Why COVID passports are grounded
What are the knotty technical and political issues around health passes for travel?
After almost two lost years, international travel is gradually getting back to something approaching normal, but travelling abroad is still not easy. There’s complex demands for tests, long queues at the airport and mountains of paperwork. Surely, there must be an app for that?
This is why, since the early days of the pandemic, governments, the travel industry and airlines have all talked about digital COVID-19 health passes. So why aren’t we there yet? And how long until proving our vaccination status at the airport is as easy as scanning a passport?
“The airport is too late”
“By the time we get to the airport, that's far too late,” says Dr Edgar Whitley, who specialises in digital identity at the London School of Economics (LSE). “Airports don't want to have to pay people to stand at desks checking documents, and the more of that you can do in advance, the better.”
That’s why streamlining the process is something everyone wants to do. “Data could be shared up and down the line in exactly the same way as your passport details, your visa details, your name and address, the first hotel you're going to stay at. That's the grand vision,” says Whitley.
The problem is getting there. “I think the optimal solution would be that you would have an internationally agreed set of standards for what vaccination or testing and or recovery status is acceptable,” suggests Kirsty Innes, head of digital government at the Tony Blair Institute for Global Change.
“If you have that then the data that you share and prove at the border doesn't need to be much at all. You can just have an app that is connected to your domestic health authority data, which generates a QR code and a result to say, ‘yes, good to go, this person meets the standard’.”
The Blair Institute is part of an alliance of companies called the Good Health Pass Collaborative, which is working to develop such a system. In August, the group published a “blueprint”, arguing that there are several crucial principles that should underpin any health pass system: that the exchange of data should be private between the traveller and the organisation receiving it, that it cannot be tracked by third parties, that data sharing is minimised, and that there is transparency over how the data is used.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Gotta keep it federated
One point of consensus across the various proposals and working groups looking at health passes is that any future COVID-19 credentials system should be decentralised, with no central database containing the health details of travellers.
“There's no one saying centralise – it doesn't make any sense to centralise it,” says Clive Bourke, president of EMEA for Daon. His company is behind an app called Verifly, which is already being used by airlines such as BA and Virgin to speed up the COVID-19 credentials process when travelling to a limited number of destinations.
Under Verifly’s plan, the actual certificate detailing any jabs and tests should remain on the passenger’s phone. In theory, this will protect their privacy and, as per the Good Health Pass principles, minimise the amount of data stored by health authorities. Crucially, it puts control over who personal health data is shared with in the hands of the individual.
To make it work securely, it would use the same public key cryptography techniques that are widely used in computing. The health authority can ‘sign’ a passengers’ health data using their private key – and airlines, border control and so on can use the authority’s public key to verify the digital signature is real, without revealing the underlying data. In fact, without the private key – which health authorities would keep, well, private – it would be mathematically impossible to reverse engineer someone’s health data.
It also means that the system will work offline, without the need to ping health system servers every time a passenger is scanned. For a ‘federated’ system such as this to work, however, countries will have to agree on standards for storing data, and agree to mutually recognise each others’ digital signatures.
Following the rules
Even if a mutually interoperable, decentralised system is built, there are still technical challenges. One example is with the “rules engine” that health credentials will be fed into, which determines whether a passenger is allowed to enter a country or not, and the rules they must follow on arrival.
For example, depending on an individual’s combination of jabs, tests and the countries they have passed through en route, there may be differing requirements to conduct further tests, quarantine and so on.
“Logically, it can be done,” says Whitley, but how quickly the rules engine can be updated could be crucial. “It gets really complicated because the rules about what you actually need to demonstrate keep changing.”
In some cases, the computational logic when making decisions could get incredibly knotty. Whitley thinks a particularly interesting example of this could be when our first round of vaccines expire and countries begin to introduce booster shots.
“You come from Israel, you've had two jabs, but not your booster. It's now seven months since your second jab. Is the business logic you've been double jabbed, so we let you in? Or is the business logic that your country says until you've had the booster you are no longer being safe domestically, so perhaps not being safe internationally?”
There’s also the issue of ensuring the health credentials are really those of the person carrying them. One proposed solution is that health passes should include a biometric ‘hash’ of the owner’s face so that facial recognition technology can verify it.
Then there’s the private and public keys. If the system is built with expiry dates, it would be good for digital security, but could mean that travellers who have printed their QR code out find themselves stuck on arrival at the border.
Waiting for departure
Despite the complexities, there is optimism – and arguably necessity – that a system will eventually be built. The reason such a system is not yet in place around the world is, of course, politics.
“I think that the technology exists to enable us to do this,” says Innes. “There's quite a lot of hard work to do to align countries on the technical details of whose system they will recognise and what solutions they're prepared to use to guarantee that validity of the information being provided by another country's health certificate.”
“I would say it's probably a year away,” Bourke adds, who argues it isn’t standards that are slowing the development of a system down. Rather, he says, airlines are having to deal with other challenges, not least the debt burden they’ve taken on, and other IT complexities.
“If there was political will there, I don't see why you couldn't set this up in a matter of months,” Innes says. “I don't think it's a technological problem. It's a political governance problem.”