Big Tech companies are looking to normalize the use of vaccine passports by making it possible for people to store vaccination status in the digital wallet of their phones. Google, Apple and Samsung have all recently announced plans to offer a feature that readily calls up a QR code that can be scanned to quickly verify a user’s coronavirus (COVID-19) vaccination status.

In June, Google announced that it had already developed such a technology and was waiting to partner with vaccine verification providers.

Aptly named “COVID Card,” it aims to make things more manageable for those who feel that physical proof of vaccination can easily be misplaced. Google said that government agencies and certain healthcare organizations will be able to circulate the COVID Cards directly to a user’s Google Pay app.

Those without the Google Pay app will have the option to store the digital version of the COVID Card directly to their device, where it will be accessible from a home screen shortcut. Because Google is not retaining a copy of the card, anyone who needs to store the COVID Card on multiple devices will need to download it individually on each device.

For the feature to work, the Android device needs to run Android 5 or later and it will need to be certified by Play Protect – a licensing program that ensures the device is running real Google apps. Users will also need to set a lock screen on their devices for additional security. Google said the update will initially roll out in the U.S., followed by other countries.

Apple has also announced that iOS 15, which launches in the fall, will come with an inbuilt vaccine verification feature. With iOS 15, heath providers can offer a way to put COVID-19 vaccination and test results in the Health app even if they haven’t fully integrated health records.

Meanwhile, Samsung is partnering with the Commons Project to enable users to verify their vaccination status using the digital wallet Samsung Pay. Commons Project is the developer of the vaccine verification app CommonHealth.

“Rather than having to pull up CommonHealth – which is a personal health records app, which isn’t really designed for walking into a grocery store and showing a QR code – now you can store this in a much more convenient place,” said JP Pollak, CommonHealth’s chief architect. “You can imagine that at some point in the future, your vaccine record happens to be something you need with that great of frequency.”

Reliability issues surround vaccine passport apps

The federal government has shied away from creating a universal vaccine verification system, leaving private companies with the freedom to create their own apps.

New York was the first major U.S. city to mandate proof of vaccination against COVID-19 for indoor activities. However, technology experts are raising concerns that the apps used in the city have accuracy and privacy problems. They advised New Yorkers to revert to using their original paper vaccine cards.

“People are going with something that is completely unproven and potentially harmful,” said Albert Cahn, the executive director of the Surveillance Technology Oversight Project, a nonprofit privacy advocacy organization.

Mickey Mouse’s photo accepted as vaccination card

Cahn demonstrated that the city’s smartphone app, known as NYC COVID Safe, will accept literally any picture as proof of having had a vaccine dose by showing that it accepted a photograph of Mickey Mouse as a vaccination card. A menu of a San Francisco barbecue restaurant was also accepted as proof of vaccination. 

“The city built its own new app. But instead of doing anything to verify [a vaccination] and store it in the app, basically they reinvented the camera app,” he said.

Laura Feyer, a spokesperson for New York Mayor Bill de Blasio, said the city’s new app is not meant to verify status but rather is simply a place to save a digital image of one’s vaccination record.

“The vaccine is the Key to NYC,” she said by email, using the official name for the city’s vaccination mandate. “The NYC COVID Safe app was designed with privacy at the top of mind, and allows someone to digitally store their CDC [Centers for Disease Control and Prevention] card and identification. Someone checking vaccination cards at the door to a restaurant or venue would see that those examples are not proper vaccine cards and act accordingly.”

Accessibility and privacy issues

The state of New York had earlier introduced an app known as Excelsior Pass, which provides digital proof of COVID-19 vaccination or negative test results. The app generates a digital QR code that demonstrates vaccination status.

One of the major problems with the two New York apps is access. About 16 percent of American households do not have smartphones, a lack of connectivity that Cahn said “disproportionately affects low income and BIPOC [Black, Indigenous, People of Color] communities.”

Privacy advocates also fear that law enforcement agencies could use the apps to track people. Allie Bohm, a privacy lawyer with the New York Civil Liberties Union, raised concerns that a vaccination app could be expanded to include other personal information over time. “We set up these systems in response to one emergency, and if we’re not deliberate, they become facts of life,” Bohm said.

Underlying data often unreliable and incomplete

In June, California rolled out an online system where Californians can access the state’s vaccination records that will generate a QR code. Like New York’s app, the California version is available only to people vaccinated in state and accepted only by in-state venues. The paper card from the CDC, meanwhile, is accepted universally.

“This whole ecosystem is a house of cards, built ultimately on top of the CDC paper card, which we know is difficult to verify and easily forged,” said Ashkan Soltani, an independent privacy researcher based in Oakland, California.

“The reliability of these systems hinge on the accuracy of the underlying data – and given the speed, distributed nature and politicization of how COVID vaccinations have been deployed – that underlying data is often unreliable or incomplete.”

No comments:

Post a Comment