This article is part of the On Tech newsletter. You can sign up here to receive it weekdays.
I have been reluctant to write about whether and how Americans might provide proof of vaccination against the coronavirus. It’s a political, cultural, ethical and legal minefield. Technology is not the point at all.
But if some workplaces, schools, public gathering spots and travel companies start requiring a “vaccine passport,” it makes sense for them to do so in ways that preserve people’s privacy, are simple to use, win people’s trust and don’t cost a fortune.
Let me tell you about an intriguing proposal from PathCheck Foundation, a health technology nonprofit. The central premise is that technology related to our health should be as minimal as possible. That philosophy should be our North Star.
Here is one problem with some early technology approaches to digital vaccine credential systems: They create too many middlemen that tap into your health records, said Ramesh Raskar, an associate professor at the M.I.T. Media Lab who also founded PathCheck.
In the United States, states are mostly the ones maintaining records of which residents are vaccinated. Early efforts to create vaccine credentials, like the Excelsior Pass in New York, essentially create a replica of those state databases with information including your name, date of birth, address, the batch numbers of your shots and so on. And that’s what businesses and others access when they check whether people walking in the door are vaccinated, Dr. Raskar said.
When you add multiple layers of technology into any system, it increases the possibility of your sensitive data leaking out. It’s also expensive and complicated for everyone involved. “It’s completely unnecessary,” Dr. Raskar told me.
- On April 23, a Centers for Disease Control and Prevention panel of advisers voted to recommend lifting a pause on the Johnson & Johnson Covid vaccine and adding a label about an exceedingly uncommon but potentially dangerous blood clotting disorder.
- Federal health officials are expected to formally recommend that states lift the pause.
- Administration of the vaccine ground to a halt recently after reports emerged of a rare blood clotting disorder in six women who had received the vaccine.
- The overall risk of developing the disorder is extremely low. Women between 30 and 39 appear to be at greatest risk, with 11.8 cases per million doses given. There have been seven cases per million doses among women between 18 and 49.
- Nearly eight million doses of the vaccine have now been administered. Among men and women who are 50 or over, there has been less than one case per million doses.
- Johnson & Johnson had also decided to delay the rollout of its vaccine in Europe amid similar concerns, but it later decided to resume its campaign after the European Union’s drug regulator said a warning label should be added. South Africa, devastated by a more contagious virus variant that emerged there, also suspended use of the vaccine but later moved forward with it.
PathCheck’s idea is to create simple software code that anyone — workplaces, schools or airlines — can incorporate into apps, without the need to replicate health records.
When you need to show a vaccination credential, a one-time code would transmit two pieces of information: your identity, and that you’re vaccinated. Yes, there’s still a middleman, but the difference is that the apps would do as little as possible to access your sensitive information. The relevant data is communicated more directly between your phone and the state health records. You might have to show your ID, too.
He compared this proposal to paying for a sandwich with cash instead of a credit card. There is no need for a complicated paper trail to buy lunch. The metaphor isn’t perfect, but it’s useful.
Some of the organizations pitching vaccination credential technology, including IBM and the airport screening company Clear, are making a similar pitch that their technologies are as minimal as possible.
April 24, 2021, 10:42 p.m. ET
Dr. Raskar says that they’re often not, because tech companies, states and others have tried to throw a lot of smarts at the problem. If you hear the word “blockchain” with vaccine credentials, know that something has gone off the rails. The risk is that we get complicated, potentially incompatible technology for people to provide proof of vaccination.
What we really need is dumb technology that does as little as possible and knows as little about us as possible. “How can we make it simple, simple, simple as opposed to what technology companies are doing, which is to add more?” Dr. Raskar said.
PathCheck is just one of multiple companies and nonprofit groups that are developing fraud-proof vaccination credentials. It’s going to be confusing for awhile as these technologies are evaluated and tested.
But PathCheck deserves credit for turning the approach to vaccination credentials on its head. Less and dumber technology is usually the best.
For more on this issue:
Before we go …
Being Big Tech means fighting big governments: Governments around the world are trying to put limits on tech companies with “an urgency and breadth that no single industry had experienced before,” my colleagues reported. The grievances aren’t uniform among China, the United States, Europe, Myanmar, India, Australia and other countries, but there is a common cause of government angst: tech companies’ power.
Hacking McDonald’s ice cream machines! I had no idea, but apparently the machines that mix McDonald’s ice cream and shakes are proprietary, fragile and complicated — and only approved technicians are allowed to fix them. One couple built an internet-connected gadget for franchisees to repair the machines on their own, Wired reported, and it started a war with the restaurant giant.
Amazon is opening a hair salon in London. It’s an experiment, but WHAT and also WHY?
Hugs to this
How do you bottle-feed a bunch of baby goats at the same time? You make a goat feeding assembly line.
We want to hear from you. Tell us what you think of this newsletter and what else you’d like us to explore. You can reach us at email@example.com.
If you don’t already get this newsletter in your inbox, please sign up here.