On Saturday, April 3, the U.S. Center for Disease Control and Prevention (CDC) reported that a record four million coronavirus vaccines had been administered across the United States in a single day. Indeed, vaccine administration is accelerating around the globe, prompting governments and businesses to develop digital vaccine certificates. These “vaccine passports” store an individual’s COVID-19-related health data, including whether they have been vaccinated, tested negative, or shown proof of immunity to the virus. Vaccinated Israelis can use the government’s Green Pass mobile app, for instance, to return to theaters, sporting events, hotels, and gyms. Recently, The European Union (EU) proposed a similar Digital Green Certificate, and slides from the Office of the National Coordinator for Health Information Technology indicate the Biden administration is considering similar initiatives. In late March, Governor Andrew Cuomo announced that New York will launch its own digital certificate, Excelsior Pass, built on IMB’s Digital Health Pass blockchain technology. And SICPA, the leading Swiss company that provides security inks for currencies and sensitive documents worldwide, has developed CERTUS, a blockchain-based QR code solution compatible with the international efforts on securing vaccination certificates, and currently offered to several states around the globe.
With the rollout of so many passports, both public and private sector actors are coming together to create reliable standards. One such organization, the Vaccine Credential Initiative, which includes Microsoft, Salesforce, MITRE, and the Mayo Clinic, aims to promote transparency and include “Privacy by Design” principles into digital passports. Industry groups like the International Air Transport Association (IATA) have also undertaken efforts to standardize vaccine certification for international travel.
Despite efforts to harmonize these passports, little has been done to ensure their security and integrity. On February, Europol warned on the “illicit sale of false negative COVID-19 test certificates” thanks to the “widespread technological means available, in the form of high-quality printers and different software.” Researchers at the cyber-security company Check Point discovered that forged certificates can be obtained for as little as $250 on the dark web; negative COVID-19 test results are on sale for just $25. Further, the number of adverts for fraudulent certifications has tripled since January, adding urgency for technologies to be able to verify the certificates’ authenticity. To make matters worse, certificate platforms and apps remain insecure. An early version of the Israeli Green Pass, for instance, easily allowed individuals to forge the QR code displayed on the mobile app. While the Israeli government has since patched the issue, the app still uses an outdated encryption library that is prone to security breaches. Nevertheless, some of these passport technologies have made an effort to prioritize security. The AOKpass, IBM’s Digital Health Pass, and Guardtime’s VaccineGuard all use blockchain to safeguard the integrity of their passport. Meanwhile, GeoTech Center Action Council Member John Ackerly believes the encryption platform of his company, Virtru, can be harnessed for secure digital certificates. In a recent interview with Forbes, Mr. Ackerly argued that “these kinds of approaches can be super useful in giving the public the confidence to embrace these tools.”
It is critical that policymakers adopt secure technologies to ensure citizens’ trust of public institutions. A 2017 Pew study found that 49 percent of Americans are not confident that the federal government can protect their data. If passports are compromised, it will further erode citizens’ faith—not only health organizations, but in all institutions, including elections. Ultimately, cybersecurity and citizen trust in institutions are inextricably linked.
Get the Economy of Trust newsletter
Sign up to learn about advances in technology and data activities that, through trust and more transparent frameworks, improve nations and sectors alike.
Research & Analysis
Event Recap Mar 11, 2021
Event recap | The GeoTech Decade ahead
By The GeoTech Center
On Thursday, March 11, panelists gathered to celebrate the first anniversary of the Atlantic Council GeoTech Center and discuss the “GeoTech Decade” ahead: what it means, what it could look like, and how it will affect us all. This date also represents the one-year anniversary of the COVID-19 pandemic, an event that has demonstrated to the world that choices regarding data and tech infrastructure and digital literacy significantly change our communities’ preparedness, resilience, and recovery from such an event.
GeoTech Cues Mar 31, 2021
Middle skill jobs as a strategic imperative
By Jan Jaro
The U.S.’ economic competitiveness depends on a deep base of manufacturing and service capabilities that enable cutting-edge technologies to proliferate. In this piece, the author argues that “strategic government spending must be translated into positive economic spillovers for ‘middle-skill’ workers. What’s needed,” he writes “is a coordinated approach to funneling federal, state, and local resources to target sectors and jobs.”
Event Recap Mar 10, 2021
Event recap | Artificial intelligence, the internet, and the future of data: Where will we be in 2045?
By the GeoTech Center
An episode of the GeoTech Hour where panelists look towards the future of artificial intelligence, discussing the GeoTech Decade ahead and beyond to 2045.
Event Recap Mar 31, 2021
Event recap | Indigenous data sovereignty: Opportunities and challenges
By the GeoTech Center
On Thursday, October 22, the GeoTech Center hosted the fifth installment of the Data Salon Series in partnership with Accenture to discuss the challenges to achieving data sovereignty for indigenous communities. The panel featured Dr. Tahu Kukuthai, Professor of Population Studies and Demography at the University of Waikato, Dr. Ray Lovett, associate professor of Aboriginal and Torres Strait Islander Epidemiology for Policy and Practice at Australian National University, Dr. Desi Rodriguez-Lonebear, Assistant Professor of Sociology and American Indian Studies at UCLA, and Ms. Robyn Rowe, Research Associate and PhD Candidate at Laurentian University. GeoTech Center Director Dr. David Bray moderated the panel and the discussion that followed.
Event Recap Mar 1, 2021
Event recap | Women’s leadership in the GeoTech Decade
By the GeoTech Center
The start of the Geotech Decade has had disproportionate impacts on women and has shown the need for women’s leadership worldwide. Women however currently only make up 26 percent of workers in data and AI roles, 15 percent in engineering, and 12 percent in cloud computing. In this episode of the GeoTech Hour, Deputy Director and Senior Fellow Stephanie Wander discuss leadership in the GeoTech Decade with the four women leading the GeoTech Commission.
Event Recap Mar 17, 2021
Event recap | Coordinating data privacy and the public interest
By the GeoTech Center
Data usage and the employment of data trusts has maximized individual privacy and private sector benefits. Both the government and the private sector are working towards developing strategies that emphasize individual privacy more than ever before, as the public continues to express greater interest in protecting their data. However, few institutions have landed upon successful solutions in practice that can protect user privacy while allowing for the high levels of analysis they have come to expect. As our digital landscape continues to evolve, panelists in this episode of the GeoTech Hour discuss intentional policy and design choices that could allow for greater data ownership within people-centered structures.