Re: [AGENDA] W3C Credentials CG Call Tue, March 31st, 12 noon EDT, 9 AM PDT

In addition to the implementations that I shared in the original Agenda
email for our call Tuesday, here is another major contact tracing tool:
#TheShield from Israel
https://www.difesaesicurezza.com/en/cyber-en/israel-the-shield-will-help-to-track-the-possible-coronavirus-exposure/
I've heard that there may be another one coming from the EU soon.

Some more general links:

I really appreciate Elizabeth Renieres @hackylawyer’s article *When Privacy
Meets Pandemic*

https://medium.com/berkman-klein-center/when-privacy-meets-pandemic-fbf9154f80b3

“So, where does this leave us as a privacy community and what is our role
in the time of Corona? It means that before we debate the particulars of a
specific technology or application, before we tweak certain features or
functionality to better protect individual privacy, or before we impose
certain transparency or accountability measures, we take a step back.

Before we concede that a measure is necessary and begin to assess its
proportionality, we question that underlying assumption — especially when
it’s coming from private companies who stand to gain from it or governments
who fear being perceived as lacking control over the situation. We apply
the age-old tests of legality, necessity, and proportionality — in that
order. We require concrete evidence that a measure will further specific
aims or achieve certain measurable outcomes.

If privacy advocates don’t step up and do this, who will?”


I also like Sarah Jamie Lewis’s Twitter thread
https://twitter.com/sarahjamielewis/status/1242142313192644608?s=21 in
particular this statement:

“There is no such thing as a robust privacy preserving contact tracing tool
because social graphs and location graphs are impossible to anonymity
because anonymity is fundamentally about  removing social and location
context - once you do that all that is left is the honour system”


Despite that I agree with those that a key of the problem is that the task
of #LocationPrivacy and anonymity is extremely difficult, I do believe that
in the short term we can be pragmatic & not suffer “the perfect is the
enemy of the good”. We can share best practices, salute those doing the
right thing, shame those who do not, and demonstrate our commitment to both
the common good as well as to preventing individual harm. An effective
Honor System is not the worst short-term outcome.

We also need to set the stage so that in the long term we can invest in the
much more difficult problems of solving these problems more idealistically
correctly. We need to fund things like deep requirements engineering, great
user centric design including nudge/incentive/mechanism/ approaches, as
well implementing the latest secure code practices, privacy protocols,
zk-proofs and other modern cryptographic security approaches, etc.

For if we do not be somewhat pragmatic now, and set a stage to be able to
invest in a more ideal future, we risk that everything we are currently
doing on the privacy front now will fail because in the end, everyone will
 being tracked at another layer.

I look forward to discussing these topics further with you on Tuesday!

— Christopher Allen

Received on Sunday, 29 March 2020 15:03:04 UTC