The U.S. could and should have an effective smartphone-based “contact tracing” system that doesn’t encroach on our civil rights. For two decades, cryptographers have been highlighting the threat to privacy from our expanding online habits. They’ve also found ways around that problem, inventing encryption tools that let us share data without giving up our identities.
But just as we ignored epidemiologists and their warnings of an inevitable pandemic, we also ignored the cryptographers. Worse, perhaps, we labeled them as cranks and criminals.
This must change. If Americans truly want to protect their freedoms, they must now support research and development in zero-knowledge proofs, end-to-end encryption and self-sovereign digital identity.
Thankfully, the cryptocurrency explosion has fostered a boom in innovation in these fields, often resulting in side applications that are unrelated to digital tokens or blockchains. This is not a crypto fringe concept; it’s core infrastructure for the digital age.
Here’s the challenge: To test decentralized data-gathering tools at scale, in real life, and then to deploy them widely, requires regulators and intelligence agencies to roll back roadblocks they’ve put in front of open source cryptographer communities. A change in policy is urgently needed because once we get through COVID-19, another digitizing trend will start encroaching even further into our private lives: central bank digital currency.
For now, though, until it has a strategy in place that combines comprehensive COVID-19 testing with a decentralized, privacy-protecting contact-tracing regime, the U.S. faces three stark options: 1) We stay ignorant of the extent of the virus’ spread, forcing us to stay in lockdown for much longer than better-informed countries; 2) We send everyone back to work and expose millions to an extremely contagious disease whose morbidity levels are high enough to drive another overrun of our medical system; or 3) We leave our homes but submit to a regime of rigorous state and corporate surveillance.
South Korea shows what’s possible with option three. Under the somewhat ironic acronym of TRUST (Transparency, Robust screening and quarantine, Unique but universally applicable testing, Strict control and Treatment), authorities employed mass drive-thru testing and then – while surveilling people with phone GPS data, security cameras and credit-card and bank records – limited the movement of those who tested positive. As Bruce Klingner of The Heritage Foundation writes, the government employed powers it gained after the 2015 MERS outbreak that gave it “warrantless access” to private information.
Resistance to such invasive approaches is leading governments in the West to favor a pro-privacy approach to contact tracing – officially called “proximity tracing” in Europe. Yet, in both the U.S. and Europe, a familiar challenge has emerged: Can we trust the controlling entity to maintain users’ privacy?
In a rare act of cooperation, Apple and Google teamed to build a system based on Bluetooth transmitters, a technology far less prone to mass surveillance than GPS. It’s a voluntary model that would inform people of their contacts with infected people without revealing their identity.
It’s an attractive idea in principle but, setting aside its dependence on widespread voluntary participation and that it only works with Android or iOS phones, its core weakness, as CoinDesk’s Benjamin Powers reports, is users must trust Apple and Google with their data. The demands of shareholders and the Web 2.0 history of “surveillance capitalism,” the NSA’s PRISM program, the Patriot Act and Cambridge Analytica have undermined people’s willingness to trust that the powerful gatekeepers of our online lives won’t abuse our data. A new report that secretive intelligence firm Palantir has been awarded a separate COVID-19 contract will do nothing to boost that trust.
Such concerns presumably led a European group called the Privacy-Preserving Proximity Tracing consortium to initially include a sub-group of academic cryptographers from the Decentralized Privacy-Preserving Proximity Tracing, or DP3T, consortium. A decentralized model for sharing data, which ideally would leave data control in the hands of users, would remove the risk of capture by a controlling entity. In theory, that would bolster public trust in the initiative and increase its data-gathering capabilities.
But now it’s all falling apart. (Here again, read Benjamin Powers, whose coverage of the contact tracing debate is unparalleled.) The DP3T members are defecting from the PPPT in protest that the biggest countries are pushing for more centralized control over the data. This follows a Bloomberg interview with French Digital Minister Cedric O where he called on Apple and Google to disable a Bluetooth feature designed to protect users’ privacy.
It’s as if there’s a concerted effort to block the development of truly decentralized, privacy-preserving systems. Critics will point to the untested nature of the technology and scaling challenges. Yet, in deeply poor Honduras, blockchain startup Emerge and the Inter-American Bank managed to pull such a system together in just five days.
Such initiatives stem from the progress in cryptographic science that has come with the rise of open source cryptocurrency developer communities. It has produced innovations such as atomic swaps, decentralized exchange, Zk-snarks, recursive zero-knowledge proofs, ring signatures and homomorphic multiparty computation, all pointing to a future in which society gathers valuable transactional information while keeping secret the human identities behind it.
Yet, mainstream corporate and government sectors show little interest publicly in testing and employing these solutions. In fact, for years governments have worked against valuable cryptographic solutions. Think of the mid-1990s criminal investigations of Phil Zimmerman – whose PGP (Pretty Good Privacy) software now protects most of the world’s email – Australia’s anti-encryption law or the FBI’s efforts to force Apple to give up user data.
Whether these roadblocks are to protect corporate crony interests or government intelligence agencies, we can now see them as self-defeating. We urgently need to bring pro-privacy cryptography out of the shadows. Our way of life is at stake.
A world gone mad
This crisis continues to throw up strange and unforeseen phenomena. Who could have predicted a few weeks ago the U.S. Federal Reserve would directly buy corporate debt or that “Sorry, I was on mute” would become part of the daily cadence of our office meetings. In the spirit of that, we thought we’d illustrate the distortions occurring with three charts offering snapshots of different aspects of the fallout in the financial and economic realm. A picture paints a thousand words, but in true exponential effect, we think these three paint many more than three thousand – maybe 30,000?
1. When oil becomes worthless:
2. When millions of Americans are gainfully employed…until they’re not:
3. When a hacker reminds us that Decentralized Finance still has security challenges:
The Global Town Hall
Central Bank independence may not survive the coronavirus. So argues Bloomberg columnist Clive Crook, writing a kind of pre-obituary for a tenet of monetary policy that dates back to Federal Reserve Chairman Paul Volcker’s successful but politically difficult fight against inflation in the 1980s. The nail in the coffin, Crook argues, would be the massive public spending needed to revive the U.S. economy. If, in the future, the Fed buys Treasury bonds issued to fund that effort, can it really define it as monetary policy? Or is it more like “monetizing the debt?”
USDT is invading Ethereum. In his newsletter Wednesday, Messari CEO Ryan Selkis picked up on the fact that surging stablecoin usage is swelling the total value of such transactions over Ethereum to point out the blockchain itself is being transformed by it. The daily amount traded in stable-value ERC20 tokens now surpasses that of ether – most prominently led by Tether’s USDT token. “While Ethereum is many things, the most relevant thing it is now is a globally accessible, 24/7 digital eurodollar infrastructure,” Selkis writes. “Essentially, USDT has invaded the Ethereum blockchain without anyone’s permission, which is the explicit purpose of permissionless public blockchains.”
Everyone (on my Twitter feed at least) is talking about Marc Andreessen’s “build” essay. My take: the legendary Silicon Valley developer and venture capitalist is right to lament that the U.S., despite its wealth and scientific talent, has stopped building and innovating, but I was disappointed he didn’t try to answer the bigger question: Why? Why has American democracy failed to prioritize things like bridges, buildings and medical equipment?
I’ll presumptuously offer an answer: In the Web 2.0 era, our system for processing and prioritizing the information that society uses to make political and resource decisions is now controlled by a small group of giant companies funded by VCs like Andreessen. What we read and view is determined by the hidden algorithms of platforms such as Google and Facebook, which intermediate between media creators and their audiences. Those algorithms serve the interests of the platforms’ advertisers (as well as those of disinformation actors like Cambridge Analytica who’ve figured out how to exploit them). Whatever your view of “MSM,” the reality is that algorithms have more say in setting the agenda than journalists.