‘Vaccine Passports’

Prototyping, Intellectual Blindspots, Fake Irish and Scammers

‘What if’ Prototyping

From the early open data work on COVID-19, my Consensas colleague David and I have been patiently tracking and compiling information about how data, or lack of, is employed during the pandemic. The only clear signal is static. Data is political.

We’ve learned from our work in supply chains that there is always an intellectual blind spot concerning technology. To some, it’s magic; to others, the key to untold riches; for many, it’s a black box and, in some cases, a system of monitoring and control. We see this playing out today; in headlines like  NYT’s “Next Coronavirus Divide” or the Star “Business leaders polarized on usefulness of vaccine passports.” 

Technology is not the challenge; communication is. Stakeholder alignment on privacy, marginalization, access or even cost, is paramount and any system will need to address some form of counter-party complaint. Instead of arguing or pitching vapourware, we created a probable ‘what if’  scenario to see if we can address these challenges.

These ‘Information Passports’ use our ConsensasID technology, and here’s how it works:

Want to play? The working demo and open-source code are published here: https://passport.consensas.com. Also, we’ll throw in our tool for compressing large JSON-LD credentials at  jsonxt.io.

We’re actively participating in the Linux Foundation Public Health initiative for standardization, Good Health Pass initiative for Paper-Based Credentials. If you’re working on similar solutions we encourage you to participate.

Choice Architecture

We’re all going to be affected by the policy decisions resulting from the pandemic. Instead of arguing about beliefs, our focus should be on choices and are we gaining or losing them?

For small businesses, the response to COVID-19 has been particularly disappointing. Here in Canada, “As of December 2019, the Canadian economy totalled 1.23 million employer businesses. Of these, 1.2 million (97.9 percent) were small businesses, 22,905 (1.9 percent) were medium-sized businesses, and 2,978 (0.2 percent) were large businesses” — Business & Industry Canada. The United States Office of Advocacy published a report in 2019 that stated: 44 percent of U.S. economic activity” were small businesses. What’s disheartening is those (U.S.) 2019 numbers were already in decline vs large companies. It will be interesting to see how COVID-19 affects these statistics since many lockdown orders have omitted larger chains from restrictions. ‘Choice’ could play a huge part in the recovery of small businesses.

In essence, any vaccination is a golden ticket. The benefits of being ‘first!’ (to infer some internet parlance) are almost incalculable. The argument is simply vaccine availability will continue to be a challenge and those who can procure a ‘Jab’ could gain an advantage, perceived or real. Prioritizing large grocery chains during closures over workers at the local independent food market for example. But, hidden amongst the furor over the idea of passports are short-term opportunities like proof of testing to reduce some pressure on businesses and people.

Choice architecture is about allowing a selection to be made based on some claim or evidence. Suppose an individual, i.e. a student, uber driver, or factory worker, can demonstrate a “negative” test or vaccination. Why isn’t it up to a counterparty, say, a school, rider, local bar, small business or employer, to determine if the data presented meets the safe workplace requirements/social guidelines? What about a group gathering? The tools for simple counterparty ‘validation’ are accessible and distributable, so why is a standardized publication for proof of testing not in practice at a minimum? Is technology the issue, or is it the perceived burden of choice and who should wield it?

By failing to take the initiative on public declarations we allow others to set precedence. We need to publish digital credentials or have them published for us even if they are temporary. What’s emerging within the airline industry should be studied critically. IATA’s app does not seem to specify a standard or mechanism that a health authority makes or a method to validate a claim. Simply add your passport, your picture, and other self-disclosures which does not seem particularly secure. The analogue here is that guy wearing a “Kiss Me I’m Irish” shirt in the bar on St. Patrick’s Day. Spoiler: he’s not. If we then consider ‘Pay to Play’ actors like Clear, and the software giants powering these initiatives it’s understandable why tin-foil hats are back en vogue.

Ultimately we have a stand-off. The government, on one side, current holder of proof, and on the other, a public desperate for data to make informed decisions for their families, patrons and staff. That supply and demand will attract interest. Instead of focussing on iterative progress regarding open data, governments have entered the quagmire of state-controlled DigitalID’s and tokenized `blockchain wallets.` On this, the team at Consensas argues that credentials should be open, and not require massive infrastructure changes.

Publish digital credentials or have them published for us even if they are temporary.

Covid-19 has handed us what is arguably the single most significant moment for positive systemic change in a generation, but we should have a clear intent to promote choice, not consolidate it. That’s not as glamorous as announcements about multiyear infrastructure speculation with IBM’s Deep-Watson-Hyperchain-Wallet®. Still, it’s a more beneficial cultural signal that our public leadership believes in continuous improvement and access to (digital) public services for all.

For those who choose not to be vaccinated or opt for alternative treatments, the same laws that protect their rights are the ones that allow a restaurant to refuse service to individuals not wearing shirts, socks or shoes. Shirtless diners afford us convenient visual confirmation of compliance, the challenge is discerning choices we can’t see, because they have potentially dire consequences for others. We need trusted methods of disclosure that support public health/safety by reducing the impact of health-related challenges with the lowest impact on freedoms.

Pharmacies could be invaluable partners in establishing public trust. As a commercial entity, they are an established and trusted counter-party check for medication conflicts and the distribution of controlled substances. As the bridge between patient, health and insurance data ecosystems, they also administer flu shots and have some skin in the game. The challenges will be limited access to vaccines and technology. There’s no doubt that super-collaborations like League+Shoppers Drug Mart could pull this off, but more locally and perhaps broadly worldwide, smaller independents may struggle without affordable support and tools.

Vs the Scammers

Vaccination Passports are conceptually problematic and a political nightmare, the ol’ “damned if you do.” But, are we stuck on ‘Passports’ as the only solution. Are we missing a bigger picture? Does the underlying data have additional safety benefits? In the voice of Steven Toast “Yes!”.

Social media was key in our research, people routinely shared examples of how various health authorities validated vaccinations and testing. That these were mostly paper documents wasn’t the insight, it was that information on these documents is easily faked because it’s monomodal; that is, the data has a singular purpose.

But, data is multimodal. If published by a validated, trusted source, in a useable format, without pre-analysis-bias, it can have genuinely emergent properties.

If we consider a driver’s licence, its intended use is to authorize an individual as qualified to operate a specific class of motor vehicle. Not to confirm that you can score a 6 of PBR. Yet, the data on the licence also validates age and residence.

A Bartender confirming your age with a licence works because the data is perceived to have been validated, or could be validated at some point, by a recognized authority because the information is unique to each card. The stakes are also relatively low in this scenario, Police or the issuer are rarely involved to authenticate.

This is why falsified vaccination records are particularly dangerous. The stakes are much higher.

Fake IDs were (and probably still are) a right of passage for teens. These forgeries are almost mythical in the sense that they magically unlocked doors to places taboo. Ironically they are only rarely used for illegally operating a motor vehicle. The social contract is “you know what this is for, and it’s not for driving”. That’s what makes fake vaccine cards so dangerous there is no *wink-wink* subversion of the policies of ‘the man’, it’s a potential vector for infection.

Early on in the pandemic, several individuals would attempt to enter our family business without a mask. Despite provincial and municipal orders (i.e. Official-Officials), they would hold a cheaply laminated paper card aloft proclaiming, “I’m exempt, I have an exemption card, I don’t need to wear a mask.” That a kiosk in a mall north of Toronto can undermine the official policy of elected government officials in individuals’ minds should be of concern for us all. There is no *wink wink*.

What is the utility of a confirmation document if its value can be undermined so easily by counterfeiting?

“Hundreds of sellers are offering false and stolen vaccine cards, as businesses and states weigh proof of vaccinations for getting people back to work and play.” NYT

These are the limits of paper without some counter-party validation.