In the fight against the Covid-19 pandemic, contact tracing remains an effective weapon. Its use, however, has generated a lot of suspicions related to security and privacy. DLT technology can help dispel these doubts. The COVID-19 pandemic continues to pose a severe threat to our social life and the economy. Although the vaccinations of the population have begun, social distancing and tracing of contacts remain the most valuable and practical approaches for the containment of the virus.
In particular, contact tracing seems to be, at the moment, the best control tool to allow the return to workplaces and the reopening of borders. The success of tracking systems depends on the percentage of the population that adheres to them. The more people use the contact tracing system, the more likely it will perform its preventive function. However, resistances related to security and privacy persist.
Contact Tracking App, Blockchain A Privacy Solution
However, the solutions proposed so far for large-scale tracking have met with resistance from a large part of the population, worried that the acquisition, storage, and monitoring of information relating to their health could lead to excessive government surveillance. With a consequent interference of the state in the private lives of citizens. Indeed, the failure of the contact tracing systems existing today derives essentially from the public’s distrust of the guarantee of protection of their data and the fear that, in the future, such data may be used for different and undeclared purposes.
In this regard, Apple Inc. and Google Inc. are collaborating on developing a contact tracing technology that allows health authorities to monitor citizens through a proximity detection system via smartphone. Of course, such a solution brings with it several apparent privacy and data security concerns. The potential access by these Big Players to health information constitutes a further reason for resistance for citizens.
It is, therefore, evident that to ensure the successful implementation of these tools. It is essential to address and resolve citizens’ concerns through the adoption of tools that guarantee the confidentiality, integrity, and availability of the personal data collected to rebuild a climate of trust that allows the majority of the population to join. At this juncture, blockchain technology comes into play, which could provide a practical and widespread approach to the implementation of contact tracing while also guaranteeing personal data security, privacy, and interoperability.
Blockchain Technology Is Applied To Contact Tracking
The decentralization that characterizes blockchain-based systems would allow overcoming the discomfort and fears of public opinion about a possible control by the Government of the private lives of citizens, helping to create a climate of trust and serenity essential for the success of the systems of contact tracking. A contact tracking system based on blockchain technology can provide a viable solution, taking advantage of the main features of the blockchain, namely decentralization, confidentiality, and immutability.
A contact tracking platform based on blockchain technology would have a decentralized structure. Organizations, public and private, and citizens could share and verify the information present without revealing their identity. Let’s imagine a blockchain-based public register to which all the health facilities in the area, both public and private, adhere. With the patient’s consent, all new cases of positivity to the virus are recorded daily through the aforementioned distributed validation system.
The test result will be associated with the cryptographic identity of the patient, protected by a private key, and registered with the public key. Let’s imagine then that all citizens adhering to the tracking system download an application on their smartphone, able to exchange information, through hash prints, with the register, including the position of the users and the possible proximity of these to subjects whose public key is associated with a positive test. Upon this condition, the system would send an automatic notification of risky contact (possible thanks to implementing a smart contract).
Such a system, based on blockchain technology, would allow, on the one hand, citizens to become aware of any contact with positive subjects, without it being possible, neither for them, nor for other users, nor health facilities. Members of any other party know the identity of the natural persons involved; on the other hand, it would allow local health units and local authorities to effectively monitor the spread of infections without running the risk of duplication or inaccuracy of the recorded data.
Summary Of The Characteristics Of Blockchain Technology
When we talk about blockchain technology, we refer to one of the applications of DLT (Distributed Ledger Technology). DLT technologies are systems based on a distributed ledger, which can be read and modified by all network participants, the so-called “nodes.” In particular, each computer participating in the network that manages a copy of the distributed ledger is defined as a “node.” In the context of such a system, any operation that involves a change to the register, to be registered, must be approved and validated by the nodes after reaching consensus.
The methods of getting consent and the record structure are the distinctive features that characterize the various applications of DLT technologies. The blockchain, therefore, is a system based on a distributed ledger (public or private) with a “blockchain” structure (hence the term “block” and “chain”), containing operations validated through a peer system. To-peer, without the need for a supervisory authority. Once validated through the consent of the nodes, all processes become unmodifiable and are packaged in their block, which is connected through a hash to the previous and next block.
This technique makes it possible to guarantee a high degree of integrity of the data contained in the operations, since if a modification were to be made, on the one hand, this modification would have to be validated with the consent of the whole network, on the other hand, it would be necessary to modify all the blocks subsequent.
For this reason, the information collected on the blockchain tends to be considered immutable. Any modification can therefore only take place through the approval by the network of a new block that acts as an “errata corrige” of inaccurate information contained in a previous block which, in any case, cannot be deleted but only rectified.
Another fundamental feature of blockchain technologies is the adoption of sophisticated encryption protocols, which guarantee the anonymity of the subjects involved. Adopting these protocols allows the achievement of a high degree of data confidentiality. It minimizes the risk of identifiability of the data subjects through zero-knowledge test systems. This cryptographic methodology enables the user to demonstrate that certain information is known without disclosing the information.
This allows the verifiability of communication between the parties carrying out the transactions, keeping them private. In systems based on blockchain technology, the data exchanged between the parties involved are essentially two: the public key and the hash fingerprint.
The public key, which always corresponds to a private key known only by its user, is used in the blockchain without openly declaring who the user is. Therefore, a public key could be associated not only with a natural person but also with an entity or even with an object (for example, the kit of a molecular swab) to trace the production chain.
In the context of the use of the RSA algorithm (cryptographic system based on the public key-private key), although it is possible in certain circumstances to trace the identity of the user of the private key, these are extraordinary circumstances that require the use of uncommon means and resources (such as powerful means of digital forensics and extensive data analysis). Therefore, the public key is only a fragment of information that indicates a particular condition of its user (for example, positivity to Covid19), on a specific date, without revealing the identity of that user.
The hash function is a mathematical algorithm that allows you to transform a text of arbitrary length into a sequence of numbers and letters with a defined size that is always the same. This feature allows you to create a text imprint, called a “hash imprint” or “digest,” which does not contain sufficient information to be reconverted into the original text as the output has a predefined length and therefore corresponds to a number finite number of permutations against an infinite number of possible inputs. According to what was stated by the Working Party 136, precisely under this unidirectionality, namely, the fact that there is no way to obtain the original data knowing only the hash imprint, such information cannot be considered personal data, but generally anonymous data.
Therefore, even if it cannot be affirmed with certainty that the data processed on blockchain technology are technically anonymous, it can still be assumed that the use of such systems would allow reaching a degree of de-identification of the interested parties sufficient to guarantee their confidentiality, both towards other parties operating on the blockchain, and towards third parties.