Digital ID’s privacy by design moment may come from immunity passport standards
A coalition of organizations from different sectors has been convened to establish a framework for vaccination passports and digital health pass systems for pandemic recovery to ensure they are interoperable, privacy-preserving, and user-controlled.
The Good Health Pass initiative is made up of ID2020, Evernym, Mastercard, Airport Council International (ACI), Commons Project Foundation, Covid Credential Initiative, Hyperledger, IBM, the International Chamber of Commerce (ICC), Linux Foundation Public Health, Lumedic, the Trust Over IP Foundation and more.
The first product of the initiative is a white paper, ‘Good Health Pass: A Safe Path to Global Reopening,’ which notes the Good Health Pass Principles have been adopted by numerous organizations, including biometrics providers involved in immunity passport projects Clear, Daon and iProov.
The WHO currently advises against requiring vaccination proof for travel, the white paper acknowledges, but suggests this could change as the largest vaccination campaign in world history rolls out. The document also outlines the Good Health Pass Digital Trust Ecosystem, which is based on digital wallets holding digital IDs and health credentials, and sets out the principles of privacy and data security, user control, choice and consent, trust, inclusivity, open standards, interoperability, extensibility, social responsibility and urgency.
The organizations also call in the white paper for others to join them.
The open, inclusive, cross-sector initiative is intended to create a blueprint for digital health pass systems to help restore global travel and lift up the global economy, according to the announcement. It is unlikely a single solution will be implemented universally, so the credentials will have to work across institutions and international borders to be truly effective.
The organizations note that the COVID-19 pandemic cost airlines an estimated $118.5 billion last year, and had economic impacts on the order of $2 trillion, according to a World Tourism Organization estimate.
Representatives of several of the participating organizations discussed the initiative, its priorities and the challenges it will face in a press conference.
The main focus of the project is to get the different sectors involved all working together, ID2020 Executive Director Dakota Gruener said in the press conference.
John Denton of the ICC states that standards, policies, and tools are the three elements that must come together to empower Good Health Passes, and advocated for “high-integrity standards” to win and maintain public trust.
Mastercard’s Chris Reid noted that the company has already been involved in trials at Gatwick and Heathrow airports to work on interoperability.
Evernym’s Drummond Reed pointed out that open standards are challenging and necessary but frequently not sufficient to ensure interoperability.
The W3C verifiable credential standards already “allow for several different variants depending on the needs for flexibility or privacy or scalabilty of different digital credentials, so here at the collaborative we must agree on the variant we are going to use,” Reed explained.
He identified four major challenges, including creating those standards, protecting sensitive health data in a way that meets “the highest data privacy requirements in the world,” which means implementing privacy by design and by default from the beginning. Proving authenticity, or matching the person to the credential, is another challenge, and where biometrics will be used in some, if not all of the systems, and creating a universal user experience will be important to broad acceptance.
Gruener noted that it is often difficult for people and organizations to tell when a technology or system is really privacy-preserving, as most or all claim to value privacy. To the end of ensuring the centrality of privacy by design principles, Ann Cavoukian, executive director of the Global Privacy & Security by Design Centre, has signed on.
Reed said on the call that he suggested to Cavoukian the Good Health Pass could be “a watershed moment for privacy by design. If we get it right now and we get it with this first generation of digital credentials for this critical global use case, we will have it built in at a layer that will establish it for all the kinds of digital credentials that we’ll be using.”
An interoperability blueprint is the initiative’s next deliverable, and it is expected to be published within the next 30 days.
Digital health credentials already on the market, or soon to be, include efforts by the ICC, CommonPass (by Common Trust), and the IATA Travel Pass, while Clear has stood up a health capability within its ecosystem, and the ICAO is working on its own related project, and is currently consulting with health experts on the makeup of the credentials’ data fields.
The initiatives representatives noted the importance of making sure interoperability is not established through the lowest common denominator, but also observed that the current state of vaccination credentials in the U.S. includes paper credentials, which in some case do not even have the name of the vaccinated individual.
Paper-based alternatives will have to be available anyway, to include the billions of people around the world who do not have smartphones. As Gruener pointed out, maintaining equitability may be hardest part of getting digital health passports right.
biometrics | border management | CLEAR | credentials | Daon | data protection | digital identity | Evernym | Good Health Pass Collaborative | ID2020 | interoperability | iProov | Mastercard | privacy | Privacy by Design | standards | travel and tourism