Re: Digital Press Passes and Decentralized Public Key Infrastructures

 George Artem wrote:

> would you be proposing some sort of “proof of truth” block-chain?

There is not, never has been, and never will be either a universally
accepted arbiter of truth or a process for establishing truth. To label
anything as a mechanism for establishing "proof-of-truth" is misguided
doomed to failure.

The best we'll ever be able to do is create methods by which claims of
truth, or its absence, can be made. Even something like a "Digital Press
Pass" seems to me to be faulty in the basic assumption that there is some
universally useful state of being a member of the "press." The best we'll
be able to do is allow various entities to make claims about the
"pressness" of other entities. For instance, some might claim that Fox News
is a "press" organization, others would claim that Fox New" is an advocacy
group more akin to a political organization or party. There is, of course,
value in both sets of statements. The key thing is to allow these
statements to be made. Trying to craft mechanisms for establishing or
proving truth is a waste of effort.

Adam Sobieski wrote:

> I am proposing that “digital press passes” could be created and could be a
> component of solutions for mitigating misinformation and disinformation.

A Digital Press Pass could, at best, provide information that might
influence one's evaluation of the credibility of a speaker, at some
specific time, when making statements about some kind of information. But,
even credible speakers (whatever that may mean) are neither always right
nor wrong. Thus, it isn't qualities of the speaker that should be
considered most important but rather statements about their statements. In
the end, I will be much less impressed by a claim that someone is "press"
than I will be if I discover that people whom I trust usually find that
person's statements to be true. As a result, what I would like to see is
agreement on how I, and those I trust, can issue discoverable credentials
concerning the veracity or qualities of statements that we come across.
From such statements about statements, we'd then be able to use a variety
of methods to extrapolate the probable truthfulness of speakers, whether or
not they hold press passes. This should, of course, then lead to methods
for making statements about the qualities of those who present various
press credentials. In any case, the credibility of one with a press pass
should arise primarily from evaluation of their statements, not from their
press credentials.
bob wyman


On Sun, Aug 8, 2021 at 2:45 AM George Artem <georgeartem@gmail.com> wrote:

> Respectfully, this is at best a very naive idea. Here are some very basic
> questions:
>
> Exactly who would be the “revoking agency” or “revoking authority” that
> would verify the claimed “mis” or “dis” information? A “fact-checker” like
> the Ministry of Truth?
>
> Alternatively, would you be proposing some sort of “proof of truth”
> block-chain? If so, what would be the parameters of your “proof of truth”
> validation for journalistic bias? Emerging science? Etc.
>
> Looking forward to your thoughts.
>
>
> George
>
> Sent from my iPhone
>
> On Jul 20, 2021, at 9:48 AM, steve.e.magennis@gmail.com wrote:
>
> 
>
> Two other projects in the VC space come to mind that might be worth
> looking into:
>
>    - GLEIF
>    <https://wiki.trustoverip.org/display/HOME/Ecosystem+Working+Group+Files?preview=%2F66630%2F67146%2FAccelerating-Digital-Identity-with-the+LEI_ToIP-Ecosystem-Foundry_WG_v1.0_final+.pdf>
>    – this is an ecosystem with a globally authenticated list of orgs, think
>    distinctly, and unequivocally known publishers (sans reputation), they are
>    potentially extending into named individuals within those orgs, think
>    writer(s). This could help solve the problem of easily and confidently
>    distinguishing John Smith at Reuters from John Smith at Reuterzz.
>    - Internet of Research
>    <https://wiki.trustoverip.org/display/HOME/Internet+of+Research+Ecosystem+Task+Force>:
>    This group is tackling the issue of scholarly publications which need to be
>    very clear about authentic authorship, recognizable publication and
>    citations of published works. Maybe more granular than you need in some
>    ways, and maybe less granular than you need in others, but worth a look.
>
>
>
> Happy to help with intros if interested in either.
>
> -Steve
>
>
>
> *From:* David Chadwick <d.w.chadwick@verifiablecredentials.info>
> *Sent:* Tuesday, July 20, 2021 5:28 AM
> *To:* Adam Sobieski <adamsobieski@hotmail.com>; public-credentials@w3.org
> *Subject:* Re: Digital Press Passes and Decentralized Public Key
> Infrastructures
>
>
>
>
>
> On 20/07/2021 13:10, Adam Sobieski wrote:
>
> David,
>
> Scott,
>
>
>
> It sounds like W3C VC’s can equip organizations (e.g.,
> https://www.google.com/search?q=journalism+organizations) with the
> capability to issue and revoke “digital press passes” per their own
> policies, codes of ethics, and procedures.
>
>
>
> As for the W3C VC models not being limited to the journalism domain, these
> same technologies could equip ACM, IEEE, and AAAI with the means of
> issuing, beyond membership-related credentials, credentials which represent
> compliance with their ethical codes.
>
>
>
> Broadly, then, under discussion are the matters of equipping professional
> organizations with the means of issuing and revoking membership-related
> credentials and credentials which indicate compliance with the
> organizations’ policies and/or codes of ethics.
>
>
>
> yes, correct
>
>
>
> Brainstorming and exploring the topic, we might also envision
> decentralized systems
>
> it depends what your definition of decentralised is, as it can encompass
> several different functionalities. If you mean that issuers need DIDs, then
> no, they can have standard X.509 signing certificates. If you mean that
> blockchains are needed, again no, they are not essential. The only
> decentralised feature I have found to be essential is that users can create
> their own asymmetric key pairs (as many as they need).
>
> What is clear (and all the decentralised people agree with this), is that
> every SSI system today needs centralised systems in order to function at
> all on the Internet.
>
> Kind regards
>
> David
>
> which allow, beyond issuing and revoking credentials, the capability to
> warn organizations and individuals. That is, we might consider that a
> “digital press pass” could be in states including: valid, warned, and
> revoked. If it is possible to add warnings to VC systems, we could envision
> the UX in Web browsers with a green news symbol for valid, a yellow news
> symbol for warned, and a red error news symbol for revoked. These graphical
> symbols could be placed next to the lock symbol in the left of the URL
> address bar, before the URL text.
>
>
>
>
>
> Best regards,
>
> Adam
>
>
>
> *From: *David Chadwick <d.w.chadwick@verifiablecredentials.info>
> *Sent: *Tuesday, July 20, 2021 6:19 AM
> *To: *public-credentials@w3.org
> *Subject: *Re: Digital Press Passes and Decentralized Public Key
> Infrastructures
>
>
>
> Hi Scott
>
> On 19/07/2021 22:47, Scott Yates wrote:
>
> Adam, (and friends),
>
>
>
> I looked really hard at a PKI solution for a long time, and the downsides
> were insurmountable..
>
> PKI does not propose to tell you who is press and who is not. It was never
> designed to do this. From the outset PKI was designed to bind an identifier
> to a public key for authentication purposes, that's all. PMI is what you
> were looking for (X.509 attribute certificates) e.g. as we implemented in
> the PERMIS open source code. But now, we have switched to W3C VCs as a
> better way of telling you who is a member of the press or not.
>
> The other ingredient you need is something like the TRAIN API which tells
> you if the issuer of the "press VCs" is trusted to do this or not. We have
> this built into our VC eco system.
>
>
>
> Probably the biggest problem that you can't get around is: Who decides who
> is in and who is out?
>
> The answer is simple. The verifier does. But it can delegate this task to
> a TTP if it wants e.g. the TRAIN API, or it can have its own list of
> trusted issuers.
>
>
>
>
> After beating my head against the wall for a couple of years, I came up
> with trust.txt. It's a text file in the tradition of robots.txt and
> ads.txt. In that file, press associations list their members, and members
> list their associations.
>
> This is exactly what we do with the TRAIN API and VCs. Issuers (members in
> your terminology) put a ToU property in the VCs they issue listing the
> associations they are affiliated to. The verifier passes the association
> and issuer to the TRAIN API and it returns true or false to this
> affiliation.
>
>
>
>
>
> For example, the Texas Press Association's file is here:
> https://www.texaspress.com/trust.txt and the file for a small weekly
> paper in Hays has its file here: https://haysfreepress.com/trust.txt
>
>
>
> With those, anyone can build a crawler and an algo to get
> confirmation about who belongs to whom.
>
>
>
> No one body has to decide who is "press" and who is not. Groups on their
> own decide who is a member, and it's up to the platforms to interpret the
> signal and decide that the Hays Free Press is just a bit more trustworthy
> because they at least know that it belongs to the TPA.
>
>
>
> I'm now rolling this out to press and broadcasting associations in the
> U.S., and hope to go international starting in the fall.
>
> Sounds very good. Well done.
>
>
>
>
>
> After studying it for a long long time, I think this is as close as we can
> get to a "digital press pass" that is consistent with the First Amendment
> and an open, decentralized web.
>
> I agree. And the model is not limited to press passes but to any VCs in
> any domain
>
> Kind regards
>
> David
>
>
>
> -Scott Yates
>
> Founder
>
> JournalList.net, caretaker of the trust.txt framework
>
> 202-742-6842
>
> Short Video Explanation of trust.txt <https://youtu.be/lunOBapQxpU>
>
>
>
>
>
> On Mon, Jul 19, 2021 at 3:23 PM Adam Sobieski <adamsobieski@hotmail..com
> <adamsobieski@hotmail.com>> wrote:
>
> Credible Web Community Group,
>
> Credentials Community Group,
>
>
>
> I would like to broach the topic of “digital press passes” towards a more
> credible web.
>
>
>
> As envisioned, “digital press passes” could be provided to organizations
> and individuals utilizing decentralized public key infrastructure.
>
>
>
> Webpages could include URLs to their “digital press passes” in link
> elements (<link rel="press-pass" href="…" />). This information could
> also be encoded in documents in a manner interoperable with Web schema.
> News content could be digitally signed by one or more “digital press
> passes”.
>
>
>
> Upsides include: (1) end-users and services could configure which
> certificate authorities that they desired to recognize, (2) end-users could
> visually see, in their Web browsers, whether displayed content was from a
> source with a valid “digital press pass”, (3) news aggregation sites could
> distinguish content digitally signed by “digital press passes”, (4) social
> media websites could visually adorn and prioritize shared content which is
> digitally signed by “digital press passes”, (5) entry for new news
> organizations and recognition as such by existing services would be
> simplified, e.g., a new newspaper organization, the new news organization
> would need to obtain a “digital press pass” from a certificate authority.
>
>
>
> Downsides include: impact on citizen journalism, where users other than
> journalists desire to publish or distribute news content.
>
>
>
> Have these ideas been considered before? Any thoughts on these ideas?
>
>
>
>
>
> Best regards,
>
> Adam Sobieski
>
>
>
> P.S.: https://meta.wikimedia.org/wiki/Wikifact
>
>
>
>
>
>