Introducing Two Operational Transparency Tools to Govern the Capacity to Trust Digital Identity with Standards
In today's digital world, the agency of the individual is a critical requirement that is often missing. We need to address the current harms and imbalances by focusing on technology's directionality and who benefits from the system. This concept, also known as proportionate transparency, ensuring reciprocal data control, is useful to govern relationships in digital spaces and ensure that human remains in control of their data flows. To achieve this, operational transparency becomes the key to activating agency, enabling us to move safely and freely in the digital landscape and establish trusted digital relationships.
While many "trust assurance" programs rely on static processes such as periodic audits, trust itself is dynamic. These programs primarily focus on the individual, providing information about them and tracking their every move. However, none of this data is shared with the individual, limiting the capacity for people to trust these digital relationships. This limitation hampers our digital freedoms limiting our individual ability to see and control the flow of our own personal data in context.
Over the past decade, organizations like the Kantara Initiative, OpenConsent, Digital Transparency Lab, and Surveillance Trust have dedicated their efforts to transform this landscape. The Consent Receipt, initially designed to serve as a record of digital relationships, has revealed that what currently passes as consent online is actually permissions actioned by an 'I Agree' opt-in, with no proof that the 'User' has the minimum knowledge to be able to consent legally.
To address these challenges, we are thrilled to introduce two groundbreaking tools that prioritize human-centric record control that is proportionate and reciprocal. We clarify the functionality of the Consent Receipt by introducing the Notice Receipt as an authorization credential, which captures information about the Notice Controller.
This capture utilizes a Two Factor Notice (2FN) to generate a proof of knowledge record with two key components: (1) notice of who is accountable and (2) what their authority is to process PII. In addition, we offer tools to measure the timing, operational information, usability, and security of the notice. This empowers individuals to independently document their relationships, with the information required to evaluate them and use these records as evidence to access data rights.
With these tools in place, individuals can then create a Controller Notice Credential, allowing them to establish agency and transparency by asserting digital authority. They can use this credential to authenticate themselves. Importantly, the use of a Controller Credential for authentication control does not require the use of identifiers related to the individual. Instead, it focuses surveillance on the controller's identity, using a profile to check the legal status of the service in the context of data collection and processing to enable data privacy controls.
To delve deeper into these exciting developments, we (the ANCR WG + Digital Transparency Lab) are hosting a Summer Project with 3 Open ANCR WG meetings throughout the summer, with the next one scheduled for June 21.
We invite you to join us on this transformative journey towards building the human capacity to trust in digital identity standards. Together, we can shape a digital world that empowered individuals with operational transparency that provide you with agency, freedom, and trust. (For more information, click here)