The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back


Credentials CG Telecon

Minutes for 2017-08-15

Dave Longley is scribing.

Topic: Introductions

Evan Sandhaus: I am the executive director of knowledge and meta data management at NY times. Over see information we put out. Involved as a data guy at the time, involved in several different threads all over the planet having to do with verifying claims/dealing with fake news. Interested in this community.
Ryan Grant: +1
Claire Rumore: I'm Claire R and work along side Moses Ma in the Bay area. Staff social scientist and guardian of relationships at FutureLabs Consulting.

Topic: Fake News and Bots

Mike Lodder: I'm Mike Lodder, I work at Evernym as Senior Crypto Engineer
Moses Ma: We're going to spend 30 minutes talking about bots and VCs. Will be talking about a set of rules, you don't have to use the queue, but please use the chat channel and have some content in it. I'm going to ask everyone to say something during the event, bringing out the participation. We will also do perspective switching, when the energy of the discussion dies down we'll switch to a different perspective, open systems to user requirements, etc.
... Want to keep energy going, I urge all of you to speak up and be verbose in the comment stream.
Moses Ma: Only other thing I do request, I do request that you capture what the scribe is saying so there's context.
Moses Ma: We start with what we call the bingo round. Everyone say what you want to say.
Dave Longley: Capture what the scribe types, speakers should wait for the scribe to begin capturing so that there is written context. [scribe assist by Ryan Grant]
Moses Ma: Just share your feeling for five minutes. Anyone have something to say about this subject?
Manu Sporny: What I'd like to see out of the discussion today is a concrete next step. At a high level I'd like to see if we can use VC to address fake bots/news problems around the world.
Manu Sporny: We haven't had a lot of journalists in the group, but we have talked about VCs being helpful to journalists and the industry but we're not sure exactly how to proceed.
Manu Sporny: I'd love to hear from the journalists that are here on the call today and what they're thinking on verifiable statements and how they could potentially use those to combat the problem.
David Chadwick: I did respond to the post on this issue, I didn't get replies yet. I don't know if people agree/disagree are just silent. It's relatively easy solution to solve provided that we have a trusted issuer that can make statements like "This person is a UK citizen" or "This is David Chadwick."
David Chadwick: That would solve the problem with bots, but the problem I see is that that will be quite difficult with the current state of government technology.
David Chadwick: Maybe banks could be the trusted issuers we're looking for because banks are now required to know their customers. But not everyone has a bank account, so there's a problem there.
David Chadwick: So getting a trusted issuer that everyone would have is a difficult problem.
Lionel Wolberger: Just worked! [scribe assist by Lionel Wolberger]
Ryan Grant: I'd like to work on my audio, first
Kim Hamilton Duffy: For this round, dont' worry about the queue, just pipe up.
Moses Ma: Are there any journalists that would like to talk about what you're working on?
Evan Sandhaus: I just wanted to say that, first of all, technologist not a journalist. The times right now is involved in learning about various efforts in the credibility space. We haven't to my knowledge made any super firm decisions on which way to go.
Evan Sandhaus: Personally, the idea of making specific claims about the credibility of the individual statements is something we do in interactive pieces, here's what such and such say and so on. I'm thinking that a piece like that may be a place to start exploring the kind of work that's being proposed.
Evan Sandhaus: I'm thinking of a couple of folks that would be interested in these efforts and will direct their attention after this discussion.
Manu Sporny: Yes! Bring in retired editors!
Moses Ma: I have a friend, Paul Ingracia and has won a pulitzer and I don't know if you know him... would like to bring in retired editors.
Evan Sandhaus: I don't know how that would hurt! Any folks you can bring in that think this is a good idea would help.
Moses Ma: Terrific.
Adam Migus: Question: is this about credentialing journalists or are we including editors, sources, etc.?
Moses Ma: We can switch the context because we're already running down on time. How would this work ... just open the floor, maybe Manu and Drummond could speak up. Anyone is included. Talk first about credentialing journalists or VCs in an article. Then we'll switch to people vs. bots.
Adam Migus: In the case of sources, I think the security and privacy considerations are quite different.
Manu Sporny: This is a response to Adam Migus in IRC. First of all Evan, thanks for giving us that perspective and helping to connect folks to the work here. There are a number of loose ideas floating around on how a VC could be used in journalism.
Manu Sporny: One of the things is not credentialing journalists but giving them a stronger set of VCs that says they work for NY times and have published articles X, Y, Z. That's not necessarily where the focus would be. We have education folks that want to credential people with certain training. But what I've heard about VC and fake news is ...
Manu Sporny: Can you even identify whether a story has been vetted by a professional. Basic fact checking. Having a VC that points to a specific article on the Web that says NY times, CNN/Whatever has factually inaccurate. When people click on clickbait and end up on a site the browser can say the site has been identified by X as factually inaccurate.
Manu Sporny: It's the same kind of warning for malware/bad SSL cert sites.
Manu Sporny: That's the ability to create a VC to say "This is a bad website or bad story" and being able to follow your noise back to the proof. You don't have to trust any particular institution. Right now you depend on Google Chrome, for example, to tell you if a site is a phishing site. Combating fake news may require a more decentralized solution.
Ryan Grant: "We ALSO stamp: all the news that DIDN'T fit our print"
Manu Sporny: Many different websites having their own lists of what is fake news and isn't.
Manu Sporny: The person that's browsing the Web can choose what the sources of news are. That has broad concerns. People can get biased news -- huge discussion. The simple fake that an organization a journalism organization can issue a VC stating whether something is factually accurate or inaccurate is another possible signature that's useful for people browsing the Web.
Manu Sporny: That's one way to combat fake news.
David Chadwick: Couple of problems with that. If you take someone like Briebart, sometimes the news will be true or sometimes fake, publishing a VC saying the site is bad may lend the issuer of the claim in court for libel.
David Chadwick: Two people see an incident and report it in different ways as well. Could both be true based on perspective.
David Chadwick: Publishing a credential on one site and saying another site is fake news is problematic.
Manu Sporny: I agree.
Matt Stone: That's why fake news issues are so insidious - blending fake stories w/ real stories gives the fake ones "creditability" -- granularity to vouch for validity is essential
Nathan George: This adds to what David just mentioned, it's really easy to incentivize someone to forget but not for information that they know. It's really hard to cryptographically know that a negative reputation exists because they won't flow to the end user. That creates lots of different problems from a journalists perspective. We can easily let journalists create lots of positive assertations though. To let people trace information back to know whether it's credible. It will be much easier to distinguish good journalism from casual blogging, etc with that approach.
Manu Sporny: +1 To what Nathan just said - agree that negative reputation has its problem.
Lionel Wolberger: One clarifying case for me was that when the holocaust denier was brought to trial, they used a fake book that was cited. In the spirit of agile and lean develop we can grab onto some aspect to move things forward. My opinion on the problem side -- having an overlay on the page for verified facts...
Nathan George: To add to my earlier point, forcing disclosure of negative reputation events introduces a censorship choke point, where focusing on positive attestations helps differentiate in-depth research and real journalism from more casual statements without that level of attestation
Lionel Wolberger: With different authorities signing things, would allow for even so called "fake news" -- we have different dimensions, people rarely have a shared anchor to have a discussion. In interest of society have all voices raised and only label malicious. It's difficult to label a website because it's not canonical, can't hash it. Moving forward on something, on the positive side, I'm excited Evan is here because I didn't realize NY times had people in this space.
Lionel Wolberger: Maybe get a trusted authority to sign statements -- and go with the snopes model that people understand. A page with "Here's the issue, X conspiracy" and these are the claims about it, and who signed them.
Joe Andrieu: I expect that VCs from Journalists about "facts" are less likely than Journalists providing a link to their own fact checking. That's why we trust journalists: because they are both trained and committed to an ethical process of factual investigation.
Lionel Wolberger: Then people clicking on clickbait and see at a glance what they consider fake news or not. This would allow a decentralized way that anyone could verify claims and gravitate towards what they trust.
Joe Andrieu: Which is to say "facts" feels arbitrarily black and white and the most interesting cases are more nuanced
Lionel Wolberger: I wanted to sneak in wikipedia footnotes, those are pretty good. Maybe some kind of model where we could cite a fact and go to that style of footnote and it would be signed and you could access the certificate.
Moses Ma: Our company works in deep learning and machine learning. We need new tech to address this, advanced reputation systems to use adaboost -- maybe better solutions in this area.
Joe Andrieu: +1 For wikipedia footnotes as inspiration
Kim Hamilton Duffy: I'm interested in the combined insights from Nathan and Lionel. Ideally there's a way to tag facts and reference them without expecting users to learn a formal grammar
Evan Sandhaus: To build on some of the observations -- I appreciate the folks who grew the NY times as credible. I grew up in Kansas and not everyone there feels the same way :). We have to be sensitive to it, what is and isn't a credible source. With someone with two degrees in CS, I love absolute boolean claims. This is true this is false. The way most journalism plays out, from a formal reasoning perspective there are few things where you can say something is false. The claim that can be made more reliably made ...
Evan Sandhaus: Is that this piece contains misleading claims and this is what they are.
Manu Sporny: That one statement was worth this entire discussion!!! ^^^
Evan Sandhaus: I might encourage this group applying the tech to that. Whether than saying this article is X and X is false. Better to say this article says X and that's a misleading claim.
Matt Stone: +1 For that
Manu Sporny: That's a great takeaway...
Moses Ma: Thanks, Evan!
Evan Sandhaus: Thanks all!
Nathan George: +1 To kimhd's sentiment, the user shouldn't think of this as a new grammar, it is important to get the use case right. In fact, how sources themselves sign the data they provide may be the most helpful enhancement.
Kim Hamilton Duffy: I also like the browser usability that Manu and Evan described
Ryan Grant: I wanted to add that the wikipedia idea sounded awesome. I'd like VC in my news streams. Financial stories where only the financial numbers were verifiable -- perhaps by a news source that specializes in financial reports or companies signing those sorts of things themselves.
Ryan Grant: All kinds of news could be built on that.
Moses Ma: Excellent input. Would like to switch the perspective but to look into identifying someone who is not a human.
Moses Ma: Any ideas on how to use decentralized ID on how someone is a person and not just a way to boost Google numbers.
Adam Migus: Observations and points: It seems to me that when we talk about the edges of this community, the people that are journalists, editors, sources... that to me is a place where we need to talk about identity and authoritative identity, maybe a bank might vouch for someone etc.
Joe Andrieu: Wanted to riff on Ryan's note: embedding VCs in a story to ground certain facts, eg., financial #s. that could scale quite well. not to say "microformats" but getting authors to include VCs as part of their story is powerful idea
Adam Migus: At the end of the day that's needed and the place it's needed. Then we get to the content, fake real, factually real, etc. Then it becomes more consensus driven and less about identity. You want to identify people are real when writing, editing...
Adam Migus: Then when it's on the Web you might not want to tie that back to a real individual, sources in particular...
Adam Migus: I wanted to echo what Evan said, this boils down to fact checking. There is a whole community that's trying to bite off -- the librarian community -- concern about youth for vetting stories, if we're going to make it about content then make it about the facts in the content rather than curating stories for sites.
Lionel Wolberger: I wonder if it would be helpful to provide a simple certificate and policy "I am a human" and people could voluntarily append and it would help us to identify bots. Everything is slightly automated but that might help.
Joe Andrieu: +1 To collective attestations, including those that have real-world costs or barriers for automated agents
Nathan George: I wanted to add a note, talking about attestations, having a network of people making them that's one of the best resources. I can present attestations that I have a bank account without saying with whom, it starts to become hard for bots to make those claims. Bringing in richness of the world so it's hard for bots ... so people who aren't trying to influence algorithms.
Matt Stone: The question of curation and the role of bots is quite different in this space. I love aggregators and curators of news. But the role of a bot impersonating a person and doing likes/+1s, etc. provides a megaphone effect for news articles that might not have an audience otherwise, false volume.
Matt Stone: That seems like an area we might really dig into. Who is or what is doing those sorts of activities.
Moses Ma: Great idea, something we should work on.
Moses Ma: Anyone else?
Nathan George: Ideally you have a network of attestations that shows you have the richness of a real person in the real world. Allowing folks to make selective disclosure credentials (or entity profiles) across their domains allows them to bring in the richness of being a real human without having to strongly vet any one particular public identity. We want to be careful about how we model these items so that we don't switch the current systems vulerabilities for a new
Nathan George: Set that has the similar issues.
Joe Andrieu: This notion that Nathan introduced, claims that have a real world cost, it's a great idea, there's also a nugget that what we're really talking about is economic cost of defrauding the system. If we can create systems that are economically feasible for humans but not for bots it opens up options to consider.
Ryan Grant: Only human-level bots need apply
Moses Ma: Looking at the underlying economics, yes. Like spam, if spam is free we'll have it.
Lionel Wolberger: +1 To Joe's idea of having a 'cost' for bots
Kim Hamilton Duffy: +1 To dlongley. Maybe this is my bias, but it seems like there are many technical approaches to identify this behavior. It would have to be fine tuned and would need to allow disputes/resolution. But this actually sounds easier than many positive approaches
Joe Andrieu: Yes, and cryptography, can increase cost to game system to help prevent it.
Nathan George: +1 To helping journalists get engaged in how they might leverage verifiable claims
Manu Sporny: Obvious next step is to get journalists engaged to understand what they want to do. If you look at fact checkers, there is wikipedia model which has been proven to be good, there's a way to pursue that but I'm wondering if hearing from journalists first would be a good thing.
Manu Sporny: Picking something that is funded rather than volunteers. So asking paid people who go out to get the news -- asking what tools we can provide to them and delivering good news would be the next step.
Manu Sporny: Who at the NY times/Getty do we need to talk to?
Manu Sporny: To make that happen.
Kim Hamilton Duffy: Also +1 to get journalists engaged, to ensure we build a _relevant_ solution
Manu Sporny: Let's engage journalists to get them more integrated into the group. Anything else we do, I think is a wild guess that is most likely not going to pan out.
Ryan Grant: Adding low-hanging fruit for journalists -- it seems like if we could get them just signing subsections of the articles they publish so that quotes from those articles could be verified, it would be systemic and not change their work flow. Then people could say the NY times gave me this verified quote.
Moses Ma: How much money do you think we need to raise to get this initiative under way?
Moses Ma: If we got one Republican donor and one Democratic donor it would look like a bipartisan effort that is inclusive
Manu Sporny: I don't think we know what we're doing yet -- so we need to first get journalists involved on some low hanging thing. Maybe they identify something that only takes $1 million to achieve or something that takes $15 million. We need a good set of discussions with Reuters, AP, NY times, etc. we have connections there. We need to hear from them what they want to see then we can know money amounts.
Kim Hamilton Duffy: I did have one other action item that I can assign to myself. Lots of good insight here, not having thought through the problem space here, lots of good perspectives. From the minutes I'd like to draw specifically what I see as key insights and approaches.
Kim Hamilton Duffy: Thank you Moses too.
Moses Ma: Claire is graphically recording so we'll have a picture of what we've been saying.
Moses Ma: An old friend of highschool is now CEO of Washington Post so will reach out to get them involved as well.
Joe Andrieu: To manu's point: if we have a specific proposal, we might consider applying for a Knight Foundation grant https://www.knightfoundation.org/challenges/knight-news-challenge
Kim Hamilton Duffy: Would like to wrap up the mission statement if we can.
Kim Hamilton Duffy: https://goo.gl/sNs2vl
Manu Sporny: +1 To JoeAndrieu

Topic: Mission Statement

Joe Andrieu: Hmmm... may not be an active news challenge
Kim Hamilton Duffy: Three outstanding items.
Kim Hamilton Duffy: Let me pick off the easy ones. Christopher put a comment about "proof of existence" may not be appropriate, it's a tactic supporting a solution.
Kim Hamilton Duffy: I'd be fine striking that.
Dave Longley: +1
Manu Sporny: +1 To strike
Moses Ma: A thought occurred to me about Agile and VC - minimally viable veracity. haha
Kim Hamilton Duffy: Next issue, credential longevity. I'm fine dropping as long as we make it clear that our approaches are allowing recipient centric credentials. Which brings us to the last one ...
Kim Hamilton Duffy: "Presentation of proofs by the bearer" ... David Chadwick's concerns were about stolen claims where "bearership" is all that is needed as proof.
Manu Sporny: A bearer credential is like a carnival ticket, if you are the bearer you can swap credentials around. Anyone who gets a hold of it can use it and it's valid. There are some cases where you want a bearer credential like voting. There are good uses for bearer credentials and we say we're seeking solutions inclusive of.
Nathan George: This is part of what selective disclosure helps support, it allows you to leverage non-bearer information to establish the authority or validity of items that are effectively bearer credentials
Dave Longley: I think DavidC's point is mostly to point of "proof is that you're bearing the credential" - he said he was satisfied w/ the language that we're using. We're talking about presenting proofs other than bearership. [scribe assist by Manu Sporny]
Moses Ma: +1 For selective disclosure and zero knowledge proofs
David Chadwick: You're right, when it's saying "proofs" it's not just bearer credentials so there's something other than ownership/possession. Even with online voting you have a one time password you have to put in as well, and that's a "proof". One time password -- stealing the credential not good enough.
David Chadwick: Just that you possess it is something we want to get away from. It would be a backward step to say that the mere possession is sufficient.
Ryan Grant: Well yes, we do normally require the issuer to re-sign their claim. but the person who the claim is about bears it. did we choose an overloaded word for our individually-curated set of claims?
David Chadwick: A bearer credential is like ... total random stranger presents something, nothing else needed to get in.
Moses Ma: Just wanted to say bye! It was fun brainstorming with y'all!
Joe Andrieu: +1 Think the language is non-contentious
Dave Longley: I think the language that we're using isn't contentious [scribe assist by Manu Sporny]
Ryan Grant: WHOOO!
Kim Hamilton Duffy: We are done with the mission statement! [scribe assist by Manu Sporny]
Dave Longley: +1 To WHOOO!

Topic: Administrative Items

Kim Hamilton Duffy: I will update the scribe list after this to get more disciplined again.
Kim Hamilton Duffy: Thank you Lionel for forcing me to realize that.
Lionel Wolberger: *Blush*
Kim Hamilton Duffy: I also want to get better about tracking our work items. I'm soliciting contributors ...
Kim Hamilton Duffy: Life cycle of VC is in excellent shape. For DIDs need higher level participation.
Kim Hamilton Duffy: Anyone interested in Data Minimization and Selective Disclosure we could use a lot of help there.
Nathan George: We also had a cryptographer on the call today to talk about CL and try to get something scheduled for the Digital Verification CG
Lionel Wolberger: I'm interested in minimization and selective disclosure
Kim Hamilton Duffy: Thanks again on the bots and the fake news, Moses, see you all next week.
Nathan George: Kim, we had Mike Lodder on the call to get something going for CL signature schemes, selective disclosure and data minimization