Discover more from Phil Windley's Technometria
Credentials and Covid-19 Recovery
Summary: Sovrin credentials can give assurances of safety during the present Covid-19 crisis and help jump start economies when it's over.
In a recent Gates Foundation AMA on Reddit, Bill Gates said the following in response to a questions about the impact of Covid-19 on businesses:
Eventually we will have some digital certificates to show who has recovered or been tested recently or when we have a vaccine who has received it.
The responses from the Reddit community were predictable, with people wondering how such a document could be used against them.
Similarly, in a Wired Magazine interview with epidemiologist Larry Brilliant, he postulated a similar, albeit less high-tech, solution to the problem of knowing who's safe:
[We will] begin to see large numbers of people—in particular nurses, home health care providers, doctors, policemen, firemen, and teachers who have had the disease—are immune, and we have tested them to know that they are not infectious any longer. And we have a system that identifies them, either a concert wristband or a card with their photograph and some kind of a stamp on it. Then we can be comfortable sending our children back to school, because we know the teacher is not infectious.
Both of these are discussing credentials that can be used to know who is safe to have working. Imagine, for example, that you run a restaurant, live-in care facility, or other place where food is prepared and want to know that the people in the kitchen are safe.
Bill's solution would rely on the public key infrastructure and it presents privacy concerns from correlation to other information about the individual. Larry's solution is familiar, but hard to scale in a way that's trustworthy.
Verifiable credentials present an alternative that meets the needs of the use cases Bill and Larry foresee without the attendant privacy and scaling problems. Credentials based on Sovrin would protect individual privacy and autonomy while also ensuring credential fidelity. Specifically, anyone accepting a credential proof would know with certainty (1) who issued the credential, (2) that the credential is being presented by the person who it was issued to, (3) that the credential hasn't been tampered with, and (4) that it hasn't been revoked.
A testing organization issues a credential to the patient who can use it to prove to anyone they want that they've been tested for COVID-19 and found disease-free.
Further, an authoritative institution like the NIH could set up a governance framework that says who can authoritatively issue credentials for people who are immune, have been tested, or have been vaccinated. They would make this public in a credential issuer registry like OrgBook that the Government of British Columbia developed. Such a registry would be used to ensure credential provenance.
With this system in place, people don't have to be in a public registry and relying parties who verify the credential can trust that the attestation from the certifying organization about the person presenting the credential is true. People carry their own credentials and present them on request, protecting privacy. And the decentralized nature of the Sovrin Network ensures that it can scale to any degree required.
And the best news is that it can be built on Sovrin, right now. With multiple commercial software vendors offering products for credential issuers, credential holders, and credential verifiers and widespread support by a diverse community. A group of volunteers has formed to develop a pilot and support broad, scalable deployment of credentials that aid in preventing the spread of the disease and the economic recovery that needs to follow.
For more information, you can visit this Google Doc and find out how you can get involved.