# AI UK - DSH Catch-all ## Action items ### Summary We have a stand for both days ### Stand parts - Slides and demo video - Sandbox and demonstration environment - Interactive activity - Likert scale on key aspects of TREs - Collaborative discussions etc #### Slides and demo video ##### Actions - [x] Create carousel of images for project - HS - [x] Why TREs? - [x] Why Open source - [x] Who we are - [x] Summary of project - [x] Vision and mission/North Star - [x] Tiered system (IG aspect of the project) - [x] Collaborators/engaged organisations - [x] Who has deployed (Nottingham, East Midlands - [x] NHS SDE, Exeter, Health Foundation [adapted]) - [ ] ~~Who has referenced our work (if we can find this out)~~ - [x] Screenshot of what environment looks like with brief description - [x] SATRE slide - [x] UK TRE Community Slide - [ ] X - [ ] X #### Sandbox and demonstration environment ##### Actions - [ ] Set up sandbox environment with [test](https://github.com/alan-turing-institute/TRE-example-challenge) - MC - [ ] Set up dev environment - [ ] Create dummy user who can be logged into the environment - [x] PAT test at least one laptop on 04/03 that will be used - HS laptop PAT tested! - [ ] X #### Interactive activity - Likert scale on key aspects of TREs ##### Actions - [x] Decide list of statements for agree/disagree - JM - [ ] Create board with grid of statements and room for people to stick stickers for agree/disagree - probs A2/A1 - HS - acc done by JM and DS! - [ ] Source different colours for different stickers - HS - [x] Write up and create cards for different roles - HS - [ ] Laminate them - [ ] Get board printed of Likert scale - HS/DS ##### Statements 1. "Researchers ~~should be free to do what they want~~ require freedom" -- "All work must be planned and approved in advance" - This might be a good subtle one. Someone might say "why would you restrict the researchers" not considering data protection law (data controller/data processor) or the potential for increasing the risk by going outside IG and, say, combining data sets. - [name=Jim] I think the change above somewhat breaks the dichotomy. What I'm trying to get at is the GDPR concept of a data processor having to follow instructions from the data controller. In research, this might be difficult due to the exploratory nature of the work. How about, - "Researchers should be free to spontaneously conduct any exploratory work" -- "All work must be planned and approved in advance" - [name=James] +1 with Jim on "Researchers require freedom" not quite working here. 1. "Researchers should have access to any data ~~they want~~" -- "Researchers should never have direct access to sensitive data" - Good for a discussion of anonymisation, psuedonymisation, synthetic data - [name=Jim] Maybe this needs rephrasing, I'm not sure the idea is clear, - "Researchers should be able to directly access any data useful to them, irrespective of its sensitivity" -- "Data should always be deidentified and desensitised before it is used for research" - [name=James] "Researchers should have access to any data they request"? - [name=Jim] :+1: - "Researchers should have access any data they request ~~(, irrespective of its sensitivity)~~ " -- "Data should always be deidentified and desensitised before it is used for research ~~(, and cannot ever use sensitive data)~~ " - The hyperbolic way to say this: "We should conduct research with sensitive data, ignoring any risks" -- "We should never conduct research with risky data" 1. "The public should always be informed of the purpose of work inside a TRE" -- "The operators of a TRE can choose whether to disclose the purpose of work" - [name=James] "when" -> "whether" :+1: 3. "Researchers should be allowed to install any software in their TRE ~~they want~~" -- "Researchers should only have access to pre-approved tools, chosen for them" 4. "All TREs should have a common ~~familiar~~ user interface" -- "Each TRE should optimise for their own users or domain" - Maybe more of a technical question - Focus on the _user_ experience here - [name=James] do we mean "should have the same user interface" or "should have a well-understood user interface"? I think "common" is the first one and "familiar" is the second one. - [name=Jim] I think common is more important here 5. "TREs should enforce that results and research ~~is~~ are reproducible" -- "TREs should just enable research" - "TREs should enforce best practices, like reproducibility" -- "TREs should just enable research" - Trying to get at reproducibility is "extra" work on top of just getting a result quickly - Could be "TREs should not impose any work on researchers beyond getting results" - Is a TRE opinionated on how you work? - Think about OpenSAFELY enforcing open code, public repos, CI in the way that users submit jobs 6. "All TREs should follow the same processes for data input and output" -- "Each TRE should create a process that suits them and their data providers" - prompts discussion about standardisation - The option to use common interfaces 7. "A TRE should provide inflexible/defined security configurations, which projects can choose to accept or not" -- "A TRE should have a bespoke configuration to suit each project's needs" - Related to tiering - Bespoke TREs vs "take it or leave it" ##### Final 1. "Researchers should be free to spontaneously conduct any exploratory work" -- "All work must be planned and approved in advance" 1. "Researchers should have access any data they request" -- "Data should always be deidentified and desensitised before it is used for research" 1. "The public should always be informed of the purpose of work inside a TRE" -- "The operators of a TRE can choose whether to disclose the purpose of work" 1. "Researchers should be allowed to install any software in their TRE" -- "Researchers should only have access to pre-approved tools, chosen for them" 1. "All TREs should have a common user interface" -- "Each TRE should optimise for their own users or domain" 1. "TREs should enforce that results and research are reproducible" -- "TREs should just enable research" 1. "All TREs should follow the same processes for data input and output" -- "Each TRE should create a process that suits them and their data providers" 1. "A TRE should provide inflexible/defined security configurations, which projects can choose to accept or not" -- "A TRE should have a bespoke configuration to suit each project's needs" #### Collaborative discussions etc ##### Actions - [ ] Gather key handouts - HS - [ ] DSH stickers - [ ] UK TRE Community stickers - [ ] DSH flyers - [ ] Source sweets/snacks for the table - [ ] Think about additional merch - [ ] Stand up banner? - [ ] Think about possible script me may want - [ ] Brainstorm possible other activities - [ ] How many projects (how many sweets in the jar equivalent) - [ ] Lucky dip (with Tiers?) ### Timings - Monday 18 March: Exhibition built and set-up (key timings to be shared and subject to change) - Tuesday 19 March: Showcase day 1 – demonstrators from 07:30 to 19:00 - Doors 08:00 -10:00 - Lunch 12:00 - 1:30 - Tea 15:20 - 16:00 - Wednesday 20 March: Showcase day 2 – demonstrators from 07:30 to 18:30 - Doors 08:00 - 10:00 - Lunch 12:00 - 13:30 - Wrap up 16:30 - 17:00 - We need - min 2x people at the stand during open times - Split this up so it is evenly distributed - if it's quiet, we can flex on who's there (be reactive on this) | Date | Time | People | | ---- | ---- | ------ | | 19/03 | 07:30 - 08:30 | Hari, x | #### Actions - [ ] Draft schedule for team to be on stand - HS ## Key info - Put aside budget for AI UK: £3000, none spent - [Submitted application](https://thealanturininstitute.sharepoint.com/:w:/s/SafeHaven/EWaJOTJJAVpPvdkL1jGjHJAB_H1tAtbZNh6vaXSpNMAhbw?e=QaQwJy) - Dates: 19 & 20 March (18 might be prep day, we do not know the time yet) - Deadlines - ~~26 January~~ 14 February, confirm demo team members - 9 February (we are good as submitting internally): artwork - 16 February: Submit [risk assessment](https://thealanturininstitute.sharepoint.com/:w:/s/SafeHaven/EZMpsYgVrbNDjWIXWfIB7qUBJGIRU5pNYQAoJlCFHSi3AQ?e=dZz4Vd) - 26 February: dealine for payment (not applicable, handled by events) - 1 March: submit delivery information (not sure what this is) - 1 March: submit stand extras - Our package: - 4 way 13A power strip - 2m (W) x 2.5m (H) custom branded printed stretch canvas - 2m x 1m floor space for demonstration, showcases and/or activations - 44-inch LED screen - 600mm matte black poseur table - 1 x matte black high stool - Wi-Fi and standard power  # Shifts ## Team availability/plans - [name=David]: I arrive on the 18 morning and leave the 20 at 20. So will be available for set up but have to run away on the last day. Also I will be attending some sessions I organise - 18 available for set up (if it happens that day) - 19 on site, can open but then I am not available - 10.25-11.50 for the Opening provocation - 2.30-3.20 for AI, Data & Labour - 20 available, would still like to see pitchfest 10.00-10.50 - [name=Matt]: I'll arrive at the venue at around 10:00 on the 19th. Have to leave around 15:30 on the 20th. - [name=James] Unlikely to attend. If I do, would only be on the 19th. - [name=Jim] Unknown, although if I'm there probably available both days. Might be late arriving or early leaving if I'm staying two nights rather than three - [name=Hari] Can't do 9-11, 12-4 on Wed ## DSH stand timings | Day | Time | People | Importance | | --- | ---- | ------ | ---------- | | 19/03 | 09:00 - 10:00 | Hari, David | High | | 19/03 | 10:00 - 11:00 | Hari | Low | | 19/03 | 11:00 - 12:00 | Jim | Low | | 19/03 | 12:00 - 13:00 | Matt, Hari | High | | 19/03 | 13:00 - 14:00 | Jim, Hari | High | | 19/03 | 14:00 - 15:00 | Matt | Low | | 19/03 | 15:00 - 16:00 | Hari, Matt | High | | 19/03 | 16:00 - 17:00 | David | Low | | 20/03 | 09:00 - 10:00 | David, Jim | High | | 20/03 | 10:00 - 11:00 | David | Low | | 20/03 | 11:00 - 12:00 | Jim | Low | | 20/03 | 12:00 - 13:00 | David, Jim | High | | 20/03 | 13:00 - 14:00 | Matt, David | High | | 20/03 | 14:00 - 15:00 | Matt | Low | | 20/03 | 15:00 - 16:00 | Hari | Low | | 20/03 | 16:00 - 17:00 | Hari, David | Medium | # Merchandise & other prints We have a good budget for any merch, posters, etc. What do we want to do with it? # Stand build/furniture  # Activities ------ :point_up: Delivering :point_down: Preparing application --- # general ideas # Title(s) - Data Safe Haven: Community-led approach to enabling research with sensitive data - ~~Data Safe Haven: an open, community-led TRE ~~for you to use~~~~ - [name=Jim] I think we want to be (and are) _more_ than a TRE - [name=David] yeah... i didn't get far with this title, forget it - Data Safe Haven: open communities in trusted research # Description ## presenting DSH and aims The Data Safe Haven project’s goal is to remove barriers to working safely and effectively with sensitive data, by promoting and demonstrating a culture of open, community-led development of interoperable foundational infrastructure and governance. The project maintains an open-source Trusted Research Environment (TRE) covering governance, documentation and the programmatic deployment of a TRE. Data Safe Haven can be freely used and adapted to deploy a TRE to Microsoft Azure. We are committed to working openly and in collaboration with the community. This not only means developing our resources openly on GitHub but also meaningfully engaging with all those involved in the provision and use of TREs, as well as data subjects. Acting on this principle, we directly contribute to and provide resources and support for community projects. We have recently finished the first phase of the SATRE project, producing the first community designed specification for TREs in the UK. We will use our stand at AI UK to demonstrate progress in community-led TRE activity in the UK, and The Alan Turing Institute's leading role in the national conversation. We will highlight the benefits of our approach in reaching consensus, building interoperability and accelerating development. The stand will feature an interactive task where we will engage attendees in exploring what they feel is important in a TRE. Experts from the DSH team will be available to talk about any aspect of TREs, from technical details to information governance. The stand will allow us to promote our (and the wider community's) TRE work, make connections and grow the community. More specifically the stand will: 1. Offer a conversational space in which members of the project will explain it in details and strive to create new collaboration opportunities. To this end we will again provide an accessible table and sitting space. - [name=Matt] Offer a conversational space where members of the project and conference attendees can explore the project and develop collatboration opportunities 3. Visually convey the successes of the project with both a demo video on the screen and graphics (using the background, a poster or similar) about the UK TRE Community. 4. Have a standing desk with ongoing interactive activities and promotional materials (fliers, stickers, etc.) to attract passersby. 5. Engaging interactive activities to explore what TREs are and what attendees want from them. Since TREs exist to enable research with personal and sensitive data this is an important and ongoing conversation. - A "Likert scale" exercise on what TREs should or shouldn't do. Participants will role play as a key TRE stakeholder, expressing their position between two polarised statements. This will raise awareness of the diversity of stakeholders, demonstrate how the interests of stakeholders differ, and be an opportunity to share our work on a community-build TRE specification (SATRE). - Demoing the Data Safe Haven on the video on the screen. Team members will demonstrate the experience of using the safe haven by providing "guided tours" of the code repositories, documentation and the actual deployed environment. <!--- Because of this principle we have gone (and will go) to great lenghts, funding, supporting and aprticipating in the UK TRE Community and having just finished the funded phase of the project SATRE which has produced the first collaborative Uk wide TRE specification. ---> ## Relevant links - [SATRE specification](https://satre-specification.readthedocs.io/en/stable/) - [Open repository](https://github.com/alan-turing-institute/data-safe-haven) - [Documentation](https://data-safe-haven.readthedocs.io/en/develop/index.html) - [UK TRE Community](https://www.uktre.org/en/latest/) ## Themes/challenges I will mark: - [ ] Defence and national security - [ ] Environment and sustainability - [x] Health - [x] Digital society and policy - [x] Fundamental AI [name=Jim] I would say untick this one - [x] Skills/core capabilities/knowledge exchange - [x] Other And add from last year: Our demonstration sits across all themes, as any project in any particular theme working with sensitive data (for instance health records, addresses, criminal records, political activity, finance information, or more) should be aware of TREs and how they can keep the data they work with secure. ## Why will your demonstration draw a crowd and be of interest and relevance to the AI UK community? Please include why your demonstration is innovative. The Data Safe Haven project is of direct relevance to the AI UK community due to it being a fundamental and necessary tool to conduct research with sensitive data, an ever and increasingly present topic in the public conversation. Such a tool is key in ensuring the public trust in research, but it is also becoming a mandatory one. Researchers, regulators, and the industry will all require one and should be part of the conversation on how to develop them. The stand will invite them to do just that. The demonstration will be innovative because it will exemplify the community-led principle of the project, the emphasise and methods on this are not often seen in the development of technical artefacts or even research. On top of that it will highly interactive. The project had a stand during AI UK 2023 which was highly successful and well-attended, demonstrating the interest of the AI UK community. This year the stand will demonstrate different and novel aspects of the project. Last year we focused on dataset risk classification and showcasing the deployed environment, while this year we focus on the recent development of the SATRE specification and put community at the front and centre. [name=Matt] I'm not quite sure what you mean by "what lies in the backstage" - like, different stuff about the codebase? ## EDI Copying last year response which is valid: We will have a number of different demonstrations/activities for people to get involved with, including non-technical resources (such as posters and diagrams) to accompany the technical demonstration. This will mean anyone of any background/skill area can engage with the team about the core purpose of the stand - to explore the concept of TREs and their relevance to attendees' work and projects. We will also have members of the team available at the stand to provide support depending on different attendees needs, for instance to read out information for those who are visually impaired, or to demonstrate the TRE for those unable to access it independently. Due to the nature of TREs working with sensitive data, we will provide an inclusive space for anyone to discuss sensitive topic areas (and how they fit with TRE capabilities), including guidance for team members on how to navigate discussions at the stand to ensure people have a safe space to engage in whatever way they want to. The demonstration will also be independent for each attendee who wants to try it out - meaning those who attend early, or spend longer on the demonstration, won't impact the experience of the demonstration for other attendees. Finally, we will ensure the space is physically accessible, with each part of the demo stand well spaced, supported and usable for people with differing access needs. - [name=Matt] Possibly could say something about designing visual materials with low-vision in mind (e.g. checking for good contrast) ## Activities/things to show ### Wgat we want to show - Technical side, the artefact - SATRE spec - Community work ### What we need - What is DSH - The Data Safe Haven project’s goal is to remove barriers to working safely and effectively with sensitive data, by promoting and demonstrating a culture of open, community-led development of interoperable foundational infrastructure and governance. The project maintains an open-source TRE project which covers governance, documentation and programmatic deployment of a TRE. Data Safe Haven can be freely used and adapted to deploy a TRE to Microsoft Azure. - People available to talk/answer questions and promote community (DSH, SATRE, UK TRE) - [name=David] Yup, this is the main thing. After a hook for their attention - Promotional material (stickers, postcards) - Some sort of interactive activity - Like the classification exercise last year - _E.g._ SATRE principles - Using the screen - Could be for the interactive activity - Showing websites/repos - Otherwise, video loop, slides - Demonstration of the environment - SATRE video (probably doesn't make much sense without sound) - Slides of key achievements - SATRE - DSGs supported (and users) - North star - FOSS ### Ideas for actvities 1. The technical side: the demo last year was challenging, we need another way. Maybe this is for those who stay to chat. sit down with us and have a tour of the repo, docs and hwo to use. Can we produce a video to have on loop in the screen? - This shows what "the thing" is, for visitors to take away and think of us when they need one - Also should show how to contribute, do we want a make your first issue kinda thing? (does nto matter that is not actually DSH specific, leveling up the community is a contirbution pathway) - [name=Jim] +1 to a video/using the screen to demonstrate - Use the existing SATRE video? - [name=Matt] Is the SATRE video ok without sound? - [name=Jim] +1 to not trying to run a technical challenge - [name=Matt] + 1 2. SATRE specification game: similar to last year "sensitivity classification", an "evaluate yourself". Challenging because ther is so much in thespec. but some way of showing it, having somethign printed - [name=Jim] Could focus on SATRE _principles_ rather than requirements. That higher level idea is easier to engage with. :+1: - Agree, we can use the Pillars capability map  - [name=Jim] Principles might be easier for the audience to engage with, a lot of the pillars are quite technical. - [name=Jim] Think of exercises like our stakeholder personas/role play. "What principles do you think a TRE should uphold?", "" - We can have the above printed with stickers covering the capabilities, then unover them as people guess them. - Matching games: match the responsibility with the role,match the capability with the pillar - The SATRE video for the screen 3. Uk TRE Community: link to it, maybe fliers and a poster/part of the background. "Making true our community led commitment" - Resource Hub should be ready then - [name=Jim] What is that? - [name=David] We don't know yet how it looks, it is a signposting resources with community resources, projects, initiatives... - WG groups should be clear and we could direct people to specific ones, make connections/referals 4. Ed's stickies idea - A hat full of stickies with statements written on them, with words like "must" and "should" removed :tophat: - People come along and grab a few and place them on the board in one of the mandatory, recommended or optional columns 5. Principles/requirements "unconference board" - People write ideas on post-its and put onto a board with columns - Or, add/move set statements - "A TRE must", "A TRE must not" - prompts to avoid focus only on technical aspects - Balancing productivity and security - Enabling important research (_e.g._ medical research) 7. Likert scale - Statements like "1. TREs should maximise productivity" -- "5. TREs should never compromise on security" - "Researchers are free to do what they want" -- "All work must be planned and approved in advance" - "Researchers should have access to any data they want" -- "Researchers should never have direct access to data" (fully-open to opensafely) - "The public should always be informed of any work inside a TRE" -- "Work conducted within a TRE should never be disclosed to the public" - "All TREs should have a common, familiar interface" -- "Each TRE should optimise for their own users/domain" - "Researchers should be allowed to install any software they want" -- "Researchers should only have access to pre-approved tools" [name=Jim] +1 - "All TREs should follow the same process for gaining access to data" -- "" - Are there enough "binary" statements like this? - Attendees add their ratings, role playing as our roles from the RSECon workshop "Data subject", "TRE Manager", "Researcher" - One colour of sticker for each role - Demonstrates how different stakeholders have different priorities, a holistic, community approach is needed to build consensus - Highlights all stakeholders (including data subjects) "You might not have thought about this stakeholder" - Hopefully, we will see clustering of stakeholders. Data subjects will compromise on productivity for security, but researchers are willing to take more liability for productivity (for example) - Roles provide prompts, helps engagement (particularly to people who are not familiar with TREs)