Privacy in the Age of the Coronavirus
The coronavirus pandemic is the story of our time, dominating the news cycle and drowning out other stories typically covered by the media. Incessant flows of news regarding the impact of the disease on our society are being broadcast producing a real information disorder, or “infodemic” as described by the UN Secretary General Antonio Guterrez. However, alongside the fight against misinformation, another concern has rapidly climbed up Western democracies’ media industry, using technology to monitor and stop the spread of the disease. COVID-19 has not only provoked an epidemiological disruption, but also a technological one due to the advancement of surveillance means for societal control.
Monitoring an infected population has often been a common measure used by states to safeguard the public health of their citizens. Usually considered a typical human activity, characterized by calling patients several times to check their health status, today it is becoming increasingly technological in order to accelerate the tracking process. China has been a pioneer in the field since the early days of the pandemic when the government proceeded with extensive surveillance measures to track citizens’ mobile phones. After observing the success of the Chinese model, other Asian countries such as South Korea and Taiwan have emulated it by developing similar strategies to “flatten the curve” in view of reopening economies and societies. Western democracies have now joined the fray, launching their own systems to gather the location of those affected and other health data to track the spread of the disease and move society away from lockdowns. But, anxiety about such surveillance techniques is also rising in the West. As Cohen argues, contrary to authoritarian regimes, democracies are meant to use “surveillance for reasons more closely connected to its purported efficiency.” But that hasn’t prevented privacy issues related to the collection of sensitive information thriving.
Contact Tracing Using Technology
Concerns escalated after the US government and a number of European governments announced that they were working towards the creation of surveillance solutions to monitor the pandemic. By mid-March, the Trump administration was already in negotiations with tech giants in Silicon Valley to devise a viable solution to harvest information. Earlier in April, some American data industries proposed a model to show how the technology might work by using records from spring breakers’ cell phones as reported by CNN. But the turning point came when two longstanding tech rivals, Apple and Google, announced “a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus”. Their proposed strategy consists of using smartphone technology in devising a contact tracing system. Their plan consists of two phases. During the first phase, both companies will release APIs (Application Program Interfaces) that “enable interoperability between Android and iOS devices using official apps from public health authorities”. In the second phase, the two companies will provide a broader Bluetooth-enabled contact tracing system. Because it is voluntary, users can decide to opt in to the system and insert their data if tested positive so that the technology, through the use of Bluetooth Low Energy (BLE), can inform other users if they have been in close proximity with someone infected. In the second phase, the technology will be directly installed in both platforms.
The Silicon Valley giants claimed that such a strategy will maintain a strong protection of users’ privacy since Bluetooth allows anonymous aggregation of data. However, the solution has encountered several criticisms among privacy and security experts. In a long Twitter thread Sergio Caltagirone, vice president of threat intelligence at Dragos, highlighted some crucial problems stemming from the implementation of this joint project. The most pressing issue concerns hacking attacks by malicious actors. Because the data required for the functioning of the system are highly sensitive, the possible disclosure of stolen information could easily lead to discrimination and social shaming. BLE contact tracing can therefore reveal a person’s habits and address revealing their identity. Although it has been argued that switching off Bluetooth on mobile devices can be the solution, according to an investigation by Quartz, even when it is turned off phones continue to collect location-related data and send it to Google. The only options available to prevent the tracking would then be to remove access to all Bluetooth devices, which is quite difficult given all the wireless gadgets we use rely on the technology. Alternatively, you can turn off Google location history completely. Bluetooth is sold as the best option to provide secrecy, contrary to GPS, but its vulnerabilities only guarantee a certain degree of anonymity and have severe implications for users’ privacy.
Privacy A Fundamental Right
Article12 of the 1948 United Nations Declaration of Human Rights declares privacy to be a fundamental human right. However, the surveillance measures being adopted to combat the coronavirus pandemic are largely infringing upon that right. That is why the European Data Protection Board (EDPB) has issued mandates for states to follow during the implementation of the new technology. In particular, the mandate issued on April 7th, underlines the need to focus on the “principles of lawfulness, necessity, proportionality, including accuracy, and data minimisation” and “the necessity to subject the measures taken to a pre-defined timeframe limited to what is strictly necessary to tackle the emergency situation”. In addition, the EDPB has been unmovable on the necessity of complying with the General Data Regulation Protection (GDRP), the world’s strongest set of data and privacy protection rules, when applying contact-tracing. Across the Atlantic, the American Civil Liberties Union (ACLU) has echoed the EDPB recommendations arguing that “the potential for invasion of privacy, abuse, and stigmatization is enormous” as data location is extremely intrusive. As a result, the collection, storage and management of such data requires governments to provide transparent policies so that users know how their data are treated and who has access to them.
Nevertheless, while governmental guidelines remain ambiguous, fears of unaccountability and security breaches have grown due to the pervasive nature of surveillance strategies. The idea of contact-tracing has largely been oversold by states when, on the contrary, it needs to be handled with discretion. Peter Swire, one of the most prominent privacy experts and a former member of President Obama’s Review Group on Intelligence and Communications Technology, has cautioned against governments’ security actions. Indeed, similarly to ACLU’s statements, he argued that tracking infected people may bear “little resemblance to reality” if governments have not issued a comprehensive programme of testing aimed at the entire population. Such data may be inaccurate and may also create false positives because of signal interferences. The total number of COVID-19 cases officially counted can then be altered and episodes of violence can emerge. That is why, for example, the government-approved Italian tracking app “Immuni” (Immune) received much criticism. Moreover, the hypothesis of applying restrictions on mobility for users who don’t download it is currently being examined; thus clashing with the voluntary character of the app.
Finally, it is important to probe governmental alibis for introducing contact-tracing technologies. As history has taught us, some surveillance strategies proposed to increase security may not create a safer environment, but only reinforce governments powers. With regards to this, Swire makes an interesting parallel with 9/11. Despite being a completely different situation from that of today, the events of September 11th, 2001 have dramatically changed U.S. surveillance regulations and practices, whose pervasiveness has been publicly revealed with the Snowden disclosures in 2013. We have witnessed how politically surveillance techniques leave room for democratic countries to take an Orwellian Big Brother turn in the name of security. With that in mind, today we must carefully observe states’ justifications for possible lawless policymaking in order to prevent permanent and over-intrusive surveillance. As these actions impinge upon our civil liberties, pillars of Western democracies, we need not allow the exceptionality of this emergency to strip our freedoms away from us to achieve the containment of the disease. A balance must be found between our individual right to privacy and our collective right to security. In order to do so, the media industry also plays a crucial role when reporting the surveillance-privacy discussion. Providing truthful, unbiased information fosters debate leading citizens to conscious and critical thinking, necessary to address these technological challenges.