Quebec’s vaccine passport termed safe by researchers
A Montreal-based security analyst, Steven Lachance, expressed his concerns when he heard about Quebec’s government decision to impose a vaccine passport system to reduce COVID-19 transmission across the province.
But his concerns vanished as soon as he looked at the smartphone applications that were available for download. He pointed out that Quebec’s system is fool-proof and so should be a model for other provinces. All the tech experts are of the view that the applications do as they claim and do not make any attempt to gather user data secretly.
Lachance added that he was very skeptical when he came to know about the government’s intentions around such a technology as it had the potential to go wrong in many ways. But then he stated it to be of international standards and much better than anything that the government could have come up with.
The standard introduced by the government is called the SMART Health Card, which is also used for vaccine passports in New York State, Louisiana, and California. The technology revolves around a quick response (QR) code having the name, DOB, and information about the vaccinations that the respective person has received.
Effective from 1st September, all Quebec residents are expected to show proof of vaccination to visit places such as bars, clubs, and restaurants. This week, Quebec released apps for Apple devices to power its vaccine passport system. These include VaxiCode Verif for businesses and VaxiCode for patrons. The Android versions will be released soon too.
Quebec residents are required to download VaxiCode and add their QR codes into it. VaxiCode Verif is a reader app to scan data in the QR code. This authenticates the code through a cryptographic signature, and so Lachance considers it to be secure as, according to him, generating fake QR codes with the real signature is impossible.
Lachance also added that the privacy protection is guaranteed as the signature is validated within the VaxiCode Verif app without connecting to any external server or centralized database. An iOS developer at Montreal tech company Transit, Felix Lapalme also analyzed the app and claimed that there is nothing suspicious attached to it at present. The researchers also pointed out some potential flaws that can be exploited, and so more measures and checklists should be prepared to analyze it from a 360-degree perspective.
Also Read: Data leaks on Thai Vaccine registration site
