With nearly 25 percent of Americans now fully vaccinated, the Centers for Disease Control and Prevention has been issuing new guidelines every few weeks for what fully vaccinated people can safely do. Now, for many the question is how to prove that they’ve been vaccinated — or trust that others have been.
The most popular answer to emerge has been some sort of certification more robust than the paper cards familiar from the Instagram feeds of the newly vaccinated—what has been somewhat misleadingly dubbed a “vaccine passport.” And that has sparked a serious backlash.
Texas became the second state to join that backlash on Tuesday when Gov. Greg Abbott, R, issued an executive order barring government agencies from requiring proof of vaccination from any person, and forbidding them to issue any “standardized documentation for the purpose of certifying an individual’s Covid-19 vaccination status to a third party.” Florida was first: Gov. Ron DeSantis, R, went even further with an executive order on April 2 forbidding even private businesses from requiring proof of vaccine status for admittance.
These moves may be borne of a well-intentioned desire to protect individual privacy and liberty, but both are ultimately shortsighted — and unlikely to serve either freedom or public health. Both unwisely conflate the idea of vaccine credentials in themselves with the most unpleasant way they might possibly be used.
If it is sometimes necessary to verify an individual’s vaccination status, then it’s hard to argue the process should not be as secure, reliable and convenient as possible.
The conversation around vaccination credentials would be enormously improved if we could separate two distinct questions.
First: Is it desirable to have a secure and reliable mechanism for determining who has been vaccinated against the coronavirus for at least some purposes?
And second: In what contexts is it desirable and appropriate to demand proof of vaccination as a precondition for participating in some activity?
The answer to the first question should be easy: Of course. There are numerous contexts in which showing evidence of vaccination is either already required or has clear benefits. Given that, a secure, easily verifiable record is self-evidently preferable to a handwritten scribble on card stock which anyone with a laser printer could forge.
International travel is one obvious example: Several foreign countries have already signaled that they will begin admitting American visitors again, but will require proof of vaccination. Americans returning from abroad, meanwhile, are already obliged to show a recent negative Covid test. The U.S. airline industry has asked the CDC to alter its guidelines to waive that requirement for those who have been fully immunized (which seems like common sense). While providing a negative test result should always remain an option, insisting that people who have already immunized be repeatedly tested is a costly and pointless burden on the right to travel.
If it is sometimes necessary to verify an individual’s vaccination status, then it’s hard to argue the process should not be as secure, reliable and convenient as possible. The primary means Americans currently rely on to establish their immunization history — those little immunization record cards healthcare providers are required to give patients along with their jabs — is none of the above. The critical information is typically handwritten — and not always legibly or accurately — and the card itself is both easy to lose and trivial to forge.
As long as a common set of protocols are widely used, individual health providers can maintain their own records and issue their own certificates.
Little wonder, then, that there are at least 17 separate initiatives already underway aimed at providing a more secure alternative.
The details vary, but the core idea behind most is to take advantage of encryption technology to create an upgraded version of the current immunization record card. Health care providers could cryptographically “sign” an encoding of some minimal, critical details: The patient’s name, the date of immunization and which of the various available vaccines they received. This authenticated data could then be encoded in machine readable form — such as a bar code or QR code — and either printed out or stored on the patient’s mobile device. Anyone with the right app to read the code would then be able to verify that a legitimate health provider had indeed produced the record.
None of this requires any kind of centralized master database containing people’s health information, or for a government agency to issue “passports.” As long as a common set of protocols are widely used, individual health providers can maintain their own records and issue their own certificates. These upgraded certificates need not — and should not — contain any more private information than is already printed on the existing record cards.
The second question — whether it’s desirable and appropriate to require that people show proof of vaccination to participate in some activities — is, of course, more contentious. Many seemingly fear that the existence of vaccine certificates would quickly give rise to an authoritarian scenario in which Americans are expected to “show [their] papers, please,” in order to engage in routine activities like grocery shopping.
But that is neither necessary nor likely, and such concerns aren’t a good argument against the certificates themselves. If some states are concerned that anyone might be asked for a vaccine card at the grocery store, state policy can reflect that specific concern and prohibit certain essential facilities from denying access to people based on their vaccination status. But in the absence of a government mandate for every business to check vaccine IDs, there is little reason to think this is a realistic scenario.
Individual businesses are the best judges of what policies towards vaccinated and unvaccinated customers are appropriate to their particular circumstances.
Private business, after all, are typically loath to turn away paying customers — or to waste time, money and energy “carding” patrons unnecessarily. Unless they are required to do so, there is no reason to expect the vast majority of businesses that are currently happy to admit masked customers with appropriate precautions to create more barriers to customers’ entry.
There are, however, many categories of business that are currently hard pressed to operate remotely normally with minor precautions like face masks, and have found it challenging to ensure the safety of their staff and patrons even with extensive safeguards. Numerous Covid outbreaks have been traced to gyms, for example, where even with masks and social distancing, all that exertion and heavy breathing makes it hard to limit spread. Exercise facilities’ bottom lines have also, not coincidentally, been hit particularly hard by the pandemic and, while many have begun to reopen, they are likely to find that some members would rather stick to the Peloton if they’re expected to remain masked for an indoor hot yoga class.
Reliable immunization certificates could then make it possible for gyms and other businesses with similarly special risks to return a little closer to their normal, perhaps by reserving certain hours for fully immunized members, during which distancing and masking rules could be safely relaxed.
Cruise lines — which became notorious early in the pandemic as floating super spreader events — are already announcing that they plan to set sail this summer with all crew and passengers fully vaccinated. Restaurants currently open for outdoor dining only, or seating at drastically reduced capacity, might similarly be able to accommodate more diners if they were able to distinguish between immunized and unvaccinated patrons.
The core idea behind most “vaccine passports” is to take advantage of encryption technology to create an upgraded version of the current immunization record card.
Then again, they might not want to.
Either way, individual businesses are the best judges of what policies towards vaccinated and unvaccinated customers are appropriate to their particular circumstances. Government should not force any individual to be vaccinated, but it should also be reluctant to override private businesses’ decisions about how to best protect and satisfy their customers and employees.
Ideally, of course, all this will soon be moot: As more and more Americans are vaccinated and herd immunity hopefully eventually kicks in, it will probably no longer be worth the effort of determining which particular individuals are immunized.
But if that doesn’t happen, some sort of infrastructure for verifying vaccine status could be key to avoiding another round of total lockdowns in the face of a possible resurgence.
There are excellent reasons to be wary of vaccine credentials mandated by government as a means of forcing a medical decision on unwilling citizens. But these are not good arguments against allowing for any system of vaccine credentials to be developed at all — let alone against allowing businesses and individuals to make informed decisions about how best to return to normal.