April 3, 2021
Open Standards and Proven Technology: Why Skyflow Joined the Vaccination Credentials Initiative and PathCheck Foundation
With the increasing vaccination rates of recent months, we are beginning to see the spread of Covid-19 come under control, bringing hope that the pandemic era may soon come to an end.
However, until we have vaccinated nearly 100% of the world’s population -- a laudable goal that will take months, if not longer, to achieve in the U.S. alone -- reliable vaccine “passports” that make it easy and quick to prove one’s vaccination status are the best path to help reopen the economy and re-normalize our lives. This would make travel, entertainment, and other activities safer, and lessen the need for testing and quarantines.
Today Skyflow joined the Vaccination Credentials Initiative and the PathCheck Foundation, two organizations leading the establishment of open standards and global best practices for Covid-19 passports and other digital solutions. By partnering with both, we can ensure our own Covid-19 solutions are aligned with those standards and best practices.
Thoughts on the Ideal Vaccine Passport
For vaccine passports to be effective, they must be interoperable, so open standards for how vaccinations credentials are created and verified, and how they are shared are critically important. It’s also important that they be reliable, and this means being built on proven technology. And a foundational principle of these apps is data privacy and compliance: they must have the highest standards of protection for the health and personal data they use, and they must comply with all the relevant data regulations, including HIPAA, PCI and others.
There are no current compulsory mandates for Covid-19 vaccine passports today, and we do not believe there should be. Instead, vaccine passports should be available as an option to vaccinated individuals and organizations who may find them useful. The model for vaccine passports should be things like the Global Entry program or TSA-PreCheck; they are 100% optional and designed to facilitate easier flow of information and travelers.
Proven Relational Database Technology, Not Blockchain Hype
Skyflow was founded with the mission of enabling data privacy for any organization handling sensitive personal information (PII, PHI, or PCI data). When we founded the company, we focused on industries where data sensitivity is the highest -- banking, insurance and healthcare. When the Covid-19 tsunami hit last year, we decided to offer our technology to help with timely and critical state-wide testing and vaccination program rollouts. Using our tested technology, several cities and states were able to test and vaccinate while adhering to the highest privacy standards.
The hype around vaccine passport initiatives has attracted a lot of poorly thought out approaches, and some not so well built solutions. Certain large companies have been marketing yet-to-be-proven technologies like blockchain as some kind of panacea.
For many decades the healthcare and aviation industry has run on relational databases to power electronic health record (EHR) systems and airline software. Given the success of proven and tested technologies at a large scale, it was very clear to us that a platform for enabling the vaccine credentials should be built on proven technologies, like the relational database, encryption, and data vault technologies of Skyflow.
Privacy and Proof, Not False Dichotomy
We don’t need to buy into the false dichotomy of having to choose between privacy rights, and the ability to prove that we got vaccinated. Using well-known cryptographic techniques, you can enable “zero knowledge proofs” -- which is a fancy way of saying I can tell you that you are over 21 without having to know your exact date of birth. (It’s more technical than that but you get the core idea.)
Skyflow was built to enable computations, workflows and shared analytics without having to decrypt the data by leveraging these modern cryptography techniques.
Open Standards and Voluntary Participation, Not Monolithic Mandates
When you get a vaccine credential from, say, the state of Utah to travel to Hawaii, the airport or the hotel in Hawaii should be able to not only validate the credential but also know that it was issued by a legitimate entity.
This is where standards bodies working closely with state, federal and international organizations can truly help. Just as private and non-profit bodies like ICANN, Visa and SWIFT help make sure that we can use our credit cards globally or wire money to any bank anywhere, or send email from a U.S.-based carrier to an email address in Germany (.de) - we need a way for these vaccine credentials to be globally portable.
Skyflow was built from the very beginning on open technical standards like REST, SQL, FHIR, and others, and we have taken the same approach with Skyflow’s Covid-19 solutions, including our vaccination passport. We have joined the Vaccine Credentials Initiative (VCI) and are also working with other leaders on open standards such as the PathCheck Foundation. No single standard is going to solve all the challenges or be accepted everywhere, but Skyflow will support as many leading standards as possible. Because only open standards and collaboration across non-profits, governments, and private industry will lead to practical apps that people will choose to trust with their private data.
What Comes Next
Over the coming weeks, various public and private organizations have to work together and operationalize this infrastructure to enable our residents the ability to access these vaccine credentials, should they choose to do so. The scope of this task is enormous; organizations and programs like Global Entry and TSA-PRE, or Visa and SWIFT, took years to build and decades to get meaningful adoption.
We must build on proven technologies and open transparent standards so we can make this a huge success.