Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Vaccine passports: Our saving grace, or a privacy nightmare?

By Frances Zelazny
passport-vaccination freepik
June 7, 2021

Once the vaccination effort in the United States picked up steam, with it came the promise of a return to normalcy, a reopening of society. People would be able to safely congregate again, go to concerts, sporting events, restaurants, travel, even go back to work. The ticket? A vaccine passport, proof of inoculation or the presence of antibodies.

But with this promise comes many questions, especially in a country where there is no centralized identification system, where a myriad of public, private and non-profit institutions are involved in the vaccine effort, where many people do not have ID, and even if they did, in many cases they were not asked for it when they went to get vaccinated. Moreover, according to a recent industry panel I attended on the subject, only about half of the US states have health systems that would enable the verification of identity and the maintenance of verifiable digital health records.

So where does that leave us from a security and privacy standpoint? A recent New York Post headline warns, “Fake COVID Vaccination Cards Are Spreading Like a Virus Online,” the problem reaching epidemic proportions as airlines and event venues state that they will require vaccination cards for entry and as of this writing at least, only 28% of the population fully vaccinated.

On the one hand, we are in the middle of a crisis and the rush to get people vaccinated may trump all else. On the other hand, we had almost a year to think about how to manage ourselves once the vaccines were available and the fact that things were not thought through leaves us in a privacy and security quagmire.

First, how do we know that the people who are holding these vaccination cards are really who they claim to be? Second, how do we know the people presenting them are the ones who actually got vaccinated? In a scathing LinkedIn post, Brett Johnson points out that for $50 on the dark web, anyone can have access to fake documents, so for those that say the requirement is to show an ID with the vaccination card, I say, rubbish.

For me, the issue of vaccination passports is actually exposing the underbelly of the privacy and identity debate in the United States at the expense of public health and public safety. This is no longer a matter of whether people are collecting benefits to which they are not entitled, or whether an ID is needed to vote. The issue of vaccination passports and the lack of a national identity strategy in the United States is now literally a matter of life and death.

At the risk of being dramatic, I recall that my daughter’s school was ground zero for the pandemic breakout in New York City. A father in the school was the first confirmed case in the region and within a matter of days the city was in lockdown mode. Noone wants to go back to that. If we want to open society safely, we must consider public safety. Opening prematurely without understanding the risk can actually prolong the crisis and exacerbate public mistrust. 

Of course, there is the other side of the equation - that of privacy. And this too is a complicated one. First, the question of who has access to these troves of health records that are now spread throughout different systems that have been proven time and time again to be vulnerable to breach. Even with the most sophisticated of these vaccine passports being rolled out on the blockchain as a decentralized, verifiable credential, questions remain. One, what happens when a person gets a new device or for whatever reason needs to have their credential renewed or replaced? How do you reissue the credential to the right person? How to secure the backend database so these health records do not get stolen or accessed by the wrong person?

Important questions that need to be thought about from a system design perspective. I am not even talking about the paper passports. Zeroing in on some of the digital initiatives, the back end systems must be secured. That means using biometrics to invoke the credential, which ensures that it cannot be presented by anyone it was not issued to. That means the backend system should also be decentralized so that if a nefarious actor tries to break in, there will be nothing to find and nothing to steal. That means that if someone loses their device or for some reason needs to be reissued a digital vaccine passport, that it is given to the person that actually received the vaccine. This last bit can also be done with a biometric that can be decentralized and linked to the record.

Lastly is the policy question, to what extent these vaccine passports are even to be required and under what conditions can someone be denied entry. I imagine this is an issue that the courts will one day decide. There is precedent with airlines and border crossing, inoculations for children in schools, face coverings for driver licenses and other cases where the right to privacy and questions of public health and safety have already been addressed.

As security professionals, our ethical and moral professional responsibility is to promote system design that would support both privacy and security. If we wanted to do this right, people who get vaccinated would be enrolled into a decentralized system where their records would be held in a way that cannot be accessed by anyone except themselves or authorized individuals, with the persona’s identity bound to the vaccine record and to ensure that only the vaccinated people can invoke and present the valid credential.

These are tough times, and while we’re eager to reopen the economy, it’s important to consider the privacy implications so we don’t open ourselves up to more woes when the world has already gone through its fair share. 

KEYWORDS: COVID-19 pandemic response privacy concerns public safety risk management vaccine security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Frances Zelazny is a biometrics industry veteran and Co-Founder and CEO of Anonybit, a privacy-first biometric and identity management system.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Saving Your Company from a Data Breach Nightmare

    See More
  • coronavirus

    Contact Tracing: Ensuring our data privacy isn’t gone without a trace

    See More
  • Vaccine passport identity

    Vaccine passports must leverage decentralized identity solutions

    See More

Related Products

See More Products
  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • surveillance.jpg

    Surveillance, Privacy and Public Space

  • 9780367667887.jpg

    Surveillance, Privacy and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing