The power of CitizenKey - Covid-19 as the perfect Privacy by Design case
By Stephan Engberg on Mandag, Oktober 4 2021, 10:05 - Cases - Permalink
A rich test of any Identity framework is the ability to enable Trustworthy Anonymity in complex applications where accountability is not required or desired but integrity is vital. Healthcare Research is by far the most important field here. A reduced and particular complex subset is that of an infectious pandemic such as Covid-19 and the ability to respond to all distributed aspects of this from early detection and mitigation to enabling anonymous research across the infection chain to detect the social processes and spreading mechanisms.
CitizenKey is an always evolving framework that enabling Trustworthy Inclusive Interoperability based on Trustworthy Identities and Trustworthy Data Sharing.
The only common denominator is personal integrity, i.e. that citizens cannot lie while being empowered to share data trustworthy across all the very different transactions and relations a person are involved with during his or her lifetime.
As such CitizenKey will appear differently to different entities depending on context.
An root rich test is the ability to maintain trustworthy anonymity in all aspects of Covid-19 until actual hospitalization (where bodily safety becomes more important than security and you cannot assume citizens can maintain keys).
Here is a link to a webinar organized by the Dutch Privacy Engineering Group on this topic. Video: - Slides
Three aspects are important to notice
a) The Covid-19 case in principle can be addressed in many ways within the CitizenKey framework as semantics can be established and customized in the actual process. But when the Pandemic Alert is triggered and CitizenKey Id Cards starts broadcasting new anonymous connection keys, this needs to be standardized in the IOT radio spectrum as the effectiveness are closely linked to the share of population that issue and understand such anonymous connection structures for infection trace.
b) Other cases have very different requirements. E.g. payments in Distributed ledgers represent a particularly nasty combination of almost contradictory requirements across e.g. AML, Cybersecurity and GDPR. Legally anonymous payments are not an option restricted by e.g. eMoney regulation and you need to be able to prove provenance (legal origin) of money as well as dealing with the purpose of the payment (i.e. no funding e.g. terror or buying stolen goods).
c) CitizenKey is inclusive interoperable and designed for evolution As an example of this is that CitizenKey have since the webinar evolved with a trustworthy way to support DID/Verifiable Credentials as an integration mechanisms despite the obvious problems in these standards.