Once there’s a database, it will become a government database. Every government is data hungry, always gathering tools for control over the population. The objective should be prevention of either a single vaccination database or taxpayer funded compilation of multiple commercial databases. I believe the same objective should apply to individual healthcare records in general (witness the issues with UK AME access) but that’s a bit of a tangent.
That said, what will really happen in the US is that businesses that try to force people to document their health status to simply take part in society will be shunned in preference to others that don’t. And some states will make it illegal. Then in the end enough people will be vaccinated that CV-19 is gone (almost the case where you live now) and the issue in the US will die.
In other countries, who knows? There are some where the population prefers or accepts this kind of thing, and those individuals that don’t tend to leave. Even I am more tolerant when visiting, as its a kind of Disneyland experience where arbitrary power that doesn’t impact my real life doesn’t bother me too much. Easier to accept nonsense when its a short term choice and not a daily imposition.
Silvaire wrote:
However, what will really happen in the US is that businesses that try to force people to document their health status to take part in society will be shunned in preference to others that don’t.
Good luck with that. The opposite is going to happen. Businesses who don’t care about their clients will be shunned.
Silvaire wrote:
Once there’s a database, it will become a government database. Every government is data hungry, always gathering tools for control over the population.
This I agree with.
172driver wrote:
The opposite is going to happen. Businesses who don’t care about their clients will be shunned.
I don’t think Americans will see it your way when it impacts them, versus in the hypothetical 
Even more so for vaccinated Americans who will have no stake in compliance with an offensive procedure that offers them no benefit. Or perhaps those that dislike having their healthcare status monitored by commercial businesses will move to those states where it will be made illegal, accelerating existing migration to those states even more.
The word “care” when used to describe imposition of authority by low level operatives who enforce government goals (versus law) is inappropriate. It’s one of those UK things (“duty of care”) that causes people to leave the country and never return. The concept was also used in places like DDR etc.
Those who want to avoid CV-19 need to get themselves vaccinated, and stop looking to impose pointless rules on others lives for no valid reason. I would have thought that was obvious in a free society, but some don’t seem to get the basics.
There is no doubt that a “vacc passport” can be created. The technology to make is secure and “private” is simple. You access the person’s vaccination record, and you access their passport record to get their verified picture, and you create a QR code which is a crypto signature of that status, of their picture, and maybe of some certificate like the one used with https.
The person who wishes the check the vaccination status of the presenter needs to verify the photo (visually, say at the border) and check the digital signature. There is no need to access any online database, and this avoids storing stuff like the person’s name, address, etc in the phone. It also makes it easy to make a paper version for people without phones, or whose phone is not working: you just produce a printout of the QR code and the photo, on the same piece of paper. How they get around the problem of somebody hacking the app, or forging the bit of paper, and attaching a different photo to the QR code, I don’t know, but accessing an online database with the QR code (and downloading a photo from it) would be the obvious way. One could have a system where the presented photo is scanned and encoded and checked against some hash in the QR code, but while that technology exists (e.g. face recognition used to unlock a phone) it is much less reliable.
You need access to the passport database because that is the only place where a verified picture of the person exists. I suppose a license database would also do, but the photos there are less secure.
The challenge is getting access to these agencies which are different fo every country, and potentially for different regions of a country. The passport database is already unified across the world, I think, but health records obviously aren’t. I can see this working between say the UK and Greece/Spain (a big “tourism axis”), and within the UK, but it would require a lot of international co-operation to roll out a single product for say all of Europe.
Peter wrote:
There is no doubt that a “vacc passport” can be created. The technology to make is secure and “private” is simple. You access the person’s vaccination record, and you access their passport record to get their verified picture, and you create a QR code which is a crypto signature of that status, of their picture, and maybe of some certificate like the one used with https.
There is no such thing as a US government controlled vaccination record, although I was mildly disturbed yesterday to receive an email from state (not Federal) government in relation to my recent CV-19 vaccination. I did notice that it was not addressed to me by name, only to my email address, which indicates that somebody is treading carefully. And the Feds who control passports would likely have no access to the state data regardless.
The US Federal government is for the moment staying explicitly very very far away from linking passports and vaccination. That simply won’t happen, so if Europe wants to regain American tourism dollars, that won’t be part of it.
AIUI, UK, the drift here is to not create a new database containing such a linkage. The linkage would exist only in the generation of the QR code.
Well, so they say 
But in principle that can be done thus.
In practice, any “law enforcement” agency (in Europe) can access both your medical records and your passport record, if they really want to. The security services have total access. Of course many will say they don’t in country x, but they need that access to function.
The UK is probably easy because there is only one NHS. In countries where health care is done privately this will be much more difficult.
In the longer term it will be fine with US tourism because the US will vaccinate everybody of relevance eventually and control the epidemic effectively. The vaccine passports are really for 2021, to open up travel, and in 2021 many in Europe will not be vaccinated. And I reckon the US will vaccinate most people pretty soon too.
Peter wrote:
In practice, any “law enforcement” agency (in Europe) can access both your medical records and your passport record, if they really want to. The security services have total access.
They can’t even access my driving license or vehicle registration records, something which I’ve found useful in the past, and it doesn’t stop me driving in Europe
I would not expect European police agencies to have access to US driver records.
Peter wrote:
The UK is probably easy because there is only one NHS.
You might have thought so, but in practice the IT systems are not as joined up as they arguably ought to be and don’t show as much information as you might expect. For example, if you have an echocardiogram in hospital A, the GP summary available to the doctor in hospital B might say that you had a headline diagnosis of mild atrial stenosis, but for the full report you would have to ring the cardiology secretary and get it faxed (Wales) or Emailed (England). The Welsh Email system would not allow you to Email it to England so the Welsh cardiology secretary would have to upload it using a secure portal. When people get sick on holiday here, we often give them printouts of their results to take back in person.
It sounds like – and is – a system that would be considered pretty good in the 1980s. My understanding is that it is confidentiality concerns that stymied ambitions for more interconnected systems. Every hospital trust seems to develop its own computer systems, badly, and usually they can’t talk to one another. A lot is still done by paper and pen.
It wouldn’t surprise me if the security services find it easier to access your medical information than a doctor or nurse working in the NHS, but it would greatly surprise me if the CAA is able to access your files without your consent.
Peter wrote:
I would not expect European police agencies to have access to US driver records.
That’s correct and given that international issues are handled in the US by the State Department etc. (Federal agencies) the situation is further enhanced by US driver records being at the state level, with agreements in place to trade data between states without any Federal database except that involving removal of the state licenses and drunk driving. This is by design, not chance.
In the unlikely event that a US state motor vehicle department were to receive correspondence from a foreign country (Switzerland comes to mind) desperate to exert its authority over a US license record including its use by insurance companies etc, I can tell you where it goes… in the trash, or politely mailed without action to the driver for his records.
Amusingly this comes as a surprise to some Europeans, including some European officials (those in Germany come to mind) who think national governments invariably cooperate in persecuting their citizens.
