The Astra-Zeneca vaccine. Drawing – Shutterstock / SIPA
- The European Parliament will be ready to ratify the European health passport during its plenary session from June 7 to 10.
- The passport or health certificate is a document that proves that its holder is immune to Covid-19 and can travel from one country to another without the risk of transmitting it.
- The project would take the form of a QR code linked to a pan-European database, containing for each citizen concerned, three types of certificates (test results, vaccination and cure), all secured thanks to the blockchain.
Definitely, blockchains are everywhere. Between digital works sold in the form of NFTs at millions of dollars, like those of singer Grimes or artist Beeple, and the rise of bitcoin, blockchain technology is on everyone’s lips. And the blockchain – as we say in French -, which allows you to keep control over your personal data, today invites itself into a more serious debate, that of the vaccine passport.
The digital green certificate (the other name of the vaccine passport) is essential despite the controversies it has sparked. As the summer holidays approach, the European Commission has unveiled its plan to facilitate travel within the European Union. It provides for entry into force for the month of June. The idea is simple, a “QR code would be linked to a pan-European database, containing for each citizen concerned, three types of certificates (test results, vaccination and cure), recalled the senatorial delegation to the prospective on March 18. . All secure thanks to the blockchain ”.
Full control of private data
Here, the idea is based on the “Self sovereign identity”, a principle that gives each individual full control of their personal data. With that, no more looting of our data by digital players (Facebook, Google and a whole bunch of public and private operators) who resell this information to advertisers for the purposes of advertising targeting. The Self sovereign identity is based on double key cryptography. You don’t need the blockchain to do this, although it makes things a lot easier.
Basically, each individual creates an encryption key pair, which consists of a private key and a public key. The public key is used to send encrypted documents, verify the signature and authenticate the user. The private key must remain secret and allow the messages to be decrypted. For example, to create a bank account, a person will communicate all the elements that the bank needs to create his account. The bank will then generate a certificate to guarantee that the person has a bank account and, at the same time, that he is indeed a French resident, without specifying his name, his address or the amount he holds in his account. From the moment a person has this certificate, they no longer need to present their identity card, their EDF bill or their bank details each time they wish to take an administrative procedure.
“The certificates were generated by operators (banks, public administrations, doctors, vaccination centers) of confidence”, explains Primavera De Filippi, researcher at CNRS and Harvard. It would be the same principle for the vaccination passport with a real interest of avoiding dispersing its health data. And the blockchain simplifies the management of the system. Instead of giving a digital document that the person must save on their computer, the certificates are directly generated within a blockchain infrastructure that guarantees their authenticity. “The vaccination center, for example, will issue a token [un jeton virtuel] which will be associated with my account, continues the researcher. If I have this token, it means I got the vaccine ”.
The end of ad targeting?
Only the attending physician would hold the medical data of his patient. As in the example above, only the bank would have the bank details of its customers. “The data is controlled by a single operator that I trust, so I no longer need to communicate it to all the operators with whom I interact,” resumes Primavera De Filippi. My doctor will hold my data, but he will only issue certificates concerning aggregated information. If then I have to go for my vaccine or take a medical prescription, I do not need to show all my medical information, I show a certificate from my doctor confirming that I have the right to have a vaccine, or to buy this drug ”.
We could imagine the same thing for all health data (and why not all personal data). With that, you no longer need to give your personal information to register on new sites, to make online purchases, to register on a streaming site. And above all, this system reduces the risk of hacking, as was the case at the end of February. Thirty laboratories were affected by the medical data leak which affected nearly 500,000 people in France.
While on paper the system looks very complex, in practice it is not. “E-commerce security systems are just as complicated and yet we use them every day. Instead of integrating my credit card, I sign the transactions with my private key ”. So why is the system taking so long to establish itself? The brakes are not technical, but rather financial. Operators will no longer be able to do ad targeting if users control their private data, which is not good for their wallet. While waiting for the lifting of the locks, we will be able to experience it from the month of June with the vaccination passport.