Tag Archives: health passport

IATA endorses the EUDCC. But will it matter?

In a Bredemarket blog post in February 2021, I quoted something that I wrote in 2013 in one of my personal blogs, Empoprise-BI.

I’m sure that many people imagine that standards are developed by a group of reasonable people, sitting in a room, who are pursuing things for the good of the world.

You can stop laughing now.

As I noted back in 2013, and again in February, there are many instances in which standards do not evolve from a well-designed process. In reality, standards emerge via that process that I referred to in February as “brute force.”

By イーストプレス – 「ゴング格闘技」=1951年のブラジル地元新聞からの転載, Public Domain, https://commons.wikimedia.org/w/index.php?curid=13320163

For those who are not familiar with the “brute force” process, I’ll provide two illustrations.

  • If a lot of people like something, it’s a standard.
  • If a trillion dollar company likes something, and I like something different, then the thing that the trillion dollar company likes is a standard.

If two trillion dollar companies like two different things…it can get messy.

Back in February, I was just beginning to talk about something that I called “health passports” at the time. Later, I personally decided that “health passports” is a poor choice of words, and have instead gravitated to using the phrase “vaccine certificate.”

Regardless, my concern back in February was that there were all sorts of these things floating around. Even back then, Clear had its own solution, IATA had one, IBM had one, iProov had one, Daon had one, and there were many, many more.

So what happens if I have a Clear vaccine certificate but the airline or building that I’m approaching supports the iProov certificate? Can the iProov certificate read the Clear certificate? Or do I have to get multiple certificates?

This post looks at a new development in the vaccine certificate brouhaha. I’m not talking about what vaccines are honored by the vaccine certificate, but about acceptability of the vaccine certificates themselves. In particular, I’m talking about acceptance of one certificate, the EU Digital COVID Certificate (EUDCC).

Because one big player is getting behind it.

From https://ec.europa.eu/commission/presscorner/api/files/attachment/868508/Digital%20Green%20Certificate_en.pdf.pdf

How do international air transport folks feel about the EUDCC?

While the EUDCC can conceivably be used for a number of use cases, such as entering a private business like a restaurant, one of the most popular use cases for the EUDCC is to board an airplane that is crossing an international border.

So if there was an organization that was dedicated to the business of flying airplanes across international borders, and if that organization thought that the EUDCC was pretty cool, then that endorsement would have as much pull as Google (and Facebook) endorsing a web image format.

Enter the (drumroll) International Air Transport Association, which issued a press release on 26 August.

The title?

“IATA Backs European Digital Covid Certificate as Global Standard.”

From https://www.iata.org/en/pressroom/2021-releases/2021-08-26-01/

Now those who read my February post will recall that IATA was one of those groups that was already developing its own vaccination certificate. So how does the EUDCC compare with the the IATA Travel Pass?

The DCC…is fully supported by IATA Travel Pass.

But in addition to mere self-interest, there is another reason why IATA is endorsing the EUDCC: it’s supported by a lot of countries inside the EU, and other countries are looking at the EUDCC as a model.

The EU DCC is implemented in the 27 EU Member states and a number of reciprocal agreements have been agreed with other states’ own vaccination certificates, including Switzerland, Turkey, and Ukraine. In the absence of a single global standard for digital vaccination certificates, up to 60 other countries are looking to use the DCC specification for their own certification. 

Oh no, I’m just looking

However, it’s one thing to be “looking” at something, and another thing entirely to actually “do” something.

Before assuming that the EUDCC will become the de facto DCC, consider how two countries in particular will approach it.

This image or media was taken or created by Matt H. Wade. To see his entire portfolio, click here. @thatmattwade This image is protected by copyright! If you would like to use it, please read this first. – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=5004719

One of those countries is my own, the United States of America. While one can argue whether or not the U.S. enjoys the same level of power that it enjoyed immediately after the end of the Cold War, it is still a major player in world economic and travel affairs. And regardless of who the President of the United States is at any given time, the U.S. has often decided to go its own way. Couple this with the power of individual U.S. states in my country’s federal system, and it’s quite possible that even if the U.S. goes along with IATA, and some form of the EUDCC is adopted by our Transportation Security Administration, that does not necessarily mean that the same certificate can be used as it is in Europe to grant access to museums, sporting events, and concerts.

By Severin.stalder, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=39661035

The other country that may have an issue with the EUDCC is China. If the United States is potentially a waning world power, China is potentially a gaining world power. The relationship between China and the rest of the world varies from time to time and from issue to issue. China may decide that it’s not in its best interest to adhere to an international standard for certifications of COVID vaccination, testing, or contraction. And if it’s not in China’s best interest, China won’t do it.

So before declaring that IATA endorsement of the EUDCC settles the issue…we’ll see.

How many vaccine certificates (not health passports) will citizens in Africa and elsewhere need to do anything?

This is a follow-up to my April 9 post, with a slight correction. I need to stop using the term “health passport,” and should instead use the term “vaccine certificate.” So starting now I’m doing that. Although I still think passports are cool, even if vaccine certificates aren’t passports.

An Ottoman passport (passavant) issued to Russian subject dated July 24, 1900. By FurkanYalcin3 – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=27699398

It’s also a follow-up to my February 16 post, which noted that there are a whole bunch of health pa- I mean vaccine certificates that are being marketed by various companies and organizations.

In addition to Clear’s Health Pass, there are a myriad of other options, including AOKpassCommonPass, IATA Travel Pass, IBM Digital Health Pass, the Mvine-iProov solutionScan2Fly from AirAsia, VaccineGuard from Guardtime, VeriFLY from Daon, the Vaccination Credential Initiative, and probably some others that I missed.

Obviously it takes a while to solve such issues, so you can’t expect that all of this would be resolved by April.

And you’re right.

As Chris Burt of FindBiometrics recently noted, the whole vaccine certificate issue was recently discussed by a panel at an ID4Africa webinar. Now even if you haven’t heard of the organization ID4Africa, you can reasonably conclude that the organization is in favor of…IDs for Africa.

And even they are a bit skittish about vaccine passports, at least for now.

Questions around how these digital health certificates should work, where and whether they should be used, and what can be done to mitigate the risks associated with them remain, and were explored by an international panel of experts representing major global organizations convened by ID4Africa. They found that too much remains unknown to inform final decisions…

The panel warned against rushing headlong into adoption of vaccine certificates without a better understanding of what they were, how they would work, and how individual information would be protected. And there are major questions all over the “how they would work” question, including the long-standing question of how vaccine certificates would be interoperable.

It quickly emerged that while several groups represented are working on similar projects, there are some key differences in goals.

The WHO is building specification which are intended to create digital records not for crossing borders or proving health status to any third party, but merely for continuity of care. Its working group also includes ICAO, IATA, and ISO, each of which have their own applications in mind for digital health credentials.

See the list above.

And even if you just look at the WHO’s project, it’s still not finalized. The present timeframe calls for a version 1.0 of its specification by the end of June, but timelines sometimes slip.

Chris Burt details many other issues in his article, but for purposes of my post, it’s relevant to say that it will be months if not years before we will see any sort of interoperability between vaccine certificates.

How many health passports will convention attendees need to revisit Las Vegas?

Two years ago, this picture wouldn’t look strange to me. Now it looks unusual.

ISC West, Las Vegas Nevada, 2017. https://twitter.com/JEBredCal/status/849649679016927233

I took this picture on the morning of April 5, 2017. I had just flown from Ontario, California to Las Vegas, Nevada to attend the ISC West show for a day, and would fly home that evening.

The idea of gathering thousands of businesspeople together in Las Vegas for a day obviously wasn’t unusual in 2017. While many think of Las Vegas as a playground, a lot of work goes on there also, and Las Vegas has superb facilities to host conventions and trade shows. So superb, in fact, that Oracle announced in late 2019 that it was moving its annual Oracle OpenWorld conference from San Francisco (up the road from Oracle’s headquarters) to Las Vegas.

But then 2020 happened.

One month after Oracle started planning for the Las Vegas debut of Oracle OpenWorld, the 2020 Consumer Electronics Show took place in Las Vegas. Unbeknownst to the 170,000 attendees at that show, they were unknowingly spreading a new illness, COVID-19. They did this by doing things that people always did at trade shows, including standing next to each other, shaking hands, and (in business-appropriate situations) embracing each other.

Of course, the CES attendees didn’t know that they were spreading coronavirus, and wouldn’t know this for a few months until after they had returned home to Santa Clara County, California and to other places all around the world. By the time that CES had been identified as a super spreader event, Las Vegas convention activities were already shutting down. The 2020 version of ISC West had already been postponed from March to July, was then re-postponed from July to October, and would eventually be cancelled entirely. Oracle OpenWorld’s September debut in Las Vegas was similarly cancelled. As other companies cancelled their Las Vegas conferences, the city went into a tailspin. (Anecdotally, one of my in-laws is a Teamster who works trade shows in Las Vegas and was directly affected by this.)

Today, one year after the economies of Las Vegas and other cities shut down, we in the United States are optimistically hoping that we have turned a corner. But it’s possible that we will not completely return to the way things were before 2020.

For example, before attending a convention in Las Vegas in the future, you might need to present a physical or digital “health passport” indicating a negative COVID-19 test and/or a COVID-19 vaccination. While governments may be reluctant to impose such requirements on private businesses, private businesses may choose to impose such requirements on themselves – in part, to reduce liability risk. After all, a convention organizer doesn’t want attendees to get sick at their conventions.

As I noted almost two months ago, there are a number of health passport options that are either available or being developed. This is both a good thing and a bad thing. It’s a bad thing for reasons that I noted in February:

In addition to Clear’s Health Pass, there are a myriad of other options, including AOKpassCommonPass, IATA Travel Pass, IBM Digital Health Pass, the Mvine-iProov solutionScan2Fly from AirAsia, VaccineGuard from Guardtime, VeriFLY from Daon, the Vaccination Credential Initiative, and probably some others that I missed….

But the wealth of health passports IS a problem if you’re a business. Imagine being at an airport gate and asking a traveler for a Clear Health Pass, and getting an angry reply from the traveler that he already has a VeriFLY pass and that the airline is infringing upon the traveler’s First and Second Amendment rights by demanding some other pass.

When I wrote this I wasn’t even thinking about convention attendance. In a worst-case scenario, Jane Conventioneer may need one health pass to board her flight, another health pass to enter her hotel, and a third health pass to get into the convention itself.

This could potentially be messier than I thought.

When the health passports can’t talk to each other

I’m going to open this post with something that I wrote nearly eight years ago.

I’m sure that many people imagine that standards are developed by a group of reasonable people, sitting in a room, who are pursuing things for the good of the world.

You can stop laughing now.

I wrote this in the context of the then-emerging compression format WebP (we’ll return to WebP itself later). The point that I was making was that something becomes a “standard” by brute force. If a lot of people like something, it’s a standard.

The issue with standards is that they can take years to develop, so standards are adopted after the fact.

Now let’s look at “health passports.” As you may have guessed, these “passports” can be used to enter a country, or a state, or an office building, and are specifically devoted to certifying the health of the passport bearer. If the person meets the health criteria, they can enter the country/state/building. If not, they are prohibited from entry.

An Ottoman passport (passavant) issued to Russian subject dated July 24, 1900. By FurkanYalcin3 – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=27699398

In a sense, the concept of a health passport is nothing new. Before entering a country, you are often required to satisfy various health conditions, such as being free of tuberculosis.

The current impetus for health passports, of course, is COVID. When COVID spread across the world a year ago, and governments began shutting down borders between countries, a lot of people at a lot of government agencies and a lot of companies began asking two basic questions:

  1. When reliable COVID tests are developed, how will we know whether someone has successfully passed a COVID test?
  2. When reliable COVID vaccines are developed, how will we know whether someone has successfully been vaccinated against COVID?

These questions, especially the second one, were mostly theoretical a year ago, but the government agencies and the companies needed answers to them as soon as possible. And the governments and the companies weren’t going to wait for the entire world to agree on a plan; they wanted to move ahead THAT DAY.

It’s a year later, and COVID tests are readily available, and COVID vaccines have been developed and approved in various countries. And we’ve made a lot of progress.

Or have we?

As Jim Nash notes in a Biometric Update article, there are several different solutions to the “health passport” issue. Nash lists two of them:

  1. The state of Hawaii is working with Clear, United Airlines, and Delta Airlines on a solution. Initially this only documents testing, but it could be expanded to vaccine documentation.
  2. The Malaysia Aviation Group is working with “local authorities” on its own solution.

And that’s just the start of options for health passports. In addition to Clear’s Health Pass, there are a myriad of other options, including AOKpass, CommonPass, IATA Travel Pass, IBM Digital Health Pass, the Mvine-iProov solution, Scan2Fly from AirAsia, VaccineGuard from Guardtime, VeriFLY from Daon, the Vaccination Credential Initiative, and probably some others that I missed.

Can you say “early in the product lifecycle”?

Now the wealth of health passport solutions isn’t much of a problem for most consumers, since we’ll probably need one or two health passports at most as this market matures. Maybe a US person might need one or two health passports for domestic travel, and maybe one to get into the office. In extreme conditions, maybe they’ll be required to enter grocery stores, but this is doubtful considering the resistance of American personalities to governments telling us what to do.

But the wealth of health passports IS a problem if you’re a business. Imagine being at an airport gate and asking a traveler for a Clear Health Pass, and getting an angry reply from the traveler that he already has a VeriFLY pass and that the airline is infringing upon the traveler’s First and Second Amendment rights by demanding some other pass.

Eventually there will be enough of a brouhaha over the multitude of incompatible passes. At that time, several efforts will be made to establish THE standard for health passports, or at least for health passport interoperability.

Yes, “several efforts” will be made. Because each vendor will unsurprisingly advance its own passport as the best one for the standard, or perhaps will form alliances with selected other vendors.

And it will get messy.

Take WebP, which Google was trying to push as a standard eight years ago, with some people accepting WebP, others not supporting it, and others opposing it and then supporting it. Well, while that fight continues…

…Google is experimenting with WebP2.

Yes, progress is good, but there’s a cost to planned obsolescence.