diff --git a/_posts/government/usa/2020-01-11-usa.md b/_posts/government/usa/2020-01-11-usa.md index c7bff35b..312bfc26 100644 --- a/_posts/government/usa/2020-01-11-usa.md +++ b/_posts/government/usa/2020-01-11-usa.md @@ -10,7 +10,33 @@ tags: ["USA","California","Illinois","Wyoming","Verifiable Credentials","DHS","W last_modified_at: 2023-06-06 --- -## Digital Identity +* [USPTO: CIO Jamie Holcombe](https://www.spreaker.com/user/13158652/uspto-cio-jamie-holcombe) 2021-01-04 + > CIO Jamie Holcombe says identity verification with blockchain might be in the future for USPTO and talks about navigating changes in policy & law when considering a distributed ledger to store patents & trademarks. Among the interesting questions: do we start with patent #1 (applicant: George Washington)? +* [Foster Introduces Bipartisan Digital Identity Legislation](https://foster.house.gov/media/press-releases/foster-introduces-bipartisan-digital-identity-legislation) 2020-08-11 + > - Establish a task force made up of key federal agencies and state representatives. + > - Direct NIST to create a new framework of standards to guide agencies in implementing identity systems. + > - Establish a grant program within the DHS to support states in upgrading. + +## White House +* [The White House’s Future of the Internet is Available Today](https://indicio.tech/the-white-houses-future-of-the-internet-is-available-today/) 2022-04-29 Indicio Tech + > The Biden administration, in coordination with 60 other countries, on Thursday unveiled a “[Declaration for the Future of the Internet](https://www.whitehouse.gov/briefing-room/statements-releases/2022/04/28/fact-sheet-united-states-and-60-global-partners-launch-declaration-for-the-future-of-the-internet/)” that “reclaims the promise of the Internet in the face of the global opportunities and challenges presented by the 21st century.” 2022-04-28 +* [A Collaborative Approach to Meeting the Challenges in President Biden’s Executive Order on Improving US Cybersecurity](https://www.oasis-open.org/2021/06/14/a-collaborative-approach-to-meeting-the-challenges-in-president-bidens-executive-order-on-improving-us-cybersecurity/) 2021-06-14 + > One key aspect outlined in Section 4 of the Executive Order (EO) is securing the software supply chain. At issue here is the reality that the U.S. federal government—like nearly any other organization on the planet that uses computer technology in any form—relies on not just one but numerous types of software to process data and run operational equipment. +* [Recognizing Digital Identity as a National Issue](https://www.pingidentity.com/en/resources/blog/post/digital-identity-national-issue.html) 2021-06-14 + > we dove into creating a centralized and holistic approach to protecting and regulating identity in the United States and the specifics of why digital identity and cybersecurity are national issues that the private sectors simply cannot tackle on their own. Here are some of the key takeaways. +* [Industry Implications of Executive Order on Improving the Nation’s Cybersecurity](https://www.wileyconnect.com/Industry-Implications-of-EO-on-Improving-the-Nations-Cybersecurity) 2021-06-03 + > President Biden’s recent issuance of the highly anticipated Executive Order on Improving the Nation’s Cybersecurity (EO or Order), in the midst of high-profile cyber-attacks on the Nation, brought new challenges to organizations looking to secure their cyber defenses. In this multipart podcast series, Wiley's Government Contracts, Telecom, Media & Technology (TMT), and Privacy, Cyber & Data Governance attorneys provide a high-level overview of the Order. +* [Zero Trust Architecture in the White House Executive Order on Cybersecurity](https://lists.w3.org/Archives/Public/public-credentials/2021May/0062.html) 2021-05-14 Adrian Gropper + > Please read Section 3 in the EO + > […] + > It may be time for us to explain Zero-Trust Architecture relationship to VCs and DIDs. My not-so-hidden agenda includes priority for considering authorization and delegation in our protocol work but our diverse community of security experts will surely make this a much broader discussion. +* [Executive order on Improving the Nations Cybersecurity](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/) 2021-05-12 + > Sec. 3.  Modernizing Federal Government Cybersecurity. + > + > (a)  To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties.  The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals. + +## Digital Immigration Credentials + * [Jeremy Grant @jgrantindc](https://twitter.com/jgrantindc/status/1567531428707024899) 2022-09-07 > USCIS make public announcement about their plants to use Verifiable Credentials for Immigration credentials > @@ -19,73 +45,86 @@ last_modified_at: 2023-06-06 > (https://lnkd.in/eWSc3RYA) about how digital immigration credentials using W3C Verifiable Credentials and W3C Decentralized Identifiers are a critical part of their ongoing work on digitizing the U.S. Citizenship and Immigration processes! * [US Digital Immigration Credentials Overview](https://www.slideshare.net/aniltj/us-digital-immigration-credentials-overview) 2022-12-13 > USCIS Presentation at the 2022 Fed ID Conference on Using W3C VCs and W3C DIDs for Digital Immigration Credentials -* [Foster Introduces Bipartisan Digital Identity Legislation](https://foster.house.gov/media/press-releases/foster-introduces-bipartisan-digital-identity-legislation) 2020-08-11 - > - Establish a task force made up of key federal agencies and state representatives. - > - Direct NIST to create a new framework of standards to guide agencies in implementing identity systems. - > - Establish a grant program within the DHS to support states in upgrading. -* [January Walker (UT04) on the Future of Self-Sovereign Identity](https://web3domains.com/january-walker-ut04-on-the-future-of-self-sovereign-identity/) Web3 Domains - > There are so many things that build into your identity and you’ll take all this information and it’ll be issued to you through a decentralized ID. These wallets will have layers of protection that protect your information, like your Social Security number or your birth certificate, or your marriage license. You’ll have this extra layer of protection when you need to prove your identity, and this could apply to a passport as well. -* [A Collaborative Approach to Meeting the Challenges in President Biden’s Executive Order on Improving US Cybersecurity](https://www.oasis-open.org/2021/06/14/a-collaborative-approach-to-meeting-the-challenges-in-president-bidens-executive-order-on-improving-us-cybersecurity/) 2021-06-14 - > One key aspect outlined in Section 4 of the Executive Order (EO) is securing the software supply chain. At issue here is the reality that the U.S. federal government—like nearly any other organization on the planet that uses computer technology in any form—relies on not just one but numerous types of software to process data and run operational equipment. ## Personal Data Privacy * [2 Signs the US is Getting Tougher on Data Privacy Regulation](https://anonyome.com/2022/09/2-signs-the-us-is-getting-tougher-on-data-privacy-regulation/) 2022-09 Anonyme > I know almost everyone can probably find something that they wished were different in the bill [ADPPA]. On the other hand, I do think we have a band-aid for the American people who are just fed up with the lack of privacy online * [What is the American Data Privacy and Protection Act?](https://identityreview.com/what-adppa-american-data-privacy-protection-act/) 2022-06-20 IdentityReview > If a business has had an annual revenue less than “$41 million, did not collect or process the data of more than 100,000 individuals, and did not derive more than 50% of revenue from transferring personal information” in the last three years, they are not considered a covered entity in this bill. -* [Executive Order on Ensuring Responsible Development of Digital Assets](https://www.whitehouse.gov/briefing-room/presidential-actions/2022/03/09/executive-order-on-ensuring-responsible-development-of-digital-assets/) White House - President Biden - > We must promote access to safe and affordable financial services.  Many Americans are underbanked and the costs of cross-border money transfers and payments are high.  The United States has a strong interest in promoting responsible innovation that expands equitable access to financial services, particularly for those Americans underserved by the traditional banking system, including by making investments and domestic and cross-border funds transfers and payments cheaper, faster, and safer, and by promoting greater and more cost-efficient access to financial products and services.  The United States also has an interest in ensuring that the benefits of financial innovation are enjoyed equitably by all Americans and that any disparate impacts of financial innovation are mitigated. -* [A US National Privacy Law Looks More Likely Than Ever](https://anonyome.com/2021/04/a-us-national-privacy-law-looks-more-likely-than-ever/) +* [A US National Privacy Law Looks More Likely Than Ever](https://anonyome.com/2021/04/a-us-national-privacy-law-looks-more-likely-than-ever/) 2021-04 - [Consumer Online Privacy Rights Act (COPRA)](https://www.cantwell.senate.gov/imo/media/doc/COPRA%20Bill%20Text.pdf) (Democrats) > Sponsored in November 2019 by Democratic Senator Maria Cantwell of Washington, this bill is [considered by some](https://www.darkreading.com/endpoint/what-a-federal-data-privacy-law-would-mean-for-consumers/a/d-id/1340433) to be “GDPR-esque” and more consumer than business friendly. - [Setting an American Framework to Ensure Data Access, Transparency and Accountable Ability Act (SAFE DATA Act)](https://www.commerce.senate.gov/services/files/BD190421-F67C-4E37-A25E-5D522B1053C7)) (GOP) > Combining three previous bills, the SAFE DATA Act is [considered by some](https://www.darkreading.com/endpoint/what-a-federal-data-privacy-law-would-mean-for-consumers/a/d-id/1340433) as more “business friendly”. - [Information Transparency and Personal Data Control Act](https://delbene.house.gov/news/documentsingle.aspx?DocumentID=2740) – > Re-introduced by Congresswoman Suzan DelBene (WA-01) for the fourth time (the latest on March 10, 2021), [this bill](https://delbene.house.gov/news/documentsingle.aspx?DocumentID=2740) “… protects personal information including data relating to financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, Social Security Numbers, and religious beliefs. It also keeps information about children under 13 years of age safe. ”Beyond this it requires businesses to write their privacy policies in simple language.“ - -## Biometrics -* [Utah State Legislature Passes Facial Recognition Bill](https://findbiometrics.com/utah-state-legislature-passes-facial-recognition-bill-030504/) - > The Utah bill, on the other hand, allows public agencies to use facial recognition as long as certain guidelines are followed. Most notably, law enforcement officers must submit a written request before performing a facial recognition search, and must be able to provide a valid reason for doing so. +* [Self-sovereign identity in the context of data protection and privacy](https://yourstory.com/2020/11/self-sovereign-identity-context-data-protection-privacy) 2020-11 YourStory +SSI Explainer + Comparison with Personal Data Protection Bill, 2019. + > From a techno-legal perspective, data protection regimes like PDPB and GDPR regulate the processing of personal data—which has a broad and evolving definition. An authoritative [paper](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3515213) on the subject classifies SSI data components into four categories — DIDs, credentials, revocation of credentials and hashes (relating to the first three). ## FTC -* [FTC proposed consent order prohibits perpetual retention of personal information](https://www.dataprotectionreport.com/2023/03/ftc-proposed-consent-order-prohibits-perpetual-retention-of-personal-information/) 2023-03-26 - > We had previously written about an FTC proposed consent order that would prohibit a company from perpetual retention of personal health information. On March 2, 2023, the FTC announced a complaint and proposed consent with BetterHelp, Inc. that would prohibit the company from perpetual retention of personal information—a broader category. Also unlike the previous matter, the FTC did not cite to the health breach notification requirements, but instead included claims only under Section 5 of the FTC Act. Under the proposed consent, BetterHelp would pay $7.8 million, which the FTC may use for consumer redress. In the Matter of BetterHelp, Inc., FTC File No. 2023169 (Mar. 2, 2023). * [FTC weighs new rules to protect Americans’ personal data](https://www.theguardian.com/us-news/2022/aug/11/ftc-new-rules-personal-data-secuirty) 2022-08-11 Guardian > The FTC is issuing an advanced notice of proposed rule-making to address commercial surveillance, the “business of collecting, analyzing, and profiting from information about people”. [...] The public can offer input on the FTC notice and the commission will hold a virtual public forum on 8 September. * [FTC announces Ed Tech prohibited from common data collection and monetization](https://me2ba.org/ftc-prohibits-data-collection-and-monetization-edtech/) 2022-05-26 Me2BA > Specifically, the FTC will be more closely monitoring all companies covered by the Children’s Online Privacy Protection Act of 1998 (COPPA), with particular attention to ed tech, to ensure that children have access to educational tools without being subject to surveillance capitalism. +* [Senate Asks FTC to Investigate ID.me for Deceptive Business Practices](https://findbiometrics.com/senate-asks-ftc-investigate-id-me-deceptive-business-practices-052004/) 2022-05-20 FindBiometrics + > The Senators’ complaints stem from comments that ID.me and CEO Blake Hall made about the nature of its facial recognition system. More specifically, they call attention to statements and a blog post in which Hall claimed that his company only performs one-to-one matching to compare a new selfie to an image on a photo ID during the identity verification process. One-to-one matching is considered to be both more accurate and more secure than alternative one-to-many solutions, since the user’s image is never cross-referenced against a larger database. * [FTC on Commercial Surveillance and Data Security Rulemaking](https://identitywoman.net/ftc-on-commercial-surveillance-and-data-security-rulemaking/) 2022-02-08 IdentityWoman > There is a very real risk that because two companies control the mobile handset operating systems – Apple and Google – the will work to limit access to the APIs within the phone preventing any wallets created by other companies working well. > > This doesn’t have to happen and the risk of it happening will be reduced if the FTC gets involved to ensure a level playing field for wallet makers – and ensuring consumers will have a choice of who they trust with the sensitive data about who they transact with across the digital world. Thank you. - +* [We Applaud the Confirmation of New FTC Commissioner, Alvaro Bedoya](https://me2ba.org/we-applaud-the-confirmation-of-new-ftc-commissioner-alvaro-bedoya/) 2022-05-13 Me2Ba + > Bedoya’s research has shined a light on digital surveillance and its impact on people of color, immigrants, and the working class. He founded the [Center on Privacy & Technology](https://www.law.georgetown.edu/privacy-technology-center/) at Georgetown Law to focus on the importance of consumer privacy rights. +* [FTC proposed consent order prohibits perpetual retention of personal information](https://www.dataprotectionreport.com/2023/03/ftc-proposed-consent-order-prohibits-perpetual-retention-of-personal-information/) 2023-03-26 + > We had previously written about an FTC proposed consent order that would prohibit a company from perpetual retention of personal health information. On March 2, 2023, the FTC announced a complaint and proposed consent with BetterHelp, Inc. that would prohibit the company from perpetual retention of personal information—a broader category. Also unlike the previous matter, the FTC did not cite to the health breach notification requirements, but instead included claims only under Section 5 of the FTC Act. Under the proposed consent, BetterHelp would pay $7.8 million, which the FTC may use for consumer redress. In the Matter of BetterHelp, Inc., FTC File No. 2023169 (Mar. 2, 2023). ## Crypto +* [Executive Order on Ensuring Responsible Development of Digital Assets](https://www.whitehouse.gov/briefing-room/presidential-actions/2022/03/09/executive-order-on-ensuring-responsible-development-of-digital-assets/) 2022-03-09 White House - President Biden + > We must promote access to safe and affordable financial services.  Many Americans are underbanked and the costs of cross-border money transfers and payments are high.  The United States has a strong interest in promoting responsible innovation that expands equitable access to financial services, particularly for those Americans underserved by the traditional banking system, including by making investments and domestic and cross-border funds transfers and payments cheaper, faster, and safer, and by promoting greater and more cost-efficient access to financial products and services.  The United States also has an interest in ensuring that the benefits of financial innovation are enjoyed equitably by all Americans and that any disparate impacts of financial innovation are mitigated. * [The Infrastructure Bill and What it Holds for Crypto](https://selfkey.org/the-infrastructure-bill-and-what-it-holds-for-crypto/) 2021-08-30 SelfKey Foundation > Reports state that an amendment to the bill is unlikely when it is discussed during the autumn session. Moreover, the treasury has reportedly said it would provide clarifying guidance after the bill is passed to allow exemptions to firms that do not actually operate as brokers. The reported clarification from the Treasury is potentially a welcome sign that would improve the morale of the crypto community regarding the proposed bill. * [New Directions for Government in the Second Era of the Digital Age](https://www.blockchainresearchinstitute.org/new-directions-for-government-in-the-second-era-of-the-digital-age/) 2021-02-05 Kuppinger Cole > The [Blockchain Research Institute™](https://www.blockchainresearchinstitute.org/), in collaboration with the Washington DC based [Chamber of Digital Commerce](https://digitalchamber.org/) and other experts have produced a 120-page report on how the Biden-Harris administration could reimagine US technology strategy and policy—and take action to implement it. -## IRS -* [IRS Using Facial Scanning](https://www.windley.com/archives/2022/01/irs_using_facial_scanning.shtml) Phil Windley - > The IRS will use ID.me's authentication and identity proofing service exclusively starting sometime this summer. The identity proofing portion employs facial scanning by a third party, causing some concern. -* [IRS Will Soon Require Selfies for Online Access](https://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/) Krebs on Security - > If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me -* [THE IRS AND ID.ME: PRIVACY OPTIONAL](https://trustoverip.org/blog/2022/02/15/the-irs-and-id-me-privacy-optional/) Trust Over IP - > While it is not clear why the IRS would relinquish this extremely sensitive capability in its entirety to a single, private-sector entity using a proprietary solution, there are clues +### FATF -## New York +* [Three Key Takeaways from the FATF’s Latest 12-Month Review on Virtual assets](https://www.elliptic.co/blog/3-key-takeaways-from-the-fatfs-latest-12-month-review-on-virtual-assets) 2021-07-05 Elliptic + > Financial Action Task Force (FATF), the global standard-setter for anti-money laundering and countering the financing of terrorism (AML/CFT), released its second 12-month review on virtual assets (You can read our summary of its first report from July 2020 report here). +* [What Are the Six Key Areas of the FATF Consultation?](https://www.elliptic.co/blog/six-key-areas-of-the-fatf-consultation) 2021-04-16 Elliptic + > On March 19th, Paris-based Financial Action Task Force (FATF), the global standard-setting body for anti-money laundering and counter-terrorism finance (AML/CFT), released its [Draft Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers](https://www.fatf-gafi.org/media/fatf/documents/recommendations/March%202021%20-%20VA%20Guidance%20update%20-%20Sixth%20draft%20-%20Public%20consultation.pdf). Or, in compliance acronym speak the FATF's draft guidance for its RBA to VAs and VASPs. +* [FATF and Global Crytpto Regulatory News](https://www.elliptic.co/blog/fatf-concludes-its-annual-plenary-session) 2021-03-03 + > The Financial Action Task Force (FATF) [held](https://www.fatf-gafi.org/publications/fatfgeneral/documents/outcomes-fatf-plenary-february-2021.html) its winter Plenary session on 22nd, 24th, and 25th February and welcomed over 205 delegates to its third virtual conference since the start of the pandemic. +* [DeFi regulation must not kill the values behind decentralization](https://cointelegraph.com/news/defi-regulation-must-not-kill-the-values-behind-decentralization) 2021-08-22 Cointelegraph + > Financial Action Task Force (FATF) recently [proposed](https://www.fatf-gafi.org/publications/fatfrecommendations/documents/public-consultation-guidance-vasp.html) guidelines making it clear that “The owner/operator(s) of the DApp likely fall under the definition of a VASP [virtual asset service provider] [...] even if other parties play a role in the service or portions of the process are automated. +* [State of Crypto: FATF's New Guidance Takes Aim at DeFi](https://www.coindesk.com/fatfs-new-guidance) 2021-03-30 Coindesk + > FATF’s new draft guidance, published on March 19, now draws a distinction between fungible tokens and non-fungible tokens (NFTs), adds descriptors for decentralized exchanges and decentralized finance (DeFi) and specifies who might be held liable for enforcing KYC requirements for DeFi platforms, according to my colleague Ian Allison: + +## IRS + +* [THE IRS AND ID.ME: PRIVACY OPTIONAL](https://trustoverip.org/blog/2022/02/15/the-irs-and-id-me-privacy-optional/) 2022-02-15 Trust Over IP + > While it is not clear why the IRS would relinquish this extremely sensitive capability in its entirety to a single, private-sector entity using a proprietary solution, there are clues +* [Rough Seas Ahead People](https://www.moxytongue.com/2022/01/rough-seas-ahead-people.html) 2022-01 MoxyTongue +from the man who invented the term Self-Sovereign Idenitty, ID.me and the IRS. + > Humanity does not come into existence inside a database. The American Government does not come into authority "of, by, for" database entries. + > + > People prove birth certificates, birth certificates do not prove people. +* [IRS Using Facial Scanning](https://www.windley.com/archives/2022/01/irs_using_facial_scanning.shtml) 2022-01 Phil Windley + > The IRS will use ID.me's authentication and identity proofing service exclusively starting sometime this summer. The identity proofing portion employs facial scanning by a third party, causing some concern. +* [IRS Will Soon Require Selfies for Online Access](https://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/) 2022-01 Krebs on Security + > If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me + +## States + +### [California]({%link _posts/government/usa/2020-12-04-california.md %}) +### New York * [Excelsior Pass Plus to be recognized out of state, internationally](https://www.wgrz.com/article/news/local/excelsior-pass-plus-to-be-recognized-out-of-state-internationally/71-434f8c6f-cbac-4d61-a732-ac0e0769efa3) WGRZ > Excelsior Pass Plus will be compatible with the globally recognized SMART Health Cards Framework developed by VCI. VCI is a coalition of 570 public and private organizations including major health networks and Microsoft. -## California - -* [Blockchain in California](https://www.govops.ca.gov/wp-content/uploads/sites/11/2020/07/BWG-Final-Report-2020-July1.pdf) - > Blockchain technology has captured the attention of individuals far beyond the circles of computer scientists and cryptocurrency enthusiasts that initially sparked its development. The themes of distributed authority, decentralized governance, self-sovereign identity, and data privacy appeal to those who favor reducing hierarchy and increasing personal agency. The field has evolved in recent years to explore applications in the public sector and in private enterprise where regulation is a consideration. -* [CA’s 2020 Blockchain Legislative Roundup](https://blockadvocacy.medium.com/cas-2020-blockchain-legislative-roundup-89cdd3bad25c) - > AB 2004 (Calderon, Whittier) marked the first time verifiable credentials saw legislative debate. The bill to allow the use of verifiable credentials for covid-19 test results and other medical records made it through both houses with bipartisan support. Due to state budget restraints, it was ultimately vetoed, however the concept gained significant legislative momentum quickly. We are actively working on our strategy for verifiable credentials policy next year. +### Austin, TX +* [City of Austin dabbling in SSI](https://github.com/cityofaustin/lifefiles-project/wiki/blockchain-report) 2020-03 + > Many folks within the identity space see VC infrastructure as the future of identification. If much of our online identity is reputation based, then VCs represent a formal method for linking reputations and vouching for others to form a web of trust within which individuals are able to conduct identity transactions in a less centralized way. ### Illinois @@ -95,12 +134,19 @@ last_modified_at: 2023-06-06 ### Wyoming -

In the morning session I shared about establishing a legal template for DAOs using Wyoming LLCs, but the real interesting discussions for me was on a legal definition for Digital Identity & Self-Sovereign Identity #SSI that started at the 2h39m mark: https://t.co/rdv9eih5tP

— Christopher Allen (@ChristopherA) September 23, 2020
- +* [Principal Authority](https://www.blockchaincommons.com/articles/Principal-Authority/) 2021-09-15 Blockchain Commons + > Principal Authority focuses not just on a single person’s authority to act digitally, but also on their ability to delegate to and require duties from other entities. In other words, these peer-to-peer relationships works within the context of a state who recognizes the concept of Principal Authority. Thus the use of Principal Authority to empower Self-Sovereign Identity provides a legal foothold for many of the original 10 #SSI principles. It also suggests five additional duties that are generally defined under the Laws of Agency to be due from agents to Principals. * [2020 Select Committee on Blockchain, Financial Technology and Digital Innovation Technology](https://www.wyoleg.gov/Committees/2020/S19) - Click on 11/2/2020 meeting details, and find the discussion on Disclosure of private cryptographic keys @ 9:30 am. -## See Also +

In the morning session I shared about establishing a legal template for DAOs using Wyoming LLCs, but the real interesting discussions for me was on a legal definition for Digital Identity & Self-Sovereign Identity #SSI that started at the 2h39m mark: https://t.co/rdv9eih5tP

— Christopher Allen (@ChristopherA) September 23, 2020
+## Utah +* [January Walker (UT04) on the Future of Self-Sovereign Identity](https://web3domains.com/january-walker-ut04-on-the-future-of-self-sovereign-identity/) 2022-09-03 Web3 Domains + > There are so many things that build into your identity and you’ll take all this information and it’ll be issued to you through a decentralized ID. These wallets will have layers of protection that protect your information, like your Social Security number or your birth certificate, or your marriage license. You’ll have this extra layer of protection when you need to prove your identity, and this could apply to a passport as well. +* [Utah State Legislature Passes Facial Recognition Bill](https://findbiometrics.com/utah-state-legislature-passes-facial-recognition-bill-030504/) 2021-03-05 + > The Utah bill, on the other hand, allows public agencies to use facial recognition as long as certain guidelines are followed. Most notably, law enforcement officers must submit a written request before performing a facial recognition search, and must be able to provide a valid reason for doing so. + +## See Also ### [Department of Homeland Security]({{ site.baseurl }}/government/usa/dhs/) The Department of Homeland Security began funding work into blockchain credentials around 2016 with it's Silicon Valley Innovation (SVIP) and Small Business Innovation Research (SBIR) Programs diff --git a/_posts/government/usa/2020-12-04-california.md b/_posts/government/usa/2020-12-04-california.md new file mode 100644 index 00000000..fdb2e67a --- /dev/null +++ b/_posts/government/usa/2020-12-04-california.md @@ -0,0 +1,130 @@ +--- +date: 2020-12-04 +title: "California: SSI, Policy, Blockchain, and Vaccine Records" +description: Blockchain, Verifiable Credentials, Policy, Smart Healthcard Framework, and other information related to SSI in the state of California +excerpt: > + The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including: + - The right to know about the personal information a business collects about them and how it is used and shared; + - The right to delete personal information collected from them (with some exceptions); + - The right to opt-out of the sale of their personal information; and + - The right to non-discrimination for exercising their CCPA rights. + Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers. +category: ["Government"] +tags: ["USA","CCPA","California","IAB","IAPP","CPRA","SMART Health Card","Covid 19","Trust Framework"] +permalink: government/usa/california +redirect_from: + - /government/usa/regulations/california/ccpa/ +last_modified_at: 2020-06-10 +--- + +* [VCs Policy Committeee (California) – Participate in passing legislation to create a California Trust Framework!](https://iiw.idcommons.net/21B/_(California)_Verifiable_Credentials_Policy_Committeee_-_Come_learn_about_how_participate_in_passing_legislation_to_crete_a_California_Trust_Framework!) 2021-05-06 IIW, IDcommons Kaliya Young, Ally Medina [Slides](https://docs.google.com/presentation/d/1VyxmWan3qbxynxhKvw1CHhWZINiPRF9gjeqSCSDh1MY/edit?usp=sharing) + > discussed how the Blockchain Advocacy Coalition’s sponsorship of [AB 2004](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB2004) pushed verifiable credentials into mainstream political discourse and how companies can help us shape public policy and government pilot programs of Verifiable Credential technology. + > + > We are planning on working with legislators to introduce a bill that creates a California Trust Framework and lays the groundwork for use of the technology in the public and private sector. + +## Blockchain +* [California Legalizes Blockchain-based Vital Records](https://mobileidworld.com/california-legalizes-blockchain-based-vital-records-410031/) 2022-10-03 MobileDataWorld + > As [an abstract of the bill](https://trackbill.com/bill/california-senate-bill-786-county-birth-death-and-marriage-records-blockchain/2043852/) explains, while existing law requires such records “to contain certain information and to be printed on chemically sensitized security paper, as specified,” the new legislation enables a county recorder to, upon request, issue a birth, death, or marriage record “by means of verifiable credential, as defined, using blockchain technology, defined as a decentralized data system, in which the data stored is mathematically verifiable, that uses distributed ledgers or databases to store specialized data in the permanent order of transactions recorded.” +* [California Moves Forward to Allow Vital Records to be Issued on Blockchain](https://www.coindesk.com/policy/2022/09/29/california-moves-forward-to-allow-vital-records-to-be-issued-on-blockchain/) Coindesk 2022-09-29 + > [approved another on Wednesday](https://www.gov.ca.gov/2022/09/28/governor-newsom-issues-legislative-update-9-28-22/) that instructs county records offices to [allow for the use of blockchain technology](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202120220SB786) and verifiable credentials. The technology would be established in the distribution of birth, death and marriage records, allowing PDFs to be sent immediately rather than using a typical 10-day postal delivery. 2022-09-28 +* [Soulbound Tokens, Trust Networks, and California's Big Test](https://wrenchinthegears.com/2022/05/28/soulbound-tokens-trust-networks-and-californias-big-test/) 2022-05-28 Wrenchinthegears + > California [SB1190](https://sd18.senate.ca.gov/news/342022-hertzberg-announces-new-blockchain-legislation-creating-%E2%80%9Ccalifornia-trust-framework%E2%80%9D) that would establish a “Trust Framework” at the state level. This bill was introduced to the state senate in early March by Robert Hertzberg, close friend of Los Angeles billionaire investor Nicholas Berggruen +* [Crypto Regulatory Affairs: Governor of California Signs Blockchain Executive Order](https://www.elliptic.co/blog/crypto-regulatory-affairs-governor-of-california-signs-blockchain-executive-order) 2022-05-09 Elliptic + > On May 4th, California Governor Gavin Newsom signed into effect a [“Blockchain Executive Order”](https://www.gov.ca.gov/2022/05/04/governor-newsom-signs-blockchain-executive-order-to-spur-responsible-web3-innovation-grow-jobs-and-protect-consumers/) + > + > “[to] assess how to deploy blockchain technology for state and public institutions, and build research and workforce development pathways to prepare Californians for success in this industry”. +* [Blockchain in California](https://www.govops.ca.gov/wp-content/uploads/sites/11/2020/07/BWG-Final-Report-2020-July1.pdf) 2020-07 + > Blockchain technology has captured the attention of individuals far beyond the circles of computer scientists and cryptocurrency enthusiasts that initially sparked its development. The themes of distributed authority, decentralized governance, self-sovereign identity, and data privacy appeal to those who favor reducing hierarchy and increasing personal agency. The field has evolved in recent years to explore applications in the public sector and in private enterprise where regulation is a consideration. +* [CA’s 2020 Blockchain Legislative Roundup](https://blockadvocacy.medium.com/cas-2020-blockchain-legislative-roundup-89cdd3bad25c) 2020-10-30 + > AB 2004 (Calderon, Whittier) marked the first time verifiable credentials saw legislative debate. The bill to allow the use of verifiable credentials for covid-19 test results and other medical records made it through both houses with bipartisan support. Due to state budget restraints, it was ultimately vetoed, however the concept gained significant legislative momentum quickly. We are actively working on our strategy for verifiable credentials policy next year. + +## Vaccine Records + +* [Welcome to the Digital Vaccine Record (DVR) portal](https://myvaccinerecord.cdph.ca.gov/) + > Get a digital copy of your vaccine record. Just enter a few details below to get a link to your COVID-19 Vaccine Record with a QR code or your California Immunization Record. Save it on your phone and use it as proof of vaccination wherever you go. +* [SMART Health Card Framework](https://vci.org/about#smart-health) 2022 +* [California unveils system to provide digital COVID-19 vaccine records](https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records) 2021-06-18 + > California has launched a COVID-19 vaccine verification system that provides digital replicas of the traditional wallet-size paper cards, in an effort that officials say will make it easier for residents to supply proof of inoculation if needed. +* [California Digital Vaccine Record based on VCs](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0191.html) 2021-06-18 Heather Vescent + > To achieve this purpose, the founding members of VCI™ have collaborated to develop (1) the SMART Health Cards Framework Implementation Guide based on the World Wide Web Consortium (W3C) Verifiable Credential and Health Level 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards: Vaccination & Testing Implementation Guide. + +## Data Broker Registry +* [Data Broker Registry](https://oag.ca.gov/data-brokers) State of California Department of Justice + > [California law requires a data broker](http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1202), as defined in California Civil Code § 1798.99.80, to register with the Attorney General on its internet website that is accessible to the public, on or before January 31 following each year in which a business meets the [definition of a data broker](https://iapp.org/news/a/california-data-broker-registrations-who-made-the-list-on-jan-31/). + > + > You can search by the name of the data broker, or simply scroll through the list + +## California Consumer Privacy Act (CCPA) +* [State of California Department of Justice - California Consumer Privacy Act (CCPA)](https://oag.ca.gov/privacy/ccpa) - Office of the Attorney General + > The [California Consumer Privacy Act of 2018 (CCPA)](http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including: + > - The right to know about the personal information a business collects about them and how it is used and shared; + > - The right to delete personal information collected from them (with some exceptions); + > - The right to opt-out of the sale of their personal information; and + > - The right to non-discrimination for exercising their CCPA rights.\ + > Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers. +* [California Consumer Privacy Act of 2018](https://iapp.org/resources/article/california-consumer-privacy-act-of-2018/) (IAPP) + > The IAPP created this html version of the CCPA in order to provide a way to easily link to specific sections when referring to them in our articles. Please feel free to use the following method to do the same. To link to specific sections, links can be copied from the table of contents. +* [Our Input to the California Privacy Protection Agency (CPPA) Pre-Rulemaking Stakeholder Sessions](https://me2ba.org/our-input-to-the-california-privacy-protection-agency-cppa-pre-rulemaking-stakeholder-sessions/) 2022-05-18 Me2BA + > California is a major center of new privacy law and regulation, creating opportunities for internet safety advocates to help design policies that will ripple out well beyond the state’s borders. Their Privacy Rights Act (CPRA), passed by ballot proposition in 2020, created the California Privacy Protection Agency (CPPA), which seems to be getting closer to initiating its first formal rulemaking process. +* [Me2BA provides human-centered recommendations to the California Privacy Protection Agency](https://internetsafetylabs.org/blog/news-press/me2ba-provides-human-centered-recommendations-to-the-california-privacy-protection-agency/) 2021-11-10 + > The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPA has full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General +* [What is the California Consumer Privacy Act (CCPA)?](https://www.logicworks.com/blog/2019/03/what-is-the-ccpa/) 2019-03 + > GDPR was implemented on May 25, 2018 to standardize the data protection law across all 28 European Union (EU) countries. It requires businesses to protect consumers’ personal data for transactions that occur within the EU and affects any US business that operates in the EU.\ + > Unlike GDPR, CCPA only applies to businesses in the state of California, not the European Union. CCPA also focuses on selling personal information for profit, whereas GDPR focuses on data ownership and rights of deletion.\ + > ![](https://i.imgur.com/7g4UdbA.png) +* [California Consumer Privacy Act](https://www.americanbar.org/groups/business_law/publications/committee_newsletters/bcl/2019/201902/fa_9/) 2019 American Bar Association + > It is obvious to even the most tech illiterate by now that regulations over data are becoming more onerous and intrusive against what was more of a wild west type scenario in the early days of data sharing. The latest proof of this is in the newly enacted General Data Protection Regulation (GDPR) in the European Union effective on May 25, 2018 (it happens to be my birthday), and in the shadow of the pending U.S. Encrypt Act, and the most recent state’s effort to tighten the data screws for which the poster child currently is California’s new regulation, California Consumer Privacy Act (CCPA) that sets the bar higher than ever before for U.S. companies regarding data privacy regulation. If the bill comes into law in its present form, which this author believes it will not, then companies doing business in the U.S. will require almost the same data privacy controls and capabilities that multinationals need to do business in the European Union require today with some rather ideological exceptions. As always, “failure to protect the data” signals the same need GDPR has for end-to-end encryption, portability, conformity, and data residency. + +### CCPA Resources + +* [California Consumer Privacy Act Info](https://ccpa-info.com/) + > Section headings have been added for convenience and are not a part of the official text. The statute reflects amendments passed in 2019. A summary of those amendments can be found on the Amendments page. +* [A quick reference guide for CCPA compliance](https://www2.deloitte.com/us/en/pages/advisory/articles/ccpa-compliance-readiness.html) 2019-05-29 Deloitte + > The California Consumer Privacy Act (CCPA) goes into effect January 1, 2020. Is your organization prepared? Discover how the General Data Protection Regulation (GDPR) has paved the way for CCPA compliance initiatives. + > ![](https://i.imgur.com/tGeU9PO.png) +* [DigitalAdvertisingAlliance Business Resources for California Consumer Privacy Act (CCPA)](https://digitaladvertisingalliance.org/ccparesources) + * [Privacy Rights Icon Creative Guidelines](https://digitaladvertisingalliance.org/DAA_style/ADS/Privacy_Rights_Icon_Creative_Guidelines.pdf) + * [Participate in the CCPA Opt Out Tool for Web and Mobile Web (California)](https://digitaladvertisingalliance.org/integrate-webchoices-ccpa) + * [Technical Description](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_Opt_Out_Tool_Technical_Description.pdf) + * [Participate in the CCPA Opt Out Tool for Apps (AppChoices)](https://digitaladvertisingalliance.org/integrate-appchoices) + * [Technical Description](https://digitaladvertisingalliance.org/DAA_style/ADS/AppChoices_CCPA_Opt_Out_User_Flow_Technical_Description.pdf) + * Frequently Asked Questions + - [Publishers](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Publishers.pdf) + - [Brands & Advertisers](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Advertisers.pdf) + - [Agencies](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Agencies.pdf) + - [AdTech Companies](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_AdTech.pdf) + +### IAB +* [IAB Releases the IAB CCPA Compliance Framework for Publishers & Technology Companies and the Limited Service Provider Agreement](https://www.iab.com/blog/ccpa-compliance-framework/) + > In an ongoing effort to promote the principles of transparency, accountability, and choice that are the basis of the California Consumer Privacy Act, today we are releasing version 1.0 of the IAB CCPA Compliance Framework for Publishers & Technology Companies, as well as the accompanying Limited Services Provider Agreement. The release of these two documents accompanies the IAB Tech Lab’s release of version 1 of the technical specifications of CCPA-related signals earlier this month. +* [IAB CCPA Compliance Framework for Publishers & Technology Companies](https://www.iab.com/guidelines/ccpa-framework/) + > The California Consumer Privacy Act (CCPA) was enacted to provide California consumers with greater transparency and control over their personal information. In many ways, the CCPA is a first of its kind law in the United States: an omnibus statute that seeks to create broad privacy and data protection rules that apply to all industries doing business in one jurisdiction, California, rather than focusing on a single sector or specific data collection and use practices. The CCPA was created in response to changing public perceptions. Users, rightfully, want to understand and have the option to exercise control over their own data. +* [Integration with IAB CCPA Framework Technical Specifications](https://support.google.com/authorizedbuyers/answer/9658888?hl=en) + > Google is not currently a signatory to the IAB Privacy’s Limited Service Provider Contract. We have however integrated with the IAB CCPA Framework v1.0 Technical Specifications in Authorized Buyers as detailed below. +* [InteractiveAdvertisingBureau/USPrivacy](https://github.com/InteractiveAdvertisingBureau/USPrivacy) + > The IAB CCPA Compliance Framework is comprised of policy and technical work to support CCPA compliance. These documents are the work product of the IAB Tech Lab’s CCPA/U.S. Privacy Technical Working Group. Policy requirements were developed by a legal affairs group at IAB in the US. The technical specifications documents refer to the guidance within IAB CCPA Compliance Framework Policies.\ + > [...]\ + > Relevant Specification Documents + > - [US Privacy String](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/US%20Privacy%20String.md) + > - [USP API](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/USP%20API.md) + > - [OpenRTB Extension for US Privacy](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/OpenRTB%20Extension%20for%20USPrivacy.md) + > - [Data Deletion Request Handling](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/Data%20Deletion%20Request%20Handling.md) + > - [CCPA reference implementation](https://github.com/InteractiveAdvertisingBureau/CCPA-reference-code) + +## CPRA + +* [The California Privacy Rights Act of 2020](https://oag.ca.gov/system/files/initiatives/pdfs/19-0021A1%20%28Consumer%20Privacy%20-%20Version%203%29_1.pdf) +* [California Privacy Rights and Enforcement Act is passed by voter ballot](https://www.pwc.com/us/en/services/consulting/cybersecurity/california-consumer-privacy-act.html) - PwC + > CPRA builds upon the California Consumer Privacy Act of 2018 (CCPA) to strengthen consumers’ privacy rights.\ + > [...]\ + > California consumers have new rights: + > - to correct their personal data + > - opt out of proximate geolocation tracking + > - browse without pop-ups\ + > Companies must: + > - minimize their retention of Californians’ personal data + > - further restrict collection and use of sensitive personal data + > - provide consumers greater transparency around “profiling” and “automated decision-making” + > - regularly assess high-risk data processors\ + > [...]\ + > **CPRA applies to personal information collected after January 1, 2022, and comes in force on January 1, 2023**. diff --git a/_posts/government/usa/regulations/2020-12-04-ccpa.md b/_posts/government/usa/regulations/2020-12-04-ccpa.md deleted file mode 100644 index a5415be0..00000000 --- a/_posts/government/usa/regulations/2020-12-04-ccpa.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -date: 2020-12-04 -title: California Consumer Privacy Act (CCPA) -description: The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. -excerpt: > - The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including: - - The right to know about the personal information a business collects about them and how it is used and shared; - - The right to delete personal information collected from them (with some exceptions); - - The right to opt-out of the sale of their personal information; and - - The right to non-discrimination for exercising their CCPA rights. - Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers. -category: ["Government"] -tags: ["USA","CCPA","California","IAB","IAPP","CPRA"] -permalink: government/usa/regulations/california/ccpa/ -header: - teaser: /images/ccpa-teaser.webp -last_modified_at: 2020-12-04 ---- - -* [State of California Department of Justice - California Consumer Privacy Act (CCPA)](https://oag.ca.gov/privacy/ccpa) - Office of the Attorney General - -> The [California Consumer Privacy Act of 2018 (CCPA)](http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including: -> - The right to know about the personal information a business collects about them and how it is used and shared; -> - The right to delete personal information collected from them (with some exceptions); -> - The right to opt-out of the sale of their personal information; and -> - The right to non-discrimination for exercising their CCPA rights.\ -Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers. -* [California Consumer Privacy Act of 2018](https://iapp.org/resources/article/california-consumer-privacy-act-of-2018/) (IAPP) - > The IAPP created this html version of the CCPA in order to provide a way to easily link to specific sections when referring to them in our articles. Please feel free to use the following method to do the same. To link to specific sections, links can be copied from the table of contents. -* [California Consumer Privacy Act](https://ccpa-info.com/) - (ccpa-info) - > Section headings have been added for convenience and are not a part of the official text. The statute reflects amendments passed in 2019. A summary of those amendments can be found on the Amendments page. -* [California Consumer Privacy Act](https://www.americanbar.org/groups/business_law/publications/committee_newsletters/bcl/2019/201902/fa_9/) (ABA) - > It is obvious to even the most tech illiterate by now that regulations over data are becoming more onerous and intrusive against what was more of a wild west type scenario in the early days of data sharing. The latest proof of this is in the newly enacted General Data Protection Regulation (GDPR) in the European Union effective on May 25, 2018 (it happens to be my birthday), and in the shadow of the pending U.S. Encrypt Act, and the most recent state’s effort to tighten the data screws for which the poster child currently is California’s new regulation, California Consumer Privacy Act (CCPA) that sets the bar higher than ever before for U.S. companies regarding data privacy regulation. If the bill comes into law in its present form, which this author believes it will not, then companies doing business in the U.S. will require almost the same data privacy controls and capabilities that multinationals need to do business in the European Union require today with some rather ideological exceptions. As always, “failure to protect the data” signals the same need GDPR has for end-to-end encryption, portability, conformity, and data residency. - -## GDPR - -* [What is the California Consumer Privacy Act (CCPA)?](https://www.logicworks.com/blog/2019/03/what-is-the-ccpa/) - > GDPR was implemented on May 25, 2018 to standardize the data protection law across all 28 European Union (EU) countries. It requires businesses to protect consumers’ personal data for transactions that occur within the EU and affects any US business that operates in the EU.\ - > Unlike GDPR, CCPA only applies to businesses in the state of California, not the European Union. CCPA also focuses on selling personal information for profit, whereas GDPR focuses on data ownership and rights of deletion.\ - > ![](https://i.imgur.com/7g4UdbA.png) - - -## Compliance - -![](https://i.imgur.com/tGeU9PO.png) - -* [A quick reference guide for CCPA compliance](https://www2.deloitte.com/us/en/pages/advisory/articles/ccpa-compliance-readiness.html) - Deloitte - > The California Consumer Privacy Act (CCPA) goes into effect January 1, 2020. Is your organization prepared? Discover how the General Data Protection Regulation (GDPR) has paved the way for CCPA compliance initiatives. -* [DigitalAdvertisingAlliance Business Resources for California Consumer Privacy Act (CCPA)](https://digitaladvertisingalliance.org/ccparesources) - * [Privacy Rights Icon Creative Guidelines](https://digitaladvertisingalliance.org/DAA_style/ADS/Privacy_Rights_Icon_Creative_Guidelines.pdf) - * [Participate in the CCPA Opt Out Tool for Web and Mobile Web (California)](https://digitaladvertisingalliance.org/integrate-webchoices-ccpa) - * [Technical Description](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_Opt_Out_Tool_Technical_Description.pdf) - * [Participate in the CCPA Opt Out Tool for Apps (AppChoices)](https://digitaladvertisingalliance.org/integrate-appchoices) - * [Technical Description](https://digitaladvertisingalliance.org/DAA_style/ADS/AppChoices_CCPA_Opt_Out_User_Flow_Technical_Description.pdf) - * Frequently Asked Questions - - [Publishers](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Publishers.pdf) - - [Brands & Advertisers](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Advertisers.pdf) - - [Agencies](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Agencies.pdf) - - [AdTech Companies](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_AdTech.pdf) - -### IAB -* [IAB Releases the IAB CCPA Compliance Framework for Publishers & Technology Companies and the Limited Service Provider Agreement](https://www.iab.com/blog/ccpa-compliance-framework/) - > In an ongoing effort to promote the principles of transparency, accountability, and choice that are the basis of the California Consumer Privacy Act, today we are releasing version 1.0 of the IAB CCPA Compliance Framework for Publishers & Technology Companies, as well as the accompanying Limited Services Provider Agreement. The release of these two documents accompanies the IAB Tech Lab’s release of version 1 of the technical specifications of CCPA-related signals earlier this month. -* [IAB CCPA Compliance Framework for Publishers & Technology Companies](https://www.iab.com/guidelines/ccpa-framework/) - > The California Consumer Privacy Act (CCPA) was enacted to provide California consumers with greater transparency and control over their personal information. In many ways, the CCPA is a first of its kind law in the United States: an omnibus statute that seeks to create broad privacy and data protection rules that apply to all industries doing business in one jurisdiction, California, rather than focusing on a single sector or specific data collection and use practices. The CCPA was created in response to changing public perceptions. Users, rightfully, want to understand and have the option to exercise control over their own data. -* [Integration with IAB CCPA Framework Technical Specifications](https://support.google.com/authorizedbuyers/answer/9658888?hl=en) - > Google is not currently a signatory to the IAB Privacy’s Limited Service Provider Contract. We have however integrated with the IAB CCPA Framework v1.0 Technical Specifications in Authorized Buyers as detailed below. - -#### GitHub - -* [InteractiveAdvertisingBureau/USPrivacy](https://github.com/InteractiveAdvertisingBureau/USPrivacy) - > The IAB CCPA Compliance Framework is comprised of policy and technical work to support CCPA compliance. These documents are the work product of the IAB Tech Lab’s CCPA/U.S. Privacy Technical Working Group. Policy requirements were developed by a legal affairs group at IAB in the US. The technical specifications documents refer to the guidance within IAB CCPA Compliance Framework Policies.\ - > [...]\ - > Relevant Specification Documents - > - [US Privacy String](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/US%20Privacy%20String.md) - > - [USP API](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/USP%20API.md) - > - [OpenRTB Extension for US Privacy](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/OpenRTB%20Extension%20for%20USPrivacy.md) - > - [Data Deletion Request Handling](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/Data%20Deletion%20Request%20Handling.md) - > - [CCPA reference implementation](https://github.com/InteractiveAdvertisingBureau/CCPA-reference-code) - - -## CPRA - -* [The California Privacy Rights Act of 2020](https://oag.ca.gov/system/files/initiatives/pdfs/19-0021A1%20%28Consumer%20Privacy%20-%20Version%203%29_1.pdf) -* [California Privacy Rights and Enforcement Act is passed by voter ballot](https://www.pwc.com/us/en/services/consulting/cybersecurity/california-consumer-privacy-act.html) - PwC - > CPRA builds upon the California Consumer Privacy Act of 2018 (CCPA) to strengthen consumers’ privacy rights.\ - > [...]\ - > California consumers have new rights: - > - to correct their personal data - > - opt out of proximate geolocation tracking - > - browse without pop-ups\ - > Companies must: - > - minimize their retention of Californians’ personal data - > - further restrict collection and use of sensitive personal data - > - provide consumers greater transparency around “profiling” and “automated decision-making” - > - regularly assess high-risk data processors\ - > [...]\ - > **CPRA applies to personal information collected after January 1, 2022, and comes in force on January 1, 2023**. diff --git a/unsorted/usa.md b/unsorted/usa.md deleted file mode 100644 index 8173bfe3..00000000 --- a/unsorted/usa.md +++ /dev/null @@ -1,134 +0,0 @@ ---- -published: false ---- - -# USA - -* [The White House’s Future of the Internet is Available Today](https://indicio.tech/the-white-houses-future-of-the-internet-is-available-today/) Indicio Tech - -The Biden administration, in coordination with 60 other countries, on Thursday unveiled a “[Declaration for the Future of the Internet](https://www.whitehouse.gov/briefing-room/statements-releases/2022/04/28/fact-sheet-united-states-and-60-global-partners-launch-declaration-for-the-future-of-the-internet/)” that “reclaims the promise of the Internet in the face of the global opportunities and challenges presented by the 21st century.” 2022-04-28 - - -* [Senate Asks FTC to Investigate ID.me for Deceptive Business Practices](https://findbiometrics.com/senate-asks-ftc-investigate-id-me-deceptive-business-practices-052004/) FindBiometrics - - -* [Recognizing Digital Identity as a National Issue](https://www.pingidentity.com/en/company/blog/posts/2021/digital-identity-national-issue.html) - > we dove into creating a centralized and holistic approach to protecting and regulating identity in the United States and the specifics of why digital identity and cybersecurity are national issues that the private sectors simply cannot tackle on their own. Here are some of the key takeaways. - -### FATF - -* [Three Key Takeaways from the FATF’s Latest 12-Month Review on Virtual assets](https://www.elliptic.co/blog/3-key-takeaways-from-the-fatfs-latest-12-month-review-on-virtual-assets) Elliptic - > Financial Action Task Force (FATF), the global standard-setter for anti-money laundering and countering the financing of terrorism (AML/CFT), released its second 12-month review on virtual assets (You can read our summary of its first report from July 2020 report here). -* [What Are the Six Key Areas of the FATF Consultation?](https://www.elliptic.co/blog/six-key-areas-of-the-fatf-consultation) Elliptic - > On March 19th, Paris-based Financial Action Task Force (FATF), the global standard-setting body for anti-money laundering and counter-terrorism finance (AML/CFT), released its [Draft Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers](https://www.fatf-gafi.org/media/fatf/documents/recommendations/March%202021%20-%20VA%20Guidance%20update%20-%20Sixth%20draft%20-%20Public%20consultation.pdf). Or, in compliance acronym speak the FATF's draft guidance for its RBA to VAs and VASPs. -* [FATF and Global Crytpto Regulatory News](https://www.elliptic.co/blog/fatf-concludes-its-annual-plenary-session) - > The Financial Action Task Force (FATF) [held](https://www.fatf-gafi.org/publications/fatfgeneral/documents/outcomes-fatf-plenary-february-2021.html) its winter Plenary session on 22nd, 24th, and 25th February and welcomed over 205 delegates to its third virtual conference since the start of the pandemic. -* [DeFi regulation must not kill the values behind decentralization](https://cointelegraph.com/news/defi-regulation-must-not-kill-the-values-behind-decentralization) Cointelegraph - > Financial Action Task Force (FATF) recently [proposed](https://www.fatf-gafi.org/publications/fatfrecommendations/documents/public-consultation-guidance-vasp.html) guidelines making it clear that “The owner/operator(s) of the DApp likely fall under the definition of a VASP [virtual asset service provider] [...] even if other parties play a role in the service or portions of the process are automated. -The potential for fraud in the growing NFT market recently attracted the [attention](https://www.coindesk.com/fatfs-new-guidance) of the Financial Action Task Force (FATF) - -## ID.me -* [Rough Seas Ahead People](https://www.moxytongue.com/2022/01/rough-seas-ahead-people.html) MoxyTongue - > Commentary from the man who invented the term Self-Sovereign Idenitty on the ID.me situation with the IRS. - > - > Humanity does not come into existence inside a database. The American Government does not come into authority "of, by, for" database entries. - > - > People prove birth certificates, birth certificates do not prove people. - -* [IPR - what is it? why does it matter?](https://identitywoman.net/ipr%e2%80%8a-%e2%80%8awhat-is-it-why-does-it-matter/) - > There is a lot of diversity in the category of future patent problems. Someone who was contributing without declaring that they hold a patent related to the work can claim they had a patent later (years after the specification is finished) and seek payment from everyone using/implementing the standard, claiming licensing rights or even lost revenue on ideas they legally own. -* [Self-sovereign identity in the context of data protection and privacy](https://yourstory.com/2020/11/self-sovereign-identity-context-data-protection-privacy/amp) YourStory - -this article deconstructs the self-sovereign identity model and examines how it stacks up against The Personal Data Protection Bill, 2019. - -* [USPTO: CIO Jamie Holcombe](https://www.federalblockchainnews.com/podcast/episode/78ad1b6f/uspto-cio-jamie-holcombe) - > CIO Jamie Holcombe says identity verification with blockchain might be in the future for USPTO and talks about navigating changes in policy & law when considering a distributed ledger to store patents & trademarks. Among the interesting questions: do we start with patent #1 (applicant: George Washington)? -* [End-To-End Encryption is Too Important to Be Proprietary](https://doctorow.medium.com/end-to-end-encryption-is-too-important-to-be-proprietary-afdf5e97822) Cory Doctorow - -End-to-end messaging encryption is a domain where mistakes matter. The current draft of the DMA imposes a tight deadline for interoperability to begin (on the reasonable assumption that Big Tech monopolists will drag their feet otherwise) and this is not a job you want to rush. -* [We Applaud the Confirmation of New FTC Commissioner, Alvaro Bedoya](https://me2ba.org/we-applaud-the-confirmation-of-new-ftc-commissioner-alvaro-bedoya/) Me2Ba - -Bedoya’s research has shined a light on digital surveillance and its impact on people of color, immigrants, and the working class. He founded the [Center on Privacy & Technology](https://www.law.georgetown.edu/privacy-technology-center/) at Georgetown Law to focus on the importance of consumer privacy rights. - -* [Zero Trust Architecture in the White House Executive Order on Cybersecurity](https://lists.w3.org/Archives/Public/public-credentials/2021May/0062.html) Adrian Gropper (Friday, 14 May) - -Please read Section 3 in the EO - -* […] - -It may be time for us to explain Zero-Trust Architecture relationship to - -VCs and DIDs. My not-so-hidden agenda includes priority for considering - -authorization and delegation in our protocol work but our diverse community of security experts will surely make this a much broader discussion. - -* [Executive Order on Improving the Nation’s Cybersecurity](https://comms.wiley.law/e/knewjcfglctwt7w/a7406307-5755-44fa-a5c5-22dd04d9e9a7) - -Sec. 3.  Modernizing Federal Government Cybersecurity. - -(a)  To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties.  The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals. - - -### Austin -* [City of Austin dabbling in SSI](https://github.com/cityofaustin/mypass-project/wiki/blockchain-report) - -Many folks within the identity space see VC infrastructure as the future of identification. If much of our online identity is reputation based, then VCs represent a formal method for linking reputations and vouching for others to form a web of trust within which individuals are able to conduct identity transactions in a less centralized way. - - -### Wyoming -#### Blockchain Commons - -* [Principal Authority](https://www.blockchaincommons.com/articles/Principal-Authority/) - > The Digital Identity Working Group for the Wyoming Select Committee on Blockchain meets again next week, on September 21-22, 2021. I will be providing testimony there at 2pm MST. As a result, we’ve decided to release the current draft of this article on digital identity and how Wyoming has defined it using Principal Authority, with the goal of helping to shape the agenda for digital identity for the next year, both in Wyoming and elsewhere. - -### California - -* [Our Input to the California Privacy Protection Agency (CPPA) Pre-Rulemaking Stakeholder Sessions](https://me2ba.org/our-input-to-the-california-privacy-protection-agency-cppa-pre-rulemaking-stakeholder-sessions/) Me2BA - -California is a major center of new privacy law and regulation, creating opportunities for internet safety advocates to help design policies that will ripple out well beyond the state’s borders. Their Privacy Rights Act (CPRA), passed by ballot proposition in 2020, created the California Privacy Protection Agency (CPPA), which seems to be getting closer to initiating its first formal rulemaking process. - -* [Data Broker Registry](https://oag.ca.gov/data-brokers) State of California Department of Justice - -[California law requires a data broker](http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1202), as defined in California Civil Code § 1798.99.80, to register with the Attorney General on its internet website that is accessible to the public, on or before January 31 following each year in which a business meets the [definition of a data broker](https://iapp.org/news/a/california-data-broker-registrations-who-made-the-list-on-jan-31/). -* [Crypto Regulatory Affairs: Governor of California Signs Blockchain Executive Order](https://www.elliptic.co/blog/crypto-regulatory-affairs-governor-of-california-signs-blockchain-executive-order) Elliptic - -On May 4th, California Governor Gavin Newsom signed into effect a [“Blockchain Executive Order”](https://www.gov.ca.gov/2022/05/04/governor-newsom-signs-blockchain-executive-order-to-spur-responsible-web3-innovation-grow-jobs-and-protect-consumers/) 2022-05-04 - -“[to] assess how to deploy blockchain technology for state and public institutions, and build research and workforce development pathways to prepare Californians for success in this industry”. - -* [Our Input to the California Privacy Protection Agency (CPPA) Pre-Rulemaking Stakeholder Sessions](https://me2ba.org/our-input-to-the-california-privacy-protection-agency-cppa-pre-rulemaking-stakeholder-sessions/) Me2Ba - -We have monitored and involved ourselves in this new agency since its inception, and Lisa LeVasseur (our Executive Director) and Noreen Whysel (Director of Validation Research) shared their expertise on product audits and dark patterns, respectively, in a recent pre-rulemaking CPPA Stakeholder Session (May 5-6). -* [Soulbound Tokens, Trust Networks, and California's Big Test](https://wrenchinthegears.com/2022/05/28/soulbound-tokens-trust-networks-and-californias-big-test/) Wrenchinthegears 2022-05-28 - -California [SB1190](https://sd18.senate.ca.gov/news/342022-hertzberg-announces-new-blockchain-legislation-creating-%E2%80%9Ccalifornia-trust-framework%E2%80%9D) that would establish a “Trust Framework” at the state level. This bill was introduced to the state senate in early March by Robert Hertzberg, close friend of Los Angeles billionaire investor Nicholas Berggruen - -The Verifiable Credential’s Policy Committee, (that Kaliya Chairs) in California had a big win this week - -* [California Moves Forward to Allow Vital Records to be Issued on Blockchain](https://www.coindesk.com/policy/2022/09/29/california-moves-forward-to-allow-vital-records-to-be-issued-on-blockchain/) Coindesk 2022-09-29 - -* [approved another on Wednesday](https://www.gov.ca.gov/2022/09/28/governor-newsom-issues-legislative-update-9-28-22/) that instructs county records offices to [allow for the use of blockchain technology](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202120220SB786) and verifiable credentials. The technology would be established in the distribution of birth, death and marriage records, allowing PDFs to be sent immediately rather than using a typical 10-day postal delivery. 2022-09-28 -* [California Legalizes Blockchain-based Vital Records](https://mobileidworld.com/california-legalizes-blockchain-based-vital-records-410031/) MobileDataWorld - -As [an abstract of the bill](https://trackbill.com/bill/california-senate-bill-786-county-birth-death-and-marriage-records-blockchain/2043852/) explains, while existing law requires such records “to contain certain information and to be printed on chemically sensitized security paper, as specified,” the new legislation enables a county recorder to, upon request, issue a birth, death, or marriage record “by means of verifiable credential, as defined, using blockchain technology, defined as a decentralized data system, in which the data stored is mathematically verifiable, that uses distributed ledgers or databases to store specialized data in the permanent order of transactions recorded.” -* [VCs Policy Committeee (California) – Participate in passing legislation to create a California Trust Framework!](https://iiw.idcommons.net/21B/_(California)_Verifiable_Credentials_Policy_Committeee_-_Come_learn_about_how_participate_in_passing_legislation_to_crete_a_California_Trust_Framework!) by Kaliya Young, Ally Medina [Slides](https://docs.google.com/presentation/d/1VyxmWan3qbxynxhKvw1CHhWZINiPRF9gjeqSCSDh1MY/edit?usp=sharing) - > discussed how the Blockchain Advocacy Coalition’s sponsorship of [AB 2004](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB2004) pushed verifiable credentials into mainstream political discourse and how companies can help us shape public policy and government pilot programs of Verifiable Credential technology. - > - > We are planning on working with legislators to introduce a bill that creates a California Trust Framework and lays the groundwork for use of the technology in the public and private sector. - -* [Me2BA provides human-centered recommendations to the California Privacy Protection Agency](https://me2ba.org/me2ba-provides-human-centered-recommendations-to-the-california-privacy-protection-agency/) - -The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPA has full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General -* [California Digital Vaccine Record based on VCs](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0191.html) Heather Vescent June 18 - -May be of interest: [https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records](https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records) - -SMART Health Card Framework: [https://vci.org/about#smart-health](https://vci.org/about#smart-health) - -To achieve this purpose, the founding members of VCI™ have collaborated to develop (1) the SMART Health Cards Framework Implementation Guide based on the World Wide Web Consortium (W3C) Verifiable Credential and Health Level 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards: Vaccination & Testing Implementation Guide. - -If you are in California, you can get your vaccine record here: [https://myvaccinerecord.cdph.ca.gov/](https://myvaccinerecord.cdph.ca.gov/) - -* [Participate in Alberta's First Verifiable Digital Credentials Pilot](https://pilot.atbventures.com/) - -You’re invited to participate in an exciting pilot program being launched by ATB Ventures and the Government of Alberta.