Digital health passports, or vaccine passports, are much-touted as the fastest and safest way to get the world - and tourism industry - out of the global economic stagnation caused by the coronavirus pandemic. That seems plausible to the layperson, but tech leaders share concerns about security, privacy and standards.
Now that a global vaccine rollout is under way, it's no surprise that people are starting to think about a return to normal, which includes the ability to travel between countries without long quarantines or the risk of infection. But there are many challenges along the way.
"One of the first challenges becomes the definition of ‘vaccinated'," said Tim Mackey of the Synopsys Cybersecurity Research Centre. "Outside of the Yellow Card, more formally known as the international certificate of vaccination for yellow fever, there really isn't an internationally accepted means to confirm if an individual has met a vaccination requirement. Considering the Yellow Card is itself a paper document signed by a medical professional who supervised the actual vaccination, that model would be difficult to replicate given the scale of Covid-19 vaccination requirements - and that's before we get to the potential security implications."
Phil Booth, founder at medical privacy campaign medConfidential, also notes that having a vaccine is no guarantee of safety for others:
"A vaccine passport doesn't mean you aren't able to transfer the virus. It means you are probably safe from COVID, but it's very wrong, and potentially quite selfish, to think there are not situations in which it would entirely appropriate to take a test to prove you are not currently infectious."
It would be politically difficult (read: deeply unpopular and divisive) for the government to endorse a system that only gives the right to travel to certain individuals, until a vaccine has at least been offered to every adult in the UK. It would be a surprising move from a government so concerned with its own electoral image.
In addition, some groups may not want the vaccine for religious, cultural or other reasons: a further wrinkle. The EU is attempting to address that by accepting proof of a negative test, but that is an even more flawed approach.
"How long does the test proof last for?" asked Booth. "If you had it immediately before getting on the plane then at least the airport would be safe, but after a few weeks? It would also be easy for someone who's had a vaccine to pass the virus to someone who's had a negative test.
"Any policy based on the notion that vaccine or Covid testing is 100 per cent proof is deeply, deeply flawed."
The merits of paper
You might have thought the digital vs paper debate was long over, but when it comes to medical records there is something to be said for an unhackable medium.
Two approaches are being widely discussed, at least in the UK: one using a digital ID system from a third party (examples already on the market include the IBM Digital Health Pass, V-Health Passport, CLEAR Health Pass, IATA Travel Pass and CommonPass), and the other to build it into the existing NHS app. Beyond basic technical issues like interoperability, both have major flaws.
"What is really worrying is loads of people rocking up with digital IDs," says Booth. "What they're actually selling is a whole ID infrastructure, which is much more complex. We do not want to come out of the pandemic with a third-party system that has access to your medical records."
Mackey says, "The security implications of those mobile apps are similar to any healthcare app: any medical data on a person is of prime value to an attacker… Even if the medical data is limited to a simple statement of vaccination, the nature of the pandemic makes even that data rather valuable. For example, if there were a bug in the app or underlying service that caused it to display to someone that a vaccination protocol hadn't been completed when it had, then such an error could result in the traveller being denied entry or worse."
Medical record access is a major concern with any healthcare app; if it's hacked, then suddenly criminals can access nearly everything about you, from your place of birth to your blood type. And it isn't limited to cyber-attacks: the NHS app needs access to your medical records to show vaccine information, and if used as a passport must, by definition, be handed over at a border.
"Will our government use the NHS app?" Booth asked. "That would be fantastically dangerous and stupid. You don't just download an app; you also need your NHS login, which is quite a detailed procedure to ensure you can reach into your GP practice's records.
"If we propose an app-based approach, we are in effect saying, ‘Hand over your phone to a foreign official with unlocked access to your medical records.'"
"Returning to a world where international travel and even air-travel is once again commonplace is something we all want, but it requires far more than an app to be solved."
Equally, relying only on paper is open to abuse. Javvad Malik of KnowBe4, says, "The pandemic has brought about a set of ever-changing requirements and inconsistencies between governments as to what is an acceptable level of risk. Unless there is a centralised system which can tie vaccination to a person's passport or ID, there will always be a risk of forged documents being used to bypass the requirements."
Chad Anderson of DomainTools, agreed. "So far, multiple countries' proof of vaccine cards have already been seen for sale on the Internet. The UK, for example, has multiple cards on eBay and other common sites. The lack of a trusted system, similar to that of ID cards, for verifying a vaccination and the reliance on paper cards lacking any security whatsoever means that forged cards will rapidly become a problem as vaccinations become a requirement to access services. Governments have had over a year to put a simple system in place, but most countries around the world have failed to do so. We can only hope that the spread of people getting the vaccination will outweigh those looking to evade restrictions and participate in reopening without a vaccine."
Booth believes a combined paper-and-digital approach is safer and more robust than relying on one or the other.
"None of that is to say there aren't reasons to do [a vaccine passport]; the Yellow Card is widely accepted and we should do something along those lines. There are all sorts of dangers in using apps; there may be more merits to a physical paper certificate that can be associated with a passport document, which can also be requested digitally from the NHS [using a QR code or similar]. People could also take a photo of that on their phone…
"When you're moving around the world, we require a physical passport or ID card. There are reasons for that, i.e., some countries lack digital infrastructure. A piece of paper with a QR code on it is simple and can be done via a phone, it doesn't need a whole e-gate setup. Anything cleverer either exposes the individual to risk at the border, or exposes us as citizens to a new ID system linked to our medical records."
So, once again, the idea of a vaccine passport might seem perfectly logical; but there are many issues standing in the way, from political and social to security and privacy. The important point is to ensure safety and clarity for users; and if that delays the rollout, that is a price we may have to accept.
The draft proposal would also ban algorithms that judge people's trustworthiness based on their social behaviour
Apple and Google's Exposure Notification API specifically disallows asking people to share their location data
Data collected also includes people's names, location details, identification numbers and online identifiers
The company says it is not confident that it has full visibility on which users will need to be informed
The Home Office is allegedly considering measures to compel Facebook to break encryption on its messaging apps