Digital surveillance can help bring the coronavirus pandemic under control -- but also threatens privacy

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Jennifer Daskal
 

Connecting state and local government leaders

By Jennifer Daskal

|

The pandemic is confronting Americans with important questions about how much and what kinds of surveillance and tracking to accept in support of better health, as well as a revitalized economy.

The Conversation

Israel’s top spy agency has been using secretly collected cellphone data to retrace the movements of those who tested positive for the coronavirus.

The Polish government launched the “Home Quarantine” app so that people in quarantine can upload geo-located photos proving they’re at home.

The South Korean government is using a combination of mobile phone data, credit card information and facial recognition software to track the movements of people who test positive for COVID-19. The government posts the details publicly to alert people who might have come in contact with the infected person.

Public health benefits? Certainly. Privacy risks? Certainly as well.

As a technology, law and security scholar at American University Washington College of Law, I study questions of privacy and surveillance. The pandemic is confronting Americans with important questions about how much and what kinds of surveillance and tracking to accept in support of better health, as well as a revitalized economy.

Deaths in the U.S. from the coronavirus are projected to reach six digits, which adds urgency to decisions that have long-term consequences. Should location data be used to identify and warn those who have been exposed to the virus? Should data be used to enforce quarantines? Can digital information be used to serve compelling health needs without boosting the reach of the surveillance state?

Already, cellphones, apps and digitally connected devices provide a range of data that can be used to track movements and associations with varying degrees of specificity. Though some of this digital surveillance requires users to opt-in to data collection, a lot is already in the hands of companies that are now using it to predict trends.

A smart thermometer company, for example, is using real-time temperature data to forecast the next COVID-19 hot spots, something it’s done successfully to predict the seasonal flu. Google has been compiling data from Google Maps to chart shifts in people’s movement over time. The company is repurposing data used to predict traffic flows to help officials determine how well the population is engaging in social distancing. Both are examples of population-level analysis, using aggregated data to assess trends in ways that, if designed and implemented properly, can provide important health information while also protecting personal privacy.

Tracking individuals

Things get more complicated, however, with the move from aggregated analysis to individual-level tracking. There are, broadly speaking, three key forms of individual tracking being pushed, each raising unique policy and legal considerations.

The first, contact tracing, is used to map the movements of sick individuals in order to warn unsuspecting contacts so they can take appropriate steps to protect themselves and others. The second uses location- and time-stamped photos to monitor compliance with quarantine orders and travel restrictions. The third identifies and tracks those who have tested positive for SARS-CoV-2 antibodies. This type of tracking -- being contemplated in Germany and England -- could be used to provide immunity passes to allow people who are no longer at risk to return to work or otherwise engage socially.

Several universities, companies, nonprofit organizations and governments are developing contact tracing apps that identify when someone has been in contact with other people who have tested positive for the disease. Stanford University-based COVID Watch, for example, is developing an app that uses Bluetooth technology to map where and when people cross paths, which can then be used to anonymously notify those who have had contact with sick people who have a compatible app. This is an open source, decentralized system, without the need for any government data collection. Singapore’s TraceTogether app is also an open source system that relies on Bluetooth technology to map associations and issue warnings.

These kinds of decentralized tracking systems are designed to better protect privacy than government-collected or other centrally maintained datasets. But these apps are opt-in, meaning people have to actively choose to use them. As a result, they will only be as effective as they are widespread, something that depends in part on whether users trust the security and other privacy protections built into the system design.

Check-ins and blood tests

Other forms of tracking raise both privacy-related and other civil liberties considerations. Quarantine monitoring systems like Poland’s Home Quarantine app or Singapore’s quarantine requirements, coupled with twice daily digital check-ins, raise the specter of Big Brother, achieved via digital monitoring.

In the United States, this kind of monitoring runs up against the Fourth Amendment’s protections against unreasonable search and seizure. But the Fourth Amendment is not an absolute. Digital monitoring could be court-ordered in response to someone’s demonstrated failure to abide by criminally enforceable quarantine orders, many of which are now in place.

Meanwhile, the police could be employed to knock on doors and check compliance with quarantine orders -- even in the absence of a demonstrated failure to abide by the orders. Individuals could, as a result, presumably consent to digital monitoring as an alternative to daily check-ins by police. Depending on the design, digital check-ins might also be deemed valid under the “special needs” exception to the Fourth Amendment. In such cases, the central question is the validity of the quarantine orders rather than the means of enforcement.

Meanwhile, even the seemingly innocuous tracking of those who test positive for antibodies may not be as innocuous as it seems. If and when such testing becomes reliable and available, it could provide critical, albeit imperfect, assurances on both the individual and community level. But whereas aggregate-level analysis can help determine when it’s appropriate to lift restrictions, individual tracking risks dividing communities into groups of “clean” and “dirty,” with privileges doled out according to status.

Principles for protecting privacy

As society works through these difficult issues, a few key principles should guide decision-making.

First, design matters. Tracking systems should, to the extent possible, be open source, decentralized and designed in a way to share the key health data without gathering or revealing the movements and contacts of those involved. The best contract tracing apps do just that, incorporating key principles of privacy by design and back-end limitations on things like who can access the data and to whom it can be disseminated. Importantly, data should not be retained any longer than it is needed.

Second, whatever system is put in place, whether privately developed or government-mandated, it should be carefully tailored to serve a specified and compelling health need.

Third, any claims that governments need new authority should be examined carefully and warily, particularly given the trove of data already available. If adopted, any new authority should be explicitly time limited, with clear and constrained criteria for extending the time limits.

When the last massive pandemic hit a century ago, the population did not walk around with tracking devices. Now we all do. This is data that can both protect people and confine them. It should be used to save lives but in ways that also protect core freedoms.

This article was first posted on The Conversation.

NEXT STORY: How 'indicators of behavior' deliver left-of-breach security

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.