How cybersecurity and citizen trust in digital vaccine certificates are inextricably linked

Editorial

On Saturday, April 3, the U.S. Center for Disease Control and Prevention (CDC) reported that a record four million coronavirus vaccines had been administered across the United States in a single day. Indeed, vaccine administration is accelerating around the globe, prompting governments and businesses to develop digital vaccine certificates. These “vaccine passports” store an individual’s COVID-19-related health data, including whether they have been vaccinated, tested negative, or shown proof of immunity to the virus. Vaccinated Israelis can use the government’s Green Pass mobile app, for instance, to return to theaters, sporting events, hotels, and gyms. Recently, The European Union (EU) proposed a similar Digital Green Certificate, and slides from the Office of the National Coordinator for Health Information Technology indicate the Biden administration is considering similar initiatives. In late March, Governor Andrew Cuomo announced that New York will launch its own digital certificate, Excelsior Pass, built on IMB’s Digital Health Pass blockchain technology. And SICPA, the leading Swiss company that provides security inks for currencies and sensitive documents worldwide, has developed CERTUS, a blockchain-based QR code solution compatible with the international efforts on securing vaccination certificates, and currently offered to several states around the globe.

With the rollout of so many passports, both public and private sector actors are coming together to create reliable standards. One such organization, the Vaccine Credential Initiative, which includes Microsoft, Salesforce, MITRE, and the Mayo Clinic, aims to promote transparency and include “Privacy by Design” principles into digital passports. Industry groups like the International Air Transport Association (IATA) have also undertaken efforts to standardize vaccine certification for international travel. 

Despite efforts to harmonize these passports, little has been done to ensure their security and integrity. On February, Europol warned on the “illicit sale of false negative COVID-19 test certificates” thanks to the “widespread technological means available, in the form of high-quality printers and different software.”  Researchers at the cyber-security company Check Point discovered that forged certificates can be obtained for as little as $250 on the dark web; negative COVID-19 test results are on sale for just $25. Further, the number of adverts for fraudulent certifications has tripled since January, adding urgency for technologies to be able to verify the certificates’ authenticity. To make matters worse, certificate platforms and apps remain insecure. An early version of the Israeli Green Pass, for instance, easily allowed individuals to forge the QR code displayed on the mobile app. While the Israeli government has since patched the issue, the app still uses an outdated encryption library that is prone to security breaches. Nevertheless, some of these passport technologies have made an effort to prioritize security. The AOKpass, IBM’s Digital Health Pass, and Guardtime’s VaccineGuard all use blockchain to safeguard the integrity of their passport. Meanwhile, GeoTech Center Action Council Member John Ackerly believes the encryption platform of his company, Virtru, can be harnessed for secure digital certificates. In a recent interview with Forbes, Mr. Ackerly argued that “these kinds of approaches can be super useful in giving the public the confidence to embrace these tools.” 

It is critical that policymakers adopt secure technologies to ensure citizens’ trust of public institutions. A 2017 Pew study found that 49 percent of Americans are not confident that the federal government can protect their data. If passports are compromised, it will further erode citizens’ faith—not only health organizations, but in all institutions, including elections. Ultimately, cybersecurity and citizen trust in institutions are inextricably linked. 

Sincerely,

Pascal Marmier
Economy of Trust Foundation
Christine Macqueen
SICPA
Dr. David Bray
Atlantic Council GeoTech Center
Borja Prado
Editor

Get the Economy of Trust newsletter

Sign up to learn about advances in technology and data activities that, through trust and more transparent frameworks, improve nations and sectors alike.

Research & Analysis

Related Experts: Borja Prado and David Bray

Image: In this photo illustration, a symbolic COVID-19 health passport seen displayed on a smartphone screen in front of the flight information panel. (Photo by Thiago Prudencio / SOPA Images/Sipa USA)No Use Germany.