The Blockchain Research Institute (BRI) is a global think tank dedicated to the strategic implications of blockchain technologies to business, government and society. On March 26, I participated in a virtual roundtable convened by the BRI to discuss the potential use of blockchain technologies for public health solutions. The roundtable’s findings and recommendations were released in early April in Blockchain Solutions in Pandemics: A Call for Innovation and Transformation in Public Health.
The report identified five key areas where blockchain could be deployed to fight Covid-19 as well as future pandemics: identity, health records and shared data; just-in-time supply chains; sustaining the economy; a rapid response registry for medical professionals; and incentives models to reward responsible behavior. In each of these areas, the report presented uses cases where blockchain is already being deployed, and recommended a number of blockchain related public health measures that will help better prepare for future pandemics. Given the broad scope of the report, I will focus my attention on one area in particular: identity, health records and shared data.
“Data is the most important asset in fighting pandemics… We need data about what, where, when, how, who - how many people are infected, where are they located, when were they infected (and when did they recover), how were they infected, and who else did they contact?,” said the report.
Countries with good access to data, - e.g., China, Singapore, South Korea, - were able to take effective steps to control the spread of the pandemic. But countries with more limited data capabilities, - e.g., Italy, Spain and the US, - have fared significantly worse. Moreover, the trade-off between public safety and individual privacy varies widely among countries. Some of the most effective actions deployed to control the spread of the virus in countries with strong central governments like China and Singapore are much harder to implement in Western countries where individual privacy and civil liberties play a much stronger role. Blockchain opens up innovative possibilities for decentralized solutions that give more control to individuals based on the development of self-sovereign digital identities.
A digital identity is essentially a collection of data attributes associated with a specific individual. These data attributes are generally siloed within different private and public sector institutions, each using its data for its own purposes. While each of us has a unique core identity based on our birth certificate and related government issued documents, we have multiple derived digital identities depending on the nature of the transaction, - e.g., financial, travel, health, - each of which is based on a different collection of data and data providers.
To reach a higher level of privacy and security, we need to establish a trusted data ecosystem for each kind of identity, which requires the exchange and sharing of data across a variety of institutions. The more data sources each trusted ecosystem has access to, the higher the probability of detecting fraud and identity theft while reducing false positives. However, safeguarding the data used to validate identities creates security and privacy issues of its own. It’s unsafe to gather all the needed attributes within one institution or central data location, making it a target for data breaches. In addition, each institution is responsible for the protection of its data, especially in critical areas like health, finance, and government.
“To bootstrap our identity, we first need a model that is distributed among and maintained by the people whose identities it protects,” wrote the report. “This means that everyone’s incentives align in an identity commons, with clear rights for users to steward their own identity, protect their privacy, access (and allow others to access) and monetize their own data, and participate in rule-making around the preservation and usage of the commons. Several identity projects in the blockchain space are working to deliver such structure and capabilities.”
The MIT-led Open Algorithms (OPAL) is one such project. In Open Algorithms for Identity Federation, Alex ‘Sandy’ Pentland and Thomas Hardjono proposed a framework for the safe management of digital identities. The OPAL paradigm is based on several key principles, including:
- Move the algorithm to the data. Instead of gathering raw data into a central location for processing, the algorithm or query, - a kind of smart contract, - should be sent to the repositories and be processed there.
- Decentralized data architecture. Raw data must always remain in its permanent repository under the control of the repository owners. Only the results of applying the algorithm or query against the data are returned.
- Open, vetted algorithms. Algorithms must be openly published, agreed to, and vetted by experts to be safe from privacy violations, bias, and unintended consequences.
- Subject consent. Data repositories must obtain explicit consent from the individuals whose data they hold for the execution of an algorithm against their data; the vetted algorithms should be made available and understandable to subjects.
- Transparency and regulatory compliance. Requests and responses must be stored in a blockchain-based immutable log of events to enable the auditing of all interactions, as well as proof of regulatory compliance.
In a recent article, Pentland proposed an approach for restarting the economy based on the creation of a safe workforce based on a public health identity to certify the health status of individuals while protecting their personal privacy. Such an approach has long been used to certify an individual’s financial credentials in a payment transaction.
A safe workforce would consist of “people who have been infected and then recovered, so that they can be certified as less likely to become re-infected,” wrote Pentland. “This is similar to how we already certify that food workers don’t have certain infectious diseases, and that childcare workers have their immunization shots. At the same time, this sort of data makes early detection of infection and contact tracing much, much easier, eventually preventing successive waves of infection.”
Beyond the immediate needs to restart the economy, the BRI report recommended a series of measures to help public health officials anticipate and manage future pandemics, including:
- Aggregated, anonymized health data. Everyone makes available the critical health information, properly anonymized, that’s needed for tracking, predicting and managing a pandemic, such as body temperature and location.
- Individual health information. Individuals have control over their health information, and can choose to make it available to medical professionals when appropriate, - e.g., if they’re showing pandemic related or other health symptoms.
- Incentive systems. While many would share their explicit, non-anonymized personal data out a sense of social responsibility to helps track and manage a pandemic in their communities, incentives might be needed to make enough such data available to public health officials.
- Population data. “All these data would represent the entire population, not some partial and potentially misleading sample of it. Never before have clinicians, epidemiologists, and authorities had such extraordinary access to such a wealth of data. Using next generation data analytics and AI they could understand the possible trajectories of a virus and take steps to crush it.”
Blockchain technologies “are now relevant as never before, not just to business and the economy but the future of public health and the safety of global populations. Traditional systems have failed and it’s time for a new paradigm.” Finally, the BRI reaches out to Victor Hugo to remind us that nothing is more powerful than an idea whose time has come.
Comments