These "passports" could prove to be a solution for travelers crossing borders, but they also come with their own set of challenges
As the number of people getting vaccinated against Covid-19 rises, it's time to review the ways that people can prove they have been inoculated when they want to cross international borders.
These so-called “vaccine passports” have been in development over the past year and are starting to go through various trials and beta tests. The passports would be used by travelers to supplement their actual national passport and other border-crossing documents as they clear customs and immigration barriers. The goal would be to have your vaccination documented in a way that it could be accepted and understood across different languages and national procedures.
As you might imagine, it's a tall order. Already, the Australian airline Qantas is talking about requiring proof of vaccination against Covid-19 for all of its passengers — both domestic and foreign— at some point in the future.
Part of the challenge is that the vaccine passports can take a variety of physical forms, such as a physical card or a mobile app. The proof could be indicated by either a QR code or a paper sticker (that would presumably be difficult to forge). I’ll focus on the digital passport forms for this post, which hopefully would be less likely to be lost and can be made part of passengers' existing travel records.
There are several major issues around these passports:
One issue we should address in more depth is: what happens if something goes wrong? Let’s say you arrive at your destination country’s custom barrier and present your app to verify that you got vaccinated, but for some reason, your data shows that you are missing your vaccine. Whom do you call? How do you get this resolved? That certainly could happen, and the devil is in the details to be sure.
But we've already seen how the vaccine supply chain is a tempting target for cybercriminals. Six pharma companies in the US, UK and South Korea have been targeted by North Korean hackers. And logistics vendors who are moving the vaccines from the suppliers have also been receiving specialized phishing emails beginning in September. And earlier in December, the European Medicines Agency, which evaluates and approves drugs for EU distribution, was also the subject of a cyberattack.
Let’s look at the likely contenders for supplying the digital vaccine passport and what has happened with actual beta tests to date.
The most widespread program so far is one called CommonPass. It is an open-source project being co-sponsored by the World Economic Forum and the Rockefeller Foundation. It will connect to a wide variety of data sources and communicate a simple pass/fail based on entry requirements of the destination country. The passport is part of a wider Mitre project called the Vaccine Credential Initiative, which has a wide collection of partners, including both Walgreens and CVS drug stores along with Apple, Google, Microsoft and various other healthcare partners, such as the Mayo Clinic.
Their goal is to ensure that everyone who gets the vaccination will get a digital copy to prove it and have a trustworthy, traceable, verifiable and universally recognized digital record of immunization status. According to their website, users will consent to have their vaccination records made available without revealing any other medical or personal health data.
According to my conversation with Dr. Brian Anderson of Mitre, it will initially involve using one of a series of standalone smartphone apps that are currently in development. Anderson acknowledges the issues of scope and scale — he mentioned that the plan is to begin with US-based end users before moving to other parts of the world.
“We are also talking to entertainment venues and theme park operators, as well as the travel-related businesses,” said Anderson. “We are trying to help facilitate the opening of our economy, and to establish a common framework between consumers and the entities that will provide the vaccine verification.” An illustration of this framework is shown below:
In trials for CommonPass run in late October, volunteer passengers on two flights (a United Airlines flight from London to Newark and another Cathay Pacific flight between Hong Kong and Singapore) were tested for Covid-19 when they boarded, with the results available upon their arrival. If CommonPass becomes widely accepted, travelers would have a Covid-19 test shortly before departure from their home. According to Anderson this includes United Airlines, Cathay Pacific, Virgin Atlantic, Jet Blue, Lufthansa and Swiss who are rolling out CommonPass on some of the flights departing several cities, including New York City, Boston, London, and Hong Kong.
A second effort is being done through the auspices of the International Air Transport Association, called the IATA Travel Pass. It is expected to begin beta tests this quarter, and the aim is to include Covid-19 vaccination records as part of its previous efforts to digitize passport details, using IATA’s Timatic and Travel Pass applications. This has been in place for many years and was used during the Ebola outbreak by airlines to verify passenger travel documents and health requirements. Timatic has the advantage that it comes in various versions, including a smartphone app, an XML solution that can be integrated into various web apps, an Amadeus add-on for the airlines and travel agents using that system, as well as various mainframe apps. Here is the workflow for their solution:
A third effort, titled AOKpass, comes from the International Chamber of Commerce and International SOS, a private medical and securities provider. It is being built by two Singapore tech startups and will use blockchains to securely store information on individuals’ smartphones. The early users are limited to the International SOS staff based in Singapore. It was first put in place on a flight from Japan to Singapore late last month and is being deployed on other Singapore Airlines flights from Jakarta and Kuala Lumpur to Singapore. It also integrates with IATA’s Timatic, and the plan is to integrate with the full IATA Travel Pass app.
Lastly, there are private industry solutions, such as IBM’s Digital Health Pass and Daon’s VeriFLY. Daon is a private software vendor who sells authentication and biometric platforms used by a variety of financial service companies. Neither solutions has been put into any beta testing for travelers as of yet.
Clearly, Covid-19 vaccine passports are still very much development projects. As they gradually roll out across the globe, they will remain subject to a lot of testing, adapting and shifts in functionality.
Following December’s cyberattack on network management company SolarWinds, a website called SolarLeaks is now selling the stolen data, which allegedly contains source code from Microsoft, Cisco, FireEye, and SolarWinds.
While 5G UWB will enable businesses to innovate new technologies, businesses must also think about innovating security and privacy.