2022-04-07 HXWG Meeting

16.00 UTC = 9:00 PT = 12.00 ET =18:00 CEST = 21:30 IST Zoom Meeting Link https://zoom.us/j/99429712733?pwd=K214bTM4cG54YzZYVnZCL1I5MEdQQT09

Meeting Recording

Main Goal of this meeting:  Agree next steps on informed consent

AttendeesKalin Nicky Hickman Burak Serdar Phil Wolff Drummond Reed Shireen Mitchell Mark Lizar Kaliya Young Judith Fleenor


TimeItemLeadNotes
5 min
  • Welcome & antitrust notice

  • Agenda review
Kalin
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

10 minsIntroduction of new members & UpdatesAll

Intro's

Burak Serdar - in ToIP co-chair of privacy & risk TF and active also in ISWG, work is on domain of privacy & semantics - we develop tech that mainly deals with healthcare.  Here because heard the phrase 'contextual consent'.

Updates:

  • BGBU TF update
  •  The YouTube of Amber Case is now up on our YouTube Channel
  • Expert Series Request:  User Experience Best Practice
  • Wallet session with examples from members?
  • UX of ID of Things - interesting session where interacting with machines where no obvious 
  • Identity overload & cognitive burden associated with decision making
  • Use of AI Bots to manage complex conversations w/data, agent as assistant to you and assistant to a guardian, could learn about you as you're young and growing up, managed by a guardian, then might be used 

Forthcoming Expert Series:

New Date: May 5th :    “How Might we Design Consent Experiences for Data Sharing?” 

Dr Arianna Rossi  & Xengie Doan both from the Interdisciplinary Center for Security, Reliability and Trust (SnT) at the University of Luxembourg

May 19th   AGENCY Project: Reducing complex online harms using user-centred tech and governance - title TBC

Dr Karen Elliot (Associate Professor & Senior Lecturer in Enterprise/Innovation (FinTech)) & Professor Aad van Moorsel (Professor of Distributed Systems) both from Newcastle University (UK).

10min

Follow up on Actions & Decisions from the last meetingKalin
  • Andrew to help comms-committee with YouTube top & bottom for Expert 1 - Lisa
  • Andrew to do the edited 2nd Expert - Amber Case - see Comms Committee G-Drive, Video Creation Folder
  • Nicky to send Judith Announcement Article for HXWG include SSI Harms TF, Expert Series forthcoming
  • Jim StClairto share use case / case study
  • Phil Wolffto outline potential blog post
  • Nicky Hickmanto add HX Terms Wiki
10 minsUpdates on other deliverables
  • The Steering Committee is working on a list of Goals for 2022.  To that end, I would love to hear from you about what the HXWG, plans to accomplish in 2022.  What artifacts, deliverables are you targeting for completions in 2022?  What other specific measurable results are you hoping to accomplish in your working group this year.  We are working toward having a coherent story of how the work of the working groups cross over to support the work or other working groups and the over all goals of ToIP.
    • Video update - Nicky is purchasing the video content and donating to ToIP
    • BGBU paper
    • Scenario-building (Andrew & Bentley)
    • Review the deliverables document (Andrew)
    • Expert Series
    • Respectful Tech Resources
    • Notice & Consent Collaboration?
  • x-Pollination
  • Overall Goals of ToIP

Discussion: 

  • smaller more achievable deliverables is better than big single one or two
  • consistent stream of conversations - always place for coming to exchange ideas on the topic and feel it's edges
  • still a 101 layer to cover basic topics, keep capturing and keeping stock and responding to the needs & questions of the needs of the community.  e.g. conversations w/ machines or identity overload.
  • small contained items & x-pollination w/other groups
20 minsInformed Consent CX / UX - collaboration with the Notice & Consent TFNicky
  • Discussed last time:  Informed Consent (Jim St Clair) potential link with Notice & Consent TF from ISWG
  • Is there a joint piece of work / deliverable that would
    • Defining terms related to trust, trustworthiness vs assurance, consent vs permission. Human meaning vs Computer meaning
      • CTWG - 3 layers of terminology - market facing (fewest terms broadest reach - lowest register terms,  EG Browser, website), business & product terminology (transaction - biz decisons, e.g. SEO), engineering & legal terminology (greatest precision, more terms, less understandable to general audiences).
      • Market terms = human terms= most difficult to define and agree on
      • Terms can be built and evolved e.g. SSI
    • Defining the human problem
      • e.g. consent fatigue in healthcare
    • Defining how socio-tech solutions could solve it
      • e.g. consent bot
    • Rumsfeld questions for research agenda?
      • known unknowns
      • foresight
      • constraints on adoption
  • Jim StClair has a use case he can share
  • Consent TF - 'do track' what might consent 'look like online' - Digital Services Act - EU - transparency obligations.  For trust & HX - transparency needs to be proportionate.  ISO SE27 now consent receipt is in standard - conformance tool, international standard for transparency or for a way for people to assess transparency.  Mark Lizar is part of DIAC and have SIG creating an eIDAS gateway in canada.  Will look at the adequacy of transparency in eIDAS, PCTF, ... looking at common defaults, presented at identity North and showed case for standards in decentralized model to replace T's & C's services.  
  • Also working on differential transparency, to see differential vs baseline norm
  • HXWG contribution
    • Defending against dark patterns
    • Semantics of consent to a purpose or permissioning use of a credential - terms - market facing / human-facing terms, governance driven business legal & technical - governance.  "BOLTS" as business, operational, legal, technology, societal.
    • Transparency is the key word - notice & consent is a legal requirement for transparency - very important for trust registries like civil registries .
    • Trust is hard to earn & easy to lose.
    • Semantics of business assurance is better used for people
    • Should HX be another layer in CTWG layer?  
    • Mark Lizarhas been working on idea of privacy cafe - explaining using analogy of visiting a foreign coffee shop
    • Controls accord to personal terms.  Transparency of authority - you should have defaults of individual rather than of businesses.
    • Problem:? Tim Bouma perspective: ToIP stacks are vehicles for public policy makers (gov, ngos, etc.) to apply social norms and societal tooling via laws/regulations.
  • Continue conversation - nail micro-deliverable - e.g. use cases or proposals
  • Notice & Consent TF focus on connecting tech & standards
    • Notice Controller Credential contributing to ISO & W3C - SSI controller credential generates receipts.  Research for providing consents and receipts for age-appropriate design
    • add validator architecture (e.g. notary) - supports compliance requirements 
  • Work on use case - rock star parking - super set of benefits!
5Wrap-up / Action Items