The Province of Drenthe is the lead partner for a wide range of European projects, and a lot of administration is required to successfully deliver them. The Province commissioned BlockchainLab Drenthe to deliver the Self-Sovereign Attendance pilot, which replaces the paper attendance/ registration lists that organisers have historically used to record lists of attendees at meetings and events with an app-based GDPR compliant blockchain solution that uses a ‘self-sovereign identity’ approach.
Moving beyond paper lists of people
Despite being in a profoundly digital world, many events still use paper signature lists to prove that someone was present at the event. The use of these paper attendance lists is problematic – paper lists contain large amounts of personally identifiable information (often including names, organisations, addresses
and signatures) which can be accessed by other attendees and other parties. By creating a mobile application based on blockchain technology and using self-sovereign identity, the app has been able to give users control of their own data, end inadvertent data sharing, while still being able to prove attendance at events.
What is self-sovereign identity?
Self-sovereign identity (SSI) is an approach that allows a user to provide their own credentials which are used to manage their own digital identity. This gives users control over the information that they use to prove who they are to websites, services, and applications. Traditional approaches to identify verification rely on the use of existing identity providers who verify a user by linking the user to their service – as Google (Google Sign-In) and Facebook (Facebook Connect) do. If a user relies on an identify provider, that provider has control of the information associated with the user’s identity and the provider can control how and where a user can verify their own identity. In a self-sovereign identity system, users control the credentials that they hold, and the user’s consent is required to use those credentials. This reduces the risk of unintended sharing of users’ personal data.
How the SSA app works
The meeting organiser uses the app to register an event on the blockchain, after which the organiser receives the event key in the form of a QR code. Meeting attendees can only scan the meeting key when they are present at the event, and when they scan the meeting key with the SSI app the app registers the user’s own unique key and then receives the certificate of attendance for that event. After the event is closed, the attendee will always be able to prove that they were present by showing the event’s certificate.
If anyone else needs or wants to verify this attendance (e.g. for control or audit purposes) they will be able to validate the unique key on the blockchain and there will be no need to share the attendee’s personal information or the personal information of other attendees. Administrators will still be able to evidence the number of attendees at their event, but they will no longer be forced to inadvertently share attendees’ personal information.
It took quite a bit of work to determine what GDPR compliance would look like for this use case, but after building and showing our proof- of-concept the Self Sovereign Attendancy-app was born and field tested at a number of events (e.g. the 2022 North Sea Conference in Bruges). We have now suggested that Interreg uses the SSA-app instead of traditional paper attendance lists to manage attendance and reporting for all of their project and network meetings.
The idea of using self-sovereign identity to verify individual users was central to the creation of this pilot. With the application now in use, we were able to prove that it is possible to change the way organisations currently work and to provide people with more control over their personal data.
Learning from the BLING partnership
In any relatively new field of work it is nearly impossible to keep track of all the developments by yourself. The BLING partnership has shown BlockchainLab Drenthe many other possible uses of blockchain technology. The other pilot projects in BLING are taking many different approaches to solve a wide range of problems. This allows us to share the learnings about the many technical and organisational challenges they have faced. It has been very valuable for BlockchainLab Drenthe to be able to discuss
the technological aspect with other developers in the project, as there are still relatively few blockchain developers, so all opportunities to discuss your challenges and learning is useful.
But the feedback so far on the SSA pilot has been great. Everyone that has tested the application for themselves immediately recognized the problem with the paper signature lists, and saw the need to change to a better system. In their showcases the BlockchainLab showed participants a copy of a signature list that they had downloaded from the internet. This really resonated with app testers as they recognised that they could potentially be on one of these lists, as it’s too easy to accidentally publish this information. Having a robust system that gave users control of their own data has definitely helped to highlight the value and usefulness of self-sovereign identity applications.
The SSA app is trying to get rid of a fairly annoying activity, so people are very open to changing that system. It has been interesting to see that when presenting the application, the first thing most people do is trying to find the loopholes and possible problems with it. People will think of very specific scenarios and see if the app will still work properly. Fortunately, pretty much all of these questions were considered and resolved by BlockchainLab Drenthe during the feasibility and design stages of the SSA solution.
Blockchain shouldn’t be the story
The biggest lesson for us in using blockchain is that it is not always useful to talk about blockchain. To many people, blockchain has a lot of negative connotations and this makes
it more difficult to talk about the possible blockchain use cases in an organisation than is the case with other technologies. Some people link blockchain with cryptocurrencies and volatility and scams. Others are confused about the specific technologies underpinning blockchain, and therefore are not as eager to start a project or research on blockchain.
If we focus on possible solutions or improvements in processes that can be enabled by blockchain, we found we had a lot more enthusiasm from stakeholders. After all, most people are not really interested in the specifics of how solutions are built c they just want
them to work. If can avoid the distractions of discursive generalised views on blockchain
and focus on the key concepts and aspects of blockchain-enabled solutions, we can still have these conversations and achieve useful projects.
What happens next to the SSA app
Now we are focussed on rolling the app out to the other partners in the BLING project, after which we are aiming to reach out to other Interreg projects to also make sure that they are aware of our solution and the GDPR benefits it brings.
The province of Drenthe has commissioned an external consultancy firm to investigate the legality of the continued use of paper attendance lists and to analyse the pros and cons of replacing these lists with the SSA app.
While our main focus in designing the app has been the Interreg ecosystem, anyone in the world who runs an event is able to use the app to manage attendance.
https://www.bcld.nl/en/home-2/ https:// www.youtube.com/c/BlockchainLabDrenthe