I'm curious as to why the assumption is that the keys were compromised rather than that ability to submit false patient data to be signed in the real system? Can anyone who looked at the fake certificates comment on whether anything about format or metadata indicates they weren't from the normal system?
My understanding is that health care professionals do not directly interact with the system generating certificates. Instead, they simply enter patient vaccination records in e-health system (or whatever it is called in each country). And then the certificate systems query patient's records and if appropriate information is found, generates a certificate. Clearly, there is no patient with such a name and date of birth which means that someone has tampered with the certificate generation system directly. Even if the keys are not stolen, someone might have an unauthorized access to the system at high level.
Germany, at least, doesn't have a central database on vaccinations and just relies on pharmacy staff to validate the yellow paper Vaccination Pass and government IDs.
In such a case any pharmacist can generate a factious certificate. I don't expect them to risk their licence with false data entry but given a big country and a sufficient number of disgruntled, nearly retired professionals...
Doesn't have to be retired professionals. There have been cases in Germany where employees of pharmacies fake these certificates [0]. The link talks about hundreds of faked certificates from a single pharmacy.
You'd be surprised what people can do. Not in Germany, but in Cyprus which is issuing EU certificates with the same as well there is an active case of a doctor who allegedly was adding people to the system without actually vaccinating them because they were against vaccination but wanted to get a pass issued. He would then throw away the dose after entering the batch number in the system. The case broke out when one of the fake pass holders got sick and had to be intubated, at which point he told the doctors about the scum he was involved in.
This is really dependent on each country. For The Netherlands, I know there is a system healthcare professionals can use to manually generate DCCs: in case of problems with the link, patients not giving permission to share PHI to a central registry or in exceptional cases like (partly) vaccinated outside of the EU and such. Just the matter of entering all details and it'll spit out a valid DCC.
To my understanding, the input of the patient data is tied to scanning a vaccine dose after use.
That's a bit harder or riskier to do than randomly inputing someone's name in the system.
Manual input certainly exists. My own EU Covid pass is showing "US" as the member state, as I got my vaccines in the US and the data got transcribed by the French foreign affairs into the EU system.
They probably do, I expect that the keys aren't leaked but that a way to convince the real system into signing fake data was found, or one of the systems feeding data was compromised.
That is agenda pushed by media. Probably payed by big pharma. They can afford it. It is btw basic pattern for accepting totalitarian system. Create enemy and then offer solution. With price.
It is not drop in the ocean. It is simple business. Most of the tests are from China btw. And from plastic. When enviroalerters start to focus on this issue? There are also masks littering everywhere.
You may prefer it, but you are not. If by remaining anonymous you mean keeping the belief that you aren't tracked, that you may, ignorance and passivity received a great promotion recently.
Exactly, once something exists in government it never goes away. We still take off our shoes in the airport even though no one will ever hijack a plane again. The only reason it even worked in the first place is because passengers were just following protocol for every hijacking that ever took place.
If someone tries to take over a plane with box cutter again they probably won't walk off.
We made obstinate people do a good thing and now society is better for it - good.
We already destroy people's livelihoods for all sorts of transgressions against society, theft, murder, etc etc. Why are you pretending to be shocked by us adding another measure for the common good?
I'm not quite sure what you're referring to. In my country's case, certified vaccination is required for in-doors entertainment (theatres, restaurants, bars). I don't know whose livelihood is being ruined there.
The only case I'm aware of where vaccination is mandatory for a job is that of healthcare workers. I won't waste my time arguing about that.
Can you sit back at the start of a pandemic and wait a year or two, and then slowly start pondering if a few million for a contact tracing app would be worth it? To put the number in context, "The Australian Government has invested over $8 billion in the national COVID-19 vaccine rollout. We have also invested over $350 million in vaccine research and development."
48 comments
[ 3.4 ms ] story [ 102 ms ] thread-https://www.italian.tech/2021/10/27/news/cosa_sappiamo_dei_g...
- https://attivissimo.blogspot.com/2021/10/perche-questi-codic...
- https://www.open.online/2021/10/27/covid-19-green-pass-adolf...
Kind of like COVID, amirite?
[0] https://www.br.de/nachrichten/bayern/hunderte-digitale-impfp... (German)
https://cyprus-mail.com/2021/08/14/coronavirus-new-remand-fo...
Source: had to use this procedure myself.
At least if they do, then the range of suspects should be pretty narrow.
Australia spent millions on a contract tracing app that ended up not providing any value at all.
Do we really need digitally signed vaccine certificates when more than enough people have taken the vaccine for it to be widely effective.
No, but you get your answer right there.
Who cares? Australia spends more than that amount on COVID tests every few days (possibly every day, actually). It’s a drop in the ocean.
It would be nice if we could ensure that by every cent was placed on a winning bet, but in the real world it’s ok to try and fail sometimes.
Probably not. But once they exist and are widely accepted, we can repurpose them to other things. Safety passports, CO2 passports, you name it.
If someone tries to take over a plane with box cutter again they probably won't walk off.
We already destroy people's livelihoods for all sorts of transgressions against society, theft, murder, etc etc. Why are you pretending to be shocked by us adding another measure for the common good?
The only case I'm aware of where vaccination is mandatory for a job is that of healthcare workers. I won't waste my time arguing about that.
To put that into perspective, it's about half the total spending on education for 2020, or over 3/4 of the defence budget.
As a species, we are yet to fully understand how viral transmission works. Spend it on schools instead.
1. CRED Credentials Private Key
2. EU HC1 Credentials P8 Private Key
3. BBS+ Credentials Private Key
4. EDDSA Credentials Private Key
5. DIVOC Credentials Private Key
6. Public Key
All you need is the private key. You can find the kIDs and certs here: https://dgcg.covidbevis.se/tp/
But you do need to find the private key.