decentralized-id.github.io/unsorted/public_sector/policy.md
⧉ infominer ce2ecefd8c rename
2023-06-06 09:23:21 +05:30

12 KiB
Raw Blame History

published
false

Policy

The preliminary draft of the federal law declared the purpose of the E-ID to be to ensure "secure identification by means of E-ID among private individuals and with authorities". The protection of the personality and fundamental rights of individuals is to be provided by the following principles defined in the law:

  • Data protection through technology
  • Data security
  • Data economy
  • Decentralized data storage

this article deconstructs the self-sovereign identity model and examines how it stacks up against The Personal Data Protection Bill, 2019.

Each government moves at its own pace for as many reasons as there are countries, and digital identity/SSI will only become a reality once governments voice their support, regulations, and standards are adopted, infrastructure is created or upgraded, and interoperability, inclusion, and education are all addressed.

The UK Information Commissions (ICO) Childrens Code, officially known as the“Age Appropriate Design Code: a code of practice for online services,” after a year grace period, goes into effect Thursday, Sept. 2, 2021.

What most people want but dont have the terms to describe is respectful digital relationships. In the same way there is an unspoken code for respectful behavior in physical-realm relationships, this same type of behavior is just as essential when engaging with an online service or website.

  • In a digital age, how can we reconnect values, principles and rules? Kaliya Young and Tony Fish

    “what do we think is the north star for data and identity and on what principle they are built?”  How do these principles help us agree on risks, and will our existing rules help or hinder us?

  • USPTO: CIO Jamie Holcombe

    CIO Jamie Holcombe says identity verification with blockchain might be in the future for USPTO and talks about navigating changes in policy & law when considering a distributed ledger to store patents & trademarks. Among the interesting questions: do we start with patent #1 (applicant: George Washington)?

  • Katryna Dow - Data minimisation: value, trust and obligation

    Katryna talks to Oscar about her career (including inspiration from Minority Report), Meecos personal data & distributed ledger platform, the importance of data minimisation to inspire trust in organisations, and cultural differences in attitudes towards digital identity.

  • Data: Governance and Geopolitics Tony Fish

    How data is governed can be thought of along several lines of activity: legislating privacy and data use, regulating content, using antitrust laws to dilute data monopolies, self-regulating by the tech giants, regulating digital trade, addressing intellectual property rights (IPR) infringement, assuring cybersecurity, and practicing cyber diplomacy. Of these, antitrust, regulation, and privacy are most immediately in the spotlight, and are the focus of this commentary, but it will also touch briefly on the connections with other issues.

  • Ministry of Economy, Trade and Industry and OpenID Foundation in Liaison Agreement on eKYC & IDA for Legal Entities

    The OpenID Foundation (OIDF), the international standards development organization which maintains the OpenID Connect for Identity Assurance (OIDC4IDA) standard, and the Japanese Governments Ministry of Economy, Trade and Industry (METI) have signed a liaison agreement to work together.

Under the agreement, METI will lead policy efforts to implement identity assurance frameworks for legal entities in Japanese Government and private sector while the OIDFs eKYC & Identity Assurance (eKYC & IDA) Working Group continues to advance the technical standards that enable many digital identity solutions. The agreement:

  • Provides a mechanism to collaborate “about Authentication and Identity Assurance for Legal Entity”, mutually approved white papers, workshops, podcasts and other outreach activities;
  • Allows participation of each partys staff and members in the other partys meetings, as mutually agreed;
  • Provides for direct communications to communicate (without obligation and only to the extent each party chooses) about new work and upcoming meetings;
  • Supports common goals, including where appropriate and mutually agreed, to Specifications of Authentication and Identity Assurance for Legal Entity.

End-to-end messaging encryption is a domain where mistakes matter. The current draft of the DMA imposes a tight deadline for interoperability to begin (on the reasonable assumption that Big Tech monopolists will drag their feet otherwise) and this is not a job you want to rush.

Bedoyas research has shined a light on digital surveillance and its impact on people of color, immigrants, and the working class. He founded the Center on Privacy & Technology at Georgetown Law to focus on the importance of consumer privacy rights.

There is a common misconception that cryptoassets provide a ready-made avenue for sanctions evasion because they sit outside the regulatory and legal perimeter. In fact, sanctions authorities in many jurisdictions have ensured that relevant legal and regulatory requirements apply comprehensively to activity conducted in cryptoassets.

The plan also signals that Beijing will take a more active role in handling the personal data generated by these platforms. Some of the directives outlined in the plan require any user-facing aspect of the digital human industry to be subject to rules that protect information about and generated by platform users, while also treating user data as a resource to be traded on the countrys new data exchanges.

Hiring

Hey Tech Twitter, @TruvityHQ (where I work) is hiring engineers for the Infrastructure Developer (Go/Kubernetes) role, details are on the thread

Kaliya met the CEO this week at the Open Source Summit Dublin and was impressed.

Policy

We believe it is vital that certification bodies work with DCMS and UKAS in a spirit of partnership bringing together the cumulative value of dozens of great minds! To this end, we have  been encouraged by the proactive approach of DCMS in creating forums where the 5 certification bodies can discuss ideas and feedback on the program in action.

Verifiable Credentials

Please read Section 3 in the EO

  • […]

It may be time for us to explain Zero-Trust Architecture relationship to

VCs and DIDs. My not-so-hidden agenda includes priority for considering

authorization and delegation in our protocol work but our diverse community of security experts will surely make this a much broader discussion.

Sec. 3.  Modernizing Federal Government Cybersecurity.

(a)  To keep pace with todays dynamic and increasingly sophisticated cyber threat environment, the Federal Govern>ment must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Governments visibility into threats, while protecting privacy and civil liberties.  The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.