We need to get Australia’s digital vaccine certificates right first time

Santosh Devaraj

Opinion: More than half of the Australian population is currently in lockdown due to COVID-19 and are rolling up their sleeves and getting their second COVID-19 vaccination. As a result, they are hoping for greater freedom through their government-endorsed vaccination certificate available through the myGov portal.

And therein lies a significant problem – not with the rising vaccination rates but with the certificate that supposedly promises to be the gateway to fewer lockdowns and greater freedoms.

Australia’s current COVID certificate on a smartphone.

In its current format, Australia’s COVID-19 vaccination certificate system is alarmingly vulnerable. Far from being effective, secure and tamper-proof, it is wide open to the risks posed by fakes and forgeries.

In early August, South Australian Senator Rex Patrick was one of the first people to highlight the system’s inadequacies when he created a fake COVID-19 vaccination certificate in 15 minutes using basic technological know-how and software.

This isn’t surprising.

We are in the middle of a pandemic that nobody could have predicted. There hasn’t been much time for government to strategically plan and it is hard to battle a pandemic while also trying to innovate in the IT world. Government IT teams have come up with the best possible solution in a very short timeframe.

But innovation doesn’t happen overnight. It takes years and resources.

A band-aid fix won’t stand the test of time. Instead of rolling out a makeshift vaccine certificate system for now and then having to go back to the drawing board to change it or start again in three months’ time, governments could be working with companies that are experts in the field having done the groundwork.

There are already solutions available to support the roll-out of vaccine certificates or passports quickly and securely on digital channels across Australia and globally. The company I run, TrustGrid, has already proven that this technology is secure, accurate, and user-friendly. It supports Service NSW’s digital licensing system and could easily be adapted for digital COVID-19 certification purposes.

There are two fundamental aspects to be considered. First, how is the certificate created? We need to go back to basics and embed the individual’s identity in the process. This must involve binding, at the time of vaccination, the individual’s digital footprint in the certification process.

Second, to ensure, once the certificate is created, it is given to the individual, in a QR code in their own digital realm, encrypted by their own biometric data. This way the owner controls data access, tracking and use, sharing all or part of the information with whom they like – another government agency, border authorities, boarding a plane or even getting into a pub.

With these elements in place, faking a COVID vaccination certificate becomes almost impossible.

These requirements can all be delivered by a digital trust ecosystem already in place and relied upon by state government and the private sector.

Data is encrypted in a distributed ledger system, like that used in blockchain technology. Information is synchronised across multiple servers and cannot be hacked or viewed as it passes through the network.

Once a person is vaccinated, the government would issue that person with their unique QR code that would be recorded on the Australian Immunisation Register. The QR code allows for the binding of a photograph of a person with their name, date of birth and vaccination status and that information is cryptographically protected. It is safe and secure.

A digital footprint can be created for anyone born today. And whenever they get a vaccination, it would become part of their digital journey. COVID would be just one of those vaccinations.

As Australia’s COVID vaccination rate edges towards the 70 per cent and 80 per cent targets set by national cabinet on the advice of the Doherty Institute, people will rightly expect greater freedom. They will expect to be able to move around their communities, to socialise and celebrate together, to return to workplaces and to travel nationally and internationally.

A rigorous, secure and cohesive digital COVID vaccination certificate system is a vital piece of the puzzle in allowing Australians to live safely and freely with COVID. We must get that system right the first time and we have to do it quickly.

Santosh Devaraj is CEO and founder of TrustGrid. The business focuses on building trusted identity networks and uses identity verification technology.

Do you know more? Contact James Riley via Email.

  1. CoolGunS 3 years ago

    The facts are simple. Covid is here to stay. You can choose to be vaccinated and potentially safe your own life, or you can choose not to for whatever reasons you think are more important than that. More important than you own life??? Is your being above everyone else that is doing the right thing going to be worth that?

    If you choose to go unvaccinated and bend the law by getting face certificates then that is your choice. The police may never catch you. The government may never know. But one thing WILL catch you. DELTA. When those borders come down and those restrictions are lifted and you sit there smurking in the knowledge you GOT AWAY with it, DELTA will find you. It is inevitable. Eventually you will fall to its FULL force, all for what? A simple needle jab?

    When you are lying in your hospital bed drowning in your own lung fluids you can revel in your life decision. Just don’t make that same possible fatal decision for your children.

  2. Stephen S 3 years ago

    In reality, Santosh, there’s no urgency to get our Digital Certificate right, because there will always be work-arounds, for the Australian elite. The peasants will just have to wait.

  3. Digital Koolaid 3 years ago

    “We” must get that system right the first time and “we” have to do it quickly. Who we white man ?? “We” know that injection doesn’t give immunity. It might mean there are no symptoms. Hello Super Spreader event. How could “we” know? “We” had no symptoms and “we’d” doubled down on potion. Plus the guy at the door said “we” were good to go, let us in. By the way Santosh, “We” aren’t in the middle (“we” might be at the beginning and “we” don’t know?) of a pandemic that nobody could have predicted – except anyone could have predicted it and many did. As “we” damage nature then pandemics will become freguent. Even I knew that. And “we” all know that anything involving APS bureaucrats is never “safe and secure”. You should too …

Leave a Comment

Related stories