[MINUTES] W3C Credentials CG Call - 2017-08-15 12pm ET

Thanks to Dave Longley for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

http://w3c.github.io/vctf/meetings/2017-08-15/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-08-15

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017Aug/0039.html
Topics:
  1. Introductions
  2. Fake News and Bots
  3. Mission Statement
  4. Administrative Items
Organizer:
  Kim Hamilton Duffy and Christopher Allen
Scribe:
  Dave Longley
Present:
  Dave Longley, Evan Sandhaus, Ryan Grant, Claire Rumore, Mike 
  Lodder, Moses Ma, Manu Sporny, David Chadwick, Lionel Wolberger, 
  Kim Hamilton Duffy, Adam Migus, Matt Stone, Nathan George, Joe 
  Andrieu, Adam Sobieski, Adam Lake, Drummond Reed, Dan Burnett, 
  Chris Webber
Audio:
  https://w3c-ccg.github.io/meetings/2017-08-15/audio.ogg

Dave Longley is scribing.

Topic: Introductions

Evan Sandhaus:  I am the executive director of knowledge and meta 
  data management at NY times. Over see information we put out. 
  Involved as a data guy at the time, involved in several different 
  threads all over the planet having to do with verifying 
  claims/dealing with fake news. Interested in this community.
Ryan Grant: +1
Claire Rumore:  I'm Claire R and work along side Moses Ma in the 
  Bay area. Staff social scientist and guardian of relationships at 
  FutureLabs Consulting.

Topic: Fake News and Bots

Mike Lodder: I'm Mike Lodder, I work at Evernym as Senior Crypto 
  Engineer
Moses Ma:  We're going to spend 30 minutes talking about bots and 
  VCs. Will be talking about a set of rules, you don't have to use 
  the queue, but please use the chat channel and have some content 
  in it. I'm going to ask everyone to say something during the 
  event, bringing out the participation. We will also do 
  perspective switching, when the energy of the discussion dies 
  down we'll switch to a different perspective, open systems to 
  user requirements, etc.
  ... Want to keep energy going, I urge all of you to speak up 
  and be verbose in the comment stream.
Moses Ma:  Only other thing I do request, I do request that you 
  capture what the scribe is saying so there's context.
Moses Ma:  We start with what we call the bingo round. Everyone 
  say what you want to say.
Dave Longley:  Capture what the scribe types, speakers should 
  wait for the scribe to begin capturing so that there is written 
  context. [scribe assist by Ryan Grant]
Moses Ma:  Just share your feeling for five minutes. Anyone have 
  something to say about this subject?
Manu Sporny:  What I'd like to see out of the discussion today is 
  a concrete next step. At a high level I'd like to see if we can 
  use VC to address fake bots/news problems around the world.
Manu Sporny:  We haven't had a lot of journalists in the group, 
  but we have talked about VCs being helpful to journalists and the 
  industry but we're not sure exactly how to proceed.
Manu Sporny:  I'd love to hear from the journalists that are here 
  on the call today and what they're thinking on verifiable 
  statements and how they could potentially use those to combat the 
  problem.
David Chadwick:  I did respond to the post on this issue, I 
  didn't get replies yet. I don't know if people agree/disagree are 
  just silent. It's relatively easy solution to solve provided that 
  we have a trusted issuer that can make statements like "This 
  person is a UK citizen" or "This is David Chadwick."
David Chadwick:  That would solve the problem with bots, but the 
  problem I see is that that will be quite difficult with the 
  current state of government technology.
David Chadwick:  Maybe banks could be the trusted issuers we're 
  looking for because banks are now required to know their 
  customers. But not everyone has a bank account, so there's a 
  problem there.
David Chadwick:  So getting a trusted issuer that everyone would 
  have is a difficult problem.
Lionel Wolberger:  Just worked! [scribe assist by Lionel 
  Wolberger]
Ryan Grant: I'd like to work on my audio, first
Kim Hamilton Duffy:  For this round, dont' worry about the queue, 
  just pipe up.
Moses Ma:  Are there any journalists that would like to talk 
  about what you're working on?
Evan Sandhaus:  I just wanted to say that, first of all, 
  technologist not a journalist. The times right now is involved in 
  learning about various efforts in the credibility space. We 
  haven't to my knowledge made any super firm decisions on which 
  way to go.
Evan Sandhaus:  Personally, the idea of making specific claims 
  about the credibility of the individual statements is something 
  we do in interactive pieces, here's what such and such say and so 
  on. I'm thinking that a piece like that may be a place to start 
  exploring the kind of work that's being proposed.
Evan Sandhaus:  I'm thinking of a couple of folks that would be 
  interested in these efforts and will direct their attention after 
  this discussion.
Manu Sporny: Yes! Bring in retired editors!
Moses Ma:  I have a friend, Paul Ingracia and has won a pulitzer 
  and I don't know if you know him... would like to bring in 
  retired editors.
Evan Sandhaus:  I don't know how that would hurt! Any folks you 
  can bring in that think this is a good idea would help.
Moses Ma:  Terrific.
Adam Migus: Question: is this about credentialing journalists or 
  are we including editors, sources, etc.?
Moses Ma:  We can switch the context because we're already 
  running down on time. How would this work ... just open the 
  floor, maybe Manu and Drummond could speak up. Anyone is 
  included. Talk first about credentialing journalists or VCs in an 
  article. Then we'll switch to people vs. bots.
Adam Migus: In the case of sources, I think the security and 
  privacy considerations are quite different.
Manu Sporny:  This is a response to Adam Migus in IRC. First of 
  all Evan, thanks for giving us that perspective and helping to 
  connect folks to the work here. There are a number of loose ideas 
  floating around on how a VC could be used in journalism.
Manu Sporny:  One of the things is not credentialing journalists 
  but giving them a stronger set of VCs that says they work for NY 
  times and have published articles X, Y, Z. That's not necessarily 
  where the focus would be. We have education folks that want to 
  credential people with certain training. But what I've heard 
  about VC and fake news is ...
Manu Sporny:  Can you even identify whether a story has been 
  vetted by a professional. Basic fact checking. Having a VC that 
  points to a specific article on the Web that says NY times, 
  CNN/Whatever has factually inaccurate. When people click on 
  clickbait and end up on a site the browser can say the site has 
  been identified by X as factually inaccurate.
Manu Sporny:  It's the same kind of warning for malware/bad SSL 
  cert sites.
Manu Sporny:  That's the ability to create a VC to say "This is a 
  bad website or bad story" and being able to follow your noise 
  back to the proof. You don't have to trust any particular 
  institution. Right now you depend on Google Chrome, for example, 
  to tell you if a site is a phishing site. Combating fake news may 
  require a more decentralized solution.
Ryan Grant: "We ALSO stamp: all the news that DIDN'T fit our 
  print"
Manu Sporny:  Many different websites having their own lists of 
  what is fake news and isn't.
Manu Sporny:  The person that's browsing the Web can choose what 
  the sources of news are. That has broad concerns. People can get 
  biased news -- huge discussion. The simple fake that an 
  organization a journalism organization can issue a VC stating 
  whether something is factually accurate or inaccurate is another 
  possible signature that's useful for people browsing the Web.
Manu Sporny:  That's one way to combat fake news.
David Chadwick:  Couple of problems with that. If you take 
  someone like Briebart, sometimes the news will be true or 
  sometimes fake, publishing a VC saying the site is bad may lend 
  the issuer of the claim in court for libel.
David Chadwick:  Two people see an incident and report it in 
  different ways as well. Could both be true based on perspective.
David Chadwick:  Publishing a credential on one site and saying 
  another site is fake news is problematic.
Manu Sporny:  I agree.
Matt Stone: That's why fake news issues are so insidious - 
  blending fake stories w/ real stories gives the fake ones 
  "creditability"  -- granularity to vouch for validity is 
  essential
Nathan George:  This adds to what David just mentioned, it's 
  really easy to incentivize someone to forget but not for 
  information that they know. It's really hard to cryptographically 
  know that a negative reputation exists because they won't flow to 
  the end user. That creates lots of different problems from a 
  journalists perspective. We can easily let journalists create 
  lots of positive assertations though. To let people trace 
  information back to know whether it's credible. It will be much 
  easier to distinguish good journalism from casual blogging, etc 
  with that approach.
Manu Sporny: +1 To what Nathan just said - agree that negative 
  reputation has its problem.
Lionel Wolberger:  One clarifying case for me was that when the 
  holocaust denier was brought to trial, they used a fake book that 
  was cited. In the spirit of agile and lean develop we can grab 
  onto some aspect to move things forward. My opinion on the 
  problem side -- having an overlay on the page for verified 
  facts...
Nathan George: To add to my earlier point, forcing disclosure of 
  negative reputation events introduces a censorship choke point, 
  where focusing on positive attestations helps differentiate 
  in-depth research and real journalism from more casual statements 
  without that level of attestation
Lionel Wolberger:  With different authorities signing things, 
  would allow for even so called "fake news" -- we have different 
  dimensions, people rarely have a shared anchor to have a 
  discussion. In interest of society have all voices raised and 
  only label malicious. It's difficult to label a website because 
  it's not canonical, can't hash it. Moving forward on something, 
  on the positive side, I'm excited Evan is here because I didn't 
  realize NY times had people in this space.
Lionel Wolberger:  Maybe get a trusted authority to sign 
  statements -- and go with the snopes model that people 
  understand. A page with "Here's the issue, X conspiracy" and 
  these are the claims about it, and who signed them.
Joe Andrieu: I expect that VCs from Journalists about "facts" are 
  less likely than Journalists providing a link to their own fact 
  checking. That's why we trust journalists: because they are both 
  trained and committed to an ethical process of factual 
  investigation.
Lionel Wolberger:  Then people clicking on clickbait and see at a 
  glance what they consider fake news or not. This would allow a 
  decentralized way that anyone could verify claims and gravitate 
  towards what they trust.
Joe Andrieu: Which is to say "facts" feels arbitrarily black and 
  white and the most interesting cases are more nuanced
Lionel Wolberger:  I wanted to sneak in wikipedia footnotes, 
  those are pretty good. Maybe some kind of model where we could 
  cite a fact and go to that style of footnote and it would be 
  signed and you could access the certificate.
Moses Ma:  Our company works in deep learning and machine 
  learning. We need new tech to address this, advanced reputation 
  systems to use adaboost -- maybe better solutions in this area.
Joe Andrieu: +1 For wikipedia footnotes as inspiration
Kim Hamilton Duffy: I'm interested in the combined insights from 
  Nathan and Lionel. Ideally there's a way to tag facts and 
  reference them without expecting users to learn a formal grammar
Evan Sandhaus:  To build on some of the observations -- I 
  appreciate the folks who grew the NY times as credible. I grew up 
  in Kansas and not everyone there feels the same way :). We have 
  to be sensitive to it, what is and isn't a credible source. With 
  someone with two degrees in CS, I love absolute boolean claims. 
  This is true this is false. The way most journalism plays out, 
  from a formal reasoning perspective there are few things where 
  you can say something is false. The claim that can be made more 
  reliably made ...
Evan Sandhaus:  Is that this piece contains misleading claims and 
  this is what they are.
Manu Sporny: That one statement was worth this entire 
  discussion!!! ^^^
Evan Sandhaus:  I might encourage this group applying the tech to 
  that. Whether than saying this article is X and X is false. 
  Better to say this article says X and that's a misleading claim.
Matt Stone: +1 For that
Manu Sporny: That's a great takeaway...
Moses Ma:  Thanks, Evan!
Evan Sandhaus:  Thanks all!
Nathan George: +1 To kimhd's sentiment, the user shouldn't think 
  of this as a new grammar, it is important to get the use case 
  right.  In fact, how sources themselves sign the data they 
  provide may be the most helpful enhancement.
Kim Hamilton Duffy: I also like the browser usability that Manu 
  and Evan described
Ryan Grant:  I wanted to add that the wikipedia idea sounded 
  awesome. I'd like VC in my news streams. Financial stories where 
  only the financial numbers were verifiable -- perhaps by a news 
  source that specializes in financial reports or companies signing 
  those sorts of things themselves.
Ryan Grant:  All kinds of news could be built on that.
Moses Ma:  Excellent input. Would like to switch the perspective 
  but to look into identifying someone who is not a human.
Moses Ma:  Any ideas on how to use decentralized ID on how 
  someone is a person and not just a way to boost Google numbers.
Adam Migus:  Observations and points: It seems to me that when we 
  talk about the edges of this community, the people that are 
  journalists, editors, sources... that to me is a place where we 
  need to talk about identity and authoritative identity, maybe a 
  bank might vouch for someone etc.
Joe Andrieu: Wanted to riff on Ryan's note: embedding VCs in a 
  story to ground certain facts, eg., financial #s. that could 
  scale quite well. not to say "microformats" but getting authors 
  to include VCs as part of their story is powerful idea
Adam Migus:  At the end of the day that's needed and the place 
  it's needed. Then we get to the content, fake real, factually 
  real, etc. Then it becomes more consensus driven and less about 
  identity. You want to identify people are real when writing, 
  editing...
Adam Migus:  Then when it's on the Web you might not want to tie 
  that back to a real individual, sources in particular...
Adam Migus:  I wanted to echo what Evan said, this boils down to 
  fact checking. There is a whole community that's trying to bite 
  off -- the librarian community -- concern about youth for vetting 
  stories, if we're going to make it about content then make it 
  about the facts in the content rather than curating stories for 
  sites.
Lionel Wolberger:  I wonder if it would be helpful to provide a 
  simple certificate and policy "I am a human" and people could 
  voluntarily append and it would help us to identify bots. 
  Everything is slightly automated but that might help.
Joe Andrieu: +1 To collective attestations, including those that 
  have real-world costs or barriers for automated agents
Nathan George:  I wanted to add a note, talking about 
  attestations, having a network of people making them that's one 
  of the best resources. I can present attestations that I have a 
  bank account without saying with whom, it starts to become hard 
  for bots to make those claims. Bringing in richness of the world 
  so it's hard for bots ... so people who aren't trying to 
  influence algorithms.
Matt Stone:  The question of curation and the role of bots is 
  quite different in this space. I love aggregators and curators of 
  news. But the role of a bot impersonating a person and doing 
  likes/+1s, etc. provides a megaphone effect for news articles 
  that might not have an audience otherwise, false volume.
Matt Stone:  That seems like an area we might really dig into. 
  Who is or what is doing those sorts of activities.
Moses Ma:  Great idea, something we should work on.
Moses Ma:  Anyone else?
Nathan George: Ideally you have a network of attestations that 
  shows you have the richness of a real person in the real world.  
  Allowing folks to make selective disclosure credentials (or 
  entity profiles) across their domains allows them to bring in the 
  richness of being a real human without having to strongly vet any 
  one particular public identity.  We want to be careful about how 
  we model these items so that we don't switch the current systems 
  vulerabilities for a new
Nathan George: Set that has the similar issues.
Joe Andrieu:  This notion that Nathan introduced, claims that 
  have a real world cost, it's a great idea, there's also a nugget 
  that what we're really talking about is economic cost of 
  defrauding the system. If we can create systems that are 
  economically feasible for humans but not for bots it opens up 
  options to consider.
Ryan Grant: Only human-level bots need apply
Moses Ma:  Looking at the underlying economics, yes. Like spam, 
  if spam is free we'll have it.
Lionel Wolberger: +1 To Joe's idea of having a 'cost' for bots
Kim Hamilton Duffy: +1 To dlongley. Maybe this is my bias, but it 
  seems like there are many technical approaches to identify this 
  behavior. It would have to be fine tuned and would need to allow 
  disputes/resolution. But this actually sounds easier than many 
  positive approaches
Joe Andrieu:  Yes, and cryptography, can increase cost to game 
  system to help prevent it.
Nathan George: +1 To helping journalists get engaged in how they 
  might leverage verifiable claims
Manu Sporny:  Obvious next step is to get journalists engaged to 
  understand what they want to do. If you look at fact checkers, 
  there is wikipedia model which has been proven to be good, 
  there's a way to pursue that but I'm wondering if hearing from 
  journalists first would be a good thing.
Manu Sporny:  Picking something that is funded rather than 
  volunteers. So asking paid people who go out to get the news -- 
  asking what tools we can provide to them and delivering good news 
  would be the next step.
Manu Sporny:  Who at the NY times/Getty do we need to talk to?
Manu Sporny:  To make that happen.
Kim Hamilton Duffy: Also +1 to get journalists engaged, to ensure 
  we build a _relevant_ solution
Manu Sporny:  Let's engage journalists to get them more 
  integrated into the group. Anything else we do, I think is a wild 
  guess that is most likely not going to pan out.
Ryan Grant:  Adding low-hanging fruit for journalists -- it seems 
  like if we could get them just signing subsections of the 
  articles they publish so that quotes from those articles could be 
  verified, it would be systemic and not change their work flow. 
  Then people could say the NY times gave me this verified quote.
Moses Ma:  How much money do you think we need to raise to get 
  this initiative under way?
Moses Ma:  If we got one Republican donor and one Democratic 
  donor it would look like a bipartisan effort that is inclusive
Manu Sporny:  I don't think we know what we're doing yet -- so we 
  need to first get journalists involved on some low hanging thing. 
  Maybe they identify something that only takes $1 million to 
  achieve or something that takes $15 million. We need a good set 
  of discussions with Reuters, AP, NY times, etc. we have 
  connections there. We need to hear from them what they want to 
  see then we can know money amounts.
Kim Hamilton Duffy:  I did have one other action item that I can 
  assign to myself. Lots of good insight here, not having thought 
  through the problem space here, lots of good perspectives. From 
  the minutes I'd like to draw specifically what I see as key 
  insights and approaches.
Kim Hamilton Duffy:  Thank you Moses too.
Moses Ma:  Claire is graphically recording so we'll have a 
  picture of what we've been saying.
Moses Ma:  An old friend of highschool is now CEO of Washington 
  Post so will reach out to get them involved as well.
Joe Andrieu: To manu's point: if we have a specific proposal, we 
  might consider applying for a Knight Foundation grant 
  https://www.knightfoundation.org/challenges/knight-news-challenge
Kim Hamilton Duffy:  Would like to wrap up the mission statement 
  if we can.
Kim Hamilton Duffy: https://goo.gl/sNs2vl
Manu Sporny: +1 To JoeAndrieu 

Topic: Mission Statement

Manu Sporny: https://goo.gl/sNs2vl
Joe Andrieu: Hmmm... may not be an active news challenge
Kim Hamilton Duffy:  Three outstanding items.
Kim Hamilton Duffy:  Let me pick off the easy ones. Christopher 
  put a comment about "proof of existence" may not be appropriate, 
  it's a tactic supporting a solution.
Kim Hamilton Duffy:  I'd be fine striking that.
Dave Longley: +1
Manu Sporny: +1 To strike
Moses Ma: A thought occurred to me about Agile and VC - minimally 
  viable veracity. haha
Kim Hamilton Duffy:  Next issue, credential longevity. I'm fine 
  dropping as long as we make it clear that our approaches are 
  allowing recipient centric credentials. Which brings us to the 
  last one ...
Kim Hamilton Duffy:  "Presentation of proofs by the bearer" ... 
  David Chadwick's concerns were about stolen claims where 
  "bearership" is all that is needed as proof.
Manu Sporny:  A bearer credential is like a carnival ticket, if 
  you are the bearer you can swap credentials around. Anyone who 
  gets a hold of it can use it and it's valid. There are some cases 
  where you want a bearer credential like voting. There are good 
  uses for bearer credentials and we say we're seeking solutions 
  inclusive of.
Nathan George: This is part of what selective disclosure helps 
  support, it allows you to leverage non-bearer information to 
  establish the authority or validity of items that are effectively 
  bearer credentials
Dave Longley:  I think DavidC's point is mostly to point of 
  "proof is that you're bearing the credential" - he said he was 
  satisfied w/ the language that we're using. We're talking about 
  presenting proofs other than bearership. [scribe assist by Manu 
  Sporny]
Moses Ma: +1 For selective disclosure and zero knowledge proofs
David Chadwick:  You're right, when it's saying "proofs" it's not 
  just bearer credentials so there's something other than 
  ownership/possession. Even with online voting you have a one time 
  password you have to put in as well, and that's a "proof". One 
  time password -- stealing the credential not good enough.
David Chadwick:  Just that you possess it is something we want to 
  get away from. It would be a backward step to say that the mere 
  possession is sufficient.
Ryan Grant: Well yes, we do normally require the issuer to 
  re-sign their claim.  but the person who the claim is about bears 
  it.  did we choose an overloaded word for our 
  individually-curated set of claims?
David Chadwick:  A bearer credential is like ... total random 
  stranger presents something, nothing else needed to get in.
Moses Ma: Just wanted to say bye! It was fun brainstorming with 
  y'all!
Joe Andrieu: +1 Think the language is non-contentious
Dave Longley:  I think the language that we're using isn't 
  contentious [scribe assist by Manu Sporny]
Ryan Grant: WHOOO!
Kim Hamilton Duffy:  We are done with the mission statement! 
  [scribe assist by Manu Sporny]
Dave Longley: +1 To WHOOO!

Topic: Administrative Items

Kim Hamilton Duffy:  I will update the scribe list after this to 
  get more disciplined again.
Kim Hamilton Duffy:  Thank you Lionel for forcing me to realize 
  that.
Lionel Wolberger: *Blush*
Kim Hamilton Duffy:  I also want to get better about tracking our 
  work items. I'm soliciting contributors ...
Kim Hamilton Duffy:  Life cycle of VC is in excellent shape. For 
  DIDs need higher level participation.
Kim Hamilton Duffy:  Anyone interested in Data Minimization and 
  Selective Disclosure we could use a lot of help there.
Nathan George: We also had a cryptographer on the call today to 
  talk about CL and try to get something scheduled for the Digital 
  Verification CG
Lionel Wolberger: I'm interested in minimization and selective 
  disclosure
Kim Hamilton Duffy:  Thanks again on the bots and the fake news, 
  Moses, see you all next week.
Nathan George: Kim, we had Mike Lodder on the call to get 
  something going for CL signature schemes, selective disclosure 
  and data minimization

Received on Tuesday, 15 August 2017 18:30:50 UTC