Self sovereign identities, Covid 19 & public transport
In the midst of the Covid 19 outbreak, a range of digital solutions have been proposed as potentially helpful tools in mitigating, controlling and combating the outbreak. More specifically, mobile phone based “track and trace” and public transport booking applications have been at the center of some fierce debate.
While many agree with the idea that such applications may be helpful, there is also a widely-held concern about these applications and personal privacy. In this article I will give a high level description on how Self Sovereign Identities (SSI) can help to address these risks and protecting privacy.
Back to work?
Public transport is a vital part of every economy. In order for a society to go back to work again, people need to be able to travel - safely - to work. We also need to be able to give priority to essential workers such as teachers, nurses, sanitation and - indeed - transport workers. To do this, we would need to share and process a lot of very sensitive personal information, and that raises many privacy concerns.
The challenge: opening up without risks
There are already a number of good mobility / MaaS applications. Developing yet another application makes little sense. Aside from the time constraint, any such new system would have to compete - and not cooperate i with the companies who have heavily invested, and already succeeded, in creating suitable MaaS (mobility as a service) solutions.
What IS lacking, however, is a framework that can properly manage and share key private data while protecting and respecting privacy.
Introducing Self Sovereign Identities
I propose that we build a new shared framework. An Interoperable Data Ecosystem that supports Self-Sovereign Identities.
An ecosystem in which people have full authority over their own data, that can be verified by authorities, employers and governments. The verification of this data can be requested by users, mobility companies and other organisations. The actual data itself remains in the hands and in full control of the user. Only the verification of data is stored on a shared ledger. The actual data itself is never stored on a centralized server.
Instead of developing, maintaining, and updating a lot of technical connections between different companies, each participant manages only its own connection to the underlying blockchain.
For any SSI platform to be succesfull, it needs to address the following aspects:
- An identity is unique, long lasting and independent
- An identity should be as widely usable as possible (interoperable)
- Privacy first; develop a system that minimizes the requests for data verification
- Users need to be able to have full access and control over their data
- The software and it's algorithms must be transparent to all
- Interoperable: an identity should be as widely usable as possible
The underlying blockchain can be a consortium blockchain (a blockchain platform that is managed by a consortium of stakeholders).
Governance of the platform can be shared. To make sure the governance is managed effectively, there must be a set of clear incentives that steer the behavior of all stakeholders in a right direction.
Creating consensus over shared governance is one of the most complicated parts of the platform; who is determining the rules? In fact, we see that many platforms face this issue. It is common that a community/consortium is not ready to decentralize the governance of a platform. This can make the founders decide to maintain their power. However, this act makes any community or consortium less willing to participate and contribute. This creates a "catch 22" that is difficult to solve.
If applied; the consortium should make sure that at least the following aspects are addressed:
- - How do consortium members vote and what determines the size of a vote?
- How can and when consortium members submit proposals?
- How are participants and contributes rewarded?
An example: Essential Worker verification
A nurse wants to go work. She wants to travel to the hospital using the train. She has already requested and received an Essential Worker status from her hospital and can now book her trips in advance using this status.
The train company can easily request from her a status verification that she is indeed part of the essential workforce. She can approve the train company’s request and respond with only the essential worker status verification. She can now travel safely in a train that is not overcrowded.
The Covid-19 crisis has created many needs to make tough decisions. Do we also need to put personal privacy at risk? Or do we use this situation as an opportunity to leapfrog to a new phase in how we deal with data?
After so many years of debate, now is the time to start implementing a new generation of frameworks.