There are Android and iOS apps for QR reading, although they don't point to the production certificate chains so can't be used to verify "real" EU certs.
Wondering why they haven't licensed it under GPL3.0 so at least other countries would have to also open source their apps if they reused the code. Also if some company reused the code to implement some malicious verifier that do tracking it would be easier to find out.
You want to err on the side of letting proprietary closed-source code bases (think "electronic health record" systems) adopt the reference implementation, even if they don't give back.
Otherwise the proprietary folks will come up with a competing implementation that meets their non-technical (licensing) requirements.
I don‘t seem to get the point of this comment, but the reason for this is that the EU Commission has assigned this project to Deutsche Telekom and SAP, two German companies (as is explained in the README).
Corona Warn App is the most successful implementation of a Covid tracing app in Europe.
Italy's Immuni was good as well, but unfortunately politics and demented policies basically mangled one of the best pieces of Public Administration software my country had ever produced.
In this regard, I can't be anything but satisfied that the Germans are taking the lead on a EU-wide policy.
Also, I got vaccinated here in Berlin and since a week I already have a perfectly usable digital pass that I validated at the chemist's counter.
For one, to be honest, let's give all the kudos to those who deserve them.
Side note: we're so generous that I hear of Americans here in Berlin who are getting the pass too by showing their American vaccination documents and a proof of residence in Germany.
Meaning: the system is solid, but surprisingly flexible.
> So you want to translate this into how much infections it _prevented_ and then compare it against the cost of a COVID-19 infection for society.
By that logic, we should start selling hand sanitizer for 100 euros, and soap for 50 euros, right?
Obviously the idea that something should not be evaluated by how efficiently was produced but solely by how much it was needed is a recipe for absolute disaster and cost bloat. Seat belts will go for 10,000 euros in that world.
How do decide what is cheap bs expensive for early detection? Sure it “sounds” expensive but it would be cheaper if there were more detections, which you don’t really want.
A government that can balance what to do internally and can carefully choose their contractors, all the while pushing towards openness, is a dream come true.
Sadly not the rule at the moment in Switzerland. Lots of mistakes have been made but there is a strong push towards this kind of work. E-Voting and E-Id was a disaster and we hope it gets pushed into this kind of openness and focus on privacy for all future government software.
E-voting was a poorly implemented transparency process to check a not totally terrible (and also, not correct) implementation of a pretty good design. Lessons were learned on the transparency side, and they are on HackerOne now, doing things approximately right. Security is hard and they will probably fail again, but they are failing according to industry standards now, at least. (I was a reviewer of the original system.)
e-ID was rejected by the voters as a gift of a service that should have been in government control to private industry for them to make profit on it. There was nothing technically terrible about the design for outsourcing eIDs to private industry, it was just a concept the voters found unacceptable. (I voted no along with a majority of my fellow citizens.)
It didn't really help that one of the prime candidate company to issue the eId couldn't get even basics, like cert management, straight.
I'm quite thankful for Die Republik (slightly leftist daily internet "paper", which is ad free and subscription only) because I think they were quite instrumental in uncovering some of the shenanigans being pulled by those companies.
One thing about e-voting that is often missing in the discussion. No matter how you do it, the most important goal of any voting system is surprisingly not to get a result — the most important goal is to get a result everybody can agree on.
This is the fundamental flaw of any e-voting system. Even if you manage to get it secure, how do you transparently proof this to everyone, including those who can't grok cryptography. What about those who don't care and just want to call the election stolen?
It is hard enough to convince them with paper ballots, but these are at least physical and they cannot come out of nowhere.
In my experience government either choses cheapest contractor (will all sort of consequences you can imagine) or bribes are involved (which might lead to a better outcome, surprisingly, but at much higher expenses). I wonder how Switzerland manages to avoid that plague.
I think that I once heard that in Switzerland the second cheapest bidder is the one to get the contract, exactly to discourage someone aggressively underbidding all others. I could not verify that now though.
How does the scanner app verify the signature? Does it always have to be online, or does it have a set of trusted public keys included?
How are the codes generated to begin with? Is there some central database that hands them out, or can any clinic generate one (having access to a copy of the private key?)
Infrastructure for code generation and signing is probably country-specific, though I imagine most countries will establish centralized systems dealing with this and integrate with other systems that track vaccination or test records on various levels (some countries delegate vaccination efforts to their states, others handle it nationally, etc.)
It is cryptographically signed, so creating your own QR code that would be accepted by the apps would be difficult without the signing key.
Even ignoring that though: including both the ID and detail allows it to work both ways. In official situations (e.g. at a country border) you might be able to validate against a server, but the local nightclub probably doesn't have access to a validation server.
Yes. This is officially acknowledged (at least in the german CovPass app) and is a feature. You are able to "manage" multiple passes in said app. This is intended for accessibility (elderly partners with a shared smartphone, legal guardians for people with disabilities).
And yes, in theory at least the name should be crosschecked with a form of ID. It's just a digital copy of a legal document, you could easily borrow or copy the paper version from someone else as well.
You are right with regards to the technical side, but there is an important detail to note. Those certificates only can be used for travelling between eu states. Any other use is currently banned and would need to ammend the EU regulation.
So the local nightclub cann't(legally) check these certificates.
Are you sure? Isn't https://greencheck.gv.at/ a tool for private nightclubs, event managers, hospitality and so on to check the "grüner Pass" QR-Code certificate of their guests in Austria for accordance with their 3G rules (Genesen (recovered), Geimpft (vacinated), Getested (tested))? Am I missing something there?
In slovenia, clubs/restaurants/etc. are not allowed to check any vaccination/test/recovered data (you still need to be one of those, they can ask if you are, but are not allowed to verify).
Only health inspectors can do so, and they do random checks. Honestly, I don't know how this will end, because people are really fed up with this situation and all the lies from the government, and a club full of drunk people vs a few inspectors won't end well.
I'm from Slovenia as well and get asked to show my ID and vaccination slip regularly.
If I understand correctly, one of the pandemic laws requires them to verify, but the Information Commissioner's Office has countered that with one of their classic "well yes, but actually no" opinions saying that they're not actually allowed to demand that kind of information. What "demand" means here, of course, doesn't seem to be defined well, so I'm guessing they're still allowed to refuse service if you don't show them some proof.
Or maybe all of that has changed in the 20h since I was last at a bar - the speed at which the current government is making seemingly entirely random changes to the covid rules is genuinely impressive.
That's interesting, but I guess it needs some legal support at the Austrian level, because the regulation doesn't prescribe those uses for the certificate.
I don't think that is true, at least not universally in all EU countries. And here in Germany they're allowed to check the old paper vaccination pass, so there is no reason to think they're not allowed to check the digital version.
As far I have been told by the national authorities of my country, that's the case. I haven't read the whole regulation but this paragraph I think it addresses it:
This Regulation establishes the legal ground for the processing of personal data within the meaning of point (c) of Article 6(1) and point (g) of Article 9(2) of Regulation (EU) 2016/679, necessary for the issuance and verification of the interoperable certificates provided for in this Regulation. It does not regulate the processing of personal data related to the documentation of a vaccination, a test or a recovery event for other purposes, such as for the purposes of pharmacovigilance or for the maintenance of individual personal health records
Member States may process personal data for other purposes, if the legal basis for the processing of such data for other purposes, including the related retention periods, is provided for in national law, which must comply with Union data protection law and the principles of effectiveness, necessity and proportionality, and should contain provisions clearly identifying the scope and extent of the processing, the specific purpose involved, the categories of entity that can verify the certificate as well as the relevant safeguards to prevent discrimination and abuse, taking into account the risks to the rights and freedoms of data subjects
So, if my interpretation is right, a national law backing those "secondary" uses must be in place.
Danish teens just took screenshot of their QR code and shared it with friend. It only valid for an hour, the your friend needs to send you a new one, but it was enough to get in to the gym and stuff like that.
Some even sold screenshots on Facebook.
Now the app have all sorts of cool colour effects when you tilt your phone.
This one [1] doesn't specifically mention facebook.
You can run the text through a translator yourself, but the main quote: "Henover weekenden har vi allerede set de første eksempler på danskere, der sælger QR-koder i lukkede grupper på sociale medier" roughly translates to: "During the weekend we have experienced the first examples of people selling QR codes in closed groups on social media".
Edit:
This article [2] is about 6 teens being charged with forgery of the pass.
What I don't quite get is that the certificate is linked to me personally.
Notably, it contains my full name, including middle name, and date of birth.
It notably states that it's only valid together with an identification document.
It's possible, of course, that gyms and nightclubs don't check very thoroughly, but I certainly wouldn't risk passing a border with a fake certificate.
> I certainly wouldn't risk passing a border with a fake certificate
[..] especially given that you can also cross a border with a negative antigen test, which is pretty easy to come by. I must have done getting on for 50 of them so far this year.
Yes, it's fairly obvious that none of this works if you don't verify that the identity matches the ID (the yellow paper pass won't either!), but you can nevertheless expect that plenty places won't do that. Or even just see "app shows the right color and a QR code", there was an embarrassing amount of media coverage of the fact that if you set the system time in the future the German app will show the "right" color even if someone hasn't waited long enough after their vaccination... which of course has zero effect on if validation succeeds or not.
The only thing you should verify is photo. Because you can't really verify an ID either (other than checking a photo). So QR code should just encode a photo URL (and sign it) and QR scanner should display that photo.
Currently the image is retrieved via a very powerful distributed database with embedded authentication, consisting of millions of wallets and handbags. The authentication key is the name and date of birth, and is printed on both the pass and the medium that stores the image.
May be it's possible to encode some kind of low-res compressed image in QR-code? I did not run the math. Or may be it's even possible to scan photo from smartphone display, run some kind of image hash and compare it to hash inside QR-code. This way it would be possible to work completely offline. I think it's called perceptual hashing, though I'm not sure if it's cryptographically secure.
The issue is not about compression (well, it could be).
It is is about the authority that delivers the QR code: if it doesn't have the data (photo) it can't produce the QR code.
For example, I have been vaccinated in April, long before the green pass appeared. No one took my picture at that time (and that's not the task of doctors to take pictures and store them in central database, for privacy reasons). I still deserves a QR-code to go out of home.
In France we have ID cards which can link a photo to the name and birth date. So encoding name and birth date in the QR-code are enough.
That's so strange, and almost suggests that the people implementing these apps don't understand the security model behind these codes.
Any information on the users phone can 100% not be trusted. It should just show the QR code. On the other hand the scanning App has to validate the signature, check if the dates are correct and display a big info that the QR is only valid if the name is the same as the one on a presented ID.
Maybe this should have been a design requirement from the EU spec.
> the people implementing these apps don't understand the security model behind these codes
I'm not entirely sure that the people implementing the policies understand the 'herd immunity' model, nor the by now fairly comprehensive statistical data on who is and isn't at significant risk from Covid19.[0]
Q: If a healthy 18 year-old chooses to attempt to go to a nightclub unvaccinated, who exactly is put at risk from this?
Public health bodies will struggle to convince healthy young people to take a vaccine that gives them very little direct benefit.
"Children's risk of severe disease from Covid is tiny, deaths are extremely rare and have only occurred in UK children with profound underlying and life-limiting conditions. The direct benefits to them of vaccination would be low."[0]
> Q: If a healthy 18 year-old chooses to attempt to go to a nightclub unvaccinated, who exactly is put at risk from this?
That person, plus every person they come in contact with.
Oh, you can compute the total "risk" of course. Assuming the person is contaminated and you put their personal "risk" treshold at an arbitrary 2% (which I just pulled out of thin air: chance of getting unacceptable side-effects: p(side_effect|contaminated)). You then have to sum that up for every person they come in contact with.
The real contribution might be even greater than that, as the contaminated will go on carry the virus to other people.
In theory if the number of people is large enough, you should be able to replace the values with average ones, but it's likely that 18 yo will spend more time with 18 yo than 70 yo.
To sum it up, herd immunity only works if enough people are immune (vaccinated). Everyone should feel responsible for it, even 18 years-olds (unless you take a very individualist view of life, which seems like a dominant feeling in the US: it works a lot like the prisoner's dilemna). Anyway, I'm just proud of performing my civic duty, I won't be a carrier for that virus.
That’s not how vaccine effectiveness works. There’s already a probability less than one of getting Covid if unvaccinated, and the effectiveness of the vaccine is the reduction from that.
So if over the course of their study period, 100 unvaccinated people got covid out of a thousand tracked, with a 98% effectiveness, only 2 people in the 1000 people vaccinated group would have gotten it.
So vaccines are really effective. Even more so for preventing serious complications.
There are a considerable number of people out there - some of whom are young and healthy and at vanishingly small personal risk from Covid19 - who if you mention the phrase "unacceptable side-effects" their first thought would be of side effects from vaccination, not the virus.
The boss at my daughter's kindergarten had Covid19 last summer. She had to quarantine for two weeks, then came back to work. She told me (unprompted) that sitting out the quarantine was way worse than the virus.
Telling these people they are stupid or anti-social - or simply downvoting them :) - may not be the most effective strategy to make them change their mind.
I don't give my name and date of birth to walk into a store or restaurant so why should this QR code force you to? Presumably all you want to know about this person is whether or not they are a toxic, contagious, diseased biohazard to you; everything else is none of your business.
If someone is showing someone else's proof of vaccination while they are not vaccinated, they actually might be a threat.
The QR code by itself is not proof of anything until you have verified that it actually belongs to the person showing it. That's where the ID comes in.
Just out of curiosity, what is the minimum net improvement in public safety you think justifies asking every person to show their identity information every time they walk into a shop or restaurant?
After all the progress made so far with traditional disease mitigation, what would happen if you simply don't choose to force everyone to show their IDs everywhere they go? If you're saying vaccines and lockdowns weren't enough, what is the target you're chasing exactly? Is it really worth it?
I am not sure what you want to get at but if someone wants to be treated like being vaccinated, they should have to proof that they actually are. Anything else incentivizes behaviour that undermines the efforts to get a grip on the pandemic (i.e. it would let the unvaccinated flaunt the rules by just claiming that they no longer pose a threat to others and the pandemic would happily rage on).
We do not implement these measures here (Germany) at the moment. Anyone can visit stores or e.g. retirement homes without having to show a negative test result or proof of vaccination. Before easing the measures, people with proof of vaccination were treated like having a negative result in general, i.e. they could do all the things that others also could but without the hassle of having to be tested.
This is what I don't understand either... vaccines work, health systems in most eu countries are pretty empty of covid patients now, anyone who wants a vaccine can get one... but we're still requiring people from countries with 99positive/100k to show vaccination proof to enter a country with 98positive/100k.
We have the vacciness, anyone can get one for free, just open up, and let the antivaxxers risk it if they want.
I think that the point is to raise social pressure to get people to get vaccinated.
If you are vaccinated, you just show your pass and go into the bar.
If you aren't you have to produce a test. A recent test. So frequent renew. Or you might just not be allowed to get in.
In the US context I would say this is a privacy violation. It's another avenue of obtaining identifying information about you, to abuse with no restrictions.
But one of the main benefits of the GDPR is making it illegal for businesses to keep surveillance records on you. This way you don't have to worry about keeping basic information like your name secret in the first place.
The US really needs something like the GDPR to restore some societal trust. As it stands, I'm planning on wearing a mask into stores etc for as long as I can get away with it.
> In the US context I would say this is a privacy violation.
Yeah, but that's the US. Which is well known for being pretty wacky on these things.
> It's another avenue of obtaining identifying information about you, to abuse with no restrictions.
How? You hold up your vaccine pass to the bouncer, and your photo ID, so he can see that the vaccine pass is actually yours: He compares the face in the ID to yours, and the name on the pass to that on the ID. Then he turns away from you and says "Next, please". In two minutes he has forgotten your name, and in thirty he remembers your face to the extent that he can say "Yeah, I think I let that one in tonight."
Does he photograph your pass and ID, or type them into some computer system? Hardly. So what's to "abuse"?
> This way you don't have to worry about keeping basic information like your name secret in the first place.
In any sane society, your name isn't supposed to be a secret.
Dang, Americans are a funny people. Paranoid about all the wrong things.
> I certainly wouldn't risk passing a border with a fake certificate.
Border guards are even less interested in the validity of your covid certificates than nightclub bouncers. They have very limited amounts of time they can spend on processing people without the whole system collapsing
You will not enter any Schengen country without the border guard checking if you have an entry in the Schengen Information System.[1]
A reply is available within seconds after the border agent scans your ID document (passport or identification card).
Travelling between Schengen countries doesn't require an id or a passport, but currently countries have restrictions on entry most of them either insisting on you being vaccinated or to present a current Covid test.
I'm travelling to Paris by train on Friday. which has the following requirements for entry:
From 9 June, fully vaccinated people from EU or
Schengen Associated Countries will not be subject to
testing or isolation requirements.
Accepted vaccines:
Pfizer/BioNTech
Moderna
AstraZeneca
Johnson & Johnson (Janssen)
further
All travellers (from 9 June: all non-vaccinated
travellers) are subject to the requirement for a pre-
departure negative COVID-19 test taken within 72 hours
prior to arrival.
Now sure, chances are small that I'm even checked in the train. But if I am then it would be pretty dumb to present fake documentation. Don't you think so?
What I don't understand is, why do countries require all that for people from countries which have pretty much the same number of infected as they do (per capita)? If chances of a local spreading the disease is the same as for the tourist, because both countries have eg. 95positive/100k people, why bother?
Recently, the argument has been that they don't want variants to cross borders. They eventually will, but it's one more reason to say that "covid outside" != "the covid we have at home".
But neither of the conditions in the EU pass says you don't have covid now. Vaccinations are not 100% (numbers go down to 70%, and a lot of infections for vaccinated people are asymptomatic, so even worse, because you don't stay at home, and noone tests you), PCR tests don't guarantee you didnt catch it between the test and "now", and having covid 5.5 months ago, does not guarantee you don't have it now.
But they increase the likelihood by a lot. There can't be a perfect system (apart from no one crosses the border, which is not feasible for other reasons), so this is a pretty good compromise.
That's crazy. Governments always return the freedoms the take once emergencies are over. I'd find a citation but I am almost to the front of the line and need to remove my shoes.
Unless you drive by car and say you are in 'transit'. Nobody in Schengen will/can stop you (or even check). With the exception of the border police having reasonable doubt you are a border commuter/worker.
I’ve been regularly crossing schengen borders using fake documents since this whole nonsense started. Most of these papers are impossible to authenticate. Sure, these QR-codes will have cryptographic signatures, so we’ll just switch to foreign certificates instead.
Why would it be dumb to use fake documents when it’s literally impossible to get caught?
I can safely discuss this on the internet too, it’s not like anyone took photocopies of the documents I showed them.
FWIW I’m not some antivaxxer nutjob, I’m happy to wear masks and self isolate when I’m sick. I’m just going to fight the surveillance state in any way I can.
> You will not enter any Schengen country without the border guard checking if you have an entry in the Schengen Information System.[1]
This is actually not correct. Many EU citizens do not have SIS entries but are still able to travel. This is likely to change in the future though.
> I’ve been regularly crossing schengen borders using fake documents since this whole nonsense started
Why would you do that? Unless you're pulling some dodgy shit there is really no reason for this and frankly, I don't believe you.
> Many EU citizens do not have SIS entries but are still able to travel.
Huh? Of course you don't have an entry in the SIS if there's no reason to be entered. SIS is not a directory about every resident in the Schengen area, let alone the whole world. If you do have an entry, however (dpending on its contents) you can be damn sure that you're in for an extended interview with border authorities.
> Why would you do that? Unless you're pulling some dodgy shit there is really no reason for this and frankly, I don't believe you.
Because I like to travel regardless of government restrictions? Is that “dodgy shit”?
I just brought a friend who is a Russian citizen to France with documents showing that she had a car booked to transfer her to Switzerland for surgery.
Right now anyone entering the UK from certain countries needs documents to show that they’re in “transit” to avoid quarantines.
> Huh? Of course you don't have an entry in the SIS if there's no reason to be entered
> currently countries have restrictions on entry most of them either insisting on you being vaccinated or to present a current Covid test
Anecotal data point #1:
I've entered Italy three times [by road] in the last six months, each time with a sheaf of paperwork to hand demonstrating my need to travel, negative test, EU27 residency, the full nine yards.
During none of the three visits did I even see a border guard / police / Carabinieri / $whoever at or close to the border, never mind get stopped, never mind have my documents checked.
There is policy, and there is reality. Maybe the gap between them in Italy is marginally larger than in some other places?
It does not, well it does, but you have to click to unhide it. There isn’t a Danish ID withou a SSN on it, and that’s secret. There where some resistance to allow resturant and other venues like that see your name and SSN.
So no, due to privacy, there no nane show by default.
1. No personal information at all. It only says valid or not valid.
2. Name and date of birth
3. Foreign travel, with name, date of birth as well as information about test type or vaccination type etc.
A two way handshake/challenge would be the ideal way to solve that.
ie. the patient would scan a qr code (containing a nonce) on the checkpoint, and include that number in the token which was then shown to the checkpoint.
Digital signature would prevent that (assuming scanner does a good job at verifying one). "Looking at the hexdump" section of TFA, last 64 bytes (cyan-coloured).
On top of that, online verification (e.g. by certificate ID) might be possible, too.
It is. This is signed by the relevant health authority in each country as far as I understand. And the official apps for reading them can verify the signature offline.
The only criticism I can think of, is the QR code is too "fat". It would have scanning difficulties in low-light conditions, especially QR readers with cheap cameras with low ISO tolerance. The Base45 encoded bytes should be cut at least by half to make fast scanning possible.
It's about as thin as it can be, given the requirements for offline validation, and the environment it's designed for (airports / other national borders etc).
Nobody wants every verification resulting in a ping back to some central server doing who knows what.
Low-light might not be an issue for people who will show the code on a mobile device. At least in Poland the code is available through the government id iphone/a droid app. Some people may print it, but most will probably just use the app.
Not long ago this kind of technology and anyone working on it would have been given a pretty rough ride on this forum, no matter how well designed. Now it's those raising concerns who are being hounded out with down-voting. How times have changed.
It was tested pretty extensively (and was already in use in public transport) -- including tests in muddy fields @ festivals with bad wifi and bad light.
So now, bar/restaurant owners can reliably track their customers: age/name, how often they come in each branch. Large franchise would also be able to track where and how often their customers travel and what they eat. I think this is real privacy issue. If you what to store the data, please anonymize it first, at least when it leaks it would be a lesser privacy disaster.
In the EU, using this data to track customers would be illegal. That doesn't mean it can't happen, of course, but it should deter particularly large franchises from abusing this data.
In the US, bars often ask for photo ID to verify that customers are old enough to be served alcohol. That doesn't seem to lead to widespread customer tracking.
> bars often ask for photo ID to verify that customers are old enough to be served alcohol.
1. This is a subset of all customers so it is not as useful as all customers
2. I’ve never seen a bartender or waitress scan my photo ID or record the data on the ID; without that it isn’t highly unlikely the data is being stored.
There are some bars in Sacramento, CA that not only scan your ID, but scan your face, and use facial recognition to match you with previous scans, ostensibly to make sure you aren’t sharing an ID with someone underage.
time to avoid those bars. extreme oversight to ensure a 20-year-old doesn't drink. but hey at least the same 20-year-old can drive a car, vote for our public officials, and join the armed forces.
Ever go to a cannabis shop in California? Your driver's license is scanned. I don't know about the facial recognition part, but it wouldn't surprise me.
Isn't it funny how shit like that is only reported from the USA? Here in the EU, the bartender looks with his eyes at the photo ID the teenage girl is holding up[1] and then pours her a drink.
But Yanks screech about European surveillance states, and denounce the evil EU and its "sheeple" citizens... Much better over there, of course, where it's just corporations and not the eevul gubmint that's doing it.
There's a gas station store that does this in Portland OR. They have a facial recognition camera at the door that scans each person to enter the store after sundown.
Probably because it seems like personal experience. I can say most of the bars I go to check everyone’s ID, regardless of age. And there are a couple near me that scan IDs in to some system (allegedly so they can ban unruly customers.)
> In the US, bars often ask for photo ID to verify that customers are old enough to be served alcohol
If I saw the person pull out a notebook and write my information down I would physically take my ID back and walk away. I'm pretty sure most people would be put off by this action.
I mean now we're getting into human psychology. You're right that people don't care as much but I'd argue that they don't really understand what is happening and how that data is used.
I'd wager that the vast majority of people think the machine only checks if the ID is valid and doesn't do anything else.
1. Regulation (EU) 2016/679 shall apply to the processing of personal data carried out when implementing this Regulation.
2. For the purpose of this Regulation, the personal data contained in the certificates issued pursuant to this Regulation shall be processed only for the purpose of accessing and verifying the information included in the certificate in order to facilitate the exercise of the right of free movement within the Union during the COVID-19 pandemic. After the end of period of the application of this Regulation, no further processing shall occur.
3. The personal data included in the certificates referred to in Article 3(1) shall be processed by the competent authorities of the Member State of destination or transit, or by the cross-border passenger transport services operators required by national law to implement certain public health measures during the COVID-19 pandemic, only to verify and confirm the holder’s vaccination, test result or recovery. To that end, the personal data shall be limited to what is strictly necessary. The personal data accessed pursuant to this paragraph shall not be retained.
Thanks, it makes the limits of the processing much clearer and should stop some start-up to develop a custom QR code scanner/app that would generate some customers analytics.
Oh they're trying - I'm pretty well known person in the community, and the amount of "start-ups" and seedy "one man CEO" types there is.. overwhelming.
The system is actually comprised of two apps, CovPass and CovCheck.
Both are in the repo.
The check app validates the pass in-app, and, as far as I can tell, doesn’t phone home or report any data. IE there is no logging of the scanned persons data
Apps can also be configured to prohibit (or at least make it harder make) screenshots/screen-recordings. It can of course be circumvented, but still. It's illegal.
I would consider it as safe as showing my ID to a bartender/bouncer. Safer, even, as they don't get as much data.
If you want to store the data, don't, because it's a textbook example of illegal. And hopefully people will be paying close attention to what offered apps do.
But the chance of getting caught is next-to-zero, enfocement is very spotty when it comes to GDPR and I wouldn't be suprised if you could easilly sell that data to an off-shore company
Even if you care about this, it's only used during the current Covid restriction phase. In 1-2 years at the most* any investment in such a tracking scheme will be obsolete.
An almost uncharacteristic case of reason and foresight. We are currently worried with Covid-19, but considering all the variants already present, lets just hope that there isn't a Covid-22. In any case, as soon as there are dedicated vaccinations against the variants, it is very likely that there is need for more fine-grained tracking. That is probably also the reason they include the vaccines used in the data set.
And even if we don't have the need to check for our vaccination state when going to restaurants soon enough, it would be good if those certificates could be used to track any other vaccination you get. Just as the replacement or digital alternative for the usual yellow vaccination booklet. It would make checking your vaccination status for your doctor much easier than trying to decipher what a colleague has scribbled many years ago.
GDPR Breach, plain and simple. No franchise would risk storing and leaking what amounts to medical records (since that is the source) in front of a GDPR Watchdog. Pretty sure you'd get the hammer if you did that.
Either way, the official apps that let you check the record do not allow tracking, only verification. The simple solution is that if you don't see them using the official app, simply leave.
The EU standard was developed for the purposes of avoiding additional quarantine or testing during cross-border travel, not going to pubs within one’s own country. For domestic use of proof of COVID vaccination, some countries developed their own internal standards alongside the EU standard.
That's beyond the point of GDPR, even if they collect the data illegally the value would be to reach the person (to give them promotional content, advertising, custom experience, what ever...)
Basically even if they collected the data they wouldn't be able to use it. If they just collected your name to personalize your experience they'd be literally in deep shit if someone asked: "where did you get this information from?" - which to you may sound a weird question, but since 2018, at least in my country, more and more people ask this question.
When in doubt, report. They'd need to show to authorities that the person gave explicit consent to store that data and to be used for personalized experiences.
It's about consent. If the user didn't give consent you have no use for the data, and you'll be storing toxic material to get you fined.
An app faking the official look would open you up to so many liabilities and the GDPR watchdogs will probably just drool at the thought of anyone trying to defend that in a court after getting hammered by record fines.
And what has been stopping malicious companies from doing this before? To enter bars in most European countries you are already required to show identification prior to entering.
From a US perspective: 1) ID is usually not required but rather checked when is not clear and 2) it’s usually a visual check not a scan of the ID (though I know some bars do do this) so nothing is electronically captured.
It does contain a bit more information than required, such as the specifics of the vaccine. But I think the personal information such as name is required. The code needs to be tied to some form of ID otherwise a single code could be copied and used by everyone. So the name and date of birth are likely used so that it can be compared to your drivers license or passport to ensure that the QR code actually belongs to you.
DCC (Digital Covid Certificate it's called, not Digital Green Pass) is essentially a spec for a QR code (as demonstrated nicely in this post) + an EU signing gateway which is used for signing the certificates. The EU acts similar to a CA in case of SSL certificates.
They could also produce a fake vaccination booklet, or fake Covid test result. I'd guess both of these would be easier. All will result in forgery charges if caught. I think the chosen approach is pretty solid for the purpose.
>It does contain a bit more information than required, such as the specifics of the vaccine.
between eu member states, the acceptance of e.g. sputnik-v (the russian corona vaccine) varies. having the name (or id) of the vaccine in the code allows countries who don't recognize a given vaccine to validate codes issued by other eu nations, who are more open to such a vaccine. (what a horriblly worded sentence, i hope you get what i'm trying to say)
Yes what is "required" is controversial. What I meant to say is that they could have chosen to go for a yes/no type of verdict but instead they chose to let the reader decide if they consider the protection acceptable. Both decisions have pros and cons.
Additionally, the situation is constantly changing. A vaccine effective today might be considered insufficient tomorrow, e.g. due to mutations, new studies etc.
> It does contain a bit more information than required, such as the specifics of the vaccine
That seems reasonable; it's totally plausible that a future variant defeats a vaccine, and at that point you would want to be able to detect people who'd been given that one.
No server is involved in scanning/verifying the QR codes, the only privacy violation would possibly be the people scanning the code taking the name/DoB for themselves but that would be a GDPR violation and I'd guess no legitimate business would try that.
I'd be showing my ID/vax record to those restaurants either way so it just seems like a technicality in the end. If you don't like it, don't use it, like all covid apps in the EU.
In Austria you could use https://qr.gv.at to check the qr codes without installing an app. I don't think that it does any further verification than parsing the data.
Almost all of it. The only thing it needs to contain is name, whether you are "immune" (vaccinated or natural antibodies), and a signature to verify it hasn't been tampered. When you were born, which vaccine you received, and when you received it are not necessary to show that you won't be spreading the disease.
Some EU countries have restrictions that get lifted after the first shot (e.g. entry to Austria), some after the 2nd shot, some 14 days after the 2nd. So the number of doses, the date of the most recent one and which vaccine (not all countries accept Sputnik).
How does "Name: John Doe. Vaccinated (or 'Immune'): Yes" tell anyone that you, who are flaunting this pass, are the John Doe who is vaccinated? Names suck as identifiers.
Although apps are open source there is a lot of potential that all those information can be missued mainly for tracking:
1) Some other countries or commercial venues using their own version of VERIFIER app (based on open source) that pings some server online
2) Some other countries using their own version of ID app (based on open source) that pings some server online while QRCODE is rendered/generated
I'm just wondering why they havent designed it in different way (only when applying for use in commercial venues):
For application inside nightclubs, concerts etc. :
1) QRCode doesn't have any private data such as firstname / family name / date of birth etc (so that it's impossible to create profile ID)
2) While downloading your qrcode for the first time after installing the app (onboarding), it ask your for e.g scanning your National ID and/or holding your phone in front of mirror to verify your face (similar like other banking app do). After verification only then generates offline qr code for you
3) While onboarding it is mandatory that app is protected with your FaceId or TouchId
4) Such app can be installed only on one device (similar like in Whatsapp once trying onboarding on new device the previous app code is invalid) - any qrcode would be valid only for 48h
5) Bouncer still scan qrcode to check offline if is properly signed by authority + communicated with the app P2P via NFC/Bluetooth/Proximity to verify this is neither
screenshot nor some unauthorized app.
ad 5) Verifier maybe would have to ping some server to check that App is legit but wouldn't know who is checkin in
With CoronaCheck (https://coronacheck.nl) we have implemented one of the most privacy preserving EU Green Systems for use within our country.
We use IDEMIX, a form of Verifiable Credentials. The nice feature of IDEMIX is that - unlike W3C VC - it also has the property of being able to create unlinkable credentials.
Guess what? That's the reason that we've used them :)
Only gave it a fast look at technical designs and it seems it is still not tracking proof since QR code has:
"The person's initials and birth month/day."
This should be enough to create a pretty much unique profile ID especially for countries like Netherlands with small population.
I wish the standard would have adopted your proof of concept! I don't think you will get a lot of support here though, privacy skepticism regarding COVID seems to be met with downvote brigades.
It's not a PoC, CoronaCheck is the app that will be used in The Netherlands for generating QR codes. The domestic QR code will be much more friendly with respect to privacy as explained by radicalbytes. The reason that it's not been adopted by the EU is because member states want to set their own rules for entry. For example, some countries consider previous infection + 1 dose as fully vaccinated, others do not. Some countries approve non-EMA approved vaccines, most do not. That's why it's necessary to include more details. I think you have to remember that everything is a trade-off, if you want a more privacy-friendly solution, there will be a cost at some point.
> 2) While downloading your qrcode for the first time after installing the app (onboarding), it ask your for e.g scanning your National ID and/or holding your phone in front of mirror to verify your face (similar like other banking app do)
This is already way over the line. I can understand banking apps do it but for a vacvination certificate? No way. The QR code implementation is fine. It would also be fine if it would be printed on paper or in a PDF and valid for a year.
I agree this is more hassle but the QR code implementation is only fine if you trust that some EU governments or companies won't try to abuse the system in the future. I'm not saying that this will happen but why not design the system so that it is not possible?
If verifier app will at some point start pinging some server having a QRCode in PDF or printed on paper won't save you from someone tracking all places you are going to. Imagine how useful it can be for tracking some politicians, activists or journalists and correlating that check-in information who they might be meeting with.
I think you can totally print the current QR code on a piece of paper and show that to someone. It's not more or less safe than having it in an App.
The QR code is essentially like a Covid-only digital vaccination pass; it doesn't provide any more or less information.
The only valid point in pzo's original comment is that a scanner app from a bad actor could collect the personal information within the code. So we need to be able to trust that the person scanning the QR code is using a legitimate app.
I'm not worried that much about personal information (that someone will know that someone has been vacinated). I'm more worried that this personal information can allow tracking (politicians, activists, journalists, etc.) in an automated way in the same way cookies, etc. tracks us today while browsing.
Regarding your proposed scheme, what's to stop me taking a screenshot from the app and sharing it with all my friends? If the QR code contains no personal info then how does the person scanning it know who the code was generated for?
The QR code has the first letters of your fist and last name, as well as date of birth (without the year).
Let's say your name is Gerrit de Winter, born May 3 1973. The QR code would then contain: G W 5/3
Nothing is stopping you from sharing the code with your friends as long as they share these limited credentials, but those chances are very small. It's easier to get a valid QR code than finding a credential twin.
You would have to share your phone which you are probably less likely. Scanner doesn't need to know who the code was generated for only if this is a legit authorized app - it's easy to check if this is a real app with some challenge-response instead of one way-communication
> 2) While downloading your qrcode for the first time after installing the app (onboarding), it ask your for e.g scanning your National ID and/or holding your phone in front of mirror to verify your face (similar like other banking app do). After verification only then generates offline qr code for you
So you can scan in the face of your vaccinated cousin to go with his QR code you downloaded; or the driver's license you stole off some poor sucker. Doesn't seems like all that great a security scheme to me.
It's cool that all the data is embedded in the code instead of just containing a URL that points to some centralized server. This way people can't be (trivially) tracked by looking at the pings from the scans.
This design looks pretty sound, revocation seems like the big missing piece but I guess that could be done by pushing an updated scanner.
Here in The Netherlands our app is also used for proof of a negative test. I wonder if giving signing powers to however many hundreds of test locations will backfire at some point. Then again I don't know if our national QR codes are even cryptographically signed to begin with.
I don't know how the signing process is for this specific green pass, but the national France one is signed exclusively by the French healthcare system: vaccination centers and test locations can emit a signed pass remotely and print it, but they don't possess the private key locally.
I'm speculating somewhat as I haven't been through the process, but it seems like the test centers give you a string that the app converts into the QR code. The app is supposed to work offline, though perhaps the initial string -> QR code does an online lookup and thus is signed externally to the test centers.
The string is a BASE45-encoded payload that has already been signed before encoding as a QR-friendly string. The BASE45 is because QR codes only support 45 characters (versus more common BASE64). But by the time the string -> QR happens, the signing has already taken place from the lab who provides the string.
> I wonder if giving signing powers to however many hundreds of test locations will backfire at some point.
In Germany the vaccine proof can be generated at (most?) pharmacies. If that would become an issue, I don't think it would only be one in the Netherlands.
Should be most pharmacies but they have to check your vaccination booklet (or proof of vaccination, they give you extra papers at the vaccination location). It seems to work alright considering atleast one person I know is facing charges for falsifying medical documents and falsifying signatures due to them trying to fake their vaccination and bringing that to the pharmacy.
Companies aren’t allowed to keep that data in the EU. I thought California had something similar to GDPR? In any case, it’s the minimum amount of information required for the task, and it’s at least (hopefully) for a limited time.
What's stopping people from robbing you at gunpoint? The law. GDPR is specific about consent and the purpose of collecting data. It's simply illegal to feed the data to marketers.
If somebody robs me at gunpoint, I immediately know it happened. I can report it to the police, who will take the report seriously. If the police catch the guy (which is likely if he's a serial offender), the prosecutor will take it seriously. If convicted, the offender will go to prison for years.
If a company violates privacy laws, I will not immediately know it happened. If I don't know it happened then I can't report it to the police, but even if I did, the police probably won't take it seriously. And prosecutors going after corporations? Even if that happens it will doubtlessly take many years for the court case to reach any conclusion. If convicted, the corporation will receive a fine that is a fraction of what it would take to put them out of business. The executives won't go to prison.
The practical differences between these two scenarios are substantial.
"Even in Byte mode a typical QR-code reader tries to interpret a byte sequence as an UTF-8 or ISO/IEC 8859-1 encoded text. Thus QR-codes cannot be used to encode arbitrary binary data directly. Such data has to be converted into an appropriate text before that text could be encoded as a QR-code. Compared to already established Base64, Base32 and Base16 encoding schemes, that are described in RFC 4648 [RFC4648], the Base45 scheme described in this document offer a more compact QR-code encoding."
Here is the output alphabet:
Value Encoding Value Encoding Value Encoding Value Encoding
00 0 12 C 24 O 36 Space
01 1 13 D 25 P 37 $
02 2 14 E 26 Q 38 %
03 3 15 F 27 R 39 *
04 4 16 G 28 S 40 +
05 5 17 H 29 T 41 -
06 6 18 I 30 U 42 .
07 7 19 J 31 V 43 /
08 8 20 K 32 W 44 :
09 9 21 L 33 X
10 A 22 M 34 Y
11 B 23 N 35 Z
My initial thought is using "Space" as a valid encoded value seems like an enormous foot gun.
The GP is saying 3 base41 characters can encode 2 bytes. Using base45 doesn't shorten the encoded message size unless they increase the encoding unit to more than 2 bytes.
Alphanumeric mode (which is 45 symbols: [A-Z0-9] and nine special symbols) is the only QR mode that's reliably supported among all scanner library implementations (latin1 is part of the extended mode, Unicode & raw binary get detected with implementation-dependent heuristics).
The encoding is great, actually: 4n bytes will get encoded into 6n alnums (base45 symbols) which are 3n * 11 = 33n QR-bits. A loss of just 3% (33/32 - 1). This works because [ alnum1 alnum2 ] by spec must get packed into [ 11 bits ] in the QR message bitstream.
The document says that the encoding is 11 bits for two characters, which means that Base45 plus that encoding is very efficient, since 45^2 / 2^11 = 0.988, so only 1.2% of the capacity is wasted.
Note that the document mentions that stuff like 'font size' is not specified in QR (?), while saying nothing about basic questions like 'what about non-printable characters'.
Then it got it got superseeded by 18004:2015. When a person asked on StackOverflow what's going on, the answer by the author of the most popular QR library (zxing) says "There is one (not obsolete) ISO spec for QR codes, ISO 18004:2006. Most of what you observe is just lack of compliance." - https://stackoverflow.com/questions/18699739/tools-for-qr-co...
So, you can do base64 with ECI latin1, and risk the scanner performing some heuristic... or you can just take the alphanumeric route with 45 options (26 letters: [A-Z], 10 digits: [0-9] + 9 special characters), which is compact in terms of QR representation (not in terms of modern 8-64 bit words in memory!) and call it a day: https://tools.ietf.org/pdf/draft-faltstrom-base45-06.pdf
And it is not that bad - base45 packages nicely in 11 bits; so compared to exactly the same payload in binary - there is just a few percent difference in the end in pixels/cells on screen.
There is an epidemic of naivety and irrational fear pervasive in society right now.
Even "data" and "science" is subject to emotionally or ideologically-driven narrative and/or subjective perception.
This, against a backdrop of our current "big tech" which has demonstrated wanton disregard for individuality and autonomy in favor of centralization and manipulation.
There are a few voices of reason here. Hopefully more will speak up.
It is the very creation of SYSTEMS that pose the greatest risk to individual liberty and the course of society.
Once the systems are in place, they can evolve. They can be leveraged or weaponized.
It is past time for ethics and limits in tech. The creation of these "pass" systems is extremely naive, and forms the basic enabler of a technocratic tyranny.
Your personal autonomy is being increasingly removed.
You are approaching a reality where some (many in this thread) naively want you to accept that you are inherently dangerous, untrustworthy, and unprivileged - until some central "system of authority" grants you "privilege" to exercise "rights" that are being removed.
Nonsensical appeal to fear. Either express concrete criticism or avoid posting rambling FUD and doomsaying that doesn't contribute to the topic at hand.
Amen to that. Sad that most seem to go along with this nonsense. No thanks, I will also pass on this. This is the opposite of what true freedom looks like.
Somewhat related - here's [0] a report on the QR codes that public venues in England can display for patrons to 'check in' using the NHS COVID-19 app to assist with contact tracing
The "first positive test result date" in the recovered example seems interesting to me. Is there are reason for a pub to know you ever tested positive, if you are far enough past the date, immunized, etc?
In my country, if you get a positive PCT test, you can go places 10 days after the result and up to 6months after, then a vaccination is required (or a new positive result, or a test).
If another country has different limits (14 days after the positive test and up to 5 months after), they need a test date to calculate if you're allowed to enter or not.
As someone from a former socialist country, this really reminds me of "papers please", especially the border crossings between countries with similar numbers of infected not letting people cross.
It's interesting that all of this is in there. In the Netherlands the health minister has multiple times promised that the checking party (like pub/work) would not be able to determine if you were OK because of vaccination, recent negative PCR test or recovered.
Maybe that is only for the national check and not EU passport.
You are correct. The national/intra-jurisdiction checks usually give you a thumb up / thumb down without context.
The cross-border credentials provide context to allow the destination to make a determination if they wish. For example, some jurisdictions may not recognize Sinovac. Others may not recognize a COVID recovery + 1/2 dose series as valid. In the future, some vaccine series may need a 3rd dose.
Each place in different. Some US jurisdictions adopted a "hold my beer" approach. Others have tight standards and vaccine registry, others have good immunization processes, but the integration with third parties is poor.
The Dutch app will have two QR codes: a national one which does hardly contains any information - initials and day/month of birth - and the EU DCC which is discussed here.
Pretty sure the complaints were about allowing wechat/alipay and gov/police to track you and your health status. There was no transparency in what was stored/transmit, whereas here it is all documented. Its a static QR code you can carry, rather than an app that does a lookup and phones home. The reader app only verifies the signatures used to sign the (limited) id info, doesnt send info back to the mothership, etc.
No, actually the complaint was that a central authority could, under the pretext of some obscure rule, forbid you access to certain or public services. The same concept applies here, whether it's open source or not.
We're not over it, the discussions were consistently buried and we skipped that part to "here's how the new QR systems work" to give the illusion of consent. They didn't even bother manufacturing consent this time. There was no healthy public discourse on it, just some states/countries banning them pre-emptively and some states taking for granted that you would accept it.
Pretty sure the complaints were as I mentioned - feel free to give links to the other discussions.
The "central authority" already do forbid you from accessing certain or public services for the same rules - only you need to provide the relevant paper documents. This is effectively the paperless version thereof.
You may personally disagree with the concept of proof of vaccination, but thats completely aside from the technical discussion we are having here.
Its not an aside, its centrally related. The technical version of the app enables the problematic activity to scale and thus the moral and ethical implications are centrally related to the technical implmenetation.
> are centrally related to the technical implmenetation.
You mean just like a centrally fabricated ID card that's used for entering an airport, making certain purchases, verifying ID for a CC purchase, entering the country, etc?
What public service does the government forbid me to access without my papers (except the ones where the document is needed to charge the state for the service - eg. medical stuff)?
Just a year ago, saying that the governments will require you to produce a "vaccination passport" to enter a restaurant was laughed at as a crazy conspiracy theory, and currently, the difference between a "crazy conspiracy theory" and "reality" is about 6-12 months.
"certain or public services" was the phrase the parent used. I just said the same rules apply as before. Maybe you are better off asking them for examples.
Most countries, for example, require vaccination for contagious diseases for a variety of public functions like attending school. The need to validate vaccination status for functions like boarding airplanes or attending large stadium events is just common sense, as certain populations are refusing vaccination for mostly irrational reasons.
These digital credentials allow people to conveniently provide this documentation in a reliable way.
>refusing vaccination for mostly irrational reasons
Depending on age and condition the risk to an individual can vary from one in ten million to under one in a hundred. In your mind, what is the risk that an individual must face from covid to make it rational to take a novel treatment with no long-term safety data that hasn't passed the standard FDA approval process? In any other context, would people here be so confident that there's a less than one in ten million risk from a novel MRNA treatment?
>certain populations are refusing vaccination for mostly irrational reasons.
It's not irrational for people to be cautious about a new treatment for which there's absolutely no data about long-term safety (can't know the 2-3 year effects of something that's only been around one year), which has bypassed normal treatment approval processes (the covid vaccines only have FDA emergency use authorisation, and have not yet passed the requirements for full FDA approval, requirements which are strict for a reason), for which some previous attempts have failed significantly (https://pubmed.ncbi.nlm.nih.gov/22536382/), to prevent a disease that for many people has less than a 1/100,000 to 1/1,000,000 fatality rate (https://www.medrxiv.org/content/10.1101/2020.05.17.20097410v...), ten to a hundred times less dangerous than giving birth.
The vaccines have regular approval in the EU by the EMA, the US approval is the odd case here. And there is no reason to expect a significant risk for side effects that only appear after several years, for vaccines they generally appear reasonably close to the date of the vaccination.
And you're seriously downplaying the risks of COVID-19 here, of course it is relatively harmless for very young people. But it is seriously dangerous for a large part of the population that is older.
>And you're seriously downplaying the risks of COVID-19 here, of course it is relatively harmless for very young people. But it is seriously dangerous for a large part of the population that is older.
It's not only "very young" people. Did you look at the link I provided? For people 20-30, it's around one in a hundred thousand. For people 30-50, it's around one in ten thousand (similar to giving birth). When someone's making a rational decision, it's with regard to their individual risk; the risk of covid to an eighty-year-old is irrelevant to a twenty-year-old deciding whether to take the vaccine, especially given the vaccine doesn't prevent them infecting others if they get it (see this data from the Singapore government: https://covid.viz.sg/ ).
>for vaccines they generally appear reasonably close to the date of the vaccination.
The MRNA vaccines are quite different from normal dead/live virus vaccines and have never been used at scale.
> The MRNA vaccines are quite different from normal dead/live virus vaccines and have never been used at scale.
Their closer relative, the viral vector vaccines (like J&J’s), have been. You’re right about calculating risk, but when’s the last time a vaccine in normal, longer term stage three trials resulted in a higher fatality rate than COVID (for any age group)? The link for the SARS vaccine candidate was a failure that was caught in a mouse model, which unsurprisingly they also did with the new vaccines before the human trials started. To echo the parent comment, these were immediate side effects on challenge (which would likely been caught in stage 2 trials even if they only happened in humans and not in animal models).
If we want to go with unusual reactions that only show up over time, what about the chance that whatever long term side effect you’re imagining from the vaccines instead happens for people who have been infected with COVID 5 years from now? Once you decide to make decisions based on rare and novel events with unquantifiable risks, you’ll find they show up absolutely everywhere if you’re being intellectually honest.
> given the vaccine doesn't prevent them infecting others if they get it (see this data from the Singapore government
That data’s N is a little low, but let’s take it seriously for a moment. The vast majority of vaccinated people in that dataset did not go on to infect others, and none of them were epicenters for super-spreader events. Eyeballing it, it’s consistent with a sterilizing immunity in excess of 80%. If the vaccines turn out to be that effective at preventing transmission, that’s an excellent outcome (it is higher than most vaccines).
>You’re right about calculating risk, but when’s the last time a vaccine in normal, longer term stage three trials resulted in a higher fatality rate than COVID (for any age group)? The link for the SARS vaccine candidate was a failure that was caught in a mouse model, which unsurprisingly they also did with the new vaccines before the human trials started. To echo the parent comment, these were immediate side effects on challenge (which would likely been caught in stage 2 trials even if they only happened in humans and not in animal models).
It's basically like saying: "the unit tests have all passed now, the regression tests all pass, so let's roll out the fix straight to prod, because it's urgent and we don't have enough time to do the normal amount of staging environment testing". Sure, probably it's fine. But mistakes happen. In any other context, a 1/100,000 chance of error would be considered incredibly low, a great achievement. But in this case, a 1/100,000 chance of seeing after 2-3 years a failure like happened early on in those previous trials would be an incredible tragedy, if the vaccine was taken by people with less than 1/100,000 chance of being killed by covid.
https://onlinelibrary.wiley.com/doi/10.1111/ijcp.13795 makes a better case than I can that "a finite, non-theoretical risk is evident in the medical literature that vaccine candidates composed of the SARS-CoV-2 viral spike and eliciting anti-SARS-CoV-2 antibodies, be they neutralising or not, place vaccinees at higher risk for more severe COVID-19 disease when they encounter circulating viruses"
>If we want to go with unusual reactions that only show up over time, what about the chance that whatever long term side effect you’re imagining from the vaccines instead happens for people who have been infected with COVID 5 years from now? Once you decide to make decisions based on rare and novel events with unquantifiable risks, you’ll find they show up absolutely everywhere if you’re being intellectually honest.
The difference is that covid does not have a big qualitative difference from other respiratory viruses, and no circulating respiratory viruses are known to cause serious long-term symptoms in people who were short-term asymptomatic. Whereas the MRNA treatment is quite a different mechanism from previous vaccines.
Separately, ethically it's generally considered worse if a death results from deliberate human action than from an "act of nature". E.g. nowhere is it morally acceptable to murder somebody just because their organs could be used to save ten people. In this case that means it would be considered morally worse if people were coerced into taking a vaccine that ended up killing them than if, absent the vaccine, they died from natural causes of equivalent risk.
>That data’s N is a little low, but let’s take it seriously for a moment. The vast majority of vaccinated people in that dataset did not go on to infect others, and none of them were epicenters for super-spreader events. Eyeballing it, it’s consistent with a sterilizing immunity in excess of 80%. If the vaccines turn out to be that effective at preventing transmission, that’s an excellent outcome (it is higher than most vaccines).
There's one super-spreader there, a prison cook. I pulled the data from the backing rest API (if you want I could upload the notebook and show you):
pd.Series(vax_links).describe()
count 17.000000
mean 2.705882
std 3.670230
min 1.000000
25% 1.000000
50% 1.000000
75% 2.000000
max 14.000000
dtype: float64
pd.Series(unvax_links).describe()
count 127.000000
mean 2.181102
std 1.965647
min 1.000000
25% 1.000000
50% 2.000000
75% 2.000000
max 15.000000
dtype: float64
While there are way fewer vax cases than unvax cases, looking at the average number of infectees it doesn't appear that vaccinated people infect fewer on average than the unvaccinated do, at least given the limited data.
The thing about covid is that you can't consider just the individual risk, you have to also think about the fact that this is contagious, so if you don't actively try to stop it, it will kill many more people.
So yes, chances are I wouldn't die if I didn't vaccinate, but chances are I would kill my grandma if I caught covid.
Wouldn't she be vaccinated at this point? And if we assume some people can't be vaccinated for health reasons and that we have to take the vaccine to protect them... Isn't it pretty awful that they will be denied access to most public places because they don't have a vaccination proof?
If anything, it's irrational that people who would normally refuse to take a novel treatment that has not passed standard FDA approval procedures would suddenly decide to take it just to minimise a one-in-a-hundred-thousand risk, a risk lower than many other risks people usually take like giving birth and driving.
> which has bypassed normal treatment approval processes (the covid vaccines only have FDA emergency use authorisation, and have not yet passed the requirements for full FDA approval, requirements which are strict for a reason),
FDA approvals are largely based on the ability to provide reliable test cases. You literally have the largest test case known to human history. No amount additional FDA testing is going to make that change.
> to prevent a disease that for many people has less than a 1/100,000 to 1/1,000,000 fatality rate
This figure is meaningless. We have a steady history of "excess deaths" and can predict what annual death rates are on average on a yearly basis. This number jumped significantly even with mask mandates, lockdowns, etc over the last 18 months:
>FDA approvals are largely based on the ability to provide reliable test cases. You literally have the largest test case known to human history.
Nine women can't have a baby in one month. A billion test cases for short-term side effects still aren't test cases for long-term side effects.
>This figure is meaningless. We have a steady history of "excess deaths" and can predict what annual death rates are on average on a yearly basis. This number jumped significantly even with mask mandates, lockdowns, etc over the last 18 months:
For making a rational decision, the figure to use is the personal risk to the individual. Using excess deaths is meaningless, because if the vast majority of those deaths were in old and overweight individuals and you're neither, then those numbers are irrelevant to quantifying the risk you face.
Yes, and I'll take any reasonable precaution I can to avoid getting COVID: social distancing, wearing a mask, regularly using disinfectant, working from home, etc.
Businesses have shown an enormous appetite for hoovering up personal information. Why are you sure that businesses won't use an alternative verification app that stores the names and dates of births, shares them with their marketing partners, etc.?
The problem with the GDPR is that it is only as good as the authority enforcing it. There are complex rules (from memory about a third of the text, but it is a while since I read it all and this was the bit I was least interested in) on which authority is the one in question that means you can somewhat choose your authority, and some of them are not enforcing it at all. This is how Facebook and Google etc are able to do things that clearly violate it I think.
Does it have access to a passport ID? Image database?
How is the one verifying the validity of the certificate supposed to check if it's actually the holder of the certificate standing in front to clear admission?
You show your photo ID, and the person that is checking looks if the name on your ID matches the name in the QR code. The reader Apps are dumb, they only show the content of the QR code and verify that the signature is valid.
Your granny doesn’t need to verify this, these are used by employees of venues that want to limit access to their facilities to people who are either vaccinated or tested negatively.
I'm talking about people like me or my grandmother who want to verify that the guard at a club uses application that works fully offline and doesn't save any data - the QR code we're handing over contains our personal data and on top of that we're actually cryptographically verifying our whereabouts while using it, so I want to be absolutely sure the government doesn't have access directly without a court order. // yes I have had a real, serious problem with the government using data it got for other purposes against me for its own gain (I won the court, but it nearly destroyed my life and I'm still not where I was before and won't be for a long time).
I'm pretty sure the guard doesn't give a flying fuck about my personal information, just like the programmers - so how do I verify myself? Or am I to stay at home forever if I care about my privacy? The EU said very different things about these issues, is that forgotten now? The same goes for the other identity-related EU initiatives, where did all the talk about privacy go? Was it just propaganda, because it certainly seems so now, as there are so many so obvious loopholes it can't be an accident?
I don't know in what country you are, but mine (the Netherlands) has open-sourced everything around the corona-check apps, including backend, design, etc. on GitHub (https://github.com/minvws).
If you or your granny aren't good at reading code, you just have to trust that other members of the public who are would have made some noise in the media if something fishy was going on.
Many forms of ID also have some form of NFC/RFID to read out data wirelessly. I don't know why you'd buy something to do it automatically, but you totally could.
You'd still end up comparing a picture to someone's face, though, so you can't really remove the middle man without going into some dangerous facial recognition tech.
Name+DOB in digital form is more than enough to track people, even with an offline verification process: We can expect that any number of "interested parties" will attempt to get access to the computer systems of venues operating these QR code scanners, or of their suppliers.
Having someone at the door look at a paper ICVP and a photo ID with their analog eyes has much better privacy properties. (Still bad though.)
The verifier app is a dumb app that simply verifies the signature of the QR code payload and displays the relevant info on screen, which they look at with their analog eyes and compare to the photo id. The only network activity and/or storage is related to downloading the public keys of the issuing authorities.
My point was that once you make that data machine-readable, it's not good enough to have privacy-by-policy of not storing it - IT security being what it is.
Ah, the threat of the imaginary hackers ("interested parties").
The QR code scanners will probably just be the official app installed on smartphones the venue will need to supply to the security personnel. Who's going to hack this? Banks can already track your credit card payments to figure out your profile, Google can track your location through your phone. Russian, Chinese or North Korean hackers probably don't care about where you spend your evenings.
"The imaginary is that which tends to become real" -André Breton
> Banks can already track your credit card payments to figure out your profile, Google can track your location through your phone.
For people who don't even avoid these easily defeated tracking vectors (with cash and de-googling), sure, vaccine passport tracking won't make a big difference.
Groan, "let me put a random name to some saying to justify my actions"...
Just because you can find a quote you think is profound and attach a name to it, doesn't justify super-paranoia. Do you get out of the house, or are you avoiding the virus? Life's about judging risks and benefits, and IMO you're way overblowing the risk of these hackers. What Andre Breton thinks is irrelevant.
It links 'a person' to 'a piece of health information'. Imagine what you or any data platform could do with that (big) data.
Here we hide personal health information in a QR code and are expected to give random strangers 'consent' to this personal data to gain 'access' to a venue or 'service'.
Yes, The name and date of birth are linked to a number of vaccinations,
AND the exact vaccine,
AND date it was administered,
AND the country it was administered, (I also now have a good guess about you nationality)
AND the disease the vaccine works against.
Do you really need to know the last four if you all you really want to know if the identified person should be granted access?
But that’s the exact information I want to pass to someone?
I’m not sure how else to give someone the information that person X has had vaccine Y, other than actually transmitting that exact information?
Yes, it’s (slightly) sensitive information. But if one decides that we want to have a system based on this exact information, and it had to be “offline capable”, what are the options?
> Do you really need to know the last four if you all you really want to know if the identified person should be granted access?
If the requirements are that verifiers must themselves be able to decide which vaccines are acceptable, number of doses or time since last dose, and which issuers are allowed, then yes.
Generally speaking - I am suggesting that there was a coordinated effort to utilize the pandemic in order to better ID and track outside of the traditional means (ie. advertising to consumers) - they need to fix the ID problem so to speak (ie...online anonymity) - they want to final mile everything.....so they can fully track everything.
The pandemic was the perfect opportunity - so they coordinated between big tech and government to setup more and more tracking systems - Apple and Google knew ahead of time, just like the politicians and CEOs who ran before the announcement with buckets of share sales....
And then there is the solidarity and collective front to ensure that no dissent was heard (ie...fact checkers) and cartel like collusion between platforms to silence and coordinate news.
Then there is the fact that they have managed to make health and science immune to the forces of criticism and public disclosure....
or how about the media sucking at the tit of big tech for years trying to get at that sweet sweet ad nector....
you're comparing a signed certificate that exist locally with a credit score that continuously update centrally and track your behavior across your social interaction with the government, third private entity and your peers
and both are terrible when used to stop and restrict people and descriminate.....both which are done blatantly and in the open yet no one cares.....I call you a mean word and I am bad guy....people are regarded..
The moral high ground is that the EU Covid pass is basically only a convenience: the exercise of fundamental rights is untouched by this:
> Will citizens who are not yet vaccinated be able to travel to another EU country?
> Yes. The EU Digital COVID Certificate should facilitate free movement inside the EU. It will not be a pre-condition to free movement, which is a fundamental right in the EU.
Compare this to pre covid travel, and yes, it affects us greatly. Since pretty much all the countries have very low covid numbers, any such limitations are stupid.
That's nothing but a strawman. You don't have to get tested every 48 hours. You'll have to get tested if you intend to meet other people up close that you'd risk infecting with Covid, unless you're healthy.
That's simply an assurance for all those that cannot get vaccinated, and a low price to pay for a controlled return back to normality, without sacrificing everything we've achieved over the last months.
No, don't. What we are talking here about is a Covid pass / QR code thing, not the pre-pandemic past.
> Since pretty much all the countries have very low covid numbers, any such limitations are stupid.
In just the Europe, Russia and UK have horrible numbers right now, Portugal joining them. So no, you are wrong, I am sorry but the testing/vaccine/quarantine rules make sense and will make sense in the foreseeable future.
Currently, each country does its own QR thing, a fair amount of which is just a link to some .gov.* website. Unifying it under one model makes sense. It makes it easier to verify and issue new EU QR codes. Otherwise, when presented with a proof, verifiers would have to know how to properly verify 20+ different QR codes.
So we've got two realistic options: 1) non-EU countries teach people their own and the EU verification method, or 2) non-EU countries offer a way to "convert" EU QR scheme to their own at the point of entry.
It's similar the other way around as well, because non-EU countries could either start issuing EU-compatible QR codes, or recepients could "convert" them to the EU-compatible QR code at the point of entry.
> And, does this "EU Green Pass" work in UK or russia?
No, UK/Russia are an example that we are not yet safe. In fact, the current numbers in Portugal are a direct result of influx of visitors from the UK who imported the Delta variant there.
> we're striving for the prepandemic way of life
Yes, as soon as the virus is not a big threat, we can resume the prepandemic way of life. If you look at the current numbers of people getting sick and dying from Covid, it should be clear we are not there yet.
But the Covid pass is a part of normalizing the situation. I will travel in July to a vacation. I will carry the covid pass with me and as a result of that, I will not have to be tested (several times) or quarantined, despite traveling through several international (Schengen) borders.
What a ridiculous statement, Europe doesn't need to import the virus or any of it's variants when it's been a global hotspot for a year now. I guess it's nothing new though, contact tracing has been mostly used to shift the blame to an "outgroup" and seems to have worked in around 2 countries out of the hundred who tried doing it
Freedom is the high ground. You can feel superior or safer in the knowledge that the government deploys strong tech to monitor and control you (in the name of public safety, of course) all you want.
I'm vaccinated, the vaccine works, and I'm living accordingly. If a business wants proof, they don't get my business.
I agree. Seeing stuff like this take hold is both scary and tragic to me.
It feels like a genuine turning point for our way of life when the government can control your life unless you have a brand new medical procedure which, with no hyperbole, can kill healthy people at no significant risk from the disease.
I’m amazed how popular it seems to be here and the fact you have downvotes. This community like to tear companies like Facebook apart but cannot see the risks and impacts of what we are doing here?
I grew up in Australia, thinking Americans were crazy for their obsession with guns. In the past year my opinion changed completely, after seeing the US states with high gun ownership like Florida and Texas are some of the few places in the world where this authoritarianism hasn't taken hold.
I'm not sure those states are good examples when their governors were happy to impose restrictions on private businesses and remove their freedom of choice wrt proof of vaccination - to the complaint of the Cato Institute, no less.
The US is a bit different than portrayed. Even in Illinois, most of the state is hard red. They have “2nd amendment sanctuary counties”. Masking, gun laws, etc aren’t followed in the country, even suburbs.
Honestly, there’s a good reason people in Illinois believe their elections are stolen (there’s lots of historic proof). It’s an open secret that the democrats steal the state. If you ask around, almost everyone believes it.
To be fair, Illinois has jailed a significant number of governors lol
I'm amazed at the amount of discussion, period. The article factually laid out the small amount of information encoded in the QR code, walked through the data format, and showed it to be pretty minimal and well-designed. No URLs, no hidden trackers, no evil ad salesman selling your browser history. Yet here we are at the #1 spot on HN and almost 400 comments. Full of conspiracy theories, COVID-downplayers and anti-vaxxers. I'm trying to connect the dots between a QR code and the New World Order, and I'm coming up empty. I thought HN was above this and wish this stuff could stay on Facebook and Twitter.
> I'm amazed at the amount of discussion, period. The article factually laid out the small amount of information encoded in the QR code, walked through the data format, and showed it to be pretty minimal and well-designed. No URLs, no hidden trackers, no evil ad salesman selling your browser history. Yet here we are at the #1 spot on HN and almost 400 comments. Full of conspiracy theories, COVID-downplayers and anti-vaxxers. I'm trying to connect the dots between a QR code and the New World Order, and I'm coming up empty. I thought HN was above this and wish this stuff could stay on Facebook and Twitter.
No one cares about the qr codes themselves and I think you are willingly ignoring the main point. The problem is that you need to show a government issued "pass" to access almost any public space. You may be okay with that but please don't pretend it's nothing new and it's always been like that. Asking for a digital certificate to live your life normally is unprecedented, but I guess at least it's not ads? Who talked about that anyways, can't both things be bad? I guess what the NSA does is alright since it's unrelated to a new world order or ad tracking?
As for antivaxxers or covid downplayers, Imo pretending this whole apparatus is needed is the real anti vaxxer position. The vaccines work, and if someone doesn't want to take them the risk is on them. Downplaying covid now is the pro vax position, while yours imply vaccines barely work so we need precedent setting measures like these. I mean the comment that started this subthread is literally saying that vaccines work so the straw man you are building is absurd
It's because we let them say opinions were more important than freedoms....that's that. once people drank the coolaid....Jonestown was on....we are watching the suicide of our society in the name of progress......because to not progress is (enter fad strawman of the day - .... right now ultra right wing conspiracy....)
We need this passport so that we maximize the potential of vaccines and minimize that of virus mutations. I say this selfishly: I want to travel and when the risk that visitors will bringing a supertransmissible virus deadly to the population is high (and 0.5% is a shitton of people), we'll again have lockdowns and we'll be sitting at home. I don't want any of that. That's why I got vaccinated and I'm happy to have a way of proving that it's very unlikely for me to bring crap that will kill people down the line
In what world is stopping a deadly disease that also paralyzes healthcare for everyone abuse? The virus is abusing us, that's for sure. Unfortunately it doesn't quite adhere to law, otherwise tens of thousands of people more would still be alive in my country. The only way to stand up to a force of nature like that is to stick to some common sense rules as a society, like "let's avoid crowds" or "let's all get vaccines".
Terrorism very broadly kills a couple hundred people a year in the developed world, and has been around that for a long time. Obviously it's a bogus excuse most of the time.
Meanwhile, this particular virus has correspondingly killed ~10 000 times more people. That is not hyperbole. That's not even comparable to terrorism, much more like a war instead.
Perhaps somewhat paradoxically, much fewer than usual. Partly because some that might have, in stead died from Covid-19, and partly because the countermeasures against SARS-CoV are also very effective against a lot of other diseases like the flu.
Why; does that have anything to do with anything? Naah, thought not.
A number of politicians have already declared that we need to become "more like China". Not sure what Soros' current position on this is, as he clearely warned of China's social credit score system in 2019.
There aren’t that many different ways to design an immunity passport.
Their design looks very similar to mine [1], but they use a compact and custom schema instead of FHIR and W3’s Verifiable Credentials standard. Looks like they might be using LOINC code though.
The Dutch government disagrees. Their app implementation will have the ability to generate two codes, one for events within the borders and one for the EU pass.
The reason behind this is that the Dutch QR code only contains the bare minimum of personal information to identify you. By default this means the day and month of birth and your initials, unless you share those among many other citizens. In that case, more data may be added, such as your full first name or year of birth.
While the amount of personal data exposed through the QR code is small and not a privacy risk in my opinion, it does have some points where it can improve. Still, it's not a bad system from a technical point of view.
My problem with the entire system is that this code is basically a free pass for all the old people we've stayed inside for a year for to go on holiday, while everyone else gets to go through all the same hoops they've been going through for months. If the vaccinations were spread randomly across the population, I'd be perfectly okay with such a system, but in real life all the old people got their shots first. Things may be different in other countries, but here the vaccinations are still going, with only half the population having had a first shot.
The underlying message is clear, there's no solidarity between the age groups. I had to pause my social life to protect the people aged 50+, but those people aren't willing to put off their holiday for me in return. I'm sure the underlying reason for implementing this system is economic, it's the EU after all, trying to save tourist-oriented economies and all that.
I'll get my pass somewhere near the end of August (two weeks after my second shot), past the holiday period. Parents will have to wait for even longer if they want to travel with their kids, because kids are all the way at the end of the vaccination line if they even get them at all.
With the Indian covid variant ravaging Portugal and the seasonal effect, I do wonder how long this system will last. It's only a matter of time before some mutant shows up that's resistant to a certain vaccine and we start from scratch.
It’s an unfortunate reality but why shouldn’t people who are protected be able to take advantage of that? It’s older generations in broad strokes, but also people who were at higher risk, healthcare workers, people who’ve been vaccinated already abroad, etc. It’s not so simple as old vs young and even if it were I don’t see the solution as keeping everyone at a disadvantage because you are bitter that others got vaccinated sooner.
Furthermore, it is possible to take advantage of everything a person with a vaccine pass can do with a (free!) PCR test. It’s even paid for by the government for July and August for travel abroad.
Also, it’s definitely far from certain that some mutation will evaporate all of the progress made. It’s not helpful to speculate like that.
Seems like a question of reciprocity and solidarity. I'm not sure if I agree with the sentiment of OP but I do understand frustration that those of us who had an inconsequentially small probability of falling ill to this virus have lost more than a year of the prime of our lives in an effort to protect others; others who will now enjoy all the freedoms we still don't have back despite there still being next to no risk to us.
> Seems like a question of reciprocity and solidarity.
I have to disagree here. There is neither reciprocity nor solidarity involved, because you gain/lose nothing by them having or not having additional freedoms.
Don't get me wrong I understand OP's frustration and that he/she feels treated unfairly. But OP's frustration is not rational. As harsh as it sounds OP's feelings are driven by envy.
That's a completely different discussion whether the strategy was the right strategy in the first place, and unrelated to my argument.
What I'm saying is that given the current situation, player A (OP) loses nothing while player B (the vaccinated) gains something (also called a Pareto improvement). It is not rational for player A to oppose this new situation where B gains something.
Problem with rationality is how it is defined. And yes, of course it is rational to be angry about it. It is also rational for humans to sometimes project this anger at wrong targets. It is still rational behavior because it fulfills a need, although it is classically defined differently of course.
Yep... young people gave up a year of their lives to "save grandmas", and now that grandmas are vaccinated, are still not allowed to go on a vacation or party, even though there's a higher chance of dying in the car driving to/from the party (for healthy individuals from those age groups).
>young people gave up a year of their lives to "save grandmas"
It's disingenuous to suggest that throughout all of this, elderly people were somehow welcome to do as they pleased while the young were locked at home. Don't cast aside the immense suffering and loneliness of elderly people throughout this.
Germany here. Life of many children has become a nightmare. Good luck with any travel with PCR tests, 120 Euro each, and you need at least 2 per child. There's no vaccine for children under 12, and it's officially not recommended for those who is healthy under 16. Many families are now struggling. Even getting a non-PCR quick test which is free requires lots of additional time (this is required for any indoor activity).
The context of the above was Netherlands, where there is no widespread quick testing-on-entry as there is in Germany. There is largely no restriction in day-to-day life in the Netherlands (and even less in the coming weeks), with or without a vaccine QR code; the code would apply for access to large events or travel. Also in Netherlands the government is paying for travel PCR tests through July and August. These countries have taken quite different approaches.
You do raise an excellent point that this vaccine system excludes children.
You can currently travel (and return) freely to loads of places without a vaccination, a test, or a document, or anything. Seems a bit disingenuous not to mention that.
Also, PCR tests are available for way less than 120 EUR.
That's not to say the past year wasn't particularly difficult to families with children and young people in general.
Italy, for one! If you ride by car, you don't need anything; going by train, you'll need an antigen test, which you could do in Munich, for free, before boarding the next train heading to the Brenner pass. On your way back, you don't need a test either way.
Sorry, I was wrong -- I thought you can freely travel to e.g. Austria, but you do in fact need to provide a PCR test or be vaccinated on arrival (just not on return). So the list may just be three countries, the Netherlands, Spain and Croatia. Mea culpa.
At least Germany itself has lots of nice and diverse holiday destinations. That's what we're doing this year.
> By default this means the day and month of birth and your initials, unless you share those among many other citizens. In that case, more data may be added
This sounds like k-anonymity, in which case the k is usually made public. Any idea what value they chose?
It's the opposite isn't it? k-anonymity would remove data until you are the same as k others, whereas this adds data (such as first name), so you are not the same as many others?
There's the privacy-utility tradeoff in data anonymisation, but most algorithms focus primarily on privacy. There usually are no parameters that promise any kind of utility, only parameters that promise privacy.
In this case it looks like they want a guarantee on both, which makes sense.
(So yeah, you're right, this definitely isn't just k-anonymity)
> It's only a matter of time before some mutant shows up that's resistant to a certain vaccine and we start from scratch.
That's not a given. There's an evolutionary space for mutations the virus that isn't endless. It seems far from clear that it can generate escape mutants that are resistant to the current vaccines, for that it would have to turn into a completely different virus.
>We emphasize, however, that enhanced transmissibility, rather than immunoevasion or greater lethality, would be considered the most potent path for the virus to become more fit and viable.
>Indeed, more-fit variants can be expected to emerge over time [...], but we believe that these will not continue to emerge indefinitely: nothing is infinite in nature, and eventually the virus will reach its form of ‘maximum transmission’
That's exactly right. As of today, some virologists think that we are already seeing early signs of convergence among virus variants, i.e. the same mutations appearing in different variants.
It's early speculation and there is no guarantee, but it's certainly not given that there will be a variant that forces us to start from scratch.
> My problem with the entire system is that this code is basically a free pass for all the old people we've stayed inside for a year for to go on holiday, while everyone else gets to go through all the same hoops they've been going through for months.
I don't understand. Why does it bother you if someone else is allowed to meet her friends again after being vaccinated and you are not? If they sit alone at home instead, how does it benefit you? The reason why they had to isolate themselves (being at risk of dying and infecting others) is gone. That means there is also no legal legitimation to restrict the people's basic human rights any longer than necessary.
The way I see it is that if you are going to restrict freedom's based on a status, then everyone should have had the option to attain that status before those restrictions are in place. If the government is controlling access to that status, then it is a selective infringement of rights as decided by the government.
In this case the status is vaccinated status, which in many countries is not widely available and the distribution is controlled by the government.
However at the point where everyone has equal access to the vaccination (and uptake is enough to provide herd immunity) such restrictions are unnecessary. So as soon as it's fair to put in place restrictions, they are no longer necessary.
I see the issue here but for the government it's a case of damned if you do, damned if you don't, or a lesser of two evils. Keeping restrictions in place for everyone whilst waiting until herd immunity is achieved is a severe restriction of freedoms for everyone, whereas loosing restrictions for those who are vaccinated is unfair but allows society to slowly return to normal.
The vaccine QR code only matters for large events or travel abroad, so the example about meeting friends makes no difference whether you’re vaccinated or not.
In any case, while it is certainly nicer to be vaccinated, it’s possible to get free PCR tests for the equivalent access.
So no football games with friends, and no friends abroad?
PCR test cost around 100eur in slovenia, and take a day or two. Fast tests (HAT) are free, but the waiting lines are 1-3hours, because of all the groups that have to do mandatroy testings each week.
>So no football games with friends, and no friends abroad?
No, that's not true.
I've mentioned it in a few comments now, but for events within Netherlands there is no cost - you can either have your (free) vaccination check or you can get a free PCR test and have a time-limited entry code. PCR tests for this purpose are always free in NL.
And the Netherlands is covering the cost of PCR tests for travel through July and August, by which point any adult who wants a vaccine can have had one.
Time limited is how long? I'm guessing 48 hours? So, even if free, you need to take an hour or two out of your life, every two days to be able to go to the cinema/footbal match/concert?
In slovenia, there are cases of people getting intentionally infected with covid, just to get "the papers", and to avoid the AstraZeneca vaccine (with, quoting the leader of our "expert team": "blood clot issues in a few per 100k people" - which is way more than the covid death rate in those age group).
Add to this the famous saying, that "there is nothing more permanent than a temporary solution".
Sorry to hear PCR tests are so expensive there! They're like that in NL normally if you go to a private lab in order to get a certificate for travel. If you get a government one then there's no certificate for it normally.
>Time limited is how long? I'm guessing 48 hours? So, even if free, you need to take an hour or two out of your life, every two days to be able to go to the cinema/footbal match/concert?
Certainly not saying it is seamless or not a total pain in the ass, but in reference to the OP it is wrong to characterize this as young people suffering, locked at home at the expense of old people who are free to do everything.
Yes, they're expensive. Fast tests are free, but waitint times are in the range of 1-3hours (those are ok to visit restaurants, etc.).
The government here has been moving the goalposts a lot, because we're in the "green" phase now, where just a few months ago, pretty much everything was allowed, and now they've added the vaccine/recovered/tested requirement (called PCT here) to everything. Also, we've ended the "epidemy status", so no more help for businesses, while still limiting how they can operate (requiring PCT, limiting number of people per square meters or percentage of capacity), and night clubs are only allowed to be open until midnight (making it not worth it to open, but without any help to keep the employees employed).
You don't use this system to meet your friends, you use it to go to venues, events, on holiday. Your friends probably don't stand in their front door with a QR validator in hand.
Everyone has had their lives interrupted for a year to save the old and weak, has had their life-saving vaccinations rationed towards the old and weak, and in exchange, the old and weak get to go to concerts without paying for a covid test.
Is that the thanks we get for trying to save their lives? The government isn't helping the younger generations, they didn't vote for them anyway, and the news is full of entitles people demanding to get a stamp to go on holiday before the app goes live.
Is it fair that my human rights are still restricted, while those of the people the restrictions are intended to protect aren't? It doesn't feel fair to me.
> Everyone has had their lives interrupted for a year to save the old and weak
It is a bit ignorant to say that only the old and weak needed saving from covid-19. You won't know if you are strong enough against covid until you are one step away from hospitalization, whether you are 20 or 60.
> Is that the thanks we get for trying to save their lives?
What kind of 'thanks' would you expect exactly?
They have lived the year at higher risk of contracting dangerous symptom, while you were safer in comparison. Was it fair then? When you were able not to fear too much about your safety?
Frankly, forcing people to stay inside while they have been vaccinated and are at an acceptable level of risk, under the guise of 'fairness' is pretty rich.
I think he means the opposite -- that at this point (with the entire vulnerable population fully vaccinated) it's unreasonable to force anyone to undergo restrictions.
That's pretty rich of you, I wonder how you'll look at this comment when you're say 60+ yourself :) You know, one of the old and weak that we will all be
> I don't understand. Why does it bother you if someone else is allowed to meet her friends again after being vaccinated and you are not? If they sit alone at home instead, how does it benefit you? The reason why they had to isolate themselves (being at risk of dying and infecting others) is gone. That means there is also no legal legitimation to restrict the people's basic human rights any longer than necessary.
Because the young people could meet their friends and go on holidays with minimal risk[0], but they were not allowed to, because they had to "save grandma". Now grandma is "saved" and vaccinated, and they're still not allowed to go, with the risk still being minimal.
[0] in slovenia, the have been 600k-1mio (depending on the expert) infections, and total number of 4(!) people died below the age of 35, 88 below 55 (including those 4) - for comparison, average number of deaths in traffic is ~100 per year.
> My problem with the entire system is that this code is basically a free pass for all the old people we've stayed inside for a year for to go on holiday, while everyone else gets to go through all the same hoops they've been going through for months.
Would you have preferred to be one of the people whose lives were in danger because of this disease? There's a good reason they got the first vaccinations.
I'm not opposed to vaccinating the weak and elderly first, but the choice to also give them their freedoms back first leaves a bad taste in my mouth. I'd like for everyone to be healthy, but also for everyone to be subject to the same restrictions.
The youth sacrificed a year of their lives for the elderly, and in exchange they'll have their freedoms restricted for longer while the elderly they've sacrificed their time for get a free pass to holidays and concerts.
You get the same freedoms with free covid tests, right? Except when traveling abroad and having to pay for the same test. This is only about convenience as far as I see, greatly helping the tourism industry. What would be your ideal solution, requiring the same tests from everyone?
I don't know where you live but in most countries PCR tests aren't free.
There are some EU countries that will have you take one if you didn't bring your result along (and it will be free of charge), but then you might need to spend a day or more in self isolation till the test result is reported back.
What you want is not possible. They were at a much higher risk of dying, so they got the vaccine first. Because they got the vaccine first, they get to live "normal" lives again before you do.
Yes, that's unfair.
It would have also been unfair to give the vaccine to young people first.
Such is life. Whichever choice you make here, it is unfair. There is no "happy path".
Or actually, we (here in the West) ARE on the happy path. Just have a look at what is happening in Brazil or India to see why we are the fortunate ones. We need to stick with it for a bit longer, and Corona will mostly be a thing of the past here. Many people all over the world would love to swap places with us. Also extremely unfair. Unfortunately.
Why are you talking about fairness in a context like this? Is there any actual health benefit from fully vaccinated people waiting until everyone else is vaccinated? Also, you probably also incur less healthcare costs than they do, but you still contribute to the public healthcare system. Is this also an issue for you?
Remember that the elderly also have more actual urgency, as they are much more likely to have less time to live than you.
They won't give you a second jab, but they also won't officially recognize you as vaccinated right now. And travel is also problematic since not all countries, not even the EU countries, accept prior illness + vaccine as being fully vaccinated.
These laws look like code that could use property based testing.
The benefit of this system is that at least we have a unified document right now. From what I've heard, covid recovery is indeed part of the QR code so any country accepting half vaccinated people that have recovered doesn't need to deal with different paperwork from every member state.
The lack of getting people a second shot is disappointing, but with the limited availability of vaccines it's understandable from a health perspective. The goal of vaccination isn't to help people travel, it's to prevent a deadly disease, after all.
We'd be better off with a common deciding factor what measures are acceptable to cross the borders, but areas with tourist-centric economies are incentivised to reduce the access requirements, and other countries are paying for those economies while they're still failing, so health and safety wouldn't be the main concern of such a common approach. The national approach doesn't have this problem, at least not for the countries supplying the tourists.
As far as I can tell, the schema does not allow combined information stating "prior illness" and "1 out of 2 jabs". So it does not even provide enough information for countries to decide if that level is acceptable, even if we had a common deciding policy.
The J&J/Janssen vaccine requires only one dose as well, and you can get the green certificate after the single dose. Since the format encodes 'doses received' and 'total number of doses' separately, I would guess that people with prior illness can similarly get the total dose number set to 1 there.
It implicitelly does. In that case, the certificate has to show 1/1 instead of 1/2 for a two doses vaccine.
Besides, the recommendation for people who had the infection is to get the shot 6 months after the diagnosis, so it would make no sense to include that information in the recovery one.
Source: I work for one of the regional healthcare providers in my country and my team had to develop our EU compatible certificates.
I guess this only works if it's used alongside proof of name and/or date of birth. I guess adding some basic biometric data like height and eye colour would have allowed venues to harvest even more personal data which is not ideal.
I'm having grief running the code on MacOS. Has anyone tried running the UK NHS app QR code through this? I am (200%) certain that uk.gov reinvented the wheel just to piss everyone off, but it would be interesting to know.
The UK doesn't have an NHS, nor NHS app. The UK has four national health services, one for each country.
IIRC only England has an NHS app.
And we have no id cards.
It's not looking good.
Have you looked at (in my case) the iOS app store? They certainly do have just such an app. Sure, I made a mistake thinking we were still United, but there is such an app for England residents.
it feels as if the covid pandemic will do more to sensitise people to the critical role of digital technology and data privacy in our lives than any amount of activism back in the days of "normality", let me check - 478 days ago.
these exercises in scrutiny, the demands on transparency, accountability, second order risk analysis etc. all this sets a precedent that will not be easy to ignore.
a silver lining if you wish [you can now resume the discussion]
i was the same... i am just avoiding facebook and whatsapp. i can not avoid a required scan for to enter my local food market. "you will submit to tracked or be ostricized from society... you have no rights until central government certify you."
I think in reality nobody will care about it in a few months, hopefully not years. I didn't plan any travel this year and not really interested in getting my health certified.
Still sensible to get vaccinated, but I think I will just put it in my paper pass. I don't trust smartphone OS one bit.
{-260:...} - why is key -260 ???, I mean who designs format like this?! Like in the middle of nowhere, bam -260. I would understand {type:-260, data:...} but this?! What is wrong with these people?
This tech is troubling, partially because it will work, the question is what it will work for. I've worked in privacy for a long time, and these passport schemes are just an absolute attack on health information privacy legislation and they create the precise outcome the regulations were designed to prevent, which was a literal tyranical society that used arbitrary medical pretexts to privilege and disadvatage people politically and economically. This isn't just rhetoric either, we have decades of health information privacy legislation built around this principle. Every single new government tech in many countries needs to go through a privacy impact assessment to ensure it isn't a mechanism to do this specific thing, and I guarantee these technologies would not have survived one.
Why should you give your vaccination status to anyone within the borders of a country, and what meaningful assurance does it provide to the pub/venue recieving it?
Here is what it does not do:
a) show you do not have a variant of a disease
b) show you are not carrying a disease
c) show you are or are not vulnerable to a disease or
variants of it
What does demonstrating this status signify? Perhaps I am missing something.
All this personal health infos should never ended up being encoded in clear in the QR code.
Some french researchers and Laquadrature are going to court to remove those infos from there:
"la lecture du code en 2D permet à n’importe qui, toujours aussi facilement, d’accéder à des données de santé très sensibles mais parfaitement inutiles au fonctionnement du passe : date de prise du vaccin, nom du vaccin, contraction passée de la maladie"
Really interesting. I like the choice of leaving the final judgment about immunity outside the code - i.e. to have the client verify that the doses are sufficient and happened in a suitable time window.
That will make things easier when the desired immunity definition changes (i.e. require three vaccinations), and also allows medical staff to make their own judgments.
A lot of people already require 3 shots. All transplanted, in dialysis and chemotherapy patients in France are shot 3 times as a rule, and a lot of them still get tested afterwards.
Well, I guess that will invalidate the covid certificate. There seems to be the "number of doses" and "doses received".
It will be interesting to see how this will actually be changed if we need more than 2 vaccines to be considered immune. Will they have to re-issue a certificate and invalidate the previous one? Will they let the old certificates expire and issue a new one with the updated total count?
No need to invalidate the old certificate. If the new requirement is 3 jabs and the certificate reads 2, the certificate is useless. The person carrying it will ask for a new one reporting all the 3 jabs.
I’m guessing there’s a timestamp of the vaccination… many EU countries are currently saying that vaccination is only valid for 6 months (though I expect this to be a pessimistic estimate, likely to increase soon)
Theres a whole extra layer of legal complexity here :)
e.g. some countries will consider you fully vaccinated X weeks after your 2nd jab of a specific vaccine. Others will say it's X+1 weeks.
The system has been built so that these decisions aren't in the cert itself, rather each country can layer on "business rules" on top. So - even if the cert expiry date is likely to be set far into the future, that has zero bearing on if it will be accepted or considered expired.
I’ll tell you why it’s not great: it doesn’t interop with other vaccination passport. I got vaccinated in the US and I’m in France now and my vaccination is worth nothing. Perhaps it will be a good thing for the short term and to incentivize people to get vaccinated, but I’m not sure what other purpose this really has.
There is an actual procedure for getting your vaccine internationally recognized. I looked this up for tourists coming to Croatia (who do not need to do this). It is conceptually the same as getting documents in your home country legalized for use in the respective country you are going to live in, abroad. I have went through this process more than a few times now. But, it is a pain to do.
1. Get your official vaccine record from your /state/ (not county) department of health.
2. Get your official vaccine record apostilled (certified for international use) by mailing it in (and paying a $10-15 fee) to your state secretary of state (in the state where it was issued).
3. (sometimes required--call a consulate) Get an official translation of the vaccine record (usually a translation on the apostille is not required) from a court approved translator in the country abroad (i.e. France). Typically this costs $35-50.
4. (sometimes required--call a consulate) Get all of this authenticated for use in the country you are staying in, abroad, usually via an official working for the Ministry of Foreign Affairs (i.e. France). This probably costs around $20.
Anyways, this is a lot of work, but this is the legalization process for foreign documents, so that they are viewed as official and usable abroad. Anyways, this is the standard and typical certification process for Croatia, an EU country.
It's not a privacy problem, it's a human rights one.
Sadly, no one seems to care.
Requiring a genetic treatment, to work, travel or live is a dystopic future. Madness.
if you modify rna to produce a protein of your choice what it is?
btw, even for the law Vaccine is something that give you immunity, and we have already plenty people with 2 shot getting covid again...
Next winter we will be in the same situation as 2 year ago, and alot of people will realize.
Then consuming any medicine -- or food! -- is also "genetic treatment", because all those organisms we consume have had their DNA altered by selective breeding. You're spouting silliness.
Many are skeptical of a vaccine passport combined with a digital wallet for CBDC. The historical background of those promoting this program is concerning. Even without that, the historical parallels to other atrocities is concerning. Together it seems obvious to those who are willing to examine it.
Unfortunately, there's a distinct lack of "intellectual curiosity" surrounding these issues. People are scared. Once again, they are looking for authorities to help them. Dissent is demonized as always.
In this case, concerns are framed as dangerous propaganda preventing us from reacquiring our pre-pandemic freedoms. For those true believers, I ask: When has government willingly returned freedoms ceded under the pretense of emergency?
At every level of education I was required to show evidence of vaccination to attend. This has been normal for many decades, and as far as I'm concerned makes complete sense. It's unclear to me what's dystopic about public health requirements. Society imposes on individuals many constraints, and gives us back many benefits in return.
Perhaps people care, but simply disagree with your threshold for what's an appropriate societal imposition. I certainly do.
In my country, there have been awareness campaigns about not giving out our passport or copies of our passport, as it contains our Social Security Number, biometric fingerprints, and other information that can be used to create a profile and impersonate a person.
This links 'a person' to 'a piece of health information'. Imagine what you or any data platform could do with that (big) data.
Imagine that you are only allowed to visit certain countries based on your vaccination status. Advertising agents of tourist and traveling agents would love to get their hands on that information, to create a better profile of you. Maybe Google could even make a FLoC of 'COVID-19 vaccinated people'.
Imagine that one year from now, one of the vaccines is known to cause health issue X, which would require over-the-counter medication Y.
Advertising companies would love to know exactly what vaccines you have received, to add to their 'profile'. and would go to great lengths to get this information (create their own 'reader app' and supply this to events).
Here we hide personal health information in a QR code and are expected to give random strangers 'consent' to this personal data to gain 'access' to a venue or 'service'.
Sounds awfully lot like a cookie consent-popup, which the EU is so actively trying to prevent through legislation.
Do you really need to link 'a person' to 'a vaccine profile'? Isn't it enough to link 'a person' to 'can access this service/venue according to local laws?'.
In software development, you separate authentication and authorization. The authentication part is 'are you who you say you are', the authorization part is 'are you allowed to access this resource'.
For authorization, you don't send the full list of all roles/permissions of this user for all authorized applications, you send a true/false based on the question canAccess(resource)? Otherwise a 'hacker' might find he has no permissions using the current authenticated account to resource A, but conveniently has full permissions to resource B.
You wouldn't give a random webshop access to your Bank Balance and history, would you? Your bank should only tell them 'transfer of X dollar is approved'.
The difference now is that this information is being made digitally available outside of a personal health dossier.
I have an international vaccination passport, paper-based, which is only shown to a customs officer of the country I am visiting. This has been 'good enough' to enter countries with vaccination requirements up until now. It has not been copied or entered into a computer system.
> Imagine that you are only allowed to visit certain countries based on your vaccination status.
How is this different from the uncontroversial practice of requiring yellow fever vaccinations when travelling to certain African or South American countries?
The difference now is that this information is being made digitally available outside of a personal health dossier.
When traveling to African or South American countries, you have to show proof to a public immigration agent. I have an international vaccination passport, on paper, which has been 'good enough' to provide this proof.
My health dossier is not publically accessible.
Currently, this check is
- looking at a piece of paper for the correct stamps,
- perfomed by a public immigration officer,
- upon entering a country.
With this QR code, I now put this check into the hands of
- any QR code 'reader' app,
- on a Google or iOS platform,
- which can be connected to the internet,
- performed by private companies (venue/event/organizer)
The WHO yellow fever certificate is not digital, it is just a piece of paper. Plus, many of the countries which ostensibly require it don't check it carefully or at all (and in West Africa, it is not unusual for the soldier checking it to be illiterate and unable to actually grok the details on it). So, this old-school vaccine proof doesn't pose the risk of being used for ad targeting that worries the GP.
Yes, in rare cases that might happen but in general that sounds like a trope. In fact, I've heard stories of people being denied entry and also getting vaccinated on arrival in a back room at the airport, which is as dodgy as it sounds.
Yes, I speak from repeat personal experience in both Africa and South America. That checking of the certificate in South America has dwindled is well known. Sure, some people may have bad luck, but there is a reason that many holidaymakers are no longer even aware that there is a rule on the books.
The certificate is commonly checked in Africa, but as I said, often the official on the border checking it is not capable of understanding the details – they just look for the paper with the familiar color and logo. Also, it has been common for travelers unable to get the yellow fever vaccine in their home country (historically supplies in Eastern Europe have been scarce, for instance) to simply forge the certificate, which is easily done. The WHO is aware that some amount of certificates will be forgeries, but nevertheless believes that the policy of requiring vaccination will be enough to reduce the risk of outbreaks.
I'm somewhat disappointed it contains personal data. I wonder how long until third party validation apps come out that exfiltrate this to the highest bidder. Yes of course GDPR should protect you from the business purposely doing it, but I'm more thinking of the app doing it without knowledge.
The German and Swiss/Austrian apps are all open source (and I think all three also have reproducible builds, you can verify what you installed, I know this is true of the official German apps involved). If you use a non-gov third party app that's on you I guess, not much from stopping you doing that since the QR code can be handled by any app.
Otherwise, some personal data will be required, since the person checking your code (like a bouncer) must be able to verify that against your ID card.
It does actually, because not all vaccines require the same amount of doses and if you were infected, that's a completely different story too. Different cities also have different timespans after infection or dose after which you can start all the fun activities (and sometimes it matters per activity). For example, the nightclub might require 7 days after the last required dose for vaccination or 14 days after the last negative test after an infection, but other venues might only require 7 days after the last negative test and 14 days after the last dose.
In addition to that, legislation may change, so your time limits and dosage limits now all change and future vaccinations might require more doses.
Either way, the bouncer doesn't get to see any of this. They only see your name, check your ID if it's the same name (which they have to do anyway to check you're 16 for alcoholic beverages and curfew) and then wave you through. The apps I've seen in use by people who check the vaccination QR code only give you an OK or NOT OK signal, once you've setup the type of limits you have to obey.
The code contains your name and date of birth. The photo is on your ID card/passport you show along with the QR code. So the person checking you can verify that the names and date of birth match, and that the photo in your ID could reasonably be you.
Id cards expire and are replaced by new ones with new ids.
In my country they expire after 10 years, on the birthday. So about 7 / (365 * 10) = 0.002 % of id cards expired this week here, or 115k cards. I'd store only the name and birthday and let officers check the id card with the usual procedure.
It would presumably not be a problem for people to regenerate their QR code when they replace their ID card. They have to regenerate it every day or so anyway. (The QR code in the article expires after 48 hours.)
Linking to an ID card number has the slight advantage that the ID card number is unique whereas several people can have the same name and date of birth. It doesn't really help with keeping the name or date of birth private because in practice those things are printed on the ID card which has to be shown together with the QR code.
The ideal would be to reveal only the information that is needed in a particular situation. For example, if you're trying to get into an Austrian pub all that's needed is the photograph of the face and confirmation that the person with that face is over 18 and vaccinated. Though in practice people like pub bouncers are not very good at checking faces so having a physical ID card that is hard to counterfeit is an important part of the security.
That line of reasoning suggests that what's needed is an ID card with banknote-style anti-counterfeiting measures that shows only a unique number and a photograph while all other information is provided through another channel such as a QR code.
> It would presumably not be a problem for people to regenerate their QR code when they replace their ID card. They have to regenerate it every day or so anyway. (The QR code in the article expires after 48 hours.)
A not small number of those 115k people per week are elders without a smartphone or no digital abilities except video calling their children and nephews.
Luckily it seems that in my country we'll be able to get a permanent QR code (paper or plastic, don't know.) I'm thinking about getting that one instead of the digital certificate: one less app, no worries about batteries and if it worked for my passport, id card and driver license it will be OK for my covid pass too.
It links 'name' to 'vaccination details'. I can imagine you would want to prevent that link.
If you cannot hide 'name', because you need that for identification, you could hide 'vaccination details', for example by linking 'name' to 'is properly vaccinated?'. No need to specify what vaccin gotten where and when in how many doses.
The signed-certificate part could still be present, as a tampering protection.
'Those pieces of data' is very vague. Do you want to know if somebody has been properly vaccinated (isFullyVaccinated), or against what, with what, when, where and how many times?
> I can imagine you would want to prevent that link.
This very likely is a subjective matter. I absolutely would want my name to be associated to my vaccination details, and will certainly do when it will be my turn to get the shot (still have high antibodies level after catching symptomatic Covid months ago).
Yes, I can understand for registering who has been vaccinated and when, it is necessary to combine these pieces of data.
The part I am worried about is, do I want to give anybody and everybody access to this information, or only a select group which is in my control.
Do I want to share my full Google/Facebook account, with password, with everybody that I show a QR-code to (for example a 'Login with Facebook' button), or do I want to be selective and only allow for 'verify and give permission to access part of profile'?
Do I want to share my full contacts list with a random app I installed from an app store, just because I started it? Or do I want to be selective and deny 'access to contacts' for a game which has no business looking through my contacts.
I understand your point. It's probably a grey area in which the need for surrounding people to feel safe outweighs the risk of someone accessing this data and using them against us. Also, any discrimination based on that data would also be against the law.
Having been infected with Covid19, and subsequently hospitalized for nearly 2 months in a Covid ward after a road accident [0], I've seen scenes of death and panic, but also negligence from denialists, therefore I believe it's our responsibility to be as much clear as possible with information so that they know what is going on and can feel safe thanks to correct information and not by ignoring the problem.
0: (I beat symptomatic Covid at home, then tested negative, then after 3 weeks had a road accident and the mandatory ER triage swab told I was positive again, although this time with no symptoms).
> Apart from the name/manufacturer of the received vaccine, there is no superfluous data inside, so the QR code is not a privacy nightmare, as some have feared.
It has someone's name and DOB in it, which, when scanned, creates a record of their identity at that location at that time.
Coordination between scanners can create a crude track log.
Such a system would be a nightmare for matching names reliably.
There may be variations between different documents (e.g. it might exclude middle names, people might use a different name on different documents, accented characters, hyphens, might be in a different order, might have a title or honorific such as "MR").
Using “green” pass does contradict with EU resolution 2361/2021 which states:
“ 7.5.2 use vaccination certificates only for their designated purpose of monitoring vaccine efficacy, potential side effects and adverse events;”
Allowing people to visit pubs or other social places is the right — whether someone concerned of getting sick it is up to them to get a vaccine; those who are not in for the experiment (most of covid vaccines are in experimental state up to year 2023) shall not suffer the artificial social limitation barriers.
You cannot ask everyone to use only the unaccented latin alphabet for names when there are EU countries that use other alphabets, and accents. And on the other hand, you cannot ask people in the rest of the EU to learn cyrillic for when a Bulgarian citizen shows their pass.
There is no easy solution for this, and including the native name + a normalised (ICAO 9303) version is probably the best one
> there is no superfluous data inside, so the QR code is not a privacy nightmare, as some have feared.
I strongly disagree. If the goal is to determine the COVID19 immunity status of a person on-site the only thing that should be contained is vaccination information. There is no need for full names, place of birth, issuer, targeted disease to be encoded in a QR-code that will be read by businesses. Especially since the information is presumably signed and verified by the official issuers anyway.
Any other personal details such as age can be checked via already existing IDs. The "targeted disease" field betrays function scope creep.
So much for the EU's moral high ground regarding privacy: needlessly sharing personal details for entering a cafe is not good privacy practice!
Name seems like a good field to include, but you will want to remove the 'vaccination details'.
Does a bouncer at a nightclub really need to know I received one dose of a Pfizer vaccine against COVID-19 in Austria on February 18, 2021?
Or does he need to know that 'I am fully vaccinated to enter this venue according to local laws'?
The official validation apps will not show this detail to the user. Unofficial apps may come up but app stores will probably quickly ban those (they are very careful about the whole COVID topic in the playstores).
There is still the chance of sideloading the app, but one does also need to consider if the vaccination information must really be protected that hard. In most countries, it's more or less randomly when and with what kind of vaccine you got vaccinated. And the really important information in my opinion is: is someone vaccinated or not? And this information is what the bouncer needs to know to let you in...
Imagine Facebook sending any app that would have 'Login with Facebook' functionality, your full profile, including your plaintext password.
Would you trust every and all third-party applications with this 'Login with Facebook' functionality, to not look at your plaintext password? Or would you rather have Facebook not send your password in the first place?
How would you encode the local laws into a code that is generated by an app, published by another government?
The type of shot, and the amount of shots, even the date of the shot, are all perfectly valid requirements that can end up in local law. Astrazenica doesn't work well against the British covid variant, so in an outbreak you might end up with laws restricting the type of vaccination, easily.
To determine what is and what isn't allowed, the logic should be built into the verification code, which each government can make their own for.
If all of Europe were to use the same laws and regulations then I'd agree that this information does not need to be stored in the QR code. This is impossible to manage in practice, though.
There are zero-knowledge and differential privacy solutions to this issue. For more critical applications there probably is an ID cross-check and online verification being performed. The nightclub does not need to know my full name, residence and birthdate.
On most ID cards, there is the full name and the birthdate of the person. So it does not matter if it's on the QR code too. The place of residence is neither on the ID card nor on the QR code.
It comes from SNOMED, which is a system for electronic health records and is very comprehensive, multi-lingual & multi-national. Every disease, symptom, medical term, etc... has a code which allows matching across languages.
I doubt the IDs start at 1, it's likely the fist few digits (perhaps 8405) are a type classification for the ID. It's been going for a few decades and thousands of new IDs are added each year.
I think there is a green pass for unvaccinated individuals that allows an antigen test to be used. Those tests are only valid for a few hours, varying by jurisdiction. (I think most US states accept these for 6 hours)
Depends on the cert. I know when I got the NY excelsior pass, the certificate expired about 6 hours after either the test was administered or results determined. (Don't remember which)
Sorry - i deleted my comment as I thought it was superfluous, but to reiterate - "it would be the validity for the test, not the cert". It is entirely possible that there was an expiry set, but you wouldn't be able to "reissue" it with a new expiry date, in contrast to what GP was suggesting.
No worries. This stuff is all as clear as mud, and different jurisdictions take differing approaches. There's a few competing standards, lots of noisy people, etc.
The example in the article seems to expire after 48 hours:
4: 1624458597, # QR code expiry
6: 1624285797} # QR code generated
1624458597 - 1624285797 = 172800 = 48 * 60 * 60
(I would have thought they could afford to be a bit more generous than that. If they were valid for a few weeks then it would be practicable to print them out.)
A technically sound proof which doesn't require online access is like this.
The authority encrypt some private information(name and birth date for example) with the private key, and encode it to QR code and give it to the customer.
On entering the pub, the customer show the document(passport, driver's license etc) which prove his private information. Staff then decode the QR code and decrypt it with authority's public key. Check the decrypted text.
The URL, when visited by browser should display a big green tick or cross. The page should contain all the machine parsable metadata. The URL itself should have a check digit to allow low-security offline checking, although for cases where falsification is an issue, online checks should be required, since there is no good way to revoke offline codes.
The substantially shorter code will read much more easily and be smaller to print. It can be verified or generated without any special software.
The downside of this is that the lookup is done online, and every use of an individual is tracked per service. This is not something that I am comfortable with.
https://github.com/eu-digital-green-certificates/
There are Android and iOS apps for QR reading, although they don't point to the production certificate chains so can't be used to verify "real" EU certs.