TSA's biometric tests are getting attention, but it seems like the
questions being asked are wrong. There has been biometric testing of all
airline travelers since 9/11. The question is where is biometric data
collected and retained. It seems that public cameras are becoming
ubiquitous and the storage duration varies widely. Given this, what is
there really to control now?
A senator had trouble saying no to TSA's voluntary facial recogntion - The
Washington Post
<https://www.washingtonpost.com/technology/2023/07/11/tsa-airport-security-f…>
..tom
Hello;
We are (finally) at the stage of moving the Implementor’s report forward. In other words, I’m urging you to make your final comments in this version of the report by Friday. I will finalize all the comments and put that in a Word document that I will post in our Confluence for a few days for any final comments from members of the WG. That document will then be submitted as a draft report for us to vote on. Once we approve the draft it will go to the Leadership Council which may make recommendations after which the report can be approved and finalized on a simple majority of the Leadership Council.
For information on the Kantara Document Development process see: https://kantara.atlassian.net/wiki/spaces/GI/pages/1089207/WG+DG+Document+D…
Sincerely,
John Wunderlich
BA, MBA, CISA, CIPP/C, CIPM, FIP
LinkedIn: https://www.linkedin.com/in/privacycdn/
Twitter: https://twitter.com/PrivacyCDN
--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
system manager. This message contains confidential information and is
intended only for the individual named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail. Please notify
the sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system. If you are not the
intended recipient you are notified that disclosing, copying, distributing
or taking any action in reliance on the contents of this information is
strictly prohibited.
Based on my last discussion on availability of data & metadata to user i
added a section on level of experience complexity and other details. See if
this is helpful.
https://tcwiki.azurewebsites.net/index.php?title=Mobile_Privacy_Experience#…
The wallet must accommodate both holder experience and legal requirements.
These are often incompatible and judgement is needed. The following levels
are conceptual and are based on the deviation from the norm similar to a
normal distribution, so one could be considered (very roughly) within one
standard deviation and so on.
1. Common case the user gets one screen that contains the purpose, a
user understandable identity of the verifier (and other data controllers or
providers) and the proposed summary data to be released. A user gesture is
required to release the data.
2. The wallet or user decides that more information is required to be
evaluated than the one screen can provide
3. The holder wants to see the full data (and metadata) that is to be
released to the verifier.
4. The holder wants (or is forced) to view the terms and conditions of
the issuer or verifier.
5. The holder needs to change the wallet (device/app) configuration
setting to allow the data access requested.
..tom