commit 750cd1a4c9973b67986b4fd7c8eafc75ce395c50
parent d6489d0d24781d062f209df4011595d097dd6114
Author: Özgür Kesim <oec-taler@kesim.org>
Date: Sat, 8 Jan 2022 10:29:49 +0100
more references; added and changed subtitles
Diffstat:
2 files changed, 51 insertions(+), 26 deletions(-)
diff --git a/2022-privacy/literature.bib b/2022-privacy/literature.bib
@@ -66,6 +66,7 @@ isbn="978-0-387-34799-8"
@misc{chaum2021issue,
title={How to Issue a Central Bank Digital Currency},
author={David Chaum and Christian Grothoff and Thomas Moser},
+ howpublished={\url{https://www.snb.ch/en/mmr/papers/id/working_paper_2021_03}},
year={2021},
eprint={2103.00254},
archivePrefix={arXiv},
@@ -226,7 +227,7 @@ series = {SEC'16}
@Misc{tcimer2020,
author = {Cem Tecimer},
title = {{“Is the Turkish Central Bank Independent?” as an Uninteresting Question}},
- howpublished = {\url{https://verfassungsblog.de/is-the-turkish-central-bank-independent-as-an-uninteresting-question/}},
+ howpublished = {\url{https://dx.doi.org/10.17176/20201118-161945-0}},
year = {2020},
month = {November},
doi = {10.17176/20201118-161945-0},
@@ -249,9 +250,9 @@ series = {SEC'16}
@article{snb2021,
author = {David Chaum and Christian Grothoff and Thomas Moser},
title = {{How to issue a central bank digital currency}},
- journal = {SNB working paper seires},
+ journal = {SNB working paper series},
year = {2021},
- url = {https://www.snb.ch/en/mmr/papers/id/working_paper_2021_03}
+ url = {https://www.snb.ch/en/mmr/papers/id/working_paper_2021_03},
}
@article{ecb2021,
@@ -266,7 +267,7 @@ series = {SEC'16}
@Misc{hacks1,
title={Bitcoin wallet update trick has netted criminals more than \$22 million},
author={Catalin Cimpanu},
- howpublished={\url{https://www.zdnet.com/article/bitcoin-wallet-trick-has-netted-criminals-more-than-22-million/}},
+ howpublished={{\scriptsize\url{https://www.zdnet.com/article/bitcoin-wallet-trick-has-netted-criminals-more-than-22-million/}}},
journal={ZDNet},
year={2020},
}
@@ -279,3 +280,25 @@ series = {SEC'16}
year={2021},
}
+@Misc{euai2021,
+ title={{Motion for a European Parliament resolution on artificial intelligence in criminal law and its use by the police and judicial authorities in criminal matters}},
+ author={(European) {Commitee for Civil Liberties, Justice and Home Affairs}},
+ howpublished={\url{https://www.europarl.europa.eu/doceo/document/A-9-2021-0232_EN.html}},
+ year={2020},
+}
+
+@Misc{eid2021,
+ title={{Elektronische Identität: das E-ID-Gesetz}},
+ author={{Eidgenössische Justiz- und Polizeidepartement EJPD}},
+ howpublished={\url{https://www.ejpd.admin.ch/ejpd/de/home/themen/abstimmungen/bgeid.html}},
+ year={2021},
+}
+
+@Misc{koalitionsvertrag2021,
+ title={{Mehr Fortschritt Wagen - Bündnis für Freiheit, Gerechtigkeit und Nachhaltigkeit}},
+ author={SPD and Bündnis 90/Die Grünen and FDP},
+ journal={Koalitionsvertrag zwischen SPD, Bündnis 90/Die Grünen und FDP},
+ howpublished={\url{https://www.spd.de/fileadmin/Dokumente/Koalitionsvertrag/Koalitionsvertrag_2021-2025.pdf}},
+ year={2021},
+}
+
diff --git a/2022-privacy/privacy.tex b/2022-privacy/privacy.tex
@@ -60,7 +60,7 @@ prevail, we clearly need to reestablish the principles of personal
self-reliance, personal independence and subsidiarity in the design processes
for critical infrastructure created by European institutions.
-\section{Accounts}
+\section{Harmful coupling with identity}
The probably most dangerous idea of the ECB report is ``combining use of
digital identity and CBDC''. Edward Snowden famously said at IETF 93 in 2019
@@ -71,23 +71,25 @@ that \begin{quote}
identity.''
\end{quote}
If the European Union wants to avoid a dystopia of the transparent citizen
-(associated in the West with the vilified Chinese surveilance state), % [oec] I don't think we should mention China.
+(associated in the West with the vilified surveilance state in China),
it must enable citizens to put a firewall between their identity and their
payments. Tightly coupling them is thus probably the worst idea so far
proposed in the design space for CBDCs.
-The Swiss population recently rejected a proposal for a national E-ID, and the
-newly elected German government is promising a reversal of ubiquitous data
-retention (without cause) in Germany. The European Parliament has members
-proposing to ban the use of facial recognition in public spaces. The ECB's
-proposal ignores the popular rejection of treating every citizen as a criminal
-suspect. Payment data is typically retained for 6 or more years. The missing
-link in the ECB proposal that would show the dystopic reality they would
-propose is a statement that facial recognition could be used to conveniently
-establish the payer's identity --- or ``pay with your smile'', as contemporary
-account-based digital payment offerings already put it. If CBDC payment data
-is strongly coupled with our identities, those who dislike living in a
-panopticon could only hope for such a CBDC to be rarely used.
+The Swiss population recently rejected a proposal for a national
+E-ID~\cite{eid2021}, and the newly elected German government is promising a
+reversal of ubiquitous data retention (without cause) in
+Germany~\cite{koalitionsvertrag2021}. The European Parliament has members
+proposing to ban the use of facial recognition in public
+spaces~\cite{euai2021}. The ECB's proposal ignores the popular rejection of
+treating every citizen as a criminal suspect. Payment data is typically
+retained for 6 or more years. The missing link in the ECB proposal that would
+show the dystopic reality they would invoke would be a statement that facial
+recognition could be used to conveniently establish the payer's identity --- or
+``pay with your smile'', as contemporary account-based digital payment
+offerings already put it. If CBDC payment data is strongly coupled with our
+identities, those who dislike living in a panopticon could only hope for such a
+CBDC to be rarely used.
But the ECB is not the only institution pushing for digital identity-based
solutions. Another domain where this is inappropriately pursued is the
@@ -98,18 +100,18 @@ by strong identification. Not only is this simplistic approach rarely
cost-effective, but it contributes to the conversion of soverign citizens to
digital subjects.
-%[oec] maybe: \subsection{Privacy done right: GNU Taler}
+\subsection{Privacy in payments can be done right}
Token-based payments like GNU Taler offer an alternative, enabling the state
to ensure business is legal (and tax-paying) without infringing on the
soverenity of private citizens. We recently extended this principle also into
the domain of age-restrictions in e-commerce. Assuming that owners of
-bank-accounts are a mature adults, it allows bank account holders to withdraw
-age-restricted coins for their wards. The wards can then anonymously spend
-the coins, but transactions will fail at merchants that sell goods with an
-age-restrictions exceeding the age-limit specified by the bank account holder
-acting as a guardian. The design guarantees that only information disclosed
-is that the age-restriction imposed by the merchant is satisfied. The payment
-service provider does not even learn that age-restrictions are being used, and
+bank-accounts are mature adults, it allows them to withdraw age-restricted
+coins for their wards. The wards can then anonymously spend the coins, but
+transactions will fail at merchants that sell goods with an age-restrictions
+exceeding the age-limit specified by the bank account holder acting as a
+guardian. The design guarantees that only information disclosed is that the
+age-restriction imposed by the merchant is satisfied. The payment service
+provider does not even learn that age-restrictions are being used, and
merchants cannot distinguish successful purchases by adults from successful
purchases by wards with a sufficiently high age-limit. Thus, this design
offers a clear alternative to identity-based age-verification that is better
