decentralized-id.github.io/unsorted/public_sector/policy.md

published
false

Policy

• The New Draft Law on eID Switzerland Yesterday's media conference and published media release opened the consultation process for the new E-ID law, which will last until October 20, 2022.

The preliminary draft of the federal law declared the purpose of the E-ID to be to ensure "secure identification by means of E-ID among private individuals and with authorities". The protection of the personality and fundamental rights of individuals is to be provided by the following principles defined in the law:

• Data protection through technology
• Data security
• Data economy
• Decentralized data storage

• Common Digital Identification Project Anonymous authentication system using Absolute Identifier & Decentralized OTP

• IPR - what is it? why does it matter?

  There is a lot of diversity in the category of future patent problems. Someone who was contributing without declaring that they hold a patent related to the work can claim they had a patent later (years after the specification is finished) and seek payment from everyone using/implementing the standard, claiming licensing rights or even lost revenue on ideas they legally own.

• Self-sovereign identity in the context of data protection and privacy YourStory

this article deconstructs the self-sovereign identity model and examines how it stacks up against The Personal Data Protection Bill, 2019.

• Digital Identity Around the World: Why Some Countries are Embracing Self Sovereign Identity Quicker Hackernoon

Each government moves at its own pace for as many reasons as there are countries, and digital identity/SSI will only become a reality once governments voice their support, regulations, and standards are adopted, infrastructure is created or upgraded, and interoperability, inclusion, and education are all addressed.

• ICO’s Child Protection Rules Take Effect Sept. 2, 2021. Are You Ready? Identity Praxis

The UK Information Commission’s (ICO) Children’s Code, officially known as the“Age Appropriate Design Code: a code of practice for online services,” after a year grace period, goes into effect Thursday, Sept. 2, 2021.

• The Policymaker’s Guide to Respectful Technology in Legislation

What most people want but don’t have the terms to describe is respectful digital relationships. In the same way there is an unspoken code for respectful behavior in physical-realm relationships, this same type of behavior is just as essential when engaging with an online service or website.

• In a digital age, how can we reconnect values, principles and rules? Kaliya Young and Tony Fish

  “what do we think is the north star for data and identity and on what principle they are built?”  How do these principles help us agree on risks, and will our existing rules help or hinder us?

• USPTO: CIO Jamie Holcombe

  CIO Jamie Holcombe says identity verification with blockchain might be in the future for USPTO and talks about navigating changes in policy & law when considering a distributed ledger to store patents & trademarks. Among the interesting questions: do we start with patent #1 (applicant: George Washington)?

• Katryna Dow - Data minimisation: value, trust and obligation

  Katryna talks to Oscar about her career (including inspiration from Minority Report), Meeco’s personal data & distributed ledger platform, the importance of data minimisation to inspire trust in organisations, and cultural differences in attitudes towards digital identity.

• Data: Governance and Geopolitics Tony Fish

  How data is governed can be thought of along several lines of activity: legislating privacy and data use, regulating content, using antitrust laws to dilute data monopolies, self-regulating by the tech giants, regulating digital trade, addressing intellectual property rights (IPR) infringement, assuring cybersecurity, and practicing cyber diplomacy. Of these, antitrust, regulation, and privacy are most immediately in the spotlight, and are the focus of this commentary, but it will also touch briefly on the connections with other issues.

• Ministry of Economy, Trade and Industry and OpenID Foundation in Liaison Agreement on eKYC & IDA for Legal Entities

  The OpenID Foundation (OIDF), the international standards development organization which maintains the OpenID Connect for Identity Assurance (OIDC4IDA) standard, and the Japanese Government’s Ministry of Economy, Trade and Industry (METI) have signed a liaison agreement to work together.

Under the agreement, METI will lead policy efforts to implement identity assurance frameworks for legal entities in Japanese Government and private sector while the OIDF’s eKYC & Identity Assurance (eKYC & IDA) Working Group continues to advance the technical standards that enable many digital identity solutions. The agreement:

• Provides a mechanism to collaborate “about Authentication and Identity Assurance for Legal Entity”, mutually approved white papers, workshops, podcasts and other outreach activities;
• Allows participation of each party’s staff and members in the other party’s meetings, as mutually agreed;
• Provides for direct communications to communicate (without obligation and only to the extent each party chooses) about new work and upcoming meetings;
• Supports common goals, including where appropriate and mutually agreed, to Specifications of Authentication and Identity Assurance for Legal Entity.

• End-To-End Encryption is Too Important to Be Proprietary Cory Doctorow

End-to-end messaging encryption is a domain where mistakes matter. The current draft of the DMA imposes a tight deadline for interoperability to begin (on the reasonable assumption that Big Tech monopolists will drag their feet otherwise) and this is not a job you want to rush.

• We Applaud the Confirmation of New FTC Commissioner, Alvaro Bedoya Me2Ba

Bedoya’s research has shined a light on digital surveillance and its impact on people of color, immigrants, and the working class. He founded the Center on Privacy & Technology at Georgetown Law to focus on the importance of consumer privacy rights.

• 2022 GDF Report CRYPTOASSETS AND SANCTIONS COMPLIANCE A PRIMER GDF

There is a common misconception that cryptoassets provide a ready-made avenue for sanctions evasion because they sit outside the regulatory and legal perimeter. In fact, sanctions authorities in many jurisdictions have ensured that relevant legal and regulatory requirements apply comprehensively to activity conducted in cryptoassets.

• Beijing will regulate ‘digital humans’ in the metaverse and beyond Rest of World

The plan also signals that Beijing will take a more active role in handling the personal data generated by these platforms. Some of the directives outlined in the plan require any user-facing aspect of the digital human industry to be subject to rules that protect information about and generated by platform users, while also treating user data as a resource to be traded on the country’s new data exchanges.

Hiring

• Vinícius Niche @viniciusniche of Truvity shares

Hey Tech Twitter, @TruvityHQ (where I work) is hiring engineers for the Infrastructure Developer (Go/Kubernetes) role, details are on the thread

Kaliya met the CEO this week at the Open Source Summit Dublin and was impressed.

Policy

• 6 months of KI Identity Assurance in the UK Kantara Initiative

We believe it is vital that certification bodies work with DCMS and UKAS in a spirit of partnership – bringing together the cumulative value of dozens of great minds! To this end, we have  been encouraged by the proactive approach of DCMS in creating forums where the 5 certification bodies can discuss ideas and feedback on the program in action.

Verifiable Credentials

• Verifiable Credentials: Mapping to a Generic Policy Terminology

  Why is this useful? When writing policy, you need a succinct model which is clear enough for subsequent interpretation. To do this, you need conceptual buckets to drop things into. Yes, this model is likely to change, but it’s my best and latest crack at it to synthesize the complex world of digital credentials with an abstraction that might be useful to help us align existing solutions while adopting exciting new capabilities.

• Zero Trust Architecture in the White House Executive Order on Cybersecurity Adrian Gropper (Friday, 14 May)

Please read Section 3 in the EO

• […]

It may be time for us to explain Zero-Trust Architecture relationship to

VCs and DIDs. My not-so-hidden agenda includes priority for considering

authorization and delegation in our protocol work but our diverse community of security experts will surely make this a much broader discussion.

• Executive Order on Improving the Nation’s Cybersecurity

Sec. 3.  Modernizing Federal Government Cybersecurity.

(a)  To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Govern>ment must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties.  The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.