Versions Compared

Version Old Version 69 New Version 70
Changes made by

Nicky Hickman

Nicky Hickman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents

2022-11-24 BGBU APAC TF Meeting

7.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: 

2022-11-21 SSI HARMS BGBU TF USA/EU TF Meeting

19.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Phil Wolff Christine Martin Neil Thomson Nicky Hickman 

Agenda:

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minNew intro's & Updates

Update from IIW.  Here are the notes that Neil Thomson took in the session that he and Darrell O'Donnell ran at recent IIW 35

Darrell brought up a series of topcis, new to topic, about 20 people including some heavy hitters, many will be looing at the notes and as an 'unoffical steal'!  No big gaps, turning minds to blocking or mitigating.  How do we make it easy for people to make the right choices.?  What kind of message do we want to send to technical thinking.  Receptive overall to incorporating thinking but not much certainty as to what that looks like at that point.  Need to make it clear to policy makers, but you cannot hope that the tech will solve, the tech alone cannot overcome the harms. 

Phil Wolff concerned that there is a gap between very technical principled idea of how this should work and everything that happens downstream. Separated by time, jurisidiction, etc, very difficult to imagine that this has any kind of negative externality.  Not obvious, and if they do see it why is it my concern vs others' concern

Neil Thomson commented that there is definitely a tension to make it usable but at what point do you want to protect the tech that is useful without constraining the tech itself.

Phil Wolff suggested a list of harms and countermeasures that is very specific as an appendix.  Christine Martin suggested a good idea.

Neil Thomson suggested a companion document with existing mitigations and other suggestions.  Very precise definition of harms.

Phil Wolff commented that first had to get community buy in to the fact of negative externalities, then we are inviting others to participate in harms work, quantifying risk and growing knowledge.  Processes fro quantifying risk and being accountable need to include human harms.  Not walk through the architecture, but an agreement that this is a necessary process.  Concensus that there is a problem is the call to action from this paper.

Neil Thomson consensus from Canada is also starting on things like filtering for those under 18 years.

follow up at next IIW requested.  

10minsmechanics on paperNicky

Terms Wiki is done -  https://github.com/trustoverip/hxwg/wiki, forced to be much more specific about the terms that we use, and should have been done before the public version.  IE the glossary in the pdf version is not correct.

Paper is in PDF version

md version is under development. Definitely talk to Andor/Anti. Can help get in github properly


30minsblog post & other follow upsNicky

Blog for development is here:  Phil also has written Negative Externalities and will add to blog - this is an excellent approach No.1 = Houston we have a problem!

Phil Wolff has already added some things, and Pyrou Chung has offered to contribute.

5minsClose & ActionsNicky

Nicky Hickman to outline checklist document

Nicky wanted to publicly acknowledge Phil Wolff 's enormous contribution to this paper, would not have happened without him.

Target Monday for publication date to accommodate Thanksgiving. 

Nicky to coordinate with Judith to arrange open event - for inclusion in blog post for call to action.  Join us - specific topic to review harms and strategies together and figure out next steps as an organisation/ community.



2022-11-10 BGBU APAC TF Meeting

...

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minsNew intro's & updates

Turing Institute Trustworthy Identities Conference - Decentralization & Harms a constant strand, 

25 minsNew ArcNicky

Considering feedback and comments on the current drat of the white paper - suggested new arc/perspective as an alternative to 'ssi harms'

  • We spend all our time considering benefits of SSI we need now to look from another vantage point, the dark side of the moon if you will.  

Actually the far side of the moon is not dark at all, but it is different from the near side. See The far side of the Moon, photographed by Apollo 16 in 1972. It is much more crater-ridden than the near side of the Moon. Source https://en.wikipedia.org/wiki/Far_side_of_the_Moon.  Not all of the far side of the moon is invisible from earth due to a phenomenon known as libration "In lunar astronomy, libration is the wagging or wavering of the Moon perceived by Earth-bound observers and caused by changes in their perspective. It permits an observer to see slightly different hemispheres of the surface at different times. It is similar in both cause and effect to the changes in the Moon's apparent size due to changes in distance. "

This paper is like the Apollo 8 astronauts who were the first humans to see the far side in person when they orbited the Moon in 1968.  We are just mapping that side of digital identity which we all know is there and contributing to opening up debate and developing robust legal, technical, human experience and governance mechanisms for addressing this problem. e.g. https://privacyinternational.org/advocacy/4945/letter-global-csos-world-bank "We, the undersigned civil society organizations and individuals, urge the World Bank and other international organizations to take immediate steps to cease activities that promote harmful models of digital identification systems (digital ID). "

  • Then PEST model of harms with SSI mitigations & potential new harms or exacerbations
  • Then framework for understanding harms in digital trust ecosystems
  • Potential short/medium long-term activities is an Appendix as a starting point for discussions with other WGs in ToIP and wider digital ID community
  • Then Conclusions:
    1. budget attention and resources at every level 
    2. practical do tomorrow steps
      1. examining from the outside and considering the known harms of digital ID systems, include known harms in a risk assessment
      2. people matter - talk about ethics beyond 'value statements' or principles, test the HX not just of customers but also of team members and wider stakeholder communities. 
  • Call to action:
    • x-industry harms awareness, transparency and mitigations  - like 'fraud signals' ????
    • ??
  • Key Questions?
    • ???
  • Next Steps
  • Vision:  We can use this model to not just address or prevent harms, but to promote goods from digital identity systems, I guess that public goods are the antithesis of human harms
  • When technology makes ethical norms possible - just because we couldn't do something before because we had bad tech doesn't mean
  • Mitigate harms and magnify benefits
15minsPotential TitlesNicky

From discussion in HXWG

  • Neil Thomson 'online identity harms' 
  • Phil Wolff 'Can decentralization help with human harms?' 
  • Andrew Slack ‘Building towards a positive/safe/.. digital identity ecosystem’
    ‘On human/social harm challenges in digital identity ecosystems’
    ‘Overcoming human/social harm challenges in digital identity ecosystems’ Christine Martin Darrell O'Donnell  like this one
  • Separate doc = ACTIONABLE GUIDANCE FOR SSI IMPLEMENTORS & Policy Wonks!


From story Arc

Mapping the Far Side of the Moon: A new framework for understanding and mitigating the human harms of digital identity systems; ‘Overcoming the challenges of human harms from in digital identity ecosystems’

The Apollo 16 Paper: Considering human harms in digital trust ecosystem design / digital identity systems


Vision based:  

Do no harm: creating digital identity systems that serve the public good

On track for finishing 2nd draft end next week

Darrell O'Donnell and Christine Martin to do Foreward


...

TimeItemLeadNotes
5 min

  • Welcome & antitrust notice

  • Agenda review
Nicky

  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

10minsIntro's & UpdatesNicky

Eric Welton- discussions with Myanmar Responsible Business Coalition - tricky situation with hostile relationships in government - establishing a biometric identity - difficult choice as someone is going to do it.  Can we do it in a more responsible, less harmful way.  May be useful to have a session on this in this group.  Difficult ethical questions for the team.  Interesting presentation on how digital ID can be abused.

sankarshan- biometric topic seems to be settling down from aid organisations - have to use biometrics, main focus is now on mitigating harms.  Myanmar, Afghanistan and other examples.  Uganda for example, optimistic programme, under-enrollment.  (the harms of untrustworthy systems) - now starting w/genetic profiling!

"The genie is out of the bottle"

Jo Spencer Activity on NSW gov initiative - driving license initiative hacked, DNA & biometrics further reinforce the argument. 

  • We need to be better, we need to be very aware that the information we're sharing is not as secure as we'd hoped.  Law of Minimal Disclosure for Constrained Use.  Need to be cryptographically secured.  Driving new projects.  Victor Dominello  (NSW gov)  Inclusion focus on services for citizens, also allied with indigenous people programme.  Now an important process.  All exclusion factors considered (digital, literacy, social, political, disability, financial)

sankarshanMinimisation is not suitable for some interactions, e.g. Medical Records - much more important for secure and trustworthy data payload /  exchange.  Also Financial Transactions not very well suited to VC's.

Jo Spencer use of verifiable presentations which present derived data.

sankarshan taxonomy & semantics - quality & classification of data also needed

VC's are not the solution for many forms of data.  

Biggest harm is derived data sets from small data sets.

Eric Welton  - Use cases - all non-cash transactions will be exposed to government, e.g. national security / tax collection is given as purpose coming in ??.  Remember problems of correlation highlighted by Daniel Hardman

Also use case of VCs to convey health information - presentation that key emergency information for medical purposes (e.g. in accident) - could use biometrics to unlock the data for emergency responders.  VC is a PDF - convenience / emergency service.  Similar to ICE contact, could have ICE Credential. Could be linked to IATA - Good Health Pass

sankarshan Must be freeform data.  Accept that this is a new attack surface.  

John Phillips Humanitech conference - could be some good material & input to this discussion.  Great discussion and material. I'm now seeing an obvious connection between this work, and the work of the Humanitech organisation here in Australia (founded by the Australian Red Cross) who have been thinking about how they might "ensure frontier technologies benefit people and society". I was at, and spoke briefly, at their 2022 conference (https://humanitechsummit.org/2022/) - they've been considering the potential harms of the mis-application of frontier technology for some time.


5minsActionsNicky
  •  Nicky to try again to get the Me2B Alliance Harms Dictionary in xls format for analysis
  •  Nicky to see if there is a different cadence or timing for APAC meetings
15minsAGENCY Nicky

Review of notes and insights from the AGENCY talk at HXWG last week.  Here is the wiki page 

On fake news (and news) there's a good 20 mins conversation from Davos hosted by Polkadot -

Widget Connector
urlhttp://youtube.com/watch?v=eCI0GizV6QY

Rumsfeld Structure to scope  "Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones.[1]" (Source: Wiki)

Also for discussion see this Miro Board

  • differentiate between data exchange and identity as legal identification
  • See comments in Miro Board
  • Agree importance of Unknown Unknowns and use of resilience / vulnerability context relationships
20minsStoryboard Next StepsPhil

NEW (Google Slides): https://docs.google.com/presentation/d/1Y404nJpSOkJFK5pc2aYUmJtrXtCkwcx-eIMC9ZMC0DU/edit?usp=sharing

Phil has transferred to a G-DOC https://docs.google.com/document/d/151cqN0HY-ECmGwcS_SSBCeCHtszuwGyQebLRJq8sODA/edit?usp=sharing which contains the same material but in a doc format


5minsAOB Nicky

...