[Post author here,] thanks for nailing it! I want anyone to be able to choose any of these two extremes ("right to be forgotten" and "right to be remembered") or anything in between.
I want to be able to configure my Discord or Slack "profile" to have all my messages automatically deleted after say 2 months. But at the same time I also want my email address to be permanently available (even after I die) because it's registered in so many places, tied to so many important things, so that if Google decides to erase me I'll be in a lot of pain...
And although I do use a *payed* GMail account, I do it mainly because I trust them more from a security point of view than I trust myself. However I don't trust them not even 1% not to screw me over if the accountants say it's more profitable to drop GMail...
At the same time I don't trust the government not even 1% not to screw the security of such a system, or not try to misuse it for political gains. But, I also don't see any way out of this situation with the technology, society, economy, and judicial system we have right now...
What do you think about Decentralized Identity (DIDs - https://www.w3.org/TR/did-core/)? With it, you can have several identities and easily generate new ones when needed (but you probably need to have a single, government-recognized identity for the real world).
Unfortunately no purely technical solution works. As I've said in the end of my article:
> We need to support the case when a person wakes but-naked in a corn field, suffering from complete amnesia, and remembering nothing about himself. Today, such a person has a chance of getting his identity back, but in a pure technological world, "the computor just says no!"
----
Regarding the various European ID initiatives: they might seem a good idea, but they don't actually work in practice: for better or worse, our internet solutions seem to have settled on email as the de-facto identification system. Are any of these EU ID initiatives completely interoperable with the email system? If not, they are useful only for purely official interactions with the government, and solve nothing outside of that realm.
Also, because most such ID initiatives are actually X.509 tokens that work solely on Windows, with Adobe products, they are beyond useless...
(Let alone that one costs ~50 EUR per year in my country, Romania...)
I am sorry to be blunt but you seem to be misinformed.
> We need to support the case when a person wakes but-naked in a corn field
DIDs can have a controller, and the controller can be your "real-world" identity... If that is government-issued, you can recover it the same way you recover your identity today in case you lose all your documents. After that, you regain control of all your other DIDs (which you keep to ensure anonimity, e.g. you can have a different DID for each service you sign up with).
> Are any of these EU ID initiatives completely interoperable with the email system? If not, they are useful only for purely official interactions with the government, and solve nothing outside of that realm.
That's plain wrong. It's already possible to use DIDs to sign up with any business you want, though admidetly as the specs are still in flow, there's no much out there other than lots of PoCs - but those already show it's absolutely possible and desirable to use DIDs instead of email addresses... private accounts are an actual liability for most businesses (except those selling your data for marketing purposes, of course).
> Also, because most such ID initiatives are actually X.509 tokens
Where did you get that impression?? There are several DID methods and the most popular so far have nothing to do with X.509 certificates (I think that's what you meant by "token"?). Many are using JWKs (JSON Web Keys) as most alternative solutions do. Check the current registry of DIDs here: https://www.w3.org/TR/did-spec-registries/#did-methods
FWIW, ironically and counter intuitively, "the right to be forgotten" achievement is unlocked with the combo of RealID (or equiv) and "translucent database" techniques.
(Over simplifying: just like properly salted and hashed password files. Lose the password and you cannot retrieve the encrypted data.)
Using your essay as a starting point, I'll start pondering what a future "right to be remembered" system might look like. Both technically and legally.
I want to be able to configure my Discord or Slack "profile" to have all my messages automatically deleted after say 2 months. But at the same time I also want my email address to be permanently available (even after I die) because it's registered in so many places, tied to so many important things, so that if Google decides to erase me I'll be in a lot of pain...
And although I do use a *payed* GMail account, I do it mainly because I trust them more from a security point of view than I trust myself. However I don't trust them not even 1% not to screw me over if the accountants say it's more profitable to drop GMail...
At the same time I don't trust the government not even 1% not to screw the security of such a system, or not try to misuse it for political gains. But, I also don't see any way out of this situation with the technology, society, economy, and judicial system we have right now...