Re: [technical-discuss] Civil Society Response to TSA mDL Rule Making from Adrian Gropper on 2023-10-20 (public-credentials@w3.org from October 2023)

From: Adrian Gropper <agropper@healthurl.com>
Date: Thu, 19 Oct 2023 21:53:29 -0400
To: Andrew Hughes <andrewhughes@pingidentity.com>
Cc: Daniel Goldscheider <daniel@openwallet.foundation>, Credentials Community Group <public-credentials@w3.org>, technical-discuss@lists.openwallet.foundation
Message-ID: <CANYRo8gSs+ktVoF19H-M2vsHLvXji4WWEkqv9txbQdO4f8nqqw@mail.gmail.com>
Hi Andrew,

Don't shoot the messenger (me). My description of ISO is what the comment
said. My point is that OWF and CCG can be proactive about dealing with the
four issues I list below.

Adrian

On Thu, Oct 19, 2023 at 7:30 PM Andrew Hughes <andrewhughes@pingidentity.com>
wrote:

> Please stop calling ISO processes "closed" in ways that insinuate some
> nefarious intent. Use a different word. Just because the way that
> international standardization organization works is not to your liking does
> not mean that it is inherently "bad". The particular ISO committee you
> denigrate has gone out of its way to engage and accommodate other
> communities, within the rules of the organization. We can always do better
> for sure - but the language used in some of these communities does not
> inspire a desire to work together. Please don't pick on us just because we
> are trying to engage - there are other actually closed organizations that
> have far more influence over you but you don't seem to bother them.
>
> Andrew Hughes
> Director - Identity Standards
> andrewhughes@pingidentity.com
> Mobile/Signal: +1 250 888 9474
>
>
>
> On Thu, Oct 19, 2023 at 4:07 PM Adrian Gropper <agropper@healthurl.com>
> wrote:
>
>> Here's my observation of shared goals independent of technical
>> implementations:
>>
>>    - *We build on top of the VC standard rather than any closed data
>>    models and processes.* That means we need to understand the
>>    goals behind ISO mDL and decide whether we want to influence their closed
>>    process or replace mDL with VC as data models? Which way will OWF consensus
>>    go?
>>    - *We build on protocols that put human VCs ahead of any non-human
>>    applications.* Human VC issue and verification protocols have to deal
>>    with biometrics either directly or indirectly. Supply chain and other
>>    use-cases do not have any benefit or liability from biometrics. Almost none
>>    of the CCG related protocol work has been based on this distinction and the
>>    perception that we're barcoding or chipping humans needs to be dealt with
>>    sooner or later. Adding privacy features and principles to standards that
>>    apply to both people and things may not be an optimal strategy. If OWF does
>>    not develop protocols, then where will the open human rights based
>>    standards come from?
>>    - *We recognize that choosing among dozens of VCs, making selections
>>    for selective disclosure on some of them, and often using another
>>    credential for payment is a burden to the person.* Given what we know
>>    about human propensity for convenience over privacy, how likely is it that
>>    platforms will evolve to "help" us with these decisions along with
>>    surveillance and lock-in? Does OWF have a consensus on how to prevent
>>    platform dominance by recognizing the freedom to choose our helpful agents
>>    and representatives as a Universal Human Right, not just an option?
>>    - *We deal explicitly with the reality that DHS border guards, law
>>    enforcement, and maybe the TSA will reserve and routinely exercise their
>>    right to "call home" and to verify witnessed biometrics no matter what
>>    privacy principles we build into the open wallet protocols. *The
>>    argument that allowing any uses of VCs that call home opens the door for
>>    this abuse outside of government use-cases is valid. Nonetheless, does OWF
>>    have consensus on how to ensure that calling home can be regulated or
>>    technically prevented by design vs. just hoping that non-government
>>    verifiers will do the right thing just because they can?
>>
>> These four specific categories of potential consensus are more or less
>> independent. By cross-posting them with the CCG protocol and OWF
>> demonstration discussion groups, I'm hoping to discover a forum for seeking
>> the consensus.
>>
>> Adrian
>>
>>
>>
>>
>> On Thu, Oct 19, 2023 at 4:03 PM Daniel Goldscheider
>> <daniel@openwallet.foundation> wrote:
>>
>>> Point well taken.
>>>
>>> In my mind, they should know that we value their perspective and want to
>>> speak with them. If they lack time or interest to talk to us that’s their
>>> prerogative of course.
>>>
>>> Technical standards and solutions come and go. I think it’s useful to
>>> agree on shared goals that are independent of technical implementations to
>>> have consensus on what we want to achieve before discussing how to get
>>> there.
>>>
>>> All the best,
>>> Daniel
>>>
>>>
>>>
>>> On 19 Oct 2023, at 12:53, Adrian Gropper <agropper@healthurl.com> wrote:
>>>
>>> 
>>> Hi Daniel,
>>>
>>> These four groups are not staffed to participate directly in the kind of
>>> work being done in our digital  ID communities. As a result, they are
>>> almost exclusively reactive, and negative. I myself, am not paid, have
>>> never been paid, for working on DIDs and VCs since the beginning. Even so,
>>> or maybe because I don't represent a commercial interest, my perspective
>>> has been mostly ignored or treated as an annoyance by CCG-related
>>> workgroups.
>>>
>>> I don't know if OWF will be different. Getting ahead of the adoption
>>> issue should be the highest priority of OWF and I still don't see an open
>>> discussion of who will do that work and how. Interoperability and privacy
>>> "principles" are not enough.
>>>
>>> Adrian
>>>
>>> On Thu, Oct 19, 2023 at 3:36 PM Daniel Goldscheider
>>> <daniel@openwallet.foundation> wrote:
>>>
>>>> Hi Adrian,
>>>>
>>>> I had already reached out to EFF and ACLU before this came out and
>>>> completely agree with you.
>>>>
>>>> We should do try to engage with all 4. Ideally I’d love to get to their
>>>> support for open interoperable wallets and explore if we can agree on
>>>> privacy principles as well.
>>>>
>>>> Would you be willing to talk to EPIC and suggest a conversation?
>>>>
>>>> All the best,
>>>> Daniel
>>>>
>>>>
>>>>
>>>> On 19 Oct 2023, at 12:20, Adrian Gropper <agropper@healthurl.com>
>>>> wrote:
>>>>
>>>> 
>>>> Thanks, Kaliya!
>>>>
>>>> The comment also mentions Open Wallet Foundation so I'm cross-posting.
>>>>
>>>> I have worked with all four of the signing organizations over the years
>>>> and am on the EPIC Advisory Board. It would be useful, maybe essential, to
>>>> consider their concerns and get ahead of the next round of mandates and
>>>> adoption issues.
>>>>
>>>> Adrian
>>>>
>>>> On Thu, Oct 19, 2023 at 1:12 PM Kaliya Identity Woman <
>>>> kaliya@identitywoman.net> wrote:
>>>>
>>>>> Hi Folks,
>>>>>
>>>>>  This was just shared with me and I wanted the list to see it.  The
>>>>> ACLU, EFF, Center for Democracy and Technology, and EPIC (Electronic
>>>>> Privacy Information Center) collaborated on a response to the proposed
>>>>> rule-making by TSA re: mDL.
>>>>>
>>>>>
>>>>> https://www.eff.org/document/10-16-2023-aclu-eff-epic-comments-re-tsa-nprm-mdls
>>>>>
>>>>> They mention Verifiable Credentials several times and urge the TSA to
>>>>> slow down to ensure the best most privacy enhancing options can be chosen
>>>>> as things continue to mature rather then rush forward.
>>>>>
>>>>>  It shows that engaging with and educating civil society groups who
>>>>> are interested and tracking technology developments is a good thing.
>>>>>
>>>>>  - Kaliya
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _._,_._,_
>> ------------------------------
>> Links:
>>
>> You receive all messages sent to this group.
>>
>> View/Reply Online (#191)
>> <https://lists.openwallet.foundation/g/technical-discuss/message/191> | Reply
>> To Sender
>> <agropper@healthurl.com?subject=Private:%20Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making>
>> | Reply To Group
>> <technical-discuss@lists.openwallet.foundation?subject=Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making>
>> | Mute This Topic
>> <https://lists.openwallet.foundation/mt/102067342/7178795> | New Topic
>> <https://lists.openwallet.foundation/g/technical-discuss/post>
>> Your Subscription
>> <https://lists.openwallet.foundation/g/technical-discuss/editsub/7178795>
>> | Contact Group Owner
>> <technical-discuss+owner@lists.openwallet.foundation> | Unsubscribe
>> <https://lists.openwallet.foundation/g/technical-discuss/unsub> [
>> andrewhughes@pingidentity.com]
>> _._,_._,_
>>
>>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
Received on Friday, 20 October 2023 01:53:47 UTC