We don’t need immunity passports, we need verifiable credentials

Published at: Jan. 20, 2021

As the first vaccines against COVID-19 roll out, governments and institutions across the world are scrambling to figure out how to provide proof that someone has been vaccinated. Paper certificates, PDFs, wristbands and mobile apps have all been suggested — and the former director of the Centers for Disease Control, Tom Frieden, and international human rights attorney Aaron Schwid urged the adoption of digital “immunity passports” as a way to reopen the world.

In theory, their idea is great. In practice, it’s terrible. Or, as the Daily Beast put it: “Vaccine Passports Are Big Tech’s Latest Dystopian Nightmare.”

As a solution to an urgent problem, immunity or vaccine passports sacrifice data privacy and security. There’s a price to pay for being able to prove you’re vaccinated and its permanent access to the rest of your data or compulsory enrollment in a health app. There are all sorts of unintended consequences. While Frieden and Schwid recognize this — and admit that these risks will deter some people from getting vaccinated — they don’t seem to have an answer to this problem other than to suggest that “trustworthy and consistent standards” will, somehow, ride in like the cavalry that saves the day.

This is infuriating — because there is a way to have proof of vaccination and personal data privacy and security. There’s an entire community devoted to building and advancing this technology, which is called decentralized identity. It’s a new consent-based mechanism for using verifiable credentials to prove who you are and things about you without anyone else — looking at you, Big Tech — managing, storing or selling your data.

Verifiable digital credentials on a decentralized network can be rapidly scaled to meet the challenge of proving people have received a COVID-19 vaccination and any necessary subsequent doses and providing them with the privacy and security they deserve.

This technology may be new to the public health community and policymakers. But organizations like the United Nations and Organisation for Economic Co-operation and Development see it as the future, and innovative global enterprises are building that future right now.

Just how bad are immunity passports? Very bad

Digital “passport” solutions rely on storing your data in a corporate silo. This is the centralized data model that we’ve been stuck with due to the absence of a reliable way to verify identity online. Someone else gives us an identity — an email account, a shopping account — and requires us to give them proof of who we are, where we live and so on.

Over time, these third parties — Amazon, Facebook, Google, etc. — have tracked our behavior to better design products and services. Sometimes, they sell that data so others can do the same. We consented but not in a meaningful way. Repeatedly, our data was taken; increasingly, it became clear that even when legally held, it was being used in ways that were exploitative and invasive.

At the same time, all but the most elaborate physical documents can be forged. In many areas of the world, paper cards, PDFs and printed emails are being accepted as valid proof of COVID-19 testing. Similar methods are being considered for vaccination proof, requiring just the recipient’s name, the type of vaccination, date, location and provider. How is this likely to turn out? Recently, a group was arrested for selling fake COVID-19 test results at Paris’ Charles de Gaulle Airport. Unless physical proofs of vaccination have the tamper proof qualities of actual passports, they will be forged.

There’s also a third problem: An “immunity passport” is a misnomer. It does not ensure immunity because our understanding of COVID immunity is incomplete. Scientists have found that having contracted and recovered from the disease in the past is not a guarantee of future immunity. For this reason, the World Health Organization has actively discouraged the use of “COVID passports.” Similarly, not all tests for COVID-19 are created or treated equally, leading some institutions to only recognize tests from pre-determined providers and locations. Governments have different mandates for when travelers are tested. A passport needs to be a living document that adapts to science and policy.

Verifiable credentials solve these problems

Verifiable credentials mitigate all these problems. A verifiable credential can be issued by a health provider to prove that you have been tested or vaccinated. The form of that credential is written to a distributed ledger — but not the content. So, if you are asked for proof of a COVID-19 test, the proof is the form of that credential and the specific cryptographic keys that show it has been issued to you. The content — all your personal data, including the outcome of the test — is held by you and you alone. You get to decide if you share that information or not. The form it is bundled in — the credential — is the only thing that needs to be verified as coming from an authentic source.

Decentralized identity means that people have control over their own private information instead of being required to relinquish it to some corporate database.

Additionally, because the form of the credential and proof of issuance are written to a distributed ledger, verifiable credentials are tamper-proof and cannot be forged. They can also be simply and quickly reissued to adapt to new medical information and government mandates.

We can have our privacy and our proof of vaccination

The COVID-19 pandemic has understandably led to much armchair epidemiology and immunology. It’s also understandable that public health and policymakers aren’t aware of next-generation technology when confronting the practical challenges of global vaccination. And while some may see decentralized identity as the solution, decentralized identity is the most transparent answer showing what it is and what it does. No personal identifying information gets posted anywhere. Sharing is by consent. This is a technology to give people control of their data, and it is designed at a foundational level to be private and secure.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

James Schulte is the director of business development at Indicio, a professional services firm focused on advancing the development and adoption of decentralized identity technology. He has previously worked in the airline, manufacturing and tech industries. James graduated from Brigham Young University with a dual degree in global supply chain management and German studies.
Tags
Related Posts
How will blockchain and crypto improve the lives of LGBTQ+ people? Experts answer
Shidan Gouran of Gulf Pearl: Shidan is a co-founder of Gulf Pearl, a Canadian merchant bank and advisory firm with a focus on emerging technologies. “With respect to blockchain technology, the ability to easily move wealth from one country to another and to prevent seizure of assets due to belonging to a particular religious, political, social or ethnic group is a very powerful feature that public blockchains can enable. All truly democratic countries should implement safeguard measures against the potential of a tyrannical government formation because no system is perfect. I believe digital bearer instruments enabled by blockchains are one …
Decentralization / Aug. 14, 2021
Why secure data tokenization should scare the hell out of Big Data
Data is becoming one of society’s most valuable resources. And yet, our existing approaches fail to unleash its massive intrinsic value. Why is this the case? The issue is that our data — who we are, and what is relevant about us — is defined and collected by corporations and governments. Consumers were alarmed to find their phones were being tracked by the government , for example. These organizations, whether private or governmental, seem interested primarily in using your personal identity and your data streams to enhance their power. If you are an average user, this means you are missing …
Technology / Jan. 21, 2021
New App for COVID-19 Combines Blockchain With Web Inventor's Privacy Tech
The United Kingdom’s Open University has developed a COVID-19 proof-of-immunity app that combines blockchain with a privacy-preserving data solution from web inventor Tim Berners-Lee. The prototype app, undergoing testing as of April 29, would support the proof and verification of tamper-resistant test results for COVID-19 antigen tests and vaccination coverage. The solution could ostensibly be used to provide frontline workers, healthcare professionals and the wider public with reliable immunity certificates that would be stored on a distributed, immutable and trusted blockchain-based registry. Alongside consortium blockchain technology, the app uses solid “pods” — an acronym for the personal online data stores …
Technology / April 29, 2020
What lies ahead for crypto and blockchain in 2021? Experts answer
It would be fair to admit that after 2020 and all it has put us through, making any predictions for the upcoming year is most likely to be a game of blindfold. Meanwhile, I am certain that humanity has much to learn from its past transgressions, and will move forward by correcting our mistakes and weaknesses. That’s what we always do. Undoubtedly, the major driver of our development this year was the COVID-19 outbreak. The effects of the ongoing global pandemic on every aspect of our lives will form our future, and there are some tendencies we started last year …
Adoption / Jan. 4, 2021
You should care about decentralized identity in the wake of COVID-19
To navigate well in a digital world, we must be able to easily and securely establish our digital identity. Traditionally, a username, password and some trivial arcana like our first pet’s name have been key pieces of information held by institutions to establish our digital identity. Unfortunately, this system has come at a high cost. Trusting third parties to securely hold our personal data is a risky — and often losing — proposition. The number of hacks that have resulted in stolen personal data is staggering. In the top 15 data breaches, the personal data of 3.5 billion people have …
Technology / Oct. 5, 2020