Why Having Immunity Passports on Blockchain is a bad idea

A spate of articles have appeared recently in the media espousing the need for COVID-19 Vaccination Certificates, also called Immunity Passports, to facilitate safe travel.

These articles focus on many complex issues, including how medically safe this would be, the ethical/ moral implications and the technology to make this all. We are not qualified to comment on the first two but how this should be technically implemented is something we have been working on since 2011.

In a recent New York Times article - “Coming Soon: The ‘Vaccine Passport”, blockchain is often touted as the panacea. Though blockchain (and particularly the distributed ledger and non-fungible tokens) can be useful in many situations, we think Immunity Passports is not one of them.

NY Times news story

Here’s why this is the case

Offline Validation: Immunity Passports need to be validated in scenarios where there may be flaky or no internet connectivity. Border control, stadiums, and event venues are all places where connectivity can be poor/non-existent such as in air-gapped computer environments and high volume areas. When thousands of people are queued up - the technology to validate and process should be simple and ideally work without any connectivity. Any validation bottlenecks in high traffic areas can lead to public health concerns in a pandemic - the very thing these Immunity Passports are meant to help prevent.

Physical-Digital: Many of the proposals (not just blockchain-based ones) are purely digital and require users to install a smartphone App (Mobile Wallets) to present their credentials. We think this is again an oversimplification. Since our public health depends upon verified travel, we need a solution that works for everyone - those without smartphones, those without data roaming when travelling and those who are just more comfortable carrying a printout.

Far more countries have guidelines or regulations governing any healthcare information storage online than you can imagine. And there can be many other reasons depending upon particular implementations, but the main flaw is the need for connectivity to validate.

How should vaccine passports work?

1. Work offline in air-gapped environments without the need for any connectivity.

2. Physical-Digital: Can be presented on a smartphone or paper.

3. Decentralised validation and decentralised generation.

4. Extremely low cost to make this work for public health, both for generation and validation in all countries.

5. Highly secure and protect privacy as healthcare data is sensitive information.

Is such a solution available today?

Yes - secure digitally-signed QR codes meet all the requirements. A secure QR code solution uses PKI based QR code mechanism enabling de-centralised validation. The sophisticated technology uses cryptography for quick, efficient and effective verification using ubiquitous QR code.

Unlike traditional QR, ‘secure QR code’ has an inbuilt fail-safe mechanism. Only authorised issuers can generate it and sign with a private key to digitally sign the QR. The QR code encapsulates the critical information that needs to be communicated and verified and developed in a small size. This secure QR code is tamper-proof. It is signed by the issuer’s private key and can be easily verified by the corresponding public key.

A simple smartphone app or a desktop camera to scan this document can validate the information in both paper or digital format. The verification takes less than a second.

Sample Covid-19 Vaccination Certificate with Secure QR Code

Secure QR code provides an easy and foolproof way to create and verify Authentic Certificates. The image above shows how this can be done.

---

You may also like to read -

• COVID-19 Vaccination Certificates - Top 10 points
• How does a collective of just 1k+ volunteers take COVID-19 headon
• ‘I was nervous using a fake Covid-19 test certificate’
• Are fake ‘COVID-19 test certificates’, spreading faster than the pandemic

---

Schedule Qryptal Discussion

---