How the NHS Covid Pass scheme actually works

Out of London for the first time in a year or so, on a short trip to France.

I was able to scan my Covid-19 vaccine record from the NHS App into the French “TousAntiCovid” app.

Much like the UK, there are two modes: one for domestic use, and one for travel.

In general, the QR codes in vaccine passports generated in Europe contain name, DOB, date of jab, kind of vaccine etc. This is an EU-wide standard also used within the NHS app.

When I scan the NHS code into the French TousAntiCovid (“everyone against Covid”) app, it has two modes: one for domestic use in France that visually displays only the QR code and name. This is for showing in restaurants, bars, etc.

And a separate “border mode” which contains the same details, but visually shows additional bits such as DOB (to match against a passport) and date of jab (to check whether enough time has passed to be considered fully vaccinated)

Note that in both the cases, the underlying QR code has ALL of the data from the text/PDF version, so anyone could theoretically make a different QR code scanner up to read and reveal all of the data.

By default though, the QR codes visually reveal less private info than PDF

Within the UK for domestic use for instance, the NHS has a separate app called the Covid-19 Verifier app (iOS version here in the App Store:

A really forward-looking decision taken by the NHS Covid Verifier app is that it does NOT show the underlying personal data; it just returns a yes/no result.

This is by far more privacy-preserving than asking someone to show their details on a PDF or paper or card.

The *domestic* NHS Covid QR codes uses the following criteria when showing yes/no:

1. Positive PCR test in last 6 months
2. Fully vaccinated
3. Negative lateral flow test in last 48 hours

When it returns a yes/no it doesn’t give which of the above 3 reasons it was based on

One thing to note about the domestic passes is that criteria 1 and 2 are usually more likely to be true.

Criteria 3 (negative rapid test) is easily faked, because it’s based on a self-reported result.

Then there’s the behavioural challenge. The DHSC wants venues to use the NHS Covid Verifier app to check these status. Scanning each code, which takes say 10-30 seconds.

If you imagine a crowd of 1000s at a venue, the more likely behaviour (and as reported at Wimbledon and Wembley), is to just ask people to show the actual text on PDF or app 🤷🏽‍♂️

Which ultimately defeats the purposes of the privacy-preserving Verifier app.

And if there’s an easy loophole through the negative rapid test, it undermines the faith in whether the Verifier app can be trusted.

There are two options here:
1. Continue on the honour system, and hope people don’t lie when reporting rapid test results (what we do right now)

2. Carry out an ID check as well as some form of verified check on rapid test result, e.g., the result must be logged with a photo of the test kit to prove what the result was. Although I imagine this intrudes on privacy and could reduce the number of people taking rapid tests.

Having worked in digital identity and biometrics for a while, my immediate reaction to any new initiative is to think of “how will people try to game the system?”

Because what years of behavioural research on this has shown is that there are some people who ALWAYS try to fake.

So the question always changes to one of behavioural psychology and systemic risk: in a given system (say this domestic passport), how many users do you think will try to game the system?

And how much %age of these people who are trying to game the results can the system absorb?

Originally tweeted by Ankur Banerjee (@ankurb) on 1 August 2021.


The Poly Network hack is a good example of where digital identity is important for crypto

The @PolyNetwork2 hack is the story of an audacious heist (which the hacker might still get away with 👀).

But, it's also a story of how the world of identity and crypto are intrinsically linked – and will collide even more so as regulations change

A 🧵 from our CTO @ankurb

The hacker behind #PolyNetwork appears to have got lucky far beyond what they expected and didn't have an exit plan.

Getting crypto amounts that large out into fiat is extremely hard, since everything is on ledger and most exit ramps take users through KYC.

(image h/t @trmlabs)

Contrast this with the example of something equally audacious in the world of legacy banking, when North Korea’s Lazarus Group almost got away with stealing $1bn from Bangladesh’s national bank (they got away with $81mn) 💸

The $1bn Lazarus heist hackers almost got away because:

– Timed perfectly, on a weekend, so that bank teams at the Federal Reserve Bank (!) in New York and Bangladesh Bank couldn't talk

– Warning messages weren't passed on because the hackers tampered with the printer (really!)

Can you imagine a blockchain network that only logged/audited messages during business hours on a weekday? 😂

Over the hours and days the #PolyNetwork drama unfolded, firms like @chainalysis were able to track EXACTLY where funds were moving 🕵️

Given the open nature of blockchains, there was an analysis available within hours on how the hack took place from @kelvinfichter

This entire (separate) thread is worth a read) 👌

How does this tie back to digital identity?

Even outside the context of a crypto hack, the question "Who ACTUALLY controls this wallet/account?" crops up all the time.

There is a use case for anonymous payments in crypto – but also where the identity of receiver can be verified

To take an example, when @cheqd_io took funds in $USDC from partners, we had to get on a Zoom call to receive a small test transfer.

We screenshared to confirm to senders when the transfer went through that we had control of the wallet. Only then did we proceed with the rest.

Imagine if it was possible to verify the identity of both senders and recipients through completely secure and privacy-preserving means.

This is precisely the kind of interaction that #selfsovereignidentity enables for CeFi and DeFi (and so many more!) use cases 💪

Our CEO @fraser_again described the idea of confirmation of payees for crypto transfers and how @cheqd_io‘s technology can play a role in CeDeFi in this blog post we collaborated on with @unizen_io 👉

"But what about sending crypto transfers only to human-readable wallet destinations, such as .eth addresses?", you ask 🤔

For starters, forget any shred of privacy for transfers in/out of well-known .eth address that are tied to your real identity 😔

Also, just because a .eth address was registered at SOME point in time and claimed by a "real" identity (say, by publishing it in Twitter display name) does NOT mean the wallet is still in control of the original owner at a later date.

SSI credentials provide an alternative 🧐

Self-sovereign identity credentials can also provide assurance the credential was *actually* issued to the individual presenting it to someone else.

This is artfully explained by @brent_zundel in this blog post 👉

The crypto industry needs a better way to handle digital identity.

And at the same time, digital identity – which will increasingly move towards a user-centric model – will need business models that crypto rails can enable. 🤓

It remains to be seen whether the remainder of the #PolyNetwork funds are recovered.

We hope it does for the sake of the community who are anxious about being made whole 🙏🏽

And one day, perhaps, we'll be able to know the ending of this saga…

Originally tweeted by (@cheqd_io) on 13 August 2021.