Phil Wolff FTC public hearing on online harms (link) - 5 hours long so anyone who listens and can summarise - please share.

sankarshan will take a look

Great discussion and feedback on ROUGH draft of paper overall - CONCERNS and arising discussion points

• Audience (highlight to policy makers & social scientists) & Purpose
• Oskar van Deventer from perspective of standards, then need to see standards requirements. = Security standards, legal, interop, technical standards, syntax & semantics for a particular type of VC. especially VC's for verifiers, e.g. service providers asking for verification = License to Verify, being explored in Europe and maybe this should be a clear starting point to prevent ordinary citizens to verify.
• Tech work address w/ a tech group at ToIP? 
• Scope and whether or not there are specific harms from SSIScope and whether or not there are specific harms from SSI
• Using the word 'harms'

@philwolff  commented that remove SSI & Harms in same sentence.  As scope expands - expect harms to arise - thinking about 'the  precautionary principle' earlier is better.

• Using stories especially A-Bomb Story - 
• Christine Martin  stories are good
• Phil Wolff analogy is apt but might be distracting, but could achieve same objective using Aisha's story - understanding her story through lens of PEST.  An ounce of prevention...
•  A different story might be better -e.g. for younger people a more relevant story 
• Also military-industrial context  e.g. w/known knowns - concerns

Darrell O'Donnell - main input interesting - stories are useful, but A-bomb might be distracting - what do we replace it with?

Oskar van Deventer - not A-bomb, better use cars and safety belts.  SSI is already safer than DigID (e.g. mitigations)

.

See comments in Discussion doc

Phil Wolff commented that not sure why we would write a white paper format as a ToIP deliverble, storytelling is not Phil Wolff commented that not sure why we would write a white paper format as a ToIP deliverble, storytelling is not so much what ToIP has been done, especially w/formal analysis.  Part of scholarship is to remove personal opinions - have intellectual riguour & discipline, not sure what role this has in ToIP. Is there more value in scholarly approach vs blog posts that are snackable and might together build momentum.  

Christine Martin not sure about value of white paper vs blog posts

e.g. Phil Wolff if I am a product manager considering my process for product design & launch - then a white paper might not be the first tool I would go for.  Want a step-by-step toolkit for mitigating harms, and considering risks to human harms in our process, then does this have a completeness or 'doneness' then 'no'. 

Actions you can take on Monday - what are they?! - needs to be a concrete deliverable for the team monday to include in process of product development

How do we identify most impactful harms and then keep working through?

What is the systematic way that you are paying attention to harm?  How do you know you have those systems in place? How does c-suite know it's being taken care of?

How do you as a group / ecosystem look at these different types of harm?

Embedding in standard risk management / security awareness processes

Needs to start somewhere - acknowledging that harms exist is good but need tools for rigour. start by acknowledging harm

sankarshan need to before white paper - perhaps do a design workshop w/ a persona, does the ToIP meet requirements to prevent harms?  Does design-thinking include right questions to address harms.   Make other groups accountable for actions to emerge from activities?  e.g. influencing standards.  How can we exert influence and then provide oversight?  This group could then provide evaluation of output of other tasks.  Otherwise there will be an air gap between a whitepaper and action?  Also will help with collaboration.

sankarshan close doc and then break out and share with group. Initiate a process, culture and capability w/in ToIP and wider community to begin addressing systematically over time.  Transfer ownership back to the community and x-pollinate w/other groups.

Applies to everyone - what's the litmus test.

Nicky Hickman Use guardianship model - white paper followed by more practical technical requirements/ implementation guide. 

Darrell O'Donnell and Christine Martin do both .

sankarshan has been looking at document and review comments also reviewed HXWG expert series - suggests continuously raising.  

Outstanding: 

• Grassroots case studies / persona to be summarised in the doc and then these voices used to illustrate points throughout the doc.
• Conclusion (to be done once next revisions in)
• Detail on Part 3 prevention, it is summarised in a table, but needs explanation.  I have proposed 4 core prevention strategies, and depending on how that holds up to your scrutiny we then need to test against each of those case studies.
• As discussed, this is a white paper so the toolbox, including the full case studies should be a separate living set of deliverables.
• There may be sections of the doc that are too much for the white paper, e.g. the CAS model – please feel free to reassign to a blog for example.

Key Questions:  John Phillips created a web form for this - looking forward to finding out the responses on Thursday during APAC Call.

Is this Fit for Purpose???  

Does it say what you want it to say?

Key discussion points are in this document: