Thanks for bringing up the topic of vaccine passports and doing it in a thoughtful way. Before getting started on the stuff I can actually claim to have some insight into, just a few quick points of order about the Excelsior Pass:
It’s not really a vaccine passport, or even an immunity passport, it’s a broad “good to go” credential based on whether you’ve been vaccinated or you’ve had a recent negative test.
As best I can tell the 30 day limit is just an artifact of when you download it. You can reset the clock by downloading it again the next day, and there’s no limit on how many times you download it.
Also an important point about the extent to which there might be something rolled out at the federal level: the Biden administration has already indicated that except possibly for international travel, they don’t intend to mandate anything of the sort for domestic use. Exact language matters a lot here. The feds are using the term “digital vaccine certificate”, rather than “vaccine passport”, and I think the connotation is important. The former suggests something more agnostic as far as use-case. The latter suggests something much more rigid, and something that’s only really appropriate for travel (as opposed to something you’d have to carry around with you anywhere you go). According to Jeffrey Zients, “any solutions in this area should be simple, free, open source, accessible to people both digitally and on paper, and designed from the start to protect people’s privacy.” I boldfaced “open source” because I really think that’s key here. People, and by extension governments composed of people, make mistakes. An idea can be good-ish, and people can put in work developing an app, but as long as we keep this open source we can salvage any work that’s been done without throwing the baby out with the bathwater. Not surprisingly, this is a position shared by the American Civil Liberties Union.
Now to the aspect that I can actually claim insight into—“fraud concerns”. They’re valid. Before delving into why they’re valid, I want to pose the question: what’s the “end goal” of vaccine passports? Is it to
a) Ensure with 100% accuracy who is or isn’t vaccinated? or
b) Maximize the percentage of vaccinated people at a given public venue?
What I want to argue for is that (a) is a fool’s errand and that there are better, more cost-effective ways of getting (b). In the process I’m also going to show why “open source” is a key characteristic of any digital vaccine certificate.
About me: I’ve been a civil servant working in state government for almost a decade. In that time I’ve been exposed to a lot of different things that state government does to enforce a lot of different things that could be viewed as rough analogs to what’s being suggested with vaccine passports. The recurring theme is that fraud and forgery are common, and become more so when people have a high incentive to commit fraud and forgery for personal financial gain (or avoiding personal financial losses). Indeed, in a managerial accounting class one might learn about the “fraud triangle”:
It’s not hard to see that all three of the above elements exist for “vaccine passports”, were we to focus on that as our main tool for accomplishing the basic goal of (b) above. Here are some of the examples where fraud is surprisingly common (warning: a lot of the links below are to New York Times articles, and you may vary well blow through your monthly quota if you don’t have a subscription—high quality information isn’t cheap).
1. Fish About 40% of all fish is mislabeled. The problem periodically resurfaces when it’s examined by investigative journalists or law enforcement, and there’s very little evidence that it’s going away, despite our best efforts to enforce it. One of the more disturbing forms of this is when escolar is passed off as tuna. Escolar is considered somewhat of a delicacy, but when consumed in the same quantities as tuna, it causes explosive diarrhea.
2. Taxi meters—unscrupulous taxi drivers can and do tamper with their meters. A noteworthy instance of widespread fraud occurred in 2010. Cyrus Vance uncovered it in a massive sting operation that presumably involved a lot of overtime.
3. Gasoline: This doesn’t happen as much as the above forms of fraud, but only because we have a government agency devoted to its prevention. But suffice to say that without a large number of government agents acting as secret shoppers, this kind of thing would happen:
4. Supermarket scales: another thing that state governments need to keep an eye on. Because people cheat.
5. Firewood: Moving firewood is a pretty big no-no everywhere in the country, and for good reason—it helps move pests from point A to point B, potentially leading to devastating blights on local flora. All levels of government are involved in enforcing this, both with secret shoppers and with periodic checkpoints.
6. Fraudulent motor vehicle inspections: motor vehicle inspection shops have a fairly high motivation to pass paying customers on their inspections. Occasionally this is unearthed by undercover operations.
7. Underage sale of alcohol and tobacco: One of the exceptions to child labor laws is the use of minors to pose as underage customers trying to buy tobacco and alcohol.
There are loads more examples—the key takeaway is that people can and do cheat. Maybe not a lot of people, but enough people do it enough that enforcing it is (pardon my language) hard as fuck. It’s a game of whack-a-mole with a limited number of resources, and it involves sting operations and secret shoppers. And it’s difficult to see how simply putting something on a smartphone changes the fundamental dynamic of one human checking another human’s credentials. Even when merchants do catch attempts at forgery and act in good faith, things can go sideways, as is abundantly clear from the unfolding, increasingly agonizing story about George Floyd. The fact that the fake was easy to spot wasn’t the issue; the escalation was the problem. Anyone tasked with enforcing this needs to be carefully trained on de-escalation tactics, and in a country as awash in guns as ours, that’s a pretty big ask.
So that’s where I’m coming from with my skepticism about the feasibility about any large-scale deployment of “vaccine passports”. It seems to me that the game isn’t worth the candle, for this particular method of obtaining the goal of (b).
So before I get into two alternatives that I thought of—I think we can all agree that we should be hoping that we’re able to convince everyone to get vaccinated quickly and efficiently enough for their own sake that the need for all of this is obviated. It’s good to see that the Biden administration is making a concerted effort to do exactly that.
It should be noted that both of the alternatives I’m suggesting could easily incorporate some sort of digital vaccine certificate, just not used in the way that some people have suggested for vaccine passports.
Batch verification of vaccination status: Here’s how this could work. Say someone (the “organizer”) wants to facilitate a group of people (“attendees”) in one place. Instead of verifying the vaccination status of each individual at the door, the organizer turns to a third party to check the vaccination status of the attendees, but with a catch. The third party only reports back the number of vaccinated attendees. There’s no reason that a “digital vaccine certificate” couldn’t be used to make this easier for the third party (which is why I emphasized the importance of this software being open source). What kind of third party? Either a local health department or a licensed ticket reseller might do the trick. In the latter case, the event organizer could sell the tickets to the licensed ticket reseller, who would check the percentage of vaccinated prospective attendees. If the numbers don’t work, the event is canceled and the reseller absorbs the loss, which is easier for ticket resellers, since that’s sort of what they’re for anyway. The important point is that there’s very little motivation either for fraud or violent escalation with this approach. Moreover, it acts as a better safeguard for personal information. Finally, I suspect this would also be better from a contact tracing perspective. A contact tracer would only have to deal with the ticket reseller. To reiterate, digital vaccine certificates could very much have a role to play in a system like this; “vaccine passports” not so much.
Incentives: By now everyone has heard about the free doughnuts at Krispy Kreme, and I’d love to know if it supports the math that I’m about to outline below. As far as I can tell, reputable sources confirm that incentives work. Even the studies that claim they don’t work still end up demonstrating that they increase the number of people who get vaccinated, even when they don’t meet their targets, which suggests that if the financial incentives were larger, even more people would get vaccinated. And they don’t all have to be monetary. A baseball stadium could offer discounted season passes to people who get vaccinated—heck, they could send them directly to whoever’s doing the vaccinating (quick, CVS/Walgreen’s/NYU Langone/whoever is reading this—get a ticket resale license!). What happens next? Well, vaccinated people will be more likely to step out. And here’s where Bayes’ Theorem comes into play. Specifically consider the following probabilities:
probability of someone attending an event
probability that someone happens to be vaccinated
probability that someone is attending an event and is vaccinated
probability that someone is at an event given that they’re vaccinated
probability that someone is vaccinated given that they’re at an event
“If your new ideas outright save the world, we’re going to reward you by confiscating them, voiding the contracts and promises agreed upon and informing you that we are not a nation of laws.”
OK, that’s a little much. The U.S. is not itself doing the waiver. The administration expressed its support for negotiating waiver language to be submitted to the WTO. They’re 100% deferring to the WTO’s jurisdiction over international intellectual property law. So it’s a bit of a stretch to say that they’re “confiscating” anything simply for operating pursuant to Article 31(b) of the TRIPS agreement which states that the requirement to make “efforts to obtain authorization from the right holder on reasonable commercial terms and conditions and that such efforts have not been successful within a reasonable period of time...may be waived by a Member in the case of a national emergency or other circumstances of extreme urgency...” There you have it—it’s right there in the language of the trade agreement. Trade agreements are a legitimate “source of law” and if a contract is consummated in a jurisdiction that’s party to an existing trade agreement, the trade agreement wins. That’s the antithesis of the kind of anarchy you’re suggesting.
The companies knew that TRIPS allowed for exceptions in cases of global emergencies when they developed the vaccines. Indeed, the fact that they were so quick on the draw with talking points suggests that they had contingency plans for exactly this scenario. Heck, there are probably surplus insurance lines that cover stuff like this.
Look, reasonable people can disagree about whether it’s shrewd to waive intellectual property rights—whether it’s the U.S. or the WTO doing the waiving. But please don’t conflate jurisdictions.
P.S. “Waiver” is a bit of a term of art when talking about statutes, treaties, etc. (in contrast to words like “suspension”). It generally suggests that there’s already language in the underlying law that allows for exceptions under certain circumstances. Usually it’s accompanied by a specific citation which evolves into some sort of shorthand (kind of like the way people talk casually about their 401(k)’s). It probably would have been better if this had been communicated earlier, and we could have a more prosaic conversation about the merits of a “31(b)”.