California: Tell Your Senator that Blockchain-Based Immunity Passports Are A Bad Idea

No one should have to unlock their phone and expose their health information in order to get into their office, school, or neighborhood market. A.B. 2004 is an ill-conceived California bill that endorses a blockchain-based system that would turn COVID-19 test results into permanent records and use those to grant access to public places. By claiming that blockchain technology is part of a unique solution to the public health crisis we’re in, A.B. 2004 is opportunism at its worst.

The bill would empower the California Department of Consumer Affairs (CDCA) to authorize health care providers to issue verifiable health credentials, establish procedures for doing so, and maintain a blockchain registry of such issuers. But it says nothing about how those procedures should interact with existing medical privacy laws. And while the bill would require CDCA to consult with a working group that includes civil liberties and privacy representatives, CDCA can ignore those recommendations. The bill doesn’t even limit when or how CDCA may exercise its powers.

This kind of credential would create a false sense of security that a person is immune based on their last test—a state that could change rapidly, and may not even be accurate given the unresolved scientific questions around the virus. Even assuming you receive a reliable negative COVID test result on Tuesday, that does not stop you from being infected on Wednesday—but you’ll still have your passport.

Finally, EFF opposes the very purpose of these blockchain health credentials which, according to the bill's fact sheet and official analysis, is to identify those who should be excluded from workplaces, travel, and "any other processes." That has ramifications beyond the current pandemic. Handing your phone over to someone—a security guard, a law enforcement officer—creates the significant risk that they may look through other information on the device. You should never have to do that to enter your workplace or your school. And, by suggesting deploying credentials that rely on having a smartphone to control access to public, A.B. 2004 ensures that the Californians who are disproportionally hit hardest by COVID-19 are also those hurt most by this bill now and in the future.

A.B. 2004 promotes a bad idea, executes that idea in a bad way, and sets a bad precedent for the future. Tell your Senator to vote no.

This action is no longer active.

To view the current list of our active campaigns click here

EFF uses the information you provide to help you take action in support of digital civil liberties, including submitting your message to oppose A.B. 2004 to your legislators. Learn more about our privacy practices at