Open source "vaccine passports:" Linux Foundation Public Health talks development, security, and digitally restoring trust

Millions of people have received COVID-19 vaccines in recent weeks. Vaccine credentials could enable travel, entry into spaces, and restore some semblance of normality in the months ahead.

vaccine.jpg

Image: iStock/rosshelen

To control the spread of COVID-19, nations have implemented a variety of containment strategies including lockdowns, inbound travel restrictions, and more. In recent weeks, millions of people in the US have received a COVID-19 vaccine. As the vaccination rollout continues, some semblance of normality could return later in 2021.

So-called vaccine passports, a person's proof of vaccination, could enable travel and entry into spaces in the months ahead. The COVID-19 Credentials Initiative (CCI) is hosted by Linux Foundation Public Health (LFPH) and is working with a number of partners to build these solutions and standardize an approach to vaccination credentials.

Needless to say, developing a set of open source standardizations among emerging technologies can be a tall order.

"The technology we're building on is an open standard already, but it's an emerging open standard. Emerging [because] there [are] still pieces where we haven't standardized yet," said Lucy Yang, community director of CCI.

The pathway toward this standardization could follow that of another critical COVID-19 tech solution; namely exposure notification applications.

SEE: Linux service control commands (TechRepublic Premium)

For health agencies around the globe, contact tracing is central to virus mitigation strategy, and the LFPH has and continues to assist with the development of exposure notification capabilities during the coronavirus pandemic. Jenny Wanger, director of programs at LFPH, explained the early exposure notification challenges.

"There were so many different organizations all trying to move into this space, all wanting to help, and not necessarily coordinating themselves together, and so we were extraordinarily concerned about the question of interoperability between all of the different [exposure notification] solutions coming out to the market," Wanger said.

These exposure notification features are hinged on Bluetooth signals via the smartphone OS, and manufacturers of these cellular devices, Apple and Google, took the early lead on standardization, Wanger explained.

"Apple and Google, because they were the ones who controlled how the phones actually shared the Bluetooth signals, whatever they chose to do was going to really set the standard for the technology," Wanger said.

"We both needed that participation from them as well as [welcomed] it to unify the space in a very fast manner," Wanger said.

This approach may have worked to quickly direct and unify exposure notifications development,  but a single technical capability does not serve as the central lynchpin to vaccine credentials.

"There is no technological limitation to how these credentials get made. They can be displayed on pretty much any digital device, and so there isn't a way for a single company or a group of companies to set a standard and play a strong role," Wanger said.

With vaccine credentials, CCI has focused its efforts on bringing people together and starting a "conversation around interoperability," Wanger explained.

"We see our role here stepping in as amplifying the community's voice in order to get everybody else on board and continue that conversation forward," Wanger said.

SEE: The future of business travel: Digital nomads and "bleisure" define the new high-tech take on work trips (TechRepublic)

CCI and Linux Foundation Public Health are using an open source approach to creating vaccine credential solutions, and this strategy enables the larger developer community to play a role in development. A credential based on personal health data comes with cybersecurity concerns and Wanger believes the model could even make the software more resilient.

"We think [open source] actually has an even higher chance of staying secure because any vulnerabilities will be brought up by the community, will be found by that wide range of people working on this problem, trying to solve it together, and so that can really enhance the security, enhance the trustworthiness of the software," Wanger said.

Similar to other nonpharmaceutical interventions (NPIs) (i.e., handwashing, social-distancing), vaccine credentials could serve as another preventative virus mitigation strategy, Wanger said, and the efficacy of these strategies increases as more people buy-in.

"Exposure notification is a digital NPI, and in some ways, vaccine credentials are as well. Right?" Wanger said.

"The purpose of having a vaccine or a test credential is to show that that person has a lower likelihood of transmitting or contracting COVID-19, and so getting more people to use the system, getting more people involved in it is going to increase the effectiveness of the intervention," Wanger continued.

More than one year after the first US COVID-19 case, cities around the US continue to struggle with coronavirus tracing and containment. At the same time, lockdown measures, social-distancing measures, and recommendations against mingling indoors with members of other households have added a peculiar dynamic to day-to-day life.

Wanger believes these open source capabilities could help restore some level of normality, especially around interpersonal relationships.

"Ultimately these credentials are a way of substituting trust. Right? One of the things the pandemic has done that's I think been psychologically damaging for so many people is all of a sudden you can't trust anybody, even your family" Wanger said.

What final form these various vaccine credentials will take remains to be seen. Wanger explained that some solutions could involve QR codes while others could include further biometric connections. Yang said that CCI is also working on credentials that can be represented on paper and verified online or offline for people without a smartphone or a stable internet connection.

"We're sort of building a foundation here. It's going to be able to manifest in many different ways," Wanger said.

"There's going to be a ton of different iterations on this [project], and we don't want to actually force anybody to define how they build this or what it looks like at the end of the day, but what we do want to do is make sure that they can build it, and that whatever gets built works with other people's solutions," Wanger said.

Also see