SSI and COVID-19 health status certificates - ethics, policy and next steps

From IIW

SSI & COVID-19 Health Status Certificates – Ethics, Policy & Next Steps

Wednesday 13H

Convener: Dakota Gruener

Notes-taker(s):


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Dakota began by introducing ID2020 and its work.

She then moved to explain that ID2020 has been swept up (along with many others) in the demand for verifiable digital credentials for COVID-19-related use cases. She said that last week, ID2020 and Harvard released a paper about the potential issues with “immunity certificates”. https://ethics.harvard.edu/immunity-certificates

Note: “immunity certificates” is a misleading term (used intentionally because it is the term used in common vernacular). When we talk about immunity certificates, it is meant to be inclusive of: • infection status, as determined by a recent PCR test • immunization status, once a vaccine comes online • immunity, if/once immunity is proven and antibody tests are widely available that are reliable



Immunity passports are an idea fraught with risk, both technical and in the implementation of the programs. Policy makers are weighing the risks of such a program against the risks of not moving forward with such a program. Dakota provided an overview of several risks, as described in the paper: 1. Science of immunity is unproven and antibody tests coming to market appear to have low sensitivity and specificity 2. Technical Risks: a. The technology used must be privacy-protecting and secure (while we in this community take that as a given, there is material risk that a less privacy-preserving approach be adopted) b. Are the solutions we are putting forward ready for prime-time? c. Where are we falling short on interoperability? And how does that change the calculus for policymakers weighing the risks and potential benefits of such a program? c. Policy Risks: a. Exclusion — unequal access to testing magnifying inequities; digital divide (those without a cellphone or less tech fluent) i. Ubiquitous testing a necessary precondition > important temporal implications. We should be trying to slow programs down until this is met. ii. Need paper-based solutions in parallel. b. Risks posed by privileging immunity - credential fraud (paying a healthcare provider to issue a certificate that shows you’re immune/non-infectious, even if you’re not), people intentionally risk exposure to get to an immune status c. Necessary scale—there is a long route between the near-zero adoption today, and the level of scale necessary for societal impact. d. Liability—what happens if someone uses a fraudulent credential

See these slides.

Four priorities that ID2020 considers important for the conversation:


Discussion Takeaways: (full notes below)

1. Health status credentialing programs carry significant risk. Need to emphasize that within our community and in discussions with policymakers and health authorities. a. “We have to know the risks we are walking into.” b. Inclusion/exclusion could be magnified by technology. c. Open debate on whether we should be dissuading these programs overall, or whether we should stand ready to help mitigate risks should the programs move forward. 2. Really important temporal aspect: a. “To move fast in this area is not an excuse to ignore the risks.” b. Important to slow down programs to adequately reckon with risk, create time for testing capacity to increase, etc. c. Vaccine is 18 months - 2 years away. Given uncertain science of immunity and unproven technical readiness, might be more appropriate to focus on use of decentralized ID for vaccination records. 3. Trust frameworks / governance critical for any program to move forward. a. Question about how to speed up the development and adaptation of trust frameworks as a resource for governments, in order to ensure it keeps pace. 4. Technology might be ready for prime-time, but it’s not proven. a. Lack of interoperability within stacks and across stacks. Will take years to get there, but is complete interoperability necessary in the short-term? b. No one can prove the technology scales until it scales.

Drummond asked if there was any connection to the COVID-19 Credential Initiative? https://www.covidcreds.com/

Dakota explained that there is a dialog with some of the leaders of the CCI Use Cases workstream.

John Jordan then described a concept prototype (https://vonx.io/safeentry) work by his team in the Province of British Columbia to demonstrate an approach for digital certificates for essential service workers. He said that the BC Gov health authorities were not as interested directly in COVID-19-related credentials (testing, immunity, vaccination) as they were interested in healthcare worker certification and mobility testing. They have 100,000+ healthcare workers in British Columbia, so that’s a major credentialing and verification task. Those same credentials can be applied to other categories of governmental workers, so that’s a larger and less risky adoption population.

Juan Caballero observed: “Also, in the US there is a legal greyzone/permanent leniency zone for liability and regulatory issues around "first responders" and emergency operations.”

Dakota noted that first responders is a much narrower class.

Brian Behlendorf noted that vaccination credentials offer a less controversial early adoption option (immunity passports are politically explosive and science is uncertain). There are also many other uses for vaccination credentials. In all of these cases, decentralized (but safe) but fast is better than centralized but slow.

Juan: “People operating with out-of-state licenses, emergency-staffing of hospitals, field hospitals... all of these contexts are required by Covid, disproportionately represented in this credential environment, and luckily loosened from the usual liability restraints and healthcare system... disincentives.”

Brian noted that contact tracing is another COVID-19-related technology that is being looked at very quickly—and with lots of controversy. But there are first steps that can be taken with those solutions that can have short-term value.

Dakota asked two questions: 1. Is the technology ready? 2. Can it scale?

Orie Steele answered that, with the technology that he’s working with, the issues are not technical, they are about the design and governance policies. He pointed out the analogy to credentials that are already accepted in the travel business for traveling while sick. They are paper documents.

Drummond first said that some tech stacks are working. But he stressed the bigger issue is one of governance frameworks, and that the fastest path to adoption is to implement against governance frameworks from healthcare authorities.

Anil said that the timeline on a vaccination credential is several years. The earliest any vaccination has been developed in the past is four year. In addition, I noted that COVID-19 disproportionately targets communities of color who may have existing conditions, and as such, the possibility of exclusion becomes magnified.

Anil also pointed out that the actual interoperability challenges are far from being solved, and that is still going to take a while and as such to deploy this technology at scale on something where these things need to be solved is concerning.

As such, Anil said that the advice he is sharing within DHS is that “immunity credentials” is an idea that should die quickly due to all these issues. Secondly, essential workers exist in many industries, so we may need much broader applicability of such credentials. Further comments by Anil highlighted that there are serious risks with COVID-19 type credentials in particular for people that are already marginalized in some aspect of their lives be that social, economic, or otherwise.

John Jordan: “One part of the answer is we continue to deliver services in many ways … and I hope that we can do more for the many small communities we have which will never have the ability to deliver digital services themselves. The province can offer SaaS for example one I call “Permitify” that would allow small communities to fire up their permit store with a few clicks and it is backed by the province.”

Karen Advocate: “Check out my post about the divide between those that work at home and those who are forced to go to work, written 7 WEEKS ago about Seattle: http://letshaveaplan.blog/2020/03/06/not-all-workers-can-stay-home-workers-need-safe-workplaces-paid-sick-leave/”

Juan talked about the path of starting with paper credentials and then showing how they can be done digitally. He also talked about the example of the air travel industry, where the credentials required to move between countries are already well-established, with a cellphone/qR-based fast lane and a paper-credential slow lane that is simple enough to get the plane boarded pretty quickly. In particular, the existing “yellow passport” immunity certificates that are accepted at airports and border gateways today seem relevant to serology/vaccine paperwork (note: they include lots of batch/lot info, signature of administering nurse/doctor, etc.).

Dakota asked John about what other Canadian provinces were working on digital credentials. John said several were, but that few were as progressive right now as British Columbia.

Orie observed quoted Marshall McLuhan: “We shape our tools, and then they shape us.”

Chris Eckl observed that the health authorities that he is working with have realized that many of the problems are not technology problems.

Dakota observed that the concepts of “trust frameworks” and “governance frameworks” are still new to many people. And many of them are developed in very transparent, very slow processes. But she asked the question about how it can go faster?

Orie observed: “HTTPS is a trust framework. Its the green lock in your browser.” When you buy from amazon.com and the lock is green, you trust that you are talking to amazon.com because you trust that your web browser and the web server, are in the same trust framework…. You trust the system that secures the internet.

John Jordan Noted: HTTPS is a technology that implicates third parties into your relationships so I don’t really trust that .. I just have only the option to participate or not methinks

Timothy asked Anil if what he was saying, “Don’t try to use verifiable credentials for these use cases at all.”

Anil said that no, the reason he’s cautioning that the problem space not a good one for this technology at this point at time. We need to wait until we can be confident in the underlying data.That data doesn’t include the level of impact of this virus on the communities of color and the most marginalized.

They don’t actually look at interoperability across the multiple stacks. Covid is not the only virus we have ever had to deal with or will ever have to deal with. Without a vaccination this is far from being able to be implemented.

Lack of interoperability within stacks and across stacks.

Karen Advocate: “ www.letshaveaplan.blog is to help us transition to a new society - subscribe. Lots of medical and legal and health research sent via MD, JD, RN, PhD friends goes into each piece.”

“To move fast in this area is not an excuse to ignore the risks.”

Darrell O'Donnell: “We have to know the risks we are walking into.” It is best if the technology being implemented is replacing something that’s inherently broken.

Anil: From the government perspective, we don’t have the ability to “pivot away from a customer base”. We can’t exclude a portion of the population—we have to serve everyone. DHS thus needs to be risk-averse when it comes to technology. So when you have to roll out a population-scale solution, he prefers the Abraham Lincoln quote, “If I’m going to chop a tree, I first spend five days sharpening the ax.” Anil recommends that we spend that “five days”.

Dakota recommends that we can use all of this discussion and these notes to help examine the risks.

Orie wanted to thank the whole community for rising to this occasion. He is seeing the level of effort going into the COVID-19 Credential Initiative community, and is very impressed by it. Drummond shared that the Rules and Governance workstream of the COVID-19 Credential Initiative is highly aware of the risks and is very focused on addressing them. He also thanked Anil for everything he does to help move us all toward government-grade credentials.

Karen spoke to the reality of the digital divide that is very real in Seattle, and that it’s critically important not to speculate as to what those on the “other side of the divide” need, but to go and actually ask them. Don’t sit in your technology golden castles trying to fix something when you haven’t spoken to those communities directly.

John Jordan shared that the Province of British Columbia healthcare organization received over 400 different suggestions for how to deal with the COVID-19 crisis, and that they simply cannot process them all. They also don’t have the tools to understand some of the proposals. So please be mindful that when you are offering your help, it is actually difficult to accept sometimes.

Brian Behlendorf offered that we also need to look at it the other way around: how about if the restaurant can prove it was cleaned, or a meat-packing plant can prove it has implemented safe practices.

Dakota thanked everyone and said it has been a great conversation about the risks. She will be feeding all of this back into the partners ID2020 is working with.

Some links to related work is W3C CCG / DIF:

https://github.com/w3c-ccg/vc-examples/blob/master/docs/covid-19/v2/v2.md https://c19-vc.com/ https://vonx.io/safeentry (Concept Prototype leaning towards essential worker scenarios from the Province of British Columbia) https://www.covidcreds.com/ Zoom Chat Transcipt: 15:49:29 From Dakota Gruener : https://ethics.harvard.edu/immunity-certificates 15:50:35 From Brian Behlendorf : The framing of essential workers may be a much less politically explosive place to start.

15:50:57 From Darrell : Agreed Brian. 15:51:24 From Juan Caballero : Also, in the US there is a legal greyzone/permanent leniency zone for liability and regulatory issues around "first responders" and emergency operations

15:52:26 From Juan Caballero : Man, I wish California were paying attention to the California of Canada on this issue :D

15:53:09 From Brian Behlendorf : We can certainly draw California's attention to it 15:53:19 From Karen Advocate : And US corporations are lobbying to shift COVID-19 liability from employers to employees. Very sad given all of the $$ they continue to receive. Money more important than people.

15:54:13 From digitalsista : Karen it's money more important than human lives which the economy can't exist without. 15:54:14 From Juan Caballero : I was referring in particular to the people who administer and/or notarize on-the-spot test results

15:54:51 From Karen Advocate : Hoping COVID allows us to do a major reset! 15:55:20 From Juan Caballero : People operating with out-of-state licenses, emergency-staffing of hospitals, field hospitals... all of these contexts are required by Covid, disproportionately represented in this credential environment, and luckily loosened from the usual liability restraints and healthcare system... disincentives

16:03:10 From Karen Advocate : From a public health perspective, contact tracing thru technology will likely not be effective with communities that are traditionally oppressed and discriminated against, including immigrants, refugees, low-income, people of color, homeless, victims, traumatized, uninsured etc. Relationships with people they trust will be key to do the work.

16:05:24 From Brian Behlendorf : collaborating with public health authorities on governance is essential

16:05:53 From John Jordan : Kind of my point earlier … 16:06:09 From John Jordan : They already know how to do paper and traditional IT systems 16:06:41 From Brian Behlendorf : (folks this is Dakota's session, let's let her recognize & call the raised hands)

16:06:49 From Drummond Reed : I wasn’t saying that the interop problems have been solved, sorry if there was any misunderstanding.

16:07:03 From Dakota Gruener : Sorry all - didn’t see the raised hands. Will use that going forward.

16:07:24 From Orie Steele : Interop has to be proven with tests… its a measurable thing…. And its remarkably hard to prove.

16:07:44 From Juan Caballero : ^CF our demo table :D 16:08:21 From Juan Caballero : Mass transit commuters, long-commute commuters, non-insured people...

16:08:31 From Juan Caballero : It's an inequality tsunami 16:08:32 From Darrell : Agreed on interoperability tests. DHS used to run a lab that we could use for conformance for some of the OASIS standards (EDXL - Emergency Data eXchange Language). It was very helpful and stopped vendors pointing at each other.

16:09:06 From John Jordan : Yay for Public Service :) 16:09:10 From Juan Caballero : +1 16:09:14 From Karen Advocate : Yes! Disproportionate impact is why I wrote my earlier comment.

16:09:21 From Juan Caballero : North America is very lucky to have you both 16:09:27 From Celine Takatsuno : @juan inequality tsunami indeed… 16:09:38 From Juan Caballero : You know any native speakers of germans looking for work over here? hehe

16:09:40 From Orie Steele : I worry about how digital solutions will further the gap between digital natives, and the rest of us, including those without access to smart phones / technology / healthcare or funds.

16:09:52 From Juan Caballero : ^ this 16:09:58 From Orie Steele : We shape our tools and thereafter they shape us 16:10:06 From Karen Advocate : Agree with Orie. The divide is getting wider. 16:10:08 From Dakota Gruener : We agree strongly w/ the points everyone is raising about potential inequities of these programs.

16:10:18 From Orie Steele : Marsha Mclueens quote not mine. 16:10:31 From Orie Steele : marshal* 16:10:40 From digitalsista : And some are forced to work. 16:10:41 From Juan Caballero : Marsha McQueen is my drag name 16:11:11 From Karen Advocate : Will the chat be captured in notes? Good stuff to have for digital community to read.

16:11:34 From John Jordan : I was answering the question of what about people without phones just today in a briefing note …

16:11:56 From Juan Caballero : Your honor, I'd like my jokes about drag names stricken from the record 16:13:04 From John Jordan : One part of the answer is we continue to deliver services in many ways … and I hope that we can do more for the many small communities we have which will never have the ability to deliver digital services themselves

16:13:22 From Orie Steele : Totally agree regarding cost of education 16:13:29 From Celine Takatsuno : +1 @Orie @Karen @Brian 16:13:48 From Karen Advocate : Check out my post about the divide between those that work at home and those who are forced to go to work, written 7 WEEKS ago about Seattle: http://letshaveaplan.blog/2020/03/06/not-all-workers-can-stay-home-workers-need-safe-workplaces-paid-sick-leave/

16:14:17 From John Jordan : The province can offer SaaS for example one I call “Permitify” that would allow small communities to fire up their permit store with a few clicks and it is backed by the province

16:19:50 From Juan Caballero : john, can we clone you? 16:20:27 From digitalsista : Thanks Karen. this is so good. 16:21:38 From digitalsista : The most marginalized are forced to work. And John thank you for continuing the conversation here.

16:22:09 From digitalsista : yes. Orie!! 16:23:32 From digitalsista : We shape the tools and when we don't like them any more we throw them out and create new ones. 16:26:40 From Orie Steele : HTTPS is a trust framework. Its the green lock in your browser. 16:28:14 From Orie Steele : When you buy from amazon.com and the lock is green, you trust that you are talking to amazon.com because you trust that your web browser and the web server, are in the same trust framework…. You trust the system that secures the internet.

16:28:44 From John Jordan : HTTPS is a technology that implicates third parties into your relationships so I don’t really trust that .. I just have only the option to participate or not

16:29:04 From John Jordan : methinks 16:29:23 From Drummond Reed : The notetaker is doing his best!! Please help!!! 16:30:21 From Dakota Gruener : Thanks, Drummond! This conversation is moving fast and hard to capture everything. Please help Aiden out.

16:30:36 From Dakota Gruener : https://docs.google.com/document/d/1bKxrhhg_MxENpXWQuFXEfI_djTC-mgaeCwQCJ45AITk/edit?usp=sharing

16:31:31 From John Jordan : Takes time and millions of dollars Anil 16:31:47 From John Jordan : Not helpful to keep saying we don’t care or are ignoring it 16:33:04 From Juan Caballero : Everyone, feel free to add to the notes, add details to your own contributions, etc: https://qiqochat.com/breakout/9/iiw30

16:33:43 From Karen Advocate : Thank you Digitalsista! this is my first time blogging! Kaliya has patiently taught me. www.letshaveaplan.blog is to help us transition to a new society - subscribe. Lots of medical and legal and health research sent via MD, JD, RN, PhD friends goes into each piece.

16:34:58 From Juan Caballero : ^ wow this site is great, kudos 16:36:17 From Celine Takatsuno : yes, thanks for sharing this @Karen! 16:36:31 From Karen Advocate : Thank you Juan! 16:36:53 From digitalsista : I think the key thing missing here is what Anil said. We've had pandemics and viruses before. But the move fast in this one moment is not an excuse to ignore the risks.

16:36:54 From Timothy Ruff : Excellent points, Dakota, Drummond, and Anil. 16:38:00 From Karen Advocate : Thank you Celene! 16:42:13 From Brian Behlendorf : +1 to Celene 16:42:58 From Juan Caballero : +1 16:43:40 From Anil John : +1 to what Orie said about the amazing desire of this community to HELP!

16:43:40 From Celine Takatsuno : Thanks for leading this discussion Dakota, so much to unpack here. These conversations are crucial getting it right.

16:44:09 From Dakota Gruener : +1 to Orie’s comments. 16:44:10 From digitalsista : I really wonder who are in those groups. 16:44:22 From Orie Steele : And thank you Dakota for running this session! 16:44:25 From digitalsista : and which communities are represented in those groups. 16:44:49 From John Jordan : https://www.covidcreds.com … there are links to docs with the people involved 16:44:56 From John Jordan : FWIW 16:45:00 From digitalsista : Thanks John. 16:45:51 From Orie Steele : W3C CCG / DIF / CCI the whole community has been working together :) and its been awesome to see.

16:46:44 From Stew Whitman : sorry, bad dog :) 16:46:44 From digitalsista : yeah. I've very anxious by both of these groups based on my personal experiences in this space.

16:47:20 From digitalsista : This what Karen is saying is why I'm so concerned. 16:48:59 From Anil John : @Karen +1 (As the husband of a middle school principal who has been thrown head first into the digital teaching in a community that on a day to day basis depend on the school system to provide breakfast/lunch and don’t have computers at home)

16:49:17 From digitalsista : + to what John just said. 16:49:35 From John Jordan : Absolutely … Brian 16:49:52 From John Jordan : https://silvicultureoperatorscreening.gov.bc.ca/ 16:49:59 From John Jordan : For tree planting camps 16:50:10 From John Jordan : https://www.farmoperatorscreening.gov.bc.ca 16:50:23 From John Jordan : Temporary foriegn worker for farming ... 16:50:54 From Karen Advocate : Homeless in King County: https://www.cdc.gov/mmwr/volumes/69/wr/mm6917e2.htm

16:50:58 From Darrell : +1 John - my son is looking at Ontario’s equivalent as he heads out tree planting.

16:51:03 From John Jordan : This are just forms right now although the silviculture app looks up legal names from OrgBook BC which its a verifiable credential registry of legal entities in BC

16:51:12 From Kaliya Identity Woman : Please save the chat and put an edited version into the notes

16:51:14 From Celine Takatsuno : yes @shireen and @karen — a lot of voices assume the community service orgs will step in. but they don’t have the resources or tools either. tech needs to engage the communities directly and *listen* to what communities say, before deciding (their) tech has the solution .

16:51:23 From John Jordan : I will save the chat! 16:51:28 From Dakota Gruener : dakota@id2020.org 16:51:34 From John Jordan : Chat saved 16:52:21 From Karen Advocate : Thank you! 16:52:46 From Juan Caballero : thx all 16:53:17 From Stew Whitman : +1