March 24, 2017 VPWG Meeting Page

From IDESG Wiki
Jump to navigation Jump to search

VULNERABLE POPULATIONS WORKING GROUP MEETING NOTES

Attendees:

  • Denise Tayloe
  • Jim Kragh
  • Jeff Brennan
  • Tom Jones
  • Linda Braun, Global Inventures

Meeting Notes:

  • Jim Kragh led the call. Notes taken by Linda Braun
  • Meeting was called to order at 11:09 a.m. EDT

Minutes

  • Jeff Brennan moved to accept the March 10, 2017, minutes. Jim Kragh seconded. There was no discussion. The motion passed unanimously.
  • IPR policy reminder:

(http://wiki.idesg.org/portals/0/documents/governance/IDESG%20IPR-Policy.pdf)

  • VPWG on the wiki:

(https://wiki.idesg.org/wiki/index.php?title=Vulnerable_Populations)

  • VPWG Google drive:

(https://docs.google.com/spreadsheets/d/1jd7TOdPhXvANS2gbl-7ta1f3GhheGw0pxBlvkRI_nX0/edit?ts=58a61f88#gid=0)

  • Roll call. Quorum was achieved.

Old Business:

  • Linda Braun to help Catherine Schulten get access to the wiki.
    • Action Item closed
  • David Temoshok to help VPWG map the Minor’s Trust Framework to IDEF.
    • David added this to the TFTM work list for 2017
  • Lin Higgins and Roy Asfar from Veterans Advantage to a provide date when they could present their program to VPWG
    • No update
  • Dave Burhop to provide more information on the mobile driver’s proof of concept program at the Commonwealth of Virginia at our next meeting.
    • No Update
  • Wendy Fairfield to provide more information on FIDO
    • No update
  • Jim Kragh opened the meeting
  • The spreadsheet was sent out last week and we have not received any updates. Jim had asked the VPWG to provide four or five attributes for each category.
  • Jim met earlier in the week with Dave Burhop and Denise Tayloe and they decided we needed another way forward. That is, to develop a model for each of the three categories. In two weeks they will come back with an update to the VPWG. Then, Denise, Jim and Dave want to take two months to develop models as a proof of concept in each of the three categories.
  • We have a lot of “lost sheep” in our country, and many people cannot even get on the internet. Up to 20 percent of people don’t want help; others, who are interested, don’t know how to move forward.
  • There hasn’t been a unified process; as we talk about identity will these vulnerable populations see value?
  • Jim reviewed the updated spreadsheet and has asked the VPWG to fill in information in each category. Lead assignments have been made to each of the different categories: Low Income Children and Parents (Denise Tayloe); Homeless, Elderly, Uninsured, Veterans (Lin Higgins) and Prisoners before release receive community ID cards (Adam Migus). Jim discussed possible scenarios for each category. We need to see accountability; that will show success for the program.
  • Dave had a question about the percentage of the population who doesn’t want anything to do with identity. How do we account for them in this effort? 20 percent fall into this category. Jim mentioned an example in Florida where VP individuals don’t trust the health care system and go to a center managed by nuns where they can get medication and doctor’s services. In this case, the center is getting information using biometrics from these patients - a thumb or hand print. The patients feel comfortable and trust this approach.
  • Denise – children and people with dementia are vulnerable in the online space. There needs to be way for parents to enroll their child online in a safe way.
  • The challenge is to get the Replying Parties to engage.
  • Denise has Relaying Parties (RP), but stated that what she doesn’t have is the minor’s trust framework mapped to the IDEF. IDEF does nothing for minors.
  • How can the parent give knowledge to the RP that is age appropriate for a child? Can these devices indicate that there is a child involved?
  • These can be set up in a browser, but part of the problem is most parents don’t know how to do this and if they do, children are savvy enough to undo it. Children are getting internet enabled cell phones at age 10. We are worried about an 8-year old child going to Facebook and lying to get a credential.
  • Focus on delegation for our efforts. We can’t look at the device, so we need to look at delegation of authority. This will set the stage for our work going forward. We do the same for homeless and department of corrections.
  • Denise has a solution at PRIVO; it is a platform based on children. We now need to take that and integrate with the IDESG process. We can come up with some solid examples for children and build on what Denise has built. It has to come in a piecemeal format. It takes the VPWG expertise from each category. We want solutions that people can wrap their arms around.
  • Tom Jones asked how we can let someone know when they see the trust mark that a child is online. The trust mark should carry a message. There is a subset that we want people to look at. What can be trusted at what level?
  • Need to figure out how to mark the transaction according to Tom.
  • Operating systems are set up so they know when restricted accounts are accessed. This isn’t information that doesn’t exist, it just isn’t passed along.
  • Denise – If a 10-year old goes on the internet and wants to create a login credential. Children are creating login credentials and sometimes they need parent consent and sometimes they do not. Under COPPA you have to notify the parent. The system should be able to have levels of assurance of those assertions. Matel is afraid of giving credentials to children because they don’t have the tools to give parent consent.
  • Tom – If you have to prove that you are a parent, we end up with the same problem as mental health – you have to prove you are capable to take care of that mental person.
  • Denise - COPPA requires companies in the U.S. to provide COPPA protection to children globally. You must obtain verifiable parental consent before starting to collect information from a child 12 and under. You can collect certain pieces of information to start that process. You have to get parental consent. No one is doing a good job of attribute verification that you are actually a parent.
  • A rules engine – come up with guidance to the parent is something for Denise to consider in her work at PRIVO.
  • Tom can tell whether the person who is responding has control of the machine. Someone who is an administrator could set up an account that this account belongs to a child. Will people accept that determination? Tom is looking at Facebook as an example - how do we mark that this account is inappropriate for Facebook.
  • If you are a company with the stature of FaceBook and they are told a child is coming on, they can’t avoid dealing with that.
  • The law allows them to ask the user how old they are.
  • YouTube has a problem – if you tell YouTube a child is coming on they can’t avoid that and must do something with the knowledge they have.
  • Jim asked Denise to put her information in the spreadsheet.

Adjournment

  • Adjourn 1:08 p.m. EDT

Action from today’s meeting

  • All, input to the spreadsheet.

Next meeting:

  • April 7, 2017