Questions to the community regarding vaccination certificate #489
Comments
dsarkar
added
feature request
|
This is closely related to the wishlist item "Integrate with EU's Digital Green Certificate (COVID-19 certificate) for vaccination, recovery and test" #424. I guess that it is more practical to have a digital vaccination certificate in an app separate from CWA due to privacy matters. I assume that CWA will continue to be privacy preserving and anonymous. A vaccination certificate on the other hand must be linked explicitly to a person (name, date of birth, maybe also home address) in order for it to have any value, so I can't quite imagine how that could work if the certificate were to be stored inside CWA. |
Although this is true, the upcoming version 2.1 will include this information for quick tests (if you want this). So it would not be something completely new. |
Do you know how privacy will be handled in the planned 2.1 release? So far the privacy notice said: "The app’s entire system has been programmed to process as little personal data as possible. This means that, when you use exposure logging, warn other users, or retrieve a test result, the system does not collect any data that would allow the RKI or other users to infer your identity, your name, your location or other personal details." |
I don't know how exactly they will handle the privacy, I can only tell that they plan an integration which contains personal data (Source). But from PRs I saw (here & here) there are definitely plans that you can use the rapid test registered in the app as a proof of a negative test. |
|
Thanks for the links! It seems that my assumption that CWA will continue to be completely anonymous is not true. It looks like it must change with the release of 2.1 if a user can optionally provide name and date of birth for rapid test information. I took a look at the Google COVID-19 Exposure Notifications Service Additional Terms and it seems that so long as personal data is provided optionally, then it is OK. It would be good to hear an official answer about this. |
|
Yes, I agree with you that there should be an official answer. May I suggest to either remove the article or change it to another one? It says: "Die Deutsche Telekom, die zusammen mit SAP die Corona-Warn-App entwickelt hatte, kommt damit diesmal nicht zum Zug." Everybody who reads this will ask him/herself why you still ask these questions here. Also, this article contradicts what has been written from n-tv here and also what seems to have been confirmed by the BMG (see this Tweet). |
|
@MikeMcC399 @Ein-Tim Thank you very much for commenting here. I removed the article as suggested. At this stage I have to refrain from commenting or speculating which features will be implemented in future. Such communication is usually done via the blog articles. However, in general, we have seen in the past that we live, let's say, in a quite dynamic situation, where things can be re-evaluated. In the first place, these are questions in order to explore in more detail the topic from the community's perspective. The opinion, input, comments, etc of the community regarding this topic will be forwarded internally. I hope that helps for the moment. Best wishes, DS |
|
I think as long as the integration of the vaccination pass is optional, it should be integrated, because I only know people, who say, that the CWA is to privacy oriented and they rather wish more features. |
|
I'm a strong believer in keeping things simple. So I'd prefer a choice of two apps:
If I want to remain anonymous I'd use the CWA and a paper green-pass. And if I didn't trust anyone I'd use the paper green-pass and nothing else. Trying to explain to friends the difference between decentralized, centralized, anonymous, pseudonymous and identifiable and the repercussions of these aspects would be beyond me. The CWA and its development was a huge breakthrough and success in terms of public sector paradigms for code-development and it would be a shame to compromise this or breach the trust it has built in any way. |
|
@alanrick Do you think it's hard to tell the public, that the feature is optional, which would be enough IMO, or all the details? |
|
Yep. Personally I think that's hard. I've seen critical Twitter posts showing screenshots of optional fields in the Luca App. |
|
If there was a setting that prevented personal data being imported, then that would in effect be both apps in one. With that flag set, you couldn't use the CWA as a green-pass, but you'd receive test-results directly and anonymously (as is the case currently). I suppose it also depends on how the personal data reaches the app. If it's added by the lab-technician/vaccinator then that means personal data is available (perhaps only temporarily) on the CWA servers. Even if it's encrypted that's a bit of a game-changer. But if it's imported directly into the app (e.g. qr-code) then that messy aspect is bypassed. I checked how it's done in Israel but my interpretation of their process is that the data is maintained centrally before it makes its way to the user's phone. |
|
Even if it has to be stored on a centralised server, what I don't think, is it not influenced by an integration by the CWA, the green pass will come in every case. |
|
But I do support a switch like that, would make it probably easier to explain to the public. |
|
I can see "Data privacy update & default update (EXPOSUREAPP-6098, DEV)" corona-warn-app/cwa-app-android#2990 listed in the changes for the Android v2.1.1-RC1 release candidate. The file https://github.com/corona-warn-app/cwa-app-android/blob/release/2.1.x/Corona-Warn-App/src/main/assets/privacy_en.html has been updated. The section I quoted in #489 (comment) now says: 5. What data is processed?The app’s entire system has been programmed to process as little personal data as possible. This means that, when you use exposure logging, warn other users, or retrieve a test result, the system does not need to collect any data that would allow the RKI or other users to infer your identity, your name, your location or other personal details. The only exception to this is the optional feature for proving a rapid test result, which allows you to display a confirmation issued in your name for negative rapid test results (see Section 6 c.). So "does not collect" has been changed to "does not need to collect" and the final sentence "The only exception to this is the optional feature for proving a rapid test result, which allows you to display a confirmation issued in your name for negative rapid test results (see Section 6 c.)." is new. |
|
Wow! Radically changing the AGB mid-term is very brave. Remember what happened when WhatsApp last changed theirs. It's fodder for the conspiracy theorists, particularly as in practice the certificate might include date of birth, for example, which some might see as a breach of trust in respect to the "in your name" statement. I can't judge the repercussions, but it is an argument for a 2nd alternative app as I suggested above. Google/Apple do allow this, but their permission is required. Other aspects that spring to mind are:
|
|
First of all, anybody can continue to use the app the same way they are using it today, so there is nothing forced here. Use of additional functions is optional. Rapid test results can be proven on paper instead of digitally, and for those who don't want to use an app for this, I'm sure there is also the mixed-mode solution of taking a photo of a paper proof to show it to whomever is interested. From what I've read in the link https://github.com/corona-warn-app/cwa-quicktest-onboarding/wiki/Anbindung-der-Partnersysteme#variante-mit-pers%C3%B6nlichen-daten which @Ein-Tim posted, there is a rapid test option with and without personal data. This is getting a little off topic from the original issue of vaccination certificates and maybe needs to be discussed separately under the subject of rapid tests. |
|
... paper instead of digital... My concern remains, keeping the vector of attack for conspiracy theorists as slim as possible. |
|
This PR confirms the upcoming implementation of vaccination certificates : corona-warn-app/cwa-app-ios#2584 ("Add Vaccination Certificates QRCode Scanner"). |
|
Thanks @Ein-Tim |
|
I think so, since you can use it paper only too. Ps. And I read an article stating this but can't find it anymore. |
|
@dsarkar Thanks for asking this here. I'm a bit "late to the party", but here's my thoughts: I am happy with seeing the Corona-Warn-App develop into a powerful multi-tool regarding different aspects of fighting the pandemic. Leaving the question of whether vaccination certificates should exist out of the question, as it is one that politics has already answered; and specifically within the context of other apps also providing this feature and the promise to provide a paper equivalent – it would be great if users had the option to also load their proof of vaccination into the CWA, because then users would be directly motivated to keep the app installed after their personal vaccination. One important point that the app should clearly communicate is that it is still possible to get infected after being vaccinated, and remind them of this whenever a high risk warning is shown. An important issue regarding this topic is #457. |
|
I do think that's important. You can't underestimate the scepticism of the public when it comes to public sector software. E.g. this survey result. I guess the bottom line is that people who are already using the app are savvy enough not to worry about their data and won't abandon it, and some of those who aren't savvy will nevertheless start to use it for the convenience of a digital certificate. Apologies for all these posts, but feedback was requested. |
|
The link below contains information dated March 18, 2021 when I checked it today so I don't know whether it is completely up-to-date or not: Bundesministerium für Gesundheit (BMG) - Fragen und Antworten zum digitalen Impfnachweis |
|
I am actually really looking forward to the day where CWA integrates rapid tests and the vaccine certificate. I am working at the front desk of an elderly home and it is becoming more and we have to check the negative rapid test certificate of each visitor. With the new announcements made by Söder, that fully vaccinated people do not need rapid tests any more, it will for sure become more complicated to distinguish between valid and non-valid analoge certificates. Actually it is already not that easy right now with the rapid tests as each provider has its own way of delivering (printed out, email, sms) and formatting the certificate. So we are already eagerly awaiting the new implementations, if visitors do use them they will make our lives a bit easier. Some things we would need for the certificate to have a benefit compared to a paper solution:
|
According to this article, it would even get CWA a lot of new users: https://www.heise.de/news/Umfrage-Digitaler-Impfnachweis-macht-Corona-Warn-App-attraktiver-6028463.html |
|
@dsarkar |
dsarkar
added
Fix 2.4
|
@MikeMcC399 Ok, we'll close now. Corona-Warn-App Open Source Team |
|
Dear community! Thanks for all the contributions! Best, DS |
Dear community,
Regarding a possible digital version of vaccine certificates, what question, concerns, thoughts, requests, opinion ... do you have?
A few bullet points:
Many thanks! Best wishes, DS
Corona-Warn-App Open Source Team
Related issues
#312
The text was updated successfully, but these errors were encountered: