Webauthn / FIDO2 Pseudonyms does not solve the unlinkability problem #572
Description
When you follow the attempts to ignore the critical eIDAS 2.0 unlinkability requirement, we often see FIDO2 used as a excuse to ignore the fundamental problem.
The basic issue is that the citizen with art 5a.16 has a fundamental right for a qualified unlinkable signature including credentials/attributes FOR EVERY TRANSACTION.
Failure to enable this critical aspects is failure of eIDAS 2.0 wallets by design
There are a number of technical fallacies applied:
- Just because you apply FIDO2/Webauthn, you have not established unlinkability.
The basic FIDO setup is surveillance by design as the new key gets linked to the issuing device either through co-signing in the smartphone TEE or through side-channels (especially device finger-printing but the entire ePrivacy discussion apply here). Here it is important to notice that CTAP2 is inherently enforcing linkability and thereby non-compliant.
- The issues is not making a pseudonym per website, but making a qualified unlinkable identity per transaction.
If you notice the discussion, it is often assume that the problem is solved with one pseudonym per website, but failure to realize that reusing such a pseudonym is non-compliant linkability in itself.
- The naive approach of building a wallet on a smartphone ignore that smartphones cannot securely support wallets.
Smartphone are controlled by BigTech and there is no way to make a compliant sandboxed wallet within the same space that is designed to ensure surveillance/linkability for commercial agendas.
- When the above is addressed, the next layer of issues is related to combining attributes from multiple providers, including Issuers where enrollment was made using a qualified unlinkable signature and thus inherently unable to issue a credential linked to a non-pseudonym PID.
The test case is Article 71.4.(b) in the new EU regulation on health data. A compliant EU Digital Wallet can support anonymous research and provide unlinkable health data for digital services and thus establish the "alternative means" that ensure citizens have right to opt-out to profiling in healthcare.
- "Identification" is BETTER achieved by Qualified unlinkable signatures plus contextually adapted means for conditional linkability.
E.g. If the citizen create a new qualified unlinkable signature for the transaction, data are inherently free for sharing/reuse, resistant to cyberattacks and de-regulated.
If the Relying Party as part of requirement validated the existing to adher to legitimate security requirements in case of e.g. fraud/crime etc. that CAN REQUIRE AN ACTIVE ACTION to establish linkability, e.g. a judge decrypting a pre-signed proof, then you have PARETO BETTER "identification" than upfront linkable reuse of persistent identifiers.
Therefore - in the future - almost all transaction will start qualified unlinkable and from here customization to context can be customized in the dynamic process.
The first generation of wallets and especially the primitive "age verification" mechanisms are - due to failure in the ARF design process, designed to be inherently non-compliant with the most fundamental and critical requirements.
They will not improve competitiveness in EU, they will undermine security, create bureaucracy and undermine liberal democracy as such.
This is not an argument against wallets - the alternative is not allowing BigTech to maintain ownership and control. It is an argument to get the design right and actually begin designing for a future where EU valued are provided "by design" instead of "by bureaucratic rules".