The COVID-19 pandemic has changed the way the world works in many ways, from how we work to living more socially distanced lives. Another way it may impact society is helping pave the way for more widespread use of digital passports, specifically vaccine and immunity passports. Some speculate that they may even transform digital identity as we know it, making some kind of streamlined worldwide digital identity pass the norm in the years to come. For that to happen, though, there would need to be serious consideration given to privacy and ethical concerns.
Read on to find out more about vaccine passports, the debate surrounding them, and how PKI (the system underlying SSL certificates and public-key cryptography) can and should be utilized to ensure data protection across the board.
What is a vaccine passport?
Over the past few months, COVID-19 vaccine or immunity passports have been adopted by many nations worldwide. Typically some form of digital ID, these passes are used to verify whether a person has been vaccinated against COVID-19. Vaccine passports have all but become a requirement for international travel in some jurisdictions, while in various countries, they are required if you want to attend crowded events or indoor premises like bars and restaurants.
The exact form and usage of vaccine passports vary from place to place. The EU has created an EU COVID-19 Vaccine Passport/Certificate for use across all 27 member states. Available in both digital and physical forms, people who have been vaccinated can get a pass, as well as those who have caught COVID-19 and recovered, and those who have tested negative for the virus within a certain time frame of travel. Meanwhile, the US has ruled out a federal vaccine passport scheme, but some states, such as New York, have created their own apps.
Vaccine passports aren’t a new invention
This new advent of the digital vaccine passport hasn’t come without criticism and controversy, much of which overlooks the fact that vaccine passports in some shape or form have been around for over 100 years. In 1897 India, proof of having gotten a plague vaccination was required under certain circumstances. In the early 1900’s US, when vaccines were administered far more unpleasantly (not with a syringe but via a knife wound), people often had to show their smallpox vaccine scars to enter public spaces. In the 1930s, the World Health Organization (WHO) created the Caret Jaune (yellow card), which people still use today to show that they are vaccinated against yellow fever, cholera, Typhus fever, smallpox, and rubella. The certificate is required to access certain countries where there is an increased risk of catching these diseases. The benefit of a digital alternative over the physical Carte Jaune is that it’s less easy to lose and far more difficult to counterfeit.
However, while vaccine passports may not be an entirely new concept, none of this is to say that some people’s concerns regarding the use of digital vaccine passports aren’t legitimate.
Ensuring appropriate use
While vaccine passports are being pushed as a temporary solution, there is historical precedence for temporary measures becoming permanent, a case in point being the general passport everyone around the world uses for international travel. While everyone who travels today is used to these documents being a requirement, they have only been around since the 1920s, having been introduced as an emergency document by the League of Nations after the First World War due to security concerns. Their introduction was controversial and still is to some extent. Many still perceive passports as creating a two-tier system, favoring those from wealthy, privileged nations and limiting the movement of those from poorer countries.
Such criticisms have also been leveled at vaccine passports being mandatory for accessing public spaces as well as international travel. There are also worries that a vaccine passport could be just the beginning of digital passports based on specific health requirements. Even the WHO has recommended that vaccine passports should be discontinued when COVID-19 is no longer considered a health emergency and warned that governments should proceed with caution, ensuring that this initiative does not lead to the surveillance of health information becoming a normal state of affairs. This is not even to mention the issue of accessibility. Not everyone can afford or has access to a smartphone or computer, so they may have to jump through hoops to go about their normal, daily lives.
Digital vaccination passports are theoretically safer than having only a physical equivalent, but only if they commit to using the highest cryptographic standards to protect user privacy, as well as only transmitting minimal data. Many vaccine passports developed so far feature a QR code that is scanned upon entry to wherever it is required. The data transmitted varies from provider to provider.
The EU version features a digital signature of the issuing health body to protect against falsification. The information stored in the digital passport is encrypted. When it is scanned, the data stored is not transmitted; it only checks the validity of the cryptographic keys. Meanwhile, New York’s Excelsior Pass does not share unnecessary data and uses blockchain to secure user data.
While this is a promising start, the vaccine passport rollout hasn’t been without flaws so far. Some have identified some security issues inherent in the EU passport, while experts have pointed out that the QR codes of Quebec, Canada’s vaccine passport app are not encrypted, so the information within could be easily read by third parties.
The idea of digital vaccine passports is a controversial one, and that’s unlikely to change any time soon. As they continue to become a reality in many jurisdictions, it’s more important than ever that governments take the appropriate steps to ensure that “digital identity” doesn’t become a weapon to discriminate against certain members of the population. If digital identification starts to become more widespread in the years to come, steps will have to be taken to ensure that only the most vital information is shared and that robust cryptographic protocols are established across the board to protect user privacy and prevent data theft.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.