@Jeremy_Kirk @CyberGovAU @Optus @medibank @ClareONeilMP So there’s a wicked problem of scale in the digital realm. Small businesses can’t afford security but they can’t not computerize. Cloud is an important security methodology but very few companies will have no client systems at all, so most will remain at risk of breaches. @Jeremy_Kirk @CyberGovAU @Optus @medibank @ClareONeilMP The answer is crystal clear but also expensive.

Regular computers must be better.

Intrinsically secure.
Safe default settings.
With no aftermarket security needed.
Robust.
Simple to use and comprehend.

@OpenIDExchange Indeed we still need governance, at various nested levels. The world is full of "trust frameworks" (as every trust framework tutorial says at the very outset). The trick with digitising credentials is to minimise the introduction of new and novel governance. -/2 @OpenIDExchange So we should start with the way credentials are governed by their respective communities. The nursing profession for example credentials its members, with rules for what the credential means, how it's issued and relied upon. -/3

“If punishment is ... to shape future behaviors, then I think that is a justifiable way to dole it out” — ⁦@bgreene⁩
But there’s no “if” about it, because the universe can only play out one way. @Forbes⁩ forbes.com/sites/dporterf… This seems to point to something like the Anthropic Principle. If everything is strictly deterministic and the universe can only play out one way, then our social institutions weren’t designed. Yet they seem to function with sensible outcomes (which Brian even appeals to).

A rant about #trust following the terrific discussions at #IDPolicyForum yesterday and today.
#digitalidentity
THREAD ... 1/9 "Trust" of course is talked of everywhere. In #IDPolicyForum, a speaker bounced around from cryptographic trust, hardware roots of trust, and an anecdote about trusting the conference organiser because they were introduced by a mutual friend.

'What should Biden do in #DigitalIdentity?' panel, @RossNodurft carefully draws a distinction between [the prospect of a] "National ID" versus a "national approach to digital identity". Hear hear!! #IDPolicyForum In Australia, any mention of national approaches to digital identity as national infrastructure sadly gets bogged down in the spectre of a dreaded National ID. #IDPolicyForum

Up next @RepBillFoster of the #FosterBill #IDIA2020 and his optimism for congress to make policy progress on #digitalidentity for American citizens. #IDPolicyForum '90% of Americans have access to smartphones' -- @RepBillFoster #IDpolicyforum #digitalidentity #infostructure

@rohitprabhakar @rwang0 @fxrseen @drsubirsaha @neeraj @vfiorese_ @roxanasoi @hessiejones @AlaricAloor @sarbjeetjohal @MiaD @jrhunt @defcon_5 Thanks Ray for the recommendation. I'm not sure where to begin except to say I don't have special insights into public trust. I tend to agree there seem to be stereotypical differences between countries in the public's trust in government versus trust in business. -/2 @rohitprabhakar @rwang0 @fxrseen @drsubirsaha @neeraj @vfiorese_ @roxanasoi @hessiejones @AlaricAloor @sarbjeetjohal @MiaD @jrhunt @defcon_5 2/n: So the cliche goes that Americans distrust government but have faith in the invisible hand of the markets, and so they "trust" businesses more (shudder quotes are deliberate when we're talking in such broad generalizations). -/3

@Jo_Plays @bhaines0 @IdentityHutch @WomeninID @dgwbirch @windley @IdentityWoman @Libra_ What makes digital identity (call it "ID" here) so hard?

1. There's a always been this strong drive to make ID reusable, to reduce on-boarding friction, reduce accounts & passwords, save cost, even make money. -/2 @Jo_Plays @bhaines0 @IdentityHutch @WomeninID @dgwbirch @windley @IdentityWoman @Libra_ 2. Most ID initiatives (especially Federated Identity) are based on something of a false intuition. We look in our purses and see dozens of identities that all seem the same. -/3

[I'm dropping all @'s now to avoid annoying people]