Wednesday, September 22

Technological lights and shadows of the Vaccination Passport

On March 25, the European Commission made a proposal for Digital Green Certificates o COVID-19 Vaccination Passports. This proposal, which is not binding but only a recommendation, has an impact on providing common tools to globally manage a situation that requires it. However, it leaves some doubt and requires constructive criticism.

The central idea of ​​this proposal is that, by following it, each country can develop its own COVID-19 passport system and make it interoperable with that of any other EU country. Meaning this that they will be able to exchange information and work together as if they were a single system.

In fact, the European Commission requests that this interoperability be not only informatics, but also legal.

Thus, if an EU country accepts as evidence a vaccination passport for one purpose, it has the obligation to accept as evidence for the same purpose the vaccination passport issued by any other EU country.

As an example, this purpose could be to be exempt from temporary movement restriction measures (the “confinements”, but said in a fine plan).

In addition, the European Commission establishes that these vaccination passports may be paper or digital (to be used through a smartphone), and may be validated online (with internet connection) u offline (without).

Timely reviews

Voices have been raised against the usefulness or convenience of these types of passports. Those who are well informed and do not respond to spurious or opportunistic motives should be listened to. After all, nothing of value has ever been known to go to waste by listening to well-founded criticism against it. Quite the contrary.

Fundamentally, there have been three:

The first criticism is of a sanitary nature. It was issued on April 6 by UN World Health Organization spokesperson Margaret Harris: “We would not like vaccination passports to become requirements to be able to cross borders because, at this time, we are not sure that vaccines prevent the transmission of the virus.”

In other words, based on the scientific standard available at this time, vaccination does not prevent transmission, it only reduces its probability. We could suppose quite a lot, but in reality this amount has not yet been established. And let’s add here the impact that the emergence of variants of the virus will have on this.

The second criticism is about its ethical implications. Vaccination passports could be used to discriminate between people based on their health status.

The European Convention on Human Rights it is, in principle, compatible with vaccination passports. In its article 8 on the right to respect for privacy and family life, it establishes public safety as a possible exceptional cause of interference by public authorities in the exercise of this right.

However, the problem can occur in private actors. It could be that they won’t let us into a restaurant or a show because we’re not vaccinated. And it could also be that we were rejected for a job because we were not vaccinated. Let each draw their own conclusions.

And the third criticism deals with data protection. Vaccination passports carry a few personal data, the basic identification of the holder. These data are necessary and essential to link this passport with the identity of the holder, via the corresponding identity document (DNI in the case of Spain).

What a technological analysis of the passport can contribute to this debate has to do, of course, with the third criticism. But also with the second.

There are some doubts that the specification that the European Commission has offered for vaccination passports addresses these two issues in the best way possible. Let’s see.

Questions about data protection

On the specification of the European Commission, it is easy to design a system that scrupulously preserves the right to privacy in all but one point. This aspect, the weak point, is the passport validation process. When someone checks, for whatever reason, that a passport is true and valid.

It all depends on whether or not we want to make it as difficult as possible for the validator to be able to store proof that such person, with such date of birth and such ID number, had a valid vaccination passport on such date.

If that does not concern us, everything is OK: it is easy to develop a system that allows the correct validation of passports by offering only that information to the validators and guaranteeing that all the rest of the information is absolutely protected (without leaving the paper or the mobile phone that contain passport data). A little bit of crypto here and there and that’s it.

But if we are concerned, then yes, the system should be refined.

For my part, I don’t know if it worries me or not. However, I would like the European system to be flawless in this regard. Of course, faultless, but without incurring over-bureaucracy or extra costs. All at once and cleanly.

In addition, if COVID-19 has come to stay (and other viruses may be to come), this system has also come to stay and it is good and natural to perfect it.

To improve in this regard, the system should be provided with dual functionality.

It should have an operation for the case that the passport holder has a smartphone and a completely different one for the opposite situation. In the latter case, the passport to be used would have to be on paper and, furthermore, it could not be validated offline.

On the other hand, perhaps an architecture is better in which the validators do not carry out the passport validation themselves, but rather request it from a fully trusted and authorized actor.

Said actor would be the only one with access to the basic data of the passport, which is essential for its validation. In contrast, the validators would not see any at all. They would only receive an answer of type YES or NO regarding the validity of the passport.

Related Topic: A butterfly’s flapping in China triggered the global pandemicRelated Topic: A butterfly’s flapping in China triggered the global pandemic

Doubts about the possibility of unethical uses

Probably, no matter how much regulation we establish in this regard, there are going to be inappropriate uses of this passport. As well as many other suitable ones.

The legal regulations in this regard may take time to arrive and, in the current COVID-19 pandemic situation, we cannot afford to waste time.

Perhaps it is a good idea that, in the meantime and urgently, a registry of acts of validation of vaccination passports is established.

Said records would record the date of validation, the validator (person and organization and, importantly, relationship with other organizations) and the number of the passport submitted for validation. If possible, the reason for the validation should also be stated, as claimed by each of the two parties, the holder and validator of the passport.

A registry like this will inhibit misuse. No validator will like to record that they are doing something ugly. And, by the way, if we are concerned about privacy issues here, let us know that this registry may not contain the details of each act (which will only be known by the two interested parties) without thereby losing value of proof and, therefore, of deterrence. .

The issue of passport validators is a delicate one. And the technicians in charge of specifying passports are aware of this. At least that is the conclusion that one draws by reading in detail and between the lines the technical documentation (for the moment incomplete) offered by the European Commission.

They have provided a registry of validators (one registry per state or region, but all interconnected and interoperable). Therefore, the validators will have to achieve accreditation as such, as well as the passport issuers, the vaccine manufacturers and the health authorities that are the pluripotent guardians (they accredit all the others and guard the health data of the passport holder).

For older people and also related to this, perhaps it would be a good idea to start thinking about abandoning that requirement that passports can work offline.

It is like demanding that bicycles can circulate on the highways. It is so difficult to make this condition compatible with the basic conditions for the safe circulation of cars and trucks, that we would end up with Frankenstein-type highways.

Both are conditions that stress the design of the system so much that they weaken or complicate it (or both).

Vaccination Passports or Digital Green Certificates as they have been specified by the European Commission, they require more specificity and, perhaps, refinement in relation to the validation operation.

Otherwise, it could be that they lead to implementations that are not as correct as would be desirable in one of the European countries or regions. Or to interoperability problems if everyone solves in their own way.

On the other hand, his motivation is clear. And if this situation spreads or, as now seems likely, repeats itself, it is important to have a system like this one, interoperable at the European level (and, if possible, at the global level).

We have all seen that uncoordinated lockdowns generate social and economic disruption, but not pandemic efficiency. Coordinating resources, criteria and efforts should be the basis of all action.

The response to a global threat, to be effective, must also be global. This fully applies to the management of the COVID-19 pandemic. And by the way, not just her.

Perhaps one of the great challenges of today’s societies is to reconcile this with the fact that public administration close to the citizen is more effective than that far from the citizen in most issues that affect their daily life.

In fact, vaccination passports are not something new. They were created in 1933 under the name of “International Certificates of Vaccination or Prophylaxis” (also Carte-Jaune or Yellow Cards) and were ratified in 1951 by the World Health Organization, just three years after it was established.

However, they were on paper and were restricted to use in customs. The challenge is to manage their digital equivalents interoperability and with full respect for people’s rights.

It can be done and the European Commission initiative points you on the right track.

Introductory document: “Introduction” Y “Questions and answers”.

Technical documents: “Basic elements of interoperability” Y “Trust Framework” (both in English).

Legal documents: “Digital Green Certificates Regulation for citizens” Y “Digital Green Certificates Regulation for citizens and resident foreigners”.

Above, for the sake of brevity, we have abbreviated some questions that we proceed to clarify here:

The European Commission specification of the Digital Green Certificates, it is not limited to vaccination passports. It will soon be expanded to cover, also, test passports (of the tests accepted in the EU and carried out by a physician) and passport after having passed the disease.

The recommendation of the European Commission not only covers all EU countries, but also the signatory countries of the European Economic Area treaty (Iceland, Liechtenstein and Norway). Furthermore, the goal is for it to be interoperable with the passport systems of other countries and, particularly, with the one being developed by the World Health Organization.

Top photo: Credit: European Commission.

Leave a Reply

Your email address will not be published. Required fields are marked *