Authorities Act on Proof of Health Status – But is it Enough?
After the World Health Authority (WHO) declared on 30 January 2020 that COVID-19 was a Public Health Emergency of International Concern and that, on 11 March 2020, it had developed into a pandemic, scientists quickly developed vaccines that would prevent the spread and health impact of the virus. Governments, for their part, working with commercial organisations established vaccination certification protocols and documents that reflected the individual public health care circumstances of each country, region and bloc.
By October 2021, a loose network of bilateral arrangements had been agreed that established equivalence, and so mutual acceptance, amongst the five major proof of health status certification across the globe: China’s International Travel Health Certificate (ITHC), the European Union’s EU Digital COVID Certificate (EUDCC), India’s Digital Infrastructure for Vaccination Open Credentialing (DIVOC), the UK’s NHS (National Health Service) COVID Pass and the SMART Health Cards used by large private organisations and by about half of the states in the US.
I use the term ‘loose’, as there are still questions surrounding the strength of the bilateral arrangements as evidenced by the list of non-EU countries that have joined the EU Digital COVID Certificate system 1, including 35 countries such as the Vatican, Togo and San Marino but not the US or China!
The international travel sector, so badly impacted by waves of travel restrictions that followed the waves of new COVID variants, has, through its trade association IATA (International Air Transport Association), argued that there is a need to move towards a set of medium-term measures that are simpler, more predictable and more consistent than the current arrangement.
While falling short of calling for full interoperability, IATA’s ‘Restart to Recovery’ document calls for harmonisation across country entry requirements on the basis of health status by, amongst other factors, the implementation of digital solutions for the processing of health credentials, collection of traveller information and communication of travel requirements.
Also in the travel sector, ICAO (International Civil Aviation Organisation) is piloting a project to help airlines, airports, and other air transport partners to test and leverage the capability to authenticate travel documents and related health certificates, including official proofs of vaccination.
The limited-time pilot project trial is providing private sector partners with enhanced opportunities to make use of the data in ICAO’s Public Key Directory (PKD), a critical backbone supporting the security and efficiency of international mobility.
PKD data supports the international system of asymmetric cryptography employed by states to secure documents such as electronic passports, and importantly it contains no personal information about the identity of the holder of the travel document or the health proof certificate.
14 companies are already taking part in the pilot project, exploring new types of products and services which governments and the wider aviation community could benefit from by leveraging existing PKD data.
The end result should be a more varied range of stakeholders being able to authenticate travel and related health documents throughout a traveller’s journey, resulting in fully secure, seamless processes, added convenience, and higher efficiency for all concerned.
The ICAO Council has also adopted a new set of international Standards and Recommended Practices (SARPs) addressing national civil aviation responses to public health emergencies, and the security and inspection of travel and related health documents. The new SARPs will become applicable in November 2022.
All of these measures are undoubtedly assisting in the stuttering return of international travel but, as IATA puts it, these are ‘medium-term measures’ that are making border controls more manageable for travellers. But we are still working within a loose network of mutual bilateral acceptance which is some way from the harmonisation that can deliver the true benefits of interoperability.
With the publication of its ‘Digital documentation of COVID-19 certificates: vaccination status’ 2 the WHO is moving closer towards standardisation of vaccination certification. But the organisation makes it clear that the document is only guidance for countries and is not itself a standard – explaining that it is up to the organisation’s member states to determine how they want to manage unique identification of individuals.
Perhaps, then, it is time for another internationally respected competent authority – ISO (International Organisation for Standardisation) through its member organisations – to step in and standardise the features of a universal health status document that don’t deal with public health matters. I am thinking here about how the data is stored and used, how it is transmitted in a trust framework, the level of security required and the need for open- source software.
Maybe, the current working solution for proof of health status for international travel is sufficient to facilitate the cautious return to the skies that we are witnessing from travellers at the moment. But what happens when passenger numbers increase beyond pre-COVID levels and (God forbid!) we encounter the next species- jumping coronavirus?
I’ll be further tackling this unsavoury prospect during my presentation at the Optical & Digital Document Security™ in Vienna 11-13 April.
1 - EU Digital COVID Certificate | European Commission (europa.eu)
Subscriber content
Read the full article
Full access to ID & Secure Document News articles, newsletters and archives.