Fast company logo
|
advertisement

CORONAVIRUS CRISIS

Designing for uncertainty: How IBM created a vaccine passport

COVID-19 passports are imperfect solutions to a massive problem. And yes, the people building them are very aware.

Designing for uncertainty: How IBM created a vaccine passport

[Photo: NY.gov]

BY Mark Wilson7 minute read

In late March, New York announced the launch of the Excelsior Pass. Colloquially, it’s what is called a COVID-19 passport.

Joe Biden is not planning any sort of national-level COVID-19 passport, so the closest we’ll get are state-sanctioned solutions. The state of New York developed Excelsior in conjunction with IBM in a mere eight weeks. It’s both an iOS and Android app—as well as a website—that allows people who have been vaccinated or tested negative for COVID-19 to quickly enter everywhere from big venues like Madison Square Garden to smaller, one-off events like weddings. Any business can accept the Excelsior Pass for free; all they need is one employee with a smartphone.

[Photo: NY.gov]
And in a world full of bureaucracy, there’s one last important detail about the Excelsior Pass: It is completely optional for both business and individuals to use, and opting not to use it as a citizen will not limit where you can go.

[Image: NY.gov]
Over the last few weeks, there have been all sorts ofcriticismsandcomplaintsabout the Excelsior Pass. But the more nuanced truth is that the pass is simply another option for people to cope with a truly crappy situation. Instead of pulling out your paper Centers for Disease Control and Prevention (CDC) vaccination card at every turn and worrying about losing it, Excelsior digitizes that on your phone.

New York and IBM built something quickly but carefully that’s full of good ideas, with all sorts of small user experience (UX) decisions to help make it work for most people pretty well. But any overnight success has a strong foundation. The work is actually built on two years of identity verification research at IBM, long before COVID-19 hit.

To better understand the challenges of making a COVID-19 passport, we talked to a representative from the state of New York and Krystal Webber, design partner for IBM Blockchain Services. After an hour-long conversation, it was clear that neither would claim Excelsior was the perfect solution to COVID-19 verification. But our government isn’t set up for that to exist. Instead, the pass is an excellent example of what design is: working within real constraints to make the world better.

It solves the biggest pain points with COVID-19 verification

The ultimate challenge of creating a COVID-19 passport is that the CDC doesn’t track individual people who have been vaccinated. But it’s the CDC that designed and mandated the vaccination card—that flimsy piece of paper that includes which vaccine you received and when you got it.

This card can get lost, and it’s tricky to replace. It’s also highly spoofable. A simple printer or photocopier means anyone could theoretically print their own and fill it out by hand. The state of New York has a database that tracks individuals who have been vaccinated, however. It also tracks the individual COVID-19 tests arriving from hundreds of different labs.

[Photo: NY.gov]
The Excelsior Pass is designed to be a digital replacement for these paper CDC and email paper trails. At the very least, it means you don’t need to worry about losing a piece of paper. When you sign up for the pass, your personal request is cross referenced with the New York State database. That generates a QR code that appears in Excelsior Pass, which is basically a less precious version of your vaccination card, according to the representative from New York State.

That QR code is also much faster for ushers to parse than your vaccine card or test result, which is only valid for 72 hours.

“We physically got out and tested these things at venues. We watched [ushers] look at lab results and try to calculate if they were in the last 72 hours,” says Webber. That sort of calculation takes time and slows down lines. The pass allows an usher to scan your code, see a green checkmark, and know it’s legitimate.

[Photo: NY.gov]

Yes, it’s copyable. It’s very, very copyable

One thing to note about the Excelsior Pass is it’s actually copyable by design. You can set up someone else’s identity in your own app, assuming you have all of their information. You can store codes for your children in the wallet on your phone. You can even print out your own code at a library, then photocopy it a thousand times, and then drop the copies from a plane over Manhattan. (Please don’t. That would be wasteful. But you could.)

The New York State representative we spoke to acknowledges these possibilities (okay, I didn’t mention the plane-drop scenario in full detail). But the reason that you can do all these things is twofold.

advertisement

First, the pass has been designed to be as accessible to as many people as possible. Yes, some technical literacy is certainly required to go onto the web or a phone to get your pass. But unlike going to the Department of Motor Vehicles and taking a driving test, someone else can handle these logistics for you. You can print a pass out for grandma to help her attend that Nets game. The entire UX is more forgiving than most official government forms.

The reason that the pass can operate in this carefree way, however, is linked to point two. The pass is not an identification card. It is meant to be used alongside an ID card. This requires people at any venue to both scan the pass and check that someone’s ID matches their name on the pass. But since Excelsior has been verified by the state already (as opposed to a potentially phony lab test or CDC card), all in all, it’s a generally more secure approach that can still be fast at large venues.

The heaviest lifting is hidden

Perhaps the most impressive parts of the Excelsior Pass are the pieces of work that you don’t see. These are related to both speed and privacy, and range from the front-end UX that people experience, to the very guts of the system powering it.

To make the pass work for lab tests, the state of New York spotted a problem: Many labs were reporting COVID-19 test results too slowly to matter. If someone’s results were only good for 72 hours after their test, and they were received by the state more than three days later, the results of that test were useless. The state’s safe window for activity, in which they view someone as COVID-19-free, would have passed. Sorry concert tickets!

So New York worked with labs across the state to expedite their reporting. Some now report every test to the state as soon as it’s finished being processed in a lab. There might still be a bit of a wait, but the records are more likely to arrive in line with when the tests are actually completed.

[Photo: NY.gov]
“While labs might be a silent partner here, they are a really important part of the ecosystem,” says Webber. “Designing for them, even though they might not have an [Excelsior] interface, was really important.”

The other hidden considerations are those around your privacy. The Excelsior Pass could easily be the sort of tool that would allow someone to be tracked day-to-day through the city, as they go to restaurants and attend events. But the scanning app, used by venues, only verifies someone’s pass is authentic. It does not store that data locally, on someone’s phone, or in the state database.

Furthermore, the pass is a QR code, not your literal medical record that could be hacked or stolen. And the app doesn’t share any personal information that’s superfluous to verifying your identity. “There are some things that add an extra layer of security. Those were important components for this pass. There were other things . . . that are unnecessary for anyone at a venue to know,” says Webber. “We optimized for minimum viable information.”

Through design iteration, IBM shared less and less information about you as part of verification. That includes what brand of vaccination you received, along with anything about where you may have been tested, too.

Instead, the Excelsior Pass is just a QR code, your birthday, and a window that it’s valid. It’s a pass, not your life story.

Now, only time will tell whether or not the Excelsior Pass makes all that much of a difference to New Yorkers or the local economy. And, no doubt, the possibilities of the pass are limited to state lines at best, because we lack a national standard for any sort of COVID-19 passport. (IBM does have a more generalized Health Pass, similar to Excelsior, which it can white label for other states.)

Yet while the Excelsior Pass may not be a perfect solution to opening the world back up in 2021, it is a thoughtful approach to the entire, messy world of verifying yourself COVID-19-free.

Recognize your company's culture of innovation by applying to this year's Best Workplaces for Innovators Awards before the final deadline, April 5.

CoDesign Newsletter logo
The latest innovations in design brought to you every weekday.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Privacy Policy

ABOUT THE AUTHOR

Mark Wilson is the Global Design Editor at Fast Company. He has written about design, technology, and culture for almost 15 years More


Explore Topics