FB pixel

Privacy protections of digital health passes in focus with Quebec questions, Yoti endorsement

Privacy protections of digital health passes in focus with Quebec questions, Yoti endorsement

Yoti contributed to the Good Health Pass Collaborative’s Interoperability Blueprint to ensure the protection of principles around privacy, security and user control is built into digital health passes, according to a company announcement.

The Good Health Pass Interoperability Blueprint was launched in August to establish a common standard for verifiers to request and receive the data they need to validate the authenticity of health status claims, while applying the principle of data minimization.

The company says that 62 million people around the world lost their jobs to pandemic in 2020 with the 49 percent retraction of the global travel and tourism sector.

“We’re delighted to see our work with Good Health Pass live with the Good Health Pass Interoperability Blueprint, it has huge potential to change the way people travel in the backdrop of Covid-19,” states Yoti Chief Technology Officer Paco Garcia. “I’ve been honoured to co-chair the identity binding working group of the Good Health Pass, working side by side with many competitors.

“We’re striving for interoperability as digital health credentials become more widely available and relied upon. We support the provision of health information in addition to vaccination cards or test results with flexibility for all relying parties and different country requirements. The goal is to give individuals one digital ID for all their identity needs.”

Yoti’s health status solution is currently in use by Virgin Atlantic for staff testing.

Quebec credential shows fine line between protecting and risking privacy

Opinions are mixed about the security of vaccination credentials being issued by the Canadian province of Quebec.

Cybersecurity analyst Steven Lachance told The Globe and Mail that Quebec’s adoption of the SMART Health Card standard for its digital health passes should be a model for other provinces.

Quebec’s system includes the VaxiCode Verif scanning application for businesses, and VaxiCode for consumers to present a QR code for scanning.

Security experts told The Globe and Mail that the main security risk with the system is that someone could develop an app which stores the VaxiCode data it scans, which Verif does not.

Since then, hackers have reportedly obtained the QR codes for several prominent politicians in the province. Ed Dubrovsky, managing partner of incident response and penetration testing company Cytelligence, tells IT World Canada that “insert” and “update” functions must be carefully secured with measures such as multi-factor authentication.

VaxiCode provides QR codes from paper certificates provided by the province to prove vaccination, with the user scanning a photo ID to confirm they are the person identified by the vaccination credential.

Dubrovsky says that the more QR codes scanned by an entity, and therefore the more URLs it is directed to for information, the more likely that entity will be able to discover the relation between QR codes and URLs and access the URLs containing data from other people.

He warns that access to the URLs should involve an authentication mechanism to protect the data they contain.

Article Topics

 |   |   |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News


Challenges in face biometrics addressed with new tech and research amid high stakes

Big biometrics contracts and deals were the theme of several of the stories on that drew the most interest from…


Online age verification debates continue in Canada, EU, India

Introducing age verification to protect children online remains a hot topic across the globe: Canada is debating the Online Harms…


Login.gov adds selfie biometrics for May pilot

America’s single-sign on system for government benefits and services, Login.gov, is getting a face biometrics option for enhanced identity verification…


BIPA one step closer to seeing its first major change since 2008 inception

On Thursday, a bipartisan majority in the Illinois Senate approved the first major change to Illinois Biometric Information Privacy Act…


Identity verification industry mulls solutions to flood of synthetic IDs

The advent of AI-powered generators such as OnlyFake, which creates realistic-looking photos of fake IDs for only US$15, has stirred…


Idemia discusses faster police operations, improved outcomes with livescan biometrics

Biometrics, and fingerprints in particular, have long been one of the pillars of forensics work performed by police and crime…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events