Meeting Page - BGBU


2022-12-08 BGBU APAC TF Meeting

7.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Pyrou Chung; Nicky Hickman 

TimeItemLeadNotes
5 mins
  • Welcome & antitrust notice

  • Agenda review
Nicky
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

  • Join ToIP if not already a member
    • Consent to meeting recording?
10minsIntro's & UpdatesNicky

Update on Wallet TF - New Wallet Interactions & Patterns TF to work on patterns of design for wallets, aligns with Open Wallet Foundation (A Linux Foundation Project).

Judith Fleenor has started recruiting, Accenture, Trinsic - needs to work for them as well.  Alta Nel

Rimma Perelmuter - Trust in Tech consultancy, focused on human centred design and trust that works for the digital economy.  

20minsHarms TF update & next steps discussionNicky

Permanent Link to Harms Paper

IIW Session Notes: 

Elisa Trevino is putting it on github

Terms Wiki is done but - Glossary is not updating 

Judith Fleenor - We need to make sure that anyone who comments into the Public Review Process, then must join ToIP.  Could be able to do so through gdocs as this is a paper not a specification. 

Can do on Github or gdocs.

Phil Wolff    Blog post missing contributors, call to action. Name on acknowledgements. Nicky Hickman to update

Pyrou Chung - key is the so what question?  Different perspective from people's perspective.  EG school identity system for children - case study - how could we use the paper to structure and apply.  How do you apply this framework to assist in improving their digital identity system - Nicky Hickman to do cheat sheet, practical guidance, then apply to school.  International school in Thailand, have multiple jurisdictional requirements. Legal advice is they comply, but their rights are not respected especially for non-thai students.

Technical view?  Consent process but no data policy? Legal complications  pre/post-covid.  Their policy is not compliant with basic principles of privacy, failure consent = no school access.  Pyrou wrote to the principle and asked the data to be removed and find a way for her son to access the school.  Confusing issues:  security, access control, attendance.  Most of issues are not technical but are knowledge gaps, overlaps in user data for different and overlapping purposes. What is it used for?  ie Purpose?

Is public task applicable?  In a private school public task is not applicable.

Main issue is probably knowledge gaps - concerns about digital security among other parents, but most are unlikely to speak up.  Especially Chinese, they are fleeing oppressive regime, so they devise work-around's - jump the gate!  What are the protocols for intruder?  If indeed it is for security.  Biometric system.  

Thai government requires school to share the data with them for 'national security purposes' - risk for many who are in Thailand as they are at risk if identified.  Diaspora from all over the world.  Visa can be revoked, school can be implicated in this.

Next Steps:

January All Members Meeting - presentation open to others.  Special Topic.

X-pollination for Q1 - How can we work with you. inside ToIP

Phil Wolff outreach beyond ToIP and convening, still need some form of ongoing community effort.

Judith Fleenor must come from the WG., potential for SIG.

Judith Fleenor consider outreach to other identity communities

When is public review over?  30-60 days after the January All Members Meeting.  

BLOG - How and why should my company step up?

Next communications committee meeting is next Friday 9th December - approvals can be done via email.   

  • Implementation Guide & Technical Requirements; Cheat sheet and case study with Pyrou

The following must be sent to HXWG channel, could step out of the acknowledgements for those named in blog post. (Nicky Hickman )

Nicky Hickman sort out glossary, also set up the document for comment in g-docs for non-github route.

20mins2023 objectives Kalin

meeting cadence & timing, APAC inclusion.  Pyrou would like to continue to contribute to the community, Nicky Hickman to poll the APAC members to find an alternative time.

HX focus on Wallet TF

Business Scenarios workshop?

5minsAOB

2022-11-24 BGBU APAC TF Meeting

7.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Jill Bamforth, Nicky Hickman 

2022-11-21 SSI HARMS BGBU TF USA/EU TF Meeting

19.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Phil Wolff Christine Martin Neil Thomson Nicky Hickman 

Agenda:

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minNew intro's & Updates

Update from IIW.  Here are the notes that Neil Thomson took in the session that he and Darrell O'Donnell ran at recent IIW 35

Darrell brought up a series of topcis, new to topic, about 20 people including some heavy hitters, many will be looing at the notes and as an 'unoffical steal'!  No big gaps, turning minds to blocking or mitigating.  How do we make it easy for people to make the right choices.?  What kind of message do we want to send to technical thinking.  Receptive overall to incorporating thinking but not much certainty as to what that looks like at that point.  Need to make it clear to policy makers, but you cannot hope that the tech will solve, the tech alone cannot overcome the harms. 

Phil Wolff concerned that there is a gap between very technical principled idea of how this should work and everything that happens downstream. Separated by time, jurisidiction, etc, very difficult to imagine that this has any kind of negative externality.  Not obvious, and if they do see it why is it my concern vs others' concern

Neil Thomson commented that there is definitely a tension to make it usable but at what point do you want to protect the tech that is useful without constraining the tech itself.

Phil Wolff suggested a list of harms and countermeasures that is very specific as an appendix.  Christine Martin suggested a good idea.

Neil Thomson suggested a companion document with existing mitigations and other suggestions.  Very precise definition of harms.

Phil Wolff commented that first had to get community buy in to the fact of negative externalities, then we are inviting others to participate in harms work, quantifying risk and growing knowledge.  Processes fro quantifying risk and being accountable need to include human harms.  Not walk through the architecture, but an agreement that this is a necessary process.  Concensus that there is a problem is the call to action from this paper.

Neil Thomson consensus from Canada is also starting on things like filtering for those under 18 years.

follow up at next IIW requested.  

10minsmechanics on paperNicky

Terms Wiki is done -  https://github.com/trustoverip/hxwg/wiki, forced to be much more specific about the terms that we use, and should have been done before the public version.  IE the glossary in the pdf version is not correct.

Paper is in PDF version

md version is under development. Definitely talk to Andor/Anti. Can help get in github properly

md version now complete in folder ready for github, Elisa Trevino is going to help Nicky with github.

30minsblog post & other follow upsNicky

Blog for development is here:  Phil also has written Negative Externalities and will add to blog - this is an excellent approach No.1 = Houston we have a problem!

Phil Wolff has already added some things, and Pyrou Chung has offered to contribute.

Jill suggested a set of guiding principles to support designers and implementers because environment is changing so quickly, we can easily test these principles.  Can we find principles also with diverse examples of their application.  EG Bills of Rights, Hippocratic Oath applies almost everywhere and accepted.

Common values = challenge - e.g. strict Muslim vs freedom from persecution for sexuality.

Comes back to ethics - gets embedded in politics and legal views.  EG Jill lived in many countries, how do you form that common bond = Family.

Depends on environment, context.  Recognition that application of principles in the context in which it sits.  EG China, see chinese first then British or Australian second, speaks to a fundamental view of how they view their identity.  So e.g. in Australia, must give up your Chinese PP to become an Australian national.  Chinese Gov imposes rules not Australian. Analogous with tudor period Catholic vs Protestant/Anglican. Can't have 1st master as Pope, consider purgatory, links are similar today - e.g. soul=land for indigenous people, very different approach to the land in Western mindset.

APO suggested by Jill  https://apo.org.au/ once paper is ready could be useful to add to this resource.  If in different state, what needs to happen?  Would open up to many others.  Read by gov and industry.  Could be a way to promote to a broader audience. 

Get researchers together to bring our next steps for research - going deeper on wicked problems.  Theoretical and practical contribution is needed.  Where does it fit into theoretical vs practical thinking. Identify the nutty issues, then find PhD students to explore in depth. Also on the ground studies.  Maybe working to build a student/researcher community to bring others together.

Jill's extensive and thorough commentary is here. can serve as a basis for next steps on research side.

5minsClose & ActionsNicky

Nicky Hickman to outline checklist document

Nicky wanted to publicly acknowledge Phil Wolff 's enormous contribution to this paper, would not have happened without him.

Target Monday for publication date to accommodate Thanksgiving. 

Nicky to coordinate with Judith to arrange open event - for inclusion in blog post for call to action.  Join us - specific topic to review harms and strategies together and figure out next steps as an organisation/ community.



2022-11-10 BGBU APAC TF Meeting

7.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: sankarshan Nicky Hickman Pyrou Chung

2022-11-07 SSI HARMS BGBU TF USA/EU TF Meeting

19.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Nicky Hickman Darrell O'Donnell Christine Martin Neil Thomson 

Agenda:

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minNew intro's & Updates

Darrell O'Donnell will be at IIW, 

Neil Thomson co-chair of Data Modeling &___ WG authentic data vs authentic identity, follow on from ISWG many others on same track, triangle similar to issuer, holder, verifier, but different. One issuer, thousands of data providers.  How are these sources and issuers different? what denotes authenticity, consent etc - how do these fit together  e.g. DIF Data Agreements Group, same with Consent, discussions about the process/agreement, but not about the data.

40minWhite Paper Review key questionsNicky

Many reviewers and excellent comments on the paper  leading to improvements on the paper.  Many discussions needed going forward, further work.

Continuing the discussion: Overcoming Harms_Further Discussion Document, initially including detailed and thought provoking commentary from Jill Bamforth.  

Progress against ToDo's

  • take out the moon analogy, Thank you Phil Wolff 
  • move frameworks to appendix & trim
  • simplify and clarify text
  • improve exec summary so that it is a 2min useful read - Darrell O'Donnell looking into. following incorporation of additional community comments
  • remember to add in Pyrou's Dusun people case study
  • draw out the flip side of benefits
  • add business case (Phil Wolff )  Important point about the commercial so-what, Nicky Hickman noted that harms are costs, a similar question to  Michael Becker who asked for thoughts on an article Personal Data Damages: A Reflection on Major vs Micro Concussions

 "A colleague asked me a question today "do you have a personal data harms stat that you can share that will help me shake up an executive? A stat that is so blatantly damaging that it will compel them to invest in the development of personal information management solutions and lean into being a personal information economy leader." 

Harms are costs: they cost businesses billions in customer services, abuse management systems, security, fraud management, reputational damage and opportunity cost. At the same time they cost every public purse billions mopping up the after-effects e.g. healthcare, benefits, national cybersecurity, ... As soon as that senior exec realises that the microharms not only impact his bonus, but also his taxes your friend will have his attention!  Energy concerns also adding in Environment section.  Energy & Resource costs of Tech, how do you reduce those harms. 

Is there a business case for addressing harms, or is it a moral endevour?

Darrell O'Donnell - need concrete examples.  Impact on employees of firms.

Neil Thomson - many things that may be done are additional benefits of using SSI, security benefit.  Future-proofing also a benefit, freebies by adopting SSI.

  • change PEST to PESTEL adding in environmental and legal categories (Jill Bamforth, sankarshan )
  • Politics - Manipulation: Digital Identity and Democracy  REQUIRES DISCUSSION
    • include uncomfortable comments and statements
  • Economics - Datafication: Digital Identity as a Means of Production
  • Society - Fragmentation: Digital Identity and Globalisation
  • Technical - Innovation: Digital Identity and Efficiency
  • Environmental - Dissociation: Digital Identity and Anthropocentrism REQUIRES DISCUSSION
    • Pyrou - environmental and economic costs, draw out role of indigenous people in stewardship of carbon sinks etc, legalising displacement, double effect, harming them as people and also create more environmental harms.  EG Carbon sequestration, environmental degredation, offsetting this harm with rights = global good
  • Legal - Identification: Digital Identity as a Function of the Nation-State
  • Glossary and definitions (in progress, see below)
  • References tidy and x-check
  • Github vs Gdocs and required publication routes - Darrell O'Donnell said that this for Public Review - IPR reasons needs to be in github. Christine Martin will share process with group so that public review can be in github
    • Concerns about audience with Github excluding people, can be 
    • sankarshan concerns, enough has been done to seek external reviews, little new reviews, so need to draw a line and move forward in subsequent TF or wider community
    • Pyrou also agreed.  Folks want it to be practical & specific, but does it need to be in this document.  
    • sankarshan github is main review tool, following publication can use github for issues or provide feedback on PDF, those issues can then form a new version of the Doc.  Not like code, opinion rather than code, not immediately in the main branch.  Conversation not code.
  • Separate documents: note in conclusion next steps.
  • Pyrou - need alternative publication route than github because won't reach those it needs to.  
  • sankarshan conversations will happen elsewhere, very specific use of Github in this initial review cycle.
  • writing a blog post Pyrou will draft by end next week
  • Readiness for IIW session - volunteer from Neil Thomson to host session if no others more closely involved with the work volunteer. Darrell O'Donnell and Neil Thomson to work together on hosting a session with key discussion points.

Key Terms for final version & publication

  • digital identity ecosystems vs digital trust ecosystems vs distributed data ecosystems (Paul Knowles )
  • identity harms vs human harms vs data harms
  • harm prevention strategies vs harm accountability strategies vs harm reduction strategies vs harm countermeasures and mitigation strategies (Phil Wolff )
  • SSI vs web 5.0 vs decentralized identity vs ....?
  • Overcoming human harm challenges vs Reducing the costs of human harms 
5minsAOB & CloseNicky

Worthwhile effort! We are looking at this and considering in our designs

2022-10-27 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Nicky Hickman sankarshan Pyrou Chung

2022-10-24 SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: :Nicky Hickman ;  Phil Wolff Jacques Bikoundou Darrell O'Donnell Trev Harmon Christine Martin Erran Carmel

Agenda

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minNew intro's & Updates

Trev Harmon Technical director at ID2020 and have been involved w/SSI community for some years previously at Evernym.


40minHarms Paper

the paper  

Phil Wolff huge input to the paper and many hours commenting and improving

Nicky Hickman commented that some technical folks were still struggling with utility, hopefully implementation guide and technical requirements.

Phil Wolff commented that the reverse of harm is increased benefit, have not sufficiently emphasised this connection with entrepreneurial ambitions.  Nearside / farside helps with this but not enough start-up / entrepreneurial culture.   We have natural bias for hope and good things.  Example of new market opportunities by building for the need.  Talk to their professional values, this is a framing challenge

Main comments needed on Part 3 of the paper.

Trev Harmon has 4.5 pages of notes at ID2020 will provide actionable feedback.

General impressions focused on the frameworks e.g. STS, curious as to why it was chosen and then modified.  Some places where systemic to society not identity specifically. Disconnect between the harms that occur and how SSI mitigates / exacerbates some sections stronger than others.  Some seem overly reductive. P19 last paragraph, connection between philosophical sides and action side especially quoting chinese or indian philosophy without any citations or support

Offered several recommendations on improving connections in text to be more straight forward.  good to be working on this to avoid future harms from SSI. 

Darrell O'Donnell lots of explanations in document not quick and fast enough.  

Nicky Hickman  need to reduce paper and make it more useful and more accessible to different types of readers. e.g. add requirements section at the end.  e.g. remove moon analogy

Trev Harmon the key elements are being buried behind the frameworks

Phil Wolff suggested added frameworks as appendices.  Return to simpler approach, 

  • these are the harms, this is why you should care, then discuss what to do next as implementers.

Trev Harmon suggested that systemic issues shouldn't go away from discussion but perhaps not right in same document.  Some of the harm discussion was shorter than it needed to be, some of frameworks longer than it needed to be.

Phil Wolff frameworks might help for systematic modelling of harms.  Concerns many aspects of organisations in public / private sector.   A framework for building on what you already have, should be advantageous, maybe as a separate blog post.  Should not miss opportunities to identify harm.

Nicky Hickman will 

  • take out the moon analogy
  • move frameworks to appendix & trim
  • simplify and clarify text
  • improve exec summary so that it is a 2min useful read
  • remember to add in Pyrou's Dusun people case study
  • draw out the flip side of benefits

Trev Harmon will join the group to contribute to this work.

Neil Thomson It's a great document - leave it alone and make it as a background document. Build one or more new documents from the different perspectives/audiences who will consume it.  I am outside comfort zone, there are things that are harms not because of tech or intent but because of things outside our control. In discussing Harms, it would be helpful to flag which harms are within the SSI technology and governance stacks ability promote and support harms avoidance and reduction, and which are outside of ToIP's scope (e.g., political).

Phil Wolff said we wanted to point out that you are also responsible for some of the negative externalities that occur.  Because includes governance stack these should be addressed by the ecosystem as a whole. e.g. harms surveillance, or by regulators in terms of compliance. 

Neil Thomson highlighted the Canadian CIO Council's draft standards that identifier issuers are currently defined as only governments or other government-accredited institutions such as banks. It has not yet adopted the option of individuals creating an SSI verifiable identifier through a 3rd party (Sovereign Identity vs. Self-Sovereign Identity). SSI Governance must be careful not to make the assumption that adopters will enact all technical or governance aspects of ToIP's view of SSI.

sankarshan commented that the paper was ready and happy with where we were.  Provides bridge of gap for rationale for design change.  Also that SSI systems should not be implemented as overlay on existing designs.  If anything should go in appendices then should be implementation.

Pyrou commented that divergent comments in one paper. Paper in a good spot, as a non-technologist I found it difficult to read, but frameworks helped with thinking.  What are harms, where they are and some modalities on how to think about them.  We achieved what we set out to achieve.

sankarshan technologists are missing the implementation guide & tech spec but this is not the role of the white paper.

Presents enough of a robust set of knowledge so that they can support choices and explain choices in design , aligns well with phase 1 of ToIP, ie philosophy, then phase 2 is more towards the implementation.

Pyrou:  need to be out and moving on with other work.

Final comments by 11th November. Nicky's checklist above!

2022-10-13 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Nicky Hickman Pyrou Chung

2022-10-10  SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: :Nicky Hickman ; Judith Fleenor 

Agenda

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minsIntro's & UpdatesNicky
40minsRevised PaperNicky

The 0.2 version is here 

Discussed presenting for internal ToIP review on 19th October. 

Nicky to finish by Monday.

2022-09-29 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees:  Nicky Hickman - meeting finished at 20 past due to no other attendees!

2022-09-26  SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: : 

Agenda

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minsNew intro's & updates

Turing Institute Trustworthy Identities Conference - Decentralization & Harms a constant strand, 

25 minsNew ArcNicky

Considering feedback and comments on the current drat of the white paper - suggested new arc/perspective as an alternative to 'ssi harms'

  • We spend all our time considering benefits of SSI we need now to look from another vantage point, the dark side of the moon if you will.  

Actually the far side of the moon is not dark at all, but it is different from the near side. See The far side of the Moon, photographed by Apollo 16 in 1972. It is much more crater-ridden than the near side of the Moon. Source https://en.wikipedia.org/wiki/Far_side_of_the_Moon.  Not all of the far side of the moon is invisible from earth due to a phenomenon known as libration "In lunar astronomy, libration is the wagging or wavering of the Moon perceived by Earth-bound observers and caused by changes in their perspective. It permits an observer to see slightly different hemispheres of the surface at different times. It is similar in both cause and effect to the changes in the Moon's apparent size due to changes in distance. "

This paper is like the Apollo 8 astronauts who were the first humans to see the far side in person when they orbited the Moon in 1968.  We are just mapping that side of digital identity which we all know is there and contributing to opening up debate and developing robust legal, technical, human experience and governance mechanisms for addressing this problem. e.g. https://privacyinternational.org/advocacy/4945/letter-global-csos-world-bank "We, the undersigned civil society organizations and individuals, urge the World Bank and other international organizations to take immediate steps to cease activities that promote harmful models of digital identification systems (digital ID). "

  • Then PEST model of harms with SSI mitigations & potential new harms or exacerbations
  • Then framework for understanding harms in digital trust ecosystems
  • Potential short/medium long-term activities is an Appendix as a starting point for discussions with other WGs in ToIP and wider digital ID community
  • Then Conclusions:
    1. budget attention and resources at every level 
    2. practical do tomorrow steps
      1. examining from the outside and considering the known harms of digital ID systems, include known harms in a risk assessment
      2. people matter - talk about ethics beyond 'value statements' or principles, test the HX not just of customers but also of team members and wider stakeholder communities. 
  • Call to action:
    • x-industry harms awareness, transparency and mitigations  - like 'fraud signals' ????
    • ??
  • Key Questions?
    • ???
  • Next Steps
  • Vision:  We can use this model to not just address or prevent harms, but to promote goods from digital identity systems, I guess that public goods are the antithesis of human harms
  • When technology makes ethical norms possible - just because we couldn't do something before because we had bad tech doesn't mean
  • Mitigate harms and magnify benefits
15minsPotential TitlesNicky

From discussion in HXWG

  • Neil Thomson 'online identity harms' 
  • Phil Wolff 'Can decentralization help with human harms?' 
  • Andrew Slack ‘Building towards a positive/safe/.. digital identity ecosystem’
    ‘On human/social harm challenges in digital identity ecosystems’
    ‘Overcoming human/social harm challenges in digital identity ecosystems’ Christine Martin Darrell O'Donnell  like this one
  • Separate doc = ACTIONABLE GUIDANCE FOR SSI IMPLEMENTORS & Policy Wonks!


From story Arc

Mapping the Far Side of the Moon: A new framework for understanding and mitigating the human harms of digital identity systems; ‘Overcoming the challenges of human harms from in digital identity ecosystems’

The Apollo 16 Paper: Considering human harms in digital trust ecosystem design / digital identity systems


Vision based:  

Do no harm: creating digital identity systems that serve the public good

On track for finishing 2nd draft end next week

Darrell O'Donnell and Christine Martin to do Foreward


2022-09-15 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Oskar van Deventer sankarshan Nicky Hickman 

2022-09-12  SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: : Phil Wolff Nicky Hickman Darrell O'Donnell Christine Martin

Agenda

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minsNew intro's & updates

Phil Wolff FTC public hearing on online harms (link) - 5 hours long so anyone who listens and can summarise - please share.

sankarshan will take a look


40minsReviewing sections of paperNicky

Great discussion and feedback on ROUGH draft of paper overall - CONCERNS and arising discussion points

  • Audience (highlight to policy makers & social scientists) & Purpose
  • Oskar van Deventer from perspective of standards, then need to see standards requirements. = Security standards, legal, interop, technical standards, syntax & semantics for a particular type of VC. especially VC's for verifiers, e.g. service providers asking for verification = License to Verify, being explored in Europe and maybe this should be a clear starting point to prevent ordinary citizens to verify.
  • Tech work address w/ a tech group at ToIP? 
  • Scope and whether or not there are specific harms from SSI
  • Using the word 'harms'

@philwolff  commented that remove SSI & Harms in same sentence.  As scope expands - expect harms to arise - thinking about 'the  precautionary principle' earlier is better.

  • Using stories especially A-Bomb Story - 
  • Christine Martin  stories are good
  • Phil Wolff analogy is apt but might be distracting, but could achieve same objective using Aisha's story - understanding her story through lens of PEST.  An ounce of prevention...
  •  A different story might be better -e.g. for younger people a more relevant story 
  • Also military-industrial context  e.g. w/known knowns - concerns

Darrell O'Donnell - main input interesting - stories are useful, but A-bomb might be distracting - what do we replace it with?

Oskar van Deventer - not A-bomb, better use cars and safety belts.  SSI is already safer than DigID (e.g. mitigations)

.

See comments in Discussion doc


Phil Wolff commented that not sure why we would write a white paper format as a ToIP deliverble, storytelling is not so much what ToIP has been done, especially w/formal analysis.  Part of scholarship is to remove personal opinions - have intellectual riguour & discipline, not sure what role this has in ToIP. Is there more value in scholarly approach vs blog posts that are snackable and might together build momentum.  

Christine Martin not sure about value of white paper vs blog posts

e.g. Phil Wolff if I am a product manager considering my process for product design & launch - then a white paper might not be the first tool I would go for.  Want a step-by-step toolkit for mitigating harms, and considering risks to human harms in our process, then does this have a completeness or 'doneness' then 'no'. 

Actions you can take on Monday - what are they?! - needs to be a concrete deliverable for the team monday to include in process of product development

How do we identify most impactful harms and then keep working through?

What is the systematic way that you are paying attention to harm?  How do you know you have those systems in place? How does c-suite know it's being taken care of?

How do you as a group / ecosystem look at these different types of harm?

Embedding in standard risk management / security awareness processes

Needs to start somewhere - acknowledging that harms exist is good but need tools for rigour. start by acknowledging harm

sankarshan need to before white paper - perhaps do a design workshop w/ a persona, does the ToIP meet requirements to prevent harms?  Does design-thinking include right questions to address harms.   Make other groups accountable for actions to emerge from activities?  e.g. influencing standards.  How can we exert influence and then provide oversight?  This group could then provide evaluation of output of other tasks.  Otherwise there will be an air gap between a whitepaper and action?  Also will help with collaboration.

sankarshan close doc and then break out and share with group. Initiate a process, culture and capability w/in ToIP and wider community to begin addressing systematically over time.  Transfer ownership back to the community and x-pollinate w/other groups.

Applies to everyone - what's the litmus test.

Nicky Hickman Use guardianship model - white paper followed by more practical technical requirements/ implementation guide. 

Darrell O'Donnell and Christine Martin do both .

sankarshan has been looking at document and review comments also reviewed HXWG expert series - suggests continuously raising.  

Outstanding: 

  • Grassroots case studies / persona to be summarised in the doc and then these voices used to illustrate points throughout the doc.
  • Conclusion (to be done once next revisions in)
  • Detail on Part 3 prevention, it is summarised in a table, but needs explanation.  I have proposed 4 core prevention strategies, and depending on how that holds up to your scrutiny we then need to test against each of those case studies.
  • As discussed, this is a white paper so the toolbox, including the full case studies should be a separate living set of deliverables.
  • There may be sections of the doc that are too much for the white paper, e.g. the CAS model – please feel free to reassign to a blog for example.

Key Questions:  John Phillips created a web form for this - looking forward to finding out the responses on Thursday during APAC Call.

Is this Fit for Purpose???  

Does it say what you want it to say?


Key discussion points are in this document:

2022-08-04 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Pyrou Chung Nicky Hickman

2022-08-01 SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Darrell O'Donnell Nicky Hickman Phil Wolff 

Agenda

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

10minsNew intro's & updates

Updates from HXWG - Meeting page

Reviewed & considered the consent question: Mark Lizar and Phil Wolff are working on this, may be extendend from blog post to paper of series of 'nuggets' that discuss questions such as 'how to orchestrate consents within a digital trust ecosystem?';  This is the intersect w/ISWG

Phil Wolff commented that smaller pieces to prompt discussion was more productive than long papers or set pieces

Nicky Hickman is focused on producing a draft Whitepaper for SSI Harms this week

sankarshan and Pyrou will be hosting a discussion at the forthcoming APAC IIW on SSI Harms

Pyrou commented that next week is International Indigenous People's Week, 10 events in the region including meetings with legislators & policy makers around law making, others are celebrations.  If indigenous people have self sovereign rights, how does that affect our work.  Feels like progress, a platform for open discussion with politicians is 

Environmental harms & battle for resources & challenges of climate crisis - disconnects


40minsReviewing sections of paperNicky

The logic of harms - good starting point - but livelihoods approach is not necessarily useful for this paper.

Nicky Hickman to introduce Pyrou Chung to Kelly Cooper to develop Case Study including a village community as a persona.

The split of papers - makes sense otherwise too long

5minsAOB & ActionsNicky

2022-07-21 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees:  sankarshan Pyrou Chung Nicky Hickman 

2022-07-18 SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Nicky Hickman Phil Wolff Judith Fleenor 

Agenda

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

5minUpdates & New Intro'sNicky

HXWG last week - review of harms model

Drummond Reed commented this paper much needed

Nicky Hickman to x-check w/drummond key questions/ issues & drivers for this paper

Judith Fleenor asked what we were working on

  • Phil Wolff Whitepaper + blog post - aim to look at what SSI does for systemic harms associated e.g. w/over vs under identification and aim is to provide tools for the community to prevent harm and consider in their work
  • Focus on product, management and engineers who want to prevent harm ie for the ToIP community
  • Not general public
  • Judith Fleenor reminded us that there is the generic

HXWG update on Weds 20th - Phil Wolff Phil to do Harms TF slide

HXWG update at all-hands; Question regarding terms that we understand and assume sankarshan to add link to document

Expert Series - review and comment

Task Force BGBU / SSI Harms

USA / EU / Africa  Every Alternate Monday

9:00 Pacific / 12:00 Eastern / 16:00 UTC

Next call is Monday 1st August, then a break until Monday 12th September


Asia & Australasia Every Alternate Thursday

18:00 AEDT / 13:00 Indochina / 11.30 IST / 6:00 UTC

Next call is Thursday 4th August, then a break until Thursday 16th September

45minReview paper & Work on termsNicky

Harms White Paper Draft  Phil Wolff 

  • use of 4/4 matrix not useful - just use headlines like ' Digital ID comes with known harms'  - remove 'known-knowns'
  • See points in Philip Sheldrake https://www.linkedin.com/pulse/digital-identity-human-matters-philip-sheldrake/
    • Pyrou commented that in region WB pushing digital identity ID4D, developmental drive in region to use digital identity as a development aid - will 'solve poverty issues' - loose argument - no strong alternatives to WB model.  SSI can be a strong alternative to centralized models, but no strong activists influencing policy.
    • sankarshan many digital identifiers are framed as 'public goods' but don't have a sustainable economic model, problem creating s/w marketplaces without durability.  Most digital ID schemes are state-funded, reinforces sustainability, also in India based on facial recognition & biometrics; problem of changing embedded systems, processes and AI which reinforce these structures of power.  Worrying - the entire premise has not been challenged, no strong and viable alternative.  No consultative process.
    • Pyrou - no ability to say 'no' (Participation Principle is not observed); - embedding digital ID as a social norm, there are still Indian communities - tribal group recognised as 1st People, see commons in forest vs property - government appropriates the forests to access sustainability funding - digital recording of the - transfer of capital = transfer of power.  
  • Qualitative differences between SSI & other ID tech?
  • No calibration or measurement of harm from implementation of SSI
  • Our definition of harm might be different from other definitions of harm e.g. variance from self-sovereignty
  • Are here unintended consequences of doing things as we normally do them for IAM e.g. WEIRD models of identity in west vs other parts of the world
  • risks of cultural imperialism through tech

Judith Fleenor commented that we needed to ensure that the white paper that enabled members to 'get stuff done', other ideas about the socio-cultural issues are a 'thing to think about'

Technology is not agnostic, it is political.  

Because of corruption - central authorities / governments are not 

Man is moral and SSI is a kind of moral technology - we are not neutral the status quo is insufficient - this is a better way. 

sankarshan Still need the basis even if this is socratic then build on the steps, still needs to be rights-based and addresses concerns

Dangers of 'othering the problem' - being more direct 

comms of the paper would be a series of blog posts a) harms embedded and scaling of harms; b) concept of legal identity vs digital identity c) other ways of using SSI to express human identity

Phil Wolff why should I care; b) characterising the harms; c) theory of how to frame harms d) turning concern to action, e) budget e.g. for harms assessment 

Judith Fleenor considered edge communities can create new harms to current power base (ie those that are currently benefiting) - zero sum game

There is now a terms wiki and we should use a # for SSI Harms  =  #harmtf  (see conventions)

Here is the document to start working with for ingestion Working Document HXWG Terms

5minActions & CloseNicky

2022-07-07 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: sankarshan Nicky Hickman Thomas Robin, Hannes Hahkio; Pyrou Chung.; Jo Spencer 

Agenda

TimeItemLeadNotes
2 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

13minUpdates & New Intro'sNicky

Hannes Hahkio - based in Finland work for small consulting company called Hi Gear, Public sector companies are a focus of ours especially Citizen ID & SSI.  Act as consultants for gov & public sector.  Promoting SSI.  Aiming to understand landscape and then join some TF's and WGs.

Thomas Robin, works with Sezoo, based in Australia, specialising in digital trust & SSI models.  Where are the weaknesses to ensure we don't repeat the mistakes.

Update from sankarshan “Open Loop is a global program that connects policymakers and technology companies to help develop effective and evidence-based policies around AI and other emerging technologies.”

https://openloop.org/wp-content/uploads/2021/01/AI_Impact_Assessment_A_Policy_Prototyping_Experiment.pdf

Consider the ID of things (algorithms) and new TF in ToIP related to AI.

HXWG Meeting updates

sankarshan  Sovrin Ecosystem governance Framework https://sovrin.org/, now 2 governance framework with Layer 1 utility GF and L4 ecosystem GF.  The problem of ecosystems, lack of balance between big and small players.  Fairness, transparency and accountability plus collective ownership - require balance of these forces.  Prevents innovation and creates collusion, commercially unbalanced solutions and inappropriate evolution.  Sovrin is a lived reality.  

We would like to request you to go through the SEGF available from https://sovrin.org/library/sovrin-governance-framework/ (see section "Proposed Revisions/new documents") Additionally, there is a document which contains a list of suggested additional reading - we think that this compilation would be helpful in understanding the context

Also see this white paper from EFWG Trinh Nguyen

20 minIndigenous voicesPyrou

Feedback from grassroots research ref identity, personal data and harms

Major regional meeting last week with 10 countries across Asia with reps from 15 indigenous groups, main progress was to look at a framework for 

What is identity to you as an indigenous person

Ability to identify themselves with land & territory which was consistent across all groups, doesn't begin to define how they interact 

Identity linked to environmental ecosystem, e.g. different languages inside forest and outside forest, how they defined their connection to territory that were linked to landscapes that were precious to them many under threat, deep spiritual connection, so when you remove natural resources they loose their community and their ability to communicate.

Difficulty in interacting with society at large mainly because of lack of recognition - main barrier is driven by western centric way identity is laid out.   they are defined by those that colonised them, not applicable in Asia as colonised by other non-western nations, so distinct hard lines that don't necessarily reflect indigenous people and identity.  Their identity doesn't reflect their connection with nation, negotiating access to services e.g. if transboundary territories, e.g. China / India - how do they negotiate across these boundaries.  Even if they are able to self-assert, how is that recognized across those national boundaries.  EG in vietnam it is illegal to identify as indigenous.   Discrimination is then based on the assertion of indigenous - especially if mixed race children of ethnic mother, no option for dual nationality so children are appropriated to national identity and lose their culture and ancestral knowledge.  How do you prevent these harms if you can identify.

EG caste system in India, 6 ethnic groups from India, if indigenous not part of caste system are below / beyond untouchable.  They are not even recognized as a person.

HOW TO!?  Self-determination, no discrimination, being recognized, traverse admin national boundaries and engage w/society at large. 

Cambodian communities most fragmented, colonised by Khemir and gov has systematically tried to expunge indigenous identity & culture, Exceptionally fractured and deteriorated by lose generational knowledge, and loose language and culture.

Jo Spencer - ecosystem must be well defined scope & common objectives - having defined and being able to self-determine, link between national & cultural definition ask IS THIS USEFUL.  With SSI this is possible, but whether it is worth doing is the question.

Pyrou - in Cambodia high % of people have smart phones but not indigenous people, don't even have power & connectivity despite progress on SDGs and resilience in face of covid - tech itself is alien to them.  How do you address this & scale?

Hannes - Differences with meaning and words even if same language - same in Europe, different slang different language.  How do you convey meaning.  All these elements need to be represented to convey meaning, that way everyone can ensure they convey meaning .  Tied deeply to HX, how do you represent yourself and understand eachother, how do you resolve disputes?

Pyrou - we struggled with different languages - much gets lost in translation.  I am hopefully we can decolonise the tech ?  Many elders don't necessarily want tech in their community, so another barrier especially thinking about life and spirit, computers don't have that.


20minMental Model discussionNicky

Review the starting point mental model to support definition of terms and understand relationships between concepts such as agency, power, resilience and vulnerability.  

White Paper outline and progress

5mins AOB & ActionsNicky

2022-06-23 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Nicky Hickman Pyrou Chung Jo Spencer 

2022-06-20 SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Nicky Hickman Drummond Reed Christine Martin 

Agenda

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

5minUpdates & New Intro'sNicky

There is now a terms wiki and we should use a # for SSI Harms  =  #harmtf  (see conventions)

Dr Karen Elliot (Newcastle University) has offered to 'academify' the paper and contribute with some of her RA's once we have shell / draft outline with abstract / exec summ

Drummond Reed  highlighted a paper on decentralized identity systems - anti SSI - as supporting gov & tech systems - should be carefully scrutinized and shut down.  The paper is not unusual and made me think of this TF - will be a big advantage if ToIP is ahead of these kinds of key questions. Important paper will be supported from Avast. 

Christine Martin agree - we have problem with conspiracy theories - being politicized e.g. in Ontario.

45minReview structured outline draftNicky

This is the gDoc of the DRAFT paper in ToIP format using the Rumsfeld structure.

This is the link to the Miro-Board Harms Frame

This is the link to the harms folder that contains all our working docs

  • review logic & flow
  • assign sections

Schedule

  • June - 1st draft for expert review & contributions
  • end July - Clean copy for further wider contributions / comment in ToIP
  • August - break (feedback from on-the ground communities in Thailand & ???)
  • September - finalise, approvals & publish.

Discussion points

Spirituality & connection with land is essential to identity e.g. 'once the forest is gone we use our language, because in some cultures your language changes inside vs outside the forest.' - importance of being able to express culturally specific concepts. 

How do you digitize ?

Pyrou to provide notes on process of reviewing IDS GF e.g. Common good - not zero-sum game - different way of considering values due to cultural perspectives.


5minAOBNicky

2022-06-09 BGBU APAC TF Meeting

6.00 UTC = 23:00 PT = 8:00 CET = 11:30 IST = 16:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: sankarshan Nicky Hickman 

2022-06-06 SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Christine Martin Darrell O'Donnell Nicky Hickman Phil Wolff Kaliya Young 

Agenda

TimeItemLeadNotes
5 min

Welcome & antitrust notice

Agenda review

Nicky

Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in  this activity beyond an observer role.

5minUpdates & New Intro'sNicky

There is now a terms wiki and we should use a # for SSI Harms  =  #harmtf  (see conventions)

Note film is being scheduled related to digital ID & vulnerable communities - relates to harms of centralized systems could be good alignment & shows importance of harms paper

45minReview APAC discussion & Agree next steps

for discussion see this Miro Board

NEW (Google Slides): https://docs.google.com/presentation/d/1Y404nJpSOkJFK5pc2aYUmJtrXtCkwcx-eIMC9ZMC0DU/edit?usp=sharing

Phil has transferred to a G-DOC https://docs.google.com/document/d/151cqN0HY-ECmGwcS_SSBCeCHtszuwGyQebLRJq8sODA/edit?usp=sharing which contains the same material but in a doc format

Johari window = personal psychology version of Rumsfeld  https://www.communicationtheory.org/the-johari-window-model/

Kaliya Young Problem w/AI is it makes the blind spot big and run by computers - 

Darrell O'Donnell Identification & ID Systems

Nicky Hickman - differentiate between identification & identity - problem of exacerbation

Kaliya Young DISCO - fun SSI party approach - build your own avatar in the metaverse - new market niches in SSI - we need more diversity like this in SSI than just Gov use cases 

Participatory design approach - use of on the ground communities to prioritise our work and give us case studies / persona's, will help us with prioritization and be more practical for implementers.

Many implementations are social networks backed by identity implementations - could have same problems as other social networks - always malicious actors - so how do we strengthen n/w's already to reduce risks of vulnerability associated with bad actors

5minsAOBNicky

Schedule - 

Nicky writing week in next 2  draft for assiging sections & building on by mid june

Draft for internal review by end July

Aim to publish in September

Agreed

2022-05-26 BGBU APAC TF Meeting

7.00 UTC = 23:00 PT = 9:00 CET = 11:30 IST = 17:00 Melbourne = 14:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Nicky Hickman Eric Welton Jo Spencer sankarshan John Phillips

2022-05-23 SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Nicky Hickman Phil Wolff 

Agenda

TimeItemLeadNotes
5 min
  • Welcome & antitrust notice

  • Agenda review
Nicky
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

10minsIntro's & UpdatesNicky

Eric Welton- discussions with Myanmar Responsible Business Coalition - tricky situation with hostile relationships in government - establishing a biometric identity - difficult choice as someone is going to do it.  Can we do it in a more responsible, less harmful way.  May be useful to have a session on this in this group.  Difficult ethical questions for the team.  Interesting presentation on how digital ID can be abused.

sankarshan- biometric topic seems to be settling down from aid organisations - have to use biometrics, main focus is now on mitigating harms.  Myanmar, Afghanistan and other examples.  Uganda for example, optimistic programme, under-enrollment.  (the harms of untrustworthy systems) - now starting w/genetic profiling!

"The genie is out of the bottle"

Jo Spencer Activity on NSW gov initiative - driving license initiative hacked, DNA & biometrics further reinforce the argument. 

  • We need to be better, we need to be very aware that the information we're sharing is not as secure as we'd hoped.  Law of Minimal Disclosure for Constrained Use.  Need to be cryptographically secured.  Driving new projects.  Victor Dominello  (NSW gov)  Inclusion focus on services for citizens, also allied with indigenous people programme.  Now an important process.  All exclusion factors considered (digital, literacy, social, political, disability, financial)

sankarshanMinimisation is not suitable for some interactions, e.g. Medical Records - much more important for secure and trustworthy data payload /  exchange.  Also Financial Transactions not very well suited to VC's.

Jo Spencer use of verifiable presentations which present derived data.

sankarshan taxonomy & semantics - quality & classification of data also needed

VC's are not the solution for many forms of data.  

Biggest harm is derived data sets from small data sets.

Eric Welton  - Use cases - all non-cash transactions will be exposed to government, e.g. national security / tax collection is given as purpose coming in ??.  Remember problems of correlation highlighted by Daniel Hardman

Also use case of VCs to convey health information - presentation that key emergency information for medical purposes (e.g. in accident) - could use biometrics to unlock the data for emergency responders.  VC is a PDF - convenience / emergency service.  Similar to ICE contact, could have ICE Credential. Could be linked to IATA - Good Health Pass

sankarshan Must be freeform data.  Accept that this is a new attack surface.  

John Phillips Humanitech conference - could be some good material & input to this discussion.  Great discussion and material. I'm now seeing an obvious connection between this work, and the work of the Humanitech organisation here in Australia (founded by the Australian Red Cross) who have been thinking about how they might "ensure frontier technologies benefit people and society". I was at, and spoke briefly, at their 2022 conference (https://humanitechsummit.org/2022/) - they've been considering the potential harms of the mis-application of frontier technology for some time.


5minsActionsNicky
  • Nicky to try again to get the Me2B Alliance Harms Dictionary in xls format for analysis
  • Nicky to see if there is a different cadence or timing for APAC meetings
15minsAGENCY Nicky

Review of notes and insights from the AGENCY talk at HXWG last week.  Here is the wiki page 

On fake news (and news) there's a good 20 mins conversation from Davos hosted by Polkadot -

Rumsfeld Structure to scope  "Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones.[1]" (Source: Wiki)

Also for discussion see this Miro Board

  • differentiate between data exchange and identity as legal identification
  • See comments in Miro Board
  • Agree importance of Unknown Unknowns and use of resilience / vulnerability context relationships
20minsStoryboard Next StepsPhil

NEW (Google Slides): https://docs.google.com/presentation/d/1Y404nJpSOkJFK5pc2aYUmJtrXtCkwcx-eIMC9ZMC0DU/edit?usp=sharing

Phil has transferred to a G-DOC https://docs.google.com/document/d/151cqN0HY-ECmGwcS_SSBCeCHtszuwGyQebLRJq8sODA/edit?usp=sharing which contains the same material but in a doc format


5minsAOB Nicky

2022-05-12  BGBU APAC TF Meeting

6.00 UTC = 22:00 PT = 7:00 CET = 10:30 IST = 17:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Nicky Hickman sankarshan Pyrou Chung, 

2022-05-09 SSI HARMS BGBU TF USA/EU TF Meeting

18.00 UTC = 11:00 PT = 14.00 ET = 20:00 CET = 23:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

Meeting Recording to come.

Attendees: Phil WolffNicky HickmanChristine MartinJacques Bikoundou

Agenda

TimeItemLeadNotes
5 min
  • Welcome & antitrust notice

  • Agenda review
Nicky
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

10minsIntro's & UpdatesNicky


10minsKey insights from last APAC or USA meetingNicky or Sankarshan

Quick review of last couple of calls:

  • 1) Over-identification vs under-identification - Goldilocks Zone - Overton Window (political science construct - when something was taboo becomes defacto) - Law 2 Minimal Disclosure for Constrained Use
  • 2) Basics - speak to the link w/ legal identification & / or foundational ID
    • Naming - use of unique identifiers
    • Gender - example in Thailand range of # of genders that are recognized (fluidity vs box ticking) - consider outward signs that assert gender identity and create communities / recognize each other.
    • Home location -or if nomadic, see Domicile law - e.g. Aadhar = residency not citizenship - difficulty in changing attributes
    • Age - lots of people don't know how old they are, chinese count age differently, there are different dating systems in different parts of the world
  • Many of us don't have an 'is' relationship to identity, much more diffuse than this e.g. 'where are you from', preponderance of evidence rather than binary.  Establish the 'is' relationship w/government so we want to agree mutually what my 'is' is!

If you use SSI to make identifiers fluid even in application at legal identification layer, then to what extent can states deny it?

some formalized identity, collectivised and then asserted towards goverment - can states refuse to acknowledge. - about power, assertion of rights as a collective (trades union advantage), should be possible w/SSI but deeply linked within state systems (e.g. census,).  One particular challenge is that even if we make headway w/SSI, tech and solutions for SSI, the challenge is still are we able to negate the harms.

Bargaining power still difficult, still depend on utilities, still need blockchain.  _ different problem associated with connectivity / infrastructure

Example in Cambodia, facilitating meetings w/indigenous leaders, whole concept of interjecting technology into the mix the biggest challenge is getting them to understand the concepts and relationships w/their rights.

Disconnect between people who work in Human rights / indigenous rights - have idea of understanding international frameworks and conventions (drafted in 70's), these structural concepts of what hr/indigenous rights are - bright people are able to speak to these conventions this is the translation layer, so when you start shifting these narratives into local contexts - framing of conventions is to protect rights but they don't have them in the first place - so can't assert them.  

'What do you want?' - they don't know.  Layers of understanding / comprehension that need to be broken down.  Difficult to design the tech first - need governance, engagement, HX.  

Requirement to from the outset start with a co-creative/ participatory approach so that we are asking communities on the ground about the harms they perceive and their impacts.

e.g. Women in Identity - Aisha's story 

Pyrou will have some sessions w/indigenous leaders in Thailand, informal

Work through storyboard and updates in there

20minsStoryboardPhil

Continue on storyboard roundup from Slide 31. Sections: "Indirect Risk", "Approaches to responding to the risk of human harm", "Whose job is it?", "Thank you. What’s next?".

NEW (Google Slides): https://docs.google.com/presentation/d/1Y404nJpSOkJFK5pc2aYUmJtrXtCkwcx-eIMC9ZMC0DU/edit?usp=sharing

OLD (pptx format):  https://docs.google.com/presentation/d/1KoWjJx8LMwqNHKhAs-gK1uLdDL6zniIR/edit?usp=sharing&ouid=102748924597224658467&rtpof=true&sd=true


5minsActions
  • Nicky to change meeting time to 11am Pacific and name to SSI Harms _BGBU
  • Nicky to try again to get the Me2B Alliance Harms Dictionary in xls format for analysis
  • Nicky to see if there is a different cadence or timing for APAC meetings

2022-04-28  BGBU APAC TF Meeting

6.00 UTC = 22:00 PT = 7:00 CET = 10:30 IST = 17:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees: Nicky Hickman sankarshan Eric Welton

2022-04-25 BGBU TF USA/EU TF Meeting

15.00 UTC = 8:00 PT = 11.00 ET = 17:00 CET = 20:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

MEETING RECORDING

Attendees: Nicky Hickman Christine MartinDarrell O'Donnell Phil Wolff

Agenda

TimeItemLeadNotes
5 min
  • Welcome & antitrust notice

  • Agenda review
Nicky
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

10minsIntro's & UpdatesNicky

N/A HXWG - Expert sessions forthcoming in May (link to HXWG webinars)

Good podcast ref exclusion in Aadhar - Christine Martinto get Reference - 

Potential Women in Identity ref their exclusion research as expert for Q&A

10minsKey insights from last APAC meetingNicky or Sankarshan

2 clear harms to get started with

  • 1) Over-identification vs under-identification - Goldilocks Zone - Overton Window (political science construct - when something was taboo becomes defacto) - Law 2 Minimal Disclosure for Constrained Use
  • 2) Basics - speak to the link w/ legal identification & / or foundational ID
    • Naming - use of unique identifiers
    • Gender - example in Thailand range of # of genders that are recognized (fluidity vs box ticking) - consider outward signs that assert gender identity and create communities / recognize each other.
    • Home location -or if nomadic, see Domicile law - e.g. Aadhar = residency not citizenship - difficulty in changing attributes
    • Age - lots of people don't know how old they are, chinese count age differently, there are different dating systems in different parts of the world
  • Many of us don't have an 'is' relationship to identity, much more diffuse than this e.g. 'where are you from', preponderance of evidence rather than binary.  Establish the 'is' relationship w/government so we want to agree mutually what my 'is' is!

Requirement to from the outset start with a co-creative/ participatory approach so that we are asking communities on the ground about the harms they perceive and their impacts.

e.g. Women in Identity - Aisha's story 

45minsStoryboardPhil

https://docs.google.com/presentation/d/1KoWjJx8LMwqNHKhAs-gK1uLdDL6zniIR/edit?usp=sharing&ouid=102748924597224658467&rtpof=true&sd=true

  • Reviewed to Slide 31`- notes in slides

Discussion

  • Balance between individual rights or objectives vs collective rights e.g. covid vaccine example 
  • 2 stories: - 1 related to electric vehicle standards / data in India, 1 related to surveillance at Grand Mosque (company using AI realising the world of Minority Report) - being proactive (predictive analytics)
  • Covid has highlighted this argument - is there a special case in the pandemic vs 'normal' times.
  • See https://www.technologyreview.com/supertopic/ai-colonialism-supertopic is a good series recommended by sankarshan
  • Consider 'medical vector' as a means of asserting power 
  • AI more deployed into affluent areas, if you don't fit in then you are suspect
  • Facial recognition - Chinese dataset doesn't really work outside Asia.  (see Biometric State: The Global Politics of Identification and Surveillance in South Africa, 1850 to the Present” <-- highly recommended by sankarshan)
  • “When Biometrics Fail: Gender, Race, and the Technology of Identity” recommended by sankarshan
  • Aadhar reports that highlight the unintended consequences and outcomes that have arised.  Using Aadhar-like systems are more harmful than helpful because starting from a bad base.  
  • No playbook that identifies the problems associated with legal identification systems. In a normal world systems are hardened through testing, but national systems are often on a wing and a prayer.  focus too much on MVP and think about things e.g. guardianship, different name formats, different genders other than M & F.

Problem w/SSI - in an effort to pursue

5minsActions
  • Nicky to change meeting time to 11am Pacific and name to SSI Harms _BGBU

2022-03-17  SSI Harms APAC TF Meeting

6.00 UTC = 22:00 PT = 7:00 CET = 10:30 IST = 17:00 Melbourne = 13:00 Thailand Zoom Meeting Link  https://zoom.us/j/95121109567?pwd=UFBrWU5PcC9RZS9UaFg1UG81WGZZdz09  Meeting ID: 951 2110 9567 Passcode: 082179

MEETING RECORDING  

Notes from the APAC Meeting are recorded in the Table below in green text

Attendees:  Nicky Hickman sankarshan Jo Spencer John Phillips

2022-04-11 BGBU TF USA/EU TF Meeting

15.00 UTC = 8:00 PT = 11.00 ET = 17:00 CET = 20:30 IST      Zoom Meeting Link https://zoom.us/j/97159895478?pwd=emFjbU8xdWs0dE5iaE0zeDVZREFYQT09 

MEETING RECORDING

Attendees: Nicky HickmanDarrell O'DonnellPhil WolffJacques BikoundouChristine Martin

Agenda

TimeItemLeadNotes
5 min
  • Welcome & antitrust notice

  • Agenda review
Darrell
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

5 minsIntro's new members & UpdatesAll

Updates

  • Discussion re moving meeting to 11am PT = 14.00 ET = 18.00 UTC = 19.00 BST = 20.00 CEST - put in slack question to group to move.
  • Links & References:  Please use this Responsible Tech Resources page to capture links to media or online resources that can help us with our work. Responsible Tech Resources  All are updated now
  • SSI Harms now changed on wikis, slack & calendar invites etc to BGBU
  • Our First Deliverable Storyboard, is open for business here.  Aim is to have key questions/ discussion points ready for IIW by end of month - no group members attending so use another mechanism to challenge our thinking later on in our process.
  • Sankarshan working on voting and democracy work, Nicky attended APPG on blockchain & voting, and some interesting perspectives from Robert Herian on the dangers of blockchain & voting voting https://www.researchgate.net/publication/339353856_Blockchain_GDPR_and_fantasies_of_data_sovereignty
  • Danger of using global south as a set of experiments - urgency and pragmatic approaches vs north america, problem not a strong representation from Latam.  Similar to clinical trials - now happening with financial services and digital products, identity, identifiers etc  These are specific harms.  EG health privatisation e.g. HealthID.  We can't look at SSI on its own, must be in connection with the businesses and services it enables.  Decentralization also leads to other things if left unchecked.  All 'sold' as discovery - but in effect it's service providers discovering you.  
  • Consider 3 pillars of inclusion = connection, identity, value exchange
  • Must at least ensure that folks are not worse off as a result of these developments.  Problem of data silo's even within decentralized systems.  Always going to have one player that gets more and more data and has undue influence within the market.  Data breeds data.
  • Virtual IIW - let's make a proposal to Phil, Doc & Kaliya
  • Indigenous group, example - document the concerns, position paper (problem definition), capture the needs at the margins.  Good example of common problems but highlighted because they are at the edge/periphery. Document real-world problems and impacts.
  • problems of colonial past, current harms of centralized state systems.
  • Structural biases that are embedded in our own frames of reference, e.g. UN.  eg identity & violence book.  Also aboriginal man who Stan Grant.  https://www.booktopia.com.au/on-identity-stan-grant/book/9780733644238.html
    Even naming is deeply politicised, internet meme 40 different ways that coders get names wrong.
  • HARM!  not being able to use your own name - = identifier, can have many names - in West is a unique and fixed identifier.
  • Anglo-Indian names have ' in them - Aadhar can't accommodate names with apostrophe - but PAN does, so Aaadhar overwrites the name in PAN then creates authentication problems.  'why should I have to change my name if the states' ID system is poorly coded'
  • How can vulnerable people be cared for online?  
  • CO-CREATION - Group needs representation from those we seek to support / help / protecting.  We understood representation from 'real people'
  • Need to be engaged now - up front to own the process.  We are promoting a model of digital interaction which we think is a good thing, but we need to understand the existing digital access/ interaction and then understand from them as to how VC's - pre-mortem / pre-parade, if this were successful what would happen, if things went wrong what could cause that?
  • Groups definition
    • understand challenges in working digitally with specific groups in the community
    • use exclusion factors?
    • power imbalances & poverty of human dignity at heart of all harms
    • Start with recognition
    • Goldilocks not too much identification, not too little, just enough for the purpose (Kim's 2nd Law) - Harm with issuance, and then when you have to use it.
  • Evolving framework / discussion as with guardianship
5 minsUpdate on Actions from Previous MeetingsAll
  • ACTION - Darrell to clone storyline format (from Drummond)
  • ACTION - ALL to review background links (on Purpose page under Links & Files)
  • ACTION - Persona Development (lapsed)
  • ACTION - reach out to others to join or be an 'expert witness' - open for follow up after we have more clarity on scope and basic storyboard. 
  • John Phillips to ask https://sigchi.org/ if they have any kind of framework for assessing interaction harms
  • Nicky Hickman to get kinship structures / forms from anthropology notes https://docs.google.com/document/d/1WQCD9floOebL2716PHZBZ8a-JvMdwb-rdx02hkQdfns/edit 
  • Eric Weltonto discuss domicile law and issues related to documentation and also on biometrics work next time.  Bound carefully with exam question.  Close during that session.
30 mins

Discussion Scope: 

Root Cause Analysis & Frameworks

Nicky

Scope & clarification from USA Call

  • Suggested from USA call - that we de-scope to only focus on the new harms that could arise from use of SSI - do we agree?
    • e.g. Over-identification
    • How do we de-scope without removing before / after.  IE what's the cut-off function?
    • Specifically addressing the deployers of technology in ensuring that their deployments do not unwittingly increase threat surface/vectors to users (holders) causing harms.  The deliverable should describe the harms, how they arise, how they can be mitigated and recourse for victims, e.g. responses could include pooling risk or sharing harms, detect, intervene & recover. - Incidence response approach.  EG in detection how can you tell if things are going wrong, so you might monitor or surveille to ensure that harms not involving malicious actors for example are alerted and acted upon.
    • Support from USA group to use persona for storytelling, but interview real people on the ground to carry out research and understand harms.
  • Recommendation from USA group that we do not exclusively focus on marginalized or vulnerable people, as we are all vulnerable at different times of our lives (e.g. as children, as frail elderly), however using extreme users or edge cases as persona can support robust design

Root Cause Analysis?

  • Is part of the problem that many think SSI is specifically designed to address harms of Web 1.0 & 2.0?
  • Is part of the problem that SSI is designed with a specific Western Educated Industrialised R Democratic perspective on the nature of human identity, the format of families, marriage, kinship and naming conventions?  An ego-centric (individual)  rather than socio-centric (dividual) view of identity.?  
  • Must go deep to challenge the underpinnings of SSI - the problem of digital imperialism
    • One core under-pinning value is personal agency - this is based on principles of 'free will', this in turn is tied up with our ideas of free speech, free trade and is baked into our belief systems.  This is why it is so challenging.

Possible Frameworks:

  • Creates or uses existing framework for analysing the dangers, risks, potential harms and threats (DRiPHT) to people with a particular focus on excluded, marginalized or vulnerable people. 
  1. RIGHTS-BASED sankarshan's Digital Identifiers & Rights
  2. HARMS -BASED Me2B Alliance Digital Harms Dictionary.  Uses DJ Solove's Privacy Taxonomy or Koops et al Typology to classify digital harms
    1. Action: Nicky to ask Lisa if we can have Digital Harms Dictionary in usable form to evaluate.
  3.  ROLES - BASED: What are the unintended consequences of SSI or digital ID benefits on our chosen persona:  Children, Refugee, Indigenous People:   e.g. McKinsey.