civic-proof: a research site.
中文 ← mashbean.net

#selective-disclosure (4 articles)

| 67 min read | Claude Opus 4.7

From State-Issued Credentials to Citizens Proving Themselves: A Restatement of How Digital Identity Transforms Digital Civic Infrastructure under the Public Realm Floor (civic-proof Series Article 0')

The 0' academic restatement of the civic-proof concept. The Public Realm Floor (PRF) is borne as the lower bound of democratic legitimacy that obtains when digital identity intervenes in public action; wallet, AI agent, civic-action receipts, selective-disclosure UX, cross-jurisdictional trust governance, and the Taiwan case are integrated into a single engineering-and-institutional checking framework. The 19 May 2026 revision admits Danielle Allen's political equality and power-sharing liberalism as AllenBridge — the institutional translation layer that carries PRF towards Digital Civic Infrastructure, not as a fifth axis.

civic-proof civic-proof-foundations civic-proof-series-zero-prime Allen-Lab-academic-rewrite Harvard-Kennedy-School-Ash-Center digital-civic-infrastructure digital-public-infrastructure public-realm-floor Arendt-plurality Habermas-validity Pettit-contestation Mouffe-agonism conjunctive-normative-floor civic-proof-operational-concept Danielle-Allen power-sharing-liberalism political-equality AllenBridge input-to-action-loop co-ownership rights-of-participation issuance-legitimacy exchange-architecture two-layer-analysis legal-identity attribute-proof uniqueness-proof pseudonymous-participation anonymity unlinkability verifiability accountability accountability-without-real-name Talley-v-California NAACP-v-Alabama McIntyre-v-Ohio selective-disclosure no-phone-home minimal-proof holder-centric issuer-centric trust-list trust-root trust-anchoring federated-trust-list-alliance wallet-three-presupposition AI-agent-delegation-limits Tomasev-delegation-five-elements civic-action-receipt-schema selective-disclosure-UX supporter-UI-three-layer-separation CRPD-Article-29 four-tier-trust-governance cross-jurisdictional-redress-gap inclusion-rights-three-layers functional-demos-operational-definition universal-conditional-distinction anti-mythologization-clause design-intuition-vs-normative-claim-separation working-strengthened-thesis-discipline likelihood-by-mechanism Taiwan-democratic-frontline MOICA TW-DIW moda Taiwan-Digital-Identity-Wallet EUDI-Wallet eIDAS-2.0 BankID-Sweden California-AB1043 California-OpenCred Utah-digital-identity MOSIP Aadhaar Bhutan-NDI Vocdoni Rarimo-Freedom-Tool QuarkID zkPassport PTT-zero-knowledge-blue-check g0v-Summit-2026 age-verification ISO-IEC-27566-1 Free-Speech-Coalition-v-Paxton structural-slippage minimum-viable-scope-reduction sunset-clause scope-bound split-key opt-out-architecture Bhutan-NDI-Ethereum-mainnet Taiwan-trust-list-public-chain QuarkID-ZKsync-L2 DNS-vs-identity-trust-roots ICANN-research-fellow ACLU EFF Access-Now OpenID4VC-OpenID4VP W3C-VC-2.0 W3C-DID Digital-Credentials-API NIST-SP-800-63-4
| 75 min read | Claude Opus 4.7

The Cognitive Limits of Selective Disclosure UX: Human-Factors Bottlenecks in Auditable Engineering Primitives

The eighteenth article in the civic-proof series (F3). Building on the four cryptographic engineering primitives in Article 17 (F2) §4–§7 and the three engineering corrections in Article 16 (F1) §5.4, this article takes the UX cognitive layer as the 'practical enforceability' supplement to the four F2 primitives. Holder informed consent under selective disclosure fails across four cognitive bottlenecks: (i) Miller 7±2 and Cowan 2001 working memory 4±1 together with Sweller's cognitive load theory demonstrate that selective disclosure multi-option decisions degrade significantly beyond three attribute groups; (ii) consent fatigue and dark patterns structurally replay the eight-year failure of GDPR cookie banners in wallet contexts (11.8% compliance rate); (iii) fluctuating capacity renders 'previously informed consent' invalid, degrading with mechanism-based likelihood medium-high to substituted decision-making in CDR ≥ 2 scenarios; (iv) ambiguous supporter-intervention boundaries allow 'assistance for understanding' to slide into 'decision substitution.' The four UX engineering primitives are UX1 progressive_disclosure_ui, UX2 dark_patterns_firewall, UX3 capacity_aware_consent, and UX4 supporter_ui_three_layer, borne conjunctively as V_ux ≜ C7 ∧ C8 ∧ C9 ∧ C10, with V_receipt' ≜ V_receipt ∧ V_ux as the upgraded validity condition. SA3 reinforcement includes the dementia → wallet three-stage mediation chain, the three alternative CDR paths (self-assessment / supporter-triggered / issuer-side hint) with their legal–engineering–privacy trade-offs, an evidence-strength assessment table of 15 rows, and mechanism-based likelihood medium-high. SA4 supporter UI three-layer separation bears the CRPD §29 'supporter necessary, irreplaceable' principle through two cryptographic hard constraints: signatures_disjoint = true and VerificationMethodDisjoint = true. Working thesis and strengthened thesis are strictly distinguished; the latter contains three major mitigation critical paths: UX-agility by design, threshold signatures plus court-supervised downgrade, and cryptographic distinction of agent and supporter plus institutionalisation of AgentDelegationProof. The CF1–CF5 counterfactual stress tests show that under the extreme scenario of all five CFs triggering: the first-tier baseline is fully preserved, the second-tier timeline is extrapolated by ≥ 10 years, and the third tier fails conditionally. F1's two permanent non-delegable boundaries RT-ℬ ✗ and AA-ℬ ✗ are made explicit by extended theorem T2'—no UX primitive subset reduces P_degrade to ≤ θ₂.

civic-proof selective-disclosure ux-cognitive-load informed-consent dark-patterns wallet-ux openid4vp presentation-exchange sd-jwt-vc EUDI-Wallet EU-AI-Act-Article-5 EDPB-Guidelines-03-2022 GDPR-cookie-banner CRPD-Article-12 CRPD-Article-29 supported-decision-making capacity-aware-ux supporter-ui comprehension-attestation chooser-signature Cowan-working-memory Miller-magical-number Sweller-cognitive-load Tversky-Kahneman progressive-disclosure Clinical-Dementia-Rating Israel-supported-decision Peru-DL-1384-apoyos TW-yiding-jianhu BankID-fullmakt POTENTIAL-UC6 threshold-signatures LLM-agent-governance AgentDelegationProof
| 80 min read | Claude Opus 4.7

Civic-Action Receipts and the Evidentiary Chain: Auditable Engineering Primitives for the Conditionally Delegable Zone

The seventeenth article in the civic-proof series (F2). Building on Article 16 (F1) §5.4 DeliberationRecord schema and §7.3.1 civic-action-receipt envelope, this article instantiates the distinguishability requirement as four standardisable cryptographic primitives: SA1, an SD-JWT-VC baseline with a conditional advanced BBS+ hybrid strategy; SA2, a dual-track preservation design combining holder-controlled storage with a qualified preservation service backup (30-year minimum retention corresponding to CRPD benefit-claim limitation periods); SA3, admissibility aligned with FRE 901(b)(9), eIDAS 2024/1183 Chapter III §§7–8, and Taiwan Electronic Signatures Act §§4/10; and SA4, cross-border mutual recognition advanced through the G_recognition^A soft-law layer in a 5/10/15-year phased timeline. The formal skeleton consists of the civic-action-receipt schema (14 field groups, 23 leaf fields), the receipt-validity function V_receipt with conditions C1–C6, and theorems T1–T4. The four primitives provide coverage within Z₂ over the nine ✓ and four △ cells of the F1 5×3 matrix (Theorem T1); the two Z₃-intrinsic cells (RT-ℬ ✗, AA-ℬ ✗) constitute the unreachable boundary of the cryptographic primitives (Theorem T2). Counterfactual pressure tests CF1–CF5 include the CRPD §12 reverse-application issue and the structural rupture under CF4 for three Taiwan-specific scenarios (mainland-spouse rights, Taiwan-businessperson long-term residence, cross-strait investors). Working thesis and strengthened thesis are strictly distinguished; the latter retains core functionality under all five CFs through three critical-path mitigations: crypto-agility by design, third-party trusted preservation service integration, and G_recognition^A multi-track redundancy.

civic-proof civic-receipts verifiable-credentials selective-disclosure SD-JWT-VC BBS-cryptosuite ZK-SNARK EUDI-Wallet long-term-preservation qualified-preservation-service eIDAS-2024-1183 FRE-902-14 FRE-901-b-9 Mata-v-Avianca Apostille Hague-PIL CETS-225 OECD-AI-Principles APEC-CBPR CRPD-Article-12 supported-decision-making threshold-signatures PQC-migration crypto-agility Estonia-X-Road BankID Toeslagenaffaire TW-DIW cross-strait-recognition
| 31 min read | Human-authored (translation by Claude Opus 4.7)

From State-Issued Credentials to Citizens Proving Themselves: How Digital Identity Transforms Digital Civic Infrastructure

Using a two-layer analysis of digital identity—the legitimacy of credential issuance and the architecture of exchange—and adding the concept of "civic proof," this essay relocates the role of digital identity in civic action, with international comparisons, the Taiwan case, age-verification stress tests, and a policy agenda.

civic-proof digital-identity digital-civic-infrastructure DPI Taiwan privacy Allen-Lab Ash-Center MOICA TW-DIW wallet selective-disclosure age-verification zkp