Why Worldcoin fails to strike the balance between progress and privacy

The following is a guest post from Philippe Desmarais, CEO at Kelvin Zero.

Want to have your retina scanned by a metal orb owned by a private company that shares the same founder as OpenAI, for some crypto and a digital World ID? Only weeks after Worldcoin launched, over two million people said “yes.”

Did I mention that governments and private companies can tap into the digital ID system? A mere five years ago, this would have sounded crazy. But make no mistake, this heavyweight project is backed by one of the most successful entrepreneurs in modern history and bankrolled by some of the world’s most powerful VC firms. If you’re not taking Worldcoin seriously and carefully considering its implications – most concerning – now is a good time to start.

As someone who lives and breathes privacy and data protection, the co-founder and CEO of a cybersecurity company focused on authentication and decentralized biometrics – Worldcoin reignited an existential question I ask myself every day: at what cost to privacy does our digital progress require?

In the case of Worldcoin, the cost is far too high.

As the world barrels towards a more interconnected future, the debate about blockchain technology’s value and potential to create a safer yet more connected digital world is settled. It’s a game-changer. That brings us to Worldcoin, which has taken center stage with an ambitious goal of spurring financial inclusion for everyone.

But actions speak louder than words. Worldcoin’s approach to biometric data collection raises significant concerns about personal privacy. As a starting point, the mass collection and centralized storage of biometric information should never happen when technology already exists that gives individuals control of their own biometrics while giving certainty to their identity system. There is never a reason to collect and centralize biometric data. Full stop.

Worldcoin aside, biometrics undoubtedly are an integral part of the future of authentication. The question is not if, but how. Diverse strategies and solutions have emerged, with the most noteworthy methods exclusively relying on a biometric template hash, eliminating the need to store actual biometric data on a device or within a cloud environment. The biometric authentication landscape is ever-evolving, but the most promising concepts are those that prioritize data security and privacy.

On the other hand, cybercriminals regularly target centralized biometric databases to exploit vulnerabilities, which can lead to devastating outcomes for affected individuals. While users can have their biometric data deleted after creating what Worldcoin calls a “World ID,” they can also opt-in to have their data encrypted and saved.

Simply encrypting biometric data is not enough. If the data becomes compromised, it can be held over time until decrypted. Biometric information is perhaps our most personal thing, and it’s permanent, unlike a password. Once the decryption process plays out, it’s gone forever. If a password becomes compromised, a user changes it. If an individual’s retina becomes compromised, they can never safely use it again.

Without required third-party oversight, we are entrusting a single point of failure with what may become one of the world’s most valuable databases – and one that should never exist. Has big tech progressed to the point where they are finally showing us their hand? With Worldcoin, we know what they are capable of and what they intend to do.

The nation of Kenya just suspended Worldcoin for these exact concerns. Within weeks of launch, The Bavarian State Office for Data Protection Supervision – a German privacy watchdog – announced it had been investigating Worldcoin since November 2022 due to the project processing “sensitive data at a very large scale.”

Beyond the storage and oversight questions, mass biometric data collection could create a potential surveillance state on a global scale. The notion of a single entity having access to our most intimate data at scale raises alarm bells about the potential abuse of power. Despite the most stringent security measures, no system is entirely invulnerable to cyber threats. And what are some of the most imminent cyber threats today? Nation-states.

Of all the Worldcoin cynicism out there – most of it justified – perhaps the most nefarious part of the project is its launch strategy. Let’s call it as it is: they are targeting some of the poorest regions in the world, offering just over $50 worth of crypto to some of the most economically vulnerable populations for the right to mass harvest their biometric data.

Suppose an organization ignores the fundamental flaws of collecting and centralizing biometric data and does it anyway. In that case, the floor of expectations is that they go above and beyond to educate participants on the implications of surrendering it. Worldcoin is not doing enough on this front. Particularly in developing nations, many individuals are likely participating without understanding what they are signing up for.

Ethereum founder Vitalik Buterin also published a lengthy piece expressing his concerns with Worldcoin. He touched on many of the fundamental concerns detailed here but also took it a step further, questioning the retina-scanning orbs’ unknown capabilities and suggesting the potential for backdoors into the system.

His point, like mine, is how do we know everything works like it should? The answer is we don’t. We are trusting a privately held, single point of failure with what could eventually be the world’s most powerful database. We trust that the technology is flawless and that the way it’s being represented to us is entirely accurate.

The bottom line with Worldcoin is that there is no turning back should some form of failure or malfeasance happen within the project. An unacceptable lack of action, understanding, or both from regulators worldwide has taken us to the point where a private entity is harvesting and storing biometric data from individuals in nearly every corner of the globe.

Now that Worldcoin has got this far, I’m calling for lawmakers to step in before it’s too late. We needed complete, verifiable answers to the questions being raised before its launch, and we did not receive them. At this point, the most sensible path forward is to ban the collection and centralization of biometric information, especially when it’s being used to create a privatized digital identity regime.