Quote:

These "passports" could prove to be a solution for travelers crossing borders, but they also come with their own set of challenges

As the number of people getting vaccinated against Covid-19 rises, it's time to review the ways that people can prove they have been inoculated when they want to cross international borders.

These so-called “vaccine passports” have been in development over the past year and are starting to go through various trials and beta tests. The passports would be used by travelers to supplement their actual national passport and other border-crossing documents as they clear customs and immigration barriers.

The goal would be to have your vaccination documented in a way that it could be accepted and understood across different languages and national procedures.

As you might imagine, it's a tall order. Already, the Australian airline Qantas is talking about requiring proof of vaccination against Covid-19 for all of its passengers — both domestic and foreign— at some point in the future.

Part of the challenge is that the vaccine passports can take a variety of physical forms, such as a physical card or a mobile app. The proof could be indicated by either a QR code or a paper sticker (that would presumably be difficult to forge). I’ll focus on the digital passport forms for this post, which hopefully would be less likely to be lost and can be made part of passengers' existing travel records.

Issues to consider

There are several major issues around these passports:

• Are the passports truly protecting data end-to-end? Obviously, encryption is a must. But how the encryption is applied and where it can be compromised are important details in the design and execution of these documents.
  
  
• Where will the data be stored? The best solution is to not send any data anywhere, and store identity information on a user’s smartphone.
  
  
• Can the passports be used for all vaccines that are being administered? Currently, there are more than 200 vaccines in development, and more than a handful that are being deployed in various countries. Vetting this information will certainly be a challenge to keep it accurate and secure and work across the many different systems that will consume this data.
  
  
• Can these passports adapt to the changing health department and custom border crossing requirements? This can be the most vexing issue, as these requirements are being adjusted as new information about the virus and the vaccinations becomes available.
  
  
• How would they connect to vaccination centers so they can securely send results and certify the public? The ideal application would be to issue a pass/fail grade for an individual, so there is no need to interpret the medical information by someone who isn’t a doctor.
  
  
• Would they exist as a separate smartphone app or integrate into an existing contactless app (such as Apple Health for iOS) that can also manage other travel details (such as passport data) and health-related data (such as life-threatening conditions or other vaccines)? For those that don’t have smartphones, the idea is that these users will print a QR code with some embedded cryptography which can be scanned for vaccine verification.
  

Potential issues related to cyberattacks

One issue we should address in more depth is: what happens if something goes wrong? Let’s say you arrive at your destination country’s custom barrier and present your app to verify that you got vaccinated, but for some reason, your data shows that you are missing your vaccine. Whom do you call? How do you get this resolved? That certainly could happen, and the devil is in the details to be sure.

But we've already seen how the vaccine supply chain is a tempting target for cybercriminals. Six pharma companies in the US, UK and South Korea have been targeted by North Korean hackers. And logistics vendors who are moving the vaccines from the suppliers have also been receiving specialized phishing emails beginning in September. And earlier in December, the European Medicines Agency, which evaluates and approves drugs for EU distribution, was also the subject of a cyberattack.  

Who are the contenders?

Let’s look at the likely contenders for supplying the digital vaccine passport and what has happened with actual beta tests to date.

CommonPassThe most widespread program so far is one called CommonPass. It is an open-source project being co-sponsored by the World Economic Forum and the Rockefeller Foundation. It will connect to a wide variety of data sources and communicate a simple pass/fail based on entry requirements of the destination country. The passport is part of a wider Mitre project called the Vaccine Credential Initiative, which has a wide collection of partners, including both
Walgreens and CVS drug stores along with Apple, Google, Microsoft and various other healthcare partners, such as the Mayo Clinic.

Their goal is to ensure that everyone who gets the vaccination will get a digital copy to prove it and have a trustworthy, traceable, verifiable and universally recognized digital record of immunization status. According to their website, users will consent to have their vaccination records made available without revealing any other medical or personal health data.

According to my conversation with Dr. Brian Anderson of Mitre, it will initially involve using one of a series of standalone smartphone apps that are currently in development. Anderson acknowledges the issues of scope and scale — he mentioned that the plan is to begin with US-based end users before moving to other parts of the world.
...