Versions Compared

Version Old Version 68 New Version 69
Changes made by

Nicky Hickman

Nicky Hickman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents

...

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees:  sankarshan Nicky Hickman Pyrou Chung

2022-11-07 SSI HARMS BGBU TF USA/EU TF Meeting

...

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minNew intro's & Updates

Darrell O'Donnell will be at IIW, 

Neil Thomson co-chair of Data Modeling &___ WG authentic data vs authentic identity, follow on from ISWG many others on same track, triangle similar to issuer, holder, verifier, but different. One issuer, thousands of data providers.  How are these sources and issuers different? what denotes authenticity, consent etc - how do these fit together  e.g. DIF Data Agreements Group, same with Consent, discussions about the process/agreement, but not about the data.

40minWhite Paper Review key questionsNicky

Many reviewers and excellent comments on the paper  leading to improvements on the paper.  Many discussions needed going forward, further work.

Continuing the discussion: Overcoming Harms_Further Discussion Document, initially including detailed and thought provoking commentary from Jill Bamforth.  

Progress against ToDo's

  •  take out the moon analogy, Thank you Phil Wolff 
  •  move frameworks to appendix & trim
  •  simplify and clarify text
  •  improve exec summary so that it is a 2min useful read - Darrell O'Donnell looking into. following incorporation of additional community comments
  •  remember to add in Pyrou's Dusun people case study
  •  draw out the flip side of benefits
  •  add business case (Phil Wolff )  Important point about the commercial so-what, Nicky Hickman noted that harms are costs, a similar question to  Michael Becker who asked for thoughts on an article Personal Data Damages: A Reflection on Major vs Micro Concussions

 "A colleague asked me a question today "do you have a personal data harms stat that you can share that will help me shake up an executive? A stat that is so blatantly damaging that it will compel them to invest in the development of personal information management solutions and lean into being a personal information economy leader." 

Harms are costs: they cost businesses billions in customer services, abuse management systems, security, fraud management, reputational damage and opportunity cost. At the same time they cost every public purse billions mopping up the after-effects e.g. healthcare, benefits, national cybersecurity, ... As soon as that senior exec realises that the microharms not only impact his bonus, but also his taxes your friend will have his attention!  Energy concerns also adding in Environment section.  Energy & Resource costs of Tech, how do you reduce those harms. 

Is there a business case for addressing harms, or is it a moral endevour?

Darrell O'Donnell - need concrete examples.  Impact on employees of firms.

Neil Thomson - many things that may be done are additional benefits of using SSI, security benefit.  Future-proofing also a benefit, freebies by adopting SSI.

  •  change PEST to PESTEL adding in environmental and legal categories (Jill Bamforth, sankarshan )
  • Politics - Manipulation: Digital Identity and Democracy  REQUIRES DISCUSSION
    • include uncomfortable comments and statements
  • Economics - Datafication: Digital Identity as a Means of Production
  • Society - Fragmentation: Digital Identity and Globalisation
  • Technical - Innovation: Digital Identity and Efficiency
  • Environmental - Dissociation: Digital Identity and Anthropocentrism REQUIRES DISCUSSION
    • Pyrou - environmental and economic costs, draw out role of indigenous people in stewardship of carbon sinks etc, legalising displacement, double effect, harming them as people and also create more environmental harms.  EG Carbon sequestration, environmental degredation, offsetting this harm with rights = global good
  • Legal - Identification: Digital Identity as a Function of the Nation-State
  •  Glossary and definitions (in progress, see below)
  •  References tidy and x-check
  •  Github vs Gdocs and required publication routes - Darrell O'Donnell said that this for Public Review - IPR reasons needs to be in github. Christine Martin will share process with group so that public review can be in github
  •  writing a blog post
    •  Concerns about audience with Github excluding people, can be 
    •  sankarshan concerns, enough has been done to seek external reviews, little new reviews, so need to draw a line and move forward in subsequent TF or wider community
    •  Pyrou also agreed.  Folks want it to be practical & specific, but does it need to be in this document.  
    •  sankarshan github is main review tool, following publication can use github for issues or provide feedback on PDF, those issues can then form a new version of the Doc.  Not like code, opinion rather than code, not immediately in the main branch.  Conversation not code.
  •  Separate documents: note in conclusion next steps.
  •  Pyrou - need alternative publication route than github because won't reach those it needs to.  
  •  sankarshan conversations will happen elsewhere, very specific use of Github in this initial review cycle.
  •  writing a blog post Pyrou will draft by end next week
  •  Readiness for IIW session - volunteer from Neil Thomson to host session if no others more closely involved with the work volunteer. Darrell O'Donnell and Neil Thomson to work together on hosting a session with key discussion points.

Key Terms for final version & publication

  •  digital identity ecosystems vs digital trust ecosystems vs distributed data ecosystems (Paul Knowles )
  •  identity harms vs human harms vs data harms
  •  harm prevention strategies vs harm accountability strategies vs harm reduction strategies vs harm countermeasures and mitigation strategies (Phil Wolff )
  •  SSI vs web 5.0 vs decentralized identity vs ....?
  •  Overcoming human harm challenges vs Reducing the costs of human harms 
5minsAOB & CloseNicky

Worthwhile effort! We are looking at this and considering in our designs

...

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minsNew intro's & updates

Turing Institute Trustworthy Identities Conference - Decentralization & Harms a constant strand, 

25 minsNew ArcNicky

Considering feedback and comments on the current drat of the white paper - suggested new arc/perspective as an alternative to 'ssi harms'

  • We spend all our time considering benefits of SSI we need now to look from another vantage point, the dark side of the moon if you will.  

Actually the far side of the moon is not dark at all, but it is different from the near side. See The far side of the Moon, photographed by Apollo 16 in 1972. It is much more crater-ridden than the near side of the Moon. Source https://en.wikipedia.org/wiki/Far_side_of_the_Moon.  Not all of the far side of the moon is invisible from earth due to a phenomenon known as libration "In lunar astronomy, libration is the wagging or wavering of the Moon perceived by Earth-bound observers and caused by changes in their perspective. It permits an observer to see slightly different hemispheres of the surface at different times. It is similar in both cause and effect to the changes in the Moon's apparent size due to changes in distance. "

This paper is like the Apollo 8 astronauts who were the first humans to see the far side in person when they orbited the Moon in 1968.  We are just mapping that side of digital identity which we all know is there and contributing to opening up debate and developing robust legal, technical, human experience and governance mechanisms for addressing this problem. e.g. https://privacyinternational.org/advocacy/4945/letter-global-csos-world-bank "We, the undersigned civil society organizations and individuals, urge the World Bank and other international organizations to take immediate steps to cease activities that promote harmful models of digital identification systems (digital ID). "

  • Then PEST model of harms with SSI mitigations & potential new harms or exacerbations
  • Then framework for understanding harms in digital trust ecosystems
  • Potential short/medium long-term activities is an Appendix as a starting point for discussions with other WGs in ToIP and wider digital ID community
  • Then Conclusions:
    1. budget attention and resources at every level 
    2. practical do tomorrow steps
      1. examining from the outside and considering the known harms of digital ID systems, include known harms in a risk assessment
      2. people matter - talk about ethics beyond 'value statements' or principles, test the HX not just of customers but also of team members and wider stakeholder communities. 
  • Call to action:
    • x-industry harms awareness, transparency and mitigations  - like 'fraud signals' ????
    • ??
  • Key Questions?
    • ???
  • Next Steps
  • Vision:  We can use this model to not just address or prevent harms, but to promote goods from digital identity systems, I guess that public goods are the antithesis of human harms
  • When technology makes ethical norms possible - just because we couldn't do something before because we had bad tech doesn't mean
  • Mitigate harms and magnify benefits
15minsPotential TitlesNicky

From discussion in HXWG

  • Neil Thomson 'online identity harms' 
  • Phil Wolff 'Can decentralization help with human harms?' 
  • Andrew Slack ‘Building towards a positive/safe/.. digital identity ecosystem’
    ‘On human/social harm challenges in digital identity ecosystems’
    ‘Overcoming human/social harm challenges in digital identity ecosystems’ Christine Martin Darrell O'Donnell  like this one
  • Separate doc = ACTIONABLE GUIDANCE FOR SSI IMPLEMENTORS & Policy Wonks!


From story Arc

Mapping the Far Side of the Moon: A new framework for understanding and mitigating the human harms of digital identity systems; ‘Overcoming the challenges of human harms from in digital identity ecosystems’

The Apollo 16 Paper: Considering human harms in digital trust ecosystem design / digital identity systems


Vision based:  

Do no harm: creating digital identity systems that serve the public good

On track for finishing 2nd draft end next week

Darrell O'Donnell and Christine Martin to do Foreward


...

TimeItemLeadNotes
5 min

  • Welcome & antitrust notice

  • Agenda review
Nicky

  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

10minsIntro's & UpdatesNicky

Eric Welton- discussions with Myanmar Responsible Business Coalition - tricky situation with hostile relationships in government - establishing a biometric identity - difficult choice as someone is going to do it.  Can we do it in a more responsible, less harmful way.  May be useful to have a session on this in this group.  Difficult ethical questions for the team.  Interesting presentation on how digital ID can be abused.

sankarshan- biometric topic seems to be settling down from aid organisations - have to use biometrics, main focus is now on mitigating harms.  Myanmar, Afghanistan and other examples.  Uganda for example, optimistic programme, under-enrollment.  (the harms of untrustworthy systems) - now starting w/genetic profiling!

"The genie is out of the bottle"

Jo Spencer Activity on NSW gov initiative - driving license initiative hacked, DNA & biometrics further reinforce the argument. 

  • We need to be better, we need to be very aware that the information we're sharing is not as secure as we'd hoped.  Law of Minimal Disclosure for Constrained Use.  Need to be cryptographically secured.  Driving new projects.  Victor Dominello  (NSW gov)  Inclusion focus on services for citizens, also allied with indigenous people programme.  Now an important process.  All exclusion factors considered (digital, literacy, social, political, disability, financial)

sankarshanMinimisation is not suitable for some interactions, e.g. Medical Records - much more important for secure and trustworthy data payload /  exchange.  Also Financial Transactions not very well suited to VC's.

Jo Spencer use of verifiable presentations which present derived data.

sankarshan taxonomy & semantics - quality & classification of data also needed

VC's are not the solution for many forms of data.  

Biggest harm is derived data sets from small data sets.

Eric Welton  - Use cases - all non-cash transactions will be exposed to government, e.g. national security / tax collection is given as purpose coming in ??.  Remember problems of correlation highlighted by Daniel Hardman

Also use case of VCs to convey health information - presentation that key emergency information for medical purposes (e.g. in accident) - could use biometrics to unlock the data for emergency responders.  VC is a PDF - convenience / emergency service.  Similar to ICE contact, could have ICE Credential. Could be linked to IATA - Good Health Pass

sankarshan Must be freeform data.  Accept that this is a new attack surface.  

John Phillips Humanitech conference - could be some good material & input to this discussion.  Great discussion and material. I'm now seeing an obvious connection between this work, and the work of the Humanitech organisation here in Australia (founded by the Australian Red Cross) who have been thinking about how they might "ensure frontier technologies benefit people and society". I was at, and spoke briefly, at their 2022 conference (https://humanitechsummit.org/2022/) - they've been considering the potential harms of the mis-application of frontier technology for some time.


5minsActionsNicky
  •  Nicky to try again to get the Me2B Alliance Harms Dictionary in xls format for analysis
  •  Nicky to see if there is a different cadence or timing for APAC meetings
15minsAGENCY Nicky

Review of notes and insights from the AGENCY talk at HXWG last week.  Here is the wiki page 

On fake news (and news) there's a good 20 mins conversation from Davos hosted by Polkadot -

Widget Connector
urlhttp://youtube.com/watch?v=eCI0GizV6QY

Rumsfeld Structure to scope  "Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones.[1]" (Source: Wiki)

Also for discussion see this Miro Board

  • differentiate between data exchange and identity as legal identification
  • See comments in Miro Board
  • Agree importance of Unknown Unknowns and use of resilience / vulnerability context relationships
20minsStoryboard Next StepsPhil

NEW (Google Slides): https://docs.google.com/presentation/d/1Y404nJpSOkJFK5pc2aYUmJtrXtCkwcx-eIMC9ZMC0DU/edit?usp=sharing

Phil has transferred to a G-DOC https://docs.google.com/document/d/151cqN0HY-ECmGwcS_SSBCeCHtszuwGyQebLRJq8sODA/edit?usp=sharing which contains the same material but in a doc format


5minsAOB Nicky

...