How fake vaccine cards are being sold and how the authorities are trying to stop it.
By Anne Kuckertz
There I was, trying to track down a source I forgot to write down explaining a Covid related fraud for a piece that was long past due when my own hometown became a part of the story. You see, amidst the Covid Era chaos a nefarious market has emerged, adding a new flavor of fraud for the FBI to track, vaccine cards. Fake vaccination cards can be found for sale on sites like Etsy, Amazon, Shopfiy, and more. This fraud has become be so prolific that, with a quick search on google, one can find a pdf of a blank vaccine card on the website of a high school, my high school, in the middle of a sleepy Chicago suburb that likes to taut its high college matriculation rates and SAT scores.
I suppose it should not be surprising that with more and more indoor venues such as bars, airlines, and universities requiring proof of vaccination for entry, the demand for fraudulent vaccine cards is only growing.
And unfortunately, paper vaccine cards are ridiculously easy to replicate. As cyber security expert Alyssa Miller puts it, “It’s a cardboard paper card. There’s absolutely nothing about it that would prevent you from reproducing it.” It has been especially easy for individuals in certain states where government websites (and evidently high-ranking high schools) included high resolution pdfs that anyone could print, citing a need for medical professionals to have easy access during time of high vaccine demand. The pdfs have since been removed from government websites.
After over a year of Covid induced stir craziness, we’re all eager to get back to some semblance of pre-pandemic life. But going out into highly transmissible enclosed areas such as sporting arenas or bars while lying about one’s vaccination status is both dangerous for the unvaccinated individual and for society at large.
Given the dangers vaccine card fraud poses to public health, both private and federal entities are working to find more secure methods of verifying vaccination status. The highest profile solutions currently are the digital ones. Numerous states, including California and New York have implemented vaccination verification apps. And although digital vaccine cards offer a convenient and centralized system, they leave many privacy advocates wary. Albert Fox Cahn is the executive director of a privacy advocacy group called the Surveillance Technology Oversight Project who tested the NYC Covid Safe App by submitting a picture of Micky Mouse. The beloved Disney character was accepted as proof of vaccination.
The New York mayor’s office responded to this experiment, explaining that the app was merely meant to be a secure digital space to hold one’s CDC card. This response left many to wonder how the app differed from the regular photo storage applications on all smartphones. And raised concerns that a new third-party app would be less secure than those provided by Apple or similar companies.
Some technologies are taking a more methodical approach, accessing the state’s vaccination records database and creates a QR code for a user that confirms or denies their vaccination status. Many similar apps use end to end protocols which means that data goes from the starting point (the records database) and goes directly to the endpoint (the user’s phone) and makes no stops along the way at intermediary processing steps, like many other internet technologies do. This method is far more secure as it literally cuts out any digital middlemen. However, since these apps that utilize state specific databases, they do not translate across state lines.
One might be left wondering why cyber companies don’t just pull from the federal vaccination database. That’s because there isn’t one. And the White House has no intention of creating one. Given that some states have already barred businesses from requiring proof of vaccination for entry, it doesn’t seem likely that app developers will have access to a non-state specific database any time soon. Which means that if the aim is to create a universal, fraud proof vaccine card, it might be worth considering non digital options.
Implementing security measures like those used to create drivers’ licenses or passports would help reduce cyber security concerns and the ease with which vaccination cards are forged. It would also keep the 16% of American households without smartphone access from being further isolated along socioeconomic boundaries.
As private and federal players continue to try to solve this problem, we can continue to stay safe by paying attention to CDC guidelines. We can get vaccinated if our circumstances allow, and if not, we can keep eachother healthy by following health experts’ advice.
Comments