Self-Sovereign Identity for KIDS ~ onboarding the next generation to the web we want/web of trust

From IIW
Self-Sovereign Digital Identity for Kids
Tuesday 5I

Convener: Shaun Conway

Notes-taker(s): Bryan Pon


Tags for the session - technology discussed/ideas considered


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Situation:

Consent is trying to onboard large population for Barclay's in South Africa

  • For government-approved subsidy claims
  • 750k children that need records
  • As a service provider, what is the obligation, what would be the right way to onboard these youth?


Challenges

  • Custodianship
    • Kids under 18 (or legal age) can't legally sign off on T&Cs
    • Also seniors/elderly may need care
    • In Global South, fewer kids have custodians
  • Biometrics are challenging—Consent has tested fingerprints, facial scan, both failed
    • Suggested ongoing biometrics at regular interval
    • Include a key along with the biometrics for increased correlation
    • Margin of error for biometrics
  • Regulations around child protection
    • e.g., COPPA which precludes collecting any data on kids under 13
    • Onboarding -- age verification requirement; kids often lie
    • EU GDPR includes ideas of car-owner as parent-child relationship
  • Safety -- interactions between minors and adults online, may need to scramble/encrypt identity to protect child
    • Need a mechanism to protect the most vulnerable kids; need to have checks in place so kids don't compromise themselves or their own safety
    • Need to bake in privacy-first, privacy by design
    • Online safety should be in context of other risks, and an empowered child is a safer child
  • Role of digital literacy
  • Once youth reaches legal age, how do you transfer complete control back to the youth
    • Youth might also want to delete old data
  • Possibility of institutions--school, church, etc--could play a role custodial role
  • Privo -- organization advocating for youth
  • Who decides what data to collect?
  • Can children manage a self-sovereign identity?
    • Maybe children can't be "self-sovereign" maybe it is a "collective-sovereign" or custodial-sovereign
    • Maybe custodians are required for some actions (onboarding) but youth can manage and perform certain actions without custodian
    • Sami has used a number of different identities signing up for different websites, services; says kids are already used to circumventing age controls
  • Vulnerable populations
    • Challenge of LGBT or trans kids who find a community online might actually want to keep this "identity" private from their parents
    • Does this all apply just as much to other vulnerable populations? seniors? mentally disabled?
    • Should there be different needs for different ages or stages of vulnerability?
  • Need to be cognizant of the Western perspective of our group in terms of views on privacy, safety, etc.
  • Bill mentioned possible tie-ins to his session at last IIW on identity lifecycle
  • More curators a child has, makes things more transparent, and limits the possibilities of bad things happening
  • Child-centric identity!