Analysis and commentary
Catherine Riva, Serena Tinari – Re-Check.ch | Jannes van Roermund
November 24, 2021

Lire l’article en français (en ligne) / Den Artikel auf Deutsch lesen (online)

The use of the Covid-19 certificate today is limited to coronavirus-related statuses. But, as our research and in-depth interviews with specialized researchers show, powerful commercial and governmental players are eager to transform this device into a digital identity wallet (e-ID). Our investigation shows that this shift is underway and induces a profound paradigm change which calls for an urgent societal debate. Unfortunately, this debate is stifled by the regime established in the name of the crisis. Finally, this exclusive by Re-Check shows that the Swiss authorities do not exactly manage the sensitive data of COVID certificates the way they claim.

Many countries have introduced a Covid-19 certificate system which can allow to travel, and in many instances participate to social life, up to being able to work. This three-parts series by Re-Check in collaboration with Dutch investigative journalist Jannes van Roermund digs deeper in the functioning of an unprecedented tool that links medical data to freedom of movement. In this first episode, you’ll learn about the meaning of “function creep”. Additionally, it contains an exclusive about Switzerland. Re-Check was delivered a leak, the recording of a zoom meeting between government officials and players participating to the deployment of the Swiss COVID certificate. Our research and the exchanges we have had, and are hereby publishing, with the Swiss Ministry of Health show that sensitive data are stored. And this hasn’t been transparently communicated to the public.

The implementation of Covid-19 certificates is welcomed by an array of commercial and governmental instances that are since years working on the introduction of e-ID systems. Digital identity or e-ID is a digital solution that allows citizens to prove their identity. It links a unique identifier to a set of attributes stored in digital form (name, date of birth, gender), which are themselves linked to credentials. Also, medical thus confidential data of Swiss citizens being issued a Covid-19 certificate are stored with the facility that performed the test or the vaccine, coupled with the UVCI, a unique certificate identifier of every Covid-19 certificate.

Analyse et commentaire

In the summer of 2021, many industrialized and emerging countries have introduced a Covid-19 certificate system. Depending on the country, this device is also called health pass, green pass, health pass or vaccine passport. Equipped with a QR code, it is reserved for people who have either received a Covid-19 vaccine, or who have recovered from a SARS-Cov-2 infection, or who have tested negative for SARS-CoV-2. At the time, Re-Check published “Democracy in Pandemic Mode: The Strange Case of the COVID Certificate”. Almost six months later, we are back on this topic with a three-part series. Its objective: to explore in detail the issues related to these certificates with researchers specialized in the critical analysis of surveillance and technologies, but also to highlight the ghost-management mechanisms that certain interest groups have developed to advance an agenda in which the Covid-19 certificate plays a key role.

Analyse et commentaire

First episode: Function creep and transparency “à la carte”

From September 2021, the scope of validity of the Covid certificate has been successively extended in most countries. In Switzerland, for example, since September 20, 2021, only holders of this QR code can access cultural, sports, gastronomic and indoor leisure facilities. It is also mandatory to participate in higher education and to visit hospitals, or even to just go to work in the case of nursing staff in some institutions, or teachers at universities. The days of the antigen test as a way to obtain a Covid-19 certificate seem to be numbered: since October 2021, the media have regularly reported “voices stipulating” that only vaccinated or naturally immune persons shall obtain it (2G regime) (1) (2) (3), ), as is already the case in Austria and in some German states.

Today, the Covid-19 QR code is no longer just a “modern, simple and secure” solution that, as we were told a few months ago, was supposed to “open up the world and give people the opportunity to travel again”: it has become an indispensable prerequisite for participating in society.

But what exactly is its function?

According to the governments that introduced it, it would play a key role in controlling the epidemic. However, one wonders how they can be so confident, since the widespread deployment of Covid-19 certificates was carried out without any prior study to assess their benefit/risk ratio. In other words, there is no evidence of the effectiveness of this system in terms of public health.

This fundamental information remains largely ignored and leaves the field open to a journalism in pandemic mode and to an out-of-control Covid-19 “science”, which perpetuate a toxic climate in which debate is becoming increasingly hardened.

On the other hand, wherever it has been implemented, the certificate is received controversially and divides society. Since the beginning of autumn 2021, not a week goes by without demonstrations in the countries subject to its regime. It is therefore legitimate to ask: why is this system maintained despite the unprecedented tensions it causes (4) (5) and why is its scope extended, when there is no scientific evidence for it to bring about any benefit?

An important dimension of the Covid-19 certificates is progressively and openly being put forward  by the governments and the mainstream media: the adherence of the population to vaccination. After having tried to convince people with “positive incentives”, like cake, money, alcohol and even firearms , governments around the world are now relying on the philosophy of “negative incentives”.

The authorities justify this by saying that the increasing restrictions imposed by the Covid-19 certificate on freedom of movement and participation in society are an effective way of encouraging or even forcing more people to get vaccinated. This modus operandi is severely criticized by many public health experts. Like Allyson Pollock, a professor at Newcastle University, who considers the Covid-19 certificates to be a “ridiculous, discriminatory and disproportionate” measure.

At the same time, it is obvious that for pharmaceutical companies, a mandatory Covid-19 vaccination would represent a unique windfall, given the extraordinary profit it would guarantee. In fact, by coupling this with a necessary booster every 6 months to extend the validity of the open sesame to a relatively normal life, Covid-19 certificates represent the recipe par excellence for products that generate a constant pay off, an objective that all companies pursue.

Indeed, let’s not forget that for the makers of Covid-19 vaccines – Pfizer/BioNTech and Moderna in the lead – the coronavirus crisis represents a fabulous goose that lays golden eggs. In 2019, the pharmaceutical industry could already boast of a historic first: to have succeeded in a few years in raising vaccines to the rank of blockbusters, that is, products that generate at least 1 billion dollars per year. Sales of the HPV vaccines Gardasil and Gardasil9 (Merck) had reached more than 3 billion dollar and those of the pneumococcal vaccine Prevenar13 (Pfizer)  almost 6 billion dollar. Re-Check has been investigating for more than a decade how the launch of HPV vaccines initiated the metamorphosis of this class of biologics, definitively putting to rest the stale myth that “vaccines don’t make money for pharma”. But today, Gardasil, Gardasil9 and Prevenar13 would almost seem like small players compared to the staggering amounts of money expected to be generated by Covid-19 vaccine sales in 2021: 19 billion dollar for Moderna’s Spikevax and 33 billion dollar for Comirnaty (Pfizer/BioNtech).

“We don’t store your data.” Except when we do it

The retention of Covid-19 QR codes comes with yet another problem. The authorities are unfortunately not transparent when they explain to citizens how this device works.

In Switzerland, the Federal Office of Public Health (FOPH) states on its website: “The COVID certificate is stored only locally in the COVID Certificate app on your smartphone. Neither personal data nor the certificates are stored in a central system.”

Our research shows that the reality is somewhat different.

Re-Check was provided with a recording of a zoom conference. This meeting was held on June 10, 2021. Between 90 and 120 people attended, including representatives from the Federal Office of Information Technology and Communication (FOITT) and the Federal Office of Public Health (FOPH). The recording was made by a person who attended this meeting.

During the question and answer session, representatives of the FOPH and the FOITT explained that in fact, certain data from the COVID certificates were indeed stored. These data are the unique identifiers of the certificates, called UVCI for Unique Vaccination Certificate/Assertion Identifier. And as FOITT representatives explained, for certificate issuers is mandatory to provide this storage. “We don’t store that information,” said one of the FOITT representatives. A representative of the FOPH then clarified that the mandatory storage of UVCI was “already a requirement of the EU in order to ensure the traceability of medical data.”

Below: Screenshot of the recording that has been leaked to Re-Check. All participants were anonymized.
Above: Transcript of the recording that has been leaked to Re-Check. All participants were anonymized.

We contacted the press office of the FOPH, which confirmed the information that the storage of UVCI was indeed taking place: “Yes, that’s right, said Nani Moras, spokesperson for the FOPH. The UVCI is the only data that remains centrally recorded, but it does not allow the re-identification of the person to whom the certificate was issued. The UVCI is needed to revoke individual certificates after improper or erroneous issuance (e.g., misspelled name).”

We then wanted to know where exactly these UVCIs were stored and for how long: “UVCIs are stored in three places: on the FOITT server, on the primary FOITT system as well as on the holder’s app as a decentralized data storage, Grégoire Gogniat, spokesperson for the FOPH, answered. The FOITT servers, including the primary FOITT systems, are required for certificate revocation.” Before specifying that UVCIs were stored for two years.

We then confronted the FOPH with the transcript of the Zoom meeting recording in our possession and insisted again, in order to understand what the FOPH representative was talking about during the zoom meeting, when he mentioned the “traceability of medical data”.

The FOPH then admitted that the certificate data were actually stored elsewhere, and linked to the UVCI this time: at the certificate issuers, i.e. the doctors, pharmacies or test centers that issue them.

“The certificate issuers (e.g. doctor, pharmacy) have the medical information in their own system (medical data = set of information about a patient’s health), Grégoire Gogniat explained. This is where the request for a certificate comes from. The issuers then receive the UVCI back from the FOITT and store it with the medical information in their own system. The medical traceability is only in the primary system of the healthcare provider (physicians or pharmacist).” He concludes, however, that “with UVCI, there is no possible link to medical data and therefore no traceability”.

Except in the providers’ primary systems.

When asked how long the UVCI are stored by the certificate issuers, we received the following answer: “This is regulated by cantonal laws, explained Grégoire Gogniat. There are no Swiss or European regulations on this subject.” Before insisting: “Moreover, it is important to note that there was never any question of keeping the certificate in the long term. The objective has always been to use the certificate during the pandemic.”

Finally, the FOPH confirmed that the storage of UVCI did indeed correspond to a requirement of the European Union: “Yes,” wrote Grégoire Gogniat, “this is even the basis on which the Confederation has drawn up the certificate.” And that this requirement had indeed been implemented, “but by the care providers”. In other words, the certificate issuers.

Grégoire Gogniat assured us: “The Federal Data Protection Commissioner was involved in the development of the certificate system. The most senior data protection official was a member of the steering committee. There were three statements on the subject. The registration of the UVCI is regulated in the Covid-19 Certificate Ordinance, Art. 27, and was therefore also part of the examination by the Federal Data Protection Commissioner. (…) The cantons and other stakeholders were informed in detail about the planned system.”

Despite the assurances given by the FOPH, this data storage constellation appears problematic. Firstly, because it probably does not correspond to what certificate holders understand when it is explained to them that their data “is not stored centrally”. In fact, they were not pro-actively informed that their medical data related to a vaccination or a Covid-19 test were stored in the same place, with the identifier of their certificate: i.e. at the provider (doctor, pharmacist, test center) who had issued their certificate.

But above all, with this system, the security of this sensitive data rests entirely on the shoulders of the certificate issuers, while the Confederation can claim: “We do not store your data.”

Function creep

Given the speed at which Covid-19 certificates have been deployed, the data protection problem they pose, and the place they now occupy in our society, it is legitimate to ask: when will the authorities stop enforcing this tool? The history of technology teaches us that the answer may well be: perhaps never. Because when a “temporary” solution of this kind is put in place, there is a great risk that it becomes permanent and ends up being used for a different purpose than the one initially intended. This is known as function creep. As Bert-Jaap Koops of Tilburg University in the Netherlands explains: “What distinguishes function creep from innovation is that it involves a qualitative change in functionality that raises concerns. Not only because of the change itself, but also because this change is not sufficiently recognized as transformative and would therefore require discussion.”

The  mass surveillance made possible by the Patriot Act, introduced in the United States after the September 11, 2001 attacks, is a good example. Tommy Cooke of the Surveillance Studies Centre at Queen’s University in Canada and Benjamin Muller, Associate Professor in the Department of Political Science at King’s University College, University of Western Ontario, believe that the advent of Covid-19 certificates and the restrictions they institute for certain segments of the population, “facilitating the movement of some while inhibiting the mobility of others”, are precisely in line with this continuity: “Since the events of 11 September 2001, there has been a proliferation of borders and bordering practices, often well away from national borders and boundaries”, they recall.

In the case of the Covid-19 certificate, everything indicates that the risk of function creep is particularly serious. Because one of the function creep’s possibilities for this device coincides precisely with the agenda of powerful interest groups. Since 2020, these private and state actors have been presenting the implementation of the Covid-19 certificate as a way to create a more comprehensive and more universal system: a wallet for digital identity (e-ID).

The e-ID lobbies at work

Early on these lobbies argued that future Covid-19 certificates and other vaccine passports would benefit from leveraging the technology solutions developed for e-ID over the past decade. Like Dakota Gruener, director of the ID2020 Alliance (founded in 2016 by accenture, Microsoft, the Gavi Alliance, the Rockefeller Foundation, and IDEO) in her April 2020 discussion paper “Immunity Certificates: If We Must Have Them, We Must Do It Right”.

At the same time, key opinion leaders and governments have been encouraged to view this certificate as a “precursor” to e-ID and to see its deployment as a good reason to accelerate the establishment of a digital identity infrastructure. The transformation of the Covid-19 QR code has been presented as a logical, pragmatic and desirable outcome in a variety of channels: dedicated platforms, conferences, events, consultancy reports, specialist publications , working papers, initiatives, essays (6) (7) and interviews.

Clearly, this all-out communication has borne fruit, because, despite numerous warnings, a very critical report by Privacy International and investigations (8) (9) (10) that have highlighted the risk of automated mass surveillance inherent in the project carried by these lobbies, support for this vision of Covid-19 certificates as  “catalysts for advancement of digital identity” has increased in 2021.

In the next episode, we will look at these powerful actors seeking to leverage Covid-19 certificates in order to establish e-IDs, as well as the lobbying apparatus they have deployed to advance their agenda.