The Volokh Conspiracy
Mostly law professors | Sometimes contrarian | Often libertarian | Always independent
I'm not in principle opposed to "vaccine passports," in the sense of reliable mechanisms of showing that you have been vaccinated (against COVID or against future diseases). That is especially so if they are used by private businesses, such as bars or stadiums or cruise ships, which want to reopen relatively safely, and in a way that assures patrons that they are relatively safe. (Since the vaccines aren't perfectly reliable, even vaccinated patrons might reasonably prefer close gatherings only with people who have been vaccinated.) But I think they would make sense for some government functions as well; for more on why I think such requirements are permissible even from a libertarianish perspective, see my Libertarianism and Communicable Disease post.
Still, the devil is in the details. Some involve substantive judgments: For instance, how would the vaccine passports deal with people who have good medical reasons not to get vaccinated? Others involve judgments about how best to minimize the risk that sensitive medical information will get hacked, or that the infrastructure will be too easily adapted for future improper uses (depending of course on which uses one thinks might be improper).
But there's also the supply chain political blacklist risk I discussed in a post earlier this morning. Say a venue (a meeting hall, a hotel, a university) starts using a passport that's supplied by some tech company, and that tech company then decides—whether because of its managers' or employees' ideological views, or because of pressure from other customers or suppliers—that it will stop serving venues that host "extremist" or "hateful" or "pro-insurrectionist" or anti-"anti-racist" events. Or say that the company decides to stop serving passport-holders who have attended such nefarious events; they reject such evil ideas, the company would say, and they don't want their technology to be used to spread such ideas.
What started out as just a health and safety decision by the venue, or by the government if it is requiring certain venues to check the vaccine passports, will have turned into extra private company control over what people can say and hear. Such control might be perfectly legal; I'm not claiming otherwise. But people (whether venue owners or customers or advocates or government officials) deciding whether to adopt such passports, and whether to support such passports, might want to try to prevent this up front. They might, for instance,
- oppose the passports unless the passport system is set up in some distributed way that isn't subject to the power of one or a few companies,
- oppose the passports unless there are binding contractual promises by the companies that they will provide passport services to all prospective venues and to all prospective holders, or
- call for common-carrier-like legislation so mandating, though there can of course be libertarian and pragmatic objections to such regulation.
In any event, I think the events of recent months and years should remind us to consider supply chain political blacklist risk, just as we consider technological security risks, mission creep risks, and other such concerns.