Vaccine passports: Is the government building a national digital identity database?

When transport secretary Grant Shapps announced this week that the NHS app – not the one doing test and trace, but the one that lets you book appointments with your GP – was going to house our much-awaited vaccine passports, the news was greeted with general delight.

At last! Holidays were on the near horizon and they would provide just the tonic we all needed after almost a year and a half of Covid pandemic misery.

What few were asking in the general celebration was just why the NHS App – which also provides a portal into our GP medical records – had been chosen as the vehicle to get us on to airplanes and across international borders.

When vaccine passports were first mooted at the end of February, a host of companies, many of whom had been given grants by the government, came up with solutions that involved simple apps that proposed accessing ring-fenced vaccine registers in order to tell whoever was asking that yes, you’re good to go, or no, you’re not.

At least one of them, called iProov, didn't even need to flag up your name or any other information about you to anyone who was asking (either a nightclub bouncer or an airport customs official). It just needed a verified image of your face.

So why choose the NHS App? The suspicion among privacy and civil rights campaigners is that the government is taking the opportunity, perfectly camouflaged by the pandemic, to use it as a platform for the development of a national digital identity database.

“There are people in government who have always wanted a national ID database,” says Silkie Carlo, director of the civil rights group Big Brother Watch. “The last time an attempt was made to introduce one [through the ill-fated ID card scheme that was dropped in 2010 after widespread opposition] we warned people that the information held in the database supporting the cards was bound to grow.

“At the time, our worst fear was that it could eventually hold people’s medical records. But that is the starting point for this scheme. Coupled with that would be lots of information about you, some kind of biometric aspect and, if it were to be combined with the NHS Test & Trace App, a record of many of the places you have visited. It would combine all our worst nightmares in one place.”

While everyone enjoys the convenience of a smooth passage from A to B, there has traditionally been opposition among Britons to any kind of “papers please” culture. This has stymied the dreams of ministers and senior civil servants who have envisaged more joined-up digital government as a way to cut costs and improve efficiency, allowing citizens to access all the services they need at the touch of a button. Our innate opposition to central Big Brother-style databases – to our political masters knowing too much about us – has always been an obstacle to this type of government.

However, using an app associated with the NHS – arguably our most-trusted institution – would be the perfect way of introducing such a database without the public noticing. It already has your name, address, NHS number, and medical history. As a database containing your vaccine passport it could also incorporate your travel details, passport picture (or other biometrics), and then, who knows, your National Insurance number, tax details and whatever else the government chose to pile on to it.

Launched in 2018, the NHS App enables a user to book appointments, order repeat prescriptions, access their medical records and express their organ donation wishes. As of last year, only around 250,000 people had downloaded it – but if it could help vaccinated users to get to sunnier foreign climes, that number could be expected to increase exponentially.

open image in gallery

“I believe they’re trying to implement a national ID scheme under cover of the Covid-19 pandemic,” says Phil Booth, co-ordinator of medConfidential, a campaign group that advocates the confidential safeguarding of medical records. “To use the NHS app as a vaccine passport is otherwise completely insane.

“Government is effectively encouraging you to hand over your phone – logged in to an app that provides access to your medical records – to an arbitrary third-party foreign national at passport control anywhere in the world. This would be completely nuts.

“You can only imagine what a malign government could do with this. They could pull out your entire medical history. Diplomats, politicians, police officers, trade negotiators, judges and senior civil servants could all have their embarrassing health issues uncovered and used for blackmail.

“And, contrary to providing ease of travel, your medical records could actually prevent it. Before travelling to the US, you have to declare that you are not suffering from any mental illness. I have a Canadian friend who was turned around and sent back recently because border officials found her anti-depressants in her luggage. Can you imagine what they could do if they had access to all of your health records?”

But how realistic might such a security breach be? I would argue “very”. The government is notoriously bad at delivering workable and secure IT projects. Between August 2019 and July 2020, UK government departments were responsible for “thousands” of data breaches, according to research by USB drive manufacturer Apricorn.

open image in gallery

Under the General Data Protection Regulation (GDPR), large companies and institutions are required to report to an in-house data protection officer each time there is a breach or leak of a person’s private information. These are called Data Incident Reports, and, according to Apricorn’s research, during 2019/20 there were 1,280 attributed to HM Passport Office.

“Handing over an unlocked phone to anybody you don’t know is an absolute no-no,” says Ted – not his real name – a highly-accomplished “white-hat” hacker who helps big companies avoid being hacked by criminals.

“Someone might look as if they are innocently placing your phone down on a flat surface at a border post, airport or hotel. But they could be using a reader and your phone’s Bluetooth or contactless functions to suck all the information out of it. And if it were ever taken into a backroom by somebody for purposes of ‘verification’, then it’s game over – they could get everything.

“Giving anyone access to an app that contains your medical history is, frankly, completely crazy. And while you might be told that security will be built in, you can be sure that if something can go wrong, it will. And remember, we’re not just dealing with individuals here. If a country wanted to set itself up to read your NHS App’s secrets, it would find a way to do it.”

Furthermore, Ted argues that the very linkage of health with travel could get you incorrectly profiled by law enforcement authorities.

“If they accessed this information, they could use more details than just your vaccination status – they’d get your personal travel information, too,” he says. “Let’s say you’ve just been to Thailand and you now have a sexually transmitted disease. So, you must be a sex tourist or a paedophile, even though the two might be completely unconnected.”

Both Ted and medConfidential’s Phil Booth argue that a paper certificate would be much safer.

“Why do we need an app for this anyway? Why not give us an official stamp in our passports, just like a visa,” says Ted. “Job done.”

open image in gallery

Sean Power, commercial director of Logifect, a company that was given a £37,000 grant to help develop what it calls an “immunity passport” says he was surprised that the government had not opted for a simpler app which, like his, could access only one piece of information – your immunisation status – rather than, potentially, all your records.

“It is a surprise in that it is unnecessary, since there are alternatives in position and we have presented alternatives that are far more sophisticated and built for purpose, but not a surprise that maybe [the government] has chosen something in which they have invested a lot of money and time,” he says.

Power says that nobody yet knows what form the NHS App vaccine certificate will take or how it will work. Asked whether he, too, suspected that the NHS App was to be the thin end of a national database wedge, he said he didn't now, but he had heard the rumours.

“Someone mentioned this to me the other day and I nearly fell off my chair,” he says. “If you are worried about things like this, then that news is going to be something that unsettles you because sometimes we presume the worst. You think ‘surely not’.

Read More:

“There was a way to do this that was seamless, safe, secure and people could have been comfortable with it. I would like to think it is still possible because I do think the way out of our troubles at the moment is to get rid of social distancing and to do that we want to be safe, and vaccination helps us to be safer. There has to be a way we can mix that all in the pot and life can return to normal. We just need to make people feel safe and secure.”

I asked the Department of Health and Social Care why the NHS App had been chosen for the vaccine passport role, how it would work, why arguably simpler methods had been rejected and whether this was the start of a national digital ID database.

But I received no reply.