Documents identifying those who have been inoculated could help governments reopen after lockdown, but they also raise questions over privacy and patient rights
With the rollout of mass vaccination programmes against coronavirus in a number of countries, many are beginning to contemplate doing everyday things again, from going to the cinema to taking a holiday or attending a concert. However, with cases still high and worries about new variants emerging, businesses and governments are increasingly likely to want proof people have had a jab and therefore pose less of a health risk.
Already, both Australian airline Qantas and UK cruise firm Saga have said their passengers will need to have been inoculated to travel with them in the near future. London-based plumbing business Pimlico Plumbers, meanwhile, says vaccination will be a contractual obligation for new and existing staff, although employment lawyers have raised concerns over how this would work in practice.
The question is how will people prove their vaccination status, particularly if it is requested multiple times a day. So-called vaccine passports are being touted as the most likely answer.
Iceland has already started issuing vaccine certificates to citizens who have had two vaccine shots to enable them to travel. Denmark has also revealed plans to launch a vaccine passport, initially as a simple form that shows whether someone has been vaccinated but with plans to develop a full digital passport in the coming months.
The benefits of a digital passport
The idea behind a digital vaccine passport is that people would download and present their medical records on their smartphones in an encrypted, yet verifiable, way.
Most countries currently issue proof of vaccination in the form of paper certificates, for example a GP surgery will give travellers a paper certificate to prove they have had a yellow fever jab. But critics say these can be easily forged, are not universally recognised and a more practical digital alternative is needed.
Technology and healthcare companies from around the world are now working to make vaccine passports a reality. Take, for example, CommonPass, a health travel app being trialled by major airlines, such as United and Virgin Atlantic, and the World Economic Forum.
Users would be able to upload their vaccination records or COVID-19 test results into the app, which turns them into a uniquely generated “digital health certificate” in the form of a QR code. This can be shown to authorities without revealing sensitive identifying information, such as someone’s name or address.
Then there is the Vaccination Credential Initiative, a coalition of organisations including the non-profit healthcare company Mayo Clinic, as well as technology firms Microsoft and Oracle, that is working to develop common technical standards to underpin such apps.
It follows a plea by the World Health Organization for open, interoperable standards, amid fears that countless individual passport apps will be created, making them unusable.
However, there are serious barriers that could stop vaccine passports getting off the ground. Firstly, no one knows how long the immunity provided by the new vaccines will last or whether they will stop people from transmitting the virus. If vaccines can’t contain the crisis, then vaccine passports will serve little purpose.
Protecting patients’ rights and freedoms
Passports also pose “essential questions” about privacy and data protection because they depend on access to people’s private medical records, says Dr Ana Beduschi at the University of Exeter Law School. This means policymakers are going to have to think carefully before they give tech firms unfettered access to patients’ records.
There are ethical concerns too because passports “create a new distinction” between individuals based on their health status and can be used to determine the degree of freedoms and rights they may enjoy.
“Take the hypothetical scenario in which public authorities would require everyone to routinely display their health to access public and private spaces such as public transport, restaurants or churches,” Beduschi explains.
“Such measures would restrict considerably the rights and freedoms of those who have the disease or did not receive a vaccine.”
Some people may not be able to have the jab for health reasons, others may simply not want it. Then there are those who do not have smartphones or access to stable internet connections, all of whom could argue that not having a passport breaches their rights to equality and non-discrimination.
Is anonymity the answer?
Developers are alive to these issues and stress their apps are secure. Take the passport created by iProov, a UK biometrics startup, and cybersecurity firm Mvine that is currently part of a government-funded trial.
Similar to CommonPass, medical professionals administering the vaccine would create an online certificate in the form of a QR code via the app, but they would also ask the vaccine recipient to have a selfie added to the certificate.
When the holder wanted to show the certificate, at a restaurant or venue for example, they would present the code and then verify their face against the attached image via the app.
“The certificate does not need to include the name, address, NHS number or any other identifying information about the person; it is completely anonymous,” says iProov founder and chief executive Andrew Bud. “It also doesn’t discriminate against people based on the smartphone they own and there is a route for people who do not possess a smartphone, a card-based method.”
However, Bud says it will ultimately be up to policymakers and health officials to address the legal, social and political questions around passports if a solution like his is to go forward.
Many problems that seemed insurmountable at the start of the pandemic have been overcome and many believe this will be the case with barriers to vaccine passports.
Lucy Yang, community director of the COVID-19 Credentials Initiative (CCI), another group working on shared standards for passports, says coronavirus exposure notifications faced similar ethical and privacy barriers.
“Within a few months, more than 20 states in the US and 20 countries had adopted exposure-notification apps. If they achieved it, I don’t see why we can’t,” she says.
However, Yang explains, passports are unlikely to have as big an impact without shared standards; agreeing on them “won’t happen overnight”. In addition, while she thinks the technical challenges can be overcome, she’s less sure about the other barriers.
“Hopefully CCI will launch a pilot in the next two to three months with multiple jurisdictions, then we will know better if it works. But the bigger challenge will be putting the right rules in place. Who should be issuing vaccine credentials in the first place and who should be verifying them?”
Investing time, resources and money to create personalised and valuable customer experiences can reap big rewards, but there…
With digital identity heading towards mass adoption, the arms race to secure identities is stepping up a notch Like…
Businesses have strived to eradicate friction from customer experience, but have they gone too far? When it comes to…
Too often products are designed without taking people with disabilities into account and with security technologies, the limited…