Although international travel restrictions for Australia have been extended to at least June, there may still be potential for a trans-Tasman bubble with New Zealand (and maybe some other countries), according to reports.

Air New Zealand will begin trialing digital vaccine passports (or “immunity passports”) on routes to Australia in April. Ideally, these digital certificates will allow authorities to quickly check whether prospective travellers have been vaccinated.

The specific passport system New Zealand is set to adopt — along with Qantas, Malaysia Airlines, Singapore Airlines, and Qatar Airways — is the International Air Transport Association (IATA)‘s digital Travel Pass app.

But to be effective, this system would need to meet several key criteria. The vaccine passports would need to be linked securely to travelers, comply with different countries’ regulations and be almost impossible to illegally copy or modify.

Before-departure checks

Once your vaccine and identification details are logged, this would generate a data file to be sent securely to the app’s software. This file would be encrypted and stored on the device itself, only to be retrieved by an authorized person with your consent.

Border and airline staff could check whether the lab identification is valid by comparing it to the IATA’s list of trusted vaccine providers. This check would be done using a wireless near-field communication system, similar to that used for contactless payments.

At this point, the border control unit would also confirm if the identification you presented when getting your vaccine is still valid. They could also check your passport against the national passport database, which is standard procedure.

Such a system could be set up to flag important updates. If a vaccine batch failed quality control, or a certain provider was removed from the approved providers' list, this would need to be reflected quickly.

Security advantages of vaccine passports

A notable advantage of vaccine passports is they’re hard to forge compared to paper records. The IATA software would unbreakably link your identification details with your vaccination status.

Even if someone stole your phone or copied its data, this data would match only your passport. If they stole your passport, too, they’d likely still get caught during normal passport checks.

On Apple (iOS) smartphones the in-built “secure enclave” feature would prevent your Travel Pass app information from being moved remotely to another device without the right permissions. Android and other operating systems have similar tools used for smart wallets.

Using vaccine passports also minimizes data sharing. In each case of information transaction, such as when crossing border control, the only data shared are your identification details and vaccine information.

An achievable set-up

Most countries are requiring that all COVID vaccines administered be recorded on a national register. In Australia, this is the Australian Immunisation Register.

The IATA will publish the Travel Pass app’s software interface, which is what enables other programs to transfer data to and from the software.

With the interface available, countries should be able to simply integrate the software into their own vaccine management systems. Governments could even apply their own rules to the software.

For instance, one may decide to reject vaccine records from a particular provider or demand a longer waiting period once a vaccine is received.

This could obviously cause problems for travelers who may be planning to go to a destination with different protocols to the origin country. That’s why this would have to be sorted prior to travel, just as visas often are.

Minor issues and loopholes

For now, a digital vaccine passport would only be available for people with a smartphone or tablet. Also, each traveler in a group would need their own vaccine passport.

This could be tricky for families with young children or other dependants who don’t (or can’t) use smart devices. One fix would be for parents or carers to store dependants’ information on their own device.

The only credible route for vaccine passport forgery would be if a vaccination management system, such as one used by a GP or hospital, somehow recorded patient data incorrectly.

This could be done by someone deliberately impersonating someone else. Then again, the impostor would have to convince both the health worker administering their vaccine and staff at the airport. This would be difficult if a passport is used.

Similarly, a hacker could potentially attack the Australian Immunisation Register (or other vaccine registers) to generate false data to feed into the IATA system. But these registries tend to be well-protected.

And if one were compromised, it would be simple to invalidate vaccine certificates tracing back to it for as long as the issue wasn’t resolved.

Smartphones could be used for contact tracing and immunity passports -- which backers say offer indications of who can circulate safely -- to help ease coronavirus lockdowns Smartphones could be used for contact tracing and immunity passports -- which backers say offer indications of who can circulate safely -- to help ease coronavirus lockdowns Photo: AFP / Ina FASSBENDER

This article originally appeared in The Conversation.

Dave Parry is a Professor of Computer Science, Auckland University of Technology.

TheConversationLogo_smaller Logo Photo: The Conversation