Date   

Upcoming Event: Me2B Alliance Webinar: Me2B 101 - Mon, 07/06/2020 8:00am-9:00am #cal-reminder

main@Me2BAlliance.groups.io Calendar <main@...>
 

Reminder: Me2B Alliance Webinar: Me2B 101

When: Monday, 6 July 2020, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

Where:https://meetinglab.zoho.com/meeting/register?sessionId=1082607744

View Event

Description: Me2B Alliance Webinar: Me2B 101

Join us for this informative webinar to learn about Me2B principles and concepts.

Presenter:
Lisa LeVasseur, President of Board of Directors, Me2B Alliance


July Monthly call now Me2B 101 Webinar

Lisa LeVasseur
 

Hi friends,

 

I hope you’re all having a great weekend!

 

A quick note that on July 6 at 8am we’ll be having a Me2B 101 Webinar instead of the monthly meeting. 

Fret not--we’ll be rolling out a newsletter in July which will contain all of the general news and updates I typically share in our monthly calls. 

 

The webinar is intended to really cement Me2B principles—so please share the link with people who might benefit.   

https://www.me2balliance.org/webinars.html

 

Thanks!

Lisa


Event: Me2B Alliance Webinar: Me2B 101 - Monday, 6 July 2020 #cal-invite

main@Me2BAlliance.groups.io Calendar <main@...>
 

Me2B Alliance Webinar: Me2B 101

When:
Monday, 6 July 2020
8:00am to 9:00am
(UTC-07:00) America/Los Angeles

Where:
https://meetinglab.zoho.com/meeting/register?sessionId=1082607744

Description:
Me2B Alliance Webinar: Me2B 101

Join us for this informative webinar to learn about Me2B principles and concepts.

Presenter:
Lisa LeVasseur, President of Board of Directors, Me2B Alliance


Cancelled Event: Me2B Alliance Monthly Call - Monday, 6 July 2020 #cal-cancelled

main@Me2BAlliance.groups.io Calendar <main@...>
 

Cancelled: Me2B Alliance Monthly Call

This event has been cancelled.

When:
Monday, 6 July 2020
8:00am to 9:00am
(UTC-07:00) America/Los Angeles

Organizer: Megan Bekolay

Description:

Lisa LeVasseur is inviting you to a scheduled Zoom meeting.
 
Topic: Me2B Alliance
Time: Mar 2, 2020 08:00 AM Pacific Time (US and Canada)
        Every month on the First Mon, until Aug 3, 2020, 6 occurrence(s)
        Mar 2, 2020 08:00 AM
        Apr 6, 2020 08:00 AM
        May 4, 2020 08:00 AM
        Jun 1, 2020 08:00 AM
        Jul 6, 2020 08:00 AM
        Aug 3, 2020 08:00 AM
Please download and import the following iCalendar (.ics) files to your calendar system.
Monthly: https://zoom.us/meeting/vpMoce6qqDkph3jl_ajkRgY0KikqhW7ZHQ/ics?icsToken=98tyKuqvqz0tGNKXs1_Hf6kqE9r8b9_qknkdoK9inRXuMSdqMij_PfNKBeVFOOmB
 
Join Zoom Meeting
https://zoom.us/j/375672623
 
Meeting ID: 375 672 623
 
One tap mobile
+16699006833,,375672623# US (San Jose)
+14086380968,,375672623# US (San Jose)
 
Dial by your location
        +1 669 900 6833 US (San Jose)
        +1 408 638 0968 US (San Jose)
        +1 646 876 9923 US (New York)
Meeting ID: 375 672 623
Find your local number: https://zoom.us/u/acUTI5Weo
 


Me2B Alliance Webinar: Me2B 101

Michelle Klein <mklein@...>
 

Monday, July 6, 2020
8:00 am PT

Me2B101

Register Today!*

Join us for this informative webinar to learn about Me2B principles and concepts.

Presenter:

     Lisa LeVasseur, President of Board of Directors, Me2B Alliance

Lisa has been a software professional for over 30 years, with her formative career years spent at Motorola, developing software for mobile phone infrastructure. The arc of her career moved to even smaller organizations, culminating with start-ups and eventually entrepreneurship. Over her career, she honed her product management skills, developing particular love for industry standards development work and software usability.

Lisa currently works in a private foundation (Wrethinking, the Foundation) where her activities focus on usable technology and industry standards that put the user in control of their digital life. In October 2018, Lisa pitched the long-germinating idea of a consumer-facing certification mark to let people know if technology is treating them with dignity. Thus, the Me2B Alliance emerged from a nine-year hibernation, and was born. Mirroring the problem scope of traditional product management, the Me2B Alliance glues multiple disciplines and existing initiatives together to help consumers make better technology choices, increasing the number of good choices through consumer demand and awareness.

Register Today!*

*Please note: you will be prompted to enter a minimal amount of information when registering for the webinar. Despite the notice on the registration page, we will not be using your information for any purposes other than for reasons that directly pertain to this webinar.


Re: Resignation from the board

Lisa LeVasseur
 

Dear Johannes,

As you say, it is indeed time to build a new board, to usher in the next stage of the organization.

I'm deeply grateful for your unhestitating and energetic support of the Me2BA out of the gate. We wouldn't be where we are today without your contributions.

In constant appreciation of your role as a pioneer maker of Good technology, we wish you every success in your future ventures.

With gratitude,
Lisa

-----Original Message-----
From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> On Behalf Of Johannes Ernst
Sent: Tuesday, June 23, 2020 12:54 PM
To: Me2BBOD@groups.io; main@me2balliance.groups.io
Subject: [Me2BAlliance] Resignation from the board

Dear Lisa, dear fellow Me2B Alliance members,

as I expressed verbally to Lisa earlier today, I am resigning from the board of directors of the Me2B Alliance, and my position as as officer, effectively immediately.

It has been an interesting ride since when Lisa, myself and a few others first started building this organization over a year ago. I continue to believe that explaining “the problem” as a relationship problem between Me’s and B’s is excellent, and uniquely insightful, and that it can be used as a “wedge” to identify companies and products that do “the right thing” for their customers vs those that have other goals in mind, with the goal of transforming this multi-(m/b/tr)illion market. This is a very worth-while activity and the world will be better off if/when it succeeds.

Now that Me2B Alliance is focusing on putting its first product out, and working on putting itself on a long-term sustainable financial foundation, I believe it is time to build a different board of directors who are committed to the organization to the next level and thus I am stepping down.

I wish the Alliance, and its mission, all the success, and obviously I won’t disappear from the community. Feel free to reach out; you know where to find me.

Best,



Johannes Ernst.


Resignation from the board

Johannes Ernst
 

Dear Lisa, dear fellow Me2B Alliance members,

as I expressed verbally to Lisa earlier today, I am resigning from the board of directors of the Me2B Alliance, and my position as as officer, effectively immediately.

It has been an interesting ride since when Lisa, myself and a few others first started building this organization over a year ago. I continue to believe that explaining “the problem” as a relationship problem between Me’s and B’s is excellent, and uniquely insightful, and that it can be used as a “wedge” to identify companies and products that do “the right thing” for their customers vs those that have other goals in mind, with the goal of transforming this multi-(m/b/tr)illion market. This is a very worth-while activity and the world will be better off if/when it succeeds.

Now that Me2B Alliance is focusing on putting its first product out, and working on putting itself on a long-term sustainable financial foundation, I believe it is time to build a different board of directors who are committed to the organization to the next level and thus I am stepping down.

I wish the Alliance, and its mission, all the success, and obviously I won’t disappear from the community. Feel free to reach out; you know where to find me.

Best,



Johannes Ernst.


Re: Apple releases new privacy labels

Iain Henderson
 

Interesting thanks Jim, Apple are certainly leading the way in GAFA terms.

On 22 Jun 2020, at 21:20, Jim Pasquale <jim@...> wrote:

From the WWDC today, see the attachment for details <screenshot_669.png>


Apple releases new privacy labels

Jim Pasquale <jim@...>
 

From the WWDC today, see the attachment for details


Re: Best practice templates for tech governance

sldavid
 

Evidently my last message was encrypted by some random outlook feature.

Please see below for a re-sending of my reply to Johannes responding to his inquiry about the context of the development of the Distributed Data Management Agreement that was previously sent around.

Sorry about the earlier unintended encryption!

Kind regards, 
Scott

Scott L. David


Executive Director

Information Risk Research Initiative 

University of Washington - Applied Physics Laboratory


m- 206-715-0859

Tw - @ScottLDavid



From: Scott David <sldavid@...>
Sent: Friday, June 19, 2020 12:30 PM
To: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Best practice templates for tech governance
 
Yes indeed.

This is early stuff (2012-ish).

I wrote a "Wall Street style" contract (long, detailed, legalese), with the idea of my 84 year old mother being the client.  I started from scratch and built up the proposal from a combination of banking and finance precursors, but with attention to formalizing nascent "data" rights so that data flows and uses could be trusted in accordance with all parties' expectations - and in particular the expectations of the least powerful parties involved (typically the individual data subject - aka "Mom"). 

Post 2008, "narrow banking" was promoted as a return to simpler roots.  Narrow banking was basic security and leverage services offered for folks to attract their money from under their mattresses and into bank deposits so that banks can engage in fractional reserve lending.

The uniformity of "bank" services has been achieved through a combination of regulation, treaty and contract.  You can put your money in any bank and get pretty much the same benefits.  The "banks" are really creatures/creations of regulation, and are pretty much standardized.  Having worked in finance and banking for much of my legal career, I recognized that "money" is, in fact, just data entries.  I figured, why not look at the structures of global data/money systems to gain insight into large scale data flow plumbing?

I realized that it is possible to launch a data management services sector with standard contract terms.  Just like PCI-DSS (payment cards), NACHA (checks), etc. The "Contracts" would include (or normatively cross reference) relevant business, operating, legal, technical and social (BOLTS) variables and performance parameters to satisfy various groups of stakeholders.

Occupy Main Street
The contract plants a flag in regulatory blank space.  Specifically, since most "data" regulation lamentably takes the form of "privacy" regulation (and vice versa!), and because the 5th order effect of Moore's law was an exponential increase in interactions, there is PLENTY of new, unregulated interaction space in which to craft individual and institutional rights and duties through contract mechanisms.   

We "act" as if our existing laws and concepts are fit for function at the present level of interaction complexity, but in doing so actually aggravate existing harms.  We should at least avoid avoidable harms by not using institutional tools that were not designed to leverage or de-risk the volumes or types of interactions currently enabled by global distributed networked information/interaction systems.  The current simultaneous erosion or ALL institutions (nation states, markets, social/cultural institutions is not a coincidence, but rather an artifact of this increasingly lethal institutional nostalgia. 

I built the contract to provide my mom (and by extension other human, non-tech-oriented citizens who will not have the advantage of legal representation) with the types and depths of contract protections that have historically been most often available to well resourced institutions, etc. 

The powerpoint sets forth the value proposition.  

Many folks will balk at the notion of people as data producers (gulp!).  Commodification of self (via appropriation of interaction attributes) is among the final victories of late-stage capitalism, and has already progressed well beyond levels that are conducive to human thriving and survival.  We are not commodities.  We can, however, self-bind to structures of discretion limitation to form groups to do stuff together (barn raising at scale, etc.) .  We all stop at red lights (constrain liberty) to increase safety at the crossroads.

The contract is intended as a transparent Trojan horse to enable individuals to accrete power in new blank interaction spaces by forming the equivalent of distributed data selling cooperatives (yikes!), each determining the terms upon which data about them is kept secret and/or made available for defined uses (under section 3 of the agreement, the local "de-identification" and other rules apply to a given instantiation of the agreement - like a master services agreement that anticipates exhibits, etc.).  

Some folks understandably balk at the use of market tactics, and the potential for capitalist co-option of the effort, which may risk yielding the further violence of markets that feature "people for sale."  Capitalism focuses on capital at the expense of labor, and post-Fordism (and its offshoring of work, etc.) has accelerated that trend.  Mnuchin said "whatever it takes" regarding CAPITAL markets - but no similar statement has been made about labor, society, people, life, etc.  This is wholly unacceptable, and indicates structures of power that do not serve human interests.  

Unfortunately, there are no mommies and daddies out there looking after people - We the People need to do it for ourselves, using whatever strategies and tactics are available to us - even so far as repurposing those tactics that have led to the subjugation of human interests to capital.  The notion of economic power as a precursor to social power has been the exclusive province of corporations (and their few wealthy founders/owners).  Labor unions accreted social power through economic power, so the tactic is not without precedent.  

At present, it is not human labor that is sought by capitalist structures, but rather human data.  To date, we the people are not organized, so the data is extracted without constraint.  The result is existential/psychological/civilization disaster, much as the extractions of mining, energy sector, industrial farming, etc. etc. have been disasters for the jurisdictions in which they were sited to serve global markets.

The approach suggested in the materials is an effort to tame that beast via the paradigm of shared "risk commons," thereby utilizing a self-regulatory pathway that has demonstrated success in fisheries, water management and other contexts where public goods intersect with capitalist enclosure pressures.  

To me, data is a public good that has the potential to be managed as a commons (gasp!), but information is not.  Data plus meaning equals information.  This realization requires a shift to a harms-based regime (like traditional torts of privacy), rather than a (rather clumsy) effort to regulate data flows themselves.  Consider, we don't outlaw rocks, just because they can be thrown at people - We recognize that rocks, like data, are dual use (good and bad purposes) and we outlaw doing harm with rocks.  Data is rocks.

The idea of the contract is to convert traditional privacy torts (intrusion, intrusion with publication, defamation and misappropriation) into contract rights, so that they can be clarified by the stakeholders involved AND so that more predictable contract duties can be adopted by institutions.  The provision of those duties at large scales supports an "agency" (including fiduciary-type agents) sector that currently does not exist.

But I digress. . .

I enthusiastically invite critiques of the ideas reflected in the materials (whether constructive or vituperative - all are helpful!)

Warm regards, 
Scott

Scott L. David


Executive Director

Information Risk Research Initiative 

University of Washington - Applied Physics Laboratory


m- 206-715-0859

Tw - @ScottLDavid



From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> on behalf of Johannes Ernst <jernst@...>
Sent: Friday, June 19, 2020 11:26 AM
To: main@me2balliance.groups.io <main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Best practice templates for tech governance
 
You did some work there :-) Can you provide some context, like what this was developed for and where you see it going?

On Jun 18, 2020, at 20:17, sldavid <sldavid@...> wrote:

What if. . . 

please see attached.

Kind regards, 
Scott

Scott L. David

Executive Director
Information Risk Research Initiative 
University of Washington - Applied Physics Laboratory

m- 206-715-0859
Tw - @ScottLDavid



From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> on behalf of John Wunderlich <john@...>
Sent: Thursday, June 18, 2020 12:56 PM
To: main@me2balliance.groups.io <main@me2balliance.groups.io>; main@Me2BAlliance.groups.io<main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Best practice templates for tech governance
 
Richard;

As you point out in your excellent paper, fiduciary arrangements are based on asymmetries of power. I look at Bottom Up Data Trusts (Delacroix and Lawrence) https://academic.oup.com/idpl/article/9/4/236/5579842 and see the possibility of trusts with fiduciary obligations, yes, but also the possibility of data trusts with democratic or participatory structures that allow the persons whose data is in the trust to decide the appropriate uses and accesses to their data. This brings back the notion of a commons and creates entities that hold the data who can then negotiate as equals with the entities that want the data - reducing the power asymmetries at a structural level. 


Thanks,
JW
On Jun 18, 2020, 13:41 -0400, Richard Whitt <Richard@...>, wrote:
Johannes:

I believe there are a good number of governance templates possible.  My particular area of focus is the governance family of what you could call trust institutions -- fiduciaries, legal trusts, stewards, custodians, certified professions.  These are rooted in the common law, with the express acknowledgement of power asymmetries between individuals and entities, based on significant gaps in expertise and the necessary sharing of sensitive information (think your doctor, your lawyer).  The common law for much of this would impose certain enforceable duties and obligations (care, loyalty, good faith, confidentiality, etc.) as a way to both reduce those power asymmetries, and empower the individual.  Some believe we can place the trust element within our tech (blockchain/distributed ledgers, for example), but I am sceptical that tech alone is the answer.  At the end of the day, we still need an accountable human being in whom to place our trust.

As you suggest, ideally each of those trust institutional models would have its own governance template, and people could pick and choose the one(s) they prefer to adopt (as entities) and deal with (as individuals).  My conception is that we may well end up with multiple kinds of digital trust institutions in our lives -- trustmediaries, information fiduciaries, data trusts, data commons, and so on -- each with a particular purpose.  Messy, most likely, and would bring the friction/costs of intermediaries back into the Web.  But at least it would give people some options.  I'm trying to do my part to flesh out the concept of the trustmediary, for example, and working with folks at Mozilla Foundation and elsewhere to create actual prototypes.

-Richard

On Wed, Jun 17, 2020 at 10:20 PM Johannes Ernst <jernst@...> wrote:
Do you think it would be fair to say that the trustmediary model is one — or perhaps one family of — templates for governance, in my terminology here?

If somebody wanted to set up a trustmediary, they could use the/a “trustmediary template” from the library and by adhering to that template (which, as part of it, would have monitoring capabilities that confirm the governance is actually being executed as intended) they could communicate to their customers/prospects that they are indeed trustworthy?

(It seems that multiple trustmediaries will probably end up with comparable governance models, …?)


On Jun 17, 2020, at 12:57, Richard Whitt <richard@...> wrote:

Thanks Johannes.  FWIW, I find the concept of templatizing digital governance for the entities themselves (beyond their products and services) germane to the longer term work of the PaLs (Policy and Legal stuff) Working Group.  It may also come up as an option in the current work on our "alt-consent" proposals.

As you know, I'm a fan of the digital trustmediary model, buttressed by various compliance/enforcement mechanisms (professional code of conduct, government procurement requirements, legal safeguards, etc.).  But there are potentially a number of different pathways to creating good governance.

-Richard


On Wed, Jun 17, 2020 at 11:47 AM Johannes Ernst <jernst@...> wrote:
Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)




Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088






--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@...  | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088


<indie-computing-logo-01.png>



--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@...  | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (partsone, two, and three) making the case for personal AIs.

<2017 jan 18 Big Data with Privacy Engine.ppt><2017 jan 18 data rights distributed management services agreement.docx>


Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088




Re: Best practice templates for tech governance

Matthias De Bièvre
 

Yes i wrote a paper with them for n the EC data strategy, here it is: 

For this it was developed to provide ecosystems with tools to build human centric data networks, they tackle all subjects : legal, technical, ethical, business imo they only miss UX. They have templates for the networks to work from and propose a governance model. SITRA has been funding such data networks in Finland. 

It is a great methodology to apply when you have organizations that want to go towards the human centric way but don’t know how, as it is quite complex and unknown.
For me it is the most advanced and comprehensive framework, this is what we are applying with the Skills Alliance (see paper attached, 30 organizations from 6 countries creating human centric skills data networks).
And you have the blueprint that provides the technical architecture.
I’m very happy to discover other frameworks and governance models for these kinds of networks as we are experimenting them.

Le ven. 19 juin 2020 à 20:26, Johannes Ernst <jernst@...> a écrit :
You did some work there :-) Can you provide some context, like what this was developed for and where you see it going?

On Jun 18, 2020, at 20:17, sldavid <sldavid@...> wrote:

What if. . . 

please see attached.

Kind regards, 
Scott

Scott L. David

Executive Director
Information Risk Research Initiative 
University of Washington - Applied Physics Laboratory

m- 206-715-0859
Tw - @ScottLDavid



From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> on behalf of John Wunderlich <john@...>
Sent: Thursday, June 18, 2020 12:56 PM
To: main@me2balliance.groups.io <main@me2balliance.groups.io>; main@Me2BAlliance.groups.io<main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Best practice templates for tech governance
 
Richard;

As you point out in your excellent paper, fiduciary arrangements are based on asymmetries of power. I look at Bottom Up Data Trusts (Delacroix and Lawrence) https://academic.oup.com/idpl/article/9/4/236/5579842 and see the possibility of trusts with fiduciary obligations, yes, but also the possibility of data trusts with democratic or participatory structures that allow the persons whose data is in the trust to decide the appropriate uses and accesses to their data. This brings back the notion of a commons and creates entities that hold the data who can then negotiate as equals with the entities that want the data - reducing the power asymmetries at a structural level. 


Thanks,
JW
On Jun 18, 2020, 13:41 -0400, Richard Whitt <Richard@...>, wrote:
Johannes:

I believe there are a good number of governance templates possible.  My particular area of focus is the governance family of what you could call trust institutions -- fiduciaries, legal trusts, stewards, custodians, certified professions.  These are rooted in the common law, with the express acknowledgement of power asymmetries between individuals and entities, based on significant gaps in expertise and the necessary sharing of sensitive information (think your doctor, your lawyer).  The common law for much of this would impose certain enforceable duties and obligations (care, loyalty, good faith, confidentiality, etc.) as a way to both reduce those power asymmetries, and empower the individual.  Some believe we can place the trust element within our tech (blockchain/distributed ledgers, for example), but I am sceptical that tech alone is the answer.  At the end of the day, we still need an accountable human being in whom to place our trust.

As you suggest, ideally each of those trust institutional models would have its own governance template, and people could pick and choose the one(s) they prefer to adopt (as entities) and deal with (as individuals).  My conception is that we may well end up with multiple kinds of digital trust institutions in our lives -- trustmediaries, information fiduciaries, data trusts, data commons, and so on -- each with a particular purpose.  Messy, most likely, and would bring the friction/costs of intermediaries back into the Web.  But at least it would give people some options.  I'm trying to do my part to flesh out the concept of the trustmediary, for example, and working with folks at Mozilla Foundation and elsewhere to create actual prototypes.

-Richard

On Wed, Jun 17, 2020 at 10:20 PM Johannes Ernst <jernst@...> wrote:
Do you think it would be fair to say that the trustmediary model is one — or perhaps one family of — templates for governance, in my terminology here?

If somebody wanted to set up a trustmediary, they could use the/a “trustmediary template” from the library and by adhering to that template (which, as part of it, would have monitoring capabilities that confirm the governance is actually being executed as intended) they could communicate to their customers/prospects that they are indeed trustworthy?

(It seems that multiple trustmediaries will probably end up with comparable governance models, …?)


On Jun 17, 2020, at 12:57, Richard Whitt <richard@...> wrote:

Thanks Johannes.  FWIW, I find the concept of templatizing digital governance for the entities themselves (beyond their products and services) germane to the longer term work of the PaLs (Policy and Legal stuff) Working Group.  It may also come up as an option in the current work on our "alt-consent" proposals.

As you know, I'm a fan of the digital trustmediary model, buttressed by various compliance/enforcement mechanisms (professional code of conduct, government procurement requirements, legal safeguards, etc.).  But there are potentially a number of different pathways to creating good governance.

-Richard


On Wed, Jun 17, 2020 at 11:47 AM Johannes Ernst <jernst@...> wrote:
Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)




Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088






--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@...  | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088


<indie-computing-logo-01.png>



--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@...  | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (partsone, two, and three) making the case for personal AIs.

<2017 jan 18 Big Data with Privacy Engine.ppt><2017 jan 18 data rights distributed management services agreement.docx>


Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088



--
Matthias De Bièvre
Fondateur VISIONS
+336.42.90.04.13
366 rue de Vaugirard 
75015


FW: The FIDO Standard: FIDO Debuts New Consumer Site, Upcoming Events and more!

Lisa LeVasseur
 

Hi friends,

 

I hope everyone’s having a great weekend!

 

Our friends in the FIDO alliance have put together some consumer oriented information for  their standard.  Will be interesting to see how everyday people respond. 

 

Lisa

 

From: FIDO Alliance <info@...>
Sent: Monday, June 15, 2020 11:16 AM
To: Lisa LeVasseur <lisa@...>
Subject: The FIDO Standard: FIDO Debuts New Consumer Site, Upcoming Events and more!

 

Don't miss a thing!

 

 

Welcome to this month's issue of the FIDO Standard, 

where we recap the latest FIDO Authentication news

 

 

 

FIDO Alliance launched a new site and suite of supporting assets aimed at educating consumers and their service providers on the benefits of FIDO’s approach to simpler, stronger user authentication. At the core of this effort is the debut of loginwithFIDO.com, a site to inform people about FIDO Authentication technologies. It launches in conjunction with the FIDO “I-Mark”, an easy-to-spot symbol that indicates the device or website consumers are using is authenticating with FIDO technology. 

 

Want more information on FIDO Alliance's new educational initiative and research? 

Check out these resources:

 

 

 

 

 

 

 

The FIDO Alliance, backed by Apple and Google, debuts loginwithFIDOcom
The FIDO Alliance, which is backed by Apple, Google, and Microsoft want to eliminate password complexity. FIDO launched a brand new website to help educate consumers on what Login with FIDO is all about, reports 9to5Mac for Apple News.

 

 

World Password Day: I Hate My PA$SW*RD
Authentication is an important area that needs much greater focus and attention from standard consortiums. A great example of an organization trying to get its arms around authentication is the FIDO Alliance, which addresses issues around authentication usability problems, says Security Boulevard.

 

 

Like Microsoft, Yubico is a leading contributor to the FIDO2 passwordless authentication standards (...) 90% of Microsoft employees are passwordless today using the company's alternative identification options, Windows Hello, the Microsoft Authenticator, and FIDO2 security keys (...), reports Business Insider.

 

 

 

Upcoming Identiverse Conference – New Virtual Series

 

FIDO Alliance is a longtime sponsor and supporter of Identiverse and is excited to engage in its virtual presence this year. You can check out this year’s FIDO contents at Identiverse here, featuring presentations from FIDO Alliance, Yubico, eBay, and others.

 

 

 

 

Upcoming MasterCard Virtual Cyber & Risk Summit:

Future of Authentication Panel Session

June 17 | 1:45 pm - 2:10 pm ET

 

In this panel, executives from major eCommerce platforms and standards will discuss interoperable authentication capabilities that significantly streamline the checkout experience and even bring to bear concepts like delegation of authentication in PSD2 regions. The end goal? Making authentication simple, seamless and secure to boost approval rates for digital transactions.

 

Speakers: 

  • Christiaan Brand, Identity & Security, Google
  • Ashish Jain, Product Management Executive, Identity, Mobility & Analytics, eBay
  • Ranjita Iyer, SVP, at Identity Solutions
  • Brent Whittington, Senior Director, Enterprise Fraud, Ally

 

Moderator: Andrew Shikiar, Executive Director & CMO, FIDO Alliance

 

 

 

 

FIDO Member Webinar from Centrify: 

MFA – Moving the World Beyond Passwords

June 18 | 9:00 am PT / 12:00 pm ET

 

Join Centrify executives and FIDO Executive Director & CMO Andrew Shikiar for a live webinar “MFA: Moving the World Beyond Passwords” as they discuss moving beyond passwords with multi-factor authentication.

 

Speakers:

  • Andrew Shikiar, Executive Director & CMO, FIDO Alliance
  • Tony Goulding, Cyber Security & Product Evangelist, Centrify
  • Brad Shewmake, Director of Corporate Communications, Centrify

 

 

 

 

 

Over the last several years, eIDAS regulation has been widely adopted by the EU member states, and several eIDAS-compliant services and eID schemes have been rolled out across Europe. FIDO Authentication is a natural fit for the delivery of services that meet eIDAS regulations, and many of our members are working with governments and service providers to enable secure and seamless electronic interactions throughout the EU.

 

 

 

 

 

The paper focuses on strategy and provides guidance on how to deploy FIDO Authentication with multiple authenticators. It discusses how to register new authenticators bound to an already-registered authenticator, security considerations, coverage/authenticator options, usability, and policy, based on FIDO-enabled browsers and platforms. It provides recommendations for registration methods and policy examples for deploying the solution.

 

FIDO Alliance

401 Edgewater Place, Suite 600, Wakefield, MA 01880

Unsubscribe - Unsubscribe Preferences


Re: Best practice templates for tech governance

sldavid
 

Scott David (sldavid@...) has sent you a protected message.






Learn about messages protected by Office 365 Message Encryption.
Privacy Statement

Email encryption powered by Office 365. Learn More
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052


Re: Best practice templates for tech governance

 

You did some work there :-) Can you provide some context, like what this was developed for and where you see it going?

On Jun 18, 2020, at 20:17, sldavid <sldavid@...> wrote:

What if. . . 

please see attached.

Kind regards, 
Scott

Scott L. David

Executive Director
Information Risk Research Initiative 
University of Washington - Applied Physics Laboratory

m- 206-715-0859
Tw - @ScottLDavid



From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> on behalf of John Wunderlich <john@...>
Sent: Thursday, June 18, 2020 12:56 PM
To: main@me2balliance.groups.io <main@me2balliance.groups.io>; main@Me2BAlliance.groups.io<main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Best practice templates for tech governance
 
Richard;

As you point out in your excellent paper, fiduciary arrangements are based on asymmetries of power. I look at Bottom Up Data Trusts (Delacroix and Lawrence) https://academic.oup.com/idpl/article/9/4/236/5579842 and see the possibility of trusts with fiduciary obligations, yes, but also the possibility of data trusts with democratic or participatory structures that allow the persons whose data is in the trust to decide the appropriate uses and accesses to their data. This brings back the notion of a commons and creates entities that hold the data who can then negotiate as equals with the entities that want the data - reducing the power asymmetries at a structural level. 


Thanks,
JW
On Jun 18, 2020, 13:41 -0400, Richard Whitt <Richard@...>, wrote:
Johannes:

I believe there are a good number of governance templates possible.  My particular area of focus is the governance family of what you could call trust institutions -- fiduciaries, legal trusts, stewards, custodians, certified professions.  These are rooted in the common law, with the express acknowledgement of power asymmetries between individuals and entities, based on significant gaps in expertise and the necessary sharing of sensitive information (think your doctor, your lawyer).  The common law for much of this would impose certain enforceable duties and obligations (care, loyalty, good faith, confidentiality, etc.) as a way to both reduce those power asymmetries, and empower the individual.  Some believe we can place the trust element within our tech (blockchain/distributed ledgers, for example), but I am sceptical that tech alone is the answer.  At the end of the day, we still need an accountable human being in whom to place our trust.

As you suggest, ideally each of those trust institutional models would have its own governance template, and people could pick and choose the one(s) they prefer to adopt (as entities) and deal with (as individuals).  My conception is that we may well end up with multiple kinds of digital trust institutions in our lives -- trustmediaries, information fiduciaries, data trusts, data commons, and so on -- each with a particular purpose.  Messy, most likely, and would bring the friction/costs of intermediaries back into the Web.  But at least it would give people some options.  I'm trying to do my part to flesh out the concept of the trustmediary, for example, and working with folks at Mozilla Foundation and elsewhere to create actual prototypes.

-Richard

On Wed, Jun 17, 2020 at 10:20 PM Johannes Ernst <jernst@...> wrote:
Do you think it would be fair to say that the trustmediary model is one — or perhaps one family of — templates for governance, in my terminology here?

If somebody wanted to set up a trustmediary, they could use the/a “trustmediary template” from the library and by adhering to that template (which, as part of it, would have monitoring capabilities that confirm the governance is actually being executed as intended) they could communicate to their customers/prospects that they are indeed trustworthy?

(It seems that multiple trustmediaries will probably end up with comparable governance models, …?)


On Jun 17, 2020, at 12:57, Richard Whitt <richard@...> wrote:

Thanks Johannes.  FWIW, I find the concept of templatizing digital governance for the entities themselves (beyond their products and services) germane to the longer term work of the PaLs (Policy and Legal stuff) Working Group.  It may also come up as an option in the current work on our "alt-consent" proposals.

As you know, I'm a fan of the digital trustmediary model, buttressed by various compliance/enforcement mechanisms (professional code of conduct, government procurement requirements, legal safeguards, etc.).  But there are potentially a number of different pathways to creating good governance.

-Richard


On Wed, Jun 17, 2020 at 11:47 AM Johannes Ernst <jernst@...> wrote:
Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)




Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088






--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@...  | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088


<indie-computing-logo-01.png>



--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@...  | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (partsone, two, and three) making the case for personal AIs.

<2017 jan 18 Big Data with Privacy Engine.ppt><2017 jan 18 data rights distributed management services agreement.docx>


Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088




Re: Best practice templates for tech governance

Matthias De Bièvre
 

Le mer. 17 juin 2020 à 20:47, Johannes Ernst <jernst@...> a écrit :
Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)




Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088


--
Matthias De Bièvre
Fondateur VISIONS
+336.42.90.04.13
366 rue de Vaugirard 
75015


Re: Best practice templates for tech governance

sldavid
 

What if. . . 

please see attached.

Kind regards, 
Scott

Scott L. David


Executive Director

Information Risk Research Initiative 

University of Washington - Applied Physics Laboratory


m- 206-715-0859

Tw - @ScottLDavid



From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> on behalf of John Wunderlich <john@...>
Sent: Thursday, June 18, 2020 12:56 PM
To: main@me2balliance.groups.io <main@me2balliance.groups.io>; main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Best practice templates for tech governance
 
Richard;

As you point out in your excellent paper, fiduciary arrangements are based on asymmetries of power. I look at Bottom Up Data Trusts (Delacroix and Lawrence) https://academic.oup.com/idpl/article/9/4/236/5579842 and see the possibility of trusts with fiduciary obligations, yes, but also the possibility of data trusts with democratic or participatory structures that allow the persons whose data is in the trust to decide the appropriate uses and accesses to their data. This brings back the notion of a commons and creates entities that hold the data who can then negotiate as equals with the entities that want the data - reducing the power asymmetries at a structural level. 


Thanks,
JW
On Jun 18, 2020, 13:41 -0400, Richard Whitt <Richard@...>, wrote:
Johannes:

I believe there are a good number of governance templates possible.  My particular area of focus is the governance family of what you could call trust institutions -- fiduciaries, legal trusts, stewards, custodians, certified professions.  These are rooted in the common law, with the express acknowledgement of power asymmetries between individuals and entities, based on significant gaps in expertise and the necessary sharing of sensitive information (think your doctor, your lawyer).  The common law for much of this would impose certain enforceable duties and obligations (care, loyalty, good faith, confidentiality, etc.) as a way to both reduce those power asymmetries, and empower the individual.  Some believe we can place the trust element within our tech (blockchain/distributed ledgers, for example), but I am sceptical that tech alone is the answer.  At the end of the day, we still need an accountable human being in whom to place our trust.

As you suggest, ideally each of those trust institutional models would have its own governance template, and people could pick and choose the one(s) they prefer to adopt (as entities) and deal with (as individuals).  My conception is that we may well end up with multiple kinds of digital trust institutions in our lives -- trustmediaries, information fiduciaries, data trusts, data commons, and so on -- each with a particular purpose.  Messy, most likely, and would bring the friction/costs of intermediaries back into the Web.  But at least it would give people some options.  I'm trying to do my part to flesh out the concept of the trustmediary, for example, and working with folks at Mozilla Foundation and elsewhere to create actual prototypes.

-Richard

On Wed, Jun 17, 2020 at 10:20 PM Johannes Ernst <jernst@...> wrote:
Do you think it would be fair to say that the trustmediary model is one — or perhaps one family of — templates for governance, in my terminology here?

If somebody wanted to set up a trustmediary, they could use the/a “trustmediary template” from the library and by adhering to that template (which, as part of it, would have monitoring capabilities that confirm the governance is actually being executed as intended) they could communicate to their customers/prospects that they are indeed trustworthy?

(It seems that multiple trustmediaries will probably end up with comparable governance models, …?)


On Jun 17, 2020, at 12:57, Richard Whitt <richard@...> wrote:

Thanks Johannes.  FWIW, I find the concept of templatizing digital governance for the entities themselves (beyond their products and services) germane to the longer term work of the PaLs (Policy and Legal stuff) Working Group.  It may also come up as an option in the current work on our "alt-consent" proposals.

As you know, I'm a fan of the digital trustmediary model, buttressed by various compliance/enforcement mechanisms (professional code of conduct, government procurement requirements, legal safeguards, etc.).  But there are potentially a number of different pathways to creating good governance.

-Richard


On Wed, Jun 17, 2020 at 11:47 AM Johannes Ernst <jernst@...> wrote:
Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)




Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088






--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@... | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088





--
______________________________________________


Richard S. Whitt

President, GLIA Foundation

richard@... | 650.450.1705

Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.


Re: Best practice templates for tech governance

Lisa LeVasseur
 

Which reminds me of privacy coop. https://privacyco-op.com/welcome

 

From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> On Behalf Of John Wunderlich
Sent: Thursday, June 18, 2020 12:57 PM
To: main@me2balliance.groups.io; main@Me2BAlliance.groups.io
Subject: Re: [Me2BAlliance] Best practice templates for tech governance

 

Richard;

As you point out in your excellent paper, fiduciary arrangements are based on asymmetries of power. I look at Bottom Up Data Trusts (Delacroix and Lawrence) https://academic.oup.com/idpl/article/9/4/236/5579842 and see the possibility of trusts with fiduciary obligations, yes, but also the possibility of data trusts with democratic or participatory structures that allow the persons whose data is in the trust to decide the appropriate uses and accesses to their data. This brings back the notion of a commons and creates entities that hold the data who can then negotiate as equals with the entities that want the data - reducing the power asymmetries at a structural level. 



Thanks,

JW

On Jun 18, 2020, 13:41 -0400, Richard Whitt <Richard@...>, wrote:

Johannes:

 

I believe there are a good number of governance templates possible.  My particular area of focus is the governance family of what you could call trust institutions -- fiduciaries, legal trusts, stewards, custodians, certified professions.  These are rooted in the common law, with the express acknowledgement of power asymmetries between individuals and entities, based on significant gaps in expertise and the necessary sharing of sensitive information (think your doctor, your lawyer).  The common law for much of this would impose certain enforceable duties and obligations (care, loyalty, good faith, confidentiality, etc.) as a way to both reduce those power asymmetries, and empower the individual.  Some believe we can place the trust element within our tech (blockchain/distributed ledgers, for example), but I am sceptical that tech alone is the answer.  At the end of the day, we still need an accountable human being in whom to place our trust.

 

As you suggest, ideally each of those trust institutional models would have its own governance template, and people could pick and choose the one(s) they prefer to adopt (as entities) and deal with (as individuals).  My conception is that we may well end up with multiple kinds of digital trust institutions in our lives -- trustmediaries, information fiduciaries, data trusts, data commons, and so on -- each with a particular purpose.  Messy, most likely, and would bring the friction/costs of intermediaries back into the Web.  But at least it would give people some options.  I'm trying to do my part to flesh out the concept of the trustmediary, for example, and working with folks at Mozilla Foundation and elsewhere to create actual prototypes.

 

-Richard

 

On Wed, Jun 17, 2020 at 10:20 PM Johannes Ernst <jernst@...> wrote:

Do you think it would be fair to say that the trustmediary model is one — or perhaps one family of — templates for governance, in my terminology here?

 

If somebody wanted to set up a trustmediary, they could use the/a “trustmediary template” from the library and by adhering to that template (which, as part of it, would have monitoring capabilities that confirm the governance is actually being executed as intended) they could communicate to their customers/prospects that they are indeed trustworthy?

 

(It seems that multiple trustmediaries will probably end up with comparable governance models, …?)

 



On Jun 17, 2020, at 12:57, Richard Whitt <richard@...> wrote:

 

Thanks Johannes.  FWIW, I find the concept of templatizing digital governance for the entities themselves (beyond their products and services) germane to the longer term work of the PaLs (Policy and Legal stuff) Working Group.  It may also come up as an option in the current work on our "alt-consent" proposals.

 

As you know, I'm a fan of the digital trustmediary model, buttressed by various compliance/enforcement mechanisms (professional code of conduct, government procurement requirements, legal safeguards, etc.).  But there are potentially a number of different pathways to creating good governance.

 

-Richard

 

 

On Wed, Jun 17, 2020 at 11:47 AM Johannes Ernst <jernst@...> wrote:

Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)

 

 

 


Johannes Ernst

 

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088

 

 

 

 



--

______________________________________________

Richard S. Whitt

President, GLIA Foundation

richard@... | 650.450.1705

Building a more trustworthy and human-agential Web

 

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.

 

 


Johannes Ernst

 

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088

 


 



--

______________________________________________

Richard S. Whitt

President, GLIA Foundation

richard@... | 650.450.1705

Building a more trustworthy and human-agential Web

 

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.

 


Re: Best practice templates for tech governance

 

Anybody care to make a list and publish it somewhere? Might be useful :-)

On Jun 18, 2020, at 12:56, John Wunderlich <john@...> wrote:

Richard;

As you point out in your excellent paper, fiduciary arrangements are based on asymmetries of power. I look at Bottom Up Data Trusts (Delacroix and Lawrence) https://academic.oup.com/idpl/article/9/4/236/5579842 and see the possibility of trusts with fiduciary obligations, yes, but also the possibility of data trusts with democratic or participatory structures that allow the persons whose data is in the trust to decide the appropriate uses and accesses to their data. This brings back the notion of a commons and creates entities that hold the data who can then negotiate as equals with the entities that want the data - reducing the power asymmetries at a structural level. 


Thanks,
JW
On Jun 18, 2020, 13:41 -0400, Richard Whitt <Richard@...>, wrote:
Johannes:

I believe there are a good number of governance templates possible.  My particular area of focus is the governance family of what you could call trust institutions -- fiduciaries, legal trusts, stewards, custodians, certified professions.  These are rooted in the common law, with the express acknowledgement of power asymmetries between individuals and entities, based on significant gaps in expertise and the necessary sharing of sensitive information (think your doctor, your lawyer).  The common law for much of this would impose certain enforceable duties and obligations (care, loyalty, good faith, confidentiality, etc.) as a way to both reduce those power asymmetries, and empower the individual.  Some believe we can place the trust element within our tech (blockchain/distributed ledgers, for example), but I am sceptical that tech alone is the answer.  At the end of the day, we still need an accountable human being in whom to place our trust.

As you suggest, ideally each of those trust institutional models would have its own governance template, and people could pick and choose the one(s) they prefer to adopt (as entities) and deal with (as individuals).  My conception is that we may well end up with multiple kinds of digital trust institutions in our lives -- trustmediaries, information fiduciaries, data trusts, data commons, and so on -- each with a particular purpose.  Messy, most likely, and would bring the friction/costs of intermediaries back into the Web.  But at least it would give people some options.  I'm trying to do my part to flesh out the concept of the trustmediary, for example, and working with folks at Mozilla Foundation and elsewhere to create actual prototypes.

-Richard

On Wed, Jun 17, 2020 at 10:20 PM Johannes Ernst <jernst@...> wrote:
Do you think it would be fair to say that the trustmediary model is one — or perhaps one family of — templates for governance, in my terminology here?

If somebody wanted to set up a trustmediary, they could use the/a “trustmediary template” from the library and by adhering to that template (which, as part of it, would have monitoring capabilities that confirm the governance is actually being executed as intended) they could communicate to their customers/prospects that they are indeed trustworthy?

(It seems that multiple trustmediaries will probably end up with comparable governance models, …?)


On Jun 17, 2020, at 12:57, Richard Whitt <richard@...> wrote:

Thanks Johannes.  FWIW, I find the concept of templatizing digital governance for the entities themselves (beyond their products and services) germane to the longer term work of the PaLs (Policy and Legal stuff) Working Group.  It may also come up as an option in the current work on our "alt-consent" proposals.

As you know, I'm a fan of the digital trustmediary model, buttressed by various compliance/enforcement mechanisms (professional code of conduct, government procurement requirements, legal safeguards, etc.).  But there are potentially a number of different pathways to creating good governance.

-Richard


On Wed, Jun 17, 2020 at 11:47 AM Johannes Ernst <jernst@...> wrote:
Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)




Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088






--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@... | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088


<indie-computing-logo-01.png>





--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@... | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088




Re: Best practice templates for tech governance

John Wunderlich
 

Richard;

As you point out in your excellent paper, fiduciary arrangements are based on asymmetries of power. I look at Bottom Up Data Trusts (Delacroix and Lawrence) https://academic.oup.com/idpl/article/9/4/236/5579842 and see the possibility of trusts with fiduciary obligations, yes, but also the possibility of data trusts with democratic or participatory structures that allow the persons whose data is in the trust to decide the appropriate uses and accesses to their data. This brings back the notion of a commons and creates entities that hold the data who can then negotiate as equals with the entities that want the data - reducing the power asymmetries at a structural level. 


Thanks,
JW

On Jun 18, 2020, 13:41 -0400, Richard Whitt <Richard@...>, wrote:
Johannes:

I believe there are a good number of governance templates possible.  My particular area of focus is the governance family of what you could call trust institutions -- fiduciaries, legal trusts, stewards, custodians, certified professions.  These are rooted in the common law, with the express acknowledgement of power asymmetries between individuals and entities, based on significant gaps in expertise and the necessary sharing of sensitive information (think your doctor, your lawyer).  The common law for much of this would impose certain enforceable duties and obligations (care, loyalty, good faith, confidentiality, etc.) as a way to both reduce those power asymmetries, and empower the individual.  Some believe we can place the trust element within our tech (blockchain/distributed ledgers, for example), but I am sceptical that tech alone is the answer.  At the end of the day, we still need an accountable human being in whom to place our trust.

As you suggest, ideally each of those trust institutional models would have its own governance template, and people could pick and choose the one(s) they prefer to adopt (as entities) and deal with (as individuals).  My conception is that we may well end up with multiple kinds of digital trust institutions in our lives -- trustmediaries, information fiduciaries, data trusts, data commons, and so on -- each with a particular purpose.  Messy, most likely, and would bring the friction/costs of intermediaries back into the Web.  But at least it would give people some options.  I'm trying to do my part to flesh out the concept of the trustmediary, for example, and working with folks at Mozilla Foundation and elsewhere to create actual prototypes.

-Richard

On Wed, Jun 17, 2020 at 10:20 PM Johannes Ernst <jernst@...> wrote:
Do you think it would be fair to say that the trustmediary model is one — or perhaps one family of — templates for governance, in my terminology here?

If somebody wanted to set up a trustmediary, they could use the/a “trustmediary template” from the library and by adhering to that template (which, as part of it, would have monitoring capabilities that confirm the governance is actually being executed as intended) they could communicate to their customers/prospects that they are indeed trustworthy?

(It seems that multiple trustmediaries will probably end up with comparable governance models, …?)


On Jun 17, 2020, at 12:57, Richard Whitt <richard@...> wrote:

Thanks Johannes.  FWIW, I find the concept of templatizing digital governance for the entities themselves (beyond their products and services) germane to the longer term work of the PaLs (Policy and Legal stuff) Working Group.  It may also come up as an option in the current work on our "alt-consent" proposals.

As you know, I'm a fan of the digital trustmediary model, buttressed by various compliance/enforcement mechanisms (professional code of conduct, government procurement requirements, legal safeguards, etc.).  But there are potentially a number of different pathways to creating good governance.

-Richard


On Wed, Jun 17, 2020 at 11:47 AM Johannes Ernst <jernst@...> wrote:
Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)




Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088






--
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@... | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088





--
______________________________________________


Richard S. Whitt

President, GLIA Foundation

richard@... | 650.450.1705

Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.


Re: Best practice templates for tech governance

Iain Henderson
 

Hi Richard, there are two examples of such trustmediaries bubbling up through the MyData Global (www.mydata.org ) that it would be good to get your take on.

1) Is the general concept of a ‘MyData Operator’; in short this is an effort to create a new industry category which by definition somehow facilitates personal data management for individuals, and which is ‘certified’ to be structurally neutral or more likely has a fiduciary duty to the individual. There are 49 orgs signed up, including 2 that i’m involved with.

The process of defining what it means to be a MyData Operator has taken about 18 months and has been pretty robust and well managed. We are now in a process of working what are now called Protocol-operators to get to a yet to be agreed certification model. This paper is the best overview. https://mydata.org/operators/

2) There is then a separate, COVID specific initiative led by myself and two others called ’the MyData Commons’ (i.e. a bottom up data-set of volunteered data from individuals; in legal terms most likely a data trust). To date we have been in prototype mode and have made good progress; now we are looking at how to move forward in both funded and volunteer driven mode. Best summary of that work is likely this blog post which covers more than the MyData commons, but enough of it to get the picture I think.


Let me know what you make of those if you have time to look.

Cheers

Iain

On 18 Jun 2020, at 18:41, Richard Whitt <richard@...> wrote:

Johannes:

I believe there are a good number of governance templates possible.  My particular area of focus is the governance family of what you could call trust institutions -- fiduciaries, legal trusts, stewards, custodians, certified professions.  These are rooted in the common law, with the express acknowledgement of power asymmetries between individuals and entities, based on significant gaps in expertise and the necessary sharing of sensitive information (think your doctor, your lawyer).  The common law for much of this would impose certain enforceable duties and obligations (care, loyalty, good faith, confidentiality, etc.) as a way to both reduce those power asymmetries, and empower the individual.  Some believe we can place the trust element within our tech (blockchain/distributed ledgers, for example), but I am sceptical that tech alone is the answer.  At the end of the day, we still need an accountable human being in whom to place our trust.

As you suggest, ideally each of those trust institutional models would have its own governance template, and people could pick and choose the one(s) they prefer to adopt (as entities) and deal with (as individuals).  My conception is that we may well end up with multiple kinds of digital trust institutions in our lives -- trustmediaries, information fiduciaries, data trusts, data commons, and so on -- each with a particular purpose.  Messy, most likely, and would bring the friction/costs of intermediaries back into the Web.  But at least it would give people some options.  I'm trying to do my part to flesh out the concept of the trustmediary, for example, and working with folks at Mozilla Foundation and elsewhere to create actual prototypes.

-Richard

On Wed, Jun 17, 2020 at 10:20 PM Johannes Ernst <jernst@...> wrote:
Do you think it would be fair to say that the trustmediary model is one — or perhaps one family of — templates for governance, in my terminology here?

If somebody wanted to set up a trustmediary, they could use the/a “trustmediary template” from the library and by adhering to that template (which, as part of it, would have monitoring capabilities that confirm the governance is actually being executed as intended) they could communicate to their customers/prospects that they are indeed trustworthy?

(It seems that multiple trustmediaries will probably end up with comparable governance models, …?)


On Jun 17, 2020, at 12:57, Richard Whitt <richard@...> wrote:

Thanks Johannes.  FWIW, I find the concept of templatizing digital governance for the entities themselves (beyond their products and services) germane to the longer term work of the PaLs (Policy and Legal stuff) Working Group.  It may also come up as an option in the current work on our "alt-consent" proposals.

As you know, I'm a fan of the digital trustmediary model, buttressed by various compliance/enforcement mechanisms (professional code of conduct, government procurement requirements, legal safeguards, etc.).  But there are potentially a number of different pathways to creating good governance.

-Richard


On Wed, Jun 17, 2020 at 11:47 AM Johannes Ernst <jernst@...> wrote:
Is this conceivably within the scope of Me2BA? (maybe not now / soon but some day?)




Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088






-- 
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@... | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088


<indie-computing-logo-01.png>





-- 
______________________________________________

Richard S. Whitt
President, GLIA Foundation
richard@... | 650.450.1705
Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.