FB pixel

Privacy protections of digital health passes in focus with Quebec questions, Yoti endorsement

Privacy protections of digital health passes in focus with Quebec questions, Yoti endorsement
 

Yoti contributed to the Good Health Pass Collaborative’s Interoperability Blueprint to ensure the protection of principles around privacy, security and user control is built into digital health passes, according to a company announcement.

The Good Health Pass Interoperability Blueprint was launched in August to establish a common standard for verifiers to request and receive the data they need to validate the authenticity of health status claims, while applying the principle of data minimization.

The company says that 62 million people around the world lost their jobs to pandemic in 2020 with the 49 percent retraction of the global travel and tourism sector.

“We’re delighted to see our work with Good Health Pass live with the Good Health Pass Interoperability Blueprint, it has huge potential to change the way people travel in the backdrop of Covid-19,” states Yoti Chief Technology Officer Paco Garcia. “I’ve been honoured to co-chair the identity binding working group of the Good Health Pass, working side by side with many competitors.

“We’re striving for interoperability as digital health credentials become more widely available and relied upon. We support the provision of health information in addition to vaccination cards or test results with flexibility for all relying parties and different country requirements. The goal is to give individuals one digital ID for all their identity needs.”

Yoti’s health status solution is currently in use by Virgin Atlantic for staff testing.

Quebec credential shows fine line between protecting and risking privacy

Opinions are mixed about the security of vaccination credentials being issued by the Canadian province of Quebec.

Cybersecurity analyst Steven Lachance told The Globe and Mail that Quebec’s adoption of the SMART Health Card standard for its digital health passes should be a model for other provinces.

Quebec’s system includes the VaxiCode Verif scanning application for businesses, and VaxiCode for consumers to present a QR code for scanning.

Security experts told The Globe and Mail that the main security risk with the system is that someone could develop an app which stores the VaxiCode data it scans, which Verif does not.

Since then, hackers have reportedly obtained the QR codes for several prominent politicians in the province. Ed Dubrovsky, managing partner of incident response and penetration testing company Cytelligence, tells IT World Canada that “insert” and “update” functions must be carefully secured with measures such as multi-factor authentication.

VaxiCode provides QR codes from paper certificates provided by the province to prove vaccination, with the user scanning a photo ID to confirm they are the person identified by the vaccination credential.

Dubrovsky says that the more QR codes scanned by an entity, and therefore the more URLs it is directed to for information, the more likely that entity will be able to discover the relation between QR codes and URLs and access the URLs containing data from other people.

He warns that access to the URLs should involve an authentication mechanism to protect the data they contain.

Article Topics

 |   |   |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics a consistent base for varied fraud protection stacks

Biometrics for fraud protection have become a critical piece of the online world, minting billion-dollar companies, but one of the…

 

Govt should collaborate with private sector on DUA Bill: Experts

The UK is debating its new Data (Use and Access) Bill, a legislation that is supposed to pave the way…

 

Managing the risks of a digital public infrastructure in the United States

Establishing a national Digital Public Infrastructure (DPI) in the United States could serve as the backbone for a modern societal-scale…

 

Smile ID rides Nigeria’s surge in biometric verifications to 200M milestone

Smile ID has completed 200 million identity verification checks across the African continent, after celebrating 150 million checks in June….

 

Securing privacy and civil liberties in the age of cybersecurity reform

A new report that outlines a roadmap to fortify the United States’ defenses against cyber threats also highlights the delicate…

 

CDPI and GEALC sign LOI to boost DPI in LATAM, Caribbean

Work to advance the development and implementation of Digital Public Infrastructure (DPI) in  Latin America and the Caribbean region is…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events