Special Interest Group Proposal: Anti-Correlation and Anti-Profiling SIG

[andy-tobin]

Introduction/background material

Digital wallets promise to revolutionise the digital interactions of businesses, governments and people.

Unless they are implemented carefully, they can open new "back-doors" for undesirable surveillance, profiling and activity correlation of users. This is especially the case when previously closed and tightly controlled usage moves into much wider and larger scale open ecosystems, where control over every possible use case cannot be exerted by a single body. Such larger open ecosystems include national and international scale wallet ecosystems that are rapidly developing right now that take advantage of recent developments in digital credentials and SSI.

Due to the technical complexities of the cryptography and protocols used, there are only a few people that understand what these back-doors are. There is a danger that well intentioned wallet initiatives deploy at scale only to find that they have created a ticking time bomb that will destroy trust in the ecosystem they are fostering once user profiling and correlation becomes commonplace.

The intention of this SIG is to ensure that everyone working on digital wallets, whether technical, legal or commercial, knows what these dangers are and how to avoid them. It will also provide vital tools that will become the de-facto way to determine how "safe" the new breed of digital wallets is, and be able to compare them effectively.

Objectives

This SIG will create, distribute and promote a set of material that will become the de-facto way to determine how "safe" the new breed of digital wallets is, and be able to compare them effectively. This will increase the visibility of the solutions to correlation and profiling issues that could be introduced with digital wallet deployments.

List of deliverables or work products

"Safe Wallet" Best Practices Guide - A non-technical, plain English (minimal jargon) document detailing the best practices for digital wallets for preventing correlation and profiling of users and ensuring they are "safe". This will include explanations of how correlation and profiling could occur with "real world" examples, how a bad actor might utilise vulnerabilities,

"Safe Wallet" Best Practices Checklist - An easy to read and understand checklist to make it simple for anyone to see if their digital wallet project has gaps or problems that will result in "unsafe" correlation or profiling issues.

Technical Paper - A more technical description of the cryptography, protocol, signature or data mechanisms that could result in correlation and profiling, and what to do about them.

Press Release - A press release for distribution to news outlets that contains quotable soundbites and links to the above deliverables.

Outreach - One or more spokespeople who can do the conference circuit, podcasts, and be available for calls/meetings etc. to promote the Best Practices Guide and the other content produced by this SIG.

Leader

Andy Tobin - Gen Digital

Initial Participant List

Drummond Reed - Gen Digital Brent Zundel - Gen Digital Troy Ronda - Gen Digital Jamie Smith - Gen Digital Markus Sabadello - Danube Tech Lal Chandran - iGrant Samuel Rinnetmäki - Findy Viky Manaila - Intesi Juan F Tavira - Santander Matteo Mirabelli - Infocert Peter Altmann - DIGG Swedish Govt. David Goodman - iGrant Sebastian-Elfors - ID Now David Alexander - Mydex Stavros Kounis - DC-CNECT (European Commission) Others welcome.

[tkuhrt]

Thanks, @andy-tobin, for the submission. I will add this to the September 20th TAC call for us to discuss. It would be great if you could be available to answer any questions that people may have.

[vikyTM]

Great initiative and so much needed. Intesi Group will support it.

[andy-tobin]

I've added a couple more interested people to the initial post.

[jftavira]

I'd like to join, if possible. Juan

[andy-tobin]

Yep - will add you, thanks!

[andy-tobin]

I've added a couple of other volunteer participants.

[peacekeeper]

Danube Tech supports this too.

[Balmerino]

I'd like to join too. David

[andy-tobin]

I'd like to join too. David

@Balmerino can you send me your email address please, to andrew.tobin@gendigital.com. Ta

[skounis]

I'd like to join as well

[Sebastian-Elfors-IDnow]

I'd like to join as well, if possible.

[davidejalexander]

I'd like to join as well please Andrew

[andy-tobin]

Excellent thanks!

@skounis @Sebastian-Elfors-IDnow @davidejalexander please email me at andrew.tobin@gendigital.com with your email addresses (sorry if I don't already know!)

I've added you all to the list in the original proposal above.

[tkuhrt]

Accepted by the TAC on September 20, 2023.

Created #safe-wallet-sig in Discord.

[tkuhrt]

Created repo for this SIG: https://github.com/openwallet-foundation/safe-wallet-sig

[Oskar-van-Deventer]

Hi Andy,

Great initiative, which clearly matches TNO's "citizen protection" objectives.

Question: how do we create real-world impact that goes beyond yet-another beautiful whitepaper. At this moment, the European activities (EUDI Wallet, ARF, PID) seem to be on a dangerous track, doing opposite of citizen protection. So far, alarming reviews by digital-privacy organisations have not been addressed. Why/how could this OWG SIG achieve the desired impact, where others are still failing?

Oskar

[goranov]

Id like to join as well

[andy-tobin]

Id like to join as well

Please jump in to today's session. The meeting details are:

Every Tuesday 15:00 UTC for 60 minutes. https://zoom-lfx.platform.linuxfoundation.org/meeting/94559786680?password=1223e2fe-0f51-42f1-a583-e7a2fc0120b3

One tap mobile:

US: +12532158782,,94559786680# or +13462487799,,94559786680#

Or dial:

US: +1 253 215 8782 or +1 346 248 7799 or +1 669 900 6833 or +1 301 715 8592 or +1 312 626 6799 or +1 646 374 8656 or 877 369 0926 (Toll Free) or 855 880 1246 (Toll Free)

Canada: +1 647 374 4685 or +1 647 558 0588 or +1 778 907 2071 or +1 204 272 7920 or +1 438 809 7799 or +1 587 328 1099 or 855 703 8985 (Toll Free)

Meeting ID: 94559786680

Meeting Passcode: 705330

International numbers: https://zoom.us/zoomconference?m=OTI0Nzc4MTIyMjE.Ria3tGffibP_4NcZZuWoVY0o7hJ7i4gZ&_x_zm_rtaid=TkFkmGIDTJyJuc9861PKtA.1698329471367.667dbf22c8b889b349054cf044cfdbdc&_x_zm_rhtaid=224