Vaccine passportsVaccine Passport Missteps We Should Not Repeat

By Alexis Hancock, Adam Schwartz, and Jon Callas

Published 2 September 2021

As they roll out, we must protect users of vaccine passports and those who do not want to use—or cannot use—a digitally scannable means to prove vaccination. We cannot let the tools used to fight for public health be subverted into systems to perpetuate inequity or as cover for unrelated, unnecessary data collection.

Vaccine mandates are becoming increasingly urgent from public health officials and various governments. As they roll out, we must protect users of vaccine passports and those who do not want to use—or cannot use—a digitally scannable means to prove vaccination. We cannot let the tools used to fight for public health be subverted into systems to perpetuate inequity or as cover for unrelated, unnecessary data collection. 

Over the past year, EFF has been tracking vaccine passport proposals and how they have been implemented. We have objections—especially when rolled out by opportunistic tech companies that are already creating digital inequity and mismanaging user data. We hope we can stop them from transforming into another layer of user tracking.

Paper proof of vaccination raises fewer concerns, as does a digital photo of a paper card displayed on a phone screen. Of much greater concern are scannable vaccination credentials, which might be used to track people’s physical movements through doors and across time. Thus, we oppose any use of scannable vaccination credentials. At a minimum, such systems must have a paper alternative, open source code, and design and policy safeguards to minimize the risk of tracking.

Last year “immunity passports” were proposed and sometimes implemented before the science was even well-developed on COVID-19 immunity and vaccination. Many governments and private companies apparently were driven less by informed public health and science, as by the need to promote economic movement. Some organizations and governments even took the opportunity to create a new, digital verification system for the vaccinated. The needed transparency and protection has been lacking, and so have clear boundaries to keep them from escalating into an unnecessary surveillance system. Even though we recognize that many vaccine credentialing systems have been implemented in good faith, there are several examples below of dangerous missteps that we hope will not be repeated.

New York State’s Excelsior Pass
Launched in April, this optional mobile application has had gradual adoption. Three key issues appeared with this deployment. 

First, IBM was not transparent on how this application was built. Instead, the company used vague buzzwords like “blockchain technology” that don’t paint a detailed picture on how they are keeping user data secure.