Musings from the IIW30

There are opportunities with SSI. And it needs to be tempered with data governance methods.

Internet Identity Workshop

The IIW30 was my first time attending it. As it happens the COVID-19 pandemic ensured that it was an online-only event. The session notes are available here and they establish the underlying refrain of the conversations - that there are still large gaps in between the theory and practice of Self-Sovereign Identity (SSI). A number of the implementation centric talks/presentations were focused on how the value proposition of SSI and Verifiable Credentials (VCs) would be immediately consumption ready.

The purist view of SSI and VCs include the availability of smart devices, internet and a higher degree of awareness of data values. The consumer base which exists in a reasonably regulated system with specific data management regulations is more likely to appreciate the convenience provided through adoption of “trust-less trust”. In this context do read about the emerging work on LESS Identity - a term which Tim Bouma talks about.

Juan Caballero’s note on lessons from the IIW30 is a good ring side view of the proceedings. With a number of talks, conversations and presentations around use cases which make sense, Juan deftly highlights the strong focus around education and the academia which formed a good part of the issues being discussed at the event. Unsurprisingly enough the thrust and heft of the conversations at IIW30 were from developed nations and societies where the regulations tend to veer towards well established principles. It is important to find and create space for work that originates from developing nations which face the twin challenges of requiring to create a regulatory approach which provides the basis for the technology architecture. The danger of technology fetishism is high in absence of good and durable regulations which are created through an inclusive process.

Opportunities

I think there is tremendous opportunity to put in context of law, data ethics, governance and technical policy all the work that is being undertaken in India around the technological constructs of distributed ledger technologies, verifiable digital credentials and digital identity. In absence of these the chances that implementations of technology become inadvertent extensions of a coercive state. The interplay of these topics make it paramount to have good methods and frameworks of assessments.

The plans emerging from the Sovrin Foundation and the just initiated work of the Trust Over IP Foundation are important in the context of creating network-of-network effects across the world. Particularly, the need to create and make popular the templates of governance and rules would lower the floor for ecosystems which want to be quickly integrated into the systems which already use verifiable data exchange routines. On that note, Samuel Smith’s note on meta platforms is worth a read. Also, in line with “data is the new oil”, it is important to keep framing the exchange economics of data in a model that is dynamic and is absolutely pinned on intrinsic values.

Data and Trust Framework

Emily Fry and Elizabeth M. Renieris make a case around the higher need for data portability based on a trust framework. They state

“One example of an emerging legal solution to solve for the non-technical dimensions of full data portability is the notion of a trust framework. A trust framework necessarily lifts cryptographic and other technical trust mechanisms into a coherent set of legal, business, technical (and we argue, ethical) rules. Its purpose can be boiled down quite simply—to ensure that technical tools are developed and deployed in a manner that does in fact support the coherent individual end-user experience and legal protections we all want.”

A trust framework is an immediate need in context of emerging methods of mining and extracting data allow for data processing and contextualising at an unprecedented scale. In this context “The Economic Value of Decentralized Identity” is a good series. SSI promises a degree of self-governance of data using constructs of technology. However, reality states that regulations and state policies can exert a deeply harmful coercion when identity artefacts are linked to digital wallets. Aside from the issue of correlation and thus de-anonymisation, such linkage can and has the potential to bring about unintended consequences. For more on the topic of privacy and boundary management, follow this link.

Lastly, there is a possibility that better designs for privacy will emerge for public-service applications. In light of contact tracing (and especially Aarogya Setu) this paper (“An operational architecture for privacy-by-design in public service applications”) is a relevant read about the merits of an approach along those lines.

New World Order

The effects of COVID-19 will take some time to be normalized. But as it has changed the way the world works, this podcast episode (featuring Joe McCann) is a conversation starter about the New World Order.