Why decentralised technology can help fight COVID-19

The spread of the SARS-COV-2 virus has led to many digital initiatives trying to slow down contagion and to ‘flatten the curve’. Hackathons, developers, academics and pundits all try to contribute in their own way. Proximity tracing through a mobile app seems to be the most logical way forward and we are convinced that we will see several of these come into the market.

In a European context, these apps should never make a trade-off between privacy and functionality but they should be privacy-preserving at heart and respect the sovereignty of individual citizens. That is the only way to make them acceptable and accepted.

There is no reason not to, as decentralised technologies provide the necessary tools to create privacy-centric, self-sovereign apps for proximity tracing.

The European Context

The Dutch prime-minister Mark Rutte spoke of a government that “treats its citizens as adults” when it comes to self-isolation and social distancing; in other words, no police in the streets to enforce the lock-down, but an appeal to everyone’s common sense to stay at home and only go out when necessary. This approach fits the Dutch ‘laissez-faire’ culture and the wider European mainland tradition in which cooperation, consensus, and serving the interests of multiple stakeholders play a central role.

This kind of self-sovereignty of citizens is important to create buy-in from the public. This is what will make the solution accepted in the European context.

Secondly, Europe has strong privacy-preserving laws and regulations. And Europe has these because of its history in which it has seen the dark sides of governments using information on their citizens in unacceptable ways. We could argue that we might temporarily do with less privacy for the greater good, but it’s even better if that is simply not needed.

So we’d better start designing a solution with privacy at its heart. That is what will make the solution acceptable in the European context.

Both these conditions can be met if tracking solutions are built using decentralised technologies.

Preserving privacy and enabling self-sovereignty through decentralised technology

When we talk about decentralisation we mean that a system operates without a single central authority, both architecturally as well as politically. This makes it possible to create a system which is resilient, autonomous, secure and privacy-preserving.

When it comes to a digital solution to fight COVID-19, we ask from policy makers the same approach: set the requirements but let the applications do their work in a decentralised environment.

What should a decentralised solution look like?

While we can imagine several functionalities in digital solutions to combat the current crisis, let’s focus on the bare necessities : fighting the spread of the virus through a proximity tracing app. This application runs on a smartphone and detects other smartphones with the app when they are nearby, for instance using the built-in Bluetooth. The registration of the other person’s phone can be done using a unique but otherwise anonymous identifier which is stored locally. When later on a person registers their ID on a distributed ledger because they are (possibly) infected, all phones that they have been close to them and thus have registered that ID, will be able to receive a simple message “you have been in proximity of someone who is potentially infected and you should self-isolate”. Now from this simple premise on, we can start to build additional functionality, only adding functions if needed for the required goal and again disclosing the minimum amount of personal identifiable information.

Let’s do it right, because we don’t get a second chance

We understand policy makers are in a hurry, but again it’s a matter of setting the requirements and developers will build it for sure. As a matter of fact, some are already really close.

  1. Keep data local as much as possible
  2. Use strong encryption (one way encryption where possible)
  3. Verifiably revoke data when no longer needed
  4. Make the whole architecture and processes decentralised and transparent

This will enable, even in these trying times, applications that are both accepted and acceptable in the short term and for the future.

This article has been written by the decentralisation experts of WBNoDE. A special thanks to Jeroen Schouten of Grasp, the tech-savvy lawyers.