The importance of navigating personal privacy during a global pandemic
Around the world, countries continue to wage their battle against the coronavirus, leveraging a multitude of weapons to end the pandemic at any cost. Whether that weapon is the use of location tracking and contact-tracing through smartphone applications, facial recognition cameras with thermal sensors or mass censorship, several nations have used this crisis to significantly expand their surveillance infrastructure. As a result, many of us have readily sacrificed our digital privacy rights in a desperate attempt for a faster return to normalcy. As invasive bio surveillance seems like a rational, temporary measure to track disease spread through facial recognition and contact-tracing, these systems set a dangerous precedent for government invasion of personal privacy in a post-COVID-19 world and stigmatize the reporting of COVID-related information.
White House senior advisor Jared Kushner has expressed interest in developing a national coronavirus surveillance system to display real-time data about the types of treatments that patients are seeking and hospital capacity. Following this line of thought, Apple and Google have developed Bluetooth based contact-tracing systems to gather data for public health officials on infected individuals and the number of people that they have come into contact with. These proposals to increase governmental surveillance and monitoring parallel the response to another crisis: the 9/11 attacks. The USA Patriot Act granted the United States government extensive surveillance powers through the National Security Agency to listen into private calls, view private text messages, emails and more. Although the authorization granted by the Patriot Act was meant to be a temporary measure, this infringement of privacy continued well beyond the time of the crisis – despite their ineffectiveness in preventing terror attacks in the first place.
For now, the contact-tracing systems proposed by Google and Apple ensure anonymity and allow voluntary participation; these companies have not clarified if these tools would be removed from devices after the pandemic is over and when they will turn off tracking. The Department of Health and Human services (HHS) has also stated that it will not be strictly policing breaches of private healthcare data under the Privacy Rule of Health Insurance Portability and Accountability Act of 1996 (HIPAA). If any private healthcare information is exposed then business associates like Google and Apple will not be held liable for privacy violations. In fact, we can look to South Korea to see the consequences of privacy violations.
South Korea has taken contact-tracing to the extreme by publicly sending out text message alerts about the age, gender and minute-to-minute location details of an infected individual from mobile data and CCTV footage, exposing the most intimate details about their lives. Even though South Korea is lauded for their success in eliminating cases of coronavirus, extrapolated information from these messages have exposed the identities of infected individuals and jeopardized their personal privacy, with many expressing fears of reporting illness due to persecution by community members. Even though South Korea’s contact-tracing methods were designed for public health purposes, it ironically somehow stigmatized the reporting of disease.
Similarly, if United States companies do not take the proper precautions to protect healthcare data, then they could disincentivize voluntary participation in contact-tracing apps, which could contribute to a secondary wave of coronavirus to spread when we start reopening the economy. Moreover, without strict laws regarding the deployment of contact-tracing applications to smartphone users, there is a possibility of these applications remaining on our phones and silently collecting data on our every move. In the event of a data breach, our location data could be exploited by malicious actors to stalk your daily movements and lead to identify theft or could be abused by law enforcement agencies to use your data without probable cause.
Until there is a vaccine, the coronavirus pandemic is the only situation in which contact-tracing will be necessary to restart closed down business and schools. However, promises from corporations like Google and Apple will not be enough to ensure that they will keep their assurances to protect user data. If we want to start using these contact-tracing applications, we must petition our representatives to develop a sound policy framework that will prevent companies from bypassing privacy violation and mandate clear guidelines for data destruction and contact-tracing removal. The American Civil Liberties Union suggests a several prerequisites for these contact-tracing tools, not limited to: privacy protection, voluntary participation, storage of data on individual devices and transparency on data use. By observing these guidelines, these disease tracking tools can not only benefit public health but also incentivize participation in contact-tracing applications, while ensuring these technologies do not continue into a post-coronavirus world.
As the war against coronavirus continues, patients and workers are losing their lives at the frontlines of this pandemic. During these moments, we are ready to do what is necessary to protect our families and community members, but we have to stay optimistic and think about our world post-coronavirus. As increased monitoring of our movements seems like a crucial prerequisite to reopening the economy, we must ensure that we are protecting our personal data from being exploited at the hands of tech companies, potential malicious actors, law enforcement and our government.