Consent Based Access Control and Healthcare Data by Brechin Piper

Awesome.

Thank you for the introduction. Uh, and thanks to all our volunteers who like that setup there scares me. So, I'm glad someone else is taking care of that. I love that. Uh, so I'm going to talk today about uh something I like to call consentbased access control. Uh, you've probably never heard of it because I came up with it for my master's capstone thesis. I'm trying to get the word out that this is a cool idea and hopefully the more people I tell eventually maybe uh hopefully before I die uh my healthcare data can be a bit more accessible to me. So, the agenda, uh, I'll introduce myself. I got to talk about a concept

called self-s sovereign identity. Uh, because like all good students, I didn't come up with an original thought. I stole someone else's, uh, and changed it so that I didn't get accused of plagiarism. Uh, and then we've got to have a problem to apply my cool new concept to. Uh, so the one I chose was healthcare data at the prompting of my thesis adviser. Uh so about me, I'm one of those dirty, smelly people living in a tent in the field uh trying to give someone highspeed internet without reliable power uh while being told people are trying to kill me. It's very exciting time in my life. Um and from that I might have different biases

about it. Uh for example, I like to think I was a good use of public dollars when I got a salary. And I generally think the government's trying their best and is doing a mediocre to okay job. And generally it's not that they're malicious. Uh other things I should say, I am exceptionally pale. I was born in Canada. I have traveled the world a bit, but I have a very western bias. Most people I talk to are uh former veterans or uh have worked in NATO countries. Um so I I bring that bias as well. Uh the other shout out I'll give uh is uh these thoughts uh aren't just my own. They were honed and formulated with my uh

research adviser Dr. Sergey Budikov uh who for some reason has chosen to move to the states. So before we talk about self-s sovereign identity, just want to do a poll. Who here feels like they have uh good ownership over their personal data? I'm going to take the laughter as a thumbs down, right? I think Google knows more about my preferences than I do. And I know that's a problem, but I'm also exceptionally cheap. So, I'm not willing to spring for Proton Mail for my own email. I'm not willing to self-host my own PGP cloud uh so I can get in on encrypted email and I own my own email server, even though I do have a server

at home. I'm just not willing to do that. So, I'm taking the easy option, right, where I become the product. And I think we can all agree that's kind of a a concern or kind of a problem. Uh so someone smarter than me named Christopher Allen uh in 2016 wrote a paper saying this is a problem. We should do something about it. Has anyone heard of Christopher Allen before? Has anyone used the internet today? So if you used the internet, you probably used TLS. He is one of the co-authors for the transport layer security standard. Uh so he's kind of a big deal. Uh and he has a great blog called life a life life with elacrity

where he just rants and puts out musings and occasionally uh great bits of information like hey we should assume control of our own identity we should get our data under control. Uh so his original thoughts he came up with 10 principles for self-s sovereign identity. Uh so his first one existence kind of I think therefore I am. Uh things that should have a digital identity should be mapped to a human potentially maybe an AI. Uh but you wouldn't make a digital identity for a desk or a chair. But you could make one for a legal entity like a business. So you could say Concordia University of Edmonton could have a digital identity. Microsoft could have a digital identity.

Um, so it gets a little complicated on the existence front, but really looking at things that could issue a certificate or a credential. Control. If I make a digital identity for myself, I should have control over it. Uh, this really just comes down to who has your keys. If you gamble or speculate on cryptocurrency, you might say not your keys, not your crypto. Kind of the same idea. Do you have control of your identity? The next one he talks about is access. So anything that uh is attached to your identity, you should have access to. So if I get a speeding ticket and they attach it to my digital identity, I should have access to that. My MRI scan

results, whatever you say is about me, I should have access to it. And it's different than control uh because I'm not the most ethical person. So if I had full control over my speeding tickets that were sent to my digital identity, I know where the bleep button is, right? So it's uh the difference between controlling your identity, so choosing how you represent yourself, what a digital identifier you want to use, uh and then seeing what's attached to it. We then have transparency. Everyone loves security through obscurity, right? You don't have to worry about having a good system as long as you hide your crypto underneath. Uh hopefully not. Uh so he's saying whatever tech blackmagic

we use to enable uh this idea should be fully open, auditable, transparent using modern cryptographic standards persistence. I hope to live a long life. Um and my data should live as long as I do until I have the right to be forgotten and I want to delete some of my data. So it should live as long as I need it to or want it to. um and assuming that it's something I should be able to delete. Going back to my speeding ticket um example, portability, I want to be able to pick up my data and move it from one place to another. I want them to be interoperable standards. Uh these ones make sense and

are pretty easy. Consent. So, if I've got this new digital identity and I'm in control of my data, if you want to use it, you should ask me to do it. I should be able to give you consent to access my data and I should be easily able to revoke it. Then we've got minimization. Um we're really looking at minimizing the amount of data you're sharing with people. There are many use cases and I've got some examples in our presentation here where in the status quo we are oversharing information. If we're smarter about it, we could get down to what information do you need and I can just give you that without any extra protection.

So, this is one where Chris Allen and I disagree. Christopher Allen says the user's rights should be paramount. He says that should even come over getting a working system. And I I like the thought where he's going. You know, we're doing this for people. It is not a self-licking ice cream cone. enables to make human life better. Um, but if we can make incremental improvements and sacrifice uh the ideal to get it up and running, I think that's better than uh just saying here's the ideal. And it's kind of like Mount Olympus. You can never climb it. You can never reach it. You can never realize it. So, let's talk about the text stack. So,

we've got this idea. How can we make this idea become a reality? Uh well, we're just going to use existing technology. So, uh anyone who's familiar with blockchain would see this is very heavily inspired by that. Um a decentralized identifier. So, something that you can be represented by. So, it could be a number, it could be a string, it could be a hash, something um generally like a wallet address. Uh for any good system, you need a public private key pair. So, we're using public key uh infrastructure or cryptography there. And then you need, especially if it's my data and I'm in control of it, I need somewhere to put my data. And this gets

a little interesting. Um, then you also need kind of a phone book. And I know it's odd to say we need a phone book in 2025. Uh, but we need somewhere where we can look this up, right? Uh, so some kind of data registry or namespace where you can say, hey, what's what are the ids out there? Who can I look up and how can I map this to people? Uh so a few years ago when I heard this concept and I had to write a capstone I went oh well I initially did not like this concept. I did not like it so much that it made me choose this topic because all the other ones I went yeah

okay kind of ambivalent. This one I went I dislike this. I think this is a bad idea. And my first one was you're going to trust me with my data. I'm on my second health care card for Alberta and I've only had it for like three years. I should not be trusted with my own data. Uh and then you know in case of emergency break glass. Who do I call for a help desk? If you're saying you're in charge, am I in charge so much that if I mess up it's gone? If you ask Christopher Allen he would say yes. And that's by design. There is no back door. There is no help desk. And that's where I disagree with

them on um who comes first, needs of the client or needs of a functioning network. And the last one was if I'm in charge of my data, do I do I need to buy a sand or a NAS? Like do I have to carry a floppy disc around? Like how do I store this? Do I put it on the blockchain? What do I what do I do with that? Data centers are expensive. Okay, I'm going to smash through some foundational knowledge quickly uh just so we're all on the same page. Public key cryptography. There's two keys. There's a public key and there's a private key. Can you guess what you should do with the private key?

Keep it private. Keep it secret. Keep it safe. That's the one ring when Gandalf's telling you to do it right. Never give out your private key. But you should and can uh and you need to give out your public key. And since you need the opposite key to undo something. So, if I send something to someone in the crowd, I can send it using their public key and the only one who can open it is their private key. Or if they send me something they've signed, they've signed it with their private key. And as long as they're doing a good job of keeping it secret, keeping it safe, I can assume that it came from them.

Uh, public key cryptography. Everyone probably used the internet today to check the schedule to see which talk they wanted to come to. You're using private key cryptography all the time. It's not a new concept. Uh we're just using it in a slightly different way. Next one might be newer for some folks in the crowd. Zero knowledge proofs. And I'm going to use this room as an example. So I've got uh two exits here. So if we're all in this room and there was a uh door in the hallway and you needed a key card or an access code to get past it. And I'll pick on any route because I know I'm going to any route. you know the code. Can you

prove to me that you know the code? Well, one way is he could just tell me what the code is. The code is 1 2 3 4. Okay, cool. Well, now I know the code. But how can he prove that he knows the code without telling me what it is? So, one way I could do is say, "Hey, hey, Ruth, go out that door and come in this door." And then do that a couple times and say, "Hey, he's obviously passing through the wall somehow, so he must know the code. but he hasn't shown sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh sh

sh sh sh sh sh sh shown it with me, right? So you can kind of set a challenge and this idea is very old. Uh the image I'm using up here is from Alibaba's cave. You can guess by the name. Uh it's probably significantly older than any of us here in the room, but it's really how can you prove something that you know something without telling the other person. So zero knowledge, we got three things. So completeness, you should be able to convince me whatever the test is. uh soundness. If I just did it once, if I said, "Hey, Annie, go out the door and I flipped a coin." I said, "Come in the same door, has he proved it to me?"

Maybe not. Maybe I need to do it five times or 10 times or to your computer 100 or a thousand times. Uh the more times you do it, the more likely you are to be right. So if you only do that test once, 50/50 wouldn't trust it. And zero knowledge, it's in the name. You're minimizing the data you're sharing. And we'll get to some applications of this in a minute. Uh so most IT systems have multiple actors. Uh PKI really loves three. So we've got three actors in any good SSI system at least. So you've got someone issuing uh something. Could be a certificate. It could be a token. It could be a signature. Uh you're getting the holder

who's getting it. So, in this example, uh, we've got, uh, Blake who's getting a degree from Concordia, holds it in his wallet. So, Concordia has signed it using their private key. He then goes to say, "Hey, I'm a doctor now. I'd like to work at a hospital." Hospital says, "Okay, can you prove that you're a doctor?" Instead of showing his actual degree and say, "Yeah, I have a digitally signed degree from Concordia. I'll send it to you uh using my uh wallet app uh or whatever blackmagic tech stack you want to um share it. And you might not share the whole thing. You might say, "Well, what do you need to know? Just a valid doctor degree. Do you

care about the date? Do you care about the specialty? Do you care about my middle name?" You could choose to hide some of that, right? You can make it a zero knowledge proof. And then if you're a reputable employer, you don't just take someone that they're word they're a doctor or a nurse or a lawyer or a dentist. You double check, right? And you can do that easily since it's digital. You can just send a query to Concordia University of Edmonton in this case and say, "Hey, is this degree still good?" And it also gives them the chance to say, "We did give them a degree and then we found out later we shouldn't have, so we've revoked it."

Many people in the room are probably saying, "I this has given me dja vu. I've seen something like this before." And you have uh every time you're using a website, this is what's happening behind the scenes. Your browser is talking to the website saying, "Hey, I have a certificate from Microsoft and Trust, Verasign, Google, someone's saying, I own this website and I'm trustworthy." And then behind the scenes, you go and you say, "Hey, and trust is is this website still good? certificate still valid? And then you do the handshake and you start sending them information. You give them your cat pictures, you log in, you do your banking info, whatever your use case is, right? Uh so really just

talking about using certificates and the wonderful X509 standard, but expanding it to everybody here. So let's look at some practical examples. Trying to pe the youngest person in the room. Anyone been IDed recently? No. Okay. Well, remember when you used to get IDed, you went to the liqu store and you're all nervous. Maybe you're using your brother's fake ID or something and you're worried. But did you ever think how much extra information you're sharing with the clerk when they try to ID you? Does anyone here have Smart Serve? No. No former bartenders here. Okay. Well, if you took Smart Serve, what are they looking for? What's the question I'm trying to boil down when I'm serving

someone liquor? I heard date of birth. I heard age. We're on the right track. Can we boil it down to a binary even more? What's the question where you're going to use their date of birth for? >> Can you legally buy it or not? Are you over the age of majority? That's a yes or no question. We love binary, right? We're all IT and cyber security folks. So, you can craft a zero knowledge proof and send it to someone and their digital wallet can respond with the yes or no. And you might say, well, maybe I need to see a picture as well. Okay, cool. Send them the picture. But what have I preserved? What have I minimized? I

don't need to know where they live. I don't need to know their exact age. I just need to know yes or no, over under the legal drinking age in my jurisdiction. In my case, they don't need to know that I should not be allowed to walk or drive without these, right? didn't leave my height, lots of things they don't need to know. So, just by digitizing it and using uh things that have been around for quite a while already, we're already getting privacy gains. What this could look like is you go up to the cash register at the uh at the bar or at the liquor store or at the dispensary and there's just a QR code

beside the tail and they say, "Yep, take out your phone, scan the QR code." And then on their screen, uh, they'll get the happy green light or the unhappy red light and a picture of your face. And then you can say, "There you go. Done." You don't even need to pull out your ID. Other examples. Hopefully this isn't triggering for anyone. Everyone remember COVID? We all had like vaccine QR codes. Wasn't that fun? I had the most fun because I was in the army at the time and I had a vaccine QR code from a federal healthcare provider. And guess what? It was not interoperable with Alberta. So I had this piece of paper that said I had a vaccine. People

would scan it and it would give them the red light and they're like, "No, you're faking." Wasn't great time for me. But really, uh, what saved me was I was able to overshare. I was able to pull out a whole piece of paper and there's a vaccine number and a lot number and a this and a that. Uh, they even had another little, hey, Google it. It's a real thing. Uh, it was helpful, but ideally what we were trying to boil down to was just vaccinated. Yes. No, everything else was oversharing, right? And you could do the same thing with certifications, degrees. Uh you could look at it for access control to employees for a business. They're

employed or they're not. They can access the thing or they they cannot right? Okay. So, that's foundational stuff. Now, let's talk about let's personalize it a bit because I like to think I'm a personal guy. The problem, the problem is me. I I was my own uh test person. But this anyone, this is full of paper. When I left the army, they gave me this wonderful stack. They said, "Here's your health record." Cool. Thanks. Like it it was in the computer. And I live in Alberta. I mean, I've got an Alberta Health now and they have computers. Why Why is it not in the computer anymore? This is a problem. And I still have this

because no doctor wants to take this from me. I don't know how much I'd have to pay them to sit down and scan this entire document. And I got to ask you, you look strong. How much do you think this weighs?

It's about right. Yeah. So, I weighed it this morning. This is about the same as me when I was born. This is 9 lb 8 o, okay, that's a problem. And then I think, well, I was in the army. I bounced around a lot. Uh, so I lived in my 30 odd years, eight provinces. So, I have healthcare data in all eight of them. And then I have the ninth one. The army has its own healthare system. So, I have data trapped in nine different healthcare silos. And if I went to a family doctor, if I could find one in Alberta, they would say, "You only have two entries and they're both from the emergency room and

you had kidney stones." Like, you tell me you've never seen a doctor in your life? Oh, I have. You just can't see it. So, we have a silo problem, right? And that silo problem comes down to doctor in Alberta can't see my notes from my emergency surgery where they re rebuilt my spine in Manitoba. They can't see the time I got hit by a car in Nova Scotia. They can't see routine health checkups and things like that when I lost my baby teeth or whatever it was uh in BC. And why can't they? It sucks. We're not there yet. Maybe it's because it's provinially regulated and you know a doctor in Alberta isn't regulated in BC, Manitoba,

Ontario, Quebec, New Brunswick, Nova Scotia, any of the places where my healthcare data resides. And there's lots of laws about these, right? And there's exciting ones. PUA pointed one out to me yesterday and said, "Oh, you should look up FHI. It's kind of an open standard of, well, if we write healthcare data this way, it's accessible and multiple clients can look at it." I went, "Okay, that's cool. But you still can't retrieve my data from somewhere else without a data sharing agreement and lots of red tape, right?

Uh and increasingly I look around this room and I see not everyone here looks like me. Not everyone here was born in Canada or born in Alberta. Uh I assume, show hands, was anyone here only ever born, lived, raised, has never seen a doctor anywhere except Alberta? Okay, so you all have the same problem as me. So this is a problem and people are moving more and more frequently around the world, right? So we figured out a problem. I figured out a concept I didn't like. I've got a research advisor who says, "Okay, now you got to set some research objectives." Yeah. Okay, master thing. Yeah, I got to pass this. Uh, so what did I come up with? Well, I wanted a

solution that would fix my problem of I have data in many places and it's not accessible to me. Uh, and we call that legacy data and there's a whole hockey sock full of rules uh that you have to follow for that, right? Uh, so it's complex on the GRC side and compliance side. So that took up a bunch of my paper and then I said, well, if I'm going to change something, why don't I measure it using CIA? and we say, you know, status quo, it gets a four and hopefully whatever I do for a benchmark later gets me higher than a four. So, let's look at the status quo for a minute here. Uh, we've got some actors, right? We got

some institutional actors like someone giving you a degree. We've got a hospital or an employer. We've got government agencies. Uh, we're looking at a healthcare setting. So, we got a healthcare practitioner. We got a database where the data lives or in my case does not live. And then we've got a client or a patient. So in the status quo, you go off go to med school, you get a degree, you go see a hospital, they say, "Cool, you're hired." What's the next thing they do? They make you a user account. And with that user account, what can you do? You can look at people's files, right? And that's helpful. You're supposed to look at people's files.

Uh but If you're here in Alberta, you can see every patient in Alberta. Do you think a doctor is treating every person in Alberta? No. Right. There's not a really good control on uh overreach, looking up your exboyfriend or girlfriend to see if they've got an STI. Looking up someone for insurance reasons, looking up someone because you're bored, accidentally just putting a typo in their name. Lots of things you could do with that role-based access account that you shouldn't be doing. And we already have kind of a consent process in place, right? You go see a doctor, you sign a consent form saying, "I'm willing for you to look at my stuff in NetCare." And then they put it in a filing cabinet

somewhere, piece of paper you signed, and then they're going to go to the computer and they're going to look at something in a digital system. So here's my proposal. what I bring that I think is new and say, well, what if we just gave everyone digital identities or self- sovereign identities? Uh, and I want to head off people saying, well, isn't this just Chinese social credit? I want to say the way we would roll this out is there are when I wrote my paper in 2024, over a hundred different platforms and apps you can download uh to make a decentralized identifier or digital ID. So, you make it using however you want. Then you go to the doctor's office or

you call AHS or there's multiple ways you can do it and say, "Hey, here's my decentralized identifier. Can you link my Alberta Healthcare to this new number?" Okay, cool. So now we've linked it. Then you go to the doctor and say, "Hey, uh, I would like to give you consent. I have this funky digital wallet app thing and instead of me signing a piece of paper, can I scan a QR code and give you digital consent to look at my healthcare data? The practitioner then gets your digital consent, stores it in a wallet, and then what really happens, where the magic is, and I'm proposing is we update our databases instead of using role-based access control to log in where you log

in your username and your password and then you can look at all sorts of things and you make someone who's in the auditor role very stressed because there's so many people accessing it. We replace that and say I would like to access the files of Bre and Piper and instead of the database asking for a username and password says hey show me his digitally signed consent for show me that X509 standard certificate that you're trusted and then just like you would for a website uh the database goes and says hey Breen is this still good you haven't revoked it there's no issues like that right and then it would return only my healthcare data it's not I have

consent to look at reckon. So I can look at Eniroot, Sabina, Puja, anyone else in the room, right? You tie it to that specific individual. So what would that look like? Well, we've got most of the same actors. We've still got a database where my files live. We still got a patient. We still got a healthcare practitioner. We still got people doing that governance, oversight compliance uh certification, all of those things. What we need to add is a verifiable data registry. Somewhere where you can store um my name, my identifier, uh somewhere where you can store your certificates because if you're a doctor and you've got 200 patients, you're going to get 200 certificates. What do I do with those? Do I

I replicate this problem? Do I print them all out? No, you want to store them somewhere. And this is actually a case where blockchain could be useful. Um, I don't think we talked about blockchain much anymore. Now it's all AI AI, right? But, uh, blockchain could be useful for this. You could say, "Yeah, we're just going to make a a network where you can store things right into the blockchain and we'll use our existing data centers as blockchain nodes." It wouldn't be like Bitcoin where you can sit at home and mine it and hope that you'll get that cookie eventually and it'll be worth millions of dollars. Uh, this is not a profit one. This is just a way to make a

resilient mirrored data center.

The other great thing about this that solves my personal problem, if I called up Nova Scotia, Manitoba, all the other places I've lived and said, "Hey, I have this digital identifier. I've got my digital ID. Can I link my old healthcare number to it?" Yeah, cool. I can then give you consent to look at my files. And it doesn't matter where the files are. It matters that you have my consent. We could take it a step further and I could say uh I see many people who I would say are healthcare practitioners who don't have neck care. My physio does not have the same system. If I go see Cairo, they don't have the same system.

If I go for acupuncture or massage or if I'm into naturopathy things like that, they don't have the same system. They're not regulated the same. They don't have access. But I could give them consent.

And I'm I'm a pessimistic person. So I love poking holes in concepts. I say that's great, but have you considered A through Zed? All the issues. So some of them that I point out in my paper and I talk about uh digital citizens. Anyone here have family or maybe they themselves don't use the internet? No, just me. I can say on my mom's side, I have 12 aunts and uncles and my grandmother. Uh between them, they have one cell phone and one internet connection. They are not digital citizens. They would not buy into this. So if I could wave a magic wand and roll out my system tomorrow and I rolled it out as presented, I would almost be impacting

their patient care because they're not going to get a phone. They're not going to do all this stuff. So you'd have to consider those legacy patients. And I'll get to a solution for that in a sec. But then also if I say if you want to look at my files, you need my digital consent. and I use my phone to give digital consent and I use my fingerprint to unlock my phone. What happens when you roll me in emerge and I'm unconscious and my phone is in the car but I'm not or my thumb is in the car and my phone's on me and I can't unlock it. Like it would be cool if you could see my

healthcare file but you need to ask me and I'm I'm on the gurnie. I'm not talking. So we've kind of put a roadblock in our way, right? And Chris Allen would hate this, but the back door or the compromise that you would make for this is we are replacing role-based access control except for emergency doctors. And for emergency doctors, AHS or whatever your governing body is could give them a certificate saying they're emergency doctor. They don't need the consent. But it's a digital system. I've got an app. I can now see things. So, if emergency doctors are looking at my thing every week, I could get an alert. I could call HS and say, "Hey, someone's

looking at my stuff. I'm not in emerge. Maybe you should talk to that doctor." And it makes an auditor's life way easier. And you do the same thing for someone who's not a digital citizen. You just say, "Okay, cool." You opt into this system. And as soon as you do, as soon as you link your new digital identifier or your decentralized identifier to your healthcare number, you now need consent. If you don't do that, we'll just check and make sure the doctor is licensed. So now you're serving both audiences. One I wasn't 100% able to crack children. I don't have any and I kind of think they're a problem. They're messy. Anyone have kids? Anyone have kids under

18? Do they have their healthcare cards or do you right? Would you trust them with an app where they can make healthcare decisions and stuff? Not yet. Right. So, now we got to figure out some sort of stewardship uh where you can make decisions for them until they're 18. And how does that work? It gets complicated. Uh same thing. What if what if on the other end of the scale? Uh I can tell based on my family history, I'm probably going to have Alzheimer's and dementia. Uh it doesn't look like a fun time. Well, my grandparents didn't care. They were having a great time, but everyone else wasn't fun for him. At some point, you're not going to be a rational actor.

So, you need to figure out how do you treat those people. Do you go see a judge and does a judge have a back door similar to an emergency doctor where they can take away your ability to consent and give it to someone else? Get that guardianship or stewardship. Okay. So, results. So, let's talk confidentiality. So, we've thrown out role-based access control. We've given everyone digital identifiers in a wallet app. And now you can uh consent to share files with someone. So confidentiality and I'll talk about confidentiality and availability because it can be an argument about which one is which. So I think I have an availability problem because this is not available to me. Neither is

all of my other healthcare data. Right? So that would solve my availability problem. Uh, and it also gives you the unintended benefit of I could share this digital data with almost anyone. Give it to my wife, my dog, my favorite sake brewer, guys I play in a bag pipe band with, it doesn't matter, right? So that's either your confidentiality or your availability. We've got some small problems where oh there's fringe cases of children, elderly, emergency situations that I hope we've massaged out so that they're a net wash. And then we've got integrity. Uh just because you give someone consent to look at your data doesn't mean they can write data or change things about you. Right? That was in Chris Allen's

original concepts of control versus access. Uh so when I scored this, I said I made big improvements on confidentiality and availability, and I didn't really touch integrity. Uh hopefully I've convinced people in the audience roughly the same. Uh but in case I haven't I don't have a question slide uh Q&A because I I don't think I have all the answers. This is a a concept. Uh so feel free throw questions at me and we can discuss it. I got one already. >> Shoot.

>> Yes, great question. So when you're giving someone your consent, your digitally signed consent form, that certificate, you can put on lots of writers. You can put on that it's valid for a day, a week, a month. You could put on that it's valid for x number of uses. So you can log in and see my data 10 times. You could, if the underlying medical system supports it, you could say you can look at my uh msk datas, your muscal, I can't say the word apparently. Um or you could say you can only look at my mental health data. You can put on lots of controls like that and conditional access. Uh but what you run into is

vendor lock in. And I hate saying vendor lockin is a thing for healthcare data but it is where different countries and provinces and states around the world have their data stored in different formats. So I might say, "Oh yeah, you can look at my stuff but only my stuff that's tagged mental health." and then you go to pull my file from Germany and they don't have it tagged as mental health, they have it tagged as psych evaluation or something. So you get into some weird mismatches there. Um but there is lots of different things you can add there and the challenge would be how do you make it interoperable? So, it works here in Alberta because I have a

relatively good understanding of what that healthare system looks like based on my research, but it wouldn't work super well worldwide or globally. Does that answer the question? Did I miss anything? Okay. Anybody? Anybody? Let's go to the back first.

>> Oh, an implantable data store. Yep. So, I I have a lovehate with biometrics and implantable data stores. Um, and personal story, uh, I lost a knife fight and I've got some scars on my hands from it and suddenly I couldn't access a secure facility that I could the week before. I had to get security to escort me in and it was a whole thing and it was really annoying. Um, so it's cool that you can implant something in your hand up until you don't have your hand anymore. So, I I have concerns about that. Um, and those concerns would be minimized if we said, "Yeah, it's not the full self- sovereign identity where if you lose it, you're basically

screwed." Um, if it was, here's a token and I can reset it or I can revoke it and I can go to a new one when I get my artificial hand or my uh clone hand that I take from a lab vault or whatever is going to happen in a few years. Data storage, I'm torn. I don't know about implanting data and being like, "This is the one copy because then you're not doing 321 backups." There's so many things you could get wrong. Uh half my credit cards still don't work because the facility I used to work in had strong magnets for degasing and then shredding hard drives. Um so there's ways that that could go

wrong, but it is promising as long as we've got some some guard rails on it. Okay, I think I saw one over here on my left.

Okay, great question. So, the question is really um integrity. If you're in charge of your data, uh does that mean you can block people writing things about you? Uh, and when we're talking the self-s sovereign identity system or my consentbased access control system, everything someone's writing about you would be called a claim. And just because I have control of my identity does not mean I can control claims other people make about me. Uh, so if I went to see the doctor and they said, "You have cancer." I said, "No, I don't." And if I had a button that would click no, maybe I would go doctor shopping and see 10 doctors until I found one that gave me

the diagnosis I want. Right? Um, this system would not let you block someone making a claim about that. So, if I gave you consent to look at my files, you can look at my files. If you wanted to write something mean about me, all you would need to know is my decentralized identifier. You wouldn't even need my consent to write a note about me, but it would get flagged. This person does not have consent and they wouldn't be able to see the rest of your file, right? So, you'd have to question that. Uh, but same thing with the speeding ticket, right? You were speeding. No, I wasn't. Delete. I delete that ticket. You don't have

control over what's said about you for those claims, but you do have access to see them. Does that make sense? I did deliberately not put more stuff in the slides to get this discussion. So hopefully other people have questions. Sabina, >> there's a challenge here.

That would be 10 more research papers for me to write out. >> I I like the question though because it comes down to that interoperability. Um the nut that I'm targeting with this uh talk and this research paper that is hopefully getting published soon is just getting the access control sorted. That doesn't mean that uh just because I gave my doctor here in Alberta access to my healthcare file in Manitoba that his net care client that he uses to access files can read and parse the surgical notes from Manitoba. That's a separate problem of interoperability and it's kind of being solved by FHI uh which is a new standard for how to formulate healthcare records so that

they're interoperable but it's not there yet. Uh, one other thing I think I didn't talk about. Uh, anyone think that this is very close to like social credit and what uh, countries we don't like like China are doing and could be used for evil to control their citizens. >> Maybe. >> Sure. Citizenship on driver's license or if you're in Texas, they want to look at your gender from the DMV for nefarious reasons, things like that. I will say, and it was in my notes, I forgot to mention it at the time. When you're making your digital ID, you're not limited to one. So, that existence, uh, how many digital IDs do I personally have? Well, I've got

a Yahoo mail. I've got like six Gmails. I've got a Steam account. I've got all these different ways you can look me up, right? The same thing should be said for digital IDs where you can make as many accounts as you want. And then you link that account to something else. So, you say, "This is my digital ID. I'm going to use it for my healthcare records across the world. Or in my case, I have seven or eight data silos. I can make seven or eight digital IDs and link each one to a different healthcare number. You're not limited that way. Uh and that helps preserve your privacy and minimize it where if you give someone consent to

look at your healthcare data, you could do that from an account that just has healthcare data. I could have a separate digital ID where I just keep my employment data. I could have a separate one I just use to post nasty reviews on Google Maps. Um, you could have whatever you want in that. And that's different than the social credit scheme or ones where you have one digital ID and everyone knows it's you and it can be traced back to you. So if you don't help that old lady across the street, suddenly you can't get a bank loan to buy a car. There's no other questions. I think we've probably got about three or four

minutes. Okay. Uh well, I want to thank a couple people. So, one, uh I want to thank Sabina for coming upstairs because I know you were standing down with the the SIP platform. Uh and you're here at Bides trying to convince people to mentor and do other things with SIPs, which is a great cause. Um but you don't get to come up and learn and keep doing professional development. So, I think that's a bit of a sacrifice. And then all our wonderful volunteers who are in and out and making this all work. Uh, I personally would not do it because I don't have the patience for whatever that cabling is. So, thank you guys for

taking that away from me.