As a way of helping stadiums and concert halls reopen safer, faster and at greater capacity, the state has rolled out a smartphone app that confirms whether someone has received a COVID vaccine or recent negative test for the coronavirus. But one expert contends that the platform's privacy policy fails to outline how secure the app really is.
"It's really just high-tech hydroxychloroquine," Albert Fox Cahn, an attorney and founder of Surveillance Technology Oversight Project—an advocacy group ensuring privacy rights are upheld—said of the "Excelsior Passport" app.
The app officially launched Friday following a trial run involving thousands of New Yorkers testing the program. The Excelsior Passport is the first of its kind to be rolled out in United States and allows specific sites that administer COVID vaccines or test for the coronavirus to upload the data to the app.
The app, produced by IBM in partnership with the state, functions similar to a virtual airline boarding pass. Activating the passport produces a secure QR code that can then be shown and scanned by a participating business or venue using a companion app to confirm someone has been vaccinated or recently tested negative for the virus. A pass can also be printed and shown at the door. The state said other types of proof can be used at the door as a way of "reducing any barriers to usage."
So far, big venues such as Madison Square Garden in Manhattan have announced they will begin using the technology over the next few weeks, with owner James Dolan saying the app is "critical to New York's recovery." Users who don't have a smartphone can also bring physical documentation from a healthcare provider showing they either received a vaccine or tested negative for the coronavirus.
The hope is to decrease virus transmission in large venues and even allow them to operate at greater capacity as the state's reopening moves along. In a statement, Governor Andrew Cuomo said Excelsior will allow "more sectors of the economy to reopen safely and keeping personal information secure."
The state is opening the use of the Excelsior Passport to smaller venues in the arts and entertainment business beginning April 2nd. The roll out of the app comes just weeks after the state announced that baseball stadiums can start the seasons with limited numbers of fans in the stands beginning April 1st. Venues that do use the technology will be allowed to open at greater capacity. Those that don't will continue to face more stringent capacity restrictions.
IBM and the state insist user data will be kept confidential thanks to the use of blockchain technology, which records public data that can then be safely stored in a variety of database. But Cahn told Gothamist/WNYC that the fine print does not explicitly state how the data is tracked or safeguarded.
"I have more detailed technical documentation about the privacy impact of nearly every app on my phone than I do for this health pass," Cahn said. "IBM and the governor are using lots of buzzwords, but they're not explaining their cryptographic model. They're not explaining the security, implementation. And on top of it, the pass itself is incredibly revealing, disclosing not only people's health status, and name but their date of birth."
Cahn said there are no guarantees listed on the terms of service determining whether the information won't be accessed by police departments or the Immigration or Customs Enforcement agency.
Cahn specifically pointed to the application's terms and services, which he said "have absolutely nothing to do with this type of app" and don't specifically cite the type of blockchain technology—including public, private, consortium, or hybrid–IBM utilizes.
"I know that it's very easy for this to come off as sort of alarmist or as over the top," Cahn said. "But, no, usually when I'm pushing back against these apps, I'm pushing back on the periphery; I'm making mild critiques. This is just like, my jaw hit the floor when I read how poorly this policy was written."
Cahn also criticized the state's use of a system requiring a smartphone, which he said creates a new form of "digital segregation" since it would exclude the millions of New Yorkers who lack a smartphone.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.