Opinion: More than half of the Australian population is currently in lockdown due to COVID-19 and are rolling up their sleeves and getting their second COVID-19 vaccination. As a result, they are hoping for greater freedom through their government-endorsed vaccination certificate available through the myGov portal.
And therein lies a significant problem – not with the rising vaccination rates but with the certificate that supposedly promises to be the gateway to fewer lockdowns and greater freedoms.
In its current format, Australia’s COVID-19 vaccination certificate system is alarmingly vulnerable. Far from being effective, secure and tamper-proof, it is wide open to the risks posed by fakes and forgeries.
In early August, South Australian Senator Rex Patrick was one of the first people to highlight the system’s inadequacies when he created a fake COVID-19 vaccination certificate in 15 minutes using basic technological know-how and software.
This isn’t surprising.
We are in the middle of a pandemic that nobody could have predicted. There hasn’t been much time for government to strategically plan and it is hard to battle a pandemic while also trying to innovate in the IT world. Government IT teams have come up with the best possible solution in a very short timeframe.
But innovation doesn’t happen overnight. It takes years and resources.
A band-aid fix won’t stand the test of time. Instead of rolling out a makeshift vaccine certificate system for now and then having to go back to the drawing board to change it or start again in three months’ time, governments could be working with companies that are experts in the field having done the groundwork.
There are already solutions available to support the roll-out of vaccine certificates or passports quickly and securely on digital channels across Australia and globally. The company I run, TrustGrid, has already proven that this technology is secure, accurate, and user-friendly. It supports Service NSW’s digital licensing system and could easily be adapted for digital COVID-19 certification purposes.
There are two fundamental aspects to be considered. First, how is the certificate created? We need to go back to basics and embed the individual’s identity in the process. This must involve binding, at the time of vaccination, the individual’s digital footprint in the certification process.
Second, to ensure, once the certificate is created, it is given to the individual, in a QR code in their own digital realm, encrypted by their own biometric data. This way the owner controls data access, tracking and use, sharing all or part of the information with whom they like – another government agency, border authorities, boarding a plane or even getting into a pub.
With these elements in place, faking a COVID vaccination certificate becomes almost impossible.
These requirements can all be delivered by a digital trust ecosystem already in place and relied upon by state government and the private sector.
Data is encrypted in a distributed ledger system, like that used in blockchain technology. Information is synchronised across multiple servers and cannot be hacked or viewed as it passes through the network.
Once a person is vaccinated, the government would issue that person with their unique QR code that would be recorded on the Australian Immunisation Register. The QR code allows for the binding of a photograph of a person with their name, date of birth and vaccination status and that information is cryptographically protected. It is safe and secure.
A digital footprint can be created for anyone born today. And whenever they get a vaccination, it would become part of their digital journey. COVID would be just one of those vaccinations.
As Australia’s COVID vaccination rate edges towards the 70 per cent and 80 per cent targets set by national cabinet on the advice of the Doherty Institute, people will rightly expect greater freedom. They will expect to be able to move around their communities, to socialise and celebrate together, to return to workplaces and to travel nationally and internationally.
A rigorous, secure and cohesive digital COVID vaccination certificate system is a vital piece of the puzzle in allowing Australians to live safely and freely with COVID. We must get that system right the first time and we have to do it quickly.
Santosh Devaraj is CEO and founder of TrustGrid. The business focuses on building trusted identity networks and uses identity verification technology.
Do you know more? Contact James Riley via Email.