Re: [technical-discuss] Civil Society Response to TSA mDL Rule Making

Criticism of ISO is not a personal attack it is a criticism of an archaic
system that is inappropriate in a modern connected and digital world.

I’m sorry if you take personal offense to the SDO being described as closed
but that’s what it is.

The irony is that the SDO that purports to represent nation states which
should be the biggest advocates for transparency and open participation is
the one that meets behind closed doors sells its output at exorbitant
prices and aggressively enforces its copyright effectively making its
standards almost impossible to contribute to or even read.

In contrast a number of open SDOs where participants represent profit
driven commercial enterprises take input from nearly anyone, their meetings
are open and they make their standards freely available.

If the criticism stings maybe consider, as someone on the inside, what you
could be doing to change the system rather than defend it

On Fri, Oct 20, 2023 at 18:00 David Zeuthen via lists.openwallet.foundation
<zeuthen=google.com@lists.openwallet.foundation> wrote:

> Hi,
>
> +1 to what Andrew said from someone who's also working on that particular
> set of ISO groups. And, yes, we could spend bandwidth discussing the merits
> of various SDOs but, really, that's been all done before, they all have
> their flaws, and at the end of the day the comparison table might not even
> help the claim that ISO is the one where it's the most difficult to have
> your voice heard, just saying :-). I'm here because I want to work with
> everyone else who wants to make Digital Identity better for people on this
> planet, not discuss which SDO is my favorite because at the end of the day
> reaching this goal for sure will require participation in more than just
> one SDO.
>
> This is not to say that we shouldn't encourage SDOs to do better but let's
> not alienate people in a place that decidedly is SDO-neutral territory.
>
> Thanks,
> David
>
>
>
> On Thu, Oct 19, 2023 at 7:30 PM Andrew Hughes via
> lists.openwallet.foundation
> <andrewhughes=pingidentity.com@lists.openwallet.foundation> wrote:
>
>> Please stop calling ISO processes "closed" in ways that insinuate some
>> nefarious intent. Use a different word. Just because the way that
>> international standardization organization works is not to your liking does
>> not mean that it is inherently "bad". The particular ISO committee you
>> denigrate has gone out of its way to engage and accommodate other
>> communities, within the rules of the organization. We can always do better
>> for sure - but the language used in some of these communities does not
>> inspire a desire to work together. Please don't pick on us just because we
>> are trying to engage - there are other actually closed organizations that
>> have far more influence over you but you don't seem to bother them.
>>
>> Andrew Hughes
>> Director - Identity Standards
>> andrewhughes@pingidentity.com
>> Mobile/Signal: +1 250 888 9474 <(250)%20888-9474>
>>
>>
>>
>> On Thu, Oct 19, 2023 at 4:07 PM Adrian Gropper <agropper@healthurl.com>
>> wrote:
>>
>>> Here's my observation of shared goals independent of technical
>>> implementations:
>>>
>>>    - *We build on top of the VC standard rather than any closed data
>>>    models and processes.* That means we need to understand the
>>>    goals behind ISO mDL and decide whether we want to influence their closed
>>>    process or replace mDL with VC as data models? Which way will OWF consensus
>>>    go?
>>>    - *We build on protocols that put human VCs ahead of any non-human
>>>    applications.* Human VC issue and verification protocols have to
>>>    deal with biometrics either directly or indirectly. Supply chain and other
>>>    use-cases do not have any benefit or liability from biometrics. Almost none
>>>    of the CCG related protocol work has been based on this distinction and the
>>>    perception that we're barcoding or chipping humans needs to be dealt with
>>>    sooner or later. Adding privacy features and principles to standards that
>>>    apply to both people and things may not be an optimal strategy. If OWF does
>>>    not develop protocols, then where will the open human rights based
>>>    standards come from?
>>>    - *We recognize that choosing among dozens of VCs, making selections
>>>    for selective disclosure on some of them, and often using another
>>>    credential for payment is a burden to the person.* Given what we
>>>    know about human propensity for convenience over privacy, how likely is it
>>>    that platforms will evolve to "help" us with these decisions along with
>>>    surveillance and lock-in? Does OWF have a consensus on how to prevent
>>>    platform dominance by recognizing the freedom to choose our helpful agents
>>>    and representatives as a Universal Human Right, not just an option?
>>>    - *We deal explicitly with the reality that DHS border guards, law
>>>    enforcement, and maybe the TSA will reserve and routinely exercise their
>>>    right to "call home" and to verify witnessed biometrics no matter what
>>>    privacy principles we build into the open wallet protocols. *The
>>>    argument that allowing any uses of VCs that call home opens the door for
>>>    this abuse outside of government use-cases is valid. Nonetheless, does OWF
>>>    have consensus on how to ensure that calling home can be regulated or
>>>    technically prevented by design vs. just hoping that non-government
>>>    verifiers will do the right thing just because they can?
>>>
>>> These four specific categories of potential consensus are more or less
>>> independent. By cross-posting them with the CCG protocol and OWF
>>> demonstration discussion groups, I'm hoping to discover a forum for seeking
>>> the consensus.
>>>
>>> Adrian
>>>
>>>
>>>
>>>
>>> On Thu, Oct 19, 2023 at 4:03 PM Daniel Goldscheider
>>> <daniel@openwallet.foundation> wrote:
>>>
>>>> Point well taken.
>>>>
>>>> In my mind, they should know that we value their perspective and want
>>>> to speak with them. If they lack time or interest to talk to us that’s
>>>> their prerogative of course.
>>>>
>>>> Technical standards and solutions come and go. I think it’s useful to
>>>> agree on shared goals that are independent of technical implementations to
>>>> have consensus on what we want to achieve before discussing how to get
>>>> there.
>>>>
>>>> All the best,
>>>> Daniel
>>>>
>>>>
>>>>
>>>> On 19 Oct 2023, at 12:53, Adrian Gropper <agropper@healthurl.com>
>>>> wrote:
>>>>
>>>> 
>>>> Hi Daniel,
>>>>
>>>> These four groups are not staffed to participate directly in the kind
>>>> of work being done in our digital  ID communities. As a result, they are
>>>> almost exclusively reactive, and negative. I myself, am not paid, have
>>>> never been paid, for working on DIDs and VCs since the beginning. Even so,
>>>> or maybe because I don't represent a commercial interest, my perspective
>>>> has been mostly ignored or treated as an annoyance by CCG-related
>>>> workgroups.
>>>>
>>>> I don't know if OWF will be different. Getting ahead of the adoption
>>>> issue should be the highest priority of OWF and I still don't see an open
>>>> discussion of who will do that work and how. Interoperability and privacy
>>>> "principles" are not enough.
>>>>
>>>> Adrian
>>>>
>>>> On Thu, Oct 19, 2023 at 3:36 PM Daniel Goldscheider
>>>> <daniel@openwallet.foundation> wrote:
>>>>
>>>>> Hi Adrian,
>>>>>
>>>>> I had already reached out to EFF and ACLU before this came out and
>>>>> completely agree with you.
>>>>>
>>>>> We should do try to engage with all 4. Ideally I’d love to get to
>>>>> their support for open interoperable wallets and explore if we can agree on
>>>>> privacy principles as well.
>>>>>
>>>>> Would you be willing to talk to EPIC and suggest a conversation?
>>>>>
>>>>> All the best,
>>>>> Daniel
>>>>>
>>>>>
>>>>>
>>>>> On 19 Oct 2023, at 12:20, Adrian Gropper <agropper@healthurl.com>
>>>>> wrote:
>>>>>
>>>>> 
>>>>> Thanks, Kaliya!
>>>>>
>>>>> The comment also mentions Open Wallet Foundation so I'm cross-posting.
>>>>>
>>>>> I have worked with all four of the signing organizations over the
>>>>> years and am on the EPIC Advisory Board. It would be useful, maybe
>>>>> essential, to consider their concerns and get ahead of the next round of
>>>>> mandates and adoption issues.
>>>>>
>>>>> Adrian
>>>>>
>>>>> On Thu, Oct 19, 2023 at 1:12 PM Kaliya Identity Woman <
>>>>> kaliya@identitywoman.net> wrote:
>>>>>
>>>>>> Hi Folks,
>>>>>>
>>>>>>  This was just shared with me and I wanted the list to see it.  The
>>>>>> ACLU, EFF, Center for Democracy and Technology, and EPIC (Electronic
>>>>>> Privacy Information Center) collaborated on a response to the proposed
>>>>>> rule-making by TSA re: mDL.
>>>>>>
>>>>>>
>>>>>> https://www.eff.org/document/10-16-2023-aclu-eff-epic-comments-re-tsa-nprm-mdls
>>>>>>
>>>>>> They mention Verifiable Credentials several times and urge the TSA to
>>>>>> slow down to ensure the best most privacy enhancing options can be chosen
>>>>>> as things continue to mature rather then rush forward.
>>>>>>
>>>>>>  It shows that engaging with and educating civil society groups who
>>>>>> are interested and tracking technology developments is a good thing.
>>>>>>
>>>>>>  - Kaliya
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>> *CONFIDENTIALITY NOTICE: This email may contain confidential and
>> privileged material for the sole use of the intended recipient(s). Any
>> review, use, distribution or disclosure by others is strictly prohibited.
>> If you have received this communication in error, please notify the sender
>> immediately by e-mail and delete the message and any file attachments from
>> your computer. Thank you.*
>>
>>
>
> --
>
> David Zeuthen |  zeuthen@google.com |
>  Google
> | Android Hardware-Backed Security
> _._,_._,_
> ------------------------------
> Links:
>
> You receive all messages sent to this group.
>
> View/Reply Online (#197)
> <https://lists.openwallet.foundation/g/technical-discuss/message/197> | Reply
> To Sender
> <zeuthen@google.com?subject=Private:%20Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making>
> | Reply To Group
> <technical-discuss@lists.openwallet.foundation?subject=Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making>
> | Mute This Topic
> <https://lists.openwallet.foundation/mt/102067342/7178072> | New Topic
> <https://lists.openwallet.foundation/g/technical-discuss/post>
>
> Your Subscription
> <https://lists.openwallet.foundation/g/technical-discuss/editsub/7178072>
> | Contact Group Owner
> <technical-discuss+owner@lists.openwallet.foundation> | Unsubscribe
> <https://lists.openwallet.foundation/g/technical-discuss/unsub> [
> adrian@fynbos.dev]
> _._,_._,_
>
>

Received on Friday, 20 October 2023 17:02:18 UTC