An oft-quoted statistic holds that one billion people worldwide―mostly in the developing world―have no official or “legal” identity. Some pundits see digital identity as essential for closing the digital divide; indeed, the digital divide is often characterised by that impressive stat alone.

Digital identity discourse is dominated by ideas of self-determination, independence and agency. These propel the Self-Sovereign Identity movement and give it something of the spirit of the freedom fighter. Thus identity technology becomes politicized, caught up with the battle over privacy and dignity in the face of government surveillance and surveillance capitalism.

Many initiatives are underway to digitize the presentation of medical test results and vaccinations. Several are linked to novel digital identity schemes or technologies such as blockchain. 

Effective presentation of proof of vaccination goes beyond the usual centralized registration of health information; we all want individuals to be able to control how the proof is conveyed to others who have a need to know. Ideally, proof of vaccination should be presented directly (peer-to-peer) with minimum exposure to or intermediation by third parties, with express consent of the individual, and the receiver able to verify and accept the proof without “calling home”. Thus, even if official records (or “sources of truth”) remain centralized, the presentation of vaccination results can be decentralized and localized.

Many digital credential programs have three common traits: they tend to be vendor-driven; they typically introduce (or call for) a new digital identity regime; and they’re often based on novel blockchain or decentralized ledger technologies. Otherwise well intended digital credential programs can suffer from digital colonialism or technology solutionism, imposing unfamiliar and largely untested technologies on vulnerable thin-file or undocumented people.

We should assume that most vaccination programs today are reasonably well run. Nurses, medicos and field workers know what they're doing.  They assess patients for need and eligibility, administer the vaccinations, and keep the appropriate records.  

I presented a peer-reviewed paper recently at an IEEE symposium on Public Interest Technologies where I argued that digital vaccination certificates need not entail new identities or identity technologies. What's worse than novel identity technologies is novel identification frameworks, which can have unintended consequences and actually exacerbate the digital divide. Digital identity can be unforgiving when it fails, and national-scale identity projects almost always over-identify persons who previously went unnoticed.

A Digital 'Yellow Card' for Securely Recording Vaccinations Using Community PKI Certificates shows how vaccination records, healthcare results and so on can be digitized for verifiable presentation using mature mobile technologies, namely public key infrastructure. The method embodies Privacy by Design as follows:

  • minimises Personal Data collection and disclosure
  • involves no arbitrary identity proofing or over-identification
  • doesn’t tie aid or relief services to new digital identity regimes
  • keeps a person’s different walks of life separate (e.g. government identity, healthcare, aid and migration)
  • verifies credentials locally, peer-to-peer, without “calling home”
  • preserves existing conventions for credentialling and service delivery without putting new burdens on e.g. NGOs.

These digital certificates mean nothing more and nothing less than the fact that the holder has received a vaccination administered by a registered authority. Certificate issuers need not be centralized technology firms or novel “Identity Providers” but instead can be NGOs and authorised field workers who are in the best position to vouch for a vaccination.

I acknowledge that digital proof of vaccination is only a component of an effective public health response to the pandemic, and there are important policy issues to do with the rights and wrongs of so-called "immunity passports". My only purpose here is to try and break the nexus that has emerged between vaccinations and identity, and urge that digital vaccination certificates are not weighed down by arbitrary new identification systems. 

Wilson, Stephen, A Digital 'Yellow Card' for Securely Recording Vaccinations Using Community PKI Certificates (November 15, 2020). Forthcoming, Wilson, Stephen, “A digital Yellow Card for securely recording vaccinations using Community PKI certificates”, IEEE International Symposium on Technology and Society, 12-15th November 2020, Tempe Arizona. Available at SSRN: or


The Yellow Card or carte jaune is a paper booklet in a standard format set by the World Health Organisation in which a person’s vaccinations are recorded by healthcare officials. Numerous initiatives are striving to create both digital vaccination records and new digital identities for people with little or no official documentation; i.e. “low doc” persons. Yet there is no globally agreed model for identity, nor any standardized way to establish identity. Nevertheless, field workers today are able by and large to establish the bona fides of Yellow Card holders with adequate certainty for the paper-based system to function most of the time. This paper contends that vaccinations should be digitized without introducing new identity systems, since a lack of formal identification is obviously not preventing Yellow Cards today.

This paper describes a new digital Yellow Card, deployable on most regular mobile phones, in which public key certificates represent vaccinations and other credentials, vouched for by officials or field workers. The design has practical benefits for the digital engagement and privacy of low doc persons. It also shows how traditionally hierarchical public key infrastructure can be deployed without dictating identification protocols to communities, thus avoiding some of the controversies that plague this technology. The PKI security function can remain centralized while certificate issuance is decentralized, which leaves community organizations free to carry on their business as usual.

Keywords: PKI, identity, verifiable credentials, public key certificate, mobility, public interest technology, COVID-19.