Digital identity systems promise a way out of the coronavirus slump. But as they have major implications for money systems, politics and democracy, getting them wrong could have disastrous repercussions.
Around the world, governments have succeeded in slowing the spread of the coronavirus by introducing severe restrictions on human movement.
These measures have incurred huge economic costs, with output dropping by up to a third in some countries. And, according to one commentator, the psychological impact of the pandemic still lies ahead of us.
“Over the past month we have witnessed a type of honeymoon period, something that often happens in the wake of a disaster,” Diana Fox Carney, a development economist, wrote last week in the Exponential View newsletter.
“People feel a sense of cohesion, everyone comes together and there is a high sense of agency. The field of disaster sociology suggests that after this initial honeymoon period, we should expect a fairly long period of disillusionment,” said Fox Carney.
“People will begin to realise the limits of what can be achieved through self-organised action and will start to internalise the fact that not everything is going to return to how it was before. Multiple stressors—such as exhaustion, financial pressure and physical health issues—kick in, resulting in a pronounced downturn in morale.”
“We scared everyone shitless, but now we have to undo some of that”
Surveys of public opinion suggest that the slogans used to help slow the spread of the virus—such as the UK’s ‘Stay home, stay safe’—have worked only too well.
“Our comms [communications] have been the best in Europe. We scared everyone shitless, but now we have to undo some of that,” an unnamed Conservative member of parliament told the Financial Times last week, citing worries over the economic impact of the lockdown.
Technology to restore mobility
In the initial epicentre of the virus, technology has been used for months to help restore some freedom of movement.
In February, local authorities in China started to use a mobile phone-based traffic light system to measure people’s risk of distributing the infection.
China’s contact tracing system—which works as an add-on to the country’s popular messaging apps, WeChat and Alipay—calculates the likelihood of an individual having had past exposure to the virus.
The apps combine mobile phone users’ input, such as their identity and address details, with information supplied by the government, such as a person’s medical records, their travel history and if they have been in recent contact with someone diagnosed with the virus.
Depending on the apps’ output—a green, yellow or red signal—the individual concerned is then allowed either to travel relatively freely, to head into self-isolation or into immediate quarantine.
China’s traffic light health app
Very quickly, the app—which requires the user to have a Chinese government ID number—became a prerequisite to get around.
“The app has helped me to deal with the bigger danger of human bias”
“Recently, I tried to visit the foothills of the Fragrant Mountains—one of Beijing’s most popular spots,” Yuan Yang, a Financial Times journalist, wrote last month.
“At the roadblock on the way in, I had my temperature checked, and showed the guards the green traffic light icon issued to me on a coronavirus-tracking app. The icon is green because I have been in Beijing for the past 14 days, as tracked by my telecoms carrier’s location data.”
“The guards waved me through. But a group of foreign and Chinese friends, who had been in Beijing the same length of time as me but did not know about the app, were stopped at the same gate a day later and asked for their passports. They did not have these with them and they were turned away.”
According to Yang, her initial concerns about the health app were outweighed by what she saw as a bigger risk—irrational group behaviour prompted by fears of the virus.
“When coronavirus-tracking apps were rolled out by local authorities in Beijing a couple of months ago, I was cautious, wary of what an opaque algorithm might do with my data. Now I count myself lucky to use them; in a country where anti-foreigner sentiment is rising, the app has helped me to deal with the bigger danger of human bias,” she wrote.
Warnings from history
China’s new coronavirus app is the latest extension of a national digital identity infrastructure that allows the country’s government to keep close tabs on its citizens’ activities and movements.
In December, the country’s government required people applying for new mobile and data services to have their faces scanned by telecom providers, as well as banning people from passing their phone numbers to others.
China’s mobile phone-based ID system will also act as the backbone of its new digital currency, whose introduction is widely awaited.
The country’s attempts to build up a comprehensive digital profile of its citizens are mirrored in neighbouring Asian giant India, where the government introduced a country-wide national identity scheme, called ‘Aadhaar’ (Hindi for ‘foundation’), in 2016.
Aadhaar is a unique biometric ID given to each Indian individual. The country’s 1.3 billion citizens must have it to access social benefits, such as healthcare, and more than 90 percent of the adult population is now enrolled in the programme.
A well-intentioned national identity system can be abused if the political winds shift
The concept of introducing mandatory national digital ID schemes, whether in response to an economic crisis or a healthcare emergency, leaves some technologists deeply uneasy.
“These mega digital identity projects—China’s social credit system and India’s Aadhaar—violate the best practices of the last decade or two in identity work,” said Christopher Allen, the founder of Blockchain Commons, a non-profit corporation supporting security infrastructure, software development, and research.
“There are very few laws that are effective around profiling, discrimination and abuse by law enforcement,” he said.
Allen cites a past example of how a well-intentioned national identity system can be abused if the political winds shift.
In the Netherlands, the civil service introduced a new population register in 1932, helping ensure that local citizens had access to basic services during the Great Depression. The system’s efficiency was widely admired in other countries.
In 1936, the Dutch government decreed that every resident in the Netherlands must have a personal identity card in the civil archives, and that these cards must all be controlled from a single office in each region.
But things took a sinister turn when the Nazis took over the Dutch civil administration in 1940. The efficiency of the registry system proved lethal for the country’s Jewish residents, since it gave the new rulers an easy way to track them down.
As a result, 75 percent of the Netherlands’ pre-war Jewish population died, compared to 40 percent in Norway and Belgium, 25 percent in France and almost 0 percent in Denmark.
Stolpersteine (stumbling stones) in Amsterdam
“In the Netherlands, a well-intentioned set of practices from the Great Depression was then misused after a regime change,” Allen told New Money Review.
“Despite the trust in government today, we never know what may happen tomorrow. Centralised architectures and immutable proofs can be used for both good and evil,” he said in a presentation made in the Netherlands in March.
Centralised or decentralised?
Tracking technology—whether used to prevent the spread of a pandemic or to prove immunity from a virus—doesn’t have to rely on a centralised infrastructure.
A recent joint proposal by Apple and Google for a coronavirus contact-tracing app relies on a different, decentralised approach.
Using the Bluetooth radio signal that is built into modern mobile phones, Apple and Google plan to allow phones to emit an encrypted electronic ‘token’ that other phones will notice when they are in close proximity.
Then, if someone tests positive for the virus, this information can be relayed immediately, via their mobile phones, to others who may have been exposed. This approach puts users in control of their information, rather than relaying it to a central authority.
To help reassure phone users about the potential violation of their privacy, Apple and Google have also promised not to share the users’ GPS location data with third parties.
“It is vital that when we come out of the crisis we have not created a tool that enables data collection on the population, or on targeted sections of society, for surveillance”
However, some governments, such as that in the UK, want to introduce a centralised contact-tracing app, where the relevant information would be stored on a central government server.
The UK’s proposed Covid-19 app would also allow the country’s National Health Service to collect data on people’s behaviour and it would carry weaker in-built privacy protection than the joint Google/Apple approach.
The UK authorities argue that this will give them better information on how the disease is spreading, enabling them to allocate resources appropriately.
The debate between proponents of centralised and decentralised contact-tracing apps has split European governments down the middle, with France, Norway and the UK on one side and Germany, Italy, Austria and Switzerland on the other.
There are plenty of voices warning of the dangers of ‘mission creep’ if governments are allowed to proceed with centralised tracking technology.
Last week, 177 UK computer security and privacy experts signed an open letter in which they raised concerns about the future abuse of the system.
“It is vital that, when we come out of the current crisis, we have not created a tool that enables data collection on the population, or on targeted sections of society, for surveillance,” the academics wrote.
“The privacy-respecting approach taken by some European countries could get better results”
These arguments are still hypothetical, for now.
For either approach to contact-tracing to work—centralised or decentralised—there’s a harsh reality to deal with first: a frightened public needs to be brought on side. Scientists say at least 60 percent of the population needs to use a Covid-19 app for it to be effective.
But one advantage of the decentralised approach is its open standards, says Dave Hrycyszyn, chief technology officer at Nym, a project focused on developing privacy technology for internet users.
Hrycyszyn cites the dozens of recent attacks on mobile phone infrastructure in the UK, where some conspiracy theorists have linked 5G technology to the spread of coronavirus.
“The only way to defeat misinformation like the crazy theories about 5G is to say to people, ‘Here’s the system, audit it, here’s how it works’,” Hrycyszyn told New Money Review.
“The privacy-respecting approach being taken by some European countries could have more legitimacy in the public eye, and therefore more people would be likely to use it. I think they’ll get better results overall.”
Building from the ground up
The debate over national public health systems is only part of the digital identity story.
The coronavirus pandemic has also given a boost to initiatives for so-called ‘self-sovereign’ identity (SSID) infrastructures.
SSID schemes allow individuals to create their own decentralised identifiers on the internet and to issue credentials, based on those identifiers, that can be verified by third parties.
For example, a recently-launched Covid-19 Credentials initiative brings together more than 60 global organisations working in the area of SSID.
And a new European Self-Sovereign Identity Framework (ESSIF) aims to amalgamate more than 200 digital identity schemes from across the region.
“Our goal is simple: we want to enable society to return to ‘normal’ in a controlled, measurable, and privacy-preserving way,” Covid-19 Credentials says on its website.
According to Kaliya Young, a technologist specialising in digital identity, a peer-to-peer approach to proving you have particular attributes—such as immunity from coronavirus—is the only way forward in today’s hyperconnected world.
“You have infinitely scalable, low-cost federation”
“A centralised method, such as publishing a list of infected people in the town square, might have worked in a small community a hundred years ago. But pretty much the only way to do this now is to have some kind of credentials that you place into the hands of the individual,” Young told New Money Review.
According to Young, by linking together different systems, such as those used for mobile phones, blockchains or cloud computing, self-sovereign identity frameworks can grow organically.
“The cool thing about self-sovereign identity technology is that you have infinitely scalable, low-cost federation,” she said.
But she places an emphasis on compatibility between the different identity systems being introduced, however they are constructed.
“National systems are fine as long as they are interoperable,” she told New Money Review.
“Would it be a problem to link them? I don’t see why. We’ve figured out how to believe each others’ passports and vaccination certificates.”
But Young believes many governments around the world now favour open identity standards, rather than building expensive proprietary systems, as in the past.
“Some governments have been on a merry-go-round with vendors of identity tech before, getting locked in to particular products and being held hostage. Now they are saying, ‘we don’t want that this time, we want to use open standards from the World Wide Web Consortium’,” she said.
Shaking things up
According to Christopher Allen, the disruption caused by the coronavirus pandemic has created fertile ground for new approaches in identity, particularly given the current strains on global supply lines.
“Where this tech really thrives is at borders”
“Where this [identity] tech really thrives is at borders,” he told New Money Review.
“Say you’re a company trying to do business in China. You want to ship to Hong Kong, then Vancouver, then by train to New York City. There are so many rules, regimes and conflicts to deal with. But you have a supply chain you need to keep going.”
Allen’s remarks apply equally to the movement of people as of goods. In the last few weeks there’s been a dramatic shift away from freedom of movement in countries that have previously regarded the principle as non-negotiable.
In Europe, for example, national governments have imposed border controls and travel restrictions unilaterally in the wake of the Covid-19 crisis, without coordinating with one another and in contravention of existing law.
But against this grim picture there’s a bright spot, according to Allen. He says the designers of new digital identity frameworks have one big advantage—an open playing field.
“There is no system for immunity credentials or some of this more privacy-sensitive healthcare information,” he said.
“So we’re not disrupting legacy players, we can go with the best technology. There are some good opportunities.”
Keep up with New Money Review content: sign up here for our newsletter
Click here for a full list of episodes of the New Money Review podcast: the future of money in 30 minutes