[DG-BSC] IAPP views of blockchain
james.g.hazard at gmail.com
Mon Aug 1 15:52:36 CDT 2016
I looked at your use case document again and made a few conforming changes
- Carol is a Physician care-giver and Dan is a Local Investigator.
Changes were made in the underlying docs - not as a patch. Result remains
The commit showing the changes is here:
On Mon, Aug 1, 2016 at 12:57 PM, Eve Maler <eve.maler at forgerock.com> wrote:
> Fascinating. The paper by Annalies Moens in particular, whom I met at EIC,
> seems the most pithy and accurate (tell me if you think I'm off-base) --
> and Patrick, your writeup in response to the papers in this thread contains
> a heck of a lot of good nuggets. :-) I wonder if we could leverage some of
> this content for our report, with appropriate citations.
> *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging
> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
> *ForgeRock Summits and UnSummits* are coming to
> <http://summits.forgerock.com/> *Sydney, London, and Paris!*
> On Sat, Jul 30, 2016 at 7:30 PM, John Wunderlich <john at wunderlich.ca>
>> My forwarding of the content shouldn’t be construed as endorsement or
>> agreement with the content.. I shared the pieces because they will be, for
>> many privacy professionals, the extent of what they know about blockchain
>> for good or for ill.
>> Thanks for detailed response and I stand informed or in agreement with it
>> (at least those parts that didn’t go over my head). With respect to this
>> discussion group, I think that key takeaway are your points about how block
>> chains need high assurance federated identity and access management as well
>> as trusted attributes from authoritative sources. This strikes me as a bit
>> of a recursive need (chicken and egg if you will) since it seems likely
>> that high assurance federated identity will need a distributed ledger.
>> Resolving the nature of this recursion and established the requirements
>> or the nature of a solution would be a great outcome from this discussion
>> John Wunderlich
>> Call: +1 (647) 669-4749
>> eMail: john at wunderlich.ca
>> On 28 July 2016 at 15:00, Patrick Curry <patrick.curry at bbfa.info> wrote:
>>> Hi John,
>>> Thank you for the articles! There’s a lot of good stuff in them.
>>> However, I don’t agree with some of the points and there is a bit of
>>> confusion between Bitcoin and block chains across the documents as a whole
>>> (e.g definition of Bitcoin).
>>> There is a lot happening around block chains in the bigger picture,
>>> particularly in parts of Europe and Asia, and much less so in the USA -
>>> although I am sure this will change soon.
>>> As someone involved in many aspects of blockchains and DLTs, and as a
>>> co-author of the UK gov report you mentioned (which was written for
>>> politicians and has stimulated political action!), I would comment that:
>>> - Within the IGF, block chains are seen as potentially the most
>>> disruptive technology impacting the future of the Internet. New secure
>>> mobile technologies will magnify this impact.
>>> - There is block chain activity in nearly every sector and in a
>>> small, but increasing, number of government organisations and international
>>> organisations, including in refugee camps.
>>> - Meantime, new Block chain 2.0 technologies are emerging that are
>>> more tailored to meeting specific and diverse needs much more efficiently.
>>> Block chain as a platform is not far away. (I can provide details next
>>> week after a UK gov announcement next monday).
>>> - Financial use of block chains is primarily for payments (customer
>>> and inter-bank), clearing, investments, trading and settlements. The
>>> banks are only just waking up to the wider use of block chains to support
>>> new services.
>>> - Bitcoin
>>> - Society is very confused about Bitcoin, and whether it is good
>>> or bad.
>>> - Bitcoin benefitted from first mover advantage, but it suffers
>>> from the historic inevitability that any economic system without adequate
>>> governance will collapse when those that can, abuse others too much. Hence
>>> the drive to introduce much more governance into cryptocurrencies and have
>>> suitable mechanisms in the underlying block chains. Practically, some of
>>> the banks have been looking at how to establish “trusted Bitcoin” i.e. to
>>> put a cryptographically bound wrapper around the Bitcoin transaction and
>>> the provenance/traceability trail, which would more normally be met in a
>>> permissioned chain.
>>> - Bitcoin has been a contributory factor to a significant rise in
>>> cyber crime, which has increased by 300% since 2011, and last year stood at
>>> $7.4 trl according to Red Dragon Rising and agencies. Hence there is
>>> likely to be a move by authorities to take down untrusted Bitcoin in the
>>> future. Much of this blurs with dark web and anonymisation/privacy
>>> networks, which KI probably ought to understand, if only to appreciate the
>>> implications for trust, IAWG etc.
>>> - Bitcoin is slow and suffers from scalability problems, although
>>> temporary remedies are being suggested. More efficient and effective
>>> solutions could arise out of leading startups or the R3 collaborative group
>>> of 43 banks which is exploring new block chain and cryptocurrency
>>> - There are many other uses of block chains that we can discuss.
>>> - Very importantly, the main value of DLTs and permissioned block
>>> chains is where they hold valuable or sensitive information that is
>>> distributed across a great many organisations. Such block chains cannot
>>> realistically function without:
>>> - Federated identity and access management at High Assurance (LoA
>>> - Trusted attributes from authoritative sources. As all entities
>>> and attributes in cyberspace bind to an organisation, so trusted registers
>>> for organisations fit for digital economies and societies, are becoming a
>>> major issue in many nations, including USA. New national and international
>>> legislation for traceability of people and things is increasing the
>>> - Those nations and some industries that already have a
>>> standards-based, federated identity management are recognising that PKI
>>> federation will become very important to the future use of block chains,
>>> - Block chains require PKI to provide the recordset or “block”
>>> binding into a chain
>>> - Permissioned chains, particularly with smart contracts, require
>>> federated authentication, signature and encryption.
>>> - Crucially, PKI federation could replace the Proof of Work,
>>> dramatically reducing the operating cost and risks of the chain and
>>> significantly increasing its speed, scale, reliability and assurance. The
>>> advent of a new X.509 standard that includes certificate whitelisting
>>> (goodbye Certificate Revocation Lists) would enhance this. Same goes for
>>> node operations.
>>> - Several international projects, such as EU MAPPING, are tracking
>>> developments and factoring these into the drafting of new legal instruments
>>> that may result in regulations, directives and laws, particularly around
>>> privacy and surveillance. Law enforcement and security & intel services
>>> are also involved, as work continues to ensure that block chains evolve
>>> consistent with fundamental human rights.
>>> - Finally, Australia has initiated a discussion in ISO about the
>>> possibility of a new Sub Committee for Block Chains, which touches/overlaps
>>> with the work of several other SCs, notably SC27 which meets in Abu Dhabi
>>> in late Oct. The UK has replied with proposed improvements and we await to
>>> see what happens. Meantime, in some nations, local initiatives to develop
>>> standards are being corralled to feed into international standardisation
>>> There are a few collaborative groups operating in London, with
>>> international participation, shaping developments and
>>> communicating/coordinating. Some governments are involved. The
>>> possibility of the first Policy Management Authority for block chains, with
>>> a Common Policy, is being considered, to anticipate and feed into current
>>> operations and future standards - and all points in between. Maybe some KI
>>> members could join in. Or some of their members join KI.
>>> How KI might fit into all of this (and more), I don’t know, but I have
>>> some ideas where it could acquire a USP. I welcome the opportunity to talk.
>>> Patrick Curry
>>> British Business Federation Authority - BBFA Ltd
>>> M: +44 786 024 9074
>>> T: +44 1980 620606
>>> patrick.curry at bbfa.info
>>> www.bbfa.info – a not-for-profit, self-regulating body
>>> On 28 Jul 2016, at 18:33, John Wunderlich <john at wunderlich.ca> wrote:
>>> The IAPP (International Association of Privacy Professionals) has
>>> published a number of small pieces for privacy professionals about
>>> blockchain on its web site and newsletters. I've attached a representative
>>> sample for your edification
>>> John Wunderlich
>>> Call: +1 (647) 669-4749
>>> eMail: john at wunderlich.ca
>>> This email and any files transmitted with it are confidential and
>>> intended solely for the use of the individual or entity to whom they are
>>> addressed. If you have received this email in error please notify the
>>> system manager. This message contains confidential information and is
>>> intended only for the individual named. If you are not the named addressee
>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>> the sender immediately by e-mail if you have received this e-mail by
>>> mistake and delete this e-mail from your system. If you are not the
>>> intended recipient you are notified that disclosing, copying, distributing
>>> or taking any action in reliance on the contents of this information is
>>> strictly prohibited.
>>> <A Privacy Engineer’s Analysis of Bitcoin.pdf><Blockchain and big data
>>> privacy in healthcare.pdf><Unravelling the mystery of blockchain –
>>> Should privacy professionals be concerned_.pdf>
>>> DG-BSC mailing list
>>> DG-BSC at kantarainitiative.org
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they are
>> addressed. If you have received this email in error please notify the
>> system manager. This message contains confidential information and is
>> intended only for the individual named. If you are not the named addressee
>> you should not disseminate, distribute or copy this e-mail. Please notify
>> the sender immediately by e-mail if you have received this e-mail by
>> mistake and delete this e-mail from your system. If you are not the
>> intended recipient you are notified that disclosing, copying, distributing
>> or taking any action in reliance on the contents of this information is
>> strictly prohibited.
>> DG-BSC mailing list
>> DG-BSC at kantarainitiative.org
> DG-BSC mailing list
> DG-BSC at kantarainitiative.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the DG-BSC