I have joined the  ConsenSys Health  "Stop Covid-19 Hackathon" to learn what Heather and Debbie are cooking up.

My goals are to increase my blockchain knowledge regarding DID and fill in gaps  regarding how this will be applied to stopping covid-19. I'm not looking at putting actual healthcare records on a public or private blockchain, something that generally seems to be a bad idea.

One functional requirement is to create a source of trust outside, but not replacing the information that Public Health is capable of delivering to end users. How does the app handle privacy?

How does it do encryption?

What type of encryption?

In terms of situational awareness of the virus, what does the end user actually need?

So given the interactions and transactions  regarding Uber, a passenger who is not infected does not want to get in the car with an actively positive (and possible asymptomatic) driver. The driver does not want to pickup an actively positive rider. There is no social distancing that is practically possible in Uber-X which uses standard cars, not biocontainment modified vehicles.

The assumption here is that the driver has properly disinfected the car, and that the rider is practicing safe processes like using hand sanitizer. The spread from one passenger to the next ride is minimized.

The transmission of the virus is time dependent and can be represented as a truth table of possible infection states. Given sufficient time (based on distance) infection is guaranteed in certain scenarios and the driver who is used to algorithms setting up a path of work efficiently, can ultimately be the sole judge of who rides in her car.

Questions like is the person wearing a mask, and should I not allow anyone to ride who is not wearing a mask? Generally the logic behind these questions are far past the actual logic of the virus which can be fought via business process and algorithms combined to aid individual behavior but not to prescribe behavior, this is as the heart of an open system and difficult to architect.

Another requirement: Don't take away people's freedom and right to choose on a micro level by creating a surveillance system. Let those transactions flow with the added information needed to smoothly and easily complete the transaction with minimum resistance. At the same time let someone build it themselves if they wish. At all times align with fundamental rights already defined. Allow people to exercise those rights, and protect your own rights.

Rights are a very important part of the bedrock of  commerce and standards. NIST is logically part of the Commerce Department. Therefore the Commerce Department should have a solution since they codify Identity with 800-63, and authentication (a huge Uber problem) relative to obtaining trust and truth.

This indicates a standardized approach to authentication or AuthN.  At the same time we do not need to limit ourselves to a particular definition of a constraint except it makes it easier to understand the requirement.  The rights are immutable, even if abused. The framework is the same, the applications are infinite. The question is at any one time how one achieves the end user goals that are hierarchical.

A practical example might be in order. The Magna Carta constrained the King by creating certain rights and standards. As such it is a fundamental resource for our American experiment. People brew and make beer. If you drink beer you want to know whether you like it, which is choice, if it is available, what is the price, and not inconsequentially how much one is consuming. If you are a conehead from 'France" that might be two six packs with a side of fiberglass. As far back as the Magna Carta it was recognized there needed to standardization in terms of beer. So they published standard amounts. Tavern keepers would often provide beer in glasses where the glass was blown or cast in a way that appeared to be larger than the actual liquid in the glass. That idea carries forward to NIST (which used to be weights and measures)  and the Department of Commerce in general. Known definable quantities  are required for a minimum of friction is commerce.

Literally this idea is the source of written language back to Sumerians as a form of code. One does not want to take the measure of quantities without a recourse to standard measurements. Literally this was a major breakthrough for civilization and these quantity markers became alphabets. In terms of commerce one want to "seal the contents" in certain size container, and imprint the size of the container in the jar, (like a Java Archive) and then validate a seal with some mechanism that indicates tampering. This applies equally to a modern ledger system relying on a chain of transactions and digital signatures, "stamping a coin" or minting currency, or a potter making an amphora for oil. The general concept is fairly obvious, but the extensibility of the concept is brilliant. The fact that it is your "right" to get a standard result, that PI does not change from day today, makes things much easier if they are based on math. The point is that one does not want to recalculate all the time which becomes expensive. Now apply that to covid-19, or some future virus that will emerge. The fact that we can still reuse algorithmic code from ancient Babylonia  should be reassuring.

Given the multiplicity of different authentication solutions, this is in itself political.

Authentication needs to scale, is should be distributed, and it can be specific to a community of interest. It is fairly simple to identify communities of interest. Each application should be appropriate to a given community of interest. That acts as a constraint. The architecture needs to valid at the national scale, (because this has been made political), defined classically as competition of scarce resources, made extremely evident in the covid response crisis. It is not clear that the government has been effective in allocating scarce resources like PPE and Ventilators. Can it also break a covid-19 application by requiring a panoptic power layer? One can think of a panoptic power layer as an amplifier. Access to rtPCR testing has been up to this point difficult. This will change. Access to serological testing is about to open up substantially, since it does not require the  amplification of the RNA converted to DNA and then sent to LabCorp etc for analysis, or originally to the CDC.

This testing scarcity change is at the heart of my specific use case which in turn lights up the U.S. economy in a very traceable way from the requirements.

Note that the Uber Pool  option was logically suspended during the epidemic which would have greatly increased risk.

Looking at the judges like Brian Behlendorf, of Apache, and specifically Hyperledger in this case, I know he has deep expertise in the subject matter of health IT. In fact all the judges look to extremely well qualified in this common quest.

My general architecture is scoped out.

Right now I am getting DID to work on blockchain as a source of Identity. I'm interested to see how that scales and exactly the details. Currently running a Microsoft protocol on top of BTC for the prototype using a hierarchical deterministic wallet which looks like it will handle some of the thornier issues related to flexibility in assigning keys.

As far as the requirements analysis goes, the ID2020 considerations look to be good at first glance.

The  US centric  Uber "super spreader" perfect storm  use case I am working on is constrained to having a smartphone, whereas in an International context that cannot be assumed. It should be noted that app solutions do not have to be International in scope and there is a wide variety on how different countries treat SARS-CoV-2 transmission, given there are some standard epidemiological models which should be briefly outlined in terms of National versus International solutions.

The initial phase, containment involves dealing with individuals (coming from an infected area) and determining via symptoms whether they are infected. This has been the age old approach since the lazarettos from 1592 to 1936. Essentially forced quarantine for travelers, from a Zen standpoint, a gateless gate. It was common to spend 3 weeks in quarantine coming from the Mideast to Europe. Philadelphia welcomed immigrants and as a result established a large  quarantine complex on the Delaware River

One can not be a Uber driver without the ability to run the Uber app, because fundamentally Uber does not   considers itself  to be a transportation company, they consider themselves to be a technology platform. Thus, due to the algorithms, AI, offshore support, etc. it makes sense to address the problem via the API, and thus solve some of the UX issues. They may at any point integrate any idea into their app. Of course then, this does not apply to rideshare in general, or the problems of gig workers in general. So from a scalability context, whatever works for Uber argues a separate app, a "sidecar" that both driver and passenger can use, with potential integration into the Uber API.