When New York City announced on Tuesday that people would soon have to prove that they took at least one dose of the coronavirus vaccine to get into businesses, Mayor Bill de Blasio said the system is ” simple – show it and you’re in. ”Less simple was the privacy debate that resurfaced in the city.
Vaccine passports, which show proof of vaccination, often in electronic form as an app, are the basis of De Blasio’s plan. For months, these records – also known as health passes or digital health certificates – have been discussed around the world as a tool for those vaccinated, less exposed to the virus, to safely assemble.
New York will be the first city in the United States to include such passes in a vaccine executive order, potentially sparking similar acts elsewhere.
But standardizing those credentials could also usher in an era of greater digital surveillance, privacy researchers say. This is because vaccination cards can allow location tracking, while there are few rules on how personal vaccination data should be stored and can be shared. Existing privacy laws limit the sharing of information between healthcare providers, but there’s no similar rule for when people enter their own data into an app.
The situation is similar to the period following the terrorist attacks of September 11, 2001, say privacy advocates. At that time, changes in the name of national security had lasting effects, such as ordering people to take off their shoes at airports and the collection of data permitted by the Patriot Act.
Without guarantees today, presenting a digital vaccination passport every time a person walks into a public place could lead to a “global map of where people go,” said Allie Bohm, policy adviser at Civil Liberties New York Union. The information could be used by third parties for commercial purposes or passed on to law enforcement or immigration authorities, she said.
“How can we guarantee that in 20 years we won’t say ‘well there was Covid, and now I have this passport on my phone which is also my driver’s license and also every health record that I have have ever had, and every time I have I go to a store, should I pass this on? ‘ Said Bohm.
She added that the passes could particularly hurt more privacy-conscious groups, including those living illegally in the United States. The New York Civil Liberties Union and other advocacy groups are supporting legislation that prohibits the sharing of immunization data with law enforcement and ensures that passes do not become permanent health trackers.
Vaccination passports have been widely used without a national framework in the United States. President Joe Biden has ruled out a national vaccine pass, leaving states, cities and private companies to determine if and how their own electronic systems will track those vaccinated.
Some companies that have developed digital vaccination passes have tried to minimize privacy concerns. More than 200 public and private organizations recently joined the Immunization Credential Initiative, a coalition that aims to standardize how immunization data will be recorded and protected.
Many developers have said that they have gone to great lengths to ensure that passports do not cross privacy thresholds. Clear Secure, the security company that created a health pass used by more than 60 organizations, many of which are sports venues, said its users’ health data is “treated with the utmost care” and protected by a variety of tools. Employers or locations can only see a green or red sign indicating whether the user has been vaccinated, she said.
The Commons Project, a nonprofit organization that developed a vaccination card called CommonPass, stores vaccination and test data on users’ phones and temporarily updates the information on a server to verify that a traveler has meets the requirements. Airlines that have adopted CommonPass, such as JetBlue and Lufthansa, say they can only see if the passenger has been cleared for travel.
JP Pollack, co-founder of the Commons Project, said the group’s vaccine pass was “reliable” and kept user data confidential.
But while vaccination passports are still in their infancy, the Covid-19 contact tracing apps adopted at the start of the pandemic have already been used by more authoritarian countries in a way that raises concerns about confidentiality. This gives researchers little confidence in how these vaccines can be used later.
“One of the things we don’t want is to standardize emergency surveillance and then we can’t get rid of it,” said Jon Callas, director of technology projects at the Electronic Frontier Foundation, a digital rights group.
While such incidents do not occur in the United States, researchers say they are already seeing potential for excess. Several of them highlighted New York City, where the requirement for proof of vaccination will begin August 16 and will be monitored from September 13.
As proof, people can use their paper vaccination cards, the NYC Covid Safe app, or another app, Excelsior Pass. This was developed by IBM under an estimated $ 17 million contract with New York State.
To get the pass, people enter their personal information. In the standard version, businesses and third parties only see if it is valid, along with the person’s name and date of birth.
On Wednesday (4), the state announced the “Excelsior Pass Plus,” which not only shows whether the individual is vaccinated, but includes information on when and where they received the vaccine. Companies that scan the Pass Plus “may record or store the information it contains,” according to New York State.
Excelsior Pass also has a “Phase 2,” which may involve expanding the use of the app and adding information such as personal details and other health records that can be checked at the doorstep. ‘company.
IBM said it uses blockchain technology and encryption to protect user data, but it did not explain how. The company and New York State did not respond to requests for comment.