After a solid year of on-again/off-again global lockdowns, most of the world is itching to get back to “business as usual”. This likely explains why putative credential verifiers—organizations ranging from airlines and entertainment venues to academic institutions—are eagerly awaiting the rollout of vaccine credentials.
The idea behind these vaccine credential certificates is fairly straightforward—in essence, they’re supposed to provide people with proof that they’ve been vaccinated. Dig beneath the surface, however, and a swarm of complexities unfolds. In our first article in this series, which considers these issues through a cybersecurity lens, we briefly outlined some of these challenges, such as the complexities associated with ethics and trust, governance, data sharing, and data protection. In this second installment, we dive deeper into the ethical and trust-related concerns that credential verifiers will need to consider in reviewing both local and out-of-country vaccine credentials.
In considering issues related to trust, a definition may be useful. Deloitte views trust as an intricate balance between competence and intent—and an organization fully thrives only when both are present. Competence refers to an organization’s ability to execute and deliver on its promises. Intent is the driver that underlies those actions and promises. Typically, organizations with good intent act transparently and for reasons beyond mere financial gain.
In exploring these topics, we’d like to stress that this is a huge and multifaceted issue, and this article considers only one small piece of a much larger mosaic. To fill out this story, we will continue to delve into numerous related topics in the weeks and months to come.
While reliance on vaccine credentials isn’t new—travelers and school children have long had to provide proof of immunization to relevant authorities—this is one of the first times in history that these credentials may be used for purposes that are not strictly medical. In essence, people may be required to share their health data simply to gain access to public places (such as sporting events or movie theaters) or to goods and services. Not surprisingly, this raises a host of ethical concerns.
Let’s start with the very structure of these credentials. Currently, several governments, associations, industry groups, and technology companies are focused on rolling out digital health credentials, which can be securely stored on a mobile device in either an app or digital wallet. In addition to enhancing information security, digital health credentials should increase trust among verifiers that the individual holding the credential is who they say they are.
Except, what happens for people who don’t have smart phones? To ensure these credentials are inclusive, accessible, and equitable, both digital and paper-based credentials will need to co-exist. Unless carefully designed, paper-based credentials increase the risk of fraud.
A second ethical challenge revolves around the privacy implications inherent in sharing personal health data with countless government agencies and private sector businesses. While people may be prepared to allow verifiers to scan some kind of barcode or a QR code that confirms their credentials are legitimate, they’re less likely to be comfortable sharing actual health data.
That’s especially true given that no universal standards currently exist to govern how that information will be collected, stored, or used. And it’s doubly true given that no clear rules exist to determine who can become a verifier, which credentials verifiers may review, what additional information verifiers may choose to collect, how to protect anonymized data from becoming re-identifiable, and how to communicate this information with the general public.
Yet another ethical pitfall arises when you consider the implications of presenting these health credentials across multiple jurisdictions. Without an interoperable digital solution or standardized cross-border regulations, travelers will have little assurance that their private information is being adequately protected on an international basis—particularly in countries that lack robust controls. To enhance trust, verifiers planning to review multijurisdictional health credentials will need to consider how to develop a trust framework and implement tamper-proof systems that support interoperability.
And none of this takes into account the underlying ethical implications of requesting a “vaccine certificate” in the first place. What happens for the people who choose not to be vaccinated or who don’t have access to vaccines? To avoid discrimination, verifiers will likely need the capability to review different types of health credentials—from vaccine certificates, to proof of immunization (e.g., antibody tests), to negative COVID PCR (polymerase chain reaction) test results.
Digital health credentials should increase trust among verifiers that the individual holding the credential is who they say they are.
While cybersecurity technologies, processes, and physical controls cannot resolve all these issues, they can go a long way towards alleviating some of the more critical ethical and trust-related concerns. Some of the controls that must be considered include:
Another factor to consider is that credential verifiers themselves are not responsible for issuing these health certificates. Without interoperable standards or a central issuing authority, this vastly complicates the verification task. This is one reason why technologies such as blockchain are now being explored as potential solutions. In addition to providing immutable proof of vaccination (or immunity), digital ledgers such as blockchain would allow verifiers to ascertain that any credentials presented are authentic, up-to-date, and issued by a verified authority.
Bolstering cybersecurity capabilities in these ways can go a long way towards building greater trust in the verification process—while simultaneously supporting system transparency as a whole.
Admittedly, this is all easier said than done, especially considering that digital health certificates will need to be verified in multiple jurisdictions as travel begins to open back up. Given the differential legislative frameworks that prevail internationally, this will be no easy feat in practicality.
In the US, for instance, health information privacy rules such as the Health Insurance Portability and Accountability Act (HIPAA) tend to be fairly prescriptive around the controls that must govern personal health information (PHI). Similarly, the EU’s General Data Protection Regulation (GDPR) sets out prescriptive elements and features strong enforcement. Canada, for its part, seems to have varying standards of consent-based private sector legislation and non-consent-based public sector legislation. And Australia’s opt-out approach to PHI use for secondary purposes (such as research) makes it unclear how health data should be shared and managed. Developing a health certificate system that complies with each of these divergent rules can seem downright impossible.
To bridge these gaps, numerous initiatives are now underway to create frameworks for interoperability. These include the Good Health Pass Collaborative, the Vaccination Credential Initiative, the World Economic Forum’s Common Trust Network, the Trust over IP Foundation, and IATA’s Travel Pass Initiative, just to name a few. Specific countries and regions are also coming together to develop digital health ID standards, such as the EU’s Digital Green Certificate; the “green passport” deal signed between Israel and Greece; national initiatives in countries ranging from Denmark, Germany, the UK, and Sweden to China and Japan; and New York State’s Excelsior Pass designed to enable local businesses to safely reopen.
It’s eminently clear that we can only embed trust into the health credential system if its rollout is firmly rooted in ethical imperatives.
While it can be easy to get sidetracked by the countless programs that must be initiated to make digital health credentials work, these policies must ultimately revolve around the privacy rights of global citizens. Once again, technology solutions are outpacing policy considerations, raising ethical issues around people’s fundamental rights and freedoms.
As credential verifiers attempt to tiptoe through the quagmire, there are several questions they should ask up front. For instance:
At this stage of the game, there are more questions than answers. Yet, despite the complexities, it’s eminently clear that we can only embed trust into the health credential system if its rollout is firmly rooted in ethical imperatives.
Risk Advisory Partner –Deloitte Canada