HXWG last week - review of harms model

Drummond Reed commented this paper much needed

Nicky Hickman to x-check w/drummond key questions/ issues & drivers for this paper

Judith Fleenor asked what we were working on

• Phil Wolff Whitepaper + blog post - aim to look at what SSI does for systemic harms associated e.g. w/over vs under identification and aim is to provide tools for the community to prevent harm and consider in their work
• Focus on product, management and engineers who want to prevent harm ie for the ToIP community
• Not general public
• Judith Fleenor reminded us that there is the generic

HXWG update on Weds 20th - Phil Wolff Phil to do Harms TF slide

Harms White Paper Draft  Phil Wolff 

• sankarshan commented that there is an IIW special topic meeting Tuesday 9th August "Digital Identity Across Asia" Pyrou & sankarshan to do session on Harms

HXWG update at all-hands; Question regarding terms that we understand and assume sankarshan to add link to document

Expert Series - review and comment

Task Force BGBU / SSI Harms

USA / EU / Africa  Every Alternate Monday

9:00 Pacific / 12:00 Eastern / 16:00 UTC

Next call is Monday 1st August, then a break until Monday 12th September

Asia & Australasia Every Alternate Thursday

18:00 AEDT / 13:00 Indochina / 11.30 IST / 6:00 UTC

Next call is Thursday 4th August, then a break until Thursday 16th September

Harms White Paper Draft  Phil Wolff 

• use of 4/4 matrix not useful - just use headlines like ' Digital ID comes with known harms'  - remove 'known-knowns'
• See points in Philip Sheldrake https://www.linkedin.com/pulse/digital-identity-human-matters-philip-sheldrake/
  • Pyrou commented that in region WB pushing digital identity ID4D, developmental drive in region to use digital identity as a development aid - will 'solve poverty issues' - loose argument - no strong alternatives to WB model.  SSI can be a strong alternative to centralized models, but no strong activists influencing policy.
  • sankarshan many digital identifiers are framed as 'public goods' but don't have a sustainable economic model, problem creating s/w marketplaces without durability.  Most digital ID schemes are state-funded, reinforces sustainability, also in India based on facial recognition & biometrics; problem of changing embedded systems, processes and AI which reinforce these structures of power.  Worrying - the entire premise has not been challenged, no strong and viable alternative.  No consultative process.
  • Pyrou - no ability to say 'no' (Participation Principle is not observed); - embedding digital ID as a social norm, there are still Indian communities - tribal group recognised as 1st People, see commons in forest vs property - government appropriates the forests to access sustainability funding - digital recording of the - transfer of capital = transfer of power.  
• Qualitative differences between SSI & other ID tech?
• No calibration or measurement of harm from implementation of SSI
• Our definition of harm might be different from other definitions of harm e.g. variance from self-sovereignty
• Are here unintended consequences of doing things as we normally do them for IAM e.g. WEIRD models of identity in west vs other parts of the world
• risks of cultural imperialism through tech

Judith Fleenor commented that we needed to ensure that the white paper that enabled members to 'get stuff done', other ideas about the socio-cultural issues are a 'thing to think about'

Technology is not agnostic, it is political.  

Because of corruption - central authorities / governments are not 

Man is moral and SSI is a kind of moral technology - we are not neutral the status quo is insufficient - this is a better way. 

sankarshan Still need the basis even if this is socratic then build on the steps, still needs to be rights-based and addresses concerns

Dangers of 'othering the problem' - being more direct 

comms of the paper would be a series of blog posts a) harms embedded and scaling of harms; b) concept of legal identity vs digital identity c) other ways of using SSI to express human identity

Phil Wolff why should I care; b) characterising the harms; c) theory of how to frame harms d) turning concern to action, e) budget e.g. for harms assessment 

Judith Fleenor considered edge communities can create new harms to current power base (ie those that are currently benefiting) - zero sum game

There is now a terms wiki and we should use a # for SSI Harms  =  #harmtf  (see conventions)

Here is the document to start working with for ingestion Working Document HXWG Terms

Eric Welton- discussions with Myanmar Responsible Business Coalition - tricky situation with hostile relationships in government - establishing a biometric identity - difficult choice as someone is going to do it.  Can we do it in a more responsible, less harmful way.  May be useful to have a session on this in this group.  Difficult ethical questions for the team.  Interesting presentation on how digital ID can be abused.

sankarshan- biometric topic seems to be settling down from aid organisations - have to use biometrics, main focus is now on mitigating harms.  Myanmar, Afghanistan and other examples.  Uganda for example, optimistic programme, under-enrollment.  (the harms of untrustworthy systems) - now starting w/genetic profiling!

"The genie is out of the bottle"

Jo Spencer Activity on NSW gov initiative - driving license initiative hacked, DNA & biometrics further reinforce the argument. 

• We need to be better, we need to be very aware that the information we're sharing is not as secure as we'd hoped.  Law of Minimal Disclosure for Constrained Use.  Need to be cryptographically secured.  Driving new projects.  Victor Dominello  (NSW gov)  Inclusion focus on services for citizens, also allied with indigenous people programme.  Now an important process.  All exclusion factors considered (digital, literacy, social, political, disability, financial)

sankarshanMinimisation is not suitable for some interactions, e.g. Medical Records - much more important for secure and trustworthy data payload /  exchange.  Also Financial Transactions not very well suited to VC's.

Jo Spencer use of verifiable presentations which present derived data.

sankarshan taxonomy & semantics - quality & classification of data also needed

VC's are not the solution for many forms of data.  

Biggest harm is derived data sets from small data sets.

Eric Welton  - Use cases - all non-cash transactions will be exposed to government, e.g. national security / tax collection is given as purpose coming in ??.  Remember problems of correlation highlighted by Daniel Hardman

Also use case of VCs to convey health information - presentation that key emergency information for medical purposes (e.g. in accident) - could use biometrics to unlock the data for emergency responders.  VC is a PDF - convenience / emergency service.  Similar to ICE contact, could have ICE Credential. Could be linked to IATA - Good Health Pass

sankarshan Must be freeform data.  Accept that this is a new attack surface.  

John Phillips Humanitech conference - could be some good material & input to this discussion.  Great discussion and material. I'm now seeing an obvious connection between this work, and the work of the Humanitech organisation here in Australia (founded by the Australian Red Cross) who have been thinking about how they might "ensure frontier technologies benefit people and society". I was at, and spoke briefly, at their 2022 conference (https://humanitechsummit.org/2022/) - they've been considering the potential harms of the mis-application of frontier technology for some time.

Review of notes and insights from the AGENCY talk at HXWG last week.  Here is the wiki page 

On fake news (and news) there's a good 20 mins conversation from Davos hosted by Polkadot -

Rumsfeld Structure to scope  "Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones.^{[1]" (Source: Wiki)}

Also for discussion see this Miro Board

• differentiate between data exchange and identity as legal identification
• See comments in Miro Board
• Agree importance of Unknown Unknowns and use of resilience / vulnerability context relationships