Cross-Cutting Requirements Analysis: Privacy, Security, and Inclusion Gaps

[kimdhamilton]

Opening questions

• I have read the document for Wallet Building Block v1.0.0-rc
• I have read the Release Notes for Wallet Building Block v1.0.0-rc
• I agree to follow the GovStack Code of Conduct

Are these features and the model conceptually complete?

No response

Are there any concepts from those listed that you would like to provide feedback on?

No response

Are there any concepts that are important, but not considered, on this list?

No response

From the functionalities listed, would you like to provide feedback on their completeness?

No response

Are there any functionalities related to Digital Credentials Wallet that are not considered here?

No response

Out of the requirements listed, would you like to provide feedback on the completeness of the description of the requirements, or on the requirement level assigned?

Feedback on GovStack bb-wallet Cross-Cutting Requirements

Summary

This appears to be an early technical draft that lacks the broader context needed for evaluation. Without reference to legal frameworks, compliance requirements, or real-world deployment scenarios, it's difficult to assess whether the requirements are appropriate or complete.

Focusing on the technical aspects alone, the current draft is incomplete and insufficiently privacy-preserving for a government digital identity component. Critical privacy protections are marked as optional, and entire requirement categories are missing.

For these reasons, the draft is not yet ready for final review, and I will focus my feedback here on the Cross-Cutting Requirements section. I recommend engaging additional privacy, security, accessibility experts for development of the next version, and then soliciting review.

Major Issues with Current Requirements

1. Privacy Protections Marked as Optional

• Problem: Unobservability and Unlinkability are marked as OPTIONAL, which is insufficient for government systems.
• Impact: Creates a two-tier system where privacy becomes a luxury rather than a fundamental right.
• Recommendation: Change to MUST requirements. Government digital identity systems should protect citizen privacy by default.

2. Missing Critical Requirement Categories

The specification focuses primarily on basic cryptographic functionality but misses entire categories essential for real-world deployment:

Privacy and Security Gaps:

• No privacy-preserving credential revocation mechanisms: currently this is listed as "should"
• No consideration of metadata analysis and tracking
• Missing secure data deletion requirements
• No quantum-resistant cryptography consideration
• Insufficient audit and transparency requirements

Accessibility and Inclusion Gaps:

• No accessibility requirements for users with disabilities
• No provisions for users without smartphones (digital divide)
• Missing multi-language and cultural considerations
• No special protections for vulnerable populations

Other Requirements Needed

While these may be addressed in other GovStack documents, this specification (or related documentation) will need to include:

• Governance and Legal Framework: Requirements for legal compliance, cross-jurisdictional recognition, dispute resolution procedures, and liability frameworks. Without this context, it's difficult to evaluate whether the technical requirements align with regulatory obligations.
• Operational Requirements: Real-world deployment considerations including emergency access procedures, performance standards for national-scale systems, vendor independence measures, credential lifecycle management, and user support frameworks.
• Implementation Context: Requirements addressing diverse deployment scenarios - from urban high-connectivity areas to rural limited-connectivity regions - to ensure the system works for all intended users.

Recommended Path Forward

Given the scope of missing requirements and lack of broader context, I recommend developing a more comprehensive version through expert consultation before seeking final review:

1. Convene Expert Panel

Include privacy experts, accessibility specialists, legal experts, and practitioners from existing digital identity implementations.

2. Learn from International Examples

Other digital identity standards/programs have received detailed feedback from a wide range of experts (from cryptographers to civil rights experts) and could provide benefits here (e.g. EU Digital Identity Wallet, ISO mDL specification)

3. Rights-Based Approach

Redesign requirements with human rights, privacy, and inclusion as foundational principles rather than optional features.

4. Public Consultation

Engage civil society, digital rights organizations, and diverse stakeholder groups in the requirements development process.

Conclusion

Government digital identity systems can either enhance or undermine fundamental rights. The current requirements treat privacy as optional and ignore many vulnerable populations entirely.

A comprehensive redesign would position GovStack as a global leader in rights-respecting digital identity infrastructure. The stakes are too high to accept requirements that don't protect all citizens equitably.

I'm available to participate in an expert review process or provide additional analysis to support this important work.

Are there any requirements that are necessary to Digital Credentials Wallet that are not considered here?

No response

Out of the requirements listed, would you like to provide feedback on the completeness of the description of the requirements, or on the requirement level assigned?

No response

Are there any requirements that are necessary to Digital Credentials Wallet that are not considered here?

No response

Out of the data schemas provided, would you like to provide feedback on the completeness and formats of the schema definitions? Please go into as much detail as you can

No response

Are there any data structures that are necessary to Digital Credentials Wallet that are not considered here?

No response

Out of the API endpoints, available verbs and schemas provided, would you like to provide feedback on the completeness of them? Please go into as much detail as you can

No response

Are there any data structures that are necessary to Digital Credentials Wallet that are not considered here?

No response

Out of the available workflows, would you like to provide feedback on the completeness of them? Please go into as much detail as you can

No response

Are there extra workflows that are necessary to Digital Credentials Wallet that are not considered here?

No response

[basicavisual]

Hello @kimdhamilton ! On behalf of the Wallet Working Group we want to thank you for this thorough review to the specification. We have now published version 1.0.0 citing you as a reviewer as we incorporated changes to it in response to your feedback.

I would like to address some of the points you made:

• The most important point you make on your review is the referencing or benchmarking against legal frameworks. This topic has been the subject to much discussion within the GovStack community. The scope of our specifications is meant to be technical and policy-agnostic, as they are deployed in regions with different regulations. However, recognizing implementers are concerned by regulatory compliance, we will be launching the concept of Regional Implementation Guides that will cover
  configurations under specific regions of interest. We are starting in Fall 2025 with the crafting of a regional implementation guide for Wallets under eIDAS. We will also be updating our various documents that concern the scope of what we want to achieve with our specifications so that it becomes clear to implementers the instruments that belongs to the technical and the regulatory or organizational domains.

• Regarding your observations about privacy protections, the working group agrees on their importance, so we have updated our Future Scope to include them as changes to be deliberated for the next version. A trust model, internationalization, lifecycle governance, auditability and revocation will surely be the focus of the next iteration as they were also mentioned by other reviewers. For Trust, we realized a comprehensive Trust model is needed across several of our building blocks, so developing it will be a task and collaboration across working groups from Identity, Wallet, Consent, eSignature and Registries.

We again want to thank you for your important feedback. I shall leave this comment open for a bit more until we realize a proper place to store it as part of the public accountability of the specification.