Re: [technical-discuss] Civil Society Response to TSA mDL Rule Making

P.S. Epicenter (cc) just provided me with a hyperlink that works:

(Alas link rot in the link that I shared in my email below. Sorry …)

Happy reading!


(P.S. Europe seems to prepare even worse privacy violations: Apparently, browsers will be forbidden to warn you against a state-operated man-in-the-middle attacks.)

From: Deventer, M.O. (Oskar) van <>
Sent: maandag 23 oktober 2023 11:47
To: Bachenheimer, Daniel <>;;
Cc: Adrian Gropper <>; Daniel Goldscheider <>; Credentials Community Group <>;
Subject: RE: [External] Re: [technical-discuss] Civil Society Response to TSA mDL Rule Making


For your information, the European use of mDL and VC (EUDI wallet, ARF, PID) suffers from similar privacy/abuse/over-identification issues, see The worst offence is the assignment of a “unique identifier” to each European citizen, which enables colluding verifiers to easily correlate their users.

Protection measures that Europe looks into, is “Identified Verifier” and “Authorized Verifier”. That is, after an identification transaction, the citizen has non-repudiable proof when, how and by whom they were identified. And possibly, the transaction fails for non-authorized verifiers. Still very unsure/unclear …

Best regards,


From: Bachenheimer, Daniel <<>>
Sent: vrijdag 20 oktober 2023 19:11
Cc: Adrian Gropper <<>>; Daniel Goldscheider <<>>; Credentials Community Group <<>>;<>
Subject: RE: [External] Re: [technical-discuss] Civil Society Response to TSA mDL Rule Making

The rule to me seems void of defining the underlying principles surrounding the use of this technology “for official purposes”.

  *   How will the holder know that their mDL is being read for official purposes… ONLY because a TSA uniform is being worn by the in-person requester?  Will there be any official audits of the transaction “for official purposes” that can be reviewed by the public if needed? How, electronically, will the mDL ecosystem determine, enforce, and penalize improper use of the personal data during the issuance and/or verification processes – including any intermediation  (e.g., retention, sharing, breaches)? How will Data subjects be informed of same?

We know, for example, that US Passports are easy targets for fraud due to their vulnerability to morph attacks and acceptance of poor quality photos which impacts the Authenticity, Accuracy, and Uniqueness of the identity represented

  *   When mDLs are used “for official purposes”, how will the Issuer, Holder and Verifier be assured that the subject represented is: (1) unique within the target population (and how will that be measured? To what FNIR/FPIR?), (2) that the photo is actually authentic – not simply cryptographically signed by the issuance authority, and (3) of sufficient quality for automated facial recognition?

If the mDL is to a proxy for Foundational Identity within the US, I feel we should be able to answer these questions – and many others – especially “for official use”.

Thank You,
Daniel Bachenheimer
Digital Identity Innovations |  Technology Lead
Office: Arlington, VA  |  USA
Direct:  +1 703.947.1659  |  Mobile:  +1 202.251.7073

From:<> <<>> On Behalf Of David Zeuthen via
Sent: Friday, October 20, 2023 12:00 PM
Cc: Adrian Gropper <<>>; Daniel Goldscheider <<>>; Credentials Community Group <<>>;<>
Subject: [External] Re: [technical-discuss] Civil Society Response to TSA mDL Rule Making

CAUTION: External email. Be cautious with links and attachments.


+1 to what Andrew said from someone who's also working on that particular set of ISO groups. And, yes, we could spend bandwidth discussing the merits of various SDOs but, really, that's been all done before, they all have their flaws, and at the end of the day the comparison table might not even help the claim that ISO is the one where it's the most difficult to have your voice heard, just saying :-). I'm here because I want to work with everyone else who wants to make Digital Identity better for people on this planet, not discuss which SDO is my favorite because at the end of the day reaching this goal for sure will require participation in more than just one SDO.

This is not to say that we shouldn't encourage SDOs to do better but let's not alienate people in a place that decidedly is SDO-neutral territory.


On Thu, Oct 19, 2023 at 7:30 PM Andrew Hughes via <<>> wrote:
Please stop calling ISO processes "closed" in ways that insinuate some nefarious intent. Use a different word. Just because the way that international standardization organization works is not to your liking does not mean that it is inherently "bad". The particular ISO committee you denigrate has gone out of its way to engage and accommodate other communities, within the rules of the organization. We can always do better for sure - but the language used in some of these communities does not inspire a desire to work together. Please don't pick on us just because we are trying to engage - there are other actually closed organizations that have far more influence over you but you don't seem to bother them.

Andrew Hughes
Director - Identity Standards<>
Mobile/Signal: +1 250 888 9474<tel:(250)%20888-9474>

On Thu, Oct 19, 2023 at 4:07 PM Adrian Gropper <<>> wrote:
Here's my observation of shared goals independent of technical implementations:

  *   We build on top of the VC standard rather than any closed data models and processes. That means we need to understand the goals behind ISO mDL and decide whether we want to influence their closed process or replace mDL with VC as data models? Which way will OWF consensus go?
  *   We build on protocols that put human VCs ahead of any non-human applications. Human VC issue and verification protocols have to deal with biometrics either directly or indirectly. Supply chain and other use-cases do not have any benefit or liability from biometrics. Almost none of the CCG related protocol work has been based on this distinction and the perception that we're barcoding or chipping humans needs to be dealt with sooner or later. Adding privacy features and principles to standards that apply to both people and things may not be an optimal strategy. If OWF does not develop protocols, then where will the open human rights based standards come from?
  *   We recognize that choosing among dozens of VCs, making selections for selective disclosure on some of them, and often using another credential for payment is a burden to the person. Given what we know about human propensity for convenience over privacy, how likely is it that platforms will evolve to "help" us with these decisions along with surveillance and lock-in? Does OWF have a consensus on how to prevent platform dominance by recognizing the freedom to choose our helpful agents and representatives as a Universal Human Right, not just an option?
  *   We deal explicitly with the reality that DHS border guards, law enforcement, and maybe the TSA will reserve and routinely exercise their right to "call home" and to verify witnessed biometrics no matter what privacy principles we build into the open wallet protocols. The argument that allowing any uses of VCs that call home opens the door for this abuse outside of government use-cases is valid. Nonetheless, does OWF have consensus on how to ensure that calling home can be regulated or technically prevented by design vs. just hoping that non-government verifiers will do the right thing just because they can?
These four specific categories of potential consensus are more or less independent. By cross-posting them with the CCG protocol and OWF demonstration discussion groups, I'm hoping to discover a forum for seeking the consensus.


On Thu, Oct 19, 2023 at 4:03 PM Daniel Goldscheider <<>> wrote:
Point well taken.

In my mind, they should know that we value their perspective and want to speak with them. If they lack time or interest to talk to us that’s their prerogative of course.

Technical standards and solutions come and go. I think it’s useful to agree on shared goals that are independent of technical implementations to have consensus on what we want to achieve before discussing how to get there.

All the best,

On 19 Oct 2023, at 12:53, Adrian Gropper <<>> wrote:

Hi Daniel,

These four groups are not staffed to participate directly in the kind of work being done in our digital  ID communities. As a result, they are almost exclusively reactive, and negative. I myself, am not paid, have never been paid, for working on DIDs and VCs since the beginning. Even so, or maybe because I don't represent a commercial interest, my perspective has been mostly ignored or treated as an annoyance by CCG-related workgroups.

I don't know if OWF will be different. Getting ahead of the adoption issue should be the highest priority of OWF and I still don't see an open discussion of who will do that work and how. Interoperability and privacy "principles" are not enough.


On Thu, Oct 19, 2023 at 3:36 PM Daniel Goldscheider <<>> wrote:
Hi Adrian,

I had already reached out to EFF and ACLU before this came out and completely agree with you.

We should do try to engage with all 4. Ideally I’d love to get to their support for open interoperable wallets and explore if we can agree on privacy principles as well.

Would you be willing to talk to EPIC and suggest a conversation?

All the best,

On 19 Oct 2023, at 12:20, Adrian Gropper <<>> wrote:

Thanks, Kaliya!

The comment also mentions Open Wallet Foundation so I'm cross-posting.

I have worked with all four of the signing organizations over the years and am on the EPIC Advisory Board. It would be useful, maybe essential, to consider their concerns and get ahead of the next round of mandates and adoption issues.


On Thu, Oct 19, 2023 at 1:12 PM Kaliya Identity Woman <<>> wrote:
Hi Folks,

 This was just shared with me and I wanted the list to see it.  The ACLU, EFF, Center for Democracy and Technology, and EPIC (Electronic Privacy Information Center) collaborated on a response to the proposed rule-making by TSA re: mDL.<;!!OrxsNty6D4my!9L5vw4BuWBoHTcbGfkzOefSaLaf7IoKL-UspS9Yak0dRWUh-k5vaS34vd2At8EQ_mexhLJ0pmy8ErafaTz76ramnXZ-Ozaoa9Ftk05aCAeS1IQIHxjLh$>

They mention Verifiable Credentials several times and urge the TSA to slow down to ensure the best most privacy enhancing options can be chosen as things continue to mature rather then rush forward.

 It shows that engaging with and educating civil society groups who are interested and tracking technology developments is a good thing.

 - Kaliya

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.


David Zeuthen |<> |


| Android Hardware-Backed Security


You receive all messages sent to this group.

View/Reply Online (#197)<;!!OrxsNty6D4my!9L5vw4BuWBoHTcbGfkzOefSaLaf7IoKL-UspS9Yak0dRWUh-k5vaS34vd2At8EQ_mexhLJ0pmy8ErafaTz76ramnXZ-Ozaoa9Ftk05aCAeS1IV5_t92g$> | Reply To Sender<> | Reply To Group<> | Mute This Topic<;!!OrxsNty6D4my!9L5vw4BuWBoHTcbGfkzOefSaLaf7IoKL-UspS9Yak0dRWUh-k5vaS34vd2At8EQ_mexhLJ0pmy8ErafaTz76ramnXZ-Ozaoa9Ftk05aCAeS1IXc_OoSB$> | New Topic<;!!OrxsNty6D4my!9L5vw4BuWBoHTcbGfkzOefSaLaf7IoKL-UspS9Yak0dRWUh-k5vaS34vd2At8EQ_mexhLJ0pmy8ErafaTz76ramnXZ-Ozaoa9Ftk05aCAeS1Idzlm80V$>
Your Subscription<;!!OrxsNty6D4my!9L5vw4BuWBoHTcbGfkzOefSaLaf7IoKL-UspS9Yak0dRWUh-k5vaS34vd2At8EQ_mexhLJ0pmy8ErafaTz76ramnXZ-Ozaoa9Ftk05aCAeS1ITMei0dz$> | Contact Group Owner<> | Unsubscribe<;!!OrxsNty6D4my!9L5vw4BuWBoHTcbGfkzOefSaLaf7IoKL-UspS9Yak0dRWUh-k5vaS34vd2At8EQ_mexhLJ0pmy8ErafaTz76ramnXZ-Ozaoa9Ftk05aCAeS1IS-YJa1-$> []


This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security, AI-powered support capabilities, and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at


This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.

Received on Thursday, 2 November 2023 16:12:32 UTC