- Immunity passports would link your identity to a coronavirus test result so you can share your immune status with employers and other third parties.
- Several tech firms, including Onfido, are racing to develop tech for immunity passports to help with the reopening of economies.
- But scientists say digital immunity passports raise a number of issues, from how immunity is determined to the protection of users' privacy.
How do you get people back to work and traveling again without a coronavirus vaccine? That's the question being asked right now by several tech start-ups racing to build digital "immunity passports."
These are certificates that would be given to people who have recovered from Covid-19 or were asymptomatic. The idea is that you'd link your identity to a coronavirus test result and then be able to share your immune status with third parties like employers, airports or restaurants.
Or at least that's how it would work in theory.
There are still plenty of question marks over these virtual identity passes, such as whether the antibody tests they rely on confer immunity to reinfection, or if they can adequately protect user privacy. Experts aren't satisfied that these problems have been solved yet.
The entrepreneurs behind some immunity passport initiatives claim they are taking these issues seriously.
A team of software engineers from fintech firm TransferWise worked pro bono to build digital immunity passports that are now being tested in Estonia. TransferWise co-founder Taavet Hinrikus says they won't be launched publicly until there's scientific consensus on Covid-19 immunity.
"We need to come to an agreement about immunity," he told CNBC. "There seems to be agreement in the scientific community that antibodies do exist to Covid-19, but there is no agreement about parameters."
"Do they last three months or three years? We don't know that. There has to be a conclusion to that before this can be rolled out in any wider way."
Cheaper and more widely-available means of testing the disease would also be crucial to deploying immunity passports, Hinrikus said.
Other companies working on tech for immunity passports include British start-ups Onfido and Yoti, and Germany's IDNow.
But many scientists aren't convinced these passports will work in practice.
"I don't think immunity passports are really a way forward," Dr. Simon Clarke, a microbiologist at the University of Reading, told CNBC. "They're a great idea but I don't think they stand up to scrutiny."
The World Health Organization has urged governments not to go down the path of handing out immunity passports — physical or digital — due to doubts about the extent to which antibody tests confer immunity.
"I think we're way off knowing for sure what makes somebody immune," said Clarke. Using the analogy of an orchestra, he added: "Worrying about antibodies is a bit like worrying that the wind section is playing loud enough and not the whole orchestra."
Antibodies aren't the "be all and end all" of immunity and can take "a few days to a couple of weeks" to develop, Clarke said, adding there are other factors that need to be considered, such as virus-killing T cells.
Some experts say online immunity certificates are unethical as they would give certain privileges to people who've contracted Covid-19 and may even encourage people to catch the disease in order to obtain immune status.
"We're doing our best to stop people getting it so they don't spread it," Clarke said, adding immunity passports could "lead to people falsifying their antibody tests."
A recent report by artificial intelligence research group the Ada Lovelace Institute warned that immunity passports "pose extremely high risks in terms of social cohesion, discrimniation, exclusion and vulnerability."
While the TransferWise team concedes immunity passports aren't a "perfect solution," Harsh Sinha, the firm's chief technology officer, says it's an "iterative" approach that can evolve with the science on coronavirus immunity.
"The reality today is that, whether we have data and this information on immunity or not, states in the U.S. or countries in Europe and Asia are opening," Sinha told CNBC.
"Without data, it's a much bigger risk than if you have been tested and you control who can see your test results and have a system that allows you to disclose that information."
And the firm is prepared to "move on" if it turns out that antibody tests don't confer immunity, according to Hinrikus: "We all know this is a possible outcome."
Onfido, whose software verifies people's identities by matching a selfie with a government-issued ID card, is working with German hotel booking app Sidehide on integrating its technology so that guests can present a unique QR code to prove they hold an immunity certificate.
The company has held talks with the U.S. government about introducing immunity passports and was approached by the U.K. Parliament's Science and Technology Committee to submit a proposal to an inquiry on the use of tech to tackle global disease outbreaks.
"We're also consulting with other governments to make this process as seamless as possible," Onfido co-founder and CEO Husayn Kassai told CNBC. "Testing kits are the first area of focus."
But there are fears such virtual passes could infringe on people's privacy, an issue that becomes all the more urgent given the involvement of sensitive health data.
"It's a medical record," said Clarke. "Any blood test you take, however seemingly trivial, is confidential."
Countries like China and South Korea have been accused of surveillance because of their more pervasive approach to tackling the pandemic. China has used QR codes that indicate citizens' health status to control their movements.
Kassai said the Chinese approach was one his firm was looking to avoid.
"The way China has rolled out its system is very effective but offers individuals zero privacy," he said. "Empowering people with the ability to prove attributes about themselves without revealing any other identity information ... is part of the answer."
"The other is ensuring not only is data stored securely and solely under the control of the individual but that only the bare minimum data is ever generated. If the data does not exist, it cannot be abused."