--- title: Covid-19, Vaccine Passports, Health Credentials, and Self Sovereign Identity description: How a cryptographically secure digital credential can be used instead of paper documents excerpt: > In a lot of places around the world, a COVID passport is simply a paper document. This has led to a couple of expected problems, one to mention is forgery. Paper documents can easily be forfeited, and paper-based COVID passports are no exception. layout: single permalink: application/covid-19/ canonical_url: 'https://decentralized-id.com/application/covid-19/' categories: ["History","Application"] tags: ["Covid","LFPH","CCI","SITA","WHO","Good Health Pass","Excelsior Pass Pluss","Digi.me","EU Digital Green","Real World"] last_modified_at: 2023-06-16 --- ## Explainer * [Digital identity is critical in the new world since covid](https://digitalidentity.nz/2021/11/17/digital-identity-is-critical-in-the-new-world-since-covid/) 2021-11-17 DigitalID NZ > In my recent podcast with [Brad Carr](https://www.iif.com/Staff-and-Authors/uid/46/BradCarr) of the [Institute of International Finance](https://www.iif.com/Publications/ID/4304/FRT-Episode-87-Digital-Identity-with-SecureKey-CEO-Greg-Wolfond), we discussed how digital identity and verified credentials can support a digital-first world, something that’s extremely relevant amid the current pandemic. https://verified.me/blog/the-value-of-verifiable-credentials-in-the-evolving-digital-identity-landscape/ Verified Me * [COVID-19 as a Catalyst for the Advancement of Digital Identity](https://www.perkinscoie.com/images/content/2/4/247949/2021-Perkins-Coie-LLP-Health-Passport-White-Paper.pdf) 2021-11-05 Perkins Cole > This article discusses areas of law that are developing rapidly [...] our goal is to address some of the legal considerations that health certificates raise with respect to, and in the context of, the development of a comprehensive system of digital identity management. * [A Goldilocks point for Digitised Vaccination Certificates](https://lockstep.com.au/a-goldilocks-point-for-digitised-vaccination-certificates/) 2021-09-13 Steve Lockstep > My poster looks at a sweet spot in digital vaccine certificates. Too little identity and proof of vaccination is insecure; too much identity and the proof threatens privacy. > > To set the scene, it worries me that COVID vaccination is seen by some as the killer application for exotic technology or digital ideology. We should not impose these sorts of changes onto health systems especially in developing countries. They disrupt established ways of managing patients and they’re not necessary for privacy. * [Why health passes are NOT vaccine passports – and offer greater flexibility and choice](https://blog.digi.me/2021/08/18/why-health-passes-are-not-vaccine-passports-and-offer-greater-flexibility-and-choice/) 2021-08-18 DigiMe > Health passes, though, are much more flexible as they provide multiple options. They can still be used as proof of vaccination, if the user chooses to share their health information in this way. > > But, importantly and in a crucial difference from vaccine passports, they can also be used to securely display a test result, such as a negative PCR or rapid antigen test (also known as lateral flow tests) today. Additionally, they are also future-proofed for options such as rapid antibody test results when those come into play on a large scale. * [Vaccine Passports Must Leverage Decentralized Identity Solutions](https://medium.com/ontologynetwork/vaccine-passports-must-leverage-decentralized-identity-solutions-d454f9907fe9) 2021-08-16 Ontology > Decentralized identity solutions offer an ideal solution to the data privacy and identity risks associated with COVID-19 passports and other verification methods. * [Innovation in Digital Identity and Credentials in the Post-Covid World](https://academy.affinidi.com/innovation-in-digital-identity-and-credentials-in-the-post-covid-world-f182a5743ce8) 2021-07-01 Affinidi > Though we often get lost in technologies, frameworks, legislation, and economic models, it’s ultimately the human aspect that will define the future of the digital identity industry. Bearing this in mind can determine the heights we scale and how quickly we can get there. * [Blueprint for a Digital Health Pass](https://www.kuppingercole.com/blog/bailey/blueprint-for-a-digital-health-pass) 2021-06-14 Kuppinger Cole > Binding an identity to a Verifiable Credential remains valid beyond the point of verification by being able to match a real-time biometric data point with one which was logged at the point of verification * [Covid-19 Vaccination Passes Could Cataylze Self-Sovereign Identity Adoption](https://hackernoon.com/covid-19-vaccination-passes-could-cataylze-self-sovereign-identity-adoption-6x3m3563) 2021-06-10 Hackernoon * [Our digital future and economic recovery rests on getting digital ID right](https://diacc.ca/2021/05/31/our-digital-future-and-economic-recovery-rests-on-getting-digital-id-right/) 2021-05-31 DIACC > With digital identity done right, a vaccine proof (passport) would allow Canadians to securely prove who they are, verify that they were vaccinated, and have a digital credential to use in any instance that requires it — all in a safe and secure way that does not divulge any other private health record. * [How festival organisers can maximise Covid safety and eradicate ticket touts](https://blokbioscience.com/articles/how-festival-organisers-can-maximise-covid-safety-and-eradicate-ticket-touts/#respond) 2021-05-31 Blok Bioscience > Festival organisers will also need to do better at managing delays than other sectors. In recent weeks, we’ve seen [Heathrow airport reporting delays of up to six hours](https://www.bbc.co.uk/news/business-56743571). This would be catastrophic at a festival – to keep festival goers waiting, after they have already waited for months to have a great time, would only lead to frustration and likely cause a bad reputation for the festival itself. * [SSI COVID Passports: Why, What and How](https://noha-abuaesh.medium.com/ssi-covid-passports-why-what-and-how-6f450fddfabf) 2021-05-21 Noha Abuaesh > In a lot of places around the world, a COVID passport is simply a paper document. This has led to a couple of expected problems, one to mention is forgery. Paper documents can easily be forfeited, and paper-based COVID passports are no exception. * [Not too much identity technology, and not too little](https://www.constellationr.com/blog-news/not-too-much-identity-technology-and-not-too-little) 2021-04-23 Constellationr > We should digitize nothing more and nothing less than the fact that someone received their vaccine.  A verifiable credential carrying this information would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the shot.  The underlying technology should be robust, mature and proven at scale ― as is PKI and public key certificates * [Setting up digital ID regime could provide boost to post-pandemic recovery](https://diacc.ca/2021/04/22/setting-up-digital-id-regime-could-provide-boost-to-post-pandemic-recovery/) 2021-04-22 DIACC > If the global pandemic has shown us anything, it’s that the need for reliable and secure data is paramount as businesses, governments, and Canadians from Vancouver to Quebec City to Charlottetown and everywhere in between move online. * [The Politics of Vaccination Passports](https://www.windley.com/archives/2021/04/the_politics_of_vaccination_passports.shtml) 2021-04 Phil Windley > For example, I’d prefer a vaccination passport that is built according to principles of the Good Health Pass collaborative than, say, one built by Facebook, Google, Apple, or Amazon. Social convention, and regulation where necessary, can limit where such a passport is used. It’s an imperfect system, but social systems are. * [Everything You Need to Know About “Vaccine Passports”](https://identitywoman.net/quoted-in-everything-you-need-to-know-about-vaccine-passports/) 2021-04 IdentityWoman \ [Mother Jones](https://www.motherjones.com/politics/2021/04/everything-you-need-to-know-about-vaccine-passports/) > Andy Slavitt, a White House senior adviser for COVID response, specified at a [March 29](https://www.whitehouse.gov/briefing-room/press-briefings/2021/03/29/press-briefing-by-white-house-covid-19-response-team-and-public-health-officials-21/) briefing that “unlike other parts of the world, the government here is not viewing its role as the place to create a passport, nor a place to hold the data of citizens.” * [Getting Privacy Right with Verifiable Health Credentials](https://www.evernym.com/health-credentials-webinar/) 2021-03-16 Evernym > Verifiable health credentials have never been more important or more urgently needed. Yet, as an industry, we have a responsibility to ensure that the solutions we deploy today are held to the highest bar and set the right precedent for personal data privacy. * [Freedom, Privacy and the Covid Pandemic](https://blokbioscience.com/video/freedom-privacy-covid/) 2021-03-09 BLOK > It’s quite important to outline the difference between #selfsovereignidentity and centralised solutions in the development of #covid #vaccinepassports. > > The former requires zero trust on third parties, the latter is prone to hacking and abuse. * [Working Together on What “Good” Looks Like](https://www.hyperledger.org/blog/2021/02/12/working-together-on-what-good-looks-like) 2021-02-12 Hyperledger > This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel and commerce, a high bar for implementations of identity and credentialing systems to meet with regards to privacy, ethics and portability. They will also work with the implementers of such systems to converge towards common standards and governance. * [Center for Global Development: A COVID Vaccine Certificate](https://www.cgdev.org/publication/covid-vaccine-certificate-building-lessons-digital-id-digital-yellow-card) 2021-02-11 CGDev > Building on Lessons from Digital ID for the Digital Yellow Card > > Covid Vaccination Certificate will be a formidable challenge, not only to international cooperation, but because it will need to be implemented in the course of mass vaccination campaigns across countries with very different health management systems and ID systems and with a constantly evolving situation. * [Identity Ownership and Security in the Wake of the Pandemic](https://www.pingidentity.com/en/company/blog/posts/2021/identity-ownership-security.html) 2021-02-09 Ping Identity > - Takeaway #1: We digitized much of our economy during the pandemic but neglected one important aspect: identity. > - Takeaway #2: Third parties have much more control over digital identity than individuals. > - Takeaway #3: We’re on the cusp of a tectonic shift in the notion of digital identity. > - Takeaway #4: The pandemic has accelerated the changes needed to shape the future of digital identity security. > - Takeaway #5: Moving control of digital identity to the individual will dramatically change our current identity and access management systems. * [My presentation at the @Hyperledger Healthcare SIG about #VerifiableCredentials for Covid-19](https://twitter.com/maheshbalan/status/1352049833419239428) 2021-01-20 @maheshbalan Hyperledger > How a cryptographically secure digital credential can be used instead of paper documents. ([Video](https://wiki.hyperledger.org/display/HCSIG/2021.01.20+General+Meeting+Presentation?preview=/41590388/41590779/zoom_0.mp4)) * [Digital vaccine certificate looms as HR's next problem](https://searchhrsoftware.techtarget.com/news/252494706/Digital-vaccine-certificate-looms-as-HRs-next-problem) 2021-01-12 Tech Target > It's going to take a while for the efforts to sort themselves out, Beck said, but he believes it will happen by the fall or year-end. Government funding may be forthcoming. > > Based on what Biden has said generally about public health, Beck believes the new administration plans to make "a big commitment to health equity and improving public health systems broadly," he said. * [how to re-open our economy while protecting privacy](https://diacc.ca/2021/01/05/protecting-privacy-while-reopening-economies/) 2021-01-05 Joni Brennan, IdentityWoman DIACC > Without transparent operational guidance, people’s privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests. * [Covid-19 spurs national plans to give citizens digital identities](https://webcache.googleusercontent.com/search?q=cache:KsfPtESFkP4J:https://www.economist.com/international/2020/12/07/covid-19-spurs-national-plans-to-give-citizens-digital-identities) 2020-12-07 Economist > The MOSIP project, which got going in March 2018, is nested in Bangalore’s International Institute of Information Technology (IIIT-B) and endowed with funding of $16m from the Omidyar Network, the Bill and Melinda Gates Foundation and Tata Trusts. * [Digital Health Passports for COVID-19 - Data Privacy and Human Rights Law](https://socialsciences.exeter.ac.uk/media/universityofexeter/collegeofsocialsciencesandinternationalstudies/lawimages/research/Policy_brief_-_Digital_Health_Passports_COVID-19_-_Beduschi.pdf) 2020-11-06 > This is a study of Digital Health Passports relating the benefits in managing the pandemic, while also detailing concerns around data protection and the private information at risk of being over-exposed. * [How COVID-19 is driving innovation in digital identity](https://www.turing.ac.uk/blog/how-covid-19-driving-innovation-digital-identity) 2020-07-27 Turing Institute > Contact tracing is inherently privacy-invasive to individuals as it is fundamentally a mechanism for sharing details of the interactions they have with others. In response, many researchers have turned their attention to developing secure and privacy-preserving solutions. Large inter-institutional projects such as DP-3T (Decentralized Privacy-Preserving Proximity Tracing), PEPP-PT (Pan-European Privacy-Preserving Proximity Tracing) and the Apple-Google partnership have developed protocols, systems and mobile apps that have already informed contact tracing deployments internationally. * [Immunity passports' could speed up return to work after Covid-19](https://www.theguardian.com/world/2020/mar/30/immunity-passports-could-speed-up-return-to-work-after-covid-19) 2020-03-30 > * What are, in your opinion, the riskiest assumptions when writing an Software Development Kit? > * For you, what are the most promising SSI projects or repos? > * What do you believe are the bottlenecks for the cross-ledger SSI? How soon can we see cross-ledger credentials exchanges? > * What are the upsides of using Zero MQ over a common HTTP Rest connection? > * How hard would it be to replace the current Transport Layer Security architecture with SSI? > * Why was Rust chosen to write Indy-SDK? > * Specific roadblocks other people in this space should look out for? > * What are the books you have recommended most to others? ### Travel * [COVID & Travel Resources for Phocuswright](https://identitywoman.net/covid-travel-resources-for-phocuswright/) 2021-11-17 IdentityWoman.net > As more and more governments adopt major COVID certificate standards to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences. * [SITA Publishes 18-Month Plan for Digital Transformation in Air Travel](https://www.sita.aero/globalassets/docs/brochures/your-runway-to-success.pdf) 2021-06-30 SITA > COVID-19 has had a dramatic impact on the aviation industry both financially and operationally. It has required our industry to reprioritize technology spend, do more with less, and implement health and safety protocols * [Panel: Paving the Way to a Safer Travel Experience - Heather Dahl, & Scott Harris & Adrien Sanglier](https://www.youtube.com/watch?v=YlgXNk4GRLc) 2021-06-21 Hyperledger Foundation > Together SITA and Indicio.tech utilized Hyperledger Aries, Ursa, and Indy to create a secure travel credential that is accepted by airlines, hotels and hospitality partners without sharing private health information. In this panel discussion, SITA and Indicio.tech will share their journey of applying verifiable credentials in commercial aviation and travel/hospitality to make it easy for visitors entering a country to share a trusted traveler credential – based on their health status, yet revealing no personal information or health data – privately and securely on their mobile device. * [Coming Soon: The ‘Vaccine Passport’](https://www.nytimes.com/2021/02/04/travel/coronavirus-vaccine-passports.html) 2021-02-04 NYTimes > “The global passport system took 50 years to develop,” said Drummond Reed, chief trust officer for Evernym. “Even when they wanted to add biometrics to that to make it stronger, that took over a decade to agree on just how you’re going to add a fingerprint or a facial biometric to be verified on a passport. Now, in a very short period of time, we need to produce a digital credential that can be as universally recognized as a passport and it needs an even greater level of privacy because it’s going to be digital.” ## Tech * [Safeguarding COVID-19 Vaccines with SSI - Part 1\3: Requirements](https://medium.com/@frank.k./iot-network-security-protecting-covid-19-vaccines-with-ssi-part-1-requirements-b6523a607fbe) 2021-10-01 Frank Kottler > In many cases, the problem underpinning IoT network security resembles the classic blockchain business case: to create trust — in this case, trustful data and message exchange — in a trustless environment. While the self-sovereign identity (SSI) concept resolves this problem in a specifically distributed manner, we want to explore current solutions, and compare their properties to distributed architectures, including SSI. Many desirable network properties (throughput, simplicity, confidentiality, to name a few) are much easier implemented in conventional solutions — it will be exciting to understand how each approach can deliver value for IoT network security depending on the specific application. * [Safeguarding COVID-19 Vaccines with SSI — Part 2/3: Architecture](https://medium.com/@frank.k./iot-network-security-protecting-covid-19-vaccines-with-ssi-part-2-architecture-1b5e8e49605d) 2021-10-01 Frank Kottler > Dylan has identified the requirements towards their IoT network and possible secure network architectures. Still, two challenges remain unsolved: the configuration effort required to setup device APIs and communication protocols, and the question of how to securely identify and authenticate the devices. * [Safeguarding COVID-19 Vaccines with SSI— Part 3/3](https://medium.com/@frank.k./iot-network-security-protecting-covid-19-vaccines-with-ssi-part-3-identity-management-87c480fb8007) 2021-10-01 Frank Kottler > Dylan realizes that the identified design requirements correspond to properties that are typically solved by means of cryptography. To embed cryptographic methods securely in their network, VirGo needs to identify both a network architecture and an identity management paradigm that fulfill the design principles when they interact. * [The evolution of Covid testing peaks with at-home rapid antigen test-and-show capability](https://blog.digi.me/2021/08/20/the-evolution-of-covid-testing-peaks-with-at-home-rapid-antigen-test-and-show-capability/) 2021-08-20 DigiMe > fixes the pain points of other testing processes – especially as infectious and asymptomatic people can test without travelling – is cheap, eminently scalable, and can be used as secure proof of Covid health status where needed. ## Report * [Digital Identity in response to COVID-19: DGX Digital Identity Working Group](https://www.tech.gov.sg/files/media/corporate-publications/FY2021/dgx_2021_digital_identity_in_response_to_covid-19.pdf) 2022-01-24 > DIWG member countries each have relevant policies and/or legislation which cover their respective approaches towards digital identity, captured through policy, legislative and trust frameworks governing the digital identity systems. For most, trust frameworks and digital identity systems were implemented using existing government policies and legislation as a foundation, for example existing privacy legislation, and broadly align to ISO standards (as defined by the International Organisation for Standardisation), European Union (EU) standards (as defined through the eIDAS regulation) or industry best practice. A similar model was found for technical settings across digital identity systems ## User Experience * [How to Prove You're Vaccinated for COVID-19](https://www.consumerreports.org/covid-19/how-to-prove-youre-vaccinated-for-covid-19-a5516357574/) 2021-11-23 Consumer Reports > However, electronically answering what is basically a simple yes-or-no question has become surprisingly controversial, confusing, and time consuming. That’s because the rules vary by country and by state, with some states refusing to issue or even allow such a credential. Layered on top of that, different firms offer their own versions of COVID-19 vaccination passports. * [The Vaccine Certificate Experience](https://www.webistemology.com/vaccine_certificate_experience/) 2021-10-18 WEBISTEMOLOGY > Version 1 of the Ontario COVID Vaccine Certificate is a cumbersome experience that needs some work > > What I observed is NOT a user-friendly experience for either the customer or the business. For the experience to be improved it needs to be a single presentation operation of either a paper or digital certificate that the business can verify in one step. > > The advantage of a paper and ID card presentation ritual is that it is difficult to hack. So if we are going to improve the presentation with a single credential as above, privacy and security MUST be protected. * [Women and platform livelihoods in Kenya: The impact of COVID-19](https://medium.com/caribou-digital/women-and-platform-livelihoods-in-kenya-the-impact-of-covid-19-954d6b073997) 2021-06-24 Caribou Digital > We are starting a new research project — and we’d like you to join us on the journey. Over the course of 2021, Qhala and Caribou Digital, with the support of the Mastercard Foundation, will work to understand the impact of COVID-19 on young women’s experiences working or selling through online platforms in Kenya. * [How can we make platform livelihoods better for young women, especially during and after COVID-19?](https://medium.com/caribou-digital/how-can-we-make-platform-livelihoods-better-for-young-women-especially-during-and-after-covid-19-696b3974bf61) 2021-05-31 Caribou Digital > But who is the “we”? The research asks exactly that — who is the “we” that needs to [make the platform work better for women](https://medium.com/caribou-digital/female-livelihoods-in-the-gig-economy-tensions-and-opportunities-f14982b6aaad)? * [JWTs done right: Quebec's proof of vaccination](https://mikkel.ca/blog/digging-into-quebecs-proof-of-vaccination/) 2021-05-20 Mikkel > Well, my proof of vaccination finally arrived, and the result is… actually pretty okay. Still, there's always some fun to be had in zero-knowledge hacks, so I thought I'd blog about my experiences anyway. * [Covid has accelerated Canadians’ demand for digital ID](https://diacc.ca/2021/02/16/covid-has-accelerated-canadians-demand-for-digital-id/) 2021-02-16 DIACC > three-quarters of the population feels it’s important to have a secure, trusted and privacy-enhancing digital ID to safely and securely make transactions online. The majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner, according to the survey. ## Standards * [Trust Registries Working Group](https://wiki.trustoverip.org/display/HOME/Trust+Registries+Drafting+Group) 2021-08-13 TOIP >  will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer. * [Mapping FHIR JSON resource to W3C Vaccination vocabulary : A semantic data pipeline](https://iiw.idcommons.net/12H/_Mapping_FHIR_JSON_resource_to_W3C_Vaccination_vocabulary_:_A_semantic_data_pipeline) 2021-05-13 John Walker > The Digital Health Credential System Implementation Guide The Implementation Guide V1 provides a set of baseline recommendations to the CCI community of application and services developers, implementers with which to evaluate product designs. The requirements mentioned in this guide should be read along side (and not as a substitute to) the regulations applicable to the jurisdiction in which the applications and services will be made available https://cci-2020.medium.com/the-implementation-guide-v1-is-out-f958e1fd69b0 https://drive.google.com/file/d/1eSrFxFldD6TBkfmOFTXBkBu2TYf3qFv2/view) Covid Credentials Initiative * [WHO goes there? Vaccination Certificates Technology and Identity](https://www.linkedin.com/pulse/who-goes-vaccination-certificates-technology-identity-stephen-wilson/) 2021-04-09 Stephen Wilson > Firstly the Working Group has expressly endorsed PKI as the technology for a new WHO trust framework for global interoperability of digitized proof of vaccination. They drew on decades of ICAO e-passport experience and consider the issue of trust framework technology to be "closed" [Ref: line 218 of the consultation paper]. Nevertheless they appreciate that implementing PKI is a significant undertaking, reporting that several countries have called for “assistance related to the establishment of their [public health authority's] national public key infrastructure” [Ref: lines 208-214]. The role of the WHO here is a work in progress. * [Vaccination Certificate Test Suite](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0081.html) 2021-04-08 Manu Sporny  > The WHO guidance covers 28 types of vaccines that we (as a global society) depend on, including Measles, Smallpox, Polio, Yellow Fever, COVID-19, and others. We (Digital Bazaar) thought it might be interesting to see if we could create an interoperability test suite for the WHO Smart Vaccination Card work using the tools listed above. > > https://w3id.org/vaccination/interop-reports > > [1]https://w3c-ccg.github.io/vaccination-vocab/ > [2]https://www.who.int/publications/m/item/interim-guidance-for-developing-a-smart-vaccination-certificate > [3]https://github.com/w3c-ccg/vc-http-api * [Vaccination Certificate Vocabulary](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0069.html) 2021-02 Tobias Looker > I'd like to propose a new work item that formally defines a vocabulary for issuing Vaccination Certificates in the form of Verifiable Credentials. ## Development * [Eight Simple Rules for Creating Decentralized Covid Credentials](https://indicio.tech/eight-simple-rules-for-creating-decentralized-covid-credentials/) 2021-12-13 Indicio > 1. The thing just has to work — This may sound like a no-brainer, but from our experience, this can be often overlooked. Want broad adoption? Your application must be fast and functional. If it causes too much friction people either won’t use it or they’ll look for ways around it. * [Building an SSI Ecosystem: Health Passes and the Design of an Ecosystem of Ecosystems](https://www.windley.com/archives/2021/06/building_an_ssi_ecosystem_health_passes_and_the_design_of_an_ecosystem_of_ecosystems.shtml) 2021-06 Phil Windley > Ever since the Covid pandemic started in 2020, various groups have seen verifiable credentials as a means for providing a secure, privacy-respecting system for health and travel data sharing. This post explores the ecosystem of ecosystems that is emerging as hundreds of organizations around the world rise to the challenge of implementing a globally interoperable system that also respects individual choice and privacy. * [Biometric Health Card  (Adrian Gropper)](https://iiw.idcommons.net/1A/_Biometric_COVID_Verifiable_Credential) 2021-05-06 IIW [doc](https://docs.google.com/document/d/1o_773vzcbtSf59oU-iRUfAy5WSz3Wn9JUAvi0hKHE48/edit) > COVID, Verifiable Credentials, Biometrics, Privacy > > Converting the COVID CDC Vaccination Card into a standardized digital credential is turning out to be harder than expected. The conversation has become prominent in the news and risks being politicized to the detriment of public health efforts around the world. * [I Want COVID-19 Certificates but I don't want a DID](https://www.youtube.com/watch?v=yqSr0xKcG18) 2020-05-12 David Chadwick > This is the talk that I gave at Kuppinger Cole's virtual event entitled "Identity Fabrics & the Future of Identity Management" on 12 May 2020 (see https://www.kuppingercole.com/events/...) > > It describes why DIDs and blockchains are not needed in order to build Self Sovereign Identity Systems. ## LFPH * [Understanding the Global COVID Certificate Landscape](https://www.lfph.io/2021/10/13/divoc/) 2021-10-13 DIVOC > The DIVOC project is hosted and maintained by [India’s eGov Foundation](https://egov.org.in/) and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOC’s verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOC’s certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications. * [Linux Foundation Public Health creates the Global COVID Certificate Network (GCCN)](https://www.prnewswire.com/news-releases/linux-foundation-public-health-creates-the-global-covid-certificate-network-gccn-301307874.html) 2021-06-08 PRNewsWire > Linux Foundation Public Health (LFPH) today announces the launch of the Global COVID Certificate Network (GCCN) to facilitate the safe and free movement of individuals globally during the COVID pandemic. GCCN will establish a global trust registry network that enables interoperable and trustworthy exchanges of COVID certificates among countries for safe reopening and provide related technology and guidance for implementation. The effort is initially supported by Affinidi, AOKPass, Blockchain Labs, Evernym, IBM, Indicio.Tech, LACChain, Lumedic, Proof Market and ThoughtWorks, who have implemented COVID certificate or pass systems for governments and industries. LFPH will work with them to define and implement GCCN. * [Introducing the Global COVID Certificate Network (GCCN)](https://www.lfph.io/2021/06/08/gccn/) 2021-06-08 LFPH > As more and more governments adopt [major COVID certificate standards](https://www.lfph.io/2021/10/12/global-covid-certificate-landscape/) to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences - [ProofMarket/Medcreds Submission to LFPH](https://docs.google.com/document/d/1hlR_2yp7EJQqYvxm8mNY-KNgwScTsClKDp6W6yw33Ic/edit?usp=sharing) 2021-03-04 > MedCreds is a reference implementation of the Governance Framework and Use-Cases that have been developed in the CCI community. > > MedCreds is built on top of INDY and ARIES and is running on the SOVRIN Main Net. This is done through Trinsic (a third-party vendor)’s APIs. Trinsic agreed to document how to do this using the API’s on ARIES and devote an engineer to give instructions for how to use the open source code to run MedCreds. > > MedCreds can be extended to support new credential schemas. - [Indicio Submission to LFPH](https://docs.google.com/document/d/1Vl9IKRg6ygHD1njc8GfnjsQglDOVglBKbuXHSuqQ7T4/edit?usp=sharing) 2021-03 > Indicio’s Cardea ecosystem easily integrates with existing applications, allowing people, businesses, healthcare systems, and governments to work together to safely reopen physical locations such as offices, restaurants, venues, schools, and travel, while complying with global health and data privacy laws. The ecosystem frees businesses, organizations, and governments from having to store and manage people’s private medical information. Instead, decentralized identity enables the individual to independently acquire and control their data and securely share or selectively disclose it at their discretion with full consent. * [LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards](https://www.lfph.io/wp-content/uploads/2021/02/LFPH-Calls-for-Coordination-of-Digital-Vaccination-Records-Using-Open-Standards.pdf) 2021-02 LFPH > The CCI community collaborated with Linux Foundation Public Health to write a letter to the Biden Administration about how Verifiable Credentials could be used to support re-opening the economy. > > "Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability." ### Good Health Pass * [Implementing the Good Health Pass’s recommendations with Cardea](https://indicio.tech/blog/implementing-the-good-health-passs-recommendations-with-cardea/) 2021-10-14 Indicio > Cardea, a full, open-source ecosystem for verifiable health credentials developed by Indicio and now a community-led project at LFPH, meets the major recommendations of the Good Health Pass and facilitates the goals of the Global COVID Certificate Network. > > Good Health Pass Blueprint and the Global Covid Credentials Initiative by LFPH presented at the [DIF Interop Working Group](https://us02web.zoom.us/rec/play/Si6s-_rvMU7FuHW6QnJVxW47CFiotXDMWutkWMgePKdSWVhTYyADaldJhvzqOl1JPP297-lvSYXCDuk2.rMFee21Ba1fU6y2R?continueMode=true&_x_zm_rtaid=dQ0WNpJPS2WF1QUlmxYwBQ.1624241159436.7617ddee4319249d32a108bb882dc0ec&_x_zm_rhtaid=623) * [Linux Foundation Public Health introduces the Global COVID Certificate Network to operationalize the Good Health Pass Interoperability Blueprint](https://humancolossus.foundation/blog/ujalo98s00b93gh7gqkuqd3lfj52xq-cn2ct) 2021-06-10 Human Colossus Foundation > Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation, co-led the Standard Data Models and Elements drafting group, one of the nine interconnected GHPC drafting groups, to spearhead group recommendations on data elements, common models for data exchange, and semantic harmonization. The recommendations of that drafting group will help to enable data interoperability without putting any undue burden on existing health systems and workflows * [Good Health Pass Collaborative Releases Draft Blueprint for Digital Health Passes in Advance of G7 Summit](https://id2020.medium.com/good-health-pass-collaborative-releases-draft-blueprint-for-digital-health-passes-in-advance-of-g7-68a48534f024) 2021-06-08 ID2020 > The Blueprint — released today in draft form for a three-week period of stakeholder consultations and public comment — is intended to stimulate discussion at the G7 Summit, which will open Friday in Carbis Bay, Cornwall, UK. > > For a high level view, check out the [terminology deck](https://docs.google.com/presentation/d/1fM-EpIdLGdKniFjHR4ZhdgFA-HBSEmpMai8ljqti4Gw/edit) or the [slide deck](https://docs.google.com/presentation/d/1AibzpUh70UDJVapC2wlICz2voBAMxZLQ_jQOxZwF57Y/edit) that was shared on webinars with the travel industry. * [Dynamic Disambiguation and Deconfliction of Complex Access Controls from Multiple Verifiable Sources](https://iiw.idcommons.net/1F/_Dynamic_Disambiguation_and_Deconfliction_of_Complex_Access_Controls_from_Multiple_Verifiable_Sources) 2021-05-06 Chris Buchanan > COVID-19, Good Health Pass Collaborative, Rules Engines, Verifiable Presentation Requests > > The transition from contemporary access controls to SSI will need a metalanguage for access control rules in order to allow verifiers and holders to trust the transaction.  Not everyone will know how to write the complex branching and contextual rules logic that make up real life access controls. * [ToIP Foundation Hosts the Interoperability Working Group for Good Health Pass](https://trustoverip.org/blog/2021/04/12/toip-foundation-hosts-the-interoperability-working-group-for-good-health-pass/) 2021-04-12 TOIP > The nine drafting groups collaborating within the new Working Group are: > 1. [Paper Based Credentials](https://wiki.trustoverip.org/display/HOME/Paper+Based+Credentials+Drafting+Group) will define how a paper-based alternative can be created for any digital health pass so access will be available to all. > 2. [Consistent User Experience](https://wiki.trustoverip.org/display/HOME/Consistent+User+Experience+Drafting+Group) will specify the common elements required so that individuals can easily, intuitively, and safely use digital health pass implementations. > 3. [Standard Data Models and Elements](https://wiki.trustoverip.org/display/HOME/Standard+Data+Models+and+Elements+Drafting+Group) will determine the core data items needed across all digital health pass implementations for both COVID-19 testing and vaccinations. > 4. [Credential Formats, Signatures, and Exchange Protocols](https://wiki.trustoverip.org/display/HOME/Credential+Formats%2C+Signatures%2C+and+Exchange+Protocols+Drafting+Group) will specify the requirements for technical interoperability of Good Health Pass implementations. > 5. [Security, Privacy, and Data Protection](https://wiki.trustoverip.org/display/HOME/Security%2C+Privacy%2C+and+Data+Protection+Drafting+Group) will define the safety requirements for Good Health Pass compliant implementations. > 6. [Trust Registries](https://wiki.trustoverip.org/display/HOME/Trust+Registries+Drafting+Group) will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer. > 7. [Rules Engines](https://wiki.trustoverip.org/display/HOME/Rules+Engines+Drafting+Group) will define how digital health pass apps can access different sources of policy information to determine what test or vaccination status is needed for a specific usage scenario. > 8. [Identity Binding](https://wiki.trustoverip.org/display/HOME/Identity+Binding+Drafting+Group) will specify the options for verifying that the holder of a digital health pass is the individual who received the test or vaccination credential. > 9. [Governance Framework](https://wiki.trustoverip.org/display/HOME/Governance+Framework+Drafting+Group) will define the overall set of policies that must be followed for an implementation to qualify as Good Health Pass compliant. ### CCI * [COVID Credentials Initiative Update/Overview](https://iiw.idcommons.net/1C/_COVID_Credentials_Initiative_Update/Overview) 2021-05-06 [presentation](https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/) Lucy Yang, Kaliya Young, John Walker > CCI is an open global community collaborating to enable the use of W3C Verifiable Credentials (VCs) and other related privacy-preserving technologies for public health purposes. > > CCI is hosted by Linux Foundation Public Health (LFPH), a project of the Linux Foundation that works with public health authorities and their key stakeholders to ensure that investments into public health technology meet common needs and have maximum impact. * [CCI: Challenges and Learning](https://iiw.idcommons.net/10C/_COVID_Credentials_Initiative:_Challenges_%26_Learning) 2021-05-06 [presentation](https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/edit?usp=sharing) > Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke > > In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued > - Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve > - Issuers asking what if we make a mistake – (re-issue) > - Holders having problems findin there vaccination VC > - Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details > - Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term. > - Unclear on how to get VC and underlying data into the hands of holders, particularly as holders don’t have the technology and skills to manage their health data. > - Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data > - WHO standard will likely be adopted in the Global South (hemisphere) > - GHP looking to paint a forward looking common picture, including interim solutions (iterate standards) > - The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult > - Paper credentials have been getting consensus on interim solutions. > - W3C and WHO are great candidates. > - Affinidi is making a universal verifier application (https://www.affinidi.com/) * [From Closed Loop Systems to Open World COVID Credentials Exchange](https://www.lfph.io/wp-content/uploads/2021/04/CCI-Summit-Summary-Report-From-Closed-to-Open.pdf) 2021-04 CCI Report > This summit, convened by CCI, was designed to beginarticulating a roadmap to get from closed loop systems to an open systemwhere it doesn’t matter if issuers, holders and verifiers are using the tool provided by the same solution provider as long as all solution providers are building on a certain common ground.The discussion focused on domestic reopening use cases using the US as the context. * [CCI Knowledge Base](https://docs.google.com/spreadsheets/d/1z0MaGrb-Py7V3ZO4AnmYMHsXNgTmLhVocyaX7ySQ5mI/edit#gid=1671625933) 2021-03-01 > As our community continues to grow and the pandemic situation keeps evoloving, this CCI Knowledge Base serves as a repository of ongoing COVID-19-related news, topics, researches and resources which are deem relevant to our community and digital identity technology. It aims to provide an up-to-date database for our CCI members to access relevant information quickly in one place whenever they need it, e.g. doing market research, developing their projects or simply keeping themseleves updated on the news. > > If you'd like to submit relevant news or articles for the database, please go to [https://bit.ly/2JfKbpf.](https://bit.ly/2JfKbpf.) - [Response to WHO Interim Guidance for Development a Smart Vaccination Certificate](https://docs.google.com/document/d/1HwWUxMY2EynkWFrlNQqh8IF7rE_5aFn74ZreYq0IAYg/edit?usp=sharing) 2021-03 - [Response to Call for Evidence: UK Parliament Covid 19 Vaccine Certification](https://docs.google.com/document/d/1y5vyLzsVUzhiFNcWHGHLVlQHnRad73q3F50a-8gr83Y/edit?usp=sharing) 2021-03 > The Government has announced a review into introducing a Covid vaccine certificate system or “vaccine passports. The Committee has launched an inquiry to consider potential ethical, legal and operational issues and the efficacy and appropriateness of a certificate system. - [Response to Ada Lovelace Institute: Vaccine passports and COVID status apps: Call for Public Evidence](https://docs.google.com/document/d/1ykUUDak47lYkUJeZvxs7FxDyy8bQ48FkF47IxMclppE/edit?usp=sharing) 2021-02-27 CCI Lucy Yang, Kaliya Young > Before responding to the questions, we want to point out that the use of the term “COVID-19 passports” is questionable as the word ‘passport’ is used for the identity and travel document issued by nation states to their citizens. Another reason to question the use of ‘passport’ is the fact that our passport data is stored or centralized by the nation state issuer. Centralized systems are notorious and can be a source of potential data breaches and abuses. ## Application * [Governor Cuomo Announces Launch of Excelsior Pass Plus to Support the Safe, Secure Return of Tourism and Business Travel](https://www.governor.ny.gov/news/governor-cuomo-announces-launch-excelsior-pass-plus-support-safe-secure-return-tourism-and) 2021-08-05 NYS Gov > Excelsior Pass Plus, a result of the strategic partnership between New York State and VCI, will provide New Yorkers safe access to retrieve a secure, digital copy of their COVID-19 vaccination record using the [SMART Health Cards Framework](https://protect2.fireeye.com/v1/url?k=c0acc09b-9f37f85c-c0ae39ae-000babd9f75c-7271080d81ab95a1&q=1&e=61cb6a92-1e48-44b8-96be-e1dd24b53960&u=https%3A//vci.org/about#smart-health) - making their interstate and international travel and commerce experiences safer, contact-less, and more seamless. > > The EU previously announced fully vaccinated Americans could travel this summer and regional EU travellers could potentially use an [EU Digital COVID Certificate](https://ec.europa.eu/info/live-work-travel-eu/coronavirus-response/safe-covid-19-vaccines-europeans/eu-digital-covid-certificate_en?ref=hackernoon.com#how-will-the-certificate-work) as early as July 1. * [Unlocking the Value of Verifiable Credentials in the Health Sector](https://www.affinidi.com/post/unlocking-the-value-of-verifiable-credentials-in-the-health-sector) 2022-07-08 Affinidi > - Digital Infrastructure for Vaccination Open Credentialing (DIVOC) - This is an open-source platform that enables countries to digitally orchestrate country-wide health campaigns such as vaccinations and certifications. > - EU Digital COVID Certificate (EU-DCC) - This specification allows EU citizens and residents to have their digital health certificates issued and verified across the EU. > - Smart Health Card (SHC) - This initiative encourages the development of open standards and technologies to connect people with their health data. Led by Microsoft, Vaccination Credential Initiative (VCI), The Commons Project, and The MITRE Corporation, SHCs are seeing wide adoption across North America. > - International Civil Aviation Organisation - Visible Digital Seal (ICAO-VDS) - This is a travel document verification to re-establish travel and trade through aviation. * [Explore Verifiable Health Records](https://developer.apple.com/videos/play/wwdc2021/10089/) 2021-06-07 Apple > Apple Announces Support for [VCI](https://vci.org/) credentials at WWDC (Almost proper [JSON-JWT](https://github.com/smart-on-fhir/health-cards/issues/119) but not quite) * [Health data must be private and secure by design, always](https://blog.digi.me/2021/06/01/health-data-must-be-private-and-secure-by-design-always/) 2021-06-01 DigiMe > But there is always time to reflect on privacy and security, and design from the ground up accordingly. At digi.me, we practice what we preach, with privacy and security always core considerations for our health data capability as well as our [Consentry health pass](https://consentry.com/) as they move forwards. * [VeriFLY Lets Users Upload Vaccine Credentials](https://findbiometrics.com/verifly-lets-users-upload-vaccine-credentials/) 2021-05-21 FindBiometrics > “We envision a world where your VeriFLY digital wallet will provide access to the places you and your family want to visit. And the ability to accept a vaccine health credential will accelerate opportunities to resume activities we’ve all dearly missed.”  – Tom Grissen, CEO, Daon * [IATA’s digital health passport paves the way to a new biometric identity for travel](https://www.futuretravelexperience.com/2021/04/iatas-digital-health-passport-paves-the-way-to-a-new-biometric-identity-for-travel/) 2021-04 Future Travel Experience > As FTE has previously reported, a number of other solutions have entered the digital health passport space in the past few months from various suppliers, including AOKpass, CommonPass, Daon’s VeriFLY, CLEAR Health Pass and IBM Digital Health Pass, just to name a few. Despite the growing competition, IATA is clear that its aim is not to dominate the market, but to make sure that standards are established to create a secure and interoperable solution. * [Digi.me creates first working UK vaccine passport capability](https://blog.digi.me/2021/03/29/digi-me-creates-first-working-uk-vaccine-passport-capability/) 2021-03-29 DigiMe > Digi.me’s health pass is built on the same principles as our existing secure data exchange platform, and can be displayed on demand on a user’s phone. It is verified fully private, secure and tamper-proof due to multiple robust security measures including encryption. > > This health pass has been designed to be fully interoperable with other international standards, such as the UN Good Health Pass Collaborative, of which [digi.me is a member](https://blog.digi.me/2021/02/25/digi-me-joins-good-health-pass-collaborative-to-help-build-a-safe-travelling-future/). * [The EU Digital Green Certificate Program: Analysis & Comparison](https://www.evernym.com/blog/eu-digital-green-certificate-program/) 2021-03-19 Evernym > The EU has announced a program called “Digital Green Certificate” intended to provide proof of COVID-19 test or vaccination status for EU citizens. The intention is to “facilitate safe and free movement during the COVID-19 pandemic within the EU”. It is voluntary and free for citizens. > > This is an analysis of the EU program and how it compares to a digital credential based approach. Important: this analysis is focused on the technical aspects of the EU program, not the medical or political aspects. * [Digi.me partners with Healthmark to enable Covid testing and verified result reporting](https://blog.digi.me/2021/02/16/digi-me-partners-with-healthmark-to-enable-covid-testing-and-verified-result-reporting/) 2021-02-16 DigiMe > Consentry healthpass capability is an end-to-end solution which enables users to take a self-administered PCR saliva test, send it in for processing, and then receive an in-app result. Crucially, Consentry also generates a certified and dated travel certificate, together with qualifying details of the test taken, which can be printed, shared securely or displayed as needed. * [We are now officially live in Myanmar!](https://zada.io/we-are-now-officially-live-in-myanmar/) 2021-01-29 Zada > ZADA apps are all launched and our first digital ID – a COVIDPASS – is being issued by Pun Hlaing Hospitals to everyone who gets vaccinated. * [British Airways to trial Verifly digital health passport](https://www.businesstraveller.com/business-travel/2021/01/29/british-airways-to-trial-verifly-digital-health-passport/) 2021-01-29 Business Traveller > The trial begins on February 4 on all of the carrier’s transatlantic routes between London and the US (currently New York JFK, Los Angeles, San Francisco, Boston, Chicago, Dallas, Miami, Washington, Houston and Seattle). > > It will be run in conjunction with joint business and Oneworld partner American Airlines, [which is already using the technology on international routes to the US.](https://www.businesstraveller.com/business-travel/2021/01/17/american-airlines-launches-verifly-health-passport-for-travel-to-the-us/) * [PocketCred Verifiable Credentials](https://www.pocketcred.com/) PocketCred > Pravici PocketCred (formerly VeriCred) is built on Blockchain technology, specifically to address credential issuance and verification, such as one for COVID-19 vaccines. We at Pravici have been working to build a digital pass that citizens can carry in their mobile device or digital card to prove that they have taken a test or vaccine. Our software application features user-friendly creation of schemas* and proof templates, as well as QR code technology for credential issuance and verificatio ### NHS - Digital Staff Passport * [NHS England Transformation Directorate - Digital staff passport](https://transform.england.nhs.uk/information-governance/guidance/digital-staff-passport/) 2022-06-22 > This guidance provides a summary of the information governance (IG) steps which need to be taken so that the Digital Staff Passport can be set up safely and efficiently within an NHS organisation. This allows authorised staff to temporarily work at another NHS organisation more quickly and safely. Digital Staff Passports are not available in social care organisations. * [Real World] [Building an SSI Ecosystem: Digital Staff Passports at the NHS](https://www.windley.com/archives/2021/05/building_an_ssi_ecosystem_digital_staff_passports_at_the_nhs.shtml) 2021-05-11 Phil Windley > How does a functioning credential ecosystem get started? This post goes deep on Manny Nijjar’s work to create a program for using digital staff passports in the sprawling UK NHS bureaucracy. * [NHS Staffpassport; Based on Evernym Verity built by Sitekit/Condatis; A 12 month experience](https://iiw.idcommons.net/22C/_NHS_Staffpassport;_Based_on_Evernym_Verity_built_by_Sitekit/Condatis;_A_12_month_experience) 2021-05-06 Chris Eckl, Richard Astley > The NHS Staff passport system was created to allow NHS employees to be redeployed between different organisations to meet urgent demand and remove the onboarding challenges when staff onboard with new organisations. * [Condatis IIW32 NHS Digital Staffpassport Learnings (slideshare.net)](https://www.slideshare.net/secret/JGSugec83U6ouP) 2021-04-23 Conditis > Presentation at IIW32 ## Caution * [Digital Vaccination Certificates -- Here Be Dragons!](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0128.html) 2021-02 Anil John > Because I believe that this is an important conversation, I figure I would put together some high level slideware that synthesizes and shares the answers I have provided directly to those who have asked.  I am not in the hearts and minds business, so consider this in the spirit of the quote from Bruce Lee - "Absorb what is useful, Discard what is not, Add what is uniquely your own." > > Happy to chat to share our mistakes, so that you don't need to repeat them, with those who have a public interest focus in this area. * [‘Vaccination Passports’: State of Play](http://www.infiniteideasmachine.com/2021/02/vaccination-passports-state-of-play/) 2021-02 Infinite Ideas Machine > ‘vaccination passports’ are unwarranted, in practice near-pointless clinically, and potentially risky in a number of ways. * [Vaccine passports prove an ethical minefield](https://www.computerweekly.com/news/252496853/Vaccine-passports-prove-an-ethical-minefield) 2021-02-24 Computer Weekly > Any [Covid-19 vaccine passport scheme](https://www.computerweekly.com/news/252494730/Covid-19-immunity-passport-tests-to-begin-in-UK) set up in the UK could easily turn out to be discriminatory and invasive, and open the door to worse abuses of privacy in future, say security experts and campaigners. * [We don’t need immunity passports, we need verifiable credentials](https://cointelegraph.com/news/we-don-t-need-immunity-passports-we-need-verifiable-credentials) 2021-01-20 Cointelegraph > Paper certificates, PDFs, wristbands and mobile apps have all been suggested — and the former director of the Centers for Disease Control, Tom Frieden, and international human rights attorney Aaron Schwid [urged](https://www.washingtonpost.com/opinions/2020/12/21/tom-frieden-covid-immunity-passports/) the adoption of digital “immunity passports” as a way to reopen the world. > > In theory, their idea is great. In practice, it’s terrible. Or, as the Daily Beast [put](https://www.thedailybeast.com/vaccine-passports-are-big-techs-latest-dystopian-nightmare) it: “Vaccine Passports Are Big Tech’s Latest Dystopian Nightmare.” * [Research] [Vaccine passports and COVID status apps](https://www.adalovelaceinstitute.org/project/vaccine-passports-covid-status-apps/) Ada Lovelace Inst. 2021-01-12 > An evidence review and expert deliberation of the practical and ethical issues around digital vaccine passports and COVID status apps ## Scams * [COVID-19 vaccination cards are dangerously easy to fake — what you need to know](https://www.tomsguide.com/news/fake-covid-vaccination-cards) 2021-03-23 > Israeli security firm Check Point reports that fake American and Russian vaccination certificates are being sold online for between $100 and $200. Fake COVID-19 negative test results cost as little as $25, while (likely fake) COVID-19 vaccine sells for about $500 per vial. * [Scammers Selling Fake #COVID19 Vaccination Cards for Just $20](https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/) [source](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0077.html) 2021-02-10 Infosecurity Magazine > The security firm DomainTools claims to have seen authentic-looking CDC cards selling for as little as $20 each on domains like covid-19vaccinationcards[.]com, which features a Let’s Encrypt TLS certificate. “Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these ‘vaccination records’ demonstrate a level of intent to pass as legitimate cards from the CDC,” explained DomainTools senior security researcher, Chad Anderson.