2020-04-01
It is not a joke!
- Antitrust Policy and introductions - VB duration-depends on participation
- Main event: Digital ID and fast contact tracing, anonymization - implications- how can Blockchain help
- Future talks (we are working with some of these folks on nailing down dates)
- Kiva - current status. Alan Krassowski - possible talk later.
- Guardianship - a Sovrin whitepaper
- Identity for IOT- Blockchain implications Bhawana Singh, JNU
- Trust for Dangerous goods, the IAM aspect - project in HL Fabric - Roland Aerosurete
- NIST 800-63: https://pages.nist.gov/800-63-3/sp800-63-3.html
- ID2020: What happened and why is it important Vipin Bharathan
- Ongoing:
- How can we follow up on past presentations? Kim Cameron certainly wishes input on his presentation and debates on items raised by him.
- IEEE:P2733 for Clinical IoT Data and Device Trust, Identity, Privacy, Protection, Safety and Security (TIPPSS) - report on call, for those who have registered.
- Identity WG Implementer call - report -
- Meeting Notes TBD
- A GitHub repo was created under Hyperledger for IDWG. A note will be prepared about governance and contribution.
- Discuss IDWG paper
- DCIWG Survey currently on line
- Implementing metrics from Chaoss... DCIWG- let us reopen.
Attendees
D Faulken
James Loperfido
Luca Boldrin - infocert
Neil Luo
Sergio Mello
Stmouy
Anchit
Brian Behlendorf (Deactivated)
Neil Luo
Miguel Jimenez
Philippe Page
Ravi Agrawal
Venu Reddy
Ron Kreutzer
Axel - Red Hat
Audio/Video Link
video
Minutes
Brian shared COVID19 Hyperledger Healthcare SIG
Main points in talk:
- Cell phone data by itself cannot help in contact tracing and isolation, added facial recognition from surveillance cameras and credit card data among others
- A good public health system also needed with physical tracers
- TraceTogether uses Bluetooth for proximity testing- first attempt has built in privacy
- Added privacy with German app, with neutral central server
- Blockchain as a decentralized layer neutral central server.
Rationale Conversation about blockchain | |
---|---|
R0 - seems to be about 1.0-1.39 Goal, drive to < 1.0 | |
Use time wisely If not, economic ruin Susceptible applies no vaccination in next weeks/months | |
Cellphone records are not granular enough. Try to correlate with cameras, credit card use, other private data. Make data sort of public, track rule-breakers. Force rule breakers to isolate. If found infected, repeat the process. Worked pretty well, causes problems, sustained over time = privacy breach | |
Success; however, new app due to pushback, draconian tracing is not good. They realize limiting spread to Singapore is not enough. Dependent on outside contacts - trading nation. Can't afford to close borders. Uses Bluetooth, more accurate. Limitation = more than a few think. However, limitation = strength. Limited distance, along with 'x' metrics for 'x' period of time, logs the others' ID (temporary ID). Initial lockdown of app, link phone number, and randomized ID, app or govt server creates a temporary ID (similar to a peer DID). Proximate users download from the edge, decrypted, and contracted by tracers for quarantine and test. A combination of a decentralized model (download app, turn on Bluetooth, voluntary participation) Also needs a % of the population to participate, in order for it to be effective. Three conditions above are needed. Three months ago, perhaps a few downloads. In Bluetrace protocol, being open-source, 620k downloaded so far. Privacy by design, to an extent. Link to the form with the randomized ID stored on a govt server. The app, even though it reduces correlation, still centralized management by a sovereign nation. Jim: privacy issues, degrees of success (appears at this point) Singapore homogeneous, small, can be controlled. Will it work everywhere? Will any approach be statistically significant. | |
Based on the Singapore proposal. App downloaded by choice. Temporary ID 17, Bob is ID 9 Initial ID generated by the app. The only thing stored is a push token. Temporary ID uploaded periodically to a central neutral server. No phone number stored in a central location. Temporary ID uploaded periodically. Local data encrypted. Presumably, data protection is there. Link in the German article can be translated in Google. What happens if one of those people tests positive? | |
If Alice is positive. She chooses to upload to the server. Bob is notified, he has the option to get a test at a public health center. If Bob is found to be positive, the process starts again. The app only contacts people who are in danger of infection - not a blanket order for everyone to stay home. For people who are detected to be in close proximity and in danger of infection. German proposal = GDPR = choice. Alice can choose, or not. Bob can choose, or not. Choice is paramount. People are softened up enough, a statistically significant portion of the susceptible population will probably install this app. | |
Why should we make this app the way it is and why should we publicize? Choice Various reasons in discussion to not install. More surveillance after the crisis and can be easily hacked. Data between 3/25-27 gathered together and represents the German population. Need to overcome objections - the app won't pose as much threat as people think. Blockchain can function as the central server because you can also converge data from other services and bust the boundaries of a state. No link to actual people. No central authority. | |
Concerns, surveillance Important to communicate how app protects and persuade more people to download the app. In a free society, needs to happen. | |
MiPasa references a downloadable app, data from multiple sources. | |
Participant additional resources added to Chat. | good article on background for R model etc --- https://medium.com/@tomaspueyo/coronavirus-the-hammer-and-the-dance-be9337092b56 The Science article may be of interest in that it calls for an app-based intervention. https://science.sciencemag.org/content/early/2020/03/30/science.abb6936 |
GPS is not enough. Fine to see if someone has left the house, based on orders of quarantine.
GPS doesn't have contact tracing abilities of Bluetooth.
GPS granularity is low, episodic, 15-minute window.
Drummond: One other slightly different approach using blockchain. SSI generally community sovereign DIV trying to get together to define a family of Covid credentials. First call is tomorrow, anyone who wants to join the call, ping here for an invite: SSI and Sovrin community effort to define COVID-19 credentials: https://www.evernym.com/covid19-creds/
For example, credentials about vaccines, when available and other methods broadly interoperable.
Vipin: Rapid turnaround of a lightweight app without a huge amount of time to scale. It doesn't mean stop any efforts, such as SSI, all steps in the right direction. Privacy-preserving efforts, decentralization of the server; efforts in the right direction.
Brian suggested gather materials together, identity working group, key piece. Everything, in the end, based on some form of Identity and correlating to infectious status or to-be-quarantine status. Important part to play in this effort.
How do we need to take this effort going forward. User stories.
Philippe - Today we spoke about privacy related to proximity. In real life, many stakeholders, ER nurse, doctors. The ambulance driver needs something different from the physician. Privacy-preserving apps vs real solutions. Changing sensitive health data. This group, interoperability of these solutions and efforts taken across the world. DID plays a key role in designing an interoperable system.
Brian - Hyperledger serve as radar as to what's going on out there. Role to network, engage groups to interact. Funding sources for COVID challenges. Identity working group, continue to focus on ways of use cases, active projects, DLT technologies. Make sure technologies, when brought up, are accurately described. Serve as the best example to protect privacy, sovereignty. Crisis can't be used to set up systems that misuse after the crisis. Part of the path to emerge from homes will be able to demonstrate antibodies test, vaccines available, create pressure on digital identity.
Vipin - tech effort in NYC. Highlight open-source efforts. A common approach to bridge across systems? Needs to make sense transnationally. Working to get tech in NYC to talk.
Randy - China, give health certificate if recovered or test negative. Required to show the certificate on form to pass around. Even if we go with verifiable credential. Not like a diploma, a one time effort. If certificate is issues, how do you ensure that credential will be continually updated?