- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 15 Jan 2025 17:48:31 +0000
- To: public-credentials@w3.org
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2025-01-14/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2025-01-14/audio.ogg A video recording is also available at: https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2025-01-14.mp4 ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2025-01-14 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Jan&period_year=2025&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Organizer: Harrison Tang, Kimberly Linson, Will Abramson Scribe: Our Robot Overlords Present: Harrison Tang, Daniel Buchner, Nis Jespersen , Erica Connell, Will Abramson, Kaliya Young, Mike Xu, Sharon Leu, Jennie M, Dmitri Zagidulin, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Gerald Glickman, Greg Bernstein, Manu Sporny, Jay Stanley(ACLU), Joe Andrieu, James Chartrand, Jeff O / HumanOS, PDL-ASU, Tim Bloomfield, Robert Long, Elissa, Brandi Delancey, Mahmoud Alkhraishi, Kayode Ezike, Anthony Camilleri, Colin Reynolds, Ed Design Lab <harrison_tang> @Jay, Do you want to test the audio a little bit? You are on mute <jay_stanley_(aclu)> Did you hear my test? <harrison_tang> Do you mind using Chrome? Jitsi might run into issues with other browsers <dkg> checking in from IRC directly ☺ Our Robot Overlords are scribing. Harrison_Tang: Welcome welcome everyone uh to uh this week's w3c ccg meeting uh so today we're very excited to have J and Daniel from ACLU to actually talk about HCL digital identity uh State Legislative recommendations uh at our meeting today uh but before we uh start the main agenda I just want to uh quickly go over some administrative stuff uh first of all just uh quick reminder on the code of ethics and professional conduct just want to make sure we have uh no constructive and respectful conversations. Harrison_Tang: Quick note on the intellectual property anyone can participate in these calls however all substantive contributions to the ccg work guidance must be members of the ccg with a full IPR agreement signed so if you have any questions regards to joining the w3c or the uh IPR agreement uh just let any of the cultures know. Harrison_Tang: Sound quick notes on the call so these meetings are automatically recorded and transcribed and that we will publish the meeting minutes the audio and video recording in the next uh day or 2. Harrison_Tang: We used to uh we use a GT chat to cue the speakers during the call so you can type in Q Plus to add yourself to the queue or cue minus to remove and you can uh type in Q question mark uh to see who's in the queue. Harrison_Tang: All right just want to take a moment for the introductions and re reintroduction so if you are new to the community or you haven't been active and want to re-engage just feel free to unmute you don't need to do that Q Plus Q minus thing just unmute and introduce yourself a little bit. Harrison_Tang: All right uh. Harrison_Tang: But at the end of the meeting like we got some time uh if you feel Brave uh you can just uh. Harrison_Tang: Reduce yourself at a later time. Harrison_Tang: All right uh announcements and reminders uh any announcements or reminders uh for the upcoming events on you please. Manu Sporny: Yeah just a quick reminder to everyone that the verifiable credentials 20 work is starting to wrap up so we we are feature-complete we are 9 months ago um we are now spec complete on 7 specifications that's verifiable credentials 20 data Integrity ecdsa eddsa um uh bitstring status list for privacy preserving uh status information for verifiable credentials VC hosie cozy and I know I'm missing uh 1 or 2 specs in there but it's a lot of specs and uh right now uh we are through all the tagged design reviews and privacy reviews and things like that we're still waiting on some Security reviews but once that's done we will uh push forward into uh the global standard uh vote for all these specifications we are expecting that to happen sometime in q1 2020. Manu Sporny: Um uh and then uh the more privacy preserving um uh uh data Integrity uh work around uh BBS and on linkable uh signatures and things like that will shortly follow uh thereafter um so that's just a heads up so if anyone wants to do a final read of the specifications now is definitely the time to do it we believe that we have addressed uh you know all things that were raised in public and in the working group um the other uh good news is that um the new cryptography for privacy preserving uh digital signatures uh the BBS work at ITF uh specifically uh the pseudonyms uh extensions and the blind BBS uh extensions were adopted there was a huge turnout so thank you very much for those of you that supported the adoption of that work um it will continue. Manu Sporny: To be. Manu Sporny: I don't know over the next 6 months or so they are already multiple implementations of it uh for verifiable credentials and um. Manu Sporny: We are looking for security reviews from the community we already have a number of uh uh cryptographers that focus on unlined digital signatures uh focused on that Security review um we hope that will be done probably by summer of this year so good good news uh there as well um that's it for the updates. Harrison_Tang: Thank you man. Kaliya Young: Of several um. Kaliya Young: We have um. Kaliya Young: The dead on conference Africa coming up in um. Kaliya Young: https://didunconf.africa/ Kaliya Young: The 18th to the 20th in Cape Town I'll put a link to that um. Kaliya Young: Have a digital unconference. Kaliya Young: https://diceurope.org/submitted-topics Kaliya Young: Digital identity on conference Europe or dice is having um like a kind of mini conference that's just 2 days in March focused on ecosystem development and growth because there's so much um activity happening in Europe in that realm I posted a link to actually the. Kaliya Young: The list. Kaliya Young: That folks have. Kaliya Young: https://internetidentityworkshop.com/ Kaliya Young: Suggested so far um iiw 40 oh my God we're getting old is coming up in April the um. Kaliya Young: Is to the 10th. Kaliya Young: https://fediforum.org/ Kaliya Young: And um finally um there's another um event that I've been working on with Johannes for a few years The fetty Forum is going to happen again our fifth 1 April 1st happening with like at protocol and. Kaliya Young: Um Mastadon so like it's sort of um we're not just about Macedon and activity Pub the event is really sort of the whole decentralized. Kaliya Young: Base um so if you are folks you know are in that realm please share that with them and invite them along and that's virtual it's um not and it's just online so. Kaliya Young: Um European and Us hours it's amenable to. Kaliya Young: Thanks very much. Harrison_Tang: Any other announcements or reminders. Kaliya Young: Announcements or reminder. Harrison_Tang: All right a quick preview of what's coming so next week uh we have Andrea uh to talk about the post-quantum cryptography PQ and pqt approaches and the week after that we have hadrien uh from solid and interrupt to talk about uh solid and decentralized data stores and then the week after that we'll have Drummond uh to talk about again uh Global acceptance Network. Harrison_Tang: All right last calls for announcements and reminders. Harrison_Tang: Updates on the work items. Harrison_Tang: Yeah we'll have the. Manu Sporny: Yeah so with the with the kind of global standardization of the verifiable credential 20 work um there are some things that uh some features we weren't able to get to standardizing and so those will come into play uh that includes render method which allows credential issuers to express how they would like their additional credential uh rendered their verifiable credential displayed to the individual and that includes rendering in visual form audio form and wireless form like NS NFC transmission um so that's the render method work is expected to to pick up so we are incubating that work in the ccg right now and we'll transition that to the working group um the other uh uh thing has to do with confidence method like how do you know the person standing in front of you is the person that the credential you know goes with um uh being able to selectively. Manu Sporny: Disclose that. Manu Sporny: Like a bleed. Manu Sporny: Disclose that stuff as well as like you know when they were issued the credential you know their driver's license was checked or something like that um so that uh people know what kind of you know binding happened at the time of credential issuance um uh and also allowing the individual to consent to the release of that uh mechanism or not uh depending on the use case um. Manu Sporny: So those those items uh we are working on trying to figure out how to you know transition that stuff we know Singapore government has done some work on on their own render method they've got their own um uh. Manu Sporny: Disclosure scheme for like um supply chain documents as well uh Calvin sent an email to the ccg about that so those those items are now under active development there's also work going on with diff around um standardizing some decentralized identifiers methods uh so that work will will be happening uh we are having a meeting tomorrow in diff uh on on that um joint work item between ccg and deaf uh that's it. Harrison_Tang: Thank you thanks man. Harrison_Tang: And we'll hold uh work item review and updates uh as well as uh open discussion uh sometime in March March 11th or 18th. Harrison_Tang: All right uh last calls for introductions reintroductions announcements and work items. Harrison_Tang: All right let's get to the main agenda so the you know last October uh I think manuh shared uh in Ka actually share a blog post from HCL you about their digital ID identity they recommendations. Harrison_Tang: It's very quite a bit of a great discussions uh I think there's like 20 comments or something like that in that thread and uh we were very excited to actually have the opportunity to invite J and Daniel here uh to talk about that so Jay and Daniel the 4 is yours. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Thank you Harrison um and thanks everybody for for um turning up and for the commentary that you've already had on the list um so Jay and I have been working uh along with other folks within the ACLU and folks outside the ACLU on a set of. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Uh that is guidance for um governments that are looking to push forward digital IDs as to what we think they should be asking for when they ask for it so I have a a slide deck here uh it's not a super deep slide deck um but it will hit on the points and I'm hoping to talk through them. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And I would invite those of you who have questions to um to chime in in the meantime I'm gonna go ahead and start sharing a screen here uh with this slides. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: So let's see can folks see these slides. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Okay great um so uh alright so our goal here is to just walk you through some of the legislative guidance that we have not because we think that you are legislators uh we understand that that is not what the ccg is um but because we actually think that the legislators need to be able to point to specific mechanisms um to make it to make things uh work out the way they want and so uh My Hope for this conversation is that we can help uh you figure out how to frame your specifications in such a way that legislators will want to adopt your specs because they meet the goals that we have at the ACLU. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: and just. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Uh frame setting here I know there's a lot of different ways people talk about these models um in this talk I will try to say holder issuer and verifier as the 3-party model I know that there are other terms that people use for this um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Setting up the the users thing between the holder and the and the verifier uh between the holder and the issuer is called provisioning I'm going to say presentation for holder and verifier um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Anyway I know that there are other other models like this is 1 that was recently published in nist among several actually published in this this document where we call the verifier the relying party and we call the. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Uh the certificate provider or something like that anyway I'm just going to stick with these with these um with holder issue or verifier for now but I want to acknowledge that there are other models including models that are more complex than this simple 3-party model um that are under consideration by legislators today um and I want to just focus in on the on some of the trade-offs that we're seeing between these different models. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um and also just of course both Jay and I work at the American civil liberties Union the ACLU is a over 100 year old um us civil liberties organization we focused here on American legislators because that's who we can really talk to but hopefully these goals are will translate to folks in other um jurisdictions um the types of values that we have are Freedom privacy transparency and this last 1 I sort of broke out separately I wanted to point out that the user is in control and what we don't want is we don't want devices that oblige the user to do things that they decide they don't want to do and we don't want those devices to be embedded in systems that oblige the users to do things that they don't want to do. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: um we. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Get all the way there but this is the this is the target what we're what we're aiming for. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: So yeah so and then of course again this is legislative guidance we are talking about these things to um people who make the laws and the regulations um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Those folks don't have the level of technical depth that you have even the ones who are best staffed don't have the level of technical depth that the folks in the ccg or other standards developers typically have um they're really working from uh a a very different perspective and so in the course of making these recommendations we have tried to tie what we think the legislators will ask for. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: through what. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: We think the mechanisms um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: That the that can be offered today from the technologies that are available today um or might be available in the near future and so hopefully this framing will encourage you to think about your work from that perspective. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Because we can all just like make arbitrary Tech and throw it out in the world but as soon as a government comes and says here's what here's what the options actually are that's going to change the game for everybody on the ground. Jay_Stanley(ACLU): And I would just add that I mean a lot of the motivation for us creating this document is a fear. Jay_Stanley(ACLU): That these mdls which don't really have uh a lot of the Privacy protections that are completely um you know or are nearing feasibility. Jay_Stanley(ACLU): Um are just going to become a standardized without be partly because nobody sort of in the legislature's understands the potential for privacy protection the importance of it and so forth and that the mdl is a sub-optimal mdl. Jay_Stanley(ACLU): will just. Jay_Stanley(ACLU): Steamroll all the efforts uh here among among among you all and and elsewhere around the world in creating sophisticated more sophisticated privacy protecting protecting IDs I mean the DMVs. Jay_Stanley(ACLU): The ability to put an ID and everybody's wallet. Jay_Stanley(ACLU): Um and that's an enormous power and and my fear is that we're seeing the states adopting and embracing without any thought these suboptimal IDs um and so this legislative document is an attempt to educate legislators um and to get them to to to put some of these requirements into the state laws that are enabling these things. Jay_Stanley(ACLU): And to force the larger Eco evolving ecosystem to uh adopt these Technologies. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um and and by the way this is happening like we see the state legislators who are just eager to look like we're on The Cutting Edge or I'm on The Cutting Edge check out my shiny new toys um and I'm I'm sure you all understand that the shiny new toys come with some sharp edges and we'd like to make sure that those. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Are not mandated. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: So 1 example of a specific thing that the ACLU has a pretty clear view on is if you are stopped by the police and they ask you for your ID they should not be able to just take your device from you to get the ID right if your ID is on a mobile device you could imagine a cop saying well give me your ID and your ID's on your device therefore give me your device and therefore I can go do whatever I want to with this device. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Uh the cops already think that it's okay to do uh what we would consider to be um over Broad and unjustified searches of digital devices and this would be you know this would be 1 example of a specific outcome of everybody moving their ID to a device that we think would be a disaster um in terms of civil liberties we don't think that the police should be able to do arbitrary searches on your device and we don't think they should even be consider able to consider asking to handle your device so as you think about the implementation and where they're going to run I know this group is focused on protocol level Network level stuff um but we really do encourage you to think about how is the user going to use their device to prove their credential in a situation like a traffic stop that does not involve turning their physical device over to the hands of an officer because if we can get the legislators to do this right they will mandate that the cops aren't even allowed to ask to hold your ID. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: You've made it so that oh well you know this system could be set up so that the cop doesn't have to hold the phone they just have to you know so the cop has to hold the phone briefly then that's that's going to limit what we can legislate um so we want to make sure that these systems are are accessible and available to the police without the police picking up the phone so this is 1 example of the kinds of things that we would. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Would like to stress right you can you can make a system that does that enables this and you can also make a system that um that that can't meet this requirement. Jay_Stanley(ACLU): And um our legislative recommendations are a mix of sort of technological requirements we have the East privacy protection Technologies um we the state legislature are going to insist that they actually be incorporated into a state digital driver's license um and also policy um just pure policy prescriptions and this would be an example Banning Police from you know doing so-called consent searches um of phones which is where the real abuse is because. Jay_Stanley(ACLU): um you know. <harrison_tang> <ACLU Digital ID State Legislative Recommendations> Jay_Stanley(ACLU): Search a phone normally without a warrant but if you can with that person's permission and um actually the nonprofit upturned did a great report on just how much abuse there is with the police saying hey do you mind if I look at something in your phone sir and the person gives their phone over and then the police disappear with it and copy the whole thing using broadly available forensic software. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Right so so you know the this guidance isn't necessarily all protocol level but the choice is made in the protocol can make this guidance possible or not. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: so we. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Really hope that that that's the that's the friend you can take these suggestions here. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um so you know some of the architectures not the not the the model with the user controlled wallet but some of these architectures involve a phoning home situation where somebody you could imagine someone sitting at the switchboard of the issuer who is merely collecting um logs of every single time any given ID is used um with any verifier right and that's a very intense map of of metadata about how the society Works um and it's even more intense as these credentials move on online right I mean do we want to have some Central issuer able to tell. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Who is um. <greg_bernstein> Or any "linkable" ar.tifact Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Uh you know who is presenting their ID at what sites you know you could build a very quick map of every religious minority every um sexual or gender minority every political dissident um you could you could do that pretty easily with a phoning home situation and so we want the legislators to be able to say it is not acceptable for these systems to phone home to the issuer um or really to we we want to discourage the creation of of sort of centralized databases like this but certainly the issue or tend to be the state should not get a view of every presentation and that comes into play in in not only in I mean you can design a system where there's a phone home every time and it doesn't work without that obviously verifiable credentials doesn't doesn't go in that direction. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Is it you know this is an example hopefully you can point towards these kinds of recommendations when you're advocating for your technology to say hey we are not doing anyone home. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: This interacts interestingly with revocation which I'll get to in a little bit. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Because many revocation systems also happen to have some kinds of privacy legation so there are some trade-offs there. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: We think those trade-offs are easy to make but not everyone is going to agree with them. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And we think there's a right answer there on how you do how you handle those kinds of Revenue. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um the second thing and this has already been somewhat discussed uh here I really appreciate the work on selective disclosure that's happened you know with within the verifiable credentials and with other mechanisms but we really want someone to be able to present only the information that's necessary um and not release everything else so this is the the photo here is. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: An example of me doing what ought to work when I'm you know in the process of going to the store to buy an age limited product like alcohol or cannabis or tobacco um but it's not actually what happens today in the physical world right in the physical world you have to give somebody your actual driver's license and if you try to give them your driver's license mask like this they'll look at you funny and you know you're going to hold up the whole line and then they'll be a fight and eventually be on the either walking out of the store showing them your driver's license we have the opportunity to do this with digital credentials and we want you know for every legislator that thinks they want to have the shiny new hotness and they want to be the 1 to advance the future we want those legislators to understand that we have opportunities with digital IDs that you don't. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: with a. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And that a digital ID should enable this kind of thing which is not currently enabled with a physical ID um and if they don't get that if they're just like we want it to be on the phone because phones are cool then we want to say you know you're doing this the wrong way selective disclosure is a classic simple example of that um if it's done right um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: So uh yeah I mean in this case actually this is the selective disclosure in the in the image here is is even more information. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Than what we really want to give I don't want to tell people you know that that's my birth year I just want them to know that I'm over the age limit um if that's what I'm showing my ID for and I certainly don't want them to see other things like my legal name or my address or my driver's license ID number. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: On top of selective disclosure we also want on linkability. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And um it's been a trick to try to describe this to uh legislative staff because it's not you know this distinction here is pretty subtle. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: What we want is we want someone so so also unlink can't work in every scenario right when the cops pull you over and they want to see your license they're not going to look for an unlink presentation um their goal is to find out whether you have any outstanding warrants and to link you to whatever your history is. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um and you know arguably when the bank is doing a credit card you know a credit check they also don't want to be they they're not going to accept an unlink presentation. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: so we can't. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Assume that any digital ID system like this will only provide unlink presentations because there will be scenarios where linkability is the point. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: That said this the image that's on the page here by the way is a a graph of the communications linkages between different participants in the American Revolution so for those of you who you know are fans of the American Revolution this is a this is a a metadata analysis based on linkability of long-term identities and their associations with other people to determine um who's a central uh central figure here you can see Paul River there in the middle. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um so we want to minimize the amount of linkability that's there we want to be able we want the legislators to be able to say you know here isn't a scenario where you can ask for someone's ID but you must only ask for unlink here. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um right so if I mean going back to the example of presenting your proof of age in order to buy an age gated product we don't want that presentation to permit linkability across multiple presentations. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Even if the name is obscured or occluded or the driver's license ID is obscured or included we don't want. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Anyone involved in the system including the issuer the state or the commercial companies that will provide verification services to be able to say aha the same person who presented this particular um ID to get cigarettes also presented the same ID to get uh alcohol down the street or cigarettes again every week right we that that liability is something that I'm sure that there are some surveillance economy companies would love to have but not something that we think um should be the default in the system that said there is some us there some user experience trickiness here how is the user supposed to know when they're in a linkable versus unlabel State um and I think there's a lot of open questions here about how we communicate these different properties to reinforce that idea that the user is in control. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: 1 definitely comes into play for the legislature um but it also you know when you think about the positions of cryptographic authority and any of these digital identities are going to have cryptographic mechanisms involved and there will be sources of cryptographic authority um that permit you to participate for example the verifiers might only accept credentials that are issued by the state. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: But what we don't want is we don't want to introduce any proprietary vendors as cryptographic authorities in the system that automatically get a vendor lock in um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: You know I I I chose this best viewed within an Explorer image here because hopefully it resonates with the w3c um what a disaster that was for the web when iie was the only um the only browser game in town I worry that we're sliding in that direction with chrome as well um I'm sure you guys have had that discussion here um but we really don't want that to happen with a digital ID system um and it's not just this only worked for people with iPhones but you know a 2-party ecosystem is still not open um I think it's important if we're talking about the user being in control that it's not about the user deciding whether to submit to Google's idea of what the user wants versus Apple's idea of what the user wants. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: What we really need is we need a system that permits the user to band together with other users and create their own digital ID that will slot into this ecosystem without any great hurdle. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um now most users are not going to do that um but having those extra possibilities those alternate ways of engaging with the system and actually having it work um even if the majority of users end up going with Google or Apple because that's the default um having an open ecosystem puts pressure on Google and apple to actually respect the desires of the users because the users can have an opportunity to switch um if there are no no lock-ins it's very easy to design an ecosystem like this that says the only possible vendors are Google and Apple today because those are the folks who create the handheld devices and if we just get them on board all is good that's in scare quotes I know my video camera is off um but I don't think that's sufficient um and I think we should push back hard on any legislative requirement that it's willing to accept uh a duopoly of middlemen I'm sure there may be people on this call who work for Google and apple I appreciate the work that you all do um and I appreciate uh the steps you've taken to different your differentiate yourselves from the. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Privacy perspective. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: But I still think that the ecosystem is healthier if we have more parties capable of being involved um without any major hurdles and I think that legislative guidance should be clear. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um that A system that only permits the major oligarchs to provide the tooling for the users is a system that's ripe for abuse. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um and shouldn't be acceptable legally. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: So this 1 going back to the the 3-party model here um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: A lot of the folks who are proposing these systems are thinking about digital ID systems from the perspective of being concerned about someone faking a digital ID right the worst thing The Story Goes they would happen to a digital ID system is if it could be used for fraud if I could pretend that I am Manu for example um then maybe I could do bad things in Minor's name and manner would get in trouble. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And so most of the technical effort that's put in been put in place on these systems is to ensure that the holder can't cheat. <manu_sporny> You're far too good looking to pass as me, DKG. :P Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And 1 of the problems with that frame is that it ignores the fact that the holders themselves have significant interests that may be in opposition to the verifiers in addition to in opposition to the issuers right the no phone home argument really says we want to push back against issuers getting some kind of uh unnecessary control but I want to highlight with this with this slide here that. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: How the verifiers are held to account are really pretty critical if someone asks you for your ID. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: even if. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: If you're in a situation where you expect your ID to be asked for you ought to be able to find out who's asking for my ID the ought to be able to know that you have some amount of control over the ID um request situation and the verifier needs to be able to be identified and held to account for their asks this is because we expect um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Verifiers to be abusive not every verifier but if you look at the way that the um system uh you know any any of the digital systems have evolved over the last 2 decades. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: You know I think you'd have to be pretty naive to imagine that everyone who asks for some ID is going to use it for entirely harmless purposes and so what we need is we need specific concrete protocol you know embedded in the protocol mechanisms to hold that that we can use to hold the verifier to account. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: if I. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: I get asked for an ID and I can't tell who's asking for the ID something's gone wrong there. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And when we asked legislators to think about how they set up digital ID systems we need to ask them. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: To create um accountability mechanisms for verifiers and that only works if the protocols make it clear who the verifiers are and what they're doing. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um so this is a this is a uh something that I think many systems you know have have sort of have bootstrapped in some sense at least for on the web a lot of systems have bootstrapped on the same origin model right well you know the browser knows which origin is asking for the ID and therefore that's okay I encourage you in your process of you know navigating the web yourself to note who's asking for what IDs when um and to think about how that all fits in to this bigger this bigger picture of verifier accountability um and I don't actually know enough about uh verifiable credentials I'd love to hear from any of y'all um if you have thoughts about things that that um VC does well in terms of verifier accountability or place you know gaps that where it could be improved um but I I think not enough people who designed these systems think about it from this perspective. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um I said I'd get back to the revocation question and here's here's uh this is my slide on thinking about revocation um for those of you who don't know this picture this is a picture from the book The commissar vanishes and it's an edited picture uh the picture used to so that's a Stalin there and he was walking with. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: A comrade of his and the comrade fell into disgrace and he was been erased from the picture as it was been uh retouched and republished later. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: We don't want the issuers to be able to reach into someone's wallet and pull out their driver's license. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: and we don't. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Want the equivalent thing to happen for any sort of digital ID now there are situations where an ID needs to be revoked and we you know we understand that uh but we have survived for a long time with ID revocations. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Not happening instantaneously and we think that that is something that we can survive with further. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: There's 2 main risks with replications with with prompt and immediate revocations. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Immediate revocations typically require um something like a phone home mechanism. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: A phone home mechanism as we said at the very beginning is is really something that we don't think is should be on the table you shouldn't be able to just um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: The the central issuer shouldn't be able to just know. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Who is using their ID with what verifier at any given time um so by by saying hey you know immediate revocation is not the priority um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: That's part of that is a push back against this um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Against this uh phone home mechanism the other reason though is that. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: The ability to remove someone's identity is a very strong ability. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: the more. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: That it's possible for an agency to do that the bigger risk that agency has in terms of in terms of exercising unchecked power right we don't know how to do that in a um in a way that is responsible and we don't think that it's a good idea to invest. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: our agent. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: With with that kind of power if someone applies for an idea they can't get it they're typically channels they can go through to. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: um to. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Can test it um but a prompt kill switch that would let uh person immediately become an unperson seems like not a good idea. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: So as you think about revocation in your systems. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: I recognized as someone who has designed cryptographic authentication systems the Temptation for wanting immediate revocation um I would encourage you to push back on that requirement a little bit it's okay if the verification takes a little bit of time and then there may be some things like presentations about someone's age. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um that simply don't make any sense to be revoked at all and it's okay to design a system if it's focusing on that use case that doesn't have verification I'm never going to become. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And then in this in this uh slide I've grouped together a set of things that I think are not directly bound to how the protocol works but are sort of meta protocol uh concerns and these may not be things that you're capable of doing directly in your uh ccg work. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: But I do think they should shape the way that you think about ccg work so that we can you can think about how it would fit into a legislative recommendation. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um the the first bullet point here is we're asking for a reporting requirement so before any system like this gets deployed we want it to be publicly discussed and uh there to be a comment period and all of that right we want we don't want any legislature to say put the system in place and we'll just use whatever you come up with we want there to be public review and discussion you should be used to this by at the w3c by now and I hope that you'll agree this is an important way to actually have a you know a system that you're going to depend on socially. Jay_Stanley(ACLU): And we've already uh seen that in Europe that the early implementation plans for implementing some of the you know ditch the European digital ID have fallen short of the legislators um requirements for the Privacy protecting uh features that it's supposed to contain um and it's only because of the feedback and the and the fact that there is such a review that those things can be fixed can easily see in a US state. Jay_Stanley(ACLU): Uh legislature requiring a certain protocol certain features um the implementer not addressing those properly and it just sailing into um into issuance with um with nobody able to do anything about it or complain or or have any effect before it's rolled out. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um secondly out this is again this is sort of outside of the um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Credentials but we we think that people should have a right to continue to not use digital credentials. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um for whatever reason your design uh your your implementation may not line up with everyone's um capacity values preferences whatever and we think that making a system that depends explicitly on the digital ID system is a bad idea um we need that opt out um frame in the same way that we need the opt out frame in terms of the open systems where you shouldn't have to submit to the you know 1 of 2 oligarchs you should be able to opt out of the digital ID system entirely where possible um and so we we want to encourage legislators to include a right to paper so to the extent that you're designing a protocol that says well everyone will be using this maybe think twice. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: About what the. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Other options might be um I realize that's incredibly difficult in an online presentation scenario and I don't exactly know how to handle that in online presentation scenario but at least think about cases where a system like this might be rolled out for an in-person scenario and you really want people to be able to go back to just holding on to their driver's license therapy piece of paper and having that work. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: If you can design your system such that someone can get paper or plastic or whatever credentials that they have in their on their person and use it to present in an online way whether that's a a stapled stack of tear off 1 used tickets that they type in or whatever some of us may have used those kind of 1-time password credentials uh 30 years ago um but if you can if you if your system can support that right to paper in an online presentation environment that's even better. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: You also support restrictions on demands for ID. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: we don't. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Think that it makes sense to roll out a government issue digital ID that just anyone can ask for willingly um the technological developments are such that this stuff it becomes easier not harder to present them as time goes on and if everybody has 1 the temptation to ask for it especially if it's easy to present it's going to be easy. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: It's going to be the Temptation is going to be strong. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um and the result will be a papers please scenario everywhere that you go. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Right um and we don't think again this goes back to that phone home question we don't think that building those Central linkable databases um is a good idea and so our legislative guidance asks specifically for a restrictions on on when you can when you're allowed to ask for ID and this ties back into the questions about how is the user supposed to know when these restrictions are being violated what can the protocol do. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Court restriction on when IDs can be asked for. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: If you haven't thought about those questions in in detail if you haven't thought about how could this system how could we make sure that this system um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Makes it easy for people to challenge an illegitimate demand for ID. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Then I think maybe that's worth um doing a little bit of thinking and research on. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: In addition to restricting when you can ask for ID we want to be able to say we want to that that you know when ID when information data is generated by the system to the extent that it's not you know completely anonymized and unlabel there will always be some presentation opportunities for some data to be produced by the system and held by various parties that are in Play We want there to be restrictions on the data use now I recognize that once someone has data you can't actually stop them from doing anything with it that's just not how the universe really works um but we can say that this is something they should not do and we can create punishments or penalties for misusing the data and so think about when you're building these systems or when you're designing them how you would support these restrictions on data use um for the data that is generated by these systems. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Finally the questions about you know what are the consequences of breaking some of these violations you know if we designed the protocol right there will be things that people simply can't do right I mean if you actually have an unlined disclosure then we don't need a regulation or enforcement to keep people from doing stuff with that but there are other parts that that are going to that we don't won't have a technical answer for and those need enforcement. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: This goes back to sort of my my question earlier about verifier accountability but also issuer accountability you know what are the means that we would have available in order to push back on the abuses um that might come from a system like this so if the protocol can provide any additional support for attempts at enforcement if it should create logs it could be used in a lawsuit say a private right of action lawsuit where I say hey this verifier seems to be gathering more data about me than is allowed um I would like it if my tooling were capable of identifying some situations like that and alerting me to it um just the fact that there is enforcement possibility some sort of teeth um that people could use would I think discourage people from abusive misuse of these systems. Jay_Stanley(ACLU): I would just punctuate the point about restrictions on demands for ID I think that is a really crucial piece here and it's it's purely legislative not a technological solution but any digital identity no matter how privacy protective it is. Jay_Stanley(ACLU): Opens up the possibility that it becomes a super cookie um and and and that um we see demands from all kinds of parties at every turn to prove your identity potentially in um you know in ways that are not um you know minimum minimized that that include your full identity um from every website you want to visit because they want to they want to Market to you they want to make sure you're over 13s they can Market to you they want to do forensics in case you later or hack them they want to make sure you haven't previously been kicked off the site um and you know you go to cats.com and they're saying press here to send us your fully DMV vetted cryptographically secure digital identity that you won't be able to ever escape um so. Jay_Stanley(ACLU): uh I. Jay_Stanley(ACLU): Just want to plug. Jay_Stanley(ACLU): That's for us that's a really key piece of the puzzle here. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And so so I mean I think the takeaway from from all of these recommendations to to Yas protocol developers and designers um is to make these recommendations possible or don't make the system right we want to make sure that when these different parties get involved in communicating with each other um about digital IDs that what we aren't creating is this like overarching sort of surveillance State um inescapable surveillance State because people are not going to get multiple ideas it's very hard to to maintain multiple identities and this context collapse. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: um that's happen. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: You know repeatedly is something that's really been harmful to people and harmful to the way that our society is capable of evolving. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: so we will. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Want to ask as protocol developers you know that you think about what kind of legislative guidance and um we we're giving here and make sure that your the protocols that you work on can meet some of these goals um in fact we wanted to meet all of these goals right um and if it doesn't meet these goals maybe these systems aren't such a good idea. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: You know to the extent that your building systems that meet these goals we would love to be able to talk more specifically about them we'd love to hear more from you about you know your prospective on on how we meet these goals or if you think some of these goals are are implausible we'd like to hear that too um but we really want to make sure that that that you know this is the trade-off right the society wants to jump into this because there's a lot of money pushing on it. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: But it may. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: May not be a good idea we've seen things that have a lot of money writing on them turn out to not be such a great idea um anyway and so we want to figure out how we can make these things a little bit safer. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: um so. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: That as you're building your systems you'll make these goals possible so that we give something that the legislators can can tie their demands to. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: So I would love we've got about 10 minutes left in the hour um I'd love to hear questions or feedback now but also this is um our email addresses you're welcome to mail me or J um anytime we we're we're both interested in this deeply um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Yeah uh I'd love to hear folks have questions or comments. Harrison_Tang: Thank you Daniel thank you Jay Manu please. <joe_andrieu> could we get the emails echoed here in chat? Manu Sporny: Uh yeah uh uh um Dan J this was a fantastic thank you very much for the the presentation and um uh I I would say that you know the the work that we're doing in the verifiable credential working group at w3c is highly highly aligned with uh. Manu Sporny: I think. <daniel_kahn_gillmor_(dkg)_[aclu]_[he_or_they]> dkg@aclu.org and jstanley@aclu.org <joe_andrieu> thanks! Manu Sporny: Every single 1 of the points that you have made today um so much so that I think we can draw a direct line from uh you know ACLU requirements or suggestions to technologies that we have standardized or um uh are standardizing to achieve those things so I really appreciate the amount of thought that um ACLU has has put into this um there is a tremendous amount of alignment at at you know w3c I think over over those recommendations um I'll also note that you know 1 of the. Manu Sporny: Biggest threats right now um I think is uh that there are a number of vendors out there that are really stretching the truth around what some of these Technologies do or don't do um in some cases you know we've been in meetings where you're kind of like that is absolutely not true uh you know that technology is a tracking technology uh and it is being suggested by you know a big Tech vendors or you know people with state or federal contracts that um it couldn't possibly be true because it has been ratified by. Manu Sporny: You know Global standards body so I I think 1 of the big dangers here is that the legislators are getting a lot of misinformation from vendors that have an incentive to sell this technology um uh into. Manu Sporny: Uh the state and federal governments um uh. Manu Sporny: Or not hearing other perspectives um so I I you know when that ACLU paper came out I definitely took it and sent it to all the legislators and you know State officials and federal officials I could I could fine but the feedback was well you know this is you know a small handful of of people um going against what seems to be uh nist guidance and ISO guidance and and things of that nature so I I think that's 1 of the biggest biggest problems here is that um you know these legislators are not uh they're still not hearing it or if they hear it they go and they check with their vendors and their vendors are like no there's no problem here to deploying ml right um. Manu Sporny: Uh the other thing I think that's also kind of a a problem here is that um. <tallted_//_ted_thibodeau_(he/him)_(openlinksw.com)> Seems like more axes for the Rubric... Manu Sporny: Some of this technology like the the prices the unlabel Privacy preserving stuff um that a number of us um are working on so we've got Craig Bernstein here who's been working on the BBS on linkability stuff and ITF um because it is not a standard you know the argument from that some federal and some State um uh uh officials are like well if the technology existed we can deploy it into production but it's not ready yet right so we are actively working on this technology but then we have big vendors actively slowing down the standardization work so that we can't get it done so that we can get it in the market so um we we've run you know we're kind of rounding the rounding the bend on that I think we've we're in way better shape today than we were like 8 years ago but it's taking a long time again because. Manu Sporny: You know. Manu Sporny: ERS that are telling you things that are agencies. Manu Sporny: Wrong thing um. <tallted_//_ted_thibodeau_(he/him)_(openlinksw.com)> Including some revamping of the Rubric, such that it more clearly applies to the VC arena as well as the DID arena. Manu Sporny: So I'll I'll stop there I I think you know 1 1 of the 1 of the things I would like to see is you know closer collaboration between ACLU and the and the w3c working groups to draw a direct line from what ACLU is suggesting to its technical feasibility I know we can't do anything from a legislation perspective but that we can absolutely say look there there is a technical solution to this in many cases it is Deployable or has been deployed in production and you as legislators or decision makers at the state and federal uh need to look into you know what's what's happening there um so so I'm I'm wondering how we do that kind of Engagement a kind of as an as an open question. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Thanks man I just wanted to flag a couple of things my experience has been that the iso and nist guidance is typically not actually guidance it's more like someone painted a map. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And so it's very easy for a vendor to say hey we fit on we're on the map. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: and we're. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: What we're advocating for here is there are parts of the map where you do not want to go. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Right I mean niston ISO will lay out a standard and say you have option A and option b and option C and option D and they'll be like where see we're on the map and we're we're saying is options b c and d are not acceptable. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Like you know the iso standard specifically has a phone home scenario outlined as 1 of the options for how you can build it we think that's a terrible idea. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Um and so you know I think we need to think about how we message folks who are in decision-making positions um to think to see you know hey you know these maps are not statements of values and if you're just saying we are on the map that's not enough. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: So Greg I see your hand raised or I'm not sure what the queue is here sorry. Harrison_Tang: Yeah great you're next. Greg Bernstein: Oh I I was um gonna bring up the fact that. Greg Bernstein: Phoning home and linkable. Greg Bernstein: Artifacts in a credential are kind of very similar and so for yes there are uses where we do have to have the identifiability to linkability but for so many where we don't. Greg Bernstein: We really need those full cryptographic schemes that can provide it and. Greg Bernstein: Exists they've been around for 20 years I you know they've been proven we are pushing them to be standardized and get extra features uh but they're not. Greg Bernstein: They're not you know they're not something new fangled it's just. Greg Bernstein: We never had enough push to get them into some situations they're already supported in some other places um so. Greg Bernstein: The phone home and linkability are are very similar in any cryptographic artifacts or when I see. <daniel_kahn_gillmor_(dkg)_[aclu]_[he_or_they]> i really appreciate the standardization work. i do that myself in other contexts, and i'm aware of how much ongoing work is needed to make that happen. Greg Bernstein: Some of these schemes and I see a deterministic signature it's like okay that's allows correlation and once you have that and you have some collusion between the verifier and the issuer then you're being tracked all over right they have you. Greg Bernstein: We can do better and there's post-quantum stuff coming to help so they can't there's no reason to use these excuses that 1 we can't do it now and we can't do it in the future because we do have the technology and if you have questions there's a you know we've been working with the folks in Europe the cryptographers there who kind of through uh cold water on the Udi stuff because of that and their feedback saying hey know we can do this better so. <daniel_kahn_gillmor_(dkg)_[aclu]_[he_or_they]> it's also OK to say "if you can't do it now, then we should wait on rolling these things out". getting locked into suboptimal things isn't a great move. Greg Bernstein: Hot but as you said not every case calls for it right you know you need linkability but a lot of cases you do not. Greg Bernstein: Happy to help any place anytime you want have a question. Harrison_Tang: Cool by the way um we only have uh we we'll go about 3 minutes over and we have 2 more questions so Brandy please. <daniel_kahn_gillmor_(dkg)_[aclu]_[he_or_they]> i can stick around afterward if folks want to talk more Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: That's a great question um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: I I don't know that A legislature can say simply it must be an open system um but I think they can put some constraints on the agencies that would run the system. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Say for example you know um. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Uh you must design a system that anyone can Implement and participate in. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Like that um. <manu_sporny> Great stuff DKG and Jay -- thank you for taking the time to share the ACLU work, really appreciate it! Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: And there should be there needs to be a hook I don't know exactly how you frame it this way but there needs to be a hook where someone can say to say. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Issuing agency I you know I've got a system that needs to do provisioning and you're and you're not letting me write some there needs to be a provision that that would be an obvious violation of that. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: You're not letting me provision my device. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Even though I should be able to like I made my device myself why can't I provision it or in talking to verifiers hey I'm trying to interact with verifiers J I don't know if you have ideas about how we put that in terms of legislative language. Jay_Stanley(ACLU): Well the language we use in the paper is that um you know a digital. Jay_Stanley(ACLU): Digital ID shall adhere to open standards for wallets and the processes of provisioning and presentation. Jay_Stanley(ACLU): And those shall not be restricted by patents or other IP um and as a practical matter allow any compliant entity to create a wallet in which holders May store their digital driver's licenses and then an individual should have a right to carry a digital ID in any wallet of their choice that complies with widely accepted standards for security um and so that's as far as we go um. Jay_Stanley(ACLU): Uh in the hope that that would be enough to create room for um wallet creators besides the duopoly. Harrison_Tang: All right last question Phil. Robert Long: Thank you and great presentation very very thoughtful um this is a just a quick. Robert Long: Of the community I think 1 of the challenges that we face is that there is an awful lot of tracking going on there's obviously Arguments for the various vendors and such associated with wanting to see how there is credentials are used and in what context of and usually in the in the context of how can we improve them make them better and more useful Etc but that very process is the challenge of linkability and unlink and um and so the question that is out there I think we have an address carefully is how do you scale consent so that individuals have the right to not be tracked and yet if they wish to allow their data to be seen for a particular instance for a particular purpose it can be done so in a way that the various people that claim to need that data for their analysis and their prediction models and things don't simply lose it um and that's 1 of the big fears that people have in the current environment so that's my my my qu the request of the community thanks. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Phil that's really interesting it sounds to me like you're talking about telemetry. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Measurements as a as a driver for non a driver for relink ability. Robert Long: Exactly thank you. Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Go ahead J. <dmitri_zagidulin> +1, Telemetry is really tricky for our community <phillip_long> It is and I don't know if it can be done. But it feels unexplored in our community for W3C VC exchanges. Jay_Stanley(ACLU): I mean again this gets back to that key legislative requirement you know if there has to be room which their does for a person to you know actually identify themselves fully um and you just leave it to the open ecosystem then people in No Matter What technological ability you have to um limit the data that you share to you know um to authentication set of identification or what have you in the real world bunch of entities have a lot of um you know external power to force you to fully identify yourself and to share all the data even if it's not necessarily for the transaction and and and that people will be subject to that power and um so the Privacy protections even if they are in these IDs will go follow because nobody has the choice to use them um and I I guess I see this as like if you look at the history of encryption there was always a arms race between those who encrypted and those who broke encryption throughout all of history that arms race was sort of ended with um you know uh with with. Jay_Stanley(ACLU): with advanced. <daniel_kahn_gillmor_(dkg)_[aclu]_[he_or_they]> i'm generally pretty skeptical about the value of telemetry in the first place, but i know i'm in the minority on that ☹ Jay_Stanley(ACLU): And here there's been an arms race between those who want to track people and those who who don't want to be tracked are arms race going back you know through the advertising ecosystems of the past decades and and and in the 20th century um and so forth and in a similar way a digital identity that is cryptographically secured has the potential to sort of end that arms race decisively in favor of those who want to track um and that is the um the big threat here and and why it's so crucial that we don't uh end up stuck in a sub-optimal uh identity standard as threatens to be become the reality. Harrison_Tang: Cool thank you thank you Jay thank you Daniel of great presentation and great discussion. <phillip_long> I'm not supportive of telemetry as the only approach to follow. But I'm not informed enough about alternatives Harrison_Tang: All right uh so that if you have further questions uh feel free to just reach out to uh Jay and Daniel directly again thanks thank you guys uh for taking the time to hop on here and a great discussion and the conversation so this concludes today's ccg meeting. Harrison_Tang: We'll see you next week. <przemek_praszczalek_(ma)> thank you! Daniel_Kahn_Gillmor_(dkg)_[ACLU]_[he_or_they]: Thanks everyone for joining and for the comments and and uh we'd love to hear your feedback. Jay_Stanley(ACLU): Yes definitely thank you so much.
Received on Wednesday, 15 January 2025 17:48:40 UTC