Vaccine passports that protect privacy are possible

Emma McGowan 30 Nov 2021

It’s our job as consumers — and as privacy advocates — to make sure that any solutions we adopt protect both our privacy and our health

At the beginning of the pandemic, Jon Callas was a technologist at the American Civil Liberties Union (ACLU) Speech, Privacy, and Technology Project. Now, after nearly two years of dealing with Covid-19, Callas is the Director of Technology Projects at the Electronic Frontier Foundation (EFF). And, in both roles, he’s been asking: What do we do about vaccine passports? 

One of the first issues, Callas tells Avast, is the fact that there’s no one definition of “vaccine passport.” Callas says that the original idea, before we really knew how the virus spread, was that people might be required to show either vaccine or immunity status. But with the availability of vaccines, “the idea of a vaccination status and a vaccine passport merged together.”

“This is one of the difficulties in talking about vaccine passports,” Callas says. “What we mean by vaccine passport has changed during the pandemic.”

Today, Callas and the EFF are okay with people being asked to show proof of vaccination in order to do certain things, but with two main caveats: The “vaccine passports” should not create a surveillance system and whatever system is implemented needs to be aware of and account for possible inequities. 

"We do not want to create a surveillance system that is hard to dismantle once the pandemic is over,” Callas says. “The word ‘passport’ implies that there’s going to be a border check. Imagine if you had people checking at every door at a university, for example, and thus we had a record of every building on campus that you went into and what times you did. That’s a surveillance system.”

Callas acknowledges that in an ideal world there wouldn’t be a need for digital vaccine passports at all. 

“We’re in a situation where people who have not been vaccinated and would fake a document can create an equivalent of a heckler’s veto of being out in the world,” Callas says. “So we’ve ramped up the checks. We’re using online and digital systems. We’re using systems that we don’t like and that are very close to surveillance systems because it’s necessary.”

Callas is also concerned about people who can’t get vaccinated having access to essential services. There’s a difference, he points out, between not being allowed to go out to a concert and not being about to get groceries.

“Everybody has to buy food. If you don’t get food, you will die,” Callas says. “You don’t have to go to concerts. Take the example of someone who is immunocompromised and can’t get a vaccine. It’s utterly not acceptable from a societal standpoint to say ‘Gosh, I guess you can’t buy food.’ But there are fewer issues with ‘Gosh, you can’t go out with your friends on a Friday night.’”

Charles Walton, Senior Vice President and General Manager of Identity at Avast, is also concerned that vaccine passports could create new or exacerbate existing inequities. Before joining Avast, Walton worked on the topic of global interoperable health pass as a contributor to the Good Health Pass Interoperability Blueprint.

“I have concerns about the unintended consequences of this,” Walton says. “It could possibly create bias and exclusion of people. For example, some people don’t have a mobile phone. We don’t want to exclude people and we don’t want to create a legacy that’s painful or harmful.” 

Requiring proof of vaccination, immunity, or health status is also “wrought with privacy-related issues,” Walton says — and this is a problem with centralized identity solutions across the board. For example, most bars require that people show their driver’s license as proof of age in order to get in. The only information they actually need is whether or not you’re above the legal drinking age. However, your license also shares your height, weight, address, eye color, and birth date. And every time you show it to a bouncer or bartender, you’re sharing that information.

“None of that is relevant to the transaction at hand,” Walton says. “You’re requiring an identity card in order to allow a transaction to occur, but you’re oversharing.”

With vaccine passports, then, Walton suggests a method that only shares the information needed. In this case, that’s whether or not a person has immunity status (confirmed by a health authority) in the form of vaccination, immunity, test status, or other signals – and, importantly, that this status belongs to that person. Other people and organizations don’t need to know health details or personal details – that’s oversharing and can be avoided with a proper system implementation.

“It’s not actually detailed health or identity data that needs to be shared,” Walton says. “It’s a thumbs up or thumbs down. It’s digitally signed proof that someone is good to go, based on a policy decision.” 

Walton also points out that an interoperable approach, particularly for the travel industry, is quite critical. Imagine if a distinct system were adopted by every state/province, country, airport, airline, test authority, or vaccination authority.  We would have the equivalent of the login-password problem of today – hundreds of login-passwords – but, in this case, hundreds of QR codes that have different meanings and that are presented and read differently. 

Further reading: Advancing digital identity with Avast's Charles Walton

Callas points to the California digital vaccination verification as an example of a “reasonably privacy preserving” vaccine passport solution. 

"California created a digitally signed vaccination document and they encoded it into a QR code,” Callas says. “That status could be checked in a completely offline manner, because it’s a digitally signed document and it doesn’t have anything on it that is different from my CDC card.”

At the most macro level, Callas is extremely concerned about the possibility of long-lasting infringements on peoples’ privacy and civil liberties as the pandemic alters society. Historically, crises have led to government restrictions that can be difficult to reverse. For example, Callas says, “the terrorism problems of 20 years ago left us with things that are vestiges of a 20-year-old problem.”

“Twenty years later, we’re still taking off our shoes [before getting on planes],” Callas says. "And we don’t want to be in a situation where something gets left when the pandemic is over.”

Walton is optimistic that we can protect both people’s health and their privacy. He points to the Good Health Pass Interoperability Blueprint, which addresses many of the concerns in the industry, as a great example of a product that does just that. It includes an approach to selective disclosure of health and identity data that minimizes data sharing to an essential proof; an approach to binding of identity data to this proof to address fraud; and an approach to interoperability that simplifies adoption by people and organizations which are verifying status.

It has become clear that vaccine passports are here to stay, regardless of how long the Covid-19 pandemic lasts. It’s our job, then, as consumers — and as privacy advocates — to make sure that any solution(s) we adopt protects both our privacy and our health. With a little forethought, we can get there. 

--> -->