Leading ConsenSys developer, John Wolpert, discussed the potential security flaws with Apple and Google’s contact tracing proposal.
Developers contributing to the Github of Baseline Protocol, an open-source blockchain project launched by Microsoft, EY, and ConsenSys, recently offered suggestions for a Baseline Protocol-based COVID-19 contact tracing system.
The project aims to address security flaws noted in the proposals for a contact tracing system made by Google and Apple to-date, including record-falsification and data centralization.
Cointelegraph spoke to John Wolpert, ConsenSys group executive and self-described “seeker of awesomeness,” to find out more about the project.
Baseline Protocol developers propose contact tracing system
Wolpert states that Baseline Protocol’s work toward a blockchain-based contact tracing system “emerged when a passionate community member in India contacted us about his thoughts for using the baseline approach on the topic of epidemiology.”
“Shortly thereafter, the news about contact tracing came out, and folks in the know about the work showed us the pattern being considered. It made sense, but it was apparent how we could increase compliance in societies that resist command and control by using the baseline protocol to eliminate the need to aggregate the data.”
John states that from what has been revealed about Apple and Google’s proposed trace monitoring system to-date, “issues regarding list insertion, non-repudiation and record-falsification” may be things “to watch for.”
However, Wolpert clarifies that “one could only say that these are actually problems by seeing the actual tech.”
Public skepticism surrounds Google/Apple’s proposal system
Wolpert emphasizes skepticism from the public regarding the purported anonymity of the contact tracing system proposed by Google and Apple, stating:
“Folks are savvy enough (or paranoid enough) to be skeptical about the ‘anonymity’ achieved simply by having IDs that don’t include their [personally identifying information]. Give me a bunch of data clusters from people uploading their anonymized encounter-list, and some time with a good AI team, and we’ll discover all sorts of ‘interesting’ things about people.”
On Github, Wolpert proposes a system where “Bluetooth key and other attributes [are] traded via Bluetooth with devices nearby, but then baselined so that we have proof that all parties indeed confirmed they were near each,” — eliminating repudiation risk.
To ensure users’ privacy, the hash of participants who test positive for COVID-19 will be changed to ‘infectious’ and dead-dropped onto the Baseline Protocol mainnet. Anyone who is associated with that person’s hash will be ‘listening’ for the hash to appear on the Mainnet — automatically triggering exposure alerts that are sent to all individuals who came in contact with the infected person.
One-click CDC reporting
The system would also provide a one-click button to report the contact to the U.S. Centers for Disease Control and Prevention, and could be used to verify test results.
“Doing all this without aggregating everyone’s information would be a leap forward,” Wolpert stated, adding: “From my perspective, it would certainly make this seemingly inevitable ‘new normal’ less creepy.”