Optimism about the development and rollout of vaccines for COVID-19 has spurred efforts to efficiently record and authenticate those who have been vaccinated. This has inspired new discussions of how to create a ‘vaccination passport’ that would allow the carrier to be able to travel between countries, return to work, go to school, attend events or work with those considered vulnerable.

As with the development of vaccines, the evolution of solutions has progressed impressively fast. But what exactly are the issues involved, and what might the rollout look like?

At a minimum, a vaccination passport needs to include data about the individual, the type of vaccination they received, and the date the individual was vaccinated. In the case of border control, for example, an immigration authority will need enough information to answer various questions. Is this individual who she says she is? Was the provider of the vaccine accredited and recognised by my country? Is the vaccine described the one that we recognise? Will it stop being useful while this person is here? And how do I know this information is valid and not fraudulent?

Besides all this complexity, there’s also a lingering uncertainty about the durability of vaccine-induced immunity, the effectiveness of vaccines across variants, or the duration of their effectiveness. And because COVID-19 is a global crisis, a successful solution needs to slot into whatever existing systems—in immigration, building entry, ID mechanisms—each country already has.

Moreover, a successful solution needs to be both technologically smart as well as appropriate: there’s limited utility in a high-tech solution that fails when a smartphone battery dies, or when a border entry point is entirely manual or not hooked up to a central database.

A lesson from history: the rise of the ePassport

The closest historical parallel we have is the emergence of ePassports—smart passports that carry a chip containing biometric data, such as a photo or a fingerprint, encrypted on a machine-readable chip that allows immigration officials (or automated gates) to more easily verify the document and authenticate the individual carrying it. Most countries now have one, but it took 50 years to develop the International Civil Aviation Organization (ICAO) standards to make them possible.

Part of the challenge involved security issues, which are not trivial. This includes keeping the information private, ensuring it hadn’t been tampered with, confirming its source, ensuring the chip in the passport and the reader can authenticate each other, and preserving the integrity of the public and private keys necessary for a connection to be established.

Credible figures also raised concerns that the contactless technology employed was subject to skimming (whereby the data could be read by another device and then either exploited or cloned) and even remote capture. These concerns were still being expressed in 2005, when several countries, including the United States, had already introduced biometric passports.

Then there was the problem of deciding where the data itself should reside. Governments would keep the passport data themselves, but who, for example, would store the public key infrastructure (PKI) data—the private and public keys to access the private data of individuals? Another question was whether the overseeing body, in this case the ICAO, a UN organisation, has the authority to impose regulations, procedures and standards on matters occurring within the bounds of the sovereign states that comprise its membership.

Some worried about whether the objectives of individual countries would align with those of the group as a whole. In the case of ICAO, the question was whether a country’s representatives on bodies—such as the ICAO working group responsible for developing the technical standards of the chip and biometric data—have their own interests, either commercial or national.

At the same time, the ICAO technical working group struggled to appraise competing technologies and keep up with rapid technological innovation. Between 1994 and 1997 the group did not meet at all, and when it did meet in 1998, the group’s technology focus was still on barcodes. In 1999 and 2000, biometric techniques were not a major agenda item; no meeting was held in 2001.

Meanwhile, individual countries like the United States continued to pursue their own agendas. After the World Trade Center attacks in 2001, for example, the US government pushed much harder for machine-readable biometric passports, citing the ICAO’s own work, and threatened to drop countries from its visa-waiver list if they didn’t integrate the technology. Travelers on such visas were eventually required to use such passports in 2016 [1].

All these challenges resulted in a slow rollout. By 2011, less than half of the UN’s member states were issuing them [2]. This journey presents a cautionary tale for those that dream of vaccination passports being implemented at the snap of a finger.

Looking forward: the need for standards and cooperation

It’s unlikely that all these issues will surface in the case of a vaccination passport. The urgent need for a solution is clearly focusing the minds of policy-makers, industries suffering from the COVID-19 pandemic, and providers of technology solutions. But this urgency itself may cause an obstacle, spawning a range of initiatives that lack interoperability.

Privacy remains an ongoing challenge. Since the widespread adoption of biometric immigration controls, privacy advocates expressed concerns about who can access such data, whether the data is being used to discriminate, and whether such data is being used for other purposes, such as crime control. They also raised difficult questions about who owns that data, as well as whether an individual has the right to see her data and correct it if necessary.

These lessons have been learned well: virtually all the major initiatives in creating vaccination passports stress the need for individuals to control and own their health and identity credentials, and be allowed to see, and have a say in, how that data is being used.

Some lessons from the ePassport case, however, do not apply to the vaccination passport. One difference is that vaccination passports may ultimately have both physical and digital forms, while also being entirely operable in digital form, either in person in an app or online. The paper version, such as a computer printout or a card, will be necessary for those not carrying mobile phones, but is vulnerable to being lost, exposing sensitive data, or being altered or counterfeited. So it must contain some element that allows it to be verified online, most likely via a QR card, and for the user to be able to print off another copy if needed.

Efforts are therefore focused on developing standards which, if not entirely overseen by one body like the ePassport, then at least are interoperable. To solve this, a foundation called ID2020, founded by Microsoft, Accenture, an organisation promoting vaccination called Gavi and The Rockefeller Foundation, recently drew up the Good Health Pass Principles. Endorsed by most of the main players in the key passport initiatives, it is hoped will help create a blueprint for an interoperable digital health pass system.

Such efforts are sorely needed. With so many people dedicating time and resources to finding an equitable solution to the problem, ensuring that they all work together is likely to be the greatest challenge. There is widespread agreement that open standards should be used where possible, and extensible enough to allow for wherever COVID-19, and its successors, take us.

But with open standards the question arises: which ones? The COVID-19 Credentials Initiative (CCI), an open global community hosted by Linux Foundation Public Health (LFPH), advocates using a technical standard for credentials created within the World Wide Web Consortium (W3C), the main body developing web standards. But this itself is only a year old, and so may take time to be widely adopted or understood.

As the Good Health Pass Collaborative says itself: “One thing is clear: in this race to market it is unlikely that a single solution will be implemented universally – or even across the entire travel industry.” Indeed, having a single solution may not be desirable: a government may have different requirements to an airline or an event venue. But this may also result in fragmentation that undermines the health and economic benefits of digital health pass systems.

There are other issues that are neither technical nor organisational, but ones that need to be wrestled with, such as social cohesion and ethics. If governments decide that vaccines are proving to be effective, do they allow those who carry vaccine passports to start using them immediately, or do they wait until everyone who wants (or is required to have) a vaccine has one? Are liberties being infringed upon by allowing some people to move and not others?

Resolving these issues will be critical for the success of the emerging vaccination passport ecosystem. While many organisations are making great pains to work cooperatively on the challenges, questions remain about whether they will succeed in time to make a difference in the current pandemic.

References

[1] “Travel to United States now requires biometric passports”, Cayman Compass.

[2] “E-passports spread to half the globe”, SecureIDNews