March 17th, Saint Patrick’s Day, became the day when European Commission approved and proposed for EU Member States the form and content of the so-called COVID passport, a digital and physical certificate with the complete information about the owner’s coronavirus statistics. That includes: vaccination info (when, where and what kind of vaccine), past COVID test results and the health information about recovering from this illness (if happened).
The purpose of this long-awaited document is very simple — to allow people to cross the borders again, to be able to breathe the foreign air of any place other than their own corner where they’ve spent the year-long lockdown.
This European proposal is not a fixed form, but a model, an example of how this document should look. It is demanded that COVID-passports should be digital as well as physical documents, bilingual and free of charge. There are no specifications regarding how long this document will be considered “valid” or how often it should be renewed.
There is no doubt that while some European countries (including Belgium itself) already are and will continue to argue over “biopolitics” and “discrimination of the freedom of movement”, COVID certificates are a real thing now. And it is happening all over the globe. Imagine the world where you need to flash this pass to get on the plane or even into a nightclub.
What about USA
While not being federally approved, COVID passports are slowly crawling into the USA, at least in the form of an app. There is, for example, a Clear (“trusted-traveler program that helps fliers get through airport security more quickly”) and it’s the Health Pass app that is already being used among sports leagues and museums to verify the COVID status of the owners. Other ones are also in use: there are custom apps from Commons Project Foundation and the International Air Transport Association that serve the same purpose.
However, these are the private initiatives. The federal government is still a bit of confused about the issue. While Andy Slavitt, White House senior adviser for COVID-19 response is optimistic about the number of Americans that will eventually take the vaccine (“up to 89%, like they did in Israel”), he thinks that it will be too much for the White House to take responsibility to introduce and maintain such health certificates.
“It’s not the role of the government to hold that data and to do that” says Andy Slavitt, passing the ball, as it seems, to the tech corporations. It is an open question, who people fear the most, all-seeing government or evil powerful corporations. Anyway, if the White House is unable and not willing to make COVID-database private and secure, America needs someone else to do that.
The biggest problem is, says Dr. Julie Morita, another member of President Joe Biden’s COVID-19 Advisory Board, there is no unified database of vaccination info. It should be created from scratch. At this moment pharmacies, community health centers, medical offices and even state and federal vaccination centers have separate data banks with different standards of keeping records. It raises two more questions: who can create such a database and how to protect this sensitive data. The developer of a great American vaccination database should make it leakproof, and even IT giants like Google, Facebook and Amazon cannot guarantee this for sure.
Mike Joyce, co-developer of AT&T’s mHealth platform thinks that the hardest part of the federal-scale system of this size will be the vertical integration throughout the entire chain of American healthcare. However, the expert states, the problem is more about organizational collaboration (involving at least five disparate ecosystems) and not a technical one. Another obstacle is the lack of Federal ID systems in the US and a danger of privacy violation if this one will be created. Joyce is sure that “centralized, federal leadership would be required”, and the White House clearly said “no” on this matter.
Unique digital signature
If the database containing the medical info is still somewhat ephemeral, the client side should be much easier to develop. Jenn Markey, Product Marketing Director for Identity, Entrust, points out that all we need is a digital signature with multi-layered security, stored inside the mobile phone or a smart card device. This digital link will be connected to the biometric data of a person and medical records from the database (they may be even inscripted inside that signature).
The process of verification will be performed only by the authorities with the test of integrity and correctness of each layer: correctly identified by biometry person, encrypted medical document, issued by the real and correctly digitally signed medical center. This kind of covid-pass will be almost impossible to forge, at least without the corruption on the medical center side or without the hacking the authorities’ scanner, much easier just to get vaccinated.
What happens next
Vaccine scepticism is very high in Europe (remind you, that the EU was the birthplace of crazy conspiracy theories about the connection of 5G and COVID). Up to 60% of French citizens don’t want to get the magic shot. COVID passports are even more controversial, and governments need to find a balance between public health and not violating the civil rights (if vaccination is “voluntarily” and acquiring COVID passport is “voluntarily” too, but your civil rights are seriously limited, is it fair?). China, known for its dystopian system of civil control, on the other hand, embraces COVID passports and this association is not very helpful for the progress of this matter.
A lot of people all over the globe are confused by conflicting propaganda and distorted facts in social networks or just afraid (especially if they didn’t get infected with the virus before) and are hesitating to get vaccinated. If corona-certificates become mandatory for people travel or even work (say, in food-chains), there will be a high demand and thus supply for fake COVID-passports, like there always was and always will be the black market for basic medical examination certificates.
Should we expect the appearance of the new black market? How would this work if all the data will be checked and protected? Cybercrime will always find its way. Also, what we sure should expect is another rise of phishing campaigns and web pages connected to the COVID-passports subject, promising free passes and taking your money upfront, effectively stealing it. In fact, this kind of scam was here already for several months, long before the actual certificates were approved.
We are all tired of lockdown, we are all tired of the virus. One year of the global state of emergency is enough, we need to return to the world we once knew, where we can travel, discover and live a full life outside the web. If covid-pass is a necessary step to this, it is probably the compromise we all need to make. Dear developers, just please do this the right way, secure and safe!