RE: [AGENDA] W3C Credentials CG Call Tue, March 31st, 12 noon EDT, 9 AM PDT from steve.e.magennis@gmail.com on 2021-05-25 (public-credentials@w3.org from May 2021)

From: <steve.e.magennis@gmail.com>
Date: Tue, 25 May 2021 08:48:40 -0700
To: "'Christopher Allen'" <ChristopherA@lifewithalacrity.com>, "'Credentials Community Group'" <public-credentials@w3.org>
Cc: "'Joe Andrieu'" <joe@legreq.com>, "'Kim Hamilton'" <kimdhamilton@gmail.com>, <elizabeth.renieris@gmail.com>, "'Sarah Jamie Lewis'" <sarah@openprivacy.ca>
Message-ID: <060b01d7517d$6f164010$4d42c030$@gmail.com>

…apologies please ignore

From: steve.e.magennis@gmail.com <steve.e.magennis@gmail.com> 
Sent: Tuesday, May 25, 2021 8:48 AM
To: 'Christopher Allen' <ChristopherA@lifewithalacrity.com>; 'Credentials Community Group' <public-credentials@w3.org>
Cc: 'Joe Andrieu' <joe@legreq.com>; 'Kim Hamilton' <kimdhamilton@gmail.com>; elizabeth.renieris@gmail.com; 'Sarah Jamie Lewis' <sarah@openprivacy.ca>
Subject: RE: [AGENDA] W3C Credentials CG Call Tue, March 31st, 12 noon EDT, 9 AM PDT

Data re-identification - Wikipedia <https://en.wikipedia.org/wiki/Data_re-identification> 

Reidentification of Individuals in (mit.edu) <http://web.mit.edu/sem083/www/assignments/reidentification.html> 

Big Data Deidentification, Reidentification and Anonymization (isaca.org) <https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/big-data-deidentification-reidentification-and-anonymization> 

From: Christopher Allen <ChristopherA@lifewithalacrity.com <mailto:ChristopherA@lifewithalacrity.com> > 
Sent: Sunday, March 29, 2020 8:02 AM
To: Credentials Community Group <public-credentials@w3.org <mailto:public-credentials@w3.org> >
Cc: Joe Andrieu <joe@legreq.com <mailto:joe@legreq.com> >; Kim Hamilton <kimdhamilton@gmail.com <mailto:kimdhamilton@gmail.com> >; elizabeth.renieris@gmail.com <mailto:elizabeth.renieris@gmail.com> ; Sarah Jamie Lewis <sarah@openprivacy.ca <mailto:sarah@openprivacy.ca> >
Subject: Re: [AGENDA] W3C Credentials CG Call Tue, March 31st, 12 noon EDT, 9 AM PDT

In addition to the implementations that I shared in the original Agenda email for our call Tuesday, here is another major contact tracing tool: #TheShield from Israel https://www.difesaesicurezza.com/en/cyber-en/israel-the-shield-will-help-to-track-the-possible-coronavirus-exposure/ I've heard that there may be another one coming from the EU soon.

Some more general links:

I really appreciate Elizabeth Renieres @hackylawyer’s article *When Privacy Meets Pandemic*

https://medium.com/berkman-klein-center/when-privacy-meets-pandemic-fbf9154f80b3

“So, where does this leave us as a privacy community and what is our role in the time of Corona? It means that before we debate the particulars of a specific technology or application, before we tweak certain features or functionality to better protect individual privacy, or before we impose certain transparency or accountability measures, we take a step back.

Before we concede that a measure is necessary and begin to assess its proportionality, we question that underlying assumption — especially when it’s coming from private companies who stand to gain from it or governments who fear being perceived as lacking control over the situation. We apply the age-old tests of legality, necessity, and proportionality — in that order. We require concrete evidence that a measure will further specific aims or achieve certain measurable outcomes.

If privacy advocates don’t step up and do this, who will?”

I also like Sarah Jamie Lewis’s Twitter thread 
https://twitter.com/sarahjamielewis/status/1242142313192644608?s=21 in particular this statement:

“There is no such thing as a robust privacy preserving contact tracing tool because social graphs and location graphs are impossible to anonymity because anonymity is fundamentally about  removing social and location context - once you do that all that is left is the honour system”

Despite that I agree with those that a key of the problem is that the task of #LocationPrivacy and anonymity is extremely difficult, I do believe that in the short term we can be pragmatic & not suffer “the perfect is the enemy of the good”. We can share best practices, salute those doing the right thing, shame those who do not, and demonstrate our commitment to both the common good as well as to preventing individual harm. An effective Honor System is not the worst short-term outcome.

We also need to set the stage so that in the long term we can invest in the much more difficult problems of solving these problems more idealistically correctly. We need to fund things like deep requirements engineering, great user centric design including nudge/incentive/mechanism/ approaches, as well implementing the latest secure code practices, privacy protocols, zk-proofs and other modern cryptographic security approaches, etc.

For if we do not be somewhat pragmatic now, and set a stage to be able to invest in a more ideal future, we risk that everything we are currently doing on the privacy front now will fail because in the end, everyone will  being tracked at another layer.

I look forward to discussing these topics further with you on Tuesday!

— Christopher Allen

Received on Tuesday, 25 May 2021 15:49:56 UTC