This is one of my series of lists of opinionated, high-signal but low-noise links on topics I care about.
If you like my advocacy, my point-of-view, and my writing, as well as my travel to support local communities, my talks for those communities, and my work with organizations such as Blockchain Commons, Rebooting the Web of Trust, and the W3C Credentials CG, I invite you to sponsor me.
Plus, it’s a way to plug into an advocacy network that’s not focused on the “big guys”. Most of the large corporations have full-time people representing their desires in the various standards orgs, making it hard for small companies and lone developers to fully participate. I work to represent smaller developers in a vendor-neutral, platform-neutral way, helping us all to work together.
You can become a monthly patron on my GitHub Sponsor Page for as little as $5 a month; and your contributions will be multipled, as GitHub is matching the first $5,000! Alternatively, you can support my efforts by sponsoring Blockchain Commons and our vision of the open web via a monthly GitHub Sponsorship or with Bitcoin via our BTCPay contribution page, Bitcoin contribution.
But please don’t think of this as a transaction. It’s an opportunity to advance the open web, digital civil liberties, and human rights together. You get to plug into my various projects, and hopefully will find a way to actively contribute to the digital commons yourself. Let’s collaborate!
– Christopher Allen <ChristopherA@LifeWithAlacrity.com>, Github: @ChristopherA, Twitter: @ChristopherA
For information on this versioning scheme, see Status & Versioning.
Copyright ©2020 by Christopher Allen, and is shared under CC-BY-SA open-source license. See this repo’s README.md for more details.
Most of the news has been about governments using cell phones & mobile apps to do #ContractTracing, but another important topic area is how we can create digital #ImmunityCertificates to allow people who have recovered from Covid-19 to leave quarantine, participate in the economic recovery, and to travel for work or family.
This is one of my recent presentations explaining why I’m involved in the Self-Sovereign Identity movement. I talk about some important historical context from WWII in the Netherlands and how it is relevant to the impact and risk of COVID-19 for privacy and identity systems:
KEYQUOTE: How do we prevent these architectures, which are well intended and have these principles…how do we be sure that we can design them in ways that make it harder for them to be [misused or exploited].
I am co-chair of this World-Wide-Web Consortium (#W3C) community group, where a number of important credentials and identity specifications were nurtured to the point where they could be formalized into international standards. Most notably, the Verifiable Credentials specification is now a full standard, and the Decentralized Identity specification is well on its way.
We meet online weekly via voice and IRC on Tuesdays at 12noon ET, 9am PT, and 5pm CET. At several recent meetings we have had discussion on #COVID19 related privacy topics, and it looks like some standards around #ImmunityCredentials in particular will become official work items. Our meetings are open to the public and are announced on our public mailing list.
Both of these standards are key architectures toward privacy design, in particular in the short term for #ImmunityCertificates.
There has some some discussion & collaboration between different in the #W3C CCG on what a #Covid19 Immunity Credential might look like using the #VerifiableCredentials standard.
Some specific implementations of Immunity Credentials in response to COVID-19 are being discussed, refer to Potential Implementations of ICs
I like this quote for Orie Steele “We should be careful to support systems that citizens, corporations and governments are using today, and establish parity, before pushing the boundaries of space time with blockchains and verifiable credentials” Twitter @OR13b
The #ImmunityCredentials #VerifiableClaims #COVID19 topics are substantial, and rapidly evolving. In this section I intend to highlight the most interesting content and regularly update it
1/10: Some governments will, and have already begun to, exploit the crisis. History suggests this is the precursor to something more dangerous for individuals and society.
KEY QUOTE: There are also alarming historical precedents in which governments have used an emergency to claim dictatorial powers, which are then left unrepealed. A classic case was Hitler’s use of the Reichstag fire in 1933 to establish the power to rule by decree…An expansion of state-surveillance, once rolled out, could be hard to reverse and will be a potent tool for would-be dictators.
2/10: I am quoted here sharing my concerns specifically with respect to COVID-19 response technology, and digital identity.
KEY QUOTE: …well-intentioned national identity system can be abused if the political winds shift
3/10: Harvard published a white paper on April 20, highlighting the need for any technological intervention to COVID-19 to be ethical, balanced, and privacy preserving.
KEY QUOTE: Proactive adaptation of existing, purpose-built, privacy-preserving technology, grounded in respect for equity and human rights, offers a means to protect society from a resurgence of the disease, while safeguarding individual privacy and civil liberties. To protect individuals from surveillance, discrimination, fraud, or exclusion, we must ensure that systems developed to serve these purposes are private, secure, and accessible—and are developed using open-source technology and open standards for interoperability and universal access.
4a/10: This is one of the best analysis so far on Immunity Credentials.
KEY QUOTE: The prospect of severely curtailing the fundamental rights and freedoms of individuals through ill-thought-out plans for “immunity passports” or similar certificates, particularly ones that would leverage premature standards and a highly experimental and potentially rights-infringing technology like blockchain, is beyond dystopian. We urge law and policymakers to think twice before entertaining such industry-driven, technology-first solutions to complex public health and humanitarian crises.
4b/10: In response this article clarifies a few important points about Verifiable Credentials, and strikes a more optimistic note.
KEY QUOTE: It is clearly premature to deploy immunity passports. But that doesn’t mean we should stop trying to determine whether/how they will be useful.
5/10: Anil John makes the case against Immunity Certificates, and proposes some targetted alternatives:
KEY QUOTE: My suggestion at this time is to focus on one or two hard things now when everyone is engaged and, if addressed now, will solve two or three things downstream. Digital Vaccination Certificates - This is almost entirely paper based now and it needs to be digital and globally interoperable. Put in the hard work now to come to agreement on how to represent them as Verifiable Credentials. Engage public health authorities to get their buy in now, so that when we have a COVID-19 vaccine (We will!), we are ready! In the interim, we get to use this now for our existing vaccination records! Digital Airline Medical Clearance Forms - This is the paper based “Doctor’s Note” that is given to an airline if you are traveling with a medical condition which is implemented differently by each airline.
6/10: This history of immunoprivilege is an important reference for anyone designing solutions today.
KEYQUOTE: To fully understand just how valuable being acclimated was, Olivarius says, look no further than the auction block. There, being immune to yellow fever would drive up the price of an enslaved person by 25-50%.
Fast forward to today and the parallels are hard to miss, Olivarius says. Early data shows black Americans are dying at higher rates from COVID-19, and many immigrants who pick our food have transformed into “essential” laborers overnight. Meanwhile, the elites retreat to the safety of their homes, and even second homes where they can practice social distancing.
Olivarius says that while she hopes immunity from COVID-19 becomes a productive, positive part of our recovery — with immune individuals taking care of the elderly or helping to do more tests, for example — she’s also afraid immunity could exacerbate the inequalities already present in our society, just as it did in New Orleans more than a century ago.
7/10: Some interesting risk modeling approaches to COVID-19 response technology, specifically apps:
KEY QUOTE: What do you need to know so you can confidently trust a piece of technology, such as an app supposedly helping fight COVID-19? That question is at the heart of Project App Assay. It applies to all technology, but is particularly important for the COVID-19 apps, because many of them collect so much information about our health, our friends, our locations and activities around the clock.
8/10: I also would point you to the Privacy Considerations section of the Verifiable Claims standard as a start on the issues in general.
KEY QUOTE: The Verifiable Credentials Data Model strives to support the full privacy spectrum and does not take philosophical positions on the correct level of anonymity for any specific transaction. The following sections provide guidance for implementers who want to avoid specific scenarios that are hostile to privacy.
9/10: Parts of this piece disturb me but I also appreciate the out-of-the box thinking here, including if liability insurance should play an role in #ImmunityCredentials. But we need to be careful as liability law & courts are slow & expensive, and lives as wergild are often unjust.
KEY QUOTE: Of course, for the purpose of protecting ourselves from getting infected by others, we already have substantial incentives to attend to such factors. The problem is that simple regulations don’t give us good incentives to attend to these factors for the purpose of preventing us from infecting others. With regulations, we have incentives to follow the letter of the law, but not its spirit. So we don’t do enough in some ways, and yet do too much in others. But if liability could make us care about infecting others as well as ourselves, then it might simultaneously reduce both infections and the economic and social disruptions caused by lockdowns. With strong and clear enough liability incentives, we wouldn’t need regulations; we could just let people choose when and how to work, shop, travel, etc.
10/10: Lastly, this highlights some important data on large COVID-19 infection clusters—or “superspreading events” (SSEs), as they are sometimes referred to in the scientific literature. If we know how it spreads, we know what to control for.
KEY QUOTE: When do COVID-19 SSEs happen? Based on the list I’ve assembled, the short answer is: Wherever and whenever people are up in each other’s faces, laughing, shouting, cheering, sobbing, singing, greeting, and praying. You don’t have to be a 19th-century German bacteriologist or MIT expert in mucosalivary ballistics to understand what this tells us about the most likely mode of transmission.
Vaccines are a biological preparation that provide active acquired immunity to a particular infectious disease. Some countries^1 require a certificate showing you have been vaccinated before you are allowed entry, known as an International Certificate of Vaccination or Prophylaxis (ICVP). The only disease (currently) designated under ICVP is yellow fever.
Estimates vary, but a C19 vaccine is 12-18 months away. In the absence of a COVID19 vaccine, immunity may be acquired through disease infection and recovery.
Immunity Credentials/Passport/Certificates are touted as a solution to the economic devastation of COVID19 lockdowns. If a person was infected and recovered, they may be eligible to reenter society and work.
In previous epidemics, like the Yellow Fever, having a passport meant you could work, earn money, get promoted during a healthy labor shortage. It meant that you had access to better food, living conditions, and wealthier courting options.
So people would try to get the credential by getting sick on purpose and hoping to survive the illness. Others went to the grey market, to bribe a doctor or public health official for legit papers, or buy counterfeit passes, or steal legit ones.
History suggests that we need to be cautious implementing a system of immunity-based privilege:
KEYQUOTE: When yellow fever swept through New Orleans two centuries before our current pandemic, it made immunity a form of privilege—one so valuable, it was worth risking death to obtain. The outbreaks exacerbated existing forms of inequality too. New immigrants to the city disproportionately bore the risks of acclimation to yellow fever, eager as they were to find jobs. (The wealthy, meanwhile, emptied out of the city during summer yellow-fever season.) Enslaved people who were acclimated were worth 25 percent more—their suffering turned into financial benefit for their owners. “Diseases lay bare who belongs in society and who does not,” says Kathryn Olivarius, a Stanford historian who studies yellow fever in the antebellum South.
ABSTRACT: Immunity on a case-by-case basis did permit the economy to expand, but it did so unevenly: to the benefit of those already atop the social ladder, and at the expense of everyone else. When a raging virus collided with the forces of capitalism, immunological discrimination became just one more form of bias in a region already premised on racial, ethnic, gender and financial inequality.
Link to original paper cited in above 2 articles https://academic.oup.com/ahr/article/124/2/425/5426380
ABSTRACT: One dramatic aspect of epidemic response is the desire to assign responsibility. From Jews in medieval Europe to meat mongers in Chinese markets, someone is always blamed. This discourse of blame exploits existing social divisions of religion, race, ethnicity, class, or gender identity. Governments then respond by deploying their authority, with quarantine or compulsory vaccination, for instance. This step generally involves people with power and privilege imposing interventions on people without power or privilege, a dynamic that fuels social conflict.
The point of any credential like this is to divide people into haves and have nots. A barrier to some rights, like a subway turnstile.
KEY QUOTE: The idea for the “immunity passport” or a “back to work” pass is this: If you’ve been infected with SARS-CoV-2, the virus that causes COVID-19, and recover, then you have immunity that will protect you from getting the disease again for some amount of time. What we don’t know for certain with COVID-19 is whether people do have immunity once they’ve recovered and how long that immunity would last.
KEYQUOTE: The idea of immunity certificates is “a really smart one,” he said. “But as yet we’re not going to bring them in because we don’t know yet that the immunity is strong enough and there’s still more science that needs to be done about the levels of immunity in people after they’ve had the disease.
COVID-19 is a new disease, and there is very little we know about it, including how the human body responds and develops antibodies to it.
How do we assure ourselves the design is not inherently unjust? Turnstiles blocked people in wheelchairs as a side effect of making it harder to cheat, for example. I’m concerned that choice in passport design and implementation will amplify existing social injustices, inequities, and bad behavior.
KEY QUOTE: Some governments have suggested that the detection of antibodies to the SARS-CoV-2, the virus that causes COVID-19, could serve as the basis for an “immunity passport” or “risk-free certificate” that would enable individuals to travel or to return to work assuming that they are protected against re-infection. There is currently no evidence that people who have recovered from COVID-19 and have antibodies are protected from a second infection.
KEY QUOTE: Experts say that SARS-CoV-2 likely falls somewhere in the middle, such that people who get exposed are neither sterilized against further illness nor left utterly defenseless. Instead, they enter into a state you might think of as “immunishness,” an intermediate level of protection that dwindles over time. The robustness of this immunish state—whether it prevents all reinfection or merely makes a second round of sickness less intense—and the period of time for which it lasts will depend on multiple factors, such as a patient’s genetics and sex (women tend to have stronger immune reactions than men), the strength of their initial immune response, and the characteristics of the virus itself as it continues to evolve.
KEYQUOTE: Early data from China showed a wide range of antibody responses among 175 infected individuals, including 30% that showed minimal or no “neutralizing” antibodies—a sign that the immune system managed to beat the virus without developing the long-lasting antibodies that confer durable immunity. That result was especially common in young patients.
KEYQUOTE: 1/2 Ok, NextID has joined the COVID-19 Credentials Initiative led by @evernym. But I have deep reservations about the veracity of these immunity certs. There is no evidence that having antibodies present equates to immunity, nor how long such immunity might last.
2/2 I still think the #SSI industry has not answered two basic questions: “says who” (ie- are you really immune), and “what about privacy”. The immunity cert is just an assertion, yes, but this initiative may bring the veracity of verifiable credentials into disrepute.
KEY QUOTE: Among the many uncertainties that remain about Covid-19 is how the human immune system responds to infection and what that means for the spread of the disease. Immunity after any infection can range from lifelong and complete to nearly nonexistent. So far, however, only the first glimmers of data are available about immunity to SARS-CoV-2, the coronavirus that causes Covid-19.
KEYQUOTE: Coronavirus antibody testing needs to get a lot better, and so does our understanding of immunity, before people can start circulating freely.
KEY QUOTE: Scientists assess the accuracy of diagnostic tests in two ways. One is “specificity”, only recognising real cases and avoiding false positives. The other is “sensitivity”, identifying all real cases and avoiding false negatives. The Oxford evaluation shows that commercial point-of-care tests do very well on specificity, picking up samples only from people who were really infected with Sars-CoV-2. Their weakness is sensitivity, failing to detect antibodies in about one-third of people who actually had them. “This means if your test is positive, you can be confident that you have been infected and have antibodies,” explained Eleanor Riley, professor of immunology and infectious diseases at the University of Edinburgh. “But if your test is negative, you can’t rule out that you might have been infected.”
The rush to develop antibody tests means more risk in terms of accuracy:
KEYQUOTE: Antibody tests won’t face the same bureaucratic hurdles diagnostic testing initially did. The U.S. Food and Drug Administration relaxed its rules last month, and body-fluid tests can proceed to market without full agency review and approval.
Important laypersons’ introduction to Bayesian math and the massive difference between a 5% and a 3% margin of error for serological testing/passporting:
KEYQUOTE: If you issue immunity passports on this basis, barely a third of the people you give them to will actually be immune. “There’s nothing peculiar about this statistically,” Kevin McConway, an emeritus professor of statistics at the Open University, told me. “It’s just Bayes’ theorem.” The likelihood of you having had Covid-19, if you’ve had a positive test, depends not just on the accuracy of the test but on the prevalence in the population you’re looking at.
KEYQUOTE: The county had said in a news release on Monday that the authorities were “receiving reports of Covid-19 parties occurring in our community, where non-infected people mingle with an infected person in an effort to catch the virus.” Officials later elaborated on those reports in interviews, saying the parties were discovered after tracing the paths of people who were found to be infected after the gatherings.
KEYQUOTE: Trapped between the competing urgencies of saving lives from Covid-19 and avoiding economic calamity, some government officials have mooted “immunity passports” as a way through the impasse. But experts told FRANCE 24 that the necessary antibody testing is not reliable enough – and even if the scheme were feasible, it could create a dangerous incentive for some to acquire the virus in order to qualify for the passport.
KEY QUOTE: Wearing a bracelet or waving a piece of paper to show your immune status might sound like the plot of a dystopian novel, and scientists and public-policy experts are warning the prospect of “immunity passports” could make the current crisis worse. For one, they worry it could create a two-tiered workforce and perverse incentives for people to try to contract the virus, particularly millennials who might feel their chances of surviving it are high.
In the US, not having a disease is not sufficient for disability under ADA, but if people are unable to do their work or travel, should that be a disability? What happens if you can’t work, or freely assemble?
KEY QUOTE: In a near future with immunity passports, employers could make decisions about hiring and who can come back to work based on immunity — and it might be legal. The Americans with Disabilities Act, which became law in 1990, requires employers to make reasonable accommodations for people with disabilities. But Mohapatra says there’s a legal question of whether not having immunity would be considered a disability. “Those people might not be protected,” she says. The Genetic Information Nondiscrimination Act of 2008 is another law that offers protection against employer discrimination, but it wouldn’t apply in the case of Covid-19 since it’s an infectious disease, not a genetic condition.
Elsewhere, like India, the issue is more stark
KEY QUOTE: The overlap between the public-health system and the security apparatus, combined with the lack of adequate privacy laws, also engenders distrust from the very people who are expected to volunteer information and cooperate with government efforts to contain the pandemic. Even in the context of epidemics such as HIV/AIDS, human-rights and constitutional courts have recognised that such discriminatory and punitive practices violate the right to privacy, and are counterproductive to public-health efforts. These patterns of “policing” the pandemic are not unique to India. In Canada, multiple new laws have resulted in six-figure fines and prison time for those who dviolate physical-distancing rules. In the United States and the United Kingdom, too, two countries with deep historical legacies of discriminatory and arbitrary policing, there are concerns that police discretion in the enforcement of COVID-19 restrictions will hit communities of colour the hardest.
Though the antibody testing and immunity science is yet to be solved for, along with the legal implications, that hasn’t stopped countries/consortiums from considering implementation of COVID Immunity Certificates, Passports or Credentials.
The technological architecture to make credentials, passports or such certificates work in practice is a reality today:
KEYQUOTE: Evernym is the firm that initiated the self-sovereign identity (SSI) platform Sovrin and Hyperledger Indy. CCI aims to use W3C digital credentials standards. The key to SSI is that it empowers privacy. Access to the data is only available to the individual and the organization that provides a credential – perhaps a hospital that tested you. As an individual, you can then choose with whom to share that data.
KEYQUOTE: These digital certificates would be issued by health care institutions but controlled by the user and shared in a peer-to-peer manner…A common misconception is that self-sovereign means self-attested, which removes the need for governments and other authorities; trust in the issuer of the credential is critical”
Human Rights, Privacy Law, and GDPR expert Elizabeth Renieres (@hackylawyer regularly has great insights on the intersection of privacy technology and the law, and is always one of the first people I go to on these topics:
KEYQUOTE: …this program [ Known Traveler Digital Identity https://papersplease.org/wp/2020/03/30/known-traveler-digital-identity-ktdi/ ] is extremely concerning @evernym. According to @PapersPlease, the KTDI would even include a “pre-crime predictive ‘risk assessment’ and profiling score.”
United Kingdom
KEYQUOTE: These antibody tests are different from the swab tests aimed at determining whether a person carries the virus. They are the same as the ones being rolled out in many countries, including in the U.S., as part of long-term campaigns aimed at determining what proportion of the population has been infected by the new coronavirus, and gauging immunity at a national level. In the U.K., however, officials have proposed using them at an individual level, to provide people assurances that they can leave lockdown without risk of contracting the disease, known as Covid-19.
KEYQUOTE The Government is considering introducing immunity passports, so those who have had coronavirus can get back to work. Matt Hancock said he had a “very strong interest” in bringing in such a policy, after returning to work yesterday (Thursday) following his own spell of self-isolation with Covid-19. However, the Health Secretary said that it was “too early in the science of immunity” to be able to bring in a comprehensive scheme. He said: “We are looking at an immunity certificate - how people who have had the disease, have got the antibodies and therefore have immunity can… get back as much as possible to normal life.
United States
KEYQUOTE: …the federal government is considering issuing Americans certificates of immunity from the coronavirus, as the Trump administration works to better identify those who have been infected and restart the U.S. economy in the coming weeks.
KEYQUOTE: The idea is simple: widespread administering of antibody tests could establish who has had the virus already. Through the use of an identification system, societies could keep track of individuals that are “immune” as a result — and those who aren’t.
Germany
KEYQUOTE: In recent days, the IFLb laboratory in Berlin began blood tests that can determine whether someone has had the virus and therefore has immunity against being reinfected. On Tuesday, the lab’s technicians processed 70 tests, in addition to the 500 regular coronavirus tests they complete each day to determine whether someone is infected. “We were very, very fast at getting started,” explained Christina Landwehr, a molecular biologist at the lab. Germany’s first test kit for mass coronavirus antibody screening was certified late last month.
KEYQUOTE: Researchers in Germany are currently preparing a mass study into how many people are already immune to the Covid-19 virus, allowing authorities to eventually issue passes to exclude workers from restrictive measures currently in place.
KEY QUOTE: The documents are part of a research project being conducted at the Helmholtz Centre for Infection Research in Braunschweig, which will conduct blood tests among the general public for antibodies produced against the virus. The antibodies will show which of the participants have had the virus and have recovered, according to a report by the German magazine Der Spiegel. Around 100,000 people will be tested at a time, and certificates issued to those found positive. The testing could start in April if researchers are given the green light.
KEYQUOTE: German researchers plan to introduce coronavirus ‘immunity certificates’ to facilitate a proper transition into post-lockdown life, as Chancellor Angela Merkel’s handling of the crisis has led to a boost in the polls.
Italy
That glimmer of hope has turned the conversation to the daunting challenge of when and how to reopen without setting off another cataclysmic wave of contagion. To do so, Italian health officials and some politicians have focused on an idea that might once have been relegated to the realm of dystopian novels and science fiction films. Having the right antibodies to the virus in one’s blood — a potential marker of immunity — may soon determine who gets to work and who does not, who is locked down and who is free.
Chile may be the first in the world to formally introduce ICs
KEY QUOTE: Government officials said Monday they would move ahead with plans to issue the world’s first “immunity passports,” cards that would allow people who have recovered from the novel coronavirus to return to work, over the concerns of physicians who warned that much about covid-19 immunity remains unknown.
Some proposed implementations are for specific sectors, like tourism and sports:
KEYQUOTE: The costs of a serological test to establish the immunological status of each person – to know if they are possibly contagious or not – will be only a few euros, well below the costs of a 14-day quarantine, to say nothing of the waste of time and the loss of professional opportunities that it entails…The adoption of an immunity passport will allow planes to return to the skies, hotels and restaurants to reopen and life to begin to return to normal.
KEYQUOTE: In the months and years following the attack on the World Trade Centre on Sept. 11, 2001, sports fans became used to body searches and metal detectors on their way into arenas and stadiums. People accepted the measures as a way to keep everyone safe. After the coronavirus pandemic is conquered and sports re-emerges, it’s likely a new layer of security will be introduced.
KEYQUOTE: Breaking: A new app is being pitched to the Premier League which would ensure only fans who have tested negative for Covid-19 or have immunity can go to games. ‘Health passport’ also being discussed with Government as part of lockdown exit strategy.
The COVID Credentials Initiative is leveraging the #W3C DID and Verifiable Credentials specifications. It appears to be led by members of the Sovrin/Hyperledger Indy architecture and platform for Self-Sovereign Identity.
*COVID Credentials Initiative**
The COVID-19 Credentials Initiative (CCI) is a collaboration of more than 60 organizations working to deploy verifiable credential solutions to help stop the spread of COVID-19. Our goal is simple, we want to enable society to return to ‘normal’ in a controlled, measurable, and privacy-preserving way. The initiative is a direct response to the many calls for an ‘immunity passport,’ a digital certificate that lets individuals prove (and request proof from others) that they’ve recovered after testing negative, have tested positive for antibodies, or have received a vaccination, once one is available. By proving some level of immunity, individuals will be able to begin participating in everyday life again.
Transmute is another that appears to be leveraging the #W3C DID and Verifiable Credentials specifications:
KEYQUOTE: One option that is familiar to healthcare providers today includes providing a QR code and/or simple pin to an individual when they complete drive-up testing. That individual can present a driver license at that time to establish their identity. The subsequently provided information (QR/ pin) allows that individual to later authenticate on a specified website and access test results. These results can be structured as a verifiable credential, which can be discovered and verified in the future by that individual showing their drivers license and providing the pin. This workflow doesn’t require the individual to download any software or manage their own decentralized identifier.
One that is getting a lot of press is the CoronaPass:
By providing evidence of authenticated anti-body test results, CoronaPass can enable people and organizations to return to important economic and social activity, while protecting the most vulnerable members of society.
I’m less clear on the status of Bloom’s implementation. I sounds like they may be using the W3C Verifiable Credentials standard, but they have not been active in the #W3C CCG community so I don’t know.
KEYQUOTE: Issuing Verified Immunity Credentials (VIC) to those who are immune would also help people quickly find new jobs by being able to digitally show proof of immunity to employers.
KEY QUOTE: Trustee Immunity Passport is a novel solution based on self-sovereign technology and decentralized governance. Each individual’s Trustee permits access to signed clinical information. Individuals can grant or rescind access to their immunity status, immediately and at any time, to provide expertly interpreted serologic information to employers, schools, businesses, public services, disease-focused communities, or others, using a smartphone.
Though Immunity Credentials could be implemented with legacy identity and digital credential technology, there are some real advantages to using the new self-sovereign identity architectures of W3C Verifiable Credentials standard and the emerging Decentralized Identifier (DID) specification. I am co-inventor and architect of this architecture, so I am biased.
This is a the best primer on the topic of W3C Verifiable Credentials standard
ABSTRACT: It is currently difficult to transmit credentials such as driver’s licenses, proofs of age, education qualifications, and healthcare data, via the Internet in a way that is verifiable yet protects individual privacy. Starting in 2013, the W3C Credentials Community Group started to work in earnest on solutions in this space followed shortly thereafter by the Rebooting Web of Trust Community and W3C Verifiable Claims Working Group. These groups, composed of 150+ individuals and organizations, are currently focused on the creation, storage, transmission, and verification of digital credentials via the Internet. This document is a primer for those that want to learn about the Verifiable Credentials initiative, the use cases and ecosystem, a basic overview of the technology, and how to get involved.
The specification created by the W3C CCG was approved as a “W3C Recommendation” so now is a full international standard. Maintenance, additions, changes, etc. are now back at the W3C-CCG for building consensus on updates to the spec.
This is the technical standard:
ABSTRACT: Credentials are a part of our daily lives; driver’s licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.
This note shares the official use-cases used in the creation of Verifiable Credentials:
ABSTRACT: A verifiable claim is a qualification, achievement, quality, or piece of information about an entity’s background such as a name, government ID, payment provider, home address, or university degree. Such a claim describes a quality or qualities, property or properties of an entity which establish its existence and uniqueness. The use cases outlined here are provided in order to make progress toward possible future standardization and interoperability of both low- and high-stakes claims with the goals of storing, transmitting, and receiving digitally verifiable proof of attributes such as qualifications and achievements. The use cases in this document focus on concrete scenarios that the technology defined by the group should address.
At this point there has yet to be any analysis of any of the Immunity Credentials implementations, however this shows how it could work in the UK context:
ABSTRACT: This is the first of 3 videos that demonstrate our Verifiable Credential infrastructure. This is the introductory video. The next two describe the Registration Process and Transaction Process respectively in more detail.
This white paper suggests 20-30 year olds could re-enter the economy. If such a move takes place it’s inevitable that this population would need some sort of immunity credential to further participate/support elderly populations still under lockdown:
KEYQUOTE: The paper argues that a young workforce release of this kind would lead to substantial economic and societal benefits without enormous health costs to the country. In this way, the nation might begin to move forward in the footsteps of the young. The paper’s key concept could in principle be implemented in other countries.
Beyond issues of immunology, Peter Story argues that we need to be design toward “co-immunology”:
KEYQUOTE: We thus have three levels of immunities: biological, psychological and social. One should perhaps add hyper-social for the relations between states, that have over the last century put in place institutions to reduce the calamities of war. Each of these depends on the other. The body’s immunity is improved by individuals learning to adopt hygienic practices; those are helped by quarantining policies at the local and international level. At each level communication is restricted but cannot be stopped: trade, especially for medical goods and food, must continue, while new processes are put in place further to limit the spread of this microscopically small virus.
KEYQUOTE: The COVID-19 narrative that emerges in the aftermath of the pandemic will have to embrace three truths. First, there is no way that government – however well organised and professional – can address challenges like this pandemic without a civic-minded citizenry that trusts the public health advice of its government and is committed to the rule of law. Second, people facing extraordinary risks and costs have indeed acted with generosity and trust on a massive scale. And third, the fact that the individualistic and self-interested depiction of people in economics has been shown to be wildly inaccurate may also be a cause for alarm: people may care about others in negative as well as positive ways. The frightening upsurge of xenophobic attacks is a warning.
KEYQUOTE: The legal issues aren’t clear. The Americans with Disabilities Act (ADA) may be the most relevant federal statute, but it is triggered only by a disability. Having a Covid-19 infection can be a disability, but can having a normal immune system, one without evidence of a prior infection, count as a disability? If so, how would the act’s “direct threat” exception apply? The Equal Employment Opportunity Commission has issued some guidance for employers, saying that Covid-19 qualifies for the “direct threat” exception, but that deals with people who are infected or symptomatic, not those who might become infected.
Other federal and state statutory and constitutional rights might also be invoked, such as the Federal Rehabilitation Act, state statutes similar to the ADA or broad state anti-discrimination legislation, and federal and state due process, equal protection, and possibly right to travel guarantees.
Some sources suggest governments privately have given up on containment, like the UK:
KEYQUOTE: UK Government strategy, he confirmed, is not attempting to contain the spread of the virus, but simply to slow down “the rate at which we get this virus [which] has direct impact on the NHS. It’s vitally important that we don’t get it at the same time. But that does not mean we won’t still get it at some point… We’ve got to keep functioning our lives, go out for food and medication, and go out for work”.
Other commentary suggests a new CoronaCorps, in the spirit of AmeriCorps, to bring the economy back to life and mitigate systemic disrimination:
KEYQUOTE: Those who receive their immune certification should be encouraged to volunteer for the CoronaCorps, a standing army of individuals committed to helping us heal together. You don’t need to have been infected to be of help. The CoronaCorps needs all kinds. The advantage of the immune-certified is that they can pass among and between the quarantined, providing goods and services with reduced personal risk of infection. (Of course, they will need basic training in decontamination protocols to protect others.)
The intake process for CoronaCorps, as well as training and job-matching, should be handled at the city and county government level, with help from the private sector for identifying needs. Don’t reinvent the wheel: Reuse existing job boards, engage professional recruiters, and make it easy for those who are participating in essential services to ask for help.
KEYQUOTE: Resist the “shock doctrine.” Emergencies have been declared before and will be again. This is a time to make demands on, more than to rely on, governments. Reliance is passive. Demand is active.
I like this reasoned approach from the Canadian government.
KEY QUOTE: Privacy protection isn’t just a set of technical rules and regulations, but rather represents a continuing imperative to preserve fundamental human rights and democratic values, even in exceptional circumstances.
KEY QUOTE: The U.S. Centers for Disease Control and Prevention will collect and test 50,000 samples in September and December of this year, and in November 2021. The nationwide survey will determine the extent of the epidemic and assist in the development of vaccines. Some anticipate partial reopening of economies if antibody carriers are identified.
KEY QUOTE: A team of scientists worked around the clock to evaluate 14 antibody tests. A few worked as advertised. Most did not.
KEY QUOTE: Tech experts from The Open University (OU) have developed the world’s first digital application to certify COVID-19 immunity test results. Researchers from the OU’s Knowledge Media Institute have created a prototype mobile phone app that enables instant verification of tamper-proof coronavirus test results and vaccination certificates.
KEY QUOTE: Dr Rifat Atun has said that it will not be “socially acceptable” for a country such as Britain to allow those who have recovered from the virus to work, while individuals classed as high risk are forced to remain in isolation unable to earn.
KEY QUOTE: It turns out that some people can carry the virus for months after being declared cured, according to a new report. Authorities are scrambling to understand whether a patient who keeps testing positive after recovery is infectious to others, and some are considering new discharge protocols as a result.
KEY QUOTE: There is maybe a little caution ahead as we jump into this new world of “immunity passports.” We don’t know how immunity works with this virus, and we don’t know how long it will last. Also, antibody tests can pick up false negatives and false positives. You may be sending people out there who think that they’re immune, but they’re not.
KEY QUOTE: The head of the World Health Organization on Monday said that likely no more than 2% to 3% of the global population have developed antibodies for COVID-19. That is a problem for countries hoping to issue “immunity passports” as a way to get back to normal, even before a coronavirus vaccine has been developed. A second WHO expert said the data does not yet support such a strategy, not least because it is not clear whether those who recover from COVID-19 are in fact immune.
Not IC specific but an example of the misuse of emergency powers
KEY QUOTE: The Petroleum and Natural Gas Senior Staff Association of Nigeria suspended the strike hours before it was to have started at midnight on Sunday. The union, known as Pengassan, had planned to halt operations at all crude-exporting facilities to protest the detention of 21 Exxon Mobil Corp. employees by authorities in Rivers State, it said in an emailed statement. Authorities initially accused the employees of violating restrictions on their movement, the union said. However, the workers were released on Sunday, and Pengassan backed down from its threat, a union official said by phone later in the day.
France COVID trace (translated) https://translate.google.com/translate?depth=1&nv=1&pto=aue&rurl=translate.google.com&sl=auto&sp=nmt4&tl=en&u=https://www.cnil.fr/fr/publication-de-lavis-de-la-cnil-sur-le-projet-dapplication-mobile-stopcovid
Example of pre COVID rules on flight boarding, what comes next? https://www.airnewzealand.com/special-assistance-flying-with-medical-conditions
My Twitter list of technologists, advocates, policymakers, lawyers, regulators, etc. w/ a particular focus on privacy.
KEY QUOTE: If you’re hoping a vaccine is going to be a knight in shining armor saving the day, you may be in for a disappointment. SARSCOV2 is a highly contagious virus. A vaccine will need to induce durable high level immunity, but coronaviruses often don’t induce that kind of immunity.
KEY QUOTE: A worrisome precedent towards #ImmunityCredentials #ImmunityPassport. Remember—we don’t even know the efficacy of these test are yet. “Dubai-based airline Emirates has begun carrying out Covid-19 blood tests on passengers at the airport prior to flights.”
KEYQUOTE: Morning thoughts: Underground Raves will come back, but with blood testing for Covid-19 safety. Take that cyberpunks, see you at the Trash Fence, blood sample required at the door. Don’t @ me about immunity credentials.
KEYQUOTE: Determine if immunity post recovery is reliable. Make antibody test widely available, free or not. Biometric+test result on badge & NHS web site. QR code allows anyone to check your status with phone. Badge/QR to be worn publicly at all times. Go back to work.
KEYQUOTE: We do not know exactly when we will achieve victory. First, we need tests that can tell us when we are sick and when we are immune. Once we have access to better #COVID19 testing, we will move into the second phase. This is when we start to slowly reopen our world.
KEYQUOTE: I will not carry an immunity passport to retain my rights as an American citizen.
ABSTRACT: We describe how FIDO and W3C VCs can overcome the problems of existing identity management systems. We describe our conceptual prescription drugs. Our initial user trials with 10 U.K. NHS patients found the system to be easy to use, and fingerprints to be preferable to using usernames and passwords for authentication
KEYQUOTE: The system we are designing can be used to issue and verify many different types of academic credentials, ranging from university degrees and diplomas, to individual course credits, to alternative credentials (including microcredentials) for online courses or face-toface workshops. Issuers decide the information they must include in the credential. Our system will not change the way universities provide instruction, assess learning, or make decisions about awarding credentials. It simply offers a more powerful and convenient way to share, manage, and verify the credentials.
KEYQUOTE: Credibility signals are observations, made by humans or machines, which are used in deciding how much to trust some information. This document specifies some types of these observations which seem particularly useful in online credibility assessments, especially when assisted by machine processing and a network of people and systems making related observations.
Weekly updates on the developments of human-centric data-based apps to fight COVID-19. Calls take place every Wednesday at 15-16 CEST in Jitsi. For details, join mydata.org/slack #coronadata channel.
W3C Credentials CG (where I am co-chair) regularly discusses identity & privacy, and more recently #ImmunityCredentials:
I have been hosting Rebooting the Web of Trust, a twice-a-year design workshop that brings together experts in the decentralized digital identity and privacy community in a collaborative “design workshop” that has published 50+ collaborative white papers. It is where the W3C Decentralized Identifier specification, which is on its way to becoming an international standard, was originally incubated.
Unfortunately our last event in Buenos Aires where we planned to discussion #LocationPrivacy and other related Covid-19 privacy topics was cancelled. We are working now on plans for an event in the Fall in the EU, and expect many privacy tech, policy, and regulatory experts coming specifically to work on the next generation of these technologies.
Reminder: You can become a monthly patron on my GitHub Sponsor Page for as little as $5 a month; and your contributions will be multipled, as GitHub is matching the first $5,000! Alternatively, you can support my efforts by sponsoring Blockchain Commons and our vision of the open web via a monthly GitHub Sponsorship or with Bitcoin via our BTCPay contribution page, Bitcoin contribution.
– Christopher Allen <ChristopherA@LifeWithAlacrity.com>, Github: @ChristopherA, Twitter: @ChristopherA