Debate Over Digital Privacy Amid Pandemic Remains ‘Archaic,’ Says Algorand Founder
With some countries beginning to lift lockdown restrictions amid the coronavirus pandemic, many are focusing attention on the technological tools that can help public authorities to comply with the World Health Organization’s guidance for COVID-19 suppression —- “test, trace, isolate.”
This mantra has become all the more resonant in light of the apparent failure of multiple states to implement contact-tracing measures successfully early on in the crisis.
Amid the belated scramble to develop solutions that can safely enable the resumption of some aspects of social and economic life, the debate over tech-enabled contact tracing and movement-tracking has largely been framed as a trade-off between public health and privacy.
Many have argued against the perceived deterioration of legal privacy rights and the intrusion of biosurveillance, in what is presented as a zero-sum game between medical advice and existing cultural norms.
Yet there are others, including those in the blockchain community, who dispute the very framing of the debate itself.
To unpack some of these issues, Cointelegraph interviewed MIT professor and cryptographer Silvio Micali, a recipient of the Turing Award in computer science and Gödel Prize in theoretical computer science.
Professor Micali’s research interests in cryptography include zero knowledge proofs, pseudorandom generation, secure protocols, and blockchain technology. In 2017 he founded the open source, Proof-of-Stake-based public blockchain platform Algorand, where he continues to oversee research into security, theory and crypto finance.
In a recent article, Professor Micali stated that there are broadly two models that have been proposed for developing apps that could help the international community to trace contacts between symptomatic/diagnosed COVID-19 sufferers and healthy individuals — and thus to fall closer into line with the WHO’s guidance.
One type of app would follow a model whereby a government or public health agency would store data in some form of centralized database. The other — as proposed by the likes of Apple and Google — follows a decentralized model, where all the relevant contact information would be stored only on users’ phones.
Micali's proposal, based on blockchain technology, follows a third way — one that recognizes the need for a consolidated overview of all contact tracing data, but provides adequate privacy and data protection for individuals.
Cointelegraph: Can you outline the basic principles that underpin your approach? Why do you uphold that an overall view, which consolidates contact tracing data remains indispensable for policy development and public health measures? In what way would the purely individual-centric model proposed by Apple and Google be limiting?
Silvio Micali: It should be emphasized that the consolidated data we are speaking of is totally anonymized. It is a database of how many qualified contacts are happening every day, nothing more.
A qualified contact is defined as a physically close encounter (e.g., less than one yard) for a sufficiently long time (e.g., at least 10 minutes). Each report is provided by the phone of an individual who has voluntarily opted into the system.
Reports do not disclose the identities of the people, nor those of the phones involved in any qualified encounters. They only report the number of qualified encounters. For instance, the anonymized database consists of the following list of reports, each made by a different phone at the end of the day:
I (whoever I may be) had three qualified encounters today I (whoever I may be) had five qualified encounters today And so on…Even though the information collected is quite minimal, it is very useful for the government to have this information. For instance, when opening or closing the beaches in a given state, the local authority can very easily see how much doing this has increased or decreased the number of qualified encounters.
As a further example, with this consolidated and anonymized data, the government may have a better sense of when to transition from one phase to the next in opening up the economy.
Our view is that when individuals voluntarily help to create such an anonymized database, it is only fair that they can see it too. The goal is to help reduce information asymmetries while protecting the privacy of individuals.
CT: Could you explain the concept of a “shared truth” in a blockchain ledger and how it can help to support COVID-19 contact tracing?
SM: A blockchain ledger is a “shared truth” in the sense that everyone sees the same information. The information to be posted on the blockchain cannot be censored and, once posted, cannot be altered. In our case, the shared truth is a list of anonymized reports of qualified encounters.
In situations such as the public health emergency we are currently facing, having public access to accurate data is critical. Truly decentralized blockchains can be of enormous value in this. Since they require no gatekeepers, everyone, the government and citizens alike, can be assured that the data they are seeing is the same data that everyone else is seeing.
This use of the blockchain builds trust. No one can be accused of fabricating data, because anyone could match the reports in the governmental database with those posted by citizens directly on the blockchain.
Note that even an honest government has an interest in guaranteeing to its citizens that no one can manipulate the reported data. In this case, more citizens are likely to volunteer their anonymized data. And the wider the adoption of the system, the more successful it will be.
CT: How far do you think that the provisions of a technology such as blockchain can help with the breakdown in public trust we’ve witnessed — during the pandemic, but also preceding this crisis?
SM: Trust between citizens and their governments is key for functioning societies. Allowing citizens access to anonymized datasets that they themselves help build is a crucial way of building such trust.
It shows that there are no gatekeepers — the nature of truly decentralized blockchains is such that no gatekeepers are required — and that the government is confident that anyone checking the data will come up with the same numbers as the official ones.
CT: How do you view the limits and possibilities of technological solutions in this context? Some might argue that tech alone is not sufficient in the absence of an adequate debate about the limits of state authority, forms of individual and collective responsibility, and civil liberties.
SM: I am a technologist. I believe in technology. But I also believe that technology is only part of the solution. This said, why not take advantage of the best technology we have available?
CT: Can you give us some more insights into the technological design of your proposal? In layman's terms, can you explain the cryptography involved, different possible variations, and any potential challenges down the line, e.g. scalability?
SM: The Algorand proposal is very simple: use the blockchain to guarantee that (1) the anonymized data reported on governmental websites is indeed genuine and (2) the citizens are given access to the very anonymized data they helped the government to collect.
Algorand uses state-of-the-art cryptography (in particular, verifiable random functions) in order to guarantee that our blockchain is truly decentralized, scalable and secure.
Prior to the advent of Algorand, it was a widespread belief that any blockchain could satisfy at most two of the three mentioned properties: decentralization, scalability and security. It was hard to choose which of the three one should sacrifice: the so called blockchain trilemma!
Solving the trilemma has been a major contribution of Algorand. Now that we can enjoy all these three properties, the blockchain has a much greater potential to help us solve societal problems such as the ones we are currently dealing with.
CT: I'd be interested to hear your observations about the wider media's coverage so far of contact tracing, privacy and technology, as well as any comments on approaches that have been proposed within the blockchain development community.
Contact-tracing is crucial. But so is privacy. More generally, both correctness and privacy are crucial. Naively, one may think that they are necessarily at odds with each other and that one can at most hope to find some reasonable compromise. Yet one of the technological triumphs of modern cryptography is enabling the co-existence of perfect privacy and perfect correctness. But we technologists have not succeeded in explaining this to the public, and every time the debate starts from very archaic positions.
I believe and hope that the media will be more successful in this educational mission than we technologists have been. To each her own trade!