Vaccine passports in Boston: privacy and security concerns

 The COVID-19 pandemic brought a shift in our economic system,our social interactions and our health protocols. With vaccination rates on therise, and a gradual adjustment to a new post-COVID-19 normalcy, there comes a question on how to ensure social gatherings and other activities are done in a safe way, avoiding the risks of a COVID-19 outbreak.  

One solution that has been implemented in different citiesis the use of a digital COVID-19 vaccination “passports”: the concept refers tomobile apps used to confirm whether or not someone has received the COVID-19 vaccine. Such “passport” would have to be shown when traveling, entering a restaurant, sports venue or concert, and would restrict the attendance of non-vaccinated people to events.  

This memo will deal with security and privacy concerns ofadopting a vaccine “passport” in Boston.  

Overview: why do privacy and security matter whenanalyzing vaccine “passports”? 

If a vaccine “passport” is adopted by a government, and thusit is used by a significant share of the population, officials must alwaysensure the security and privacy of its citizen’s data. The data that could be used by a vaccine “passport” falls into three different categories: 

Personal data: To identify a person, he or she wouldhave to provide the tool with their name, date of birth, and potentially otheridentifiers, such as a SSN/ITIN, address, or something that confirms they are residents of Boston.  

Health information: The most important piece ofinformation of this tool would be the vaccination status. However, there could also exist other information, such as the type of vaccine, underlying conditions of the person, ets.  

Collateral information: If a given “passport” is used to enter different events and businesses, the tool could have access to a person’s behavior and physical presence -where is he/she located, what places does he/she frequent the most, what is her pattern of behavior-. Although this information is not 100% required for a “passport” tool to work, developers might include it in the application, and in that case the protection of data becomes an even more important aspect.  

Who would be interested in getting access to this type ofinformation? 

Adversary’s motivations: The most importantmotivations to try to access the data stored by a vaccination “passport” are money-selling the database to criminals, pharmaceuticals, politicians-, politics -a person from the opposite party would benefit from a security breach in Mayor Janey’s term-, and malice/revenge -an individual passionate about hacking into government databases to create chaos-. 

Adversary’s methods: It is hard to determine what typeof methods would an adversary have. Some potential options includetechnological attacks, multi-phase attacks and attack cover-up. Adversaries will often be knowledgeable in security breaches or will hire someone who is knowledgeable to do the work for them, depending on the type of interest.  

Adversary’s resources: The resources that anadversary might have depend on the type of adversary we are talking about. Ifit’s a political opponent, the most salient resources are power/influence and money, which are useful to hire someone else to do the technical job. If it is an external actor trying to obtain the database to sell it to a third party, they must have expertise and time. There might also be a case where an internal person is the one that tries to sell the database, and they would have the resources of inside capabilities and inside knowledge.  

What are potential solutions? 

To maximize security, one potential solution is the use of blockchain technology, which would mean there is no central data base of information, the main asset that would potentially be exploitable byattackers. Minimizing data collection and retention, and aiming to anonymize whatever is stored, are some of the best criteria to move forward.  

Another important aspect is who to trust to develop the vaccine “passport” app. The government  contract to do so should be granted throughopen processes, for limited terms, and strictly limit the purposes, uses and sharing of personal data.  Whoever is hired to develop this application will have access to very sensitive information and could potentially seek to monetize it, which means the government must be careful in the contract process. 

A final aspect that should be taken into account is what would the protocol be if a person loses the device where he/she stores the vaccine “passport”. How would he/she proceed to ensure there is no identity theft? What are the security methods put in place to ensure he/she is able to get a new “passport” and that the old one is deactivated? 

A final thought 

Although this memo is mainly concerned with discussingprivacy/security measures and considerations when developing a digital vaccine “passport”, it is necessary that a non-digital version of it is also available. This would ensure that the tool is inclusive to people who do not own a technological device/do not know how to use a device, and who are very often marginalized groups from society -low income people, people of color, elderly people, etc-.    

All Posts
×

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OKSubscriptions powered by Strikingly