News

Edward Burton – Proof of Concept for a Blockchain COVID-19 Response System

We have implemented a blockchain-based system to provide immutable, tamper-proof data to the global medical community while simultaneously operating as a traffic-like system for civil liberties.

Edward Burton

25 March 2020

by Edward Burton, Developer

Having outlined the rationale for using Blockchain as an emergency response system for the COVID-19 epidemic here: How Blockchain could help fight the coronavirus, we have gone one step further and built a demonstration system with a simplified architecture to demonstrate the value that blockchain technology could bring in establishing a secure, distributed system in our fight against the global epidemic. This demo system allows us to do the following:

Pseudo-anonymously register citizens on a blockchain, sharing as much medically relevant data as required, immediately and trustless.
WEBUI WEBSITE
Search a register of citizens’ statuses, and use the system to allow authorities to immediately implement a traffic light alert system that would allow secure, anonymous and immediate communications with citizens based on their location and medical history.
ALERT WEBSITE
Immediately propagate and process information that is posted on the blockchain, allowing live processing and access to all medically relevant data. This can be seen by the immediate propagation of new data (see statistics for the website)

Technologies used in the prototype:

Open source blockchain engine multichain.
ExpressJs as a reverse proxy to perform read/write operations to the blockchain (CRUD isn’t quite the right terminology in blockchain land!)
ReactJs to draw up some extremely fast and lightweight prototypes ( I’m doing this system in my spare time in enforced quarantine, so please excuse the rough edges!)
AWS / Nginx to spin up virtual machines and connect the blockchain nodes with web interfaces…

Remote Blockchain Education - Blockchain Partners

I will go through each component part of the demo system in detail, explaining ‘why’ blockchain is an appropriate system and outlining the benefits this architecture gives us over existing technological solutions.

A trustless system means that the participants involved do not need to know or trust each other or a third party for the system to function. In a trustless environment, there is no single entity that has authority over the system, and the consensus is achieved without participants having to know or trust anything but the system itself.

PART 1: A web-based user interface to allow users to pseudo-anonymously register with the blockchain.

First, let us understand the difference between what we are doing and a centralised system:

Bitcoin is not entirely anonymous. … It is anonymous in the sense that the components of Bitcoin, such as addresses, private and public keys, and transactions, are all read in text strings, such as a public address, that in no way directly link to anyone’s personal identity. — link

Let’s imagine the Spanish government wanted to set up a COVID-19 database for their entire population. They could do so, everyone in Spain theoretically (if they are legal residents) will have a national identity number or equivalent. Great you say, well let’s just use that then? Add an extra table in the ‘data-bank’ and away we go…

Except now you have a problem because although a national identity number is a great way of identifying someone, it is also linked to personal data, raising security concerns. The same identity number from the health ministry would be linked to your identification number in the driving ministry, which could end up with some personal data from the tax office, and before you know it, you’ve basically ended up bundling a great amount of personal data into your ‘Covid’ response before you have even started.

Even if you randomise user data using hashing, for example, you still have to trust the participants in this system that they won’t leak the information that would associate the ID with the “real” person. Essentially, any centralised database has a problem with the separation of concerns, you would need a secure, reliable way to deal with the data, make it anonymous and ensure that only permissioned people have access. All of these things take time, money and more importantly, cooperation. Let us remember, we don’t usually have “a government office”, we generally have a tax office, a police department, a local government registry, a public health record, a land registry. There is no easy way to share data between these units with different interests, and even if there were, security and reliability would be a mammoth concern…

Even disregarding for a moment the political and logistical issues outlined above; if you have a central database with personal information, you have to implement a secure API (application interface) to make sure that only trusted parties can access the information and only the correct permissioned information. This is getting complicated already. Trying to link up data from the police, with data from the hospitals, with data from the local council, while ensuring the integrity and security of that data is an almost impossible feat, especially when we are in the midst of a global pandemic where time is of the essence.

This is blockchain comes in handy, demonstrated in our WebUI.

This WebUI would allow trusted sources (imagine you are a hospital or local doctor) to write to the blockchain, creating an immutable and digitally verified ledger that is permanent. What this means in layman’s terms, is that once created, this entity will be there forever and cannot be changed. So we will know that a certain authorised person, at a timestamped date, has created a certain piece of information. We know this because everyone in the network agrees about this fact. This doesn’t stop somebody lying or cheating, but it does create a permanent record or witness to the data that is distributed. So for example, we could assume that a doctor is not uploading false information, but if it was shown by people using the network that he actually was, we would have a permanent immutable record of this dishonesty. This is a massive improvement on a data bank, where we don’t have any transparency into the flow and control of the data and have to blindly place our trust in the administrators (in this case extremely biased politically motivated actors).

Therefore, if we use the assumption that the authorised people writing to the blockchain are not acting maliciously, we now have a distributed system of reliable, immutable information. A permanent record of this turbulent, devastating epidemic that cannot be warped to suit political interests or the targets of a biased intermediary. Trying to build this system between all the relevant government authorities would take years even if it were politically possible. Even then we probably wouldn’t trust the data. Using pseudo-anonymity to create neutral, filtered information on a blockchain; we get the data the worlds medics need, and we get it now.

So, hopefully, that has explained “why” you would want to have authorised portals registering people on a blockchain. Remember that the blockchain address that is generated upon registering would be permanent and unique. So next, you have to imagine that this address is given to the patient registered (in the form of bracelet or id card for example), and this can be used to ‘pseudo-anonymously’ hold their history on the blockchain, pseudo-anonymously because they can also prove it is their history by ownership of the address, but no-one can know it was them by observing the data of the system. That is blockchain in a nutshell!

So go on, imagine you are a doctor or a policeman, or any ‘authorised’ member of the blockchain and load up the WebUI. Then we are going to see what else this system can achieve…

PART 2: I’ve registered, what now…

Congratulations, your doctor has filled out a 30-second form, now after clicking ‘refresh_stats’ you see something like this on the screen:

[
{
“publishers”: [
“1Vq6RBPRhAXBWVqdvDEYnt3PMPwQpJsEhCMshs”
],
“keys”: [
“signup_message”
],
“offchain”: false,
“available”: true,
“data”: {
“json”: {
“data”: {
“age”: “15”,
“gender”: “female”,
“status”: “Patient has not been affected”,
“location”: “46441”
}
}
},
“confirmations”: 0,
“txid”: “1b9152b493769cf020ac5b45b4d4b09ced57128f4dd03ee28c6dc49e83f3141d”,
“vout”: 0,
“valid”: true,
“time”: 1585065966,
“timereceived”: 1585065966
}
]

What does this tell us? This is a json representation of our immutable data.

Essentially the PUBLISHER is telling us that we have digital proof that this was written by this ID: 1Vq6RBPRhAXBWVqdvDEYnt3PMPwQpJsEhCMshs, so a doctor or a policeman; whichever actor was authorised to join the permissioned blockchain as a registered node with write access.

The KEYS are giving us semantic data to organise and structure our data later on and do beautiful and informative web interface’s to help create the traffic light system. Just a free flow of semantically organised and structured data would be so helpful for the many volunteers working day and night to analyse this critical data. The DATA in JSON format is giving us structured medical data that can be processed by anyone with access to the blockchain, so basically a live feed of key information who needs to understand the situation.

The rest of the object is blockchain properties ensuring the integrity of the information, telling us that when the information was published, and whether it has been accepted by the blockchain as a whole. Explaining how blockchain validates and makes data tamper-proof is out of the scope of this article, interested people should go here: https://www.investopedia.com/tech/how-does-blockchain-work/

For now, you will just have to believe me, this data is almost instant and it is reliable, so we are already miles ahead of most systems… Now we can see how it is a distributed system. For this, you will have to copy the ‘stream’ address that the web_ui is displaying for you, you can see a screenshot here:

Let’s take this address (in our clipboard) and go hopping to a new website. This one could be run by the town council, the police or the local government. anyone who needs to run a TRAFFIC LIGHT system controls the status of registered addresses on the blockchain.

The fact that any distributed node can interact with the blockchain is what makes this system so powerful, you can have any number of volunteers with any number of ideas, interacting with the system without the risk of compromise. That means you can open up the flow of your data, we can innovate and analyse, observe and create until people find the missing links and formulas that will arm our scientists with the tools to fight back against the pandemic…

Speaking of which… “Let’s butcher your civil liberties!”

PART 3: Let’s butcher your civil liberties

So, we now have a unique address that has been assigned to us; so let’s imagine we are a policeman! You can be a mayor, the prime minister! Whatever your poison… Now we imagine that science has predicted a cluster near where you live (we know that because we now have a reliable knowledge bank of standardized key medical data, age, and COVID-19 status shared on a distributed system!) The next step is:

We need you to know that you can’t go out, ASAP!

Quick, let’s go to the site.

We’ve already used a separate (hypothetical) filtering node to find all people affected, we didn’t use AI and Machine-learning to create a super-smart neutral control system, but in the right hands in this distributed system that would frankly be child’s play. Instead, we used an ‘autocomplete’ filter to find your address.

burton2 Sorry dude, the bad news has arrived almost instantly, in the form of a JSON message in the web ui:

{
“publishers”: [
“3e75c932e28f0831626b3aee114974a2cedded”
],
“keys”: [
“alert”
],
“offchain”: false,
“available”: true,
“data”: {
“json”: {
“data”: {
“message”: “Sorry, papa gotta stay at home! “,
“publicTransport”: false,
“leaveHouse”: false
}
}
},
“confirmations”: 0,
“txid”: “703ff4d41cc87bb4b079c3e671ee23b8087692a9f6acb03551d585e9b8e5145d”,
“vout”: 0,
“valid”: true,
“time”: 1585067373,
“timereceived”: 1585067373
}

We immediately know that a KEY of ALERT has arrived from a PUBLISHER approved as a POLICEMAN and has verified at a CERTAIN TIME, and it contains a message that you cannot leave the house. Your proverbial traffic light is flashing red, no shopping for you today, sorry about that. If you did go out, authorities could immediately scan your address and find out your status*, (sorry cheats!).

*For the fraudulently minded of you, you would need to have a pretty good doppelganger to not be identified by the original data of the stream (assuming you we cheating by for example stealing somebody else’s blockchain address!).

So anyway, quite exciting stuff, we’ve registered and been told by the authorities that we aren’t allowed to leave our house. It is all distributed, allowing collaboration between public and private authorities that would never normally have the ability to collaborate in such a large-scale system, and even if they did, it is hard to see the system executed without compromising civil liberties and cyber-security… The fact that different parties with different purposes and different politically interests can immediately trust and use a distributed system would be a game-changer in this context.

Even if we were using my prototype as a simple alert system distributed between trustless parties for pseudo-anonymously implementing a nationwide COVID-19 response system, that would be a pretty amazing tool.

Even if we didn’t use AI / Ml algorithms to mathematically control the liberties of the participants (which would not be difficult) then it would still be valuable.

But the best part of this system can be seen in the final block of the proof of concept. The live sharing trustless medical data. So for that, let’s hop on over to the final component of the system.

PART 4: Let’s beat this virus, (click on refresh statistics)

This is a permissioned blockchain, that means that it isn’t open to the public, only ‘verified’ actors. Basically, you or I cannot join, only someone who has been authorised. But the good news is that anyone who is authorised has immediate access to all the data flowing through the system, and this data cannot be tampered with by anyone on the network.

In simple terms, we can share this data internationally, and the international actors can access and process a live stream of reliable data while being unable to extrapolate sensitive personal data or interfere with the working of the system. It is internet equivalent of an open-kitchen, the world can see what we are cooking but we don’t have to worry about them sneezing in the soup…

You’ll have to excuse me, I’m capable of building some great-looking data visualisation tools, I do it as a day job… However, in the few hours I’ve had to build this prototype I’m afraid I’ve stuck to the MVP principals, you can ‘see’ the actors you’ve added to the blockchain added to a table.

You will have to use your imagination to visualise the processing of treatment data, time to recovery, number of illnesses broken down into geography and all the vital data that the international medical community requires to beat this thing.

You can also imagine a record of police prosecutions per area, merged with infection rates, merged with trending medical statistics. This is a step further than a nationalised open API, this would be a distributed, transparent data feed that wouldn’t allow for easy political manipulation.

The really great thing is that we could open up our system and give access to everything to the international community; we could allow direct access to a live feed of the latest, tamper-proof medical data.

burton1 And that is why I think blockchain gives us the tools to provide free and distributed systems that would allow us to join forces and fight back.

Remote Blockchain Education - Blockchain Partners

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	session	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
spcsrf	2 hours	This cookie is used for ensuring the security of the website and visitors. This cookie ensures visitor browsing security by preventing cross-site request forgery.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
_wpfuuid	11 years	This cookie is used by the WPForms WordPress plugin. The cookie is used to allows the paid version of the plugin to connect entries by the same user and is used for some additional features like the Form Abandonment addon.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
SPSI	session	This cookie is used for setting a unique ID for the session and it collects user behaviour on the website during the session. This collected information is used for statistical purposes.
user_id	10 years 2 months 6 days	This cookie is used for identifying the user. It helps to keep track of the visitor profile for future sessions and for customizing their experience.
_dc_gtm_UA-127046568-1	1 minute	This is a Google Tag Manager cookie that is used to control the loading of a Google Analytics script tag, to track the performance of ad campaigns.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_8Z4LPYV357	2 years	This cookie is installed by Google Analytics.
_ga_HJEQGVMT2D	2 years	This cookie is installed by Google Analytics.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
__qca	session	The __qca cookie is associated with Quantcast. This anonymous data helps us to better understand users' needs and customize the website accordingly.

Cookie	Duration	Description
adOtr	session	No description available.
BiggerBuyAmount_ABvariant	1 month	No description
clear_confirm_ABvariant	1 month	No description
ipcountry	1 month	No description
livechat_delay	1 month	No description
ppwp_wp_session	30 minutes	No description
PRLST	session	No description available.
progress_bar_ABvariant	1 month	No description
SPSE	session	No description available.
sp_lit	5 minutes	No description available.
time	session	No description available.
UTGv2	5 months 27 days	No description available.
WTP_AB_variant	6 months 3 days	No description
_dlt	1 day	No description
__zrtbanner49	3 months	No description

Loading…

Here are the results for the search: "{{td_search_query}}"

No results!

{{post_title}}

RELATED ARTICLES

Bitcoin Volatility Soars Amidst Geopolitical Tensions as...

Bullish March Marks Record for Bitcoin

Everything You Need to Know When Using...