Re: [technical-discuss] Civil Society Response to TSA mDL Rule Making from Adrian Gropper on 2023-10-19 (public-credentials@w3.org from October 2023)

From: Adrian Gropper <agropper@healthurl.com>
Date: Thu, 19 Oct 2023 19:07:39 -0400
To: Daniel Goldscheider <daniel@openwallet.foundation>
Cc: Credentials Community Group <public-credentials@w3.org>, technical-discuss@lists.openwallet.foundation
Message-ID: <CANYRo8iAnNoRi63nQ1imwE9rqVkD5OXJ8SsRXKtZnrt6yMAG6g@mail.gmail.com>
Here's my observation of shared goals independent of technical
implementations:

   - *We build on top of the VC standard rather than any closed data models
   and processes.* That means we need to understand the goals behind ISO
   mDL and decide whether we want to influence their closed process or replace
   mDL with VC as data models? Which way will OWF consensus go?
   - *We build on protocols that put human VCs ahead of any non-human
   applications.* Human VC issue and verification protocols have to deal
   with biometrics either directly or indirectly. Supply chain and other
   use-cases do not have any benefit or liability from biometrics. Almost none
   of the CCG related protocol work has been based on this distinction and the
   perception that we're barcoding or chipping humans needs to be dealt with
   sooner or later. Adding privacy features and principles to standards that
   apply to both people and things may not be an optimal strategy. If OWF does
   not develop protocols, then where will the open human rights based
   standards come from?
   - *We recognize that choosing among dozens of VCs, making selections for
   selective disclosure on some of them, and often using another credential
   for payment is a burden to the person.* Given what we know about human
   propensity for convenience over privacy, how likely is it that platforms
   will evolve to "help" us with these decisions along with surveillance and
   lock-in? Does OWF have a consensus on how to prevent platform dominance by
   recognizing the freedom to choose our helpful agents and representatives as
   a Universal Human Right, not just an option?
   - *We deal explicitly with the reality that DHS border guards, law
   enforcement, and maybe the TSA will reserve and routinely exercise their
   right to "call home" and to verify witnessed biometrics no matter what
   privacy principles we build into the open wallet protocols. *The
   argument that allowing any uses of VCs that call home opens the door for
   this abuse outside of government use-cases is valid. Nonetheless, does OWF
   have consensus on how to ensure that calling home can be regulated or
   technically prevented by design vs. just hoping that non-government
   verifiers will do the right thing just because they can?

These four specific categories of potential consensus are more or less
independent. By cross-posting them with the CCG protocol and OWF
demonstration discussion groups, I'm hoping to discover a forum for seeking
the consensus.

Adrian




On Thu, Oct 19, 2023 at 4:03 PM Daniel Goldscheider
<daniel@openwallet.foundation> wrote:

> Point well taken.
>
> In my mind, they should know that we value their perspective and want to
> speak with them. If they lack time or interest to talk to us that’s their
> prerogative of course.
>
> Technical standards and solutions come and go. I think it’s useful to
> agree on shared goals that are independent of technical implementations to
> have consensus on what we want to achieve before discussing how to get
> there.
>
> All the best,
> Daniel
>
>
>
> On 19 Oct 2023, at 12:53, Adrian Gropper <agropper@healthurl.com> wrote:
>
> 
> Hi Daniel,
>
> These four groups are not staffed to participate directly in the kind of
> work being done in our digital  ID communities. As a result, they are
> almost exclusively reactive, and negative. I myself, am not paid, have
> never been paid, for working on DIDs and VCs since the beginning. Even so,
> or maybe because I don't represent a commercial interest, my perspective
> has been mostly ignored or treated as an annoyance by CCG-related
> workgroups.
>
> I don't know if OWF will be different. Getting ahead of the adoption issue
> should be the highest priority of OWF and I still don't see an open
> discussion of who will do that work and how. Interoperability and privacy
> "principles" are not enough.
>
> Adrian
>
> On Thu, Oct 19, 2023 at 3:36 PM Daniel Goldscheider
> <daniel@openwallet.foundation> wrote:
>
>> Hi Adrian,
>>
>> I had already reached out to EFF and ACLU before this came out and
>> completely agree with you.
>>
>> We should do try to engage with all 4. Ideally I’d love to get to their
>> support for open interoperable wallets and explore if we can agree on
>> privacy principles as well.
>>
>> Would you be willing to talk to EPIC and suggest a conversation?
>>
>> All the best,
>> Daniel
>>
>>
>>
>> On 19 Oct 2023, at 12:20, Adrian Gropper <agropper@healthurl.com> wrote:
>>
>> 
>> Thanks, Kaliya!
>>
>> The comment also mentions Open Wallet Foundation so I'm cross-posting.
>>
>> I have worked with all four of the signing organizations over the years
>> and am on the EPIC Advisory Board. It would be useful, maybe essential, to
>> consider their concerns and get ahead of the next round of mandates and
>> adoption issues.
>>
>> Adrian
>>
>> On Thu, Oct 19, 2023 at 1:12 PM Kaliya Identity Woman <
>> kaliya@identitywoman.net> wrote:
>>
>>> Hi Folks,
>>>
>>>  This was just shared with me and I wanted the list to see it.  The
>>> ACLU, EFF, Center for Democracy and Technology, and EPIC (Electronic
>>> Privacy Information Center) collaborated on a response to the proposed
>>> rule-making by TSA re: mDL.
>>>
>>>
>>> https://www.eff.org/document/10-16-2023-aclu-eff-epic-comments-re-tsa-nprm-mdls
>>>
>>> They mention Verifiable Credentials several times and urge the TSA to
>>> slow down to ensure the best most privacy enhancing options can be chosen
>>> as things continue to mature rather then rush forward.
>>>
>>>  It shows that engaging with and educating civil society groups who are
>>> interested and tracking technology developments is a good thing.
>>>
>>>  - Kaliya
>>>
>>>
>>>
>>>
>>> _._,_._,_
>> ------------------------------
>> Links:
>>
>> You receive all messages sent to this group.
>>
>> View/Reply Online (#185)
>> <https://lists.openwallet.foundation/g/technical-discuss/message/185> | Reply
>> To Sender
>> <agropper@healthurl.com?subject=Private:%20Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making>
>> | Reply To Group
>> <technical-discuss@lists.openwallet.foundation?subject=Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making>
>> | Mute This Topic
>> <https://lists.openwallet.foundation/mt/102067342/7564251> | New Topic
>> <https://lists.openwallet.foundation/g/technical-discuss/post>
>> Your Subscription
>> <https://lists.openwallet.foundation/g/technical-discuss/editsub/7564251>
>> | Contact Group Owner
>> <technical-discuss+owner@lists.openwallet.foundation> | Unsubscribe
>> <https://lists.openwallet.foundation/g/technical-discuss/unsub>
>> [daniel@openwallet.foundation]
>> _._,_._,_
>>
>>
Received on Thursday, 19 October 2023 23:07:57 UTC