commit d8a34cb306ea37478c4ad458947e5554c21171dd
parent 28a808c373f7230fec28ace916bd5cc6560832b7
Author: Tanja Lange <tanja@hyperelliptic.org>
Date: Wed, 22 Jan 2025 01:12:17 +0100
many smaller changes to to edits, done with intro
Diffstat:
1 file changed, 21 insertions(+), 13 deletions(-)
diff --git a/doc/usenix-security-2025/paper/intro.tex b/doc/usenix-security-2025/paper/intro.tex
@@ -102,7 +102,7 @@ comes into play. Historically, people wanting to make an anonymous donation
might have an envelope with cash or a box of goods delivered. Obviously, this
was never compatible with providing tax benefits. Alternatively, they might
arrange for an expensive intermediary like a notary (although that would not be
-fully anonymous, and depend on the discretion of the notary).
+fully anonymous and depends on the discretion of the notary).
Technically guaranteed donation confidentiality is certainly
non-trivial to implement in the digital payment era. What you donate to and why
@@ -111,24 +111,28 @@ uncomfortable number of actors handling sensitive data that allows for
profiling and targeted discrimination on grounds. And there are even more that
later on may get access to it. Digital payments are logged and made accessible
to many different actors, and reporting donations to tax authorities adds yet
-(at least) one more actor to the pipeline. It is the scope of this document to
+(at least) one more actor to the pipeline. In this work we
try and solve this issue and finally introduce donation confidentiality which
adheres to ``privacy by design''.
\subsection{Overview of the requirements analysis}
-There are two types of donations we will consider. The first is {\em
+There are two types of donations. The first is {\em
ad hoc} or {\em informal donations}, which are made from individual
-to individual as {\em one time gifts} typically in appreciation of the
+to individual as {\em one time gifts} typically out of spontaneous compassion
+or in appreciation of the
work being done by an individual or collective. The second category is
{\em regulated donations} involving at least one {\em recognized}
philanthropic organization or charity. Both involve voluntary
transferal of some financial assets for which no products or services
are rendered in return.
% NOTE[oec]: what types of donations are _not_ considered, and why?
+% TL for the first time I'd include ad-hoc donations to beggars or to some
+% collection boxes; that doesn't fit well with the appreciateion but rather
+% with pity or compassion
-In the design requirements we will mostly cover donations to charities
+We focus on donations to charities
which would be eligible for claiming tax benefits as that scenario triggers the
most complex requirements.
@@ -136,9 +140,11 @@ As part of their regular operations as well as their recognition as
public benefit organizations, registered charities are already typically
subject to a variety of audits as well as strict regulatory and fiscal
scrutiny. Good causes that do not adhere to these rules are stripped from any
-fiscal benefits. At least donations to recognized public benefit organizations
-may therefore be confidential: donors should be able to freely choose whichever
-of the approved philanthropies they donate to, without disclosing which.
+fiscal benefits.
+From a regulatory point of view, it should be compliant to have donations to
+recognized public benefit organizations
+be confidential: donors should be able to freely choose whichever
+of the approved philanthropies they donate to, without having to disclose which.
We note that in some countries there are different tiers of philanthropies.
Some countries like Italy and the Netherlands have for instance particular tax
@@ -167,7 +173,8 @@ donor is not inherently traceable via the underlying payment.
This paper presents the design and implementation of a donation
protocol producing digitally signed proofs of donation that are linked
-to the donor but unlinkable to the charity on top of the GNU
+to the donor but unlinkable to the charity.
+The deisn can be used for donations made using the GNU
Taler~\cite{Taler} payment system. GNU Taler is a {\em digital
commons}, based on free software and advanced cryptography. This
means that -- unlike proprietary products -- anyone can easily extend
@@ -185,7 +192,7 @@ achieving privacy-preserving donations with tax-deductability.
\subsection{Approach}
-Today, charities issuing donation receipts which generally bear the
+Today, charities issue donation receipts which generally bear the
name of the charity. The donor often has to include the donation
receipts in their tax declaration; this means the tax authority not
only learns the amount that the tax payer donated to charitable
@@ -211,7 +218,7 @@ additional service separate from the charities and the payment system.
The Donau is responsible for recognizing charitable organizations and
tracking the total amount of donation receipts each charity is issuing
for the charitable contributions the charity is receiving. It is
-typically be expected that each competent tax authority would operate
+typically expected that each competent tax authority would operate
a Donau for the taxpayers in its domain. We note that the Donau does
not receive sensitive private information about donors: privacy is
achieved using cryptography to unlink proofs of donations from the
@@ -231,7 +238,8 @@ Section~\ref{discussion} explains extensions of the core design that
could be used to address all of the main use-cases. Many of these
extensions are simply a matter of proper integration and user
interface design, while a few presume the existence of a widely
-available digital identity system~\cite{FIXME} providing a single
+available digital identity system, such as citizen ID cards or the European
+identity wallet current being developed, providing a single
unlinkable pseudonym for each citizen per charity.
Navigating donation regulations involves adhering to a multitude of
@@ -241,5 +249,5 @@ countries. Compliance ensures trust in the philanthropic sector,
promoting ethical giving practices within a complex regulatory
landscape. Cross-border donations are particularly challenging.
We review some of the legal and regulatory background in
-Appendix~\ref{ap-back}.
+Appendix~\ref{app-back}.
