By: Rodrigo Rivas Yassin @RivasYassin

Preamble

As of today, Europe ventures throughout the digital sphere in order to interrupt the exponential propagation of the Covid-19. The project known as Pan- European Privacy Preserving Proximity Tracing (PEPP-PT) emerges as a private-nonprofit initiative from a diverse group of private and public actors to address the global pandemic.

The main goal is to implement contact-tracing apps and establish procedures for proximity measures within a context of social distancing and use geo-tracking  as means to the end. Aside from user accessibility or technical robustness of the technology itself (Bluetooth Tech), as explained by the MIT Technology Review, data privacy seems to be a fundamental issue accompanying the initiative.

It is no secret that the European Union works with the highest standards when it comes to ethical and legal guidelines regarding data and digital privacy, but can a scenario with such a devastating social impact brake the Union’s merit?

Now, traveling into the unknow dimension of massive digital disruption, every single person must understand that there is a new layer added to the physical world. We all have digital identities (digital IDs) and consequently, digital rights.

What is a digital ID?

Broadly speaking, a digital ID is the compilation of personal data existing in digital form. As exposed in the following chart, a general form to visualize digital identity, is by grouping digital data in two categories: Attributes and Activities.

(Denamur, 2019)
 
 (Denamur, 2019)

People using the global digital infrastructure leave both data crumbs as attributes and activities throughout many websites. Not being able to understand that both can be perfectly categorized and, in a sense, unified, creates the opportunity for privacy violation. In this sense, in a digital world, people fundamentally require a mechanism to unify all personal data and protect it.

Following the line of what digital IDs are, undoubtedly, good and bad forms of these exist. Depending on governmental regulation towards the digital space and the quality of services provided by private actors, a set of standards must be assured.

Theoretically, good digital IDs should offer a set of benefits. In the public scope, ranging from civic, economic to political, encompassed by a layer of inclusiveness, empowerment and transparency. In parallel, digital IDs should enable the use of multiple applications within the different private actors that complement each person’s life.

In a general sense, digital IDs enable people to interact with governments, businesses and between each other within the digital infrastructure.

DIGITAL RIGHTS

Within digital IDs, digital rights exist. These encompass all human rights in the digital, internet era. From these, freedom of expression throughout digital platforms and data privacy, are of the most common examples. One way or another, digital rights are the extensions of rights stipulated on the Universal Declaration of Human Rights, all equal and inalienable. Consequently, extensions of applicable rights (to the digital sphere) stipulated by different international legal instruments.

But how do governments interact with us?

(George Orwell’s Big Brother)

Everyone must understand that technology, aside from the intrinsic added value for the overall improvement in quality of life, has led us to a point of relative “no return”. Abuse of government power throughout mass surveillance mechanisms can dismantle civil liberties.

We all know and use the example of China as how will governments around the world will end up if imposing mass surveillance mechanisms under an authoritarianism ideology/ governance model. On the other hand, private actors such as Facebook have demonstrated that as well, our digital identities are not only being chased and analyzed by governments.

If both, public and private actors have complete oversight of our unified digital IDs, then where will civil liberties stand?Covid-19 must not be a catapult for governmental mass surveillance mechanisms around the world. The only way of implementing virus-tracing applications and not violating civil liberties within a context of data protection, security, transparency and relative anonymity, is throughout a privacy preserving, decentralized approach.

Centralization vs Decentralization  

Centralized platforms are controlled by a central authority which functions as a third party that verifies all data transactions. Most common networks such as Facebook, YouTube, Twitter, Instagram, etc… are centralized platforms. As a user, you must trust that central authorities will keep your data private.

On the other hand, each device “node” connected to the system, helps independently, but interconnected, to operate the complete network. If any entity desires to access data from the decentralized network, must first be verified by all nodes, or at least in general terms. In this sense, if there are 20 million nodes operating the network, all 20 million must validate, separately, the access to data.

PEPP-PT is currently being developed as a centralized system, but for the sake of data protection, the initiative should take a decentralized approach.

Case Project

The construction of multi-layer, unified digital IDs is more essential than ever. Projects such as MyID alliance developed by IconLoop, an innovative, blockchain, use-case company, is a perfect example to how digital IDs will fundamentally mature in the coming years.

MyID functions as a blockchain, decentralized ecosystem with a variety of different services, from both public and private actors, to which the PEPP-PT could perfectly form part of.  Unifying all digital data, enabling a multi-layer, centric use.

Blockchain technology can serve as the backbone for transparency and efficiency regarding unified digital IDs. “Universal Basic Income and Automated-Hyperconnected Economies” exposes how the technology in question will become a pillar for the digital, automated economies governed by artificial intelligence.

Conclusion

Digital IDs will necessarily develop in the coming years. Private and Public actors have a legal and ethical responsibility to adhere the decentralized management of data.

In this sense, Digital IDs must be composed by different layers depending on the “importance” of users’ data, enabling separate protection and anonymity. Digital attributes and activities do not weight equally. A bank account or medical history has more value than likes on social networks. Consequently, the security of attributes is the defense of civil liberties and the creation of unified, digital IDs is the protection of digital rights.

When living inside the race for data crumbs between governments and private actors, accountability mechanisms are fundamental for the progressiveness of universal rights. The development of international instruments is an imperative assurance, within the framework of rule of law, that civil liberties will be protected; from which principles of legality, transparency, proportionality, temporality and privacy are part.

Every person is entitled to know when personal data is used and how privacy might be affected. If digital IDs manage to function with a different layer system, in which data requests of any entity, such as the geo-tracking apps developed by the PEPP-PT initiative, can be pulled with authorization of the user, then overall privacy might be left intact. Even more, privacy mechanisms will enhance the different dimensions encompassed by digital IDs.

Regarding the PEPP-PT project:

1. Data can only be used for epidemiological purposes. A prolonged use with different purposes should undergo accountability mechanisms assuring the responsible, ethical, legal and human-center use of the geo-tracking mechanism in question.

2. Governments must incentive the use of these applications, but eventually, each society should voluntarily use the technology, understanding data implications and most important, how can geo-tracking can positively affect to combat the virus.

PDF Version: Digital Identity, Digital Rights and the possible rise of Digital AuthoritarianismDescarga

Bibliography

BitDegree. (2020, 01 24). Centralized vs Decentralized: What’s the Difference? Retrieved from BitDegree: https://www.bitdegree.org/tutorials/centralized-vs-decentralized/

Dang, A. (2019, 05 11). A COMPREHENSIVE LOOK AT ICONLOOP’S MYID ALLIANCE: ITS PARTNERS, ADVISORS AND UPCOMING ROADMAP. Retrieved from The Iconist : https://theicon.ist/2019/11/05/a-comprehensive-look-at-iconloops-myid-alliance-its-partners-advisors-and-upcoming-roadmap/

Denamur, L. (2019, 11 12). What is a Digital Identity? . Retrieved from Jumio: https://www.jumio.com/what-is-a-digital-identity/

FELDSTEIN, S. (2020, 2 12). WHEN IT COMES TO DIGITAL AUTHORITARIANISM, CHINA IS A CHALLENGE — BUT NOT THE ONLY CHALLENGE. Retrieved from War on the Rocks : https://warontherocks.com/2020/02/when-it-comes-to-digital-authoritarianism-china-is-a-challenge-but-not-the-only-challenge/

O’Neill, P. H. (2020, 4 22). Bluetooth contact tracing needs bigger, better data. Retrieved from MIT Technology Review: https://www.technologyreview.com/2020/04/22/1000353/bluetooth-contact-tracing-needs-bigger-better-data/

Puppio, A. (2020, 04 23). El efecto mariposa: la universalidad e interdependencia de los derechos humanos.Retrieved from Human Rights Institute for peace ansd freedom: https://forpeaceandfreedom.org/2020/04/23/el-efecto-mariposa-la-universalidad-e-interdependencia-de-los-derechos-humanos/

PEPP-PT. (2020). Retrieved from Pan-European Privacy-Preserving Proximity Tracing: https://www.pepp-pt.org