Govt enables vax status check by firms, services
NEW DELHI: The Union government on Friday launched a new digital tool to verify a person’s vaccination status directly from Co-WIN, a step it said will allow various entities such as employers, hotels, airlines and railways to safely resume or expand activities.
The tool, called the Know your Customer’s/Client’s Vaccination Status, or KYC-VS, paves the way for wider adoption of so-called vaccine passports that an increasing number of countries are seeing as key to the recovery from the pandemic. Many western countries are now making it mandatory for people to get a shot before they can enter public transport and crowded venues like nightclubs.
Similar restrictions may now be possible at scale in India once the system is adopted widely. For instance, people wanting to use the local train network in Mumbai at present need to apply for a pass after having their vaccine -- the new API can now digitise and speed up the process.
“CoWIN is launching a new API that will make it easy for organisations/institutions to know the vaccination status of their employees, associates, customers. We believe this will help us resume socio-economic activities faster while ensuring everyone’s safety,” RS Sharma, the CEO of the National Health Authority, said in a tweet on Friday.
“This consent-based/privacy
preserving API is being offered with a webpage that can be embedded in any system/portal. This will ensure a quick and seamless integration with any system,” he added.
According to the details in a government release, a person will be able to approve a verification request since they will be sent a one-time password (OTP), without which the system will not return the vaccination status.
“This response will be digitally signed and can be shared instantly with the verifying entity. A real-life example could be when at the time of booking a railway ticket, an individual will input the necessary details for buying the ticket and if required, the concerned entity will also get the vaccination status in the same transaction, with the due consent of the individual,” a government statement said.
According to an official, who asked not to be named, the new tool will help avoid the need for people to present their full certificates.
“One really does not need to access a person’s full Covid-19 vaccination certificate; this tool will provide just the confirmation to those who want to know it as part of business dealings or offering services etc,” this person said.
At least 58% of India’s eligible population – which comprises all adults – have received at least one dose. Of these, 18% have been fully vaccinated. In all, 720 million doses have been delivered till September 10. Health experts have said being vaccinated is likely to become a crucial prerequisite, as it has in many parts of the world, for activities to return to pre-pandemic levels. But such a move comes with concerns of possible discrimination until universal coverage has been achieved and everyone has had adequate opportunity to get a dose.
“It is also a polite way of urging people to come forward and get vaccinated; there’s still a section that needs convincing. It’s a well established fact that when you get vaccinated then the disease largely does not take a wild turn,” said Dr Sandeep Nayar, director and head, chest and respiratory diseases department, BLK Super Specialty Hospital. “It will also help at the psychological level as you’d feel comfortable if you know passengers in your flight are vaccinated,” he added.
Privacy experts, however, said there could be several issues involved.
“Once information about where and by whom a person’s vaccination status is verified is recorded, it will allow for an individual’s social graph to be created. This has serious privacy concerns because it could potentially identify where you have been and if you have taken, for example, a flight or a train,” said Anand Venkatanarayanan, privacy and cybersecurity researcher.
He added that since the Co-WIN database is centralised, it adds to the risks in case of a breach. “Such verification would have been possible with decentralised verification with the QR codes, but it will now be aggregated into what can turn into a centralised social graph.”