Technology interventions in these times

The COVID-19 pandemic has thrown up interesting intervention stories

Passport or Certificate?

There has been a number of interventions with technology to address the issues around the COVID-19 pandemic. A snapshot is from this tweet. However, what has got a lot of attention is the notion of “immunity passports”. Building from the usual definition of passport the idea is to allow businesses and organizations to review the document and allow access to services.

The Carte Jaune or the International Certificate of Vaccination is a well understood user experience. The key aspect of the “Yellow Card” is the availability of vaccination and a protocol being in place. With COVID-19 the world is still quite far away from a vaccine being available and vaccination being a globally implemented protocol. Within these constraints, the widely circulated discussion about an “immunity passport” is fraught with peril - of inadvertently adopting solutionism which encourages inequality, inequity and discrimination. Dakota Gruener’s paperImmunity Certificates: If We Must Have Them, We Must Do It Right” works through the governance framework required to be in place for a better privacy preserving credentialing system. There are additional topics around ethics, liberty and personal freedom which need to be studied and preserved.

The Covid Credentials Initiative - a global, cross-sector community of organizations using digital identity as a way to address this challenge is focused on creating a set of governance models; Use cases and templates which can be adopted towards design, development and implementation of systems which will allow for “return to work”.

Until such time the science behind the immunity is well understood any talk around “immunity passports” are likely based on fluid situations. A more established approach would be to record the facts around the health - likely through a system of Verifiable Credentials which enable interoperability across international systems. Until the vaccine does come about, these credentials would record the timestamp of the testing; the location; the testing authority and a result of the test. Additionally, perhaps the SKU of the components of the test need to be recorded separately (in the event a lot of tests are found to be in error and there is a need to redo these!). The testing protocols are likely to change over a short time period - as more knowledge is available, organizations can seek a combination of tests or, similar. Verifiable Credentials enable these sort of policy based changes and are likely to be the best way.

In a recent article Anil John presents a nuanced case about the futility of focusing on immunity certificates (or passports) and instead building on available decentralized privacy-protecting methods to create credentials which are meaningful, helpful and actually enable the issuer-holder-verifier trust through a robust governance framework.

Trust Over IP

The Trust Over IP Foundation launched to define a complete architecture for Internet-scale digital trust that combines both cryptographic trust at the machine layer and human trust at the business, legal, and social layers.

The Trust over IP Foundation is an independent project hosted at Linux Foundation to enable the trustworthy exchange and verification of data between any two parties on the Internet. Read more about it at the whitepaper.

Governance of Identity

In all conversations around decentralized identity the topic of “self ownership” of identity comes up very quickly. While there is an increasing appreciation of “self governance” of identity as opposed to “ownership” and “control”, a recent incident report highlighted very starkly the challenges faced by users.

Responding to the issue of migrant labour workforce stuck at cities as a result of the lockdown, the Union Government of India enabled special trains. As it happens, the identity as a “migrant” is pinned to one’s address. And in the ubiquitous Aadhaar card a number of labourers had changed it to a local one - this is necessary to get employment, purchase a SIM card etc. This disqualified them as individuals who were entitled to available the special trains.

We are quite a distance from enabling verifiable credentials and credential exchange mechanisms. However, there are challenges around centralized data stores around which policy decisions are designed. Digital credentials which allow layering of facts could be one way to address the fluid nature of employment, location and identity.

Among other things

Wrapping up with some other things I wanted to point out

  • Andrew Tobin at Evernym has a post around “Safe Credentials”. Andrew does a good job of laying out 5 tests for ensuring your portable identity systems are secure, private, flexible, and non-correlatable

  • Shashishekhar at Dhiway breaks down the layers in the Trust over IP stack in his recent post.

  • Nathaniel Whittemore and Joe McCann talk about a lot of contemporary topics in this episode of the podcast.

  • The World Economic Forum’s Central Bank Digital Currency (CBDC) Policy‑Maker Toolkit is a good read especially in context of China’s trial run around state-run digital currency.