Phil Wolff - individual contributor at DIF and ToIP and sometimes Sovrin IoT, IEEE identity work also.- led several sessions on threat vectors and harms associated with digital ID.

Oskar van Deventerleader at TNO and eSSIF lab (>50 sub-grantees).  Leader on interop, also European Blockchain Service Infrastructure representing NL.  Have developed prototype.  At TNO ~20 people working on SSI, 4 working on standardization at DIF. Techruption project with banks, land registry, notaries, similar scope looking at harms.  Coordinating

• Links & References:  Please use this Responsible Tech Resources page to capture links to media or online resources that can help us with our work. Responsible Tech Resources  All are updated now
• SSI Harms now changed on wikis, slack & calendar invites etc to BGBU
• Our First Deliverable Storyboard, is open for business here.  Aim is to have key questions/ discussion points ready for IIW by end of month

•  ACTION - Darrell to clone storyline format (from Drummond)
•  ACTION - ALL to review background links (on Purpose page under Links & Files)
•  ACTION - Persona Development
•  ACTION - reach out to others to join or be an 'expert

• witness'
•  John Phillips to ask https://sigchi.org/ if they have any kind of framework for assessing interaction harms
  
•  Nicky Hickman to get kinship structures / forms from anthropology notes
•  Eric Weltonto discuss domicile law and issues related to documentation and also on biometrics work next time.  Bound carefully with exam question.  Close during that session.

Overview of insights from Oskar's work and blogs - where are the key gaps/issues? - perspectives on key deliverables / scope and direction for the group?

• https://blockchain.tno.nl/blog/self-sovereign-identity-the-good-the-bad-and-the-ugly/
• https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/
• https://blog.xot.nl/2022/01/31/civil-liberties-aspects-of-the-european-digital-identity-framework/index.html

Rushing with eIDAS - on SSI - 

Danger is we all become 'vulnerable' people - we are not empowered, controlling your digital ID can sometimes undermine my rights.   EG hotels that make me break the law by asking to copy my passport.

Harms relate to many harms that can arise e.g. https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/

Protections - e.g. chip in passport - but fingerprint data can only be accessed by authorised verifiers.  - these protections are missing from SSI.

Wants to see implementations: e.g. authorised verifier

5-6 items that all need implementation, standardisation and interop testing 

Does this change our deliverables?  Supplier authentication, call centre use case especially outbound calling  e.g. Bloqzone

Gorilla use-case, I know who you are exclusion or discrimination if you don't accept data sharing - problem

Knotty Problem:  Privacy vs Access to food / services

Rieks - one step back ie WHY do you need this data - data minimization tool, often not needed for business decision, also issuing information to be consumed by other gorillas (bring in Amos' work) KNOTTY Biz Problem conflicting regulatory requirements.  Risk with SSI that we are going in a different direction because SSI gives higher assurances, now not only do you have to fill in the forms, now you can't lie about it and get it from an authorized source.  Old LoA argument - economic resources and politics.

Advise not focusing on excluded communities then risk that we ignore the issue that we all become vulnerable:

• Inclusive design using extreme users = better design for all of us
• Use scenarios  'what if' - Kafka

Different uses of persona, nature of harm and context - user research - better to talk to actual people rather than using persona, ethnography, interview people, e.g. those who have lived with harm.   EG a black person obliged to add a photo indicating race, would harm professional career.

Storytelling use of persona to make harms relatable -

EG not defining gender, use of they, them pronouns in the group and research

Remember SSI is transactions between two parties - relevance between the transactions that the two parties want to engage with.

Assertion of our social norms considering what is harm?  Harms only steming from those things which SSI is supposed to relate to.  Could we simplify by focusing on Highlights any new DRiPHT introduced by use of decentralized architectures and SSI, and how they could be mitigated

Over-identification problem - making it easy to add LoA3/4 creates new exceptional harms.

END____

Scope & clarification from USA Call

• Suggested from USA call - that we de-scope to only focus on the new harms that could arise from use of SSI - do we agree?
  • e.g. Over-identification
• Support from USA group to use persona for storytelling, but interview real people on the ground to carry out research and understand harms.
• Recommendation from USA group that we do not exclusively focus on marginalized or vulnerable people, as we are all vulnerable at different times of our lives (e.g. as children, as frail elderly), however using extreme users or edge cases as persona can support robust design

Root Cause Analysis?

• Is part of the problem that many think SSI is specifically designed to address harms of Web 1.0 & 2.0?
• Is part of the problem that SSI is designed with a specific Western Educated Industrialised R Democratic perspective on the nature of human identity, the format of families, marriage, kinship and naming conventions?  An ego-centric (individual)  rather than socio-centric (dividual) view of identity.?  
• Must go deep to challenge the underpinnings of SSI - the problem of digital imperialism
  • One core under-pinning value is personal agency - this is based on principles of 'free will', this in turn is tied up with our ideas of free speech, free trade and is baked into our belief systems.  This is why it is so challenging.

Possible Frameworks:

• Creates or uses existing framework for analysing the dangers, risks, potential harms and threats (DRiPHT) to people with a particular focus on excluded, marginalized or vulnerable people. 

1. RIGHTS-BASED sankarshan's Digital Identifiers & Rights
2. HARMS -BASED Me2B Alliance Digital Harms Dictionary.  Uses DJ Solove's Privacy Taxonomy or Koops et al Typology to classify digital harms
3.  ROLES - BASED: What are the unintended consequences of SSI or digital ID benefits on our chosen persona:  Children, Refugee, Indigenous People:   e.g. McKinsey. Digital Identification, a key to inclusive growth or Kaliya Young The Domains of Identity

4. SECTOR-BASED - prioritizing the primary sectors of uptake that ToIP members want us to look at and which impact against sustainable livelihood outcomes

Healthcare

Public Sector National Identity & Legal Identification

Financial Services & Fintech

5. OUTCOMES-BASED Sustainable Livelihoods framework .  Based on the principle that your digital data is a livelihood asset, a new form of capital?  Or a digital representation of other types of capital?  Harms arise when the outcomes or consequences negatively impact positive livelihood outcomes 

• More income
• Increased wellbeing
• Reduced vulnerability
• Improved Food Security
• More sustainable use of NR Base

More likely a combination of a couple of these?

Outline Storyboard is here: https://docs.google.com/presentation/d/1KoWjJx8LMwqNHKhAs-gK1uLdDL6zniIR/edit?usp=sharing&ouid=102748924597224658467&rtpof=true&sd=true