Thread: NHS app and vaccination passport.
View Single Post
  #81   Report Post  
Posted to uk.d-i-y
tim...[_2_] tim...[_2_] is offline
external usenet poster
  
Posts: 420
Default NHS app and vaccination passport.


"Robin" wrote in message
...
On 30/04/2021 10:28, Chris Green wrote:
Robin wrote:
On 30/04/2021 08:59, Chris Green wrote:
%% wrote:


"Chris Green" wrote in message
...
%% wrote:
I dare say it wouldnt be too hard to make an app that could look
up
this
info.

It still depends on 'me' proving the app is on 'my' phone. This is
the bit that I don't understand really (though I'm not totally
convinced that the NHS records are so securely related to a
particular
person).

How do you guarantee that the mobile phone that has the
'inoculation
passport' on it is that of the person whose NHS record says that
they
have been inoculated? It's not like a passport which has a picture
of
'me' in it. I can own lots of mobile phones, I can transfer them
to
other people, I can change the fingerprint that unlocks them,
mobile
phones are *not* locked for ever to their current owners.

Clearly not a problem with digital passports and driver's licenses.

Why?

I walk up to passport control with my (digital or not) passport and a
mobile phone. The passport has a photograph of me on it and, maybe,
even more specific identity information which proves pretty certainly
it's my passport. OK, that's good.

What sort of proof is there that that the phone which has the
covid-19
passport on it is mine? ...

No reason why it cant have your photo too.

A photo can be changed!

Passports go to huge lengths to prevent you changing the picture.

This is the whole point, a passport is designed to be locked to your
identity, that's the whole point of its existence, nowadays there's
more than just the photo identifying it as yours. Plus there's lots
of 'cleverness' preventing people from changing the identity
associated with a passport and also making it difficult to create
false passports.

Phones have none of this, it's trivial to change the 'identity' tags
on a phone, change the picture, register an app with a different bank
account, whatever. The thing is designed to be customised, quite the
opposite of a passport.


Every /serious/ proposal I've seen expects a Covid-19 "certificate" to
contain name and d.o.b. so it can be cross-checked to other ID - e.g. a
passport or driving licence. If that data is encrypted it'd be well
beyond my DIY ability to change it.

But how does that work in a phone app? I.e. if the app is installed
on Fred's phone and confirms he's been jabbed, Fred then gives (or
sells) his phone to Bert. What happens?

... or do you show the screen of your phone to passport control (or
whatever) and they have to check that the DOB etc. matches your
passport.

Very probably. With cross-checks done automatically by reading the code
from the phone and the data from the passport. That's one reason
countries around the world want /digital/ certificates where possible.

I don't believe that "countries around the world" have access to our PP
database. Only UK border control has that (indeed even they may not have
that in real time).

Countries around the world have to take documents at face value, relying
upon the built-in anti-fraud devices embedded into the documents. It is
for this reason that *paper* based documentation is so much better here than
digital variants

They may want these documents to be easily digitally read, but they still
want paper documents

tim



Reply With QuoteReply With Quote