Analyst Chat

Analyst Chat #37: COVID Response and Decentralized Identity Solutions/Verifiable Credentials

Anne Bailey and Matthias Reinwarth discuss how decentralized identities and verifiable credentials help respond to the pandemic by powering contact tracing applications, immunity passports and other important use cases.

Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm an analyst and advisor at KuppingerCole analysts, and I'm joined today by my colleague, Annie Bailey. She is an analyst for emerging technologies at KuppingerCole analysts. And today we will talk about very current topic, but first of all, welcome Annie.
Hi, happy to be back.
Happy to have you again. And this time we have real current topic right now, and we will talk about the overlap between the COVID-19 response and the topic of decentralized IDs, verifiable credentials. So what is going on with this decentralized identity and the COVID response? Where, where are the connection points? Where does this fit together?
Yeah, so it's been really interesting. I'm sure many of you have heard of contact tracing apps. They're popping up all over the place as a way to limit the spread of COVID-19. Basically, if you are in proximity to somebody who has been tested positive or exposed, or if you yourself have testing positive or exposed, it's a way to let those people who were nearby you, but perhaps you don't know, provides a way to inform them that they may have been exposed. So there was a really interesting statement made by the European parliament. So they said in April that quoting the generated data are not to be stored in centralized databases, which are prone to potential risk of abuse and loss of trust. Ms. Demands that all storage of data must be decentralized. So this is a really interesting statement and a lot of blockchain developers jumped on it as their opportunity to provide the most privacy responsible contact tracing app. The statement by the European parliament doesn't necessarily mean blockchain or these other decentralized architectures that have been so popular, but it's definitely the way, and it's the connection point for decentralized identity and the COVID response.
So, but the, the solutions that we are seeing now coming into into existence, or the one that is already in existence, for example, for, for Germany, that is really fully decentralized. So where does the actual storage take place and how is communication made for such a, such an application? What are the use cases that we currently support?
Yeah, so the, the contact tracing app is one of many use cases. And you mentioned another, the need for secure communications. So really the ability to securely communicate between a patient and a testing facility to communicate test results in a way that that patient could read, but also that patient could show to others to confirm that they are not positive for COVID-19. There's also another interesting use case of potentially door to door testing. If a health professional were to go from house to house and offer testing to citizens, there would be a need to verify that testing kit, that individual who is providing the tests, things like that. Yeah. And then a nother use case would be for immunity passport. So this is yet another iteration of secure communications of packaging. The, the information of a test result into the form that could be shown to a store to allow you to go in, be able to show it to an airline, to be able to purchase a flight tickets, all instances where it would be really advantageous to show that you are not, you don't currently have COVID-19 or perhaps even that you're immune, that you've passed an antibody test.
So these immunity passports are surely something that we should talk about a bit more also, because that, that is really also, there are some critical aspects around that as well, but are there other use cases that the public has not necessarily heard of?
Yeah. So one of the major use cases for blockchain in general is to facilitate more transparent supply chain communication. And that's actually even more critical now, as transportation is disrupted, as businesses have to slow down or even close given the health crisis. So it's become really critical to be made aware of different suppliers of their capacity of their ability to get from point a to B. And so there are some solutions that are being worked on specifically for the COVID-19 crisis to accelerate the searching process that a company would need to go through to find a new supplier.
Right. But, but to have that at scale, for example, supply chain communication that requires interoperability other standards around that we can already use so that we can get to this level of interoperability.
Yes, actually this is a really critical time because this is the first time that there are standards that are being widely adopted by different blockchain or decentralized developers. So there's some standards coming out of the W3C and they're called verifiable credentials. And so even though the situation, this crisis is setting the stage for more decentralized apps and, and use cases that technology and the ongoing global discussion about how best to do this is also maturing to a place where those could happen and actually work together with each other.
What means verification in that area? So how can we really know that our credential is trustworthy, that it's really coming from the right issuer and represents the right.
So this is long been an issue with taking a physical ID or a credential, something which is indicating a critical piece of information about individual. This jump between physical to digital, with IDs hasn't been done very well. So in the worst case, you can imagine scanning passport and emailing it. You know, this has so many privacy issues. Yeah, this is terrible. But for many, in many parts of the world, this is the best option to digitize ID. And so a, a verifiable credential, something which could be trusted by many different parties as an entirely digital ID is really, really important. And this upcoming standard, or, or rather more widely adopted standard now verified credentials is able to provide this dependability. Yeah. In order to make a better digital option, these verified credentials have to exist in a way that's cryptographically secure it's machine verifiable and is still able to respect the owner's privacy.
Right. I'm talking about privacy. Let's get back to the, to these immunity passports that you've mentioned on the one hand, I fully get the point that it's good to prove to an ally in that I'm not infected right now that I'm maybe even immune, if this will be the case, which we don't know by now, but on the other hand, this is really something that frightens me a bit having to present that proof, which in itself is some kind of laying open my, my, my most private information, which is health information. And if I don't do it, discriminating me not letting me into that plane. So there are a lot of drawbacks here right now. Am I right?
Yeah, absolutely. I'm thinking of immunity passport in particular is really, really problematic because although there, there are arguably ways that you could share your personal health information without oversharing or without completely giving it up. There are some solutions in the health hopper and identity space and the other in decentralized identity that could make that happen. The, the use case is really crossing some lines in terms of protecting fundamental human rights. And so if we let our imagination, not exactly run wild, but you know, walk a few months or years into the future of having such an immunity passport that would really create a new class of citizen. You know, someone who is able to travel freely, who's able to work freely and that gives them more privilege. They are more employable. They would be able to negotiate higher salaries and they would really be the sort of person which is in demand. So on the flip side, all of those people who are not able to prove their immunity and become these less privileged citizens. So it's, you can imagine that person Dean denied the right to be in a public space or having access to services, public transportation. And this would all be under the guide to protecting themselves and others, but that is an infringement on their rights.
Yeah, that was what I mean, when you have this new hire class of citizens, as you described it, then of course, then you also create a class which contains all of these people that cannot, or don't want to present this information and data and would of course be in a situation where they could not participate. But on the other hand is how trustworthy would that information then be, who would issue such an immunity passport and how trustworthy would they be? Could they be inaccurate? Could this be something that we also might want to consider that this information is not trustworthy?
Yeah. So at the moment we're using antibody tests to give an indication of immunity, and there are a few issues with this. So I, of course I'm not a health expert, but as far as I'm aware, there are still many, many things that their ologists and experts don't know about. COVID-19. And so that also plays into the dependability of these antibody tests. It may not be the case that if somebody has developed antibodies after having had COVID-19, that may not really indicate immunity, or maybe only for a short period of time. So the input data to such an immunity passport really has to be questioned. It may not be dependable, even if the decentralized solution is able to facilitate it. Another issue is that there aren't a lot of different types of antibody tests and they all have varying degrees of reliability. So again, this is questioning the data that you would be communicating. There's a really high risk with some of these tests for a false positive. That really can't be depended. And as long as that's in question, then the solution will work,
Right? So we tech people, we tend to try to solve problems just from a technological point of view. I think that is a great example, again, that just by having a reliable, verifiable credential in place that does not mean that we can solve every issue with that solution without creating new problems on a, on a very different level when it comes to privacy, when it comes to discrimination to inclusion, to bias, I think that is really a great example then that we should watch that space and to really be careful what to do, what to use and what better to not do what you agree.
Yeah, absolutely. And even though there may be some really compelling use cases for decentralized identity, just because I'm handling this crisis, that seems like a great opportunity to further those goals and those use cases. There are some in compatibility here. So just because we could use the framework for a decentralized wallet to hold your identity credentials, what if those credentials are not dependable? So the input data from these antibody tests that cannot be trusted. So even though you may have the wallet and the ability to securely share that info, it's not going to work. If the input situation is not dependable.
So create that. It's also a really good summary for today's discussion. I assume that you will continue to watch these developments on the one hand from the technological point of view and on the other hand from, yeah. That the social, the impact point of view. So it, it makes perfect sense for our audience that, that they every now and then have a look at KuppingerCole dot com and look at whether new developments have been happening and that will be then not covered by you there as well.
Yeah, absolutely. This is the topic of decentralized really falls on the intersection of technology and social. So there's always something new.
So then I would really recommend that we, we cover that topic in a later episode again, when we know more when maybe technologies and our knowledge has improved. And when there is yeah. More to talk about here and for the time being, thank you very much, any for joining me today, and I'm looking forward to having you in an upcoming episode again.
Yeah. Thanks BTS. It's always a pleasure to be here. .

Video Links

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #116: Putting GAIN to the Test

GAIN (the Global Assured Identities Network) is entering a new phase. On March 2, the technical proof-of-concept group was launched to actually test the concepts. Annie Bailey and Matthias have a look at the list of participants, the agenda, and the potential outcomes of this PoC. And…

Analyst Chat

Analyst Chat #106: 2021 - A Retrospective

Paul Fisher and Matthias present their very subjective summary of a really special and, in particular, especially challenging past year, 2021. They cannot do without the word 'pandemic' after all, but they also try to reach a first perspective on the year 2022 from the past 12 months.

Webinar Recording

Verifiable Credentials: A Fresh Approach to Identity in the Digital Era

Establishing a verified digital identity is crucial to successful business collaboration and customer engagement in the digital economy. Verifiable Credentials provide a highly secure way of establishing digital identity. However, knowing exactly how to begin using this approach can be…

Frontier Talk

Frontier Talk #7 | The Decentralized E-Commerce Story - Dr. Michele Nati

In this episode, Raj Hegde sits with Dr. Michele Nati - Head of Telco and Infrastructure Development at #IOTA Foundation to understand how decentralization offers a fresh perspective towards marketplace transactions. Tune in to this episode to explore how an international initiative…

Frontier Talk

Frontier Talk #6 | Bringing User-Centricity to Decentralized Identity - Nat Sakimura

Raj Hegde sits with identity veteran, Nat Sakimura - Chairman of OpenID Foundation to understand how user-centric learnings from existing authentication protocols can be applied to future identity initiatives. Tune in to this episode to explore ways to navigate tradeoffs between privacy…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00