Learn

Non-Orwellian Contact Tracing With Bitcoin and LSATs

Buck Perley

First published: 06/23/2020
| Last updated: 01/17/2023
| -- min read

One of the challenges presented by a pandemic, such as COVID-19, is that testing and tracing, while being the primary tools necessary in slowing the spread of the disease, present serious challenges to civil liberty protections.

The main issue with current solutions is the type and quantity of data required to make these systems work: GPS to see where you’ve been, bluetooth to see who you’ve been near, payment information to see what businesses you’ve patronized. For years in China before the recent COVID-19 pandemic, it was already policy that all new cell phone numbers had to be registered with a citizen’s personal identification number (the equivalent of Social Security Numbers in the U.S.), effectively tying that sim card and all of its activity with a real life person. Combine this with the types of tracking systems being implemented for contact tracing and you have the mechanisms for a surveillance regime only Orwell could have dreamed of and the likes of Stalin and Mao would have killed for.

The risks posed above can also quickly move from the virtual and hypothetical to the physical world. Many countries such as China and South Korea that have these robust contact tracing systems are forcing quarantine on those that are marked as a risk through these apps. In South Korea, anyone that breaks quarantine will be forced to wear a tracking bracelet. Unfortunately, this does not even take into account the risk of false positives, which could result in a unrealistic sense of security that can be used to justify the app in parallel with people being forced to stop work and quarantine as a result of such a false positive. This in turn can discourage people from getting tested themselves in the first place consequently making the system itself less effective. Then there is the issue of privacy. When someone tests positive for COVID-19 in South Korea for example, this person’s information (age range, gender, places that they’ve visited) are made publicly available on a website. In Taiwan, if you’re under quarantine, even the act of turning off your phone can earn you a visit from the police. In China, people can be flagged on their social media profile as at risk or required to be quarantined, without even knowing why.

Finally, even if we can justify such extreme measures given the unique challenges presented by a pandemic, there is no guarantee that such surveillance does not become standard after the crisis has passed. The gradual creep of surveillance technology has become the new normal in China, which started ramping up facial recognition deployment around the time of the 2008 Olympics, eventually becoming a world leader in visual tracking technology. This was naturally justified under the auspices of “necessary security” for the games. Today these same technologies, along with machine learning algorithms applied to social media apps and a Internet monitoring force numbering in the millions, are being used to target ethnic minorities, silence dissidents, and implement draconian and opaque social credit systems. A recent article in the Guardian outlines how the Coronavirus measures are only expected to accelerate these trends, with one activist in Guangzhou quoted as saying “This epidemic undoubtedly provides more reason for the government to surveil the public. I don’t think authorities will rule out keeping this up after the outbreak.”

It is still however clear that some system of testing and certification is effective in slowing the spread of viral and deadly diseases such as COVID-19. Despite the risks, these tools were critical in South Korea’s effective response to the spread of the disease in their own country. This then begs the question, how can we have a system that is publicly verifiable by anyone but doesn’t require a trusted third party to have access to intimate details of where we have been and who we’ve been in contact with, unlike the intrusive technology used in places like China, Singapore, Russia, and South Korea?

Controlling Viral Transmission With Bitcoin

This question should look familiar to those who understand the mechanics of how bitcoin operates and the proposed solutions outlined in the original bitcoin white paper. This problem, known as the Byzantine Generals’ Problem, poses the dilemma of how two separate, unaffiliated parties can coordinate to agree on the state of some piece of information without relying on a third party to be a source of truth for that information. In the particular case of bitcoin, this information is a public ledger of all transactions and the resulting balances associated with public keys, which represent ownership. The bitcoin blockchain doesn’t care who owns the bitcoin or how it was acquired, but it does give us a mechanism to verify ownership without a trusted third party. This is what allows individuals to transact in a trust-minimized way. If Alice wants to send Bob 1 bitcoin, Bob will want to know that Alice actually has the funds to send. In the old world, PayPal, Venmo, Visa, Bank of America, or the Federal Reserve solves this. In the new world, bitcoin solves it.

How does this apply to contact tracing? Well, let’s say that Alice needs a haircut and Bob is a barber. In the world of centralized control, Alice might scan a QR code on Bob’s window with an app that will verify everywhere Alice has been in the past 2 weeks and who she’s been in contact with (thanks to a national tracking system). If she has been tested recently, the results were negative, and no one else she’s come in contact with has tested positive, the app will let Bob know that Alice is clear and the haircut can proceed. Bob trusts the results presented because he has decided to trust the maintainers of the app. How do we know that this information is properly encrypted? We don’t. How can we prove that the facial recognition cameras and GPS’ used to track users will be disabled once this is all over? We can’t really. How do we know that results aren’t being manipulated when it suits those who control it? Impossible. The system is only as good as the trust we have in it.

So how can Alice prove to Bob that it’s safe for her to walk into the barber shop without relying on track-me.gov to mediate? There are several features unique to bitcoin that make it particularly well suited to solve this issue. First, it is the most secure blockchain backed by the most powerful network of computing power on the planet, decentralized or otherwise. This means it can in effect act as the world’s most secure notary, timestamping arbitrary data to prove that data’s provenance at a specific point in time (the validity of that data will be addressed next). Second, being backed by the most valuable, scarce, portable, and decentralized currency means that any abstraction or layer built on top of it (say, for example, testing results) get to automatically leverage this to insert valuable “skin-in-the-game” to further protect against forgery and Sybil Attacks. While work is being done to try and use blockchains more broadly to solve issues of decentralized identity including for applications such as “COVID-19 Passports”, given the benefits of Bitcoin in particular listed above, I think we can do better.

Cheap, Provable Identity Using Lightning

The Lightning Network provides a unique opportunity to solve some of the usability issues we might have with a health certificate on top of bitcoin. Most notably, Lightning provides the ability to do micro-transactions, moving bitcoin around faster and cheaper than on the base layer. This means updates to such a system, e.g. new test results, can be made relatively costlessly. Another often overlooked benefit of the Lightning Network is that it comes with a pseudo-identity system pre-built in.

In order to make and receive bitcoin payments on lightning, a user needs to lock up some on-chain bitcoin into a payment channel using a kind of smart contract on bitcoin called a Hash Time Locked Contract. This channel, and therefore the locked up funds, becomes associated with your node’s public key, a cryptographically secure identity. Unlike with many other decentralized identity solutions out there, these properties add a cost to maintaining a lightning identity (the opportunity cost of locked up funds), which serves to discourage production of “fake” identities. It also has a history associated with it since it’s possible to verify the age and balance of channels. All of this can be accomplished without sacrificing privacy.

A new specification for authentication on top of Lightning that leverages these properties, known as Lightning Service Authentication Tokens, or LSATs, provides the last tool we need to create a decentralized, secure, and private contact tracing and health certificate system. For those unfamiliar with LSATs, think of them as an alternative to cookies which are broadly used across the Internet as digital credentials for authentication, authorization, and often (unfortunately) tracking, but instead use Lightning payments and an alternative encoding standard to cookies known as macaroons to make them more private, more flexible, and more easily verifiable in decentralized ecosystems. Specifically for our purposes, by using the chained HMACs (or “Hash-based Message Authentication Code”) construction of macaroons, we can tie information necessary for contact tracing to a digital certificate that is cryptographically verifiable and secure without relying on a third party, using lightning payments and the bitcoin blockchain to make these certificates nearly impossible to forge.

For those who would like to learn more about the technical details of how LSATs work and their other applications see here and here.

Here’s how a health certificate and contact tracing system using LSATs might look:

We start with a known and respected testing service that establishes a well-capitalized Lightning node. Let’s call this company “Carol’s Optimized Virtual Identity Delivery” or COVID Labs for short. The company being well-known is important as the reputation of the node that is ensuring the tests and issuing LSATs must be at stake to keep the system honest. Note that we don’t have to trust this service or company with our own personal information, just that they can be trusted to administer tests.
Let’s say Alice wants to get herself tested and be able to provide proof of her results. She sends a request to COVID Labs which then issues an LSAT. This LSAT commits to the most recent block hash on the Bitcoin blockchain, which gives us a timestamp of when the request was initiated, preventing the forging of a testing certificate that appears to be more recent, as well as a payment invoice that must be paid in order to prove its validity and authenticity.
Alice then takes the test, pays the invoice associated with the LSAT, and signs a message with her Lightning node’s private key, tying the LSAT to the public key associated with her node (i.e. her “identity”). This message could even be encrypted personal information that can be used to prove the test is actually hers. The signed message gets added to the LSAT as a first party caveat.
COVID Labs processes the test, hashes the result, signs the result with their Lightning node and then appends the signed message onto the LSAT as another cryptographically secure first party caveat. Because the LSAT was generated by the testing service with a private key that only they have access to, it is impossible to forge or alter any of these caveats without access to that private key (thanks to the HMAC construction of the macaroons that undergird LSATs.)

Now Alice has everything she needs to prove to Bob that she’s more likely than not healthy in a peer-to-peer way without relying on a third party service provider. By looking at the LSAT, Bob can easily see:

How recent Alice took her test thanks to the block hash placed by COVID Labs in the LSAT.
That the test was administered by COVID Labs, the most trusted name in digital health certificates and coronavirus testing, thanks to the public key identifier and signature associated with their known Lightning node.
That the test results Alice is presenting are associated with a lightning payment connected to that LSAT thanks to the hash of the test results present in a caveat signed by the COVID Labs Testing Company.
That Alice is the one who took the test since she can prove she owns the node that made the payment, and if available, she can decrypt the personal identifying information signed as a message on the LSAT.

While tests become less informative as time passes, having this information easily queryable allows individuals to assess their own level of risk they’re willing to take. If you’re an at-risk group, maybe you will require tests that are no older than one week. If you’re young and healthy, maybe you’re open to some wiggle room. This avoids some of the incentive pitfalls of other government run systems that punish those who might test positive, substituting instead market and social pressures on individuals to keep the system honest and informative.

A further advantage of such a system is that since it is tied to a payment system by design, municipalities, businesses, and health organizations could use financial incentives to encourage more people to get tested more frequently rather than requiring it by fiat. Using the LSAT system and lightning node’s public key associated with it, payments or subsidies could be offered to those able to present a valid proof-of-test LSAT.

Drawbacks, Challenges, and Some Solutions

While this doesn’t give us the same guarantees that a complete government controlled surveillance apparatus could, it gets us a lot closer without sacrificing privacy or essential liberty. One missing piece from the above is the contact tracing aspect, i.e. seeing not just if you’ve recently tested positive but also if anyone you’ve recently been in contact with has.

While likely not possible to replicate this perfectly, one could imagine a system where COVID Labs could also provide an aggregation service where it manages a database of IDs associated with the LSATs it issues and their results. There would be no information tying these tests to individuals, however when people check in somewhere using their LSAT as a digital health passport, at Bob’s Barbershop for example, Bob could inform COVID Labs that Alice’s LSAT ID checked-in at the shop. When Alice eventually goes to renew her test, COVID Labs could require her old ID be presented and if she tests positive this time, COVID Labs would issue that result and could inform Bob that he may have been in contact with someone who tested positive. There is some privacy sacrificed, but the identifying information could be kept to a minimum, and the check-in system could be opt-in.

Another challenge is the cost and difficulty some might have with setting up and maintaining a lightning node. There is no reason that this can’t be run by companies, essentially custodial lightning services who manage a node, payments, and message signing for you. You would have to provide some personal information to this company, so you sacrifice some privacy, however, the test results can and should be stored separately (as would a tracing system as outlined above) or directly by the individual, in either case encrypted, and tied to the LSAT managed by this service by the signed hash only (i.e. minimal identifying information). And the fact that there would be competitive pressures and that individuals could opt-out and run their own if they want to should help ensure a secure and private service.

A related challenge is adoption of lightning and bitcoin and some of the stigmas associated with these technologies that continue to persist. An approach where these operate as invisible rails under the hood of a more consumer-friendly application, similar to the approach Zap has taken with their Strike payment processing, might be the right way to go here.

The final hurdle is one known to any developer or entrepreneur that has tried to break into either healthcare or financial services at any point in the past… ever? And that of course is regulation. it’s hard to imagine much of a solution here, especially since government approval would be required to get past step 1 for any solution: testing. But here, as always with regulators, perhaps the best strategy is to ask for forgiveness later rather than permission now.