In late March, New York announced the launch of the Excelsior Pass. Colloquially, it’s what is called a COVID-19 passport.
Joe Biden is not planning any sort of national-level COVID-19 passport, so the closest we’ll get are state-sanctioned solutions. The state of New York developed Excelsior in conjunction with IBM in a mere eight weeks. It’s both an iOS and Android app—as well as a website—that allows people who have been vaccinated or tested negative for COVID-19 to quickly enter everywhere from big venues like Madison Square Garden to smaller, one-off events like weddings. Any business can accept the Excelsior Pass for free; all they need is one employee with a smartphone.
And in a world full of bureaucracy, there’s one last important detail about the Excelsior Pass: It is completely optional for both business and individuals to use, and opting not to use it as a citizen will not limit where you can go.New York and IBM built something quickly but carefully that’s full of good ideas, with all sorts of small user experience (UX) decisions to help make it work for most people pretty well. But any overnight success has a strong foundation. The work is actually built on two years of identity verification research at IBM, long before COVID-19 hit.
To better understand the challenges of making a COVID-19 passport, we talked to a representative from the state of New York and Krystal Webber, design partner for IBM Blockchain Services. After an hour-long conversation, it was clear that neither would claim Excelsior was the perfect solution to COVID-19 verification. But our government isn’t set up for that to exist. Instead, the pass is an excellent example of what design is: working within real constraints to make the world better.
It solves the biggest pain points with COVID-19 verification
The ultimate challenge of creating a COVID-19 passport is that the CDC doesn’t track individual people who have been vaccinated. But it’s the CDC that designed and mandated the vaccination card—that flimsy piece of paper that includes which vaccine you received and when you got it.
This card can get lost, and it’s tricky to replace. It’s also highly spoofable. A simple printer or photocopier means anyone could theoretically print their own and fill it out by hand. The state of New York has a database that tracks individuals who have been vaccinated, however. It also tracks the individual COVID-19 tests arriving from hundreds of different labs.
That QR code is also much faster for ushers to parse than your vaccine card or test result, which is only valid for 72 hours.
“We physically got out and tested these things at venues. We watched [ushers] look at lab results and try to calculate if they were in the last 72 hours,” says Webber. That sort of calculation takes time and slows down lines. The pass allows an usher to scan your code, see a green checkmark, and know it’s legitimate.
Yes, it’s copyable. It’s very, very copyable
One thing to note about the Excelsior Pass is it’s actually copyable by design. You can set up someone else’s identity in your own app, assuming you have all of their information. You can store codes for your children in the wallet on your phone. You can even print out your own code at a library, then photocopy it a thousand times, and then drop the copies from a plane over Manhattan. (Please don’t. That would be wasteful. But you could.)
The New York State representative we spoke to acknowledges these possibilities (okay, I didn’t mention the plane-drop scenario in full detail). But the reason that you can do all these things is twofold.
First, the pass has been designed to be as accessible to as many people as possible. Yes, some technical literacy is certainly required to go onto the web or a phone to get your pass. But unlike going to the Department of Motor Vehicles and taking a driving test, someone else can handle these logistics for you. You can print a pass out for grandma to help her attend that Nets game. The entire UX is more forgiving than most official government forms.
The reason that the pass can operate in this carefree way, however, is linked to point two. The pass is not an identification card. It is meant to be used alongside an ID card. This requires people at any venue to both scan the pass and check that someone’s ID matches their name on the pass. But since Excelsior has been verified by the state already (as opposed to a potentially phony lab test or CDC card), all in all, it’s a generally more secure approach that can still be fast at large venues.
The heaviest lifting is hidden
Perhaps the most impressive parts of the Excelsior Pass are the pieces of work that you don’t see. These are related to both speed and privacy, and range from the front-end UX that people experience, to the very guts of the system powering it.
To make the pass work for lab tests, the state of New York spotted a problem: Many labs were reporting COVID-19 test results too slowly to matter. If someone’s results were only good for 72 hours after their test, and they were received by the state more than three days later, the results of that test were useless. The state’s safe window for activity, in which they view someone as COVID-19-free, would have passed. Sorry concert tickets!
So New York worked with labs across the state to expedite their reporting. Some now report every test to the state as soon as it’s finished being processed in a lab. There might still be a bit of a wait, but the records are more likely to arrive in line with when the tests are actually completed.
The other hidden considerations are those around your privacy. The Excelsior Pass could easily be the sort of tool that would allow someone to be tracked day-to-day through the city, as they go to restaurants and attend events. But the scanning app, used by venues, only verifies someone’s pass is authentic. It does not store that data locally, on someone’s phone, or in the state database.
Furthermore, the pass is a QR code, not your literal medical record that could be hacked or stolen. And the app doesn’t share any personal information that’s superfluous to verifying your identity. “There are some things that add an extra layer of security. Those were important components for this pass. There were other things . . . that are unnecessary for anyone at a venue to know,” says Webber. “We optimized for minimum viable information.”
Through design iteration, IBM shared less and less information about you as part of verification. That includes what brand of vaccination you received, along with anything about where you may have been tested, too.
Instead, the Excelsior Pass is just a QR code, your birthday, and a window that it’s valid. It’s a pass, not your life story.
Now, only time will tell whether or not the Excelsior Pass makes all that much of a difference to New Yorkers or the local economy. And, no doubt, the possibilities of the pass are limited to state lines at best, because we lack a national standard for any sort of COVID-19 passport. (IBM does have a more generalized Health Pass, similar to Excelsior, which it can white label for other states.)
Yet while the Excelsior Pass may not be a perfect solution to opening the world back up in 2021, it is a thoughtful approach to the entire, messy world of verifying yourself COVID-19-free.
Recognize your company's culture of innovation by applying to this year's Best Workplaces for Innovators Awards before the final deadline, April 5.