tag:blogger.com,1999:blog-8704899696538705849.post1909890545068605241..comments2024-03-28T02:32:17.979-07:00Comments on EU Law Analysis: To Use or Not to Use the European Digital Identity Wallet: Data Protection issues in the ongoing legislative debateSteve Peershttp://www.blogger.com/profile/05869161329197244113noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-8704899696538705849.post-85041651645299536872022-11-12T12:01:41.895-08:002022-11-12T12:01:41.895-08:00This comment has been removed by a blog administrator.Daniel Griggshttps://www.blogger.com/profile/00645054964071270341noreply@blogger.comtag:blogger.com,1999:blog-8704899696538705849.post-52350528842022298312022-11-09T22:11:21.670-08:002022-11-09T22:11:21.670-08:00This comment has been removed by a blog administrator.EUMAXINDIAhttps://www.blogger.com/profile/18147742417939928866noreply@blogger.comtag:blogger.com,1999:blog-8704899696538705849.post-40579795609338741452022-10-13T03:27:52.257-07:002022-10-13T03:27:52.257-07:00This comment has been removed by a blog administrator.Rednirus Marthttps://www.blogger.com/profile/16520656876994805218noreply@blogger.comtag:blogger.com,1999:blog-8704899696538705849.post-57679093269274609462022-10-05T06:40:56.104-07:002022-10-05T06:40:56.104-07:00This comment has been removed by a blog administrator.charleneizerehttps://www.blogger.com/profile/02876813232384443831noreply@blogger.comtag:blogger.com,1999:blog-8704899696538705849.post-29703063378028807922022-09-27T05:07:23.034-07:002022-09-27T05:07:23.034-07:00This comment has been removed by a blog administrator.Education Hubhttps://www.blogger.com/profile/09705474408506788781noreply@blogger.comtag:blogger.com,1999:blog-8704899696538705849.post-6297821454836086212022-08-14T00:55:47.480-07:002022-08-14T00:55:47.480-07:00It is relevant to consider that the eIDAS Expert G...It is relevant to consider that the eIDAS Expert Group is reversing the political intention 100% in order to enforce back door data retention. <br /><br />Through enforcing a "Unique and persistent identifier" in an architecture designed to be technically impossible to secure, the bureaucrats are enforcing data retention with no possibility of Privacy by Design or GDPR compliance.<br /><br />Adding support for zero-knowledge proofs in eIDAS has been a wish for a long time. The way it is done is terrible and will not provide the end user control of data in transactions as intended, but at least it is likely to enable alternate data flows.<br /><br />I described how EU Digital Wallet is designed to fail in a webinar arranged by Privacy Engineering in the Netherlands.<br />https://www.youtube.com/watch?v=n_npR9AhFKM<br /><br />There are several huge problems, but two are categorical failures. <br /><br />1) Trying to locate key control in a software wallet means zero chance of success. There are no way to support this with smart enclave support without citizens losing data control.<br /><br />2) Tying issuance of credentials to a "Trusted Anchor" or non-pseudonymous linkable digital signature force surveillance at issuers, makes it impossible to secure the wallet and making it impossible to build a trustworty identity at the relying transaction end.<br /><br />One solution to both is to upgrade the basic PKI structure to Trustworthy PKI enforcing a control-shift from a softkey wallet controlled by BigTech to a hardware wallet controlled by the Citizen and upgrade the "Trusted Anchor" to a "Trustworthy Anchor" or a non-linkable Qualified Signature locked to purpose<br /><br />Such a solution was demonstrated at the recent EDPS Workshop on Digital Identity establishing Trustworthy Anonymity as a GDPR state-of-the-art must-carry requirement to eIDAS eID and applications. At the same time it was demonstrated how such a model can establish Trustworthy Inclusive Interoperability - even to the inherent bad wallet architecture on an interface level so issuers and relying parties can be upgraded through upgrading the client from eIDAS data retention to eIDAS trustworthy (article 24)<br />https://edps.europa.eu/system/files/2022-07/03_-_stephan_engberg_-_edps_trustworthy_pki_engberg_20220622_en_0.pdfStephan Engberghttps://edps.europa.eu/data-protection/our-work/ipen/ipen-workshop-digital-identity_en#Stephan_Engbergnoreply@blogger.com