Uncategorized

There are quite a few publicly available slide decks that Anil John has circulated from his program working on developing verifiable credentials. It will continue to get updated as more material from this program are released.

DHS ST SVIP Digital Wallet Verifiers 2023

DHS SVIP Digital Wallets Verifiers Topic Call (solicitation)

DHS ST SVIP Blockchain to Decentralized Identity: Crossing the Valley of Death between Great Ideas and Real Implementations

DHS USCIS PRIV SVIP DigitalCredential Technical Exchange Meeting

DHS SVIP Interoperability Plug Fest #2 – VC DID Multi-Platform Multi-Vendor Interoperability Showcase

DHS SVIP Scaling W3C VC DID Interoperability 2022 07 12 From Principles to Interoperable Implementations

DHS W3C VC-DID Implemenation Profile 2022 09 29 Credential Data Model Representation Syntax & Proof Format

SRI-Cryptography Review and Recommendation for W3C VCDM and W3C DID Implementation (paper)

DHS SVIP Blockchain R&D Innovation

DHS ST IDM Privacy 25 May 2017 ExternalTeam

DHS S&T IDM Privacy old

DHS ST SVIP Call Preventing Forgery Interop Test Plan Phase 1

DHS ST SVIP Blockchain Preventing Forgery Counterfeiting 20181115 (solicitation)

Next week is a busy one.

I’m heading to Florence Italy for a workshop on Blockchain Constitutionalism. I will be on a panel there about dApps.

Wednesday morning I will be virtually participating in RightsCon in a 1 hour workshop about Blockchain and Identity. You can register for RightsCon to attend virtually.

Wednesday the pre-conference day of the Digital Identity unConference Europe. We have an afternoon of pre-planned content to help orient folks. I will be MCing the advanced track.

”

Thursday and Friday are the Open Space Unconference days where we will create the agenda live each morning.

Friday night I have been invited to participate in a Meetup by the RxC Zurich chapter

This post is a bit of a throwback to the cultural norm we had in this community at the beginning between 2005 and 2010 – when social media was really just your own blog – and the blogs you read each day via your RSS reader.  There was no Twitter and no Facebook and no professional oriented dialogues in those mediums – rather it was all blogging call and response. 

Northern Block published a post last week written by their CEO Mathieu Glaude, putting out a call to action to figure out how we can have a “Digital Universal Credential [sic] Adaptor”. It is not a viable idea – I will explain why and what we can do to move forward. 

The idea of a universal digital credential adapter in the post builds on analogies from the real world like electronic adapters for different electric socket shapes or voltage levels that exist around the world. It sounds great – “Sure, let’s just do that, it can’t be that hard, can it?” I used to think this too, but you can’t do it.

It is not possible because deep properties of how the cryptographic technology works and how technical trust is confirmed do not allow the wallet to be a “transformer”.

One Really Needs to Understand How it Works

During the winter of 2019-2020, I was asked to write a report for an organization who needed to communicate to upper management the key differences between different wallets and different stacks in part so they could make a decision about which path to go down. It was at this point I dug in and got much deeper into understanding the real and significant technical differences between the credential formats and different wallets. The research I did for this report became the basis of the Verifiable Credential Flavors Explained paper that I wrote a year later with Lucy Yang (who is now my business partner) to explicitly explain the key differences. We followed it up with an infographic of the four major formats of Verifiable Credentials (VCs) at that time – they all are technically within the W3C VC format specification – but are actually not technically interoperable. Both the paper and infographic were specifically designed to be simplified yet technically accurate so they would be accessible to business decision makers trying to understand the differences they had techies telling them about. I recommend people who are trying to understand the key differences look at both. 

During COVID times and the work in leadership at both the COVID Credentials Initiative and Good Health Pass Collaborative, it became clear that the ONLY way to move or “adapt” from one credential format to another was via a proxy issuer that would need to read a credential proof from a holder, take the claims in that proof and package them up with new cryptographic signatures. Then the holder will be able to use the new VC issued by the proxy issuer in a different format at verifiers.  Verifiers who wanted to accept credentials from a whole variety of sources figured out how to read the cryptographic signatures that came from a variety of different issuers.  

If one is to use a proxy issuer, there must be an enormous amount of confidence (trust) by all parties involved that the proxy issuer won’t alter or create new facts about the holder and attest to who the issuer was as the original source of the credential. This requires a lot of governance. 

In our current world, we have notaries that are licensed and keep detailed records of what they sign and attest to. They also do things like officially translate documents, say a birth certificate for a person from a foreign language into English for the purposes of submitting it to an immigration process. This is in-effect playing a proxy issuer role. And we see that we don’t trust “people” who the birth certificate is about to just translate it on their own without a third party, who the relying party (immigration authority that the document is being submitted to) having confidence in. The translation needs to be done by a third party that has governance systems in place around them to ensure that the possibility of their lying about the original document is low. 

Wallets Just Can’t be a Transformer

Here is a metaphor from the physical world of credential and document security that is much more appropriate than the universal plug analogy.   

Wax seals were used in medieval times to seal letters written by important people and sent to other important people. They sealed the outside of the letter folded up in a specific way and then a dab was placed on it and sealed with a metal impression from a seal or a ring. This way the recipient of the letter would know that the letter had not been opened, altered or changed in transit. 

This is what we are dealing with – with VCs. Only proof of the original wax seal (cryptographic signature) from the original issuer will do to confer confidence and trust in the credential unless significant work is put into creating a proxy issuer infrastructure.**  

A wallet under the possession of a holder can’t be doing the reading of the original proof and “transformation”, and then cryptographically sealing it again because holders have incentives to change the information in the credential. When a verifier gets a “transformed” credential it won’t have the original “wax seal” – but instead the seal from the transformer – the wallet of the holder acting as a proxy issuer. 

Part of what VCs have power is that individuals using them generally do not self-assert (this in effect what would happen if the wallet was the transformer between format types). They are using VCs to communicate what issuers who have authority for saying something about the person do so via cryptographic signatures they (the issuing authorities) control. Issuing authorities are entities like universities asserting who graduated from law school or medical school. We don’t care who self-asserts these things, but we care that real institutions assert them. 

In the Northern Block post, it is suggested that “research is required to understand and safeguard the credential’s attributes and values during the transformation [by the wallet].” This doesn’t make sense because proof that a VC was signed by the issuer is what makes it work. And the suggestion “we must focus on ensuring these frameworks can accommodate and seamlessly convert between all these formats without compromising the credential’s integrity or the issuer’s integrity” is a waste of time, because any transformation in the middle (by the wallet) fundamentally does compromise the credential integrity and the issuers integrity. 

Your Choice Has Consequences

Other than the untenable wallet transformation idea, the following assertion is also made in the post:

Issuers will issue credentials in their chosen format without being forced to adhere to a specific standard, similar to the electrical socket in a specific country, which provides power according to its local standards without needing to conform to the formats used elsewhere. One issuer may pick AnonCreds and another may pick JSON-LD to issue a similar credential.

There have been established standards for electrical sockets across the world for a long time. And there is little to no governance needed around plug usage by travelers or anyone across the world. The standards are simple and readily there, and it is left for individual travelers to figure out and bring the right adapter. However, the standards and governance for credentials and wallets are still underway, especially when it comes to the preferences by the different geographic regions/countries/jurisdictions. For issuers at large who eventually need to be attuned too and comply with their regional/national/local standards, the idea of issuers can issue credentials in their chosen format without having to adhere to a specific standard is a ‘radical’ one. Issuers are likely to have options but limitations as well. 

Looking beyond issuers’ choices, all choices will have consequences, even the ones made by a certain jurisdiction. For example, if jurisdiction 1 chooses a format/cryptographic algorithm that another jurisdiction 2 has evaluated and determined that it will not accept (because the math it uses isn’t well enough vetted), then the people to whom jurisdiction 1 issues credentials to – will demand that they have credentials issued that can be accepted in jurisdiction 2.  There are conversations like this going on behind the scenes right now – certain jurisdictions thought they would pick signature formats and that others would just accept them – and they are not doing this. It is the right of jurisdiction 2 to reject signature formats that have not been validated by agencies tasked with certifying the security of such things.

Moving Forward

Making simple analogies for credentials and wallets without understanding the key trust features of the architecture and how all of the signature types achieve “trust” (confidence and believability) is dangerous. Our industry is at a critical juncture, and we need real thought leaders and pragmatic implementers to make headways into the mass market. 

1. Stop papering over format differences and pretending they can be solved with simplistic ways. Really dig in and understand the key differences between the formats and the features and trade-offs along with requirements of different parties in the ecosystem along with actual capabilities of hardware and capabilities of software and how it all works together.

2. When needed, issuers can dual issue in more than one format with more than one signature type. Issuers are adopting this strategy and choosing to issue to holders the same information in two credentials in two different data formats with different signatures scheme and the public keys listed in different registries with different governance structures. Then when a verifier is asking for a credential in a particular format (hopefully one of the two they have in their wallet) they can provide it. 

3. Keep believing in the ideals of the community and working towards those ideals but stay grounded in what is possible technically. There is currently a trade-off that needs to be made between hardware key capabilities and the most ambitious selective disclosure and ZKP algorithms. The folks in the EU are currently dealing with this and it cannot be escaped. The solutions can’t do all things all the time. And at some point in the future, they will be more capable.  

— End Post–

Foot Note: 

** It is possible to create a proxy issuer based solution. This can be done and is being done for a few use cases like Tru-Age for NACS, but the “wallet” in this case is not doing the proxy issuing – it can’t for it to be trusted. A third-party witness sees the original credential and repackages just the photo and an assertion of age above (18 or 21) is issued to the holder. In fact, a stack of one time use credentials is given to the holder so they can present the same information and not have it tracked by verifier collusion. The relying parties, in this case the convenience stores, trust the proxy issuer because of the governance put in place that the creators of this particular ecosystem have stood up. 

Post Script: 

I will note that if I were to write the paper Verifiable Credential Flavors Explained paper now, I would add at least two more formats (ps. If you want this paper to be extended, you can sponsor our consulting firm to do that work).  There is a very extensive spreadsheet tracking “all” the credential formats that you can see here; some have basically no adoption and are just early experiments, others didn’t exist when we wrote the paper and are in the EU Architecture Reference Framework. 

Last year Michael Becker invited me to London to speak at this event. It was really fun if under-attended.

This year he is putting on a similar event focused on personal data and identity but this year there is an added focus on Organizational Identity. It turns out this type of identity is where there are enormous emerging challenges – because all sorts of mischief can happen if you don’t actually have a clear solid picture of what entity you are communicating with.

One of the people who joined us at IIW and made a big impression on me and several other folks is Rebekah Johnson the CEO of Numeracle. They solve identity challenge for businesses who are having their calls being labeled in the phone system as “spam”. She will be keynoting at this event. If you can make to London I recommend going and if you can’t make it to London plan to attend virtually.

I’m really excited about an event coming up in a few weeks. The Digital Identity unConference Europe – DICE. Heidi, the primary IIW producer and I one of the three IIW founders are working with Procivis, Digital Trust and DIDAS to put the event on. It is happening June 7th-9 in Zurich.

There is a Pre-Conference 1/3 Day Wednesday June 7th. There will be talks in the afternoon with a capstone panel featuring government leaders implementing digital identity from an impressive array of countries.

There will be two days of Open Space Technology formatted Unconference. This is where we gather in a circle and co-create the agenda live all together just like we do at IIW. We have an amazing list of potential topics that you can see here.

The timing is potent for the event and this is the description on the website about some of the framing around why now and why in Europe.

Europe has seen many government-driven digital identity initiatives in the past few years and became a hotspot for decentralized digital identities. A key initiative was started in Germany by the Federal Ministry for Economic Affairs and Climate Action in 2020 with the title “Showcase program Secure Digital Identities” which aims to develop German eIDAS solutions, which are equally user-friendly, trustworthy and cost-efficient and to make these solutions easily accessible for administration, businesses – especially SMEs – and the population. This program is funding 4 national digital identity projects with up to EUR 15 Mil each between 2021 and 2024.

In parallel, the European Commission launched in September 2020 a major revision of its electronic identification, authentication, and trust services “eIDAS” regulation which came into force in 2016. The aim of the revision is to introduce an EU-wide mobile-based “EU-ID” for all European citizens that can be used in all 27 EU countries. First proposals for technology architectures incl. wallets (eIDAS Architecture Reference Framework and the EU Reference Wallet proposal) were presented in early 2023 and four cross-country “EU Large Scale Pilot” projects were funded by the European Commission in April 2023 – among them, EU Digital Wallet Consortium focused on Travel, Digital Credentials Four Europe, EuropeaN digiTal Identity wALlet (POTENTIAL). 

Another major project in Europe is European Blockchain Services Infrastructure (EBSI) which has been fostering ecosystem development since 2018 with 19 conformant wallets. And an early adopter program with 200 organizations participating. 

Switzerland has seen a rejection of its national E-ID legislation by a citizen referendum in March 2021 given concerns around privacy and the public-private partnership approach which foresaw private sector entities issuing E-ID to Swiss citizens in the name of the federal government. Switzerland’s Ministry of Justice then started to work immediately on a new approach to introduce a citizen E-ID for all Swiss residents based on the key principles of Self-Sovereign Identity with the respective law going into parliamentary discussions in Fall 2023 with the aim to introduce the national E-ID in 2025. The first pilot project on a national trust infrastructure “sandbox” operated by the federal Department of Technology started in April 2023.

There are many good websites and other resources about these efforts but ultimately it is people who are making it happen. This event with its opportunity to co-create the agenda live each day means the most relevant and pressing topics by those making these initiatives happen can be shared and discussed. The key to effective alignment and interoperability is having forums like this where no one entity is “setting the agenda” and where all interested parties can show up in a neutral space and shape the agenda together. 

I hope you can join us! Its going to be fun 🙂

Yes I have worked for the government as a sub-contractor (that is my contract was with a contractor who had a contract directly with the government). How did I get this sub-contract – well I was asked by a long time community member, that I trust to do research for them. This person, Anil John, also happened to work for the research wing of Department of Homeland Security called the Science and Technology Directorate (he now works for the Silicon Valley Innovation Program within the department). So yes I have worked for the government and yes I even worked for DHS but I really did the work for a human I trusted who’s work and research questions I believed in. This meant that I felt the answers would help the world be a little better and would improve the understanding of critical issues faced by the decentralized identity community/industry. All the results of all the work is public – here are all the reports. If you are “worried” about my values or my integrity because I did this work please read them before passing judgement

I worked on these first three reports with a colleague. The first one led to us getting the contract for the 2nd two.

Gaps in Government Funded Identity Research

Click to access Gaps-in-Government-Funded-Identity-Research-1.pdf

Securing Voter Data Systems

This report was really eye opening in terms of understanding how voter registration actually works and how voting actually works. There are lots of great NGO’s working on improving our voting systems we have them all listed at the end of the report.

Click to access SecuringVoterDataReport_Vescent_June2019.pdf

Entities, Identities, Registries Exploring Gaps in Corporate and IoT Identity

This report really looks at how corporate and IoT identifier systems work and what gaps exist.

Click to access Entities-Identities-Registries-VescentYoung2019.pdf

These next three reports go together. I was asked based on my group process expertise and direct experience working within “government led public private processes” that didn’t really go that well – the National Strategy for Trusted Identities in Cyberspace.

I wrote the big report and then worked really hard to boil it down to the short version. I also found there were quite a few different process and methods that I wanted to be sure the readers of the report had access to and didn’t have to go searching the web to figure out what I was talking about. The final document at the very bottom is the Resource Version.

Short Version

Click to access Systems-Leadership-Short-Version.pdf

Long Version

Click to access Systems-Leadership-Long-Version-2.pdf

Resource Guide

Click to access System-Leadership-Resources-3.pdf

Here are the sections of the Resource Report.

• The Cynefin Framework
• Action Spectrum
• Naming
  • Berkana
  • Criterion Institute’s Methodology
  • Elephant Hunting
  • 100 problems in FinTech Singapore
• Shared Language Development
• Field Guide and Questions
• Stakeholders affected by Real Names
• Details of High and Low Cost Processes
• Details of Parallel Distributed Multi-Stakeholder Engagement
• Detailed Logistics for Organizing Distributed Multi-Stakeholder Engagement
• Public Legitimacy and Public Engagement Principles
• Alignment Beyond Agreement
• Consensus Basics
• Co-Creation
• Value Network Mapping & Analysis
• Mapping Polarities
• Community Mapping Examples
• How Does Nature Do Identity?
• Roberts Rules of Order Compared with Dynamic Facilitation
• Processes for Collective Insight and Action
  • Scenario and Futures Planning
  • Dynamic Facilitation
  • Open Space Technology
  • World Cafe
  • Appreciative Inquiry
  • Participatory Narrative Inquiry
  • Consensus Conference
• Understanding Deliberative Processes Chart
• Which Process Methods When?
• Process Time & Openness
  • Openness Dimensional Cost
  • Synchronous or Asynchronous
  • Parallel & Serial
• Real Time Strategic Change
  • What Process When?
• Additional Resources for Social Innovation Labs
• Additional Resources for Action Networks
• Systemic Change Map
• Visa History and Life

The 2nd Thoughtful Biometrics Workshop happened a month ago on March 16th, 2023 and we had 75 people registered for this live event,

The goal was to bring together a range of stakeholders with an interest in exploring the use and application of biometrics for an uncommon conversation – one not happening in venues sponsored by and/or dominated by single constituency (i.e., vendors, non-profit organizations). 

My area of speciality is user-centric digital identity. I started out wondering how individuals could better represent themselves online – have ownership and control of the digital identifiers that they use when interacting in digital spaces. I collaborated with others, and we called this type of identity user-centric digital identity.  We created an innovative form in 2005 called the Internet Identity Workshop where we co-create the agenda live at the event. 

Conversations about biometrics, and their use and implementation in relation to digital identity technology, has been increasing steadily. I share many of the concerns that civil society organizations do, and also know that biometrics can have a role to play within well-designed digital identity systems. A more nuanced conversation with multiple stakeholders is needed for this to be effective. I invited several folks to join me as co-conveners of the events, including Jack Callahan and Asem Othman at the first workshop, and Brian Hofer, Executive Director of Secure Justice, for the second workshop. 

We could not have succeeded in these events without our sponsors, and we are very grateful to those who contributed: Paravision, ID2020, Simprints and Lakota Software. Thoughtful Biometrics is fiscally sponsored within Planetwork, an NGO that has been at the forefront of hosting nuanced conversations about technology and their implications for 20 years. 

For this event we proactively spent several months reaching out to key constituencies of civil society advocates, biometric scientists and companies, policy makers and regulators, biometrics implementers from government civil society, government and the private sector and technologists in related fields. We had a balance of participants from all constituencies and this generated deeply nuanced and generative discussions. 

One metaphor we used in framing the workshop purpose was the need for a ‘third attractor,’ a term used by Daniel Schmactenberger. In his framework, the power of ever-increasing technological capacity (“exponential tech”) means that both destructive and creative capacities are increasing exponentially. The two likely outcomes (attractors) polarize around either chaotic breakdown or powerful control systems/oppressive authoritarian control. Given this, the inquiry is: what does a third option or ‘third attractor’ look like, and what nuanced conversations and compromises are necessary for that? 

I am inspired by the respect, knowledge, and shared curiosity that all the participants brought to the sessions at Thoughtful Biometrics Workshop, and look forward to future events together.

When people registered for the conference we asked them about what they wanted to discuss and got a really great set of potential topics. During the opening first hour of the conference we co-created the agenda together live using a method called open space technology.

You can see the whole list of topics here in the draft book of proceedings.

One of the highlights for me was learning about what is happening in Portland. They are doing pretty deep civil society engagement around biometrics including making an inventory of surveillance technologies. Several links to what they are doing were shared in this session.

Chris Buchanan put forward a great presentation called A Thoughtful Process for Regulating Digital Identity this is how it was summarized.

Digital Identity is NOT equivalent to Physical Identity. Entropy rules the physical universe which makes the physical world eventually private. Aggregation rules the digital universe which makes the digital world eventually public.

Without designing in privacy and data entropy, privacy is guaranteed to be lost.

There are many technologies that can help introduce entropy to the digital space but none of them can be effective in a free market because they reduce revenue. Therefore, they must be regulated.

Eric Welton who despite being up overnight to attend from Thailand hosted a great session about two-D barcodes and how they could be used in various situations.

In the last session of the day I personally hosted a session on signage – informed by my own experience in a biometric system that I had to go through that had ZERO signage – Biometric Exit while leaving the US to Thailand via Taiwan in March (To put on the APAC Digital Identity UnConference).

It is against the law to use biometrics in New York without clear signage and an example of what was required was shared.

There were a lot of great conversations and many threads to explore in the future.

People and their representatives are rightly concerned about how biometric systems are used. This week while reading all the industry news I came across this article – CCIA Testifies On Maryland Biometric Privacy Proposal, Submits Written Comments On Biometric, Childrens, And Health Privacy Bills.

So what is BIPA? It is the Biometric Information Privacy Act that Illinois passed several years ago requiring any capturing of a biometric information in a template and in samples must get the subjects explicit consent. If companies don’t they face really large fines. White Castle just might have a $17billion dollar fine for violations over 10 years.

Industry associations like the Computer & Communications Industry Association are pushing back against these measures. This is their job to lobby on behalf of their members. Here is what they said.

The following can be attributed to CCIA State Policy Director Khara Boender:

“We share Maryland legislators’ concern about protecting biometric privacy and request that measures to address this important issue provide enough lead time for responsible sites to comply. We also recommend directing protections toward high-risk practices and aligning key definitions with privacy standards to encourage harmonization across state laws and aid compliance.”

“Privacy is particularly important for health data and for children online. While CCIA supports privacy measures tailored to specific age groups and the handling of more sensitive health data, the bills legislators are considering should prioritize ways to enable responsible companies to provide effective protections  rather than introducing punitive models with private rights of action that, in other states, have opened the floodgates to costly lawsuits.”

– CCIA Blog

I am hoping that organizations like CCIA can actually come to the Thoughtful Biometrics Workshop on March 16th and talk together with folks who are concerned about biometrics usage by the private sector and by government.

I have been engaging with folks who work developing biometric systems and folks who are concerned about biometric systems for in preparation for the Thoughtful Biometrics Workshop coming up March 16th.

Two weeks ago I attended Biometrics Regulation: Global State-of-Play Symposium (one to many talking on zoom with no chat function) put on by the Berkeley Center for Longterm Cybersecurity.

The aim of the virtual symposium is to discuss the global state-of-play for biometric data protection. We want to think more critically about biometric technologies as well as biometric regulation. As a result, we want to merge conversations on data protection compliance with broader technological, social and policy issues in different biometric technologies.

– Workshop Description Biometrics Regulation: Global State of Play Symposium

The presentations were interesting and it was great to have folks from all around the world present. India’s Aadhaar system was discussed and a newer system that has similar qualities was just rolled out in Brazil.

However something very concerning – throughout the discussion there was repeated conflation of biometrics with digital ID. This conflation is a problem to have the type of real discussion we need to have about both but to not conflate them.

I think the conflation comes from the builders of certain systems like Aadhaar and MOSIP along with those promoting these systems like the World Bank and Omidyar.

I’ve been working on “Digital Identity” since 2002-3 and the folks that inspired me to look at this issue were really considering how independent people expressed themselves in the digital world with their handles or avatars. This really began with the general public with the first internet services in the west like AOL, Compuserve and Prodigy. When you signed up to these services you picked a handle/user-name or maybe a few and that likely connected to an e-mail account. This user-name and the email associated with it are “digital identities”. Your twitter handle is a digital identity. Your Gmail account or Yahoo account is a digital identity.

In the last 10 years you have these large scale national ID (Aadhaar) systems being developed (MOSIP) and pushed out to whole populations that in order to get a “record in the digital database” as a citizen you have to go through an erollment and registration system that requires you to share your biometrics – often a photo, iris scans of your two eyes and capturing of all 10 finger prints. Then this national system deduplicates you – makes sure you didn’t already enroll and then issues you a ID number that is in the digital database of the nation state.

Then these national ID systems then create ways to “authenticate” against the database – prove that the person is represented by a given number/record in a database.

This is a very different architecture/design of digital identity than people have accounts in digital services. These two very different paradigms of what “digital identity” is – is part of the massive confusion around the language we are using.

There is a new paradigms around digital identity that involve collecting and sharing attributes from authoritative sources in the form of Verifiable Credentials is yet another type of decentralized digital identity that I spend a lot of time these days working on and convening people working on it at the Internet Identity Workshop.

Several years ago I co-wrote a paper about how biometrics could play nice with this new decentralized digital identity called Six Principles for Self-Sovereign Biometrics. If you look at what US Citizenship and Immigration is doing with their roll out of digital green cards using the verifiable credential technology on the digital green card holder’s wallet will have a photo encoded that when presented can be checked against the presenter’s face in real life. This aligns with what we outline. There is no “phone home” to the USCIS database to pull the photo and then compare – the needed biometric a photo is digitally signed and in a credential that can be compared with the presenter.

I just learned about a 2021 GAO report. It says that This means it is likely that more agencies are using FRT for more reasons. This report seems relevant because for the third time legislation is being put forward to do a Federal Facial Recognition Ban just this week.

The diagrams within the report do a good job of articulating clearly and simply different use-cases and how the systems work. I think they are great points of reference for us to use next week at the Thoughtful Biometrics Workshop on March 16th.

This set of diagrams articulates a whole range of uses by federal agencies.

This diagram really stood out for me because they are clear that there is a difference between Matching or what they call Verification or Identification. This different is really key and today there are proposals coming out from congress about banning FRT broadly.

This type of broad ban would limit the ability of agencies to use computer vision to match people to their documents – a technology that is widely used at boarder crossing in the US now and TSA has begun experimenting with at check points.

It would also limit the use of Biometrics as part of Biometric Exit I wrote about last week that compares passengers boarding flights leaving the US complied with access to galleries of photos of passengers drawn from DHS records (from entrance photos, document photos and passport records).

The GAO report includes a table breaking down the number of facial recognition systems owned by each agency:

• Commerce Department: one system, used for physical security.
• Defense Department: seven systems, used for physical security, domestic law enforcement, national security and defense, and other purposes.
• Energy Department: one system, used for physical security.
• Health and Human Services Department: three systems, used for physical security, domestic law enforcement and digital access/cybersecurity.
• Homeland Security Department: four systems, used for domestic law enforcement, border and transportation security, and national security and defense.
• Justice Department: seven systems, used for physical security, domestic law enforcement, national security and defense, and other purposes.
• State Department: one system, used for border and transportation security, and national security and defense.
• General Services Administration: one system, used for digital access/cybersecurity.
• NASA: one system, used for “other” purposes, including employee identification if they forgot their badges.

I recommend scanning through the report to see the range of use-cases. I think it can be useful in having a nuanced conversation about use-cases/applications that make sense and ones that could be harmful and really impact civil liberties.

I work on digital identity and this described below experience really highlighted the problem with much of the Biometrics industry and governments who use the technology – no explanation of what is actually happening or how a system got the template of my face. It re-affirmed for me the need for the Thoughtful Biometrics Workshop coming up March 16th.

I left SFO on Saturday at midnight on an EVA flight to Taipei. 

Biometric Exit combined with boarding that involved no presentment of a ticket or passport really caught me off guard. It was quite frankly creepy. 

I never agreed to share my photo with the airline – or to be part of a gallery (The group of photos of all people who would be getting on a plane). I just thought I was going through normal boarding where I would share my ticket and passport as part of getting on the plane. 

Instead I was asked to stand in front of a camera/screen that took my photo and then beeped/flashed green to say it was ok for me to get on the plane. 

When I said to the woman who was at the gate – what was going on that I hadn’t consented to this and where did they get the template to do this.  She was a bit surprised by my question and  shrugged and said she thought they got it off the chip on my passport.  Except I know this didn’t happen.  When I checked my bag in they only did that machine readability off the visual MRTD part of my passport – by swiping it through the reader on their keyboard.  

So I’m putting things together about what I think happened. 

CBP is doing Biometric Exit in collaboration with the airline.  (article confirming this)

The PNR – passenger name record is shared ahead of time with CBP – they put together a gallery (templates/photos of all the people who’s names appear as being on the flight) and then they use this gallery when folks pass through the live scanner.  This is me putting things together based on some of what I know and what I think is going on. 

The fact that there was no signage to explain to folks what is happening or how is really scary to me. This type of thing – where all of a sudden a thing is scanning your face and giving you a go/no-go to get on a plane is why people mis-trust facial recognition systems and technology.  I checked San Francisco has a ban on facial recognition technology – but only for local government agencies. 

I hope we can talk about this experience and others at the Thoughtful Biometrics Workshop coming up March 16th.  Please join us. 

I am reading a new article out asking if 2023 is the year of Digital ID.

It might be – lots of good developments are happening.

AND we also have a disaster of communication about how some systems work.

The article is referencing the way that TSA works where the employee puts the ID into a card reader which verifies the ID and then looks at the picture of the person presenting it to see if it matches. Then goes on to talk about how the digital version would work.

A digital ID would work the same way. The person would present a phone, which would have a barcode or QR code, which can be scanned, and links to a government record. “Essentially, your phone becomes a token which refers to a government authorized database,” said Miller.

– Is 2023 the Year of the Digital ID?

If that is how it is going to work – where I am presenting tokens that “refer to a government authorized database” then count me out. It sounds like to the non-sophsticated reader it pings the database and pulls down a photo of the person sharing the token. It might work this way – if people think reading it it does work this way – we can’t get adoption in the US. The ACLU has a whole report out about the worrisome phone home architecture that is optional with the mDL standard.

I did a search for mDL and TSA and this PDF showed up.

Look there is a direct link between the issuing authority and the TSA in the Relying party role – the little arrow says Key/Cert Exchange but is the public going to read that? Or are they going to think there is a connection to the database.

Another problem with the report and the way they talk about the solutions is that there are only phone hardware and software manufactures that are listed as the rightful arbiter of this system of IDs. What about other wallet manufactures.

One of the big developments related to biometrics in the United States in the last month is a call by senators “calling on TSA to immediately halt its deployment of facial recognition technology.”

My understanding of what is going on is facial matching between a presented document with a photo on it (passport or drivers license/stateID) and the person present. This is a similar kind of matching that happens when I cross the US boarder with my green card – they have my green card picture on file and then they point a camera at me and see if I match the picture on my card. 1:1 matching.

There are a lot of questions the Senators ask you can see the full letter here.

1. Please provide data on the accuracy and volume of TSA’s facial recognition technology program from 2020 to 2022 broken down by race, ethnicity, and gender that includes:

1. the rate of false positives and negatives produced;
2. the total number of travelers who had their face scanned by TSA;  
3. the total number of travelers who opted out;
4. the total number of cases where TSA stored its facial scans, instead of immediately deleting.

2. How are travelers notified of their right to opt-out of facial recognition? What are the effects on a traveler who chooses to opt-out of facial recognition?

3. Under TSA’s current system, do travelers who choose to opt-out face any additional consequences or additional screenings, pat-downs, interrogations, or even detention, beyond what they would have encountered at a non-facial recognition airport?

4. What training measures does TSA currently mandate for staff to regarding travelers who choose to opt-out of facial recognition technology?

5. Has TSA ever shared biometric data with other government agencies? If so, which agencies and for what purposes?

6. What measures is TSA taking to protect biometric data from cyberattacks or any other form of unauthorized distribution or release? How does TSA ensure the security of Americans’ data that third-parties have access to? Is TSA aware of any breaches of travelers’ biometric data collected at US airports? If so, please detail all such breaches.

This has prompted some responses from the biometrics industry with a post by the International Biometrics and Identity Association (IBIA) and the Security Industry Alliance (SIA). Both push saying that there are significant mis-understandings about the technology and how it works.

There is also video interview with Robert Tappan the Executive Director of IBIA on the Identity Week site. The interview is about 10 min and covers these topics:

1. Why do you think the terms “surveillance” and “identity verification” have been conflated? What are the perceptions of facial biometrics? True or not?
2. Is there evidence at all to suggest face verification technology is being used in the wrong way to invade privacy?
3. Talking to some vendors, some say there are some inherent biases in the level of technology that are being mitigated. Do you disagree that bias in biometrics now exists?
4. What are the differences between surveillance and verification that you suggested in your comments?
5. How do these claims/ beliefs affect trust?
6. Describe the level of progress in America with biometric deployments and are some unfounded beliefs that biometrics are ‘threatening our democracy’ derailing progress?

It is these deep disconnect between how the technology works in the real world, what it does and the public and legislator’s concern about it that the Thoughtful Biometrics Workshop was created for. My hope is we can dig and explore the nuances. I hope you will join us on March 16th.

The workshop is coming up March 16th virtually. If what I write below resonates with you please consider joining us

I thought long and hard about key constituencies to invite to the Thoughtful Biometrics Workshop and why. I collaborated with Kyra Auerbach to create this image that captures it.

There are many biometrics, ways to capture and measure them, and places in a techno-social system they can be implemented.

The technology landscape is wide and the policy and issue landscape they present is also vast.

This is what we explore at the Thoughtful Biometrics Workshop. 

Biometrics as a technology are not entirely “new” – for example, photos have been a part of government-issued identity documents for almost 100 years as 1:1 matching between a human and an identity document. As technologies have progressed (computer vision, AI, ML), new biometric technologies have emerged, enabling products with various use-cases and applications.

There is much to consider regarding thoughtful use. This is one reason we don’t pre-set an agenda, but instead invite key stakeholder communities with different knowledge bases and perspectives to engage in mutual learning and dialogue. 

Our hope is to gather humans who care about, are interested in, and are concerned about technology, in order for new perspectives and opportunities to shape future policy to emerge. These are the stakeholder groups invited to the Thoughtful Biometrics Workshop and why:

Civil Society Advocates and the Interested Public

New technologies have many implications. The public is naturally concerned about Biometric Technologies, while Civil Society Advocacy organizations are tracking the development of these technologies and raising concerns about their usage in various contexts. 

TBW provides an opportunity to share concerns and ask deep questions of the people who make and implement the technologies, to understand more about how they work in practice. There is also opportunity to share research and studies that have been done highlighting the flaws and misuses of biometric technology with creators, implementers and policy makers. 

Biometric Research Scientists & Companies that make Biometrics Products

Companies use the work of biometric scientists to make products. Many technologies are combined to make products that apply to different use-cases.  TBW provides an opportunity to share details of how various biometric modalities work (capture and comparison mechanisms) in practice, and to dispel misconceptions. There is also opportunity to share how technologies are combined to make products and how these work with other systems. 

Policy Makers and Regulators

Biometrics are diffusing and being adopted in a variety of settings across many domains: employment, government, commercial and civil society.  Some of these uses are aligned with existing policy requirements, some are novel uses that are not yet regulated at all. 

TBW provides an opportunity to understand the concerns that civil society advocates and the public have about existing and future uses that require reasonable regulation. The event is also an opportunity to learn in more detail from experts in biometrics and understand how the technology works in practice. 

Biometrics Implementers in the Private Sector, Government, Civil Society

These are organizations who buy biometrics technology solutions from companies to use in their day-to-day operations. They apply the technology either for authentication (checking someone matches an enrolled identity) or for identification. TBW provides an opportunity to share how and why they use biometric products to solve operational needs and explain more about their reasoning. 
​The event is also an opportunity to learn more details of how the technology works from the researchers, and to hear more about concerns regarding misuse and overuse. 

Technologists Working in Related Areas

There are a range of neighboring technologies and systems often used in conjunction with Biometrics, including identity and access management. TBW provides an opportunity to learn from a  range of stakeholders involved in biometrics technology, and to share perspectives about how neighboring technologies interact with biometrics.  

I first was exposed to biometrics at scale when I was working within the National Strategy for Trusted Identities in Cyberspace – Identity Ecosystem Steering Group that would host meetings “next to” biometric industry conferences. They were really kinda freaky for the technology presented and how I imagined it all being used.

I still have a very cautionary attitude towards biometrics technology however I am not scared of them in part because I have met folks who work more closely with and deepened my understanding.

In the fall of 2020 I proposed to Jack Callahan. We put on the first Thoughtful Biometrics workshop in March 2021. Now we are organizing the 2nd one coming up March 16, 2023. It is virtual and online. Learn more here and Register!

This is explanation of Biometrics I wrote for the workshop.

The term “biometrics” comes from two roots:  

bio meaning biological life + metrics meaning measurement

Therefore, it is defined as the measurement of biological characteristics. Every person has unique bodily or physical (biological) characteristics, and these can be measured, described and recorded or documented in various ways. Once documented they can be compared for identification or authentication purposes. 

Biometrics existed well before the creation of digital computers. For example, fingerprints have been collected and compared to establish identity since the mid-1800’s, and photographs used on documents such as passports starting about 100 years ago. 

Digital technology and other key innovations over the last 40 years, including advances in computer vision, algorithmic processes, and matching algorithms have expanded biometrics deeply into our digital world. 

Types of biometrics

All biometric modalities are basically two types; physiological and behavioral.

Examples of physiological biometrics include fingerprint, iris, retina, face, palm, and vein recognition. Examples of behavioral biometrics include signature and voice recognition.

APPLICATIONS OF BIOMETRICS:

1:1 matching for authentication:

Looking at a biometric associated with a particular person or record and seeing if the person presenting a sample of their biometric matches the biometric template that was previously enrolled. For example, 1:1 Matching on devices such as unlocking a phone using a fingerprint or faceprint.

Human 1:1 Matching against a document such as a passport, drivers license or other document. This can be done by a human looking at the picture and comparing, such as when you buy an age-restricted product. The clerk does a match between the document and a face along with checking the age of the person presenting the document. 

Computer 1:1 Matching against a document such as a passport, drivers license or other document. Computer vision is used to look at the person standing in front of a camera and compare them to a photo encoded on a document.

1:1 Matching against a sample enrolled in a system. An employer might have a biometric enrolled and on file to be compared to 1:1 when the employee presents themselves.

1:small n matching for authentication

This type of biometric usage involves the enrollment of a small group of people into a system. One use-case is all the people boarding a particular plane. The individuals traveling can share their photo and travel documents with the airline in the check in process. The photos are now in a gallery of a few hundred. When going to board the plane individuals can present themselves and be allowed to board after they match one of the faces in the gallery of photos of people who are passengers on the plane.

1:large n matching and identification

An important question for this mode is: does it happen in real time, or later in a forensic context?

In real time a video can capture snapshots of faces and then run the faces against a large n of potentially millions of people. If implemented on a camera on a public street, this would output a list of all the people who walked past. 

Forensic use of biometrics really began over a century ago with fingerprint matching. Fingerprints lifted from crime scenes were compared with fingerprint records of people. This is still done today but with electronic systems doing the matching. For forensic facial recognition, images of people are captured in retrospect from video or still photographs from a crime scene. These are compared with large data sets of images of people along with their names. 

EXAMPLES OF OTHER PLACES WE USE BIOMETRICS

Smart Speakers

Voice recognition goes beyond understanding speech; some devices are able to distinguish between people based on a pre-enrolled voice print. We could also see databases of voice prints created to compare samples against, much like we have photos of people being compared using facial recognition algorithms.

Wearable Sensors for Health tracking

There are more and more devices that use sensors to track things like heart rate, temperature, or oxygen levels. These devices in the form of rings, watches, bracelets, etc. record and share this information.

Augmented Reality (AR) and Virtual Reality (VR) Devices

AR and VR work with sensors that track head location and movements, eye movement and focus, facial expressions, hand movements, heart rate and even perspiration.  

We may have missed some biometrics use-cases –  feel free to reach out and share more! 

Infominer and I have been publishing the weekly Identosphere Newsletter and Summary of all that is happening Self-Sovereign and Decentralized Identity.

These are ways you can contribute a one time end of the year contribution:

Prices
	$500 $500.00 USD
	$1000 $1,000.00 USD
	$1500 $1,500.00 USD
	$2000 $2,000.00 USD
 

Or subscribe with a contribution every month this button will take you to a page where you can pick a monthly contribution amount.

You can also choose to pay monthly via Patreon.

Or you can reach out to Kaliya and ask for an invoice kaliya@identitywoman.net

Today, Sept 8th, the FTC held a Public Forum on commercial surveillance and data security and I made a public comment that you can find below.

I think the community focused on SSI should collaborate together on some statements to respond to the the FTC advance notice of proposed rulemaking related to this and has a series of 95 questions (in federal register or on the FTC site) that it invites written public comment on by October 21st. Here is a 3 page fact sheet about what they are focused on.

The Federal Trade Commission (“FTC”) is publishing this advance notice of proposed rulemaking (“ANPR”) to request public comment on the prevalence of commercial surveillance and data security practices that harm consumers. Specifically, the Commission invites comment on whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies collect, aggregate, protect, use, analyze, and retain consumer data, as well as transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive.

– federal register

Here are my Comments:

Thank you, My name is Kaliya Young and my online handle is “Identity Woman” – I have been working for 20 years on the challenge of how people can control and represent their digital selves online with dignity and be empowered. I co-founded the Internet Identity Workshop in 2005 and continue to convene it every 6 months. 

A lot of of the questions put forward relate to regulating these “bad things” happening by companies to people. I also encourage the FTC to take a forward looking approach by consider the work of values based technical communities working on alternative mechanics for data sharing between consumers and companies. 

Two projects I advise Dazzel Dao and JLINX are seeking to end surveillance capitalism via open standards and open source tools to: 

1. Give people tools collect of data that they generate in the digital world
2. Being able organize and get value from THEIR data from a range of sources 
3. and ways to share data under the consumer’s control with companies they trust in with new mechanisms to technically withdraw consent for having the information. 

Rule making should support these positive constructive efforts of ethical technologists. 

—————-

The risk of technology are often not seen until it is too late – I want to bring the Commissioners attention to a key issue that they could help with under the rule making related to data security as it relates to digital wallets – needed for the exchange and sharing of data between consumers and companies via protocols like Verifiable Credentials. 

There is a very real risk that because two companies control the mobile handset operating systems – Apple and Google – the will work to limit access to the APIs within the phone  preventing any wallets created by other companies working well.  

This doesn’t have to happen and the risk of it happening will be reduced if the FTC gets involved to ensure a level playing field for wallet makers – and ensuring consumers will have a choice of who they trust with the sensitive data about who they transact with across the digital world. Thank you.