One thing occurred to me when listening to people at ID4Africa 24 talk about wallets is that there's a major sustainability problem due specifically to security considerations.
Any wallet needs to be trusted if it is used for transactions that involve personal data or money.
To implement this trust, the wallet software currently built by major vendors such as Apple, Google and (say) HSBC can use secure enclaves (Trusted Execution ENvironment) support on the device (e.g. trustzone on ARM processors, or variants as built by various handset vendors).
However, the supprt varies with time, but with modications to hardware coming along (e.g. future ARM support for multiple realms and attestation) and simply because software and hardware volunerabilities arise, some of the latter being mitgated by changes to the software, some not. THis is expensive, so vendors tend to time out support on older devices fairly aggressively.
One report from Cambridge shows how short that can be in practice, so your device no longer gets security patches for the OS (or application SDKs). At this point, can you trust things on it? Almost certainly not in this day and age.
So there are around 750M people in Europe, 450, of them in the EU. If we mandate wallets for Id (or even just make them the only convenient way to access many services) you need to upgrade, typically by replacing all their phones about every 3 years. That's 130M phones a year. Many of these phones cost at least 100 euro and upwards of 1000 euro for high end devices. That's a cost of 130B euro a year.
Oops.
While some of the materials can be recycled (including many newer batteries), the rare earths and other materials used in these devices are already pretty unacceptable in supply chain ethics.
Not a sustainable way to do things. Meanwhile, proposing to run a secure cloud based wallet is viable, but the cost of running a data center with much of peoples' personal data, which full encrypted access, and TEE style processing is also very high (some large single data center energy use is approaching that of large city metro energy use already), plus moving the data to and from between device and clould is also a non-trivial contribution to running costs, both monetary, and energy/carbon wise.
We are building ourselves into another unacceptable future...
Someone please check my arithmetic...
No comments:
Post a Comment