Data is vital in a crisis. We need data to track and trace infections, manage healthcare supply chains and help protect our economies from sustained damage through potentially avoidable lockdowns and restrictions. But how can we balance data and patient privacy? Blockchain. Specifically, decentralised identity.
Each day we seemingly inch closer and closer to a vaccine to the Covid-19 virus, sparking worldwide optimism that there could finally be some light and the end of this hideous tunnel.
Whilst we wait for the various vaccines to be approved, governments around the world are placing large advance orders. Here in the UK, the government has added that there will be no “queue-jumping” with “every single person in the UK” offered a vaccine for free through the NHS before any private providers will even have the product to sell.
This is terrific and hopeful news. But a large-scale nation-wide (indeed global) vaccination is, of course, an unprecedented mammoth task. Implementing such a mass vaccination programme quickly is not just vital to saving lives, it is as vital to saving economies which continue to suffer whilst people are forced to stay indoors, and businesses remain closed or endure severe restrictions.
I have two questions for those tasked with managing the vaccine distribution and restarting society:
1. How do you plan to track the vaccine from laboratory to patient to make sure the drugs go where they are meant to go? And,
2. How do you plan to ensure that each person can prove they have been vaccinated and free to move without restriction?
The first is a supply chain transparency issue with the added potential complexity of managing and tracking the temperature of heat sensitive vaccines. The second is an identity certification issue.
It’s the second, identity certification, which I am particularly interested in understanding how governments, vaccine manufacturers, distributors and doctors, plan to handle.
My concern here being that without the right technological infrastructure in place, one which is tamper-proof and transparent, individuals are likely to exploit the system. For example, falsify claims of being vaccinated in order to quickly re-enter events, attend social activities and travel. Putting everyone at risk.
During the early phase of distributing a Covid-19 vaccine, governments may choose to give initial doses to specific groups. For example, healthcare personnel and other essential workers. Then the most vulnerable to the disease. This will need careful and diligent management to make sure this happens quickly and accurately.
Once these people have been vaccinated, they should be free to resume societal interaction, helping to reboot the economy through enabling shops, restaurants, entertainment venues, and so on, to re-open.
But how will we be able to identify who has been vaccinated, and who as not?
Simply put, there needs to be a secure and fast mechanism in place to prove a verified Covid vaccination. Herein lies the issue at the heart of the matter and one which can be solved cheaply, easily and quickly by a blockchain-based technology called decentralised identity.
Decentralised identity is a new way to enable individuals to prove verified facts about themselves using their smart phones or other digital devices.
In a crisis when resources are scarce, governmental budgets are drained and societal tensions are high, it is essential that the technology built is impactful and cost effective.
Decentralised identity technology is an inexpensive, easy and fast solution for governments to quickly roll-out as part of their Covid-19 vaccine distribution strategy.
First, decentralised identity tech is a simple “bolt on” meaning that it sits in addition to, rather than replacing, any existing patient record management systems. In the UK for example, it is directly compatible with the current NHS Covid app. It would just be a matter of enhancing the apps functionality through adding a tab to present a vaccination result as a QR code.
As you can see from our illustration, it would be a seamless addition to the UK’s existing NHS Covid patient technology. The patient would not be aware that a different technology is being used to share vaccine related data as the main interface would be unaffected. The user experience would be seamless and easy, with the data accessible quickly at the click of a button.
Today, all our data is stored on centralised systems by individual companies and government departments on their own private servers. These central databases are full of valuable data about you and I which makes it attractive to hackers who want to access this data for criminal activities. Not to mention the data misuse by businesses who gather data on all of us every single day.
By using blockchain, specifically decentralised identity, it enables personal identity information to be stored and owned by the person it relates to. Not a business nor government. With each person choosing what information they share and with whom they share it. Giving permission. In this instance, people would have their vaccine certification stored on their phones, verifiable on a private blockchain.
Think of the NHS Covid app as like your wallet or purse. You probably have multiple plastic cards which act as identifiers as to who you are and your age. A driver’s license, a couple of credit or debit cards, your employee badge, an identity card, maybe you even carry your national insurance card if you are British. All which are used to prove your identity when needed.
Decentralised identity is much the same as all the above, only it is digital. And because it would have a unique identifier only attributable to the person it was given, one which is tamper-proof too, as once something is secured to a blockchain it is a permanent record. It would be immune to abuse and criminal activity. And it would only be accessible by you and those you give permission to access it. Permission which you can withdraw whenever you like.
Staying with the UK as a working example, if the Government chose to quickly incorporate decentralised identity technology – which again, is very quick, easy and inexpensive to do. The way it would work in practice in tech-speak would be like this:
1. Once the vaccine is administered, authorised staff will be able to issue the patient’s smart phone with a digital ‘Covid-19 vaccination certificate’ signed and sealed with the NHS digital signature.
2. The individual, now vaccinated, has verified proof of vaccination, and can display this proof as a QR code.
3. The individual can now, at entry to venues, check-in with a proof of vaccination in a matter of seconds.
4. Their personal health data is secure and unalterable. It is both private and transparent. Private in that it is not stored on a central database accessible to various and often unknown third parties. Transparent in that it can be quickly accessible by anyone the individual wishes to share the data with.
5. If a person does not own a mobile smart device, a paper-based certificate can be issued with an equivalent QR code.
First, decentralised identity is a new technology and governments are not generally known for being early adopters of technology even if it would have significant benefits for the people they serve. Although in a crisis as serious as Covid-19, solution-orientated thinking can supersede nervousness over trying something new to the market.
Second, immunity credentials or immunity passports have been heavily criticised for potentially leading to a two-tiered society, accompanied by discrimination and exclusion. Not to mention fears of a surveillance society akin to that of George Orwell’s 1984. A fair and just argument. This is why in order for a system of Covid-19 vaccination credentials to work, there must be an equally robust policy accompanying the technology to protect the public and garner trust.
This accompaniment must clearly articulate the boundaries of immunity passports from a legal perspective, ensuring that the technology is ringfenced for Covid-19 and does not lead to a more polarised society. It must be transparent, clear and proportionate. And explained to the public very simply so that they understand their data is theirs to control and is safe. Removing trust issues and fears of governmental surveillance.
Third, the misconception that investing in new technology is expensive. That might be the case for some technologies, but it is not the case for decentralised identity.
Staying again with the UK, we have already seen the Government spend upwards of £35 million on its contact tracing NHS Covid app which utilises decentralised technology. Decentralised identity technology is fully compatible with the current NHS Covid app.
A decentralised identity solution for vaccine certification would be extremely easy to “bolt on” with just a few lines of code. It’s easy, quick and inexpensive to incorporate.
Outbreaks can be stopped. Economies can be saved. But only by rapid action and co-operation between the government, health professionals and the public.
If the Government moves fast and adopts decentralised identity technology, the UK could manage the reopening of society in a secure way, with absolute trust.
Trust from everyone.