Digital “passport” solutions rely on storing your data in a corporate silo. This is the centralized data model that we’ve been stuck with due to the absence of a reliable way to verify identity online. Someone else gives us an identity — an email account, a shopping account — and requires us to give them proof of who we are, where we live and so on.
Quote
Over time, these third parties — Amazon, Facebook, Google, etc. — have tracked our behavior to better design products and services. Sometimes, they sell that data so others can do the same. We consented but not in a meaningful way. Repeatedly, our data was taken; increasingly, it became clear that even when legally held, it was being used in ways that were exploitative and invasive.
At the same time, all but the most elaborate physical documents can be forged. In many areas of the world, paper cards, PDFs and printed emails are being accepted as valid proof of COVID-19 testing. Similar methods are being considered for vaccination proof, requiring just the recipient’s name, the type of vaccination, date, location and provider. How is this likely to turn out? Recently, a group was arrested for selling fake COVID-19 test results at Paris’ Charles de Gaulle Airport. Unless physical proofs of vaccination have the tamper proof qualities of actual passports, they will be forged.
There’s also a third problem: An “immunity passport” is a misnomer. It does not ensure immunity because our understanding of COVID immunity is incomplete. Scientists have found that having contracted and recovered from the disease in the past is not a guarantee of future immunity. For this reason, the World Health Organization has actively discouraged the use of “COVID passports.” Similarly, not all tests for COVID-19 are created or treated equally, leading some institutions to only recognize tests from pre-determined providers and locations. Governments have different mandates for when travelers are tested. A passport needs to be a living document that adapts to science and policy.
At the same time, all but the most elaborate physical documents can be forged. In many areas of the world, paper cards, PDFs and printed emails are being accepted as valid proof of COVID-19 testing. Similar methods are being considered for vaccination proof, requiring just the recipient’s name, the type of vaccination, date, location and provider. How is this likely to turn out? Recently, a group was arrested for selling fake COVID-19 test results at Paris’ Charles de Gaulle Airport. Unless physical proofs of vaccination have the tamper proof qualities of actual passports, they will be forged.
There’s also a third problem: An “immunity passport” is a misnomer. It does not ensure immunity because our understanding of COVID immunity is incomplete. Scientists have found that having contracted and recovered from the disease in the past is not a guarantee of future immunity. For this reason, the World Health Organization has actively discouraged the use of “COVID passports.” Similarly, not all tests for COVID-19 are created or treated equally, leading some institutions to only recognize tests from pre-determined providers and locations. Governments have different mandates for when travelers are tested. A passport needs to be a living document that adapts to science and policy.
Verifiable credentials will be the best solution because it does not affect privacy.
Quote
Verifiable credentials mitigate all these problems. A verifiable credential can be issued by a health provider to prove that you have been tested or vaccinated. The form of that credential is written to a distributed ledger — but not the content. So, if you are asked for proof of a COVID-19 test, the proof is the form of that credential and the specific cryptographic keys that show it has been issued to you. The content — all your personal data, including the outcome of the test — is held by you and you alone. You get to decide if you share that information or not. The form it is bundled in — the credential — is the only thing that needs to be verified as coming from an authentic source.
Decentralized identity means that people have control over their own private information instead of being required to relinquish it to some corporate database. Additionally, because the form of the credential and proof of issuance are written to a distributed ledger, verifiable credentials are tamper-proof and cannot be forged. They can also be simply and quickly reissued to adapt to new medical information and government mandates.
Decentralized identity means that people have control over their own private information instead of being required to relinquish it to some corporate database. Additionally, because the form of the credential and proof of issuance are written to a distributed ledger, verifiable credentials are tamper-proof and cannot be forged. They can also be simply and quickly reissued to adapt to new medical information and government mandates.
The idea of global vaccination and health data being stored in centralized systems has more than privacy experts freaking out.
https://cointelegraph.com/news/we-don-t-need-immunity-passports-we-need-verifiable-credentials