Stream: smart/health-cards
Topic: Smart health cards: QR code
Marjorie Rosario (Nov 10 2021 at 18:06):
Hi everyone,
New to stream so will apologize ahead of time if this has been discussed. Our Corporate Compliance department has a concern with the paper QR code. Can anyone scan QR code or does it require a special device by the venue to scan and retrieve info? The concern is that data would could fall into the wrong hands.
JP Pollak (Nov 10 2021 at 18:51):
welcome @Marjorie Rosario !
the concerns are correct: since the spec is open and the QR codes contain all of the data necessary for decoding and reading, absolutely anyone can scan a SMART Health Card and access the data with a camera and the right software. the 'right software' could mean a PHR app that supports the spec, a scanner/ verifier app, or code someone has written themselves.
that makes it pretty hard to regulate the scanning of QRs. we do have a handful of strategies that while far from impenetrable, can help:
- VCI has published a code of conduct for verifiers, and will remove anyone found violating that code from VCI
- Google and Apple have specific requirements for apps that deal with COVID vaccination or testing, in some cases requiring endorsement from an appropriate jurisdictional government to be allowed into the app stores
- there are free verifier apps and tools made by VCI members and by NYS that at least have good data/ privacy hygiene and are widely used
- governments could regulate the verification of SMART Health Cards, limiting businesses to the use of approved apps only
JP Pollak (Nov 10 2021 at 18:54):
oh- the other strategy is user education!
Josh Mandel (Nov 10 2021 at 18:54):
The FAQ at https://smarthealth.cards/faq.html explains some of this from the consumer perspective as well
Last updated: Apr 12 2022 at 19:14 UTC
