Tweet

Lea Kissner

3 Feb, 25 tweets, 7 min read

In more pandemic talks at #enigma2021, Mark Funk is here to talk about "DESIGNING VERIFIABLE HEALTH SOLUTIONS FOR GLOBAL PANDEMIC"

usenix.org/conference/eni…

This is about work done with a nonprofit to try to find a way to prevent infected people from entering a location in a privacy-preserving way.

(Stopped this work when it became clear that this was being built for a world which wouldn't exist any time soon.)

Right now, we ask people to self-diagnose, which requires on diagnosis and truthfulness

There are stronger mechanisms like PCR tests

How to make showing that you've been testing easy and private?

Safety is hard:
* easy to transmit
* easy to travel
* asymptomatic transmission
* people don't believe or care

What's the privacy risk?
* centralized design would let your health care provider see everywhere you go
* peer to peer is hard to trust-model
* self-sovereign identity is like p2p but with more privacy risks (because blockchain)

Some places are using centralized -- is it worth it here?
* we're actively struggling against discrimination
* lack of trust

Decentralized design

Hybrid approach
* decentralize sensitive info

Who would this serve?
* "opening up" is for the economy, but the economy is made of people
* we should support people in their efforts to protect their communities
* support people so they can stay home

Actors in this system
* ephemeral pass authority
* identity verifiers
* health workers
* policy admins (enforcing entrance policies)
* individuals (who want to enter a place)

What do policies look like?
* must be public so people can check before they go
* there can be non-enforceable policies as well (e.g. 10' social distancing)

Core protocol

Core protocol (from the prover's perspective)

What you give and get back (graphically)

Identity verification (credential creation should be expensive to make a bunch of identities you can use to spoof)

Note that you can't put PII in the output of the proof due to privacy requirements

Health verification: show nothing, get a Magic Code

Now you have proof... but you can't use it directly because it could be used to track you. So you send it to a central authority and get back Ephemeral Pass (cryptographic proof which doesn't expose your info)

Hard to collude to track you.. but the central authority needs to be transparent because that's where the risk lies

Now you can enter without sharing sensitive information

Your credentials are still revokable in case you're lying about your identity or malicious noncompliance with rules like masking or distancing.

Enforcing isolation -- can do some revokation of proof in case of e.g. positive diagnosis

Sample timeline

* disinformation is running rampant and anti-vaxxers and anti-maskers are putting everyone at risk. we need protections
* digital contact tracing works well if people isolate and get tested... which people aren't
* we are already using vaccination records to restrict movement

* should never have to put your health information on any kind of blockchain
* should be able to verify yourself offline without exposing your sensitive information
* need a paper fallback because not everyone has the same (or any!) tech

* need to be really careful to make sure to support everyone, especially people from marginalized communities

Hang in there and stay safe!

[end of talk. Apologies that I couldn't transcribe the diagrams at the speed of livetweet.]

• • •

Missing some Tweet in this thread? You can try to force a refresh