Microsoft Releases Bitcoin-Based ID Tool as COVID-19 Tracing Draws Criticism
Microsoftâs Bitcoin-based decentralized identity tool, ION, went live with a beta version on mainnet Wednesday as one of many efforts by members of the Decentralized Identity Foundation (DIF) to fast-track tools anyone can use for COVID-19 crisis response programs.Â
Microsoft and ConsenSysâs uPort project are both leading DIF members. Separately, Microsoft is also collaborating with the bitcoin startup Casa to create a user-friendly interface for managing multiple digital identities.Â
âWeâre excited to help ION take full advantage of technology like Bitcoin to vastly improve authentication, security and privacy on the internet,â Casa CEO Nick Neuman said in a press release.
âWe are thrilled to have Casa collaborating on ION with us, which showcases the potential of building real-world applications that leverage the strong foundation Bitcoin provides,â Microsoft project lead Daniel Buchner said in a statement.
First announced last year, ION is meant to enable user-controlled logins that suit independent companies or services, rather than having system-providers (like Facebook) owning a userâs login credentials. ION can be used for many use cases that arenât strictly related to health certificates or contact tracing, though the continued spread of coronavirus has influenced its potential usage.Â
âAlmost every group in the blockchain industry is coming up with use cases,â said ConsenSys employee and DIF leader Rouven Heck, referring to potential partnerships with government agencies.Â
âThere are conversations happening at the moment but itâs not a formal agreement,â Heck said.Â
âEverybody wants to move fast and has a high interest in demonstrating this technology can be very powerful.â
The race is on for companies to work with governments on such high-tech emergency ID measures. There are generally two approaches, contact tracing and digitized medical records, while some Asian governments combine them. For example, dozens of blockchain startups joined forces to start creating an âimmunity passportâ approved by the World Wide Web Consortium (W3C) Verifiable Credentials standard.Â
However, some people see both approaches as controversial, even dangerous.Â
In May, attorney Elizabeth Renieris resigned from her advisory role at the ID2020 consortium for decentralized ID (DID) creators, including Microsoft, saying she âcannot be part of an organization overly influenced by commercial interests that only pays lip service to human rights.â
Microsoft would not make executives available for an interview, though the company did provide a statement.
âMicrosoft is continuing to work on the ION project, which has always included considerations on functionality for a wide range of use cases,â a Microsoft spokesperson told CoinDesk. âWhile there could be relevant software solutions inspired by new needs and current market demands, Microsoft believes in empowering people and protecting privacy and is committed to growing the open source community and industry standards.âÂ
Layered privacy
Microsoftâs open source ION project uses the Bitcoin blockchain for something comparable to a coat-check ticket.
Rather than include all the data about the coat (or person), which would be hard to scale, it offers a Bitcoin-ledger reference number to the dataâs chronology. The heavy data is actually stored between ION nodes using the InterPlanetary File System (IPFS). Whoever is anchoring the data pays a small fee to bitcoin miners to record the reference number.
âThe focus is to make things highly interoperable,â Heck said, referring broadly to the urgent work being done on solutions across the space.
Part of the reason why organizations involved with DIF are working to make their technologies compatible across use cases and systems is interoperability might, at the very least, make it easier to build privacy features that apply across the spectrum.Â
âUport at ConsenSys are also working on projects,â Heck said. âMicrosoftâs ION stack or Uportâs stack should be compatible.â
Even so, some privacy advocates say the projectâs safeguards are lacking.
Former W3C employee Harry Halpin, now CEO of the privacy-tech startup Nym, said some of these efforts are simply repackaging previous work.Â
âID2020 is just the latest attempt to violate peopleâs privacy using feel-good rhetoric. Itâs also part of a larger business plan. Microsoft and IBMâs entire bottom line is to build identity systems,â Halpin said. âGovernments need to establish identities of who owns these keys, so they say, âOK, weâll have an open standard, call it decentralized, and make it mandatory.ââ
In the face of such harsh criticism, blockchain advocates are working to identify and minimize the ethical risks of the tools they continue to build.Â
According to W3C member and nonprofit Blockchain Commons founder Christopher Allen, itâs not clear the contact tracing like Google and Apple are offering will work unless the vast majority of all Americans use them. Since itâs hard to get enough people on board for contact tracing to work, he worries the most salient result may simply be accelerated data collection.Â Â
âProbably the most dangerous type of information, out of all types of personal information, is location data,â Allen said, explaining contact tracing would require privacy tech at multiple layers, from the app level on the phone to the internet infrastructure someone uses.Â
âItâs incredibly hard to protect,â he said.
In reference to an open source emergency app in Israel, which does have privacy measures yet was operated in cooperation with various government entities, Allen said itâs clear âthis data is already out there being collected and [location data] correlation is happening.â
Government partners
Zcash Foundation researcher Henry de Valence agreed such systems are not the best use case for distributed ledger technology, or really any software.Â
âI donât think people should build those systems and I donât think they would be effective at preventing the spread of disease,â he said, adding he does not see so-called immunity passports as any better. âThereâs no cryptographically strong way to prove immunity one way or another.â
Some countries, like Honduras, have already implemented some type of blockchain solution for certificates that give people a type of ticket for medical services or free movement outdoors.Â
However, in these cases, the government generally came up with a policy and found a startup to create the relevant tooling, rather than tech startups coming to policymakers with prospective offerings. One exception, which isnât widely adopted so far and didnât use blockchain technology, was NSO Group pitching surveillance technology to American police. Despite the societal risks, crypto companies are taking NSO Groupâs proactive approach.Â
Blockchain certificates
Allen is slightly more optimistic about decentralized identity tools for self-sovereign medical records.Â
âThis architecture is ripe for solving this particular problem,â Allen said, warning this is only in reference to the digital certificate itself. (Whether the medical tests actually prove immunity is a different matter entirely.)Â Â
As someone who collaborates with both immunity passport teams and companies involved with the DIF, he said they are taking disparate approaches based on their own evaluations of the tradeoffs. Heâs not sure which will be better and hopes the market will decide.Â
âWe donât know what the best answer is and we donât have a strong rubric for what the best level of decentralization means,â Allen said of the immunity passport coalition. âParties like DIF, with Microsoft and ConsenSys â¦ [have] a different set of rubrics to decide the answer to their solution.â
On the other hand, Zcashâs de Valence remains skeptical.
âItâs the duty of technologists to ask what types of systems weâre creating and what kinds of social structures do those things create,â he said.Â
Although Allen warned no technology offers a panacea, especially with regards to government overreach or recurring outbreaks, he expects some type of new âverifiable credentialâ technology will probably emerge from this crisis.
