A Look at Vaccine Passports

What is it? And how should we see it from the cybersecurity perspective

5 min readMar 26, 2021

Since the beginning of COVID-19, most of us are learning how to adapt to the new normal, we are also learning new things and terms. Recently, a new term has been widely used, which is “Vaccine Passport”.

As COVID-19 vaccines are rolling out across the world, governments around the world began to mull the idea of vaccine passport and they are even considering to make it mandatory.

Furthermore, not only governments who are suggesting this idea, but also airline companies started considering the requirement of vaccine passport for traveling. Emirates has partnered with the International Air Transport Association (IATA) to trial a vaccine passport called Travel Pass which will allow its passengers to have a digital passport [2].

But what is vaccine passport? Why? How does it work? How cybersecurity experts are seeing it from their perspective? Will we need a vaccine passport to be able to travel abroad?

In this story, we will be going through this questions and learn more about the vaccine passport, we will also explore the difference between it and vaccine certification.

What is Vaccine Passport and Why?

The main priority is to get people travelling again safely.
— IATA —

A vaccine pass/passport is not an actual passport, but it is a documentation that shows proof of vaccination. It can also provide other details such as tests, health declarations, virus infection and recovery information. In order to prevent the spread of the virus when traveling internationally, health authorities need to know the details about your COVID-19 history to satisfy country entry requirements.

A vaccination passport can be digital in a form of a mobile application. The aim of digitalizing is to make it easy for anyone to use anywhere and anytime. IATA has been working to launch a digital vaccine passport called TravelPass solution to re-open borders for travelers without quarantine.

In addition to Emirates, other airlines operators such as Singapore Airlines, Qatar Airways, Etihad are are also trailing IATA Travel Pass

IBM and The Commons Project are other organizations that are designing a digital pass. IBM’s pass called Digital Health Pass is not only for travelling and transportation, but also for sports and entertainment events and employers.

The Commons Project is collaborating with the World Economic Forum to create and launch the CommonPass framework for people to document their COVID-19 status.

How Does it Work?

Since the passport will be an application, then the answer to this question should depends on the software. For instance, IBM solution is based on Blockchain technology. Individual can manage their information through their smartphone, they can control what they share, with whom and for what purpose [3]

For IATA, the Travel Pass has four interoperable modules[4] including:

Global registry of health requirements: enables passengers to find accurate information on travel, testing and eventually vaccine requirements for their journey[4].

2. Global registry of testing / vaccination centers: enables passengers to find testing centers and labs at their departure location which meet the standards for testing and vaccination requirements of their destination[4].

3. Lab App: enables authorized labs and test centers to securely share test and vaccination certificates with passengers[4].

4. Contactless Travel App: enables passengers to (1) create a ‘digital passport’, (2) receive test and vaccination certificates and verify that they are sufficient for their itinerary, and (3) share testing or vaccination certificates with airlines and authorities to facilitate travel. This app can also be used by travelers to manage travel documentation digitally and seamlessly throughout their journey, improving travel experience[4].

If you need to know the development specifications for using digital technologies, World Health Organization (WHO) has launched a Smart Vaccination Certificate Working Group[5]. The guidance issued by this group will include a required minimum data set, standards for interoperability and recommended governance, digital functionality and systems architecture, to align with the scientific, legal, and ethical considerations outlined in this position paper[5].

Furthermore, The Commons Project digital passport called CommonPass will also allow users to access their information such as test and vaccination records. CommonPass delivers a simple yes/no answer whether the individual/user meets the current requirements for entry, the application would generate a QR code that could be shown to authorities. This platform can be accessed directly through other apps and services[6].

CommonPass is not publicly available yet. If you are interested and would like to learn more about it, you can use this link to request a notification when it is publicly available.

Before COVID-19

The idea of providing governments or health authorities a proof of vaccination existed before COVID-19. In order to be able to enter some countries, vaccination against other infectious diseases such as Malaria was/is required for entry. The proof of this vaccination is what is called “Yellow Card” (a.k.a Carte Jaune), which is an official vaccination record that is recognized internationally created by WHO.

The major difference between the current proposed vaccine passport and the Yellow card is the digital component. However, a paper-based certificate can be easily forged and/or lost while a digital format can make the process faster and smoother. However, in this life, everything comes at a cost, especially in the cyberage we are living in and digital platforms have just become a double-edged sword. What are the tech/cyber challenges that could be arising when these digital passports are deployed for use.

Digital Vaccine Passport and Cybersecurity

“Privacy — like eating and breathing — is one of life’s basic requirements”.
— Katherine Neville —

The goal of the organizations who are working on digital vaccine passport is not only making life easier for users but also to protect their privacy. As we mentioned, IBM is building its digital pass on Blockchain technology which enables users to manage information through an encrypted wallet on their smartphones.

But can you imagine if these applications and systems are hacked? What disaster would happen? This question should shed light on the importance of cybersecurity.

Cybersecurity experts are drawing attention to security-related concerns and threats that we can be facing. They are describing these systems as “Gold Mine of Information” that can be potentially exploited and compromised.

According to Checkpoint, its researchers have reported an “increasing amount” of advertisements for vaccines on Darknet markets where fake vaccine passport certificates are on sale for 250$.

Conclusion

“Those working on vaccine passes are aware that developing a system that works globally will be a challenge”.
— Drummond Reed —

The vaccine passport would be a hot topic which will lead experts to debate about whether the countries should require it for entry or not and as well as for cybersecurity concerns and challenges and other concerns. We must be aware and ensure that the proper security solutions and privacy protections are put into place.