Here come the blood tests, and it’s about time. Serosurveys, to determine what percentage of populations have already contracted COVID-19. And, individually, tests to indicate whether you, too, already caught it, but suffered only mild symptoms or none at all.

In America alone, millions will soon be recovered from COVID-19 infection. Half the people I know, including myself, seem to have had Schrödinger’s Respiratory Infection in the last couple of months, and are beyond eager to know if they test positive for COVID-19 antibodies.

Even if they do, though — to be clear, most won’t — what then? Suppose antibodies indicate immunity, for a while at least. That seems somewhat likely, he said cautiously. Suppose the tests are accurate enough to rely on. What do we as a society then do with that information?

The immune — the positives — could return to relative normality with no immediate fear of further infection, while everyone else — the negatives — could not. Do we want to create a two-tier society like that? Do we want to make a point of replacing negatives with positives in high-risk contexts like nursing homes? Do we want people’s test status to be publicly known or available upon demand by the government? How about their employer? How about their healthcare provider?

Most of these are hard questions with no easy answers, and while I, like you, have opinions, some strong, about which are the least bad options, I also think this is mostly a subject about which reasonable people can disagree. Still, no matter what our collective answers are, we can all agree we want them to be implemented in the most privacy-preserving way. That’s where technology comes in.

Lots of techies and trust-safety-privacy professionals are looking for some way to contribute to COVID response other than some silly hackathons. I have an idea: let's start thinking about a robust, counterfeit-resistant, privacy-preserving mechanism to prove immunity to nCoV. — Alex Stamos (@alexstamos) March 30, 2020

It’s worth noting that proving immunity is far from a new problem. I’ve traveled to many countries which require proof of yellow-fever vaccination before they allow visitors to enter. Some even enforce it. The solution is venerable, simple and decentralized; a slip of paper stamped, dated and signed by a doctor.

This solution is relatively privacy-preserving — authorities can’t demand to see anyone’s yellow-fever papers at any given moment, because they’re only needed at border posts. It is very hard to verify and relatively easy to forge… but it’s good enough to have worked. Its purpose is not to eliminate the risk of transmission with absolute 100% efficacy, but to reduce it to a manageable amount.

The same applies to COVID-19. As Harvard epidemiologists Bill Hanage and Marc Lipsitch wrote back in February, it’s important to “distinguish between whether something ever happens and whether it is happening at a frequency that matters.” We don’t have to worry about freakish edge cases. A 99% effective solution should be just fine.

So what would that solution be? Something simple, decentralized, reasonably effective and privacy-preserving. Suppose that you go to your doctor’s office to get a test, and while you’re there, your picture is taken, and you choose a passcode. Then, along with your test result, you may receive some kind of wristband with a QR code. When your status needs to be verified, the QR code is scanned, you enter your passcode (or choose not to, or conveniently forget it), and then your headshot pops up, confirming your identity and status.

I’m not pretending this is any kind of perfect solution; real cryptographers will likely come up with something different and better. (In particular, to pseudonymize your individual test sample to the extent possible and ensure that whoever hosts the central database, if any, cannot decipher the data therein.) This is to illustrate the key points that 1) only those you approve of can see your status, and 2) that status can be verified to ensure it’s actually yours, via some personal identifier like a headshot.

What do we then do with such a system? Well, after the curve flattens and recedes, perhaps we will consider reopening restaurants so long as every other table remains empty, and stores as long as only 1 (masked) customer is within for every 100 square feet of floor space. Alternatively, perhaps, restaurants and stores will also have the option of opening only to the positives — meaning with no internal restrictions, but COVID-19 positive status must be verified before allowing entry, in the same way that bars check your age before letting you enter.

Would those requirements be desirable? Again, that is eminently debatable. Would some people hack such a system in the same way that kids use fake IDs? Sure. Will this happen “at a frequency that matters?” That seems quite unlikely. In cases where it seems more likely, presumably more stringent rules can be applied.

The important thing to which technology can contribute is to make this all simple, straightforward, effective, and privacy-preserving, while consonant with our collective goals as a society. Regardless on what we agree on as those goals, if it turns out previous infection confers immunity, the positives will have a key part to play as we try to resume our lives — to the extent possible — in the ever-present shadow of the pandemic.