Comments

Security, Verifiability and the Business of Information Infrastructures

A series about the application of consent and crypto-based principles


Comments

  • Sridhar a month ago

    Can crypto be used to enable trust between the government and a citizen? In the case of Aarogya Setu, how could the government show that they do NOT have arbitrary access to the app’s data?

    • Zainab Bawa (@zainabbawa) Crew a month ago

      Your question has been shared with the speaker and moderator, Sridhar.

    • Anand Venkatanarayanan (@anand-venkatanarayanan) Crew a month ago

      A scheme like this would work:
      1. All data is encrypted by default but by using a Key pair (Public, Private), where the private part stays with the device and the public part is used for encryption.
      2. The encrypted data is then stored within the device and can be eventually uploaded, when the need arises. Here again sharing needs an explicit action by the user and can’t be done by whoever controls it on the back end.
      3. When the user determines that they are ready to share information, they are then asked to choose the fields they want to share. For instance they can choose not to share location, but only proximity data.
      4. This is then decrypted by the Private key stored in the device and then sent back.
      5. The condition of course is that the client code (App code) has to be Open Sourced and they have to prove that this is the same code that is deployed in Play store or Apple store.

Login to leave a comment