In What’s Really at Stake with Vaccine Passports, Elizabeth Renieris of Harvard University’s Carr Center for Human Rights Policy criticises the broad movement to COVID vaccination passports, on at least two grounds.

Firstly she points out the unintended adverse consequences on civil liberties and human rights of government and corporate policies that would restrict freedom of movement depending on one’s supposed health status. Secondly she sees technocrats taking advantage of the pandemic (perhaps unwittingly) to accelerate the rollout of new digital identity systems.

[Rather] than thinking about vaccine passports as temporary, isolated, public health-related measures, we should view them as just one example of how the pandemic is accelerating the rollout of digital identity infrastructure and consider the broader implications for society … (underline added).

I tend to agree with her.

Yet I suggest that the problem is that technocrats do not think about vaccination certificates as “temporary, isolated, public health-related measures” but instead have grander visions.  If they could confine themselves to the health-related measures, then the side effects of the technology would be tempered, by design.

A vaccination certificate should do nothing more and nothing less than prove that the person concerned has received a vaccine.  And in settings where smart digital technologies are available – including cryptographically verifiable credentials – certificate holders should be further able to present their proof of vaccination directly and privately to people with a need to know. 

If we solved for that outcome, without imposing grand new decentralised identity regimes and Self Sovereign Identity philosophies, then we would curtail the over-reach that Renieris and others are warning about.  The digital transformation of vaccination records could proceed with respect for the way vaccination programs are managed and the relationships between individuals and healthcare providers. 

As the World Health Organisation has clearly set out in its draft guidance for Smart Vaccination Certificates, a certificate is not an identity. We already have many different paper-based medical certificates which are used in limited and modest ways. They purport to prove nothing more than a certain medical fact. When we digitize these simple facts into QR codes, digital signatures and other forms of verifiable credentials, we should keep it simple and “small”, to avoid unnecessary anxiety about identity and over-identification.  

It should be like a boarding pass: whether it’s printed on paper or scanned from a mobile phone, this sort of credential has a very specific meaning, well understood by everyone, and not prone to re-purposing. Look at the little picture!