QR codes can be safe for vaccine certificates, if done correctly: expert
Important to test system before deployment, David Gerhard says
When the Saskatchewan government replaces the QR codes to residents' eHealth accounts following their recent privacy breach, some are hoping it will be done with more care.
The codes were introduced as a quick way to access vaccination records and were touted as the province's chief form of vaccination certification. They were pulled from online health accounts on Friday because of privacy issues — less than a week after being released.
As many as 19 individuals' information was found to have been displayed in other peoples' codes, according to the province.
David Gerhard, the computer science department head at the University of Regina, said this could become an issue for people who are already hesitant about using a vaccine certificate.
But he believes that these are technologically the right solution because they're cheap and effective.
"It's unfortunate that this problem has happened, and computer technology is messy sometimes, sometimes things don't go right, but it's important to make sure that a system like this is properly tested before it's deployed," he said.
He's also not concerned about using the codes when they're reinstated because the information provided isn't invasive— name, birthday and vaccination information — and he thinks they're important.
Gerhard said there are a few ways that the province could have implemented these codes, and isn't sure how the problem arose, but suspects that there was a human oversight.
The province marked early next week for a second rollout of the codes.
Privacy breach a 'step backwards'
Opposition Leader Ryan Meili said this privacy fumble was another example of the province's inability to manage the pandemic.
"This is another step backwards in encouraging people to get vaccinated and to have confidence in this government being able to actually manage things including things like vaccine mandates properly," he said.
Meili said the province has neglected to strengthen eHealth's privacy capabilities — referencing the privacy breach eHealth had in late 2019 when an Saskatchewan Health Authority employee opened an infected document allowing a virus to enter the system and gather private information.
That led to at least 547,145 files being exposed to malware or stolen from eHealth, according to the province.
This most recent privacy breach wouldn't deter Meili from using the same concept — scannable QR codes — to display vaccine information if he was in power.
But he maintains if the province had introduced these sooner, they could have better prepared the codes by Oct. 1 —the date set for a provincewide proof of vaccination policy.
For now, people will be able to access their vaccination records and print or download them via their online accounts. Anyone with previous QR codes printed or saved are advised to destroy or delete them.