Australia’s international vaccine certificates welcomed by digital security experts


Denham Sadler
Senior Reporter

Cryptography and security experts have welcomed the federal government’s new international digital Covid-19 vaccine certificate, saying it should be used across the country instead of other, less privacy protecting offerings.

A swathe of government ministers announced on Monday morning the introduction of the international COVID-19 proof of vaccination digital certificate, which will allow Australians to leave the country and travel overseas.

The federal government has not adopted the European Union’s standard for this service, but the Australian offering is compatible with the International Air Transport Association Travel Pass and meets the new global standard specified by the International Civil Aviation Organisation and World Health Organisation guidance.

Employment minister Stuart Robert with the new International COVID-19 Vaccination Certificate. Image: LinkedIn

The digital certificate, which will be available from Tuesday, features a QR code linked to an individual’s Australian Immunisation Register (AIR) COVID-19 vaccination status that can be shown to border officials in various countries around the world.

It also features “Visible Digital Seal” technology to prevent forgeries, employment minister Stuart Robert said.

“Our Visible Digital Seal technology is world-leading,” Mr Robert said.

“We worked with the International Civil Aviation Organisation to set the global standard and we will work to share our tech with the world. Today is a big step towards safely reopening our international border and supporting our economic recovery.”

There are now several ways for Australians to provide proof of their COVID-19 vaccination status, with varying levels of security and privacy.

Through the Medicare app and AIR, individuals can add a vaccine certificate to their phone’s digital wallet, and in Victoria and New South Wales digital certificates have also been incorporated into the states’ QR code check-in apps.

While the security of some of the other offerings has been slammed by a number of experts, the international vaccine certificate has been broadly supported as being secure and privacy-preserving.

Cryptography expert and Thinking Cybersecurity CEO Vanessa Teague said the new certificates are “great”, and should eventually be used domestically too.

“The only reason we couldn’t use it directly domestically is that it contains your passport number, which isn’t ideal for showing around every time you get a coffee,” Dr Teague told InnovationAus.

“I’d imagine it would be only a very small change to make a version with a blank in that field, or a string of zeros.

“If that were rolled out to everyone in Australia we’d have a privacy-respecting standard digitally signed by an Australian authority, instantly recognisable across states, very hard to forge and verifiable offline without the need for the sort of privacy-invading lookup that some states are relying on for verification.

“It seems to me that the added effort of making that for everyone, given that they’ve gone to the trouble of implementing the passport-containing version for travellers, is almost zero.”

A number of other software developers also backed the new international certificate in terms of privacy.

Both the Victorian check-in app certificate and the federal PDF version have been criticised for being too easy to forge.

In the Service Victoria app, the vaccine certificates feature digital “holograms” to prevent forgeries, but have been slammed for being “woefully insecure” by a number of cryptography experts.

The federal vaccine certificate which can be added to a smartphone’s digital wallet has also been criticised for being too easy to replicate.

There has been a growing push for a national approach to vaccination certificates based on the model adopted by the European Union.

Do you know more? Contact James Riley via Email.

Leave a Comment