It is not a joke!

  • Antitrust Policy and introductions -  VB duration-depends on participation
  • Main event: Digital ID and fast contact tracing, anonymization - implications- how can Blockchain help
  • Future talks (we are working with some of these folks on nailing down dates)
  • Ongoing:
    • How can we follow up on past presentations? Kim Cameron certainly wishes input on his presentation and debates on items raised by him.
    • IEEE:P2733 for Clinical IoT Data and Device  Trust, Identity, Privacy, Protection, Safety and Security (TIPPSS) - report on call, for those who have registered.
    • Identity WG Implementer call - report - 
      • Meeting Notes TBD
    • A GitHub repo was created under Hyperledger for IDWG. A note will be prepared about governance and contribution.
    • Discuss  IDWG paper
    • DCIWG Survey currently on line
    • Implementing metrics from Chaoss... DCIWG- let us reopen.


Vipin Bharathan

Kelly Cooper

Alfonso Govela

D Faulken

James Loperfido

Jim Mason

Luca Boldrin - infocert

Neil Luo


Sergio Mello


Taylor Kendal

Todd Gehrke


Brian Behlendorf

Neil Luo

Todd Gehrke

Kumaravel N

Mic Bowman

Miguel Jimenez

Philippe Page

Ravi Agrawal

Venu Reddy

Andres "Dre" Bonifacio

Ron Kreutzer

Salman Baset

Axel - Red Hat

Drummond Reed



Brian shared COVID19 Hyperledger Healthcare SIG

Main points in talk:

  1. Cell phone data by itself cannot help in contact tracing and isolation, added facial recognition from surveillance cameras and credit card data among others
  2. A good public health system also needed with physical tracers
  3. TraceTogether uses Bluetooth for proximity testing- first attempt has built in privacy
  4. Added privacy with German app, with neutral central server
  5. Blockchain as a decentralized layer neutral central server.


Conversation about blockchain

R0 - seems to be about 1.0-1.39

Goal, drive to < 1.0

Use time wisely

If not, economic ruin

Susceptible applies no vaccination in next weeks/months

Cellphone records are not granular enough. 

Try to correlate with cameras, credit card use, other private data. 

Make data sort of public, track rule-breakers. Force rule breakers to isolate. 

If found infected, repeat the process. 

Worked pretty well, causes problems, sustained over time = privacy breach

Success; however, new app due to pushback, draconian tracing is not good. They realize limiting spread to Singapore is not enough. Dependent on outside contacts - trading nation. Can't afford to close borders. 

Uses Bluetooth, more accurate. Limitation = more than a few think. However, limitation = strength. Limited distance, along with 'x' metrics for 'x' period of time, logs the others' ID (temporary ID). Initial lockdown of app, link phone number, and randomized ID, app or govt server creates a temporary ID (similar to a peer DID). Proximate users download from the edge, decrypted, and contracted by tracers for quarantine and test.

A combination of a decentralized model (download app, turn on Bluetooth, voluntary participation) Also needs a % of the population to participate, in order for it to be effective. Three conditions above are needed.

Three months ago, perhaps a few downloads. In Bluetrace protocol, being open-source, 620k downloaded so far. Privacy by design, to an extent. Link to the form with the randomized ID stored on a govt server. The app, even though it reduces correlation, still centralized management by a sovereign nation.

Jim: privacy issues, degrees of success (appears at this point)

Singapore homogeneous, small, can be controlled. Will it work everywhere? 

Will any approach be statistically significant.

Based on the Singapore proposal. App downloaded by choice.

Temporary ID 17, Bob is ID 9

Initial ID generated by the app. The only thing stored is a push token. Temporary ID uploaded periodically to a central neutral server. 

No phone number stored in a central location. Temporary ID uploaded periodically. Local data encrypted. Presumably, data protection is there. Link in the German article can be translated in Google.

What happens if one of those people tests positive?

If Alice is positive. She chooses to upload to the server.

Bob is notified, he has the option to get a test at a public health center. 

If Bob is found to be positive, the process starts again.

The app only contacts people who are in danger of infection - not a blanket order for everyone to stay home. For people who are detected to be in close proximity and in danger of infection.

German proposal = GDPR = choice. Alice can choose, or not. Bob can choose, or not.

Choice is paramount.

People are softened up enough, a statistically significant portion of the susceptible population will probably install this app.

Why should we make this app the way it is and why should we publicize?


Various reasons in discussion to not install. More surveillance after the crisis and can be easily hacked. Data between 3/25-27 gathered together and represents the German population. 

Need to overcome objections - the app won't pose as much threat as people think. 

Blockchain can function as the central server because you can also converge data from other services and bust the boundaries of a state. 

No link to actual people.

No central authority.

Concerns, surveillance

Important to communicate how app protects and persuade more people to download the app. In a free society, needs to happen.

MiPasa references a downloadable app, data from multiple sources. 

Participant additional resources added to Chat. 

good article on background for R model etc ---

The Science article may be of interest in that it calls for an app-based intervention.!/

GPS is not enough. Fine to see if someone has left the house, based on orders of quarantine. 

GPS doesn't have contact tracing abilities of Bluetooth. 

GPS granularity is low, episodic, 15-minute window.

Drummond: One other slightly different approach using blockchain. SSI generally community sovereign DIV trying to get together to define a family of Covid credentials. First call is tomorrow, anyone who wants to join the call, ping here for an invite: SSI and Sovrin community effort to define COVID-19 credentials:

For example, credentials about vaccines, when available and other methods broadly interoperable. 

Vipin: Rapid turnaround of a lightweight app without a huge amount of time to scale. It doesn't mean stop any efforts, such as SSI, all steps in the right direction. Privacy-preserving efforts, decentralization of the server; efforts in the right direction. 

Brian suggested gather materials together, identity working group, key piece. Everything, in the end, based on some form of Identity and correlating to infectious status or to-be-quarantine status. Important part to play in this effort. 

How do we need to take this effort going forward. User stories. 

Philippe - Today we spoke about privacy related to proximity. In real life, many stakeholders, ER nurse, doctors. The ambulance driver needs something different from the physician. Privacy-preserving apps vs real solutions. Changing sensitive health data. This group, interoperability of these solutions and efforts taken across the world. DID plays a key role in designing an interoperable system.

Brian - Hyperledger serve as radar as to what's going on out there. Role to network, engage groups to interact. Funding sources for COVID challenges. Identity working group, continue to focus on ways of use cases, active projects, DLT technologies. Make sure technologies, when brought up, are accurately described. Serve as the best example to protect privacy, sovereignty. Crisis can't be used to set up systems that misuse after the crisis. Part of the path to emerge from homes will be able to demonstrate antibodies test, vaccines available, create pressure on digital identity. 

Vipin - tech effort in NYC. Highlight open-source efforts. A common approach to bridge across systems? Needs to make sense transnationally. Working to get tech in NYC to talk. 

Randy - China, give health certificate if recovered or test negative. Required to show the certificate on form to pass around. Even if we go with verifiable credential. Not like a diploma, a one time effort. If certificate is issues, how do you ensure that credential will be continually updated? 

  • No labels