Get the latest Syracuse news delivered right to your inbox.
Subscribe to our newsletter here.

With one in five New York state residents fully vaccinated and one in three having received at least their first dose of the vaccine, New Yorkers are enthused to say the least. Social media has been littered with photos of vaccine cards and smiling residents hopeful for a fresh start. But as the state continues to roll out vaccines, a new question looms: how do we keep track of who is vaccinated?

Many people are laminating their cards and using these as proof. That’s great for the short-term, but New York state has put into place a more efficient solution that they’re hoping encourages other states to do the same.

The state recently launched a voluntary “vaccine passport,” the Excelsior Pass, which was developed with IBM. The pass is a smartphone app that uses medical records to create a specialized QR code that can be scanned at events as proof that the person is vaccinated or recently had a negative COVID-19 test. To register, you have to enter your name, birthday and ZIP code.

In theory, this is a great solution. It seems quick, accessible and effective, and for the most part, it is. But it proposes a much larger issue: Is the app secure, or will businesses have access to your health information? State officials must address these questions.

The pass uses blockchain software technology, which “appears completely nonsensical,” Sam Biddle wrote in a piece for The Intercept. The pass’s blockchain will be private, allowing only entities approved by IBM to access its contents, Biddle said.

“But the governor’s office and IBM, neither of which provided comment for this article, have been stingy with details, like how exactly the app works behind the scenes or why New Yorkers should trust this software with their sensitive health information. The answer to both of these questions is simply: blockchain,” Biddle said.

New York officials have tried to reassure residents that the pass is technologically secure. Venues won’t be able to see any more health information than a quick “yes” or “no” through the QR code. But some residents are still wary, and rightfully so.

“I have more detailed technical documentation about the privacy impact of nearly every app on my phone than I do for this health pass,” Albert Fox Cahn, founder of the Surveillance Technology Oversight Project, recently told Gothamist/WNYC. “IBM and the governor are using lots of buzzwords, but they’re not explaining their cryptographic model. They’re not explaining the security, implementation. And on top of it, the pass itself is incredibly revealing, disclosing not only people’s health status, and name but their date of birth.”

This potential lack of privacy could be dangerous for New York residents, and it increases the possibility for identity theft. Some residents may not feel comfortable disclosing this information, too.

Moving forward, New York residents should spend time looking into the privacy of this app, asking questions of both IBM and the governor and thinking about what kind of medical security they feel comfortable with. This is likely a very personal and individual decision for New Yorkers, and they should be able to make their own decision about who they feel comfortable sharing their health information with.

The state must address personal privacy concerns before we put a vaccine passport to action.

Micaela Warren is a freshman communication and rhetorical studies major. Her column appears biweekly. She can be reached at mgwarren@syr.edu.

Published on April 5, 2021 at 11:32 pm