The IBM and New York vaccination passport. A dubious initiative

The vaccination passport

Since the beginning of the COVID-19 pandemic, there has been talk of the so-called vaccination passports. It is a document that identify those people who, either because they had the disease or been vaccinated, would have less chance of getting sick. Therefore, they should not be subject to the same restrictions as those who are not in that category.

The proposal generated numerous complaints by those who consider it a threat to individual freedoms.s since it not only facilitates the tracking of citizens, it is also a way of forcing them to apply vaccines that, due to urgency, did not comply with the normal approval steps. In addition, the implemented proposals are often difficult for those who do not have technological skills.

The IBM and New York Vaccination Passport

Excelsior was jointly developed by IBM and New York State in just 8 weeks. It is a website that generates a QR code. This code allows people who have been vaccinated or tested negative for COVID-19 quickly enter anywhere, from large events in public places to smaller and more specific events. like weddings. Private organizations that wish to implement control through the Excelsior Pass can do so at no cost; all you need is an employee with a smartphone.

The operation of the application is possible because New York State has a database that keeps track of people who have been vaccinated. It also tracks individual COVID-19 tests that come from hundreds of different labs.

When a person signs up on the web, the data entered will be compared to the New York State database. That generates a QR code that you can print, download to your phone or photograph with the camera . Whoever controls the income only has to scan it to obtain the information.

Excelsior has vulnerabilities. Just by having the biographical data of another person, anyone can show a QR code that indicates that they are vaccinated or not infected. Therefore, users could be required to show an identity document.

My doubts

Both the article that I cited above as a source, and the from the Washington Post iThey insist that the user's privacy is guaranteed. Although none gives any evidence to support the claim. The Post at least took the trouble to be critical of the system and put it to the test in the real world. He found that in some cases it is difficult to set up and that COVID test results are not always updated immediately.

New York State's response is to suggest that system users go to one of the laboratories on a list  It includes those who "committed to" update the information as quickly as possible. " As an Argentine, every time the state recommends that I prefer a private company over another, I suspect their motives. But let's give New York the benefit of the doubt and get back to privacy.

If you want to enter a massive event in New York, you have to show the vaccination certificate or a study that is negative for COVID or, failing that, the QR generated by Excelsior.

Privacy is supposedly guaranteed because the QR code only includes authorization status (If you are vaccinated or did not test positive for COVID), Your name and date of birth. The independent application that companies use to read the QR Excelsior Pass, called the NYS Scanner. supposedly deletes personal information after each scan.

To give greater peace of mind, both the state and IBM say they are not getting any new data about the users who use the application.And they clarify that, at least New York already has an exhaustive database of all those who have received the vaccine or have undergone a test.

However, there is no guarantee that such data will not be collected., Either by the original applications as by unauthorized versions.

Of course, in no way do I mean to question anyone's good repute. I just ask myself questions like:

  1. Why didn't any journalist ask to see the Excelsior source code?
  2. Who is the one that always insists on the availability of the source code of the applications used by the State?
  3. Which company is the strongest against the one that always insists that the source code has to be available?
  4. What is the company that owns the company that leads the offensive against which always insists on the availability of source code?

Now I leave you, the aluminum hat is very itchy.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.