Digital identity specialists: lack of trust in digital projects threatens response to COVID
Unfair systems, coding vulnerabilities and data conditions without end: the global COVID digital health pass situation is looking under the weather. While smartphones, the devices hoped to be the bearer of digital health passes, are in rude health, reaching record usage despite falling sales growth during the pandemic.
Out with lack of trust, global standards – in with sunset clauses, data privacy
A global study by the UK’s University of Exeter into COVID health status certificates finds three main barriers to their successful implementation.
A lack of trust in digital solutions in the management of the COVID-19 pandemic has occurred around the world, plus a lack of global standards and doubts as to whether any can be achieved within the timescale and an overall lack of a holistic approach to tackling COVID including health passes are the main concerns raised by the study based on interviews with digital identity and digital certification experts.
“As these certificates directly impact individuals’ rights, there is a crucial need to consider the laws and regulations, including those on data privacy and human rights,” states the report, noting they need to serve everyone, not just the digitally literate.
This follows recent guidance from the W.H.O. on health passes which requires them only to go as far as certifying that the holder has been vaccinated. It is not necessary for the certificate to be digital or to be secured by biometrics as a name and date of birth should be sufficient. Individual countries must decide how a pass identifies its bearer. The W.H.O. also dissolved its Smart Vaccination Certification Working Group.
Including sunset clauses in legislation to ensure that health pass use ends when the W.H.O. declares the pandemic over, better governance of health data (including in the EU scheme) to ensure fairness, data minimization and confidentiality, and that health pass providers build data protection into the design of the certificates and undertake data protection impact assessments.
Digital a threat to inclusivity
The Exeter paper warns of COVID-testing fees creating a two-tier society where the richer can live more freely. An article by The Verdict warns of exclusion for other groups. Requiring fingerprint biometrics or a device such as a smartphone or computer to be held in a certain position for face biometrics for a health pass could make it unusable for people with dexterity issues of tremors. This is also an issue when biometric gates are used in airports.
Health communication specialist Sarah K Stricker, who lives with multiple chronic health conditions, raises issues with the likes of private biometrics firm Clear and digital healthcare platform SAFE.
“The major concern I [have is] that the data being collected and used alongside biometric identifiers for products like Clear’s Health Pass [is] both unreliable in terms of singling out people who were sick with COVID-19 and could be problematic and result in false positives for people with chronic illnesses,” The Verdict quotes Stricker as saying.
False positives based on using automated temperature testing for COVID screening could result in people with disabilities being denied access to travel, restaurants and events. Certain conditions can prevent some people from having the vaccinations.
“Will employees who continuously fail checks for health reasons other than a COVID-19 infection have their jobs protected?” The Verdict quotes Stricker as asking, “Will employees in that situation have any other option but to disclose a disability they may not have chosen to disclose?”
Vulnerabilities in Australian immunization app still allow fake status
The Australian government’s Express Plus Medicare program created the Services Australia COVID-19 digital health pass which extracts the holder’s vaccination status from the Australian Immunization Register. In mid-August, researcher Richard Nelson found a vulnerability in it which allows an attacker to falsify someone’s vaccine status and tried to report it to Services Australia and via other reporting channels, reports Threat Post.
When he failed to get a response, he went public. And three weeks after that, the vulnerability has still not been fixed.
Threat Post reports a study into vaccine passport privacy found that 75 percent of respondents in January had fears about vaccine databases being breached.
Mobile phone users almost hit 5.3B
Using phones as a holder of a health pass or way to verify a person’s status looks increasingly plausible. The total number of mobile phone users worldwide has continued to climb, despite the worst smartphone market contraction, caused by the pandemic, reports APN.
Two-thirds of the world’s population uses a mobile, at almost 5.3 billion, and the total number of cellular connections doubles that to 10.4 billion. Of those, 6.4 billion are smartphones.