.
We have yet to determine how blockchain-based monetary systems, distributed identifiers, or similar technologies will impact our societies. Of particular note is our involvement with law enforcement.
Sometimes the only thing that protects us is the aphorism that “real data is dirty”.
The data others hold about us is not always accurate, nor timely. However, it is getting more so on a daily basis.
It is time to protect ourselves by design.
This suggestion is simply another level of indirection. So, a caveat.
David Wheeler: First PhD in CS (Cambridge, 1951) and inventor of the subroutine.
Wheeler is most often misquoted by leaving off the end of his sentence. It is wise to take heed.