I wrote about vaccine passwords for Avast’s blog back at the beginning of the year. Since then, we have some more clarity over where and how they will be used, and a lot more questions too. Here is a brief summary on their progress.
First, the passports have now entered the political arena. Several states (including Missouri and Florida) have actually issued rulings preventing them from being used by state agencies or by local businesses. Pennsylvania, Montana and Arkansas are close to passing similar prohibitions. The White House has stated that there will be no federal mandate for any vax credentials. This pretty much guarantees that Americans will be stuck with those postcards that are handed out when we got the Covid shots. Coming from the opposite direction is NY which has their own passport app. As Shelly Palmer documents, this has been a fiasco — even calling the app the NYS Wallet to confound usability and destroy what little trust users might have about this passport.
The politics of the passport go something like this: we don’t want to create a centralized health database, because chances are the gummint will screw that up and we would have a massive data privacy issue on our hands. (Perhaps almost as bad as what just happened recently with Facebook.) Yet the local health departments have been issuing paper vaccination records for decades without any controversy (for the most part), and schools and military use these paper documents to prove that you have gotten vaccinated.
Covid it seems requires something new and a more digital approach. And with a new system comes the challenges of being able to preserve privacy and yet allow people to have their individual freedom. The ACLU has weighed in with their opinion here. They warn, “we could see a rush to impose a COVID credential system built on an architecture that is not good for transparency, privacy, or user control. The devil is in the details.”
But there are some pretty significant efforts being done by open source folks, such as this one that is trying to work out these details to keep the vax record on an individual’s smartphone. We shall see whether these will pass muster and have the right controls when they are finally implemented. There are some pretty smart people working on this, but then because of politics anything could go awry. (I wrote about the anti-vax movement earlier this year here.) In the meantime, when we get our Covid vaccinations, we get a small postcard. But will that be sufficient proof?
Second, the pilot programs have begun but have very limited use. One series of trials has been happening at more than 20 different airlines that are using the IATA travel pass. These trials are typically on a couple of city pairs and a small number of flights, where passengers are notified they will either have to download an app or print out the certificate to prove they have been vaccinated. None of these are US-flag carriers, and probably the furthest along is Singapore Airlines, which is planning on rolling out this pass by summer.
Probably, the furthest along is the Israel Green Passport smartphone app. Israel has done the best job of almost any nation at getting vaccines distributed to people over 16. The app is required for numerous large social gatherings, although as this NYTimes article documents, it isn’t uniformly enforced. One interesting side note: another digital passport is being contemplated to be used by airlines and nearby-countries to allow Israelis passage and entry if they want to travel. It isn’t clear how this will work. One problem: given that children haven’t yet been vaccinated, families who want to eat or attend these activities together can’t, unless the kids get a Covid test ahead of time.
The enforcement issue brings up another point: who is going to authenticate the passport holder? Right now when we can actual cross an international border, there are trained professionals who look at your regular passport and any paper and digital visa stamps and approve your passage. Do we really want to have bar bouncers, part-time ticket takers and other assorted folks determining whether we can enter a concert venue, shopping mall, restaurant or whatever?
Israel has addressed this problem of controlled access a long time ago. If you want to attend university, go to a shopping mall, ride a train or go to a concert, you have to pass through the barrier that most Americans just associate with airport TSA checks. Granted, these checks were mainly for weapons, and to that effect similar controls were recently placed around the Capitol. Yet many members of Congress pay them no heed. That doesn’t bode well for US-based enforcement.
There are a lot of other issues about how to implement the vax passport apps, and solving these isn’t going to be easy. But at least getting your shots is getting better: we are approaching delivering 4M shots a day now.
I intend to get on a plane in November or December — perhaps to Singapore — and not find my way back to the US for a year or more. So I would sign up for an IATA Travel Pass tomorrow if I could, and if I believed that it would work. But according to the IATA site, its ability to provide proof of vaccination is contingent upon “governments issuing digital vaccination certificates.” Is that on anybody’s radar here in the states? I’m getting my second shot on Friday from Austin Public Health, and I’ve got the postcard, but so far, nobody in the process has made any attempt to actually verify my identity, so how would that translate to a digital proof?
Coincidentally, the NYT ran this story after I posted my blog, about some of the political issues behind the vax passports:
https://www.nytimes.com/2021/04/06/us/politics/vaccine-passports-coronavirus.html