Update from IIW.  Here are the notes that Neil Thomson took in the session that he and Darrell O'Donnell ran at recent IIW 35

Darrell brought up a series of topcis, new to topic, about 20 people including some heavy hitters, many will be looing at the notes and as an 'unoffical steal'!  No big gaps, turning minds to blocking or mitigating.  How do we make it easy for people to make the right choices.?  What kind of message do we want to send to technical thinking.  Receptive overall to incorporating thinking but not much certainty as to what that looks like at that point.  Need to make it clear to policy makers, but you cannot hope that the tech will solve, the tech alone cannot overcome the harms. 

Phil Wolff concerned that there is a gap between very technical principled idea of how this should work and everything that happens downstream. Separated by time, jurisidiction, etc, very difficult to imagine that this has any kind of negative externality.  Not obvious, and if they do see it why is it my concern vs others' concern

Neil Thomson commented that there is definitely a tension to make it usable but at what point do you want to protect the tech that is useful without constraining the tech itself.

Phil Wolff suggested a list of harms and countermeasures that is very specific as an appendix.  Christine Martin suggested a good idea.

Neil Thomson suggested a companion document with existing mitigations and other suggestions.  Very precise definition of harms.

Phil Wolff commented that first had to get community buy in to the fact of negative externalities, then we are inviting others to participate in harms work, quantifying risk and growing knowledge.  Processes fro quantifying risk and being accountable need to include human harms.  Not walk through the architecture, but an agreement that this is a necessary process.  Concensus that there is a problem is the call to action from this paper.

Neil Thomson consensus from Canada is also starting on things like filtering for those under 18 years.

follow up at next IIW requested.  

Terms Wiki is done -  https://github.com/trustoverip/hxwg/wiki, forced to be much more specific about the terms that we use, and should have been done before the public version.  IE the glossary in the pdf version is not correct.

Paper is in PDF version

md version is under development. Definitely talk to Andor/Anti. Can help get in github properly

md version now complete in folder ready for github, Elisa Trevino is going to help Nicky with github.

Blog for development is here:  Phil also has written Negative Externalities and will add to blog - this is an excellent approach No.1 = Houston we have a problem!

Phil Wolff has already added some things, and Pyrou Chung has offered to contribute.

Jill suggested a set of guiding principles to support designers and implementers because environment is changing so quickly, we can easily test these principles.  Can we find principles also with diverse examples of their application.  EG Bills of Rights, Hippocratic Oath applies almost everywhere and accepted.

Common values = challenge - e.g. strict Muslim vs freedom from persecution for sexuality.

Comes back to ethics - gets embedded in politics and legal views.  EG Jill lived in many countries, how do you form that common bond = Family.

Depends on environment, context.  Recognition that application of principles in the context in which it sits.  EG China, see chinese first then British or Australian second, speaks to a fundamental view of how they view their identity.  So e.g. in Australia, must give up your Chinese PP to become an Australian national.  Chinese Gov imposes rules not Australian. Analogous with tudor period Catholic vs Protestant/Anglican. Can't have 1st master as Pope, consider purgatory, links are similar today - e.g. soul=land for indigenous people, very different approach to the land in Western mindset.

APO suggested by Jill  https://apo.org.au/ once paper is ready could be useful to add to this resource.  If in different state, what needs to happen?  Would open up to many others.  Read by gov and industry.  Could be a way to promote to a broader audience. 

Get researchers together to bring our next steps for research - going deeper on wicked problems.  Theoretical and practical contribution is needed.  Where does it fit into theoretical vs practical thinking. Identify the nutty issues, then find PhD students to explore in depth. Also on the ground studies.  Maybe working to build a student/researcher community to bring others together.

Jill's extensive and thorough commentary is here. can serve as a basis for next steps on research side.

Nicky Hickman to outline checklist document

Nicky wanted to publicly acknowledge Phil Wolff 's enormous contribution to this paper, would not have happened without him.

Target Monday for publication date to accommodate Thanksgiving. 

Nicky to coordinate with Judith to arrange open event - for inclusion in blog post for call to action.  Join us - specific topic to review harms and strategies together and figure out next steps as an organisation/ community.

Darrell O'Donnell will be at IIW, 

Neil Thomson co-chair of Data Modeling &___ WG authentic data vs authentic identity, follow on from ISWG many others on same track, triangle similar to issuer, holder, verifier, but different. One issuer, thousands of data providers.  How are these sources and issuers different? what denotes authenticity, consent etc - how do these fit together  e.g. DIF Data Agreements Group, same with Consent, discussions about the process/agreement, but not about the data.

Many reviewers and excellent comments on the paper  leading to improvements on the paper.  Many discussions needed going forward, further work.

Continuing the discussion: Overcoming Harms_Further Discussion Document, initially including detailed and thought provoking commentary from Jill Bamforth.  

Progress against ToDo's

•  take out the moon analogy, Thank you Phil Wolff 
•  move frameworks to appendix & trim
•  simplify and clarify text
•  improve exec summary so that it is a 2min useful read - Darrell O'Donnell looking into. following incorporation of additional community comments
•  remember to add in Pyrou's Dusun people case study
•  draw out the flip side of benefits
•  add business case (Phil Wolff )  Important point about the commercial so-what, Nicky Hickman noted that harms are costs, a similar question to  Michael Becker who asked for thoughts on an article Personal Data Damages: A Reflection on Major vs Micro Concussions

 "A colleague asked me a question today "do you have a personal data harms stat that you can share that will help me shake up an executive? A stat that is so blatantly damaging that it will compel them to invest in the development of personal information management solutions and lean into being a personal information economy leader." 

Harms are costs: they cost businesses billions in customer services, abuse management systems, security, fraud management, reputational damage and opportunity cost. At the same time they cost every public purse billions mopping up the after-effects e.g. healthcare, benefits, national cybersecurity, ... As soon as that senior exec realises that the microharms not only impact his bonus, but also his taxes your friend will have his attention!  Energy concerns also adding in Environment section.  Energy & Resource costs of Tech, how do you reduce those harms. 

Is there a business case for addressing harms, or is it a moral endevour?

Darrell O'Donnell - need concrete examples.  Impact on employees of firms.

Neil Thomson - many things that may be done are additional benefits of using SSI, security benefit.  Future-proofing also a benefit, freebies by adopting SSI.

•  change PEST to PESTEL adding in environmental and legal categories (Jill Bamforth, sankarshan )

• Politics - Manipulation: Digital Identity and Democracy  REQUIRES DISCUSSION
  • include uncomfortable comments and statements
• Economics - Datafication: Digital Identity as a Means of Production
• Society - Fragmentation: Digital Identity and Globalisation
• Technical - Innovation: Digital Identity and Efficiency
• Environmental - Dissociation: Digital Identity and Anthropocentrism REQUIRES DISCUSSION
  • Pyrou - environmental and economic costs, draw out role of indigenous people in stewardship of carbon sinks etc, legalising displacement, double effect, harming them as people and also create more environmental harms.  EG Carbon sequestration, environmental degredation, offsetting this harm with rights = global good
• Legal - Identification: Digital Identity as a Function of the Nation-State

•  Glossary and definitions (in progress, see below)
•  References tidy and x-check
•  Github vs Gdocs and required publication routes - Darrell O'Donnell said that this for Public Review - IPR reasons needs to be in github. Christine Martin will share process with group so that public review can be in github
  •  Concerns about audience with Github excluding people, can be 
  •  sankarshan concerns, enough has been done to seek external reviews, little new reviews, so need to draw a line and move forward in subsequent TF or wider community
  •  Pyrou also agreed.  Folks want it to be practical & specific, but does it need to be in this document.  
  •  sankarshan github is main review tool, following publication can use github for issues or provide feedback on PDF, those issues can then form a new version of the Doc.  Not like code, opinion rather than code, not immediately in the main branch.  Conversation not code.
•  Separate documents: note in conclusion next steps.
•  Pyrou - need alternative publication route than github because won't reach those it needs to.  
•  sankarshan conversations will happen elsewhere, very specific use of Github in this initial review cycle.
•  writing a blog post Pyrou will draft by end next week
•  Readiness for IIW session - volunteer from Neil Thomson to host session if no others more closely involved with the work volunteer. Darrell O'Donnell and Neil Thomson to work together on hosting a session with key discussion points.

Trev Harmon Technical director at ID2020 and have been involved w/SSI community for some years previously at Evernym.

the paper  

Phil Wolff huge input to the paper and many hours commenting and improving

Nicky Hickman commented that some technical folks were still struggling with utility, hopefully implementation guide and technical requirements.

Phil Wolff commented that the reverse of harm is increased benefit, have not sufficiently emphasised this connection with entrepreneurial ambitions.  Nearside / farside helps with this but not enough start-up / entrepreneurial culture.   We have natural bias for hope and good things.  Example of new market opportunities by building for the need.  Talk to their professional values, this is a framing challenge

The 0.2 version is here 

Discussed presenting for internal ToIP review on 19th October. 

Nicky to finish by Monday.

Turing Institute Trustworthy Identities Conference - Decentralization & Harms a constant strand, 

Considering feedback and comments on the current drat of the white paper - suggested new arc/perspective as an alternative to 'ssi harms'

• We spend all our time considering benefits of SSI we need now to look from another vantage point, the dark side of the moon if you will.  

Image Added

From discussion in HXWG

• Neil Thomson 'online identity harms' 
• Phil Wolff 'Can decentralization help with human harms?' 
• Andrew Slack ‘Building towards a positive/safe/.. digital identity ecosystem’
  ‘On human/social harm challenges in digital identity ecosystems’
  ‘Overcoming human/social harm challenges in digital identity ecosystems’ Christine Martin Darrell O'Donnell  like this one
• Separate doc = ACTIONABLE GUIDANCE FOR SSI IMPLEMENTORS & Policy Wonks!

From story Arc

Mapping the Far Side of the Moon: A new framework for understanding and mitigating the human harms of digital identity systems; ‘Overcoming the challenges of human harms from in digital identity ecosystems’

The Apollo 16 Paper: Considering human harms in digital trust ecosystem design / digital identity systems

Vision based:  

Do no harm: creating digital identity systems that serve the public good

On track for finishing 2nd draft end next week

Darrell O'Donnell and Christine Martin to do Foreward

Phil Wolff FTC public hearing on online harms (link) - 5 hours long so anyone who listens and can summarise - please share.

sankarshan will take a look

Great discussion and feedback on ROUGH draft of paper overall - CONCERNS and arising discussion points

• Audience (highlight to policy makers & social scientists) & Purpose
• Oskar van Deventer from perspective of standards, then need to see standards requirements. = Security standards, legal, interop, technical standards, syntax & semantics for a particular type of VC. especially VC's for verifiers, e.g. service providers asking for verification = License to Verify, being explored in Europe and maybe this should be a clear starting point to prevent ordinary citizens to verify.
• Tech work address w/ a tech group at ToIP? 
• Scope and whether or not there are specific harms from SSI
• Using the word 'harms'

@philwolff  commented that remove SSI & Harms in same sentence.  As scope expands - expect harms to arise - thinking about 'the  precautionary principle' earlier is better.

• Using stories especially A-Bomb Story - 
• Christine Martin  stories are good
• Phil Wolff analogy is apt but might be distracting, but could achieve same objective using Aisha's story - understanding her story through lens of PEST.  An ounce of prevention...
•  A different story might be better -e.g. for younger people a more relevant story 
• Also military-industrial context  e.g. w/known knowns - concerns

Darrell O'Donnell - main input interesting - stories are useful, but A-bomb might be distracting - what do we replace it with?

Oskar van Deventer - not A-bomb, better use cars and safety belts.  SSI is already safer than DigID (e.g. mitigations)

.

See comments in Discussion doc

Phil Wolff commented that not sure why we would write a white paper format as a ToIP deliverble, storytelling is not so much what ToIP has been done, especially w/formal analysis.  Part of scholarship is to remove personal opinions - have intellectual riguour & discipline, not sure what role this has in ToIP. Is there more value in scholarly approach vs blog posts that are snackable and might together build momentum.  

Christine Martin not sure about value of white paper vs blog posts

e.g. Phil Wolff if I am a product manager considering my process for product design & launch - then a white paper might not be the first tool I would go for.  Want a step-by-step toolkit for mitigating harms, and considering risks to human harms in our process, then does this have a completeness or 'doneness' then 'no'. 

Actions you can take on Monday - what are they?! - needs to be a concrete deliverable for the team monday to include in process of product development

How do we identify most impactful harms and then keep working through?

What is the systematic way that you are paying attention to harm?  How do you know you have those systems in place? How does c-suite know it's being taken care of?

How do you as a group / ecosystem look at these different types of harm?

Embedding in standard risk management / security awareness processes

Needs to start somewhere - acknowledging that harms exist is good but need tools for rigour. start by acknowledging harm

sankarshan need to before white paper - perhaps do a design workshop w/ a persona, does the ToIP meet requirements to prevent harms?  Does design-thinking include right questions to address harms.   Make other groups accountable for actions to emerge from activities?  e.g. influencing standards.  How can we exert influence and then provide oversight?  This group could then provide evaluation of output of other tasks.  Otherwise there will be an air gap between a whitepaper and action?  Also will help with collaboration.

sankarshan close doc and then break out and share with group. Initiate a process, culture and capability w/in ToIP and wider community to begin addressing systematically over time.  Transfer ownership back to the community and x-pollinate w/other groups.

Applies to everyone - what's the litmus test.

Nicky Hickman Use guardianship model - white paper followed by more practical technical requirements/ implementation guide. 

Darrell O'Donnell and Christine Martin do both .

sankarshan has been looking at document and review comments also reviewed HXWG expert series - suggests continuously raising.  

Outstanding: 

• Grassroots case studies / persona to be summarised in the doc and then these voices used to illustrate points throughout the doc.
• Conclusion (to be done once next revisions in)
• Detail on Part 3 prevention, it is summarised in a table, but needs explanation.  I have proposed 4 core prevention strategies, and depending on how that holds up to your scrutiny we then need to test against each of those case studies.
• As discussed, this is a white paper so the toolbox, including the full case studies should be a separate living set of deliverables.
• There may be sections of the doc that are too much for the white paper, e.g. the CAS model – please feel free to reassign to a blog for example.

Key Questions:  John Phillips created a web form for this - looking forward to finding out the responses on Thursday during APAC Call.

Is this Fit for Purpose???  

Does it say what you want it to say?

Key discussion points are in this document:

Updates from HXWG - Meeting page

Reviewed & considered the consent question: Mark Lizar and Phil Wolff are working on this, may be extendend from blog post to paper of series of 'nuggets' that discuss questions such as 'how to orchestrate consents within a digital trust ecosystem?';  This is the intersect w/ISWG

Phil Wolff commented that smaller pieces to prompt discussion was more productive than long papers or set pieces

Nicky Hickman is focused on producing a draft Whitepaper for SSI Harms this week

sankarshan and Pyrou will be hosting a discussion at the forthcoming APAC IIW on SSI Harms

Pyrou commented that next week is International Indigenous People's Week, 10 events in the region including meetings with legislators & policy makers around law making, others are celebrations.  If indigenous people have self sovereign rights, how does that affect our work.  Feels like progress, a platform for open discussion with politicians is 

Environmental harms & battle for resources & challenges of climate crisis - disconnects

The logic of harms - good starting point - but livelihoods approach is not necessarily useful for this paper.

Nicky Hickman to introduce Pyrou Chung to Kelly Cooper to develop Case Study including a village community as a persona.

The split of papers - makes sense otherwise too long

Image Added