Select a region
The Government was forced to spend £15,000 on checking the safety of its digital covid certificate portal after security issues led to the shutdown of the original within hours of launching, Express can reveal.
Developed in-house by the Government’s ‘Modernisation and Digital Covid team’, the electronic certificate was launched on 20 October, allowing islanders to download a QR code to their smartphones, which would serve as proof of vaccination in countries with entry and internal restrictions.
However, that evening, it was withdrawn after a “system flaw” was discovered, which enabled anyone to use dates of birth and Social Security numbers to access others’ vaccine passports.
That threat had not been identified or tested in advance of the app launching.
Officials worked overnight alongside Microsoft to investigate the issues, but it was not until 17 December that the digital certificate was back up and running, although islanders could have received a PDF version of their QR codes during the two-month gap, as they can still now.
Express asked for details about what the problem was, and how much it had cost to rectify in December. Responding last week, a Government spokesperson said: “While no islanders had their vaccination record compromised from this risk, we needed to close this threat. Work to address this was simple, and relatively quick.
“However, given the potential impact, an accredited third-party security testing company was recruited to run additional testing. Internal tests were then re-run, and an alternative release date was scheduled."
Pictured: Proof of vaccination is necessary to visit many restaurant, bars and attractions in Europe, including going up the Eiffel Tower in Paris.
“The only additional cost to the Digital Covid Status Certificate was in the region of £15,000 for the additional third-party testing, which will be carried out regularly as part of our standard procedures as the service is developed," they added.
“We continue to develop our testing capabilities as we continue to develop the digital certificate.
"However, it is standard industry practice to use third-party security testing companies to verify security measures.
“Record of a booster dose was included in the digital certificate when they were launched on 17 December 2021.”
Pictured: No one‘s data was compromised but a threat existed, the Government said.
A recent Freedom of Information request revealed that the digital certificate had been developed in-house, by the Government’s ‘Modernisation and Digital Covid Team’, which was put in place to handle all the technology developments required to support the covid response, along with a number of third-party suppliers.
The Government said it could not break down the cost of the digital certificate specifically as the team had worked on a number of projects at the same time.
It did, however, add that it had not purchased any new software to deliver the electronic certificate.
Comments
Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.