As the first vaccines for COVID-19 roll out, governments and institutions around the world are scrambling to figure out how to prove that someone has been vaccinated. Paper certificates, PDFs, wristbands and mobile apps were suggested – and former director of the Centers for Disease Control Tom Frieden and international human rights attorney Aaron Schwid pushed for the introduction of digital “immunity passports” to reopen the world.
In theory, your idea is great. In practice it is terrible. Or, as the Daily Beast put it, “Vaccination records are Big Tech’s newest dystopian nightmare.”
As a solution to an urgent problem, immunity or vaccination cards sacrifice privacy and security. There is a price to be paid if you can prove you are vaccinated and need permanent access to the rest of your data or to register for a health app. There are all sorts of unintended consequences. Peace and Schwid acknowledge this – and admit that these risks will deter some people from getting vaccinated – but they seem to have no answer to this problem other than to claim that “trustworthy and consistent standards” somehow Going in the right direction will be the cavalry that will save the day.
This is annoying – because there is a way to get proof of vaccination and the protection and security of personal information. There is an entire community dedicated to building and developing this technology known as decentralized identity. It’s a new consent-based mechanism that allows verifiable credentials to be used to prove who you are and what affects you without anyone else – looking at you, Big Tech – managing, storing, or selling your data.
Verifiable digital credentials on a decentralized network can quickly scale to meet the challenge of proving that people have received a COVID-19 vaccination and all required subsequent doses, and giving them the privacy and security they deserve.
This technology can be new to public health and policy makers. But organizations like the United Nations and the Organization for Economic Co-operation and Development see it as the future, and innovative global corporations are building that future right now.
How bad are immunity passes? Very bad
Digital passport solutions are based on storing your data in a company silo. This is the centralized data model that we have stuck to as there is no reliable way to verify identity online. Someone else gives us an identity – an email account, a shopping account – and requires us to prove to them who we are, where we live, and so on.
Over time, these third parties – Amazon, Facebook, Google, etc. – have followed our behavior in order to better design products and services. Sometimes they sell this data so that others can do the same. We agreed, but not in a meaningful way. Our data was taken repeatedly; It became increasingly clear that even when held legally, it was being used in an exploitative and invasive manner.
At the same time, all but the most complex physical documents can be forged. In many regions of the world, paper maps, PDFs, and printed emails are accepted as valid evidence for COVID-19 testing. Similar methods are being considered for proof of vaccination, requiring only the recipient’s name, type of vaccination, date, location, and provider. How is that likely to develop? A group was recently arrested for selling fake COVID-19 test results at Paris’ Charles de Gaulle Airport. If physical proof of vaccination does not have the tamper-proof properties of actual passports, they will be forged.
There is a third problem: an “immunity passport” is a misnomer. It does not guarantee immunity as our understanding of COVID immunity is incomplete. Scientists have found that past infection and recovery from the disease is not a guarantee of future immunity. For this reason, the World Health Organization has actively advised against the use of “COVID passports”. Similarly, not all tests for COVID-19 are created or treated equally, resulting in some institutes only recognizing tests from specified providers and locations. Governments have different mandates when testing travelers. A passport needs to be a living document that adapts to science and politics.
Verifiable credentials solve these problems
Verifiable credentials alleviate all of these problems. A health care provider can issue a verifiable ID to prove that you have been tested or vaccinated. The form of this Proof of Entitlement is written in a distributed ledger, but not in its contents. So when asked for a COVID-19 test, the evidence is in the form of that credential and the specific cryptographic keys that show it was issued to you. The content – all of your personal information, including the test result – is stored by you and you alone. You can decide whether or not to share this information. The form it is bundled in – the credentials – is the only thing that needs to be verified as coming from an authentic source.
Decentralized identity means people are in control of their own private information instead of having to share it with a corporate database.
Since the form of credentials and proof of issue are written in a distributed ledger, verifiable credentials are tamper-proof and cannot be forged. They can also be easily and quickly reissued to accommodate new medical information and government mandates.
We can have our privacy and our vaccination records
The COVID-19 pandemic has understandably resulted in a lot of epidemiology and immunology in the armchair. It is also understandable that public health and policy makers are unaware of next generation technology as they address the practical challenges of global vaccination. And while some see decentralized identity as a solution, the decentralized identity is the most transparent answer, showing what it is and what it does. No personal data is published anywhere. Sharing takes place after approval. This is a technology that allows people to take control of their data. It’s designed on a fundamental level to be private and secure.
The views, thoughts, and opinions expressed here are the sole rights of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.
James Schulte is Director of Business Development at Indicio, a professional service company focused on the advancement and introduction of decentralized identity technologies. Previously, he worked in the aerospace, manufacturing, and technology industries. James graduated from Brigham Young University with a double degree in Global Supply Chain Management and German Studies.