by Hayley Tsukayama, Activist Post:
Californians should not be forced to present their smartphones to enter public places. But that’s exactly what A.B. 2004 would do, by directing the state to set up a blockchain-based system for “immunity passports”: a verified health credential that shows the results of someone’s last COVID-19 test, and uses those to grant access to public places.
By claiming that blockchain technology is part of a unique solution to the public health crisis we’re in, A.B. 2004 is opportunism at its worst. We are proud to stand with Mozilla and the American Civil Liberties Union’s California Center for Advocacy and Policy in opposing this bill. We encourage you to tell your senator to oppose it, too.
While the latest version of A.B. 2004 steps back from previous plans to create a pilot program for immunity passports, it’s still written to push a hasty and poorly planned system onto Californians. The bill would empower the California Department of Consumer Affairs (CDCA) to authorize health care providers to issue verifiable health credentials, establish procedures for doing so, and maintain a blockchain registry of such issuers.
But the bill says nothing about how long a credential should be valid, how it should be updated, or how it can be revoked if you’re exposed or even infected after you receive the passport. It doesn’t say anything about how those procedures should interact with existing medical privacy laws. And while the bill would require CDCA to consult with a working group (also created by the latest version of the bill) that includes civil liberties and privacy representatives, CDCA can ignore those recommendations. The bill doesn’t even limit when or how CDCA may exercise its powers.
And there are many problems with the underlying concept of immunity passports. In the short term, medical experts have warned it’s too early to use them for the COVID-19 pandemic. The World Health Organization in April warned against the idea. The WHO said that the medical community’s understanding of SARS-Cov-2—the virus that causes COVID-19—was not sufficient to certify that those who have antibodies in their system posed no risk to others.
EFF also opposes the very purpose of these credentials which, according to the bill’s fact sheet and official analysis, is to identify those who should be excluded from workplaces, travel, and “any other processes.” That has ramifications beyond the current pandemic. Handing your phone over to someone—a security guard, a law enforcement officer—creates the significant risk that they may look through other information on the device. You should never have to do that to enter your workplace or your school.