Published: April 22, 2020
Technology firms have been working on initiatives that use distributed ledger technology (DLT) and concepts such as self-sovereign identity (SSI) alongside mobile and other technologies, and that may contribute to economic recovery while keeping people safe. The bottom line of digital health passport proposals is to enable individuals to safely return to work and resume other daily activities. However, there are ecosystem, privacy and regulatory compliance implications that go with it and should be carefully considered.
The 451 Take
Digital Health Passport and Contact-tracing Initiatives
The central idea is that hospitals, labs and pharmacies that run COVID-19 tests record the results on Vottun's platform, which automatically creates a credential in the form of a QR code that people can carry on their mobile devices and can be verified by those with permissions on the network as they access venues such as offices.
Barcelona-based business continuity and blockchain software lab FlexVPC has launched a very similar initiative, dubbed HealthXain, where doctors or pharmacists would link COVID-19 test results with a personal QR code and upload them to the HealthXain app that resides on a user's smart mobile device. If the results are negative, the user is allowed to enter a private or public space that is equipped with a reader and permissions to see this information. If the results are positive, medical and police authorities that are able to access this information and the user's geolocation will take confinement measures. HealthXain is also using Bluetooth pairing to send warnings to individuals who are near infected people.
A somewhat different initiative, but tackling similar issues, is TraceTogether, designed and launched by Singapore's Government Technology Agency. It is a community-driven contact tracing application, built on the BlueTrace protocol, which combines centralized and decentralized models for contact tracing. The app is downloaded voluntarily; it facilitates the contact-tracing process based on consent, and exchanges Bluetooth signals with nearby phones running the same app. Apple and Google also partnered on COVID-19 contact-tracing technology.
In 2019, we wrote about Texas-based nanotechnology company Quantum Materials, which developed an authenticity and traceability platform leveraging Sextant for DAML and using nanoparticles (quantum dots) as a track-and-trace mechanism to verify the origin of products. Now, with its QDX HealthID immunity passport, the company seeks to support the reactivation of the economy while improving health outcomes. For individuals, this passport runs as a mobile app featuring a color-coded indicator that can be verified by others using a QR code. Green means that an individual is clear to interact in social and work environments. The service also authenticates those administering the tests and the test kits themselves.
The newly formed COVID Credentials Initiative – comprising over 60 organizations including ConsenSys, Evernym, ID2020, Microsoft and uPort – is also developing immunity passports using the World Wide Web Consortium's (W3C) verifiable credentials global standard. Evernym is the company that initiated the self-sovereign identity platform Sovrin and is the originator and major contributor to Hyperledger Indy, an open source project powering decentralized identity applications.
These pertinent initiatives have ecosystem as well as privacy and regulatory compliance implications that should be carefully considered.
On the ecosystem side, all critical stakeholders need to be part of the network. For individuals, this is voluntary, so businesses and governments need to have a compelling enrollment plan in place that clearly communicates why citizens should use a service like this. Moreover, all stakeholders must be clear about what the value of using a system like this is to them. It is a collaborative effort, where businesses, governments, healthcare providers and citizens need to get on the same page.
Regarding testing kits, rapid tests will need to be available to hospitals, pharmacies and those registering COVID-19 data on the platform, and testing will have to be easily accessible to citizens. The question is whether companies and governments are willing to fund these tests massively to guarantee a quick reactivation of activities. Also, recurring tests will be required, especially for those who are most exposed.
Trust in the authenticity of the testing kits, as well as in those administering test results, will have to be established. Additionally, interoperability will be key to ensure that certificates or credentials issued by any organization can be verified by any other organization.
On the regulatory side, compliance with data protection regulations, public health and occupational risk prevention laws must be taken seriously. In particular, times of crisis can be opportunistically used by both private and public sectors to enforce policies and practices that would otherwise be unpopular with people. Some measures recently enacted in countries such as China have resulted in fears of surveillance overreach.
Safeguarding privacy and ensuring that people have control over their data are critical. For example, what data is collected, where it is stored and how it is anonymized and used by different stakeholders, needs to be communicated and properly managed. Winning approaches will be decentralized and people-centric.
DLT-based Self-sovereign Identity
Digital identity approaches have evolved from centralized toward self-sovereign, with DLT being a key component of the latter. The ultimate aim is that identity attributes can be looked up and verified without involving a central directory or paper-based document, while the identity owner does not overshare, and the recipient does not store sensitive data.
DLT-based SSI systems allow individuals to have full control over the personal data that makes up their identity. Sensitive data is stored off-chain, at trusted endpoints – individuals' mobile devices – and the blockchain or distributed ledger is used to validate the identity attributes with cryptographic proofs without the need to overshare. By using DLT, data is transacted via a distributed network of nodes that the user accesses via an application on her or his mobile device. All transactions are recorded on-chain and are immutable.
In the case of COVID-19, a DLT-based SSI system would enable the flow of critical health-related data; however, this same approach has also been proposed to tackle challenges around identity of refugees as well as financial inclusion use cases, among others.
Csilla is a senior analyst for 451 Research’s Data, AI & Analytics channel. She currently focuses on decoding the blockchain market to help replace confusion and complexity with an examination of the technology, the competitive landscape and available solutions that are driving the market, as well as real-world use cases and deployments.
Jeremy Korn is an Associate Analyst for the Data, AI & Analytics Channel at 451 Research, where he covers artificial intelligence and machine learning in the enterprise. In particular, he focuses on the legal and ethical challenges raised by these emerging technologies. In addition, Jeremy helps lead the Voice of the Enterprise: AI and Machine Learning survey, which provides qualitative insights into AI adoption, use cases and infrastructure.
Rachel Dunning is a Research Associate at 451 Research. Prior to joining 451 Research, she graduated from Fitchburg State University Magna Cum Laude with a BS in Cognitive Psychology and Economics. While attending school, she gained exposure to research methodology and data analytics through her involvement in several academic research projects. She is conversationally fluent in German.