In computer systems it is common to construct digital gates around a service. The most common example is a username and password login gate that does a combination of authentication (i.e. verifying who is accessing the service) and authorization (i.e. what functions of the service can be executed). This approach for gating digital access is being blindly applied — without deeper contemplation — to vaccine passports and digital gates in the physical world with the explicit goal of denying people access to resources that were considered a human right as recently as this past spring. It is time to present a theoretical model describing the oppressive characteristics of naïve pervasive digital gating of real-world access and show why identity cannot be an input available to digital gates. With this new perspective, I will present a novel solution that achieves the same function as legacy self sovereign identity authorization while also starving the digital gates of the data needed to sustain oppression. This article is an attempt to better understand the nature of digital gates so that we can all reason intelligently about them— before their use is pervasive — because, once these digital gates go up, it will be impossible to dismantle them peacefully.
The chaotic world we live in, born of hypernormalization, is now taking on the characteristics of the Matrix. I wake every morning to a fake, digitally distorted world constructed of social media gas lighting and formerly respected news agencies yelling propaganda. The mass confusion makes it impossible for us to imagine any reality different from the current status quo — one consisting of equal parts anger and division and chaos. Instead of following the natural epidemiological process to transition COVID from pandemic to endemic status through narrowly applied and limited vaccination, we are panicking. Our totalitarian impulses have awakened, largely from a lack of social cohesion, and the digital vaccine passport and associated digital gates are giving this fake digital world the fingers and hands and arms needed to reach into the physical world to grab us and push us around.
After 150 years of shared humanitarian concern and charitable giving to ensure open and stable access to food, water, shelter, medical services, and economic opportunity for all humans on this planet, we are suddenly screaming out in fear, demanding we build digital gates explicitly designed to block people from the stuff of life. So many people I know that used to be life long defenders of human rights are now calling for the mass segregation of society, enforced with the scalable efficiency of mobile app technology. Without extreme care and honest contemplation of this application of technology, what started as a passport back to normalcy will immediately become a global social credit system and represents the dawn of a new era of global totalitarian control.
All digital gates operate in such a way that maximizes value for the gate operator. The value not only includes maximizing monetary profit but also minimizing regulatory and fraud risk, maximization socio-political power and minimization the socio-political risk of the operating organization. To maximize the value, the digital gate integrates all information available to it at the time of an authorization event. This includes the information presented to the gate by the passport holder as well as information available to the operating organization through business relationships, public databases, and other public sources of information such as news and social media. The formula for maximizing the value is given as the following but don’t worry too much about understanding this right now.
Let’s exercise our brains a little in an attempt to model the functional system of a digital gate using math. I’m going to use some very light mathematical notation along with explanations to hopefully get you beyond superficial understanding of their nature. The first nibble of math is to understand what is meant by a “set”. Sets are a collection of things, often called “elements”, and in our case they will be pieces of data. Considering the explanation given in the previous paragraph, digital gates operate on the set of information presented to the gate by the passport holder as well as the set of information available to the operating organization from all other sources. Sets are denoted using curly braces. So lets define all of the information presented to the gate from the passport holder as the set of all values the holder is required to present to the gate.
Next, let us define the information presented to the gate from the operating organization as the set of all values available to the operating organization.
So far so good. Let us simplify the notation for all of the inputs to a gate as the combination — also called a union (∪) — of the two sets of values.
If the set of inputs from the holder has the values {1, 2, 3} and the set of inputs from the organization has the values {5, 7, 9}, then the union (∪) of the two sets is the set with values {1, 2, 3, 5, 7, 9}. The above notation just says that the digital gate will take as input all of the values from the holder and the organization when it makes a decision. Got it? Good.
In mathematics, any function that takes a set of input values and calculates a specific outcome is called a decision function. We’ve already covered the notation for the inputs so let us now define the set of possible outcomes from the digital gate’s operation.
This just says that the outcome of the gate will have a value from the set of all possible outcomes. If we assume that our digital gate’s purpose is to decide if the passport holder can pass the gate or not, then we can refine the definition further.
If the only outputs from the gate are “pass” and “fail”, then the output from our digital gate will always be either one of those.
Now that we have definitions for the inputs and outputs to the gate’s function we can write the function of the gate as an equation.
Sorry if that looks scary. Hang in there. Let me explain. The decision the gate comes to (D) is the sum (Σ) of all of the outputs of a function (f) calculated with each value (v) from the set of all inputs (I). This isn’t quite correct because this implies the direct mathematical sum (e.g. 1 + 2) and what we really mean is more of a logical combination (i.e. if this is true and that is true then then is also true). I wanted to start there because the actual notation for the function of a digital gate is much more abstract. If you’re really curious, go and read the full definition of a decision function. We don’t need the full formal notation for decision functions to think critically about digital gates so from now on I am just going to use the following simpler notation.
This just says, there is some operation (δ) that takes all available inputs (I) and comes to a decision from the set of possible decisions (D) and since the set of possible decisions in our example is just pass/fail then we can simply write the following.
I promise that is all of the math equations for a while. I needed you to get here because the rest of this article is focused on the operation (δ) and how it changes when the set of available inputs (I) also changes. Again, the goal of this article is to show that the operation of digital gates radically shifts from explicitly honest to tacitly dishonest when the identity — or any identifying information — of the holder of the passport is part of the available inputs. I argue that digital gates cannot be allowed to operate on any identity or identifying information about the passport holder if we want to avoid building a global social credit system. The identity is what is used to map the holder into the massive databases and empirical models that surveillance capitalists have built on all of us over the last couple of decades. We’ll be revisiting the math in a bit when we integrate the socio-political arguments with the mathematical reasoning in the end.
If you analogize the reading of this article to eating a fantastic お任せ sushi meal, then this is the point between courses where you sip the sake and eat some ginger to clear your palette. The first course was interesting and a bit outside of your comfort zone, the next course will hopefully scare you a little. Be brave, keep reading and think new things with me.
Right now most public spaces and publicly available resources have no digital gates in front of them. Think about that for a moment. Most, if not all, public spaces and social resources open to the general public have no digital gates in front of them. That means anybody can enter and participate without having to identify themselves or be identified in any other way. Sure, we are seeing rampant video surveillance and facial recognition being deployed which subjects us to non-consensual identification, but for now, those systems are not integrated into any access gating mechanisms. For the most part, public spaces and resources remain open to everybody and any identification of people remains passive and does not lead to discrimination of who can and cannot enter.
Because there are no active identification and access gating mechanisms it is plausible for any corporate officer or public official to deny that they know if any one person is, or people are, using their company or governmental services. Right now corporate officers and public officials can claim ignorance if they are ever accused of giving access to, or tacitly supporting, anybody that is a dissident, protestor, or persona non grata of any kind. This is a very important idea to hold in your head because it is the specific realization of the phrases “created equal” and “equal treatment” in our every day lives. It means that most companies, from grocery stores to bowling alleys to movie theaters, cannot be accused of “giving a platform” to any particular disfavored person or group.
A fundamental shift away from equal treatment comes after digital gates go up that can identify the people using the space and/or services. The plausible deniability that previously protected corporate officers and public officials evaporates and those in charge become subjected to immense socio-political pressure to prevent persona non grata from entering their spaces and to deny them service. Social media is the accelerant that makes the white hot heat of mob pressure nearly instantaneous and much more intensely focused. In places where digital gates have always been in place — such as online social platforms and services — we have observed for years that the lack of plausible deniability is the primary point of leverage the mob has for pressuring companies into denying access to disfavored people.
Because of the immense socio-political risk for organizations and leaders, the gates they build always integrate public sentiment in its functioning if for no other reason than to minimize that risk. For corporate officers, fiduciary responsibility demands that they do it. For public officials, political pressure demands that they do it too.
You’re now at a point where you can understand the fundamental thesis:
Digital gates always operate as if the most valuable data to the operator is the only input to the gate.
To better illustrate this, imagine if there was a COVID vaccine passport check that patrons to a children’s play area had to pass before entering. If the gate allowed a vaccinated person known to be a serial child abductor to enter the play area what would people be most concerned about? Is it the fact that the person is vaccinated or the fact that the person is a known child abductor in a children’s play area? I’m willing to bet — and I’m going out on a limb here — that the public sentiment in this case is much more concerned with the child abductor status of the person instead of their vaccination status.
The fundamental thesis of this paper is that all digital gates that take identity data as an input will always operate as if the identity data is the only input to the gate. This is simply true because in our current world, identity data is the most valuable data to operating organizations trying to minimize socio-political risk while maximizing financial profit. We already have a name for systems that use digital gates to minimize socio-political risk: social credit systems.
As long as digital gates take as input any identity data — or any correlating data that deanonymizes people — they act as social credit enforcement mechanisms without any explicit intention to do so simply because of the incentives they operate under. More importantly, they will do this without any top down conspiracy or collusion. All that is required is for the identity-based digital gates to be built in the first place and the social credit system will follow automatically.
Digital gates that are ostensibly enforcing COVID immunity status will actually be neurotically paranoid about who it is allowing into the space as well as…mumble…mumble…mumble…(nothing else really). The gates will operate in a tacitly dishonest way: claiming to check immunity status but in reality enforcing the social credit score of all people trying to pass through it. It doesn’t even matter what the reason why is. Child safety? Public safety? Community cohesion? Insurance won’t cover us? Just following orders? It does not matter, the justifications will be formulated after the fact. The combination of incentives to minimize socio-political risk and maximize monetary profit leads to the assumption that the gates will come out of the box enforcing social credit automatically. The root of the problem lies with building gates that operate on identity information in the first place.
Let us assume that there is nothing we can do to stop digital passports and the construction of digital gates in front of everything. The only way to avoid the social credit dystopia is to deny the digital gates any identity or correlating data — and in fact any other data — not relevant to the explicit purpose of the gate. If the gate is checking for COVID immunity status, it can only be allowed to take that information as inputs. But there is a problem with this that you may have spotted already. In reality eliminating all identity data is impossible to accomplish using traditional authorization and authentication techniques because without a second piece of data — such as the passport holder’s identity or a photo — tying the COVID immunity status to the passport holder, the status data can be used by anybody and the gate would fail its function. So is it possible for a gate to do a COVID immunity status check that takes the holder’s status and identity without giving the gate the identity information as an input? Based on our discussion so far, we have eliminated the possibility that the person transmits the data to the gate to be processed, but what if we move the gate’s processing to the data instead?
Moving the processing to the data is precisely what has to be done to eliminate all of the identity and identifying data from the set of inputs to any digital gate. This applies not only to COVID immunity status checks but to TSA security checks to get onto a flight, ticket checks to get into a sports arena, anti-fraud checks when making a payment, background checks for renting apartments, credit checks for taking out a loan, ticket and warrant checks when getting pulled over, age checks when we enter a bar, education and work history checks when applying for jobs, medical history checks when we go to the doctor, and on and on and on. Our world is full of digital gates that run checks on our personal data all of the time. These existing gates are already beginning to integrate socio-political risk minimization in the form of “reputational risk” checks. They are also creating privacy regulation problems for the operators who collect the identity information as well as security risks associated with keeping that data safely stored.
In my previous articles on Zero Trust Architecture and Achieving Absolute Privacy, I attempted to integrate the Authentic Data Economy with a Unified Theory of Decentralization to build a new reality for digital transactions that follows the Principles of User Sovereignty. As I have stated many times before, I don’t like to burn down ideas in peoples’ minds without having new ones to replace them. In this article I am going to take what we have learned about digital gates and the risks of allowing identity to be an input and show that there is a new solution that uses novel cryptographic techniques to enable digital transactions that remain explicitly honest in function while also automating privacy regulation compliance and eliminating the security risks associated with collecting private information from people.
I introduced the idea of cryptographic qualifications in my previous article about Zero Trust Architecture however I remained light on the details of exactly how cryptographic qualifications work. Previously I described qualifications as the result of the holder executing the policy-as-code script from the digital gate on their private authentic data to produce a yes/no, pass/fail answer for the gate. I want to unpack all of that a little and map it back to real-world cryptography and software engineering.
The first detail to look at is the authentic data that is fed into a cryptographic qualification. If you have read my article on the Authentic Data Economy you should have a pretty deep understanding already. In short, authentic data is data created from a known source (e.g. USAA Bank, Equifax, or the Social Security Administration) and has an associated provenance log that tracks its history (i.e. when it was created, etc) as well as cryptographic proof that the data has not been revoked. Authentic data comes with cryptographic proof of where it came from, who it was given to, that it hasn’t been modified, and the creator of the data still agrees that it is valid. As a related example, your drivers’ license is a form of authentic data in the real world. It contains proof of which state department of motor vehicles issued it, who it was issued to, the holograms prevent it from being faked or modified, and the expiration date and the valid drivers’ license database can prove that the license hasn’t been revoked.
The infrastructure needed for the authentic data economy is surprisingly minimal and fully decentralized. Provenance logs are trivial records of cryptographic hashes and digital signatures and key history for the creator and holder of data. The cryptographic proofs of existence for the provenance logs themselves must be stored somewhere public and secure (e.g. in a public blockchain) but those proofs can be stored in something called a cryptographic accumulator that allows many billions of proofs to be stored in them without growing any larger than 32 bytes in size. This makes it trivial to store billions of proofs-of-existence for billions of provenance logs in a single Bitcoin transaction. This effectively eliminates public blockchains from limiting the amount of authentic data that can existing in the world or the speed at which we can create authentic data. It is important to note that all of this is fully decentralized. In the diagram on the side above, it shows that the issuer of the authentic data has to publish provenance logs and non-revocation proofs for the authentic data they issue to holders. The issuers can use any online storage for this data and it will most likely land on their web server or some public storage such as Amazon’s S3 product. The aggregator in the image is responsible for taking the published data from issuers and getting it to the digital gates, or verifiers so that they can verify the validity of the cryptographic qualifications given to them from holders. There is no central aggregator envisioned, in fact, there can be many aggregators and even public and free ones as well. In the end, the authentic data economy creates a method for transmitting trusted data to the point of verification without any centralization required. An appropriate analogy would be that this is a decentralized system similar to email that transmits trust instead of messages.
The novel idea behind zero architecture is the combination of authentic data as inputs to verifiable computations. To be specific, zero architecture uses an approach called non-interactive zero-knowledge proof of correct computation that doesn’t require a trusted setup. This just means that verifiers can translate the business logic that requires identity and/or other private data into a very large math equation that they give to the holder of private authentic data to solve. The holder uses their private authentic data as inputs to the math equation and they calculate other values that make the equation evaluate to the expected result.
The holder of authentic data receives the verifiable computation from the digital gate which means the set of inputs to the qualification can be written as the following.
In the case of a COVID immunity status check, the expected result is that the holder is immune to COVID. Their identity has to be part of the inputs to the calculation to bind their immunity status data to their identity in the computation of the expected result. If the holder can successfully create a solution to the equation with their private authentic data as inputs then they pass the check.
What the holder sends back to the verifier is the passing result along with the cryptographic proofs that the inputs to the verifiable computation are authentic, unmodified, and non-revoked and also proof that the computation was done correctly. This eliminates the sharing of identity data with the digital gate and forces the gate to be explicitly honest in its function.
Zero architecture is good for holders, good for operating organizations, and good for society at large. Holders are able to maintain absolute privacy while still transacting in person and online. Operating organizations eliminate their socio-political risk by maintaining plausible deniability that they do not know who is entering their public spaces and/or using their public services. Societies avoid the alignment of policies, incentives and capabilities that lead to a social credit system. “Open to the general public” remains true and our society can honestly stay egalitarian in nature.
We all have value regardless of who we are, but this new age of digital gates ignores that. Blocking access to society and the necessities of life is anti-human, anti-egalitarian, and represents a form of insidious violence new to the human experience. We are facing a perverse alignment of socio-political risk management, financial and political power incentives, and digital capabilities that will automatically create a global social credit system and hold our tradition of liberty under the water of totalitarian control, starving peaceful existence of the oxygen it needs to survive. If we can’t stop the gates from being built in the first place, knowing that the gates will operate as if identity information is their only input gives us the wisdom to demand that identity cannot ever be included as inputs. Thankfully we now have zero architecture as a way to move forward the advancement of technology while relying upon cryptography — and not the frail constitution of people — to protect our future from dystopia. Cryptography is power as real as a loaded gun. No amount of money or political will can ever break it when it is used properly.
Digital gates cannot accept identity as input, ever. Unfortunately existing solutions such as the Good Health Pass, Vaccine Credential Initiative, Excelsior Pass, Green Pass, and others do not operate in a way that identity can and will be kept from the digital gates. These solutions and their associated gates should not ever be built because the descent into social credit dystopia will be automatic and nearly instantaneous. People won’t notice when the Matrix changes to a global totalitarian system but if we continue down this road it is certain to.