ID4Africa panel urges caution, debates trust framework for digital vaccine certificates
Some governments have begun accepting international travelers with digital proof of their health status. Questions around how these digital health certificates should work, where and whether they should be used, and what can be done to mitigate the risks associated with them remain, and were explored by an international panel of experts representing major global organizations convened by ID4Africa. They found that too much remains unknown to inform final decisions, and while technical tools including biometric passports and the ICAO’s global PKI directory may help to underpin effective systems, an infrastructure upgrade is needed in Africa, the U.S. and elsewhere to enable any theoretical sharing of health information that is both trustworthy and privacy-preserving.
The first episode in a three-webinar online event exploring digital health passes and the relation between vaccination certificates and digital ID systems was held last week, focusing on policy issues. The subsequent LiveCast will survey innovations being brought to bare for digital proof of health status, including national-level initiatives.
ID4Africa Executive Chairman Dr. Joseph Atick began by noting that the Movement does not endorse nor oppose health passes, but wants to encourage whatever is rolled out to be effective and responsible.
The adoption of digital passports as a secure credential used in most of the countries around the world comes from recognition of the value proposition of identity for security following 9/11, Atick points out. This resulted in the widespread adoption of biometrics.
Biometrics adoption for development has increased since, but a clamor has arisen for digital identity to enable digital health records and economic recovery from the pandemic, which Atick says reminds him of the “frenzy” following 9/11. The nature of the demand, however, is fundamentally different, with all people potentially vulnerable, and a new set of important ethical considerations.
Vaccine distribution is already causing inequity for and within Africa, and many countries on the continent are still catching up with digital passport issuance.
Further, policy decisions are being made around the world in the absence of vital information, such as about the effectiveness of vaccines for reducing transmission and the timing of booster shots. Digital health passes appear to be coming into use somewhere, for something, for some period of time, making public dialogue and careful preparation necessary.
Speakers during the event included Natschja Ratanaprayul and Derek Muneene of the World Health Organization, Dr. Ciaran Carolan of ICAO, Florian Forster of IOM, R. Rajeshkumar of Auctorizium and ISO project editor for the digital travel credentials (DTC) specification, Jeremy Springall of SITA, Louise Cole of IATA, Alan Gelb of the Center for Global Development, and Dr. Edgar Whitley of the London School of Economics, who has contributed to recent Ada Lovelace Institute reports related to health status credentials.
Panelists described various concerns about how groups and industries have been affected by the pandemic, and could be affected by the adoption of digital health passes. They also noted the importance of moving from today’s small trials to scale, global implementations, or at least regional ones, and the importance of international mobility for developing countries.
Hurry up and wait
The event was attended by some 400 participants from 140 countries, who filled up the chat with related links and debate as the panelists spoke. A survey of attendees found that 71 percent are yet to receive any COVID-19 vaccination.
It quickly emerged that while several groups represented are working on similar projects, there are some key differences in goals.
The WHO is building specification which are intended to create digital records not for crossing borders or proving health status to any third party, but merely for continuity of care. Its working group also includes ICAO, IATA, and ISO, each of which have their own applications in mind for digital health credentials. The group’s first release candidate was published on March 19, with release 2 coming at the end of end April, the third at the end of May, and a final version 1.0 by end of June. The WHO specification includes an optional field for a unique identifier.
ICAO member states came to it and asked for help dealing with certificates, creating demand for a health pass border-crossing application, likely bringing in the need for biometrics or some other unique identifier to authenticate the credential-holder to the claimed status. Unlike the WHO credential, it would also include proof of test results. The next draft of ICAO’s proposed system, which leverages the existing PKI infrastructure for biometric passports, is due soon.
Cole noted that of 14 countries requiring vaccine certificates, only 2 currently have the same requirements. Adding to that complication, airlines are responsible for making sure travelers meet the requirements of the destination, but have no way to verify the validity of passenger credentials.
The current system for managing health requirements not secure, is slow and cumbersome, and not scalable, Cole argues. Currently, passenger volumes are just under 10 percent overall, but many airports need as many staff on hand as at full capacity because of the requirements. The IATA Travel Pass could help by providing an ecosystem, with the app for credential storage as just one of four parts. One of those is the global registry for health requirements, a system which has been in place for 60 years to clarify for travelers and airlines what the requirements of each destination are.
This is important because fraud has not only been observed by individuals, but also by laboratories supposedly performing tests.
Panelists discussed what kind of registries would need to be created to support a system of verifiable health credentials, with a consensus emerging that a registry performing the same function as the ICAO PKD which calls back to trusted records is all that would be necessary for the aviation industry, which does not want to store people’s health data anyway.
Muneene says the African Union’s Trusted Traveller Program could be integrated with the IATA Travel Pass and similar systems. He also emphasized the importance of national strategies building on existing ecosystems, and noted that during the Ebola pandemic the health workforce was often not capable of using the new digital solutions deployed.
SITA’s Health Protect solution is being introduced with industry-wide ambition to enable health passes to work with airline systems, by extension government border-crossing requirements.
Whitley pointed that presentations were being made based on an ability to meet travel requirements that none of the bodies represented said they want to see imposed. “That ultimately pushes the question back to the risk to others that having COVID presents and the potential responses to that.”
His work with the Ada Lovelace Institute indicates that not enough is yet known about the science behind the vaccines. While vaccines traditionally drastically reduce transmissibility, it is far from certain that is the case with COVID-19 and its several variants.
Gelb urged governments to “Get your data systems in order,” as without this they may not be able to even deliver vaccines effectively and know who has had them.
Both Whitley and Gelb suggest that where they are able to resist international pressures, countries should take cautious approaches to implementing digital health passes. Gelb also pointed out that some intentions behind health pass systems, such as reopening summer travel in the Northern hemisphere, are simply not relevant, as the systems will not be ready in time. Infrastructure purposefully built this year could help in future pandemics, however.
Public support and practical problems
A poll of attendees found that 78 percent would support health passes as a requirement for international travel. More than half also support their use for cultural events, but a majority rejected their use for offices (56 percent), restaurants, and stores (71 percent).
What exactly such a health pass system would look like, however, remains somewhat uncertain.
Whitley notes that almost all of the systems on offer claim adherence to privacy by design principles, but say the privacy-preserving features will be part of the next version, meaning they are “Privacy by Design but not by design.”
In the United States, only half of states have the capability to operate an integrated registry for vaccinations, and with so many shots already administered, few states are thought to have tracked them all so far, as New York has. This means that adoption of even a ‘light touch’ vaccine certificate with no picture ID or potential for biometric authentication would likely be patchy.
In addition to concerns about function creep, this uneven availability of both vaccines and proof is a looming global issue, and Atick asked if countries adopting passes are creating apartheid. Panelists were hesitant to stake definitive positions on that question.
In Africa, Muneene observes, data sovereignty concerns have continued to cause worry, but also contributed to rising domestic capacity, from IT skills to data centers.
“This topic is catalytic in a number of ways,” he says. “It’s not really about COVID but infrastructure.”
Three major categories of risk must be dealt with, according to Gelb. Privacy, mission creep, and surveillance are one group of risks, exclusion is another, and waste of money is the third.
There will soon be 30 airports piloting IATA Travel Pass, but requirement of vaccination not an option from IATA’s perspective, Cole says.
A lengthy discussion about trust frameworks and chains of trust exposed the extent of the problem of what institutions can fulfil the role of root of trust, including in the U.S.
“Any solution that is built will have to take a sovereign country as the issuing authority of that credential to be able to trust it,” Rajeshkumar states.
The discussion delved extensively into PKI systems, and noted that trust also requires rules and recourse.
Few answers about how best to proceed with health passes were ultimately provided, but many questions and possibilities raised during the session will undoubtedly inform the two events to follow, exploring the innovations being proposed to meet the challenge of safely reopening economies.
ID4Africa is also holding an event on ‘Identity for Democracy’ in late May, and is calling for submissions to participate, due April 26.