‘Vaccination Passports’: State of Play

Having shared some thoughts in private discussion, it was suggested that posting a summary might be useful. So here it is (lightly edited):

[…reflecting on the discussion thus far] it seems we agree that ‘vaccination passports’ are unwarranted, in practice near-pointless clinically, and potentially risky in a number of ways.

It is (also) the case that:

  1. It is entirely possible to create a vaccination certificate or (more or less verified or verifiable) credential, and that:
    1. The data required for this credential is created at a ‘vaccination event’ or events;
    2. Some of that data is currently (sometimes) provided to the individual by being handwritten on a piece of card;
    3. Wherever else it may be held, the data about those vaccination events is ultimately recorded and retained in people’s GP records – as is some other ‘COVID status’ data. (Noting that, at this point, having recovered from a bad bout of COVID would appear to be roughly equivalent to having received your first jab of some of the vaccines…)
    4. The GP record is therefore a prime target for expanded ‘data-sharing’ and/or copying, which by itself engages medConfidential’s core concerns.
  1. Such credentials can be linked to a person by various means, i.e. ID verification of some form (e.g. facial biometric, existing number/ID or document, ‘VeinID’!, etc.), thus becoming a vaccination/’immunity’/COVID test result passport:
    1. It is the linkage of the credential to the means of identification/verification that is most problematic, especially when this is done on/via a smartphone or chip (as in a bank card or biometric passport) that will inevitably encourage ‘secondary uses’ / feature creep;
    2. Pieces of paper, like the Yellow Card or current NHS ‘appointment reminder’ cards, offer far fewer risks; [Frankly, while I’d still take issue with, e.g. discrimination around COVID status generally, a sensibly-designed paper ‘tech’ would likely fall below my threshold of concern re. privacy / DP]
    3. There is a vocal lobby from political actors such as (the) Tony Blair (Institute), and the biometric and digital ID industries, etc. who have been proponents of ID for years. COVID-19 is just another excuse…
    4. ‘Centralised vs decentralised’ ID arguments are basically irrelevant – as is ‘privacy-preserving’ PR, given it’s a GDPR requirement (which many now seem to appreciate) – when, in use, vaccine passports will boil down to a person having to show another person a thing in order to be allowed to do something. Anyone proposing a giant centralised database, or anything equivalent, should simply be shot down in flames. And anyone (as many are) focusing purely on the credential or the tech is missing the point.
  1. It will be possible, and is indeed likely, that in some situations people are going to be (i) asked to present a credential, and (ii) required to present a credential – almost certainly for international travel, possibly for some domestic activities, e.g. going to work, attending social venues like cinemas and pubs, so:
    1. What would the legal basis for both of these be, both during and after the pandemic? (And won’t Governments declare the pandemic over once ‘everyone’ has been vaccinated?);
    2. The UK Government has funded and otherwise supported the development of multiple commercial COVID passport initiatives – see, e.g. my Twitter thread (above) for an ever-expanding list – and at some point is going to have to at least give the official ‘nod’ to some of them, if not actually provide them with a legal basis (or indemnity) under the Coronavirus legislation, or other legislation or regulations;
    3. The most obvious place to deal with non-sanctioned use is via legal challenge (tedious, but do-able), and this will likely involve some media work too;
    4. If the Government does decide to legislate or regulate, it has an 80 seat majority and (in Parliamentary terms) HM Opposition is currently about as useful as a chocolate teapot.

What seems most likely is that the UK will join one of the international travel schemes, likely one or both of the WHO’sSmart Vaccination Certificate” and the IATA’sTravel Pass” in which, unsurprisingly, the ICAO is involved. It may or may not cut individual country deals, like the recent Israel-Greece or Israel-Cyprus ones. [See also our supplementary response to Ada Lovelace Institute’s review:]

It seems unlikely that the current round of domestic ‘pilots’ in various geographical areas and sectors will not be expanded at some point, and – especially if the Government isn’t forced to legislate – these would represent a pretty messy, widely distributed target for a bunch of legal actions once they went ‘live’. Maybe it would be worth preparing and circulating some sort of ‘expert briefing’ for, e.g. human rights and employment law firms, chambers and unions, so they are at least forewarned and know who’d be worth talking to if/when this all kicks off?

In terms of timing, it would be politically unwise to announce or officially approve the use of vaccine passports until after everyone has at least been “offered” a vaccine. There are already ‘disincentives’ (real or otherwise) for some to get vaccinated, and it would be fantastically dangerous – as well as immoral, and highly challengeable – to play into those at this point. As bad as some are, not all Ministers are stupid, and most do have some sense of self-preservation – although that’s not to say Boris won’t do it, of course!

In terms of other practical steps – noting Ada Lovelace Institute’s current review, chaired by Jonathan Montgomery – and along with creating an expert briefing for lawyers and unions, it’s clearly worth some coordination across/within civil society. I’ve already seen various petitions (I believe this is the latest petition on this topic to hit the threshold for debate) and I’m sure there’ll be calls for consumer boycotts, etc. as well as other randomness on social media and elsewhere. It is unclear to me how such activity will have any meaningful effect.

Whether this does need more of a response than is going on at present, I don’t know. I assume folks are all talking to bunches of other people and between organisations, and I equally appreciate how busy we all are. But if this issue does blow up, it strikes me as being the sort of threat for which we’ve previously mounted a ‘Scrambling for Safety’ event which – even convened on Zoom – would take a bit of organising. (These issues are international, so we should bear that in mind too.)

If there is any interest in / appetite for any of these practical steps – e.g. an expert briefing, (pre)legal action, media work, a Scrambling for Safety – then I’d be happy to lend a hand as I can. We shall of course continue to develop and put forward arguments in public as we have throughout the course of the pandemic on medConfidential’s website, my personal blog, through official channels (Westminster, Whitehall & NHS), and in the media.

This entry was posted in COVID19, database state, discrimination, Human Rights, identity, medical confidentiality, medical records, privacy. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.