Off the back of increased investigation into what the Vaccine Passport system could look like, Our Head of Issuing Authorities, Grame Barty, shares why better integration between Government Issuers and Technology Businesses is crucial to a vaccine passport that works.
The core principles associated with any record, transaction, credential that is generated by an issuing authority and shared to an individual usually revolve around trust, security, and privacy.
Trust resides in the issuing authority itself. Is this record what it says it is and can I be sure that it comes only from this source?
If it is being sent to me digitally can I be sure that only the information that pertains to me is provided and that only I can securely see that information?
Services Australia has managed to achieve this so far through the Australian Immunisation Record(AIR) and linking this to an individuals MyGov My Health Record where it currently can be downloaded in PDF format and also as a Google and Apple digital wallet Immunisation Certificate.
The concern is with the on-sharing of the Immunisation Certificate from the individual to interested third parties; that is the point where the risk for fraud or misrepresentation is most likely to occur.
But any solution is not about limiting access to third parties because some fraudulent activity may exist (because it always will) but to ensure that a protocol is employed by Services Australia such that an individual is empowered to both autonomously and anonymously control and deliver their vaccination status and information in the way they want and for whatever purpose they require – be it work, recreation, study or travel.
If our government and community intent is to rapidly open up our economies and learn to live with Covid then we need a community and industry wide technology solution that will enable that.
From a CredShare perspective, we believe this means retaining the Government Australian Immunisation Record(AIR)as the immutable, trusted source of Vaccination status.
But rapid community response will require third party access to a ‘proof of vaccination’ and this could come in many forms and the Government should not try to decide which one is better or worse.
For example the State government solution appears to be a simple linking with check-in applications – digital identities are already proven and all that is required is a simple ‘Yes/No’ check with the AIR and QANTAS is choosing an IATA Common Pass solution. But for workplace entry, many employers will have their own risk mitigation solution requirements.
Providing any link to the AIR is highly secure, and any request for Vaccination Status can be linked to a digital identity, why would this capability be limited to myGov and State Government providers only.
Its time to think differently if we want open our economy and our borders as soon as possible.
Grame Barty is one of Australia’s leading experts in the global commercialization of technology innovation.
Over a ten year period he founded a company – HarvestRoad Ltd – that developed one of the world’s first cloud-based learning object repositories for the education and Defence training sectors.
He then joined Austrade where he was appointed firstly to run Austrades pan American operations based in Los Angeles and then as Executive Director International Group based in Sydney headquarters.