The federal government knocked back a pitch from an Adelaide company to protect digital COVID-19 vaccination certificates from fraud last year, after a senator revealed this week that the certificate could be forged within weeks.
Australians who have received two doses of a COVID-19 vaccine can now access a digital certificate to prove this through the myGov platform. This can then be printed off or stored on a smartphone through the wallet functions on Apple and Google phones.
The certificates are not currently used to access any services, but may in the future be used to attend sporting events or travel internationally, for example.
Soon after accessing his vaccination certificate following receiving two doses of the AstraZeneca vaccine, independent Senator Rex Patrick had made a forged version of it in 15 minutes.
Currently, Australia’s digital vaccine does not have any technology, such as a QR code, to prevent an individual from simply using editing software to change the personal details on the certificate.
“Within 15 minutes of receiving that certificate it was able to be forged very easily with basic computer tools and programs. Right now, the certificates aren’t in use, but they will be and we need to be prepared,” Senator Patrick told InnovationAus.
“Yet the government hasn’t done the necessary work. It’s another embarrassing failure, all the more so after the COVIDSafe app shambles. There are very easy technical solutions to this problem, the government just has to have the will to do it early and do it right.”
South Australian tech company TraxPrint offers document and identity protection, including through QR codes. It has been contracted by governments in the UK, Netherlands and Aruba to protect their own digital certifications but, despite approaching the federal government last year about the issue, has had no luck in providing the protection in Australia.
TraxPrint co-founder and chief technology officer Robert Ablinger said the company first approached the Australian government last year to validate and verify COVID-19 testing certificates, and has more recently pitched its software to shore up the vaccination certifications, but has only received generic rejection letters.
“We started pitching this to them at the start of the pandemic. We offered services for nothing to the government literally to help them get along with what they needed for testing certificates,” Mr Ablinger told InnovationAus.
“What we look at is how documents are being fraudulently created or modified, and one of the easiest ones we’ve found is the certificate for vaccination in Australia. It literally takes about a minute to change the name on a document, which is wrong. And that’s not with anything special, it’s just with a normal photoshop app you can change anything on it. It’s scary how easy it is. To just leave it without any protection whatsoever is fraught with danger.”
TraxPrint’s solution would insert a QR code to the certification which prevents it from being modified. It also offers a service where a certificate can be checked to see if any pixels have been modified before it is validated.
The Nine newspapers reported on Wednesday that the government is now planning to introduce QR codes to the digital vaccine certification, using technology promoted by the International Civil Aviation Organisation, the Visible Digital Seal.
Mr Ablinger said this technology would not protect the digital and printed certificates as effectively as TraxPrint’s does. “Especially how we can detect if one pixel has changed on a PDF document. That is a very powerful ability,” he said.
It’s unclear whether the government has selected a provider to integrate this technology or if any further protections against fraud will be in place.
Senator Patrick said the government should be enlisting a local company such as TraxPrint to do this work.
“There is no reason the government needs to go overseas to find a solution for this. We have companies right here in Australia that are ready and willing to do the work,” Senator Patrick said.
Mr Ablinger said it’s disappointing that the federal government isn’t considering solutions from homegrown companies.
“All they seem to want to do is support overseas companies. They get consultants like Deloitte and big companies to talk and investigate things but they never do anything,” he said.
“The government just doesn’t seem to think that a small startup company in Australia can actually compete with the big boys. But we could do it in an extremely short period of time. We’re API-driven, we can literally set up and go. We’ve got clients integrated into it within a couple of days.
“It’s not pie in the sky, we don’t have to create something out of the blue. This is a proven technology that is currently working, and we have sold in countries overseas. We’re an accepted technology.”
Do you know more? Contact James Riley via Email.