Welcome & antitrust notice

Agenda review

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

Main comments needed on Part 3 of the paper.

Trev Harmon has 4.5 pages of notes at ID2020 will provide actionable feedback.

General impressions focused on the frameworks e.g. STS, curious as to why it was chosen and then modified.  Some places where systemic to society not identity specifically. Disconnect between the harms that occur and how SSI mitigates / exacerbates some sections stronger than others.  Some seem overly reductive. P19 last paragraph, connection between philosophical sides and action side especially quoting chinese or indian philosophy without any citations or support

Offered several recommendations on improving connections in text to be more straight forward.  good to be working on this to avoid future harms from SSI. 

Darrell O'Donnell lots of explanations in document not quick and fast enough.  

Nicky Hickman  need to reduce paper and make it more useful and more accessible to different types of readers. e.g. add requirements section at the end.  e.g. remove moon analogy

Trev Harmon the key elements are being buried behind the frameworks

Phil Wolff suggested added frameworks as appendices.  Return to simpler approach, 

• these are the harms, this is why you should care, then discuss what to do next as implementers.

Trev Harmon suggested that systemic issues shouldn't go away from discussion but perhaps not right in same document.  Some of the harm discussion was shorter than it needed to be, some of frameworks longer than it needed to be.

Phil Wolff frameworks might help for systematic modelling of harms.  Concerns many aspects of organisations in public / private sector.   A framework for building on what you already have, should be advantageous, maybe as a separate blog post.  Should not miss opportunities to identify harm.

Nicky Hickman will 

• take out the moon analogy
• move frameworks to appendix & trim
• simplify and clarify text
• improve exec summary so that it is a 2min useful read
• remember to add in Pyrou's Dusun people case study
• draw out the flip side of benefits

Trev Harmon will join the group to contribute to this work.

Neil Thomson It's a great document - leave it alone and make it as a background document. Build one or more new documents from the different perspectives/audiences who will consume it.  I am outside comfort zone, there are things that are harms not because of tech or intent but because of things outside our control. In discussing Harms, it would be helpful to flag which harms are within the SSI technology and governance stacks ability promote and support harms avoidance and reduction, and which are outside of ToIP's scope (e.g., political).

Phil Wolff said we wanted to point out that you are also responsible for some of the negative externalities that occur.  Because includes governance stack these should be addressed by the ecosystem as a whole. e.g. harms surveillance, or by regulators in terms of compliance. 

Neil Thomson highlighted the Canadian CIO Council's draft standards that identifier issuers are currently defined as only governments or other government-accredited institutions such as banks. It has not yet adopted the option of individuals creating an SSI verifiable identifier through a 3rd party (Sovereign Identity vs. Self-Sovereign Identity). SSI Governance must be careful not to make the assumption that adopters will enact all technical or governance aspects of ToIP's view of SSI.

sankarshan commented that the paper was ready and happy with where we were.  Provides bridge of gap for rationale for design change.  Also that SSI systems should not be implemented as overlay on existing designs.  If anything should go in appendices then should be implementation.

Pyrou commented that divergent comments in one paper. Paper in a good spot, as a non-technologist I found it difficult to read, but frameworks helped with thinking.  What are harms, where they are and some modalities on how to think about them.  We achieved what we set out to achieve.

sankarshan technologists are missing the implementation guide & tech spec but this is not the role of the white paper.

Presents enough of a robust set of knowledge so that they can support choices and explain choices in design , aligns well with phase 1 of ToIP, ie philosophy, then phase 2 is more towards the implementation.

Pyrou:  need to be out and moving on with other work.

Final comments by 11th November. Nicky's checklist above!

Welcome & antitrust notice

Agenda review

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

Actually the far side of the moon is not dark at all, but it is different from the near side. See The far side of the Moon, photographed by Apollo 16 in 1972. It is much more crater-ridden than the near side of the Moon. Source https://en.wikipedia.org/wiki/Far_side_of_the_Moon.  Not all of the far side of the moon is invisible from earth due to a phenomenon known as libration "In lunar astronomy, libration is the wagging or wavering of the Moon perceived by Earth-bound observers and caused by changes in their perspective. It permits an observer to see slightly different hemispheres of the surface at different times. It is similar in both cause and effect to the changes in the Moon's apparent size due to changes in distance. "

This paper is like the Apollo 8 astronauts who were the first humans to see the far side in person when they orbited the Moon in 1968.  We are just mapping that side of digital identity which we all know is there and contributing to opening up debate and developing robust legal, technical, human experience and governance mechanisms for addressing this problem. e.g. https://privacyinternational.org/advocacy/4945/letter-global-csos-world-bank "We, the undersigned civil society organizations and individuals, urge the World Bank and other international organizations to take immediate steps to cease activities that promote harmful models of digital identification systems (digital ID). "

• Then PEST model of harms with SSI mitigations & potential new harms or exacerbations
• Then framework for understanding harms in digital trust ecosystems
• Potential short/medium long-term activities is an Appendix as a starting point for discussions with other WGs in ToIP and wider digital ID community
• Then Conclusions:
  1. budget attention and resources at every level 
  2. practical do tomorrow steps
     1. examining from the outside and considering the known harms of digital ID systems, include known harms in a risk assessment
     2. people matter - talk about ethics beyond 'value statements' or principles, test the HX not just of customers but also of team members and wider stakeholder communities. 
• Call to action:
  • x-industry harms awareness, transparency and mitigations  - like 'fraud signals' ????
  • ??
• Key Questions?
  
  • ???
• Next Steps
• Vision:  We can use this model to not just address or prevent harms, but to promote goods from digital identity systems, I guess that public goods are the antithesis of human harms
• When technology makes ethical norms possible - just because we couldn't do something before because we had bad tech doesn't mean
• Mitigate harms and magnify benefits