Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

Uncategorized

Media Mention: MIT Technology Review

By

I was quoted in the article in MIT Technology Review on April 6, 2022, “Deception, exploited workers, and cash handouts: How Worldcoin recruited its first half a million test users.”

Worldcoin, a startup built on a promise of a fairly-distributed, cryptocurrency-based universal basic income, is building a biometric database by collecting data from the financially disadvantaged in the developing nations, in exchange for cash incentives.

Below is the paragraph which I am quoted in, with regards to Worldcoin’s business.

Others remain unconvinced that Worldcoin can actually reach everyone in the world—and instead, serves as a distraction from ongoing work to create new identity paradigms. Identity expert Kaliya Young, while declining to comment on Worldcoin specifically, says that “it’s common for companies to claim that ‘if everyone in the world was in our system, everything would be fine.’ Newsflash: everybody is not going to be in your system, so let’s move on and talk about how we solve problems” in online identity.

You can read the entire article by following this link, https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/

Event Series: Making the Augmented Social Network Vision a Reality

By

This series began in November with Logging Off Facebook: What Comes Next?

The 2nd event will be March 4th online

Naming the Harms of Web 1 & 2.0

Both events are going to be Open Space Technology for three sessions. We will co-create the agenda the opening hour.

The 3rd Event will be April 1 online.

Mitigating Harms in Web3

Building on the previous one we will consider how to mitigate harms as we enter into Web 3.

Why we need DIDComm

By

This is the text of an email I got today from a company that i had a contract with last year. It is really really really annoying the whole process of sending secure communications and documents.
Once I finished reading it – I was reminded quite strongly why we need DIDComm as a protocol to enable the secure transport of all sorts of things not just signed VCs but intermediate uses – just PDF based things that have important information.


Greetings from Tax1099.com !
Your 1099-NEC was submitted by COMPANY X for 2021.
 
Instructions for opening the form:

Click on the attachment provided with this email. You will be prompted for your password, which is 8 characters. Please enter the first 4 letters of the name listed after the word ‘Dear…’ at the beginning of this email, all lowercase, and the last 4 digits of the tax ID (either SSN/EIN or ITIN).
For example:1. If your name appears on the form as Mary May with an SSN of 711223456, then the password would be mary3456 (first 4 characters of your Full Name / Business Name + last 4 digits of your SSN/ITIN number).

2. If your business name appears on the form as A & D with ITIN as 012847934, then the password would be ad7934 (first 2 characters without spaces and special characters of your organization name + last 4 digits of your ITIN/EIN number). 

3. If your business name appears on the form as Mary May PLLC with ITIN as 012847934, then the password would be mary7934 (first 4 characters of your organization name + last 4 digits of your ITIN/EIN number).

4. If your name appears on the form as Al & D with ITIN as 517223355, then the password would be ald3355 (first 3 characters (ignore special characters and spaces) of your Full Name / Business Name since the Full Name / Business Name is shorter than 4 characters + last 4 digits of your SSN/ITIN number).

5. If your name appears on the form as Mary May without an SSN/ITIN number, then the password would be mary (first 4 characters of your Full Name / Business Name).

6. If your name appears on the form as Al & D without SSN/ITIN number, then the password would be ald (first 3 characters (ignore special characters and spaces) of your Full Name / Business Name since the Full Name / Business Name is shorter than 4 characters).

7. If your name or business name appears on the form as My Test with TIN as 012847934, then the password would be myte7934 (first 4 characters of your name or organization name + last 4 digits of your TIN/EIN/SSN number).
If you encounter any problem in opening your eForm, please check whether:1.You have entered the first 4 characters of your name/organization name (in lowercase letters).

2.You have entered the last 4 digits of your SSN/ITIN/EIN number.

Joining Secure Justice Advisory Board

By

I am pleased to share that I have joined the Secure Justice Advisory board. I have known Brian Hofer since he was one of the leaders within Oakland Privacy that successfully resisted the Domain Awareness Center for Oakland.

I wrote a guest blog post about a philosophy of activism and theory of change called Engaging with Industry that I share with Brian.

He has agreed to join the Advisory board for the next Thoughtful Biometrics Workshop that I am organizing for 2022.

COVID & Travel Resources for Phocuswright

By

I’m speaking today at the Phocuswright conference and this post is sharing key resources for folks who are watching/attending who want to get engaged with our work.

The Covid Credentials Initiative where I am the Ecosystems Director is the place to start. We have a vibrant global learning community striving to solve challenge of common standards for covid credentials and health passes.

We have a Travel Summit Dec 1 & 2

As more and more governments adopt major COVID certificate standards to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences. 

Our community has been working within Linux Foundation Public Health (LFPH) to support the implementers of COVID credential solutions with a particular focus on facilitating interoperability among technology standards while preserving the privacy of individual data. At this critical juncture of global reopening, LFPH and Affinidi, a leading player in the space, are bringing key actors from the travel industry and technology vendors who are serving the travel industry together, to share and discuss:

  • What technology solutions are in use to issue, process, manage and verify COVID certificates along the journey for international travelers, from before they leave home to their arrival at the hotel at their destination
  • How they navigate and implement the complicated health policies and travel rules
  • What the key challenges they are facing to provide a safe and smooth travel experience, including major technology and policy gaps that the LFPH/CCI community can help address

The agenda and speakers will be announced soon. Grab your seat today!

APAC Edition Dec 1

EU/US Edition Dec 2

We collaborated with Good Health Pass Collaborative on developing the Good Health Pass Interoperability Blueprint within the Trust over IP Foundation.

We at CCI are keen to continue this work and get travel happening together and welcome more active participation from the travel industry. Please join us!

There is also the Travel and Hospitality Special Interest Group at the Decentralized Identity Foundation it was this group that inspired and started work within the Trust over IP working group to develop a hospitality addendum.

Podcast: Identikit with Michelle Dennedy

By

Click on the Image to get to the podcast

For the opening episode of ‘Identikit Sequent X’, Michelle Dennedy welcomes Kaliya Young, also known as The Identity Woman, to Smarter Markets for our latest series examining the evolution of digital identity, and how self-sovereign identity, specifically, can advance a consent-based economy.

Kaliya is one of the world’s leading experts in self-sovereign identity and identity on the blockchain. She is the co-author of ‘A Comprehensive Guide to Self-Sovereign Identity’ and is widely known as The Identity Woman; also the name of her blog and twitter handle. Ms. Young has committed her life to the development of an open standards-based internet layer that empowers and enables the people and was named one of the most influential women in tech by Fast Company Magazine.

Navigating Digital Identity in Political Economies RxC Talk.

By

We had a great conversation about digital identity in Political Economies and specifically a paper with a proposal by Bryan Ford.

Life on Intersections: Digital Identity in Political Economies

Most digital identity systems are centralized (e.g., in big government or technology organizations) or individualistic (e.g., in most blockchain projects). However, being in the world is fundamentally social and intersectional — we are all part of networks. So how might we formalize digital identity in a way that better reflects this complex reality? This panel with leading social technology and computer researchers explores more robust digital identity approaches and potential application areas in political economies.

Special Topic IIW 1/2 Day Virtual Events – UX July 22nd and Business Aug 4th

By

I’m super excited to announce that we have two different special topic IIWs coming up. If you interest or practice focuses on either of these we invite you to join us!!!

User-Experience and SSI is coming up Thursday July 22nd.

The Business of SSI is coming up Thursday August 4th.

From the EventBrite about the UX event

This IIW Special Topic event creates the space for User Experience Professionals, Product Managers, Interface Designers, and those in related roles working on decentralized identity or self-sovereign identity applications and tools to discuss, share and collaborate together.

We know there is a lot happening in the industry and we know that just as important to the success of the technology as the “tech stack” is the human experience while using applications built on it. This half day event is an opportunity for those focused on UX to dive deeply into this side of things.

From the EventBrite about the Business of SSI event

This IIW Spceial Topic event is for CEOs, Founders, Business Development leads, anyone who cares about the Business of SSI . It provides the space for you to discuss, share and collaborate together.

The Internet Identity Workshop has been bringing together innovators in the field of Identity focused around the individual since 2005. While open standards are essential to open digital identity systems, as important to getting adoption are viable business models and products that solve real world pain points for customers. This half day event is an opportunity for those focused the Business of SSI to dive deeply into this side of things.

Fake Students

By

It became clear to me again today why we here in California need Verifiable Credentials. I teach in a CCC – a California Community College. This summer I have a class and right now is the “census deadline” to drop students who haven’t been attending class.

Below is the note we were sent regarding fraudulent student applications.

Dear Faculty teaching summer 2021 courses, Fraudulent CCC Apply applications may have impacted the enrollment of your class. If so, these would be “students” that you were likely preparing to DROP with Census for no show. It is even that much more important that you COMPLETE YOUR Census ON Time. If you are not sure if any student is from a fraudulent application, you can look at your student roster. If there is a student with no phone number listed, they may be fraudulent because this is one of the identifying markers with this statewide problem. If you have students like this that have not attended class, complete your census, and please email your class code and the student ID number to __@____.edu

Quoted In: Everything You Need to Know About “Vaccine Passports”

By

Earlier this week I spoke to Molly who wrote this article about so called “vaccine passports” we don’t call them that though (Only government’s issue passports). Digital Vaccination Certificates would be more accurate.

Early on when the Covid-19 Credentials Initiative was founded I joined to help. In December the initiative joined LFPH and I become the Ecosystems Director working to support the community along with my colleagues Lucy Yang the Community Director and John Walker as the Community Architect.

IPR - what is it? why does it matter?

By

I am writing this essay to support those of you who are confused about why some of the technologists keep going on and on about Intellectual Property Rights (IPR). First of all, what the heck is it? Why does it matter? How does it work? Why should we get it figured out “now” rather than later?

IPR and the tone of worry around it confused me early on in 2005 when I was just getting started leading the Internet Identity Workshop. At that first workshop, a session had been called by Johannes Ernst, who at the time had created a protocol he called LID, Lightweight IDentity, to support people using a URL they had control of to do authentication (i.e., to prove they were the owner of that URL). He called a session with the other URL-based/URL-like identity authentication protocols in the room — OpenID (when it was a LiveJournal thing), Sxip and XRI. These formed into what they called YADIS — yet another digital identity system. After they began working on it … they decided OpenID was the best name of the bunch so they called it that.

At the time they kept worrying about how they could collaborate and they sensed that they needed to have IPR dealt with, but I couldn’t understand what they were going on about. This small thing delayed them working together for a long time. They literally had to spin up a new organization, get new bylaws developed and get everyone to join and sign off on the IPR regime before they could formally talk together about how to get all work to align and come up with one protocol.

Why couldn’t they just talk together and build something? Why did they need an organization and a structure and agreements? They had met at IIW just fine and talked…but what was different when it came to formally collaborating and writing something together?

Without an IPR agreement in place, many bad things could happen that would necessitate lawyers, after which all the well-meaning people’s work could be lost. What you are saying? Lawyers and lost causes…it all sounds so dramatic.

Introduction to IP

So, where to begin. There are several different forms taken by intellectual property, and almost all of them come into play here with their own rights structures.

Patents — A patent is a form of right granted by a given government to an inventor or their successor-in-title in a given jurisdiction, giving the owner the right to exclude others from making, using, selling, offering to sell, and importing an invention for a limited period of time, in exchange for the public disclosure of the invention.

Copyright — A copyright gives the creator of an original work exclusive rights to it, usually for a limited time. Copyright may apply to a wide range of creative, intellectual, or artistic forms, or “works”.

Trademarks — A trademark is a recognizable sign, design or expression which distinguishes products or services of a particular trader from similar products or services of other traders.

Organizations of all types work together to create all three of these types of intellectual property. When employees join companies or contractors work for them, they generally sign agreements that say the work they do for hire for the company is owned by the company (not the individual people doing it), so even within organizations there are explicit systems for managing intellectual property rights.

Corporations file paperwork with the relevant government(s) to be granted patents and trademarks. They might also file for specific copyrights, but these rarely have to be filed in advance to be exerted.

Collaborating around IP

So given that IPR exists, how do you manage it when you are working together in technical communities to define specifications that are open and to collaborate on open source code. There are slightly different considerations for each, and these require different IPR regimes before companies feel safe collaborating. This post centers on specification and we will talk about the difference between Open Source and Open Standards in an upcoming article.

Let’s start with a protocol or a specification that you want to be “open”, meaning that after it is done, anyone can use it (i.e., anyone can create code that speaks the protocol). Anyone who had patents that are included in the protocol can not charge licence fees for usage of the protocol. (Nit: Some technical organizations charge a fee for the text of the specifications as a dues structure to sustain the sponsoring organization, but this is not to be conflated with licensing, since the implementation of the specification is licence fee free.) Examples of open protocols include the e-mail protocols SMTP and POP, and web protocols HTTP and HTTPS.

Companies working in technology have various things under patent. To make the space for collaboration safe for everyone, they want an organizational boundary in place that can require everyone to agree upfront (i.e., before they contribute to a specification) that they will not go after anyone who implements the standards for violating a patent they have that is included in the mechanics of the specification.

In plain language, this means that even if they hold patents related to the work being done collaboratively, they agree going forward not to charge users of the resulting, collaboratively-designed specification or protocol for the use of ideas that went into the process that are covered by patents.

Shark sightings

If you just have a group of companies collaborating on a project without an IPR boundary or “membrane” that filters out potential future patent problems, today’s goodwill between participants is little guarantee.

There is a lot of diversity in the category of future patent problems. Someone who was contributing without declaring that they hold a patent related to the work can claim they had a patent later (years after the specification is finished) and seek payment from everyone using/implementing the standard, claiming licensing rights or even lost revenue on ideas they legally own.

This sucks and it has happened before. Because this has happened before…companies are smart and they will not implement a standard that doesn’t have the sign-off from everyone who created the standard so they don’t have to deal with the future risk of being sued by one of the creators.

If work happened to be created outside an IPR framework, but at a later time everyone who created it retroactively agrees to an IPR regime, then others will be able to use it without fear. That might sound reassuring, but “everyone” is doing a lot of work in that sentence. The process of retroactively finding all the companies and individuals who contributed, particularly if work was done remotely by an open-source community including pseudonymous or volunteer members, and then having all of them and their employers’ legal counsel sign off on any post-facto agreement is very time-consuming and there is always the risk that someone won’t sign or that you can’t find one of the past contributors.

Furthermore, “significant contribution” can be difficult to define, and even more difficult to prove or disprove, so the list of parties included in “everyone” can be difficult to pin down. For this reason, guests and listeners on standards calls are often admonished not to say anything “too specific” or concrete about specific solutions to problems discussed, as those could be considered significant contributions that changed the course of the collective conversation and solutions produced by it. The tension between openness of conversations and IPR protection it is best to read the IPR agreement, and if needed get legal opinion about how you/your company can contribute if you want to.

Another hazard against which collaboration needs to be protected is that ideas discussed or generated in a working group or other collaborative context can be “taken,” i.e., patented, by any listener or observer. In fact, patents can sometimes be obtained quite quickly in other jurisdictions, or exerted retroactively to the time of first filing, so an idea can effectively be patented the day it is first discussed in any collaborative context that does not require its participants to waive all patenting rights. This kind of waiver can be daunting to for-profit participants, but it also supports collaboration of the most productive kind.

This balance is usually struck by agreeing very explicitly and in granular detail about the exact scope of a group and waiving patent rights to the resulting specification (While retaining the right to the patents for usage outside the specification), while censuring discussion beyond it.Some companies are more sensitive than others about this and really want to make sure all the pieces of a potential implementation are covered by IPR, including implementation details a little further from the working core of the code like schemata, data dictionaries, and other semantics. In the decentralized identity space, this includes not just identities and data structures but also credentials, data flows, architectural designs, etc..

Read all posted signs before jumping in deep water

Before you can contribute to an open standards working group, it is important that you always disclose (and in some cases release) any patents that might conflict with the scope of the working group. This is why the scope of working groups is defined in a charter, and why its so important to have participants adopt the charter.

It is also why it is risky to have a vague or open-ended scope, since people won’t know if their existing IP is relevant or not. Furthermore, if the working group later decides to reinterpret the scope in a way that impacts the IP of existing members, this can cause real problems, as it becomes very difficult to distinguish which ideas down the road would or would not have been arrived at without the earlier participation of the parties that did not yet know they had a patent conflict. Substantial changes in scope are generally cause to close the group and recharter a new one, to minimize this kind of legal ambiguity.

Participating actively in the scoping discussions is the best way to get a rich and multidimensional understanding of the boundaries of a given charter’s scope, and discussing with trusted (and tech-savvy) counsel is a close second. When in doubt, ask a lawyer — we are in the ideas business, after all.

Hopefully this quick introduction made clear why starting a working group (or even joining one!) is such a complex deliberative process — and gave you the tools to navigate it for yourself.

My Articles On DIF

By

In 2020 I had a contract along with Juan Caballero to do communications at DIF for a few months. We got the youtube channel going with content from the F2F event and published several articles.

I coauthored this one with Margo Johnson about the glossary process we went through to define Wallet, Agent and Credential.

Finding the Bell Curve of Meaning: A process for supporting the emergence of shared language in broad collaborative communities

I wrote these three articles myself:

DIF at #IIW31 – self explanatory about the Internet Identity Workshop

Where to begin with OIDC and SIOP: and how today’s most powerful authentication mechanisms can be decentralized

Understanding DIDComm: A cross-community effort to standardize on common, DID-anchored capabilities

Here are the ones both Juan and I collaborated on:

Those of you who know me – know I really care a lot about the difference between Open Source and Open Standards. So we drilled down on this topic with these two posts.

Drilling down: Open Standards: What standards are and what it means to make them openly

Drilling down: Open Source: A crash-course in the complex world of variously-open software licensing

DIFS updated code of conduct. Its great…for Setting a tone for inclusive collaboration.

View at Medium.com

Two Exciting New Roles

By

I should have written this post at the beginning of the year…but the year is still young.

I have two new part time roles that I’m really excited about.

I am the Ecosystems Director at the Covid-19 Credentials Initiative. I am working with a fantastic team helping lead/organize this community. Lucy Yang is the Community Director and John Walker is the Community Architect.

I am the Chair of the Verifiable Credentials Policy Committee which is under the Blockchain Advocacy Coalition lead by Ally Medina.

I continue my community leadership work co-chairing the Interoperability Working Group at DIF and the Secure Data Store working group at DIF/CCG.

I am publishing a weekly newsletter/summary of SSI news that covers the Identosphere. This is in partnership with Infominer. You can subscribe here and support us on Patreon here (yes two different places) .

I do an (almost) weekly podcast with Seth Goldstein called Privacy Surveillance and Anonymity Today.

I have a new page up with Media Coverage if you want to check it out.

Yes I do do consulting. If you have a question you need answered about this emerging industry. I can help you figure it out.

Internet of People is doing false advertising

By

I just learned about the internet of people project. It seems cool…I need to dig in a bit morebut already there is a huge red flag/disconnect for me.

These are the guys who are signing off on this post they put a picture of themselves on zoom.

These are the women (many of them of color) at the top of the page.

I was so hopeful when I started reading this post that this group of women was actually leading this project. THEY ARE JUST STOCK PHOTO.

Protip: If you want to build the future of the web and make it for people your team needs women and people of color on it.

Pretending with photos doesn’t cut it.

Quoted in NYT

By

I was quoted in this article about Tim Berner’s Lee and the Solid Project.

….“No one will argue with the direction,” said Liam Broza, a founder of LifeScope, an open-source data project. “He’s on the right side of history. But is what he’s doing really going to work?”

Others say the Solid-Inrupt technology is only part of the answer. “There is lots of work outside Tim Berners-Lee’s project that will be vital to the vision,” said Kaliya Young, co-chair of the Internet Identity Workshop, whose members focus on digital identity.

Human Centered Security Podcast

By

I was invited to join Heidi Trost to join her on my new podcast focused on Human Centered Security. We had a great chat focused on Self-Sovereign Identity.

You can find it here on the Web, Spotifiy or Apple Podcast

In this episode we talk about:

What Kaliya describes as a new “layer” to the Internet to support decentralized identity, much like how html or email supported what came next.

The importance of open standards.

How to build a “digital wallet” paradigm that makes sense to people.

What SSI means for businesses/business models.

Kaliya is the co-author of “Comprehensive Guide to Self-Sovereign Identity,” and author of “Domains of Identity.” She is also one of the co-founders of the Internet Identity Workshop, which brings together people to help develop open standards for ways people can own and control their digital representations of themselves.

MyData Talk: From Data Protection to Data Empowerment (not an easy path) for the Technology Pragmatist

By

This is the edited text of a talk that I gave during the first plenary session of the MyData Online 2020 Conference. I was asked relatively last minute to join this session which was headlined by Siddharth Shetty talking about Designing the new normal: India Stack. In 2019 I was a New America India-US Public Interest Technology Fellow and traveled to India to India to study the UIDAI the Unique Identification Authority of India the entity that enrolls Indians via their biometrics into a system and then issues them an Aadhaar Number. You can read that research here. While there I met many critics of the system that had been silenced and an amazing crew of security researchers who organize in a collective called Kaarana.

I didn’t have time to do a deep dive and research the latest on the India Stack and the new Date Empowerment Protection Architectures. What I did have time to do was based on what I learned almost 2 years ago on that trip was to put forward some hard questions that apply to both what is being put forward as a design in India but also for many other systems being developed at this time globally. I hope these Big Questions put forward by myself a technology pragmatist can provide food for thought both at this MyData conference and beyond as we continue to create and build new systems.

Thank you for inviting me here to share my thoughts in this opening plenary

I want to start off by declaring myself a technology pragmatist. Meaning I want to put my self in the middle of the spectrum between what I call neo-luddites on the one hand who never met a technology they didn’t like and are throwing cold water on any innovation mostly because they don’t engage with the details. And, on  the other hand the techno-utopians who haven’t met a technology or business model based on neoliberal economic premises the they didn’t like.  They say “the future will be great, just trust us.” They don’t really welcome intensive inquiry into how things the details of their systems actually work or discernment about how power flows in their systems

I argue as a technology pragmatist  that we need to engage with both types of questions – the details of how things work and how power really flows in these system and will be putting forward in this talk several Big Questions that I think we need to consider. 

My starting point as a technology pragmatist is advocating for innovations in technical infrastructure and capabilities so people can be in the center of their digital representation and data lives. 

That path is a noble one but NOT an easy one. 

I’ve been in the weeds with technical folks hosting the Internet Identity Workshop for 15 years in order to struggle to find technical ways to make this real.  I founded the Personal Data Ecosystem Consortium 10 years ago with a vision very similar to the MyData vision to build a movement and momentum for a new way to empower people with their data one that connects consumers with ethical businesses to make it real. 

I believe that you can’t  the problem with words alone – with “laws”.  GDPR was put in place but its authors seemed to lack knowledge and understanding of what was practically possible in technology systems. 

It is also true that now 3 years into GDPR there has been very limited enforcement –  what does this mean?

Well if you go look at the github repository for the Data Transfer Project in has seen basically no activity in a year – its almost like it has been abandoned.  

What good are these “laws” without enforcement?

So as a technical pragmatist I have more questions… 

Big Question 1

Can Big Tech Regulate itself? 

India has a heavy reliance on self regulating entities in their financial and other sectors and yet another one is forming now called Sahamati to regulate this Account Aggregator system

Two years ago I travelled to India to study the UIDAI the entity that issues Aadhaar numbers. It is entirely self-regulating – there is no outside entity that it is responsible and accountable to. 

How does this work if these types of entities because of their self-regulating nature are unresponsive to critics?

Big Question 2. 

Can New Technology Emerge and be held accountable?

What happens when critics of new technology are trolled? 

This happened in India when critics of the UIDAI where harshly trolled extensively on twitter – it came to light that the one of the main trollers was the co-founder of iSprit. 

What happens when critics of new technology have police reports filed against them?

This happened to over 30 people and leaders of NGO organizations that critiqued UIDAI and Aadhaar.  These NGOs had it made abundantly clear that if they continued to research, and publicly raise issues with UIDAI and related emerging technology around the India stack they would have their status as NGOs threatened and their ability to do their work severely limited. 

This raises questions about the ability of civil society to meaningfully engage in raising questions and seeking accountability in these new systems. 

Big Question 3. 

Can an ecosystem emerge when there is only ONE of a thing?

There is only one DigiLocker provider (the locker service to store your government issued ID in the cloud)

When I was in India speaking to government officials working on it they said they were being overwhelmed trying to manage all the requests from educational institutions to make a direct “hard” connection to the service to both upload student achievements and download them records from prospective from students. It was clear that expanding this to even more sectors might not be doable because it would mean that every single institution in the country would have to directly federate into this bottle neck. 

Is it a sustainable model if every institution must connect to “one thing”? 

Can an ecosystem emerge when there is one identity provider that matters and you must authenticate (phone home) to it – to access services?  iSprit’s model and vision of how the India Stack works puts Aadhaar in the middle of everything. 

UPI is a remarkable system – it totally disrupted the credit card payment rails and effectively made a ultra-low cost payments clearing system the whole economy can leverage. 

UPI also “sees” everything so it potentially gives the government total transparency into the economy/ what’s happening. [to be fair it is clear that some government agencies in other economies watch international bank transfers in networks like SWIFT]

On the positive side It also works at scale.  

There is with the creation with Account Aggregators and the Data Empowerment Protection Architecture the movement of financial data … and will likely get it working

but I go back to earlier questions I have what about critics –

  • What about the lack of recourse when things go wrong?
  • What about the self regulation and the issues that arise with that lack of external accountability?

Big Question 4. 

Can industry innovate modalities of feedback and discernment – – going beyond “voting” for boards of directors. 

Could we be leveraging things like 

Imagine randomly selecting users and running citizens (user?) juries and innovation games on a regular basis to engage with customers of a company OR can accountability organizations like MyData seek feedback in this way – going beyond audits and certification as a modality to provide direction and accountability. 

I find inspiration for MyData and the movement overall. In the Social Venture Network – this is a community I learned about over 20 years ago and was founded by entrepreneurs like Ben and Jerry to build community amongst ethical/sustainable businesses – it is why I started the Personal Data Ecosystem Consortium 

But Governance is Hard…HARD

Big Question 5. 

How do we really and meaningfully govern these new ecosystems?

How do we govern them in ways to not super over burden them? 

but also not just let things continue on their current trajectory – because it seems  GDPR is favoring the big guys. 

The trouble with tech is that “intention” is not enough…

“don’t be evil” <— how is that working?

OR 

“making the world more open and connected”? <— or this?

One thing I know about this new technology as a technology pragmatist is that the details matter

They matter a lot 

The details are where struggle for real user-empowerment and control lie and where current power flows can be shifted to new ones that better align with people and humanity. 

How do to get enough / care interest in the details ?

Can people and organization that we trust really see the details and see how things really work for us?

MyData is in tech but not necessarily in the weeds of how it will work…we need to get into them…and not just keep pushing it down the road. 

Standards are a huge part of the details that matter – not just open APIs

I will make a note that if we had had seen investment in user-centric digital identity standards between 2003-5 when first proposed by Planetwork in the Augmented Social Network paper that was shipped around to the Ford Foundation and Open Society Institutes we might not be facing these dilemmas now.  But they “didn’t get it.”

True technical interop means parts of the ecosystem are replaceable and that there is NOT locking for one stack or provider. 

To this end…I co-lead work on the confidential data store specification in the secure data store working group. I’m actively tracking developments in the self-sovereign  identity / decentralized identity community.   (In the last few weeks I got  potentially divergent paths to talk pre-divergence – talking about VCs and object capabilities standard – on the CCG list.)

I also co-chair the DIF interoperability group to push for convergence so that all these amazing things we work on actually work together. 

Big Question 6. 

Can we with SSI and tech make public key encryption usable by normal people?

Can we really make data private & usable. … I’m feeling like the answer is an optimistic maybe.  With all this work. 

Big Question 7. 

Are we looking far enough into the future?

I also know from talking with folks like Liam Broza the waves of personal data that are about to get exponentially larger with AR and VR headset data – we must have robust user/individual centric containers for this. I’m not sure we are ready.

We must look ahead to where the metaphorical ball is going with technology  – massive amounts of data and AI <- can they be personal and work for us?

Will they help us be happier and better aligned with nature? the planet?

This was a key aspect of the originating motivation for Planetwork… to convene and ask itself what missing piece of infrastructure was needed to truly make Information and Communication Technology work for people and the planet 

Can we do more with less?  OR will they just be motivated by their owners profit making us “consumers” or companies driven by Ayn Rand libertarianism. 

Why do  we believe people and groups should have access to data?

Can we in the next wave of technology development center those marginalized in the last wave?

Can we listen to those who know what has got wrong with tech because it happened to them already?

I asked a lot of big questions in this talk 

  1. Can Big Tech (government or private sector) regulate itself?
  2. Can new tech emerge and be held accountable?
  3. Can an ecosystem emerge when there is only ONE of a thing? Can we get out of solutions with centralized dependencies?
  4. Can we innovate new modalities of feedback to companies/tools and services? and to systems regulators? 
  5. How do we really and meaningfully govern these new ecosystems? How do to get enough / care interest in the details ?
  6. Can we with SSI and tech make public key encryption usable by normal people?
  7. Are we looking far enough into the future?
  8. Will they help us be happier and better aligned with nature? the planet?

I will leave you with this important question 

Why  do we think people should be empowered to control the digital representations of themselves and their data?

When we know why. We will have more understanding of what aspects of how (the tech details) that are important. 

We must innovate in ways that let new businesses and opportunities bloom. 

I believe that open standards, protocols, done right, ones that have maximal expressive capacity will be key. 

By expressive capacity they create a set of rules that make them understandable but also within them give enormous freedom to express.  I believe that Decentralized Identifiers and Verifiable Credentials also know as SSI provide a good starting point for us to build what we need to fundamentally disrupt the current  in current ecosystems from monocultures to an “agroecology of technology”. This is my vision as a technology pragmatist. I know that many of you care about these questions and in various ways many of the sessions will engage with them. I’m looking forward to spending these next three days to our exploring them together here at the MyData 2020 Online Conference