Blockchain and the COVID-19 app (spoiler: the Dutch CoronaCheck app is worthless)

Gepubliceerd op 3 augustus 2021 om 17:50

Over the past year, the world has been plagued by COVID-19. Governments are in the process of launching (or have already launched) a corona app in which a certain QR code can be generated (CoronaCheck app in the Netherlands). Through this QR code, a person can prove that he or she has been vaccinated. This is important for travelers and events where 1.5 meters cannot be maintained.

In addition, in the Netherlands, it was found that by using the CoronaCheck app, false travel and entry tickets could be easily obtained through a leak. These false travel and entry tickets gave acces to a legit QR code via the CoronaCheck app. The personal data of tens of thousands of people who took a test at the company (the company that performs corona tests) was also leaked. The Dutch privacy watchdog speaks of a "very serious" data leak.

Is the blockchain a better alternative for this CoronaCheck app? In this blog, I will analyze whether blockchain is a safer and more transparent alternative to the currently used CoronaCheck app. Enjoy the read!


Many information experts are concerned about the safety of such an app (and rightly so).

 

According to experts in information technology, computer security and privacy, the corona app must meet a number of requirements: safe, temporary, transparent, completely anonymous, voluntary and user-friendly, with no commercial ulterior motives and under the direction of independent experts.

 

Can the blockchain technology meet these requirements?

I will assess these eight requirements against the characteristics of blockchain technology.

 

  • Is it safe? The blockchain is not only encrypted via an (asymmetric) encryption (public and private key), but also via hashing. This provides an extra layer of security. This is also called the 'digital signature'. See the image below for the functioning of the digital signature (shown in simplified form). In addition, no central databases are used. Blockchain works in a decentralised way (via nodes). Abuse is practically impossible.

 

Figure 1

  • Transparent? All participants can see in full what kind of data ends up on the blockchain (public and traceable). Every participant knows exactly what happens on the blockchain (the example of a general ledger).
  • The blockchain is not completely anonymous because a pseudonym is used. With a lot of effort, the person behind it can be traced (but often a pseudonym is sufficient). With additional measures such as a VPN or changing an address after every transaction/check, the blockchain becomes more anonymous.
  • Voluntarily? This must be decided at political level. The blockchain does not regulate this.
  • Easy to use? A wallet could be a solution, as it already exists and the public already have practical experience with it.

  • Temporarily? Data verified in the blockchain is forever in the blockchain. This data can no longer be changed. However, if a permissioned private blockchain is chosen, the participants can agree not to use the blockchain after a certain period of time. Because there is a 50%+1 majority.

  • Without commercial ulterior motives? In the permissioned private blockchain, it can be agreed between participants that data stored in the blockchain cannot be removed from the blockchain. Participants can monitor each other if this happens unlawfully (because everyone has the same 'ledger' with the same data).

  • Under the direction of independent experts? In addition, all kinds of parties can participate in this permissioned private blockchain, e.g. interest groups (general practitioners, Bits for Freedom, scientists). This provides extra transparency and a 'check' on the government (and/or commercial parties taking part).

 

To reduce costs, the proof of stake consensus can be chosen instead of the proof of work consensus to verify the data on the blockchain. Participants are not bound by the proof of work or proof of stake consensus. There are numerous consensus protocols to choose from.

 

Figure 2

I believe that the blockchain can make a positive contribution to the debate on a corona app. I am therefore pleased that the ‘Unlock app’ of the Dutch Blockchain Coalition (and consorts) is a serious candidate to become the app in which the Netherlands has to 'open up' again. I am therefore curious to know whether the government will ultimately choose to adopt the Unlock app widely.

 

It has become clear that the CoronaCheck app is not based on blockchain. If the government had chosen to do so, these data leaks would not have had to occur on this scale.

I published this article previously on my LinkedIn page. This article was written on April 19 2020 and slightly modified on August 3, 2021.

BTC address: bc1q3nnm8m2vrsv8med8a38dl37g8l3mm4wa7ph7wj 

ETH address: 0x38b84E2D3B50F83A067A7488C1733180651f418A

Reactie plaatsen

Reacties

Er zijn geen reacties geplaatst.