The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 1 to 7.
Do We Really Need an App for That? Examining the Utility and Privacy Implications of India’s Digital Vaccine Certificates
https://cis-india.org/internet-governance/blog/do-we-really-need-an-app-for-that-examining-the-utility-and-privacy-implications-of-india2019s-digital-vaccine-certificates
<b>We examine the purported benefits of digital vaccine certificates over regular paper-based ones and analyse the privacy implications of their use.</b>
<p><em>This blogpost was edited by Gurshabad Grover, Yesha Tshering Paul, and Amber Sinha.<br />It was originally published on <a href="https://digitalid.design/vaccine-certificates.html">Digital Identities: Design and Uses</a> and is cross-posted here.<br /></em></p>
<p>In an experiment to streamline its COVID-19 immunisation drive, India has adopted a centralised vaccine administration system called CoWIN (or COVID Vaccine Intelligence Network). In addition to facilitating registration for both online and walk-in vaccine appointments, the system also allows for the <a href="https://verify.cowin.gov.in/" target="_blank">digital verification</a> of vaccine certificates, which it issues to people who have received a dose. This development aligns with a global trend, as many countries have adopted or are in the process of adopting “vaccine passports” to facilitate safe movement of people while resuming commercial activity.
<br /><br />Some places, such as the <a href="https://www.schengenvisainfo.com/news/all-your-questions-on-eus-covid-19-vaccine-certificate-answered/" target="_blank">EU</a>, have constrained the scope of use of their vaccine certificates to international travel. The Indian government, however, has so far <a href="https://www.livemint.com/opinion/columns/vaccination-certificates-need-a-framework-to-govern-their-use-11618160385602.html" target="_blank">skirted</a> important questions around where and when this technology should be used. By allowing <a href="https://verify.cowin.gov.in/" target="_blank">anyone</a> to use the online CoWIN portal to scan and verify certificates, and even providing a way for the private-sector to incorporate this functionality into their applications, the government has opened up the possibility of these digital certificates being used, and even mandated, for domestic everyday use such as going to a grocery shop, a crowded venue, or a workplace.
<br /><br />In this blog post, we examine the purported benefits of digital vaccine certificates over regular paper-based ones, analyse the privacy implications of their use, and present recommendations to make them more privacy respecting. We hope that such an analysis can help inform policy on appropriate use of this technology and improve its privacy properties in cases where its use is warranted.
<br /><br />We also note that while this post only examines the merits of a technological solution put out by the government, it is more important to <a href="https://www.accessnow.org/cms/assets/uploads/2021/04/Covid-Vaccine-Passports-Threaten-Human-Rights.pdf" target="_blank">consider</a> the effects that placing restrictions on the movement of unvaccinated people has on their civil liberties in the face of a vaccine rollout that is inequitable along many lines, including <a href="https://thewire.in/gender/women-falling-behind-in-indias-covid-19-vaccination-drive" target="_blank">gender</a>, <a href="https://www.thehindu.com/sci-tech/science/will-25-covid-19-vaccines-for-private-hospitals-aggravate-inequity/article34799098.ece" target="_blank">caste-class</a>, and <a href="https://scroll.in/article/994871/tech-savvy-indians-drive-to-villages-for-covid-19-vaccinations-those-without-smartphones-lose-out" target="_blank">access to technology</a>.</p>
<h4>How do digital vaccine certificates work?</h4>
<p>Every vaccine recipient in the country is required to be registered on the CoWIN platform using one of <a href="https://www.cowin.gov.in/faq" target="_blank">seven</a> existing identity documents. [1] <a name="ref1"></a> Once a vaccine is administered, CoWIN generates a vaccine certificate which the recipient can access on the CoWIN website. The certificate is a single page document that contains the recipient’s personal information — their name, age, gender, identity document details, unique health ID, a reference ID — and some details about the vaccine given.<a name="ref2"></a> [2] It also includes a “secure QR code” and a link to CoWIN’s verification <a href="https://verify.cowin.gov.in/" target="_blank">portal</a>.
<br /><br />The verification portal allows for the verification of a certificate by scanning the attached QR code. Upon completion, the portal displays a success message along with some of the information printed on the certificate.
<br /><br />Verification is done using a cryptographic mechanism known as <a href="https://en.wikipedia.org/wiki/Digital_signature" target="_blank">digital signatures</a>, which are encoded into the QR code attached to a vaccine certificate. This mechanism allows “offline verification”, which means that the CoWIN verification portal or any private sector app attempting to verify a certificate does not need to contact the CoWIN servers to establish its authenticity. It instead uses a “public key” issued by CoWIN beforehand to verify the digital signature attached to the certificate.
<br /><br />The benefit of this convoluted design is that it protects user privacy. Performing verification offline and not contacting the CoWIN servers, precludes CoWIN from gleaning sensitive metadata about usage of the vaccine certificate. This means that CoWIN does not learn about where and when an individual uses their vaccine certificate, and who is verifying it. This closes off a potential avenue for mass surveillance. [3] However, given how certificate revocation checks are being implemented (detailed in the privacy implications section below), CoWIN ends up learning this information anyway.</p>
<h4>Where is digital verification useful?</h4>
<p>The primary argument for the adoption of digital verification of vaccine certificates over visual examination of regular paper-based ones is security. In the face of vaccine hesitancy, there are concerns that people may forge vaccine certificates to get around any restrictions that may be put in place on the movement of unvaccinated people. The use of digital signatures serves to allay these fears.
<br /><br />In its current form, however, digital verification of vaccine certificates is no more secure than visually inspecting paper-based ones. While the “secure QR code” attached to digital certificates can be used to verify the authenticity of the certificate itself, the CoWIN verification portal does not provide any mechanism nor does it instruct verifiers to authenticate the identity of the person presenting the certificate. This means that unless an accompanying identity document is also checked, an individual can simply present someone else’s certificate.
<br /><br />There are no simple solutions to this limitation; adding a requirement to inspect identity documents in addition to digital verification of the vaccine certificate would not be a strong enough security measure to prevent the use of duplicate vaccine certificates. People who are motivated enough to forge a vaccine certificate, can also duplicate one of the seven ID documents which can be used to register on CoWIN, some of which are simple paper-based documents. [4] Requiring even stronger identity checks, such as the use of Aadhaar-based biometrics, would make digital verification of vaccine certificates more secure. However, this would be a wildly disproportionate incursion on user privacy — allowing for the mass collection of metadata like when and where a certificate is used — something that digital vaccine certificates were explicitly designed to prevent. Additionally, in Russia, people were <a href="https://www.washingtonpost.com/world/europe/moscow-fake-vaccine-coronavirus/2021/06/26/0881e1e4-cf98-11eb-a224-bd59bd22197c_story.html" target="_blank">found</a> issuing fake certificates by discarding real vaccine doses instead of administering them. No technological solution can prevent such fraud.
<br /><br />As such, the utility of digital certificates is limited to uses such as international travel, where border control agencies already have strong identity checks in place for travellers. Any everyday usage of the digital verification functionality on vaccine certificates would not present any benefit over visually examining a piece of paper or a screen.</p>
<h4>Privacy implications of digital certificates</h4>
<p>In addition to providing little security utility over manual inspection of certificates, digital certificates also present privacy issues, these are listed below along with recommendations to mitigate them:
<br /><br /><em>(i) The verification portal leaks sensitive metadata to CoWIN’s servers:</em> An analysis of network requests made by the CoWin verification portal reveals that it conducts a ‘revocation check’ each time a certificate is verified. This check was also found in the source <a href="https://github.com/egovernments/DIVOC/blob/e667697b47a50a552b8d0a8c89a950180217b945/interfaces/vaccination-api.yaml#L385" target="_blank">code</a>, which is made openly available<a name="ref5"></a>.
[5]</p>
<p>Revocation checks are an important security consideration while using digital signatures. They allow the issuing authority (CoWIN, in this case) to revoke a certificate in case the account associated with it is lost or stolen, or if a certificate requires correction. However, the way they have been implemented here presents a significant privacy issue. Sending certificate details to the server on every verification attempt allows it to learn about where and when an individual is using their vaccine certificate.
<br /><br />We note that the revocation check performed by the CoWIN portal does not necessarily mean that it is storing this information. Nevertheless, sending certificate information to the server directly contradicts claims of an “offline verification” process, which is the basis of the design of these digital certificates.
<br /><br /><strong>Recommendations:</strong> Implementing privacy-respecting revocation checks such as Certificate Revocation Lists, [6] or Range Queries [7] would mitigate this issue. However, these solutions are either complex or present bandwidth and storage tradeoffs for the verifier.
<br /><br /><em>(ii) Oversharing of personally identifiable information:</em> CoWIN’s vaccine certificates include more personally identifiable information (name, age, gender, identity document details and unique health ID) than is required for the purpose of verifying the certificate. An examination of the vaccine certificates available to us revealed that while the Aadhaar number is appropriately masked, other personal identifiers such as passport number and unique health ID were not masked. Additionally, the inclusion of demographic details, such as age and gender, provides little security benefit by limiting the pool of duplicate certificates that can be used and are not required in light of the security analysis above.
<br /><br /><strong>Recommendation:</strong> Personal identifiers (such as passport number and unique health ID) should be appropriately masked and demographic details (age, gender) can be removed.
<br /><br />The minimal set of data required for identity-linked usage for digital verification, as described above, is a full name and masked ID document details. All other personally identifying information can be removed. In case of paper-based certificates, which is suggested for domestic usage, only the details about vaccine validity would suffice and no personal information is required.
<br /><br /><em>(iii) Making information available digitally increases the likelihood of collection:</em> All of the personal information printed on the certificate is also encoded into the QR code. This is <a href="https://www.bbc.com/news/uk-scotland-57208607" target="_blank">necessary</a> because the digital signature verification process also verifies the integrity of this information (i.e. it wasn’t modified). A side effect of this is that the personal information is made readily available in digital form to verifiers when it is scanned, making it easy for them to store. This is especially likely in private sector apps who may be interested in collecting demographic information and personal identifiers to track customer behaviour.
<br /><br /><strong>Recommendation:</strong> Removing extraneous information from the certificate, as suggested above, mitigates this risk as well.</p>
<h4>Conclusion</h4>
<p>Our analysis reveals that without incorporating strong, privacy-invasive identity checks, digital verification of vaccine certificates does not provide any security benefit over manually inspecting a piece of paper. The utility of digital verification is limited to purposes that already conduct strong identity checks.
<br /><br />In addition to their limited applicability, in their current form, these digital certificates also generate a trail of data and metadata, giving both government and industry an opportunity to infringe upon the privacy of the individuals using them.
<br /><br />Keeping this in mind, the adoption of this technology should be discouraged for everyday use.</p>
<p> </p>
<h4>References</h4>
<p>[1] Exceptions <a href="https://web.archive.org/web/20210511045921/https://www.mohfw.gov.in/pdf/SOPforCOVID19VaccinationofPersonswithoutPrescribedIdentityCards.pdf" target="_blank">exist</a> for people without state-issued identity documents.</p>
<p>[2] This information was gathered by inspecting three vaccine certificates linked to the author’s CoWIN account, which they were authorised to view, and may not be fully accurate.</p>
<p>[3] This design is similar to Aadhaar’s “<a href="https://resident.uidai.gov.in/offline-kyc" target="_blank">offline KYC</a>” process.</p>
<p>[4] “Aadhaar Card: UIDAI says downloaded versions on ordinary paper, mAadhaar perfectly valid”, <em>Zee Business</em>, April 29 2019, <em>https://www.zeebiz.com/india/news-aadhaar-card-uidai-says-downloaded-versions-on-ordinary-paper-maadhaar-perfectly-valid-96790</em>.</p>
<p>[5] This check was also verified to be present in the reference <a href="https://github.com/egovernments/DIVOC/blob/261a61093b89990fe34698f9ba17367d4cb74c34/public_app/src/components/CertificateStatus/index.js#L125" target="_blank">code</a> made available for private-sector applications incorporating this functionality, suggesting that private sector apps will also be affected by this.</p>
<p>[6] <a href="https://en.wikipedia.org/wiki/Certificate_revocation_list" target="_blank">Certificate Revocation Lists</a> allow the server to provide a list of revoked certificates to the verifier, instead of the verifier querying the server each time. This, however, can place heavy bandwidth and storage requirements on the verifying app as this list can potentially grow long.</p>
<p>[7] Range Queries are described in this <a href="https://www.ics.uci.edu/~gts/paps/st06.pdf" target="_blank">paper</a>. In this method, the verifier requests revocation status from the server by specifying a range of certificate identifiers within which the certificate being verified lies. If there are any revoked certificates within this range, the server will send their identifiers to the verifier, who can then check if the certificate in question is on the list. For this to work, the range selected must be sufficiently large to include enough potential candidates to keep the server from guessing which one is in use.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/do-we-really-need-an-app-for-that-examining-the-utility-and-privacy-implications-of-india2019s-digital-vaccine-certificates'>https://cis-india.org/internet-governance/blog/do-we-really-need-an-app-for-that-examining-the-utility-and-privacy-implications-of-india2019s-digital-vaccine-certificates</a>
</p>
No publisherdivyankPrivacyDigital IDCovid19Appropriate Use of Digital ID2021-08-03T05:13:28ZBlog EntryDesign and Uses of Digital Identities - Research Plan
https://cis-india.org/internet-governance/blog/digtial-identities-research-plan
<b>In our research project about uses and design of digital identity systems, we ask two core questions: a) What are appropriate uses of ID?, and b) How should we think about the technological design of ID? Towards the first research question, we have worked on first principles and will further develop definitions, legal tests and applications of these principles. Towards the second research question, we have first identified a set of existing and planned digital identity systems that represent a paradigm of how such a system can be envisioned and implemented, and will look to identify key design choices which are causing divergence in paradigm.</b>
<h4>Read the research plan <a class="external-link" href="https://digitalid.design/research-plan.html">here</a>.</h4>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/digtial-identities-research-plan'>https://cis-india.org/internet-governance/blog/digtial-identities-research-plan</a>
</p>
No publisherAmber Sinha and Pooja SaxenaDigital IDPrivacyInternet GovernanceAppropriate Use of Digital IDDigital Identity2019-08-17T07:58:44ZBlog EntryHolding ID Issuers Accountable, What Works?
https://cis-india.org/internet-governance/blog/holding-id-issuers-accountable-what-works
<b></b>
<p>Together with the <a class="external-link" href="https://itsrio.org/pt/home/">Institute of Technology & Society</a> (ITS), Brazil, and the <a class="external-link" href="https://www.cipit.org/">Centre for Intellectual Property and Information Technology Law</a> (CIPIT), Kenya, CIS participated at a side event in <a class="external-link" href="https://www.rightscon.org/">RightsCon 2019</a> held in Tunisia, titled Holding ID Issuers Accountable, What Works?, organised by the <a class="external-link" href="https://www.omidyar.com/">Omidyar Network</a>. The event was attended by researchers and advocates from nearly 20 countries. Read the event report <a class="external-link" href="https://digitalid.design/rightscon-2019-report.html">here</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/holding-id-issuers-accountable-what-works'>https://cis-india.org/internet-governance/blog/holding-id-issuers-accountable-what-works</a>
</p>
No publisherShruti Trikanad and Amber SinhaDigital IDPrivacyInternet GovernanceAppropriate Use of Digital IDDigital Identity2019-08-08T10:23:58ZBlog EntryThe Appropriate Use of Digital Identity
https://cis-india.org/internet-governance/blog/the-appropriate-use-of-digital-identity
<b></b>
<p>As governments across the globe implement new, foundational, digital identification systems (“Digital ID”), or modernize existing ID programs, there is dire need for greater research and discussion about appropriate uses of Digital ID systems. This significant momentum for creating Digital ID in several parts of the world has been accompanied with concerns about the privacy and exclusion harms of a state issued Digital ID system, resulting in campaigns and litigations in countries such as UK, India, Kenya, and Jamaica. Given the very large range of considerations required to evaluate Digital ID projects, it is necessary to think of evaluation frameworks that can be used for this purpose.</p>
<p>At RightsCon 2019 in Tunis, we presented <a class="external-link" href="http://bit.ly/CISDigitalIDAppropriateUse">working drafts</a> on appropriate use of Digital ID by the partner organisations of this <a class="external-link" href="https://www.omidyar.com/blog/appropriate-use-digital-identity-why-we-invested-three-region-research%C2%A0alliance">three-region research alliance</a> - ITS from Brazil, CIPIT from Kenya, and CIS from India.</p>
<p>In the <a class="external-link" href="https://digitalid.design/evaluation-framework-01.html">draft by CIS</a>, we propose a set of principles against which Digital ID may be evaluated. We hope that these draft principles can evolve into a set of best practices that can be used by policymakers when they create and implement Digital ID systems, provide guidance to civil society examinations of Digital ID and highlight questions for further research on the subject. We have drawn from approaches used in documents such as the necessary and proportionate principles, the OECD privacy guidelines and scholarship on harms based approach.</p>
<p>Read and comment on CIS’s Draft framework <a class="external-link" href="https://digitalid.design/evaluation-framework-01.html">here</a>.</p>
<p>Download Working drafts by CIPIT, CIS, and ITS <a class="external-link" href="http://bit.ly/CISDigitalIDAppropriateUse">here</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/the-appropriate-use-of-digital-identity'>https://cis-india.org/internet-governance/blog/the-appropriate-use-of-digital-identity</a>
</p>
No publisheramberDigital IDPrivacyInternet GovernanceAppropriate Use of Digital IDDigital Identity2019-08-08T10:24:40ZBlog EntryComments to the ID4D Practitioners’ Guide
https://cis-india.org/internet-governance/blog/comments-to-the-id4d-practitioners2019-guide
<b></b>
<p>This post presents our comments to the ID4D Practitioners’ Guide: Draft For Consultation released by ID4D in June, 2019. CIS has conducted research on issues related to digital identity since 2012. This submission is divided into three main parts. The first part (General Comments) contains the high-level comments on the Practitioners’ Guide, while the second part (Specific Comments) addresses individual sections in the Guide. The third and final part (Additional Comments) does not relate to particulars in the Practitioners' Guide but other documents that it relies upon. We submitted these comments to ID4D on August 5, 2019. Read our comments <a class="external-link" href="https://digitalid.design/comments-ID4D-practitioners-guide.html">here</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/comments-to-the-id4d-practitioners2019-guide'>https://cis-india.org/internet-governance/blog/comments-to-the-id4d-practitioners2019-guide</a>
</p>
No publisherYesha Tshering Paul, Prakriti Singh, and Amber SinhaDigital IDPrivacyInternet GovernanceAppropriate Use of Digital IDDigital Identity2019-08-08T10:25:13ZBlog EntryDigital ID Forum 2019
https://cis-india.org/internet-governance/news/digital-id-forum-2019
<b>Sunil Abraham was one of the panelists at this event at Chulalongkorn University on July 3, 2019.</b>
<p><img src="https://cis-india.org/home-images/DigitalID.png" alt="Digital ID" class="image-inline" title="Digital ID" /></p>
<p><span>Click to </span><a class="external-link" href="http://cis-india.org/internet-governance/files/digital-id-forum">view the agenda</a><span>. Also see </span><a class="external-link" href="https://en.wikipedia.org/wiki/Asia_Source">Wikipedia page</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/digital-id-forum-2019'>https://cis-india.org/internet-governance/news/digital-id-forum-2019</a>
</p>
No publisherAdminDigital IDPrivacyInternet GovernanceAppropriate Use of Digital IDDigital Identity2019-08-07T14:09:16ZNews ItemAnnouncement of a Three-Region Research Alliance on the Appropriate Use of Digital Identity
https://cis-india.org/internet-governance/blog/appropriate-use-of-digital-identity-alliance-announcement
<b>Omidyar Network has recently announced its decision to invest in establishment of a three-region research alliance — to be co-led by the Institute for Technology & Society (ITS), Brazil, the Centre for Intellectual Property and Information Technology Law (CIPIT) , Kenya, and the CIS, India — on the Appropriate Use of Digital Identity. As part of this Alliance, we at the CIS will look at the policy objectives of digital identity projects, how technological policy choices can be thought through to meet the objectives, and how legitimate uses of a digital identity framework may be evaluated.</b>
<p> </p>
<p>As governments across the globe are implementing new, digital foundational identification systems or modernizing existing ID programs, there is a dire need for greater research and discussion about appropriate design choices for a digital identity framework. There is significant momentum on digital ID, especially after the adoption of UN Sustainable Development Goal 16.9, which calls for legal identity for all by 2030. Given the importance of this subject, its implications for both the development agenda as well its impact on civil, social and economic rights, there is a need for more focused research that can enable policymakers to take better decisions, guide civil society in different jurisdictions to comment on and raise questions about digital identity schemes, and provide actionable material to the industry to create identity solutions that are privacy enhancing and inclusive.</p>
<p> </p>
<h4>Excerpt from the <a href="https://www.omidyar.com/blog/appropriate-use-digital-identity-why-we-invested-three-region-research%C2%A0alliance" target="_blank">blog post by Subhashish Bhadra</a> announcing this new research alliance</h4>
<p>...In the absence of any widely-accepted thinking on this issue, we run the risk of digital identity systems suffering from mission creep, that is being made mandatory or being used for an ever-expanding set of services. We believe this creates several risks. First, people may be excluded from services if they do not have a digital identity or because it malfunctions. Second, this approach creates a wider digital footprint that can be used to create a profile of an individual, sometimes without consent. This can increase privacy risk. Third, this approach increases the power of institutions versus individuals and can be used as rationale to intentionally deny services, especially to vulnerable or persecuted groups.</p>
<p>Three exceptional research groups have undertaken the effort of answering this complex and important question. Over the next six months, these think tanks will conduct independent research, as well as involve experts from across the globe. Based in South America, Africa, and Asia, these institutions represent the collective wisdom and experiences of three very distinct geographies in emerging markets. While drawing on their local context, this research effort is globally oriented. The think tanks will create a set of recommendations and tools that can be used by stakeholders to engage with digital identity systems in any part of the world...</p>
<p>This research will use a collaborative and iterative process. The researchers will put out some ideas every few weeks, with the objective of seeking thoughts, questions, and feedback from various stakeholders. They will participate in several digital rights and identity events across the globe over the next several months. They will also organize webinars to seek input from and present their interim findings to interested communities from across the globe. Each of these provide an opportunity for you to provide your thoughts and help this research program provide an independent, rigorous, transparent, and holistic answer to the question of when it’s appropriate for digital identity to be used. We need a diversity of viewpoints and collaborative dissent to help solve the most pressing issues of our times.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/appropriate-use-of-digital-identity-alliance-announcement'>https://cis-india.org/internet-governance/blog/appropriate-use-of-digital-identity-alliance-announcement</a>
</p>
No publisheramberDigital IDInternet GovernanceAppropriate Use of Digital IDFeaturedDigital IdentityHomepage2019-05-13T09:06:23ZBlog Entry