“NOW THIS IS NOT THE END. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.”
These immortal words belong, of course, to Winston Churchill. They were said on November 10, 1942, after Alexander and Montgomery had turned back Rommel’s forces at El Alamein, thereby winning what Churchill called “The Battle of Egypt.” In February 2021, a little-known organization called the Good Health Pass Collaborative (goodhealthpass.org) borrowed Churchill’s words for its promotional document, “A Safe Guide to Global Reopening.” The words featured as a pull quote in a section titled “Opportunities and Challenges,” which is apt considering that is precisely what vaccine passports represent to many of the companies, governments, and supranational organizations rolling them out: a historic opportunity as well as a challenge.
For the Good Health Pass initiative, the most important challenge is ensuring that the myriad vaccine passport systems are interoperable:
Because numerous companies around the world are racing to market with digital health credential solutions, it is unlikely that one solution will be implemented globally. Thus, it is vitally important that solutions are designed for interoperability—both with one another and across institutional and geographic borders. This can only be achieved through a set of open standards to which all digital health pass systems must adhere. Failing to address interoperability could undermine acceptance, adoption, and ultimately, the utility of digital health passes.1
The Good Health Pass Collaborative’s members include an assortment of vaccine passport developers as well as global corporations and institutions, such as Mastercard, IBM, Airports Council International, the Grameen Foundation, and the International Chamber of Commerce. The initiative was the brainchild of ID2020, an obscure New York–based nonprofit that describes itself as “a global alliance for ethical, privacy-protecting approaches to digital IDs.” The ID2020 Alliance was not set up in 2020 but in 2016, with seed money from Microsoft, Accenture, PricewaterhouseCoopers, the Rockefeller Foundation, Cisco, and Gavi, the Vaccine Alliance, which itself was cofounded by the Bill and Melinda Gates Foundation and is financially supported by many of the world’s biggest companies and the governments of the world’s wealthiest countries.2
ID2020’s founding mission is to provide digital identities for all people, including the world’s most vulnerable populations by 2030. At its inaugural summit, representatives of tech companies, such as Microsoft and Accenture, as well as UN agencies, such as the World Food Programme, waxed lyrical about creating a digital ID tied to fingerprints, birth date, medical records, education, travel, bank accounts, and more. And the gateway for achieving that goal is vaccination.
The vaccine passport is nothing more and nothing less than a digital ID. Since at least 2016 a powerful alliance of UN agencies, global corporations, and wealthy foundations has set its sights on creating and implementing digital ID around the world. Organizations such as ID2020, the Good Health Pass Collaborative, the Vaccine Credential Initiative, the CommonPass, and Gavi are the vehicles by which they hope to achieve that goal. The COVID-19 pandemic and the subsequent roll out of novel vaccine technologies have provided the pretext.
In March 2018, almost two full years before the coronavirus pandemic, ID2020 published an article titled “Immunization: An Entry Point for Digital Identity.” The article stated that “immunization poses a huge opportunity to scale digital identity”:
[I]n many developing countries, immunization coverage greatly exceeds birth registration rates. According to best available estimates, upwards of 95% of children globally receive at least one dose of one vaccine (with 86% of children globally receiving the full three doses recommended of the diphtheria-tetanus-pertussis vaccine, which is commonly used to measure immunization coverage).
When a child receives her first vaccine, she receives a paper child health card. In many developing countries, the most common form of identification is not a birth certificate, but this card. The near ubiquity of these documents presents an enormous opportunity.3
That opportunity could not be clearer: to use global health challenges as a pretext for implementing digital identity programs around the world, which is precisely what is happening right now.
While digital identity may offer certain benefits for citizens, including greater ease in verifying one’s identity as well as the convenience of having all your digital records stored in one place, it also poses huge dangers. The biggest danger of all is that governments and companies will have much greater ability to track and control populations, impose behaviors, and influence politics. The worldwide roll out of vaccine passports/digital IDs represents nothing less than the redrawing of the social contract—a fact the World Economic Forum admitted in its 2018 report, “Identity in a Digital World: A New Chapter in the Social Contract”:
Government, private-sector and civil society communities from the World Economic Forum network have identified six priority areas for collaboration to help shape digital identities of the future:
1. Moving the emphasis beyond identity for all to identities that deliver user value
2. Creating metrics and accountability for good identity
3. Building new governance models for digital identity ecosystems
4. Promoting stewardship of good identity
5. Encouraging partnerships around best practices and interoperability where appropriate
6. Innovating with technologies and models and building a library of successful pilots
As the International Organization for Public-Private Cooperation, the World Economic Forum offers a platform for such collaboration that advances the practice of “good” identities and maximizes value to individuals.4
At the WEF’s Annual Meeting in Davos 2018, senior representatives of business, governments, and civil society made a commitment to advance towards a “good” future for digital identity. In the months following, those stakeholders identified an initial set of five requirements that a “good” identity should satisfy, which the WEF shared in its “Identity in a Digital World” report. For a digital ID to be good, it must:
1. Be fit for purpose, by offering “a reliable way for individuals to build trust in who they claim to be, to exercise their rights and freedoms and/or in their eligibility to carry out digital interactions”;
2. Be secure—protecting individuals, organizations, devices, and infrastructure from identity theft, unauthorized data sharing, and human rights violations.
3. Be useful, meaning it “offers access to a wide range of useful services and interactions and is easy to establish and use.”
4. Offer choice. A digital ID can be empowering for users, the report claims, allowing them to control “what data they share for which interaction, with whom, and for how long.” This is most likely an empty promise. After all, how much control and ownership do we have over the reams of digital data we generate today?
5. Be inclusive. This is a popular buzzword, often used to describe things that are anything but. For example, the cashless economy is often marketed as a means of promoting “financial inclusion,” when it does the exact opposite. Those who stand to benefit most from a cashless economy are in the more comfortable classes, who by and large are computer literate and already use digital money for most of their transactions, while those most dependent on cash—the poor and the elderly—will suddenly find life a lot more difficult.
So, who would benefit most from a system of mandatory digital IDs? The most likely answer to that question is the WEF’s most important stakeholders: the world’s most powerful corporations, biggest financial institutions, and wealthiest individuals. In others words, Davos Man and Davos Woman.
Recall from chapter 4 (see “Corporate Takeover of Just about Everything”) that in 2019 the WEF pulled off the mother of all public-private partnerships when it signed a strategic partnership agreement with the United Nations, granting multinational corporations even more influence over global governance in the name of accelerating the implementation of the 2030 Agenda for Sustainable Development. The strategic partnership agreement represented a seismic shift in the UN’s founding commitment from multilateralism to the WEF’s model of multi-stakeholderism, gifting corporations a preferential place within the UN system.
When it comes to shaping the global agenda, the WEF is also able to lever its vast network of business owners and senior business executives, politicians, scientists, journalists, and other opinion makers, as well as leaders of global institutions. Its board of trustees includes Kristalina Georgieva, the managing director of the International Monetary Fund; Larry Fink, the CEO of BlackRock, the world’s biggest fund manager, which wields huge influence over policy at the US Federal Reserve and other key central banks; Christine Lagarde, the president of the European Central Bank; Jack Ma, the cofounder and former executive chairman of the Chinese tech giant Alibaba Group; Mark Carney, the former governor of the Bank of England, who is now (in the words of the Wall Street Journal) the “UN’s point man on global climate finance”5; and former US Vice President Al Gore.
Since 1993 the WEF has been running the Global Leaders for Tomorrow program, which now goes by the name of the Forum of Young Global Leaders. To qualify for membership, you must be younger than 38 years old and highly accomplished in your respective field. In 2008 Businessweek’s Bruce Nussbaum described the Forum of Young Global Leaders as “the most exclusive private social network in the world.” The organization itself says its members represent “the voice for the future and the hopes of the next generation.”
The program’s organizers certainly have a knack of picking future global leaders. Now in its 29th year, the program has well over a thousand current members and alumni. They include many Silicon Valley billionaires, from Bill Gates (Microsoft) to Mark Zuckerberg (Facebook), to Peter Thiel (Palantir), to Jeff Bezos (Amazon), to Pierre Omidyar (eBay), to Eric Schmidt (Google) and Larry Page (Google). They also include many heads of state and health ministers, current and former, who have wielded a huge amount of influence over their respective country’s COVID-19 response, particularly in Europe. Here are a few examples:
• Former UK Prime Minister and vaccine passport champion Tony Blair
• Former UK Prime Minister and Chancellor of the Exchequer Gordon Brown
• Former German Chancellor Angela Merkel, who dominated German politics between 2005 and 2021
• Former President of the European Commission Jean-Claude Juncker
• French President Emmanuel Macron
• German Health Minister Jens Spahn
• Former taoiseach of Ireland (2017–2020) Leo Varadkar
• Sanna Marin, the prime minister of Finland
• Sebastian Kurz, the former chancellor of Austria (initially from December 2017 to May 2019 and then a second time from January 2020 to October 2021)
• Alexander De Croo, the current prime minister of Belgium
• Jacinda Ardern, the prime minister of New Zealand6
In the new social contract envisioned by the WEF and laid out in its 2018 report, “Identity in a Digital World,” corporations and governments will have total, seamless control over citizens’ lives. Take, for instance, the EU’s vaccine certificate—the so-called Green Pass—which has been in gestation since 2018, over a year before the COVID-19 pandemic began.7 The goal was to have a common vaccination card/passport for all EU citizens in place by 2022 as well as make EU Member States’ national immunization information systems interoperable. Thanks to the catalytic role of the COVID-19 pandemic, those objectives were already achieved by 2021. Rather than setting you free, the Green Pass ties you inexorably to the whims of government and corporations. Without the Green Pass, Italian citizens cannot work, at least not within the confines of the official economy. In some countries, you cannot access most public services or study without it.
It is a system of exclusion rather than inclusion. As the WEF itself admits, while verifiable identities “create new markets and business lines” for companies, especially those in the tech industry that will help to operate the ID systems while no doubt hoovering up the data, they (emphasis my own) “open up (or close off) the digital world” for individuals. This is the new social contract the WEF wants to create. As I’ll cover in chapter 7, it shares some of the trappings of the hugely ambitious social credit system under construction in China. As in China, many of the administrative decisions that control our lives will be made by machines rather than people.
This degree of surveillance and control should disturb us, even if the technology were to operate perfectly. But, as we know, technology doesn’t operate perfectly. Mistakes or biases introduced into algorithms could have profound effects on individual lives and society-wide, possibly becoming more pronounced and entrenched over time. Consider this: between 2015 and 2018 Amazon tried to eradicate gender bias in its AI-based hiring practices, but couldn’t, and ended up having to give up.8 If Amazon can’t eliminate bias in its AI programming, who can?
But the WEF is still determined to push digital IDs into existence, just about everywhere. At its 2018 Annual Meeting in Davos, attendees—including representatives of the world’s biggest banks, tech firms, and multinational corporations—“committed to shared cooperation on advancing good, user-centric digital identities. Since then, a broader group of stakeholders has joined this conversation: experts, policy-makers, business executives, practitioners, rights advocates, humanitarian organizations and civil society.”9
In other words, almost two years before the COVID-19 pandemic even began, many of the world’s most powerful companies and institutions had already agreed to create and install digital ID systems around the world. This vision is now unfolding before our eyes. The technologies already exist to make it happen. On its corporate website, the IT services and consulting firm Accenture, which helped set up ID2020, states that it has already developed a Unique Identity Service Platform “to deploy a breakthrough biometrics system that can manage fingerprints, iris scans, and other data.”10
The system forms part of the ID2020 Alliance’s plan to “provide a global identity solution,” Accenture says. “The alliance draws on advances in biometrics and innovative technologies and brings together expertise from business, government, and nongovernment agencies. Our experts at the Dublin Innovation Center contribute cross- functional and cross-cultural expertise to drive it forward in collaboration with both UN and other global humanitarian organizations.”
In September 2019, just months before the COVID-19 outbreak in Wuhan, China, ID2020 began putting some of its ideas into practice. Through a partnership agreement with Gavi (the global Vaccine Alliance) and the government of Bangladesh, ID2020 launched what it called “a good digital identity program” (the same language used by the WEF) for the newborn infants of Bangladesh. Seizing on the opportunity for immunization to serve as a platform for digital identity, the program leveraged existing vaccination and birth registration operations to offer newborns a biometrically-linked digital identity.
“We are implementing a forward-looking approach to digital identity that gives individuals control over their own personal information, while still building off existing systems and programs,” said Anir Chowdhury, policy advisor at the Access to Information (a2i) Program of the Government of Bangladesh. “The Government of Bangladesh recognizes that the design of digital identity systems carries far-reaching implications for individuals’ access to services and livelihoods, and we are eager to pioneer this approach.”
Dakota Gruener, executive director of ID2020 (and a former employee of Gavi, the Vaccine Alliance), was also thrilled by the initiative:
Digital ID is being defined and implemented today, and we recognize the importance of swift action to close the identity gap. Now is the time for bold commitments to ensure that we respond both quickly and responsibly. We and our ID2020 Alliance partners, both present and future, are committed to rising to this challenge.11
Once the COVID-19 pandemic had begun, it didn’t take long for ID2020’s members to shift the conversation to digital identity. The Rockefeller Foundation wrote in April 2020 in the position paper “National COVID-19 Testing Action Plan,” published just weeks into the pandemic:
Those screened must be given a unique patient identification number that would link to information about a patient’s viral, antibody and eventually vaccine status under a system that could easily handshake with other systems to speed the return of normal societal functions. Schools could link this to attendance lists, large office buildings to employee ID cards, TSA to passenger lists and concert and sports venues to ticket purchasers.12
Many of the world’s most advanced economies, particularly in Europe, have already adopted some of the foundation’s suggestions. In poorer parts of the world, where vaccine take-up is lower, digital IDs are being pushed through on wholly different pretexts. In Mexico, the government is on the verge of establishing a mandatory biometric ID system, with $250 million of funds provided by the World Bank’s Identification for Development (ID4D) program. Launched in 2014 with “catalytic contributions” from the Gates Foundation, the Omidyar Network, and the governments of the UK, France, and Australia, the program is a “cross-sectoral platform that creates and leverages partnerships with United Nations agencies, other donors, nongovernment organizations, academia, and the private sector” with the goal of “help[ing] countries realize the transformational potential of digital identification systems.”13
The European Commission is also pushing countries in its outer orbit that provide large inflows of migration into the EU, mainly in Africa, the Middle East, and non-EU member states in the Balkans, including some countries with egregious human rights records, to set up biometric databases, reports London-based charity Privacy International. In some cases, such as Nigeria, the Commission has partnered with the World Bank to provide financing for the development of the digital ID systems.14
As these systems are put into place through the rollout of vaccine passports and other forms of digital ID, the citizens of the world should be deeply concerned, for three main reasons. First, the vaccine passports will deliver the final fatal blow to personal privacy. Second, they will provide governments, companies, and other state and nonstate actors with access to our most precious data of all: our health and biometric data. And third is the risk of mission creep: while advertised as digital vaccination records, vaccine passports are clearly intended to be used for much, much more.
Vaccine passports raise huge privacy concerns. Data-hungry companies like Microsoft, a member of the Vaccine Credential Initiative; Facebook; and Google’s parent company Alphabet, which is invested in new vaccine technologies, will be given fresh opportunities to track our daily movements and activities and share those data with third parties. This is how they make much of their money. As the German financial journalist Norbert Häring warns, the mad rush to roll out vaccine passports threatens to enshrine Silicon Valley tech giants—which have already amassed far too much monopoly power at the public’s expense, including the power to censor information on the internet—as global passport authorities.
Everyday citizens have already sacrificed much of their privacy in exchange for the ability to navigate the internet and use social media. We thought we were getting a fair deal. To use the services of tech giants like Google, Facebook, and Twitter free of charge, all we had to do was let those companies exploit our personal data, which they repackaged and sold to support targeted, personalized advertising. This is the basis of what Professor Carissa Véliz of the Institute for Ethics in AI at the University of Oxford calls the data economy. The price we ended up paying was our own personal privacy. As Véliz says, privacy is important because it protects us from the influence of others.15
The more companies know about you, the more power they have over you. If they know you are desperate for money, they will take advantage of your situation and show you ads for abusive payday loans. If they know your race, they may not show you ads for certain exclusive places or services, and you would never know that you were discriminated against. If they know what tempts you, they will design products to keep you hooked, even if that can damage your health, hurt your work, or take time away from your family or from basic needs like sleep. If they know what your fears are, they will use them to lie to you about politics and manipulate you into voting for their preferred candidate. Foreign countries use data about our personalities to polarize us in an effort to undermine public trust and cooperation. The list goes on and on.
Even people who go out of their way to protect their personal data and privacy from the roving eyes of Big Tech still end up getting caught in their data dragnet. As the sociologist and New York Times columnist Zeynep Tufekci has noted, the power of Big Data means that even if you strive to protect your privacy, online companies such as Facebook can now infer “a wide range of things about you that you may have never disclosed, including your moods, your political beliefs, your sexual orientation, and your health.”16
The arrival of vaccine passports / digital IDs will enable both companies and governments unprecedented access to some of our most personal—and valuable—data of all: our health data. That data is of immense value to all kinds of companies, particularly pharmaceuticals and insurance companies.
Our current data economy is based on collecting as much personal data as possible, storing it indefinitely, and selling it to the highest bidder, says Véliz. “Having so much sensitive data circulating freely is reckless.”
Most governments, tech giants, banks, and other companies have already shown they cannot be trusted with our data. The data they accumulate about us is often shared, usually at a price and often without our consent, with third-party companies, governments, police authorities, or even security services. Even governments that have gone out of their way to protect health data, such as Finland, have faced privacy problems.17
In Canada, Ontario’s former privacy commissioner, Ann Cavoukian, warned in October 2021 that the government’s vaccine passport system would create a highly intrusive surveillance system that not only compels Canadians to reveal their health information but can also track their movements. Two months later, she sounded the alarm again about the government’s tracking of cellphone data to inform its pandemic response, after it emerged that the Public Health Agency of Canada (PHAC) has been covertly analyzing the movements of Canadians since the onset of the pandemic.
“In March 2020, [Prime Minister Justin] Trudeau said that tracking cellphone users was not being considered. Well, they did it, PHAC’s been doing it, and they want to do it even more,” said Cavoukian, adding: “It concerns me enormously that this would enable the government to collect more and more information. I do not want to [see] a trend where the government is consistently doing this and starting now. You can’t trust the government.”18 In mid-January 2022, it emerged that German authorities had unlawfully acquired encrypted data from a COVID-19 contact tracing app to track down witnesses in a criminal investigation. As the German international broadcaster Deutsche Welle reported, the case exemplifies concerns voiced by data protection experts.19
In urgent need of cash, the UK’s National Health Service recently decided to digitize and sell off the private health data of all 55 million of its users to private companies and other third parties. “One of the great requirements for health tech is a single health database,” Damindu Jayaweera, head of technology research at Peel Hunt, told Investors’ Chronicle. “There are only two places as far as I know that digitise the data of the whole population from birth to death … China and the UK.”20
Of course, that data for sale included highly sensitive information on physical, mental, and sexual health, as well as gender, ethnicity, criminal records, and history of abuse—information that NHS patients give in confidence to their general practitioner. NHS Digital executives would allow people, in theory, to opt out of the scheme, except they failed to announce that the scheme even existed until right before the opt-out deadline passed.
When the Financial Times ran an exposé in May 2021, NHS Digital was forced to shelve the scheme.21 Unfortunately, NHS Digital had already begun sharing patient data with over 40 global companies, including McKinsey & Company, KPMG, Experian, and a big data firm cofounded by the Sackler family, whose drug company, Purdue Pharma, was one of the main instigators behind the US opioid crisis.22 NHS Digital also shared patient data with the scandal-tarnished US spytech firm Palantir, which provides data-science support to US military operations, mass surveillance, and predictive policing. Perhaps most controversial of all, despite claims of confidentiality, NHS Digital ended up sharing the health data of more than 80 percent of the NHS patients who chose to opt out of the data-sharing program. The FT “found that insights from the data were often shared or sold on to other commercial entities and providers that use it to price products being sold back to the NHS, or conversely restrict the NHS’s access to analysis of its own data, creating conflicts of interest. Among the biggest criticisms focused on the opacity around the data’s fate after it leaves the NHS’s servers, and the lack of an auditing trail beyond the companies on the register.”23
Unfortunately, the scandal doesn’t appear to have prompted much in the way of meaningful change at NHS Digital. Within three months, another scandal erupted, this time revolving around facial recognition data collected by the NHS App, a multifaceted platform that can be used by NHS patients to access the NHS certificate proving their COVID-19 vaccination status. But to access the App, NHS patients must share their facial recognition data—data that’s being managed by undisclosed companies. Worse still, the NHS appears to be sharing some of that facial recognition data with law enforcement agencies, according to The Guardian. It is also likely to be of interest to UK and foreign intelligence services.24
With more and more companies and government agencies getting their hands on our health data, the security of that data is becoming increasingly precarious. If recent history has taught us anything, it is that no data is completely secure. And that should be a major cause for concern given that many vaccine certificates are likely to include our most precious data of all: our biometric data.
Biometrics systems are used to identify or authenticate identity by using innate physical or behavioral characteristics, including fingerprints, face and palm prints, iris patterns, voice, gait, breath, and DNA. The argument for its use is that by tying digital IDs to biometrics, authorities can largely remove the risk of fraud and identity theft, an issue that’s recently come up with vaccine passports in France and elsewhere.
Biometric technologies are already being used in diverse settings, from banks and other financial institutions to schools and workplaces. UK global bank Standard Chartered has rolled out fingerprint and other biometric technologies across many of the African and Asian markets in which it operates, as part of a $1.5 billion technology investment package. Mexican banks have collected biometric data (fingerprints and iris scans) on all their customers. Passports around the world have included biometric features for years, as have other forms of IDs. Many people opt to sign into their mobile phones using their biometric data.
Children are also being conditioned to use biometric systems, sometimes for the most mundane of reasons. In Scotland, for example, a number of schools in 2021 began using facial recognition to expedite school lunch lines. The local council in North Ayrshire said that the new technology allowed for a faster lunch service while removing the need for any contact at the point of sale: “With Facial Recognition, pupils simply select their meal, look at the camera and go, making for a faster lunch service whilst removing any contact at the point of sale.”25
Similar facial recognition systems have been in use in the United States for years, though usually as a security measure. In the case of the schools in Ayrshire, the rationale is ease, speed, and efficiency, but critics argue that these pilot schemes have a much darker purpose than expediting school lunch queues; they are about conditioning children to the widespread use of facial recognition and other biometric technologies.
Stephanie Hare, author of Technology Ethics, argues that the widespread use of these technologies is normalizing children to understand “their bodies as something they use to transact. That’s how you condition an entire society to use facial recognition.”
In the end, North Ayrshire council decided to shelve its pilot scheme after parents and data ethics experts raised concerns that the privacy implications may not have been fully considered.26 There has also been pushback from citizens in the United States on the use of facial recognition in schools. In New York, public opposition was so strong that the state government ended up halting all use of biometric identifying technology in schools until at least July 2022.
San Francisco-based digital rights group Electronic Frontier Foundation says that biometric systems pose “extreme risks” to privacy and the security of personal data:
The government insists that biometrics databases can be used effectively for border security, to verify employment, to identify criminals, and to combat terrorism. Private companies argue biometrics can enhance our lives by helping us to identify our friends more easily and by allowing us access to places, products, and services more quickly and accurately. But the privacy risks that accompany biometrics databases are extreme.
Biometrics’ biggest risk to privacy comes from the government’s ability to use it for surveillance. As face recognition technologies become more effective and cameras are capable of recording greater and greater detail, surreptitious identification and tracking could become the norm.
The problems are multiplied when biometrics databases are “multimodal,” allowing the collection and storage of several different biometrics in one database and combining them with traditional data points like name, address, social security number, gender, race, and date of birth. Further, geolocation tracking technologies built on top of large biometrics collections could enable constant surveillance.27
This is a problem highlighted in a Financial Times article about Aadhaar, India’s biometric ID system. It came into being in 2016 after the government passed the Aadhaar Act without any debate, discussion, or even the approval of Parliament. Aadhaar (Hindi for “foundation”) is a 12-digit unique identity number (UID) issued by the government after confirming a person’s biometric and demographic information. The largest system of its kind on the planet, Aadhaar required Indian citizens to submit their photograph, iris, and fingerprint scans in order to qualify for welfare benefits, compensation, scholarships, legal entitlements, and even nutrition programs. By 2021, the Unique Identification Authority of India (UIDAI) had issued 1.3 billion UIDs covering roughly 92 percent of the population.
The UIDAI was led by Indian tech billionaire Nandan Nilekani, the cofounder and nonexecutive chairman of Infosys, India’s second largest IT company. Lauded by Bill Gates as one of his so-called “heroes in the field” for having made the world’s “invisible people, visible,” Nilekani has in recent years been working with the World Bank to help other governments set up similar digital ID systems.28
Besides serving as a gateway to government services, Aadhaar also tracks users’ movements between cities, their employment status, and purchasing records. It is a de facto social credit system that serves as the key entry point for accessing services in India. While the system has helped to speed and clean up India’s bureaucracy, it has also massively increased the Indian government’s surveillance powers and excluded over 100 million people from welfare programs as well as basic services, as the FT article notes:
The Indian media has reported several cases of cardless individuals starving to death because they could not access benefits to which they were entitled. “Aadhaar is deeply embedded in Indian life and works for most people most of the time. However, when it does not work, it most affects those who are already vulnerable,” the [2019 State of Aadhaar] report concluded.
Some critics go further, arguing Aadhaar has largely failed to fulfil its original promise of improving welfare and now acts as a tool for social exclusion and corporate influence. In Dissent on Aadhaar (2019), 15 academics, lawyers and technologists examined Aadhaar’s shortcomings, focusing on an almost Kafkaesque disparity between the “helplessness, frustration and vulnerability” of the individual and the omniscience and opacity of large bureaucracies. “The Aadhaar project is a perversion of the constructive purpose of technology to be subservient to the needs of society,” concluded Reetika Khera, the book’s lead author.29
Biometric systems are also prone to failure, warns the London- based charity Privacy International:
This can be a result of issues like the fading of fingerprints (the elderly and manual workers being particularly at risk) or cataracts affecting iris scans.
The consequences of this can be severe: for example, failing to get access to benefits to which an individual is entitled. This is not an abstract concern. There are already reports that this has led to starvation deaths in India.30
The systems are also notoriously inaccurate on women and those with darker skin, and they may also be inaccurate on children whose facial characteristics change rapidly. Wired magazine reported in 2019 that “US government tests find even top-performing facial recognition systems misidentify blacks at rates five to 10 times higher than they do whites.”31
There is also the risk that people’s biometric identifiers could end up in the wrong hands. A large-scale data breech in India, for example, could affect over a billion people. Privacy International reports that authorities in India, South Korea, and the Philippines have already suffered “extensive security and data breaches that led to the leaking of biometric ID information belonging to millions of individuals in those respective countries.” If biometric data is hacked, there is no way of undoing the damage. You cannot change or cancel your iris, fingerprint, or DNA like you can change a password or cancel your credit card.
“The idea of a data breach is not a question of if, it’s a question of when,” says Professor Sandra Wachter, a data ethics expert at the Oxford Internet Institute. “Welcome to the internet: everything is hackable.”
Most databases are exceedingly porous, even in countries with advanced cybersecurity systems, as we saw in the recent hack of Microsoft’s exchange servers.32 Governmental databases are often targets because they have fewer resources and often less skilled IT teams.33 Central banks, such as the Reserve Bank of New Zealand and Banco de Mexico, have also been targeted by cybercriminals. These incidents raise concerns about any system that seeks to collect, integrate, and use the biometric identifiers of hundreds of millions or even billions of people. While most vaccine passport systems haven’t collected users’ biometric data yet, it is probably a matter of time before they do. That data is unlikely to be fully secure.
Peter Yapp, former deputy director of UK Government Communications Headquarters’s (GCHQ’s) National Cyber Security Centre (NCSC) recently warned that building another centralized database to store even more of our personal data would create more opportunities for hackers and cybercriminals:
Centralised databases mean you’re putting a lot of data in one place so it becomes an attractive target for hackers and the like, so it’s like a honeypot—it attracts people in and they’re going to have a go because there is so much data.
Steve Baker, deputy leader of the COVID Recovery Group (CRG) of Conservative MPs, said a centralized vaccine passport system would become a magnet for hackers:
Bugs create security vulnerabilities. That’s why it’s a terrible idea to gather together so much data of such importance in one place. This is one more nail in the coffin in the idea of COVID certification.34
There is another reason why vaccine passport systems are a threat to our personal liberties, privacy, and digital rights: that the scale and scope of their application will grow over time.
When the European Union launched its Green Pass initiative in June 2021, it was supposedly intended to reopen the bloc’s borders and make international tourism possible once again. But within months it was being used by many Member States to exclude unvaccinated people from accessing many public spaces and basic services. Italy’s government has used its iteration of the Green Pass to effectively ban almost four million people from being able to earn a living. In Austria the government locked down around two million people for not being vaccinated, before relenting five days later and locking down everyone else.
This has happened despite the fact that the EU’s own Green Pass legislation stipulates that “[t]he issuance of [COVID] certificates … should not lead to discrimination on the basis of the possession of a specific category of certificate.”35 The Council of Europe, Europe’s preeminent human rights organization, went even further, arguing not only that no one should be “discriminated against for not having been vaccinated” but also that the vaccination should not be mandatory.36
To complement its Green Pass, the EU has already launched a digital wallet that will be used to store peoples’ surnames, first names, dates and place of birth, gender or nationality, as well as enable Europeans to identify themselves online. This is part and parcel of the digital identity revolution being spearheaded by organizations like the World Economic Forum, Gavi, and ID2020.
In a similar vein, the UK government quietly announced on December 27, 2021, just weeks after introducing its vaccine passport system, plans to develop a “digital identity and attributes trust framework” that will “enable employers and landlords (letting agents) to use certified identification document validation technology (IDVT) service providers to carry out digital identity checks on their behalf for many who are not in scope to use the Home Office online services, including British and Irish citizens, from 6 April 2022.”37
Once vaccine passport/digital ID systems are established, mission creep is virtually guaranteed. But don’t take my word for it; the French defense contractor Thales Group laid it out in an internal blog authored by its head of digital identity services portfolio, Kristel Teyras:
The ambition is huge; both in terms of scale—as it applies to all EU member states—and also in the power it would grant to citizens throughout the Bloc. For the first time, citizens would be able to use a European Digital Identity wallet, from their phone, that would give them access to services in any region across Europe.38
Note Teyras’s use of the verb “would be able to” in the second sentence. As German finance journalist Norbert Häring points out, “if we want to remove the gloss … we would only have to replace ‘be able to’ with ‘have to.’”
“That sounds a bit scarier, doesn’t it?” asks Häring.
One of the companies involved in the development of the UK’s COVID-19 vaccine passport, the US IT firm Entrust, said that the vaccine passport system could also be “redeployed” as a national ID card. This is despite the fact that a previous digital ID card scheme was scrapped in 2011 following a public outcry against the intrusion and potential for human rights violations it would entail.
In a blog written shortly before Entrust was awarded a £250,000 contract in May 2021 to provide the cloud software for the UK’s vaccine certification system, the company’s product marketing manager Jenn Markey noted that:
Vaccine credentials can become part of the infrastructure of the new normal.… Why not redeploy this effort into a national citizen ID program that can be used for multiple purposes, including the secure delivery of government services, secure cross-border travel, and documentation of vaccination.39
“Digital wallet” suggests that economic activity could become an integral part of the frameworks’ functions, a prospect that should terrify anyone but which Teyras describes as “really exciting.” The UK’s former Prime Minister and leading vaccine passport advocate Tony Blair also raised this possibility in an address to WEF members: “Digital ID can play a part in COVID but also if you think of the transactions that you want to do now with your customers, it’s much simpler for them if they have a digital identity.”40
Many of the same companies and organizations that are driving the roll out of digital IDs are also pressing for the elimination of cash transactions. These companies and organizations include global banks, fintech start-ups, big tech giants, and credit card companies. The European Commission has already announced a plan to cap cash payments at €10,000 across the EU despite fierce opposition among cash-loving countries, such as Austria and Germany.
Of course, in a world of increasing government surveillance and control, cash is one of the last vestiges of personal freedom and privacy we have left.
“Cash gives people a sense of security, independence, and freedom,” said Gernot Blümel, Austria’s former finance minister. “We want to preserve that freedom for people.”41
Other countries have other ideas, though. Even before the cash limit had been introduced, the French Government was advocating for a lower limit. Norbert Häring describes how this tactic conforms with IMF strategy to abolish cash even in the face of popular resistance: “… starting with a high, unoffensive limit and lowering it progressively.”42
From the onset of the pandemic, cash has been suggested as a possible vector of infection. In early March 2020, in response to a question about whether banknotes could spread the coronavirus, a World Health Organization (WHO) spokesperson said: “Yes, it’s possible, and it’s a good question. We know that money changes hands frequently and can pick up all sorts of bacteria and viruses … when possible it’s a good idea to use contactless payments.”43
Legacy media outlets pounced on the WHO’s comments and magnified them, sparking fears over the safety of cash. The WHO has since walked back its comments, arguing that it was not advocating for people to abandon the use of cash, only that they should wash their hands after handling it.
Central banks have also attempted to dampen public fears. But at the same time many of those central banks, including the People’s Bank of China, the Federal Reserve Bank, the European Central Bank, and the Bank of England, are exploring the possibility of introducing their own central bank digital currencies, or CBDCs, in the near future.
Combining digital currencies with digital IDs while phasing out, or even banning, the use of cash would grant governments and central banks the ability not only to track every purchase we make (and made in the past) but also to determine what we can and cannot spend our money on. They could also prevent certain “undesirable” people from buying anything. Anyone with a blocking notice attached to their digital identity would “thus be unable to do many of the most basic things independently,” says Häring. Central banks could even issue stimulus funds with an expiration date, forcing people to spend rather than save.
Cash and CBDC are a world apart, as Agustín Carstens, the president of the Bank of International Settlements, the central bank of central banks, conceded in an interview:
We don’t know who’s using a $100 bill today and we don’t know who’s using a 1,000 peso bill today. The key difference with the CBDC is the central bank will have absolute control on the rules and regulations that will determine the use of that expression of central bank liability, and also we will have the technology to enforce that.44
For central banks the introduction of CBDCs will provide a huge fillip to the power they already wield over the economy. It also means they will enter in direct competition with the banks they are supposed to regulate. Some economists have even warned that high street lenders, particularly smaller ones, could end up going under as savers switch their money into a secure digital account with their respective central bank at the slightest whiff of a financial crisis.
For the public, the benefits are less existent while the risks are huge. In the UK, a POLITICO survey of 2,500 adults found Brits “harbor more suspicion about central bank–backed digital currencies (CBDCs) than excitement.” Just 24 percent of those surveyed believed the digital pound would bring more benefits than harm, while 30 percent said the opposite. Seventy-three percent of respondents expressed concern about the threat of cyberattacks and hackers. The prospect of losing payment privacy worried 70 percent.
Even proponents of CBDCs admit that central bank digital currency could have serious drawbacks, including further exacerbating income and wealth inequality.
“The rich might be more capable than others of taking advantage of new investment opportunities and reaping more of the benefits,” says Eswar Prasad, a senior fellow at the Brookings Institute and author of The Future of Money: How the Digital Revolution Is Transforming Currencies and Finance. “As the economically marginalized have limited digital access and lack financial literacy, some of the changes could harm as much as they could help those segments of the population.”45
So, not only will the introduction of CBDCs strip global citizens of one of the last vestiges of freedom, privacy, and anonymity (i.e., cash), it could also exacerbate the upward transfer of wealth that many societies have witnessed since the COVID-19 pandemic began. Together with the vaccine passports, CBDCs will facilitate even greater concentration of wealth and power—and not a moment too soon for the wealthy and powerful. As Häring argues in his forthcoming book Endspiel des Kapitalismus (“Endgame for Capitalism”), the elites are fully aware that the Ponzi scheme of late-stage capitalism, built upon the foundations of unpayable levels of public and private debt, will soon crash. Before that happens, they are trying to usher in a neofeudal society, in which they can continue to hold most of the power and wealth.