1. Selv
A Digital Health Passport
22 MAY 2020
Global Legal Hackathon
Click here to try the
Selv demo
2. Table of contents
01 - Selv – an overview
02 - Use cases
03 - The time has come for digital health passports
04 - How the Selv app works
05 - Key differentiators: free, accessible, secure, GDPR-compliant, interoperable
06 - Our roadmap
07 - The team
08 - Join us
4. Why Selv?
Through the technical expertise of the IOTA Foundation and the legal
expertise of Dentons, the world’s largest law firm, we have created
Selv – a health passport app to help alleviate the COVID-19 crisis.
Selv in three steps
Individuals are
tested for COVID-19
by Health Authorities
Results are downloaded to
the Selv app. Verification
details are recorded on a
Distributed Ledger
Individual health
status is verified by
scanning a QR Code
Scalable &
Interoperable
Selv follows the W3C specifications on
identity. The solution can be easily
integrated into countries’ existing
COVID-19 toolkits.
GDPR-Compliant
Selv is a decentralized system for
managing health data internationally.
The app and its use of Distributed
Ledger Technology (DLT) are GDPR
compliant.
Free & Accessible
Selv is free and open to everyone.
There are no fees to use the
solution. The app will be open
source.
Private & Secure
All personal data is encrypted
and stored on the user’s
device. The solution will be
fully audited by external
security consultants.
Simple & Hygienic
A paper-based system would
create another potential
infection vector – our system
provides a contactless method
for collecting and displaying
health credentials.
1.
2.
3.
6. Governments need to restore movement of people and goods
Lockdowns have slowed the spread of COVID-19 but have had massive economic impacts. Key workers must continue to
provide essential services, posing a risk to themselves and others. Cross-border trade and movement have ground to a halt. A
solution is needed for governments to verify individuals’ health status on a mass scale. Selv will help governments restart their
economies.
Selv is GDPR compliant. All health data is stored locally by the
user, and verified via a Distributed Ledger. This means that no
single central party holds the health data, thereby enhancing
privacy.
Selv applies the W3C specification for identity. The solution
can be integrated into the existing COVID-19 toolkit (e.g.
contact-tracing apps) and is compatible with other apps
internationally.
Selv enables near-instant health status verification via a
QR code scan. It allows entry points like borders to handle
a high throughput of people. The solution incurs no fees to
users or businesses.
7. Businesses need to protect the health of their employees
Businesses are facing the worst economic crisis in a century. Many need to get up and running soon to avoid
insolvency. However, many jobs require close proximity with co-workers, customers or patients. Businesses
must ensure that they return to a safe working environment. Selv will help workplaces reopen safely.
1
2
3
Businesses can guarantee employee
safety without storing sensitive
health data.
Selv is a free, digital solution
suitable for the modern workplace.
Using digital credentials is safer and
faster than paper credentials.
8. Watch our video to see how this works in practice.
In our video, you will meet Alex and Tom. Alex is a key worker in a care home. She is concerned
about her patients, her family, and her own health. Tom is a care home manager. He is worried about
the spread of the virus in his care home.
Individuals want to return to normal life
Selv helps Alex to return to work safely and Tom to return his care home to full operation.
10. The time for digital health passports has come...
1637
Quarantine
A health passport issued
in Avignon and recovered
in Venice. Holders were
exempt from the 40-day
quarantine.
1914
WWI
France adds fingerprints,
and later photographs, to
passports for better
identification.
Globalisation
Over 120 countries use
biometric passports.
Biometric information is
stored in embedded
chips.
2019
COVID-19
In response to the global
health crisis, a new digital
health passport emerges
for health data.
2020
What’s next?
Digital health passports
have value beyond the
current pandemic and
accelerate the digital
identity movement.
202X
11. … powered by
Throughout the course of history, humanity has always used the
latest technology at its disposal when confronted with global
health challenges.
As technology has progressed, new tools have been used for
proving identity: printing presses, signatures, wax seals,
fingerprints, photographs, ID numbers, micropatterns,
holograms, biometrics – and now Distributed Ledger
Technology.
IOTA is the next stage in the technological evolution,
guaranteeing the authenticity of digital health data.
13. ● The Selv demo is comprised of a mobile app
(Android and iOS) and a website.
● Individuals can store their health credentials
and share their status safely with authorities,
employers or peers.
● The demo narrative guides the user through
downloading their health credential and
sharing it with their employer and a border
agency.
● Selv uses the IOTA Tangle to enable
ownership of data and proof of authenticity.
The Selv demo
Try the Selv demo
14. Typical Selv user journey
The user is tested or
vaccinated at a facility set
up by the Government and
run by a health authority (a
credential issuer).
The issuer completes
the test and creates a
test credential. A web
portal allows the user to
collect their test
credential remotely
when ready.
The user opens their
Selv app and scans a
QR code to log into
the web portal with
their digital identity.
They download the
health credential to
their Selv app.
Their health status is
now stored locally on
their device, with an
optional backup. The
user owns the data
and is the only
person who can
claim ownership.
A verifier, such as an
employer or border
agency, scans the user’s
QR code. The verifier
sees only whether the
user qualifies for the
activity (e.g. to return to
work or to travel).
The user travels to an
airport or to work.
Society rediscovers
some of the freedoms
curtailed by COVID-19.
15. Selv implements the W3C specification for identity
The identity system underpinning the Selv app builds on the standards
proposed by the World Wide Web Consortium (W3C).
A new digital identity can be freely created by any individual or organisation.
✔️ which authority issued the credential;
✔️ that the credential is being presented by the person it was issued to;
✔️ that the credential has not been revoked.
✔️ that the credential is genuine;
Shareable credentials link identity and test results. Anyone verifying a
credential can reliably confirm:
16. Selv uses a combination of public-key cryptography and distributed ledger technology
(DLT) to create a feeless framework for generating and validating digital credentials.
Selv uses Distributed Ledger Technology
The Tangle provides the decentralised, cryptographically-secure trust protocol
between authorities, organisations and individuals.
Credentials are digitally signed by trustworthy authorities such as doctors,
healthcare providers or COVID-19 testing authorities.
The public keys needed to verify the testing authority are published to a
distributed ledger – in this case, the IOTA Tangle.
17. The IOTA Tangle
IOTA has engineered a decentralized, open-source
protocol for feeless data and value exchange
Highly
Scalable
Feeless
Transactions
Immutable
Data
Low Energy
Requirement
s
Watch the network activity live
https://graph.comnet.manapotion.io/
Over $175 billion
transacted
280+ academic
references
18. ● All activity requires holding
cryptocurrency token and incurs
transaction fees.
● Fees can change and spiral due
to network demand.
● Mining is a waste of resources.
● Inherently unscalable. Blocks are
limited in size and frequency.
● Unsuitable for digital
identities - a single point of
failure and a target for
attacks.
● Requires close government
cooperation to develop an
international solution.
● Governments or corporations
control user data in central
databases.
BlockchainCentralized
How is the Tangle different to other architectures?
● Free to use.
● Applications like Selv can be
developed without token usage
or fees.
● No miners. The Tangle has low
energy requirements.
● No blocks. The Tangle is
inherently scalable.
Tangle
20. ✖️ Paper documents can be misplaced,
damaged, lost, forged and copied
✖️ Paper credentials must be inspected
at close proximity
✖️ Paper documents can themselves
be a vector for disease
Selv is healthier, more convenient and safer than
paper certificates
✔️ digital certificates can be shared at a safe distance
✔️ digital certificates are immutable and verifiable
✔️ digital certificates can be backed up for longevity
Selv can help:
21. Communication between users, issuers and
verifiers is private and encrypted.
Personal data and private keys are encrypted
and securely stored on personal devices.
Open-source software enables the security
community to get insight into the technology and
resolve emerging security threats.
Selv is secure
✔️ ECDSA Based Asymmetric Cryptography is used
for encryption and message signatures. AES is
used for encrypted communication.
✔️ PII & Private Keys are stored in secure
keychains on user devices. No health data is ever
put on the Tangle.
✔️ Third-Party Security Audits will be undertaken
for all critical infrastructure on a regular basis.
22. Selv is GDPR-compliant
✖️ Who takes care of data on a ledger, i.e. who is the controller for GDPR purposes?
✔️ The app provider acts as the controller because it arranges for the anchoring of identities on the ledger and is in a position to take the necessary design
measures to ensure privacy compliance. However, you retain control over your personal data.
✖️ Is any health data or other personal data stored on the ledger?
✔️ No, your health certificates remain on your phone. Absolutely no health data or other personal data is uploaded to the ledger. All that goes on the ledger is
an encrypted identifier and public key. This data is fully anonymized and unusable for anyone who does not possess the decryption key. For purposes of
GDPR, it no longer qualifies as Personal Data (subjective definition).
✖️ Is all data on the ledger adequately protected?
✔️ Yes, users provide a one-off decryption key to a verifier. However as soon as the recipient completes this action, the decryption key is eliminated, rendering
the Personal Data stored on the ledger anonymous again. This drastically minimizes any risks of data leaks protecting both the data subject from harm and the
app provider from unwanted liability. Even if obtained, the key would indicate only the fact of the communication and not the information exchanged. Such an
ephemeral key is not a valuable target for hacking.
✖️ How can I enforce my right to be forgotten if the data on the ledger is immutable?
✔️ After the health data has been verified, the decryption key is eliminated, rendering the data stored on the ledger anonymous again and inaccessible, i.e.
effectively “forgotten”. Since the data is inaccessible, users do not need to exercise their right to be forgotten.
Option 1 - User anchors identity in the ledger. No personal data on the ledger, so GDPR compliant.
Option 2 - But it is also possible to use “disposable” identities instead. No user data is stored on ledger at all.
Only the issuer’s public key and identifier. GDPR does not apply.
23. ● The IOTA Tangle used by Selv is open-source and it will
always be free to exchange data.
● The Tangle is a permissionless network, allowing any
government or organisational body in the world to connect.
● By implementing the W3C DID specification, Selv is
interoperable both across borders and with other health
passports.
● Unlike blockchains, the Tangle is scalable and its
transaction speed industry-leading.
Selv is free, accessible and scalable
24. Selv is better for citizens
● Selv avoids creating any government-
controlled database.
● Citizens retain control over their data.
● The system is easy to dismantle when the
need for sharing COVID-19 health data
passes.
Selv leaves health data
in the hands of citizens
● Will individuals self-infect with COVID-19 in order
to benefit from additional freedom conferred by
a health passport?
● It may not be possible to curtail all risky behavior
by individuals.
● Governments should use education and
deterrence campaigns to mitigate this potential
risk.
Use education to mitigate
the risk of self-infection
25. Selv can be deployed ethically
Health passports do not
discriminate
Health passports do not
create haves and have-nots
● Health passports differentiate among individuals by design.
● Differentiation can become wrongful when it is is unjustified
and imposes undeserved hardship.
● This is not the case with health passports. In crisis circumstances,
substantial differences exist.
● It may cause greater harm not to differentiate between healthy
and potentially infectious people.
● We cannot compare the current reality of strict public health
restrictions to a baseline of normalcy.
● These restrictions can create burdens and exacerbate existing
inequalities.
● Health passports are transitional in nature and may
ameliorate conditions for underprivileged communities
that are particularly hard hit.
For more information, see: Gruener D., “Immunity Certificates: If We Must Have Them, We Must Do It Right”, Hall MA, Studdert DM, “Privileges and Immunity Certification During the COVID-19
Pandemic”, Persad G, Emanuel EJ, “The Ethics of COVID-19 Immunity-Based Licenses (‘Immunity Passports’)”
27. Q2 – Q3 2020Q2 20202019 – Q1 2020
Selv story to date
● Selv was initially developed
by IOTA to be a more generic
health passport and digital
identity wallet, catering to a
wide array of use cases.
● Components of the
application have been in
development since 2019.
● The IOTA Foundation has
been working in the interim
on production-ready versions
of the underlying protocols
and libraries.
Financing stageGlobal Legal
Hackathon
Prototyping
stage
● The Global Legal Hackathon
brought IOTA together with
Dentons, who have provided
legal and business advice on
various aspects of the
technology.
● Together, during the
hackathon, the team have
progressed the app
development, prepared a
GDPR compliance analysis,
promotional materials, FAQs
and an adoption plan.
● The IOTA Foundation are in
discussions to obtain a grant
(circa €500k) to continue
development and support of
Selv.
● The funding is necessary as
the solution will be free at the
point of use as a quasi public
good.
● Further work to be done on the
Selv suite includes app
improvements, an issuer app,
and issuer backend
integration.
28. 2021Q3 – Q4 2020TODAY
Rollout strategy
● Government: secure
funding with key test nation.
● Issuer: engage test
authority; integrate with
existing systems; ensure
authenticity of health
certification.
● Data privacy authority:
engage with and gain
endorsement of leading
authority.
● Verifiers: identify and
engage with potential beta
testers.
ExpansionRaise awareness &
engage with key
stakeholders
● Governments: conduct pilot
test; develop cross-border
cases.
● Health authorities: conduct
pilot test; harmonize public
/ private certification
standards.
● Data privacy authorities:
gain wider endorsements
● Verifiers: conduct pilot test.
● Documentation: develop
integration and operational
manuals for issuers and
verifiers.
● Governments: secure
multilateral agreements for
cross-border cooperation.
● Issuers: recruit and engage
with test authorities.
● Data privacy authorities:
engage with and gain
endorsement of leading
authority.
● Verifiers: streamline
integration with existing IT
systems.
● Service providers: support
consultancy and
service providers.
Rollout &
pilot test
29. THE FUTURESOONTODAY
Selv is just the first step towards digital identity
● Key workers return to work.
● Lorry drivers cross borders
and vacationers travel by
sharing COVID-19 health
data.
● An ecosystem of related
services begins to develop.
● Citizens expand their digital
identities to include
personal, academic, and
financial information.
● More verifiers rely on digital
birth certificates, academic
credentials, work permits.
● Broad offering of ancillary
services.
● Identity credentials are
entirely paperless. Records
are reliable, and access is
strictly controlled by
citizens.
● Stateless and displaced
persons create and control
their identities.
● Self-sovereign identities
connect people and
the identity of things.
Fully digital IDAdding identifiersFirst steps
31. ● The IOTA Foundation is a not-for-profit organization established in 2017. It is one of
the world’s leading organisations for distributed ledger research and development.
● Actively collaborating with multinational corporations, academics and governments,
the IOTA Foundation is developing open-source software that seeks to provide
trust in a digital world.
● The IOTA Foundation is proud to attract best-in-class experts across distributed
systems, cryptography, software engineering, identity, security and industry domains.
The IOTA Foundation
110+
Colleagues
25+
Nationalities
1
Shared vision
32. ● We are in and of the community and seek to improve the daily lives of people as they
respond to the COVID-19 crisis. As the world’s largest law firm, we are present in more
countries affected by the pandemic than any other law firm.
● As a polycentric organization with no single headquarters and no dominant national
culture, we value technologies that are accessible and interoperable.
● Our highly-regarded data privacy team can help enable new technologies like health
passports and digital identity.
● We are innovative, not only in transforming the business of law, but in helping our
clients bring innovative technologies to market.
Dentons
10,000+
Lawyers
183
Offices
150+
Data privacy lawyers
33. PART 08
SHARE OUR VISION
Help build an ecosystem around
digital health passports and
digital identity
34. ● There are a number of different groups investigating COVID-19 health passports and
immunity credentials, including the Covid Credentials Initiative (CCI), the Open
University Group, the Ubirch group and the Harvard Safra Center for Ethics.
● We are keen to pool our resources and collaborate with others on Health Passports
and Self Sovereign Identity.
● If you represent an organization or governmental body and want to learn more,
please do not hesitate to contact us.
● Our goal is to bring together a diverse group of partners to contribute the missing
pieces to this challenging puzzle.
Collaborate with us