Re: Digital Vaccination Certificates -- Here Be Dragons!

Let's heed Bruce Lee while considering the REQUIRED constraints.

A vaccine certificate is a human right. Making them accessible to everyone
regardless of their fear of technology or government protects us all.

Can we stipulate that various credential formats will be coded as standard
VCs and that paper cards are private and accessible enough?

Can we stipulate that issuers and verifiers benefit from technology much
more than the subjects? They are getting paid, are licensed, maybe
federated, and depend on efficiency to stay competitive. In the case of
vaccines, at least, standards are a pure win for the issuers and verifiers.

The question then becomes: What is the digital infrastructure "good enough"
to meet these constraints?

   - Who will fund this human right infrastructure?
   - Will this infrastructure also deal with COVID testing on day one?
   - Do subjects need a digital identity on day one or can we link vaccines
   (and tests) to legacy (paper) credentials?

- Adrian



On Sat, Feb 27, 2021 at 2:07 PM John, Anil <anil.john@hq.dhs.gov> wrote:

> I am watching with dismay the swirling whirlpool of confusion that is
> being driven by a combination of good intentions, desperation, competing
> interests and self-interest around the domain of Digital Vaccination
> Certificates.
>
>
>
> I do not work for a public health agency, so have no perspective, remit or
> authorities when it comes to the authoritativeness of the data and the
> specific elements that would need to feed a digital VaxCert
> representation.  I defer to the experts at our U.S. CDC and the WHO that
> have this remit to inform and influence this in a manner that incorporates
> the broadest possible public interest equities.
>
>
>
> However, as you all know, we have done extensive public work (5+ years and
> counting to date) to ensure that technical implementations of solutions
> that could support digital VaxCerts (and many other things) are not
> developed in manner that enables “walled gardens” or closed technology
> platforms that do not support common standards for security, privacy, and
> data exchange.  In particular, as a potential future consumer of digital
> VaxCerts, we have a vested interest in ensuring the global interoperability
> of such solutions.
>
>
>
> Over the last number of months we have been bombarded with a singular
> question “What are the lessons learned or feedback you could share from
> your interoperability journey that **may** be relevant here?”
>
>
>
> The answer to this in general has three aspects:
>
>    1. Expect and anticipate breakage, but don’t let the perfect be the
>    enemy of the good
>    2. Everyone is not going to get everything they want right now
>    3. Real interoperability REQUIRES constraints!
>
>
>
> Because I believe that this is an important conversation, I figure I would
> put together some high level slideware that synthesizes and shares the
> answers I have provided directly to those who have asked.  I am not in the
> hearts and minds business, so consider this in the spirit of the quote from
> Bruce Lee – “Absorb what is useful, Discard what is not, Add what is
> uniquely your own.”
>
>
>
> Happy to chat to share our mistakes, so that you don’t need to repeat
> them, with those who have a public interest focus in this area.
>
>
>
> Best Regards,
>
>
>
> Anil
>
>
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>
>
> Email Response Time – 24 Hours
>
>
>
> [image: https://www.dhs.gov/science-and-technology/svip]
>
>
>
>
>