Subscribe
E-Paper
 |
These people would be able to go about their regular pursuits and provide a minimum critical threshold of economic activities to keep the system functioning until the world develops a vaccine or anti-viral drugs to mitigate the public health risk enough to usher in a new norm.
While the concept is simple, the execution is filled with devilish details. There are many questions that such a system would need to be able to answer. Trust is paramount in such a system. Therefore, the "immunity passport" system has to be designed in such a way that it conveys absolute confidence that the holders are who they say they are and are entitled to this "all clear" status. Worse, since these "passports" now carry economic value and confer certain benefits (i.e. access to movie theaters, restaurants, etc.), they become targets of fraud in which the result is not just the financial losses of individuals and companies, but literally the life and death of millions of citizens.
This is an identity management problem at a global scale. What potentially hangs in balance is our way of life. It doesn't get much bigger than this. From identity management perspective, here are some of the touchpoints that would need to be addressed at a high level.
First, how do we establish the identity of the individual? Do we base it off existing paperwork such as birth certificate, driver's license, naturalization papers, passports, etc.? Which one is more universal and trustworthy? How do we know that the proffered paper document is real and not fake (i.e. are there any security features that we can authenticate or source of truth database we can ping)? Is there biometrics in the paper documents or source data that we can use to tie the paper unequivocally to the individual, such as photograph, fingerprints, etc.? Does this individual actually have real life records that we can verify to prove the identity as a living person who has left behind normal records (i.e. addresses, credit history, etc.) that we can check? And does that individual in those records match the individual in the paperwork who matches the person sitting in front of me? Only when these questions can be answered does a trusted identity become established.
Second, who does the adjudication of the person's immunity status? Is that a centralized organization (State Dept for passports) or distributed authorities (i.e. State DMV's for driver's license in the U.S.)? Then how do we deconflict identities and ensure that there are no redundancies? There are lots of John Smith's in the U.S. How do I know that the John Smith in Utah is not the same John Smith in California? And once the adjudication is done, how is that special health status issued to the person? Another physical license with special marks? A piece of paper signed by the doctor? Or is this some type of a digital ID provisioned directly onto your smart phone? By the way, how do you manage revocation, expiration, and renewal? Even thornier, how do you deal with lost or stolen licenses, if they are physical credentials? How long does it take to mail out a new physical card anyways?
Third, how does a movie theater, restaurant, or hotel verify your immunity status? Flash an immunity badge? Present an ID? How do they know it's legit and not faked? Even if the document is legit, how do they know that it's your document? If it's a digital document stored on a mobile device, how do they know that it's not a photoshopped image or PDF? Is visual inspection enough or does there need be some type of a digital transmission that has to happen (i.e. Apple Pay) between the device and reader?
Of course, the biggest question that underlies all the above is the one about privacy, civil rights, and cybersecurity. How do we balance the need for public health and economic wellbeing with sacred individual rights?
Unfortunately, at this point, there are far more questions than answers. With the current proliferation of smart phones in industrialized nations, any real-time identity management system would inevitably involve mobile ID's of some type. All the processes that has to support the management of physical credentials cannot be agile enough to support a real-time management need for immunity passports. Countries are already using smart phones and wearables to track people in order to isolate potential sources of contagion and actively manage the spread. Identities and associated attributes that confer certain authorities and benefits (i.e. driving privileges, first responder, etc.) are going digital and mobile.
Fortunately, crisis is an opportunity for innovation. Even if we don't implement an immunity passport-like concept, it's time to start thinking about digital identity as a critical public infrastructure that we can leverage to bounce back from this challenge and ensure that we are more prepared for the next one.
Jason Lim (jasonlim@msn.com) is a Washington, D.C.-based expert on innovation, leadership and organizational culture.
