Child Safety Online: SSI, VCs, governance, guardianship, GDPR

From IIW

Child Safety Online: SSI, VCs, Governance, Guardianship, GDPR

Tuesday 3F

Convener: Johnny Hermann

Notes-taker(s):

Tags for the session - technology discussed/ideas considered: SSI, VCs, governance, guardianship, GDPR

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Slack: http://iiw.slack.com/archives/C01291AMSK1

Problem Statement (Initial)

Anyone interacting online, in particular children (and their guardians), should be able to trust with high certainty that rigorous verification (to an acceptable transparent degree) has been assessed on other people (or entities) they are interacting with, while still complying with data protection regulations regarding personally identifiable information (PII).

How to:

  • Verify claims made by users interacting on social media and games, starting with age-range brackets (“child”, “teen”, “adult”, etc).
  • Build or leverage a non-profit to establish governance model, legal compliance, technical solution, etc.
  • Bootstrap network effect to get end-user buy-in and uptake.
  • Structure guardianship relationship over DIDs and VCs, in particular between parents and children.
  • Ensuring compliance with data protection regulations, including GDPR, CCPA, Pan-Canadian Trust Framework (PCTF), etc.

Conversation Notes

UK Law (rejected) - Required age-verification for sites online Potential social failure for required verification of age online.

Guardianship

  • Facebook Kids - Has controls, but verify as guardian via own Facebook account
  • No proof I was actually the guardian.

Volunteer Ottawa - Vetting volunteers OAuth OpenID Connect - Identity Assurance Specification (but no DB behind it) http://openid.net/2019/11/14/openid-connect-for-identity-assurance/ Give people a reason to sign up.

Covid:

  • driving online use
  • different cultures
  • different problems (contact tracing, immunity passports)
  • School online - awareness of children online, exposure to “internet”. School as data provider?
  • Can we leverage awareness / momentum?

Schools have a register of children ages / brackets. But can of worms regarding legality, liability, etc.

Volunteer Manitoba Insurance & liability issues No governmental solution Vetting volunteers for work with children, seniors, etc.

Vulnerable Sector Check (subset of Criminal Record Check) 2-on-1 system, 911 (emergency), 311 (city), 211 (community)

Demand-side increasing:

  • Covid
  • UK Age-Appropriate Design Code (passed Parliament, under impl review)
  • All websites (unlike COPPA in US)
  • NGO - Child protection space

Narrow scope to gain traction Limit trial to MVP, on say one gaming platform, one game - ratchet up from there

Connections / Contacts:

  • Neil Thomson - neil.thomson@queryvision.com
  • Phil Archer (GS1 but, for this, phil@philarcher.org)
  • Randy Warshaw, rwarshaw@yahoo.com
  • Moira Patternson

Minors do not necessarily have real-world IDs, let alone tech (like phones / digital wallets).

Tech:

  • Truu
  • Evernym

Project in Zambia with high school kids. They are getting a certificate of completion of the course materials they pass in filmmaking. Verification of credentials in countries depends on legacy systems that will vary. SSI is supposed to be user-centric. Why is it always assumed (it seems) that the government has to issue identity attributes?