Phil believes that I am unaware of the advantages of the user-centric aspect of an Identity Oracle. Quite the contrary, that’s the one part of the idea that I like. If I was to opt into an Identity Oracle (assuming it wasn’t compulsory), I would very much like to control what queries are allowed and be able view and approve the responses.
But that was not my original objection. My objection was to the specific use case of credit scores and how the yes or no answer really doesn’t hide the underlying data from a practical standpoint.
I believe that information leakage would be a big problem. User-centric control won’t really solve this because the average user is not going to be able to understand the identity leakage ramifications when consenting to a transaction.
But putting that aside for a moment, Phil does paint compelling picture of how an Identity Oracle would work:
Further, Jeff might also be able to choose from a list of Identity Oracle’s accepted by his employer enabling Jeff to overcome a bad/false report from one provider with an assertion from another provider. The idea that you Jeff, could stop the flow of information is truely revolutionary! In this case, Jeff, you would be able to intercept the negative report and take appropriate action (e.g. hire a lawyer). While you are disputing the negative report, your employer would not know the results until you choose to release them.
If only. If only.
Once the Identity Oracle exists and you opt in (again, assuming it’s not compulsory), any organization that has leverage over you will expect immediate and full access to all available decisions. Failure to get any access will be viewed as non-compliance. It will all be done quite politely of course:
“I’m sorry, but we can’t finish processing you job application because there are unanswered queries from your IO. Please be patient.”
“We are sorry, but you have been denied for medical coverage because you IO won’t answer the following queries…”
“Your auto insurance rates will automatically be moved to the high risk category unless your IO answers the following queries by the date indicated below. Thank you for your business.”
And of course the government will be allowed unrestricted access. As will any lawyer with a subpoena in a civil case. It’s not that they can’t get this information already; I’m just not interested in consolidating it for them.
I am deeply suspicious of where we are going on this because I have seen where we have been.