DPIs often hold personal information that has a higher quality than information that users provide via normal paper or online forms. Information in DPIs often comes from official sources like government data bases or trusted entities like universities. Importantly, there are also technical implementations of DPI that rely on verifiable credentials or signed data. This allows the verifying of personal information and again increases its value for an attacker.
Deniability means that only the relying party that the user intended as recipient of their personal information can verify that this information is correct and authentic. After the transaction is concluded, the relying party or a third party can no longer verify that the information is authentic.
<aside> 💡
Deniability means that only the intended recipient of information can verify it, but not a third party at a later stage.
</aside>
<aside> 💡
The opposite of deniability is non-repudiation. The US Standards Institute (NIST) defines it as
“A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key (i.e., the signatory).”
</aside>
There is a tension between deniability and non-repudiation.
From a governments and business perspective having full accountability about transactions offers advantages. Businesses that rely on DPI to comply with legal requirements might want non-repudiation for liability reasons (Know-Your-Customer requirements for banks, Educational Credentials for Employers, etc.). Big Tech companies that rely on large amounts of personal information prefer to have government issued certificates of authenticity for that data. Governments usually implement DPI for greater process control and to be assured of the identity and attributes of their citizens.
Deniability empowers users to only share their information with the intended recipient. It prevents their information being shared without their knowledge or consent with third parties. In case of a data breach, their information is not elevated by signatures proving authenticity to a criminal.
<aside> 📌
Deniability reduces the privacy risk that DPI introduces.
</aside>
The majority of DPI systems in the world follow the paradigm of non-repudiation. Particularly verifiable credentials are praised as essential building blocks of these systems. Since governments and businesses are often the real drivers for DPI adoption, very few systems have decided to implement deniability.
Some countries with a strong focus on privacy have adopted Deniability. Germany for example adopted Deniability in their national ID cards already over a decade ago. It worked by providing an authenticated channel via which information was transmitted, instead of signing the personal information itself. Sadly, after a long political fight Germany has recently decided to drop Deniability in their implementation of the new eIDAS system of the EU.
<aside> 💡
Deniability in the offline world can be imagined like going to a public administration employee with your ID card. This employee calls the website that wants your identity and reads them your data. The website can write down the information that was read to them and it can be sure it’s correct, because it trusts the public administration employee. But the website can’t prove that this data is actually from someone’s ID card. Compared to state-signed data, this information is not particularly valuable – even to criminals.
</aside>
Deniability is still a common feature of encryption tools. Secure Messaging applications, encrypted file storage vaults and other application types rely on this technology.
<aside> <img src="/icons/megaphone_red.svg" alt="/icons/megaphone_red.svg" width="40px" />