spinofflive
IMAGE: TINA TILLER
IMAGE: TINA TILLER

InternetNovember 9, 2021

Vaccine certificates are coming. Here’s how they’ll work

Contributing writer
IMAGE: TINA TILLER
IMAGE: TINA TILLER

Late last week, the government provided more details about its vaccine certificate system. For IRL, Dylan Reeve explains how My Vaccine Pass and My Covid Record will work, and why there’s no need to panic about privacy or security. 

OK, let’s start with My Covid Record. What is it?

It’s a website, and soon-to-be smartphone app, which you can use to access your Covid vaccination history (Covid test results will also be added in the near future.) It’s like the little card you got with your jab, but you can’t accidentally put this one through the wash.

Alright, what about My Vaccine Pass?

That’s a vaccination certificate that can be generated from the My Covid Record site, to prove your vaccination status to any restaurant, shop, bar, airline and gym that requires you to be fully vaccinated to enter once the traffic light system comes into effect.

My Vaccine Pass will launch before the end of November, or so we’ve been assured.

The names are really clunky and repetitive.

Oh trust us, we know.

How will the vaccine certificate work?

Using a free smartphone app, businesses and other organisations will be able to verify the validity of the My Vaccine Pass you show them. The app will tell them your name and date of birth, much like our other ID documents do, and the fact you’ve been vaccinated – but not when, with what, or by whom.

Random strangers have no right to access my medical records!

That’s true. We’re facing unique circumstances, though, and like it or lump it, soon businesses will be permitted to verify your vaccination status in order to grant you entry to venues or access to services. To be clear, they won’t be able to access your medical records, but they will be able to ask you to show your vaccine pass, and if you can’t or won’t, you’ll likely be denied entry.

Is the website safe? I heard it was insecure…

There are some claims floating about the internet that My Covid Record is insecure, but we’d suggest you take them with a grain of salt.

These claims tend to be based on results from basic online security screening sites, which gave some aspects of My Covid Record a low score based on decisions the developers made not to use all the very, very latest technologies for aspects of the site’s underlying communication protocols. Without getting into the weeds too much, those tests don’t take into account the risks the site is likely to face given its function and design, nor the tradeoffs the government needed to make to ensure the system is as accessible as possible to New Zealanders, including those using older devices. None of the issues those tests have identified are fundamental security risks.

To put your mind at ease, consider that every online banking website in New Zealand (for example) scores equally poorly on those tests, but their online services are very secure. Plus, as part of the development process, the Ministry of Health hired outside expert consultants to conduct a detailed study on the security of the site and the technology that underpins it. While the study result isn’t public, the process requires that any identified security issues are rectified.

OK, but is it safe?

Yes. Like anything online, there’s always some security risks, but every reasonable precaution has been taken to protect the system.

Do I really need the certificate? My cousin who makes websites said he could make a fake version.

The Ministry of Health is one step ahead of your cousin, and has adopted measures to prevent forgery. My Vaccine Pass will show a QR code that contains your name, date of birth, and the digital equivalent of one of those fancy holograms they used to put on credit cards. When the QR code is scanned, the verifier app will confirm that the pass is valid and the details it contains are correct. Any forgery will be immediately identified.

Admittedly, no vaccine certificate system, short of issuing us all with physical passports, is going to be totally foolproof, and a motivated fraudster will be able to fake just about anything. But there are safeguards in place, including the law: anyone faking a vaccine certificate will face fines, according to Covid-19 response minister Chris Hipkins. 

I don’t have a smartphone. Am I locked out of the scheme?

You can access the My Covid Record site on a computer. Or a tablet. Probably even on some smart fridges. 

While the final details aren’t public yet, it should be simple from within My Covid Record to generate a copy of your vaccine pass that you can print out or save to your phone. 

But if device access to My Covid Record isn’t practical for you or a loved one, the Ministry of Health will also make a good old-fashioned paper-based version – probably complete with long holds on the phone and annoying forms to fill out.

Is this just a way for the government to track me?

Um, no. It’s just a way to demonstrate your vaccination status. In fact, the verifier app that will be used to check My Vaccine Pass doesn’t need to be connected to the internet to validate the pass, and won’t be sending back data about your movements or storing information about the passes it has validated. 

What do I need to do now? 

More Reading

    There are two main things you need to do in order to get ready to use My Vaccine Pass when it launches: get vaccinated, and sign up for My Health Account (absolutely cursed naming system, we know). A My Health Account allows you to sign in securely to online health services, and you’ll need it to access My Covid Record, from which you can generate My Vaccine Pass. Clear as mud?

    The My Health Account signup process can be a little laborious. If you already have a RealMe it’ll be a bit easier, but otherwise you’ll need to provide a raft of personal details and provide supporting identity documents, so it’s probably best to get started soon. The good news is that once you’ve jumped these boring administrative hurdles, freedom awaits – or at least, the closest approximation available during the plague times. 

    An earlier version of this article made reference to “an IT security expert” and claims he made about the security of My Covid Record. Those references have been removed. 

    Keep going!
    Sunset image with description "A beautiful sunset"
    A SCREEN READER DESCRIBING A BEAUTIFUL SUNSET. (IMAGE: ARCHI BANAL)

    InternetNovember 5, 2021

    What it’s like navigating the internet when you’re blind

    Guest Post
    Sunset image with description "A beautiful sunset"
    A SCREEN READER DESCRIBING A BEAUTIFUL SUNSET. (IMAGE: ARCHI BANAL)

    Neil Jarvis is obsessed with the internet. He’s also totally blind. For IRL, he discusses online shopping, why screen readers are a lifesaver, and how evil CAPTCHA systems are. 

    As told to Shanti Mathias.

    Online grocery shopping changed my life. I’d been going to grocery stores forever, but it was an experience full of friction: I was reliant on someone else to lead me around the shop, and always felt so conscious of taking up their time. I couldn’t see the products or what was on special, and I had a very narrow view of what was in a supermarket. 

    It would have been the late 90s when I started doing online grocery shopping, and the first time I searched for “milk” or “cornflakes”, it blew my mind how many options there were. With an internet connection and a screen reader, the world became bigger.

    People think blind people struggle to know where they are and who they’re talking to, but we’re good at being oriented. My challenge is accessing information sighted people take for granted. When I was a child, I desperately wanted to read books like my brother could; I used to bribe and con anyone nearby into spending half an hour reading to me. I’ve never forgotten that frustration. 

    To make navigating the internet possible, I use a screen reader. These devices take the information that goes to the monitor sighted people use, intercepts it, and presents it through synthetic speech, electronic braille, or both. I listen to the synthetic voice and control what gets read with keyboard commands. I can’t use a mouse, by the way – you can’t click on things if you can’t tell where the cursor is.  

    NEIL JARVIS, WHO IS TOTALLY BLIND, USES HIS PHONE IN A BUSY CAFE BY LISTENING TO IT WITH EARBUDS. (IMAGE: SHANTI MATHIAS)

    To make using a screen reader efficient, I set it to 320 or 330 words per minute; normal speaking speed is about 100 words per minute. When I demonstrate this to people as part of my digital accessibility work, they’re always surprised.  

    Screen readers can be prohibitively expensive. We’re talking thousands of dollars, and you have to keep updating the software. There are free ones, but I like to use a range across my different devices – I’m the king of the Swiss army knife approach. 

    Technology makes so many things possible for me. With the internet, I can do my own research, banking and shopping, and I get lost for hours on Wikipedia. I get sucked in by old TV programmes on YouTube. I can satisfy the desires of that 10-year-old child who wanted to read. The internet has given me greater independence, which means the world to me. 

    These days, there’s lots of entertainment with features for people who can’t see. Most Netflix movies will have an audio-described option, which helps when you can’t see the expressions on people’s faces. I also love YouTube. The screen reader asks, “Are you interested in this?”, and thanks to the algorithm, I nearly always am.

    Still, it is hard missing out on the visual aspects of the internet. When people first started putting resources online in the 90s, they would post photos of forms and newspaper articles, because nobody thought that the internet would really replace paper. It’s just awful for me when something is presented as an image; I can’t work with images at all. The analogue today is the rise in visual data journalism. I’m sure those charts are useful and interesting, but I always hope for a table or some words to accompany them, so I can know what’s going on. 

    I’m not an Instagram user, because I’m not interested in looking at pictures of people’s dinner unless they describe it… well, even then I’m probably not interested! Lots of news comes with videos that autostart: if you go to the New Zealand Herald’s website, they’ll start playing a tangentially-related video and there’s no clear way to stop it, so I just have to close the tab. 

    That’s thoughtless design, but it’s the CAPTCHA systems that are truly evil. Imagine being told to click on an image to prove you’re a real human and not being able to do that. I understand their purpose, but there are better ways to achieve it. If using a digital service means negotiating a CAPTCHA, I’m simply going to go elsewhere. The bots will get the better of them in the end, anyway. 

    I probably have too many apps on my phone, but I’m always loath to delete them; maybe 15 or 20 are accessibility related. Half a dozen of my apps describe photographs, which has been a total revelation. I’ve been able to load a picture of my grandfather to get a sense of what he looked like in his prime. We were very close, and he died when I was young.

    I use technology all day, every day. I take Ubers, I check the weather, I navigate to new places. The Covid Tracer app is a great example of an accessibility challenge: I try to be assiduous about scanning in, but I don’t know where the codes are, and if I need to give my phone to someone else to assist me, it defeats the purpose. Paying for items is another challenge. I usually use my Apple Watch or phone, which is so much easier than paying with cash I can’t see, but I have to wave my hand around in the air or have someone guide my arm towards the Eftpos machine. I’ve learned to navigate lots of little complications like that. 

    The things that technology makes possible for me, I want to be possible for everyone, even those who aren’t as comfortable with digital devices as I am. There are so many things content creators can do to make the internet more accessible, and it’s not much extra effort. Label your links so I know what I’m clicking on; don’t just say “click here”. Describe your images so that people who can’t see know what the image contains. It makes such a difference. 

    Accessible digital content is life changing. It’s been 30 years since I started using bulletin boards on the early internet and first did my Christmas shopping online. But after all this time, I still wake up every morning and think: “Isn’t the internet marvellous?”

    Have you been the victim of a catfishing or online scam? Do you make your living in the gig economy? Got a great yarn about the internet? Get in touch with us at irl@thespinoff.co.nz. 

    Internet