--- published: false --- # Policy * [Common Digital Identification Project Anonymous authentication system using Absolute Identifier & Decentralized OTP](https://www.sec.gov/comments/s7-07-22/s70722-20117318-268533.pdf) * [IPR - what is it? why does it matter?](https://identitywoman.net/ipr%25e2%2580%258a-%25e2%2580%258awhat-is-it-why-does-it-matter/) > There is a lot of diversity in the category of future patent problems. Someone who was contributing without declaring that they hold a patent related to the work can claim they had a patent later (years after the specification is finished) and seek payment from everyone using/implementing the standard, claiming licensing rights or even lost revenue on ideas they legally own. * [What Are the Six Key Areas of the FATF Consultation?](https://www.elliptic.co/blog/six-key-areas-of-the-fatf-consultation) Elliptic > On March 19th, Paris-based Financial Action Task Force (FATF), the global standard-setting body for anti-money laundering and counter-terrorism finance (AML/CFT), released its [Draft Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers](https://www.fatf-gafi.org/media/fatf/documents/recommendations/March%25202021%2520-%2520VA%2520Guidance%2520update%2520-%2520Sixth%2520draft%2520-%2520Public%2520consultation.pdf). Or, in compliance acronym speak the FATF's draft guidance for its RBA to VAs and VASPs. * [Self-sovereign identity in the context of data protection and privacy](https://yourstory.com/2020/11/self-sovereign-identity-context-data-protection-privacy/amp) YourStory this article deconstructs the self-sovereign identity model and examines how it stacks up against The Personal Data Protection Bill, 2019. * [Digital Identity Around the World: Why Some Countries are Embracing Self Sovereign Identity Quicker](https://hackernoon.com/digital-identity-around-the-world-why-some-countries-are-embracing-self-sovereign-identity-quicker) Hackernoon Each government moves at its own pace for as many reasons as there are countries, and digital identity/SSI will only become a reality once governments voice their support, regulations, and standards are adopted, infrastructure is created or upgraded, and interoperability, inclusion, and education are all addressed. * [ICO’s Child Protection Rules Take Effect Sept. 2, 2021. Are You Ready?](https://identitypraxis.com/2021/09/01/icos-child-protection-rules-take-effect-sept-2-2021-are-you-ready/) Identity Praxis The UK [Information Commission’s (ICO) Children’s Code](https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/age-appropriate-design-a-code-of-practice-for-online-services/), officially known as the“Age Appropriate Design Code: a code of practice for online services,” after a year grace period, goes into effect Thursday, Sept. 2, 2021. * [The Policymaker’s Guide to Respectful Technology in Legislation](https://me2ba.org/the-policymakers-guide-to-respectful-technology-in-legislation/) What most people want but don’t have the terms to describe is respectful digital relationships. In the same way there is an unspoken code for respectful behavior in physical-realm relationships, this same type of behavior is just as essential when engaging with an online service or website. * [In a digital age, how can we reconnect values, principles and rules?](https://identitywoman.net/in-a-digital-age-how-can-we-reconnect-values-principles-and-rules/) Kaliya Young and Tony Fish > “what do we think is the north star for data and identity and on what principle they are built?”  How do these principles help us agree on risks, and will our existing rules help or hinder us? * [FATF and Global Crytpto Regulatory News](https://www.elliptic.co/blog/fatf-concludes-its-annual-plenary-session) The Financial Action Task Force (FATF) [held](https://www.fatf-gafi.org/publications/fatfgeneral/documents/outcomes-fatf-plenary-february-2021.html) its winter Plenary session on 22nd, 24th, and 25th February and welcomed over 205 delegates to its third virtual conference since the start of the pandemic. * [USPTO: CIO Jamie Holcombe](https://www.federalblockchainnews.com/podcast/episode/78ad1b6f/uspto-cio-jamie-holcombe) > CIO Jamie Holcombe says identity verification with blockchain might be in the future for USPTO and talks about navigating changes in policy & law when considering a distributed ledger to store patents & trademarks. Among the interesting questions: do we start with patent #1 (applicant: George Washington)? * [Katryna Dow - Data minimisation: value, trust and obligation](https://www.ubisecure.com/podcast/data-minimisation-meeco-katryna-dow/) > Katryna talks to Oscar about her career (including inspiration from Minority Report), Meeco’s personal data & distributed ledger platform, the importance of data minimisation to inspire trust in organisations, and cultural differences in attitudes towards digital identity. * [Data: Governance and Geopolitics](https://www.mydigitalfootprint.com/2021/01/data-governance-and-geopolitics.html) Tony Fish > How data is governed can be thought of along several lines of activity: legislating privacy and data use, regulating content, using antitrust laws to dilute data monopolies, self-regulating by the tech giants, regulating digital trade, addressing intellectual property rights (IPR) infringement, assuring cybersecurity, and practicing cyber diplomacy. Of these, antitrust, regulation, and privacy are most immediately in the spotlight, and are the focus of this commentary, but it will also touch briefly on the connections with other issues. * [Ministry of Economy, Trade and Industry and OpenID Foundation in Liaison Agreement on eKYC & IDA for Legal Entities](https://openid.net/2021/02/06/ministry-of-economy-trade-and-industry-and-openid-foundation-in-liaison-agreement-on-ekyc-ida-for-legal-entities/) > The OpenID Foundation (OIDF), the international standards development organization which maintains the OpenID Connect for Identity Assurance (OIDC4IDA) standard, and the Japanese Government’s Ministry of Economy, Trade and Industry (METI) have signed a liaison agreement to work together. > > Under the agreement, METI will lead policy efforts to implement identity assurance frameworks for legal entities in Japanese Government and private sector while the [OIDF’s eKYC & Identity Assurance (eKYC & IDA) Working Group](https://openid.net/wg/ekyc-ida/) continues to advance the technical standards that enable many digital identity solutions. The agreement: > - Provides a mechanism to collaborate “about Authentication and Identity Assurance for Legal Entity”, mutually approved white papers, workshops, podcasts and other outreach activities; > - Allows participation of each party’s staff and members in the other party’s meetings, as mutually agreed; > - Provides for direct communications to communicate (without obligation and only to the extent each party chooses) about new work and upcoming meetings; > - Supports common goals, including where appropriate and mutually agreed, to Specifications of Authentication and Identity Assurance for Legal Entity. * [End-To-End Encryption is Too Important to Be Proprietary](https://doctorow.medium.com/end-to-end-encryption-is-too-important-to-be-proprietary-afdf5e97822) Cory Doctorow End-to-end messaging encryption is a domain where mistakes matter. The current draft of the DMA imposes a tight deadline for interoperability to begin (on the reasonable assumption that Big Tech monopolists will drag their feet otherwise) and this is not a job you want to rush. * [We Applaud the Confirmation of New FTC Commissioner, Alvaro Bedoya](https://me2ba.org/we-applaud-the-confirmation-of-new-ftc-commissioner-alvaro-bedoya/) Me2Ba Bedoya’s research has shined a light on digital surveillance and its impact on people of color, immigrants, and the working class. He founded the [Center on Privacy & Technology](https://www.law.georgetown.edu/privacy-technology-center/) at Georgetown Law to focus on the importance of consumer privacy rights. * [Response to FinCEN RFI](https://www.centre.io/blog/centres-response-to-fincen-rfi) Centre In this letter, we focus on two questions relevant to identifying Bank Secrecy Act (“BSA”) regulations and  guidance that may be outdated, redundant, or do not promote a risk-based AML/CFT regulatory regime * [Centre’s Response to Australian Treasury](https://www.centre.io/blog/centres-response-to-australian-treasury) Centre In this letter, we focus on a couple of issues that would be beneficial in expanding the Australian regulatory frameworks to include crypto assets. Furthermore, our comments pertain specifically to fiat-backed stablecoins, which are backed on a 1:1 basis by reserve assets, such as bank deposits and short-term government bonds. * [2022 GDF Report CRYPTOASSETS AND SANCTIONS COMPLIANCE A PRIMER](https://www.gdf.io/wp-content/uploads/2022/07/Cryptoassets-and-Sanctions-Compliance-Report-Final-1.pdf?mc_cid%3D5d688e0647%26mc_eid%3Dbebf526fc7) GDF There is a common misconception that cryptoassets provide a ready-made avenue for sanctions evasion because they sit outside the regulatory and legal perimeter. In fact, sanctions authorities in many jurisdictions have ensured that relevant legal and regulatory requirements apply comprehensively to activity conducted in cryptoassets. * [Beijing will regulate ‘digital humans’ in the metaverse and beyond](https://restofworld.org/2022/beijing-digital-humans-metaverse/) Rest of World The plan also signals that Beijing will take a more active role in handling the personal data generated by these platforms. Some of the directives outlined in the plan require any user-facing aspect of the digital human industry to be subject to rules that protect information about and generated by platform users, while also treating user data as a resource to be traded on the country’s new data exchanges. ## Hiring * [Vinícius Niche @viniciusniche of Truvity shares](https://twitter.com/viniciusniche/status/1570790061217845248) Hey Tech Twitter, [@TruvityHQ](https://twitter.com/TruvityHQ) (where I work) is hiring engineers for the Infrastructure Developer (Go/Kubernetes) role, details are on the thread Kaliya met the CEO this week at the Open Source Summit Dublin and was impressed. ## Policy * [6 months of KI Identity Assurance in the UK](https://kantarainitiative.org/2022/09/29/6-months-of-ki-identity-assurance-in-the-uk/) Kantara Initiative We believe it is vital that certification bodies work with DCMS and UKAS in a spirit of partnership – bringing together the cumulative value of dozens of great minds! To this end, we have  been encouraged by the proactive approach of DCMS in creating forums where the 5 certification bodies can discuss ideas and feedback on the program in action. ## Verifiable Credentials * [Verifiable Credentials: Mapping to a Generic Policy Terminology](https://trbouma.medium.com/verifiable-credentials-mapping-to-a-generic-policy-terminology-bce84a039bb) > Why is this useful? When writing policy, you need a succinct model which is clear enough for subsequent interpretation. To do this, you need conceptual buckets to drop things into. Yes, this model is likely to change, but it’s my best and latest crack at it to synthesize the complex world of digital credentials with an abstraction that might be useful to help us align existing solutions while adopting exciting new capabilities. * [Zero Trust Architecture in the White House Executive Order on Cybersecurity](https://lists.w3.org/Archives/Public/public-credentials/2021May/0062.html) Adrian Gropper (Friday, 14 May) Please read Section 3 in the EO * […] It may be time for us to explain Zero-Trust Architecture relationship to VCs and DIDs. My not-so-hidden agenda includes priority for considering authorization and delegation in our protocol work but our diverse community of security experts will surely make this a much broader discussion. * [Executive Order on Improving the Nation’s Cybersecurity](https://comms.wiley.law/e/knewjcfglctwt7w/a7406307-5755-44fa-a5c5-22dd04d9e9a7) Sec. 3.  Modernizing Federal Government Cybersecurity. (a)  To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Govern>ment must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties.  The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.