Thread: NHS app and vaccination passport.
View Single Post
  #90   Report Post  
Posted to uk.d-i-y
%%[_2_] %%[_2_] is offline
external usenet poster
  
Posts: 566
Default NHS app and vaccination passport.


"Chris Green" wrote in message
...
Robin wrote:
On 30/04/2021 08:59, Chris Green wrote:
%% wrote:


"Chris Green" wrote in message
...
%% wrote:
I dare say it wouldnt be too hard to make an app that could look
up
this
info.

It still depends on 'me' proving the app is on 'my' phone. This is
the bit that I don't understand really (though I'm not totally
convinced that the NHS records are so securely related to a
particular
person).

How do you guarantee that the mobile phone that has the
'inoculation
passport' on it is that of the person whose NHS record says that
they
have been inoculated? It's not like a passport which has a picture
of
'me' in it. I can own lots of mobile phones, I can transfer them
to
other people, I can change the fingerprint that unlocks them,
mobile
phones are *not* locked for ever to their current owners.

Clearly not a problem with digital passports and driver's licenses.

Why?

I walk up to passport control with my (digital or not) passport and a
mobile phone. The passport has a photograph of me on it and, maybe,
even more specific identity information which proves pretty certainly
it's my passport. OK, that's good.

What sort of proof is there that that the phone which has the
covid-19
passport on it is mine? ...

No reason why it cant have your photo too.

A photo can be changed!

Passports go to huge lengths to prevent you changing the picture.

This is the whole point, a passport is designed to be locked to your
identity, that's the whole point of its existence, nowadays there's
more than just the photo identifying it as yours. Plus there's lots
of 'cleverness' preventing people from changing the identity
associated with a passport and also making it difficult to create
false passports.

Phones have none of this, it's trivial to change the 'identity' tags
on a phone, change the picture, register an app with a different bank
account, whatever. The thing is designed to be customised, quite the
opposite of a passport.


Every /serious/ proposal I've seen expects a Covid-19 "certificate" to
contain name and d.o.b. so it can be cross-checked to other ID - e.g. a
passport or driving licence. If that data is encrypted it'd be well
beyond my DIY ability to change it.

But how does that work in a phone app? I.e. if the app is installed
on Fred's phone and confirms he's been jabbed, Fred then gives (or
sells) his phone to Bert. What happens?

Same as what happens with a digital passport or digital driver's
license on the phone, they all get wiped by the seller before the
phone is sold. Even if the phone is lost or stolen, any decent
phone can be wiped remotely after you have noticed that it
has been lost or stolen and cant be used by the thief or finder

... or do you show the screen of your phone to passport
control (or whatever) and they have to check that the
DOB etc. matches your passport.

Trivial for the system to do that auto.

In other venues how will this work - would you need
your passport and/or driving licence to be cross
checked with the Covid certificate on your phone?

They cross check with the central database, just like happens
now with digital passports and digital driver's licences.

Thats what happens with even trivial stuff like ID
checks when picking up a parcel or using a pub etc.

Reply With QuoteReply With Quote