AdvCIS Project happy to produce the Kantara 2020 - PrivMas-Eve we had an informal Notice & Consent Call (IPR rules suspended) to talk about some of the latest work awaiting the publication of the ISO 29184 Online Privacy Notices and Consent standard and the start of the ISO Consent Record work, (formerly the Consent Receipt).
In short, this is the Agenda we ended up with for PrivMas.
PrivMas - Presentation Videos Posted
(We were sure to issue a surveillance notice and made sure people knew we were recording.)
Surveillance Notice : The PrivMas call will be recorded, attendee's are invited to change their name and turn off video - and wear a mask to self protect against privacy or security risk
Also, we started working on a new set of common roles - for engineer based role playing for data governance frameworks. Working to update the Alice & Bob Narrative to Consent & Permission.
Kantara - PrivMas - Materials
Colin Wallis Kick's off the Kantara PrivMas with international #PrivMas Gifts
The R Button https://cyber.harvard.edu/projectvrm/R-button
Doc Searls Why #PrivMas needs to kill contract of adhesion - its not human consent
Is the operator the 4th party?
Review of the history of the legal standards and the background of the work contributed to the OECD Transboarder Flows Guidelines. Referencing 2003 ISTPA - Presentation by John Sabo from OASIS which is very relevant today. In particular slide 26 - Referencing Open Trust environments we are working on in this workgroup today.
Mark Lizar #PrivMas History
Mathais De Bievre & Olivier Dion
European Commission Data Strategy- An infrastructure for decentralised consent (inherent to design) data infrastructure for permissions.
Addressing the lock-in of big-data platforms
Forming a New Governance in the MyData Community - with interoperability amongst data operator.
- Human Centric Governance
- MyData Declaration
- Separation of Powers
- Cross Sector and Domain
- The MyData Operator
- Professional Association in Development
Salvatore D'Agostino Closes #PrivMas Eve - with a Toast and tale of Bigger Brother - to close
Interop Gov Role-Play For Video Conferencing Calls -
(A use case for facilitating decentralised governance experience - aka consent by design)
This game came about this week as we search for a way to have a Covid PrivMas that was on theme. Realising that some expierencial tools could really help people design with consent and data permissions. To better understand the risks these governance systems have a set of experience driven tools can be developed that helps people experience the surveillance vs consent by design frameworks and permissions that we are designing to replace.
As - how to fix the broken internet game sounded like it could be an idea for future PrivMas fun. Attendee’s participation is (optional) Using video call features people control to turn off video when they want, wear a mask/disguise/sunglasses on the call to make it more comfortable. Be able to come on and off video as person feel's like it, change their screen name to a psudonymn -Basically, turn down the Surveillance to make it more comfortable. etc. is a key first step to trying anything. Which is what we did on the call for PrivMas.
The results below are the raw ingredients.
Everyone can only invite one guest and you can make up a name for your caller ID (on the video call) by using the suggested identity governance naming convention, that is intended to make transparent the governance framework perspectives you feel like representing on the call or even at different times in the call. (Also, you can exaggerate the name of your favourite governances flavour with a pre-expression to futher exaggerate the naming).
ISI Members: as hosts -should pick an ISI Gov flavour name : ISI-N&C Gov, ISI-Intent Gov, etc (as this is prescribed by the role of hosts)
Framework & Protocol Reps: UMA Gov, Skilz Gov, Nxt-ISO-Gov, Me2B Gov, WoT Gov, and interestingly - aNG - doesnt need a naming convention - (these examples are not prescriptive)
Likewise - pls ask your guests to affiliate to whatever Gov label you choose to participate under, e.g. Guest of Gov Name. And for those wishing to be un-afiliated - please name yourself Doc or Joyce to play
(More trust and assurance guidance for participation in Gov frameworks to mimick or perform to human expections).This is why we have moderators, and security protocols to kick people out etc, so that the risks can be mitigated
The Game Play Options
The risks mitigated in the call are captured through masking identity in different ways to reduce privacy and security risk of the person, intended to be extremely flexible. Generally, people can identify each other through topic and voice, but the idea is to let people join the call, so no one really knows who each person is to begin with. And with all the video turned off.. as people present, and talk, they can turn on video, and people can communicate via chat.
The call should have one facilitator that can change masks, turning on and off vide.
1 person has to be known and the moderator - another person can be designated the security person for the call. If there is a real (or staged) call disruption - the moderator and the security person has a separation of powers, and need to keep a log of the secret chat where the security person has the decision making power to kick people off the call, but the moderator has the technical control to do so.
- playing the PrivMas game is needed to develop further and putting in a game play scenario
- For those that play or dev further - pls add update to the comment section below
Videos & Recordings
privmas-01-Doc.mp4privmas-02-aNG.mp4privmas-03-mydata.mp4privmas04-common_accord.mp4privmas05-Alex_receipts.mp4privmas06_Paul_Knowles.mp4 privmas07_TomJones.mp4 privmas08_BRUE.mp4Available in the ANCR WG Wiki - Space