Thread: NHS app and vaccination passport.
View Single Post
  #75   Report Post  
Posted to uk.d-i-y
Chris Green Chris Green is offline
external usenet poster
  
Posts: 1,970
Default NHS app and vaccination passport.
Robin wrote:
On 30/04/2021 08:59, Chris Green wrote:
%% wrote:


"Chris Green" wrote in message
...
%% wrote:
I dare say it wouldnt be too hard to make an app that could look up
this
info.

It still depends on 'me' proving the app is on 'my' phone. This is
the bit that I don't understand really (though I'm not totally
convinced that the NHS records are so securely related to a particular
person).

How do you guarantee that the mobile phone that has the 'inoculation
passport' on it is that of the person whose NHS record says that they
have been inoculated? It's not like a passport which has a picture of
'me' in it. I can own lots of mobile phones, I can transfer them to
other people, I can change the fingerprint that unlocks them, mobile
phones are *not* locked for ever to their current owners.

Clearly not a problem with digital passports and driver's licenses.

Why?

I walk up to passport control with my (digital or not) passport and a
mobile phone. The passport has a photograph of me on it and, maybe,
even more specific identity information which proves pretty certainly
it's my passport. OK, that's good.

What sort of proof is there that that the phone which has the covid-19
passport on it is mine? ...

No reason why it cant have your photo too.

A photo can be changed!

Passports go to huge lengths to prevent you changing the picture.

This is the whole point, a passport is designed to be locked to your
identity, that's the whole point of its existence, nowadays there's
more than just the photo identifying it as yours. Plus there's lots
of 'cleverness' preventing people from changing the identity
associated with a passport and also making it difficult to create
false passports.

Phones have none of this, it's trivial to change the 'identity' tags
on a phone, change the picture, register an app with a different bank
account, whatever. The thing is designed to be customised, quite the
opposite of a passport.


Every /serious/ proposal I've seen expects a Covid-19 "certificate" to
contain name and d.o.b. so it can be cross-checked to other ID - e.g. a
passport or driving licence. If that data is encrypted it'd be well
beyond my DIY ability to change it.

But how does that work in a phone app? I.e. if the app is installed
on Fred's phone and confirms he's been jabbed, Fred then gives (or
sells) his phone to Bert. What happens?

.... or do you show the screen of your phone to passport control (or
whatever) and they have to check that the DOB etc. matches your
passport. In other venues how will this work - would you need your
passport and/or driving licence to be cross checked with the Covid
certificate on your phone?

--
Chris Green
ยท
Reply With QuoteReply With Quote