Vaccine passports have been a hot topic of discussion over the last couple of months. Many of these conversations revolving around privacy and data breaching, all in which are relevant topics of concern.
With proof of vaccination beginning in Ontario on September 22, it’s important that everyone understands the logistics behind the system and how it’ll work. As we know right now, proof of vaccination will be required to eat indoors at a restaurant and bar, to enter a gym, movie theatre, sporting venue or concert, and for large meeting and event spaces. We spoke to Tony Anscombe, Chief Security Evangelist for IT security software company ESET who put our minds at ease on explaining how a system like this will work.
ESET is an award-wining cybersecurity company that’d been around for over 30 years. They were one of the first companies to ever market an anti-virus product. ESET services products all the way to consumer devices and even enterprises that want cyber intelligence, security logging and event tracking.
Tony has been with the company for over two decades but more recently, he’s been working closely with consumers on cybersecurity education. He’s also developed a great relationship with major tech companies like Google and Microsoft. When consumers use Google Chrome, they’re using an built-in ESET engine and it provides Google with technology used in Chrome clean-up. In addition, they also provide scanning services for apps before they’re listed in the Play Store. This is crucial for all consumers to know the app is safe to use.
The Less Information, The Better
When it comes to vaccine passports or vaccine certificates, many people are concerned with the type of personal information that might be disclosed. Tony says that this database is separate from those containing any sort of medical records.
“Most countries that already have a system like this in place have created separate vaccination databases that are not a part of your medical record. It’s solely a COVID vaccination database of people who have had the vaccine, as opposed to it knowing other medical information and conditions,” he said.
The vaccine passport system is simple, all it needs to know is your name, date of birth, date of each vaccination and the type of vaccine you got (for international travel). With a system like this in place, Tony says he’s a strong advocate for the less information the better.
“For a day-to-day person living in Toronto moving from a restaurant to a cinema or a theatre, basically anywhere that it’s required, that’s all the information needed on the app. When you limit the amount of personal information on an app you’re also lowering the risk of a privacy issue and somebody potentially abusing that data,” he said.
Canada is renowned for having one of the best privacy legislations. In 2004, the federal legislation put forward PIPEDA, The Personal Information Protection And Electronic Documents Act. The Act says its purpose is to, “establish an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes that right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances”.
Proof Of Vaccination Needs To Be Digital
For this to work smoothly and accurately, Tony says it must be 100% digital. Carrying around a print-out or a copy of a PDF file makes it easy for the information to be fraudulent or copied.
For years now we’ve been using real-time QR codes. Whether attending a concert or scanning a coupon, it’s something we’re all familiar with. After a month of this system in Ontario, the government plans on implementing a QR code system in October.
“Having a card proving your vaccination status is an issue because then you’ll still need to validate someone’s identification with another card. The best way to do this is dynamic QR codes that are connected with the COVID databases and it’s constantly being refreshed in real-time so that it can’t be given to anyone else,” he said.
Tony has seen Safeway, a supermarket pharmacy in the U.S., implement this sort of dynamic QR code with their own app. They’ve started a system that when their QR code is scanned it immediately sends the user a notification in the app that someone is scanning your vaccine passport. The user would then validate that the information was correct, or dispute it.
Unpreparedness May Have Gotten Us To This Point
When the pandemic first begin last year, many countries didn’t have sophisticated health technology that would’ve prepared them for what was coming. But for Canada that wasn’t the case. Tony is confused as to why it took them this long to only start building this sort of technology now.
“I think it’s a complete failure of the technology and health system to have not built this type of system during the vaccination development. Surely they knew that with the damage this pandemic has done we were going to need some sort of vaccination record,” he said.
In preparation for Ontario’s vaccine passport I set up an iOS 15 shortcut to easily access your pdf right from your lock screen! Instructions below: pic.twitter.com/Kpx2D48dCO— Graeme Woods (@graemewoods202) September 20, 2021
There continues to be political and societal pressures about how the government would control the pandemic and monitor vaccinations. Now that governments and institutions are scrambling to get the systems up, there’s a risk of flaws and errors.
“In Quebec, about two weeks ago when they released their program, there was a vulnerability gap and it was found by one of our researches at ESET. They found that you can upload a fake QR code. They fixed it in the matter of minutes, but the problem when you release software at speed, you have the possibility of releasing software that hasn’t been tested to its fullest extent,” he said.
Read more about vaccine passport privacy with Tony’s latest blog post here.
Feature Image: SHUTTERSTOCK