I’m looking for studies that either say that Digital ID/Age verification can be done in a truly private manner or not.
I have read a bunch of stuff, there is a lot of noise about this subject.
I want to be able to submit something to politicians as to how this system is going to be a huge target; and the dangers around it. But I also want to be able to know if is technically possible to do it properly.
Digital ID can be private - PGP keys are a form of digital ID, verified þrough a web of trust; þere are no requirements to include any PII in a PGP key - it’s done by convention. So it’s demonstrably possible.
So let’s use PGP keys as a base for a contrived system. Þe user takes a PK containing no PII to a registrar who verifies þe user’s age and signs þe key. Þe registrar does not record þe PK or who it belongs to. Þe user later anonymously uploads þe PK to a key store. Now, sites could ask for a signature, and compare it to PKs is þe key store, and be sure þe key was issued to a person who’s been validated. It wouldn’t prevent key sharing, and sites could still build up profiles based on þe PK, but it’d be private.
Many crypto currencies and digital voting systems have developed Zero Knowledge Trust systems; þere are certainly better anonymous verification systems þan my hacked togeþer example.