Blania describes a future world in orbs of various shapes and sizes, where each person will be assigned a unique and anonymous code linked to their iris, which they can use to log into web and blockchain-based applications.
Blania did not rule out the possibility that WorldCoin would charge a fee to provide this service, but the startup plans to make money primarily through the appreciation of its currency. “You distribute the token to as many people as possible,” Blania said. Because of that, “the utility of the token will increase dramatically” and “the value of the token will increase.”
The key to all this technology is the Orb itself, and the contract Orb operators sign underscores the company’s focus on stress-testing. “Your role is to help us evaluate Orbs and how people interact with them,” the contract says. “You have to think of yourself as a product tester.”
Blania told BuzzFeed News that the company is primarily using its field tests to see how the orbs perform in different environments, from the heat of Kenya to the freezing cold of Norway. “In Kenya, it’s 40-degree heat, and the reflection on the globe is something we’ve never seen in an office in Germany,” Blania said.
Adam Schwartz, a senior staff attorney at the Electronic Frontier Foundation, said the ambiguity about WorldCoin’s goals is troubling. “The question is, is it a digital currency company or is it a data broker?” He said. “Either way, the practice of people paying for their biometrics is very problematic for privacy and equity.”
“Worldcoin is not a data company and our business model does not involve exploiting or selling individual user data. Worldcoin is only interested in user uniqueness. – That is, they have not signed up to WorldCoin before – not their identity,” WorldCoin said in a statement.
The company’s efforts to build its database may also run afoul of data privacy and processing laws in Kenya, where the company has extensive operations. Kenya recently passed a data protection law that prohibits companies from transferring biometric data abroad without approval from the newly created Office of the Data Protection Commissioner. WorldCoin currently processes user data in the US, UK, Germany, Japan and India in accordance with its data consent.
Kenya’s data commissioner Immaculate Kassite told BuzzFeed News that his office was “not aware” that Worldcoin was collecting Kenyans’ biometric data and transferring it abroad.
The company has until July 14 to register with the commission and submit a detailed data protection impact assessment under Kenya’s newly implemented data privacy laws, Kassite said by email. Worldcoin told BuzzFeed News that the company will soon engage with the Data Commission of Kenya and has already conducted a “rigorous” privacy impact assessment.
Brian Ford, who heads the Decentralized/Distributed Systems (DEDIS) lab at the Swiss Federal Institute of Technology and wrote one of the pioneering papers on proof of identity in 2008, said one way to solve the authentication problem is to preserve user privacy. A significant advance. Ford, however, is not convinced by Worldcoin’s solution. He said the company’s decision to build and store a giant, centralized database of irises and iris-hashes was a massive invasion of user privacy.
“We dispute the characterization that collecting images of Worldcoin users is an invasion of privacy: if collecting images of people with their consent is an invasion of privacy, then CLEAR” – a biometrics identification company – “UN and Aadhaar are all examples of invasions. Also of privacy,” Worldcoin told BuzzFeed News in a statement.
Privacy advocates and security experts in India have long characterized Aadhaar, India’s massive biometric identification system, as a privacy nightmare. Because the company’s extensive terms and conditions, privacy policy and data consent forms are in English, experts dispute whether WorldCoin did enough to ensure that it obtained informed consent from people.
“Informed consent means you’re in a position to fully understand what’s going on,” said Elias Okwara, Africa policy manager at the advocacy group Access Now, a country where the majority of Kenya’s population speaks Kiswahili. “So right off the bat, it’s hard to explain to a person what data processing is.”
WorldCoin said it will soon roll out its privacy form in six languages, and suggested Orb operators be using live-translation and explaining the company’s bulk policies to people who don’t speak English. “In all these local countries, we have orb operators and their whole purpose and role is to explain what people agree to in their local languages,” the company said.
While any large biometric database is susceptible to hacking, Ford explained that anyone hacking the database could compromise the thousands of Orbs the company plans to distribute. “Basically no hardware can be reliably hacked,” Ford said.
Blania acknowledged that “there has never been an uncracked hardware device” but said Worldcoin is building fraud-detection mechanisms to identify compromised orbs.
