A fully digital vaccine passport system in the UK? It won’t happen.
Barely a year ago, as the world adapted to the “new normal” of pandemic lockdown, governments started considering how best to manage and track exposure of individuals to the virus in an attempt to contain it as much as possible. Rather sensibly, attention turned to tech, and proposals were put forward about how we could use the sensors on mobile devices as a means of measuring distance from those who find themselves with a positive COVID-19 diagnosis.
This came with all sorts of tricky obstacles. How do we manage to keep track of where everybody is and how far they are from someone else, as well as allowing them to inform people who have had recent exposure to them if they find themselves with COVID, without creating a monolithic database susceptible to attack, misuse and abuse? How do we convince the public at large that we have done so? After all, there would need to be a certain uptake level otherwise the whole exercise would be pointless. But beyond the civil liberties questions, which are always at the forefront of any progressive politico’s mind, the most poignant one was much more fundamental — is this even physically and technologically possible?
It turns out it was, but like all things, it was never going to be perfect. The mobile giants (Apple and Google) shipped a change to their operating systems that would allow a government’s app to interact with an exposure interface. No personal details would be sent anywhere, and the app would not have access to them. Each individual had an anonymous number, and as they came close to others, the bluetooth sensor would detect that person’s device and record their anonymous number. If you tested positive for COVID, you’d tell the app and your number would be uploaded to a server. Everybody else’s app would check the list on that server roughly once a day and if any number in that list matched their exposure list, they’d be warned to self-isolate or get a test. Perfect — no personally-identifiable information is accessible to the app or the back-end system, and the idea largely works.
“We’re going to have our own app! With blackjack and hookers!”
Enter the UK. Instead of going down the route of using this system, the government decided to shun the tailor-made offering and create their own from scratch. The primary difference between the “decentralised” Google/Apple approach and the UK’s? The UK wanted more control over the data flow — so instead of merely a list of numbers on the back-end server, the server would be responsible for dealing with the matching too. From a technological standpoint, this is fine: the less data processing on mobile devices the better, because intensive processes drain battery. From a civil liberties standpoint, the government would have access to all the interactions between anyone. Doing it on the device with the Google/Apple system meant more protection for a user’s personal privacy.
But civil liberties weren’t the primary problem. The primary problem is that technologically, the solution did not work. On Android, the operating system quite rightly has checks and balances in to ensure app developers are not, to use technical language, taking the piss. If an app on your device is using too much processing power, or is hungrily demanding the device’s sensors, there are failsafes in place to cut them off from doing so. Google made an exception for officially designated COVID apps that used their decentralised system, and even worked out a way to keep the bluetooth going without draining too much battery. The UK shunned this offering and produced an app that would be treated like any other. The result? The app was not broadcasting and listening all the time, rendering the whole endeavour entirely pointless.
The UK succumbed to the notion of doing what they were warned they should do in the first place and finally released their decentralised app on 29th October 2020. For contrast, Germany’s version was released on 16th June. Four months of contact tracing opportunity wasted because of a typical chaotic, negligent and incompetent approach to tech by the UK government.
“Let’s make our own fully-blown vaccine passport system whereby any individual with a business can digitally verify somebody else’s vaccination status via a server that almost certainly won’t be anonymised and do it within the months remaining before most of the country is vaccinated anyway… with blackjack and hookers!”
You can probably see where this is going. In the grand scheme of things, the COVID tracing app is actually a very simple system. It does little more than collect numbers, store them, download another list of numbers and compare those two lists.
We have very little information so far about what the government actually plans to do with regards to a vaccine passport beyond speculation. Perhaps they could be producing a very simple digital certificate that doesn’t need verification, allowing the business or venue controller to rely on the trust of the validity of that document. That would be the simplest, most privacy-friendly and most technologically-viable solution to introduce in a short time-scale. Conversely, it’ll also be really easy for people to falsify a digital certificate without the need for a verification. But would they really go to those lengths to get into a concert? Well, I suppose it has been a year…
But some rumours suggest the other extreme. You have your vaccine passport digitally, presumably somehow linked to your NHS records (unless they allow the data to be anonymised after entering, which would then make the list entirely unauditable) along with a system that allows the bar you’re trying to get into to be able to verify the veracity of your certificate. This would effectively mean that vast numbers of business owners around the country would have access to a system whereby if they enter an identifier (which, to be fair, could be an anonymous number or a QR code) would return whether or not the certificate is a valid COVID vaccination. Presumably this would be done on personal mobile devices of staff using a proprietary app, leaving you to rely upon trust that the device has not been compromised in any way (or that the owner of the device themselves does not have malign intent). You’d expect that the certificate would need to also show your identity, otherwise you could just borrow your mum’s phone to go to a restaurant, right? Also, presumably for auditing purposes the government will keep track of verification requests — effectively creating a databank of breadcrumbs as to where you went and at what time you went there.
These are all very murky civil liberties concerns, but the truth is they’re not really worth worrying about. The effort to get such a system up and running in a short amount of time, bringing on hundreds of thousands of people with read and write access to certificate data and doing so whilst following privacy laws to the letter, creating the various apps that would need to produce and verify the certificate (ensuring the validity of the person’s identity in both those cases), not to mention the monumental back-end systems that would need to process all this data, is something so ambitious and high-scale that nobody should be worried it will find its way into existence before the vaccination situation has reached a level where such a system is no longer required.
This would be a high-scale and high-risk project for an enterprise level corporation, nevermind a government renowned for its complete inability to understand the limitations of tech (they literally suggested assigning individuals IP addresses a few years back, which is not how IP addresses work in the slightest). The news reports suggest the project is currently in blue-sky mode rather than in any serious level of implementation. The UK is planning to open up again on 21st June, giving the government just over two months to implement this system.
Calm your civil liberties fears. The thing that will stop this project is not a national identity register-style campaign, but the simple laws of physics. And, of course, the unusually-reassuring precedent that even given all the time in the world, a UK-government-implemented system won’t work anyway.
