A ride sharing solution for industrial parks
Shane Deconinck – Howest University, Belgium
In an ideal world everywhere would be well served by public transportation. The team
at Howest knew that the public transportation links to many out-of-town industrial parks in Flanders were not great, and so their employees were heavily reliant on using cars to get to work. But what if you don’t have a car, or can’t drive? How do companies attract workers if the workers they want don’t have cars? How do companies collaborate if workers aren’t able to move between sites if they don’t have cars?
To help solve this problem Howest worked with local employers to build a proof of concept or a privacy-first ridesharing app that used blockchain to connect businesses, commuters, and potential passengers – and thus reduce automobile use and the need to own cars.
One of the unique aspects of the Mobiliti app is that by design it’s cross-organisational. Rather than trying to match rides for workers in just one company, it provides a platform where any company can join with others in the same location so their workers can share rides. This way people can find rides even with other workers who are not in their organisation.
Because the app works with separate organisations that may or may not trust each other, and who may not wish to share information about themselves or their employees with other firms, Howest decided to use a blockchain as part of their app solution. Through the blockchain, data on usage can be recorded and analysed in a privacy-
compliant way, ensuring a shared understanding about which rides happened, the numbers of people involved, and when.
Howest has needed to educate the organisations and municipalities that they wanted to do the pilot with about the opportunities and risks
of these approaches. They have learned from their partners’ questions and challenges and have tailored the Mobiliti solution in response to their needs and concerns.
A 3-part solution
The Mobiliti service is based upon a three-part solution. There is a ride-sharing app, which matches passengers and drivers – even if they’re not part of the same organisation or employer. Secondly, Mobiliti uses a Hyperledger Fabric blockchain to store information about ride events – what is offered, what is accepted, and so on. The tamper-proof registration of activities and events increases trust across the participating organisation, as they know the data is an accurate reflection of participants’ activities. Thirdly, there is an Administrative Platform, which participating organisations use to enrol their employees in the blockchain network, and which reports aggregated on platform use. This data allows employers to reward / incentivize employees who use the service.
Mobiliti in use
Before the ride:
- The employer enrols their worker in the system via the administrative platform
- The employee is able to either post a ride or respond to a posted ride.
The ride:
- Driver shows the QR code for the ride
- Passenger scans the QR code, and starts the ride
- The ride start event is registered to the blockchain
- The ride stop event is registered to the blockchain
At the end of the journey the blockchain now holds irrefutable evidence that ride was started or stopped.
Ensuring user privacy
Mobiliti was designed with privacy in mind. The service was designed to be GDPR compliant – so users have the right to be ‘forgotten’. Ride data should also not be public, but only visible for users of participating organizations.
HOWEST used a Hyperledger Fabric blockchain to ensure privacy and immutability without having to disclose all of the participant’s details. Hyperledger Fabric has a Private Data Store that keeps data private, while ensuring immutability by only making the hash of the private data public.
HOWEST used Hyperledger Fabric’s Private Data functionality to store the participant details of a ride in a private information channel, while storing the general ride information in a ‘public’ channel. (It should be noted that this does not mean that the information is public – it only means that authorised nodes can see the information.) This blockchain configuration is known as a “private permissioned blockchain” and means that only authorised users can see ride information.
Smart contracts are used to manage the flows of user data.
Testing, 1,2,3 testing…
Howest will begin testing the Mobiliti service in April 2023, where the initial partners will be De Lovie (a social organization providing support to youth and adults with disabilities) and the City of Poperinge in West Flanders. In this phase they are focusing on accessibility, and will launch the “Mobiliti, Makes my day complete” campaign which will focusing on supporting the daytime activities of De Lovie’s residents. As the residents don’t all have smartphones,
HOWEST has printed cards with a QR code on them for users to hand to drivers to scan.
Howest has learned that blockchain systems are really ecosystems involving multiple organisations. Bootstrapping a new ecosystem has coordination challenges and is risky. By making sure that the Mobiliti piloting phase also delivers social value, Howest feels it has reduced this launch risk.
Key learning in building privacy-focused blockchain solutions
Building this pilot has significantly increased HOWEST’s understanding of how to handle private data in blockchain systems.
When creating a mobile app, it is not always easy to find a matching Software Development Kit. We couldn’t find one for our iOS app, so we had to use an API that translated REST-calls into transactions on the Hyperledger Fabric blockchain.
We also found a powerful way to use Hyperledger Fabric Private Data in a trustless and privacy-oriented way: placing the private data in the Private Data Collection of each organisation and then performing transactions with the node of that organisation. Each node can then validate if the asking user has the correct rights and return the requested data if allowed. In that way, private data does not need to be shared with every organisation in a private data collection. However, to do this, we needed to have the ability to create transactions on the apps themselves, which was not possible with the time and resources we had.
When HOWEST designed the Mobiliti pilot, they assumed that all participating organisations would host their own node on the solution’s blockchain. Nodes are effectively ‘stakeholders’ on the blockchain network, and are able
to verify transactions on the blockchain. It turned out that hosting their own node would be too expensive or cumbersome for many organisations – even if they used a third-party service. So Howest had to add a facility where organisations could join as organisations on ‘neutral’ nodes, such as one offered by Howest.
Four lessons in Mobiliti:
- No personal/or private data should be recorded on a blockchain – this is important if you are to be GDPR compliant. This is why Howest used Hyperledger Fabric’s Private Data functionality, as it allowed us to store personal information safely.
- Education on blockchain is important to prevent prejudices – many people have strong views on blockchain,but they may be misinformed or only have a superficial understanding of the issues involved. Blockchain is a complicated topic, so this is quite challenging.
- We needed to set up a consortium to deliver this solution. We worked with an external company – IntellectEU – that offers consortium building as a service. This is a viable way for municipalities to build working consortia.
- The sensitive data that the app generates needs to remain private within participating organisations, and we need to make sure that only organisations in the consortium can participate in the service. To deliver this meant we had to make decisions about the blockchain architecture that we used – so in this case we chose to create a private permissioned blockchain.